The Tor Browser: security/pkix/test/lib/pkixtestutil.h@6474c204b198

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

     2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */

     3 /* Copyright 2013 Mozilla Foundation

     4  *

     5  * Licensed under the Apache License, Version 2.0 (the "License");

     6  * you may not use this file except in compliance with the License.

     7  * You may obtain a copy of the License at

     8  *

     9  *     http://www.apache.org/licenses/LICENSE-2.0

    10  *

    11  * Unless required by applicable law or agreed to in writing, software

    12  * distributed under the License is distributed on an "AS IS" BASIS,

    13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

    14  * See the License for the specific language governing permissions and

    15  * limitations under the License.

    16  */

    18 #ifndef mozilla_pkix_test__pkixtestutils_h

    19 #define mozilla_pkix_test__pkixtestutils_h

    21 #include "pkix/ScopedPtr.h"

    22 #include "pkix/pkixtypes.h"

    23 #include "seccomon.h"

    25 namespace mozilla { namespace pkix { namespace test {

    27 class OCSPResponseExtension

    28 {

    29 public:

    30   SECItem id;

    31   bool critical;

    32   SECItem value;

    33   OCSPResponseExtension* next;

    34 };

    36 class OCSPResponseContext

    37 {

    38 public:

    39   OCSPResponseContext(PLArenaPool* arena, CERTCertificate* cert, PRTime time);

    41   PLArenaPool* arena;

    42   // TODO(bug 980538): add a way to specify what certificates are included.

    43   pkix::ScopedCERTCertificate cert; // The subject of the OCSP response

    44   pkix::ScopedCERTCertificate issuerCert; // The issuer of the subject

    45   pkix::ScopedCERTCertificate signerCert; // This cert signs the response

    46   uint8_t responseStatus; // See the OCSPResponseStatus enum in rfc 6960

    47   bool skipResponseBytes; // If true, don't include responseBytes

    49   static const uint32_t MaxIncludedCertificates = 4;

    50   pkix::ScopedCERTCertificate includedCertificates[MaxIncludedCertificates];

    52   // The following fields are on a per-SingleResponse basis. In the future we

    53   // may support including multiple SingleResponses per response.

    54   PRTime producedAt;

    55   PRTime thisUpdate;

    56   PRTime nextUpdate;

    57   bool includeNextUpdate;

    58   SECOidTag certIDHashAlg;

    59   uint8_t certStatus;     // See the CertStatus choice in rfc 6960

    60   PRTime revocationTime; // For certStatus == revoked

    61   bool badSignature; // If true, alter the signature to fail verification

    63   enum ResponderIDType {

    64     ByName = 1,

    65     ByKeyHash = 2

    66   };

    67   ResponderIDType responderIDType;

    69   OCSPResponseExtension* extensions;

    70   bool includeEmptyExtensions; // If true, include the extension wrapper

    71                                // regardless of if there are any actual

    72                                // extensions.

    73 };

    75 // The return value, if non-null, is owned by the arena in the context

    76 // and MUST NOT be freed.

    77 // This function does its best to respect the NSPR error code convention

    78 // (that is, if it returns null, calling PR_GetError() will return the

    79 // error of the failed operation). However, this is not guaranteed.

    80 SECItem* CreateEncodedOCSPResponse(OCSPResponseContext& context);

    82 } } } // namespace mozilla::pkix::test

    84 #endif // mozilla_pkix_test__pkixtestutils_h

The Tor Browser / file revision