1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pki/pkit.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,188 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef PKIT_H
1.9 +#define PKIT_H
1.10 +
1.11 +/*
1.12 + * pkit.h
1.13 + *
1.14 + * This file contains definitions for the types of the top-level PKI objects.
1.15 + */
1.16 +
1.17 +#ifndef NSSBASET_H
1.18 +#include "nssbaset.h"
1.19 +#endif /* NSSBASET_H */
1.20 +
1.21 +#ifndef BASET_H
1.22 +#include "baset.h"
1.23 +#endif /* BASET_H */
1.24 +
1.25 +#include "certt.h"
1.26 +#include "pkcs11t.h"
1.27 +
1.28 +#ifndef NSSPKIT_H
1.29 +#include "nsspkit.h"
1.30 +#endif /* NSSPKIT_H */
1.31 +
1.32 +#ifndef NSSDEVT_H
1.33 +#include "nssdevt.h"
1.34 +#endif /* NSSDEVT_H */
1.35 +
1.36 +#ifndef DEVT_H
1.37 +#include "devt.h"
1.38 +#endif /* DEVT_H */
1.39 +
1.40 +#ifndef nssrwlkt_h__
1.41 +#include "nssrwlkt.h"
1.42 +#endif /* nssrwlkt_h__ */
1.43 +
1.44 +PR_BEGIN_EXTERN_C
1.45 +
1.46 +/*
1.47 + * A note on ephemeral certs
1.48 + *
1.49 + * The key objects defined here can only be created on tokens, and can only
1.50 + * exist on tokens. Therefore, any instance of a key object must have
1.51 + * a corresponding cryptoki instance. OTOH, certificates created in
1.52 + * crypto contexts need not be stored as session objects on the token.
1.53 + * There are good performance reasons for not doing so. The certificate
1.54 + * and trust objects have been defined with a cryptoContext field to
1.55 + * allow for ephemeral certs, which may have a single instance in a crypto
1.56 + * context along with any number (including zero) of cryptoki instances.
1.57 + * Since contexts may not share objects, there can be only one context
1.58 + * for each object.
1.59 + */
1.60 +
1.61 +typedef enum {
1.62 + nssPKILock = 1,
1.63 + nssPKIMonitor = 2
1.64 +} nssPKILockType;
1.65 +
1.66 +/* nssPKIObject
1.67 + *
1.68 + * This is the base object class, common to all PKI objects defined in
1.69 + * nsspkit.h
1.70 + */
1.71 +struct nssPKIObjectStr
1.72 +{
1.73 + /* The arena for all object memory */
1.74 + NSSArena *arena;
1.75 + /* Atomically incremented/decremented reference counting */
1.76 + PRInt32 refCount;
1.77 + /* lock protects the array of nssCryptokiInstance's of the object */
1.78 + union {
1.79 + PZLock* lock;
1.80 + PZMonitor *mlock;
1.81 + } sync;
1.82 + nssPKILockType lockType;
1.83 + /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot
1.84 + * be compared against the update level of the trust domain, since it is
1.85 + * also affected by import/export. Where is this array needed?
1.86 + */
1.87 + nssCryptokiObject **instances;
1.88 + PRUint32 numInstances;
1.89 + /* The object must live in a trust domain */
1.90 + NSSTrustDomain *trustDomain;
1.91 + /* The object may live in a crypto context */
1.92 + NSSCryptoContext *cryptoContext;
1.93 + /* XXX added so temp certs can have nickname, think more ... */
1.94 + NSSUTF8 *tempName;
1.95 +};
1.96 +
1.97 +typedef struct nssDecodedCertStr nssDecodedCert;
1.98 +
1.99 +typedef struct nssCertificateStoreStr nssCertificateStore;
1.100 +
1.101 +/* How wide is the scope of this? */
1.102 +typedef struct nssSMIMEProfileStr nssSMIMEProfile;
1.103 +
1.104 +typedef struct nssPKIObjectStr nssPKIObject;
1.105 +
1.106 +struct NSSTrustStr
1.107 +{
1.108 + nssPKIObject object;
1.109 + NSSCertificate *certificate;
1.110 + nssTrustLevel serverAuth;
1.111 + nssTrustLevel clientAuth;
1.112 + nssTrustLevel emailProtection;
1.113 + nssTrustLevel codeSigning;
1.114 + PRBool stepUpApproved;
1.115 +};
1.116 +
1.117 +struct nssSMIMEProfileStr
1.118 +{
1.119 + nssPKIObject object;
1.120 + NSSCertificate *certificate;
1.121 + NSSASCII7 *email;
1.122 + NSSDER *subject;
1.123 + NSSItem *profileTime;
1.124 + NSSItem *profileData;
1.125 +};
1.126 +
1.127 +struct NSSCertificateStr
1.128 +{
1.129 + nssPKIObject object;
1.130 + NSSCertificateType type;
1.131 + NSSItem id;
1.132 + NSSBER encoding;
1.133 + NSSDER issuer;
1.134 + NSSDER subject;
1.135 + NSSDER serial;
1.136 + NSSASCII7 *email;
1.137 + nssDecodedCert *decoding;
1.138 +};
1.139 +
1.140 +struct NSSPrivateKeyStr;
1.141 +
1.142 +struct NSSPublicKeyStr;
1.143 +
1.144 +struct NSSSymmetricKeyStr;
1.145 +
1.146 +typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
1.147 +
1.148 +struct NSSTrustDomainStr {
1.149 + PRInt32 refCount;
1.150 + NSSArena *arena;
1.151 + NSSCallback *defaultCallback;
1.152 + nssList *tokenList;
1.153 + nssListIterator *tokens;
1.154 + nssTDCertificateCache *cache;
1.155 + NSSRWLock *tokensLock;
1.156 + void *spkDigestInfo;
1.157 + CERTStatusConfig *statusConfig;
1.158 +};
1.159 +
1.160 +struct NSSCryptoContextStr
1.161 +{
1.162 + PRInt32 refCount;
1.163 + NSSArena *arena;
1.164 + NSSTrustDomain *td;
1.165 + NSSToken *token;
1.166 + nssSession *session;
1.167 + nssCertificateStore *certStore;
1.168 +};
1.169 +
1.170 +struct NSSTimeStr {
1.171 + PRTime prTime;
1.172 +};
1.173 +
1.174 +struct NSSCRLStr {
1.175 + nssPKIObject object;
1.176 + NSSDER encoding;
1.177 + NSSUTF8 *url;
1.178 + PRBool isKRL;
1.179 +};
1.180 +
1.181 +typedef struct NSSCRLStr NSSCRL;
1.182 +
1.183 +struct NSSPoliciesStr;
1.184 +
1.185 +struct NSSAlgorithmAndParametersStr;
1.186 +
1.187 +struct NSSPKIXCertificateStr;
1.188 +
1.189 +PR_END_EXTERN_C
1.190 +
1.191 +#endif /* PKIT_H */
