OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * ocspi.h - NSS internal interfaces to OCSP code | 5 * ocspi.h - NSS internal interfaces to OCSP code |
6 */ | 6 */ |
7 | 7 |
8 #ifndef _OCSPI_H_ | 8 #ifndef _OCSPI_H_ |
9 #define _OCSPI_H_ | 9 #define _OCSPI_H_ |
10 | 10 |
(...skipping 17 matching lines...) Expand all Loading... |
28 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, | 28 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, |
29 ocspSignature *signature, CERTCertificate *issuer); | 29 ocspSignature *signature, CERTCertificate *issuer); |
30 | 30 |
31 SECStatus | 31 SECStatus |
32 ocsp_VerifyResponseSignature(CERTCertificate *signerCert, | 32 ocsp_VerifyResponseSignature(CERTCertificate *signerCert, |
33 ocspSignature *signature, | 33 ocspSignature *signature, |
34 SECItem *tbsResponseDataDER, | 34 SECItem *tbsResponseDataDER, |
35 void *pwArg); | 35 void *pwArg); |
36 | 36 |
37 CERTOCSPRequest * | 37 CERTOCSPRequest * |
38 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, | 38 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, |
39 CERTCertificate *singleCert, | 39 CERTCertificate *singleCert, |
40 PRTime time, | 40 PRTime time, |
41 PRBool addServiceLocator, | 41 PRBool addServiceLocator, |
42 CERTCertificate *signerCert); | 42 CERTCertificate *signerCert); |
43 | 43 |
44 typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness; | 44 typedef enum { ocspMissing, |
| 45 ocspFresh, |
| 46 ocspStale } OCSPFreshness; |
45 | 47 |
46 SECStatus | 48 SECStatus |
47 ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID, | 49 ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID, |
48 PRTime time, | 50 PRTime time, |
49 PRBool ignoreOcspFailureMode, | 51 PRBool ignoreOcspFailureMode, |
50 SECStatus *rvOcsp, | 52 SECStatus *rvOcsp, |
51 SECErrorCodes *missingResponseError, | 53 SECErrorCodes *missingResponseError, |
52 OCSPFreshness *freshness); | 54 OCSPFreshness *freshness); |
53 | 55 |
54 /* | 56 /* |
(...skipping 22 matching lines...) Expand all Loading... |
77 * transferred to the OCSP cache. | 79 * transferred to the OCSP cache. |
78 * SECStatus *cacheUpdateStatus | 80 * SECStatus *cacheUpdateStatus |
79 * This optional out parameter will contain the result | 81 * This optional out parameter will contain the result |
80 * of the cache update operation (if requested). | 82 * of the cache update operation (if requested). |
81 * RETURN: | 83 * RETURN: |
82 * The return value is not influenced by the cache operation, | 84 * The return value is not influenced by the cache operation, |
83 * it matches the documentation for CERT_CheckOCSPStatus | 85 * it matches the documentation for CERT_CheckOCSPStatus |
84 */ | 86 */ |
85 | 87 |
86 SECStatus | 88 SECStatus |
87 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, | 89 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, |
88 CERTOCSPResponse *response, | 90 CERTOCSPResponse *response, |
89 CERTOCSPCertID *certID, | 91 CERTOCSPCertID *certID, |
90 CERTCertificate *signerCert, | 92 CERTCertificate *signerCert, |
91 PRTime time, | 93 PRTime time, |
92 PRBool *certIDWasConsumed, | 94 PRBool *certIDWasConsumed, |
93 SECStatus *cacheUpdateStatus); | 95 SECStatus *cacheUpdateStatus); |
94 | 96 |
95 /* | 97 /* |
96 * FUNCTION: cert_RememberOCSPProcessingFailure | 98 * FUNCTION: cert_RememberOCSPProcessingFailure |
97 * If an application notices a failure during OCSP processing, | 99 * If an application notices a failure during OCSP processing, |
98 * it should finally call this function. The failure will be recorded | 100 * it should finally call this function. The failure will be recorded |
99 * in the OCSP cache in order to avoid repetitive failures. | 101 * in the OCSP cache in order to avoid repetitive failures. |
100 * INPUTS: | 102 * INPUTS: |
101 * CERTOCSPCertID *certID | 103 * CERTOCSPCertID *certID |
102 * the ID that was used for the failed OCSP processing | 104 * the ID that was used for the failed OCSP processing |
103 * PRBool *certIDWasConsumed | 105 * PRBool *certIDWasConsumed |
104 * Out parameter, if set to true, ownership of parameter certID was | 106 * Out parameter, if set to true, ownership of parameter certID was |
105 * transferred to the OCSP cache. | 107 * transferred to the OCSP cache. |
106 * RETURN: | 108 * RETURN: |
107 * Status of the cache update operation. | 109 * Status of the cache update operation. |
108 */ | 110 */ |
109 | 111 |
110 SECStatus | 112 SECStatus |
111 cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID, | 113 cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID, |
112 PRBool *certIDWasConsumed); | 114 PRBool *certIDWasConsumed); |
113 | 115 |
114 /* | 116 /* |
115 * FUNCTION: ocsp_GetResponderLocation | 117 * FUNCTION: ocsp_GetResponderLocation |
116 * Check ocspx context for user-designated responder URI first. If not | 118 * Check ocspx context for user-designated responder URI first. If not |
117 * found, checks cert AIA extension. | 119 * found, checks cert AIA extension. |
118 * INPUTS: | 120 * INPUTS: |
119 * CERTCertDBHandle *handle | 121 * CERTCertDBHandle *handle |
120 * certificate DB of the cert that is being checked | 122 * certificate DB of the cert that is being checked |
121 * CERTCertificate *cert | 123 * CERTCertificate *cert |
122 * The certificate being examined. | 124 * The certificate being examined. |
(...skipping 16 matching lines...) Expand all Loading... |
139 * if PR_TRUE is returned, then treat fetching as a | 141 * if PR_TRUE is returned, then treat fetching as a |
140 * revoked cert status. | 142 * revoked cert status. |
141 */ | 143 */ |
142 PRBool | 144 PRBool |
143 ocsp_FetchingFailureIsVerificationFailure(void); | 145 ocsp_FetchingFailureIsVerificationFailure(void); |
144 | 146 |
145 size_t | 147 size_t |
146 ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf); | 148 ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf); |
147 | 149 |
148 SECStatus | 150 SECStatus |
149 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, | 151 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, |
150 CERTOCSPResponse *response, | 152 CERTOCSPResponse *response, |
151 CERTOCSPCertID *certID, | 153 CERTOCSPCertID *certID, |
152 CERTCertificate *signerCert, | 154 CERTCertificate *signerCert, |
153 PRTime time, | 155 PRTime time, |
154 CERTOCSPSingleResponse **pSingleResponse
); | 156 CERTOCSPSingleResponse **pSingleResponse
); |
155 | 157 |
156 SECStatus | 158 SECStatus |
157 ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time); | 159 ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time); |
158 | 160 |
159 void | 161 void |
160 ocsp_CacheSingleResponse(CERTOCSPCertID *certID, | 162 ocsp_CacheSingleResponse(CERTOCSPCertID *certID, |
161 » » » CERTOCSPSingleResponse *single, | 163 CERTOCSPSingleResponse *single, |
162 » » » PRBool *certIDWasConsumed); | 164 PRBool *certIDWasConsumed); |
163 | 165 |
164 #endif /* _OCSPI_H_ */ | 166 #endif /* _OCSPI_H_ */ |
OLD | NEW |