diff options
Diffstat (limited to 'nss/lib/certhigh/ocspti.h')
-rw-r--r-- | nss/lib/certhigh/ocspti.h | 113 |
1 files changed, 55 insertions, 58 deletions
diff --git a/nss/lib/certhigh/ocspti.h b/nss/lib/certhigh/ocspti.h index a2b3852..d9297db 100644 --- a/nss/lib/certhigh/ocspti.h +++ b/nss/lib/certhigh/ocspti.h @@ -16,7 +16,6 @@ #include "seccomon.h" #include "secoidt.h" - /* * Some notes about naming conventions... * @@ -49,7 +48,6 @@ * way around (reference before definition). */ - /* * Forward-declarations of internal-only data structures. * @@ -67,12 +65,11 @@ typedef struct ocspSingleRequestStr ocspSingleRequest; typedef struct ocspSingleResponseStr ocspSingleResponse; typedef struct ocspTBSRequestStr ocspTBSRequest; - /* * An OCSPRequest; this is what is sent (encoded) to an OCSP responder. */ struct CERTOCSPRequestStr { - PLArenaPool *arena; /* local; not part of encoding */ + PLArenaPool *arena; /* local; not part of encoding */ ocspTBSRequest *tbsRequest; ocspSignature *optionalSignature; }; @@ -92,12 +89,12 @@ struct CERTOCSPRequestStr { * in-progress extensions as they are optionally added to the request. */ struct ocspTBSRequestStr { - SECItem version; /* an INTEGER */ - SECItem *derRequestorName; /* encoded GeneralName; see above */ - CERTGeneralNameList *requestorName; /* local; not part of encoding */ + SECItem version; /* an INTEGER */ + SECItem *derRequestorName; /* encoded GeneralName; see above */ + CERTGeneralNameList *requestorName; /* local; not part of encoding */ ocspSingleRequest **requestList; CERTCertExtension **requestExtensions; - void *extensionHandle; /* local; not part of encoding */ + void *extensionHandle; /* local; not part of encoding */ }; /* @@ -124,12 +121,12 @@ struct ocspTBSRequestStr { */ struct ocspSignatureStr { SECAlgorithmID signatureAlgorithm; - SECItem signature; /* a BIT STRING */ - SECItem **derCerts; /* a SEQUENCE OF Certificate */ - CERTCertificate *cert; /* local; not part of encoding */ - PRBool wasChecked; /* local; not part of encoding */ - SECStatus status; /* local; not part of encoding */ - int failureReason; /* local; not part of encoding */ + SECItem signature; /* a BIT STRING */ + SECItem **derCerts; /* a SEQUENCE OF Certificate */ + CERTCertificate *cert; /* local; not part of encoding */ + PRBool wasChecked; /* local; not part of encoding */ + SECStatus status; /* local; not part of encoding */ + int failureReason; /* local; not part of encoding */ }; /* @@ -140,11 +137,11 @@ struct ocspSignatureStr { * but since that seemed confusing (vs. an OCSPRequest) and to be more * consistent with the parallel type "SingleResponse", I called it a * "SingleRequest". - * + * * XXX figure out how to get rid of that arena -- there must be a way */ struct ocspSingleRequestStr { - PLArenaPool *arena; /* just a copy of the response arena, + PLArenaPool *arena; /* just a copy of the response arena, * needed here for extension handling * routines, on creation only */ CERTOCSPCertID *reqCert; @@ -160,14 +157,14 @@ struct ocspSingleRequestStr { */ struct CERTOCSPCertIDStr { SECAlgorithmID hashAlgorithm; - SECItem issuerNameHash; /* an OCTET STRING */ - SECItem issuerKeyHash; /* an OCTET STRING */ - SECItem serialNumber; /* an INTEGER */ - SECItem issuerSHA1NameHash; /* keep other hashes around when */ - SECItem issuerMD5NameHash; /* we have them */ + SECItem issuerNameHash; /* an OCTET STRING */ + SECItem issuerKeyHash; /* an OCTET STRING */ + SECItem serialNumber; /* an INTEGER */ + SECItem issuerSHA1NameHash; /* keep other hashes around when */ + SECItem issuerMD5NameHash; /* we have them */ SECItem issuerMD2NameHash; - SECItem issuerSHA1KeyHash; /* keep other hashes around when */ - SECItem issuerMD5KeyHash; /* we have them */ + SECItem issuerSHA1KeyHash; /* keep other hashes around when */ + SECItem issuerMD5KeyHash; /* we have them */ SECItem issuerMD2KeyHash; PLArenaPool *poolp; }; @@ -209,10 +206,10 @@ typedef enum { * type ocspResponseStatus. */ struct CERTOCSPResponseStr { - PLArenaPool *arena; /* local; not part of encoding */ - SECItem responseStatus; /* an ENUMERATED, see above */ - ocspResponseStatus statusValue; /* local; not part of encoding */ - ocspResponseBytes *responseBytes; /* only when status is successful */ + PLArenaPool *arena; /* local; not part of encoding */ + SECItem responseStatus; /* an ENUMERATED, see above */ + ocspResponseStatus statusValue; /* local; not part of encoding */ + ocspResponseBytes *responseBytes; /* only when status is successful */ }; /* @@ -230,12 +227,12 @@ struct CERTOCSPResponseStr { * response types, just add them to the union. */ struct ocspResponseBytesStr { - SECItem responseType; /* an OBJECT IDENTIFIER */ - SECOidTag responseTypeTag; /* local; not part of encoding */ - SECItem response; /* an OCTET STRING */ + SECItem responseType; /* an OBJECT IDENTIFIER */ + SECOidTag responseTypeTag; /* local; not part of encoding */ + SECItem response; /* an OCTET STRING */ union { - ocspBasicOCSPResponse *basic; /* when type is id-pkix-ocsp-basic */ - } decodedResponse; /* local; not part of encoding */ + ocspBasicOCSPResponse *basic; /* when type is id-pkix-ocsp-basic */ + } decodedResponse; /* local; not part of encoding */ }; /* @@ -250,7 +247,7 @@ struct ocspResponseBytesStr { */ struct ocspBasicOCSPResponseStr { SECItem tbsResponseDataDER; - ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */ + ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */ ocspSignature responseSignature; }; @@ -260,38 +257,38 @@ struct ocspBasicOCSPResponseStr { * (a per-certificate status). */ struct ocspResponseDataStr { - SECItem version; /* an INTEGER */ + SECItem version; /* an INTEGER */ SECItem derResponderID; - ocspResponderID *responderID; /* local; not part of encoding */ - SECItem producedAt; /* a GeneralizedTime */ + ocspResponderID *responderID; /* local; not part of encoding */ + SECItem producedAt; /* a GeneralizedTime */ CERTOCSPSingleResponse **responses; CERTCertExtension **responseExtensions; }; struct ocspResponderIDStr { - CERTOCSPResponderIDType responderIDType;/* local; not part of encoding */ + CERTOCSPResponderIDType responderIDType; /* local; not part of encoding */ union { - CERTName name; /* when ocspResponderID_byName */ - SECItem keyHash; /* when ocspResponderID_byKey */ - SECItem other; /* when ocspResponderID_other */ + CERTName name; /* when ocspResponderID_byName */ + SECItem keyHash; /* when ocspResponderID_byKey */ + SECItem other; /* when ocspResponderID_other */ } responderIDValue; }; /* * The ResponseData in a BasicOCSPResponse contains a SEQUENCE OF * SingleResponse -- one for each certificate whose status is being supplied. - * + * * XXX figure out how to get rid of that arena -- there must be a way */ struct CERTOCSPSingleResponseStr { - PLArenaPool *arena; /* just a copy of the response arena, + PLArenaPool *arena; /* just a copy of the response arena, * needed here for extension handling * routines, on creation only */ CERTOCSPCertID *certID; SECItem derCertStatus; - ocspCertStatus *certStatus; /* local; not part of encoding */ - SECItem thisUpdate; /* a GeneralizedTime */ - SECItem *nextUpdate; /* a GeneralizedTime */ + ocspCertStatus *certStatus; /* local; not part of encoding */ + SECItem thisUpdate; /* a GeneralizedTime */ + SECItem *nextUpdate; /* a GeneralizedTime */ CERTCertExtension **singleExtensions; }; @@ -313,10 +310,10 @@ struct CERTOCSPSingleResponseStr { */ typedef enum { - ocspCertStatus_good, /* cert is not revoked */ - ocspCertStatus_revoked, /* cert is revoked */ - ocspCertStatus_unknown, /* cert was unknown to the responder */ - ocspCertStatus_other /* status was not an expected value */ + ocspCertStatus_good, /* cert is not revoked */ + ocspCertStatus_revoked, /* cert is revoked */ + ocspCertStatus_unknown, /* cert was unknown to the responder */ + ocspCertStatus_other /* status was not an expected value */ } ocspCertStatusType; /* @@ -327,13 +324,13 @@ typedef enum { * gives more detailed information.) */ struct ocspCertStatusStr { - ocspCertStatusType certStatusType; /* local; not part of encoding */ + ocspCertStatusType certStatusType; /* local; not part of encoding */ union { - SECItem *goodInfo; /* when ocspCertStatus_good */ - ocspRevokedInfo *revokedInfo; /* when ocspCertStatus_revoked */ - SECItem *unknownInfo; /* when ocspCertStatus_unknown */ - SECItem *otherInfo; /* when ocspCertStatus_other */ - } certStatusInfo; + SECItem *goodInfo; /* when ocspCertStatus_good */ + ocspRevokedInfo *revokedInfo; /* when ocspCertStatus_revoked */ + SECItem *unknownInfo; /* when ocspCertStatus_unknown */ + SECItem *otherInfo; /* when ocspCertStatus_other */ + } certStatusInfo; }; /* @@ -341,8 +338,8 @@ struct ocspCertStatusStr { * was revoked and why. */ struct ocspRevokedInfoStr { - SECItem revocationTime; /* a GeneralizedTime */ - SECItem *revocationReason; /* a CRLReason; ignored for now */ + SECItem revocationTime; /* a GeneralizedTime */ + SECItem *revocationReason; /* a CRLReason; ignored for now */ }; /* @@ -353,7 +350,7 @@ struct ocspRevokedInfoStr { */ struct ocspServiceLocatorStr { CERTName *issuer; - SECItem locator; /* DER encoded authInfoAccess extension from cert */ + SECItem locator; /* DER encoded authInfoAccess extension from cert */ }; #endif /* _OCSPTI_H_ */ |