security/nss/lib/certhigh/ocsp.c
author Tyler Maklebust <maklebus@msu.edu>
Mon, 19 Dec 2016 21:10:54 -0500
changeset 325625 550922e8b2234ceb7bd8eb1e738c14ff8bff56ee
parent 325134 e777cf9e040ff9694a8ba747a6aadf75b8e9fcf8
permissions -rw-r--r--
Bug 1309935 - Add ability to find within select dropdown when over 40 elements. r?jaws, mconley, enndeakin Search implemented for select dropdown options. List navigation takes keyboard input as before, until search field is focused. Pref added to enable search (dom.forms.selectSearch). Task added to test search functionality. MozReview-Commit-ID: BiKRvNbQnxx

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * Implementation of OCSP services, for both client and server.
 * (XXX, really, mostly just for client right now, but intended to do both.)
 */

#include "prerror.h"
#include "prprf.h"
#include "plarena.h"
#include "prnetdb.h"

#include "seccomon.h"
#include "secitem.h"
#include "secoidt.h"
#include "secasn1.h"
#include "secder.h"
#include "cert.h"
#include "certi.h"
#include "xconst.h"
#include "secerr.h"
#include "secoid.h"
#include "hasht.h"
#include "sechash.h"
#include "secasn1.h"
#include "plbase64.h"
#include "keyhi.h"
#include "cryptohi.h"
#include "ocsp.h"
#include "ocspti.h"
#include "ocspi.h"
#include "genname.h"
#include "certxutl.h"
#include "pk11func.h" /* for PK11_HashBuf */
#include <stdarg.h>
#include <plhash.h>

#define DEFAULT_OCSP_CACHE_SIZE 1000
#define DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 1 * 60 * 60L
#define DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 24 * 60 * 60L
#define DEFAULT_OSCP_TIMEOUT_SECONDS 60
#define MICROSECONDS_PER_SECOND 1000000L

typedef struct OCSPCacheItemStr OCSPCacheItem;
typedef struct OCSPCacheDataStr OCSPCacheData;

struct OCSPCacheItemStr {
    /* LRU linking */
    OCSPCacheItem *moreRecent;
    OCSPCacheItem *lessRecent;

    /* key */
    CERTOCSPCertID *certID;
    /* CertID's arena also used to allocate "this" cache item */

    /* cache control information */
    PRTime nextFetchAttemptTime;

    /* Cached contents. Use a separate arena, because lifetime is different */
    PLArenaPool *certStatusArena; /* NULL means: no cert status cached */
    ocspCertStatus certStatus;

    /* This may contain an error code when no OCSP response is available. */
    SECErrorCodes missingResponseError;

    PRPackedBool haveThisUpdate;
    PRPackedBool haveNextUpdate;
    PRTime thisUpdate;
    PRTime nextUpdate;
};

struct OCSPCacheDataStr {
    PLHashTable *entries;
    PRUint32 numberOfEntries;
    OCSPCacheItem *MRUitem; /* most recently used cache item */
    OCSPCacheItem *LRUitem; /* least recently used cache item */
};

static struct OCSPGlobalStruct {
    PRMonitor *monitor;
    const SEC_HttpClientFcn *defaultHttpClientFcn;
    PRInt32 maxCacheEntries;
    PRUint32 minimumSecondsToNextFetchAttempt;
    PRUint32 maximumSecondsToNextFetchAttempt;
    PRUint32 timeoutSeconds;
    OCSPCacheData cache;
    SEC_OcspFailureMode ocspFailureMode;
    CERT_StringFromCertFcn alternateOCSPAIAFcn;
    PRBool forcePost;
} OCSP_Global = { NULL,
                  NULL,
                  DEFAULT_OCSP_CACHE_SIZE,
                  DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT,
                  DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT,
                  DEFAULT_OSCP_TIMEOUT_SECONDS,
                  { NULL, 0, NULL, NULL },
                  ocspMode_FailureIsVerificationFailure,
                  NULL,
                  PR_FALSE };

/* Forward declarations */
static SECItem *
ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
                                       CERTOCSPRequest *request,
                                       const char *location,
                                       const char *method,
                                       PRTime time,
                                       PRBool addServiceLocator,
                                       void *pwArg,
                                       CERTOCSPRequest **pRequest);
static SECStatus
ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
                              CERTOCSPCertID *certID,
                              CERTCertificate *cert,
                              PRTime time,
                              void *pwArg,
                              PRBool *certIDWasConsumed,
                              SECStatus *rv_ocsp);

static SECStatus
ocsp_GetDecodedVerifiedSingleResponseForID(CERTCertDBHandle *handle,
                                           CERTOCSPCertID *certID,
                                           CERTCertificate *cert,
                                           PRTime time,
                                           void *pwArg,
                                           const SECItem *encodedResponse,
                                           CERTOCSPResponse **pDecodedResponse,
                                           CERTOCSPSingleResponse **pSingle);

static SECStatus
ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time);

static CERTOCSPCertID *
cert_DupOCSPCertID(const CERTOCSPCertID *src);

#ifndef DEBUG
#define OCSP_TRACE(msg)
#define OCSP_TRACE_TIME(msg, time)
#define OCSP_TRACE_CERT(cert)
#define OCSP_TRACE_CERTID(certid)
#else
#define OCSP_TRACE(msg) ocsp_Trace msg
#define OCSP_TRACE_TIME(msg, time) ocsp_dumpStringWithTime(msg, time)
#define OCSP_TRACE_CERT(cert) dumpCertificate(cert)
#define OCSP_TRACE_CERTID(certid) dumpCertID(certid)

#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) || \
    defined(XP_MACOSX)
#define NSS_HAVE_GETENV 1
#endif

static PRBool
wantOcspTrace(void)
{
    static PRBool firstTime = PR_TRUE;
    static PRBool wantTrace = PR_FALSE;

#ifdef NSS_HAVE_GETENV
    if (firstTime) {
        char *ev = PR_GetEnvSecure("NSS_TRACE_OCSP");
        if (ev && ev[0]) {
            wantTrace = PR_TRUE;
        }
        firstTime = PR_FALSE;
    }
#endif
    return wantTrace;
}

static void
ocsp_Trace(const char *format, ...)
{
    char buf[2000];
    va_list args;

    if (!wantOcspTrace())
        return;
    va_start(args, format);
    PR_vsnprintf(buf, sizeof(buf), format, args);
    va_end(args);
    PR_LogPrint("%s", buf);
}

static void
ocsp_dumpStringWithTime(const char *str, PRTime time)
{
    PRExplodedTime timePrintable;
    char timestr[256];

    if (!wantOcspTrace())
        return;
    PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
    if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
        ocsp_Trace("OCSP %s %s\n", str, timestr);
    }
}

static void
printHexString(const char *prefix, SECItem *hexval)
{
    unsigned int i;
    char *hexbuf = NULL;

    for (i = 0; i < hexval->len; i++) {
        if (i != hexval->len - 1) {
            hexbuf = PR_sprintf_append(hexbuf, "%02x:", hexval->data[i]);
        } else {
            hexbuf = PR_sprintf_append(hexbuf, "%02x", hexval->data[i]);
        }
    }
    if (hexbuf) {
        ocsp_Trace("%s %s\n", prefix, hexbuf);
        PR_smprintf_free(hexbuf);
    }
}

static void
dumpCertificate(CERTCertificate *cert)
{
    if (!wantOcspTrace())
        return;

    ocsp_Trace("OCSP ----------------\n");
    ocsp_Trace("OCSP ## SUBJECT:  %s\n", cert->subjectName);
    {
        PRTime timeBefore, timeAfter;
        PRExplodedTime beforePrintable, afterPrintable;
        char beforestr[256], afterstr[256];
        PRStatus rv1, rv2;
        DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
        DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
        PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
        PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
        rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y",
                            &beforePrintable);
        rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y",
                            &afterPrintable);
        ocsp_Trace("OCSP ## VALIDITY:  %s to %s\n", rv1 ? beforestr : "",
                   rv2 ? afterstr : "");
    }
    ocsp_Trace("OCSP ## ISSUER:  %s\n", cert->issuerName);
    printHexString("OCSP ## SERIAL NUMBER:", &cert->serialNumber);
}

static void
dumpCertID(CERTOCSPCertID *certID)
{
    if (!wantOcspTrace())
        return;

    printHexString("OCSP certID issuer", &certID->issuerNameHash);
    printHexString("OCSP certID serial", &certID->serialNumber);
}
#endif

SECStatus
SEC_RegisterDefaultHttpClient(const SEC_HttpClientFcn *fcnTable)
{
    if (!OCSP_Global.monitor) {
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return SECFailure;
    }

    PR_EnterMonitor(OCSP_Global.monitor);
    OCSP_Global.defaultHttpClientFcn = fcnTable;
    PR_ExitMonitor(OCSP_Global.monitor);

    return SECSuccess;
}

SECStatus
CERT_RegisterAlternateOCSPAIAInfoCallBack(
    CERT_StringFromCertFcn newCallback,
    CERT_StringFromCertFcn *oldCallback)
{
    CERT_StringFromCertFcn old;

    if (!OCSP_Global.monitor) {
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return SECFailure;
    }

    PR_EnterMonitor(OCSP_Global.monitor);
    old = OCSP_Global.alternateOCSPAIAFcn;
    OCSP_Global.alternateOCSPAIAFcn = newCallback;
    PR_ExitMonitor(OCSP_Global.monitor);
    if (oldCallback)
        *oldCallback = old;
    return SECSuccess;
}

static PLHashNumber PR_CALLBACK
ocsp_CacheKeyHashFunction(const void *key)
{
    CERTOCSPCertID *cid = (CERTOCSPCertID *)key;
    PLHashNumber hash = 0;
    unsigned int i;
    unsigned char *walk;

    /* a very simple hash calculation for the initial coding phase */
    walk = (unsigned char *)cid->issuerNameHash.data;
    for (i = 0; i < cid->issuerNameHash.len; ++i, ++walk) {
        hash += *walk;
    }
    walk = (unsigned char *)cid->issuerKeyHash.data;
    for (i = 0; i < cid->issuerKeyHash.len; ++i, ++walk) {
        hash += *walk;
    }
    walk = (unsigned char *)cid->serialNumber.data;
    for (i = 0; i < cid->serialNumber.len; ++i, ++walk) {
        hash += *walk;
    }
    return hash;
}

static PRIntn PR_CALLBACK
ocsp_CacheKeyCompareFunction(const void *v1, const void *v2)
{
    CERTOCSPCertID *cid1 = (CERTOCSPCertID *)v1;
    CERTOCSPCertID *cid2 = (CERTOCSPCertID *)v2;

    return (SECEqual == SECITEM_CompareItem(&cid1->issuerNameHash,
                                            &cid2->issuerNameHash) &&
            SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash,
                                            &cid2->issuerKeyHash) &&
            SECEqual == SECITEM_CompareItem(&cid1->serialNumber,
                                            &cid2->serialNumber));
}

static SECStatus
ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
                     ocspRevokedInfo *src)
{
    SECStatus rv = SECFailure;
    void *mark;

    mark = PORT_ArenaMark(arena);

    dest->certStatusInfo.revokedInfo =
        (ocspRevokedInfo *)PORT_ArenaZAlloc(arena, sizeof(ocspRevokedInfo));
    if (!dest->certStatusInfo.revokedInfo) {
        goto loser;
    }

    rv = SECITEM_CopyItem(arena,
                          &dest->certStatusInfo.revokedInfo->revocationTime,
                          &src->revocationTime);
    if (rv != SECSuccess) {
        goto loser;
    }

    if (src->revocationReason) {
        dest->certStatusInfo.revokedInfo->revocationReason =
            SECITEM_ArenaDupItem(arena, src->revocationReason);
        if (!dest->certStatusInfo.revokedInfo->revocationReason) {
            goto loser;
        }
    } else {
        dest->certStatusInfo.revokedInfo->revocationReason = NULL;
    }

    PORT_ArenaUnmark(arena, mark);
    return SECSuccess;

loser:
    PORT_ArenaRelease(arena, mark);
    return SECFailure;
}

static SECStatus
ocsp_CopyCertStatus(PLArenaPool *arena, ocspCertStatus *dest,
                    ocspCertStatus *src)
{
    SECStatus rv = SECFailure;
    dest->certStatusType = src->certStatusType;

    switch (src->certStatusType) {
        case ocspCertStatus_good:
            dest->certStatusInfo.goodInfo =
                SECITEM_ArenaDupItem(arena, src->certStatusInfo.goodInfo);
            if (dest->certStatusInfo.goodInfo != NULL) {
                rv = SECSuccess;
            }
            break;
        case ocspCertStatus_revoked:
            rv = ocsp_CopyRevokedInfo(arena, dest,
                                      src->certStatusInfo.revokedInfo);
            break;
        case ocspCertStatus_unknown:
            dest->certStatusInfo.unknownInfo =
                SECITEM_ArenaDupItem(arena, src->certStatusInfo.unknownInfo);
            if (dest->certStatusInfo.unknownInfo != NULL) {
                rv = SECSuccess;
            }
            break;
        case ocspCertStatus_other:
        default:
            PORT_Assert(src->certStatusType == ocspCertStatus_other);
            dest->certStatusInfo.otherInfo =
                SECITEM_ArenaDupItem(arena, src->certStatusInfo.otherInfo);
            if (dest->certStatusInfo.otherInfo != NULL) {
                rv = SECSuccess;
            }
            break;
    }
    return rv;
}

static void
ocsp_AddCacheItemToLinkedList(OCSPCacheData *cache, OCSPCacheItem *new_most_recent)
{
    PR_EnterMonitor(OCSP_Global.monitor);

    if (!cache->LRUitem) {
        cache->LRUitem = new_most_recent;
    }
    new_most_recent->lessRecent = cache->MRUitem;
    new_most_recent->moreRecent = NULL;

    if (cache->MRUitem) {
        cache->MRUitem->moreRecent = new_most_recent;
    }
    cache->MRUitem = new_most_recent;

    PR_ExitMonitor(OCSP_Global.monitor);
}

static void
ocsp_RemoveCacheItemFromLinkedList(OCSPCacheData *cache, OCSPCacheItem *item)
{
    PR_EnterMonitor(OCSP_Global.monitor);

    if (!item->lessRecent && !item->moreRecent) {
        /*
         * Fail gracefully on attempts to remove an item from the list,
         * which is currently not part of the list.
         * But check for the edge case it is the single entry in the list.
         */
        if (item == cache->LRUitem &&
            item == cache->MRUitem) {
            /* remove the single entry */
            PORT_Assert(cache->numberOfEntries == 1);
            PORT_Assert(item->moreRecent == NULL);
            cache->MRUitem = NULL;
            cache->LRUitem = NULL;
        }
        PR_ExitMonitor(OCSP_Global.monitor);
        return;
    }

    PORT_Assert(cache->numberOfEntries > 1);

    if (item == cache->LRUitem) {
        PORT_Assert(item != cache->MRUitem);
        PORT_Assert(item->lessRecent == NULL);
        PORT_Assert(item->moreRecent != NULL);
        PORT_Assert(item->moreRecent->lessRecent == item);
        cache->LRUitem = item->moreRecent;
        cache->LRUitem->lessRecent = NULL;
    } else if (item == cache->MRUitem) {
        PORT_Assert(item->moreRecent == NULL);
        PORT_Assert(item->lessRecent != NULL);
        PORT_Assert(item->lessRecent->moreRecent == item);
        cache->MRUitem = item->lessRecent;
        cache->MRUitem->moreRecent = NULL;
    } else {
        /* remove an entry in the middle of the list */
        PORT_Assert(item->moreRecent != NULL);
        PORT_Assert(item->lessRecent != NULL);
        PORT_Assert(item->lessRecent->moreRecent == item);
        PORT_Assert(item->moreRecent->lessRecent == item);
        item->moreRecent->lessRecent = item->lessRecent;
        item->lessRecent->moreRecent = item->moreRecent;
    }

    item->lessRecent = NULL;
    item->moreRecent = NULL;

    PR_ExitMonitor(OCSP_Global.monitor);
}

static void
ocsp_MakeCacheEntryMostRecent(OCSPCacheData *cache, OCSPCacheItem *new_most_recent)
{
    OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent THREADID %p\n",
                PR_GetCurrentThread()));
    PR_EnterMonitor(OCSP_Global.monitor);
    if (cache->MRUitem == new_most_recent) {
        OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent ALREADY MOST\n"));
        PR_ExitMonitor(OCSP_Global.monitor);
        return;
    }
    OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent NEW entry\n"));
    ocsp_RemoveCacheItemFromLinkedList(cache, new_most_recent);
    ocsp_AddCacheItemToLinkedList(cache, new_most_recent);
    PR_ExitMonitor(OCSP_Global.monitor);
}

static PRBool
ocsp_IsCacheDisabled(void)
{
    /*
     * maxCacheEntries == 0 means unlimited cache entries
     * maxCacheEntries  < 0 means cache is disabled
     */
    PRBool retval;
    PR_EnterMonitor(OCSP_Global.monitor);
    retval = (OCSP_Global.maxCacheEntries < 0);
    PR_ExitMonitor(OCSP_Global.monitor);
    return retval;
}

static OCSPCacheItem *
ocsp_FindCacheEntry(OCSPCacheData *cache, CERTOCSPCertID *certID)
{
    OCSPCacheItem *found_ocsp_item = NULL;
    OCSP_TRACE(("OCSP ocsp_FindCacheEntry\n"));
    OCSP_TRACE_CERTID(certID);
    PR_EnterMonitor(OCSP_Global.monitor);
    if (ocsp_IsCacheDisabled())
        goto loser;

    found_ocsp_item = (OCSPCacheItem *)PL_HashTableLookup(
        cache->entries, certID);
    if (!found_ocsp_item)
        goto loser;

    OCSP_TRACE(("OCSP ocsp_FindCacheEntry FOUND!\n"));
    ocsp_MakeCacheEntryMostRecent(cache, found_ocsp_item);

loser:
    PR_ExitMonitor(OCSP_Global.monitor);
    return found_ocsp_item;
}

static void
ocsp_FreeCacheItem(OCSPCacheItem *item)
{
    OCSP_TRACE(("OCSP ocsp_FreeCacheItem\n"));
    if (item->certStatusArena) {
        PORT_FreeArena(item->certStatusArena, PR_FALSE);
    }
    if (item->certID->poolp) {
        /* freeing this poolp arena will also free item */
        PORT_FreeArena(item->certID->poolp, PR_FALSE);
    }
}

static void
ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item)
{
    /* The item we're removing could be either the least recently used item,
     * or it could be an item that couldn't get updated with newer status info
     * because of an allocation failure, or it could get removed because we're
     * cleaning up.
     */
    OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread()));
    PR_EnterMonitor(OCSP_Global.monitor);

    ocsp_RemoveCacheItemFromLinkedList(cache, item);
#ifdef DEBUG
    {
        PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries,
                                                             item->certID);
        PORT_Assert(couldRemoveFromHashTable);
    }
#else
    PL_HashTableRemove(cache->entries, item->certID);
#endif
    --cache->numberOfEntries;
    ocsp_FreeCacheItem(item);
    PR_ExitMonitor(OCSP_Global.monitor);
}

static void
ocsp_CheckCacheSize(OCSPCacheData *cache)
{
    OCSP_TRACE(("OCSP ocsp_CheckCacheSize\n"));
    PR_EnterMonitor(OCSP_Global.monitor);
    if (OCSP_Global.maxCacheEntries > 0) {
        /* Cache is not disabled. Number of cache entries is limited.
         * The monitor ensures that maxCacheEntries remains positive.
         */
        while (cache->numberOfEntries >
               (PRUint32)OCSP_Global.maxCacheEntries) {
            ocsp_RemoveCacheItem(cache, cache->LRUitem);
        }
    }
    PR_ExitMonitor(OCSP_Global.monitor);
}

SECStatus
CERT_ClearOCSPCache(void)
{
    OCSP_TRACE(("OCSP CERT_ClearOCSPCache\n"));
    PR_EnterMonitor(OCSP_Global.monitor);
    while (OCSP_Global.cache.numberOfEntries > 0) {
        ocsp_RemoveCacheItem(&OCSP_Global.cache,
                             OCSP_Global.cache.LRUitem);
    }
    PR_ExitMonitor(OCSP_Global.monitor);
    return SECSuccess;
}

static SECStatus
ocsp_CreateCacheItemAndConsumeCertID(OCSPCacheData *cache,
                                     CERTOCSPCertID *certID,
                                     OCSPCacheItem **pCacheItem)
{
    PLArenaPool *arena;
    void *mark;
    PLHashEntry *new_hash_entry;
    OCSPCacheItem *item;

    PORT_Assert(pCacheItem != NULL);
    *pCacheItem = NULL;

    PR_EnterMonitor(OCSP_Global.monitor);
    arena = certID->poolp;
    mark = PORT_ArenaMark(arena);

    /* ZAlloc will init all Bools to False and all Pointers to NULL
       and all error codes to zero/good. */
    item = (OCSPCacheItem *)PORT_ArenaZAlloc(certID->poolp,
                                             sizeof(OCSPCacheItem));
    if (!item) {
        goto loser;
    }
    item->certID = certID;
    new_hash_entry = PL_HashTableAdd(cache->entries, item->certID,
                                     item);
    if (!new_hash_entry) {
        goto loser;
    }
    ++cache->numberOfEntries;
    PORT_ArenaUnmark(arena, mark);
    ocsp_AddCacheItemToLinkedList(cache, item);
    *pCacheItem = item;

    PR_ExitMonitor(OCSP_Global.monitor);
    return SECSuccess;

loser:
    PORT_ArenaRelease(arena, mark);
    PR_ExitMonitor(OCSP_Global.monitor);
    return SECFailure;
}

static SECStatus
ocsp_SetCacheItemResponse(OCSPCacheItem *item,
                          const CERTOCSPSingleResponse *response)
{
    if (item->certStatusArena) {
        PORT_FreeArena(item->certStatusArena, PR_FALSE);
        item->certStatusArena = NULL;
    }
    item->haveThisUpdate = item->haveNextUpdate = PR_FALSE;
    if (response) {
        SECStatus rv;
        item->certStatusArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
        if (item->certStatusArena == NULL) {
            return SECFailure;
        }
        rv = ocsp_CopyCertStatus(item->certStatusArena, &item->certStatus,
                                 response->certStatus);
        if (rv != SECSuccess) {
            PORT_FreeArena(item->certStatusArena, PR_FALSE);
            item->certStatusArena = NULL;
            return rv;
        }
        item->missingResponseError = 0;
        rv = DER_GeneralizedTimeToTime(&item->thisUpdate,
                                       &response->thisUpdate);
        item->haveThisUpdate = (rv == SECSuccess);
        if (response->nextUpdate) {
            rv = DER_GeneralizedTimeToTime(&item->nextUpdate,
                                           response->nextUpdate);
            item->haveNextUpdate = (rv == SECSuccess);
        } else {
            item->haveNextUpdate = PR_FALSE;
        }
    }
    return SECSuccess;
}

static void
ocsp_FreshenCacheItemNextFetchAttemptTime(OCSPCacheItem *cacheItem)
{
    PRTime now;
    PRTime earliestAllowedNextFetchAttemptTime;
    PRTime latestTimeWhenResponseIsConsideredFresh;

    OCSP_TRACE(("OCSP ocsp_FreshenCacheItemNextFetchAttemptTime\n"));

    PR_EnterMonitor(OCSP_Global.monitor);

    now = PR_Now();
    OCSP_TRACE_TIME("now:", now);

    if (cacheItem->haveThisUpdate) {
        OCSP_TRACE_TIME("thisUpdate:", cacheItem->thisUpdate);
        latestTimeWhenResponseIsConsideredFresh = cacheItem->thisUpdate +
                                                  OCSP_Global.maximumSecondsToNextFetchAttempt *
                                                      MICROSECONDS_PER_SECOND;
        OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:",
                        latestTimeWhenResponseIsConsideredFresh);
    } else {
        latestTimeWhenResponseIsConsideredFresh = now +
                                                  OCSP_Global.minimumSecondsToNextFetchAttempt *
                                                      MICROSECONDS_PER_SECOND;
        OCSP_TRACE_TIME("no thisUpdate, "
                        "latestTimeWhenResponseIsConsideredFresh:",
                        latestTimeWhenResponseIsConsideredFresh);
    }

    if (cacheItem->haveNextUpdate) {
        OCSP_TRACE_TIME("have nextUpdate:", cacheItem->nextUpdate);
    }

    if (cacheItem->haveNextUpdate &&
        cacheItem->nextUpdate < latestTimeWhenResponseIsConsideredFresh) {
        latestTimeWhenResponseIsConsideredFresh = cacheItem->nextUpdate;
        OCSP_TRACE_TIME("nextUpdate is smaller than latestFresh, setting "
                        "latestTimeWhenResponseIsConsideredFresh:",
                        latestTimeWhenResponseIsConsideredFresh);
    }

    earliestAllowedNextFetchAttemptTime = now +
                                          OCSP_Global.minimumSecondsToNextFetchAttempt *
                                              MICROSECONDS_PER_SECOND;
    OCSP_TRACE_TIME("earliestAllowedNextFetchAttemptTime:",
                    earliestAllowedNextFetchAttemptTime);

    if (latestTimeWhenResponseIsConsideredFresh <
        earliestAllowedNextFetchAttemptTime) {
        latestTimeWhenResponseIsConsideredFresh =
            earliestAllowedNextFetchAttemptTime;
        OCSP_TRACE_TIME("latest < earliest, setting latest to:",
                        latestTimeWhenResponseIsConsideredFresh);
    }

    cacheItem->nextFetchAttemptTime =
        latestTimeWhenResponseIsConsideredFresh;
    OCSP_TRACE_TIME("nextFetchAttemptTime",
                    latestTimeWhenResponseIsConsideredFresh);

    PR_ExitMonitor(OCSP_Global.monitor);
}

static PRBool
ocsp_IsCacheItemFresh(OCSPCacheItem *cacheItem)
{
    PRTime now;
    PRBool fresh;

    now = PR_Now();

    fresh = cacheItem->nextFetchAttemptTime > now;

    /* Work around broken OCSP responders that return unknown responses for
     * certificates, especially certificates that were just recently issued.
     */
    if (fresh && cacheItem->certStatusArena &&
        cacheItem->certStatus.certStatusType == ocspCertStatus_unknown) {
        fresh = PR_FALSE;
    }

    OCSP_TRACE(("OCSP ocsp_IsCacheItemFresh: %d\n", fresh));

    return fresh;
}

/*
 * Status in *certIDWasConsumed will always be correct, regardless of
 * return value.
 * If the caller is unable to transfer ownership of certID,
 * then the caller must set certIDWasConsumed to NULL,
 * and this function will potentially duplicate the certID object.
 */
static SECStatus
ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
                              CERTOCSPCertID *certID,
                              CERTOCSPSingleResponse *single,
                              PRBool *certIDWasConsumed)
{
    SECStatus rv;
    OCSPCacheItem *cacheItem;
    OCSP_TRACE(("OCSP ocsp_CreateOrUpdateCacheEntry\n"));

    if (certIDWasConsumed)
        *certIDWasConsumed = PR_FALSE;

    PR_EnterMonitor(OCSP_Global.monitor);
    PORT_Assert(OCSP_Global.maxCacheEntries >= 0);

    cacheItem = ocsp_FindCacheEntry(cache, certID);

    /* Don't replace an unknown or revoked entry with an error entry, even if
     * the existing entry is expired. Instead, we'll continue to use the
     * existing (possibly expired) cache entry until we receive a valid signed
     * response to replace it.
     */
    if (!single && cacheItem && cacheItem->certStatusArena &&
        (cacheItem->certStatus.certStatusType == ocspCertStatus_revoked ||
         cacheItem->certStatus.certStatusType == ocspCertStatus_unknown)) {
        PR_ExitMonitor(OCSP_Global.monitor);
        return SECSuccess;
    }

    if (!cacheItem) {
        CERTOCSPCertID *myCertID;
        if (certIDWasConsumed) {
            myCertID = certID;
            *certIDWasConsumed = PR_TRUE;
        } else {
            myCertID = cert_DupOCSPCertID(certID);
            if (!myCertID) {
                PR_ExitMonitor(OCSP_Global.monitor);
                PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
                return SECFailure;
            }
        }

        rv = ocsp_CreateCacheItemAndConsumeCertID(cache, myCertID,
                                                  &cacheItem);
        if (rv != SECSuccess) {
            PR_ExitMonitor(OCSP_Global.monitor);
            return rv;
        }
    }
    if (single) {
        PRTime thisUpdate;
        rv = DER_GeneralizedTimeToTime(&thisUpdate, &single->thisUpdate);

        if (!cacheItem->haveThisUpdate ||
            (rv == SECSuccess && cacheItem->thisUpdate < thisUpdate)) {
            rv = ocsp_SetCacheItemResponse(cacheItem, single);
            if (rv != SECSuccess) {
                ocsp_RemoveCacheItem(cache, cacheItem);
                PR_ExitMonitor(OCSP_Global.monitor);
                return rv;
            }
        } else {
            OCSP_TRACE(("Not caching response because the response is not "
                        "newer than the cache"));
        }
    } else {
        cacheItem->missingResponseError = PORT_GetError();
        if (cacheItem->certStatusArena) {
            PORT_FreeArena(cacheItem->certStatusArena, PR_FALSE);
            cacheItem->certStatusArena = NULL;
        }
    }
    ocsp_FreshenCacheItemNextFetchAttemptTime(cacheItem);
    ocsp_CheckCacheSize(cache);

    PR_ExitMonitor(OCSP_Global.monitor);
    return SECSuccess;
}

extern SECStatus
CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode)
{
    switch (ocspFailureMode) {
        case ocspMode_FailureIsVerificationFailure:
        case ocspMode_FailureIsNotAVerificationFailure:
            break;
        default:
            PORT_SetError(SEC_ERROR_INVALID_ARGS);
            return SECFailure;
    }

    PR_EnterMonitor(OCSP_Global.monitor);
    OCSP_Global.ocspFailureMode = ocspFailureMode;
    PR_ExitMonitor(OCSP_Global.monitor);
    return SECSuccess;
}

SECStatus
CERT_OCSPCacheSettings(PRInt32 maxCacheEntries,
                       PRUint32 minimumSecondsToNextFetchAttempt,
                       PRUint32 maximumSecondsToNextFetchAttempt)
{
    if (minimumSecondsToNextFetchAttempt > maximumSecondsToNextFetchAttempt ||
        maxCacheEntries < -1) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    PR_EnterMonitor(OCSP_Global.monitor);

    if (maxCacheEntries < 0) {
        OCSP_Global.maxCacheEntries = -1; /* disable cache */
    } else if (maxCacheEntries == 0) {
        OCSP_Global.maxCacheEntries = 0; /* unlimited cache entries */
    } else {
        OCSP_Global.maxCacheEntries = maxCacheEntries;
    }

    if (minimumSecondsToNextFetchAttempt <
            OCSP_Global.minimumSecondsToNextFetchAttempt ||
        maximumSecondsToNextFetchAttempt <
            OCSP_Global.maximumSecondsToNextFetchAttempt) {
        /*
         * Ensure our existing cache entries are not used longer than the
         * new settings allow, we're lazy and just clear the cache
         */
        CERT_ClearOCSPCache();
    }

    OCSP_Global.minimumSecondsToNextFetchAttempt =
        minimumSecondsToNextFetchAttempt;
    OCSP_Global.maximumSecondsToNextFetchAttempt =
        maximumSecondsToNextFetchAttempt;
    ocsp_CheckCacheSize(&OCSP_Global.cache);

    PR_ExitMonitor(OCSP_Global.monitor);
    return SECSuccess;
}

SECStatus
CERT_SetOCSPTimeout(PRUint32 seconds)
{
    /* no locking, see bug 406120 */
    OCSP_Global.timeoutSeconds = seconds;
    return SECSuccess;
}

/* this function is called at NSS initialization time */
SECStatus
OCSP_InitGlobal(void)
{
    SECStatus rv = SECFailure;

    if (OCSP_Global.monitor == NULL) {
        OCSP_Global.monitor = PR_NewMonitor();
    }
    if (!OCSP_Global.monitor)
        return SECFailure;

    PR_EnterMonitor(OCSP_Global.monitor);
    if (!OCSP_Global.cache.entries) {
        OCSP_Global.cache.entries =
            PL_NewHashTable(0,
                            ocsp_CacheKeyHashFunction,
                            ocsp_CacheKeyCompareFunction,
                            PL_CompareValues,
                            NULL,
                            NULL);
        OCSP_Global.ocspFailureMode = ocspMode_FailureIsVerificationFailure;
        OCSP_Global.cache.numberOfEntries = 0;
        OCSP_Global.cache.MRUitem = NULL;
        OCSP_Global.cache.LRUitem = NULL;
    } else {
        /*
         * NSS might call this function twice while attempting to init.
         * But it's not allowed to call this again after any activity.
         */
        PORT_Assert(OCSP_Global.cache.numberOfEntries == 0);
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
    }
    if (OCSP_Global.cache.entries)
        rv = SECSuccess;
    PR_ExitMonitor(OCSP_Global.monitor);
    return rv;
}

SECStatus
OCSP_ShutdownGlobal(void)
{
    if (!OCSP_Global.monitor)
        return SECSuccess;

    PR_EnterMonitor(OCSP_Global.monitor);
    if (OCSP_Global.cache.entries) {
        CERT_ClearOCSPCache();
        PL_HashTableDestroy(OCSP_Global.cache.entries);
        OCSP_Global.cache.entries = NULL;
    }
    PORT_Assert(OCSP_Global.cache.numberOfEntries == 0);
    OCSP_Global.cache.MRUitem = NULL;
    OCSP_Global.cache.LRUitem = NULL;

    OCSP_Global.defaultHttpClientFcn = NULL;
    OCSP_Global.maxCacheEntries = DEFAULT_OCSP_CACHE_SIZE;
    OCSP_Global.minimumSecondsToNextFetchAttempt =
        DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
    OCSP_Global.maximumSecondsToNextFetchAttempt =
        DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
    OCSP_Global.ocspFailureMode =
        ocspMode_FailureIsVerificationFailure;
    PR_ExitMonitor(OCSP_Global.monitor);

    PR_DestroyMonitor(OCSP_Global.monitor);
    OCSP_Global.monitor = NULL;
    return SECSuccess;
}

/*
 * A return value of NULL means:
 *   The application did not register it's own HTTP client.
 */
const SEC_HttpClientFcn *
SEC_GetRegisteredHttpClient(void)
{
    const SEC_HttpClientFcn *retval;

    if (!OCSP_Global.monitor) {
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return NULL;
    }

    PR_EnterMonitor(OCSP_Global.monitor);
    retval = OCSP_Global.defaultHttpClientFcn;
    PR_ExitMonitor(OCSP_Global.monitor);

    return retval;
}

/*
 * The following structure is only used internally.  It is allocated when
 * someone turns on OCSP checking, and hangs off of the status-configuration
 * structure in the certdb structure.  We use it to keep configuration
 * information specific to OCSP checking.
 */
typedef struct ocspCheckingContextStr {
    PRBool useDefaultResponder;
    char *defaultResponderURI;
    char *defaultResponderNickname;
    CERTCertificate *defaultResponderCert;
} ocspCheckingContext;

SEC_ASN1_MKSUB(SEC_AnyTemplate)
SEC_ASN1_MKSUB(SEC_IntegerTemplate)
SEC_ASN1_MKSUB(SEC_NullTemplate)
SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
SEC_ASN1_MKSUB(SEC_PointerToAnyTemplate)
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
SEC_ASN1_MKSUB(SEC_SequenceOfAnyTemplate)
SEC_ASN1_MKSUB(SEC_PointerToGeneralizedTimeTemplate)
SEC_ASN1_MKSUB(SEC_PointerToEnumeratedTemplate)

/*
 * Forward declarations of sub-types, so I can lay out the types in the
 * same order as the ASN.1 is laid out in the OCSP spec itself.
 *
 * These are in alphabetical order (case-insensitive); please keep it that way!
 */
extern const SEC_ASN1Template ocsp_CertIDTemplate[];
extern const SEC_ASN1Template ocsp_PointerToSignatureTemplate[];
extern const SEC_ASN1Template ocsp_PointerToResponseBytesTemplate[];
extern const SEC_ASN1Template ocsp_ResponseDataTemplate[];
extern const SEC_ASN1Template ocsp_RevokedInfoTemplate[];
extern const SEC_ASN1Template ocsp_SingleRequestTemplate[];
extern const SEC_ASN1Template ocsp_SingleResponseTemplate[];
extern const SEC_ASN1Template ocsp_TBSRequestTemplate[];

/*
 * Request-related templates...
 */

/*
 * OCSPRequest	::=	SEQUENCE {
 *	tbsRequest		TBSRequest,
 *	optionalSignature	[0] EXPLICIT Signature OPTIONAL }
 */
static const SEC_ASN1Template ocsp_OCSPRequestTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(CERTOCSPRequest) },
    { SEC_ASN1_POINTER,
      offsetof(CERTOCSPRequest, tbsRequest),
      ocsp_TBSRequestTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(CERTOCSPRequest, optionalSignature),
      ocsp_PointerToSignatureTemplate },
    { 0 }
};

/*
 * TBSRequest	::=	SEQUENCE {
 *	version			[0] EXPLICIT Version DEFAULT v1,
 *	requestorName		[1] EXPLICIT GeneralName OPTIONAL,
 *	requestList		SEQUENCE OF Request,
 *	requestExtensions	[2] EXPLICIT Extensions OPTIONAL }
 *
 * Version	::=	INTEGER { v1(0) }
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_TBSRequestTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspTBSRequest) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(ocspTBSRequest, version),
      SEC_ASN1_SUB(SEC_IntegerTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
      offsetof(ocspTBSRequest, derRequestorName),
      SEC_ASN1_SUB(SEC_PointerToAnyTemplate) },
    { SEC_ASN1_SEQUENCE_OF,
      offsetof(ocspTBSRequest, requestList),
      ocsp_SingleRequestTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
      offsetof(ocspTBSRequest, requestExtensions),
      CERT_SequenceOfCertExtensionTemplate },
    { 0 }
};

/*
 * Signature	::=	SEQUENCE {
 *	signatureAlgorithm	AlgorithmIdentifier,
 *	signature		BIT STRING,
 *	certs			[0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
 */
static const SEC_ASN1Template ocsp_SignatureTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspSignature) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(ocspSignature, signatureAlgorithm),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_BIT_STRING,
      offsetof(ocspSignature, signature) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(ocspSignature, derCerts),
      SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
    { 0 }
};

/*
 * This template is just an extra level to use in an explicitly-tagged
 * reference to a Signature.
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_PointerToSignatureTemplate[] = {
    { SEC_ASN1_POINTER, 0, ocsp_SignatureTemplate }
};

/*
 * Request	::=	SEQUENCE {
 *	reqCert			CertID,
 *	singleRequestExtensions	[0] EXPLICIT Extensions OPTIONAL }
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_SingleRequestTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspSingleRequest) },
    { SEC_ASN1_POINTER,
      offsetof(ocspSingleRequest, reqCert),
      ocsp_CertIDTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(ocspSingleRequest, singleRequestExtensions),
      CERT_SequenceOfCertExtensionTemplate },
    { 0 }
};

/*
 * This data structure and template (CertID) is used by both OCSP
 * requests and responses.  It is the only one that is shared.
 *
 * CertID	::=	SEQUENCE {
 *	hashAlgorithm		AlgorithmIdentifier,
 *	issuerNameHash		OCTET STRING,	-- Hash of Issuer DN
 *	issuerKeyHash		OCTET STRING,	-- Hash of Issuer public key
 *	serialNumber		CertificateSerialNumber }
 *
 * CertificateSerialNumber ::=	INTEGER
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_CertIDTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(CERTOCSPCertID) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(CERTOCSPCertID, hashAlgorithm),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(CERTOCSPCertID, issuerNameHash) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(CERTOCSPCertID, issuerKeyHash) },
    { SEC_ASN1_INTEGER,
      offsetof(CERTOCSPCertID, serialNumber) },
    { 0 }
};

/*
 * Response-related templates...
 */

/*
 * OCSPResponse	::=	SEQUENCE {
 *	responseStatus		OCSPResponseStatus,
 *	responseBytes		[0] EXPLICIT ResponseBytes OPTIONAL }
 */
const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(CERTOCSPResponse) },
    { SEC_ASN1_ENUMERATED,
      offsetof(CERTOCSPResponse, responseStatus) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(CERTOCSPResponse, responseBytes),
      ocsp_PointerToResponseBytesTemplate },
    { 0 }
};

/*
 * ResponseBytes	::=	SEQUENCE {
 *	responseType		OBJECT IDENTIFIER,
 *	response		OCTET STRING }
 */
const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspResponseBytes) },
    { SEC_ASN1_OBJECT_ID,
      offsetof(ocspResponseBytes, responseType) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(ocspResponseBytes, response) },
    { 0 }
};

/*
 * This template is just an extra level to use in an explicitly-tagged
 * reference to a ResponseBytes.
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_PointerToResponseBytesTemplate[] = {
    { SEC_ASN1_POINTER, 0, ocsp_ResponseBytesTemplate }
};

/*
 * BasicOCSPResponse	::=	SEQUENCE {
 *	tbsResponseData		ResponseData,
 *	signatureAlgorithm	AlgorithmIdentifier,
 *	signature		BIT STRING,
 *	certs			[0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
 */
static const SEC_ASN1Template ocsp_BasicOCSPResponseTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspBasicOCSPResponse) },
    { SEC_ASN1_ANY | SEC_ASN1_SAVE,
      offsetof(ocspBasicOCSPResponse, tbsResponseDataDER) },
    { SEC_ASN1_POINTER,
      offsetof(ocspBasicOCSPResponse, tbsResponseData),
      ocsp_ResponseDataTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_BIT_STRING,
      offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
      SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
    { 0 }
};

/*
 * ResponseData	::=	SEQUENCE {
 *	version			[0] EXPLICIT Version DEFAULT v1,
 *	responderID		ResponderID,
 *	producedAt		GeneralizedTime,
 *	responses		SEQUENCE OF SingleResponse,
 *	responseExtensions	[1] EXPLICIT Extensions OPTIONAL }
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_ResponseDataTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspResponseData) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(ocspResponseData, version),
      SEC_ASN1_SUB(SEC_IntegerTemplate) },
    { SEC_ASN1_ANY,
      offsetof(ocspResponseData, derResponderID) },
    { SEC_ASN1_GENERALIZED_TIME,
      offsetof(ocspResponseData, producedAt) },
    { SEC_ASN1_SEQUENCE_OF,
      offsetof(ocspResponseData, responses),
      ocsp_SingleResponseTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(ocspResponseData, responseExtensions),
      CERT_SequenceOfCertExtensionTemplate },
    { 0 }
};

/*
 * ResponderID	::=	CHOICE {
 *	byName			[1] EXPLICIT Name,
 *	byKey			[2] EXPLICIT KeyHash }
 *
 * KeyHash ::=	OCTET STRING -- SHA-1 hash of responder's public key
 * (excluding the tag and length fields)
 *
 * XXX Because the ASN.1 encoder and decoder currently do not provide
 * a way to automatically handle a CHOICE, we need to do it in two
 * steps, looking at the type tag and feeding the exact choice back
 * to the ASN.1 code.  Hopefully that will change someday and this
 * can all be simplified down into a single template.  Anyway, for
 * now we list each choice as its own template:
 */
const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(ocspResponderID, responderIDValue.name),
      CERT_NameTemplate }
};
const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 2,
      offsetof(ocspResponderID, responderIDValue.keyHash),
      SEC_ASN1_SUB(SEC_OctetStringTemplate) }
};
static const SEC_ASN1Template ocsp_ResponderIDOtherTemplate[] = {
    { SEC_ASN1_ANY,
      offsetof(ocspResponderID, responderIDValue.other) }
};

/* Decode choice container, but leave x509 name object encoded */
static const SEC_ASN1Template ocsp_ResponderIDDerNameTemplate[] = {
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 1,
      0, SEC_ASN1_SUB(SEC_AnyTemplate) }
};

/*
 * SingleResponse	::=	SEQUENCE {
 *	certID			CertID,
 *	certStatus		CertStatus,
 *	thisUpdate		GeneralizedTime,
 *	nextUpdate		[0] EXPLICIT GeneralizedTime OPTIONAL,
 *	singleExtensions	[1] EXPLICIT Extensions OPTIONAL }
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_SingleResponseTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(CERTOCSPSingleResponse) },
    { SEC_ASN1_POINTER,
      offsetof(CERTOCSPSingleResponse, certID),
      ocsp_CertIDTemplate },
    { SEC_ASN1_ANY,
      offsetof(CERTOCSPSingleResponse, derCertStatus) },
    { SEC_ASN1_GENERALIZED_TIME,
      offsetof(CERTOCSPSingleResponse, thisUpdate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(CERTOCSPSingleResponse, nextUpdate),
      SEC_ASN1_SUB(SEC_PointerToGeneralizedTimeTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(CERTOCSPSingleResponse, singleExtensions),
      CERT_SequenceOfCertExtensionTemplate },
    { 0 }
};

/*
 * CertStatus	::=	CHOICE {
 *	good			[0] IMPLICIT NULL,
 *	revoked			[1] IMPLICIT RevokedInfo,
 *	unknown			[2] IMPLICIT UnknownInfo }
 *
 * Because the ASN.1 encoder and decoder currently do not provide
 * a way to automatically handle a CHOICE, we need to do it in two
 * steps, looking at the type tag and feeding the exact choice back
 * to the ASN.1 code.  Hopefully that will change someday and this
 * can all be simplified down into a single template.  Anyway, for
 * now we list each choice as its own template:
 */
static const SEC_ASN1Template ocsp_CertStatusGoodTemplate[] = {
    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(ocspCertStatus, certStatusInfo.goodInfo),
      SEC_ASN1_SUB(SEC_NullTemplate) }
};
static const SEC_ASN1Template ocsp_CertStatusRevokedTemplate[] = {
    { SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
      ocsp_RevokedInfoTemplate }
};
static const SEC_ASN1Template ocsp_CertStatusUnknownTemplate[] = {
    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
      offsetof(ocspCertStatus, certStatusInfo.unknownInfo),
      SEC_ASN1_SUB(SEC_NullTemplate) }
};
static const SEC_ASN1Template ocsp_CertStatusOtherTemplate[] = {
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
      offsetof(ocspCertStatus, certStatusInfo.otherInfo),
      SEC_ASN1_SUB(SEC_AnyTemplate) }
};

/*
 * RevokedInfo	::=	SEQUENCE {
 *	revocationTime		GeneralizedTime,
 *	revocationReason	[0] EXPLICIT CRLReason OPTIONAL }
 *
 * Note: this should be static but the AIX compiler doesn't like it (because it
 * was forward-declared above); it is not meant to be exported, but this
 * is the only way it will compile.
 */
const SEC_ASN1Template ocsp_RevokedInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspRevokedInfo) },
    { SEC_ASN1_GENERALIZED_TIME,
      offsetof(ocspRevokedInfo, revocationTime) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 0,
      offsetof(ocspRevokedInfo, revocationReason),
      SEC_ASN1_SUB(SEC_PointerToEnumeratedTemplate) },
    { 0 }
};

/*
 * OCSP-specific extension templates:
 */

/*
 * ServiceLocator	::=	SEQUENCE {
 *	issuer			Name,
 *	locator			AuthorityInfoAccessSyntax OPTIONAL }
 */
static const SEC_ASN1Template ocsp_ServiceLocatorTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(ocspServiceLocator) },
    { SEC_ASN1_POINTER,
      offsetof(ocspServiceLocator, issuer),
      CERT_NameTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
      offsetof(ocspServiceLocator, locator) },
    { 0 }
};

/*
 * REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
 */

/*
 * FUNCTION: CERT_EncodeOCSPRequest
 *   DER encodes an OCSP Request, possibly adding a signature as well.
 *   XXX Signing is not yet supported, however; see comments in code.
 * INPUTS:
 *   PLArenaPool *arena
 *     The return value is allocated from here.
 *     If a NULL is passed in, allocation is done from the heap instead.
 *   CERTOCSPRequest *request
 *     The request to be encoded.
 *   void *pwArg
 *     Pointer to argument for password prompting, if needed.  (Definitely
 *     not needed if not signing.)
 * RETURN:
 *   Returns a NULL on error and a pointer to the SECItem with the
 *   encoded value otherwise.  Any error is likely to be low-level
 *   (e.g. no memory).
 */
SECItem *
CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
                       void *pwArg)
{
    SECStatus rv;

    /* XXX All of these should generate errors if they fail. */
    PORT_Assert(request);
    PORT_Assert(request->tbsRequest);

    if (request->tbsRequest->extensionHandle != NULL) {
        rv = CERT_FinishExtensions(request->tbsRequest->extensionHandle);
        request->tbsRequest->extensionHandle = NULL;
        if (rv != SECSuccess)
            return NULL;
    }

    /*
     * XXX When signed requests are supported and request->optionalSignature
     * is not NULL:
     *  - need to encode tbsRequest->requestorName
     *  - need to encode tbsRequest
     *  - need to sign that encoded result (using cert in sig), filling in the
     *    request->optionalSignature structure with the result, the signing
     *    algorithm and (perhaps?) the cert (and its chain?) in derCerts
     */

    return SEC_ASN1EncodeItem(arena, NULL, request, ocsp_OCSPRequestTemplate);
}

/*
 * FUNCTION: CERT_DecodeOCSPRequest
 *   Decode a DER encoded OCSP Request.
 * INPUTS:
 *   SECItem *src
 *     Pointer to a SECItem holding DER encoded OCSP Request.
 * RETURN:
 *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
 *   On error, returns NULL.  Most likely error is trouble decoding
 *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
 */
CERTOCSPRequest *
CERT_DecodeOCSPRequest(const SECItem *src)
{
    PLArenaPool *arena = NULL;
    SECStatus rv = SECFailure;
    CERTOCSPRequest *dest = NULL;
    int i;
    SECItem newSrc;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
        goto loser;
    }
    dest = (CERTOCSPRequest *)PORT_ArenaZAlloc(arena,
                                               sizeof(CERTOCSPRequest));
    if (dest == NULL) {
        goto loser;
    }
    dest->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newSrc, src);
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, dest, ocsp_OCSPRequestTemplate, &newSrc);
    if (rv != SECSuccess) {
        if (PORT_GetError() == SEC_ERROR_BAD_DER)
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
        goto loser;
    }

    /*
     * XXX I would like to find a way to get rid of the necessity
     * of doing this copying of the arena pointer.
     */
    for (i = 0; dest->tbsRequest->requestList[i] != NULL; i++) {
        dest->tbsRequest->requestList[i]->arena = arena;
    }

    return dest;

loser:
    if (arena != NULL) {
        PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}

SECStatus
CERT_DestroyOCSPCertID(CERTOCSPCertID *certID)
{
    if (certID && certID->poolp) {
        PORT_FreeArena(certID->poolp, PR_FALSE);
        return SECSuccess;
    }
    PORT_SetError(SEC_ERROR_INVALID_ARGS);
    return SECFailure;
}

/*
 * Digest data using the specified algorithm.
 * The necessary storage for the digest data is allocated.  If "fill" is
 * non-null, the data is put there, otherwise a SECItem is allocated.
 * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
 * results in a NULL being returned (and an appropriate error set).
 */

SECItem *
ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
                 SECItem *fill, const SECItem *src)
{
    const SECHashObject *digestObject;
    SECItem *result = NULL;
    void *mark = NULL;
    void *digestBuff = NULL;

    if (arena != NULL) {
        mark = PORT_ArenaMark(arena);
    }

    digestObject = HASH_GetHashObjectByOidTag(digestAlg);
    if (digestObject == NULL) {
        goto loser;
    }

    if (fill == NULL || fill->data == NULL) {
        result = SECITEM_AllocItem(arena, fill, digestObject->length);
        if (result == NULL) {
            goto loser;
        }
        digestBuff = result->data;
    } else {
        if (fill->len < digestObject->length) {
            PORT_SetError(SEC_ERROR_INVALID_ARGS);
            goto loser;
        }
        digestBuff = fill->data;
    }

    if (PK11_HashBuf(digestAlg, digestBuff,
                     src->data, src->len) != SECSuccess) {
        goto loser;
    }

    if (arena != NULL) {
        PORT_ArenaUnmark(arena, mark);
    }

    if (result == NULL) {
        result = fill;
    }
    return result;

loser:
    if (arena != NULL) {
        PORT_ArenaRelease(arena, mark);
    } else {
        if (result != NULL) {
            SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
        }
    }
    return (NULL);
}

/*
 * Digest the cert's subject public key using the specified algorithm.
 * The necessary storage for the digest data is allocated.  If "fill" is
 * non-null, the data is put there, otherwise a SECItem is allocated.
 * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
 * results in a NULL being returned (and an appropriate error set).
 */
SECItem *
CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena, const CERTCertificate *cert,
                               SECOidTag digestAlg, SECItem *fill)
{
    SECItem spk;

    /*
     * Copy just the length and data pointer (nothing needs to be freed)
     * of the subject public key so we can convert the length from bits
     * to bytes, which is what the digest function expects.
     */
    spk = cert->subjectPublicKeyInfo.subjectPublicKey;
    DER_ConvertBitString(&spk);

    return ocsp_DigestValue(arena, digestAlg, fill, &spk);
}

/*
 * Digest the cert's subject name using the specified algorithm.
 */
SECItem *
CERT_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
                          SECOidTag digestAlg, SECItem *fill)
{
    SECItem name;

    /*
     * Copy just the length and data pointer (nothing needs to be freed)
     * of the subject name
     */
    name = cert->derSubject;

    return ocsp_DigestValue(arena, digestAlg, fill, &name);
}

/*
 * Create and fill-in a CertID.  This function fills in the hash values
 * (issuerNameHash and issuerKeyHash), and is hardwired to use SHA1.
 * Someday it might need to be more flexible about hash algorithm, but
 * for now we have no intention/need to create anything else.
 *
 * Error causes a null to be returned; most likely cause is trouble
 * finding the certificate issuer (SEC_ERROR_UNKNOWN_ISSUER).
 * Other errors are low-level problems (no memory, bad database, etc.).
 */
static CERTOCSPCertID *
ocsp_CreateCertID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
{
    CERTOCSPCertID *certID;
    CERTCertificate *issuerCert = NULL;
    void *mark = PORT_ArenaMark(arena);
    SECStatus rv;

    PORT_Assert(arena != NULL);

    certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
    if (certID == NULL) {
        goto loser;
    }

    rv = SECOID_SetAlgorithmID(arena, &certID->hashAlgorithm, SEC_OID_SHA1,
                               NULL);
    if (rv != SECSuccess) {
        goto loser;
    }

    issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
    if (issuerCert == NULL) {
        goto loser;
    }

    if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_SHA1,
                                  &(certID->issuerNameHash)) == NULL) {
        goto loser;
    }
    certID->issuerSHA1NameHash.data = certID->issuerNameHash.data;
    certID->issuerSHA1NameHash.len = certID->issuerNameHash.len;

    if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_MD5,
                                  &(certID->issuerMD5NameHash)) == NULL) {
        goto loser;
    }

    if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_MD2,
                                  &(certID->issuerMD2NameHash)) == NULL) {
        goto loser;
    }

    if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_SHA1,
                                       &certID->issuerKeyHash) == NULL) {
        goto loser;
    }
    certID->issuerSHA1KeyHash.data = certID->issuerKeyHash.data;
    certID->issuerSHA1KeyHash.len = certID->issuerKeyHash.len;
    /* cache the other two hash algorithms as well */
    if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_MD5,
                                       &certID->issuerMD5KeyHash) == NULL) {
        goto loser;
    }
    if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_MD2,
                                       &certID->issuerMD2KeyHash) == NULL) {
        goto loser;
    }

    /* now we are done with issuerCert */
    CERT_DestroyCertificate(issuerCert);
    issuerCert = NULL;

    rv = SECITEM_CopyItem(arena, &certID->serialNumber, &cert->serialNumber);
    if (rv != SECSuccess) {
        goto loser;
    }

    PORT_ArenaUnmark(arena, mark);
    return certID;

loser:
    if (issuerCert != NULL) {
        CERT_DestroyCertificate(issuerCert);
    }
    PORT_ArenaRelease(arena, mark);
    return NULL;
}

CERTOCSPCertID *
CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time)
{
    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    CERTOCSPCertID *certID;
    PORT_Assert(arena != NULL);
    if (!arena)
        return NULL;

    certID = ocsp_CreateCertID(arena, cert, time);
    if (!certID) {
        PORT_FreeArena(arena, PR_FALSE);
        return NULL;
    }
    certID->poolp = arena;
    return certID;
}

static CERTOCSPCertID *
cert_DupOCSPCertID(const CERTOCSPCertID *src)
{
    CERTOCSPCertID *dest;
    PLArenaPool *arena = NULL;

    if (!src) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (!arena)
        goto loser;

    dest = PORT_ArenaZNew(arena, CERTOCSPCertID);
    if (!dest)
        goto loser;

#define DUPHELP(element)                                          \
    if (src->element.data &&                                      \
        SECITEM_CopyItem(arena, &dest->element, &src->element) != \
            SECSuccess) {                                         \
        goto loser;                                               \
    }

    DUPHELP(hashAlgorithm.algorithm)
    DUPHELP(hashAlgorithm.parameters)
    DUPHELP(issuerNameHash)
    DUPHELP(issuerKeyHash)
    DUPHELP(serialNumber)
    DUPHELP(issuerSHA1NameHash)
    DUPHELP(issuerMD5NameHash)
    DUPHELP(issuerMD2NameHash)
    DUPHELP(issuerSHA1KeyHash)
    DUPHELP(issuerMD5KeyHash)
    DUPHELP(issuerMD2KeyHash)

    dest->poolp = arena;
    return dest;

loser:
    if (arena)
        PORT_FreeArena(arena, PR_FALSE);
    PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
    return NULL;
}

/*
 * Callback to set Extensions in request object
 */
void
SetSingleReqExts(void *object, CERTCertExtension **exts)
{
    ocspSingleRequest *singleRequest =
        (ocspSingleRequest *)object;

    singleRequest->singleRequestExtensions = exts;
}

/*
 * Add the Service Locator extension to the singleRequestExtensions
 * for the given singleRequest.
 *
 * All errors are internal or low-level problems (e.g. no memory).
 */
static SECStatus
ocsp_AddServiceLocatorExtension(ocspSingleRequest *singleRequest,
                                CERTCertificate *cert)
{
    ocspServiceLocator *serviceLocator = NULL;
    void *extensionHandle = NULL;
    SECStatus rv = SECFailure;

    serviceLocator = PORT_ZNew(ocspServiceLocator);
    if (serviceLocator == NULL)
        goto loser;

    /*
     * Normally it would be a bad idea to do a direct reference like
     * this rather than allocate and copy the name *or* at least dup
     * a reference of the cert.  But all we need is to be able to read
     * the issuer name during the encoding we are about to do, so a
     * copy is just a waste of time.
     */
    serviceLocator->issuer = &cert->issuer;

    rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
                                &serviceLocator->locator);
    if (rv != SECSuccess) {
        if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
            goto loser;
    }

    /* prepare for following loser gotos */
    rv = SECFailure;
    PORT_SetError(0);

    extensionHandle = cert_StartExtensions(singleRequest,
                                           singleRequest->arena, SetSingleReqExts);
    if (extensionHandle == NULL)
        goto loser;

    rv = CERT_EncodeAndAddExtension(extensionHandle,
                                    SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
                                    serviceLocator, PR_FALSE,
                                    ocsp_ServiceLocatorTemplate);

loser:
    if (extensionHandle != NULL) {
        /*
	 * Either way we have to finish out the extension context (so it gets
	 * freed).  But careful not to override any already-set bad status.
	 */
        SECStatus tmprv = CERT_FinishExtensions(extensionHandle);
        if (rv == SECSuccess)
            rv = tmprv;
    }

    /*
     * Finally, free the serviceLocator structure itself and we are done.
     */
    if (serviceLocator != NULL) {
        if (serviceLocator->locator.data != NULL)
            SECITEM_FreeItem(&serviceLocator->locator, PR_FALSE);
        PORT_Free(serviceLocator);
    }

    return rv;
}

/*
 * Creates an array of ocspSingleRequest based on a list of certs.
 * Note that the code which later compares the request list with the
 * response expects this array to be in the exact same order as the
 * certs are found in the list.  It would be harder to change that
 * order than preserve it, but since the requirement is not obvious,
 * it deserves to be mentioned.
 *
 * Any problem causes a null return and error set:
 *      SEC_ERROR_UNKNOWN_ISSUER
 * Other errors are low-level problems (no memory, bad database, etc.).
 */
static ocspSingleRequest **
ocsp_CreateSingleRequestList(PLArenaPool *arena, CERTCertList *certList,
                             PRTime time, PRBool includeLocator)
{
    ocspSingleRequest **requestList = NULL;
    CERTCertListNode *node = NULL;
    int i, count;
    void *mark = PORT_ArenaMark(arena);

    node = CERT_LIST_HEAD(certList);
    for (count = 0; !CERT_LIST_END(node, certList); count++) {
        node = CERT_LIST_NEXT(node);
    }

    if (count == 0)
        goto loser;

    requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, count + 1);
    if (requestList == NULL)
        goto loser;

    node = CERT_LIST_HEAD(certList);
    for (i = 0; !CERT_LIST_END(node, certList); i++) {
        requestList[i] = PORT_ArenaZNew(arena, ocspSingleRequest);
        if (requestList[i] == NULL)
            goto loser;

        OCSP_TRACE(("OCSP CERT_CreateOCSPRequest %s\n", node->cert->subjectName));
        requestList[i]->arena = arena;
        requestList[i]->reqCert = ocsp_CreateCertID(arena, node->cert, time);
        if (requestList[i]->reqCert == NULL)
            goto loser;

        if (includeLocator == PR_TRUE) {
            SECStatus rv;

            rv = ocsp_AddServiceLocatorExtension(requestList[i], node->cert);
            if (rv != SECSuccess)
                goto loser;
        }

        node = CERT_LIST_NEXT(node);
    }

    PORT_Assert(i == count);

    PORT_ArenaUnmark(arena, mark);
    requestList[i] = NULL;
    return requestList;

loser:
    PORT_ArenaRelease(arena, mark);
    return NULL;
}

static ocspSingleRequest **
ocsp_CreateRequestFromCert(PLArenaPool *arena,
                           CERTOCSPCertID *certID,
                           CERTCertificate *singleCert,
                           PRTime time,
                           PRBool includeLocator)
{
    ocspSingleRequest **requestList = NULL;
    void *mark = PORT_ArenaMark(arena);
    PORT_Assert(certID != NULL && singleCert != NULL);

    /* meaning of value 2: one entry + one end marker */
    requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, 2);
    if (requestList == NULL)
        goto loser;
    requestList[0] = PORT_ArenaZNew(arena, ocspSingleRequest);
    if (requestList[0] == NULL)
        goto loser;
    requestList[0]->arena = arena;
    /* certID will live longer than the request */
    requestList[0]->reqCert = certID;

    if (includeLocator == PR_TRUE) {
        SECStatus rv;
        rv = ocsp_AddServiceLocatorExtension(requestList[0], singleCert);
        if (rv != SECSuccess)
            goto loser;
    }

    PORT_ArenaUnmark(arena, mark);
    requestList[1] = NULL;
    return requestList;

loser:
    PORT_ArenaRelease(arena, mark);
    return NULL;
}

static CERTOCSPRequest *
ocsp_prepareEmptyOCSPRequest(void)
{
    PLArenaPool *arena = NULL;
    CERTOCSPRequest *request = NULL;
    ocspTBSRequest *tbsRequest = NULL;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
        goto loser;
    }
    request = PORT_ArenaZNew(arena, CERTOCSPRequest);
    if (request == NULL) {
        goto loser;
    }
    request->arena = arena;

    tbsRequest = PORT_ArenaZNew(arena, ocspTBSRequest);
    if (tbsRequest == NULL) {
        goto loser;
    }
    request->tbsRequest = tbsRequest;
    /* version 1 is the default, so we need not fill in a version number */
    return request;

loser:
    if (arena != NULL) {
        PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}

CERTOCSPRequest *
cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
                                 CERTCertificate *singleCert,
                                 PRTime time,
                                 PRBool addServiceLocator,
                                 CERTCertificate *signerCert)
{
    CERTOCSPRequest *request;
    OCSP_TRACE(("OCSP cert_CreateSingleCertOCSPRequest %s\n", singleCert->subjectName));

    /* XXX Support for signerCert may be implemented later,
     * see also the comment in CERT_CreateOCSPRequest.
     */
    if (signerCert != NULL) {
        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
        return NULL;
    }

    request = ocsp_prepareEmptyOCSPRequest();
    if (!request)
        return NULL;
    /*
     * Version 1 is the default, so we need not fill in a version number.
     * Now create the list of single requests, one for each cert.
     */
    request->tbsRequest->requestList =
        ocsp_CreateRequestFromCert(request->arena,
                                   certID,
                                   singleCert,
                                   time,
                                   addServiceLocator);
    if (request->tbsRequest->requestList == NULL) {
        PORT_FreeArena(request->arena, PR_FALSE);
        return NULL;
    }
    return request;
}

/*
 * FUNCTION: CERT_CreateOCSPRequest
 *   Creates a CERTOCSPRequest, requesting the status of the certs in
 *   the given list.
 * INPUTS:
 *   CERTCertList *certList
 *     A list of certs for which status will be requested.
 *     Note that all of these certificates should have the same issuer,
 *     or it's expected the response will be signed by a trusted responder.
 *     If the certs need to be broken up into multiple requests, that
 *     must be handled by the caller (and thus by having multiple calls
 *     to this routine), who knows about where the request(s) are being
 *     sent and whether there are any trusted responders in place.
 *   PRTime time
 *     Indicates the time for which the certificate status is to be
 *     determined -- this may be used in the search for the cert's issuer
 *     but has no effect on the request itself.
 *   PRBool addServiceLocator
 *     If true, the Service Locator extension should be added to the
 *     single request(s) for each cert.
 *   CERTCertificate *signerCert
 *     If non-NULL, means sign the request using this cert.  Otherwise,
 *     do not sign.
 *     XXX note that request signing is not yet supported; see comment in code
 * RETURN:
 *   A pointer to a CERTOCSPRequest structure containing an OCSP request
 *   for the cert list.  On error, null is returned, with an error set
 *   indicating the reason.  This is likely SEC_ERROR_UNKNOWN_ISSUER.
 *   (The issuer is needed to create a request for the certificate.)
 *   Other errors are low-level problems (no memory, bad database, etc.).
 */
CERTOCSPRequest *
CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
                       PRBool addServiceLocator,
                       CERTCertificate *signerCert)
{
    CERTOCSPRequest *request = NULL;

    if (!certList) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }
    /*
     * XXX When we are prepared to put signing of requests back in,
     * we will need to allocate a signature
     * structure for the request, fill in the "derCerts" field in it,
     * save the signerCert there, as well as fill in the "requestorName"
     * field of the tbsRequest.
     */
    if (signerCert != NULL) {
        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
        return NULL;
    }
    request = ocsp_prepareEmptyOCSPRequest();
    if (!request)
        return NULL;
    /*
     * Now create the list of single requests, one for each cert.
     */
    request->tbsRequest->requestList =
        ocsp_CreateSingleRequestList(request->arena,
                                     certList,
                                     time,
                                     addServiceLocator);
    if (request->tbsRequest->requestList == NULL) {
        PORT_FreeArena(request->arena, PR_FALSE);
        return NULL;
    }
    return request;
}

/*
 * FUNCTION: CERT_AddOCSPAcceptableResponses
 *   Add the AcceptableResponses extension to an OCSP Request.
 * INPUTS:
 *   CERTOCSPRequest *request
 *     The request to which the extension should be added.
 *   ...
 *     A list (of one or more) of SECOidTag -- each of the response types
 *     to be added.  The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE.
 *     (This marks the end of the list, and it must be specified because a
 *     client conforming to the OCSP standard is required to handle the basic
 *     response type.)  The OIDs are not checked in any way.
 * RETURN:
 *   SECSuccess if the extension is added; SECFailure if anything goes wrong.
 *   All errors are internal or low-level problems (e.g. no memory).
 */

void
SetRequestExts(void *object, CERTCertExtension **exts)
{
    CERTOCSPRequest *request = (CERTOCSPRequest *)object;

    request->tbsRequest->requestExtensions = exts;
}

#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wvarargs"
#endif
SECStatus
CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
                                SECOidTag responseType0, ...)
{
    void *extHandle;
    va_list ap;
    int i, count;
    SECOidTag responseType;
    SECOidData *responseOid;
    SECItem **acceptableResponses = NULL;
    SECStatus rv = SECFailure;

    extHandle = request->tbsRequest->extensionHandle;
    if (extHandle == NULL) {
        extHandle = cert_StartExtensions(request, request->arena, SetRequestExts);
        if (extHandle == NULL)
            goto loser;
    }

    /* Count number of OIDS going into the extension value. */
    count = 1;
    if (responseType0 != SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
        va_start(ap, responseType0);
        do {
            count++;
            responseType = va_arg(ap, SECOidTag);
        } while (responseType != SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
        va_end(ap);
    }

    acceptableResponses = PORT_NewArray(SECItem *, count + 1);
    if (acceptableResponses == NULL)
        goto loser;

    i = 0;
    responseOid = SECOID_FindOIDByTag(responseType0);
    acceptableResponses[i++] = &(responseOid->oid);
    if (count > 1) {
        va_start(ap, responseType0);
        for (; i < count; i++) {
            responseType = va_arg(ap, SECOidTag);
            responseOid = SECOID_FindOIDByTag(responseType);
            acceptableResponses[i] = &(responseOid->oid);
        }
        va_end(ap);
    }
    acceptableResponses[i] = NULL;

    rv = CERT_EncodeAndAddExtension(extHandle, SEC_OID_PKIX_OCSP_RESPONSE,
                                    &acceptableResponses, PR_FALSE,
                                    SEC_ASN1_GET(SEC_SequenceOfObjectIDTemplate));
    if (rv != SECSuccess)
        goto loser;

    PORT_Free(acceptableResponses);
    if (request->tbsRequest->extensionHandle == NULL)
        request->tbsRequest->extensionHandle = extHandle;
    return SECSuccess;

loser:
    if (acceptableResponses != NULL)
        PORT_Free(acceptableResponses);
    if (extHandle != NULL)
        (void)CERT_FinishExtensions(extHandle);
    return rv;
}
#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
#pragma GCC diagnostic pop
#endif

/*
 * FUNCTION: CERT_DestroyOCSPRequest
 *   Frees an OCSP Request structure.
 * INPUTS:
 *   CERTOCSPRequest *request
 *     Pointer to CERTOCSPRequest to be freed.
 * RETURN:
 *   No return value; no errors.
 */
void
CERT_DestroyOCSPRequest(CERTOCSPRequest *request)
{
    if (request == NULL)
        return;

    if (request->tbsRequest != NULL) {
        if (request->tbsRequest->requestorName != NULL)
            CERT_DestroyGeneralNameList(request->tbsRequest->requestorName);
        if (request->tbsRequest->extensionHandle != NULL)
            (void)CERT_FinishExtensions(request->tbsRequest->extensionHandle);
    }

    if (request->optionalSignature != NULL) {
        if (request->optionalSignature->cert != NULL)
            CERT_DestroyCertificate(request->optionalSignature->cert);

        /*
	 * XXX Need to free derCerts?  Or do they come out of arena?
	 * (Currently we never fill in derCerts, which is why the
	 * answer is not obvious.  Once we do, add any necessary code
	 * here and remove this comment.)
	 */
    }

    /*
     * We should actually never have a request without an arena,
     * but check just in case.  (If there isn't one, there is not
     * much we can do about it...)
     */
    PORT_Assert(request->arena != NULL);
    if (request->arena != NULL)
        PORT_FreeArena(request->arena, PR_FALSE);
}

/*
 * RESPONSE SUPPORT FUNCTIONS (encode/create/decode/destroy):
 */

/*
 * Helper function for encoding or decoding a ResponderID -- based on the
 * given type, return the associated template for that choice.
 */
static const SEC_ASN1Template *
ocsp_ResponderIDTemplateByType(CERTOCSPResponderIDType responderIDType)
{
    const SEC_ASN1Template *responderIDTemplate;

    switch (responderIDType) {
        case ocspResponderID_byName:
            responderIDTemplate = ocsp_ResponderIDByNameTemplate;
            break;
        case ocspResponderID_byKey:
            responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
            break;
        case ocspResponderID_other:
        default:
            PORT_Assert(responderIDType == ocspResponderID_other);
            responderIDTemplate = ocsp_ResponderIDOtherTemplate;
            break;
    }

    return responderIDTemplate;
}

/*
 * Helper function for encoding or decoding a CertStatus -- based on the
 * given type, return the associated template for that choice.
 */
static const SEC_ASN1Template *
ocsp_CertStatusTemplateByType(ocspCertStatusType certStatusType)
{
    const SEC_ASN1Template *certStatusTemplate;

    switch (certStatusType) {
        case ocspCertStatus_good:
            certStatusTemplate = ocsp_CertStatusGoodTemplate;
            break;
        case ocspCertStatus_revoked:
            certStatusTemplate = ocsp_CertStatusRevokedTemplate;
            break;
        case ocspCertStatus_unknown:
            certStatusTemplate = ocsp_CertStatusUnknownTemplate;
            break;
        case ocspCertStatus_other:
        default:
            PORT_Assert(certStatusType == ocspCertStatus_other);
            certStatusTemplate = ocsp_CertStatusOtherTemplate;
            break;
    }

    return certStatusTemplate;
}

/*
 * Helper function for decoding a certStatus -- turn the actual DER tag
 * into our local translation.
 */
static ocspCertStatusType
ocsp_CertStatusTypeByTag(int derTag)
{
    ocspCertStatusType certStatusType;

    switch (derTag) {
        case 0:
            certStatusType = ocspCertStatus_good;
            break;
        case 1:
            certStatusType = ocspCertStatus_revoked;
            break;
        case 2:
            certStatusType = ocspCertStatus_unknown;
            break;
        default:
            certStatusType = ocspCertStatus_other;
            break;
    }

    return certStatusType;
}

/*
 * Helper function for decoding SingleResponses -- they each contain
 * a status which is encoded as CHOICE, which needs to be decoded "by hand".
 *
 * Note -- on error, this routine does not release the memory it may
 * have allocated; it expects its caller to do that.
 */
static SECStatus
ocsp_FinishDecodingSingleResponses(PLArenaPool *reqArena,
                                   CERTOCSPSingleResponse **responses)
{
    ocspCertStatus *certStatus;
    ocspCertStatusType certStatusType;
    const SEC_ASN1Template *certStatusTemplate;
    int derTag;
    int i;
    SECStatus rv = SECFailure;

    if (!reqArena) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    if (responses == NULL) /* nothing to do */
        return SECSuccess;

    for (i = 0; responses[i] != NULL; i++) {
        SECItem *newStatus;
        /*
	 * The following assert points out internal errors (problems in
	 * the template definitions or in the ASN.1 decoder itself, etc.).
	 */
        PORT_Assert(responses[i]->derCertStatus.data != NULL);

        derTag = responses[i]->derCertStatus.data[0] & SEC_ASN1_TAGNUM_MASK;
        certStatusType = ocsp_CertStatusTypeByTag(derTag);
        certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType);

        certStatus = PORT_ArenaZAlloc(reqArena, sizeof(ocspCertStatus));
        if (certStatus == NULL) {
            goto loser;
        }
        newStatus = SECITEM_ArenaDupItem(reqArena, &responses[i]->derCertStatus);
        if (!newStatus) {
            goto loser;
        }
        rv = SEC_QuickDERDecodeItem(reqArena, certStatus, certStatusTemplate,
                                    newStatus);
        if (rv != SECSuccess) {
            if (PORT_GetError() == SEC_ERROR_BAD_DER)
                PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
            goto loser;
        }

        certStatus->certStatusType = certStatusType;
        responses[i]->certStatus = certStatus;
    }

    return SECSuccess;

loser:
    return rv;
}

/*
 * Helper function for decoding a responderID -- turn the actual DER tag
 * into our local translation.
 */
static CERTOCSPResponderIDType
ocsp_ResponderIDTypeByTag(int derTag)
{
    CERTOCSPResponderIDType responderIDType;

    switch (derTag) {
        case 1:
            responderIDType = ocspResponderID_byName;
            break;
        case 2:
            responderIDType = ocspResponderID_byKey;
            break;
        default:
            responderIDType = ocspResponderID_other;
            break;
    }

    return responderIDType;
}

/*
 * Decode "src" as a BasicOCSPResponse, returning the result.
 */
static ocspBasicOCSPResponse *
ocsp_DecodeBasicOCSPResponse(PLArenaPool *arena, SECItem *src)
{
    void *mark;
    ocspBasicOCSPResponse *basicResponse;
    ocspResponseData *responseData;
    ocspResponderID *responderID;
    CERTOCSPResponderIDType responderIDType;
    const SEC_ASN1Template *responderIDTemplate;
    int derTag;
    SECStatus rv;
    SECItem newsrc;

    mark = PORT_ArenaMark(arena);

    basicResponse = PORT_ArenaZAlloc(arena, sizeof(ocspBasicOCSPResponse));
    if (basicResponse == NULL) {
        goto loser;
    }

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newsrc, src);
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, basicResponse,
                                ocsp_BasicOCSPResponseTemplate, &newsrc);
    if (rv != SECSuccess) {
        if (PORT_GetError() == SEC_ERROR_BAD_DER)
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
        goto loser;
    }

    responseData = basicResponse->tbsResponseData;

    /*
     * The following asserts point out internal errors (problems in
     * the template definitions or in the ASN.1 decoder itself, etc.).
     */
    PORT_Assert(responseData != NULL);
    PORT_Assert(responseData->derResponderID.data != NULL);

    /*
     * XXX Because responderID is a CHOICE, which is not currently handled
     * by our ASN.1 decoder, we have to decode it "by hand".
     */
    derTag = responseData->derResponderID.data[0] & SEC_ASN1_TAGNUM_MASK;
    responderIDType = ocsp_ResponderIDTypeByTag(derTag);
    responderIDTemplate = ocsp_ResponderIDTemplateByType(responderIDType);

    responderID = PORT_ArenaZAlloc(arena, sizeof(ocspResponderID));
    if (responderID == NULL) {
        goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, responderID, responderIDTemplate,
                                &responseData->derResponderID);
    if (rv != SECSuccess) {
        if (PORT_GetError() == SEC_ERROR_BAD_DER)
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
        goto loser;
    }

    responderID->responderIDType = responderIDType;
    responseData->responderID = responderID;

    /*
     * XXX Each SingleResponse also contains a CHOICE, which has to be
     * fixed up by hand.
     */
    rv = ocsp_FinishDecodingSingleResponses(arena, responseData->responses);
    if (rv != SECSuccess) {
        goto loser;
    }

    PORT_ArenaUnmark(arena, mark);
    return basicResponse;

loser:
    PORT_ArenaRelease(arena, mark);
    return NULL;
}

/*
 * Decode the responseBytes based on the responseType found in "rbytes",
 * leaving the resulting translated/decoded information in there as well.
 */
static SECStatus
ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
{
    if (rbytes == NULL) {
        PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
        return SECFailure;
    }

    rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
    switch (rbytes->responseTypeTag) {
        case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: {
            ocspBasicOCSPResponse *basicResponse;

            basicResponse = ocsp_DecodeBasicOCSPResponse(arena,
                                                         &rbytes->response);
            if (basicResponse == NULL)
                return SECFailure;

            rbytes->decodedResponse.basic = basicResponse;
        } break;

        /*
	 * Add new/future response types here.
	 */

        default:
            PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
            return SECFailure;
    }

    return SECSuccess;
}

/*
 * FUNCTION: CERT_DecodeOCSPResponse
 *   Decode a DER encoded OCSP Response.
 * INPUTS:
 *   SECItem *src
 *     Pointer to a SECItem holding DER encoded OCSP Response.
 * RETURN:
 *   Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
 *   the caller is responsible for destroying it.  Or NULL if error (either
 *   response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
 *   it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
 *   or a low-level or internal error occurred).
 */
CERTOCSPResponse *
CERT_DecodeOCSPResponse(const SECItem *src)
{
    PLArenaPool *arena = NULL;
    CERTOCSPResponse *response = NULL;
    SECStatus rv = SECFailure;
    ocspResponseStatus sv;
    SECItem newSrc;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
        goto loser;
    }
    response = (CERTOCSPResponse *)PORT_ArenaZAlloc(arena,
                                                    sizeof(CERTOCSPResponse));
    if (response == NULL) {
        goto loser;
    }
    response->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newSrc, src);
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, response, ocsp_OCSPResponseTemplate, &newSrc);
    if (rv != SECSuccess) {
        if (PORT_GetError() == SEC_ERROR_BAD_DER)
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
        goto loser;
    }

    sv = (ocspResponseStatus)DER_GetInteger(&response->responseStatus);
    response->statusValue = sv;
    if (sv != ocspResponse_successful) {
        /*
	 * If the response status is anything but successful, then we
	 * are all done with decoding; the status is all there is.
	 */
        return response;
    }

    /*
     * A successful response contains much more information, still encoded.
     * Now we need to decode that.
     */
    rv = ocsp_DecodeResponseBytes(arena, response->responseBytes);
    if (rv != SECSuccess) {
        goto loser;
    }

    return response;

loser:
    if (arena != NULL) {
        PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}

/*
 * The way an OCSPResponse is defined, there are many levels to descend
 * before getting to the actual response information.  And along the way
 * we need to check that the response *type* is recognizable, which for
 * now means that it is a BasicOCSPResponse, because that is the only
 * type currently defined.  Rather than force all routines to perform
 * a bunch of sanity checking every time they want to work on a response,
 * this function isolates that and gives back the interesting part.
 * Note that no copying is done, this just returns a pointer into the
 * substructure of the response which is passed in.
 *
 * XXX This routine only works when a valid response structure is passed
 * into it; this is checked with many assertions.  Assuming the response
 * was creating by decoding, it wouldn't make it this far without being
 * okay.  That is a sufficient assumption since the entire OCSP interface
 * is only used internally.  When this interface is officially exported,
 * each assertion below will need to be followed-up with setting an error
 * and returning (null).
 *
 * FUNCTION: ocsp_GetResponseData
 *   Returns ocspResponseData structure and a pointer to tbs response
 *   data DER from a valid ocsp response.
 * INPUTS:
 *   CERTOCSPResponse *response
 *     structure of a valid ocsp response
 * RETURN:
 *   Returns a pointer to ocspResponseData structure: decoded OCSP response
 *   data, and a pointer(tbsResponseDataDER) to its undecoded data DER.
 */
ocspResponseData *
ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER)
{
    ocspBasicOCSPResponse *basic;
    ocspResponseData *responseData;

    PORT_Assert(response != NULL);

    PORT_Assert(response->responseBytes != NULL);

    PORT_Assert(response->responseBytes->responseTypeTag ==
                SEC_OID_PKIX_OCSP_BASIC_RESPONSE);

    basic = response->responseBytes->decodedResponse.basic;
    PORT_Assert(basic != NULL);

    responseData = basic->tbsResponseData;
    PORT_Assert(responseData != NULL);

    if (tbsResponseDataDER) {
        *tbsResponseDataDER = &basic->tbsResponseDataDER;

        PORT_Assert((*tbsResponseDataDER)->data != NULL);
        PORT_Assert((*tbsResponseDataDER)->len != 0);
    }

    return responseData;
}

/*
 * Much like the routine above, except it returns the response signature.
 * Again, no copy is done.
 */
ocspSignature *
ocsp_GetResponseSignature(CERTOCSPResponse *response)
{
    ocspBasicOCSPResponse *basic;

    PORT_Assert(response != NULL);
    if (NULL == response->responseBytes) {
        return NULL;
    }
    if (response->responseBytes->responseTypeTag !=
        SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
        return NULL;
    }
    basic = response->responseBytes->decodedResponse.basic;
    PORT_Assert(basic != NULL);

    return &(basic->responseSignature);
}

/*
 * FUNCTION: CERT_DestroyOCSPResponse
 *   Frees an OCSP Response structure.
 * INPUTS:
 *   CERTOCSPResponse *request
 *     Pointer to CERTOCSPResponse to be freed.
 * RETURN:
 *   No return value; no errors.
 */
void
CERT_DestroyOCSPResponse(CERTOCSPResponse *response)
{
    if (response != NULL) {
        ocspSignature *signature = ocsp_GetResponseSignature(response);
        if (signature && signature->cert != NULL)
            CERT_DestroyCertificate(signature->cert);

        /*
	 * We should actually never have a response without an arena,
	 * but check just in case.  (If there isn't one, there is not
	 * much we can do about it...)
	 */
        PORT_Assert(response->arena != NULL);
        if (response->arena != NULL) {
            PORT_FreeArena(response->arena, PR_FALSE);
        }
    }
}

/*
 * OVERALL OCSP CLIENT SUPPORT (make and send a request, verify a response):
 */

/*
 * Pick apart a URL, saving the important things in the passed-in pointers.
 *
 * We expect to find "http://<hostname>[:<port>]/[path]", though we will
 * tolerate that final slash character missing, as well as beginning and
 * trailing whitespace, and any-case-characters for "http".  All of that
 * tolerance is what complicates this routine.  What we want is just to
 * pick out the hostname, the port, and the path.
 *
 * On a successful return, the caller will need to free the output pieces
 * of hostname and path, which are copies of the values found in the url.
 */
static SECStatus
ocsp_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
{
    unsigned short port = 80; /* default, in case not in url */
    char *hostname = NULL;
    char *path = NULL;
    const char *save;
    char c;
    int len;

    if (url == NULL)
        goto loser;

    /*
     * Skip beginning whitespace.
     */
    c = *url;
    while ((c == ' ' || c == '\t') && c != '\0') {
        url++;
        c = *url;
    }
    if (c == '\0')
        goto loser;

    /*
     * Confirm, then skip, protocol.  (Since we only know how to do http,
     * that is all we will accept).
     */
    if (PORT_Strncasecmp(url, "http://", 7) != 0)
        goto loser;
    url += 7;

    /*
     * Whatever comes next is the hostname (or host IP address).  We just
     * save it aside and then search for its end so we can determine its
     * length and copy it.
     *
     * XXX Note that because we treat a ':' as a terminator character
     * (and below, we expect that to mean there is a port specification
     * immediately following), we will not handle IPv6 addresses.  That is
     * apparently an acceptable limitation, for the time being.  Some day,
     * when there is a clear way to specify a URL with an IPv6 address that
     * can be parsed unambiguously, this code should be made to do that.
     */
    save = url;
    c = *url;
    while (c != '/' && c != ':' && c != '\0' && c != ' ' && c != '\t') {
        url++;
        c = *url;
    }
    len = url - save;
    hostname = PORT_Alloc(len + 1);
    if (hostname == NULL)
        goto loser;
    PORT_Memcpy(hostname, save, len);
    hostname[len] = '\0';

    /*
     * Now we figure out if there was a port specified or not.
     * If so, we need to parse it (as a number) and skip it.
     */
    if (c == ':') {
        url++;
        port = (unsigned short)PORT_Atoi(url);
        c = *url;
        while (c != '/' && c != '\0' && c != ' ' && c != '\t') {
            if (c < '0' || c > '9')
                goto loser;
            url++;
            c = *url;
        }
    }

    /*
     * Last thing to find is a path.  There *should* be a slash,
     * if nothing else -- but if there is not we provide one.
     */
    if (c == '/') {
        save = url;
        while (c != '\0' && c != ' ' && c != '\t') {
            url++;
            c = *url;
        }
        len = url - save;
        path = PORT_Alloc(len + 1);
        if (path == NULL)
            goto loser;
        PORT_Memcpy(path, save, len);
        path[len] = '\0';
    } else {
        path = PORT_Strdup("/");
        if (path == NULL)
            goto loser;
    }

    *pHostname = hostname;
    *pPort = port;
    *pPath = path;
    return SECSuccess;

loser:
    if (hostname != NULL)
        PORT_Free(hostname);
    PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
    return SECFailure;
}

/*
 * Open a socket to the specified host on the specified port, and return it.
 * The host is either a hostname or an IP address.
 */
static PRFileDesc *
ocsp_ConnectToHost(const char *host, PRUint16 port)
{
    PRFileDesc *sock = NULL;
    PRIntervalTime timeout;
    PRNetAddr addr;
    char *netdbbuf = NULL;

    sock = PR_NewTCPSocket();
    if (sock == NULL)
        goto loser;

    /* XXX Some day need a way to set (and get?) the following value */
    timeout = PR_SecondsToInterval(30);

    /*
     * If the following converts an IP address string in "dot notation"
     * into a PRNetAddr.  If it fails, we assume that is because we do not
     * have such an address, but instead a host *name*.  In that case we
     * then lookup the host by name.  Using the NSPR function this way
     * means we do not have to have our own logic for distinguishing a
     * valid numerical IP address from a hostname.
     */
    if (PR_StringToNetAddr(host, &addr) != PR_SUCCESS) {
        PRIntn hostIndex;
        PRHostEnt hostEntry;

        netdbbuf = PORT_Alloc(PR_NETDB_BUF_SIZE);
        if (netdbbuf == NULL)
            goto loser;

        if (PR_GetHostByName(host, netdbbuf, PR_NETDB_BUF_SIZE,
                             &hostEntry) != PR_SUCCESS)
            goto loser;

        hostIndex = 0;
        do {
            hostIndex = PR_EnumerateHostEnt(hostIndex, &hostEntry, port, &addr);
            if (hostIndex <= 0)
                goto loser;
        } while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS);

        PORT_Free(netdbbuf);
    } else {
        /*
	 * First put the port into the address, then connect.
	 */
        if (PR_InitializeNetAddr(PR_IpAddrNull, port, &addr) != PR_SUCCESS)
            goto loser;
        if (PR_Connect(sock, &addr, timeout) != PR_SUCCESS)
            goto loser;
    }

    return sock;

loser:
    if (sock != NULL)
        PR_Close(sock);
    if (netdbbuf != NULL)
        PORT_Free(netdbbuf);
    return NULL;
}

/*
 * Sends an encoded OCSP request to the server identified by "location",
 * and returns the socket on which it was sent (so can listen for the reply).
 * "location" is expected to be a valid URL -- an error parsing it produces
 * SEC_ERROR_CERT_BAD_ACCESS_LOCATION.  Other errors are likely problems
 * connecting to it, or writing to it, or allocating memory, and the low-level
 * errors appropriate to the problem will be set.
 * if (encodedRequest == NULL)
 *   then location MUST already include the full request,
 *        including base64 and urlencode,
 *        and the request will be sent with GET
 * if (encodedRequest != NULL)
 *   then the request will be sent with POST
 */
static PRFileDesc *
ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest)
{
    char *hostname = NULL;
    char *path = NULL;
    PRUint16 port;
    SECStatus rv;
    PRFileDesc *sock = NULL;
    PRFileDesc *returnSock = NULL;
    char *header = NULL;
    char portstr[16];

    /*
     * Take apart the location, getting the hostname, port, and path.
     */
    rv = ocsp_ParseURL(location, &hostname, &port, &path);
    if (rv != SECSuccess)
        goto loser;

    PORT_Assert(hostname != NULL);
    PORT_Assert(path != NULL);

    sock = ocsp_ConnectToHost(hostname, port);
    if (sock == NULL)
        goto loser;

    portstr[0] = '\0';
    if (port != 80) {
        PR_snprintf(portstr, sizeof(portstr), ":%d", port);
    }

    if (!encodedRequest) {
        header = PR_smprintf("GET %s HTTP/1.0\r\n"
                             "Host: %s%s\r\n\r\n",
                             path, hostname, portstr);
        if (header == NULL)
            goto loser;

        /*
         * The NSPR documentation promises that if it can, it will write the full
         * amount; this will not return a partial value expecting us to loop.
         */
        if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
            goto loser;
    } else {
        header = PR_smprintf("POST %s HTTP/1.0\r\n"
                             "Host: %s%s\r\n"
                             "Content-Type: application/ocsp-request\r\n"
                             "Content-Length: %u\r\n\r\n",
                             path, hostname, portstr, encodedRequest->len);
        if (header == NULL)
            goto loser;

        /*
         * The NSPR documentation promises that if it can, it will write the full
         * amount; this will not return a partial value expecting us to loop.
         */
        if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
            goto loser;

        if (PR_Write(sock, encodedRequest->data,
                     (PRInt32)encodedRequest->len) < 0)
            goto loser;
    }

    returnSock = sock;
    sock = NULL;

loser:
    if (header != NULL)
        PORT_Free(header);
    if (sock != NULL)
        PR_Close(sock);
    if (path != NULL)
        PORT_Free(path);
    if (hostname != NULL)
        PORT_Free(hostname);

    return returnSock;
}

/*
 * Read from "fd" into "buf" -- expect/attempt to read a given number of bytes
 * Obviously, stop if hit end-of-stream. Timeout is passed in.
 */

static int
ocsp_read(PRFileDesc *fd, char *buf, int toread, PRIntervalTime timeout)
{
    int total = 0;

    while (total < toread) {
        PRInt32 got;

        got = PR_Recv(fd, buf + total, (PRInt32)(toread - total), 0, timeout);
        if (got < 0) {
            if (0 == total) {
                total = -1; /* report the error if we didn't read anything yet */
            }
            break;
        } else if (got == 0) { /* EOS */
            break;
        }

        total += got;
    }

    return total;
}

#define OCSP_BUFSIZE 1024

#define AbortHttpDecode(error)   \
    {                            \
        if (inBuffer)            \
            PORT_Free(inBuffer); \
        PORT_SetError(error);    \
        return NULL;             \
    }

/*
 * Reads on the given socket and returns an encoded response when received.
 * Properly formatted HTTP/1.0 response headers are expected to be read
 * from the socket, preceding a binary-encoded OCSP response.  Problems
 * with parsing cause the error SEC_ERROR_OCSP_BAD_HTTP_RESPONSE to be
 * set; any other problems are likely low-level i/o or memory allocation
 * errors.
 */
static SECItem *
ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
{
    /* first read HTTP status line and headers */

    char *inBuffer = NULL;
    PRInt32 offset = 0;
    PRInt32 inBufsize = 0;
    const PRInt32 bufSizeIncrement = OCSP_BUFSIZE;   /* 1 KB at a time */
    const PRInt32 maxBufSize = 8 * bufSizeIncrement; /* 8 KB max */
    const char *CRLF = "\r\n";
    const PRInt32 CRLFlen = strlen(CRLF);
    const char *headerEndMark = "\r\n\r\n";
    const PRInt32 markLen = strlen(headerEndMark);
    const PRIntervalTime ocsptimeout =
        PR_SecondsToInterval(30); /* hardcoded to 30s for now */
    char *headerEnd = NULL;
    PRBool EOS = PR_FALSE;
    const char *httpprotocol = "HTTP/";
    const PRInt32 httplen = strlen(httpprotocol);
    const char *httpcode = NULL;
    const char *contenttype = NULL;
    PRInt32 contentlength = 0;
    PRInt32 bytesRead = 0;
    char *statusLineEnd = NULL;
    char *space = NULL;
    char *nextHeader = NULL;
    SECItem *result = NULL;

    /* read up to at least the end of the HTTP headers */
    do {
        inBufsize += bufSizeIncrement;
        inBuffer = PORT_Realloc(inBuffer, inBufsize + 1);
        if (NULL == inBuffer) {
            AbortHttpDecode(SEC_ERROR_NO_MEMORY);
        }
        bytesRead = ocsp_read(sock, inBuffer + offset, bufSizeIncrement,
                              ocsptimeout);
        if (bytesRead > 0) {
            PRInt32 searchOffset = (offset - markLen) > 0 ? offset - markLen : 0;
            offset += bytesRead;
            *(inBuffer + offset) = '\0'; /* NULL termination */
            headerEnd = strstr((const char *)inBuffer + searchOffset, headerEndMark);
            if (bytesRead < bufSizeIncrement) {
                /* we read less data than requested, therefore we are at
                   EOS or there was a read error */
                EOS = PR_TRUE;
            }
        } else {
            /* recv error or EOS */
            EOS = PR_TRUE;
        }
    } while ((!headerEnd) && (PR_FALSE == EOS) &&
             (inBufsize < maxBufSize));

    if (!headerEnd) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }

    /* parse the HTTP status line  */
    statusLineEnd = strstr((const char *)inBuffer, CRLF);
    if (!statusLineEnd) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }
    *statusLineEnd = '\0';

    /* check for HTTP/ response */
    space = strchr((const char *)inBuffer, ' ');
    if (!space || PORT_Strncasecmp((const char *)inBuffer, httpprotocol, httplen) != 0) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }

    /* check the HTTP status code of 200 */
    httpcode = space + 1;
    space = strchr(httpcode, ' ');
    if (!space) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }
    *space = 0;
    if (0 != strcmp(httpcode, "200")) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }

    /* parse the HTTP headers in the buffer . We only care about
       content-type and content-length
    */

    nextHeader = statusLineEnd + CRLFlen;
    *headerEnd = '\0'; /* terminate */
    do {
        char *thisHeaderEnd = NULL;
        char *value = NULL;
        char *colon = strchr(nextHeader, ':');

        if (!colon) {
            AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
        }

        *colon = '\0';
        value = colon + 1;

        /* jpierre - note : the following code will only handle the basic form
           of HTTP/1.0 response headers, of the form "name: value" . Headers
           split among multiple lines are not supported. This is not common
           and should not be an issue, but it could become one in the
           future */

        if (*value != ' ') {
            AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
        }

        value++;
        thisHeaderEnd = strstr(value, CRLF);
        if (thisHeaderEnd) {
            *thisHeaderEnd = '\0';
        }

        if (0 == PORT_Strcasecmp(nextHeader, "content-type")) {
            contenttype = value;
        } else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
            contentlength = atoi(value);
        }

        if (thisHeaderEnd) {
            nextHeader = thisHeaderEnd + CRLFlen;
        } else {
            nextHeader = NULL;
        }

    } while (nextHeader && (nextHeader < (headerEnd + CRLFlen)));

    /* check content-type */
    if (!contenttype ||
        (0 != PORT_Strcasecmp(contenttype, "application/ocsp-response"))) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }

    /* read the body of the OCSP response */
    offset = offset - (PRInt32)(headerEnd - (const char *)inBuffer) - markLen;
    if (offset) {
        /* move all data to the beginning of the buffer */
        PORT_Memmove(inBuffer, headerEnd + markLen, offset);
    }

    /* resize buffer to only what's needed to hold the current response */
    inBufsize = (1 + (offset - 1) / bufSizeIncrement) * bufSizeIncrement;

    while ((PR_FALSE == EOS) &&
           ((contentlength == 0) || (offset < contentlength)) &&
           (inBufsize < maxBufSize)) {
        /* we still need to receive more body data */
        inBufsize += bufSizeIncrement;
        inBuffer = PORT_Realloc(inBuffer, inBufsize + 1);
        if (NULL == inBuffer) {
            AbortHttpDecode(SEC_ERROR_NO_MEMORY);
        }
        bytesRead = ocsp_read(sock, inBuffer + offset, bufSizeIncrement,
                              ocsptimeout);
        if (bytesRead > 0) {
            offset += bytesRead;
            if (bytesRead < bufSizeIncrement) {
                /* we read less data than requested, therefore we are at
                   EOS or there was a read error */
                EOS = PR_TRUE;
            }
        } else {
            /* recv error or EOS */
            EOS = PR_TRUE;
        }
    }

    if (0 == offset) {
        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
    }

    /*
     * Now allocate the item to hold the data.
     */
    result = SECITEM_AllocItem(arena, NULL, offset);
    if (NULL == result) {
        AbortHttpDecode(SEC_ERROR_NO_MEMORY);
    }

    /*
     * And copy the data left in the buffer.
     */
    PORT_Memcpy(result->data, inBuffer, offset);

    /* and free the temporary buffer */
    PORT_Free(inBuffer);
    return result;
}

SECStatus
CERT_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
{
    return ocsp_ParseURL(url, pHostname, pPort, pPath);
}

/*
 * Limit the size of http responses we are willing to accept.
 */
#define MAX_WANTED_OCSP_RESPONSE_LEN 64 * 1024

/* if (encodedRequest == NULL)
 *   then location MUST already include the full request,
 *        including base64 and urlencode,
 *        and the request will be sent with GET
 * if (encodedRequest != NULL)
 *   then the request will be sent with POST
 */
static SECItem *
fetchOcspHttpClientV1(PLArenaPool *arena,
                      const SEC_HttpClientFcnV1 *hcv1,
                      const char *location,
                      const SECItem *encodedRequest)
{
    char *hostname = NULL;
    char *path = NULL;
    PRUint16 port;
    SECItem *encodedResponse = NULL;
    SEC_HTTP_SERVER_SESSION pServerSession = NULL;
    SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
    PRUint16 myHttpResponseCode;
    const char *myHttpResponseData;
    PRUint32 myHttpResponseDataLen;

    if (ocsp_ParseURL(location, &hostname, &port, &path) == SECFailure) {
        PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
        goto loser;
    }

    PORT_Assert(hostname != NULL);
    PORT_Assert(path != NULL);

    if ((*hcv1->createSessionFcn)(
            hostname,
            port,
            &pServerSession) != SECSuccess) {
        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
        goto loser;
    }

    /* We use a non-zero timeout, which means:
       - the client will use blocking I/O
       - TryFcn will not return WOULD_BLOCK nor a poll descriptor
       - it's sufficient to call TryFcn once
       No lock for accessing OCSP_Global.timeoutSeconds, bug 406120
    */

    if ((*hcv1->createFcn)(
            pServerSession,
            "http",
            path,
            encodedRequest ? "POST" : "GET",
            PR_TicksPerSecond() * OCSP_Global.timeoutSeconds,
            &pRequestSession) != SECSuccess) {
        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
        goto loser;
    }

    if (encodedRequest &&
        (*hcv1->setPostDataFcn)(
            pRequestSession,
            (char *)encodedRequest->data,
            encodedRequest->len,
            "application/ocsp-request") != SECSuccess) {
        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
        goto loser;
    }

    /* we don't want result objects larger than this: */
    myHttpResponseDataLen = MAX_WANTED_OCSP_RESPONSE_LEN;

    OCSP_TRACE(("OCSP trySendAndReceive %s\n", location));

    if ((*hcv1->trySendAndReceiveFcn)(
            pRequestSession,
            NULL,
            &myHttpResponseCode,
            NULL,
            NULL,
            &myHttpResponseData,
            &myHttpResponseDataLen) != SECSuccess) {
        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
        goto loser;
    }

    OCSP_TRACE(("OCSP trySendAndReceive result http %d\n", myHttpResponseCode));

    if (myHttpResponseCode != 200) {
        PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
        goto loser;
    }

    encodedResponse = SECITEM_AllocItem(arena, NULL, myHttpResponseDataLen);

    if (!encodedResponse) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        goto loser;
    }

    PORT_Memcpy(encodedResponse->data, myHttpResponseData, myHttpResponseDataLen);

loser:
    if (pRequestSession != NULL)
        (*hcv1->freeFcn)(pRequestSession);
    if (pServerSession != NULL)
        (*hcv1->freeSessionFcn)(pServerSession);
    if (path != NULL)
        PORT_Free(path);
    if (hostname != NULL)
        PORT_Free(hostname);

    return encodedResponse;
}

/*
 * FUNCTION: CERT_GetEncodedOCSPResponseByMethod
 *   Creates and sends a request to an OCSP responder, then reads and
 *   returns the (encoded) response.
 * INPUTS:
 *   PLArenaPool *arena
 *     Pointer to arena from which return value will be allocated.
 *     If NULL, result will be allocated from the heap (and thus should
 *     be freed via SECITEM_FreeItem).
 *   CERTCertList *certList
 *     A list of certs for which status will be requested.
 *     Note that all of these certificates should have the same issuer,
 *     or it's expected the response will be signed by a trusted responder.
 *     If the certs need to be broken up into multiple requests, that
 *     must be handled by the caller (and thus by having multiple calls
 *     to this routine), who knows about where the request(s) are being
 *     sent and whether there are any trusted responders in place.
 *   const char *location
 *     The location of the OCSP responder (a URL).
 *   const char *method
 *     The protocol method used when retrieving the OCSP response.
 *     Currently support: "GET" (http GET) and "POST" (http POST).
 *     Additionals methods for http or other protocols might be added
 *     in the future.
 *   PRTime time
 *     Indicates the time for which the certificate status is to be
 *     determined -- this may be used in the search for the cert's issuer
 *     but has no other bearing on the operation.
 *   PRBool addServiceLocator
 *     If true, the Service Locator extension should be added to the
 *     single request(s) for each cert.
 *   CERTCertificate *signerCert
 *     If non-NULL, means sign the request using this cert.  Otherwise,
 *     do not sign.
 *   void *pwArg
 *     Pointer to argument for password prompting, if needed.  (Definitely
 *     not needed if not signing.)
 * OUTPUTS:
 *   CERTOCSPRequest **pRequest
 *     Pointer in which to store the OCSP request created for the given
 *     list of certificates.  It is only filled in if the entire operation
 *     is successful and the pointer is not null -- and in that case the
 *     caller is then reponsible for destroying it.
 * RETURN:
 *   Returns a pointer to the SECItem holding the response.
 *   On error, returns null with error set describing the reason:
 *	SEC_ERROR_UNKNOWN_ISSUER
 *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
 *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
 *   Other errors are low-level problems (no memory, bad database, etc.).
 */
SECItem *
CERT_GetEncodedOCSPResponseByMethod(PLArenaPool *arena, CERTCertList *certList,
                                    const char *location, const char *method,
                                    PRTime time, PRBool addServiceLocator,
                                    CERTCertificate *signerCert, void *pwArg,
                                    CERTOCSPRequest **pRequest)
{
    CERTOCSPRequest *request;
    request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
                                     signerCert);
    if (!request)
        return NULL;
    return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location,
                                                  method, time, addServiceLocator,
                                                  pwArg, pRequest);
}

/*
 * FUNCTION: CERT_GetEncodedOCSPResponse
 *   Creates and sends a request to an OCSP responder, then reads and
 *   returns the (encoded) response.
 *
 * This is a legacy API that behaves identically to
 * CERT_GetEncodedOCSPResponseByMethod using the "POST" method.
 */
SECItem *
CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
                            const char *location, PRTime time,
                            PRBool addServiceLocator,
                            CERTCertificate *signerCert, void *pwArg,
                            CERTOCSPRequest **pRequest)
{
    return CERT_GetEncodedOCSPResponseByMethod(arena, certList, location,
                                               "POST", time, addServiceLocator,
                                               signerCert, pwArg, pRequest);
}

/* URL encode a buffer that consists of base64-characters, only,
 * which means we can use a simple encoding logic.
 *
 * No output buffer size checking is performed.
 * You should call the function twice, to calculate the required buffer size.
 *
 * If the outpufBuf parameter is NULL, the function will calculate the
 * required size, including the trailing zero termination char.
 *
 * The function returns the number of bytes calculated or produced.
 */
size_t
ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf)
{
    const char *walkInput = NULL;
    char *walkOutput = outputBuf;
    size_t count = 0;

    for (walkInput = base64Buf; *walkInput; ++walkInput) {
        char c = *walkInput;
        if (isspace(c))
            continue;
        switch (c) {
            case '+':
                if (outputBuf) {
                    strcpy(walkOutput, "%2B");
                    walkOutput += 3;
                }
                count += 3;
                break;
            case '/':
                if (outputBuf) {
                    strcpy(walkOutput, "%2F");
                    walkOutput += 3;
                }
                count += 3;
                break;
            case '=':
                if (outputBuf) {
                    strcpy(walkOutput, "%3D");
                    walkOutput += 3;
                }
                count += 3;
                break;
            default:
                if (outputBuf) {
                    *walkOutput = *walkInput;
                    ++walkOutput;
                }
                ++count;
                break;
        }
    }
    if (outputBuf) {
        *walkOutput = 0;
    }
    ++count;
    return count;
}

enum { max_get_request_size = 255 }; /* defined by RFC2560 */

static SECItem *
cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
                     const SECItem *encodedRequest);

static SECItem *
ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
                                       CERTOCSPRequest *request,
                                       const char *location,
                                       const char *method,
                                       PRTime time,
                                       PRBool addServiceLocator,
                                       void *pwArg,
                                       CERTOCSPRequest **pRequest)
{
    SECItem *encodedRequest = NULL;
    SECItem *encodedResponse = NULL;
    SECStatus rv;

    if (!location || !*location) /* location should be at least one byte */
        goto loser;

    rv = CERT_AddOCSPAcceptableResponses(request,
                                         SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
    if (rv != SECSuccess)
        goto loser;

    encodedRequest = CERT_EncodeOCSPRequest(NULL, request, pwArg);
    if (encodedRequest == NULL)
        goto loser;

    if (!strcmp(method, "GET")) {
        encodedResponse = cert_GetOCSPResponse(arena, location, encodedRequest);
    } else if (!strcmp(method, "POST")) {
        encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
    } else {
        goto loser;
    }

    if (encodedResponse != NULL && pRequest != NULL) {
        *pRequest = request;
        request = NULL; /* avoid destroying below */
    }

loser:
    if (request != NULL)
        CERT_DestroyOCSPRequest(request);
    if (encodedRequest != NULL)
        SECITEM_FreeItem(encodedRequest, PR_TRUE);
    return encodedResponse;
}

static SECItem *
cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
                       const SECItem *encodedRequest);

/* using HTTP GET method */
static SECItem *
cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
                     const SECItem *encodedRequest)
{
    char *walkOutput = NULL;
    char *fullGetPath = NULL;
    size_t pathLength;
    PRInt32 urlEncodedBufLength;
    size_t base64size;
    char b64ReqBuf[max_get_request_size + 1];
    size_t slashLengthIfNeeded = 0;
    size_t getURLLength;
    SECItem *item;

    if (!location || !*location) {
        return NULL;
    }

    pathLength = strlen(location);
    if (location[pathLength - 1] != '/') {
        slashLengthIfNeeded = 1;
    }

    /* Calculation as documented by PL_Base64Encode function.
     * Use integer conversion to avoid having to use function ceil().
     */
    base64size = (((encodedRequest->len + 2) / 3) * 4);
    if (base64size > max_get_request_size) {
        return NULL;
    }
    memset(b64ReqBuf, 0, sizeof(b64ReqBuf));
    PL_Base64Encode((const char *)encodedRequest->data, encodedRequest->len,
                    b64ReqBuf);

    urlEncodedBufLength = ocsp_UrlEncodeBase64Buf(b64ReqBuf, NULL);
    getURLLength = pathLength + urlEncodedBufLength + slashLengthIfNeeded;

    /* urlEncodedBufLength already contains room for the zero terminator.
     * Add another if we must add the '/' char.
     */
    if (arena) {
        fullGetPath = (char *)PORT_ArenaAlloc(arena, getURLLength);
    } else {
        fullGetPath = (char *)PORT_Alloc(getURLLength);
    }
    if (!fullGetPath) {
        return NULL;
    }

    strcpy(fullGetPath, location);
    walkOutput = fullGetPath + pathLength;

    if (walkOutput > fullGetPath && slashLengthIfNeeded) {
        strcpy(walkOutput, "/");
        ++walkOutput;
    }
    ocsp_UrlEncodeBase64Buf(b64ReqBuf, walkOutput);

    item = cert_FetchOCSPResponse(arena, fullGetPath, NULL);
    if (!arena) {
        PORT_Free(fullGetPath);
    }
    return item;
}

SECItem *
CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
                     const SECItem *encodedRequest)
{
    return cert_FetchOCSPResponse(arena, location, encodedRequest);
}

SECItem *
cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
                       const SECItem *encodedRequest)
{
    const SEC_HttpClientFcn *registeredHttpClient;
    SECItem *encodedResponse = NULL;

    registeredHttpClient = SEC_GetRegisteredHttpClient();

    if (registeredHttpClient && registeredHttpClient->version == 1) {
        encodedResponse = fetchOcspHttpClientV1(
            arena,
            &registeredHttpClient->fcnTable.ftable1,
            location,
            encodedRequest);
    } else {
        /* use internal http client */
        PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
        if (sock) {
            encodedResponse = ocsp_GetEncodedResponse(arena, sock);
            PR_Close(sock);
        }
    }

    return encodedResponse;
}

static SECItem *
ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena,
                                         CERTOCSPCertID *certID,
                                         CERTCertificate *singleCert,
                                         const char *location,
                                         const char *method,
                                         PRTime time,
                                         PRBool addServiceLocator,
                                         void *pwArg,
                                         CERTOCSPRequest **pRequest)
{
    CERTOCSPRequest *request;
    request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time,
                                               addServiceLocator, NULL);
    if (!request)
        return NULL;
    return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location,
                                                  method, time, addServiceLocator,
                                                  pwArg, pRequest);
}

/* Checks a certificate for the key usage extension of OCSP signer. */
static PRBool
ocsp_CertIsOCSPDesignatedResponder(CERTCertificate *cert)
{
    SECStatus rv;
    SECItem extItem;
    SECItem **oids;
    SECItem *oid;
    SECOidTag oidTag;
    PRBool retval;
    CERTOidSequence *oidSeq = NULL;

    extItem.data = NULL;
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
    if (rv != SECSuccess) {
        goto loser;
    }

    oidSeq = CERT_DecodeOidSequence(&extItem);
    if (oidSeq == NULL) {
        goto loser;
    }

    oids = oidSeq->oids;
    while (*oids != NULL) {
        oid = *oids;

        oidTag = SECOID_FindOIDTag(oid);

        if (oidTag == SEC_OID_OCSP_RESPONDER) {
            goto success;
        }

        oids++;
    }

loser:
    retval = PR_FALSE;
    PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
    goto done;
success:
    retval = PR_TRUE;
done:
    if (extItem.data != NULL) {
        PORT_Free(extItem.data);
    }
    if (oidSeq != NULL) {
        CERT_DestroyOidSequence(oidSeq);
    }

    return (retval);
}

#ifdef LATER /*                                                    \
              * XXX This function is not currently used, but will  \
              * be needed later when we do revocation checking of  \
              * the responder certificate.  Of course, it may need \
              * revising then, if the cert extension interface has \
              * changed.  (Hopefully it will!)                     \
              */

/* Checks a certificate to see if it has the OCSP no check extension. */
static PRBool
ocsp_CertHasNoCheckExtension(CERTCertificate *cert)
{
    SECStatus rv;

    rv = CERT_FindCertExtension(cert, SEC_OID_PKIX_OCSP_NO_CHECK,
                                NULL);
    if (rv == SECSuccess) {
        return PR_TRUE;
    }
    return PR_FALSE;
}
#endif /* LATER */

static PRBool
ocsp_matchcert(SECItem *certIndex, CERTCertificate *testCert)
{
    SECItem item;
    unsigned char buf[HASH_LENGTH_MAX];

    item.data = buf;
    item.len = SHA1_LENGTH;

    if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_SHA1,
                                       &item) == NULL) {
        return PR_FALSE;
    }
    if (SECITEM_ItemsAreEqual(certIndex, &item)) {
        return PR_TRUE;
    }
    if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_MD5,
                                       &item) == NULL) {
        return PR_FALSE;
    }
    if (SECITEM_ItemsAreEqual(certIndex, &item)) {
        return PR_TRUE;
    }
    if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_MD2,
                                       &item) == NULL) {
        return PR_FALSE;
    }
    if (SECITEM_ItemsAreEqual(certIndex, &item)) {
        return PR_TRUE;
    }

    return PR_FALSE;
}

static CERTCertificate *
ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle, CERTOCSPCertID *certID);

CERTCertificate *
ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
                          ocspSignature *signature, CERTCertificate *issuer)
{
    CERTCertificate **certs = NULL;
    CERTCertificate *signerCert = NULL;
    SECStatus rv = SECFailure;
    PRBool lookupByName = PR_TRUE;
    void *certIndex = NULL;
    int certCount = 0;

    PORT_Assert(tbsData->responderID != NULL);
    switch (tbsData->responderID->responderIDType) {
        case ocspResponderID_byName:
            lookupByName = PR_TRUE;
            certIndex = &tbsData->derResponderID;
            break;
        case ocspResponderID_byKey:
            lookupByName = PR_FALSE;
            certIndex = &tbsData->responderID->responderIDValue.keyHash;
            break;
        case ocspResponderID_other:
        default:
            PORT_Assert(0);
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
            return NULL;
    }

    /*
     * If the signature contains some certificates as well, temporarily
     * import them in case they are needed for verification.
     *
     * Note that the result of this is that each cert in "certs" needs
     * to be destroyed.
     */
    if (signature->derCerts != NULL) {
        for (; signature->derCerts[certCount] != NULL; certCount++) {
            /* just counting */
        }
        rv = CERT_ImportCerts(handle, certUsageStatusResponder, certCount,
                              signature->derCerts, &certs,
                              PR_FALSE, PR_FALSE, NULL);
        if (rv != SECSuccess)
            goto finish;
    }

    /*
     * Now look up the certificate that did the signing.
     * The signer can be specified either by name or by key hash.
     */
    if (lookupByName) {
        SECItem *crIndex = (SECItem *)certIndex;
        SECItem encodedName;
        PLArenaPool *arena;

        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
        if (arena != NULL) {

            rv = SEC_QuickDERDecodeItem(arena, &encodedName,
                                        ocsp_ResponderIDDerNameTemplate,
                                        crIndex);
            if (rv != SECSuccess) {
                if (PORT_GetError() == SEC_ERROR_BAD_DER)
                    PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
            } else {
                signerCert = CERT_FindCertByName(handle, &encodedName);
            }
            PORT_FreeArena(arena, PR_FALSE);
        }
    } else {
        /*
    	 * The signer is either 1) a known issuer CA we passed in,
    	 * 2) the default OCSP responder, or 3) an intermediate CA
    	 * passed in the cert list to use. Figure out which it is.
    	 */
        int i;
        CERTCertificate *responder =
            ocsp_CertGetDefaultResponder(handle, NULL);
        if (responder && ocsp_matchcert(certIndex, responder)) {
            signerCert = CERT_DupCertificate(responder);
        } else if (issuer && ocsp_matchcert(certIndex, issuer)) {
            signerCert = CERT_DupCertificate(issuer);
        }
        for (i = 0; (signerCert == NULL) && (i < certCount); i++) {
            if (ocsp_matchcert(certIndex, certs[i])) {
                signerCert = CERT_DupCertificate(certs[i]);
            }
        }
        if (signerCert == NULL) {
            PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
        }
    }

finish:
    if (certs != NULL) {
        CERT_DestroyCertArray(certs, certCount);
    }

    return signerCert;
}

SECStatus
ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
                             ocspSignature *signature,
                             SECItem *tbsResponseDataDER,
                             void *pwArg)
{
    SECKEYPublicKey *signerKey = NULL;
    SECStatus rv = SECFailure;
    CERTSignedData signedData;

    /*
     * Now get the public key from the signer's certificate; we need
     * it to perform the verification.
     */
    signerKey = CERT_ExtractPublicKey(signerCert);
    if (signerKey == NULL) {
        return SECFailure;
    }

    /*
     * We copy the signature data *pointer* and length, so that we can
     * modify the length without damaging the original copy.  This is a
     * simple copy, not a dup, so no destroy/free is necessary.
     */
    signedData.signature = signature->signature;
    signedData.signatureAlgorithm = signature->signatureAlgorithm;
    signedData.data = *tbsResponseDataDER;

    rv = CERT_VerifySignedDataWithPublicKey(&signedData, signerKey, pwArg);
    if (rv != SECSuccess &&
        (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE ||
         PORT_GetError() == SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)) {
        PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);
    }

    if (signerKey != NULL) {
        SECKEY_DestroyPublicKey(signerKey);
    }

    return rv;
}

/*
 * FUNCTION: CERT_VerifyOCSPResponseSignature
 *   Check the signature on an OCSP Response.  Will also perform a
 *   verification of the signer's certificate.  Note, however, that a
 *   successful verification does not make any statement about the
 *   signer's *authority* to provide status for the certificate(s),
 *   that must be checked individually for each certificate.
 * INPUTS:
 *   CERTOCSPResponse *response
 *     Pointer to response structure with signature to be checked.
 *   CERTCertDBHandle *handle
 *     Pointer to CERTCertDBHandle for certificate DB to use for verification.
 *   void *pwArg
 *     Pointer to argument for password prompting, if needed.
 * OUTPUTS:
 *   CERTCertificate **pSignerCert
 *     Pointer in which to store signer's certificate; only filled-in if
 *     non-null.
 * RETURN:
 *   Returns SECSuccess when signature is valid, anything else means invalid.
 *   Possible errors set:
 *	SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID
 *	SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time
 *	SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
 *	SEC_ERROR_BAD_SIGNATURE - the signature did not verify
 *   Other errors are any of the many possible failures in cert verification
 *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
 *   verifying the signer's cert, or low-level problems (no memory, etc.)
 */
SECStatus
CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
                                 CERTCertDBHandle *handle, void *pwArg,
                                 CERTCertificate **pSignerCert,
                                 CERTCertificate *issuer)
{
    SECItem *tbsResponseDataDER;
    CERTCertificate *signerCert = NULL;
    SECStatus rv = SECFailure;
    PRTime producedAt;

    /* ocsp_DecodeBasicOCSPResponse will fail if asn1 decoder is unable
     * to properly decode tbsData (see the function and
     * ocsp_BasicOCSPResponseTemplate). Thus, tbsData can not be
     * equal to null */
    ocspResponseData *tbsData = ocsp_GetResponseData(response,
                                                     &tbsResponseDataDER);
    ocspSignature *signature = ocsp_GetResponseSignature(response);

    if (!signature) {
        PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);
        return SECFailure;
    }

    /*
     * If this signature has already gone through verification, just
     * return the cached result.
     */
    if (signature->wasChecked) {
        if (signature->status == SECSuccess) {
            if (pSignerCert != NULL)
                *pSignerCert = CERT_DupCertificate(signature->cert);
        } else {
            PORT_SetError(signature->failureReason);
        }
        return signature->status;
    }

    signerCert = ocsp_GetSignerCertificate(handle, tbsData,
                                           signature, issuer);
    if (signerCert == NULL) {
        rv = SECFailure;
        if (PORT_GetError() == SEC_ERROR_UNKNOWN_CERT) {
            /* Make the error a little more specific. */
            PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
        }
        goto finish;
    }

    /*
     * We could mark this true at the top of this function, or always
     * below at "finish", but if the problem was just that we could not
     * find the signer's cert, leave that as if the signature hasn't
     * been checked in case a subsequent call might have better luck.
     */
    signature->wasChecked = PR_TRUE;

    /*
     * The function will also verify the signer certificate; we
     * need to tell it *when* that certificate must be valid -- for our
     * purposes we expect it to be valid when the response was signed.
     * The value of "producedAt" is the signing time.
     */
    rv = DER_GeneralizedTimeToTime(&producedAt, &tbsData->producedAt);
    if (rv != SECSuccess)
        goto finish;

    /*
     * Just because we have a cert does not mean it is any good; check
     * it for validity, trust and usage.
     */
    if (!ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
        SECCertUsage certUsage;
        if (CERT_IsCACert(signerCert, NULL)) {
            certUsage = certUsageAnyCA;
        } else {
            certUsage = certUsageStatusResponder;
        }
        rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage,
                                      producedAt, CERT_VERIFYCERT_SKIP_OCSP,
                                      pwArg, NULL);
        if (rv != SECSuccess) {
            PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
            goto finish;
        }
    }

    rv = ocsp_VerifyResponseSignature(signerCert, signature,
                                      tbsResponseDataDER,
                                      pwArg);

finish:
    if (signature->wasChecked)
        signature->status = rv;

    if (rv != SECSuccess) {
        signature->failureReason = PORT_GetError();
        if (signerCert != NULL)
            CERT_DestroyCertificate(signerCert);
    } else {
        /*
    	 * Save signer's certificate in signature.
    	 */
        signature->cert = signerCert;
        if (pSignerCert != NULL) {
            /*
    	     * Pass pointer to signer's certificate back to our caller,
    	     * who is also now responsible for destroying it.
    	     */
            *pSignerCert = CERT_DupCertificate(signerCert);
        }
    }

    return rv;
}

/*
 * See if the request's certID and the single response's certID match.
 * This can be easy or difficult, depending on whether the same hash
 * algorithm was used.
 */
static PRBool
ocsp_CertIDsMatch(CERTOCSPCertID *requestCertID,
                  CERTOCSPCertID *responseCertID)
{
    PRBool match = PR_FALSE;
    SECOidTag hashAlg;
    SECItem *keyHash = NULL;
    SECItem *nameHash = NULL;

    /*
     * In order to match, they must have the same issuer and the same
     * serial number.
     *
     * We just compare the easier things first.
     */
    if (SECITEM_CompareItem(&requestCertID->serialNumber,
                            &responseCertID->serialNumber) != SECEqual) {
        goto done;
    }

    /*
     * Make sure the "parameters" are not too bogus.  Since we encoded
     * requestCertID->hashAlgorithm, we don't need to check it.
     */
    if (responseCertID->hashAlgorithm.parameters.len > 2) {
        goto done;
    }
    if (SECITEM_CompareItem(&requestCertID->hashAlgorithm.algorithm,
                            &responseCertID->hashAlgorithm.algorithm) ==
        SECEqual) {
        /*
    	 * If the hash algorithms match then we can do a simple compare
    	 * of the hash values themselves.
    	 */
        if ((SECITEM_CompareItem(&requestCertID->issuerNameHash,
                                 &responseCertID->issuerNameHash) == SECEqual) &&
            (SECITEM_CompareItem(&requestCertID->issuerKeyHash,
                                 &responseCertID->issuerKeyHash) == SECEqual)) {
            match = PR_TRUE;
        }
        goto done;
    }

    hashAlg = SECOID_FindOIDTag(&responseCertID->hashAlgorithm.algorithm);
    switch (hashAlg) {
        case SEC_OID_SHA1:
            keyHash = &requestCertID->issuerSHA1KeyHash;
            nameHash = &requestCertID->issuerSHA1NameHash;
            break;
        case SEC_OID_MD5:
            keyHash = &requestCertID->issuerMD5KeyHash;
            nameHash = &requestCertID->issuerMD5NameHash;
            break;
        case SEC_OID_MD2:
            keyHash = &requestCertID->issuerMD2KeyHash;
            nameHash = &requestCertID->issuerMD2NameHash;
            break;
        default:
            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
            return PR_FALSE;
    }

    if ((keyHash != NULL) &&
        (SECITEM_CompareItem(nameHash,
                             &responseCertID->issuerNameHash) == SECEqual) &&
        (SECITEM_CompareItem(keyHash,
                             &responseCertID->issuerKeyHash) == SECEqual)) {
        match = PR_TRUE;
    }

done:
    return match;
}

/*
 * Find the single response for the cert specified by certID.
 * No copying is done; this just returns a pointer to the appropriate
 * response within responses, if it is found (and null otherwise).
 * This is fine, of course, since this function is internal-use only.
 */
static CERTOCSPSingleResponse *
ocsp_GetSingleResponseForCertID(CERTOCSPSingleResponse **responses,
                                CERTCertDBHandle *handle,
                                CERTOCSPCertID *certID)
{
    CERTOCSPSingleResponse *single;
    int i;

    if (responses == NULL)
        return NULL;

    for (i = 0; responses[i] != NULL; i++) {
        single = responses[i];
        if (ocsp_CertIDsMatch(certID, single->certID)) {
            return single;
        }
    }

    /*
     * The OCSP server should have included a response even if it knew
     * nothing about the certificate in question.  Since it did not,
     * this will make it look as if it had.
     *
     * XXX Should we make this a separate error to notice the server's
     * bad behavior?
     */
    PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
    return NULL;
}

static ocspCheckingContext *
ocsp_GetCheckingContext(CERTCertDBHandle *handle)
{
    CERTStatusConfig *statusConfig;
    ocspCheckingContext *ocspcx = NULL;

    statusConfig = CERT_GetStatusConfig(handle);
    if (statusConfig != NULL) {
        ocspcx = statusConfig->statusContext;

        /*
    	 * This is actually an internal error, because we should never
    	 * have a good statusConfig without a good statusContext, too.
    	 * For lack of anything better, though, we just assert and use
    	 * the same error as if there were no statusConfig (set below).
    	 */
        PORT_Assert(ocspcx != NULL);
    }

    if (ocspcx == NULL)
        PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);

    return ocspcx;
}

/*
 * Return cert reference if the given signerCert is the default responder for
 * the given certID.  If not, or if any error, return NULL.
 */
static CERTCertificate *
ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle, CERTOCSPCertID *certID)
{
    ocspCheckingContext *ocspcx;

    ocspcx = ocsp_GetCheckingContext(handle);
    if (ocspcx == NULL)
        goto loser;

    /*
     * Right now we have only one default responder.  It applies to
     * all certs when it is used, so the check is simple and certID
     * has no bearing on the answer.  Someday in the future we may
     * allow configuration of different responders for different
     * issuers, and then we would have to use the issuer specified
     * in certID to determine if signerCert is the right one.
     */
    if (ocspcx->useDefaultResponder) {
        PORT_Assert(ocspcx->defaultResponderCert != NULL);
        return ocspcx->defaultResponderCert;
    }

loser:
    return NULL;
}

/*
 * Return true if the cert is one of the default responders configured for
 * ocsp context. If not, or if any error, return false.
 */
PRBool
ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert)
{
    ocspCheckingContext *ocspcx;

    ocspcx = ocsp_GetCheckingContext(handle);
    if (ocspcx == NULL)
        return PR_FALSE;

    /*
     * Right now we have only one default responder.  It applies to
     * all certs when it is used, so the check is simple and certID
     * has no bearing on the answer.  Someday in the future we may
     * allow configuration of different responders for different
     * issuers, and then we would have to use the issuer specified
     * in certID to determine if signerCert is the right one.
     */
    if (ocspcx->useDefaultResponder &&
        CERT_CompareCerts(ocspcx->defaultResponderCert, cert)) {
        return PR_TRUE;
    }

    return PR_FALSE;
}

/*
 * Check that the given signer certificate is authorized to sign status
 * information for the given certID.  Return true if it is, false if not
 * (or if there is any error along the way).  If false is returned because
 * the signer is not authorized, the following error will be set:
 *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
 * Other errors are low-level problems (no memory, bad database, etc.).
 *
 * There are three ways to be authorized.  In the order in which we check,
 * using the terms used in the OCSP spec, the signer must be one of:
 *  1.  A "trusted responder" -- it matches a local configuration
 *      of OCSP signing authority for the certificate in question.
 *  2.  The CA who issued the certificate in question.
 *  3.  A "CA designated responder", aka an "authorized responder" -- it
 *      must be represented by a special cert issued by the CA who issued
 *      the certificate in question.
 */
static PRBool
ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
                                  CERTCertificate *signerCert,
                                  CERTOCSPCertID *certID,
                                  PRTime thisUpdate)
{
    CERTCertificate *issuerCert = NULL, *defRespCert;
    SECItem *keyHash = NULL;
    SECItem *nameHash = NULL;
    SECOidTag hashAlg;
    PRBool keyHashEQ = PR_FALSE, nameHashEQ = PR_FALSE;

    /*
     * Check first for a trusted responder, which overrides everything else.
     */
    if ((defRespCert = ocsp_CertGetDefaultResponder(handle, certID)) &&
        CERT_CompareCerts(defRespCert, signerCert)) {
        return PR_TRUE;
    }

    /*
     * In the other two cases, we need to do an issuer comparison.
     * How we do it depends on whether the signer certificate has the
     * special extension (for a designated responder) or not.
     *
     * First, lets check if signer of the response is the actual issuer
     * of the cert. For that we will use signer cert key hash and cert subj
     * name hash and will compare them with already calculated issuer key
     * hash and issuer name hash. The hash algorithm is picked from response
     * certID hash to avoid second hash calculation.
     */

    hashAlg = SECOID_FindOIDTag(&certID->hashAlgorithm.algorithm);

    keyHash = CERT_GetSubjectPublicKeyDigest(NULL, signerCert, hashAlg, NULL);
    if (keyHash != NULL) {

        keyHashEQ =
            (SECITEM_CompareItem(keyHash,
                                 &certID->issuerKeyHash) == SECEqual);
        SECITEM_FreeItem(keyHash, PR_TRUE);
    }
    if (keyHashEQ &&
        (nameHash = CERT_GetSubjectNameDigest(NULL, signerCert,
                                              hashAlg, NULL))) {
        nameHashEQ =
            (SECITEM_CompareItem(nameHash,
                                 &certID->issuerNameHash) == SECEqual);

        SECITEM_FreeItem(nameHash, PR_TRUE);
        if (nameHashEQ) {
            /* The issuer of the cert is the the signer of the response */
            return PR_TRUE;
        }
    }

    keyHashEQ = PR_FALSE;
    nameHashEQ = PR_FALSE;

    if (!ocsp_CertIsOCSPDesignatedResponder(signerCert)) {
        PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
        return PR_FALSE;
    }

    /*
     * The signer is a designated responder.  Its issuer must match
     * the issuer of the cert being checked.
     */
    issuerCert = CERT_FindCertIssuer(signerCert, thisUpdate,
                                     certUsageAnyCA);
    if (issuerCert == NULL) {
        /*
         * We could leave the SEC_ERROR_UNKNOWN_ISSUER error alone,
         * but the following will give slightly more information.
         * Once we have an error stack, things will be much better.
         */
        PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
        return PR_FALSE;
    }

    keyHash = CERT_GetSubjectPublicKeyDigest(NULL, issuerCert, hashAlg, NULL);
    nameHash = CERT_GetSubjectNameDigest(NULL, issuerCert, hashAlg, NULL);

    CERT_DestroyCertificate(issuerCert);

    if (keyHash != NULL && nameHash != NULL) {
        keyHashEQ =
            (SECITEM_CompareItem(keyHash,
                                 &certID->issuerKeyHash) == SECEqual);

        nameHashEQ =
            (SECITEM_CompareItem(nameHash,
                                 &certID->issuerNameHash) == SECEqual);
    }

    if (keyHash) {
        SECITEM_FreeItem(keyHash, PR_TRUE);
    }
    if (nameHash) {
        SECITEM_FreeItem(nameHash, PR_TRUE);
    }

    if (keyHashEQ && nameHashEQ) {
        return PR_TRUE;
    }

    PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
    return PR_FALSE;
}

/*
 * We need to check that a responder gives us "recent" information.
 * Since a responder can pre-package responses, we need to pick an amount
 * of time that is acceptable to us, and reject any response that is
 * older than that.
 *
 * XXX This *should* be based on some configuration parameter, so that
 * different usages could specify exactly what constitutes "sufficiently
 * recent".  But that is not going to happen right away.  For now, we
 * want something from within the last 24 hours.  This macro defines that
 * number in seconds.
 */
#define OCSP_ALLOWABLE_LAPSE_SECONDS (24L * 60L * 60L)

static PRBool
ocsp_TimeIsRecent(PRTime checkTime)
{
    PRTime now = PR_Now();
    PRTime lapse, tmp;

    LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
    LL_I2L(tmp, PR_USEC_PER_SEC);
    LL_MUL(lapse, lapse, tmp); /* allowable lapse in microseconds */

    LL_ADD(checkTime, checkTime, lapse);
    if (LL_CMP(now, >, checkTime))
        return PR_FALSE;

    return PR_TRUE;
}

#define OCSP_SLOP (5L * 60L) /* OCSP responses are allowed to be 5 minutes \
                                in the future by default */

static PRUint32 ocspsloptime = OCSP_SLOP; /* seconds */

/*
 * If an old response contains the revoked certificate status, we want
 * to return SECSuccess so the response will be used.
 */
static SECStatus
ocsp_HandleOldSingleResponse(CERTOCSPSingleResponse *single, PRTime time)
{
    SECStatus rv;
    ocspCertStatus *status = single->certStatus;
    if (status->certStatusType == ocspCertStatus_revoked) {
        rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
        if (rv != SECSuccess &&
            PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE) {
            /*
             * Return SECSuccess now.  The subsequent ocsp_CertRevokedAfter
             * call in ocsp_CertHasGoodStatus will cause
             * ocsp_CertHasGoodStatus to fail with
             * SEC_ERROR_REVOKED_CERTIFICATE.
             */
            return SECSuccess;
        }
    }
    PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
    return SECFailure;
}

/*
 * Check that this single response is okay.  A return of SECSuccess means:
 *   1. The signer (represented by "signerCert") is authorized to give status
 *	for the cert represented by the individual response in "single".
 *   2. The value of thisUpdate is earlier than now.
 *   3. The value of producedAt is later than or the same as thisUpdate.
 *   4. If nextUpdate is given:
 *	- The value of nextUpdate is later than now.
 *	- The value of producedAt is earlier than nextUpdate.
 *	Else if no nextUpdate:
 *	- The value of thisUpdate is fairly recent.
 *	- The value of producedAt is fairly recent.
 *	However we do not need to perform an explicit check for this last
 *	constraint because it is already guaranteed by checking that
 *	producedAt is later than thisUpdate and thisUpdate is recent.
 * Oh, and any responder is "authorized" to say that a cert is unknown to it.
 *
 * If any of those checks fail, SECFailure is returned and an error is set:
 *	SEC_ERROR_OCSP_FUTURE_RESPONSE
 *	SEC_ERROR_OCSP_OLD_RESPONSE
 *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
 * Other errors are low-level problems (no memory, bad database, etc.).
 */
static SECStatus
ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
                          CERTCertDBHandle *handle,
                          CERTCertificate *signerCert,
                          PRTime producedAt)
{
    CERTOCSPCertID *certID = single->certID;
    PRTime now, thisUpdate, nextUpdate, tmstamp, tmp;
    SECStatus rv;

    OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n",
                ((single->nextUpdate) != 0)));
    /*
     * If all the responder said was that the given cert was unknown to it,
     * that is a valid response.  Not very interesting to us, of course,
     * but all this function is concerned with is validity of the response,
     * not the status of the cert.
     */
    PORT_Assert(single->certStatus != NULL);
    if (single->certStatus->certStatusType == ocspCertStatus_unknown)
        return SECSuccess;

    /*
     * We need to extract "thisUpdate" for use below and to pass along
     * to AuthorizedResponderForCertID in case it needs it for doing an
     * issuer look-up.
     */
    rv = DER_GeneralizedTimeToTime(&thisUpdate, &single->thisUpdate);
    if (rv != SECSuccess)
        return rv;

    /*
     * First confirm that signerCert is authorized to give this status.
     */
    if (ocsp_AuthorizedResponderForCertID(handle, signerCert, certID,
                                          thisUpdate) != PR_TRUE)
        return SECFailure;

    /*
     * Now check the time stuff, as described above.
     */
    now = PR_Now();
    /* allow slop time for future response */
    LL_UI2L(tmstamp, ocspsloptime); /* get slop time in seconds */
    LL_UI2L(tmp, PR_USEC_PER_SEC);
    LL_MUL(tmp, tmstamp, tmp); /* convert the slop time to PRTime */
    LL_ADD(tmstamp, tmp, now); /* add current time to it */

    if (LL_CMP(thisUpdate, >, tmstamp) || LL_CMP(producedAt, <, thisUpdate)) {
        PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
        return SECFailure;
    }
    if (single->nextUpdate != NULL) {
        rv = DER_GeneralizedTimeToTime(&nextUpdate, single->nextUpdate);
        if (rv != SECSuccess)
            return rv;

        LL_ADD(tmp, tmp, nextUpdate);
        if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate))
            return ocsp_HandleOldSingleResponse(single, now);
    } else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
        return ocsp_HandleOldSingleResponse(single, now);
    }

    return SECSuccess;
}

/*
 * FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
 *   Get the value of the URI of the OCSP responder for the given cert.
 *   This is found in the (optional) Authority Information Access extension
 *   in the cert.
 * INPUTS:
 *   CERTCertificate *cert
 *     The certificate being examined.
 * RETURN:
 *   char *
 *     A copy of the URI for the OCSP method, if found.  If either the
 *     extension is not present or it does not contain an entry for OCSP,
 *     SEC_ERROR_CERT_BAD_ACCESS_LOCATION will be set and a NULL returned.
 *     Any other error will also result in a NULL being returned.
 *
 *     This result should be freed (via PORT_Free) when no longer in use.
 */
char *
CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert)
{
    CERTGeneralName *locname = NULL;
    SECItem *location = NULL;
    SECItem *encodedAuthInfoAccess = NULL;
    CERTAuthInfoAccess **authInfoAccess = NULL;
    char *locURI = NULL;
    PLArenaPool *arena = NULL;
    SECStatus rv;
    int i;

    /*
     * Allocate this one from the heap because it will get filled in
     * by CERT_FindCertExtension which will also allocate from the heap,
     * and we can free the entire thing on our way out.
     */
    encodedAuthInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
    if (encodedAuthInfoAccess == NULL)
        goto loser;

    rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
                                encodedAuthInfoAccess);
    if (rv == SECFailure) {
        PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
        goto loser;
    }

    /*
     * The rest of the things allocated in the routine will come out of
     * this arena, which is temporary just for us to decode and get at the
     * AIA extension.  The whole thing will be destroyed on our way out,
     * after we have copied the location string (url) itself (if found).
     */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL)
        goto loser;

    authInfoAccess = CERT_DecodeAuthInfoAccessExtension(arena,
                                                        encodedAuthInfoAccess);
    if (authInfoAccess == NULL)
        goto loser;

    for (i = 0; authInfoAccess[i] != NULL; i++) {
        if (SECOID_FindOIDTag(&authInfoAccess[i]->method) == SEC_OID_PKIX_OCSP)
            locname = authInfoAccess[i]->location;
    }

    /*
     * If we found an AIA extension, but it did not include an OCSP method,
     * that should look to our caller as if we did not find the extension
     * at all, because it is only an OCSP method that we care about.
     * So set the same error that would be set if the AIA extension was
     * not there at all.
     */
    if (locname == NULL) {
        PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
        goto loser;
    }

    /*
     * The following is just a pointer back into locname (i.e. not a copy);
     * thus it should not be freed.
     */
    location = CERT_GetGeneralNameByType(locname, certURI, PR_FALSE);
    if (location == NULL) {
        /*
    	 * XXX Appears that CERT_GetGeneralNameByType does not set an
    	 * error if there is no name by that type.  For lack of anything
    	 * better, act as if the extension was not found.  In the future
    	 * this should probably be something more like the extension was
    	 * badly formed.
    	 */
        PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
        goto loser;
    }

    /*
     * That location is really a string, but it has a specified length
     * without a null-terminator.  We need a real string that does have
     * a null-terminator, and we need a copy of it anyway to return to
     * our caller -- so allocate and copy.
     */
    locURI = PORT_Alloc(location->len + 1);
    if (locURI == NULL) {
        goto loser;
    }
    PORT_Memcpy(locURI, location->data, location->len);
    locURI[location->len] = '\0';

loser:
    if (arena != NULL)
        PORT_FreeArena(arena, PR_FALSE);

    if (encodedAuthInfoAccess != NULL)
        SECITEM_FreeItem(encodedAuthInfoAccess, PR_TRUE);

    return locURI;
}

/*
 * Figure out where we should go to find out the status of the given cert
 * via OCSP.  If allowed to use a default responder uri and a default
 * responder is set up, then that is our answer.
 * If not, see if the certificate has an Authority Information Access (AIA)
 * extension for OCSP, and return the value of that.  Otherwise return NULL.
 * We also let our caller know whether or not the responder chosen was
 * a default responder or not through the output variable isDefault;
 * its value has no meaning unless a good (non-null) value is returned
 * for the location.
 *
 * The result needs to be freed (PORT_Free) when no longer in use.
 */
char *
ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert,
                          PRBool canUseDefault, PRBool *isDefault)
{
    ocspCheckingContext *ocspcx = NULL;
    char *ocspUrl = NULL;

    if (canUseDefault) {
        ocspcx = ocsp_GetCheckingContext(handle);
    }
    if (ocspcx != NULL && ocspcx->useDefaultResponder) {
        /*
    	 * A default responder wins out, if specified.
    	 * XXX Someday this may be a more complicated determination based
    	 * on the cert's issuer.  (That is, we could have different default
    	 * responders configured for different issuers.)
    	 */
        PORT_Assert(ocspcx->defaultResponderURI != NULL);
        *isDefault = PR_TRUE;
        return (PORT_Strdup(ocspcx->defaultResponderURI));
    }

    /*
     * No default responder set up, so go see if we can find an AIA
     * extension that has a value for OCSP, and get the url from that.
     */
    *isDefault = PR_FALSE;
    ocspUrl = CERT_GetOCSPAuthorityInfoAccessLocation(cert);
    if (!ocspUrl) {
        CERT_StringFromCertFcn altFcn;

        PR_EnterMonitor(OCSP_Global.monitor);
        altFcn = OCSP_Global.alternateOCSPAIAFcn;
        PR_ExitMonitor(OCSP_Global.monitor);
        if (altFcn) {
            ocspUrl = (*altFcn)(cert);
            if (ocspUrl)
                *isDefault = PR_TRUE;
        }
    }
    return ocspUrl;
}

/*
 * Return SECSuccess if the cert was revoked *after* "time",
 * SECFailure otherwise.
 */
static SECStatus
ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time)
{
    PRTime revokedTime;
    SECStatus rv;

    rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
    if (rv != SECSuccess)
        return rv;

    /*
     * Set the error even if we will return success; someone might care.
     */
    PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);

    if (LL_CMP(revokedTime, >, time))
        return SECSuccess;

    return SECFailure;
}

/*
 * See if the cert represented in the single response had a good status
 * at the specified time.
 */
SECStatus
ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time)
{
    SECStatus rv;
    switch (status->certStatusType) {
        case ocspCertStatus_good:
            rv = SECSuccess;
            break;
        case ocspCertStatus_revoked:
            rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
            break;
        case ocspCertStatus_unknown:
            PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
            rv = SECFailure;
            break;
        case ocspCertStatus_other:
        default:
            PORT_Assert(0);
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
            rv = SECFailure;
            break;
    }
    return rv;
}

static SECStatus
ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single,
                                     PRTime time)
{
    return ocsp_CertHasGoodStatus(single->certStatus, time);
}

/* SECFailure means the arguments were invalid.
 * On SECSuccess, the out parameters contain the OCSP status.
 * rvOcsp contains the overall result of the OCSP operation.
 * Depending on input parameter ignoreGlobalOcspFailureSetting,
 * a soft failure might be converted into *rvOcsp=SECSuccess.
 * If the cached attempt to obtain OCSP information had resulted
 * in a failure, missingResponseError shows the error code of
 * that failure.
 * cacheFreshness is ocspMissing if no entry was found,
 *                   ocspFresh if a fresh entry was found, or
 *                   ocspStale if a stale entry was found.
 */
SECStatus
ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
                                 PRTime time,
                                 PRBool ignoreGlobalOcspFailureSetting,
                                 SECStatus *rvOcsp,
                                 SECErrorCodes *missingResponseError,
                                 OCSPFreshness *cacheFreshness)
{
    OCSPCacheItem *cacheItem = NULL;

    if (!certID || !missingResponseError || !rvOcsp || !cacheFreshness) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    *rvOcsp = SECFailure;
    *missingResponseError = 0;
    *cacheFreshness = ocspMissing;

    PR_EnterMonitor(OCSP_Global.monitor);
    cacheItem = ocsp_FindCacheEntry(&OCSP_Global.cache, certID);
    if (cacheItem) {
        *cacheFreshness = ocsp_IsCacheItemFresh(cacheItem) ? ocspFresh
                                                           : ocspStale;
        /* having an arena means, we have a cached certStatus */
        if (cacheItem->certStatusArena) {
            *rvOcsp = ocsp_CertHasGoodStatus(&cacheItem->certStatus, time);
            if (*rvOcsp != SECSuccess) {
                *missingResponseError = PORT_GetError();
            }
        } else {
            /*
             * No status cached, the previous attempt failed.
             * If OCSP is required, we never decide based on a failed attempt
             * However, if OCSP is optional, a recent OCSP failure is
             * an allowed good state.
             */
            if (*cacheFreshness == ocspFresh &&
                !ignoreGlobalOcspFailureSetting &&
                OCSP_Global.ocspFailureMode ==
                    ocspMode_FailureIsNotAVerificationFailure) {
                *rvOcsp = SECSuccess;
            }
            *missingResponseError = cacheItem->missingResponseError;
        }
    }
    PR_ExitMonitor(OCSP_Global.monitor);
    return SECSuccess;
}

PRBool
ocsp_FetchingFailureIsVerificationFailure(void)
{
    PRBool isFailure;

    PR_EnterMonitor(OCSP_Global.monitor);
    isFailure =
        OCSP_Global.ocspFailureMode == ocspMode_FailureIsVerificationFailure;
    PR_ExitMonitor(OCSP_Global.monitor);
    return isFailure;
}

/*
 * FUNCTION: CERT_CheckOCSPStatus
 *   Checks the status of a certificate via OCSP.  Will only check status for
 *   a certificate that has an AIA (Authority Information Access) extension
 *   for OCSP *or* when a "default responder" is specified and enabled.
 *   (If no AIA extension for OCSP and no default responder in place, the
 *   cert is considered to have a good status and SECSuccess is returned.)
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     certificate DB of the cert that is being checked
 *   CERTCertificate *cert
 *     the certificate being checked
 *   XXX in the long term also need a boolean parameter that specifies
 *	whether to check the cert chain, as well; for now we check only
 *	the leaf (the specified certificate)
 *   PRTime time
 *     time for which status is to be determined
 *   void *pwArg
 *     argument for password prompting, if needed
 * RETURN:
 *   Returns SECSuccess if an approved OCSP responder "knows" the cert
 *   *and* returns a non-revoked status for it; SECFailure otherwise,
 *   with an error set describing the reason:
 *
 *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
 *	SEC_ERROR_OCSP_FUTURE_RESPONSE
 *	SEC_ERROR_OCSP_MALFORMED_REQUEST
 *	SEC_ERROR_OCSP_MALFORMED_RESPONSE
 *	SEC_ERROR_OCSP_OLD_RESPONSE
 *	SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
 *	SEC_ERROR_OCSP_SERVER_ERROR
 *	SEC_ERROR_OCSP_TRY_SERVER_LATER
 *	SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
 *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
 *	SEC_ERROR_OCSP_UNKNOWN_CERT
 *	SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
 *	SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE
 *
 *	SEC_ERROR_BAD_SIGNATURE
 *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
 *	SEC_ERROR_INVALID_TIME
 *	SEC_ERROR_REVOKED_CERTIFICATE
 *	SEC_ERROR_UNKNOWN_ISSUER
 *	SEC_ERROR_UNKNOWN_SIGNER
 *
 *   Other errors are any of the many possible failures in cert verification
 *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
 *   verifying the signer's cert, or low-level problems (error allocating
 *   memory, error performing ASN.1 decoding, etc.).
 */
SECStatus
CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
                     PRTime time, void *pwArg)
{
    CERTOCSPCertID *certID;
    PRBool certIDWasConsumed = PR_FALSE;
    SECStatus rv;
    SECStatus rvOcsp;
    SECErrorCodes cachedErrorCode;
    OCSPFreshness cachedResponseFreshness;

    OCSP_TRACE_CERT(cert);
    OCSP_TRACE_TIME("## requested validity time:", time);

    certID = CERT_CreateOCSPCertID(cert, time);
    if (!certID)
        return SECFailure;
    rv = ocsp_GetCachedOCSPResponseStatus(
        certID, time, PR_FALSE, /* ignoreGlobalOcspFailureSetting */
        &rvOcsp, &cachedErrorCode, &cachedResponseFreshness);
    if (rv != SECSuccess) {
        CERT_DestroyOCSPCertID(certID);
        return SECFailure;
    }
    if (cachedResponseFreshness == ocspFresh) {
        CERT_DestroyOCSPCertID(certID);
        if (rvOcsp != SECSuccess) {
            PORT_SetError(cachedErrorCode);
        }
        return rvOcsp;
    }

    rv = ocsp_GetOCSPStatusFromNetwork(handle, certID, cert, time, pwArg,
                                       &certIDWasConsumed,
                                       &rvOcsp);
    if (rv != SECSuccess) {
        PRErrorCode err = PORT_GetError();
        if (ocsp_FetchingFailureIsVerificationFailure()) {
            PORT_SetError(err);
            rvOcsp = SECFailure;
        } else if (cachedResponseFreshness == ocspStale &&
                   (cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
                    cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) {
            /* If we couldn't get a response for a certificate that the OCSP
             * responder previously told us was bad, then assume it is still
             * bad until we hear otherwise, as it is very unlikely that the
             * certificate status has changed from "revoked" to "good" and it
             * is also unlikely that the certificate status has changed from
             * "unknown" to "good", except for some buggy OCSP responders.
             */
            PORT_SetError(cachedErrorCode);
            rvOcsp = SECFailure;
        } else {
            rvOcsp = SECSuccess;
        }
    }
    if (!certIDWasConsumed) {
        CERT_DestroyOCSPCertID(certID);
    }
    return rvOcsp;
}

/*
 * FUNCTION: CERT_CacheOCSPResponseFromSideChannel
 *   First, this function checks the OCSP cache to see if a good response
 *   for the given certificate already exists. If it does, then the function
 *   returns successfully.
 *
 *   If not, then it validates that the given OCSP response is a valid,
 *   good response for the given certificate and inserts it into the
 *   cache.
 *
 *   This function is intended for use when OCSP responses are provided via a
 *   side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension).
 *
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     certificate DB of the cert that is being checked
 *   CERTCertificate *cert
 *     the certificate being checked
 *   PRTime time
 *     time for which status is to be determined
 *   SECItem *encodedResponse
 *     the DER encoded bytes of the OCSP response
 *   void *pwArg
 *     argument for password prompting, if needed
 * RETURN:
 *   SECSuccess if the cert was found in the cache, or if the OCSP response was
 *   found to be valid and inserted into the cache. SECFailure otherwise.
 */
SECStatus
CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
                                      CERTCertificate *cert,
                                      PRTime time,
                                      const SECItem *encodedResponse,
                                      void *pwArg)
{
    CERTOCSPCertID *certID = NULL;
    PRBool certIDWasConsumed = PR_FALSE;
    SECStatus rv = SECFailure;
    SECStatus rvOcsp = SECFailure;
    SECErrorCodes dummy_error_code; /* we ignore this */
    CERTOCSPResponse *decodedResponse = NULL;
    CERTOCSPSingleResponse *singleResponse = NULL;
    OCSPFreshness freshness;

    /* The OCSP cache can be in three states regarding this certificate:
     *    + Good (cached, timely, 'good' response, or revoked in the future)
     *    + Revoked (cached, timely, but doesn't fit in the last category)
     *    + Miss (no knowledge)
     *
     * Likewise, the side-channel information can be
     *    + Good (timely, 'good' response, or revoked in the future)
     *    + Revoked (timely, but doesn't fit in the last category)
     *    + Invalid (bad syntax, bad signature, not timely etc)
     *
     * The common case is that the cache result is Good and so is the
     * side-channel information. We want to save processing time in this case
     * so we say that any time we see a Good result from the cache we return
     * early.
     *
     *                       Cache result
     *      | Good             Revoked               Miss
     *   ---+--------------------------------------------
     *    G |  noop           Cache more           Cache it
     * S    |                 recent result
     * i    |
     * d    |
     * e    |
     *    R |  noop           Cache more           Cache it
     * C    |                 recent result
     * h    |
     * a    |
     * n    |
     * n  I |  noop           Noop                  Noop
     * e    |
     * l    |
     *
     * When we fetch from the network we might choose to cache a negative
     * result when the response is invalid. This saves us hammering, uselessly,
     * at a broken responder. However, side channels are commonly attacker
     * controlled and so we must not cache a negative result for an Invalid
     * side channel.
     */

    if (!cert || !encodedResponse) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    certID = CERT_CreateOCSPCertID(cert, time);
    if (!certID)
        return SECFailure;

    /* We pass PR_TRUE for ignoreGlobalOcspFailureSetting so that a cached
     * error entry is not interpreted as being a 'Good' entry here.
     */
    rv = ocsp_GetCachedOCSPResponseStatus(
        certID, time, PR_TRUE, /* ignoreGlobalOcspFailureSetting */
        &rvOcsp, &dummy_error_code, &freshness);
    if (rv == SECSuccess && rvOcsp == SECSuccess && freshness == ocspFresh) {
        /* The cached value is good. We don't want to waste time validating
         * this OCSP response. This is the first column in the table above. */
        CERT_DestroyOCSPCertID(certID);
        return rv;
    }

    /* The logic for caching the more recent response is handled in
     * ocsp_CacheSingleResponse. */

    rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
                                                    time, pwArg,
                                                    encodedResponse,
                                                    &decodedResponse,
                                                    &singleResponse);
    if (rv == SECSuccess) {
        rvOcsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
        /* Cache any valid singleResponse, regardless of status. */
        ocsp_CacheSingleResponse(certID, singleResponse, &certIDWasConsumed);
    }
    if (decodedResponse) {
        CERT_DestroyOCSPResponse(decodedResponse);
    }
    if (!certIDWasConsumed) {
        CERT_DestroyOCSPCertID(certID);
    }
    return rv == SECSuccess ? rvOcsp : rv;
}

/*
 * Status in *certIDWasConsumed will always be correct, regardless of
 * return value.
 */
static SECStatus
ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
                              CERTOCSPCertID *certID,
                              CERTCertificate *cert,
                              PRTime time,
                              void *pwArg,
                              PRBool *certIDWasConsumed,
                              SECStatus *rv_ocsp)
{
    char *location = NULL;
    PRBool locationIsDefault;
    SECItem *encodedResponse = NULL;
    CERTOCSPRequest *request = NULL;
    SECStatus rv = SECFailure;

    CERTOCSPResponse *decodedResponse = NULL;
    CERTOCSPSingleResponse *singleResponse = NULL;
    enum { stageGET,
           stagePOST } currentStage;
    PRBool retry = PR_FALSE;

    if (!certIDWasConsumed || !rv_ocsp) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    *certIDWasConsumed = PR_FALSE;
    *rv_ocsp = SECFailure;

    if (!OCSP_Global.monitor) {
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return SECFailure;
    }
    PR_EnterMonitor(OCSP_Global.monitor);
    if (OCSP_Global.forcePost) {
        currentStage = stagePOST;
    } else {
        currentStage = stageGET;
    }
    PR_ExitMonitor(OCSP_Global.monitor);

    /*
     * The first thing we need to do is find the location of the responder.
     * This will be the value of the default responder (if enabled), else
     * it will come out of the AIA extension in the cert (if present).
     * If we have no such location, then this cert does not "deserve" to
     * be checked -- that is, we consider it a success and just return.
     * The way we tell that is by looking at the error number to see if
     * the problem was no AIA extension was found; any other error was
     * a true failure that we unfortunately have to treat as an overall
     * failure here.
     */
    location = ocsp_GetResponderLocation(handle, cert, PR_TRUE,
                                         &locationIsDefault);
    if (location == NULL) {
        int err = PORT_GetError();
        if (err == SEC_ERROR_EXTENSION_NOT_FOUND ||
            err == SEC_ERROR_CERT_BAD_ACCESS_LOCATION) {
            PORT_SetError(0);
            *rv_ocsp = SECSuccess;
            return SECSuccess;
        }
        return SECFailure;
    }

    /*
     * XXX In the fullness of time, we will want/need to handle a
     * certificate chain.  This will be done either when a new parameter
     * tells us to, or some configuration variable tells us to.  In any
     * case, handling it is complicated because we may need to send as
     * many requests (and receive as many responses) as we have certs
     * in the chain.  If we are going to talk to a default responder,
     * and we only support one default responder, we can put all of the
     * certs together into one request.  Otherwise, we must break them up
     * into multiple requests.  (Even if all of the requests will go to
     * the same location, the signature on each response will be different,
     * because each issuer is different.  Carefully read the OCSP spec
     * if you do not understand this.)
     */

    /*
     * XXX If/when signing of requests is supported, that second NULL
     * should be changed to be the signer certificate.  Not sure if that
     * should be passed into this function or retrieved via some operation
     * on the handle/context.
     */

    do {
        const char *method;
        PRBool validResponseWithAccurateInfo = PR_FALSE;
        retry = PR_FALSE;
        *rv_ocsp = SECFailure;

        if (currentStage == stageGET) {
            method = "GET";
        } else {
            PORT_Assert(currentStage == stagePOST);
            method = "POST";
        }

        encodedResponse =
            ocsp_GetEncodedOCSPResponseForSingleCert(NULL, certID, cert,
                                                     location, method,
                                                     time, locationIsDefault,
                                                     pwArg, &request);

        if (encodedResponse) {
            rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
                                                            time, pwArg,
                                                            encodedResponse,
                                                            &decodedResponse,
                                                            &singleResponse);
            if (rv == SECSuccess) {
                switch (singleResponse->certStatus->certStatusType) {
                    case ocspCertStatus_good:
                    case ocspCertStatus_revoked:
                        validResponseWithAccurateInfo = PR_TRUE;
                        break;
                    default:
                        break;
                }
                *rv_ocsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
            }
        }

        if (currentStage == stageGET) {
            /* only accept GET response if good or revoked */
            if (validResponseWithAccurateInfo) {
                ocsp_CacheSingleResponse(certID, singleResponse,
                                         certIDWasConsumed);
            } else {
                retry = PR_TRUE;
                currentStage = stagePOST;
            }
        } else {
            /* cache the POST respone, regardless of status */
            if (!singleResponse) {
                cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed);
            } else {
                ocsp_CacheSingleResponse(certID, singleResponse,
                                         certIDWasConsumed);
            }
        }

        if (encodedResponse) {
            SECITEM_FreeItem(encodedResponse, PR_TRUE);
            encodedResponse = NULL;
        }
        if (request) {
            CERT_DestroyOCSPRequest(request);
            request = NULL;
        }
        if (decodedResponse) {
            CERT_DestroyOCSPResponse(decodedResponse);
            decodedResponse = NULL;
        }
        singleResponse = NULL;

    } while (retry);

    PORT_Free(location);
    return rv;
}

/*
 * FUNCTION: ocsp_GetDecodedVerifiedSingleResponseForID
 *   This function decodes an OCSP response and checks for a valid response
 *   concerning the given certificate.
 *
 *   Note: a 'valid' response is one that parses successfully, is not an OCSP
 *   exception (see RFC 2560 Section 2.3), is correctly signed and is current.
 *   A 'good' response is a valid response that attests that the certificate
 *   is not currently revoked (see RFC 2560 Section 2.2).
 *
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     certificate DB of the cert that is being checked
 *   CERTOCSPCertID *certID
 *     the cert ID corresponding to |cert|
 *   CERTCertificate *cert
 *     the certificate being checked
 *   PRTime time
 *     time for which status is to be determined
 *   void *pwArg
 *     the opaque argument to the password prompting function.
 *   SECItem *encodedResponse
 *     the DER encoded bytes of the OCSP response
 *   CERTOCSPResponse **pDecodedResponse
 *     (output) The caller must ALWAYS check for this output parameter,
 *     and if it's non-null, must destroy it using CERT_DestroyOCSPResponse.
 *   CERTOCSPSingleResponse **pSingle
 *     (output) on success, this points to the single response that corresponds
 *     to the certID parameter. Points to the inside of pDecodedResponse.
 *     It isn't a copy, don't free it.
 * RETURN:
 *   SECSuccess iff the response is valid.
 */
static SECStatus
ocsp_GetDecodedVerifiedSingleResponseForID(CERTCertDBHandle *handle,
                                           CERTOCSPCertID *certID,
                                           CERTCertificate *cert,
                                           PRTime time,
                                           void *pwArg,
                                           const SECItem *encodedResponse,
                                           CERTOCSPResponse **pDecodedResponse,
                                           CERTOCSPSingleResponse **pSingle)
{
    CERTCertificate *signerCert = NULL;
    CERTCertificate *issuerCert = NULL;
    SECStatus rv = SECFailure;

    if (!pSingle || !pDecodedResponse) {
        return SECFailure;
    }
    *pSingle = NULL;
    *pDecodedResponse = CERT_DecodeOCSPResponse(encodedResponse);
    if (!*pDecodedResponse) {
        return SECFailure;
    }

    /*
     * Okay, we at least have a response that *looks* like a response!
     * Now see if the overall response status value is good or not.
     * If not, we set an error and give up.  (It means that either the
     * server had a problem, or it didn't like something about our
     * request.  Either way there is nothing to do but give up.)
     * Otherwise, we continue to find the actual per-cert status
     * in the response.
     */
    if (CERT_GetOCSPResponseStatus(*pDecodedResponse) != SECSuccess) {
        goto loser;
    }

    /*
     * If we've made it this far, we expect a response with a good signature.
     * So, check for that.
     */
    issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
    rv = CERT_VerifyOCSPResponseSignature(*pDecodedResponse, handle, pwArg,
                                          &signerCert, issuerCert);
    if (rv != SECSuccess) {
        goto loser;
    }

    PORT_Assert(signerCert != NULL); /* internal consistency check */
    /* XXX probably should set error, return failure if signerCert is null */

    /*
     * Again, we are only doing one request for one cert.
     * XXX When we handle cert chains, the following code will obviously
     * have to be modified, in coordation with the code above that will
     * have to determine how to make multiple requests, etc.
     */
    rv = ocsp_GetVerifiedSingleResponseForCertID(handle, *pDecodedResponse, certID,
                                                 signerCert, time, pSingle);
loser:
    if (issuerCert != NULL)
        CERT_DestroyCertificate(issuerCert);
    if (signerCert != NULL)
        CERT_DestroyCertificate(signerCert);
    return rv;
}

/*
 * FUNCTION: ocsp_CacheSingleResponse
 *   This function requires that the caller has checked that the response
 *   is valid and verified.
 *   The (positive or negative) valid response will be used to update the cache.
 * INPUTS:
 *   CERTOCSPCertID *certID
 *     the cert ID corresponding to |cert|
 *   PRBool *certIDWasConsumed
 *     (output) on return, this is true iff |certID| was consumed by this
 *     function.
 */
void
ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
                         CERTOCSPSingleResponse *single,
                         PRBool *certIDWasConsumed)
{
    if (single != NULL) {
        PR_EnterMonitor(OCSP_Global.monitor);
        if (OCSP_Global.maxCacheEntries >= 0) {
            ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, single,
                                          certIDWasConsumed);
            /* ignore cache update failures */
        }
        PR_ExitMonitor(OCSP_Global.monitor);
    }
}

SECStatus
ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
                                        CERTOCSPResponse *response,
                                        CERTOCSPCertID *certID,
                                        CERTCertificate *signerCert,
                                        PRTime time,
                                        CERTOCSPSingleResponse
                                            **pSingleResponse)
{
    SECStatus rv;
    ocspResponseData *responseData;
    PRTime producedAt;
    CERTOCSPSingleResponse *single;

    /*
     * The ResponseData part is the real guts of the response.
     */
    responseData = ocsp_GetResponseData(response, NULL);
    if (responseData == NULL) {
        rv = SECFailure;
        goto loser;
    }

    /*
     * There is one producedAt time for the entire response (and a separate
     * thisUpdate time for each individual single response).  We need to
     * compare them, so get the overall time to pass into the check of each
     * single response.
     */
    rv = DER_GeneralizedTimeToTime(&producedAt, &responseData->producedAt);
    if (rv != SECSuccess)
        goto loser;

    single = ocsp_GetSingleResponseForCertID(responseData->responses,
                                             handle, certID);
    if (single == NULL) {
        rv = SECFailure;
        goto loser;
    }

    rv = ocsp_VerifySingleResponse(single, handle, signerCert, producedAt);
    if (rv != SECSuccess)
        goto loser;
    *pSingleResponse = single;

loser:
    return rv;
}

SECStatus
CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
                            CERTOCSPResponse *response,
                            CERTOCSPCertID *certID,
                            CERTCertificate *signerCert,
                            PRTime time)
{
    /*
     * We do not update the cache, because:
     *
     * CERT_GetOCSPStatusForCertID is an old exported API that was introduced
     * before the OCSP cache got implemented.
     *
     * The implementation of helper function cert_ProcessOCSPResponse
     * requires the ability to transfer ownership of the the given certID to
     * the cache. The external API doesn't allow us to prevent the caller from
     * destroying the certID. We don't have the original certificate available,
     * therefore we are unable to produce another certID object (that could
     * be stored in the cache).
     *
     * Should we ever implement code to produce a deep copy of certID,
     * then this could be changed to allow updating the cache.
     * The duplication would have to be done in
     * cert_ProcessOCSPResponse, if the out parameter to indicate
     * a transfer of ownership is NULL.
     */
    return cert_ProcessOCSPResponse(handle, response, certID,
                                    signerCert, time,
                                    NULL, NULL);
}

/*
 * The first 5 parameters match the definition of CERT_GetOCSPStatusForCertID.
 */
SECStatus
cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
                         CERTOCSPResponse *response,
                         CERTOCSPCertID *certID,
                         CERTCertificate *signerCert,
                         PRTime time,
                         PRBool *certIDWasConsumed,
                         SECStatus *cacheUpdateStatus)
{
    SECStatus rv;
    SECStatus rv_cache = SECSuccess;
    CERTOCSPSingleResponse *single = NULL;

    rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID,
                                                 signerCert, time, &single);
    if (rv == SECSuccess) {
        /*
         * Check whether the status says revoked, and if so
         * how that compares to the time value passed into this routine.
         */
        rv = ocsp_SingleResponseCertHasGoodStatus(single, time);
    }

    if (certIDWasConsumed) {
        /*
         * We don't have copy-of-certid implemented. In order to update
         * the cache, the caller must supply an out variable
         * certIDWasConsumed, allowing us to return ownership status.
         */

        PR_EnterMonitor(OCSP_Global.monitor);
        if (OCSP_Global.maxCacheEntries >= 0) {
            /* single == NULL means: remember response failure */
            rv_cache =
                ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID,
                                              single, certIDWasConsumed);
        }
        PR_ExitMonitor(OCSP_Global.monitor);
        if (cacheUpdateStatus) {
            *cacheUpdateStatus = rv_cache;
        }
    }

    return rv;
}

SECStatus
cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
                                   PRBool *certIDWasConsumed)
{
    SECStatus rv = SECSuccess;
    PR_EnterMonitor(OCSP_Global.monitor);
    if (OCSP_Global.maxCacheEntries >= 0) {
        rv = ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, NULL,
                                           certIDWasConsumed);
    }
    PR_ExitMonitor(OCSP_Global.monitor);
    return rv;
}

/*
 * Disable status checking and destroy related structures/data.
 */
static SECStatus
ocsp_DestroyStatusChecking(CERTStatusConfig *statusConfig)
{
    ocspCheckingContext *statusContext;

    /*
     * Disable OCSP checking
     */
    statusConfig->statusChecker = NULL;

    statusContext = statusConfig->statusContext;
    PORT_Assert(statusContext != NULL);
    if (statusContext == NULL)
        return SECFailure;

    if (statusContext->defaultResponderURI != NULL)
        PORT_Free(statusContext->defaultResponderURI);
    if (statusContext->defaultResponderNickname != NULL)
        PORT_Free(statusContext->defaultResponderNickname);

    PORT_Free(statusContext);
    statusConfig->statusContext = NULL;

    PORT_Free(statusConfig);

    return SECSuccess;
}

/*
 * FUNCTION: CERT_DisableOCSPChecking
 *   Turns off OCSP checking for the given certificate database.
 *   This routine disables OCSP checking.  Though it will return
 *   SECFailure if OCSP checking is not enabled, it is "safe" to
 *   call it that way and just ignore the return value, if it is
 *   easier to just call it than to "remember" whether it is enabled.
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     Certificate database for which OCSP checking will be disabled.
 * RETURN:
 *   Returns SECFailure if an error occurred (usually means that OCSP
 *   checking was not enabled or status contexts were not initialized --
 *   error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise.
 */
SECStatus
CERT_DisableOCSPChecking(CERTCertDBHandle *handle)
{
    CERTStatusConfig *statusConfig;
    ocspCheckingContext *statusContext;

    if (handle == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    statusConfig = CERT_GetStatusConfig(handle);
    statusContext = ocsp_GetCheckingContext(handle);
    if (statusContext == NULL)
        return SECFailure;

    if (statusConfig->statusChecker != CERT_CheckOCSPStatus) {
        /*
    	 * Status configuration is present, but either not currently
    	 * enabled or not for OCSP.
    	 */
        PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
        return SECFailure;
    }

    /* cache no longer necessary */
    CERT_ClearOCSPCache();

    /*
     * This is how we disable status checking.  Everything else remains
     * in place in case we are enabled again.
     */
    statusConfig->statusChecker = NULL;

    return SECSuccess;
}

/*
 * Allocate and initialize the informational structures for status checking.
 * This is done when some configuration of OCSP is being done or when OCSP
 * checking is being turned on, whichever comes first.
 */
static SECStatus
ocsp_InitStatusChecking(CERTCertDBHandle *handle)
{
    CERTStatusConfig *statusConfig = NULL;
    ocspCheckingContext *statusContext = NULL;

    PORT_Assert(CERT_GetStatusConfig(handle) == NULL);
    if (CERT_GetStatusConfig(handle) != NULL) {
        /* XXX or call statusConfig->statusDestroy and continue? */
        return SECFailure;
    }

    statusConfig = PORT_ZNew(CERTStatusConfig);
    if (statusConfig == NULL)
        goto loser;

    statusContext = PORT_ZNew(ocspCheckingContext);
    if (statusContext == NULL)
        goto loser;

    statusConfig->statusDestroy = ocsp_DestroyStatusChecking;
    statusConfig->statusContext = statusContext;

    CERT_SetStatusConfig(handle, statusConfig);

    return SECSuccess;

loser:
    if (statusConfig != NULL)
        PORT_Free(statusConfig);
    return SECFailure;
}

/*
 * FUNCTION: CERT_EnableOCSPChecking
 *   Turns on OCSP checking for the given certificate database.
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     Certificate database for which OCSP checking will be enabled.
 * RETURN:
 *   Returns SECFailure if an error occurred (likely only problem
 *   allocating memory); SECSuccess otherwise.
 */
SECStatus
CERT_EnableOCSPChecking(CERTCertDBHandle *handle)
{
    CERTStatusConfig *statusConfig;

    SECStatus rv;

    if (handle == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    statusConfig = CERT_GetStatusConfig(handle);
    if (statusConfig == NULL) {
        rv = ocsp_InitStatusChecking(handle);
        if (rv != SECSuccess)
            return rv;

        /* Get newly established value */
        statusConfig = CERT_GetStatusConfig(handle);
        PORT_Assert(statusConfig != NULL);
    }

    /*
     * Setting the checker function is what really enables the checking
     * when each cert verification is done.
     */
    statusConfig->statusChecker = CERT_CheckOCSPStatus;

    return SECSuccess;
}

/*
 * FUNCTION: CERT_SetOCSPDefaultResponder
 *   Specify the location and cert of the default responder.
 *   If OCSP checking is already enabled *and* use of a default responder
 *   is also already enabled, all OCSP checking from now on will go directly
 *   to the specified responder.  If OCSP checking is not enabled, or if
 *   it is but use of a default responder is not enabled, the information
 *   will be recorded and take effect whenever both are enabled.
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     Cert database on which OCSP checking should use the default responder.
 *   char *url
 *     The location of the default responder (e.g. "http://foo.com:80/ocsp")
 *     Note that the location will not be tested until the first attempt
 *     to send a request there.
 *   char *name
 *     The nickname of the cert to trust (expected) to sign the OCSP responses.
 *     If the corresponding cert cannot be found, SECFailure is returned.
 * RETURN:
 *   Returns SECFailure if an error occurred; SECSuccess otherwise.
 *   The most likely error is that the cert for "name" could not be found
 *   (probably SEC_ERROR_UNKNOWN_CERT).  Other errors are low-level (no memory,
 *   bad database, etc.).
 */
SECStatus
CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
                             const char *url, const char *name)
{
    CERTCertificate *cert;
    ocspCheckingContext *statusContext;
    char *url_copy = NULL;
    char *name_copy = NULL;
    SECStatus rv;

    if (handle == NULL || url == NULL || name == NULL) {
        /*
    	 * XXX When interface is exported, probably want better errors;
    	 * perhaps different one for each parameter.
    	 */
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /*
     * Find the certificate for the specified nickname.  Do this first
     * because it seems the most likely to fail.
     *
     * XXX Shouldn't need that cast if the FindCertByNickname interface
     * used const to convey that it does not modify the name.  Maybe someday.
     */
    cert = CERT_FindCertByNickname(handle, (char *)name);
    if (cert == NULL) {
        /*
         * look for the cert on an external token.
         */
        cert = PK11_FindCertFromNickname((char *)name, NULL);
    }
    if (cert == NULL)
        return SECFailure;

    /*
     * Make a copy of the url and nickname.
     */
    url_copy = PORT_Strdup(url);
    name_copy = PORT_Strdup(name);
    if (url_copy == NULL || name_copy == NULL) {
        rv = SECFailure;
        goto loser;
    }

    statusContext = ocsp_GetCheckingContext(handle);

    /*
     * Allocate and init the context if it doesn't already exist.
     */
    if (statusContext == NULL) {
        rv = ocsp_InitStatusChecking(handle);
        if (rv != SECSuccess)
            goto loser;

        statusContext = ocsp_GetCheckingContext(handle);
        PORT_Assert(statusContext != NULL); /* extreme paranoia */
    }

    /*
     * Note -- we do not touch the status context until after all of
     * the steps which could cause errors.  If something goes wrong,
     * we want to leave things as they were.
     */

    /*
     * Get rid of old url and name if there.
     */
    if (statusContext->defaultResponderNickname != NULL)
        PORT_Free(statusContext->defaultResponderNickname);
    if (statusContext->defaultResponderURI != NULL)
        PORT_Free(statusContext->defaultResponderURI);

    /*
     * And replace them with the new ones.
     */
    statusContext->defaultResponderURI = url_copy;
    statusContext->defaultResponderNickname = name_copy;

    /*
     * If there was already a cert in place, get rid of it and replace it.
     * Otherwise, we are not currently enabled, so we don't want to save it;
     * it will get re-found and set whenever use of a default responder is
     * enabled.
     */
    if (statusContext->defaultResponderCert != NULL) {
        CERT_DestroyCertificate(statusContext->defaultResponderCert);
        statusContext->defaultResponderCert = cert;
        /*OCSP enabled, switching responder: clear cache*/
        CERT_ClearOCSPCache();
    } else {
        PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
        CERT_DestroyCertificate(cert);
        /*OCSP currently not enabled, no need to clear cache*/
    }

    return SECSuccess;

loser:
    CERT_DestroyCertificate(cert);
    if (url_copy != NULL)
        PORT_Free(url_copy);
    if (name_copy != NULL)
        PORT_Free(name_copy);
    return rv;
}

/*
 * FUNCTION: CERT_EnableOCSPDefaultResponder
 *   Turns on use of a default responder when OCSP checking.
 *   If OCSP checking is already enabled, this will make subsequent checks
 *   go directly to the default responder.  (The location of the responder
 *   and the nickname of the responder cert must already be specified.)
 *   If OCSP checking is not enabled, this will be recorded and take effect
 *   whenever it is enabled.
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     Cert database on which OCSP checking should use the default responder.
 * RETURN:
 *   Returns SECFailure if an error occurred; SECSuccess otherwise.
 *   No errors are especially likely unless the caller did not previously
 *   perform a successful call to SetOCSPDefaultResponder (in which case
 *   the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER).
 */
SECStatus
CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle)
{
    ocspCheckingContext *statusContext;
    CERTCertificate *cert;
    SECStatus rv;
    SECCertificateUsage usage;

    if (handle == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    statusContext = ocsp_GetCheckingContext(handle);

    if (statusContext == NULL) {
        /*
    	 * Strictly speaking, the error already set is "correct",
    	 * but cover over it with one more helpful in this context.
    	 */
        PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
        return SECFailure;
    }

    if (statusContext->defaultResponderURI == NULL) {
        PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
        return SECFailure;
    }

    if (statusContext->defaultResponderNickname == NULL) {
        PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
        return SECFailure;
    }

    /*
     * Find the cert for the nickname.
     */
    cert = CERT_FindCertByNickname(handle,
                                   statusContext->defaultResponderNickname);
    if (cert == NULL) {
        cert = PK11_FindCertFromNickname(statusContext->defaultResponderNickname,
                                         NULL);
    }
    /*
     * We should never have trouble finding the cert, because its
     * existence should have been proven by SetOCSPDefaultResponder.
     */
    PORT_Assert(cert != NULL);
    if (cert == NULL)
        return SECFailure;

    /*
     * Supplied cert should at least have  a signing capability in order for us
     * to use it as a trusted responder cert. Ability to sign is guaranteed  if
     * cert is validated to have any set of the usages below.
     */
    rv = CERT_VerifyCertificateNow(handle, cert, PR_TRUE,
                                   certificateUsageCheckAllUsages,
                                   NULL, &usage);
    if (rv != SECSuccess || (usage & (certificateUsageSSLClient | certificateUsageSSLServer | certificateUsageSSLServerWithStepUp | certificateUsageEmailSigner | certificateUsageObjectSigner | certificateUsageStatusResponder | certificateUsageSSLCA)) == 0) {
        PORT_SetError(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID);
        return SECFailure;
    }

    /*
     * And hang onto it.
     */
    statusContext->defaultResponderCert = cert;

    /* we don't allow a mix of cache entries from different responders */
    CERT_ClearOCSPCache();

    /*
     * Finally, record the fact that we now have a default responder enabled.
     */
    statusContext->useDefaultResponder = PR_TRUE;
    return SECSuccess;
}

/*
 * FUNCTION: CERT_DisableOCSPDefaultResponder
 *   Turns off use of a default responder when OCSP checking.
 *   (Does nothing if use of a default responder is not enabled.)
 * INPUTS:
 *   CERTCertDBHandle *handle
 *     Cert database on which OCSP checking should stop using a default
 *     responder.
 * RETURN:
 *   Returns SECFailure if an error occurred; SECSuccess otherwise.
 *   Errors very unlikely (like random memory corruption...).
 */
SECStatus
CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle)
{
    CERTStatusConfig *statusConfig;
    ocspCheckingContext *statusContext;
    CERTCertificate *tmpCert;

    if (handle == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    statusConfig = CERT_GetStatusConfig(handle);
    if (statusConfig == NULL)
        return SECSuccess;

    statusContext = ocsp_GetCheckingContext(handle);
    PORT_Assert(statusContext != NULL);
    if (statusContext == NULL)
        return SECFailure;

    tmpCert = statusContext->defaultResponderCert;
    if (tmpCert) {
        statusContext->defaultResponderCert = NULL;
        CERT_DestroyCertificate(tmpCert);
        /* we don't allow a mix of cache entries from different responders */
        CERT_ClearOCSPCache();
    }

    /*
     * Finally, record the fact.
     */
    statusContext->useDefaultResponder = PR_FALSE;
    return SECSuccess;
}

SECStatus
CERT_ForcePostMethodForOCSP(PRBool forcePost)
{
    if (!OCSP_Global.monitor) {
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return SECFailure;
    }

    PR_EnterMonitor(OCSP_Global.monitor);
    OCSP_Global.forcePost = forcePost;
    PR_ExitMonitor(OCSP_Global.monitor);

    return SECSuccess;
}

SECStatus
CERT_GetOCSPResponseStatus(CERTOCSPResponse *response)
{
    PORT_Assert(response);
    if (response->statusValue == ocspResponse_successful)
        return SECSuccess;

    switch (response->statusValue) {
        case ocspResponse_malformedRequest:
            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
            break;
        case ocspResponse_internalError:
            PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
            break;
        case ocspResponse_tryLater:
            PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER);
            break;
        case ocspResponse_sigRequired:
            /* XXX We *should* retry with a signature, if possible. */
            PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG);
            break;
        case ocspResponse_unauthorized:
            PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
            break;
        case ocspResponse_unused:
        default:
            PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
            break;
    }
    return SECFailure;
}