michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef PKITM_H michael@0: #define PKITM_H michael@0: michael@0: /* michael@0: * pkitm.h michael@0: * michael@0: * This file contains PKI-module specific types. michael@0: */ michael@0: michael@0: #ifndef BASET_H michael@0: #include "baset.h" michael@0: #endif /* BASET_H */ michael@0: michael@0: #ifndef PKIT_H michael@0: #include "pkit.h" michael@0: #endif /* PKIT_H */ michael@0: michael@0: PR_BEGIN_EXTERN_C michael@0: michael@0: typedef enum nssCertIDMatchEnum { michael@0: nssCertIDMatch_Yes = 0, michael@0: nssCertIDMatch_No = 1, michael@0: nssCertIDMatch_Unknown = 2 michael@0: } nssCertIDMatch; michael@0: michael@0: /* michael@0: * nssDecodedCert michael@0: * michael@0: * This is an interface to allow the PKI module access to certificate michael@0: * information that can only be found by decoding. The interface is michael@0: * generic, allowing each certificate type its own way of providing michael@0: * the information michael@0: */ michael@0: struct nssDecodedCertStr { michael@0: NSSCertificateType type; michael@0: void *data; michael@0: /* returns the unique identifier for the cert */ michael@0: NSSItem * (*getIdentifier)(nssDecodedCert *dc); michael@0: /* returns the unique identifier for this cert's issuer */ michael@0: void * (*getIssuerIdentifier)(nssDecodedCert *dc); michael@0: /* is id the identifier for this cert? */ michael@0: nssCertIDMatch (*matchIdentifier)(nssDecodedCert *dc, void *id); michael@0: /* is this cert a valid CA cert? */ michael@0: PRBool (*isValidIssuer)(nssDecodedCert *dc); michael@0: /* returns the cert usage */ michael@0: NSSUsage * (*getUsage)(nssDecodedCert *dc); michael@0: /* is time within the validity period of the cert? */ michael@0: PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time); michael@0: /* is the validity period of this cert newer than cmpdc? */ michael@0: PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc); michael@0: /* does the usage for this cert match the requested usage? */ michael@0: PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage); michael@0: /* is this cert trusted for the requested usage? */ michael@0: PRBool (*isTrustedForUsage)(nssDecodedCert *dc, michael@0: const NSSUsage *usage); michael@0: /* extract the email address */ michael@0: NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc); michael@0: /* extract the DER-encoded serial number */ michael@0: PRStatus (*getDERSerialNumber)(nssDecodedCert *dc, michael@0: NSSDER *derSerial, NSSArena *arena); michael@0: }; michael@0: michael@0: struct NSSUsageStr { michael@0: PRBool anyUsage; michael@0: SECCertUsage nss3usage; michael@0: PRBool nss3lookingForCA; michael@0: }; michael@0: michael@0: typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection; michael@0: michael@0: typedef struct michael@0: { michael@0: union { michael@0: PRStatus (* cert)(NSSCertificate *c, void *arg); michael@0: PRStatus (* crl)(NSSCRL *crl, void *arg); michael@0: PRStatus (* pvkey)(NSSPrivateKey *vk, void *arg); michael@0: PRStatus (* pbkey)(NSSPublicKey *bk, void *arg); michael@0: } func; michael@0: void *arg; michael@0: } nssPKIObjectCallback; michael@0: michael@0: PR_END_EXTERN_C michael@0: michael@0: #endif /* PKITM_H */