| Index: nss/lib/certdb/cert.h
|
| diff --git a/nss/lib/certdb/cert.h b/nss/lib/certdb/cert.h
|
| index 4564dc2ddecbf3e5219806c298eb911b10da64dc..e0af65ab06d42a26bee4186dbfec6786c721151a 100644
|
| --- a/nss/lib/certdb/cert.h
|
| +++ b/nss/lib/certdb/cert.h
|
| @@ -22,7 +22,7 @@
|
| #include "certt.h"
|
|
|
| SEC_BEGIN_PROTOS
|
| -
|
| +
|
| /****************************************************************************
|
| *
|
| * RFC1485 ascii to/from X.? RelativeDistinguishedName (aka CERTName)
|
| @@ -47,14 +47,14 @@ extern char *CERT_NameToAscii(CERTName *name);
|
| ** Returns a string that must be freed with PORT_Free().
|
| ** Caller chooses encoding rules.
|
| */
|
| -extern char *CERT_NameToAsciiInvertible(CERTName *name,
|
| +extern char *CERT_NameToAsciiInvertible(CERTName *name,
|
| CertStrictnessLevel strict);
|
|
|
| extern CERTAVA *CERT_CopyAVA(PLArenaPool *arena, CERTAVA *src);
|
|
|
| /* convert an OID to dotted-decimal representation */
|
| /* Returns a string that must be freed with PR_smprintf_free(). */
|
| -extern char * CERT_GetOidString(const SECItem *oid);
|
| +extern char *CERT_GetOidString(const SECItem *oid);
|
|
|
| /*
|
| ** Examine an AVA and return the tag that refers to it. The AVA tags are
|
| @@ -126,24 +126,24 @@ extern SECComparison CERT_CompareName(const CERTName *a, const CERTName *b);
|
| /*
|
| ** Convert a CERTName into something readable
|
| */
|
| -extern char *CERT_FormatName (CERTName *name);
|
| +extern char *CERT_FormatName(CERTName *name);
|
|
|
| /*
|
| ** Convert a der-encoded integer to a hex printable string form.
|
| ** Perhaps this should be a SEC function but it's only used for certs.
|
| */
|
| -extern char *CERT_Hexify (SECItem *i, int do_colon);
|
| +extern char *CERT_Hexify(SECItem *i, int do_colon);
|
|
|
| /*
|
| -** Converts DER string (with explicit length) into zString, if destination
|
| -** buffer is big enough to receive it. Does quoting and/or escaping as
|
| +** Converts DER string (with explicit length) into zString, if destination
|
| +** buffer is big enough to receive it. Does quoting and/or escaping as
|
| ** specified in RFC 1485. Input string must be single or multi-byte DER
|
| ** character set, (ASCII, UTF8, or ISO 8851-x) not a wide character set.
|
| ** Returns SECSuccess or SECFailure with error code set. If output buffer
|
| ** is too small, sets error code SEC_ERROR_OUTPUT_LEN.
|
| */
|
| -extern SECStatus
|
| -CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src, int srclen);
|
| +extern SECStatus CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src,
|
| + int srclen);
|
|
|
| /******************************************************************************
|
| *
|
| @@ -171,14 +171,14 @@ extern void CERT_DestroyValidity(CERTValidity *v);
|
| ** before memory is allocated (use CERT_DestroyValidity(v, PR_FALSE) to do
|
| ** that).
|
| */
|
| -extern SECStatus CERT_CopyValidity
|
| - (PLArenaPool *arena, CERTValidity *dest, CERTValidity *src);
|
| +extern SECStatus CERT_CopyValidity(PLArenaPool *arena, CERTValidity *dest,
|
| + CERTValidity *src);
|
|
|
| /*
|
| ** The cert lib considers a cert or CRL valid if the "notBefore" time is
|
| -** in the not-too-distant future, e.g. within the next 24 hours. This
|
| +** in the not-too-distant future, e.g. within the next 24 hours. This
|
| ** prevents freshly issued certificates from being considered invalid
|
| -** because the local system's time zone is incorrectly set.
|
| +** because the local system's time zone is incorrectly set.
|
| ** The amount of "pending slop time" is adjustable by the application.
|
| ** Units of SlopTime are seconds. Default is 86400 (24 hours).
|
| ** Negative SlopTime values are not allowed.
|
| @@ -195,9 +195,10 @@ SECStatus CERT_SetSlopTime(PRInt32 slop);
|
| ** "validity" the validity period of the certificate
|
| ** "req" the certificate request that prompted the certificate issuance
|
| */
|
| -extern CERTCertificate *
|
| -CERT_CreateCertificate (unsigned long serialNumber, CERTName *issuer,
|
| - CERTValidity *validity, CERTCertificateRequest *req);
|
| +extern CERTCertificate *CERT_CreateCertificate(unsigned long serialNumber,
|
| + CERTName *issuer,
|
| + CERTValidity *validity,
|
| + CERTCertificateRequest *req);
|
|
|
| /*
|
| ** Destroy a certificate object
|
| @@ -221,9 +222,8 @@ extern CERTCertificate *CERT_DupCertificate(CERTCertificate *c);
|
| ** "spki" describes/defines the public key the certificate is for
|
| ** "attributes" if non-zero, some optional attribute data
|
| */
|
| -extern CERTCertificateRequest *
|
| -CERT_CreateCertificateRequest (CERTName *name, CERTSubjectPublicKeyInfo *spki,
|
| - SECItem **attributes);
|
| +extern CERTCertificateRequest *CERT_CreateCertificateRequest(
|
| + CERTName *name, CERTSubjectPublicKeyInfo *spki, SECItem **attributes);
|
|
|
| /*
|
| ** Destroy a certificate-request object
|
| @@ -235,22 +235,19 @@ extern void CERT_DestroyCertificateRequest(CERTCertificateRequest *r);
|
| /*
|
| ** Start adding extensions to a certificate request.
|
| */
|
| -void *
|
| -CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req);
|
| +void *CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req);
|
|
|
| /*
|
| ** Reformat the certificate extension list into a CertificateRequest
|
| ** attribute list.
|
| */
|
| -SECStatus
|
| -CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req);
|
| +SECStatus CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req);
|
|
|
| /*
|
| ** Extract the Extension Requests from a DER CertRequest attribute list.
|
| */
|
| -SECStatus
|
| -CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
|
| - CERTCertExtension ***exts);
|
| +SECStatus CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
|
| + CERTCertExtension ***exts);
|
|
|
| /*
|
| ** Extract a public key object from a certificate
|
| @@ -261,7 +258,7 @@ extern SECKEYPublicKey *CERT_ExtractPublicKey(CERTCertificate *cert);
|
| ** Retrieve the Key Type associated with the cert we're dealing with
|
| */
|
|
|
| -extern KeyType CERT_GetCertKeyType (const CERTSubjectPublicKeyInfo *spki);
|
| +extern KeyType CERT_GetCertKeyType(const CERTSubjectPublicKeyInfo *spki);
|
|
|
| /*
|
| ** Initialize the certificate database. This is called to create
|
| @@ -278,13 +275,12 @@ extern void CERT_SetDefaultCertDB(CERTCertDBHandle *handle);
|
|
|
| extern CERTCertDBHandle *CERT_GetDefaultCertDB(void);
|
|
|
| -extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
|
| - PRTime time,
|
| - SECCertUsage usage);
|
| -extern CERTCertificate *
|
| -CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
|
| - char *nickname, PRBool isperm, PRBool copyDER);
|
| -
|
| +extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
|
| + PRTime time, SECCertUsage usage);
|
| +extern CERTCertificate *CERT_NewTempCertificate(CERTCertDBHandle *handle,
|
| + SECItem *derCert,
|
| + char *nickname, PRBool isperm,
|
| + PRBool copyDER);
|
|
|
| /******************************************************************************
|
| *
|
| @@ -300,8 +296,8 @@ CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
|
| ** DER_T61_STRING
|
| ** "value" is the null terminated string containing the value
|
| */
|
| -extern CERTAVA *CERT_CreateAVA
|
| - (PLArenaPool *arena, SECOidTag kind, int valueType, char *value);
|
| +extern CERTAVA *CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind,
|
| + int valueType, char *value);
|
|
|
| /*
|
| ** Extract the Distinguished Name from a DER encoded certificate
|
| @@ -315,18 +311,14 @@ extern SECStatus CERT_NameFromDERCert(SECItem *derCert, SECItem *derName);
|
| ** "derCert" is the DER encoded certificate
|
| ** "derName" is the SECItem that the name is returned in
|
| */
|
| -extern SECStatus CERT_IssuerNameFromDERCert(SECItem *derCert,
|
| - SECItem *derName);
|
| -
|
| -extern SECItem *
|
| -CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
|
| - PLArenaPool *arena);
|
| -
|
| -extern CERTGeneralName *
|
| -CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName,
|
| - CERTGeneralName *genName);
|
| +extern SECStatus CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName);
|
|
|
| +extern SECItem *CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
|
| + PLArenaPool *arena);
|
|
|
| +extern CERTGeneralName *CERT_DecodeGeneralName(PLArenaPool *reqArena,
|
| + SECItem *encodedName,
|
| + CERTGeneralName *genName);
|
|
|
| /*
|
| ** Generate a database search key for a certificate, based on the
|
| @@ -339,11 +331,10 @@ extern SECStatus CERT_KeyFromDERCert(PLArenaPool *reqArena, SECItem *derCert,
|
| SECItem *key);
|
|
|
| extern SECStatus CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer,
|
| - SECItem *sn, SECItem *key);
|
| -
|
| -extern SECStatus CERT_SerialNumberFromDERCert(SECItem *derCert,
|
| - SECItem *derName);
|
| + SECItem *sn, SECItem *key);
|
|
|
| +extern SECStatus CERT_SerialNumberFromDERCert(SECItem *derCert,
|
| + SECItem *derName);
|
|
|
| /*
|
| ** Generate a database search key for a crl, based on the
|
| @@ -352,17 +343,18 @@ extern SECStatus CERT_SerialNumberFromDERCert(SECItem *derCert,
|
| ** "derCrl" the DER encoded crl
|
| ** "key" the returned key
|
| */
|
| -extern SECStatus CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl, SECItem *key);
|
| +extern SECStatus CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl,
|
| + SECItem *key);
|
|
|
| /*
|
| ** Open the certificate database. Use callback to get name of database.
|
| */
|
| extern SECStatus CERT_OpenCertDB(CERTCertDBHandle *handle, PRBool readOnly,
|
| - CERTDBNameFunc namecb, void *cbarg);
|
| + CERTDBNameFunc namecb, void *cbarg);
|
|
|
| /* Open the certificate database. Use given filename for database. */
|
| extern SECStatus CERT_OpenCertDBFilename(CERTCertDBHandle *handle,
|
| - char *certdbname, PRBool readOnly);
|
| + char *certdbname, PRBool readOnly);
|
|
|
| /*
|
| ** Open and initialize a cert database that is entirely in memory. This
|
| @@ -374,11 +366,11 @@ extern SECStatus CERT_OpenVolatileCertDB(CERTCertDBHandle *handle);
|
| ** Extract the list of host names, host name patters, IP address strings
|
| ** this cert is valid for.
|
| ** This function does NOT return nicknames.
|
| -** Type CERTCertNicknames is being used because it's a convenient
|
| +** Type CERTCertNicknames is being used because it's a convenient
|
| ** data structure to carry a list of strings and its count.
|
| */
|
| -extern CERTCertNicknames *
|
| - CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert);
|
| +extern CERTCertNicknames *CERT_GetValidDNSPatternsFromCert(
|
| + CERTCertificate *cert);
|
|
|
| /*
|
| ** Check the hostname to make sure that it matches the shexp that
|
| @@ -391,7 +383,8 @@ extern SECStatus CERT_VerifyCertName(const CERTCertificate *cert,
|
| ** Add a domain name to the list of names that the user has explicitly
|
| ** allowed (despite cert name mismatches) for use with a server cert.
|
| */
|
| -extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert, const char *hostname);
|
| +extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert,
|
| + const char *hostname);
|
|
|
| /*
|
| ** Decode a DER encoded certificate into an CERTCertificate structure
|
| @@ -401,30 +394,31 @@ extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert, const char *hostnam
|
| ** "nickname" is the nickname to use in the database. If it is NULL
|
| ** then a temporary nickname is generated.
|
| */
|
| -extern CERTCertificate *
|
| -CERT_DecodeDERCertificate (SECItem *derSignedCert, PRBool copyDER, char *nickname);
|
| +extern CERTCertificate *CERT_DecodeDERCertificate(SECItem *derSignedCert,
|
| + PRBool copyDER,
|
| + char *nickname);
|
| /*
|
| ** Decode a DER encoded CRL into a CERTSignedCrl structure
|
| ** "derSignedCrl" is the DER encoded signed CRL.
|
| ** "type" must be SEC_CRL_TYPE.
|
| */
|
| -#define SEC_CRL_TYPE 1
|
| -#define SEC_KRL_TYPE 0 /* deprecated */
|
| +#define SEC_CRL_TYPE 1
|
| +#define SEC_KRL_TYPE 0 /* deprecated */
|
|
|
| -extern CERTSignedCrl *
|
| -CERT_DecodeDERCrl (PLArenaPool *arena, SECItem *derSignedCrl,int type);
|
| +extern CERTSignedCrl *CERT_DecodeDERCrl(PLArenaPool *arena,
|
| + SECItem *derSignedCrl, int type);
|
|
|
| /*
|
| * same as CERT_DecodeDERCrl, plus allow options to be passed in
|
| */
|
|
|
| -extern CERTSignedCrl *
|
| -CERT_DecodeDERCrlWithFlags(PLArenaPool *narena, SECItem *derSignedCrl,
|
| - int type, PRInt32 options);
|
| +extern CERTSignedCrl *CERT_DecodeDERCrlWithFlags(PLArenaPool *narena,
|
| + SECItem *derSignedCrl,
|
| + int type, PRInt32 options);
|
|
|
| /* CRL options to pass */
|
|
|
| -#define CRL_DECODE_DEFAULT_OPTIONS 0x00000000
|
| +#define CRL_DECODE_DEFAULT_OPTIONS 0x00000000
|
|
|
| /* when CRL_DECODE_DONT_COPY_DER is set, the DER is not copied . The
|
| application must then keep derSignedCrl until it destroys the
|
| @@ -432,33 +426,32 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool *narena, SECItem *derSignedCrl,
|
| and pass that arena in as the first argument to
|
| CERT_DecodeDERCrlWithFlags */
|
|
|
| -#define CRL_DECODE_DONT_COPY_DER 0x00000001
|
| -#define CRL_DECODE_SKIP_ENTRIES 0x00000002
|
| -#define CRL_DECODE_KEEP_BAD_CRL 0x00000004
|
| -#define CRL_DECODE_ADOPT_HEAP_DER 0x00000008
|
| +#define CRL_DECODE_DONT_COPY_DER 0x00000001
|
| +#define CRL_DECODE_SKIP_ENTRIES 0x00000002
|
| +#define CRL_DECODE_KEEP_BAD_CRL 0x00000004
|
| +#define CRL_DECODE_ADOPT_HEAP_DER 0x00000008
|
|
|
| /* complete the decoding of a partially decoded CRL, ie. decode the
|
| entries. Note that entries is an optional field in a CRL, so the
|
| "entries" pointer in CERTCrlStr may still be NULL even after
|
| function returns SECSuccess */
|
|
|
| -extern SECStatus CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl);
|
| +extern SECStatus CERT_CompleteCRLDecodeEntries(CERTSignedCrl *crl);
|
|
|
| /* Validate CRL then import it to the dbase. If there is already a CRL with the
|
| - * same CA in the dbase, it will be replaced if derCRL is more up to date.
|
| - * If the process successes, a CRL will be returned. Otherwise, a NULL will
|
| - * be returned. The caller should call PORT_GetError() for the exactly error
|
| + * same CA in the dbase, it will be replaced if derCRL is more up to date.
|
| + * If the process successes, a CRL will be returned. Otherwise, a NULL will
|
| + * be returned. The caller should call PORT_GetError() for the exactly error
|
| * code.
|
| */
|
| -extern CERTSignedCrl *
|
| -CERT_ImportCRL (CERTCertDBHandle *handle, SECItem *derCRL, char *url,
|
| - int type, void * wincx);
|
| +extern CERTSignedCrl *CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL,
|
| + char *url, int type, void *wincx);
|
|
|
| -extern void CERT_DestroyCrl (CERTSignedCrl *crl);
|
| +extern void CERT_DestroyCrl(CERTSignedCrl *crl);
|
|
|
| /* this is a hint to flush the CRL cache. crlKey is the DER subject of
|
| the issuer (CA). */
|
| -void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle* dbhandle, SECItem* crlKey);
|
| +void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle *dbhandle, SECItem *crlKey);
|
|
|
| /* add the specified DER CRL object to the CRL cache. Doing so will allow
|
| certificate verification functions (such as CERT_VerifyCertificate)
|
| @@ -468,114 +461,113 @@ void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle* dbhandle, SECItem* crlKey);
|
| application can only free the object after it calls CERT_UncacheCRL to
|
| remove it from the CRL cache.
|
| */
|
| -SECStatus CERT_CacheCRL(CERTCertDBHandle* dbhandle, SECItem* newcrl);
|
| +SECStatus CERT_CacheCRL(CERTCertDBHandle *dbhandle, SECItem *newcrl);
|
|
|
| /* remove a previously added CRL object from the CRL cache. It is OK
|
| for the application to free the memory after a successful removal
|
| */
|
| -SECStatus CERT_UncacheCRL(CERTCertDBHandle* dbhandle, SECItem* oldcrl);
|
| +SECStatus CERT_UncacheCRL(CERTCertDBHandle *dbhandle, SECItem *oldcrl);
|
|
|
| /*
|
| ** Find a certificate in the database
|
| ** "key" is the database key to look for
|
| */
|
| -extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle, SECItem *key);
|
| +extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle,
|
| + SECItem *key);
|
|
|
| /*
|
| ** Find a certificate in the database by name
|
| ** "name" is the distinguished name to look up
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertByName (CERTCertDBHandle *handle, SECItem *name);
|
| +extern CERTCertificate *CERT_FindCertByName(CERTCertDBHandle *handle,
|
| + SECItem *name);
|
|
|
| /*
|
| ** Find a certificate in the database by name
|
| ** "name" is the distinguished name to look up (in ascii)
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertByNameString (CERTCertDBHandle *handle, char *name);
|
| +extern CERTCertificate *CERT_FindCertByNameString(CERTCertDBHandle *handle,
|
| + char *name);
|
|
|
| /*
|
| ** Find a certificate in the database by name and keyid
|
| ** "name" is the distinguished name to look up
|
| ** "keyID" is the value of the subjectKeyID to match
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertByKeyID (CERTCertDBHandle *handle, SECItem *name, SECItem *keyID);
|
| +extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle,
|
| + SECItem *name, SECItem *keyID);
|
|
|
| /*
|
| ** Generate a certificate key from the issuer and serialnumber, then look it
|
| ** up in the database. Return the cert if found.
|
| ** "issuerAndSN" is the issuer and serial number to look for
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
|
| +extern CERTCertificate *CERT_FindCertByIssuerAndSN(
|
| + CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
|
|
|
| /*
|
| ** Find a certificate in the database by a subject key ID
|
| ** "subjKeyID" is the subject Key ID to look for
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertBySubjectKeyID (CERTCertDBHandle *handle, SECItem *subjKeyID);
|
| +extern CERTCertificate *CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle,
|
| + SECItem *subjKeyID);
|
|
|
| /*
|
| ** Encode Certificate SKID (Subject Key ID) extension.
|
| **
|
| */
|
| -extern SECStatus
|
| -CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
|
| - SECItem *encodedValue);
|
| +extern SECStatus CERT_EncodeSubjectKeyID(PLArenaPool *arena,
|
| + const SECItem *srcString,
|
| + SECItem *encodedValue);
|
|
|
| /*
|
| ** Find a certificate in the database by a nickname
|
| ** "nickname" is the ascii string nickname to look for
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertByNickname (CERTCertDBHandle *handle, const char *nickname);
|
| +extern CERTCertificate *CERT_FindCertByNickname(CERTCertDBHandle *handle,
|
| + const char *nickname);
|
|
|
| /*
|
| ** Find a certificate in the database by a DER encoded certificate
|
| ** "derCert" is the DER encoded certificate
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert);
|
| +extern CERTCertificate *CERT_FindCertByDERCert(CERTCertDBHandle *handle,
|
| + SECItem *derCert);
|
|
|
| /*
|
| ** Find a certificate in the database by a email address
|
| ** "emailAddr" is the email address to look up
|
| */
|
| -CERTCertificate *
|
| -CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr);
|
| +CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle,
|
| + char *emailAddr);
|
|
|
| /*
|
| ** Find a certificate in the database by a email address or nickname
|
| ** "name" is the email address or nickname to look up
|
| */
|
| -CERTCertificate *
|
| -CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name);
|
| +CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle,
|
| + const char *name);
|
|
|
| /*
|
| ** Find a certificate in the database by a email address or nickname
|
| ** and require it to have the given usage.
|
| ** "name" is the email address or nickname to look up
|
| */
|
| -CERTCertificate *
|
| -CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
|
| - const char *name,
|
| - SECCertUsage lookingForUsage);
|
| +CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage(
|
| + CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage);
|
|
|
| /*
|
| ** Find a certificate in the database by a digest of a subject public key
|
| ** "spkDigest" is the digest to look up
|
| */
|
| -extern CERTCertificate *
|
| -CERT_FindCertBySPKDigest(CERTCertDBHandle *handle, SECItem *spkDigest);
|
| +extern CERTCertificate *CERT_FindCertBySPKDigest(CERTCertDBHandle *handle,
|
| + SECItem *spkDigest);
|
|
|
| /*
|
| * Find the issuer of a cert
|
| */
|
| -CERTCertificate *
|
| -CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage);
|
| +CERTCertificate *CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime,
|
| + SECCertUsage usage);
|
|
|
| /*
|
| ** Check the validity times of a certificate vs. time 't', allowing
|
| @@ -586,8 +578,8 @@ CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage)
|
| ** been overridden by the user.
|
| */
|
| extern SECCertTimeValidity CERT_CheckCertValidTimes(const CERTCertificate *cert,
|
| - PRTime t,
|
| - PRBool allowOverride);
|
| + PRTime t,
|
| + PRBool allowOverride);
|
|
|
| /*
|
| ** WARNING - this function is deprecated, and will either go away or have
|
| @@ -605,15 +597,14 @@ extern SECStatus CERT_CertTimesValid(CERTCertificate *cert);
|
| ** "notBefore" is the start of the validity period
|
| ** "notAfter" is the end of the validity period
|
| */
|
| -extern SECStatus
|
| -CERT_GetCertTimes (const CERTCertificate *c, PRTime *notBefore,
|
| - PRTime *notAfter);
|
| +extern SECStatus CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore,
|
| + PRTime *notAfter);
|
|
|
| /*
|
| ** Extract the issuer and serial number from a certificate
|
| */
|
| -extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
|
| - CERTCertificate *);
|
| +extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
|
| + CERTCertificate *);
|
|
|
| /*
|
| ** verify the signature of a signed data object with a given certificate
|
| @@ -621,23 +612,20 @@ extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
|
| ** "cert" the certificate to use to check the signature
|
| */
|
| extern SECStatus CERT_VerifySignedData(CERTSignedData *sd,
|
| - CERTCertificate *cert,
|
| - PRTime t,
|
| - void *wincx);
|
| + CERTCertificate *cert, PRTime t,
|
| + void *wincx);
|
| /*
|
| ** verify the signature of a signed data object with the given DER publickey
|
| */
|
| -extern SECStatus
|
| -CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
|
| - CERTSubjectPublicKeyInfo *pubKeyInfo,
|
| - void *wincx);
|
| +extern SECStatus CERT_VerifySignedDataWithPublicKeyInfo(
|
| + CERTSignedData *sd, CERTSubjectPublicKeyInfo *pubKeyInfo, void *wincx);
|
|
|
| /*
|
| ** verify the signature of a signed data object with a SECKEYPublicKey.
|
| */
|
| -extern SECStatus
|
| -CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
|
| - SECKEYPublicKey *pubKey, void *wincx);
|
| +extern SECStatus CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
|
| + SECKEYPublicKey *pubKey,
|
| + void *wincx);
|
|
|
| /*
|
| ** NEW FUNCTIONS with new bit-field-FIELD SECCertificateUsage - please use
|
| @@ -647,27 +635,31 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
|
| ** "cert" the certificate to verify
|
| ** "checkSig" only check signatures if true
|
| */
|
| -extern SECStatus
|
| -CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - PRBool checkSig, SECCertificateUsage requiredUsages,
|
| - PRTime t, void *wincx, CERTVerifyLog *log,
|
| - SECCertificateUsage* returnedUsages);
|
| +extern SECStatus CERT_VerifyCertificate(CERTCertDBHandle *handle,
|
| + CERTCertificate *cert, PRBool checkSig,
|
| + SECCertificateUsage requiredUsages,
|
| + PRTime t, void *wincx,
|
| + CERTVerifyLog *log,
|
| + SECCertificateUsage *returnedUsages);
|
|
|
| /* same as above, but uses current time */
|
| -extern SECStatus
|
| -CERT_VerifyCertificateNow(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - PRBool checkSig, SECCertificateUsage requiredUsages,
|
| - void *wincx, SECCertificateUsage* returnedUsages);
|
| +extern SECStatus CERT_VerifyCertificateNow(CERTCertDBHandle *handle,
|
| + CERTCertificate *cert,
|
| + PRBool checkSig,
|
| + SECCertificateUsage requiredUsages,
|
| + void *wincx,
|
| + SECCertificateUsage *returnedUsages);
|
|
|
| /*
|
| ** Verify that a CA cert can certify some (unspecified) leaf cert for a given
|
| ** purpose. This is used by UI code to help identify where a chain may be
|
| ** broken and why. This takes identical parameters to CERT_VerifyCert
|
| */
|
| -extern SECStatus
|
| -CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - PRBool checkSig, SECCertUsage certUsage, PRTime t,
|
| - void *wincx, CERTVerifyLog *log);
|
| +extern SECStatus CERT_VerifyCACertForUsage(CERTCertDBHandle *handle,
|
| + CERTCertificate *cert,
|
| + PRBool checkSig,
|
| + SECCertUsage certUsage, PRTime t,
|
| + void *wincx, CERTVerifyLog *log);
|
|
|
| /*
|
| ** OLD OBSOLETE FUNCTIONS with enum SECCertUsage - DO NOT USE FOR NEW CODE
|
| @@ -677,20 +669,19 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| ** "cert" the certificate to verify
|
| ** "checkSig" only check signatures if true
|
| */
|
| -extern SECStatus
|
| -CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - PRBool checkSig, SECCertUsage certUsage, PRTime t,
|
| - void *wincx, CERTVerifyLog *log);
|
| +extern SECStatus CERT_VerifyCert(CERTCertDBHandle *handle,
|
| + CERTCertificate *cert, PRBool checkSig,
|
| + SECCertUsage certUsage, PRTime t, void *wincx,
|
| + CERTVerifyLog *log);
|
|
|
| /* same as above, but uses current time */
|
| -extern SECStatus
|
| -CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - PRBool checkSig, SECCertUsage certUsage, void *wincx);
|
| +extern SECStatus CERT_VerifyCertNow(CERTCertDBHandle *handle,
|
| + CERTCertificate *cert, PRBool checkSig,
|
| + SECCertUsage certUsage, void *wincx);
|
|
|
| -SECStatus
|
| -CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - PRBool checkSig, SECCertUsage certUsage, PRTime t,
|
| - void *wincx, CERTVerifyLog *log);
|
| +SECStatus CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
|
| + PRBool checkSig, SECCertUsage certUsage,
|
| + PRTime t, void *wincx, CERTVerifyLog *log);
|
|
|
| /*
|
| ** Read a base64 ascii encoded DER certificate and convert it to our
|
| @@ -709,39 +700,37 @@ extern CERTCertificate *CERT_ConvertAndDecodeCertificate(char *certstr);
|
| */
|
| extern CERTCertificate *CERT_DecodeCertFromPackage(char *certbuf, int certlen);
|
|
|
| -extern SECStatus
|
| -CERT_ImportCAChain (SECItem *certs, int numcerts, SECCertUsage certUsage);
|
| +extern SECStatus CERT_ImportCAChain(SECItem *certs, int numcerts,
|
| + SECCertUsage certUsage);
|
|
|
| -extern SECStatus
|
| -CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage);
|
| +extern SECStatus CERT_ImportCAChainTrusted(SECItem *certs, int numcerts,
|
| + SECCertUsage certUsage);
|
|
|
| /*
|
| -** Read a certificate chain in some foreign format, and pass it to a
|
| +** Read a certificate chain in some foreign format, and pass it to a
|
| ** callback function.
|
| ** "certbuf" is the buffer containing the certificate
|
| ** "certlen" is the length of the buffer
|
| ** "f" is the callback function
|
| ** "arg" is the callback argument
|
| */
|
| -typedef SECStatus (PR_CALLBACK *CERTImportCertificateFunc)
|
| - (void *arg, SECItem **certs, int numcerts);
|
| +typedef SECStatus(PR_CALLBACK *CERTImportCertificateFunc)(void *arg,
|
| + SECItem **certs,
|
| + int numcerts);
|
|
|
| -extern SECStatus
|
| -CERT_DecodeCertPackage(char *certbuf, int certlen, CERTImportCertificateFunc f,
|
| - void *arg);
|
| +extern SECStatus CERT_DecodeCertPackage(char *certbuf, int certlen,
|
| + CERTImportCertificateFunc f, void *arg);
|
|
|
| -/*
|
| -** Returns the value of an AVA. This was a formerly static
|
| +/*
|
| +** Returns the value of an AVA. This was a formerly static
|
| ** function that has been exposed due to the need to decode
|
| -** and convert unicode strings to UTF8.
|
| +** and convert unicode strings to UTF8.
|
| **
|
| ** XXX This function resides in certhtml.c, should it be
|
| ** moved elsewhere?
|
| */
|
| extern SECItem *CERT_DecodeAVAValue(const SECItem *derAVAValue);
|
|
|
| -
|
| -
|
| /*
|
| ** extract various element strings from a distinguished name.
|
| ** "name" the distinguished name
|
| @@ -751,10 +740,10 @@ extern char *CERT_GetCertificateEmailAddress(CERTCertificate *cert);
|
|
|
| extern char *CERT_GetCertEmailAddress(const CERTName *name);
|
|
|
| -extern const char * CERT_GetFirstEmailAddress(CERTCertificate * cert);
|
| +extern const char *CERT_GetFirstEmailAddress(CERTCertificate *cert);
|
|
|
| -extern const char * CERT_GetNextEmailAddress(CERTCertificate * cert,
|
| - const char * prev);
|
| +extern const char *CERT_GetNextEmailAddress(CERTCertificate *cert,
|
| + const char *prev);
|
|
|
| /* The return value must be freed with PORT_Free. */
|
| extern char *CERT_GetCommonName(const CERTName *name);
|
| @@ -778,13 +767,13 @@ extern char *CERT_GetCertUid(const CERTName *name);
|
| extern SECStatus CERT_GetCertTrust(const CERTCertificate *cert,
|
| CERTCertTrust *trust);
|
|
|
| -extern SECStatus
|
| -CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert,
|
| - CERTCertTrust *trust);
|
| +extern SECStatus CERT_ChangeCertTrust(CERTCertDBHandle *handle,
|
| + CERTCertificate *cert,
|
| + CERTCertTrust *trust);
|
|
|
| -extern SECStatus
|
| -CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb, CERTCertificate *cert,
|
| - SECCertUsage usage);
|
| +extern SECStatus CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb,
|
| + CERTCertificate *cert,
|
| + SECCertUsage usage);
|
|
|
| /*************************************************************************
|
| *
|
| @@ -808,23 +797,24 @@ extern void *CERT_StartCertExtensions(CERTCertificate *cert);
|
| ** "copyData" is a flag indicating whether the value data should be
|
| ** copied.
|
| */
|
| -extern SECStatus CERT_AddExtension (void *exthandle, int idtag,
|
| - SECItem *value, PRBool critical, PRBool copyData);
|
| -
|
| -extern SECStatus CERT_AddExtensionByOID (void *exthandle, SECItem *oid,
|
| - SECItem *value, PRBool critical, PRBool copyData);
|
| -
|
| -extern SECStatus CERT_EncodeAndAddExtension
|
| - (void *exthandle, int idtag, void *value, PRBool critical,
|
| - const SEC_ASN1Template *atemplate);
|
| +extern SECStatus CERT_AddExtension(void *exthandle, int idtag, SECItem *value,
|
| + PRBool critical, PRBool copyData);
|
|
|
| -extern SECStatus CERT_EncodeAndAddBitStrExtension
|
| - (void *exthandle, int idtag, SECItem *value, PRBool critical);
|
| +extern SECStatus CERT_AddExtensionByOID(void *exthandle, SECItem *oid,
|
| + SECItem *value, PRBool critical,
|
| + PRBool copyData);
|
|
|
| +extern SECStatus CERT_EncodeAndAddExtension(void *exthandle, int idtag,
|
| + void *value, PRBool critical,
|
| + const SEC_ASN1Template *atemplate);
|
|
|
| -extern SECStatus
|
| -CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue);
|
| +extern SECStatus CERT_EncodeAndAddBitStrExtension(void *exthandle, int idtag,
|
| + SECItem *value,
|
| + PRBool critical);
|
|
|
| +extern SECStatus CERT_EncodeAltNameExtension(PLArenaPool *arena,
|
| + CERTGeneralName *value,
|
| + SECItem *encodedValue);
|
|
|
| /*
|
| ** Finish adding cert extensions. Does final processing on extension
|
| @@ -839,17 +829,15 @@ extern SECStatus CERT_FinishExtensions(void *exthandle);
|
| ** only when its OID matches none of the cert's existing extensions. Call this
|
| ** immediately before calling CERT_FinishExtensions().
|
| */
|
| -SECStatus
|
| -CERT_MergeExtensions(void *exthandle, CERTCertExtension **exts);
|
| +SECStatus CERT_MergeExtensions(void *exthandle, CERTCertExtension **exts);
|
|
|
| /* If the extension is found, return its criticality and value.
|
| ** This allocate storage for the returning extension value.
|
| */
|
| -extern SECStatus CERT_GetExtenCriticality
|
| - (CERTCertExtension **extensions, int tag, PRBool *isCritical);
|
| +extern SECStatus CERT_GetExtenCriticality(CERTCertExtension **extensions,
|
| + int tag, PRBool *isCritical);
|
|
|
| -extern void
|
| -CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
|
| +extern void CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
|
|
|
| /****************************************************************************
|
| *
|
| @@ -862,28 +850,29 @@ CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
|
| ** value - extension value to encode
|
| ** encodedValue - output encoded value
|
| */
|
| -extern SECStatus CERT_EncodeBasicConstraintValue
|
| - (PLArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue);
|
| +extern SECStatus CERT_EncodeBasicConstraintValue(PLArenaPool *arena,
|
| + CERTBasicConstraints *value,
|
| + SECItem *encodedValue);
|
|
|
| /*
|
| ** Encode the value of the authorityKeyIdentifier extension.
|
| */
|
| -extern SECStatus CERT_EncodeAuthKeyID
|
| - (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue);
|
| +extern SECStatus CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
|
| + SECItem *encodedValue);
|
|
|
| /*
|
| ** Encode the value of the crlDistributionPoints extension.
|
| */
|
| -extern SECStatus CERT_EncodeCRLDistributionPoints
|
| - (PLArenaPool *arena, CERTCrlDistributionPoints *value,SECItem *derValue);
|
| +extern SECStatus CERT_EncodeCRLDistributionPoints(
|
| + PLArenaPool *arena, CERTCrlDistributionPoints *value, SECItem *derValue);
|
|
|
| /*
|
| ** Decodes a DER encoded basicConstaint extension value into a readable format
|
| ** value - decoded value
|
| ** encodedValue - value to decoded
|
| */
|
| -extern SECStatus CERT_DecodeBasicConstraintValue
|
| - (CERTBasicConstraints *value, const SECItem *encodedValue);
|
| +extern SECStatus CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
|
| + const SECItem *encodedValue);
|
|
|
| /* Decodes a DER encoded authorityKeyIdentifier extension value into a
|
| ** readable format.
|
| @@ -891,87 +880,84 @@ extern SECStatus CERT_DecodeBasicConstraintValue
|
| ** encodedValue - value to be decoded
|
| ** Returns a CERTAuthKeyID structure which contains the decoded value
|
| */
|
| -extern CERTAuthKeyID *CERT_DecodeAuthKeyID
|
| - (PLArenaPool *arena, const SECItem *encodedValue);
|
| +extern CERTAuthKeyID *CERT_DecodeAuthKeyID(PLArenaPool *arena,
|
| + const SECItem *encodedValue);
|
|
|
| -/* Decodes a DER encoded crlDistributionPoints extension value into a
|
| +/* Decodes a DER encoded crlDistributionPoints extension value into a
|
| ** readable format.
|
| ** arena - where to allocate memory for the decoded value
|
| ** der - value to be decoded
|
| -** Returns a CERTCrlDistributionPoints structure which contains the
|
| +** Returns a CERTCrlDistributionPoints structure which contains the
|
| ** decoded value
|
| */
|
| -extern CERTCrlDistributionPoints * CERT_DecodeCRLDistributionPoints
|
| - (PLArenaPool *arena, SECItem *der);
|
| +extern CERTCrlDistributionPoints *CERT_DecodeCRLDistributionPoints(
|
| + PLArenaPool *arena, SECItem *der);
|
|
|
| /* Extract certain name type from a generalName */
|
| -extern void *CERT_GetGeneralNameByType
|
| - (CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat);
|
| -
|
| -
|
| -extern CERTOidSequence *
|
| -CERT_DecodeOidSequence(const SECItem *seqItem);
|
| -
|
| -
|
| +extern void *CERT_GetGeneralNameByType(CERTGeneralName *genNames,
|
| + CERTGeneralNameType type,
|
| + PRBool derFormat);
|
|
|
| +extern CERTOidSequence *CERT_DecodeOidSequence(const SECItem *seqItem);
|
|
|
| /****************************************************************************
|
| *
|
| - * Find extension values of a certificate
|
| + * Find extension values of a certificate
|
| *
|
| ***************************************************************************/
|
|
|
| -extern SECStatus CERT_FindCertExtension
|
| - (const CERTCertificate *cert, int tag, SECItem *value);
|
| +extern SECStatus CERT_FindCertExtension(const CERTCertificate *cert, int tag,
|
| + SECItem *value);
|
|
|
| -extern SECStatus CERT_FindNSCertTypeExtension
|
| - (CERTCertificate *cert, SECItem *value);
|
| +extern SECStatus CERT_FindNSCertTypeExtension(CERTCertificate *cert,
|
| + SECItem *value);
|
|
|
| -extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag);
|
| +extern char *CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag);
|
|
|
| -extern SECStatus CERT_FindCertExtensionByOID
|
| - (CERTCertificate *cert, SECItem *oid, SECItem *value);
|
| +extern SECStatus CERT_FindCertExtensionByOID(CERTCertificate *cert,
|
| + SECItem *oid, SECItem *value);
|
|
|
| /* Returns the decoded value of the authKeyID extension.
|
| ** Note that this uses passed in the arena to allocate storage for the result
|
| */
|
| -extern CERTAuthKeyID * CERT_FindAuthKeyIDExten (PLArenaPool *arena,CERTCertificate *cert);
|
| +extern CERTAuthKeyID *CERT_FindAuthKeyIDExten(PLArenaPool *arena,
|
| + CERTCertificate *cert);
|
|
|
| /* Returns the decoded value of the basicConstraint extension.
|
| */
|
| -extern SECStatus CERT_FindBasicConstraintExten
|
| - (CERTCertificate *cert, CERTBasicConstraints *value);
|
| +extern SECStatus CERT_FindBasicConstraintExten(CERTCertificate *cert,
|
| + CERTBasicConstraints *value);
|
|
|
| /* Returns the decoded value of the crlDistributionPoints extension.
|
| ** Note that the arena in cert is used to allocate storage for the result
|
| */
|
| -extern CERTCrlDistributionPoints * CERT_FindCRLDistributionPoints
|
| - (CERTCertificate *cert);
|
| +extern CERTCrlDistributionPoints *CERT_FindCRLDistributionPoints(
|
| + CERTCertificate *cert);
|
|
|
| -/* Returns value of the keyUsage extension. This uses PR_Alloc to allocate
|
| -** buffer for the decoded value. The caller should free up the storage
|
| +/* Returns value of the keyUsage extension. This uses PR_Alloc to allocate
|
| +** buffer for the decoded value. The caller should free up the storage
|
| ** allocated in value->data.
|
| */
|
| -extern SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert,
|
| - SECItem *value);
|
| +extern SECStatus CERT_FindKeyUsageExtension(CERTCertificate *cert,
|
| + SECItem *value);
|
|
|
| -/* Return the decoded value of the subjectKeyID extension. The caller should
|
| +/* Return the decoded value of the subjectKeyID extension. The caller should
|
| ** free up the storage allocated in retItem->data.
|
| */
|
| -extern SECStatus CERT_FindSubjectKeyIDExtension (CERTCertificate *cert,
|
| - SECItem *retItem);
|
| +extern SECStatus CERT_FindSubjectKeyIDExtension(CERTCertificate *cert,
|
| + SECItem *retItem);
|
|
|
| /*
|
| ** If cert is a v3 certificate, and a critical keyUsage extension is included,
|
| -** then check the usage against the extension value. If a non-critical
|
| -** keyUsage extension is included, this will return SECSuccess without
|
| -** checking, since the extension is an advisory field, not a restriction.
|
| +** then check the usage against the extension value. If a non-critical
|
| +** keyUsage extension is included, this will return SECSuccess without
|
| +** checking, since the extension is an advisory field, not a restriction.
|
| ** If cert is not a v3 certificate, this will return SECSuccess.
|
| ** cert - certificate
|
| ** usage - one of the x.509 v3 the Key Usage Extension flags
|
| */
|
| -extern SECStatus CERT_CheckCertUsage (CERTCertificate *cert,
|
| - unsigned char usage);
|
| +extern SECStatus CERT_CheckCertUsage(CERTCertificate *cert,
|
| + unsigned char usage);
|
|
|
| /****************************************************************************
|
| *
|
| @@ -979,14 +965,12 @@ extern SECStatus CERT_CheckCertUsage (CERTCertificate *cert,
|
| *
|
| ****************************************************************************/
|
|
|
| -extern SECStatus CERT_FindCRLExtensionByOID
|
| - (CERTCrl *crl, SECItem *oid, SECItem *value);
|
| +extern SECStatus CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid,
|
| + SECItem *value);
|
|
|
| -extern SECStatus CERT_FindCRLExtension
|
| - (CERTCrl *crl, int tag, SECItem *value);
|
| +extern SECStatus CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value);
|
|
|
| -extern SECStatus
|
| - CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value);
|
| +extern SECStatus CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value);
|
|
|
| /*
|
| ** Set up a crl for adding X509v3 extensions. Returns an opaque handle
|
| @@ -1003,17 +987,17 @@ extern void *CERT_StartCRLExtensions(CERTCrl *crl);
|
| */
|
| extern void *CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry);
|
|
|
| -extern CERTCertNicknames *CERT_GetCertNicknames (CERTCertDBHandle *handle,
|
| - int what, void *wincx);
|
| +extern CERTCertNicknames *CERT_GetCertNicknames(CERTCertDBHandle *handle,
|
| + int what, void *wincx);
|
|
|
| /*
|
| ** Finds the crlNumber extension and decodes its value into 'value'
|
| */
|
| -extern SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
|
| - SECItem *value);
|
| +extern SECStatus CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
|
| + SECItem *value);
|
|
|
| -extern SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
|
| - CERTCRLEntryReasonCode *value);
|
| +extern SECStatus CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
|
| + CERTCRLEntryReasonCode *value);
|
|
|
| extern void CERT_FreeNicknames(CERTCertNicknames *nicknames);
|
|
|
| @@ -1021,7 +1005,7 @@ extern PRBool CERT_CompareCerts(const CERTCertificate *c1,
|
| const CERTCertificate *c2);
|
|
|
| extern PRBool CERT_CompareCertsForRedirection(CERTCertificate *c1,
|
| - CERTCertificate *c2);
|
| + CERTCertificate *c2);
|
|
|
| /*
|
| ** Generate an array of the Distinguished Names that the given cert database
|
| @@ -1037,8 +1021,8 @@ extern CERTDistNames *CERT_DupDistNames(CERTDistNames *orig);
|
| /*
|
| ** Generate an array of Distinguished names from an array of nicknames
|
| */
|
| -extern CERTDistNames *CERT_DistNamesFromNicknames
|
| - (CERTCertDBHandle *handle, char **nicknames, int nnames);
|
| +extern CERTDistNames *CERT_DistNamesFromNicknames(CERTCertDBHandle *handle,
|
| + char **nicknames, int nnames);
|
|
|
| /*
|
| ** Generate an array of Distinguished names from a list of certs.
|
| @@ -1048,15 +1032,14 @@ extern CERTDistNames *CERT_DistNamesFromCertList(CERTCertList *list);
|
| /*
|
| ** Generate a certificate chain from a certificate.
|
| */
|
| -extern CERTCertificateList *
|
| -CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
|
| - PRBool includeRoot);
|
| +extern CERTCertificateList *CERT_CertChainFromCert(CERTCertificate *cert,
|
| + SECCertUsage usage,
|
| + PRBool includeRoot);
|
|
|
| -extern CERTCertificateList *
|
| -CERT_CertListFromCert(CERTCertificate *cert);
|
| +extern CERTCertificateList *CERT_CertListFromCert(CERTCertificate *cert);
|
|
|
| -extern CERTCertificateList *
|
| -CERT_DupCertList(const CERTCertificateList * oldList);
|
| +extern CERTCertificateList *CERT_DupCertList(
|
| + const CERTCertificateList *oldList);
|
|
|
| extern void CERT_DestroyCertificateList(CERTCertificateList *list);
|
|
|
| @@ -1064,262 +1047,215 @@ extern void CERT_DestroyCertificateList(CERTCertificateList *list);
|
| ** is cert a user cert? i.e. does it have CERTDB_USER trust,
|
| ** i.e. a private key?
|
| */
|
| -PRBool CERT_IsUserCert(CERTCertificate* cert);
|
| +PRBool CERT_IsUserCert(CERTCertificate *cert);
|
|
|
| /* is cert a newer than cert b? */
|
| PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb);
|
|
|
| /* currently a stub for address book */
|
| -PRBool
|
| -CERT_IsCertRevoked(CERTCertificate *cert);
|
| +PRBool CERT_IsCertRevoked(CERTCertificate *cert);
|
|
|
| -void
|
| -CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
|
| +void CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
|
|
|
| /* convert an email address to lower case */
|
| char *CERT_FixupEmailAddr(const char *emailAddr);
|
|
|
| /* decode string representation of trust flags into trust struct */
|
| -SECStatus
|
| -CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
|
| +SECStatus CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
|
|
|
| /* encode trust struct into string representation of trust flags */
|
| -char *
|
| -CERT_EncodeTrustString(CERTCertTrust *trust);
|
| +char *CERT_EncodeTrustString(CERTCertTrust *trust);
|
|
|
| /* find the next or prev cert in a subject list */
|
| -CERTCertificate *
|
| -CERT_PrevSubjectCert(CERTCertificate *cert);
|
| -CERTCertificate *
|
| -CERT_NextSubjectCert(CERTCertificate *cert);
|
| +CERTCertificate *CERT_PrevSubjectCert(CERTCertificate *cert);
|
| +CERTCertificate *CERT_NextSubjectCert(CERTCertificate *cert);
|
|
|
| /*
|
| * import a collection of certs into the temporary or permanent cert
|
| * database
|
| */
|
| -SECStatus
|
| -CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
|
| - unsigned int ncerts, SECItem **derCerts,
|
| - CERTCertificate ***retCerts, PRBool keepCerts,
|
| - PRBool caOnly, char *nickname);
|
| +SECStatus CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
|
| + unsigned int ncerts, SECItem **derCerts,
|
| + CERTCertificate ***retCerts, PRBool keepCerts,
|
| + PRBool caOnly, char *nickname);
|
|
|
| -char *
|
| -CERT_MakeCANickname(CERTCertificate *cert);
|
| +char *CERT_MakeCANickname(CERTCertificate *cert);
|
|
|
| -PRBool
|
| -CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype);
|
| +PRBool CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype);
|
|
|
| -PRBool
|
| -CERT_IsCADERCert(SECItem *derCert, unsigned int *rettype);
|
| +PRBool CERT_IsCADERCert(SECItem *derCert, unsigned int *rettype);
|
|
|
| -PRBool
|
| -CERT_IsRootDERCert(SECItem *derCert);
|
| +PRBool CERT_IsRootDERCert(SECItem *derCert);
|
|
|
| -SECStatus
|
| -CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
|
| - SECItem *profileTime);
|
| +SECStatus CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
|
| + SECItem *profileTime);
|
|
|
| /*
|
| * find the smime symmetric capabilities profile for a given cert
|
| */
|
| -SECItem *
|
| -CERT_FindSMimeProfile(CERTCertificate *cert);
|
| +SECItem *CERT_FindSMimeProfile(CERTCertificate *cert);
|
|
|
| -SECStatus
|
| -CERT_AddNewCerts(CERTCertDBHandle *handle);
|
| +SECStatus CERT_AddNewCerts(CERTCertDBHandle *handle);
|
|
|
| -CERTCertificatePolicies *
|
| -CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue);
|
| +CERTCertificatePolicies *CERT_DecodeCertificatePoliciesExtension(
|
| + const SECItem *extnValue);
|
|
|
| -void
|
| -CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies);
|
| +void CERT_DestroyCertificatePoliciesExtension(
|
| + CERTCertificatePolicies *policies);
|
|
|
| -CERTCertificatePolicyMappings *
|
| -CERT_DecodePolicyMappingsExtension(SECItem *encodedCertPolicyMaps);
|
| +CERTCertificatePolicyMappings *CERT_DecodePolicyMappingsExtension(
|
| + SECItem *encodedCertPolicyMaps);
|
|
|
| -SECStatus
|
| -CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings);
|
| +SECStatus CERT_DestroyPolicyMappingsExtension(
|
| + CERTCertificatePolicyMappings *mappings);
|
|
|
| -SECStatus
|
| -CERT_DecodePolicyConstraintsExtension(
|
| +SECStatus CERT_DecodePolicyConstraintsExtension(
|
| CERTCertificatePolicyConstraints *decodedValue,
|
| const SECItem *encodedValue);
|
|
|
| -SECStatus CERT_DecodeInhibitAnyExtension
|
| - (CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
|
| +SECStatus CERT_DecodeInhibitAnyExtension(
|
| + CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
|
|
|
| -CERTUserNotice *
|
| -CERT_DecodeUserNotice(SECItem *noticeItem);
|
| +CERTUserNotice *CERT_DecodeUserNotice(SECItem *noticeItem);
|
|
|
| -extern CERTGeneralName *
|
| -CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName);
|
| +extern CERTGeneralName *CERT_DecodeAltNameExtension(PLArenaPool *reqArena,
|
| + SECItem *EncodedAltName);
|
|
|
| -extern CERTNameConstraints *
|
| -CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
|
| - const SECItem *encodedConstraints);
|
| +extern CERTNameConstraints *CERT_DecodeNameConstraintsExtension(
|
| + PLArenaPool *arena, const SECItem *encodedConstraints);
|
|
|
| /* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
|
| -extern CERTAuthInfoAccess **
|
| -CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
|
| - const SECItem *encodedExtension);
|
| +extern CERTAuthInfoAccess **CERT_DecodeAuthInfoAccessExtension(
|
| + PLArenaPool *reqArena, const SECItem *encodedExtension);
|
|
|
| -extern CERTPrivKeyUsagePeriod *
|
| -CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue);
|
| +extern CERTPrivKeyUsagePeriod *CERT_DecodePrivKeyUsagePeriodExtension(
|
| + PLArenaPool *arena, SECItem *extnValue);
|
|
|
| -extern CERTGeneralName *
|
| -CERT_GetNextGeneralName(CERTGeneralName *current);
|
| +extern CERTGeneralName *CERT_GetNextGeneralName(CERTGeneralName *current);
|
|
|
| -extern CERTGeneralName *
|
| -CERT_GetPrevGeneralName(CERTGeneralName *current);
|
| +extern CERTGeneralName *CERT_GetPrevGeneralName(CERTGeneralName *current);
|
|
|
| /*
|
| * Look up name constraints for some certs that do not include name constraints
|
| * (Most importantly, root certificates)
|
| *
|
| - * If a matching subject is found, |extensions| will be populated with a copy of the
|
| - * DER-encoded name constraints extension. The data in |extensions| will point to
|
| + * If a matching subject is found, |extensions| will be populated with a copy of
|
| + * the
|
| + * DER-encoded name constraints extension. The data in |extensions| will point
|
| + * to
|
| * memory that the caller owns.
|
| *
|
| * There is no mechanism to configure imposed name constraints right now. All
|
| * imposed name constraints are built into NSS.
|
| */
|
| -SECStatus
|
| -CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions);
|
| +SECStatus CERT_GetImposedNameConstraints(const SECItem *derSubject,
|
| + SECItem *extensions);
|
|
|
| -CERTNameConstraint *
|
| -CERT_GetNextNameConstraint(CERTNameConstraint *current);
|
| +CERTNameConstraint *CERT_GetNextNameConstraint(CERTNameConstraint *current);
|
|
|
| -CERTNameConstraint *
|
| -CERT_GetPrevNameConstraint(CERTNameConstraint *current);
|
| +CERTNameConstraint *CERT_GetPrevNameConstraint(CERTNameConstraint *current);
|
|
|
| -void
|
| -CERT_DestroyUserNotice(CERTUserNotice *userNotice);
|
| +void CERT_DestroyUserNotice(CERTUserNotice *userNotice);
|
|
|
| -typedef char * (* CERTPolicyStringCallback)(char *org,
|
| - unsigned long noticeNumber,
|
| - void *arg);
|
| -void
|
| -CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg);
|
| +typedef char *(*CERTPolicyStringCallback)(char *org, unsigned long noticeNumber,
|
| + void *arg);
|
| +void CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg);
|
|
|
| -char *
|
| -CERT_GetCertCommentString(CERTCertificate *cert);
|
| +char *CERT_GetCertCommentString(CERTCertificate *cert);
|
|
|
| -PRBool
|
| -CERT_GovtApprovedBitSet(CERTCertificate *cert);
|
| +PRBool CERT_GovtApprovedBitSet(CERTCertificate *cert);
|
|
|
| -SECStatus
|
| -CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
|
| +SECStatus CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
|
|
|
| -CERTCertList *
|
| -CERT_MatchUserCert(CERTCertDBHandle *handle,
|
| - SECCertUsage usage,
|
| - int nCANames, char **caNames,
|
| - void *proto_win);
|
| +CERTCertList *CERT_MatchUserCert(CERTCertDBHandle *handle, SECCertUsage usage,
|
| + int nCANames, char **caNames, void *proto_win);
|
|
|
| -CERTCertList *
|
| -CERT_NewCertList(void);
|
| +CERTCertList *CERT_NewCertList(void);
|
|
|
| /* free the cert list and all the certs in the list */
|
| -void
|
| -CERT_DestroyCertList(CERTCertList *certs);
|
| +void CERT_DestroyCertList(CERTCertList *certs);
|
|
|
| /* remove the node and free the cert */
|
| -void
|
| -CERT_RemoveCertListNode(CERTCertListNode *node);
|
| +void CERT_RemoveCertListNode(CERTCertListNode *node);
|
|
|
| /* equivalent to CERT_AddCertToListTailWithData(certs, cert, NULL) */
|
| -SECStatus
|
| -CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
|
| +SECStatus CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
|
|
|
| /* equivalent to CERT_AddCertToListHeadWithData(certs, cert, NULL) */
|
| -SECStatus
|
| -CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
|
| +SECStatus CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
|
|
|
| /*
|
| * The new cert list node takes ownership of "cert". "cert" is freed
|
| * when the list node is removed.
|
| */
|
| -SECStatus
|
| -CERT_AddCertToListTailWithData(CERTCertList *certs, CERTCertificate *cert,
|
| - void *appData);
|
| +SECStatus CERT_AddCertToListTailWithData(CERTCertList *certs,
|
| + CERTCertificate *cert, void *appData);
|
|
|
| /*
|
| * The new cert list node takes ownership of "cert". "cert" is freed
|
| * when the list node is removed.
|
| */
|
| -SECStatus
|
| -CERT_AddCertToListHeadWithData(CERTCertList *certs, CERTCertificate *cert,
|
| - void *appData);
|
| +SECStatus CERT_AddCertToListHeadWithData(CERTCertList *certs,
|
| + CERTCertificate *cert, void *appData);
|
|
|
| -typedef PRBool (* CERTSortCallback)(CERTCertificate *certa,
|
| - CERTCertificate *certb,
|
| - void *arg);
|
| -SECStatus
|
| -CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
|
| - CERTSortCallback f, void *arg);
|
| +typedef PRBool (*CERTSortCallback)(CERTCertificate *certa,
|
| + CERTCertificate *certb, void *arg);
|
| +SECStatus CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
|
| + CERTSortCallback f, void *arg);
|
|
|
| /* callback for CERT_AddCertToListSorted that sorts based on validity
|
| * period and a given time.
|
| */
|
| -PRBool
|
| -CERT_SortCBValidity(CERTCertificate *certa,
|
| - CERTCertificate *certb,
|
| - void *arg);
|
| +PRBool CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb,
|
| + void *arg);
|
|
|
| -SECStatus
|
| -CERT_CheckForEvilCert(CERTCertificate *cert);
|
| +SECStatus CERT_CheckForEvilCert(CERTCertificate *cert);
|
|
|
| -CERTGeneralName *
|
| -CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena);
|
| +CERTGeneralName *CERT_GetCertificateNames(CERTCertificate *cert,
|
| + PLArenaPool *arena);
|
|
|
| -CERTGeneralName *
|
| -CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
|
| - PLArenaPool *arena,
|
| - PRBool includeSubjectCommonName);
|
| +CERTGeneralName *CERT_GetConstrainedCertificateNames(
|
| + const CERTCertificate *cert, PLArenaPool *arena,
|
| + PRBool includeSubjectCommonName);
|
|
|
| /*
|
| * Creates or adds to a list of all certs with a give subject name, sorted by
|
| * validity time, newest first. Invalid certs are considered older than
|
| * valid certs. If validOnly is set, do not include invalid certs on list.
|
| */
|
| -CERTCertList *
|
| -CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
|
| - const SECItem *name, PRTime sorttime,
|
| - PRBool validOnly);
|
| +CERTCertList *CERT_CreateSubjectCertList(CERTCertList *certList,
|
| + CERTCertDBHandle *handle,
|
| + const SECItem *name, PRTime sorttime,
|
| + PRBool validOnly);
|
|
|
| /*
|
| * remove certs from a list that don't have keyUsage and certType
|
| * that match the given usage.
|
| */
|
| -SECStatus
|
| -CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
|
| - PRBool ca);
|
| +SECStatus CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
|
| + PRBool ca);
|
|
|
| /*
|
| * check the key usage of a cert against a set of required values
|
| */
|
| -SECStatus
|
| -CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage);
|
| +SECStatus CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage);
|
|
|
| /*
|
| * return required key usage and cert type based on cert usage
|
| */
|
| -SECStatus
|
| -CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage,
|
| - PRBool ca,
|
| - unsigned int *retKeyUsage,
|
| - unsigned int *retCertType);
|
| +SECStatus CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
|
| + unsigned int *retKeyUsage,
|
| + unsigned int *retCertType);
|
| /*
|
| * return required trust flags for various cert usages for CAs
|
| */
|
| -SECStatus
|
| -CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
|
| - unsigned int *retFlags,
|
| - SECTrustType *retTrustType);
|
| +SECStatus CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
|
| + unsigned int *retFlags,
|
| + SECTrustType *retTrustType);
|
|
|
| /*
|
| * Find all user certificates that match the given criteria.
|
| - *
|
| + *
|
| * "handle" - database to search
|
| * "usage" - certificate usage to match
|
| * "oneCertPerName" - if set then only return the "best" cert per
|
| @@ -1327,28 +1263,24 @@ CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
|
| * "validOnly" - only return certs that are curently valid
|
| * "proto_win" - window handle passed to pkcs11
|
| */
|
| -CERTCertList *
|
| -CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
|
| - SECCertUsage usage,
|
| - PRBool oneCertPerName,
|
| - PRBool validOnly,
|
| - void *proto_win);
|
| +CERTCertList *CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
|
| + SECCertUsage usage,
|
| + PRBool oneCertPerName, PRBool validOnly,
|
| + void *proto_win);
|
|
|
| /*
|
| * Find a user certificate that matchs the given criteria.
|
| - *
|
| + *
|
| * "handle" - database to search
|
| * "nickname" - nickname to match
|
| * "usage" - certificate usage to match
|
| * "validOnly" - only return certs that are curently valid
|
| * "proto_win" - window handle passed to pkcs11
|
| */
|
| -CERTCertificate *
|
| -CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
|
| - const char *nickname,
|
| - SECCertUsage usage,
|
| - PRBool validOnly,
|
| - void *proto_win);
|
| +CERTCertificate *CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
|
| + const char *nickname,
|
| + SECCertUsage usage, PRBool validOnly,
|
| + void *proto_win);
|
|
|
| /*
|
| * Filter a list of certificates, removing those certs that do not have
|
| @@ -1360,15 +1292,13 @@ CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
|
| * "usage" - what use the certs are for, this is used when
|
| * selecting CA certs
|
| */
|
| -SECStatus
|
| -CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
|
| - char **caNames, SECCertUsage usage);
|
| +SECStatus CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
|
| + char **caNames, SECCertUsage usage);
|
|
|
| /*
|
| * Filter a list of certificates, removing those certs that aren't user certs
|
| */
|
| -SECStatus
|
| -CERT_FilterCertListForUserCerts(CERTCertList *certList);
|
| +SECStatus CERT_FilterCertListForUserCerts(CERTCertList *certList);
|
|
|
| /*
|
| * Collect the nicknames from all certs in a CertList. If the cert is not
|
| @@ -1379,9 +1309,9 @@ CERT_FilterCertListForUserCerts(CERTCertList *certList);
|
| * "notYetGoodString" - the string to append to the nickname of any cert
|
| * that is not yet valid
|
| */
|
| -CERTCertNicknames *
|
| -CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
|
| - char *notYetGoodString);
|
| +CERTCertNicknames *CERT_NicknameStringsFromCertList(CERTCertList *certList,
|
| + char *expiredString,
|
| + char *notYetGoodString);
|
|
|
| /*
|
| * Extract the nickname from a nickmake string that may have either
|
| @@ -1395,9 +1325,8 @@ CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
|
| *
|
| * Returns the raw nickname
|
| */
|
| -char *
|
| -CERT_ExtractNicknameString(char *namestring, char *expiredString,
|
| - char *notYetGoodString);
|
| +char *CERT_ExtractNicknameString(char *namestring, char *expiredString,
|
| + char *notYetGoodString);
|
|
|
| /*
|
| * Given a certificate, return a string containing the nickname, and possibly
|
| @@ -1412,16 +1341,16 @@ CERT_ExtractNicknameString(char *namestring, char *expiredString,
|
| * "notYetGoodString" - the string to append to the nickname if the cert is
|
| * not yet good.
|
| */
|
| -char *
|
| -CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
|
| - char *expiredString, char *notYetGoodString);
|
| +char *CERT_GetCertNicknameWithValidity(PLArenaPool *arena,
|
| + CERTCertificate *cert,
|
| + char *expiredString,
|
| + char *notYetGoodString);
|
|
|
| /*
|
| * Return the string representation of a DER encoded distinguished name
|
| * "dername" - The DER encoded name to convert
|
| */
|
| -char *
|
| -CERT_DerNameToAscii(SECItem *dername);
|
| +char *CERT_DerNameToAscii(SECItem *dername);
|
|
|
| /*
|
| * Supported usage values and types:
|
| @@ -1433,10 +1362,10 @@ CERT_DerNameToAscii(SECItem *dername);
|
| * certUsageObjectSigner
|
| */
|
|
|
| -CERTCertificate *
|
| -CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
|
| - CERTCertOwner owner, SECCertUsage usage,
|
| - PRBool preferTrusted, PRTime validTime, PRBool validOnly);
|
| +CERTCertificate *CERT_FindMatchingCert(CERTCertDBHandle *handle,
|
| + SECItem *derName, CERTCertOwner owner,
|
| + SECCertUsage usage, PRBool preferTrusted,
|
| + PRTime validTime, PRBool validOnly);
|
|
|
| /*
|
| * Acquire the global lock on the cert database.
|
| @@ -1446,21 +1375,18 @@ CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
|
| * changing(maybe just adding?) the trust of a cert
|
| * adjusting the reference count of a cert
|
| */
|
| -void
|
| -CERT_LockDB(CERTCertDBHandle *handle);
|
| +void CERT_LockDB(CERTCertDBHandle *handle);
|
|
|
| /*
|
| * Free the global cert database lock.
|
| */
|
| -void
|
| -CERT_UnlockDB(CERTCertDBHandle *handle);
|
| +void CERT_UnlockDB(CERTCertDBHandle *handle);
|
|
|
| /*
|
| * Get the certificate status checking configuratino data for
|
| * the certificate database
|
| */
|
| -CERTStatusConfig *
|
| -CERT_GetStatusConfig(CERTCertDBHandle *handle);
|
| +CERTStatusConfig *CERT_GetStatusConfig(CERTCertDBHandle *handle);
|
|
|
| /*
|
| * Set the certificate status checking information for the
|
| @@ -1468,10 +1394,7 @@ CERT_GetStatusConfig(CERTCertDBHandle *handle);
|
| * database and will be freed by calling the 'Destroy' function in
|
| * the configuration object.
|
| */
|
| -void
|
| -CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
|
| -
|
| -
|
| +void CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
|
|
|
| /*
|
| * Acquire the cert reference count lock
|
| @@ -1479,14 +1402,12 @@ CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
|
| * arg here so that it will be easy to make it per-cert in the future if
|
| * that turns out to be necessary.
|
| */
|
| -void
|
| -CERT_LockCertRefCount(CERTCertificate *cert);
|
| +void CERT_LockCertRefCount(CERTCertificate *cert);
|
|
|
| /*
|
| * Free the cert reference count lock
|
| */
|
| -void
|
| -CERT_UnlockCertRefCount(CERTCertificate *cert);
|
| +void CERT_UnlockCertRefCount(CERTCertificate *cert);
|
|
|
| /*
|
| * Acquire the cert trust lock
|
| @@ -1494,14 +1415,12 @@ CERT_UnlockCertRefCount(CERTCertificate *cert);
|
| * arg here so that it will be easy to make it per-cert in the future if
|
| * that turns out to be necessary.
|
| */
|
| -void
|
| -CERT_LockCertTrust(const CERTCertificate *cert);
|
| +void CERT_LockCertTrust(const CERTCertificate *cert);
|
|
|
| /*
|
| * Free the cert trust lock
|
| */
|
| -void
|
| -CERT_UnlockCertTrust(const CERTCertificate *cert);
|
| +void CERT_UnlockCertTrust(const CERTCertificate *cert);
|
|
|
| /*
|
| * Digest the cert's subject public key using the specified algorithm.
|
| @@ -1513,47 +1432,44 @@ CERT_UnlockCertTrust(const CERTCertificate *cert);
|
| * non-null, the data is put there, otherwise a SECItem is allocated.
|
| * Allocation from "arena" if it is non-null, heap otherwise. Any problem
|
| * results in a NULL being returned (and an appropriate error set).
|
| - */
|
| -extern SECItem *
|
| -CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena, const CERTCertificate *cert,
|
| - SECOidTag digestAlg, SECItem *fill);
|
| + */
|
| +extern SECItem *CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena,
|
| + const CERTCertificate *cert,
|
| + SECOidTag digestAlg,
|
| + SECItem *fill);
|
|
|
| /*
|
| * Digest the cert's subject name using the specified algorithm.
|
| */
|
| -extern SECItem *
|
| -CERT_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
|
| - SECOidTag digestAlg, SECItem *fill);
|
| -
|
| -SECStatus CERT_CheckCRL(CERTCertificate* cert, CERTCertificate* issuer,
|
| - const SECItem* dp, PRTime t, void* wincx);
|
| +extern SECItem *CERT_GetSubjectNameDigest(PLArenaPool *arena,
|
| + const CERTCertificate *cert,
|
| + SECOidTag digestAlg, SECItem *fill);
|
|
|
| +SECStatus CERT_CheckCRL(CERTCertificate *cert, CERTCertificate *issuer,
|
| + const SECItem *dp, PRTime t, void *wincx);
|
|
|
| /*
|
| * Add a CERTNameConstraint to the CERTNameConstraint list
|
| */
|
| -extern CERTNameConstraint *
|
| -CERT_AddNameConstraint(CERTNameConstraint *list,
|
| - CERTNameConstraint *constraint);
|
| +extern CERTNameConstraint *CERT_AddNameConstraint(
|
| + CERTNameConstraint *list, CERTNameConstraint *constraint);
|
|
|
| /*
|
| * Allocate space and copy CERTNameConstraint from src to dest.
|
| * Arena is used to allocate result(if dest eq NULL) and its members
|
| * SECItem data.
|
| */
|
| -extern CERTNameConstraint *
|
| -CERT_CopyNameConstraint(PLArenaPool *arena,
|
| - CERTNameConstraint *dest,
|
| - CERTNameConstraint *src);
|
| +extern CERTNameConstraint *CERT_CopyNameConstraint(PLArenaPool *arena,
|
| + CERTNameConstraint *dest,
|
| + CERTNameConstraint *src);
|
|
|
| /*
|
| * Verify name against all the constraints relevant to that type of
|
| * the name.
|
| */
|
| -extern SECStatus
|
| -CERT_CheckNameSpace(PLArenaPool *arena,
|
| - const CERTNameConstraints *constraints,
|
| - const CERTGeneralName *currentName);
|
| +extern SECStatus CERT_CheckNameSpace(PLArenaPool *arena,
|
| + const CERTNameConstraints *constraints,
|
| + const CERTGeneralName *currentName);
|
|
|
| /*
|
| * Extract and allocate the name constraints extension from the CA cert.
|
| @@ -1561,84 +1477,70 @@ CERT_CheckNameSpace(PLArenaPool *arena,
|
| * CERT_GetImposedNameConstraints returns a name constraints extension
|
| * for the subject of the certificate, then that extension will be returned.
|
| */
|
| -extern SECStatus
|
| -CERT_FindNameConstraintsExten(PLArenaPool *arena,
|
| - CERTCertificate *cert,
|
| - CERTNameConstraints **constraints);
|
| +extern SECStatus CERT_FindNameConstraintsExten(
|
| + PLArenaPool *arena, CERTCertificate *cert,
|
| + CERTNameConstraints **constraints);
|
|
|
| /*
|
| * Initialize a new GERTGeneralName fields (link)
|
| */
|
| -extern CERTGeneralName *
|
| -CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type);
|
| +extern CERTGeneralName *CERT_NewGeneralName(PLArenaPool *arena,
|
| + CERTGeneralNameType type);
|
|
|
| /*
|
| * Lookup a CERTGeneralNameType constant by its human readable string.
|
| */
|
| -extern CERTGeneralNameType
|
| -CERT_GetGeneralNameTypeFromString(const char *string);
|
| +extern CERTGeneralNameType CERT_GetGeneralNameTypeFromString(
|
| + const char *string);
|
|
|
| /*
|
| * PKIX extension encoding routines
|
| */
|
| -extern SECStatus
|
| -CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
|
| - CERTCertificatePolicyConstraints *constr,
|
| - SECItem *dest);
|
| -extern SECStatus
|
| -CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
|
| - CERTCertificateInhibitAny *inhibitAny,
|
| - SECItem *dest);
|
| -extern SECStatus
|
| -CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
|
| - CERTCertificatePolicyMappings *maps,
|
| - SECItem *dest);
|
| +extern SECStatus CERT_EncodePolicyConstraintsExtension(
|
| + PLArenaPool *arena, CERTCertificatePolicyConstraints *constr,
|
| + SECItem *dest);
|
| +extern SECStatus CERT_EncodeInhibitAnyExtension(
|
| + PLArenaPool *arena, CERTCertificateInhibitAny *inhibitAny, SECItem *dest);
|
| +extern SECStatus CERT_EncodePolicyMappingExtension(
|
| + PLArenaPool *arena, CERTCertificatePolicyMappings *maps, SECItem *dest);
|
|
|
| extern SECStatus CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
|
| - CERTAuthInfoAccess **info,
|
| - SECItem *dest);
|
| -extern SECStatus
|
| -CERT_EncodeUserNotice(PLArenaPool *arena,
|
| - CERTUserNotice *notice,
|
| - SECItem *dest);
|
| -
|
| -extern SECStatus
|
| -CERT_EncodeDisplayText(PLArenaPool *arena,
|
| - SECItem *text,
|
| - SECItem *dest);
|
| -
|
| -extern SECStatus
|
| -CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
|
| - CERTPolicyInfo **info,
|
| - SECItem *dest);
|
| -extern SECStatus
|
| -CERT_EncodeNoticeReference(PLArenaPool *arena,
|
| - CERTNoticeReference *reference,
|
| - SECItem *dest);
|
| + CERTAuthInfoAccess **info,
|
| + SECItem *dest);
|
| +extern SECStatus CERT_EncodeUserNotice(PLArenaPool *arena,
|
| + CERTUserNotice *notice, SECItem *dest);
|
| +
|
| +extern SECStatus CERT_EncodeDisplayText(PLArenaPool *arena, SECItem *text,
|
| + SECItem *dest);
|
| +
|
| +extern SECStatus CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
|
| + CERTPolicyInfo **info,
|
| + SECItem *dest);
|
| +extern SECStatus CERT_EncodeNoticeReference(PLArenaPool *arena,
|
| + CERTNoticeReference *reference,
|
| + SECItem *dest);
|
|
|
| /*
|
| * Returns a pointer to a static structure.
|
| */
|
| -extern const CERTRevocationFlags*
|
| -CERT_GetPKIXVerifyNistRevocationPolicy(void);
|
| +extern const CERTRevocationFlags *CERT_GetPKIXVerifyNistRevocationPolicy(void);
|
|
|
| /*
|
| * Returns a pointer to a static structure.
|
| */
|
| -extern const CERTRevocationFlags*
|
| -CERT_GetClassicOCSPEnabledSoftFailurePolicy(void);
|
| +extern const CERTRevocationFlags *CERT_GetClassicOCSPEnabledSoftFailurePolicy(
|
| + void);
|
|
|
| /*
|
| * Returns a pointer to a static structure.
|
| */
|
| -extern const CERTRevocationFlags*
|
| -CERT_GetClassicOCSPEnabledHardFailurePolicy(void);
|
| +extern const CERTRevocationFlags *CERT_GetClassicOCSPEnabledHardFailurePolicy(
|
| + void);
|
|
|
| /*
|
| * Returns a pointer to a static structure.
|
| */
|
| -extern const CERTRevocationFlags*
|
| -CERT_GetClassicOCSPDisabledPolicy(void);
|
| +extern const CERTRevocationFlags *CERT_GetClassicOCSPDisabledPolicy(void);
|
|
|
| /*
|
| * Verify a Cert with libpkix
|
| @@ -1647,12 +1549,10 @@ CERT_GetClassicOCSPDisabledPolicy(void);
|
| * paramsOut specifies the parameters the caller would like to get back.
|
| * the caller may pass NULL, in which case no parameters are returned.
|
| */
|
| -extern SECStatus CERT_PKIXVerifyCert(
|
| - CERTCertificate *cert,
|
| - SECCertificateUsage usages,
|
| - CERTValInParam *paramsIn,
|
| - CERTValOutParam *paramsOut,
|
| - void *wincx);
|
| +extern SECStatus CERT_PKIXVerifyCert(CERTCertificate *cert,
|
| + SECCertificateUsage usages,
|
| + CERTValInParam *paramsIn,
|
| + CERTValOutParam *paramsOut, void *wincx);
|
|
|
| /* Makes old cert validation APIs(CERT_VerifyCert, CERT_VerifyCertificate)
|
| * to use libpkix validation engine. The function should be called ones at
|
| @@ -1669,8 +1569,7 @@ extern PRBool CERT_GetUsePKIXForValidation(void);
|
| * and allocate the inner arrays of the given sizes.
|
| * To cleanup call CERT_DestroyCERTRevocationFlags.
|
| */
|
| -extern CERTRevocationFlags *
|
| -CERT_AllocCERTRevocationFlags(
|
| +extern CERTRevocationFlags *CERT_AllocCERTRevocationFlags(
|
| PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
|
| PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods);
|
|
|
| @@ -1678,8 +1577,7 @@ CERT_AllocCERTRevocationFlags(
|
| * Destroy the arrays inside flags,
|
| * and destroy the object pointed to by flags, too.
|
| */
|
| -extern void
|
| -CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
|
| +extern void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
|
|
|
| SEC_END_PROTOS
|
|
|
|
|
Chromium Code Reviews
Issue 1843333003:
Update NSPR to 4.12 and NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@master