michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef PKIT_H michael@0: #define PKIT_H michael@0: michael@0: /* michael@0: * pkit.h michael@0: * michael@0: * This file contains definitions for the types of the top-level PKI objects. michael@0: */ michael@0: michael@0: #ifndef NSSBASET_H michael@0: #include "nssbaset.h" michael@0: #endif /* NSSBASET_H */ michael@0: michael@0: #ifndef BASET_H michael@0: #include "baset.h" michael@0: #endif /* BASET_H */ michael@0: michael@0: #include "certt.h" michael@0: #include "pkcs11t.h" michael@0: michael@0: #ifndef NSSPKIT_H michael@0: #include "nsspkit.h" michael@0: #endif /* NSSPKIT_H */ michael@0: michael@0: #ifndef NSSDEVT_H michael@0: #include "nssdevt.h" michael@0: #endif /* NSSDEVT_H */ michael@0: michael@0: #ifndef DEVT_H michael@0: #include "devt.h" michael@0: #endif /* DEVT_H */ michael@0: michael@0: #ifndef nssrwlkt_h__ michael@0: #include "nssrwlkt.h" michael@0: #endif /* nssrwlkt_h__ */ michael@0: michael@0: PR_BEGIN_EXTERN_C michael@0: michael@0: /* michael@0: * A note on ephemeral certs michael@0: * michael@0: * The key objects defined here can only be created on tokens, and can only michael@0: * exist on tokens. Therefore, any instance of a key object must have michael@0: * a corresponding cryptoki instance. OTOH, certificates created in michael@0: * crypto contexts need not be stored as session objects on the token. michael@0: * There are good performance reasons for not doing so. The certificate michael@0: * and trust objects have been defined with a cryptoContext field to michael@0: * allow for ephemeral certs, which may have a single instance in a crypto michael@0: * context along with any number (including zero) of cryptoki instances. michael@0: * Since contexts may not share objects, there can be only one context michael@0: * for each object. michael@0: */ michael@0: michael@0: typedef enum { michael@0: nssPKILock = 1, michael@0: nssPKIMonitor = 2 michael@0: } nssPKILockType; michael@0: michael@0: /* nssPKIObject michael@0: * michael@0: * This is the base object class, common to all PKI objects defined in michael@0: * nsspkit.h michael@0: */ michael@0: struct nssPKIObjectStr michael@0: { michael@0: /* The arena for all object memory */ michael@0: NSSArena *arena; michael@0: /* Atomically incremented/decremented reference counting */ michael@0: PRInt32 refCount; michael@0: /* lock protects the array of nssCryptokiInstance's of the object */ michael@0: union { michael@0: PZLock* lock; michael@0: PZMonitor *mlock; michael@0: } sync; michael@0: nssPKILockType lockType; michael@0: /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot michael@0: * be compared against the update level of the trust domain, since it is michael@0: * also affected by import/export. Where is this array needed? michael@0: */ michael@0: nssCryptokiObject **instances; michael@0: PRUint32 numInstances; michael@0: /* The object must live in a trust domain */ michael@0: NSSTrustDomain *trustDomain; michael@0: /* The object may live in a crypto context */ michael@0: NSSCryptoContext *cryptoContext; michael@0: /* XXX added so temp certs can have nickname, think more ... */ michael@0: NSSUTF8 *tempName; michael@0: }; michael@0: michael@0: typedef struct nssDecodedCertStr nssDecodedCert; michael@0: michael@0: typedef struct nssCertificateStoreStr nssCertificateStore; michael@0: michael@0: /* How wide is the scope of this? */ michael@0: typedef struct nssSMIMEProfileStr nssSMIMEProfile; michael@0: michael@0: typedef struct nssPKIObjectStr nssPKIObject; michael@0: michael@0: struct NSSTrustStr michael@0: { michael@0: nssPKIObject object; michael@0: NSSCertificate *certificate; michael@0: nssTrustLevel serverAuth; michael@0: nssTrustLevel clientAuth; michael@0: nssTrustLevel emailProtection; michael@0: nssTrustLevel codeSigning; michael@0: PRBool stepUpApproved; michael@0: }; michael@0: michael@0: struct nssSMIMEProfileStr michael@0: { michael@0: nssPKIObject object; michael@0: NSSCertificate *certificate; michael@0: NSSASCII7 *email; michael@0: NSSDER *subject; michael@0: NSSItem *profileTime; michael@0: NSSItem *profileData; michael@0: }; michael@0: michael@0: struct NSSCertificateStr michael@0: { michael@0: nssPKIObject object; michael@0: NSSCertificateType type; michael@0: NSSItem id; michael@0: NSSBER encoding; michael@0: NSSDER issuer; michael@0: NSSDER subject; michael@0: NSSDER serial; michael@0: NSSASCII7 *email; michael@0: nssDecodedCert *decoding; michael@0: }; michael@0: michael@0: struct NSSPrivateKeyStr; michael@0: michael@0: struct NSSPublicKeyStr; michael@0: michael@0: struct NSSSymmetricKeyStr; michael@0: michael@0: typedef struct nssTDCertificateCacheStr nssTDCertificateCache; michael@0: michael@0: struct NSSTrustDomainStr { michael@0: PRInt32 refCount; michael@0: NSSArena *arena; michael@0: NSSCallback *defaultCallback; michael@0: nssList *tokenList; michael@0: nssListIterator *tokens; michael@0: nssTDCertificateCache *cache; michael@0: NSSRWLock *tokensLock; michael@0: void *spkDigestInfo; michael@0: CERTStatusConfig *statusConfig; michael@0: }; michael@0: michael@0: struct NSSCryptoContextStr michael@0: { michael@0: PRInt32 refCount; michael@0: NSSArena *arena; michael@0: NSSTrustDomain *td; michael@0: NSSToken *token; michael@0: nssSession *session; michael@0: nssCertificateStore *certStore; michael@0: }; michael@0: michael@0: struct NSSTimeStr { michael@0: PRTime prTime; michael@0: }; michael@0: michael@0: struct NSSCRLStr { michael@0: nssPKIObject object; michael@0: NSSDER encoding; michael@0: NSSUTF8 *url; michael@0: PRBool isKRL; michael@0: }; michael@0: michael@0: typedef struct NSSCRLStr NSSCRL; michael@0: michael@0: struct NSSPoliciesStr; michael@0: michael@0: struct NSSAlgorithmAndParametersStr; michael@0: michael@0: struct NSSPKIXCertificateStr; michael@0: michael@0: PR_END_EXTERN_C michael@0: michael@0: #endif /* PKIT_H */