Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Side by Side Diff: nss/lib/certhigh/ocspi.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/certhigh/ocsp.c ('k') | nss/lib/certhigh/ocspsig.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * ocspi.h - NSS internal interfaces to OCSP code
6 */
7
8 #ifndef _OCSPI_H_
9 #define _OCSPI_H_
10
11 SECStatus OCSP_InitGlobal(void);
12 SECStatus OCSP_ShutdownGlobal(void);
13
14 ocspResponseData *
15 ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER);
16
17 ocspSignature *
18 ocsp_GetResponseSignature(CERTOCSPResponse *response);
19
20 SECItem *
21 ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
22 SECItem *fill, const SECItem *src);
23
24 PRBool
25 ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert) ;
26
27 CERTCertificate *
28 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
29 ocspSignature *signature, CERTCertificate *issuer);
30
31 SECStatus
32 ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
33 ocspSignature *signature,
34 SECItem *tbsResponseDataDER,
35 void *pwArg);
36
37 CERTOCSPRequest *
38 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
39 CERTCertificate *singleCert,
40 PRTime time,
41 PRBool addServiceLocator,
42 CERTCertificate *signerCert);
43
44 typedef enum { ocspMissing,
45 ocspFresh,
46 ocspStale } OCSPFreshness;
47
48 SECStatus
49 ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
50 PRTime time,
51 PRBool ignoreOcspFailureMode,
52 SECStatus *rvOcsp,
53 SECErrorCodes *missingResponseError,
54 OCSPFreshness *freshness);
55
56 /*
57 * FUNCTION: cert_ProcessOCSPResponse
58 * Same behavior and basic parameters as CERT_GetOCSPStatusForCertID.
59 * In addition it can update the OCSP cache (using information
60 * available internally to this function).
61 * INPUTS:
62 * CERTCertDBHandle *handle
63 * certificate DB of the cert that is being checked
64 * CERTOCSPResponse *response
65 * the OCSP response we want to retrieve status from.
66 * CERTOCSPCertID *certID
67 * the ID we want to look for from the response.
68 * CERTCertificate *signerCert
69 * the certificate that was used to sign the OCSP response.
70 * must be obtained via a call to CERT_VerifyOCSPResponseSignature.
71 * PRTime time
72 * The time at which we're checking the status for.
73 * PRBool *certIDWasConsumed
74 * In and Out parameter.
75 * If certIDWasConsumed is NULL on input,
76 * this function might produce a deep copy of cert ID
77 * for storing it in the cache.
78 * If out value is true, ownership of parameter certID was
79 * transferred to the OCSP cache.
80 * SECStatus *cacheUpdateStatus
81 * This optional out parameter will contain the result
82 * of the cache update operation (if requested).
83 * RETURN:
84 * The return value is not influenced by the cache operation,
85 * it matches the documentation for CERT_CheckOCSPStatus
86 */
87
88 SECStatus
89 cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
90 CERTOCSPResponse *response,
91 CERTOCSPCertID *certID,
92 CERTCertificate *signerCert,
93 PRTime time,
94 PRBool *certIDWasConsumed,
95 SECStatus *cacheUpdateStatus);
96
97 /*
98 * FUNCTION: cert_RememberOCSPProcessingFailure
99 * If an application notices a failure during OCSP processing,
100 * it should finally call this function. The failure will be recorded
101 * in the OCSP cache in order to avoid repetitive failures.
102 * INPUTS:
103 * CERTOCSPCertID *certID
104 * the ID that was used for the failed OCSP processing
105 * PRBool *certIDWasConsumed
106 * Out parameter, if set to true, ownership of parameter certID was
107 * transferred to the OCSP cache.
108 * RETURN:
109 * Status of the cache update operation.
110 */
111
112 SECStatus
113 cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
114 PRBool *certIDWasConsumed);
115
116 /*
117 * FUNCTION: ocsp_GetResponderLocation
118 * Check ocspx context for user-designated responder URI first. If not
119 * found, checks cert AIA extension.
120 * INPUTS:
121 * CERTCertDBHandle *handle
122 * certificate DB of the cert that is being checked
123 * CERTCertificate *cert
124 * The certificate being examined.
125 * PRBool *certIDWasConsumed
126 * Out parameter, if set to true, URI of default responder is
127 * returned.
128 * RETURN:
129 * Responder URI.
130 */
131 char *
132 ocsp_GetResponderLocation(CERTCertDBHandle *handle,
133 CERTCertificate *cert,
134 PRBool canUseDefaultLocation,
135 PRBool *isDefault);
136
137 /* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
138 * The function checks the global ocsp settings and
139 * tells how to treat an ocsp response fetching failure.
140 * RETURNS:
141 * if PR_TRUE is returned, then treat fetching as a
142 * revoked cert status.
143 */
144 PRBool
145 ocsp_FetchingFailureIsVerificationFailure(void);
146
147 size_t
148 ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf);
149
150 SECStatus
151 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
152 CERTOCSPResponse *response,
153 CERTOCSPCertID *certID,
154 CERTCertificate *signerCert,
155 PRTime time,
156 CERTOCSPSingleResponse **pSingleResponse );
157
158 SECStatus
159 ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time);
160
161 void
162 ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
163 CERTOCSPSingleResponse *single,
164 PRBool *certIDWasConsumed);
165
166 #endif /* _OCSPI_H_ */
OLDNEW
« no previous file with comments | « nss/lib/certhigh/ocsp.c ('k') | nss/lib/certhigh/ocspsig.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698