michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef PKIM_H michael@0: #define PKIM_H michael@0: michael@0: #ifndef BASE_H michael@0: #include "base.h" michael@0: #endif /* BASE_H */ michael@0: michael@0: #ifndef PKI_H michael@0: #include "pki.h" michael@0: #endif /* PKI_H */ michael@0: michael@0: #ifndef PKITM_H michael@0: #include "pkitm.h" michael@0: #endif /* PKITM_H */ michael@0: michael@0: PR_BEGIN_EXTERN_C michael@0: michael@0: /* nssPKIObject michael@0: * michael@0: * This is the base object class, common to all PKI objects defined in michael@0: * in this module. Each object can be safely 'casted' to an nssPKIObject, michael@0: * then passed to these methods. michael@0: * michael@0: * nssPKIObject_Create michael@0: * nssPKIObject_Destroy michael@0: * nssPKIObject_AddRef michael@0: * nssPKIObject_AddInstance michael@0: * nssPKIObject_HasInstance michael@0: * nssPKIObject_GetTokens michael@0: * nssPKIObject_GetNicknameForToken michael@0: * nssPKIObject_RemoveInstanceForToken michael@0: * nssPKIObject_DeleteStoredObject michael@0: */ michael@0: michael@0: NSS_EXTERN void nssPKIObject_Lock (nssPKIObject * object); michael@0: NSS_EXTERN void nssPKIObject_Unlock (nssPKIObject * object); michael@0: NSS_EXTERN PRStatus nssPKIObject_NewLock (nssPKIObject * object, michael@0: nssPKILockType lockType); michael@0: NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject * object); michael@0: michael@0: /* nssPKIObject_Create michael@0: * michael@0: * A generic PKI object. It must live in a trust domain. It may be michael@0: * initialized with a token instance, or alternatively in a crypto context. michael@0: */ michael@0: NSS_EXTERN nssPKIObject * michael@0: nssPKIObject_Create michael@0: ( michael@0: NSSArena *arenaOpt, michael@0: nssCryptokiObject *instanceOpt, michael@0: NSSTrustDomain *td, michael@0: NSSCryptoContext *ccOpt, michael@0: nssPKILockType lockType michael@0: ); michael@0: michael@0: /* nssPKIObject_AddRef michael@0: */ michael@0: NSS_EXTERN nssPKIObject * michael@0: nssPKIObject_AddRef michael@0: ( michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: /* nssPKIObject_Destroy michael@0: * michael@0: * Returns true if object was destroyed. This notifies the subclass that michael@0: * all references are gone and it should delete any members it owns. michael@0: */ michael@0: NSS_EXTERN PRBool michael@0: nssPKIObject_Destroy michael@0: ( michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: /* nssPKIObject_AddInstance michael@0: * michael@0: * Add a token instance to the object, if it does not have it already. michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObject_AddInstance michael@0: ( michael@0: nssPKIObject *object, michael@0: nssCryptokiObject *instance michael@0: ); michael@0: michael@0: /* nssPKIObject_HasInstance michael@0: * michael@0: * Query the object for a token instance. michael@0: */ michael@0: NSS_EXTERN PRBool michael@0: nssPKIObject_HasInstance michael@0: ( michael@0: nssPKIObject *object, michael@0: nssCryptokiObject *instance michael@0: ); michael@0: michael@0: /* nssPKIObject_GetTokens michael@0: * michael@0: * Get all tokens which have an instance of the object. michael@0: */ michael@0: NSS_EXTERN NSSToken ** michael@0: nssPKIObject_GetTokens michael@0: ( michael@0: nssPKIObject *object, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* nssPKIObject_GetNicknameForToken michael@0: * michael@0: * tokenOpt == NULL means take the first available, otherwise return the michael@0: * nickname for the specified token. michael@0: */ michael@0: NSS_EXTERN NSSUTF8 * michael@0: nssPKIObject_GetNicknameForToken michael@0: ( michael@0: nssPKIObject *object, michael@0: NSSToken *tokenOpt michael@0: ); michael@0: michael@0: /* nssPKIObject_RemoveInstanceForToken michael@0: * michael@0: * Remove the instance of the object on the specified token. michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObject_RemoveInstanceForToken michael@0: ( michael@0: nssPKIObject *object, michael@0: NSSToken *token michael@0: ); michael@0: michael@0: /* nssPKIObject_DeleteStoredObject michael@0: * michael@0: * Delete all token instances of the object, as well as any crypto context michael@0: * instances (TODO). If any of the instances are read-only, or if the michael@0: * removal fails, the object will keep those instances. 'isFriendly' refers michael@0: * to the object -- can this object be removed from a friendly token without michael@0: * login? For example, certificates are friendly, private keys are not. michael@0: * Note that if the token is not friendly, authentication will be required michael@0: * regardless of the value of 'isFriendly'. michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObject_DeleteStoredObject michael@0: ( michael@0: nssPKIObject *object, michael@0: NSSCallback *uhh, michael@0: PRBool isFriendly michael@0: ); michael@0: michael@0: NSS_EXTERN nssCryptokiObject ** michael@0: nssPKIObject_GetInstances michael@0: ( michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssTrustDomain_FindCertificatesByID michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSItem *id, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 maximumOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: NSS_EXTERN NSSCRL ** michael@0: nssTrustDomain_FindCRLsBySubject michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER *subject michael@0: ); michael@0: michael@0: /* module-private nsspki methods */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: nssCryptoContext_Create michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* XXX for the collection */ michael@0: NSS_EXTERN NSSCertificate * michael@0: nssCertificate_Create michael@0: ( michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssCertificate_SetCertTrust michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSTrust *trust michael@0: ); michael@0: michael@0: NSS_EXTERN nssDecodedCert * michael@0: nssCertificate_GetDecoding michael@0: ( michael@0: NSSCertificate *c michael@0: ); michael@0: michael@0: extern PRIntn michael@0: nssCertificate_SubjectListSort michael@0: ( michael@0: void *v1, michael@0: void *v2 michael@0: ); michael@0: michael@0: NSS_EXTERN nssDecodedCert * michael@0: nssDecodedCert_Create michael@0: ( michael@0: NSSArena *arenaOpt, michael@0: NSSDER *encoding, michael@0: NSSCertificateType type michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssDecodedCert_Destroy michael@0: ( michael@0: nssDecodedCert *dc michael@0: ); michael@0: michael@0: NSS_EXTERN NSSTrust * michael@0: nssTrust_Create michael@0: ( michael@0: nssPKIObject *object, michael@0: NSSItem *certData michael@0: ); michael@0: michael@0: NSS_EXTERN NSSCRL * michael@0: nssCRL_Create michael@0: ( michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: NSS_EXTERN NSSCRL * michael@0: nssCRL_AddRef michael@0: ( michael@0: NSSCRL *crl michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssCRL_Destroy michael@0: ( michael@0: NSSCRL *crl michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssCRL_DeleteStoredObject michael@0: ( michael@0: NSSCRL *crl, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: NSS_EXTERN NSSPrivateKey * michael@0: nssPrivateKey_Create michael@0: ( michael@0: nssPKIObject *o michael@0: ); michael@0: michael@0: NSS_EXTERN NSSDER * michael@0: nssCRL_GetEncoding michael@0: ( michael@0: NSSCRL *crl michael@0: ); michael@0: michael@0: NSS_EXTERN NSSPublicKey * michael@0: nssPublicKey_Create michael@0: ( michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: /* nssCertificateArray michael@0: * michael@0: * These are being thrown around a lot, might as well group together some michael@0: * functionality. michael@0: * michael@0: * nssCertificateArray_Destroy michael@0: * nssCertificateArray_Join michael@0: * nssCertificateArray_FindBestCertificate michael@0: * nssCertificateArray_Traverse michael@0: */ michael@0: michael@0: /* nssCertificateArray_Destroy michael@0: * michael@0: * Will destroy the array and the certs within it. If the array was created michael@0: * in an arena, will *not* (of course) destroy the arena. However, is safe michael@0: * to call this method on an arena-allocated array. michael@0: */ michael@0: NSS_EXTERN void michael@0: nssCertificateArray_Destroy michael@0: ( michael@0: NSSCertificate **certs michael@0: ); michael@0: michael@0: /* nssCertificateArray_Join michael@0: * michael@0: * Join two arrays into one. The two arrays, certs1 and certs2, should michael@0: * be considered invalid after a call to this function (they may be destroyed michael@0: * as part of the join). certs1 and/or certs2 may be NULL. Safe to michael@0: * call with arrays allocated in an arena, the result will also be in the michael@0: * arena. michael@0: */ michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssCertificateArray_Join michael@0: ( michael@0: NSSCertificate **certs1, michael@0: NSSCertificate **certs2 michael@0: ); michael@0: michael@0: /* nssCertificateArray_FindBestCertificate michael@0: * michael@0: * Use the usual { time, usage, policies } to find the best cert in the michael@0: * array. michael@0: */ michael@0: NSS_EXTERN NSSCertificate * michael@0: nssCertificateArray_FindBestCertificate michael@0: ( michael@0: NSSCertificate **certs, michael@0: NSSTime *timeOpt, michael@0: const NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* nssCertificateArray_Traverse michael@0: * michael@0: * Do the callback for each cert, terminate the traversal if the callback michael@0: * fails. michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssCertificateArray_Traverse michael@0: ( michael@0: NSSCertificate **certs, michael@0: PRStatus (* callback)(NSSCertificate *c, void *arg), michael@0: void *arg michael@0: ); michael@0: michael@0: NSS_EXTERN void michael@0: nssCRLArray_Destroy michael@0: ( michael@0: NSSCRL **crls michael@0: ); michael@0: michael@0: /* nssPKIObjectCollection michael@0: * michael@0: * This is a handy way to group objects together and perform operations michael@0: * on them. It can also handle "proto-objects"-- references to michael@0: * objects instances on tokens, where the actual object hasn't michael@0: * been formed yet. michael@0: * michael@0: * nssCertificateCollection_Create michael@0: * nssPrivateKeyCollection_Create michael@0: * nssPublicKeyCollection_Create michael@0: * michael@0: * If this was a language that provided for inheritance, each type would michael@0: * inherit all of the following methods. Instead, there is only one michael@0: * type (nssPKIObjectCollection), shared among all. This may cause michael@0: * confusion; an alternative would be to define all of the methods michael@0: * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't michael@0: * seem worth the code bloat.. It is left up to the caller to remember michael@0: * what type of collection he/she is dealing with. michael@0: * michael@0: * nssPKIObjectCollection_Destroy michael@0: * nssPKIObjectCollection_Count michael@0: * nssPKIObjectCollection_AddObject michael@0: * nssPKIObjectCollection_AddInstances michael@0: * nssPKIObjectCollection_Traverse michael@0: * michael@0: * Back to type-specific methods. michael@0: * michael@0: * nssPKIObjectCollection_GetCertificates michael@0: * nssPKIObjectCollection_GetCRLs michael@0: * nssPKIObjectCollection_GetPrivateKeys michael@0: * nssPKIObjectCollection_GetPublicKeys michael@0: */ michael@0: michael@0: /* nssCertificateCollection_Create michael@0: * michael@0: * Create a collection of certificates in the specified trust domain. michael@0: * Optionally provide a starting set of certs. michael@0: */ michael@0: NSS_EXTERN nssPKIObjectCollection * michael@0: nssCertificateCollection_Create michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCertificate **certsOpt michael@0: ); michael@0: michael@0: /* nssCRLCollection_Create michael@0: * michael@0: * Create a collection of CRLs/KRLs in the specified trust domain. michael@0: * Optionally provide a starting set of CRLs. michael@0: */ michael@0: NSS_EXTERN nssPKIObjectCollection * michael@0: nssCRLCollection_Create michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCRL **crlsOpt michael@0: ); michael@0: michael@0: /* nssPrivateKeyCollection_Create michael@0: * michael@0: * Create a collection of private keys in the specified trust domain. michael@0: * Optionally provide a starting set of keys. michael@0: */ michael@0: NSS_EXTERN nssPKIObjectCollection * michael@0: nssPrivateKeyCollection_Create michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSPrivateKey **pvkOpt michael@0: ); michael@0: michael@0: /* nssPublicKeyCollection_Create michael@0: * michael@0: * Create a collection of public keys in the specified trust domain. michael@0: * Optionally provide a starting set of keys. michael@0: */ michael@0: NSS_EXTERN nssPKIObjectCollection * michael@0: nssPublicKeyCollection_Create michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSPublicKey **pvkOpt michael@0: ); michael@0: michael@0: /* nssPKIObjectCollection_Destroy michael@0: */ michael@0: NSS_EXTERN void michael@0: nssPKIObjectCollection_Destroy michael@0: ( michael@0: nssPKIObjectCollection *collection michael@0: ); michael@0: michael@0: /* nssPKIObjectCollection_Count michael@0: */ michael@0: NSS_EXTERN PRUint32 michael@0: nssPKIObjectCollection_Count michael@0: ( michael@0: nssPKIObjectCollection *collection michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObjectCollection_AddObject michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: nssPKIObject *object michael@0: ); michael@0: michael@0: /* nssPKIObjectCollection_AddInstances michael@0: * michael@0: * Add a set of object instances to the collection. The instances michael@0: * will be sorted into any existing certs/proto-certs that may be in michael@0: * the collection. The instances will be absorbed by the collection, michael@0: * the array should not be used after this call (except to free it). michael@0: * michael@0: * Failure means the collection is in an invalid state. michael@0: * michael@0: * numInstances = 0 means the array is NULL-terminated michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObjectCollection_AddInstances michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: nssCryptokiObject **instances, michael@0: PRUint32 numInstances michael@0: ); michael@0: michael@0: /* nssPKIObjectCollection_Traverse michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObjectCollection_Traverse michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: nssPKIObjectCallback *callback michael@0: ); michael@0: michael@0: /* This function is being added for NSS 3.5. It corresponds to the function michael@0: * nssToken_TraverseCertificates. The idea is to use the collection during michael@0: * a traversal, creating certs each time a new instance is added for which michael@0: * a cert does not already exist. michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssPKIObjectCollection_AddInstanceAsObject michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: nssCryptokiObject *instance michael@0: ); michael@0: michael@0: /* nssPKIObjectCollection_GetCertificates michael@0: * michael@0: * Get all of the certificates in the collection. michael@0: */ michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssPKIObjectCollection_GetCertificates michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 maximumOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: NSS_EXTERN NSSCRL ** michael@0: nssPKIObjectCollection_GetCRLs michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: NSSCRL **rvOpt, michael@0: PRUint32 maximumOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: NSS_EXTERN NSSPrivateKey ** michael@0: nssPKIObjectCollection_GetPrivateKeys michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: NSSPrivateKey **rvOpt, michael@0: PRUint32 maximumOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: NSS_EXTERN NSSPublicKey ** michael@0: nssPKIObjectCollection_GetPublicKeys michael@0: ( michael@0: nssPKIObjectCollection *collection, michael@0: NSSPublicKey **rvOpt, michael@0: PRUint32 maximumOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: NSS_EXTERN NSSTime * michael@0: NSSTime_Now michael@0: ( michael@0: NSSTime *timeOpt michael@0: ); michael@0: michael@0: NSS_EXTERN NSSTime * michael@0: NSSTime_SetPRTime michael@0: ( michael@0: NSSTime *timeOpt, michael@0: PRTime prTime michael@0: ); michael@0: michael@0: NSS_EXTERN PRTime michael@0: NSSTime_GetPRTime michael@0: ( michael@0: NSSTime *time michael@0: ); michael@0: michael@0: NSS_EXTERN nssHash * michael@0: nssHash_CreateCertificate michael@0: ( michael@0: NSSArena *arenaOpt, michael@0: PRUint32 numBuckets michael@0: ); michael@0: michael@0: /* 3.4 Certificate cache routines */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssTrustDomain_InitializeCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: PRUint32 cacheSize michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssTrustDomain_AddCertsToCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCertificate **certs, michael@0: PRUint32 numCerts michael@0: ); michael@0: michael@0: NSS_EXTERN void michael@0: nssTrustDomain_RemoveCertFromCacheLOCKED ( michael@0: NSSTrustDomain *td, michael@0: NSSCertificate *cert michael@0: ); michael@0: michael@0: NSS_EXTERN void michael@0: nssTrustDomain_LockCertCache ( michael@0: NSSTrustDomain *td michael@0: ); michael@0: michael@0: NSS_EXTERN void michael@0: nssTrustDomain_UnlockCertCache ( michael@0: NSSTrustDomain *td michael@0: ); michael@0: michael@0: NSS_IMPLEMENT PRStatus michael@0: nssTrustDomain_DestroyCache michael@0: ( michael@0: NSSTrustDomain *td michael@0: ); michael@0: michael@0: /* michael@0: * Remove all certs for the given token from the cache. This is michael@0: * needed if the token is removed. michael@0: */ michael@0: NSS_EXTERN PRStatus michael@0: nssTrustDomain_RemoveTokenCertsFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSToken *token michael@0: ); michael@0: michael@0: NSS_EXTERN PRStatus michael@0: nssTrustDomain_UpdateCachedTokenCerts michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSToken *token michael@0: ); michael@0: michael@0: /* michael@0: * Find all cached certs with this nickname (label). michael@0: */ michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssTrustDomain_GetCertsForNicknameFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: const NSSUTF8 *nickname, michael@0: nssList *certListOpt michael@0: ); michael@0: michael@0: /* michael@0: * Find all cached certs with this email address. michael@0: */ michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssTrustDomain_GetCertsForEmailAddressFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSASCII7 *email, michael@0: nssList *certListOpt michael@0: ); michael@0: michael@0: /* michael@0: * Find all cached certs with this subject. michael@0: */ michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssTrustDomain_GetCertsForSubjectFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER *subject, michael@0: nssList *certListOpt michael@0: ); michael@0: michael@0: /* michael@0: * Look for a specific cert in the cache. michael@0: */ michael@0: NSS_EXTERN NSSCertificate * michael@0: nssTrustDomain_GetCertForIssuerAndSNFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER *issuer, michael@0: NSSDER *serialNum michael@0: ); michael@0: michael@0: /* michael@0: * Look for a specific cert in the cache. michael@0: */ michael@0: NSS_EXTERN NSSCertificate * michael@0: nssTrustDomain_GetCertByDERFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER *der michael@0: ); michael@0: michael@0: /* Get all certs from the cache */ michael@0: /* XXX this is being included to make some old-style calls word, not to michael@0: * say we should keep it michael@0: */ michael@0: NSS_EXTERN NSSCertificate ** michael@0: nssTrustDomain_GetCertsFromCache michael@0: ( michael@0: NSSTrustDomain *td, michael@0: nssList *certListOpt michael@0: ); michael@0: michael@0: NSS_EXTERN void michael@0: nssTrustDomain_DumpCacheInfo michael@0: ( michael@0: NSSTrustDomain *td, michael@0: void (* cert_dump_iter)(const void *, void *, void *), michael@0: void *arg michael@0: ); michael@0: michael@0: NSS_EXTERN void michael@0: nssCertificateList_AddReferences michael@0: ( michael@0: nssList *certList michael@0: ); michael@0: michael@0: PR_END_EXTERN_C michael@0: michael@0: #endif /* PKIM_H */