Mercurial > trustbridge > nss-cmake-static
comparison nss/lib/certhigh/ocspi.h @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e5118fa0cb1 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 /* | |
| 5 * ocspi.h - NSS internal interfaces to OCSP code | |
| 6 */ | |
| 7 | |
| 8 #ifndef _OCSPI_H_ | |
| 9 #define _OCSPI_H_ | |
| 10 | |
| 11 SECStatus OCSP_InitGlobal(void); | |
| 12 SECStatus OCSP_ShutdownGlobal(void); | |
| 13 | |
| 14 ocspResponseData * | |
| 15 ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER); | |
| 16 | |
| 17 ocspSignature * | |
| 18 ocsp_GetResponseSignature(CERTOCSPResponse *response); | |
| 19 | |
| 20 SECItem * | |
| 21 ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, | |
| 22 SECItem *fill, const SECItem *src); | |
| 23 | |
| 24 PRBool | |
| 25 ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert); | |
| 26 | |
| 27 CERTCertificate * | |
| 28 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, | |
| 29 ocspSignature *signature, CERTCertificate *issuer); | |
| 30 | |
| 31 SECStatus | |
| 32 ocsp_VerifyResponseSignature(CERTCertificate *signerCert, | |
| 33 ocspSignature *signature, | |
| 34 SECItem *tbsResponseDataDER, | |
| 35 void *pwArg); | |
| 36 | |
| 37 CERTOCSPRequest * | |
| 38 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, | |
| 39 CERTCertificate *singleCert, | |
| 40 PRTime time, | |
| 41 PRBool addServiceLocator, | |
| 42 CERTCertificate *signerCert); | |
| 43 | |
| 44 typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness; | |
| 45 | |
| 46 SECStatus | |
| 47 ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID, | |
| 48 PRTime time, | |
| 49 PRBool ignoreOcspFailureMode, | |
| 50 SECStatus *rvOcsp, | |
| 51 SECErrorCodes *missingResponseError, | |
| 52 OCSPFreshness *freshness); | |
| 53 | |
| 54 /* | |
| 55 * FUNCTION: cert_ProcessOCSPResponse | |
| 56 * Same behavior and basic parameters as CERT_GetOCSPStatusForCertID. | |
| 57 * In addition it can update the OCSP cache (using information | |
| 58 * available internally to this function). | |
| 59 * INPUTS: | |
| 60 * CERTCertDBHandle *handle | |
| 61 * certificate DB of the cert that is being checked | |
| 62 * CERTOCSPResponse *response | |
| 63 * the OCSP response we want to retrieve status from. | |
| 64 * CERTOCSPCertID *certID | |
| 65 * the ID we want to look for from the response. | |
| 66 * CERTCertificate *signerCert | |
| 67 * the certificate that was used to sign the OCSP response. | |
| 68 * must be obtained via a call to CERT_VerifyOCSPResponseSignature. | |
| 69 * PRTime time | |
| 70 * The time at which we're checking the status for. | |
| 71 * PRBool *certIDWasConsumed | |
| 72 * In and Out parameter. | |
| 73 * If certIDWasConsumed is NULL on input, | |
| 74 * this function might produce a deep copy of cert ID | |
| 75 * for storing it in the cache. | |
| 76 * If out value is true, ownership of parameter certID was | |
| 77 * transferred to the OCSP cache. | |
| 78 * SECStatus *cacheUpdateStatus | |
| 79 * This optional out parameter will contain the result | |
| 80 * of the cache update operation (if requested). | |
| 81 * RETURN: | |
| 82 * The return value is not influenced by the cache operation, | |
| 83 * it matches the documentation for CERT_CheckOCSPStatus | |
| 84 */ | |
| 85 | |
| 86 SECStatus | |
| 87 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, | |
| 88 CERTOCSPResponse *response, | |
| 89 CERTOCSPCertID *certID, | |
| 90 CERTCertificate *signerCert, | |
| 91 PRTime time, | |
| 92 PRBool *certIDWasConsumed, | |
| 93 SECStatus *cacheUpdateStatus); | |
| 94 | |
| 95 /* | |
| 96 * FUNCTION: cert_RememberOCSPProcessingFailure | |
| 97 * If an application notices a failure during OCSP processing, | |
| 98 * it should finally call this function. The failure will be recorded | |
| 99 * in the OCSP cache in order to avoid repetitive failures. | |
| 100 * INPUTS: | |
| 101 * CERTOCSPCertID *certID | |
| 102 * the ID that was used for the failed OCSP processing | |
| 103 * PRBool *certIDWasConsumed | |
| 104 * Out parameter, if set to true, ownership of parameter certID was | |
| 105 * transferred to the OCSP cache. | |
| 106 * RETURN: | |
| 107 * Status of the cache update operation. | |
| 108 */ | |
| 109 | |
| 110 SECStatus | |
| 111 cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID, | |
| 112 PRBool *certIDWasConsumed); | |
| 113 | |
| 114 /* | |
| 115 * FUNCTION: ocsp_GetResponderLocation | |
| 116 * Check ocspx context for user-designated responder URI first. If not | |
| 117 * found, checks cert AIA extension. | |
| 118 * INPUTS: | |
| 119 * CERTCertDBHandle *handle | |
| 120 * certificate DB of the cert that is being checked | |
| 121 * CERTCertificate *cert | |
| 122 * The certificate being examined. | |
| 123 * PRBool *certIDWasConsumed | |
| 124 * Out parameter, if set to true, URI of default responder is | |
| 125 * returned. | |
| 126 * RETURN: | |
| 127 * Responder URI. | |
| 128 */ | |
| 129 char * | |
| 130 ocsp_GetResponderLocation(CERTCertDBHandle *handle, | |
| 131 CERTCertificate *cert, | |
| 132 PRBool canUseDefaultLocation, | |
| 133 PRBool *isDefault); | |
| 134 | |
| 135 /* FUNCTION: ocsp_FetchingFailureIsVerificationFailure | |
| 136 * The function checks the global ocsp settings and | |
| 137 * tells how to treat an ocsp response fetching failure. | |
| 138 * RETURNS: | |
| 139 * if PR_TRUE is returned, then treat fetching as a | |
| 140 * revoked cert status. | |
| 141 */ | |
| 142 PRBool | |
| 143 ocsp_FetchingFailureIsVerificationFailure(void); | |
| 144 | |
| 145 size_t | |
| 146 ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf); | |
| 147 | |
| 148 SECStatus | |
| 149 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, | |
| 150 CERTOCSPResponse *response, | |
| 151 CERTOCSPCertID *certID, | |
| 152 CERTCertificate *signerCert, | |
| 153 PRTime time, | |
| 154 CERTOCSPSingleResponse **pSingleResponse); | |
| 155 | |
| 156 SECStatus | |
| 157 ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time); | |
| 158 | |
| 159 void | |
| 160 ocsp_CacheSingleResponse(CERTOCSPCertID *certID, | |
| 161 CERTOCSPSingleResponse *single, | |
| 162 PRBool *certIDWasConsumed); | |
| 163 | |
| 164 #endif /* _OCSPI_H_ */ |