Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(434)

Side by Side Diff: nss/lib/libpkix/include/pkix_revchecker.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/libpkix/include/pkix_results.h ('k') | nss/lib/libpkix/include/pkix_sample_modules.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * This file defines functions associated with the PKIX_RevocationChecker
6 * type.
7 *
8 */
9
10 #ifndef _PKIX_REVCHECKER_H
11 #define _PKIX_REVCHECKER_H
12
13 #include "pkixt.h"
14 #include "pkix_pl_pki.h"
15
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19
20 /* General
21 *
22 * Please refer to the libpkix Programmer's Guide for detailed information
23 * about how to use the libpkix library. Certain key warnings and notices from
24 * that document are repeated here for emphasis.
25 *
26 * All identifiers in this file (and all public identifiers defined in
27 * libpkix) begin with "PKIX_". Private identifiers only intended for use
28 * within the library begin with "pkix_".
29 *
30 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
31 *
32 * Unless otherwise noted, for all accessor (gettor) functions that return a
33 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
34 * shared object. Therefore, the caller should treat this shared object as
35 * read-only and should not modify this shared object. When done using the
36 * shared object, the caller should release the reference to the object by
37 * using the PKIX_PL_Object_DecRef function.
38 *
39 * While a function is executing, if its arguments (or anything referred to by
40 * its arguments) are modified, free'd, or destroyed, the function's behavior
41 * is undefined.
42 *
43 */
44
45 /* PKIX_RevocationChecker
46 *
47 * PKIX_RevocationChecker provides a standard way of revocation checking.
48 * Caller should configure two set of tests(represented at lists of
49 * RevocationMethod objects) to be performed on the leaf and on the rest of
50 * the chain certificates.
51 *
52 * PKIX_RevocationMethods provide a standard way for the caller to insert
53 * their own custom revocation checks to verify the revocation status of
54 * certificates. This may be useful in many scenarios, including when the
55 * caller wishes to use their own revocation checking mechanism instead of (or
56 * in addition to) the default revocation checking mechanism provided by
57 * libpkix, which uses CRLs and OCSP.
58 *
59 * Once the caller has created the RevocationMethod object(s), the caller
60 * then specifies the RevocationMethod object(s) in a RevocationCheck object
61 * and sets it into a ProcessingParams.
62 */
63
64 /*
65 * FUNCTION: PKIX_RevocationChecker_Create
66 * DESCRIPTION:
67 *
68 * Creates a revocation checker object with the given flags. Revocation will
69 * be checked at the current date.
70 *
71 * PARAMETERS:
72 * "leafMethodListFlags"
73 * Defines a set of method independent flags that will be used to check
74 * revocation of the leaf cert in the chain.
75 * "chainMethodListFlags"
76 * Defines a set of method independent flags that will be used to check
77 * revocation of the remaining certs in the chain.
78 * "pChecker"
79 * The return address of created checker.
80 * "plContext"
81 * Platform-specific context pointer.
82 * THREAD SAFETY:
83 * Thread Safe
84 *
85 * Multiple threads must be able to safely call this function without
86 * worrying about conflicts, even if they're operating on the same objects.
87 * RETURNS:
88 * Returns NULL if the function succeeds.
89 * Returns a RevocationChecker Error if the function fails in a non-fatal way.
90 * Returns a Fatal Error if the function fails in an unrecoverable way.
91 */
92 PKIX_Error *
93 PKIX_RevocationChecker_Create(
94 PKIX_UInt32 leafMethodListFlags,
95 PKIX_UInt32 chainMethodListFlags,
96 PKIX_RevocationChecker **pChecker,
97 void *plContext);
98
99 /*
100 * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
101 * DESCRIPTION:
102 *
103 * Creates revocation method object with given parameters and adds it
104 * to revocation checker method list.
105 *
106 * PARAMETERS:
107 * "revChecker"
108 * Address of revocation checker structure.
109 * "procParams"
110 * Address of ProcessingParams used to initialize the checker.
111 * Must be non-NULL.
112 * "methodType"
113 * Type of the method. Currently only two types are
114 * supported: crl and ocsp. (See PKIX_RevocationMethodType enum).
115 * "methodFlags"
116 * Set of flags for the method.
117 * "methodPriority"
118 * Method priority. (0 corresponds to the highest priority)
119 * "verificationFn"
120 * User call back function that will perform validation of fetched
121 * revocation information(new crl or ocsp response)
122 * "isLeafMethod"
123 * Boolean flag that if set to true indicates that the method should
124 * should be used for leaf cert revocation test(false for chain set
125 * methods).
126 * "plContext"
127 * Platform-specific context pointer.
128 * THREAD SAFETY:
129 * Thread Safe
130 *
131 * Multiple threads must be able to safely call this function without
132 * worrying about conflicts, even if they're operating on the same objects.
133 * RETURNS:
134 * Returns NULL if the function succeeds.
135 * Returns a RevocationChecker Error if the function fails in a non-fatal way.
136 * Returns a Fatal Error if the function fails in an unrecoverable way.
137 */
138 PKIX_Error *
139 PKIX_RevocationChecker_CreateAndAddMethod(
140 PKIX_RevocationChecker *revChecker,
141 PKIX_ProcessingParams *params,
142 PKIX_RevocationMethodType methodType,
143 PKIX_UInt32 methodFlags,
144 PKIX_UInt32 methodPriority,
145 PKIX_PL_VerifyCallback verificationFn,
146 PKIX_Boolean isLeafMethod,
147 void *plContext);
148
149 /*
150 * FUNCTION: PKIX_RevocationChecker_Check
151 * DESCRIPTION:
152 *
153 * Verifies revocation status of the certificate. Issuer cert is given to
154 * be used in verification of revocation information. Performed verification
155 * check depends on configured revocation methods(ocsp, crl. See
156 * PKIX_RevocationChecker_CreateAndAddMethod function) and a point of chain
157 * building process at which PKIX_RevocationChecker_Check was invoked.
158 * For security reasons, the cert status is checked only against cached
159 * revocation information during chain building stage(no trust anchor yes has
160 * been found). The fresh revocation information fetching is done only at chain
161 * verification stage after trust anchor was identified.
162 *
163 * PARAMETERS:
164 * "cert"
165 * Address of Cert whose revocation status is to be determined.
166 * Must be non-NULL.
167 * "issuer"
168 * Issuer cert that potentially holds public key that will be used
169 * to verify revocation info.
170 * "revChecker"
171 * Address of revocation checker structure.
172 * "procParams"
173 * Address of ProcessingParams used to initialize the checker.
174 * Must be non-NULL.
175 * "chainVerificationState"
176 * Need to be set to true, if the check was called during chain verification
177 * as an opposite to chain building.
178 * "testingLeafCert"
179 * Set to true if verifying revocation status of a leaf cert.
180 * "revStatus"
181 * Address of the returned revocation status of the cert.
182 * "pResultCode"
183 * Address where revocation status will be stored. Must be non-NULL.
184 * "pNBIOContext"
185 * Address at which platform-dependent non-blocking I/O context is stored.
186 * Must be non-NULL.
187 * "plContext"
188 * Platform-specific context pointer.
189 * THREAD SAFETY:
190 * Thread Safe
191 *
192 * Multiple threads must be able to safely call this function without
193 * worrying about conflicts, even if they're operating on the same objects.
194 * RETURNS:
195 * Returns NULL if the function succeeds.
196 * Returns a RevocationChecker Error if the function fails in a non-fatal way.
197 * Returns a Fatal Error if the function fails in an unrecoverable way.
198 */
199 PKIX_Error *
200 PKIX_RevocationChecker_Check(PKIX_PL_Cert *cert,
201 PKIX_PL_Cert *issuer,
202 PKIX_RevocationChecker *revChecker,
203 PKIX_ProcessingParams *procParams,
204 PKIX_Boolean chainVerificationState,
205 PKIX_Boolean testingLeafCert,
206 PKIX_RevocationStatus *revStatus,
207 PKIX_UInt32 *pReasonCode,
208 void **pNbioContext,
209 void *plContext);
210
211 #ifdef __cplusplus
212 }
213 #endif
214
215 #endif /* _PKIX_REVCHECKER_H */
OLDNEW
« no previous file with comments | « nss/lib/libpkix/include/pkix_results.h ('k') | nss/lib/libpkix/include/pkix_sample_modules.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698