1 files changed, 66 insertions, 0 deletions

diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
new file mode 100644
index 0000000000..c72eae6a8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Implements generating OCSP responses of various types. Used by the
+// programs in tlsserver/cmd.
+
+#ifndef OCSPCommon_h
+#define OCSPCommon_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "seccomon.h"
+
+enum OCSPResponseType {
+  ORTNull = 0,
+  ORTGood,               // the certificate is good
+  ORTRevoked,            // the certificate has been revoked
+  ORTRevokedOld,         // same, but the response is old
+  ORTUnknown,            // the responder doesn't know if the cert is good
+  ORTUnknownOld,         // same, but the response is old
+  ORTGoodOtherCert,      // the response references a different certificate
+  ORTGoodOtherCA,        // the wrong CA has signed the response
+  ORTExpired,            // the signature on the response has expired
+  ORTExpiredFreshCA,     // fresh signature, but old validity period
+  ORTNone,               // no stapled response
+  ORTEmpty,              // an empty stapled response
+  ORTMalformed,          // the response from the responder was malformed
+  ORTSrverr,             // the response indicates there was a server error
+  ORTTryLater,           // the responder replied with "try again later"
+  ORTNeedsSig,           // the response needs a signature
+  ORTUnauthorized,       // the responder is not authorized for this certificate
+  ORTBadSignature,       // the response has a signature that does not verify
+  ORTSkipResponseBytes,  // the response does not include responseBytes
+  ORTCriticalExtension,  // the response includes a critical extension
+  ORTNoncriticalExtension,  // the response includes an extension that is not
+                            // critical
+  ORTEmptyExtensions,  // the response includes a SEQUENCE OF Extension that is
+                       // empty
+  ORTDelegatedIncluded,      // the response is signed by an included delegated
+                             // responder
+  ORTDelegatedIncludedLast,  // same, but multiple other certificates are
+                             // included
+  ORTDelegatedMissing,  // the response is signed by a not included delegated
+                        // responder
+  ORTDelegatedMissingMultiple,   // same, but multiple other certificates are
+                                 // included
+  ORTLongValidityAlmostExpired,  // a good response, but that was generated a
+                                 // almost a year ago
+  ORTAncientAlmostExpired,  // a good response, with a validity of almost two
+                            // years almost expiring
+};
+
+struct OCSPHost {
+  const char* mHostName;
+  OCSPResponseType mORT;
+  const char* mAdditionalCertName;  // useful for ORTGoodOtherCert, etc.
+  const char* mServerCertName;
+};
+
+SECItemArray* GetOCSPResponseForType(
+    OCSPResponseType aORT, const mozilla::UniqueCERTCertificate& aCert,
+    const mozilla::UniquePLArenaPool& aArena, const char* aAdditionalCertName,
+    time_t aThisUpdateSkew);
+
+#endif  // OCSPCommon_h