The Tor Browser / file comparison
comparison: security/nss/lib/pki/pkit.h
security/nss/lib/pki/pkit.h
- changeset 2
- 7e26c7da4463
equal
deleted
inserted
replaced
| -1:000000000000 | 0:8d28105b1153 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #ifndef PKIT_H | |
| 6 #define PKIT_H | |
| 7 | |
| 8 /* | |
| 9 * pkit.h | |
| 10 * | |
| 11 * This file contains definitions for the types of the top-level PKI objects. | |
| 12 */ | |
| 13 | |
| 14 #ifndef NSSBASET_H | |
| 15 #include "nssbaset.h" | |
| 16 #endif /* NSSBASET_H */ | |
| 17 | |
| 18 #ifndef BASET_H | |
| 19 #include "baset.h" | |
| 20 #endif /* BASET_H */ | |
| 21 | |
| 22 #include "certt.h" | |
| 23 #include "pkcs11t.h" | |
| 24 | |
| 25 #ifndef NSSPKIT_H | |
| 26 #include "nsspkit.h" | |
| 27 #endif /* NSSPKIT_H */ | |
| 28 | |
| 29 #ifndef NSSDEVT_H | |
| 30 #include "nssdevt.h" | |
| 31 #endif /* NSSDEVT_H */ | |
| 32 | |
| 33 #ifndef DEVT_H | |
| 34 #include "devt.h" | |
| 35 #endif /* DEVT_H */ | |
| 36 | |
| 37 #ifndef nssrwlkt_h__ | |
| 38 #include "nssrwlkt.h" | |
| 39 #endif /* nssrwlkt_h__ */ | |
| 40 | |
| 41 PR_BEGIN_EXTERN_C | |
| 42 | |
| 43 /* | |
| 44 * A note on ephemeral certs | |
| 45 * | |
| 46 * The key objects defined here can only be created on tokens, and can only | |
| 47 * exist on tokens. Therefore, any instance of a key object must have | |
| 48 * a corresponding cryptoki instance. OTOH, certificates created in | |
| 49 * crypto contexts need not be stored as session objects on the token. | |
| 50 * There are good performance reasons for not doing so. The certificate | |
| 51 * and trust objects have been defined with a cryptoContext field to | |
| 52 * allow for ephemeral certs, which may have a single instance in a crypto | |
| 53 * context along with any number (including zero) of cryptoki instances. | |
| 54 * Since contexts may not share objects, there can be only one context | |
| 55 * for each object. | |
| 56 */ | |
| 57 | |
| 58 typedef enum { | |
| 59 nssPKILock = 1, | |
| 60 nssPKIMonitor = 2 | |
| 61 } nssPKILockType; | |
| 62 | |
| 63 /* nssPKIObject | |
| 64 * | |
| 65 * This is the base object class, common to all PKI objects defined in | |
| 66 * nsspkit.h | |
| 67 */ | |
| 68 struct nssPKIObjectStr | |
| 69 { | |
| 70 /* The arena for all object memory */ | |
| 71 NSSArena *arena; | |
| 72 /* Atomically incremented/decremented reference counting */ | |
| 73 PRInt32 refCount; | |
| 74 /* lock protects the array of nssCryptokiInstance's of the object */ | |
| 75 union { | |
| 76 PZLock* lock; | |
| 77 PZMonitor *mlock; | |
| 78 } sync; | |
| 79 nssPKILockType lockType; | |
| 80 /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot | |
| 81 * be compared against the update level of the trust domain, since it is | |
| 82 * also affected by import/export. Where is this array needed? | |
| 83 */ | |
| 84 nssCryptokiObject **instances; | |
| 85 PRUint32 numInstances; | |
| 86 /* The object must live in a trust domain */ | |
| 87 NSSTrustDomain *trustDomain; | |
| 88 /* The object may live in a crypto context */ | |
| 89 NSSCryptoContext *cryptoContext; | |
| 90 /* XXX added so temp certs can have nickname, think more ... */ | |
| 91 NSSUTF8 *tempName; | |
| 92 }; | |
| 93 | |
| 94 typedef struct nssDecodedCertStr nssDecodedCert; | |
| 95 | |
| 96 typedef struct nssCertificateStoreStr nssCertificateStore; | |
| 97 | |
| 98 /* How wide is the scope of this? */ | |
| 99 typedef struct nssSMIMEProfileStr nssSMIMEProfile; | |
| 100 | |
| 101 typedef struct nssPKIObjectStr nssPKIObject; | |
| 102 | |
| 103 struct NSSTrustStr | |
| 104 { | |
| 105 nssPKIObject object; | |
| 106 NSSCertificate *certificate; | |
| 107 nssTrustLevel serverAuth; | |
| 108 nssTrustLevel clientAuth; | |
| 109 nssTrustLevel emailProtection; | |
| 110 nssTrustLevel codeSigning; | |
| 111 PRBool stepUpApproved; | |
| 112 }; | |
| 113 | |
| 114 struct nssSMIMEProfileStr | |
| 115 { | |
| 116 nssPKIObject object; | |
| 117 NSSCertificate *certificate; | |
| 118 NSSASCII7 *email; | |
| 119 NSSDER *subject; | |
| 120 NSSItem *profileTime; | |
| 121 NSSItem *profileData; | |
| 122 }; | |
| 123 | |
| 124 struct NSSCertificateStr | |
| 125 { | |
| 126 nssPKIObject object; | |
| 127 NSSCertificateType type; | |
| 128 NSSItem id; | |
| 129 NSSBER encoding; | |
| 130 NSSDER issuer; | |
| 131 NSSDER subject; | |
| 132 NSSDER serial; | |
| 133 NSSASCII7 *email; | |
| 134 nssDecodedCert *decoding; | |
| 135 }; | |
| 136 | |
| 137 struct NSSPrivateKeyStr; | |
| 138 | |
| 139 struct NSSPublicKeyStr; | |
| 140 | |
| 141 struct NSSSymmetricKeyStr; | |
| 142 | |
| 143 typedef struct nssTDCertificateCacheStr nssTDCertificateCache; | |
| 144 | |
| 145 struct NSSTrustDomainStr { | |
| 146 PRInt32 refCount; | |
| 147 NSSArena *arena; | |
| 148 NSSCallback *defaultCallback; | |
| 149 nssList *tokenList; | |
| 150 nssListIterator *tokens; | |
| 151 nssTDCertificateCache *cache; | |
| 152 NSSRWLock *tokensLock; | |
| 153 void *spkDigestInfo; | |
| 154 CERTStatusConfig *statusConfig; | |
| 155 }; | |
| 156 | |
| 157 struct NSSCryptoContextStr | |
| 158 { | |
| 159 PRInt32 refCount; | |
| 160 NSSArena *arena; | |
| 161 NSSTrustDomain *td; | |
| 162 NSSToken *token; | |
| 163 nssSession *session; | |
| 164 nssCertificateStore *certStore; | |
| 165 }; | |
| 166 | |
| 167 struct NSSTimeStr { | |
| 168 PRTime prTime; | |
| 169 }; | |
| 170 | |
| 171 struct NSSCRLStr { | |
| 172 nssPKIObject object; | |
| 173 NSSDER encoding; | |
| 174 NSSUTF8 *url; | |
| 175 PRBool isKRL; | |
| 176 }; | |
| 177 | |
| 178 typedef struct NSSCRLStr NSSCRL; | |
| 179 | |
| 180 struct NSSPoliciesStr; | |
| 181 | |
| 182 struct NSSAlgorithmAndParametersStr; | |
| 183 | |
| 184 struct NSSPKIXCertificateStr; | |
| 185 | |
| 186 PR_END_EXTERN_C | |
| 187 | |
| 188 #endif /* PKIT_H */ |
