| Index: mozilla/security/nss/lib/libpkix/include/pkix_sample_modules.h
|
| ===================================================================
|
| --- mozilla/security/nss/lib/libpkix/include/pkix_sample_modules.h (revision 191424)
|
| +++ mozilla/security/nss/lib/libpkix/include/pkix_sample_modules.h (working copy)
|
| @@ -1,418 +0,0 @@
|
| -/* This Source Code Form is subject to the terms of the Mozilla Public
|
| - * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
| -/*
|
| - * This file defines functions associated with CertStore types.
|
| - *
|
| - */
|
| -
|
| -
|
| -#ifndef _PKIX_SAMPLEMODULES_H
|
| -#define _PKIX_SAMPLEMODULES_H
|
| -
|
| -#include "pkix_pl_common.h"
|
| -
|
| -#ifdef __cplusplus
|
| -extern "C" {
|
| -#endif
|
| -
|
| -/* General
|
| - *
|
| - * Please refer to the libpkix Programmer's Guide for detailed information
|
| - * about how to use the libpkix library. Certain key warnings and notices from
|
| - * that document are repeated here for emphasis.
|
| - *
|
| - * All identifiers in this file (and all public identifiers defined in
|
| - * libpkix) begin with "PKIX_". Private identifiers only intended for use
|
| - * within the library begin with "pkix_".
|
| - *
|
| - * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
|
| - *
|
| - * Unless otherwise noted, for all accessor (gettor) functions that return a
|
| - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
|
| - * shared object. Therefore, the caller should treat this shared object as
|
| - * read-only and should not modify this shared object. When done using the
|
| - * shared object, the caller should release the reference to the object by
|
| - * using the PKIX_PL_Object_DecRef function.
|
| - *
|
| - * While a function is executing, if its arguments (or anything referred to by
|
| - * its arguments) are modified, free'd, or destroyed, the function's behavior
|
| - * is undefined.
|
| - *
|
| - */
|
| -
|
| -/* PKIX_PL_CollectionCertStore
|
| - *
|
| - * A PKIX_CollectionCertStore provides an example for showing how to retrieve
|
| - * certificates and CRLs from a repository, such as a directory in the system.
|
| - * It is expected the directory is an absolute directory which contains CRL
|
| - * and Cert data files. CRL files are expected to have the suffix of .crl
|
| - * and Cert files are expected to have the suffix of .crt .
|
| - *
|
| - * Once the caller has created the CollectionCertStoreContext object, the caller
|
| - * then can call pkix_pl_CollectionCertStore_GetCert or
|
| - * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or
|
| - * PKIX_PL_CRL objects, respectively.
|
| - */
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_CollectionCertStore_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a new CollectionCertStore and returns it at
|
| - * "pColCertStore".
|
| - *
|
| - * PARAMETERS:
|
| - * "storeDir"
|
| - * The absolute path where *.crl files are located.
|
| - * "pColCertStoreContext"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CollectionCertStoreContext Error if the function fails in
|
| - * a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_CollectionCertStore_Create(
|
| - PKIX_PL_String *storeDir,
|
| - PKIX_CertStore **pCertStore,
|
| - void *plContext);
|
| -
|
| -/* PKIX_PL_PK11CertStore
|
| - *
|
| - * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11
|
| - * database. The directory that contains the cert8.db, key3.db, and secmod.db
|
| - * files that comprise a PKCS11 database are specified in NSS initialization.
|
| - *
|
| - * Once the caller has created the Pk11CertStore object, the caller can call
|
| - * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain
|
| - * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
|
| - */
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_Pk11CertStore_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a new Pk11CertStore and returns it at "pPk11CertStore".
|
| - *
|
| - * PARAMETERS:
|
| - * "pPk11CertStore"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CertStore Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_Pk11CertStore_Create(
|
| - PKIX_CertStore **pPk11CertStore,
|
| - void *plContext);
|
| -
|
| -/* PKIX_PL_LdapCertStore
|
| - *
|
| - * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
|
| - * over a socket connection. It used the LDAP protocol as described in RFC1777.
|
| - *
|
| - * Once the caller has created the LdapCertStore object, the caller can call
|
| - * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain
|
| - * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
|
| - */
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_LdapDefaultClient_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr",
|
| - * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
|
| - * and stores the address of the default LdapClient at "pClient".
|
| - *
|
| - * At the time of this version, there are unresolved questions about the LDAP
|
| - * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
|
| - * clear whether they are appropriate to this application. We have tested only
|
| - * using servers that do not expect authentication, and that reject BIND
|
| - * messages. It is not clear what values might be appropriate for the bindname
|
| - * and authentication fields, which are currently implemented as char strings
|
| - * supplied by the caller. (If this changes, the API and possibly the templates
|
| - * will have to change.) Therefore the Client_Create API contains a BindAPI
|
| - * structure, a union, which will have to be revised and extended when this
|
| - * area of the protocol is better understood.
|
| - *
|
| - * PARAMETERS:
|
| - * "sockaddr"
|
| - * Address of the PRNetAddr to be used for the socket connection. Must be
|
| - * non-NULL.
|
| - * "timeout"
|
| - * The PRIntervalTime value to be used as a timeout value in socket calls;
|
| - * a zero value indicates non-blocking I/O is to be used.
|
| - * "bindAPI"
|
| - * The address of a BindAPI to be used if a BIND message is required. If
|
| - * this argument is NULL, no Bind (or Unbind) will be sent.
|
| - * "pClient"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CertStore Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_LdapDefaultClient_Create(
|
| - PRNetAddr *sockaddr,
|
| - PRIntervalTime timeout,
|
| - LDAPBindAPI *bindAPI,
|
| - PKIX_PL_LdapDefaultClient **pClient,
|
| - void *plContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates an LdapDefaultClient using the hostname poined to by "hostname",
|
| - * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
|
| - * and stores the address of the default LdapClient at "pClient".
|
| - *
|
| - * At the time of this version, there are unresolved questions about the LDAP
|
| - * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
|
| - * clear whether they are appropriate to this application. We have tested only
|
| - * using servers that do not expect authentication, and that reject BIND
|
| - * messages. It is not clear what values might be appropriate for the bindname
|
| - * and authentication fields, which are currently implemented as char strings
|
| - * supplied by the caller. (If this changes, the API and possibly the templates
|
| - * will have to change.) Therefore the Client_Create API contains a BindAPI
|
| - * structure, a union, which will have to be revised and extended when this
|
| - * area of the protocol is better understood.
|
| - *
|
| - * PARAMETERS:
|
| - * "hostname"
|
| - * Address of the hostname to be used for the socket connection. Must be
|
| - * non-NULL.
|
| - * "timeout"
|
| - * The PRIntervalTime value to be used as a timeout value in socket calls;
|
| - * a zero value indicates non-blocking I/O is to be used.
|
| - * "bindAPI"
|
| - * The address of a BindAPI to be used if a BIND message is required. If
|
| - * this argument is NULL, no Bind (or Unbind) will be sent.
|
| - * "pClient"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CertStore Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_LdapDefaultClient_CreateByName(
|
| - char *hostname,
|
| - PRIntervalTime timeout,
|
| - LDAPBindAPI *bindAPI,
|
| - PKIX_PL_LdapDefaultClient **pClient,
|
| - void *plContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_LdapCertStore_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a new LdapCertStore using the LdapClient pointed to by "client",
|
| - * and stores the address of the CertStore at "pCertStore".
|
| - *
|
| - * PARAMETERS:
|
| - * "client"
|
| - * Address of the LdapClient to be used. Must be non-NULL.
|
| - * "pCertStore"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CertStore Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_LdapCertStore_Create(
|
| - PKIX_PL_LdapClient *client,
|
| - PKIX_CertStore **pCertStore,
|
| - void *plContext);
|
| -
|
| -/* PKIX_PL_NssContext
|
| - *
|
| - * A PKIX_PL_NssContext provides an example showing how the "plContext"
|
| - * argument, that is part of every libpkix function call, can be used.
|
| - * The "plContext" is the Portability Layer Context, which can be used
|
| - * to communicate layer-specific information from the application to the
|
| - * underlying Portability Layer (while bypassing the Portable Code, which
|
| - * blindly passes the plContext on to every function call).
|
| - *
|
| - * In this case, NSS serves as both the application and the Portability Layer.
|
| - * We define an NSS-specific structure, which includes an arena and a number
|
| - * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument,
|
| - * wincx, is used on Windows platforms for PKCS11 access, and should be set to
|
| - * NULL for other platforms.
|
| - * Before calling any of the libpkix functions, the caller should create the NSS
|
| - * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context
|
| - * as the "plContext" argument in every libpkix function call the caller makes.
|
| - * When the caller is finished using the NSS context (usually just after he
|
| - * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to
|
| - * free the NSS context structure.
|
| - */
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_NssContext_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a new NssContext using the certificate usage(s) specified by
|
| - * "certUsage" and stores it at "pNssContext". This function also internally
|
| - * creates an arena and stores it as part of the NssContext structure. Unlike
|
| - * most other libpkix API functions, this function does not take a "plContext"
|
| - * parameter.
|
| - *
|
| - * PARAMETERS:
|
| - * "certUsage"
|
| - * The desired SECCertificateUsage(s).
|
| - * "useNssArena"
|
| - * Boolean flag indicates NSS Arena is used for memory allocation.
|
| - * "wincx"
|
| - * A Windows-dependent pointer for PKCS11 token handling.
|
| - * "pNssContext"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a Context Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_NssContext_Create(
|
| - PKIX_UInt32 certificateUsage,
|
| - PKIX_Boolean useNssArena,
|
| - void *wincx,
|
| - void **pNssContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_NssContext_Destroy
|
| - * DESCRIPTION:
|
| - *
|
| - * Frees the structure pointed to by "nssContext" along with any of its
|
| - * associated memory. Unlike most other libpkix API functions, this function
|
| - * does not take a "plContext" parameter.
|
| - *
|
| - * PARAMETERS:
|
| - * "nssContext"
|
| - * Address of NssContext to be destroyed. Must be non-NULL.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a Context Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_NssContext_Destroy(
|
| - void *nssContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_NssContext_SetTimeout
|
| - * DESCRIPTION:
|
| - *
|
| - * Sets IO timeout for network operations like OCSP response and cert
|
| - * fetching.
|
| - *
|
| - * PARAMETERS:
|
| - * "nssContext"
|
| - * Address of NssContext to be destroyed. Must be non-NULL.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a Context Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
|
| - * DESCRIPTION:
|
| - *
|
| - * Sets maximum responce length allowed during network IO operations.
|
| - *
|
| - * PARAMETERS:
|
| - * "nssContext"
|
| - * Address of NssContext to be destroyed. Must be non-NULL.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a Context Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
|
| - * DESCRIPTION:
|
| - *
|
| - * Sets user defined timeout between attempts to load crl using
|
| - * CRLDP.
|
| - *
|
| - * PARAMETERS:
|
| - * "delaySeconds"
|
| - * Reload delay in seconds.
|
| - * "nssContext"
|
| - * Address of NssContext to be destroyed. Must be non-NULL.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a Context Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds,
|
| - PKIX_PL_NssContext *nssContext);
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
|
| - * DESCRIPTION:
|
| - *
|
| - * Sets user defined timeout between attempts to load crls
|
| - * that failed to decode.
|
| - *
|
| - * PARAMETERS:
|
| - * "delaySeconds"
|
| - * Reload delay in seconds.
|
| - * "nssContext"
|
| - * Address of NssContext to be destroyed. Must be non-NULL.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a Context Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds,
|
| - PKIX_PL_NssContext *nssContext);
|
| -#ifdef __cplusplus
|
| -}
|
| -#endif
|
| -
|
| -#endif /* _PKIX_SAMPLEMODULES_H */
|
|
|
Chromium Code Reviews
Issue 14249009:
Change the NSS and NSPR source tree to the new directory structure to be (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/