The Tor Browser / file revision

 /* This Source Code Form is subject to the terms of the Mozilla Public

  * License, v. 2.0. If a copy of the MPL was not distributed with this

  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

 /*

  * This file defines the types in the libpkix API.

  * XXX Maybe we should specify the API version number in all API header files

  *

  */

 #ifndef _PKIXT_H

 #define _PKIXT_H

 #ifdef __cplusplus

 extern "C" {

 #endif

 #include "secerr.h"

 /* Types

  *

  * This header file provides typedefs for the abstract types used by libpkix.

  * It also provides several useful macros.

  *

  * Note that all these abstract types are typedef'd as opaque structures. This

  * is intended to discourage the caller from looking at the contents directly,

  * since the format of the contents may change from one version of the library

  * to the next. Instead, callers should only access these types using the

  * functions defined in the public header files.

  *

  * An instance of an abstract type defined in this file is called an "object"

  * here, although C does not have real support for objects.

  *

  * Because C does not typically have automatic garbage collection, the caller

  * is expected to release the reference to any object that they create or that

  * is returned to them by a libpkix function. The caller should do this by

  * using the PKIX_PL_Object_DecRef function. Note that the caller should not

  * release the reference to an object if the object has been passed to a

  * libpkix function and that function has not returned.

  *

  * Please refer to libpkix Programmer's Guide for more details.

  */

 /* Version

  *

  * These macros specify the major and minor version of the libpkix API defined

  * by this header file.

  */

 #define PKIX_MAJOR_VERSION              ((PKIX_UInt32) 0)

 #define PKIX_MINOR_VERSION              ((PKIX_UInt32) 3)

 /* Maximum minor version

  *

  * This macro is used to specify that the caller wants the largest minor

  * version available.

  */

 #define PKIX_MAX_MINOR_VERSION          ((PKIX_UInt32) 4000000000)

 /* Define Cert Store type for database access */

 #define PKIX_STORE_TYPE_NONE            0

 #define PKIX_STORE_TYPE_PK11            1

 /* Portable Code (PC) data types

  *

  * These types are used to perform the primary operations of this library:

  * building and validating chains of X.509 certificates.

  */

 typedef struct PKIX_ErrorStruct PKIX_Error;

 typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;

 typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;

 typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;

 typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;

 typedef struct PKIX_BuildResultStruct PKIX_BuildResult;

 typedef struct PKIX_CertStoreStruct PKIX_CertStore;

 typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;

 typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;

 typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;

 typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;

 typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;

 typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;

 typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;

 typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;

 typedef struct PKIX_LoggerStruct PKIX_Logger;

 typedef struct PKIX_ListStruct PKIX_List;

 typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;

 typedef struct PKIX_DefaultRevocationCheckerStruct

                         PKIX_DefaultRevocationChecker;

 typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;

 /* Portability Layer (PL) data types

  *

  * These types are used are used as portable data types that are defined

  * consistently across platforms

  */

 typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;

 typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;

 typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;

 typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;

 typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;

 typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;

 typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;

 typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;

 typedef struct PKIX_PL_StringStruct PKIX_PL_String;

 typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;

 typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;

 typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;

 typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;

 typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;

 typedef struct PKIX_PL_DateStruct PKIX_PL_Date;

 typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;

 typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;

 typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;

 typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;

 typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;

 typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;

 typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;

 typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;

 typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;

 typedef struct PKIX_PL_CollectionCertStoreContext

                         PKIX_PL_CollectionCertStoreContext;

 typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;

 typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;

 typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;

 typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;

 typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;

 typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;

 typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;

 typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;

 typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;

 typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;

 typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;

 typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;

 typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;

 /* Primitive types

  *

  * In order to guarantee desired behavior as well as platform-independence, we

  * typedef these types depending on the platform. XXX This needs more work!

  */

 /* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.

  * We don't know what type is at least 32 bits long. ISO C probably requires

  * at least 32 bits for long. we could default to that and only list platforms

  * where that's not true.

  *

  * #elif

  * #error

  * #endif

  */

 /* currently, int is 32 bits on all our supported platforms */

 typedef unsigned int PKIX_UInt32;

 typedef int PKIX_Int32;

 typedef int PKIX_Boolean;

 /* Object Types

  *

  * Every reference-counted PKIX_PL_Object is associated with an integer type.

  */

 #define PKIX_TYPES \

     TYPEMACRO(AIAMGR), \

     TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \

     TYPEMACRO(BIGINT), \

     TYPEMACRO(BUILDRESULT), \

     TYPEMACRO(BYTEARRAY), \

     TYPEMACRO(CERT), \

     TYPEMACRO(CERTBASICCONSTRAINTS), \

     TYPEMACRO(CERTCHAINCHECKER), \

     TYPEMACRO(CERTNAMECONSTRAINTS), \

     TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \

     TYPEMACRO(CERTPOLICYCHECKERSTATE), \

     TYPEMACRO(CERTPOLICYINFO), \

     TYPEMACRO(CERTPOLICYMAP), \

     TYPEMACRO(CERTPOLICYNODE), \

     TYPEMACRO(CERTPOLICYQUALIFIER), \

     TYPEMACRO(CERTSELECTOR), \

     TYPEMACRO(CERTSTORE), \

     TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \

     TYPEMACRO(COMCERTSELPARAMS), \

     TYPEMACRO(COMCRLSELPARAMS), \

     TYPEMACRO(CRL), \

     TYPEMACRO(CRLDP), \

     TYPEMACRO(CRLENTRY), \

     TYPEMACRO(CRLSELECTOR), \

     TYPEMACRO(DATE), \

     TYPEMACRO(CRLCHECKER), \

     TYPEMACRO(EKUCHECKER), \

     TYPEMACRO(ERROR), \

     TYPEMACRO(FORWARDBUILDERSTATE), \

     TYPEMACRO(GENERALNAME), \

     TYPEMACRO(HASHTABLE), \

     TYPEMACRO(HTTPCERTSTORECONTEXT), \

     TYPEMACRO(HTTPDEFAULTCLIENT), \

     TYPEMACRO(INFOACCESS), \

     TYPEMACRO(LDAPDEFAULTCLIENT), \

     TYPEMACRO(LDAPREQUEST), \

     TYPEMACRO(LDAPRESPONSE), \

     TYPEMACRO(LIST), \

     TYPEMACRO(LOGGER), \

     TYPEMACRO(MONITORLOCK), \

     TYPEMACRO(MUTEX), \

     TYPEMACRO(OBJECT), \

     TYPEMACRO(OCSPCERTID), \

     TYPEMACRO(OCSPCHECKER), \

     TYPEMACRO(OCSPREQUEST), \

     TYPEMACRO(OCSPRESPONSE), \

     TYPEMACRO(OID), \

     TYPEMACRO(REVOCATIONCHECKER), \

     TYPEMACRO(PROCESSINGPARAMS), \

     TYPEMACRO(PUBLICKEY), \

     TYPEMACRO(RESOURCELIMITS), \

     TYPEMACRO(RWLOCK), \

     TYPEMACRO(SIGNATURECHECKERSTATE), \

     TYPEMACRO(SOCKET), \

     TYPEMACRO(STRING), \

     TYPEMACRO(TARGETCERTCHECKERSTATE), \

     TYPEMACRO(TRUSTANCHOR), \

     TYPEMACRO(VALIDATEPARAMS), \

     TYPEMACRO(VALIDATERESULT), \

     TYPEMACRO(VERIFYNODE), \

     TYPEMACRO(X500NAME)

 #define TYPEMACRO(type) PKIX_ ## type ## _TYPE

 typedef enum {     /* Now invoke all those TYPEMACROs to assign the numbers */

    PKIX_TYPES,

    PKIX_NUMTYPES   /* This gets PKIX_NUMTYPES defined as the total number */

 } PKIX_TYPENUM;

 #ifdef PKIX_USER_OBJECT_TYPE

 /* User Define Object Types

  *

  * User may define their own object types offset from PKIX_USER_OBJECT_TYPE

  */

 #define PKIX_USER_OBJECT_TYPEBASE 1000

 #endif /* PKIX_USER_OBJECT_TYPE */

 /* Error Codes

  *

  * This list is used to define a set of PKIX_Error exception class numbers.

  * ERRMACRO is redefined to produce a corresponding set of

  * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in

  * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then

  * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is

  * initialized in pkix_error.c with the value "MUTEX".

  */

 #define PKIX_ERRORCLASSES \

    ERRMACRO(AIAMGR), \

    ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \

    ERRMACRO(BIGINT), \

    ERRMACRO(BUILD), \

    ERRMACRO(BUILDRESULT), \

    ERRMACRO(BYTEARRAY), \

    ERRMACRO(CERT), \

    ERRMACRO(CERTBASICCONSTRAINTS), \

    ERRMACRO(CERTCHAINCHECKER), \

    ERRMACRO(CERTNAMECONSTRAINTS), \

    ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \

    ERRMACRO(CERTPOLICYCHECKERSTATE), \

    ERRMACRO(CERTPOLICYINFO), \

    ERRMACRO(CERTPOLICYMAP), \

    ERRMACRO(CERTPOLICYNODE), \

    ERRMACRO(CERTPOLICYQUALIFIER), \

    ERRMACRO(CERTSELECTOR), \

    ERRMACRO(CERTSTORE), \

    ERRMACRO(CERTVFYPKIX), \

    ERRMACRO(COLLECTIONCERTSTORECONTEXT), \

    ERRMACRO(COMCERTSELPARAMS), \

    ERRMACRO(COMCRLSELPARAMS), \

    ERRMACRO(CONTEXT), \

    ERRMACRO(CRL), \

    ERRMACRO(CRLDP), \

    ERRMACRO(CRLENTRY), \

    ERRMACRO(CRLSELECTOR), \

    ERRMACRO(CRLCHECKER), \

    ERRMACRO(DATE), \

    ERRMACRO(EKUCHECKER), \

    ERRMACRO(ERROR), \

    ERRMACRO(FATAL), \

    ERRMACRO(FORWARDBUILDERSTATE), \

    ERRMACRO(GENERALNAME), \

    ERRMACRO(HASHTABLE), \

    ERRMACRO(HTTPCERTSTORECONTEXT), \

    ERRMACRO(HTTPDEFAULTCLIENT), \

    ERRMACRO(INFOACCESS), \

    ERRMACRO(LDAPCLIENT), \

    ERRMACRO(LDAPDEFAULTCLIENT), \

    ERRMACRO(LDAPREQUEST), \

    ERRMACRO(LDAPRESPONSE), \

    ERRMACRO(LIFECYCLE), \

    ERRMACRO(LIST), \

    ERRMACRO(LOGGER), \

    ERRMACRO(MEM), \

    ERRMACRO(MONITORLOCK), \

    ERRMACRO(MUTEX), \

    ERRMACRO(OBJECT), \

    ERRMACRO(OCSPCERTID), \

    ERRMACRO(OCSPCHECKER), \

    ERRMACRO(OCSPREQUEST), \

    ERRMACRO(OCSPRESPONSE), \

    ERRMACRO(OID), \

    ERRMACRO(PROCESSINGPARAMS), \

    ERRMACRO(PUBLICKEY), \

    ERRMACRO(RESOURCELIMITS), \

    ERRMACRO(REVOCATIONMETHOD), \

    ERRMACRO(REVOCATIONCHECKER), \

    ERRMACRO(RWLOCK), \

    ERRMACRO(SIGNATURECHECKERSTATE), \

    ERRMACRO(SOCKET), \

    ERRMACRO(STRING), \

    ERRMACRO(TARGETCERTCHECKERSTATE), \

    ERRMACRO(TRUSTANCHOR), \

    ERRMACRO(USERDEFINEDMODULES), \

    ERRMACRO(VALIDATE), \

    ERRMACRO(VALIDATEPARAMS), \

    ERRMACRO(VALIDATERESULT), \

    ERRMACRO(VERIFYNODE), \

    ERRMACRO(X500NAME)

 #define ERRMACRO(type) PKIX_ ## type ## _ERROR

 typedef enum {     /* Now invoke all those ERRMACROs to assign the numbers */

    PKIX_ERRORCLASSES,

    PKIX_NUMERRORCLASSES   /* This gets PKIX_NUMERRORCLASSES defined as the total number */

 } PKIX_ERRORCLASS;

 /* Now define error strings (for internationalization) */

 #define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name

 /* Define all the error numbers */

 typedef enum    {

 #include "pkix_errorstrings.h"

 , PKIX_NUMERRORCODES

 } PKIX_ERRORCODE;

 extern const char * const PKIX_ErrorText[];

 /* String Formats

  *

  * These formats specify supported encoding formats for Strings.

  */

 #define PKIX_ESCASCII           0

 #define PKIX_UTF8               1

 #define PKIX_UTF16              2

 #define PKIX_UTF8_NULL_TERM     3

 #define PKIX_ESCASCII_DEBUG     4

 /* Name Types

  *

  * These types specify supported formats for GeneralNames.

  */

 #define PKIX_OTHER_NAME         1

 #define PKIX_RFC822_NAME        2

 #define PKIX_DNS_NAME           3

 #define PKIX_X400_ADDRESS       4

 #define PKIX_DIRECTORY_NAME     5

 #define PKIX_EDIPARTY_NAME      6

 #define PKIX_URI_NAME           7

 #define PKIX_IP_NAME            8

 #define PKIX_OID_NAME           9

 /* Key Usages

  *

  * These types specify supported Key Usages

  */

 #define PKIX_DIGITAL_SIGNATURE  0x001

 #define PKIX_NON_REPUDIATION    0x002

 #define PKIX_KEY_ENCIPHERMENT   0x004

 #define PKIX_DATA_ENCIPHERMENT  0x008

 #define PKIX_KEY_AGREEMENT      0x010

 #define PKIX_KEY_CERT_SIGN      0x020

 #define PKIX_CRL_SIGN           0x040

 #define PKIX_ENCIPHER_ONLY      0x080

 #define PKIX_DECIPHER_ONLY      0x100

 /* Reason Flags

  *

  * These macros specify supported Reason Flags

  */

 #define PKIX_UNUSED                     0x001

 #define PKIX_KEY_COMPROMISE             0x002

 #define PKIX_CA_COMPROMISE              0x004

 #define PKIX_AFFILIATION_CHANGED        0x008

 #define PKIX_SUPERSEDED                 0x010

 #define PKIX_CESSATION_OF_OPERATION     0x020

 #define PKIX_CERTIFICATE_HOLD           0x040

 #define PKIX_PRIVILEGE_WITHDRAWN        0x080

 #define PKIX_AA_COMPROMISE              0x100

 /* Boolean values

  *

  * These macros specify the Boolean values of TRUE and FALSE

  * XXX Is it the case that any non-zero value is actually considered TRUE

  * and this is just a convenient mnemonic macro?

  */

 #define PKIX_TRUE                       ((PKIX_Boolean) 1)

 #define PKIX_FALSE                      ((PKIX_Boolean) 0)

 /*

  * Define constants for basic constraints selector

  *      (see comments in pkix_certsel.h)

  */

 #define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)

 #define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)

 /*

  * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o

  * object file. It is thrown if system memory cannot be allocated or may be

  * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.

  * IncRef, DecRef and all Settor functions cannot be called.

  * XXX Does anyone actually need to know about this?

  * XXX Why no DecRef? Would be good to handle it the same.

  */

 PKIX_Error* PKIX_ALLOC_ERROR(void);

 /*

  * In a CertBasicConstraints extension, if the CA flag is set,

  * indicating the certificate refers to a Certification

  * Authority, then the pathLen field indicates how many intermediate

  * certificates (not counting self-signed ones) can exist in a valid

  * chain following this certificate. If the pathLen has the value

  * of this constant, then the length of the chain is unlimited

  */

 #define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)

 /*

  * Define Certificate Extension hard-coded OID's

  */

 #define PKIX_UNKNOWN_OID                       SEC_OID_UNKNOWN

 #define PKIX_CERTKEYUSAGE_OID                  SEC_OID_X509_KEY_USAGE

 #define PKIX_CERTSUBJALTNAME_OID               SEC_OID_X509_SUBJECT_ALT_NAME

 #define PKIX_BASICCONSTRAINTS_OID              SEC_OID_X509_BASIC_CONSTRAINTS

 #define PKIX_CRLREASONCODE_OID                 SEC_OID_X509_REASON_CODE

 #define PKIX_NAMECONSTRAINTS_OID               SEC_OID_X509_NAME_CONSTRAINTS

 #define PKIX_CERTIFICATEPOLICIES_OID           SEC_OID_X509_CERTIFICATE_POLICIES

 #define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY

 #define PKIX_POLICYMAPPINGS_OID                SEC_OID_X509_POLICY_MAPPINGS

 #define PKIX_POLICYCONSTRAINTS_OID             SEC_OID_X509_POLICY_CONSTRAINTS

 #define PKIX_EXTENDEDKEYUSAGE_OID              SEC_OID_X509_EXT_KEY_USAGE

 #define PKIX_INHIBITANYPOLICY_OID              SEC_OID_X509_INHIBIT_ANY_POLICY 

 #define PKIX_NSCERTTYPE_OID                    SEC_OID_NS_CERT_EXT_CERT_TYPE

 #define PKIX_KEY_USAGE_SERVER_AUTH_OID         SEC_OID_EXT_KEY_USAGE_SERVER_AUTH

 #define PKIX_KEY_USAGE_CLIENT_AUTH_OID         SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH

 #define PKIX_KEY_USAGE_CODE_SIGN_OID           SEC_OID_EXT_KEY_USAGE_CODE_SIGN

 #define PKIX_KEY_USAGE_EMAIL_PROTECT_OID       SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT

 #define PKIX_KEY_USAGE_TIME_STAMP_OID          SEC_OID_EXT_KEY_USAGE_TIME_STAMP

 #define PKIX_KEY_USAGE_OCSP_RESPONDER_OID      SEC_OID_OCSP_RESPONDER

 /* Available revocation method types. */

 typedef enum PKIX_RevocationMethodTypeEnum {

     PKIX_RevocationMethod_CRL = 0,

     PKIX_RevocationMethod_OCSP,

     PKIX_RevocationMethod_MAX

 } PKIX_RevocationMethodType;

 /* A set of statuses revocation checker operates on */

 typedef enum PKIX_RevocationStatusEnum {

     PKIX_RevStatus_NoInfo = 0,

     PKIX_RevStatus_Revoked,

     PKIX_RevStatus_Success

 } PKIX_RevocationStatus;

 #ifdef __cplusplus

 }

 #endif

 #endif /* _PKIXT_H */