The Tor Browser: security/nss/lib/pki/pkit.h@7e26c7da4463 (annotated)

security/nss/lib/pki/pkit.h@7e26c7da4463 (annotated)

security/nss/lib/pki/pkit.h

Wed, 31 Dec 2014 06:55:50 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:55:50 +0100
changeset 2: 7e26c7da4463
permissions: -rw-r--r--

Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef PKIT_H
 #define PKIT_H
 /*
  * pkit.h
  *
  * This file contains definitions for the types of the top-level PKI objects.
  */
 #ifndef NSSBASET_H
 #include "nssbaset.h"
 #endif /* NSSBASET_H */
 #ifndef BASET_H
 #include "baset.h"
 #endif /* BASET_H */
 #include "certt.h"
 #include "pkcs11t.h"
 #ifndef NSSPKIT_H
 #include "nsspkit.h"
 #endif /* NSSPKIT_H */
 #ifndef NSSDEVT_H
 #include "nssdevt.h"
 #endif /* NSSDEVT_H */
 #ifndef DEVT_H
 #include "devt.h"
 #endif /* DEVT_H */
 #ifndef nssrwlkt_h__
 #include "nssrwlkt.h"
 #endif /* nssrwlkt_h__ */
 PR_BEGIN_EXTERN_C
 /*
  * A note on ephemeral certs
  *
  * The key objects defined here can only be created on tokens, and can only
  * exist on tokens.  Therefore, any instance of a key object must have
  * a corresponding cryptoki instance.  OTOH, certificates created in
  * crypto contexts need not be stored as session objects on the token.
  * There are good performance reasons for not doing so.  The certificate
  * and trust objects have been defined with a cryptoContext field to
  * allow for ephemeral certs, which may have a single instance in a crypto
  * context along with any number (including zero) of cryptoki instances.
  * Since contexts may not share objects, there can be only one context
  * for each object.
  */
 typedef enum {
     nssPKILock = 1,
     nssPKIMonitor = 2
 } nssPKILockType;
 /* nssPKIObject
  *
  * This is the base object class, common to all PKI objects defined in
  * nsspkit.h
  */
 struct nssPKIObjectStr
 {
     /* The arena for all object memory */
     NSSArena *arena;
     /* Atomically incremented/decremented reference counting */
     PRInt32 refCount;
     /* lock protects the array of nssCryptokiInstance's of the object */
     union {
         PZLock* lock;
         PZMonitor *mlock;
     } sync;
     nssPKILockType lockType;
     /* XXX with LRU cache, this cannot be guaranteed up-to-date.  It cannot
      * be compared against the update level of the trust domain, since it is
      * also affected by import/export.  Where is this array needed?
      */
     nssCryptokiObject **instances;
     PRUint32 numInstances;
     /* The object must live in a trust domain */
     NSSTrustDomain *trustDomain;
     /* The object may live in a crypto context */
     NSSCryptoContext *cryptoContext;
     /* XXX added so temp certs can have nickname, think more ... */
     NSSUTF8 *tempName;
 };
 typedef struct nssDecodedCertStr nssDecodedCert;
 typedef struct nssCertificateStoreStr nssCertificateStore;
 /* How wide is the scope of this? */
 typedef struct nssSMIMEProfileStr nssSMIMEProfile;
 typedef struct nssPKIObjectStr nssPKIObject;
 struct NSSTrustStr
 {
     nssPKIObject object;
     NSSCertificate *certificate;
     nssTrustLevel serverAuth;
     nssTrustLevel clientAuth;
     nssTrustLevel emailProtection;
     nssTrustLevel codeSigning;
     PRBool stepUpApproved;
 };
 struct nssSMIMEProfileStr
 {
     nssPKIObject object;
     NSSCertificate *certificate;
     NSSASCII7 *email;
     NSSDER *subject;
     NSSItem *profileTime;
     NSSItem *profileData;
 };
 struct NSSCertificateStr
 {
     nssPKIObject object;
     NSSCertificateType type;
     NSSItem id;
     NSSBER encoding;
     NSSDER issuer;
     NSSDER subject;
     NSSDER serial;
     NSSASCII7 *email;
     nssDecodedCert *decoding;
 };
 struct NSSPrivateKeyStr;
 struct NSSPublicKeyStr;
 struct NSSSymmetricKeyStr;
 typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
 struct NSSTrustDomainStr {
     PRInt32 refCount;
     NSSArena *arena;
     NSSCallback *defaultCallback;
     nssList *tokenList;
     nssListIterator *tokens;
     nssTDCertificateCache *cache;
     NSSRWLock *tokensLock;
     void *spkDigestInfo;
     CERTStatusConfig *statusConfig;
 };
 struct NSSCryptoContextStr
 {
     PRInt32 refCount;
     NSSArena *arena;
     NSSTrustDomain *td;
     NSSToken *token;
     nssSession *session;
     nssCertificateStore *certStore;
 };
 struct NSSTimeStr {
     PRTime prTime;
 };
 struct NSSCRLStr {
   nssPKIObject object;
   NSSDER encoding;
   NSSUTF8 *url;
   PRBool isKRL;
 };
 typedef struct NSSCRLStr NSSCRL;
 struct NSSPoliciesStr;
 struct NSSAlgorithmAndParametersStr;
 struct NSSPKIXCertificateStr;
 PR_END_EXTERN_C
 #endif /* PKIT_H */

The Tor Browser / annotate

security/nss/lib/pki/pkit.h@7e26c7da4463 (annotated)

security/nss/lib/pki/pkit.h