1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pki/pkitm.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,88 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef PKITM_H
1.9 +#define PKITM_H
1.10 +
1.11 +/*
1.12 + * pkitm.h
1.13 + *
1.14 + * This file contains PKI-module specific types.
1.15 + */
1.16 +
1.17 +#ifndef BASET_H
1.18 +#include "baset.h"
1.19 +#endif /* BASET_H */
1.20 +
1.21 +#ifndef PKIT_H
1.22 +#include "pkit.h"
1.23 +#endif /* PKIT_H */
1.24 +
1.25 +PR_BEGIN_EXTERN_C
1.26 +
1.27 +typedef enum nssCertIDMatchEnum {
1.28 + nssCertIDMatch_Yes = 0,
1.29 + nssCertIDMatch_No = 1,
1.30 + nssCertIDMatch_Unknown = 2
1.31 +} nssCertIDMatch;
1.32 +
1.33 +/*
1.34 + * nssDecodedCert
1.35 + *
1.36 + * This is an interface to allow the PKI module access to certificate
1.37 + * information that can only be found by decoding. The interface is
1.38 + * generic, allowing each certificate type its own way of providing
1.39 + * the information
1.40 + */
1.41 +struct nssDecodedCertStr {
1.42 + NSSCertificateType type;
1.43 + void *data;
1.44 + /* returns the unique identifier for the cert */
1.45 + NSSItem * (*getIdentifier)(nssDecodedCert *dc);
1.46 + /* returns the unique identifier for this cert's issuer */
1.47 + void * (*getIssuerIdentifier)(nssDecodedCert *dc);
1.48 + /* is id the identifier for this cert? */
1.49 + nssCertIDMatch (*matchIdentifier)(nssDecodedCert *dc, void *id);
1.50 + /* is this cert a valid CA cert? */
1.51 + PRBool (*isValidIssuer)(nssDecodedCert *dc);
1.52 + /* returns the cert usage */
1.53 + NSSUsage * (*getUsage)(nssDecodedCert *dc);
1.54 + /* is time within the validity period of the cert? */
1.55 + PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time);
1.56 + /* is the validity period of this cert newer than cmpdc? */
1.57 + PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc);
1.58 + /* does the usage for this cert match the requested usage? */
1.59 + PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage);
1.60 + /* is this cert trusted for the requested usage? */
1.61 + PRBool (*isTrustedForUsage)(nssDecodedCert *dc,
1.62 + const NSSUsage *usage);
1.63 + /* extract the email address */
1.64 + NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc);
1.65 + /* extract the DER-encoded serial number */
1.66 + PRStatus (*getDERSerialNumber)(nssDecodedCert *dc,
1.67 + NSSDER *derSerial, NSSArena *arena);
1.68 +};
1.69 +
1.70 +struct NSSUsageStr {
1.71 + PRBool anyUsage;
1.72 + SECCertUsage nss3usage;
1.73 + PRBool nss3lookingForCA;
1.74 +};
1.75 +
1.76 +typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection;
1.77 +
1.78 +typedef struct
1.79 +{
1.80 + union {
1.81 + PRStatus (* cert)(NSSCertificate *c, void *arg);
1.82 + PRStatus (* crl)(NSSCRL *crl, void *arg);
1.83 + PRStatus (* pvkey)(NSSPrivateKey *vk, void *arg);
1.84 + PRStatus (* pbkey)(NSSPublicKey *bk, void *arg);
1.85 + } func;
1.86 + void *arg;
1.87 +} nssPKIObjectCallback;
1.88 +
1.89 +PR_END_EXTERN_C
1.90 +
1.91 +#endif /* PKITM_H */
