Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(937)

Unified Diff: nss/lib/certdb/certt.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/certdb/certi.h ('k') | nss/lib/certdb/certv3.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/certdb/certt.h
diff --git a/nss/lib/certdb/certt.h b/nss/lib/certdb/certt.h
deleted file mode 100644
index 4c31c29e0e81d97727fc70159b139771ececce0d..0000000000000000000000000000000000000000
--- a/nss/lib/certdb/certt.h
+++ /dev/null
@@ -1,1328 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * certt.h - public data structures for the certificate library
- */
-#ifndef _CERTT_H_
-#define _CERTT_H_
-
-#include "prclist.h"
-#include "pkcs11t.h"
-#include "seccomon.h"
-#include "secmodt.h"
-#include "secoidt.h"
-#include "plarena.h"
-#include "prcvar.h"
-#include "nssilock.h"
-#include "prio.h"
-#include "prmon.h"
-
-/* Stan data types */
-struct NSSCertificateStr;
-struct NSSTrustDomainStr;
-
-/* Non-opaque objects */
-typedef struct CERTAVAStr CERTAVA;
-typedef struct CERTAttributeStr CERTAttribute;
-typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess;
-typedef struct CERTAuthKeyIDStr CERTAuthKeyID;
-typedef struct CERTBasicConstraintsStr CERTBasicConstraints;
-typedef struct NSSTrustDomainStr CERTCertDBHandle;
-typedef struct CERTCertExtensionStr CERTCertExtension;
-typedef struct CERTCertKeyStr CERTCertKey;
-typedef struct CERTCertListStr CERTCertList;
-typedef struct CERTCertListNodeStr CERTCertListNode;
-typedef struct CERTCertNicknamesStr CERTCertNicknames;
-typedef struct CERTCertTrustStr CERTCertTrust;
-typedef struct CERTCertificateStr CERTCertificate;
-typedef struct CERTCertificateListStr CERTCertificateList;
-typedef struct CERTCertificateRequestStr CERTCertificateRequest;
-typedef struct CERTCrlStr CERTCrl;
-typedef struct CERTCrlDistributionPointsStr CERTCrlDistributionPoints;
-typedef struct CERTCrlEntryStr CERTCrlEntry;
-typedef struct CERTCrlHeadNodeStr CERTCrlHeadNode;
-typedef struct CERTCrlKeyStr CERTCrlKey;
-typedef struct CERTCrlNodeStr CERTCrlNode;
-typedef struct CERTDERCertsStr CERTDERCerts;
-typedef struct CERTDistNamesStr CERTDistNames;
-typedef struct CERTGeneralNameStr CERTGeneralName;
-typedef struct CERTGeneralNameListStr CERTGeneralNameList;
-typedef struct CERTIssuerAndSNStr CERTIssuerAndSN;
-typedef struct CERTNameStr CERTName;
-typedef struct CERTNameConstraintStr CERTNameConstraint;
-typedef struct CERTNameConstraintsStr CERTNameConstraints;
-typedef struct CERTOKDomainNameStr CERTOKDomainName;
-typedef struct CERTPrivKeyUsagePeriodStr CERTPrivKeyUsagePeriod;
-typedef struct CERTPublicKeyAndChallengeStr CERTPublicKeyAndChallenge;
-typedef struct CERTRDNStr CERTRDN;
-typedef struct CERTSignedCrlStr CERTSignedCrl;
-typedef struct CERTSignedDataStr CERTSignedData;
-typedef struct CERTStatusConfigStr CERTStatusConfig;
-typedef struct CERTSubjectListStr CERTSubjectList;
-typedef struct CERTSubjectNodeStr CERTSubjectNode;
-typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
-typedef struct CERTValidityStr CERTValidity;
-typedef struct CERTVerifyLogStr CERTVerifyLog;
-typedef struct CERTVerifyLogNodeStr CERTVerifyLogNode;
-typedef struct CRLDistributionPointStr CRLDistributionPoint;
-
-/* CRL extensions type */
-typedef unsigned long CERTCrlNumber;
-
-/*
-** An X.500 AVA object
-*/
-struct CERTAVAStr {
- SECItem type;
- SECItem value;
-};
-
-/*
-** An X.500 RDN object
-*/
-struct CERTRDNStr {
- CERTAVA **avas;
-};
-
-/*
-** An X.500 name object
-*/
-struct CERTNameStr {
- PLArenaPool *arena;
- CERTRDN **rdns;
-};
-
-/*
-** An X.509 validity object
-*/
-struct CERTValidityStr {
- PLArenaPool *arena;
- SECItem notBefore;
- SECItem notAfter;
-};
-
-/*
- * A serial number and issuer name, which is used as a database key
- */
-struct CERTCertKeyStr {
- SECItem serialNumber;
- SECItem derIssuer;
-};
-
-/*
-** A signed data object. Used to implement the "signed" macro used
-** in the X.500 specs.
-*/
-struct CERTSignedDataStr {
- SECItem data;
- SECAlgorithmID signatureAlgorithm;
- SECItem signature;
-};
-
-/*
-** An X.509 subject-public-key-info object
-*/
-struct CERTSubjectPublicKeyInfoStr {
- PLArenaPool *arena;
- SECAlgorithmID algorithm;
- SECItem subjectPublicKey;
-};
-
-struct CERTPublicKeyAndChallengeStr {
- SECItem spki;
- SECItem challenge;
-};
-
-struct CERTCertTrustStr {
- unsigned int sslFlags;
- unsigned int emailFlags;
- unsigned int objectSigningFlags;
-};
-
-/*
- * defined the types of trust that exist
- */
-typedef enum SECTrustTypeEnum {
- trustSSL = 0,
- trustEmail = 1,
- trustObjectSigning = 2,
- trustTypeNone = 3
-} SECTrustType;
-
-#define SEC_GET_TRUST_FLAGS(trust, type) \
- (((type) == trustSSL) \
- ? ((trust)->sslFlags) \
- : (((type) == trustEmail) ? ((trust)->emailFlags) \
- : (((type) == trustObjectSigning) \
- ? ((trust)->objectSigningFlags) \
- : 0)))
-
-/*
-** An X.509.3 certificate extension
-*/
-struct CERTCertExtensionStr {
- SECItem id;
- SECItem critical;
- SECItem value;
-};
-
-struct CERTSubjectNodeStr {
- struct CERTSubjectNodeStr *next;
- struct CERTSubjectNodeStr *prev;
- SECItem certKey;
- SECItem keyID;
-};
-
-struct CERTSubjectListStr {
- PLArenaPool *arena;
- int ncerts;
- char *emailAddr;
- CERTSubjectNode *head;
- CERTSubjectNode *tail; /* do we need tail? */
- void *entry;
-};
-
-/*
-** An X.509 certificate object (the unsigned form)
-*/
-struct CERTCertificateStr {
- /* the arena is used to allocate any data structures that have the same
- * lifetime as the cert. This is all stuff that hangs off of the cert
- * structure, and is all freed at the same time. It is used when the
- * cert is decoded, destroyed, and at some times when it changes
- * state
- */
- PLArenaPool *arena;
-
- /* The following fields are static after the cert has been decoded */
- char *subjectName;
- char *issuerName;
- CERTSignedData signatureWrap; /* XXX */
- SECItem derCert; /* original DER for the cert */
- SECItem derIssuer; /* DER for issuer name */
- SECItem derSubject; /* DER for subject name */
- SECItem derPublicKey; /* DER for the public key */
- SECItem certKey; /* database key for this cert */
- SECItem version;
- SECItem serialNumber;
- SECAlgorithmID signature;
- CERTName issuer;
- CERTValidity validity;
- CERTName subject;
- CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
- SECItem issuerID;
- SECItem subjectID;
- CERTCertExtension **extensions;
- char *emailAddr;
- CERTCertDBHandle *dbhandle;
- SECItem subjectKeyID; /* x509v3 subject key identifier */
- PRBool keyIDGenerated; /* was the keyid generated? */
- unsigned int keyUsage; /* what uses are allowed for this cert */
- unsigned int rawKeyUsage; /* value of the key usage extension */
- PRBool keyUsagePresent; /* was the key usage extension present */
- PRUint32 nsCertType; /* value of the ns cert type extension */
- /* must be 32-bit for PR_ATOMIC_SET */
-
- /* these values can be set by the application to bypass certain checks
- * or to keep the cert in memory for an entire session.
- * XXX - need an api to set these
- */
- PRBool keepSession; /* keep this cert for entire session*/
- PRBool timeOK; /* is the bad validity time ok? */
- CERTOKDomainName *domainOK; /* these domain names are ok */
-
- /*
- * these values can change when the cert changes state. These state
- * changes include transitions from temp to perm or vice-versa, and
- * changes of trust flags
- */
- PRBool isperm;
- PRBool istemp;
- char *nickname;
- char *dbnickname;
- struct NSSCertificateStr *nssCertificate; /* This is Stan stuff. */
- CERTCertTrust *trust;
-
- /* the reference count is modified whenever someone looks up, dups
- * or destroys a certificate
- */
- int referenceCount;
-
- /* The subject list is a list of all certs with the same subject name.
- * It can be modified any time a cert is added or deleted from either
- * the in-memory(temporary) or on-disk(permanent) database.
- */
- CERTSubjectList *subjectList;
-
- /* these belong in the static section, but are here to maintain
- * the structure's integrity
- */
- CERTAuthKeyID *authKeyID; /* x509v3 authority key identifier */
- PRBool isRoot; /* cert is the end of a chain */
-
- /* these fields are used by client GUI code to keep track of ssl sockets
- * that are blocked waiting on GUI feedback related to this cert.
- * XXX - these should be moved into some sort of application specific
- * data structure. They are only used by the browser right now.
- */
- union {
- void *apointer; /* was struct SECSocketNode* authsocketlist */
- struct {
- unsigned int hasUnsupportedCriticalExt : 1;
- /* add any new option bits needed here */
- } bits;
- } options;
- int series; /* was int authsocketcount; record the series of the pkcs11ID */
-
- /* This is PKCS #11 stuff. */
- PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
- CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
- PRBool ownSlot; /*true if the cert owns the slot reference */
-};
-#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
-#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
-#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
-
-#define SEC_CRL_VERSION_1 0 /* default */
-#define SEC_CRL_VERSION_2 1 /* v2 extensions */
-
-/*
- * used to identify class of cert in mime stream code
- */
-#define SEC_CERT_CLASS_CA 1
-#define SEC_CERT_CLASS_SERVER 2
-#define SEC_CERT_CLASS_USER 3
-#define SEC_CERT_CLASS_EMAIL 4
-
-struct CERTDERCertsStr {
- PLArenaPool *arena;
- int numcerts;
- SECItem *rawCerts;
-};
-
-/*
-** A PKCS ? Attribute
-** XXX this is duplicated through out the code, it *should* be moved
-** to a central location. Where would be appropriate?
-*/
-struct CERTAttributeStr {
- SECItem attrType;
- SECItem **attrValue;
-};
-
-/*
-** A PKCS#10 certificate-request object (the unsigned form)
-*/
-struct CERTCertificateRequestStr {
- PLArenaPool *arena;
- SECItem version;
- CERTName subject;
- CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
- CERTAttribute **attributes;
-};
-#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
-
-/*
-** A certificate list object.
-*/
-struct CERTCertificateListStr {
- SECItem *certs;
- int len; /* number of certs */
- PLArenaPool *arena;
-};
-
-struct CERTCertListNodeStr {
- PRCList links;
- CERTCertificate *cert;
- void *appData;
-};
-
-struct CERTCertListStr {
- PRCList list;
- PLArenaPool *arena;
-};
-
-#define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
-#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list))
-#define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
-#define CERT_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
-#define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l)
-
-struct CERTCrlEntryStr {
- SECItem serialNumber;
- SECItem revocationDate;
- CERTCertExtension **extensions;
-};
-
-struct CERTCrlStr {
- PLArenaPool *arena;
- SECItem version;
- SECAlgorithmID signatureAlg;
- SECItem derName;
- CERTName name;
- SECItem lastUpdate;
- SECItem nextUpdate; /* optional for x.509 CRL */
- CERTCrlEntry **entries;
- CERTCertExtension **extensions;
- /* can't add anything there for binary backwards compatibility reasons */
-};
-
-struct CERTCrlKeyStr {
- SECItem derName;
- SECItem dummy; /* The decoder can not skip a primitive,
- this serves as a place holder for the
- decoder to finish its task only
- */
-};
-
-struct CERTSignedCrlStr {
- PLArenaPool *arena;
- CERTCrl crl;
- void *reserved1;
- PRBool reserved2;
- PRBool isperm;
- PRBool istemp;
- int referenceCount;
- CERTCertDBHandle *dbhandle;
- CERTSignedData signatureWrap; /* XXX */
- char *url;
- SECItem *derCrl;
- PK11SlotInfo *slot;
- CK_OBJECT_HANDLE pkcs11ID;
- void *opaque; /* do not touch */
-};
-
-struct CERTCrlHeadNodeStr {
- PLArenaPool *arena;
- CERTCertDBHandle *dbhandle;
- CERTCrlNode *first;
- CERTCrlNode *last;
-};
-
-struct CERTCrlNodeStr {
- CERTCrlNode *next;
- int type;
- CERTSignedCrl *crl;
-};
-
-/*
- * Array of X.500 Distinguished Names
- */
-struct CERTDistNamesStr {
- PLArenaPool *arena;
- int nnames;
- SECItem *names;
- void *head; /* private */
-};
-
-#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
-#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
-#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
-#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
-#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
-#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
-#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
-#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
-
-#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
-#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
-
-#define NS_CERT_TYPE_APP \
- (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
- NS_CERT_TYPE_OBJECT_SIGNING)
-
-#define NS_CERT_TYPE_CA \
- (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | \
- NS_CERT_TYPE_OBJECT_SIGNING_CA | EXT_KEY_USAGE_STATUS_RESPONDER)
-typedef enum SECCertUsageEnum {
- certUsageSSLClient = 0,
- certUsageSSLServer = 1,
- certUsageSSLServerWithStepUp = 2,
- certUsageSSLCA = 3,
- certUsageEmailSigner = 4,
- certUsageEmailRecipient = 5,
- certUsageObjectSigner = 6,
- certUsageUserCertImport = 7,
- certUsageVerifyCA = 8,
- certUsageProtectedObjectSigner = 9,
- certUsageStatusResponder = 10,
- certUsageAnyCA = 11
-} SECCertUsage;
-
-typedef PRInt64 SECCertificateUsage;
-
-#define certificateUsageCheckAllUsages (0x0000)
-#define certificateUsageSSLClient (0x0001)
-#define certificateUsageSSLServer (0x0002)
-#define certificateUsageSSLServerWithStepUp (0x0004)
-#define certificateUsageSSLCA (0x0008)
-#define certificateUsageEmailSigner (0x0010)
-#define certificateUsageEmailRecipient (0x0020)
-#define certificateUsageObjectSigner (0x0040)
-#define certificateUsageUserCertImport (0x0080)
-#define certificateUsageVerifyCA (0x0100)
-#define certificateUsageProtectedObjectSigner (0x0200)
-#define certificateUsageStatusResponder (0x0400)
-#define certificateUsageAnyCA (0x0800)
-
-#define certificateUsageHighest certificateUsageAnyCA
-
-/*
- * Does the cert belong to the user, a peer, or a CA.
- */
-typedef enum CERTCertOwnerEnum {
- certOwnerUser = 0,
- certOwnerPeer = 1,
- certOwnerCA = 2
-} CERTCertOwner;
-
-/*
- * This enum represents the state of validity times of a certificate
- */
-typedef enum SECCertTimeValidityEnum {
- secCertTimeValid = 0,
- secCertTimeExpired = 1,
- secCertTimeNotValidYet = 2,
- secCertTimeUndetermined = 3 /* validity could not be decoded from the
- cert, most likely because it was NULL */
-} SECCertTimeValidity;
-
-/*
- * This is used as return status in functions that compare the validity
- * periods of two certificates A and B, currently only
- * CERT_CompareValidityTimes.
- */
-
-typedef enum CERTCompareValidityStatusEnum {
- certValidityUndetermined = 0, /* the function is unable to select one cert
- over another */
- certValidityChooseB = 1, /* cert B should be preferred */
- certValidityEqual = 2, /* both certs have the same validity period */
- certValidityChooseA = 3 /* cert A should be preferred */
-} CERTCompareValidityStatus;
-
-/*
- * Interface for getting certificate nickname strings out of the database
- */
-
-/* these are values for the what argument below */
-#define SEC_CERT_NICKNAMES_ALL 1
-#define SEC_CERT_NICKNAMES_USER 2
-#define SEC_CERT_NICKNAMES_SERVER 3
-#define SEC_CERT_NICKNAMES_CA 4
-
-struct CERTCertNicknamesStr {
- PLArenaPool *arena;
- void *head;
- int numnicknames;
- char **nicknames;
- int what;
- int totallen;
-};
-
-struct CERTIssuerAndSNStr {
- SECItem derIssuer;
- CERTName issuer;
- SECItem serialNumber;
-};
-
-/* X.509 v3 Key Usage Extension flags */
-#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
-#define KU_NON_REPUDIATION (0x40) /* bit 1 */
-#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
-#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
-#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
-#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
-#define KU_CRL_SIGN (0x02) /* bit 6 */
-#define KU_ENCIPHER_ONLY (0x01) /* bit 7 */
-#define KU_ALL \
- (KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT | \
- KU_DATA_ENCIPHERMENT | KU_KEY_AGREEMENT | KU_KEY_CERT_SIGN | \
- KU_CRL_SIGN | KU_ENCIPHER_ONLY)
-
-/* This value will not occur in certs. It is used internally for the case
- * when either digital signature or non-repudiation is the correct value.
- */
-#define KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION (0x2000)
-
-/* This value will not occur in certs. It is used internally for the case
- * when the key type is not know ahead of time and either key agreement or
- * key encipherment are the correct value based on key type
- */
-#define KU_KEY_AGREEMENT_OR_ENCIPHERMENT (0x4000)
-
-/* internal bits that do not match bits in the x509v3 spec, but are used
- * for similar purposes
- */
-#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
-/*
-* x.509 v3 Basic Constraints Extension
-* If isCA is false, the pathLenConstraint is ignored.
-* Otherwise, the following pathLenConstraint values will apply:
-* < 0 - there is no limit to the certificate path
-* 0 - CA can issues end-entity certificates only
-* > 0 - the number of certificates in the certificate path is
-* limited to this number
-*/
-#define CERT_UNLIMITED_PATH_CONSTRAINT -2
-
-struct CERTBasicConstraintsStr {
- PRBool isCA; /* on if is CA */
- int pathLenConstraint; /* maximum number of certificates that can be
- in the cert path. Only applies to a CA
- certificate; otherwise, it's ignored.
- */
-};
-
-/* Maximum length of a certificate chain */
-#define CERT_MAX_CERT_CHAIN 20
-
-#define CERT_MAX_SERIAL_NUMBER_BYTES 20 /* from RFC 3280 */
-#define CERT_MAX_DN_BYTES 4096 /* arbitrary */
-
-/* x.509 v3 Reason Flags, used in CRLDistributionPoint Extension */
-#define RF_UNUSED (0x80) /* bit 0 */
-#define RF_KEY_COMPROMISE (0x40) /* bit 1 */
-#define RF_CA_COMPROMISE (0x20) /* bit 2 */
-#define RF_AFFILIATION_CHANGED (0x10) /* bit 3 */
-#define RF_SUPERSEDED (0x08) /* bit 4 */
-#define RF_CESSATION_OF_OPERATION (0x04) /* bit 5 */
-#define RF_CERTIFICATE_HOLD (0x02) /* bit 6 */
-
-/* enum for CRL Entry Reason Code */
-typedef enum CERTCRLEntryReasonCodeEnum {
- crlEntryReasonUnspecified = 0,
- crlEntryReasonKeyCompromise = 1,
- crlEntryReasonCaCompromise = 2,
- crlEntryReasonAffiliationChanged = 3,
- crlEntryReasonSuperseded = 4,
- crlEntryReasonCessationOfOperation = 5,
- crlEntryReasoncertificatedHold = 6,
- crlEntryReasonRemoveFromCRL = 8,
- crlEntryReasonPrivilegeWithdrawn = 9,
- crlEntryReasonAaCompromise = 10
-} CERTCRLEntryReasonCode;
-
-/* If we needed to extract the general name field, use this */
-/* General Name types */
-typedef enum CERTGeneralNameTypeEnum {
- certOtherName = 1,
- certRFC822Name = 2,
- certDNSName = 3,
- certX400Address = 4,
- certDirectoryName = 5,
- certEDIPartyName = 6,
- certURI = 7,
- certIPAddress = 8,
- certRegisterID = 9
-} CERTGeneralNameType;
-
-typedef struct OtherNameStr {
- SECItem name;
- SECItem oid;
-} OtherName;
-
-struct CERTGeneralNameStr {
- CERTGeneralNameType type; /* name type */
- union {
- CERTName directoryName; /* distinguish name */
- OtherName OthName; /* Other Name */
- SECItem other; /* the rest of the name forms */
- } name;
- SECItem derDirectoryName; /* this is saved to simplify directory name
- comparison */
- PRCList l;
-};
-
-struct CERTGeneralNameListStr {
- PLArenaPool *arena;
- CERTGeneralName *name;
- int refCount;
- int len;
- PZLock *lock;
-};
-
-struct CERTNameConstraintStr {
- CERTGeneralName name;
- SECItem DERName;
- SECItem min;
- SECItem max;
- PRCList l;
-};
-
-struct CERTNameConstraintsStr {
- CERTNameConstraint *permited;
- CERTNameConstraint *excluded;
- SECItem **DERPermited;
- SECItem **DERExcluded;
-};
-
-/* Private Key Usage Period extension struct. */
-struct CERTPrivKeyUsagePeriodStr {
- SECItem notBefore;
- SECItem notAfter;
- PLArenaPool *arena;
-};
-
-/* X.509 v3 Authority Key Identifier extension. For the authority certificate
- issuer field, we only support URI now.
- */
-struct CERTAuthKeyIDStr {
- SECItem keyID; /* unique key identifier */
- CERTGeneralName *authCertIssuer; /* CA's issuer name. End with a NULL */
- SECItem authCertSerialNumber; /* CA's certificate serial number */
- SECItem **DERAuthCertIssuer; /* This holds the DER encoded format of
- the authCertIssuer field. It is used
- by the encoding engine. It should be
- used as a read only field by the caller.
- */
-};
-
-/* x.509 v3 CRL Distributeion Point */
-
-/*
- * defined the types of CRL Distribution points
- */
-typedef enum DistributionPointTypesEnum {
- generalName = 1, /* only support this for now */
- relativeDistinguishedName = 2
-} DistributionPointTypes;
-
-struct CRLDistributionPointStr {
- DistributionPointTypes distPointType;
- union {
- CERTGeneralName *fullName;
- CERTRDN relativeName;
- } distPoint;
- SECItem reasons;
- CERTGeneralName *crlIssuer;
-
- /* Reserved for internal use only*/
- SECItem derDistPoint;
- SECItem derRelativeName;
- SECItem **derCrlIssuer;
- SECItem **derFullName;
- SECItem bitsmap;
-};
-
-struct CERTCrlDistributionPointsStr {
- CRLDistributionPoint **distPoints;
-};
-
-/*
- * This structure is used to keep a log of errors when verifying
- * a cert chain. This allows multiple errors to be reported all at
- * once.
- */
-struct CERTVerifyLogNodeStr {
- CERTCertificate *cert; /* what cert had the error */
- long error; /* what error was it? */
- unsigned int depth; /* how far up the chain are we */
- void *arg; /* error specific argument */
- struct CERTVerifyLogNodeStr *next; /* next in the list */
- struct CERTVerifyLogNodeStr *prev; /* next in the list */
-};
-
-struct CERTVerifyLogStr {
- PLArenaPool *arena;
- unsigned int count;
- struct CERTVerifyLogNodeStr *head;
- struct CERTVerifyLogNodeStr *tail;
-};
-
-struct CERTOKDomainNameStr {
- CERTOKDomainName *next;
- char name[1]; /* actual length may be longer. */
-};
-
-typedef SECStatus(PR_CALLBACK *CERTStatusChecker)(CERTCertDBHandle *handle,
- CERTCertificate *cert,
- PRTime time, void *pwArg);
-
-typedef SECStatus(PR_CALLBACK *CERTStatusDestroy)(CERTStatusConfig *handle);
-
-struct CERTStatusConfigStr {
- CERTStatusChecker statusChecker; /* NULL means no checking enabled */
- CERTStatusDestroy statusDestroy; /* enabled or no, will clean up */
- void *statusContext; /* cx specific to checking protocol */
-};
-
-struct CERTAuthInfoAccessStr {
- SECItem method;
- SECItem derLocation;
- CERTGeneralName *location; /* decoded location */
-};
-
-/* This is the typedef for the callback passed to CERT_OpenCertDB() */
-/* callback to return database name based on version number */
-typedef char *(*CERTDBNameFunc)(void *arg, int dbVersion);
-
-/*
- * types of cert packages that we can decode
- */
-typedef enum CERTPackageTypeEnum {
- certPackageNone = 0,
- certPackageCert = 1,
- certPackagePKCS7 = 2,
- certPackageNSCertSeq = 3,
- certPackageNSCertWrap = 4
-} CERTPackageType;
-
-/*
- * these types are for the PKIX Certificate Policies extension
- */
-typedef struct {
- SECOidTag oid;
- SECItem qualifierID;
- SECItem qualifierValue;
-} CERTPolicyQualifier;
-
-typedef struct {
- SECOidTag oid;
- SECItem policyID;
- CERTPolicyQualifier **policyQualifiers;
-} CERTPolicyInfo;
-
-typedef struct {
- PLArenaPool *arena;
- CERTPolicyInfo **policyInfos;
-} CERTCertificatePolicies;
-
-typedef struct {
- SECItem organization;
- SECItem **noticeNumbers;
-} CERTNoticeReference;
-
-typedef struct {
- PLArenaPool *arena;
- CERTNoticeReference noticeReference;
- SECItem derNoticeReference;
- SECItem displayText;
-} CERTUserNotice;
-
-typedef struct {
- PLArenaPool *arena;
- SECItem **oids;
-} CERTOidSequence;
-
-/*
- * these types are for the PKIX Policy Mappings extension
- */
-typedef struct {
- SECItem issuerDomainPolicy;
- SECItem subjectDomainPolicy;
-} CERTPolicyMap;
-
-typedef struct {
- PLArenaPool *arena;
- CERTPolicyMap **policyMaps;
-} CERTCertificatePolicyMappings;
-
-/*
- * these types are for the PKIX inhibitAnyPolicy extension
- */
-typedef struct {
- SECItem inhibitAnySkipCerts;
-} CERTCertificateInhibitAny;
-
-/*
- * these types are for the PKIX Policy Constraints extension
- */
-typedef struct {
- SECItem explicitPolicySkipCerts;
- SECItem inhibitMappingSkipCerts;
-} CERTCertificatePolicyConstraints;
-
-/*
- * These types are for the validate chain callback param.
- *
- * CERTChainVerifyCallback is an application-supplied callback that can be used
- * to augment libpkix's certificate chain validation with additional
- * application-specific checks. It may be called multiple times if there are
- * multiple potentially-valid paths for the certificate being validated. This
- * callback is called before revocation checking is done on the certificates in
- * the given chain.
- *
- * - isValidChainArg contains the application-provided opaque argument
- * - currentChain is the currently validated chain. It is ordered with the leaf
- * certificate at the head and the trust anchor at the tail.
- *
- * The callback should set *chainOK = PR_TRUE and return SECSuccess if the
- * certificate chain is acceptable. It should set *chainOK = PR_FALSE and
- * return SECSuccess if the chain is unacceptable, to indicate that the given
- * chain is bad and path building should continue. It should return SECFailure
- * to indicate an fatal error that will cause path validation to fail
- * immediately.
- */
-typedef SECStatus (*CERTChainVerifyCallbackFunc)(
- void *isChainValidArg, const CERTCertList *currentChain, PRBool *chainOK);
-
-/*
- * Note: If extending this structure, it will be necessary to change the
- * associated CERTValParamInType
- */
-typedef struct {
- CERTChainVerifyCallbackFunc isChainValid;
- void *isChainValidArg;
-} CERTChainVerifyCallback;
-
-/*
- * these types are for the CERT_PKIX* Verification functions
- * These are all optional parameters.
- */
-
-typedef enum {
- cert_pi_end = 0, /* SPECIAL: signifies end of array of
- * CERTValParam* */
- cert_pi_nbioContext = 1, /* specify a non-blocking IO context used to
- * resume a session. If this argument is
- * specified, no other arguments should be.
- * Specified in value.pointer.p. If the
- * operation completes the context will be
- * freed. */
- cert_pi_nbioAbort = 2, /* specify a non-blocking IO context for an
- * existing operation which the caller wants
- * to abort. If this argument is
- * specified, no other arguments should be.
- * Specified in value.pointer.p. If the
- * operation succeeds the context will be
- * freed. */
- cert_pi_certList = 3, /* specify the chain to validate against. If
- * this value is given, then the path
- * construction step in the validation is
- * skipped. Specified in value.pointer.chain */
- cert_pi_policyOID = 4, /* validate certificate for policy OID.
- * Specified in value.array.oids. Cert must
- * be good for at least one OID in order
- * to validate. Default is that the user is not
- * concerned about certificate policy. */
- cert_pi_policyFlags = 5, /* flags for each policy specified in policyOID.
- * Specified in value.scalar.ul. Policy flags
- * apply to all specified oids.
- * Use CERT_POLICY_FLAG_* macros below. If not
- * specified policy flags default to 0 */
- cert_pi_keyusage = 6, /* specify what the keyusages the certificate
- * will be evaluated against, specified in
- * value.scalar.ui. The cert must validate for
- * at least one of the specified key usages.
- * Values match the KU_ bit flags defined
- * in this file. Default is derived from
- * the 'usages' function argument */
- cert_pi_extendedKeyusage = 7, /* specify what the required extended key
- * usage of the certificate. Specified as
- * an array of oidTags in value.array.oids.
- * The cert must validate for at least one
- * of the specified extended key usages.
- * If not specified, no extended key usages
- * will be checked. */
- cert_pi_date = 8, /* validate certificate is valid as of date
- * specified in value.scalar.time. A special
- * value '0' indicates 'now'. default is '0' */
- cert_pi_revocationFlags = 9, /* Specify what revocation checking to do.
- * See CERT_REV_FLAG_* macros below
- * Set in value.pointer.revocation */
- cert_pi_certStores = 10, /* Bitmask of Cert Store flags (see below)
- * Set in value.scalar.ui */
- cert_pi_trustAnchors =
- 11, /* Specify the list of trusted roots to
- * validate against.
- * The default set of trusted roots, these are
- * root CA certs from libnssckbi.so or CA
- * certs trusted by user, are used in any of
- * the following cases:
- * * when the parameter is not set.
- * * when the list of trust anchors is
- * empty.
- * Note that this handling can be further
- * altered by altering the
- * cert_pi_useOnlyTrustAnchors flag
- * Specified in value.pointer.chain */
- cert_pi_useAIACertFetch = 12, /* Enables cert fetching using AIA extension.
- * In NSS 3.12.1 or later. Default is off.
- * Value is in value.scalar.b */
- cert_pi_chainVerifyCallback = 13,
- /* The callback container for doing extra
- * validation on the currently calculated chain.
- * Value is in value.pointer.chainVerifyCallback */
- cert_pi_useOnlyTrustAnchors = 14,
- /* If true, disables trusting any
- * certificates other than the ones passed in via cert_pi_trustAnchors.
- * If false, then the certificates specified via cert_pi_trustAnchors
- * will be combined with the pre-existing trusted roots, but only
- * for the certificate validation being performed.
- * If no value has been supplied via cert_pi_trustAnchors, this has
- * no effect.
- * The default value is true, meaning if this is not supplied, only
- * trust anchors supplied via cert_pi_trustAnchors are trusted.
- * Specified in value.scalar.b */
- cert_pi_max /* SPECIAL: signifies maximum allowed value,
- * can increase in future releases */
-} CERTValParamInType;
-
-/*
- * for all out parameters:
- * out parameters are only returned if the caller asks for them in
- * the CERTValOutParam array. Caller is responsible for the CERTValOutParam
- * array itself. The pkix verify function will allocate and other arrays
- * pointers, or objects. The Caller is responsible for freeing those results.
- * If SECWouldBlock is returned, only cert_pi_nbioContext is returned.
- */
-typedef enum {
- cert_po_end = 0, /* SPECIAL: signifies end of array of
- * CERTValParam* */
- cert_po_nbioContext = 1, /* Return a nonblocking context. If no
- * non-blocking context is specified, then
- * blocking IO will be used.
- * Returned in value.pointer.p. The context is
- * freed after an abort or a complete operation.
- * This value is only returned on SECWouldBlock.
- */
- cert_po_trustAnchor = 2, /* Return the trust anchor for the chain that
- * was validated. Returned in
- * value.pointer.cert, this value is only
- * returned on SECSuccess. */
- cert_po_certList = 3, /* Return the entire chain that was validated.
- * Returned in value.pointer.certList. If no
- * chain could be constructed, this value
- * would be NULL. */
- cert_po_policyOID = 4, /* Return the policies that were found to be
- * valid. Returned in value.array.oids as an
- * array. This is only returned on
- * SECSuccess. */
- cert_po_errorLog = 5, /* Return a log of problems with the chain.
- * Returned in value.pointer.log */
- cert_po_usages = 6, /* Return what usages the certificate is valid
- for. Returned in value.scalar.usages */
- cert_po_keyUsage = 7, /* Return what key usages the certificate
- * is valid for.
- * Returned in value.scalar.usage */
- cert_po_extendedKeyusage = 8, /* Return what extended key usages the
- * certificate is valid for.
- * Returned in value.array.oids */
- cert_po_max /* SPECIAL: signifies maximum allowed value,
- * can increase in future releases */
-
-} CERTValParamOutType;
-
-typedef enum {
- cert_revocation_method_crl = 0,
- cert_revocation_method_ocsp,
- cert_revocation_method_count
-} CERTRevocationMethodIndex;
-
-/*
- * The following flags are supposed to be used to control bits in
- * each integer contained in the array pointed to be:
- * CERTRevocationTests.cert_rev_flags_per_method
- * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
- * this is a method dependent flag.
- */
-
-/*
- * Whether or not to use a method for revocation testing.
- * If set to "do not test", then all other flags are ignored.
- */
-#define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0UL
-#define CERT_REV_M_TEST_USING_THIS_METHOD 1UL
-
-/*
- * Whether or not NSS is allowed to attempt to fetch fresh information
- * from the network.
- * (Although fetching will never happen if fresh information for the
- * method is already locally available.)
- */
-#define CERT_REV_M_ALLOW_NETWORK_FETCHING 0UL
-#define CERT_REV_M_FORBID_NETWORK_FETCHING 2UL
-
-/*
- * Example for an implicit default source:
- * The globally configured default OCSP responder.
- * IGNORE means:
- * ignore the implicit default source, whether it's configured or not.
- * ALLOW means:
- * if an implicit default source is configured,
- * then it overrides any available or missing source in the cert.
- * if no implicit default source is configured,
- * then we continue to use what's available (or not available)
- * in the certs.
- */
-#define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0UL
-#define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4UL
-
-/*
- * Defines the behavior if no fresh information is available,
- * fetching from the network is allowed, but the source of revocation
- * information is unknown (even after considering implicit sources,
- * if allowed by other flags).
- * SKIPT_TEST means:
- * We ignore that no fresh information is available and
- * skip this test.
- * REQUIRE_INFO means:
- * We still require that fresh information is available.
- * Other flags define what happens on missing fresh info.
- */
-#define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0UL
-#define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8UL
-
-/*
- * Defines the behavior if we are unable to obtain fresh information.
- * INGORE means:
- * Return "cert status unknown"
- * FAIL means:
- * Return "cert revoked".
- */
-#define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0UL
-#define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16UL
-
-/*
- * What should happen if we were able to find fresh information using
- * this method, and the data indicated the cert is good?
- * STOP_TESTING means:
- * Our success is sufficient, do not continue testing
- * other methods.
- * CONTINUE_TESTING means:
- * We will continue and test the next allowed
- * specified method.
- */
-#define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0UL
-#define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32UL
-
-/* When this flag is used, libpkix will never attempt to use the GET HTTP
- * method for OCSP requests; it will always use POST.
- */
-#define CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP 64UL
-
-/*
- * The following flags are supposed to be used to control bits in
- * CERTRevocationTests.cert_rev_method_independent_flags
- * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
- * this is a method independent flag.
- */
-
-/*
- * This defines the order to checking.
- * EACH_METHOD_SEPARATELY means:
- * Do all tests related to a particular allowed method
- * (both local information and network fetching) in a single step.
- * Only after testing for a particular method is done,
- * then switching to the next method will happen.
- * ALL_LOCAL_INFORMATION_FIRST means:
- * Start by testing the information for all allowed methods
- * which are already locally available. Only after that is done
- * consider to fetch from the network (as allowed by other flags).
- */
-#define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0UL
-#define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1UL
-
-/*
- * Use this flag to specify that it's necessary that fresh information
- * is available for at least one of the allowed methods, but it's
- * irrelevant which of the mechanisms succeeded.
- * NO_OVERALL_INFO_REQUIREMENT means:
- * We strictly follow the requirements for each individual method.
- * REQUIRE_SOME_FRESH_INFO_AVAILABLE means:
- * After the individual tests have been executed, we must have
- * been able to find fresh information using at least one method.
- * If we were unable to find fresh info, it's a failure.
- * This setting overrides the CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
- * flag on all methods.
- */
-#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL
-#define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2UL
-
-typedef struct {
- /*
- * The size of the array that cert_rev_flags_per_method points to,
- * meaning, the number of methods that are known and defined
- * by the caller.
- */
- PRUint32 number_of_defined_methods;
-
- /*
- * A pointer to an array of integers.
- * Each integer defines revocation checking for a single method,
- * by having individual CERT_REV_M_* bits set or not set.
- * The meaning of index numbers into this array are defined by
- * enum CERTRevocationMethodIndex
- * The size of the array must be specified by the caller in the separate
- * variable number_of_defined_methods.
- * The size of the array may be smaller than
- * cert_revocation_method_count, it can happen if a caller
- * is not yet aware of the latest revocation methods
- * (or does not want to use them).
- */
- PRUint64 *cert_rev_flags_per_method;
-
- /*
- * How many preferred methods are specified?
- * This is equivalent to the size of the array that
- * preferred_methods points to.
- * It's allowed to set this value to zero,
- * then NSS will decide which methods to prefer.
- */
- PRUint32 number_of_preferred_methods;
-
- /* Array that may specify an optional order of preferred methods.
- * Each array entry shall contain a method identifier as defined
- * by CERTRevocationMethodIndex.
- * The entry at index [0] specifies the method with highest preference.
- * These methods will be tested first for locally available information.
- * Methods allowed for downloading will be attempted in the same order.
- */
- CERTRevocationMethodIndex *preferred_methods;
-
- /*
- * An integer which defines certain aspects of revocation checking
- * (independent of individual methods) by having individual
- * CERT_REV_MI_* bits set or not set.
- */
- PRUint64 cert_rev_method_independent_flags;
-} CERTRevocationTests;
-
-typedef struct {
- CERTRevocationTests leafTests;
- CERTRevocationTests chainTests;
-} CERTRevocationFlags;
-
-typedef struct CERTValParamInValueStr {
- union {
- PRBool b;
- PRInt32 i;
- PRUint32 ui;
- PRInt64 l;
- PRUint64 ul;
- PRTime time;
- } scalar;
- union {
- const void *p;
- const char *s;
- const CERTCertificate *cert;
- const CERTCertList *chain;
- const CERTRevocationFlags *revocation;
- const CERTChainVerifyCallback *chainVerifyCallback;
- } pointer;
- union {
- const PRInt32 *pi;
- const PRUint32 *pui;
- const PRInt64 *pl;
- const PRUint64 *pul;
- const SECOidTag *oids;
- } array;
- int arraySize;
-} CERTValParamInValue;
-
-typedef struct CERTValParamOutValueStr {
- union {
- PRBool b;
- PRInt32 i;
- PRUint32 ui;
- PRInt64 l;
- PRUint64 ul;
- SECCertificateUsage usages;
- } scalar;
- union {
- void *p;
- char *s;
- CERTVerifyLog *log;
- CERTCertificate *cert;
- CERTCertList *chain;
- } pointer;
- union {
- void *p;
- SECOidTag *oids;
- } array;
- int arraySize;
-} CERTValParamOutValue;
-
-typedef struct {
- CERTValParamInType type;
- CERTValParamInValue value;
-} CERTValInParam;
-
-typedef struct {
- CERTValParamOutType type;
- CERTValParamOutValue value;
-} CERTValOutParam;
-
-/*
- * Levels of standards conformance strictness for CERT_NameToAsciiInvertible
- */
-typedef enum CertStrictnessLevels {
- CERT_N2A_READABLE = 0, /* maximum human readability */
- CERT_N2A_STRICT = 10, /* strict RFC compliance */
- CERT_N2A_INVERTIBLE = 20 /* maximum invertibility,
- all DirectoryStrings encoded in hex */
-} CertStrictnessLevel;
-
-/*
- * policy flag defines
- */
-#define CERT_POLICY_FLAG_NO_MAPPING 1
-#define CERT_POLICY_FLAG_EXPLICIT 2
-#define CERT_POLICY_FLAG_NO_ANY 4
-
-/*
- * CertStore flags
- */
-#define CERT_ENABLE_LDAP_FETCH 1
-#define CERT_ENABLE_HTTP_FETCH 2
-
-/* This functin pointer type may be used for any function that takes
- * a CERTCertificate * and returns an allocated string, which must be
- * freed by a call to PORT_Free.
- */
-typedef char *(*CERT_StringFromCertFcn)(CERTCertificate *cert);
-
-/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
-
-#include "secasn1t.h" /* way down here because I expect template stuff to
- * move out of here anyway */
-
-SEC_BEGIN_PROTOS
-
-extern const SEC_ASN1Template CERT_CertificateRequestTemplate[];
-extern const SEC_ASN1Template CERT_CertificateTemplate[];
-extern const SEC_ASN1Template SEC_SignedCertificateTemplate[];
-extern const SEC_ASN1Template CERT_CertExtensionTemplate[];
-extern const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[];
-extern const SEC_ASN1Template SECKEY_PublicKeyTemplate[];
-extern const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[];
-extern const SEC_ASN1Template CERT_TimeChoiceTemplate[];
-extern const SEC_ASN1Template CERT_ValidityTemplate[];
-extern const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[];
-extern const SEC_ASN1Template SEC_CertSequenceTemplate[];
-
-extern const SEC_ASN1Template CERT_IssuerAndSNTemplate[];
-extern const SEC_ASN1Template CERT_NameTemplate[];
-extern const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[];
-extern const SEC_ASN1Template CERT_RDNTemplate[];
-extern const SEC_ASN1Template CERT_SignedDataTemplate[];
-extern const SEC_ASN1Template CERT_CrlTemplate[];
-extern const SEC_ASN1Template CERT_SignedCrlTemplate[];
-
-/*
-** XXX should the attribute stuff be centralized for all of ns/security?
-*/
-extern const SEC_ASN1Template CERT_AttributeTemplate[];
-extern const SEC_ASN1Template CERT_SetOfAttributeTemplate[];
-
-/* These functions simply return the address of the above-declared templates.
-** This is necessary for Windows DLLs. Sigh.
-*/
-SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateRequestTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_CrlTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_NameTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_SequenceOfCertExtensionTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_SubjectPublicKeyInfoTemplate)
-SEC_ASN1_CHOOSER_DECLARE(SEC_SignedCertificateTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_SignedCrlTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_TimeChoiceTemplate)
-
-SEC_END_PROTOS
-
-#endif /* _CERTT_H_ */
« no previous file with comments | « nss/lib/certdb/certi.h ('k') | nss/lib/certdb/certv3.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698