Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Side by Side Diff: nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * pkix_revocationchecker.h
6 *
7 * RevocationChecker Object Type Definition
8 *
9 */
10
11 #ifndef _PKIX_REVOCATIONCHECKER_H
12 #define _PKIX_REVOCATIONCHECKER_H
13
14 #include "pkixt.h"
15 #include "certt.h"
16
17 #ifdef __cplusplus
18 extern "C" {
19 #endif
20
21 /* NOTE: nbio logistic removed. Will be replaced later. */
22
23 /*
24 * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
25 * this is a method dependent flag.
26 */
27
28 /*
29 * Whether or not to use a method for revocation testing.
30 * If set to "do not test", then all other flags are ignored.
31 */
32 #define PKIX_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0x00L
33 #define PKIX_REV_M_TEST_USING_THIS_METHOD 0x01L
34
35 /*
36 * Whether or not NSS is allowed to attempt to fetch fresh information
37 * from the network.
38 * (Although fetching will never happen if fresh information for the
39 * method is already locally available.)
40 */
41 #define PKIX_REV_M_ALLOW_NETWORK_FETCHING 0x00L
42 #define PKIX_REV_M_FORBID_NETWORK_FETCHING 0x02L
43
44 /*
45 * Example for an implicit default source:
46 * The globally configured default OCSP responder.
47 * IGNORE means:
48 * ignore the implicit default source, whether it's configured or not.
49 * ALLOW means:
50 * if an implicit default source is configured,
51 * then it overrides any available or missing source in the cert.
52 * if no implicit default source is configured,
53 * then we continue to use what's available (or not available)
54 * in the certs.
55 */
56 #define PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0x00L
57 #define PKIX_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 0x04L /* OCSP only */
58
59 /*
60 * Defines the behavior if no fresh information is available,
61 * fetching from the network is allowed, but the source of revocation
62 * information is unknown (even after considering implicit sources,
63 * if allowed by other flags).
64 * SKIPT_TEST means:
65 * We ignore that no fresh information is available and
66 * skip this test.
67 * REQUIRE_INFO means:
68 * We still require that fresh information is available.
69 * Other flags define what happens on missing fresh info.
70 */
71
72 #define PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0x00L
73 #define PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 0x08L
74
75 /*
76 * Defines the behavior if we are unable to obtain fresh information.
77 * INGORE means:
78 * Return "cert status unknown"
79 * FAIL means:
80 * Return "cert revoked".
81 */
82
83 #define PKIX_REV_M_IGNORE_MISSING_FRESH_INFO 0x00L
84 #define PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO 0x10L
85
86 /*
87 * What should happen if we were able to find fresh information using
88 * this method, and the data indicated the cert is good?
89 * STOP_TESTING means:
90 * Our success is sufficient, do not continue testing
91 * other methods.
92 * CONTINUE_TESTING means:
93 * We will continue and test the next allowed
94 * specified method.
95 */
96
97 #define PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO 0x00L
98 #define PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 0x20L
99
100 /*
101 * All Flags are prefixed by PKIX_REV_MI_, where _MI_ indicates
102 * this is a method independent flag.
103 */
104
105 /*
106 * This defines the order to checking.
107 * EACH_METHOD_SEPARATELY means:
108 * Do all tests related to a particular allowed method
109 * (both local information and network fetching) in a single step.
110 * Only after testing for a particular method is done,
111 * then switching to the next method will happen.
112 * ALL_LOCAL_INFORMATION_FIRST means:
113 * Start by testing the information for all allowed methods
114 * which are already locally available. Only after that is done
115 * consider to fetch from the network (as allowed by other flags).
116 */
117 #define PKIX_REV_MI_TEST_EACH_METHOD_SEPARATELY 0x00L
118 #define PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 0x01L
119
120 /*
121 * Use this flag to specify that it's necessary that fresh information
122 * is available for at least one of the allowed methods, but it's
123 * irrelevant which of the mechanisms succeeded.
124 * NO_OVERALL_INFO_REQUIREMENT means:
125 * We strictly follow the requirements for each individual method.
126 * REQUIRE_SOME_FRESH_INFO_AVAILABLE means:
127 * After the individual tests have been executed, we must have
128 * been able to find fresh information using at least one method.
129 * If we were unable to find fresh info, it's a failure.
130 */
131 #define PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0x00L
132 #define PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 0x02L
133
134 /* Defines check time for the cert, revocation methods lists and
135 * flags for leaf and chain certs revocation tests. */
136 struct PKIX_RevocationCheckerStruct {
137 PKIX_List *leafMethodList;
138 PKIX_List *chainMethodList;
139 PKIX_UInt32 leafMethodListFlags;
140 PKIX_UInt32 chainMethodListFlags;
141 };
142
143 /* see source file for function documentation */
144
145 PKIX_Error *pkix_RevocationChecker_RegisterSelf(void *plContext);
146
147 #ifdef __cplusplus
148 }
149 #endif
150
151 #endif /* _PKIX_REVOCATIONCHECKER_H */
OLDNEW
« no previous file with comments | « nss/lib/libpkix/pkix/checker/pkix_policychecker.c ('k') | nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698