Mercurial > trustbridge > nss-cmake-static
view nss/lib/certhigh/ocspi.h @ 4:b513267f632f tip
Build DBM module
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:58:03 +0200 |
parents | 1e5118fa0cb1 |
children |
line wrap: on
line source
/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * ocspi.h - NSS internal interfaces to OCSP code */ #ifndef _OCSPI_H_ #define _OCSPI_H_ SECStatus OCSP_InitGlobal(void); SECStatus OCSP_ShutdownGlobal(void); ocspResponseData * ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER); ocspSignature * ocsp_GetResponseSignature(CERTOCSPResponse *response); SECItem * ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, SECItem *fill, const SECItem *src); PRBool ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert); CERTCertificate * ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, ocspSignature *signature, CERTCertificate *issuer); SECStatus ocsp_VerifyResponseSignature(CERTCertificate *signerCert, ocspSignature *signature, SECItem *tbsResponseDataDER, void *pwArg); CERTOCSPRequest * cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, CERTCertificate *singleCert, PRTime time, PRBool addServiceLocator, CERTCertificate *signerCert); typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness; SECStatus ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID, PRTime time, PRBool ignoreOcspFailureMode, SECStatus *rvOcsp, SECErrorCodes *missingResponseError, OCSPFreshness *freshness); /* * FUNCTION: cert_ProcessOCSPResponse * Same behavior and basic parameters as CERT_GetOCSPStatusForCertID. * In addition it can update the OCSP cache (using information * available internally to this function). * INPUTS: * CERTCertDBHandle *handle * certificate DB of the cert that is being checked * CERTOCSPResponse *response * the OCSP response we want to retrieve status from. * CERTOCSPCertID *certID * the ID we want to look for from the response. * CERTCertificate *signerCert * the certificate that was used to sign the OCSP response. * must be obtained via a call to CERT_VerifyOCSPResponseSignature. * PRTime time * The time at which we're checking the status for. * PRBool *certIDWasConsumed * In and Out parameter. * If certIDWasConsumed is NULL on input, * this function might produce a deep copy of cert ID * for storing it in the cache. * If out value is true, ownership of parameter certID was * transferred to the OCSP cache. * SECStatus *cacheUpdateStatus * This optional out parameter will contain the result * of the cache update operation (if requested). * RETURN: * The return value is not influenced by the cache operation, * it matches the documentation for CERT_CheckOCSPStatus */ SECStatus cert_ProcessOCSPResponse(CERTCertDBHandle *handle, CERTOCSPResponse *response, CERTOCSPCertID *certID, CERTCertificate *signerCert, PRTime time, PRBool *certIDWasConsumed, SECStatus *cacheUpdateStatus); /* * FUNCTION: cert_RememberOCSPProcessingFailure * If an application notices a failure during OCSP processing, * it should finally call this function. The failure will be recorded * in the OCSP cache in order to avoid repetitive failures. * INPUTS: * CERTOCSPCertID *certID * the ID that was used for the failed OCSP processing * PRBool *certIDWasConsumed * Out parameter, if set to true, ownership of parameter certID was * transferred to the OCSP cache. * RETURN: * Status of the cache update operation. */ SECStatus cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID, PRBool *certIDWasConsumed); /* * FUNCTION: ocsp_GetResponderLocation * Check ocspx context for user-designated responder URI first. If not * found, checks cert AIA extension. * INPUTS: * CERTCertDBHandle *handle * certificate DB of the cert that is being checked * CERTCertificate *cert * The certificate being examined. * PRBool *certIDWasConsumed * Out parameter, if set to true, URI of default responder is * returned. * RETURN: * Responder URI. */ char * ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool canUseDefaultLocation, PRBool *isDefault); /* FUNCTION: ocsp_FetchingFailureIsVerificationFailure * The function checks the global ocsp settings and * tells how to treat an ocsp response fetching failure. * RETURNS: * if PR_TRUE is returned, then treat fetching as a * revoked cert status. */ PRBool ocsp_FetchingFailureIsVerificationFailure(void); size_t ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf); SECStatus ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, CERTOCSPResponse *response, CERTOCSPCertID *certID, CERTCertificate *signerCert, PRTime time, CERTOCSPSingleResponse **pSingleResponse); SECStatus ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time); void ocsp_CacheSingleResponse(CERTOCSPCertID *certID, CERTOCSPSingleResponse *single, PRBool *certIDWasConsumed); #endif /* _OCSPI_H_ */