michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ michael@0: /* vim: set ts=8 sts=2 et sw=2 tw=80: */ michael@0: /* Copyright 2013 Mozilla Foundation michael@0: * michael@0: * Licensed under the Apache License, Version 2.0 (the "License"); michael@0: * you may not use this file except in compliance with the License. michael@0: * You may obtain a copy of the License at michael@0: * michael@0: * http://www.apache.org/licenses/LICENSE-2.0 michael@0: * michael@0: * Unless required by applicable law or agreed to in writing, software michael@0: * distributed under the License is distributed on an "AS IS" BASIS, michael@0: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. michael@0: * See the License for the specific language governing permissions and michael@0: * limitations under the License. michael@0: */ michael@0: michael@0: #ifndef mozilla_pkix_test__pkixtestutils_h michael@0: #define mozilla_pkix_test__pkixtestutils_h michael@0: michael@0: #include "pkix/ScopedPtr.h" michael@0: #include "pkix/pkixtypes.h" michael@0: #include "seccomon.h" michael@0: michael@0: namespace mozilla { namespace pkix { namespace test { michael@0: michael@0: class OCSPResponseExtension michael@0: { michael@0: public: michael@0: SECItem id; michael@0: bool critical; michael@0: SECItem value; michael@0: OCSPResponseExtension* next; michael@0: }; michael@0: michael@0: class OCSPResponseContext michael@0: { michael@0: public: michael@0: OCSPResponseContext(PLArenaPool* arena, CERTCertificate* cert, PRTime time); michael@0: michael@0: PLArenaPool* arena; michael@0: // TODO(bug 980538): add a way to specify what certificates are included. michael@0: pkix::ScopedCERTCertificate cert; // The subject of the OCSP response michael@0: pkix::ScopedCERTCertificate issuerCert; // The issuer of the subject michael@0: pkix::ScopedCERTCertificate signerCert; // This cert signs the response michael@0: uint8_t responseStatus; // See the OCSPResponseStatus enum in rfc 6960 michael@0: bool skipResponseBytes; // If true, don't include responseBytes michael@0: michael@0: static const uint32_t MaxIncludedCertificates = 4; michael@0: pkix::ScopedCERTCertificate includedCertificates[MaxIncludedCertificates]; michael@0: michael@0: // The following fields are on a per-SingleResponse basis. In the future we michael@0: // may support including multiple SingleResponses per response. michael@0: PRTime producedAt; michael@0: PRTime thisUpdate; michael@0: PRTime nextUpdate; michael@0: bool includeNextUpdate; michael@0: SECOidTag certIDHashAlg; michael@0: uint8_t certStatus; // See the CertStatus choice in rfc 6960 michael@0: PRTime revocationTime; // For certStatus == revoked michael@0: bool badSignature; // If true, alter the signature to fail verification michael@0: michael@0: enum ResponderIDType { michael@0: ByName = 1, michael@0: ByKeyHash = 2 michael@0: }; michael@0: ResponderIDType responderIDType; michael@0: michael@0: OCSPResponseExtension* extensions; michael@0: bool includeEmptyExtensions; // If true, include the extension wrapper michael@0: // regardless of if there are any actual michael@0: // extensions. michael@0: }; michael@0: michael@0: // The return value, if non-null, is owned by the arena in the context michael@0: // and MUST NOT be freed. michael@0: // This function does its best to respect the NSPR error code convention michael@0: // (that is, if it returns null, calling PR_GetError() will return the michael@0: // error of the failed operation). However, this is not guaranteed. michael@0: SECItem* CreateEncodedOCSPResponse(OCSPResponseContext& context); michael@0: michael@0: } } } // namespace mozilla::pkix::test michael@0: michael@0: #endif // mozilla_pkix_test__pkixtestutils_h