1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pki/pkim.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,695 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef PKIM_H
1.9 +#define PKIM_H
1.10 +
1.11 +#ifndef BASE_H
1.12 +#include "base.h"
1.13 +#endif /* BASE_H */
1.14 +
1.15 +#ifndef PKI_H
1.16 +#include "pki.h"
1.17 +#endif /* PKI_H */
1.18 +
1.19 +#ifndef PKITM_H
1.20 +#include "pkitm.h"
1.21 +#endif /* PKITM_H */
1.22 +
1.23 +PR_BEGIN_EXTERN_C
1.24 +
1.25 +/* nssPKIObject
1.26 + *
1.27 + * This is the base object class, common to all PKI objects defined in
1.28 + * in this module. Each object can be safely 'casted' to an nssPKIObject,
1.29 + * then passed to these methods.
1.30 + *
1.31 + * nssPKIObject_Create
1.32 + * nssPKIObject_Destroy
1.33 + * nssPKIObject_AddRef
1.34 + * nssPKIObject_AddInstance
1.35 + * nssPKIObject_HasInstance
1.36 + * nssPKIObject_GetTokens
1.37 + * nssPKIObject_GetNicknameForToken
1.38 + * nssPKIObject_RemoveInstanceForToken
1.39 + * nssPKIObject_DeleteStoredObject
1.40 + */
1.41 +
1.42 +NSS_EXTERN void nssPKIObject_Lock (nssPKIObject * object);
1.43 +NSS_EXTERN void nssPKIObject_Unlock (nssPKIObject * object);
1.44 +NSS_EXTERN PRStatus nssPKIObject_NewLock (nssPKIObject * object,
1.45 + nssPKILockType lockType);
1.46 +NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject * object);
1.47 +
1.48 +/* nssPKIObject_Create
1.49 + *
1.50 + * A generic PKI object. It must live in a trust domain. It may be
1.51 + * initialized with a token instance, or alternatively in a crypto context.
1.52 + */
1.53 +NSS_EXTERN nssPKIObject *
1.54 +nssPKIObject_Create
1.55 +(
1.56 + NSSArena *arenaOpt,
1.57 + nssCryptokiObject *instanceOpt,
1.58 + NSSTrustDomain *td,
1.59 + NSSCryptoContext *ccOpt,
1.60 + nssPKILockType lockType
1.61 +);
1.62 +
1.63 +/* nssPKIObject_AddRef
1.64 + */
1.65 +NSS_EXTERN nssPKIObject *
1.66 +nssPKIObject_AddRef
1.67 +(
1.68 + nssPKIObject *object
1.69 +);
1.70 +
1.71 +/* nssPKIObject_Destroy
1.72 + *
1.73 + * Returns true if object was destroyed. This notifies the subclass that
1.74 + * all references are gone and it should delete any members it owns.
1.75 + */
1.76 +NSS_EXTERN PRBool
1.77 +nssPKIObject_Destroy
1.78 +(
1.79 + nssPKIObject *object
1.80 +);
1.81 +
1.82 +/* nssPKIObject_AddInstance
1.83 + *
1.84 + * Add a token instance to the object, if it does not have it already.
1.85 + */
1.86 +NSS_EXTERN PRStatus
1.87 +nssPKIObject_AddInstance
1.88 +(
1.89 + nssPKIObject *object,
1.90 + nssCryptokiObject *instance
1.91 +);
1.92 +
1.93 +/* nssPKIObject_HasInstance
1.94 + *
1.95 + * Query the object for a token instance.
1.96 + */
1.97 +NSS_EXTERN PRBool
1.98 +nssPKIObject_HasInstance
1.99 +(
1.100 + nssPKIObject *object,
1.101 + nssCryptokiObject *instance
1.102 +);
1.103 +
1.104 +/* nssPKIObject_GetTokens
1.105 + *
1.106 + * Get all tokens which have an instance of the object.
1.107 + */
1.108 +NSS_EXTERN NSSToken **
1.109 +nssPKIObject_GetTokens
1.110 +(
1.111 + nssPKIObject *object,
1.112 + PRStatus *statusOpt
1.113 +);
1.114 +
1.115 +/* nssPKIObject_GetNicknameForToken
1.116 + *
1.117 + * tokenOpt == NULL means take the first available, otherwise return the
1.118 + * nickname for the specified token.
1.119 + */
1.120 +NSS_EXTERN NSSUTF8 *
1.121 +nssPKIObject_GetNicknameForToken
1.122 +(
1.123 + nssPKIObject *object,
1.124 + NSSToken *tokenOpt
1.125 +);
1.126 +
1.127 +/* nssPKIObject_RemoveInstanceForToken
1.128 + *
1.129 + * Remove the instance of the object on the specified token.
1.130 + */
1.131 +NSS_EXTERN PRStatus
1.132 +nssPKIObject_RemoveInstanceForToken
1.133 +(
1.134 + nssPKIObject *object,
1.135 + NSSToken *token
1.136 +);
1.137 +
1.138 +/* nssPKIObject_DeleteStoredObject
1.139 + *
1.140 + * Delete all token instances of the object, as well as any crypto context
1.141 + * instances (TODO). If any of the instances are read-only, or if the
1.142 + * removal fails, the object will keep those instances. 'isFriendly' refers
1.143 + * to the object -- can this object be removed from a friendly token without
1.144 + * login? For example, certificates are friendly, private keys are not.
1.145 + * Note that if the token is not friendly, authentication will be required
1.146 + * regardless of the value of 'isFriendly'.
1.147 + */
1.148 +NSS_EXTERN PRStatus
1.149 +nssPKIObject_DeleteStoredObject
1.150 +(
1.151 + nssPKIObject *object,
1.152 + NSSCallback *uhh,
1.153 + PRBool isFriendly
1.154 +);
1.155 +
1.156 +NSS_EXTERN nssCryptokiObject **
1.157 +nssPKIObject_GetInstances
1.158 +(
1.159 + nssPKIObject *object
1.160 +);
1.161 +
1.162 +NSS_EXTERN NSSCertificate **
1.163 +nssTrustDomain_FindCertificatesByID
1.164 +(
1.165 + NSSTrustDomain *td,
1.166 + NSSItem *id,
1.167 + NSSCertificate **rvOpt,
1.168 + PRUint32 maximumOpt,
1.169 + NSSArena *arenaOpt
1.170 +);
1.171 +
1.172 +NSS_EXTERN NSSCRL **
1.173 +nssTrustDomain_FindCRLsBySubject
1.174 +(
1.175 + NSSTrustDomain *td,
1.176 + NSSDER *subject
1.177 +);
1.178 +
1.179 +/* module-private nsspki methods */
1.180 +
1.181 +NSS_EXTERN NSSCryptoContext *
1.182 +nssCryptoContext_Create
1.183 +(
1.184 + NSSTrustDomain *td,
1.185 + NSSCallback *uhhOpt
1.186 +);
1.187 +
1.188 +/* XXX for the collection */
1.189 +NSS_EXTERN NSSCertificate *
1.190 +nssCertificate_Create
1.191 +(
1.192 + nssPKIObject *object
1.193 +);
1.194 +
1.195 +NSS_EXTERN PRStatus
1.196 +nssCertificate_SetCertTrust
1.197 +(
1.198 + NSSCertificate *c,
1.199 + NSSTrust *trust
1.200 +);
1.201 +
1.202 +NSS_EXTERN nssDecodedCert *
1.203 +nssCertificate_GetDecoding
1.204 +(
1.205 + NSSCertificate *c
1.206 +);
1.207 +
1.208 +extern PRIntn
1.209 +nssCertificate_SubjectListSort
1.210 +(
1.211 + void *v1,
1.212 + void *v2
1.213 +);
1.214 +
1.215 +NSS_EXTERN nssDecodedCert *
1.216 +nssDecodedCert_Create
1.217 +(
1.218 + NSSArena *arenaOpt,
1.219 + NSSDER *encoding,
1.220 + NSSCertificateType type
1.221 +);
1.222 +
1.223 +NSS_EXTERN PRStatus
1.224 +nssDecodedCert_Destroy
1.225 +(
1.226 + nssDecodedCert *dc
1.227 +);
1.228 +
1.229 +NSS_EXTERN NSSTrust *
1.230 +nssTrust_Create
1.231 +(
1.232 + nssPKIObject *object,
1.233 + NSSItem *certData
1.234 +);
1.235 +
1.236 +NSS_EXTERN NSSCRL *
1.237 +nssCRL_Create
1.238 +(
1.239 + nssPKIObject *object
1.240 +);
1.241 +
1.242 +NSS_EXTERN NSSCRL *
1.243 +nssCRL_AddRef
1.244 +(
1.245 + NSSCRL *crl
1.246 +);
1.247 +
1.248 +NSS_EXTERN PRStatus
1.249 +nssCRL_Destroy
1.250 +(
1.251 + NSSCRL *crl
1.252 +);
1.253 +
1.254 +NSS_EXTERN PRStatus
1.255 +nssCRL_DeleteStoredObject
1.256 +(
1.257 + NSSCRL *crl,
1.258 + NSSCallback *uhh
1.259 +);
1.260 +
1.261 +NSS_EXTERN NSSPrivateKey *
1.262 +nssPrivateKey_Create
1.263 +(
1.264 + nssPKIObject *o
1.265 +);
1.266 +
1.267 +NSS_EXTERN NSSDER *
1.268 +nssCRL_GetEncoding
1.269 +(
1.270 + NSSCRL *crl
1.271 +);
1.272 +
1.273 +NSS_EXTERN NSSPublicKey *
1.274 +nssPublicKey_Create
1.275 +(
1.276 + nssPKIObject *object
1.277 +);
1.278 +
1.279 +/* nssCertificateArray
1.280 + *
1.281 + * These are being thrown around a lot, might as well group together some
1.282 + * functionality.
1.283 + *
1.284 + * nssCertificateArray_Destroy
1.285 + * nssCertificateArray_Join
1.286 + * nssCertificateArray_FindBestCertificate
1.287 + * nssCertificateArray_Traverse
1.288 + */
1.289 +
1.290 +/* nssCertificateArray_Destroy
1.291 + *
1.292 + * Will destroy the array and the certs within it. If the array was created
1.293 + * in an arena, will *not* (of course) destroy the arena. However, is safe
1.294 + * to call this method on an arena-allocated array.
1.295 + */
1.296 +NSS_EXTERN void
1.297 +nssCertificateArray_Destroy
1.298 +(
1.299 + NSSCertificate **certs
1.300 +);
1.301 +
1.302 +/* nssCertificateArray_Join
1.303 + *
1.304 + * Join two arrays into one. The two arrays, certs1 and certs2, should
1.305 + * be considered invalid after a call to this function (they may be destroyed
1.306 + * as part of the join). certs1 and/or certs2 may be NULL. Safe to
1.307 + * call with arrays allocated in an arena, the result will also be in the
1.308 + * arena.
1.309 + */
1.310 +NSS_EXTERN NSSCertificate **
1.311 +nssCertificateArray_Join
1.312 +(
1.313 + NSSCertificate **certs1,
1.314 + NSSCertificate **certs2
1.315 +);
1.316 +
1.317 +/* nssCertificateArray_FindBestCertificate
1.318 + *
1.319 + * Use the usual { time, usage, policies } to find the best cert in the
1.320 + * array.
1.321 + */
1.322 +NSS_EXTERN NSSCertificate *
1.323 +nssCertificateArray_FindBestCertificate
1.324 +(
1.325 + NSSCertificate **certs,
1.326 + NSSTime *timeOpt,
1.327 + const NSSUsage *usage,
1.328 + NSSPolicies *policiesOpt
1.329 +);
1.330 +
1.331 +/* nssCertificateArray_Traverse
1.332 + *
1.333 + * Do the callback for each cert, terminate the traversal if the callback
1.334 + * fails.
1.335 + */
1.336 +NSS_EXTERN PRStatus
1.337 +nssCertificateArray_Traverse
1.338 +(
1.339 + NSSCertificate **certs,
1.340 + PRStatus (* callback)(NSSCertificate *c, void *arg),
1.341 + void *arg
1.342 +);
1.343 +
1.344 +NSS_EXTERN void
1.345 +nssCRLArray_Destroy
1.346 +(
1.347 + NSSCRL **crls
1.348 +);
1.349 +
1.350 +/* nssPKIObjectCollection
1.351 + *
1.352 + * This is a handy way to group objects together and perform operations
1.353 + * on them. It can also handle "proto-objects"-- references to
1.354 + * objects instances on tokens, where the actual object hasn't
1.355 + * been formed yet.
1.356 + *
1.357 + * nssCertificateCollection_Create
1.358 + * nssPrivateKeyCollection_Create
1.359 + * nssPublicKeyCollection_Create
1.360 + *
1.361 + * If this was a language that provided for inheritance, each type would
1.362 + * inherit all of the following methods. Instead, there is only one
1.363 + * type (nssPKIObjectCollection), shared among all. This may cause
1.364 + * confusion; an alternative would be to define all of the methods
1.365 + * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't
1.366 + * seem worth the code bloat.. It is left up to the caller to remember
1.367 + * what type of collection he/she is dealing with.
1.368 + *
1.369 + * nssPKIObjectCollection_Destroy
1.370 + * nssPKIObjectCollection_Count
1.371 + * nssPKIObjectCollection_AddObject
1.372 + * nssPKIObjectCollection_AddInstances
1.373 + * nssPKIObjectCollection_Traverse
1.374 + *
1.375 + * Back to type-specific methods.
1.376 + *
1.377 + * nssPKIObjectCollection_GetCertificates
1.378 + * nssPKIObjectCollection_GetCRLs
1.379 + * nssPKIObjectCollection_GetPrivateKeys
1.380 + * nssPKIObjectCollection_GetPublicKeys
1.381 + */
1.382 +
1.383 +/* nssCertificateCollection_Create
1.384 + *
1.385 + * Create a collection of certificates in the specified trust domain.
1.386 + * Optionally provide a starting set of certs.
1.387 + */
1.388 +NSS_EXTERN nssPKIObjectCollection *
1.389 +nssCertificateCollection_Create
1.390 +(
1.391 + NSSTrustDomain *td,
1.392 + NSSCertificate **certsOpt
1.393 +);
1.394 +
1.395 +/* nssCRLCollection_Create
1.396 + *
1.397 + * Create a collection of CRLs/KRLs in the specified trust domain.
1.398 + * Optionally provide a starting set of CRLs.
1.399 + */
1.400 +NSS_EXTERN nssPKIObjectCollection *
1.401 +nssCRLCollection_Create
1.402 +(
1.403 + NSSTrustDomain *td,
1.404 + NSSCRL **crlsOpt
1.405 +);
1.406 +
1.407 +/* nssPrivateKeyCollection_Create
1.408 + *
1.409 + * Create a collection of private keys in the specified trust domain.
1.410 + * Optionally provide a starting set of keys.
1.411 + */
1.412 +NSS_EXTERN nssPKIObjectCollection *
1.413 +nssPrivateKeyCollection_Create
1.414 +(
1.415 + NSSTrustDomain *td,
1.416 + NSSPrivateKey **pvkOpt
1.417 +);
1.418 +
1.419 +/* nssPublicKeyCollection_Create
1.420 + *
1.421 + * Create a collection of public keys in the specified trust domain.
1.422 + * Optionally provide a starting set of keys.
1.423 + */
1.424 +NSS_EXTERN nssPKIObjectCollection *
1.425 +nssPublicKeyCollection_Create
1.426 +(
1.427 + NSSTrustDomain *td,
1.428 + NSSPublicKey **pvkOpt
1.429 +);
1.430 +
1.431 +/* nssPKIObjectCollection_Destroy
1.432 + */
1.433 +NSS_EXTERN void
1.434 +nssPKIObjectCollection_Destroy
1.435 +(
1.436 + nssPKIObjectCollection *collection
1.437 +);
1.438 +
1.439 +/* nssPKIObjectCollection_Count
1.440 + */
1.441 +NSS_EXTERN PRUint32
1.442 +nssPKIObjectCollection_Count
1.443 +(
1.444 + nssPKIObjectCollection *collection
1.445 +);
1.446 +
1.447 +NSS_EXTERN PRStatus
1.448 +nssPKIObjectCollection_AddObject
1.449 +(
1.450 + nssPKIObjectCollection *collection,
1.451 + nssPKIObject *object
1.452 +);
1.453 +
1.454 +/* nssPKIObjectCollection_AddInstances
1.455 + *
1.456 + * Add a set of object instances to the collection. The instances
1.457 + * will be sorted into any existing certs/proto-certs that may be in
1.458 + * the collection. The instances will be absorbed by the collection,
1.459 + * the array should not be used after this call (except to free it).
1.460 + *
1.461 + * Failure means the collection is in an invalid state.
1.462 + *
1.463 + * numInstances = 0 means the array is NULL-terminated
1.464 + */
1.465 +NSS_EXTERN PRStatus
1.466 +nssPKIObjectCollection_AddInstances
1.467 +(
1.468 + nssPKIObjectCollection *collection,
1.469 + nssCryptokiObject **instances,
1.470 + PRUint32 numInstances
1.471 +);
1.472 +
1.473 +/* nssPKIObjectCollection_Traverse
1.474 + */
1.475 +NSS_EXTERN PRStatus
1.476 +nssPKIObjectCollection_Traverse
1.477 +(
1.478 + nssPKIObjectCollection *collection,
1.479 + nssPKIObjectCallback *callback
1.480 +);
1.481 +
1.482 +/* This function is being added for NSS 3.5. It corresponds to the function
1.483 + * nssToken_TraverseCertificates. The idea is to use the collection during
1.484 + * a traversal, creating certs each time a new instance is added for which
1.485 + * a cert does not already exist.
1.486 + */
1.487 +NSS_EXTERN PRStatus
1.488 +nssPKIObjectCollection_AddInstanceAsObject
1.489 +(
1.490 + nssPKIObjectCollection *collection,
1.491 + nssCryptokiObject *instance
1.492 +);
1.493 +
1.494 +/* nssPKIObjectCollection_GetCertificates
1.495 + *
1.496 + * Get all of the certificates in the collection.
1.497 + */
1.498 +NSS_EXTERN NSSCertificate **
1.499 +nssPKIObjectCollection_GetCertificates
1.500 +(
1.501 + nssPKIObjectCollection *collection,
1.502 + NSSCertificate **rvOpt,
1.503 + PRUint32 maximumOpt,
1.504 + NSSArena *arenaOpt
1.505 +);
1.506 +
1.507 +NSS_EXTERN NSSCRL **
1.508 +nssPKIObjectCollection_GetCRLs
1.509 +(
1.510 + nssPKIObjectCollection *collection,
1.511 + NSSCRL **rvOpt,
1.512 + PRUint32 maximumOpt,
1.513 + NSSArena *arenaOpt
1.514 +);
1.515 +
1.516 +NSS_EXTERN NSSPrivateKey **
1.517 +nssPKIObjectCollection_GetPrivateKeys
1.518 +(
1.519 + nssPKIObjectCollection *collection,
1.520 + NSSPrivateKey **rvOpt,
1.521 + PRUint32 maximumOpt,
1.522 + NSSArena *arenaOpt
1.523 +);
1.524 +
1.525 +NSS_EXTERN NSSPublicKey **
1.526 +nssPKIObjectCollection_GetPublicKeys
1.527 +(
1.528 + nssPKIObjectCollection *collection,
1.529 + NSSPublicKey **rvOpt,
1.530 + PRUint32 maximumOpt,
1.531 + NSSArena *arenaOpt
1.532 +);
1.533 +
1.534 +NSS_EXTERN NSSTime *
1.535 +NSSTime_Now
1.536 +(
1.537 + NSSTime *timeOpt
1.538 +);
1.539 +
1.540 +NSS_EXTERN NSSTime *
1.541 +NSSTime_SetPRTime
1.542 +(
1.543 + NSSTime *timeOpt,
1.544 + PRTime prTime
1.545 +);
1.546 +
1.547 +NSS_EXTERN PRTime
1.548 +NSSTime_GetPRTime
1.549 +(
1.550 + NSSTime *time
1.551 +);
1.552 +
1.553 +NSS_EXTERN nssHash *
1.554 +nssHash_CreateCertificate
1.555 +(
1.556 + NSSArena *arenaOpt,
1.557 + PRUint32 numBuckets
1.558 +);
1.559 +
1.560 +/* 3.4 Certificate cache routines */
1.561 +
1.562 +NSS_EXTERN PRStatus
1.563 +nssTrustDomain_InitializeCache
1.564 +(
1.565 + NSSTrustDomain *td,
1.566 + PRUint32 cacheSize
1.567 +);
1.568 +
1.569 +NSS_EXTERN PRStatus
1.570 +nssTrustDomain_AddCertsToCache
1.571 +(
1.572 + NSSTrustDomain *td,
1.573 + NSSCertificate **certs,
1.574 + PRUint32 numCerts
1.575 +);
1.576 +
1.577 +NSS_EXTERN void
1.578 +nssTrustDomain_RemoveCertFromCacheLOCKED (
1.579 + NSSTrustDomain *td,
1.580 + NSSCertificate *cert
1.581 +);
1.582 +
1.583 +NSS_EXTERN void
1.584 +nssTrustDomain_LockCertCache (
1.585 + NSSTrustDomain *td
1.586 +);
1.587 +
1.588 +NSS_EXTERN void
1.589 +nssTrustDomain_UnlockCertCache (
1.590 + NSSTrustDomain *td
1.591 +);
1.592 +
1.593 +NSS_IMPLEMENT PRStatus
1.594 +nssTrustDomain_DestroyCache
1.595 +(
1.596 + NSSTrustDomain *td
1.597 +);
1.598 +
1.599 +/*
1.600 + * Remove all certs for the given token from the cache. This is
1.601 + * needed if the token is removed.
1.602 + */
1.603 +NSS_EXTERN PRStatus
1.604 +nssTrustDomain_RemoveTokenCertsFromCache
1.605 +(
1.606 + NSSTrustDomain *td,
1.607 + NSSToken *token
1.608 +);
1.609 +
1.610 +NSS_EXTERN PRStatus
1.611 +nssTrustDomain_UpdateCachedTokenCerts
1.612 +(
1.613 + NSSTrustDomain *td,
1.614 + NSSToken *token
1.615 +);
1.616 +
1.617 +/*
1.618 + * Find all cached certs with this nickname (label).
1.619 + */
1.620 +NSS_EXTERN NSSCertificate **
1.621 +nssTrustDomain_GetCertsForNicknameFromCache
1.622 +(
1.623 + NSSTrustDomain *td,
1.624 + const NSSUTF8 *nickname,
1.625 + nssList *certListOpt
1.626 +);
1.627 +
1.628 +/*
1.629 + * Find all cached certs with this email address.
1.630 + */
1.631 +NSS_EXTERN NSSCertificate **
1.632 +nssTrustDomain_GetCertsForEmailAddressFromCache
1.633 +(
1.634 + NSSTrustDomain *td,
1.635 + NSSASCII7 *email,
1.636 + nssList *certListOpt
1.637 +);
1.638 +
1.639 +/*
1.640 + * Find all cached certs with this subject.
1.641 + */
1.642 +NSS_EXTERN NSSCertificate **
1.643 +nssTrustDomain_GetCertsForSubjectFromCache
1.644 +(
1.645 + NSSTrustDomain *td,
1.646 + NSSDER *subject,
1.647 + nssList *certListOpt
1.648 +);
1.649 +
1.650 +/*
1.651 + * Look for a specific cert in the cache.
1.652 + */
1.653 +NSS_EXTERN NSSCertificate *
1.654 +nssTrustDomain_GetCertForIssuerAndSNFromCache
1.655 +(
1.656 + NSSTrustDomain *td,
1.657 + NSSDER *issuer,
1.658 + NSSDER *serialNum
1.659 +);
1.660 +
1.661 +/*
1.662 + * Look for a specific cert in the cache.
1.663 + */
1.664 +NSS_EXTERN NSSCertificate *
1.665 +nssTrustDomain_GetCertByDERFromCache
1.666 +(
1.667 + NSSTrustDomain *td,
1.668 + NSSDER *der
1.669 +);
1.670 +
1.671 +/* Get all certs from the cache */
1.672 +/* XXX this is being included to make some old-style calls word, not to
1.673 + * say we should keep it
1.674 + */
1.675 +NSS_EXTERN NSSCertificate **
1.676 +nssTrustDomain_GetCertsFromCache
1.677 +(
1.678 + NSSTrustDomain *td,
1.679 + nssList *certListOpt
1.680 +);
1.681 +
1.682 +NSS_EXTERN void
1.683 +nssTrustDomain_DumpCacheInfo
1.684 +(
1.685 + NSSTrustDomain *td,
1.686 + void (* cert_dump_iter)(const void *, void *, void *),
1.687 + void *arg
1.688 +);
1.689 +
1.690 +NSS_EXTERN void
1.691 +nssCertificateList_AddReferences
1.692 +(
1.693 + nssList *certList
1.694 +);
1.695 +
1.696 +PR_END_EXTERN_C
1.697 +
1.698 +#endif /* PKIM_H */
