1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/legacydb/pcert.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,229 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef _PCERTDB_H_
1.9 +#define _PCERTDB_H_
1.10 +
1.11 +#include "plarena.h"
1.12 +#include "prlong.h"
1.13 +#include "pcertt.h"
1.14 +
1.15 +#include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */
1.16 +
1.17 +SEC_BEGIN_PROTOS
1.18 +
1.19 +/*
1.20 + * initialize any global certificate locks
1.21 + */
1.22 +SECStatus nsslowcert_InitLocks(void);
1.23 +
1.24 +/*
1.25 +** Add a DER encoded certificate to the permanent database.
1.26 +** "derCert" is the DER encoded certificate.
1.27 +** "nickname" is the nickname to use for the cert
1.28 +** "trust" is the trust parameters for the cert
1.29 +*/
1.30 +SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle,
1.31 + NSSLOWCERTCertificate *cert,
1.32 + char *nickname, NSSLOWCERTCertTrust *trust);
1.33 +SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
1.34 + NSSLOWCERTCertificate *cert, char *nickname);
1.35 +
1.36 +SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
1.37 +
1.38 +typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert,
1.39 + SECItem *k, void *pdata);
1.40 +/*
1.41 +** Traverse the entire permanent database, and pass the certs off to a
1.42 +** user supplied function.
1.43 +** "certfunc" is the user function to call for each certificate
1.44 +** "udata" is the user's data, which is passed through to "certfunc"
1.45 +*/
1.46 +SECStatus
1.47 +nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
1.48 + PermCertCallback certfunc,
1.49 + void *udata );
1.50 +
1.51 +PRBool
1.52 +nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
1.53 +
1.54 +certDBEntryRevocation *
1.55 +nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
1.56 + SECItem *crlKey, PRBool isKRL);
1.57 +
1.58 +SECStatus
1.59 +nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,const SECItem *derName,
1.60 + PRBool isKRL);
1.61 +SECStatus
1.62 +nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl ,
1.63 + SECItem *derKey, char *url, PRBool isKRL);
1.64 +
1.65 +NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
1.66 +NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
1.67 +
1.68 +NSSLOWCERTCertificate *
1.69 +nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
1.70 + char *nickname, PRBool isperm, PRBool copyDER);
1.71 +NSSLOWCERTCertificate *
1.72 +nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
1.73 +void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
1.74 +void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
1.75 +
1.76 +/*
1.77 + * Lookup a certificate in the databases without locking
1.78 + * "certKey" is the database key to look for
1.79 + *
1.80 + * XXX - this should be internal, but pkcs 11 needs to call it during a
1.81 + * traversal.
1.82 + */
1.83 +NSSLOWCERTCertificate *
1.84 +nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
1.85 +
1.86 +/*
1.87 + * Lookup trust for a certificate in the databases without locking
1.88 + * "certKey" is the database key to look for
1.89 + *
1.90 + * XXX - this should be internal, but pkcs 11 needs to call it during a
1.91 + * traversal.
1.92 + */
1.93 +NSSLOWCERTTrust *
1.94 +nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
1.95 +
1.96 +/*
1.97 +** Generate a certificate key from the issuer and serialnumber, then look it
1.98 +** up in the database. Return the cert if found.
1.99 +** "issuerAndSN" is the issuer and serial number to look for
1.100 +*/
1.101 +extern NSSLOWCERTCertificate *
1.102 +nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
1.103 +
1.104 +/*
1.105 +** Generate a certificate key from the issuer and serialnumber, then look it
1.106 +** up in the database. Return the cert if found.
1.107 +** "issuerAndSN" is the issuer and serial number to look for
1.108 +*/
1.109 +extern NSSLOWCERTTrust *
1.110 +nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
1.111 +
1.112 +/*
1.113 +** Find a certificate in the database by a DER encoded certificate
1.114 +** "derCert" is the DER encoded certificate
1.115 +*/
1.116 +extern NSSLOWCERTCertificate *
1.117 +nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
1.118 +
1.119 +/* convert an email address to lower case */
1.120 +char *nsslowcert_FixupEmailAddr(char *emailAddr);
1.121 +
1.122 +/*
1.123 +** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
1.124 +** "derSignedCert" is the DER encoded signed certificate
1.125 +** "copyDER" is true if the DER should be copied, false if the
1.126 +** existing copy should be referenced
1.127 +** "nickname" is the nickname to use in the database. If it is NULL
1.128 +** then a temporary nickname is generated.
1.129 +*/
1.130 +extern NSSLOWCERTCertificate *
1.131 +nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname);
1.132 +
1.133 +SECStatus
1.134 +nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key);
1.135 +
1.136 +certDBEntrySMime *
1.137 +nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
1.138 + char *emailAddr);
1.139 +void
1.140 +nsslowcert_DestroyDBEntry(certDBEntry *entry);
1.141 +
1.142 +SECStatus
1.143 +nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
1.144 + const char *domain, const char *prefix,
1.145 + NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
1.146 +
1.147 +void
1.148 +nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
1.149 +
1.150 +/*
1.151 + * is certa newer than certb? If one is expired, pick the other one.
1.152 + */
1.153 +PRBool
1.154 +nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
1.155 +
1.156 +
1.157 +SECStatus
1.158 +nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
1.159 + certDBEntryType type,
1.160 + SECStatus (* callback)(SECItem *data, SECItem *key,
1.161 + certDBEntryType type, void *pdata),
1.162 + void *udata );
1.163 +SECStatus
1.164 +nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
1.165 + SECItem *derSubject,
1.166 + NSSLOWCERTCertCallback cb, void *cbarg);
1.167 +int
1.168 +nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
1.169 + SECItem *derSubject);
1.170 +SECStatus
1.171 +nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
1.172 + char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
1.173 +
1.174 +int
1.175 +nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
1.176 + char *nickname);
1.177 +SECStatus
1.178 +nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
1.179 + NSSLOWCERTCertTrust *trust);
1.180 +
1.181 +SECStatus
1.182 +nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
1.183 + SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
1.184 +
1.185 +/*
1.186 + * Change the trust attributes of a certificate and make them permanent
1.187 + * in the database.
1.188 + */
1.189 +SECStatus
1.190 +nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
1.191 + NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
1.192 +
1.193 +PRBool
1.194 +nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
1.195 +
1.196 +void
1.197 +nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
1.198 +
1.199 +PRBool
1.200 +nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
1.201 +
1.202 +void
1.203 +nsslowcert_DestroyFreeLists(void);
1.204 +
1.205 +void
1.206 +nsslowcert_DestroyGlobalLocks(void);
1.207 +
1.208 +void
1.209 +pkcs11_freeNickname(char *nickname, char *space);
1.210 +
1.211 +char *
1.212 +pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
1.213 +
1.214 +void
1.215 +pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
1.216 +
1.217 +unsigned char *
1.218 +pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
1.219 +
1.220 +unsigned char *
1.221 +pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
1.222 + int spaceLen);
1.223 +NSSLOWCERTCertificate *
1.224 +nsslowcert_CreateCert(void);
1.225 +
1.226 +certDBEntry *
1.227 +nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey,
1.228 + certDBEntryType entryType, void *pdata);
1.229 +
1.230 +SEC_END_PROTOS
1.231 +
1.232 + #endif /* _PCERTDB_H_ */
