security/nss/lib/softoken/legacydb/pcert.h@b8a032363ba2
security/nss/lib/softoken/legacydb/pcert.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifndef _PCERTDB_H_
6 #define _PCERTDB_H_
8 #include "plarena.h"
9 #include "prlong.h"
10 #include "pcertt.h"
12 #include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */
14 SEC_BEGIN_PROTOS
16 /*
17 * initialize any global certificate locks
18 */
19 SECStatus nsslowcert_InitLocks(void);
21 /*
22 ** Add a DER encoded certificate to the permanent database.
23 ** "derCert" is the DER encoded certificate.
24 ** "nickname" is the nickname to use for the cert
25 ** "trust" is the trust parameters for the cert
26 */
27 SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle,
28 NSSLOWCERTCertificate *cert,
29 char *nickname, NSSLOWCERTCertTrust *trust);
30 SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
31 NSSLOWCERTCertificate *cert, char *nickname);
33 SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
35 typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert,
36 SECItem *k, void *pdata);
37 /*
38 ** Traverse the entire permanent database, and pass the certs off to a
39 ** user supplied function.
40 ** "certfunc" is the user function to call for each certificate
41 ** "udata" is the user's data, which is passed through to "certfunc"
42 */
43 SECStatus
44 nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
45 PermCertCallback certfunc,
46 void *udata );
48 PRBool
49 nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
51 certDBEntryRevocation *
52 nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
53 SECItem *crlKey, PRBool isKRL);
55 SECStatus
56 nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,const SECItem *derName,
57 PRBool isKRL);
58 SECStatus
59 nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl ,
60 SECItem *derKey, char *url, PRBool isKRL);
62 NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
63 NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
65 NSSLOWCERTCertificate *
66 nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
67 char *nickname, PRBool isperm, PRBool copyDER);
68 NSSLOWCERTCertificate *
69 nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
70 void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
71 void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
73 /*
74 * Lookup a certificate in the databases without locking
75 * "certKey" is the database key to look for
76 *
77 * XXX - this should be internal, but pkcs 11 needs to call it during a
78 * traversal.
79 */
80 NSSLOWCERTCertificate *
81 nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
83 /*
84 * Lookup trust for a certificate in the databases without locking
85 * "certKey" is the database key to look for
86 *
87 * XXX - this should be internal, but pkcs 11 needs to call it during a
88 * traversal.
89 */
90 NSSLOWCERTTrust *
91 nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
93 /*
94 ** Generate a certificate key from the issuer and serialnumber, then look it
95 ** up in the database. Return the cert if found.
96 ** "issuerAndSN" is the issuer and serial number to look for
97 */
98 extern NSSLOWCERTCertificate *
99 nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
101 /*
102 ** Generate a certificate key from the issuer and serialnumber, then look it
103 ** up in the database. Return the cert if found.
104 ** "issuerAndSN" is the issuer and serial number to look for
105 */
106 extern NSSLOWCERTTrust *
107 nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
109 /*
110 ** Find a certificate in the database by a DER encoded certificate
111 ** "derCert" is the DER encoded certificate
112 */
113 extern NSSLOWCERTCertificate *
114 nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
116 /* convert an email address to lower case */
117 char *nsslowcert_FixupEmailAddr(char *emailAddr);
119 /*
120 ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
121 ** "derSignedCert" is the DER encoded signed certificate
122 ** "copyDER" is true if the DER should be copied, false if the
123 ** existing copy should be referenced
124 ** "nickname" is the nickname to use in the database. If it is NULL
125 ** then a temporary nickname is generated.
126 */
127 extern NSSLOWCERTCertificate *
128 nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname);
130 SECStatus
131 nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key);
133 certDBEntrySMime *
134 nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
135 char *emailAddr);
136 void
137 nsslowcert_DestroyDBEntry(certDBEntry *entry);
139 SECStatus
140 nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
141 const char *domain, const char *prefix,
142 NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
144 void
145 nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
147 /*
148 * is certa newer than certb? If one is expired, pick the other one.
149 */
150 PRBool
151 nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
154 SECStatus
155 nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
156 certDBEntryType type,
157 SECStatus (* callback)(SECItem *data, SECItem *key,
158 certDBEntryType type, void *pdata),
159 void *udata );
160 SECStatus
161 nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
162 SECItem *derSubject,
163 NSSLOWCERTCertCallback cb, void *cbarg);
164 int
165 nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
166 SECItem *derSubject);
167 SECStatus
168 nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
169 char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
171 int
172 nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
173 char *nickname);
174 SECStatus
175 nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
176 NSSLOWCERTCertTrust *trust);
178 SECStatus
179 nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
180 SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
182 /*
183 * Change the trust attributes of a certificate and make them permanent
184 * in the database.
185 */
186 SECStatus
187 nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
188 NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
190 PRBool
191 nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
193 void
194 nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
196 PRBool
197 nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
199 void
200 nsslowcert_DestroyFreeLists(void);
202 void
203 nsslowcert_DestroyGlobalLocks(void);
205 void
206 pkcs11_freeNickname(char *nickname, char *space);
208 char *
209 pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
211 void
212 pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
214 unsigned char *
215 pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
217 unsigned char *
218 pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
219 int spaceLen);
220 NSSLOWCERTCertificate *
221 nsslowcert_CreateCert(void);
223 certDBEntry *
224 nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey,
225 certDBEntryType entryType, void *pdata);
227 SEC_END_PROTOS
229 #endif /* _PCERTDB_H_ */
