summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrichard.freedman%sun.com <devnull@localhost>2006-06-22 15:40:11 +0000
committerrichard.freedman%sun.com <devnull@localhost>2006-06-22 15:40:11 +0000
commit1ef0aca8e25a538f602c346e4f3485a11874f20d (patch)
tree0e90bbfdc1294df6927c9a155cecdeab368c06c7
parent0a081b83ee6af7295fabd6a47047c82519a6889c (diff)
downloadnss-hg-1ef0aca8e25a538f602c346e4f3485a11874f20d.tar.gz
Isolate the CERT_VerifyCert call in OCSP processing, and allow the user
to provide an alternate function (via PKIX_OcspChecker_SetVerifyFcn).
Diffstat
-rw-r--r--security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c23
-rwxr-xr-xsecurity/nss/cmd/libpkix/pkix/top/validatechain/test_validatechain.c4
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_pl_pki.h20
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c68
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h22
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c178
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h10
-rw-r--r--security/nss/lib/nss/nss.def6
8 files changed, 302 insertions, 29 deletions
diff --git a/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c b/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c
index 255dcd733..cbe095d88 100644
--- a/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c
+++ b/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c
@@ -97,6 +97,8 @@ testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_Date *validity = NULL;
PKIX_List *revCheckers = NULL;
+ PKIX_RevocationChecker *revChecker = NULL;
+ PKIX_PL_Object *revCheckerContext = NULL;
PKIX_OcspChecker *ocspChecker = NULL;
PKIX_TEST_STD_VARS();
@@ -132,15 +134,29 @@ testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
/* create revChecker */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Create
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
(validity,
NULL, /* pwArg */
NULL, /* Use default responder */
- &ocspChecker,
+ &revChecker,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext
+ (revChecker, &revCheckerContext, plContext));
+
+ /* Check that this object is a ocsp checker */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType
+ (revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
+
+ ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn
+ (ocspChecker,
+ PKIX_PL_OcspResponse_UseBuildChain,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
+ (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
(procParams, revCheckers, plContext));
@@ -151,6 +167,7 @@ cleanup:
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(revChecker);
PKIX_TEST_DECREF_AC(ocspChecker);
PKIX_TEST_DECREF_AC(validity);
diff --git a/security/nss/cmd/libpkix/pkix/top/validatechain/test_validatechain.c b/security/nss/cmd/libpkix/pkix/top/validatechain/test_validatechain.c
index c64c32b82..c72885a37 100755
--- a/security/nss/cmd/libpkix/pkix/top/validatechain/test_validatechain.c
+++ b/security/nss/cmd/libpkix/pkix/top/validatechain/test_validatechain.c
@@ -97,7 +97,7 @@ testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_Date *validity = NULL;
PKIX_List *revCheckers = NULL;
- PKIX_OcspChecker *ocspChecker = NULL;
+ PKIX_RevocationChecker *ocspChecker = NULL;
PKIX_TEST_STD_VARS();
@@ -132,7 +132,7 @@ testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
/* create revChecker */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Create
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
(validity,
NULL, /* pwArg */
NULL, /* Use default responder */
diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h
index b5999e9eb..2fe2729f9 100755
--- a/security/nss/lib/libpkix/include/pkix_pl_pki.h
+++ b/security/nss/lib/libpkix/include/pkix_pl_pki.h
@@ -2438,6 +2438,12 @@ PKIX_PL_AIAMgr_GetAIACerts(
typedef PKIX_Error *
(*PKIX_PL_OcspResponse_VerifyCallback)(
+ PKIX_PL_Cert *signerCert,
+ PKIX_PL_Date *producedAt,
+ void **pNBIOContext,
+ void **pState,
+ PKIX_BuildResult **pBuildResult,
+ PKIX_VerifyNode **pVerifyTree,
void *plContext);
PKIX_Error *
@@ -2447,36 +2453,36 @@ pkix_pl_OcspRequest_Create(
PKIX_Boolean addServiceLocator,
PKIX_PL_Cert *signerCert,
PKIX_Boolean *pURIFound,
- PKIX_PL_OcspRequest **pRequest,
+ PKIX_PL_OcspRequest **pRequest,
void *plContext);
PKIX_Error *
pkix_pl_OcspResponse_Create(
- PKIX_PL_OcspRequest *request,
- void *responder,
+ PKIX_PL_OcspRequest *request,
+ void *responder,
PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
- void **pNBIOContext,
+ void **pNBIOContext,
PKIX_PL_OcspResponse **pResponse,
void *plContext);
PKIX_Error *
pkix_pl_OcspResponse_Decode(
PKIX_PL_OcspResponse *response,
- PKIX_Boolean *passed,
+ PKIX_Boolean *passed,
SECErrorCodes *pReturnCode,
void *plContext);
PKIX_Error *
pkix_pl_OcspResponse_GetStatus(
PKIX_PL_OcspResponse *response,
- PKIX_Boolean *passed,
+ PKIX_Boolean *passed,
SECErrorCodes *pReturnCode,
void *plContext);
PKIX_Error *
pkix_pl_OcspResponse_VerifySignature(
PKIX_PL_OcspResponse *response,
- PKIX_PL_Cert *cert,
+ PKIX_PL_Cert *cert,
PKIX_Boolean *pPassed,
SECErrorCodes *pReturnCode,
void *plContext);
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
index 42f75a651..5f0ead332 100644
--- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
+++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
@@ -43,6 +43,7 @@
#include "pkix_ocspchecker.h"
+
/* --Private-Functions-------------------------------------------- */
/*
@@ -186,7 +187,7 @@ pkix_OcspChecker_Check(
}
- /* send request and create response */
+ /* send request and create a response object */
PKIX_CHECK(pkix_pl_OcspResponse_Create
(request,
checker->responder,
@@ -240,10 +241,10 @@ cleanup:
}
/*
- * FUNCTION: PKIX_OcspChecker_Create (see comments in pkix_checker.h)
+ * FUNCTION: pkix_OcspChecker_Create
*/
PKIX_Error *
-PKIX_OcspChecker_Create(
+pkix_OcspChecker_Create(
PKIX_PL_Date *validityTime,
void *passwordInfo,
void *responder,
@@ -253,7 +254,7 @@ PKIX_OcspChecker_Create(
PKIX_OcspChecker *checkerObject = NULL;
PKIX_RevocationChecker *revChecker = NULL;
- PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_Create");
+ PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
@@ -275,16 +276,9 @@ PKIX_OcspChecker_Create(
checkerObject->responder = responder;
checkerObject->nbioContext = NULL;
- PKIX_CHECK(PKIX_RevocationChecker_Create
- (pkix_OcspChecker_Check,
- (PKIX_PL_Object *)checkerObject,
- &revChecker,
- plContext),
- "PKIX_RevocationChecker_Create failed");
+ *pChecker = checkerObject;
- *pChecker = (PKIX_OcspChecker *)revChecker;
cleanup:
- PKIX_DECREF(checkerObject);
PKIX_RETURN(OCSPCHECKER);
@@ -326,3 +320,53 @@ PKIX_OcspChecker_SetOCSPResponder(
PKIX_RETURN(OCSPCHECKER);
}
+/*
+ * FUNCTION: PKIX_OcspChecker_SetVerifyFcn
+ * (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_OcspChecker_SetVerifyFcn(
+ PKIX_OcspChecker *checker,
+ PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
+ void *plContext)
+{
+ PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_SetVerifyFcn");
+ PKIX_NULLCHECK_ONE(checker);
+
+ checker->verifyFcn = verifyFcn;
+
+ PKIX_RETURN(OCSPCHECKER);
+}
+
+PKIX_Error *
+PKIX_OcspChecker_Initialize(
+ PKIX_PL_Date *validityTime,
+ void *passwordInfo,
+ void *responder,
+ PKIX_RevocationChecker **pChecker,
+ void *plContext)
+{
+ PKIX_OcspChecker *oChecker = NULL;
+
+ PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_Initialize");
+ PKIX_NULLCHECK_ONE(pChecker);
+
+ PKIX_CHECK(pkix_OcspChecker_Create
+ (validityTime, passwordInfo, responder, &oChecker, plContext),
+ "PKIX_OcspChecker_Create failed");
+
+ PKIX_CHECK(PKIX_RevocationChecker_Create
+ (pkix_OcspChecker_Check,
+ (PKIX_PL_Object *)oChecker,
+ pChecker,
+ plContext),
+ "PKIX_RevocationChecker_Create failed");
+
+cleanup:
+
+ PKIX_DECREF(oChecker);
+
+ PKIX_RETURN(OCSPCHECKER);
+}
+
+
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
index 7a63e21e9..1a4369866 100644
--- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
+++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
@@ -65,11 +65,29 @@ struct PKIX_OcspCheckerStruct {
PKIX_Error *pkix_OcspChecker_RegisterSelf(void *plContext);
PKIX_Error *
-PKIX_OcspChecker_Create(
+PKIX_OcspChecker_SetPasswordInfo(
+ PKIX_OcspChecker *checker,
+ void *passwordInfo,
+ void *plContext);
+
+PKIX_Error *
+PKIX_OcspChecker_SetOCSPResponder(
+ PKIX_OcspChecker *checker,
+ void *ocspResponder,
+ void *plContext);
+
+PKIX_Error *
+PKIX_OcspChecker_SetVerifyFcn(
+ PKIX_OcspChecker *checker,
+ PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
+ void *plContext);
+
+PKIX_Error *
+PKIX_OcspChecker_Initialize(
PKIX_PL_Date *validityTime,
void *passwordInfo,
void *responder,
- PKIX_OcspChecker **pChecker,
+ PKIX_RevocationChecker **pChecker,
void *plContext);
#ifdef __cplusplus
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
index 623a59dcd..71c60d48d 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
@@ -140,6 +140,159 @@ loser:
return NULL;
}
+/* ----Public functions------------------------------------- */
+/*
+ * This is the libpkix replacement for CERT_VerifyOCSPResponseSignature.
+ * It is used if it has been set as the verifyFcn member of ocspChecker.
+ */
+PKIX_Error *
+PKIX_PL_OcspResponse_UseBuildChain(
+ PKIX_PL_Cert *signerCert,
+ PKIX_PL_Date *producedAt,
+ void **pNBIOContext,
+ void **pState,
+ PKIX_BuildResult **pBuildResult,
+ PKIX_VerifyNode **pVerifyTree,
+ void *plContext)
+{
+ PKIX_List *anchorsList = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_List *revCheckers = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_Date *date = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_CertStore *certStore = NULL;
+ void *state = NULL;
+ void *nbioContext = NULL;
+ PKIX_Error *buildError = NULL;
+
+ PKIX_ENTER(OCSPRESPONSE, "pkix_OcspResponse_UseBuildChain");
+ PKIX_NULLCHECK_THREE(signerCert, producedAt, pNBIOContext);
+ PKIX_NULLCHECK_THREE(pState, pBuildResult, pVerifyTree);
+
+ nbioContext = *pNBIOContext;
+ *pNBIOContext = NULL;
+
+ /* Are we resuming after a WOULDBLOCK return, or starting anew ? */
+ if (nbioContext == NULL) {
+ /* Starting anew */
+ PKIX_CHECK(PKIX_List_Create(&anchorsList, plContext),
+ "PKIX_List_Create failed");
+
+ PKIX_CHECK(PKIX_ProcessingParams_Create
+ (anchorsList, &procParams, plContext),
+ "PKIX_ProcessingParams_Create failed");
+
+ PKIX_CHECK(PKIX_ProcessingParams_SetDate(procParams, date, plContext),
+ "PKIX_ProcessingParams_SetDate failed");
+
+ /*
+ * Let's hope the default value used in PKIX_ProcessingParams_Create
+ * is suitable. I don't see how to get a caller-supplied value in here.
+ *
+ * PKIX_CHECK(PKIX_ProcessingParams_SetRevocationEnabled
+ * (procParams, isCrlEnabled, plContext),
+ * "PKIX_ProcessingParams_SetRevocationEnabled failed");
+ *
+ */
+ PKIX_CHECK(PKIX_ProcessingParams_SetRevocationEnabled
+ (procParams, PKIX_FALSE, plContext),
+ "PKIX_ProcessingParams_SetRevocationEnabled failed");
+
+ /* create CertSelector with target certificate in params */
+
+ PKIX_CHECK(PKIX_ComCertSelParams_Create(&certSelParams, plContext),
+ "PKIX_ComCertSelParams_Create failed");
+
+ PKIX_CHECK(PKIX_ComCertSelParams_SetCertificate
+ (certSelParams, signerCert, plContext),
+ "PKIX_ComCertSelParams_SetCertificate failed");
+
+ PKIX_CHECK(PKIX_CertSelector_Create
+ (NULL, NULL, &certSelector, plContext),
+ "PKIX_CertSelector_Create failed");
+
+ PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
+ (certSelector, certSelParams, plContext),
+ "PKIX_CertSelector_SetCommonCertSelectorParams failed");
+
+ PKIX_CHECK(PKIX_ProcessingParams_SetTargetCertConstraints
+ (procParams, certSelector, plContext),
+ "PKIX_ProcessingParams_SetTargetCertConstraints failed");
+
+ /* create CertStores */
+
+ PKIX_CHECK(PKIX_List_Create(&certStores, plContext),
+ "PKIX_List_Create failed");
+
+ PKIX_CHECK(PKIX_PL_Pk11CertStore_Create(&certStore, plContext),
+ "PKIX_PL_Pk11CertStore_Create failed");
+
+ PKIX_CHECK(PKIX_List_AppendItem
+ (certStores, (PKIX_PL_Object *)certStore, plContext),
+ "PKIX_List_AppendItem failed");
+
+ PKIX_CHECK(PKIX_ProcessingParams_SetCertStores
+ (procParams, certStores, plContext),
+ "PKIX_ProcessingParams_SetCertStores failed");
+
+ /* create RevocationCheckers */
+
+ /*
+ * PKIX_CHECK(PKIX_List_Create(&revCheckers, plContext),
+ * "PKIX_List_Create failed");
+ */
+
+ /*
+ * PKIX_CHECK(PKIX_List_AppendItem
+ * (revCheckers, (PKIX_PL_Object *)revChecker, plContext),
+ * "PKIX_List_AppendItem failed");
+ */
+
+ /*
+ * PKIX_CHECK(PKIX_ProcessingParams_SetRevocationCheckers
+ * (procParams, revCheckers, plContext),
+ * "PKIX_ProcessingParams_SetRevocationCheckers failed");
+ */
+
+ }
+
+ buildError = PKIX_BuildChain
+ (procParams,
+ &nbioContext,
+ pState,
+ pBuildResult,
+ pVerifyTree,
+ plContext);
+
+ /* non-null nbioContext means the build would block */
+ if (nbioContext != NULL) {
+
+ *pNBIOContext = nbioContext;
+
+ /* no buildResult means the build has failed */
+ } else if (buildError || (pBuildResult == NULL)) {
+ PKIX_ERROR("Unable to build chain");
+ } else {
+ PKIX_DECREF(*pState);
+ }
+
+cleanup:
+
+ PKIX_DECREF(procParams);
+ PKIX_DECREF(date);
+ PKIX_DECREF(anchorsList);
+ PKIX_DECREF(certSelParams);
+ PKIX_DECREF(certSelector);
+ PKIX_DECREF(certStores);
+ PKIX_DECREF(certStore);
+ PKIX_DECREF(revCheckers);
+
+ PKIX_RETURN(OCSPRESPONSE);
+
+}
+
/* --Private-OcspResponse-Functions------------------------------------- */
/*
@@ -772,6 +925,13 @@ pkix_pl_OcspResponse_VerifySignature(
int64 producedAt = 0;
CERTCertDBHandle *handle = NULL;
void *pwarg = NULL; /* must modify API if this can be non-NULL */
+ void *nbioContext = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_PL_Date *producedAtDate = NULL;
+ void *state = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_Error *verifyError = NULL;
PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_VerifySignature");
PKIX_NULLCHECK_FOUR(response, cert, pPassed, pReturnCode);
@@ -948,8 +1108,22 @@ pkix_pl_OcspResponse_VerifySignature(
* verification function, if one was supplied.
*/
if (response->verifyFcn != NULL) {
- PKIX_CHECK((response->verifyFcn)(plContext),
- "Caller-supplied verifyFcn failed");
+ PKIX_CHECK(pkix_pl_Date_CreateFromPRTime
+ ((PRTime)producedAt, &producedAtDate, plContext),
+ "pkix_pl_Date_CreateFromPRTime failed");
+
+ PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
+ (signerCert, &targetCert, plContext),
+ "pkix_pl_Cert_CreateWithNSSCert failed");
+
+ verifyError = (response->verifyFcn)
+ (targetCert,
+ producedAtDate,
+ &nbioContext,
+ &state,
+ &buildResult,
+ &verifyTree,
+ plContext);
} else {
PKIX_PL_NSSCALLRV(OCSPRESPONSE, rv, CERT_VerifyCert,
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
index fb1992f8d..41843038d 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
@@ -71,6 +71,16 @@ struct PKIX_PL_OcspResponseStruct{
PKIX_Error *pkix_pl_OcspResponse_RegisterSelf(void *plContext);
+PKIX_Error *
+PKIX_PL_OcspResponse_UseBuildChain(
+ PKIX_PL_Cert *signerCert,
+ PKIX_PL_Date *producedAt,
+ void **pNBIOContext,
+ void **pState,
+ PKIX_BuildResult **pBuildResult,
+ PKIX_VerifyNode **pVerifyTree,
+ void *plContext);
+
#ifdef __cplusplus
}
#endif
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index ea959beff..c3f152f38 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -978,7 +978,10 @@ PKIX_Logger_GetLogCallback;
PKIX_Logger_GetMaxLoggingLevel;
PKIX_Logger_SetLoggingComponent;
PKIX_Logger_SetMaxLoggingLevel;
-PKIX_OcspChecker_Create;
+PKIX_OcspChecker_Initialize;
+PKIX_OcspChecker_SetOCSPResponder;
+PKIX_OcspChecker_SetPasswordInfo;
+PKIX_OcspChecker_SetVerifyFcn;
PKIX_PL_AcquireReaderLock;
PKIX_PL_AcquireWriterLock;
PKIX_PL_BasicConstraints_GetCAFlag;
@@ -1082,6 +1085,7 @@ pkix_pl_OcspResponse_Create;
pkix_pl_OcspResponse_Decode;
pkix_pl_OcspResponse_GetStatus;
pkix_pl_OcspResponse_GetStatusForCert;
+PKIX_PL_OcspResponse_UseBuildChain;
pkix_pl_OcspResponse_VerifySignature;
PKIX_PL_Pk11CertStore_Create;
PKIX_PL_PolicyQualifier_GetPolicyQualifierId;
View Lorry Controller Status