The Tor Browser: security/nss/lib/pki/pkit.h@6474c204b198

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     5 #ifndef PKIT_H

     6 #define PKIT_H

     8 /*

     9  * pkit.h

    10  *

    11  * This file contains definitions for the types of the top-level PKI objects.

    12  */

    14 #ifndef NSSBASET_H

    15 #include "nssbaset.h"

    16 #endif /* NSSBASET_H */

    18 #ifndef BASET_H

    19 #include "baset.h"

    20 #endif /* BASET_H */

    22 #include "certt.h"

    23 #include "pkcs11t.h"

    25 #ifndef NSSPKIT_H

    26 #include "nsspkit.h"

    27 #endif /* NSSPKIT_H */

    29 #ifndef NSSDEVT_H

    30 #include "nssdevt.h"

    31 #endif /* NSSDEVT_H */

    33 #ifndef DEVT_H

    34 #include "devt.h"

    35 #endif /* DEVT_H */

    37 #ifndef nssrwlkt_h__

    38 #include "nssrwlkt.h"

    39 #endif /* nssrwlkt_h__ */

    41 PR_BEGIN_EXTERN_C

    43 /*

    44  * A note on ephemeral certs

    45  *

    46  * The key objects defined here can only be created on tokens, and can only

    47  * exist on tokens.  Therefore, any instance of a key object must have

    48  * a corresponding cryptoki instance.  OTOH, certificates created in

    49  * crypto contexts need not be stored as session objects on the token.

    50  * There are good performance reasons for not doing so.  The certificate

    51  * and trust objects have been defined with a cryptoContext field to

    52  * allow for ephemeral certs, which may have a single instance in a crypto

    53  * context along with any number (including zero) of cryptoki instances.

    54  * Since contexts may not share objects, there can be only one context

    55  * for each object.

    56  */

    58 typedef enum {

    59     nssPKILock = 1,

    60     nssPKIMonitor = 2

    61 } nssPKILockType;

    63 /* nssPKIObject

    64  *

    65  * This is the base object class, common to all PKI objects defined in

    66  * nsspkit.h

    67  */

    68 struct nssPKIObjectStr

    69 {

    70     /* The arena for all object memory */

    71     NSSArena *arena;

    72     /* Atomically incremented/decremented reference counting */

    73     PRInt32 refCount;

    74     /* lock protects the array of nssCryptokiInstance's of the object */

    75     union {

    76         PZLock* lock;

    77         PZMonitor *mlock;

    78     } sync;

    79     nssPKILockType lockType;

    80     /* XXX with LRU cache, this cannot be guaranteed up-to-date.  It cannot

    81      * be compared against the update level of the trust domain, since it is

    82      * also affected by import/export.  Where is this array needed?

    83      */

    84     nssCryptokiObject **instances;

    85     PRUint32 numInstances;

    86     /* The object must live in a trust domain */

    87     NSSTrustDomain *trustDomain;

    88     /* The object may live in a crypto context */

    89     NSSCryptoContext *cryptoContext;

    90     /* XXX added so temp certs can have nickname, think more ... */

    91     NSSUTF8 *tempName;

    92 };

    94 typedef struct nssDecodedCertStr nssDecodedCert;

    96 typedef struct nssCertificateStoreStr nssCertificateStore;

    98 /* How wide is the scope of this? */

    99 typedef struct nssSMIMEProfileStr nssSMIMEProfile;

   101 typedef struct nssPKIObjectStr nssPKIObject;

   103 struct NSSTrustStr

   104 {

   105     nssPKIObject object;

   106     NSSCertificate *certificate;

   107     nssTrustLevel serverAuth;

   108     nssTrustLevel clientAuth;

   109     nssTrustLevel emailProtection;

   110     nssTrustLevel codeSigning;

   111     PRBool stepUpApproved;

   112 };

   114 struct nssSMIMEProfileStr

   115 {

   116     nssPKIObject object;

   117     NSSCertificate *certificate;

   118     NSSASCII7 *email;

   119     NSSDER *subject;

   120     NSSItem *profileTime;

   121     NSSItem *profileData;

   122 };

   124 struct NSSCertificateStr

   125 {

   126     nssPKIObject object;

   127     NSSCertificateType type;

   128     NSSItem id;

   129     NSSBER encoding;

   130     NSSDER issuer;

   131     NSSDER subject;

   132     NSSDER serial;

   133     NSSASCII7 *email;

   134     nssDecodedCert *decoding;

   135 };

   137 struct NSSPrivateKeyStr;

   139 struct NSSPublicKeyStr;

   141 struct NSSSymmetricKeyStr;

   143 typedef struct nssTDCertificateCacheStr nssTDCertificateCache;

   145 struct NSSTrustDomainStr {

   146     PRInt32 refCount;

   147     NSSArena *arena;

   148     NSSCallback *defaultCallback;

   149     nssList *tokenList;

   150     nssListIterator *tokens;

   151     nssTDCertificateCache *cache;

   152     NSSRWLock *tokensLock;

   153     void *spkDigestInfo;

   154     CERTStatusConfig *statusConfig;

   155 };

   157 struct NSSCryptoContextStr

   158 {

   159     PRInt32 refCount;

   160     NSSArena *arena;

   161     NSSTrustDomain *td;

   162     NSSToken *token;

   163     nssSession *session;

   164     nssCertificateStore *certStore;

   165 };

   167 struct NSSTimeStr {

   168     PRTime prTime;

   169 };

   171 struct NSSCRLStr {

   172   nssPKIObject object;

   173   NSSDER encoding;

   174   NSSUTF8 *url;

   175   PRBool isKRL;

   176 };

   178 typedef struct NSSCRLStr NSSCRL;

   180 struct NSSPoliciesStr;

   182 struct NSSAlgorithmAndParametersStr;

   184 struct NSSPKIXCertificateStr;

   186 PR_END_EXTERN_C

   188 #endif /* PKIT_H */

The Tor Browser / file revision