OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * certt.h - public data structures for the certificate library | 5 * certt.h - public data structures for the certificate library |
6 */ | 6 */ |
7 #ifndef _CERTT_H_ | 7 #ifndef _CERTT_H_ |
8 #define _CERTT_H_ | 8 #define _CERTT_H_ |
9 | 9 |
10 #include "prclist.h" | 10 #include "prclist.h" |
(...skipping 1023 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1034 * each integer contained in the array pointed to be: | 1034 * each integer contained in the array pointed to be: |
1035 * CERTRevocationTests.cert_rev_flags_per_method | 1035 * CERTRevocationTests.cert_rev_flags_per_method |
1036 * All Flags are prefixed by CERT_REV_M_, where _M_ indicates | 1036 * All Flags are prefixed by CERT_REV_M_, where _M_ indicates |
1037 * this is a method dependent flag. | 1037 * this is a method dependent flag. |
1038 */ | 1038 */ |
1039 | 1039 |
1040 /* | 1040 /* |
1041 * Whether or not to use a method for revocation testing. | 1041 * Whether or not to use a method for revocation testing. |
1042 * If set to "do not test", then all other flags are ignored. | 1042 * If set to "do not test", then all other flags are ignored. |
1043 */ | 1043 */ |
1044 #define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0L | 1044 #define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0UL |
1045 #define CERT_REV_M_TEST_USING_THIS_METHOD 1L | 1045 #define CERT_REV_M_TEST_USING_THIS_METHOD 1UL |
1046 | 1046 |
1047 /* | 1047 /* |
1048 * Whether or not NSS is allowed to attempt to fetch fresh information | 1048 * Whether or not NSS is allowed to attempt to fetch fresh information |
1049 * from the network. | 1049 * from the network. |
1050 * (Although fetching will never happen if fresh information for the | 1050 * (Although fetching will never happen if fresh information for the |
1051 * method is already locally available.) | 1051 * method is already locally available.) |
1052 */ | 1052 */ |
1053 #define CERT_REV_M_ALLOW_NETWORK_FETCHING 0L | 1053 #define CERT_REV_M_ALLOW_NETWORK_FETCHING 0UL |
1054 #define CERT_REV_M_FORBID_NETWORK_FETCHING 2L | 1054 #define CERT_REV_M_FORBID_NETWORK_FETCHING 2UL |
1055 | 1055 |
1056 /* | 1056 /* |
1057 * Example for an implicit default source: | 1057 * Example for an implicit default source: |
1058 * The globally configured default OCSP responder. | 1058 * The globally configured default OCSP responder. |
1059 * IGNORE means: | 1059 * IGNORE means: |
1060 * ignore the implicit default source, whether it's configured or not. | 1060 * ignore the implicit default source, whether it's configured or not. |
1061 * ALLOW means: | 1061 * ALLOW means: |
1062 * if an implicit default source is configured, | 1062 * if an implicit default source is configured, |
1063 * then it overrides any available or missing source in the cert. | 1063 * then it overrides any available or missing source in the cert. |
1064 * if no implicit default source is configured, | 1064 * if no implicit default source is configured, |
1065 * then we continue to use what's available (or not available) | 1065 * then we continue to use what's available (or not available) |
1066 * in the certs. | 1066 * in the certs. |
1067 */ | 1067 */ |
1068 #define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0L | 1068 #define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0UL |
1069 #define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4L | 1069 #define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4UL |
1070 | 1070 |
1071 /* | 1071 /* |
1072 * Defines the behavior if no fresh information is available, | 1072 * Defines the behavior if no fresh information is available, |
1073 * fetching from the network is allowed, but the source of revocation | 1073 * fetching from the network is allowed, but the source of revocation |
1074 * information is unknown (even after considering implicit sources, | 1074 * information is unknown (even after considering implicit sources, |
1075 * if allowed by other flags). | 1075 * if allowed by other flags). |
1076 * SKIPT_TEST means: | 1076 * SKIPT_TEST means: |
1077 * We ignore that no fresh information is available and | 1077 * We ignore that no fresh information is available and |
1078 * skip this test. | 1078 * skip this test. |
1079 * REQUIRE_INFO means: | 1079 * REQUIRE_INFO means: |
1080 * We still require that fresh information is available. | 1080 * We still require that fresh information is available. |
1081 * Other flags define what happens on missing fresh info. | 1081 * Other flags define what happens on missing fresh info. |
1082 */ | 1082 */ |
1083 #define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0L | 1083 #define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0UL |
1084 #define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8L | 1084 #define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8UL |
1085 | 1085 |
1086 /* | 1086 /* |
1087 * Defines the behavior if we are unable to obtain fresh information. | 1087 * Defines the behavior if we are unable to obtain fresh information. |
1088 * INGORE means: | 1088 * INGORE means: |
1089 * Return "cert status unknown" | 1089 * Return "cert status unknown" |
1090 * FAIL means: | 1090 * FAIL means: |
1091 * Return "cert revoked". | 1091 * Return "cert revoked". |
1092 */ | 1092 */ |
1093 #define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0L | 1093 #define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0UL |
1094 #define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16L | 1094 #define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16UL |
1095 | 1095 |
1096 /* | 1096 /* |
1097 * What should happen if we were able to find fresh information using | 1097 * What should happen if we were able to find fresh information using |
1098 * this method, and the data indicated the cert is good? | 1098 * this method, and the data indicated the cert is good? |
1099 * STOP_TESTING means: | 1099 * STOP_TESTING means: |
1100 * Our success is sufficient, do not continue testing | 1100 * Our success is sufficient, do not continue testing |
1101 * other methods. | 1101 * other methods. |
1102 * CONTINUE_TESTING means: | 1102 * CONTINUE_TESTING means: |
1103 * We will continue and test the next allowed | 1103 * We will continue and test the next allowed |
1104 * specified method. | 1104 * specified method. |
1105 */ | 1105 */ |
1106 #define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0L | 1106 #define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0UL |
1107 #define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32L | 1107 #define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32UL |
1108 | 1108 |
1109 /* | 1109 /* |
1110 * The following flags are supposed to be used to control bits in | 1110 * The following flags are supposed to be used to control bits in |
1111 * CERTRevocationTests.cert_rev_method_independent_flags | 1111 * CERTRevocationTests.cert_rev_method_independent_flags |
1112 * All Flags are prefixed by CERT_REV_M_, where _M_ indicates | 1112 * All Flags are prefixed by CERT_REV_M_, where _M_ indicates |
1113 * this is a method independent flag. | 1113 * this is a method independent flag. |
1114 */ | 1114 */ |
1115 | 1115 |
1116 /* | 1116 /* |
1117 * This defines the order to checking. | 1117 * This defines the order to checking. |
1118 * EACH_METHOD_SEPARATELY means: | 1118 * EACH_METHOD_SEPARATELY means: |
1119 * Do all tests related to a particular allowed method | 1119 * Do all tests related to a particular allowed method |
1120 * (both local information and network fetching) in a single step. | 1120 * (both local information and network fetching) in a single step. |
1121 * Only after testing for a particular method is done, | 1121 * Only after testing for a particular method is done, |
1122 * then switching to the next method will happen. | 1122 * then switching to the next method will happen. |
1123 * ALL_LOCAL_INFORMATION_FIRST means: | 1123 * ALL_LOCAL_INFORMATION_FIRST means: |
1124 * Start by testing the information for all allowed methods | 1124 * Start by testing the information for all allowed methods |
1125 * which are already locally available. Only after that is done | 1125 * which are already locally available. Only after that is done |
1126 * consider to fetch from the network (as allowed by other flags). | 1126 * consider to fetch from the network (as allowed by other flags). |
1127 */ | 1127 */ |
1128 #define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0L | 1128 #define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0UL |
1129 #define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1L | 1129 #define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1UL |
1130 | 1130 |
1131 /* | 1131 /* |
1132 * Use this flag to specify that it's necessary that fresh information | 1132 * Use this flag to specify that it's necessary that fresh information |
1133 * is available for at least one of the allowed methods, but it's | 1133 * is available for at least one of the allowed methods, but it's |
1134 * irrelevant which of the mechanisms succeeded. | 1134 * irrelevant which of the mechanisms succeeded. |
1135 * NO_OVERALL_INFO_REQUIREMENT means: | 1135 * NO_OVERALL_INFO_REQUIREMENT means: |
1136 * We strictly follow the requirements for each individual method. | 1136 * We strictly follow the requirements for each individual method. |
1137 * REQUIRE_SOME_FRESH_INFO_AVAILABLE means: | 1137 * REQUIRE_SOME_FRESH_INFO_AVAILABLE means: |
1138 * After the individual tests have been executed, we must have | 1138 * After the individual tests have been executed, we must have |
1139 * been able to find fresh information using at least one method. | 1139 * been able to find fresh information using at least one method. |
1140 * If we were unable to find fresh info, it's a failure. | 1140 * If we were unable to find fresh info, it's a failure. |
1141 * This setting overrides the CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO | 1141 * This setting overrides the CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
1142 * flag on all methods. | 1142 * flag on all methods. |
1143 */ | 1143 */ |
1144 #define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0L | 1144 #define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL |
1145 #define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2L | 1145 #define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2UL |
1146 | 1146 |
1147 | 1147 |
1148 typedef struct { | 1148 typedef struct { |
1149 /* | 1149 /* |
1150 * The size of the array that cert_rev_flags_per_method points to, | 1150 * The size of the array that cert_rev_flags_per_method points to, |
1151 * meaning, the number of methods that are known and defined | 1151 * meaning, the number of methods that are known and defined |
1152 * by the caller. | 1152 * by the caller. |
1153 */ | 1153 */ |
1154 PRUint32 number_of_defined_methods; | 1154 PRUint32 number_of_defined_methods; |
1155 | 1155 |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1334 SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate) | 1334 SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate) |
1335 SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate) | 1335 SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate) |
1336 SEC_ASN1_CHOOSER_DECLARE(CERT_SubjectPublicKeyInfoTemplate) | 1336 SEC_ASN1_CHOOSER_DECLARE(CERT_SubjectPublicKeyInfoTemplate) |
1337 SEC_ASN1_CHOOSER_DECLARE(SEC_SignedCertificateTemplate) | 1337 SEC_ASN1_CHOOSER_DECLARE(SEC_SignedCertificateTemplate) |
1338 SEC_ASN1_CHOOSER_DECLARE(CERT_SignedCrlTemplate) | 1338 SEC_ASN1_CHOOSER_DECLARE(CERT_SignedCrlTemplate) |
1339 SEC_ASN1_CHOOSER_DECLARE(CERT_TimeChoiceTemplate) | 1339 SEC_ASN1_CHOOSER_DECLARE(CERT_TimeChoiceTemplate) |
1340 | 1340 |
1341 SEC_END_PROTOS | 1341 SEC_END_PROTOS |
1342 | 1342 |
1343 #endif /* _CERTT_H_ */ | 1343 #endif /* _CERTT_H_ */ |
OLD | NEW |