mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-14 19:50:12 +01:00
165 lines
5.8 KiB
C
165 lines
5.8 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
/*
|
|
* ocspi.h - NSS internal interfaces to OCSP code
|
|
*/
|
|
|
|
#ifndef _OCSPI_H_
|
|
#define _OCSPI_H_
|
|
|
|
SECStatus OCSP_InitGlobal(void);
|
|
SECStatus OCSP_ShutdownGlobal(void);
|
|
|
|
ocspResponseData *
|
|
ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER);
|
|
|
|
ocspSignature *
|
|
ocsp_GetResponseSignature(CERTOCSPResponse *response);
|
|
|
|
SECItem *
|
|
ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
|
|
SECItem *fill, const SECItem *src);
|
|
|
|
PRBool
|
|
ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert);
|
|
|
|
CERTCertificate *
|
|
ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
|
|
ocspSignature *signature, CERTCertificate *issuer);
|
|
|
|
SECStatus
|
|
ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
|
|
ocspSignature *signature,
|
|
SECItem *tbsResponseDataDER,
|
|
void *pwArg);
|
|
|
|
CERTOCSPRequest *
|
|
cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
|
|
CERTCertificate *singleCert,
|
|
PRTime time,
|
|
PRBool addServiceLocator,
|
|
CERTCertificate *signerCert);
|
|
|
|
typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness;
|
|
|
|
SECStatus
|
|
ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
|
|
PRTime time,
|
|
PRBool ignoreOcspFailureMode,
|
|
SECStatus *rvOcsp,
|
|
SECErrorCodes *missingResponseError,
|
|
OCSPFreshness *freshness);
|
|
|
|
/*
|
|
* FUNCTION: cert_ProcessOCSPResponse
|
|
* Same behavior and basic parameters as CERT_GetOCSPStatusForCertID.
|
|
* In addition it can update the OCSP cache (using information
|
|
* available internally to this function).
|
|
* INPUTS:
|
|
* CERTCertDBHandle *handle
|
|
* certificate DB of the cert that is being checked
|
|
* CERTOCSPResponse *response
|
|
* the OCSP response we want to retrieve status from.
|
|
* CERTOCSPCertID *certID
|
|
* the ID we want to look for from the response.
|
|
* CERTCertificate *signerCert
|
|
* the certificate that was used to sign the OCSP response.
|
|
* must be obtained via a call to CERT_VerifyOCSPResponseSignature.
|
|
* PRTime time
|
|
* The time at which we're checking the status for.
|
|
* PRBool *certIDWasConsumed
|
|
* In and Out parameter.
|
|
* If certIDWasConsumed is NULL on input,
|
|
* this function might produce a deep copy of cert ID
|
|
* for storing it in the cache.
|
|
* If out value is true, ownership of parameter certID was
|
|
* transferred to the OCSP cache.
|
|
* SECStatus *cacheUpdateStatus
|
|
* This optional out parameter will contain the result
|
|
* of the cache update operation (if requested).
|
|
* RETURN:
|
|
* The return value is not influenced by the cache operation,
|
|
* it matches the documentation for CERT_CheckOCSPStatus
|
|
*/
|
|
|
|
SECStatus
|
|
cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
|
|
CERTOCSPResponse *response,
|
|
CERTOCSPCertID *certID,
|
|
CERTCertificate *signerCert,
|
|
PRTime time,
|
|
PRBool *certIDWasConsumed,
|
|
SECStatus *cacheUpdateStatus);
|
|
|
|
/*
|
|
* FUNCTION: cert_RememberOCSPProcessingFailure
|
|
* If an application notices a failure during OCSP processing,
|
|
* it should finally call this function. The failure will be recorded
|
|
* in the OCSP cache in order to avoid repetitive failures.
|
|
* INPUTS:
|
|
* CERTOCSPCertID *certID
|
|
* the ID that was used for the failed OCSP processing
|
|
* PRBool *certIDWasConsumed
|
|
* Out parameter, if set to true, ownership of parameter certID was
|
|
* transferred to the OCSP cache.
|
|
* RETURN:
|
|
* Status of the cache update operation.
|
|
*/
|
|
|
|
SECStatus
|
|
cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
|
|
PRBool *certIDWasConsumed);
|
|
|
|
/*
|
|
* FUNCTION: ocsp_GetResponderLocation
|
|
* Check ocspx context for user-designated responder URI first. If not
|
|
* found, checks cert AIA extension.
|
|
* INPUTS:
|
|
* CERTCertDBHandle *handle
|
|
* certificate DB of the cert that is being checked
|
|
* CERTCertificate *cert
|
|
* The certificate being examined.
|
|
* PRBool *certIDWasConsumed
|
|
* Out parameter, if set to true, URI of default responder is
|
|
* returned.
|
|
* RETURN:
|
|
* Responder URI.
|
|
*/
|
|
char *
|
|
ocsp_GetResponderLocation(CERTCertDBHandle *handle,
|
|
CERTCertificate *cert,
|
|
PRBool canUseDefaultLocation,
|
|
PRBool *isDefault);
|
|
|
|
/* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
|
|
* The function checks the global ocsp settings and
|
|
* tells how to treat an ocsp response fetching failure.
|
|
* RETURNS:
|
|
* if PR_TRUE is returned, then treat fetching as a
|
|
* revoked cert status.
|
|
*/
|
|
PRBool
|
|
ocsp_FetchingFailureIsVerificationFailure(void);
|
|
|
|
size_t
|
|
ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf);
|
|
|
|
SECStatus
|
|
ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
|
|
CERTOCSPResponse *response,
|
|
CERTOCSPCertID *certID,
|
|
CERTCertificate *signerCert,
|
|
PRTime time,
|
|
CERTOCSPSingleResponse **pSingleResponse);
|
|
|
|
SECStatus
|
|
ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time);
|
|
|
|
void
|
|
ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
|
|
CERTOCSPSingleResponse *single,
|
|
PRBool *certIDWasConsumed);
|
|
|
|
#endif /* _OCSPI_H_ */
|