OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 18 matching lines...) Expand all Loading... |
29 * use your version of this file under the terms of the MPL, indicate your | 29 * use your version of this file under the terms of the MPL, indicate your |
30 * decision by deleting the provisions above and replace them with the notice | 30 * decision by deleting the provisions above and replace them with the notice |
31 * and other provisions required by the GPL or the LGPL. If you do not delete | 31 * and other provisions required by the GPL or the LGPL. If you do not delete |
32 * the provisions above, a recipient may use your version of this file under | 32 * the provisions above, a recipient may use your version of this file under |
33 * the terms of any one of the MPL, the GPL or the LGPL. | 33 * the terms of any one of the MPL, the GPL or the LGPL. |
34 * | 34 * |
35 * ***** END LICENSE BLOCK ***** */ | 35 * ***** END LICENSE BLOCK ***** */ |
36 /* | 36 /* |
37 * certi.h - private data structures for the certificate library | 37 * certi.h - private data structures for the certificate library |
38 * | 38 * |
39 * $Id: certi.h,v 1.31 2009/07/31 18:35:30 christophe.ravel.bugs%sun.com Exp $ | 39 * $Id: certi.h,v 1.34 2010/05/21 00:43:51 wtc%google.com Exp $ |
40 */ | 40 */ |
41 #ifndef _CERTI_H_ | 41 #ifndef _CERTI_H_ |
42 #define _CERTI_H_ | 42 #define _CERTI_H_ |
43 | 43 |
44 #include "certt.h" | 44 #include "certt.h" |
45 #include "nssrwlkt.h" | 45 #include "nssrwlkt.h" |
46 | 46 |
47 /* | 47 /* |
48 #define GLOBAL_RWLOCK 1 | 48 #define GLOBAL_RWLOCK 1 |
49 */ | 49 */ |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
143 This is a cache of CRL entries for a given distribution point of an issuer | 143 This is a cache of CRL entries for a given distribution point of an issuer |
144 It is built from a collection of one full and 0 or more delta CRLs. | 144 It is built from a collection of one full and 0 or more delta CRLs. |
145 */ | 145 */ |
146 | 146 |
147 struct CRLDPCacheStr { | 147 struct CRLDPCacheStr { |
148 #ifdef DPC_RWLOCK | 148 #ifdef DPC_RWLOCK |
149 NSSRWLock* lock; | 149 NSSRWLock* lock; |
150 #else | 150 #else |
151 PRLock* lock; | 151 PRLock* lock; |
152 #endif | 152 #endif |
153 CERTCertificate* issuer; /* cert issuer | 153 CERTCertificate* issuer; /* issuer cert |
154 XXX there may be multiple issuer certs, | 154 XXX there may be multiple issuer certs, |
155 with different validity dates. Also | 155 with different validity dates. Also |
156 need to deal with SKID/AKID . See | 156 need to deal with SKID/AKID . See |
157 bugzilla 217387, 233118 */ | 157 bugzilla 217387, 233118 */ |
158 SECItem* subject; /* DER of issuer subject */ | 158 SECItem* subject; /* DER of issuer subject */ |
159 SECItem* distributionPoint; /* DER of distribution point. This may be | 159 SECItem* distributionPoint; /* DER of distribution point. This may be |
160 NULL when distribution points aren't | 160 NULL when distribution points aren't |
161 in use (ie. the CA has a single CRL). | 161 in use (ie. the CA has a single CRL). |
162 Currently not used. */ | 162 Currently not used. */ |
163 | 163 |
164 /* array of full CRLs matching this distribution point */ | 164 /* array of full CRLs matching this distribution point */ |
165 PRUint32 ncrls; /* total number of CRLs in crls */ | 165 PRUint32 ncrls; /* total number of CRLs in crls */ |
166 CachedCrl** crls; /* array of all matching CRLs */ | 166 CachedCrl** crls; /* array of all matching CRLs */ |
167 /* XCRL With iCRLs and multiple DPs, the CRL can be shared accross several | 167 /* XCRL With iCRLs and multiple DPs, the CRL can be shared accross several |
168 issuers. In the future, we'll need to globally recycle the CRL in a | 168 issuers. In the future, we'll need to globally recycle the CRL in a |
169 separate list in order to avoid extra lookups, decodes, and copies */ | 169 separate list in order to avoid extra lookups, decodes, and copies */ |
170 | 170 |
171 /* pointers to good decoded CRLs used to build the cache */ | 171 /* pointers to good decoded CRLs used to build the cache */ |
172 CachedCrl* selected; /* full CRL selected for use in the cache */ | 172 CachedCrl* selected; /* full CRL selected for use in the cache */ |
173 #if 0 | 173 #if 0 |
174 /* for future use */ | 174 /* for future use */ |
175 PRInt32 numdeltas; /* number of delta CRLs used for the cache */ | 175 PRInt32 numdeltas; /* number of delta CRLs used for the cache */ |
176 CachedCrl** deltas; /* delta CRLs used for the cache */ | 176 CachedCrl** deltas; /* delta CRLs used for the cache */ |
177 #endif | 177 #endif |
178 /* cache invalidity bitflag */ | 178 /* cache invalidity bitflag */ |
179 PRUint16 invalid; /* this state will be set if either | 179 PRUint16 invalid; /* this state will be set if either |
180 CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set. | 180 CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set. |
181 In those cases, all certs are considered revoked as a | 181 In those cases, all certs are considered to have unknown status. |
182 security precaution. The invalid state can only be cleared | 182 The invalid state can only be cleared during an update if all |
183 during an update if all error states are cleared */ | 183 error states are cleared */ |
184 PRBool refresh; /* manual refresh from tokens has been forced */ | 184 PRBool refresh; /* manual refresh from tokens has been forced */ |
185 PRBool mustchoose; /* trigger reselection algorithm, for case when | 185 PRBool mustchoose; /* trigger reselection algorithm, for case when |
186 RAM CRL objects are dropped from the cache */ | 186 RAM CRL objects are dropped from the cache */ |
187 PRTime lastfetch; /* time a CRL token fetch was last performed */ | 187 PRTime lastfetch; /* time a CRL token fetch was last performed */ |
188 PRTime lastcheck; /* time CRL token objects were last checked for | 188 PRTime lastcheck; /* time CRL token objects were last checked for |
189 existence */ | 189 existence */ |
190 }; | 190 }; |
191 | 191 |
192 /* CRL issuer cache object | 192 /* CRL issuer cache object |
193 This object tracks all the distribution point caches for a given issuer. | 193 This object tracks all the distribution point caches for a given issuer. |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
274 const SECItem* dp, int64 t, void* wincx, | 274 const SECItem* dp, int64 t, void* wincx, |
275 CRLDPCache** dpcache, PRBool* writeLocked); | 275 CRLDPCache** dpcache, PRBool* writeLocked); |
276 | 276 |
277 /* check if a particular SN is in the CRL cache and return its entry */ | 277 /* check if a particular SN is in the CRL cache and return its entry */ |
278 dpcacheStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn, | 278 dpcacheStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn, |
279 CERTCrlEntry** returned); | 279 CERTCrlEntry** returned); |
280 | 280 |
281 /* release a DPCache object that was previously acquired */ | 281 /* release a DPCache object that was previously acquired */ |
282 void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked); | 282 void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked); |
283 | 283 |
284 /* this function assumes the caller holds a lock on the DPCache */ | |
285 SECStatus DPCache_GetAllCRLs(CRLDPCache* dpc, PRArenaPool* arena, | |
286 CERTSignedCrl*** crls, PRUint16* status); | |
287 | |
288 /* this function assumes the caller holds a lock on the DPCache */ | |
289 SECStatus DPCache_GetCRLEntry(CRLDPCache* cache, PRBool readlocked, | |
290 CERTSignedCrl* crl, SECItem* sn, | |
291 CERTCrlEntry** returned); | |
292 | |
293 /* | 284 /* |
294 * map Stan errors into NSS errors | 285 * map Stan errors into NSS errors |
295 * This function examines the stan error stack and automatically sets | 286 * This function examines the stan error stack and automatically sets |
296 * PORT_SetError(); to the appropriate SEC_ERROR value. | 287 * PORT_SetError(); to the appropriate SEC_ERROR value. |
297 */ | 288 */ |
298 void CERT_MapStanError(); | 289 void CERT_MapStanError(); |
299 | 290 |
300 /* Interface function for libpkix cert validation engine: | 291 /* Interface function for libpkix cert validation engine: |
301 * cert_verify wrapper. */ | 292 * cert_verify wrapper. */ |
302 SECStatus | 293 SECStatus |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
384 | 375 |
385 /* cert_FindCRLByGeneralName must be called only while the named cache is | 376 /* cert_FindCRLByGeneralName must be called only while the named cache is |
386 * acquired, and the entry is only valid until cache is released. | 377 * acquired, and the entry is only valid until cache is released. |
387 */ | 378 */ |
388 SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc, | 379 SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc, |
389 const SECItem* canonicalizedName, | 380 const SECItem* canonicalizedName, |
390 NamedCRLCacheEntry** retEntry); | 381 NamedCRLCacheEntry** retEntry); |
391 | 382 |
392 SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc); | 383 SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc); |
393 | 384 |
| 385 /* This is private for now. Maybe shoule be public. */ |
| 386 CERTGeneralName * |
| 387 cert_GetSubjectAltNameList(CERTCertificate *cert, PRArenaPool *arena); |
| 388 |
| 389 /* Count DNS names and IP addresses in a list of GeneralNames */ |
| 390 PRUint32 |
| 391 cert_CountDNSPatterns(CERTGeneralName *firstName); |
| 392 |
394 #endif /* _CERTI_H_ */ | 393 #endif /* _CERTI_H_ */ |
395 | 394 |
OLD | NEW |