Mercurial > trustbridge > nss-cmake-static
annotate nss/lib/certdb/certi.h @ 1:247cffdc9b89
Add a pesodo config file for inlcude directories and library names
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 13:00:06 +0200 |
| parents | 1e5118fa0cb1 |
| children |
| rev | line source |
|---|---|
|
0
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 /* This Source Code Form is subject to the terms of the Mozilla Public |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 * certi.h - private data structures for the certificate library |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 #ifndef _CERTI_H_ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 #define _CERTI_H_ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 #include "certt.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 #include "nssrwlkt.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #define GLOBAL_RWLOCK 1 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #define DPC_RWLOCK 1 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 /* all definitions in this file are subject to change */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 typedef struct OpaqueCRLFieldsStr OpaqueCRLFields; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 typedef struct CRLEntryCacheStr CRLEntryCache; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 typedef struct CRLDPCacheStr CRLDPCache; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 typedef struct CRLIssuerCacheStr CRLIssuerCache; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 typedef struct CRLCacheStr CRLCache; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 typedef struct CachedCrlStr CachedCrl; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 typedef struct NamedCRLCacheStr NamedCRLCache; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 typedef struct NamedCRLCacheEntryStr NamedCRLCacheEntry; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 struct OpaqueCRLFieldsStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 PRBool partial; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 PRBool decodingError; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 PRBool badEntries; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 PRBool badDER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 PRBool badExtensions; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 PRBool heapDER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 typedef struct PreAllocatorStr PreAllocator; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 struct PreAllocatorStr |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 PRSize len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 void* data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 PRSize used; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 PLArenaPool* arena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 PRSize extra; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 /* CRL entry cache. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 This is the same as an entry plus the next/prev pointers for the hash table |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 struct CRLEntryCacheStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 CERTCrlEntry entry; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 CRLEntryCache *prev, *next; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 #define CRL_CACHE_INVALID_CRLS 0x0001 /* this state will be set |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 if we have CRL objects with an invalid DER or signature. Can be |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 cleared if the invalid objects are deleted from the token */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 #define CRL_CACHE_LAST_FETCH_FAILED 0x0002 /* this state will be set |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 if the last CRL fetch encountered an error. Can be cleared if a |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 new fetch succeeds */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 #define CRL_CACHE_OUT_OF_MEMORY 0x0004 /* this state will be set |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 if we don't have enough memory to build the hash table of entries */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 typedef enum { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 CRL_OriginToken = 0, /* CRL came from PKCS#11 token */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 CRL_OriginExplicit = 1 /* CRL was explicitly added to the cache, from RAM */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 } CRLOrigin; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 typedef enum { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 dpcacheNoEntry = 0, /* no entry found for this SN */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 dpcacheFoundEntry = 1, /* entry found for this SN */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 dpcacheCallerError = 2, /* invalid args */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 dpcacheInvalidCacheError = 3, /* CRL in cache may be bad DER */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 /* or unverified */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 dpcacheEmpty = 4, /* no CRL in cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 dpcacheLookupError = 5 /* internal error */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 } dpcacheStatus; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 struct CachedCrlStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
86 CERTSignedCrl* crl; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
87 CRLOrigin origin; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
88 /* hash table of entries. We use a PLHashTable and pre-allocate the |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
89 required amount of memory in one shot, so that our allocator can |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
90 simply pass offsets into it when hashing. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
91 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
92 This won't work anymore when we support delta CRLs and iCRLs, because |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
93 the size of the hash table will vary over time. At that point, the best |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
94 solution will be to allocate large CRLEntry structures by modifying |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
95 the DER decoding template. The extra space would be for next/prev |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
96 pointers. This would allow entries from different CRLs to be mixed in |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
97 the same hash table. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
98 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
99 PLHashTable* entries; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
100 PreAllocator* prebuffer; /* big pre-allocated buffer mentioned above */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
101 PRBool sigChecked; /* this CRL signature has already been checked */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 PRBool sigValid; /* signature verification status . |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 Only meaningful if checked is PR_TRUE . */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 PRBool unbuildable; /* Avoid using assosiated CRL is it fails |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 * a decoding step */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 /* CRL distribution point cache object |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 This is a cache of CRL entries for a given distribution point of an issuer |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 It is built from a collection of one full and 0 or more delta CRLs. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
112 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
113 struct CRLDPCacheStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
114 #ifdef DPC_RWLOCK |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
115 NSSRWLock* lock; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
116 #else |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
117 PRLock* lock; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
118 #endif |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
119 CERTCertificate* issuer; /* issuer cert |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
120 XXX there may be multiple issuer certs, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
121 with different validity dates. Also |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
122 need to deal with SKID/AKID . See |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
123 bugzilla 217387, 233118 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
124 SECItem* subject; /* DER of issuer subject */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
125 SECItem* distributionPoint; /* DER of distribution point. This may be |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
126 NULL when distribution points aren't |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
127 in use (ie. the CA has a single CRL). |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
128 Currently not used. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
129 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
130 /* array of full CRLs matching this distribution point */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
131 PRUint32 ncrls; /* total number of CRLs in crls */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
132 CachedCrl** crls; /* array of all matching CRLs */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
133 /* XCRL With iCRLs and multiple DPs, the CRL can be shared accross several |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
134 issuers. In the future, we'll need to globally recycle the CRL in a |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
135 separate list in order to avoid extra lookups, decodes, and copies */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
136 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
137 /* pointers to good decoded CRLs used to build the cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
138 CachedCrl* selected; /* full CRL selected for use in the cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
139 #if 0 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
140 /* for future use */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
141 PRInt32 numdeltas; /* number of delta CRLs used for the cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
142 CachedCrl** deltas; /* delta CRLs used for the cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
143 #endif |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
144 /* cache invalidity bitflag */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
145 PRUint16 invalid; /* this state will be set if either |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
146 CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
147 In those cases, all certs are considered to have unknown status. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
148 The invalid state can only be cleared during an update if all |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
149 error states are cleared */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
150 PRBool refresh; /* manual refresh from tokens has been forced */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
151 PRBool mustchoose; /* trigger reselection algorithm, for case when |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
152 RAM CRL objects are dropped from the cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
153 PRTime lastfetch; /* time a CRL token fetch was last performed */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
154 PRTime lastcheck; /* time CRL token objects were last checked for |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
155 existence */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
156 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
157 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
158 /* CRL issuer cache object |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
159 This object tracks all the distribution point caches for a given issuer. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
160 XCRL once we support multiple issuing distribution points, this object |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
161 will be a hash table. For now, it just holds the single CRL distribution |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
162 point cache structure. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
163 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
164 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
165 struct CRLIssuerCacheStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
166 SECItem* subject; /* DER of issuer subject */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
167 CRLDPCache* dpp; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
168 #if 0 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
169 /* XCRL for future use. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
170 We don't need to lock at the moment because we only have one DP, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
171 which gets created at the same time as this object */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
172 NSSRWLock* lock; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
173 CRLDPCache** dps; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
174 PLHashTable* distributionpoints; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
175 CERTCertificate* issuer; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
176 #endif |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
177 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
178 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
179 /* CRL revocation cache object |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
180 This object tracks all the issuer caches |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
181 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
182 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
183 struct CRLCacheStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
184 #ifdef GLOBAL_RWLOCK |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
185 NSSRWLock* lock; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
186 #else |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
187 PRLock* lock; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
188 #endif |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
189 /* hash table of issuer to CRLIssuerCacheStr, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
190 indexed by issuer DER subject */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
191 PLHashTable* issuers; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
192 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
193 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
194 SECStatus InitCRLCache(void); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
195 SECStatus ShutdownCRLCache(void); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
196 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
197 /* Returns a pointer to an environment-like string, a series of |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
198 ** null-terminated strings, terminated by a zero-length string. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
199 ** This function is intended to be internal to NSS. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
200 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
201 extern char * cert_GetCertificateEmailAddresses(CERTCertificate *cert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
202 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
203 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
204 * These functions are used to map subjectKeyID extension values to certs |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
205 * and to keep track of the checks for user certificates in each slot |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
206 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
207 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
208 cert_CreateSubjectKeyIDHashTable(void); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
209 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
210 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
211 cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
212 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
213 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
214 cert_UpdateSubjectKeyIDSlotCheck(SECItem *slotid, int series); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
215 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
216 int |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
217 cert_SubjectKeyIDSlotCheckSeries(SECItem *slotid); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
218 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
219 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
220 * Call this function to remove an entry from the mapping table. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
221 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
222 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
223 cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
224 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
225 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
226 cert_DestroySubjectKeyIDHashTable(void); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
227 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
228 SECItem* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
229 cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
230 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
231 /* return maximum length of AVA value based on its type OID tag. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
232 extern int cert_AVAOidTagToMaxLen(SECOidTag tag); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
233 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
234 /* Make an AVA, allocated from pool, from OID and DER encoded value */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
235 extern CERTAVA * CERT_CreateAVAFromRaw(PLArenaPool *pool, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
236 const SECItem * OID, const SECItem * value); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
237 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
238 /* Make an AVA from binary input specified by SECItem */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
239 extern CERTAVA * CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
240 int valueType, SECItem *value); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
241 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
242 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
243 * get a DPCache object for the given issuer subject and dp |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
244 * Automatically creates the cache object if it doesn't exist yet. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
245 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
246 SECStatus AcquireDPCache(CERTCertificate* issuer, const SECItem* subject, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
247 const SECItem* dp, PRTime t, void* wincx, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
248 CRLDPCache** dpcache, PRBool* writeLocked); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
249 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
250 /* check if a particular SN is in the CRL cache and return its entry */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
251 dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
252 CERTCrlEntry** returned); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
253 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
254 /* release a DPCache object that was previously acquired */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
255 void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
256 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
257 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
258 * map Stan errors into NSS errors |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
259 * This function examines the stan error stack and automatically sets |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
260 * PORT_SetError(); to the appropriate SEC_ERROR value. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
261 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
262 void CERT_MapStanError(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
263 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
264 /* Like CERT_VerifyCert, except with an additional argument, flags. The |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
265 * flags are defined immediately below. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
266 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
267 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
268 cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
269 PRBool checkSig, SECCertUsage certUsage, PRTime t, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
270 PRUint32 flags, void *wincx, CERTVerifyLog *log); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
271 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
272 /* Use the default settings. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
273 * cert_VerifyCertWithFlags(..., CERT_VERIFYCERT_USE_DEFAULTS, ...) is |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
274 * equivalent to CERT_VerifyCert(...); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
275 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
276 #define CERT_VERIFYCERT_USE_DEFAULTS 0 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
277 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
278 /* Skip all the OCSP checks during certificate verification, regardless of |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
279 * the global OCSP settings. By default, certificate |cert| will have its |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
280 * revocation status checked via OCSP according to the global OCSP settings. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
281 * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
282 * OCSP checking is always skipped when certUsage is certUsageStatusResponder. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
283 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
284 #define CERT_VERIFYCERT_SKIP_OCSP 1 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
285 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
286 /* Interface function for libpkix cert validation engine: |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
287 * cert_verify wrapper. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
288 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
289 cert_VerifyCertChainPkix(CERTCertificate *cert, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
290 PRBool checkSig, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
291 SECCertUsage requiredUsage, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
292 PRTime time, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
293 void *wincx, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
294 CERTVerifyLog *log, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
295 PRBool *sigError, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
296 PRBool *revoked); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
297 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
298 SECStatus cert_InitLocks(void); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
299 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
300 SECStatus cert_DestroyLocks(void); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
301 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
302 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
303 * fill in nsCertType field of the cert based on the cert extension |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
304 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
305 extern SECStatus cert_GetCertType(CERTCertificate *cert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
306 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
307 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
308 * compute and return the value of nsCertType for cert, but do not |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
309 * update the CERTCertificate. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
310 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
311 extern PRUint32 cert_ComputeCertType(CERTCertificate *cert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
312 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
313 void cert_AddToVerifyLog(CERTVerifyLog *log,CERTCertificate *cert, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
314 long errorCode, unsigned int depth, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
315 void *arg); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
316 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
317 /* Insert a DER CRL into the CRL cache, and take ownership of it. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
318 * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
319 * cert_CacheCRLByGeneralName takes ownership of the memory in crl argument |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
320 * completely. crl must be freeable by SECITEM_FreeItem. It will be freed |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
321 * immediately if it is rejected from the CRL cache, or later during cache |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
322 * updates when a new crl is available, or at shutdown time. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
323 * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
324 * canonicalizedName represents the source of the CRL, a GeneralName. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
325 * The format of the encoding is not restricted, but all callers of |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
326 * cert_CacheCRLByGeneralName and cert_FindCRLByGeneralName must use |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
327 * the same encoding. To facilitate X.500 name matching, a canonicalized |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
328 * encoding of the GeneralName should be used, if available. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
329 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
330 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
331 SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
332 const SECItem* canonicalizedName); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
333 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
334 struct NamedCRLCacheStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
335 PRLock* lock; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
336 PLHashTable* entries; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
337 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
338 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
339 /* NamedCRLCacheEntryStr is filled in by cert_CacheCRLByGeneralName, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
340 * and read by cert_FindCRLByGeneralName */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
341 struct NamedCRLCacheEntryStr { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
342 SECItem* canonicalizedName; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
343 SECItem* crl; /* DER, kept only if CRL |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
344 * is successfully cached */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
345 PRBool inCRLCache; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
346 PRTime successfulInsertionTime; /* insertion time */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
347 PRTime lastAttemptTime; /* time of last call to |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
348 cert_CacheCRLByGeneralName with this name */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
349 PRBool badDER; /* ASN.1 error */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
350 PRBool dupe; /* matching DER CRL already in CRL cache */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
351 PRBool unsupported; /* IDP, delta, any other reason */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
352 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
353 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
354 typedef enum { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
355 certRevocationStatusRevoked = 0, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
356 certRevocationStatusValid = 1, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
357 certRevocationStatusUnknown = 2 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
358 } CERTRevocationStatus; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
359 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
360 /* Returns detailed status of the cert(revStatus variable). Tells if |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
361 * issuer cache has OriginFetchedWithTimeout crl in it. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
362 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
363 cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
364 const SECItem* dp, PRTime t, void *wincx, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
365 CERTRevocationStatus *revStatus, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
366 CERTCRLEntryReasonCode *revReason); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
367 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
368 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
369 SECStatus cert_AcquireNamedCRLCache(NamedCRLCache** returned); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
370 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
371 /* cert_FindCRLByGeneralName must be called only while the named cache is |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
372 * acquired, and the entry is only valid until cache is released. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
373 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
374 SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
375 const SECItem* canonicalizedName, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
376 NamedCRLCacheEntry** retEntry); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
377 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
378 SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
379 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
380 /* This is private for now. Maybe shoule be public. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
381 CERTGeneralName * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
382 cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
383 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
384 /* Count DNS names and IP addresses in a list of GeneralNames */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
385 PRUint32 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
386 cert_CountDNSPatterns(CERTGeneralName *firstName); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
387 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
388 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
389 * returns the trust status of the leaf certificate based on usage. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
390 * If the leaf is explicitly untrusted, this function will fail and |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
391 * failedFlags will be set to the trust bit value that lead to the failure. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
392 * If the leaf is trusted, isTrusted is set to true and the function returns |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
393 * SECSuccess. This function does not check if the cert is fit for a |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
394 * particular usage. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
395 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
396 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
397 cert_CheckLeafTrust(CERTCertificate *cert, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
398 SECCertUsage usage, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
399 unsigned int *failedFlags, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
400 PRBool *isTrusted); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
401 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
402 #endif /* _CERTI_H_ */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
403 |