Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(352)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/pki/pkim.h

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/pki/pkibase.c ('k') | mozilla/security/nss/lib/pki/pkistore.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef PKIM_H
6 #define PKIM_H
7
8 #ifdef DEBUG
9 static const char PKIM_CVS_ID[] = "@(#) $RCSfile: pkim.h,v $ $Revision: 1.31 $ $ Date: 2012/04/25 14:50:07 $";
10 #endif /* DEBUG */
11
12 #ifndef BASE_H
13 #include "base.h"
14 #endif /* BASE_H */
15
16 #ifndef PKI_H
17 #include "pki.h"
18 #endif /* PKI_H */
19
20 #ifndef PKITM_H
21 #include "pkitm.h"
22 #endif /* PKITM_H */
23
24 PR_BEGIN_EXTERN_C
25
26 /* nssPKIObject
27 *
28 * This is the base object class, common to all PKI objects defined in
29 * in this module. Each object can be safely 'casted' to an nssPKIObject,
30 * then passed to these methods.
31 *
32 * nssPKIObject_Create
33 * nssPKIObject_Destroy
34 * nssPKIObject_AddRef
35 * nssPKIObject_AddInstance
36 * nssPKIObject_HasInstance
37 * nssPKIObject_GetTokens
38 * nssPKIObject_GetNicknameForToken
39 * nssPKIObject_RemoveInstanceForToken
40 * nssPKIObject_DeleteStoredObject
41 */
42
43 NSS_EXTERN void nssPKIObject_Lock (nssPKIObject * object);
44 NSS_EXTERN void nssPKIObject_Unlock (nssPKIObject * object);
45 NSS_EXTERN PRStatus nssPKIObject_NewLock (nssPKIObject * object,
46 nssPKILockType lockType);
47 NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject * object);
48
49 /* nssPKIObject_Create
50 *
51 * A generic PKI object. It must live in a trust domain. It may be
52 * initialized with a token instance, or alternatively in a crypto context.
53 */
54 NSS_EXTERN nssPKIObject *
55 nssPKIObject_Create
56 (
57 NSSArena *arenaOpt,
58 nssCryptokiObject *instanceOpt,
59 NSSTrustDomain *td,
60 NSSCryptoContext *ccOpt,
61 nssPKILockType lockType
62 );
63
64 /* nssPKIObject_AddRef
65 */
66 NSS_EXTERN nssPKIObject *
67 nssPKIObject_AddRef
68 (
69 nssPKIObject *object
70 );
71
72 /* nssPKIObject_Destroy
73 *
74 * Returns true if object was destroyed. This notifies the subclass that
75 * all references are gone and it should delete any members it owns.
76 */
77 NSS_EXTERN PRBool
78 nssPKIObject_Destroy
79 (
80 nssPKIObject *object
81 );
82
83 /* nssPKIObject_AddInstance
84 *
85 * Add a token instance to the object, if it does not have it already.
86 */
87 NSS_EXTERN PRStatus
88 nssPKIObject_AddInstance
89 (
90 nssPKIObject *object,
91 nssCryptokiObject *instance
92 );
93
94 /* nssPKIObject_HasInstance
95 *
96 * Query the object for a token instance.
97 */
98 NSS_EXTERN PRBool
99 nssPKIObject_HasInstance
100 (
101 nssPKIObject *object,
102 nssCryptokiObject *instance
103 );
104
105 /* nssPKIObject_GetTokens
106 *
107 * Get all tokens which have an instance of the object.
108 */
109 NSS_EXTERN NSSToken **
110 nssPKIObject_GetTokens
111 (
112 nssPKIObject *object,
113 PRStatus *statusOpt
114 );
115
116 /* nssPKIObject_GetNicknameForToken
117 *
118 * tokenOpt == NULL means take the first available, otherwise return the
119 * nickname for the specified token.
120 */
121 NSS_EXTERN NSSUTF8 *
122 nssPKIObject_GetNicknameForToken
123 (
124 nssPKIObject *object,
125 NSSToken *tokenOpt
126 );
127
128 /* nssPKIObject_RemoveInstanceForToken
129 *
130 * Remove the instance of the object on the specified token.
131 */
132 NSS_EXTERN PRStatus
133 nssPKIObject_RemoveInstanceForToken
134 (
135 nssPKIObject *object,
136 NSSToken *token
137 );
138
139 /* nssPKIObject_DeleteStoredObject
140 *
141 * Delete all token instances of the object, as well as any crypto context
142 * instances (TODO). If any of the instances are read-only, or if the
143 * removal fails, the object will keep those instances. 'isFriendly' refers
144 * to the object -- can this object be removed from a friendly token without
145 * login? For example, certificates are friendly, private keys are not.
146 * Note that if the token is not friendly, authentication will be required
147 * regardless of the value of 'isFriendly'.
148 */
149 NSS_EXTERN PRStatus
150 nssPKIObject_DeleteStoredObject
151 (
152 nssPKIObject *object,
153 NSSCallback *uhh,
154 PRBool isFriendly
155 );
156
157 NSS_EXTERN nssCryptokiObject **
158 nssPKIObject_GetInstances
159 (
160 nssPKIObject *object
161 );
162
163 NSS_EXTERN NSSCertificate **
164 nssTrustDomain_FindCertificatesByID
165 (
166 NSSTrustDomain *td,
167 NSSItem *id,
168 NSSCertificate **rvOpt,
169 PRUint32 maximumOpt,
170 NSSArena *arenaOpt
171 );
172
173 NSS_EXTERN NSSCRL **
174 nssTrustDomain_FindCRLsBySubject
175 (
176 NSSTrustDomain *td,
177 NSSDER *subject
178 );
179
180 /* module-private nsspki methods */
181
182 NSS_EXTERN NSSCryptoContext *
183 nssCryptoContext_Create
184 (
185 NSSTrustDomain *td,
186 NSSCallback *uhhOpt
187 );
188
189 /* XXX for the collection */
190 NSS_EXTERN NSSCertificate *
191 nssCertificate_Create
192 (
193 nssPKIObject *object
194 );
195
196 NSS_EXTERN PRStatus
197 nssCertificate_SetCertTrust
198 (
199 NSSCertificate *c,
200 NSSTrust *trust
201 );
202
203 NSS_EXTERN nssDecodedCert *
204 nssCertificate_GetDecoding
205 (
206 NSSCertificate *c
207 );
208
209 extern PRIntn
210 nssCertificate_SubjectListSort
211 (
212 void *v1,
213 void *v2
214 );
215
216 NSS_EXTERN nssDecodedCert *
217 nssDecodedCert_Create
218 (
219 NSSArena *arenaOpt,
220 NSSDER *encoding,
221 NSSCertificateType type
222 );
223
224 NSS_EXTERN PRStatus
225 nssDecodedCert_Destroy
226 (
227 nssDecodedCert *dc
228 );
229
230 NSS_EXTERN NSSTrust *
231 nssTrust_Create
232 (
233 nssPKIObject *object,
234 NSSItem *certData
235 );
236
237 NSS_EXTERN NSSCRL *
238 nssCRL_Create
239 (
240 nssPKIObject *object
241 );
242
243 NSS_EXTERN NSSCRL *
244 nssCRL_AddRef
245 (
246 NSSCRL *crl
247 );
248
249 NSS_EXTERN PRStatus
250 nssCRL_Destroy
251 (
252 NSSCRL *crl
253 );
254
255 NSS_EXTERN PRStatus
256 nssCRL_DeleteStoredObject
257 (
258 NSSCRL *crl,
259 NSSCallback *uhh
260 );
261
262 NSS_EXTERN NSSPrivateKey *
263 nssPrivateKey_Create
264 (
265 nssPKIObject *o
266 );
267
268 NSS_EXTERN NSSDER *
269 nssCRL_GetEncoding
270 (
271 NSSCRL *crl
272 );
273
274 NSS_EXTERN NSSPublicKey *
275 nssPublicKey_Create
276 (
277 nssPKIObject *object
278 );
279
280 /* nssCertificateArray
281 *
282 * These are being thrown around a lot, might as well group together some
283 * functionality.
284 *
285 * nssCertificateArray_Destroy
286 * nssCertificateArray_Join
287 * nssCertificateArray_FindBestCertificate
288 * nssCertificateArray_Traverse
289 */
290
291 /* nssCertificateArray_Destroy
292 *
293 * Will destroy the array and the certs within it. If the array was created
294 * in an arena, will *not* (of course) destroy the arena. However, is safe
295 * to call this method on an arena-allocated array.
296 */
297 NSS_EXTERN void
298 nssCertificateArray_Destroy
299 (
300 NSSCertificate **certs
301 );
302
303 /* nssCertificateArray_Join
304 *
305 * Join two arrays into one. The two arrays, certs1 and certs2, should
306 * be considered invalid after a call to this function (they may be destroyed
307 * as part of the join). certs1 and/or certs2 may be NULL. Safe to
308 * call with arrays allocated in an arena, the result will also be in the
309 * arena.
310 */
311 NSS_EXTERN NSSCertificate **
312 nssCertificateArray_Join
313 (
314 NSSCertificate **certs1,
315 NSSCertificate **certs2
316 );
317
318 /* nssCertificateArray_FindBestCertificate
319 *
320 * Use the usual { time, usage, policies } to find the best cert in the
321 * array.
322 */
323 NSS_EXTERN NSSCertificate *
324 nssCertificateArray_FindBestCertificate
325 (
326 NSSCertificate **certs,
327 NSSTime *timeOpt,
328 const NSSUsage *usage,
329 NSSPolicies *policiesOpt
330 );
331
332 /* nssCertificateArray_Traverse
333 *
334 * Do the callback for each cert, terminate the traversal if the callback
335 * fails.
336 */
337 NSS_EXTERN PRStatus
338 nssCertificateArray_Traverse
339 (
340 NSSCertificate **certs,
341 PRStatus (* callback)(NSSCertificate *c, void *arg),
342 void *arg
343 );
344
345 NSS_EXTERN void
346 nssCRLArray_Destroy
347 (
348 NSSCRL **crls
349 );
350
351 /* nssPKIObjectCollection
352 *
353 * This is a handy way to group objects together and perform operations
354 * on them. It can also handle "proto-objects"-- references to
355 * objects instances on tokens, where the actual object hasn't
356 * been formed yet.
357 *
358 * nssCertificateCollection_Create
359 * nssPrivateKeyCollection_Create
360 * nssPublicKeyCollection_Create
361 *
362 * If this was a language that provided for inheritance, each type would
363 * inherit all of the following methods. Instead, there is only one
364 * type (nssPKIObjectCollection), shared among all. This may cause
365 * confusion; an alternative would be to define all of the methods
366 * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't
367 * seem worth the code bloat.. It is left up to the caller to remember
368 * what type of collection he/she is dealing with.
369 *
370 * nssPKIObjectCollection_Destroy
371 * nssPKIObjectCollection_Count
372 * nssPKIObjectCollection_AddObject
373 * nssPKIObjectCollection_AddInstances
374 * nssPKIObjectCollection_Traverse
375 *
376 * Back to type-specific methods.
377 *
378 * nssPKIObjectCollection_GetCertificates
379 * nssPKIObjectCollection_GetCRLs
380 * nssPKIObjectCollection_GetPrivateKeys
381 * nssPKIObjectCollection_GetPublicKeys
382 */
383
384 /* nssCertificateCollection_Create
385 *
386 * Create a collection of certificates in the specified trust domain.
387 * Optionally provide a starting set of certs.
388 */
389 NSS_EXTERN nssPKIObjectCollection *
390 nssCertificateCollection_Create
391 (
392 NSSTrustDomain *td,
393 NSSCertificate **certsOpt
394 );
395
396 /* nssCRLCollection_Create
397 *
398 * Create a collection of CRLs/KRLs in the specified trust domain.
399 * Optionally provide a starting set of CRLs.
400 */
401 NSS_EXTERN nssPKIObjectCollection *
402 nssCRLCollection_Create
403 (
404 NSSTrustDomain *td,
405 NSSCRL **crlsOpt
406 );
407
408 /* nssPrivateKeyCollection_Create
409 *
410 * Create a collection of private keys in the specified trust domain.
411 * Optionally provide a starting set of keys.
412 */
413 NSS_EXTERN nssPKIObjectCollection *
414 nssPrivateKeyCollection_Create
415 (
416 NSSTrustDomain *td,
417 NSSPrivateKey **pvkOpt
418 );
419
420 /* nssPublicKeyCollection_Create
421 *
422 * Create a collection of public keys in the specified trust domain.
423 * Optionally provide a starting set of keys.
424 */
425 NSS_EXTERN nssPKIObjectCollection *
426 nssPublicKeyCollection_Create
427 (
428 NSSTrustDomain *td,
429 NSSPublicKey **pvkOpt
430 );
431
432 /* nssPKIObjectCollection_Destroy
433 */
434 NSS_EXTERN void
435 nssPKIObjectCollection_Destroy
436 (
437 nssPKIObjectCollection *collection
438 );
439
440 /* nssPKIObjectCollection_Count
441 */
442 NSS_EXTERN PRUint32
443 nssPKIObjectCollection_Count
444 (
445 nssPKIObjectCollection *collection
446 );
447
448 NSS_EXTERN PRStatus
449 nssPKIObjectCollection_AddObject
450 (
451 nssPKIObjectCollection *collection,
452 nssPKIObject *object
453 );
454
455 /* nssPKIObjectCollection_AddInstances
456 *
457 * Add a set of object instances to the collection. The instances
458 * will be sorted into any existing certs/proto-certs that may be in
459 * the collection. The instances will be absorbed by the collection,
460 * the array should not be used after this call (except to free it).
461 *
462 * Failure means the collection is in an invalid state.
463 *
464 * numInstances = 0 means the array is NULL-terminated
465 */
466 NSS_EXTERN PRStatus
467 nssPKIObjectCollection_AddInstances
468 (
469 nssPKIObjectCollection *collection,
470 nssCryptokiObject **instances,
471 PRUint32 numInstances
472 );
473
474 /* nssPKIObjectCollection_Traverse
475 */
476 NSS_EXTERN PRStatus
477 nssPKIObjectCollection_Traverse
478 (
479 nssPKIObjectCollection *collection,
480 nssPKIObjectCallback *callback
481 );
482
483 /* This function is being added for NSS 3.5. It corresponds to the function
484 * nssToken_TraverseCertificates. The idea is to use the collection during
485 * a traversal, creating certs each time a new instance is added for which
486 * a cert does not already exist.
487 */
488 NSS_EXTERN PRStatus
489 nssPKIObjectCollection_AddInstanceAsObject
490 (
491 nssPKIObjectCollection *collection,
492 nssCryptokiObject *instance
493 );
494
495 /* nssPKIObjectCollection_GetCertificates
496 *
497 * Get all of the certificates in the collection.
498 */
499 NSS_EXTERN NSSCertificate **
500 nssPKIObjectCollection_GetCertificates
501 (
502 nssPKIObjectCollection *collection,
503 NSSCertificate **rvOpt,
504 PRUint32 maximumOpt,
505 NSSArena *arenaOpt
506 );
507
508 NSS_EXTERN NSSCRL **
509 nssPKIObjectCollection_GetCRLs
510 (
511 nssPKIObjectCollection *collection,
512 NSSCRL **rvOpt,
513 PRUint32 maximumOpt,
514 NSSArena *arenaOpt
515 );
516
517 NSS_EXTERN NSSPrivateKey **
518 nssPKIObjectCollection_GetPrivateKeys
519 (
520 nssPKIObjectCollection *collection,
521 NSSPrivateKey **rvOpt,
522 PRUint32 maximumOpt,
523 NSSArena *arenaOpt
524 );
525
526 NSS_EXTERN NSSPublicKey **
527 nssPKIObjectCollection_GetPublicKeys
528 (
529 nssPKIObjectCollection *collection,
530 NSSPublicKey **rvOpt,
531 PRUint32 maximumOpt,
532 NSSArena *arenaOpt
533 );
534
535 NSS_EXTERN NSSTime *
536 NSSTime_Now
537 (
538 NSSTime *timeOpt
539 );
540
541 NSS_EXTERN NSSTime *
542 NSSTime_SetPRTime
543 (
544 NSSTime *timeOpt,
545 PRTime prTime
546 );
547
548 NSS_EXTERN PRTime
549 NSSTime_GetPRTime
550 (
551 NSSTime *time
552 );
553
554 NSS_EXTERN nssHash *
555 nssHash_CreateCertificate
556 (
557 NSSArena *arenaOpt,
558 PRUint32 numBuckets
559 );
560
561 /* 3.4 Certificate cache routines */
562
563 NSS_EXTERN PRStatus
564 nssTrustDomain_InitializeCache
565 (
566 NSSTrustDomain *td,
567 PRUint32 cacheSize
568 );
569
570 NSS_EXTERN PRStatus
571 nssTrustDomain_AddCertsToCache
572 (
573 NSSTrustDomain *td,
574 NSSCertificate **certs,
575 PRUint32 numCerts
576 );
577
578 NSS_EXTERN void
579 nssTrustDomain_RemoveCertFromCacheLOCKED (
580 NSSTrustDomain *td,
581 NSSCertificate *cert
582 );
583
584 NSS_EXTERN void
585 nssTrustDomain_LockCertCache (
586 NSSTrustDomain *td
587 );
588
589 NSS_EXTERN void
590 nssTrustDomain_UnlockCertCache (
591 NSSTrustDomain *td
592 );
593
594 NSS_IMPLEMENT PRStatus
595 nssTrustDomain_DestroyCache
596 (
597 NSSTrustDomain *td
598 );
599
600 /*
601 * Remove all certs for the given token from the cache. This is
602 * needed if the token is removed.
603 */
604 NSS_EXTERN PRStatus
605 nssTrustDomain_RemoveTokenCertsFromCache
606 (
607 NSSTrustDomain *td,
608 NSSToken *token
609 );
610
611 NSS_EXTERN PRStatus
612 nssTrustDomain_UpdateCachedTokenCerts
613 (
614 NSSTrustDomain *td,
615 NSSToken *token
616 );
617
618 /*
619 * Find all cached certs with this nickname (label).
620 */
621 NSS_EXTERN NSSCertificate **
622 nssTrustDomain_GetCertsForNicknameFromCache
623 (
624 NSSTrustDomain *td,
625 const NSSUTF8 *nickname,
626 nssList *certListOpt
627 );
628
629 /*
630 * Find all cached certs with this email address.
631 */
632 NSS_EXTERN NSSCertificate **
633 nssTrustDomain_GetCertsForEmailAddressFromCache
634 (
635 NSSTrustDomain *td,
636 NSSASCII7 *email,
637 nssList *certListOpt
638 );
639
640 /*
641 * Find all cached certs with this subject.
642 */
643 NSS_EXTERN NSSCertificate **
644 nssTrustDomain_GetCertsForSubjectFromCache
645 (
646 NSSTrustDomain *td,
647 NSSDER *subject,
648 nssList *certListOpt
649 );
650
651 /*
652 * Look for a specific cert in the cache.
653 */
654 NSS_EXTERN NSSCertificate *
655 nssTrustDomain_GetCertForIssuerAndSNFromCache
656 (
657 NSSTrustDomain *td,
658 NSSDER *issuer,
659 NSSDER *serialNum
660 );
661
662 /*
663 * Look for a specific cert in the cache.
664 */
665 NSS_EXTERN NSSCertificate *
666 nssTrustDomain_GetCertByDERFromCache
667 (
668 NSSTrustDomain *td,
669 NSSDER *der
670 );
671
672 /* Get all certs from the cache */
673 /* XXX this is being included to make some old-style calls word, not to
674 * say we should keep it
675 */
676 NSS_EXTERN NSSCertificate **
677 nssTrustDomain_GetCertsFromCache
678 (
679 NSSTrustDomain *td,
680 nssList *certListOpt
681 );
682
683 NSS_EXTERN void
684 nssTrustDomain_DumpCacheInfo
685 (
686 NSSTrustDomain *td,
687 void (* cert_dump_iter)(const void *, void *, void *),
688 void *arg
689 );
690
691 NSS_EXTERN void
692 nssCertificateList_AddReferences
693 (
694 nssList *certList
695 );
696
697 PR_END_EXTERN_C
698
699 #endif /* PKIM_H */
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/pki/pkibase.c ('k') | mozilla/security/nss/lib/pki/pkistore.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698