| OLD | NEW |
|---|
| (Empty) |
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 /* | |
| 5 * ocspi.h - NSS internal interfaces to OCSP code | |
| 6 * | |
| 7 * $Id: ocspi.h,v 1.13 2012/12/12 19:29:40 wtc%google.com Exp $ | |
| 8 */ | |
| 9 | |
| 10 #ifndef _OCSPI_H_ | |
| 11 #define _OCSPI_H_ | |
| 12 | |
| 13 SECStatus OCSP_InitGlobal(void); | |
| 14 SECStatus OCSP_ShutdownGlobal(void); | |
| 15 | |
| 16 ocspResponseData * | |
| 17 ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER); | |
| 18 | |
| 19 ocspSignature * | |
| 20 ocsp_GetResponseSignature(CERTOCSPResponse *response); | |
| 21 | |
| 22 PRBool | |
| 23 ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert)
; | |
| 24 | |
| 25 CERTCertificate * | |
| 26 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, | |
| 27 ocspSignature *signature, CERTCertificate *issuer); | |
| 28 | |
| 29 SECStatus | |
| 30 ocsp_VerifyResponseSignature(CERTCertificate *signerCert, | |
| 31 ocspSignature *signature, | |
| 32 SECItem *tbsResponseDataDER, | |
| 33 void *pwArg); | |
| 34 | |
| 35 CERTOCSPRequest * | |
| 36 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, | |
| 37 CERTCertificate *singleCert, | |
| 38 int64 time, | |
| 39 PRBool addServiceLocator, | |
| 40 CERTCertificate *signerCert); | |
| 41 | |
| 42 SECStatus | |
| 43 ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID, | |
| 44 int64 time, | |
| 45 PRBool ignoreOcspFailureMode, | |
| 46 SECStatus *rvOcsp, | |
| 47 SECErrorCodes *missingResponseError); | |
| 48 | |
| 49 /* | |
| 50 * FUNCTION: cert_ProcessOCSPResponse | |
| 51 * Same behavior and basic parameters as CERT_GetOCSPStatusForCertID. | |
| 52 * In addition it can update the OCSP cache (using information | |
| 53 * available internally to this function). | |
| 54 * INPUTS: | |
| 55 * CERTCertDBHandle *handle | |
| 56 * certificate DB of the cert that is being checked | |
| 57 * CERTOCSPResponse *response | |
| 58 * the OCSP response we want to retrieve status from. | |
| 59 * CERTOCSPCertID *certID | |
| 60 * the ID we want to look for from the response. | |
| 61 * CERTCertificate *signerCert | |
| 62 * the certificate that was used to sign the OCSP response. | |
| 63 * must be obtained via a call to CERT_VerifyOCSPResponseSignature. | |
| 64 * int64 time | |
| 65 * The time at which we're checking the status for. | |
| 66 * PRBool *certIDWasConsumed | |
| 67 * In and Out parameter. | |
| 68 * If certIDWasConsumed is NULL on input, | |
| 69 * this function might produce a deep copy of cert ID | |
| 70 * for storing it in the cache. | |
| 71 * If out value is true, ownership of parameter certID was | |
| 72 * transferred to the OCSP cache. | |
| 73 * SECStatus *cacheUpdateStatus | |
| 74 * This optional out parameter will contain the result | |
| 75 * of the cache update operation (if requested). | |
| 76 * RETURN: | |
| 77 * The return value is not influenced by the cache operation, | |
| 78 * it matches the documentation for CERT_CheckOCSPStatus | |
| 79 */ | |
| 80 | |
| 81 SECStatus | |
| 82 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, | |
| 83 CERTOCSPResponse *response, | |
| 84 CERTOCSPCertID *certID, | |
| 85 CERTCertificate *signerCert, | |
| 86 int64 time, | |
| 87 PRBool *certIDWasConsumed, | |
| 88 SECStatus *cacheUpdateStatus); | |
| 89 | |
| 90 /* | |
| 91 * FUNCTION: cert_RememberOCSPProcessingFailure | |
| 92 * If an application notices a failure during OCSP processing, | |
| 93 * it should finally call this function. The failure will be recorded | |
| 94 * in the OCSP cache in order to avoid repetitive failures. | |
| 95 * INPUTS: | |
| 96 * CERTOCSPCertID *certID | |
| 97 * the ID that was used for the failed OCSP processing | |
| 98 * PRBool *certIDWasConsumed | |
| 99 * Out parameter, if set to true, ownership of parameter certID was | |
| 100 * transferred to the OCSP cache. | |
| 101 * RETURN: | |
| 102 * Status of the cache update operation. | |
| 103 */ | |
| 104 | |
| 105 SECStatus | |
| 106 cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID, | |
| 107 PRBool *certIDWasConsumed); | |
| 108 | |
| 109 /* | |
| 110 * FUNCTION: ocsp_GetResponderLocation | |
| 111 * Check ocspx context for user-designated responder URI first. If not | |
| 112 * found, checks cert AIA extension. | |
| 113 * INPUTS: | |
| 114 * CERTCertDBHandle *handle | |
| 115 * certificate DB of the cert that is being checked | |
| 116 * CERTCertificate *cert | |
| 117 * The certificate being examined. | |
| 118 * PRBool *certIDWasConsumed | |
| 119 * Out parameter, if set to true, URI of default responder is | |
| 120 * returned. | |
| 121 * RETURN: | |
| 122 * Responder URI. | |
| 123 */ | |
| 124 char * | |
| 125 ocsp_GetResponderLocation(CERTCertDBHandle *handle, | |
| 126 CERTCertificate *cert, | |
| 127 PRBool canUseDefaultLocation, | |
| 128 PRBool *isDefault); | |
| 129 | |
| 130 /* FUNCTION: ocsp_FetchingFailureIsVerificationFailure | |
| 131 * The function checks the global ocsp settings and | |
| 132 * tells how to treat an ocsp response fetching failure. | |
| 133 * RETURNS: | |
| 134 * if PR_TRUE is returned, then treat fetching as a | |
| 135 * revoked cert status. | |
| 136 */ | |
| 137 PRBool | |
| 138 ocsp_FetchingFailureIsVerificationFailure(void); | |
| 139 | |
| 140 #endif /* _OCSPI_H_ */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14249009:
Change the NSS and NSPR source tree to the new directory structure to be (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/