michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _PCERTDB_H_ michael@0: #define _PCERTDB_H_ michael@0: michael@0: #include "plarena.h" michael@0: #include "prlong.h" michael@0: #include "pcertt.h" michael@0: michael@0: #include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */ michael@0: michael@0: SEC_BEGIN_PROTOS michael@0: michael@0: /* michael@0: * initialize any global certificate locks michael@0: */ michael@0: SECStatus nsslowcert_InitLocks(void); michael@0: michael@0: /* michael@0: ** Add a DER encoded certificate to the permanent database. michael@0: ** "derCert" is the DER encoded certificate. michael@0: ** "nickname" is the nickname to use for the cert michael@0: ** "trust" is the trust parameters for the cert michael@0: */ michael@0: SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, michael@0: NSSLOWCERTCertificate *cert, michael@0: char *nickname, NSSLOWCERTCertTrust *trust); michael@0: SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle, michael@0: NSSLOWCERTCertificate *cert, char *nickname); michael@0: michael@0: SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert); michael@0: michael@0: typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert, michael@0: SECItem *k, void *pdata); michael@0: /* michael@0: ** Traverse the entire permanent database, and pass the certs off to a michael@0: ** user supplied function. michael@0: ** "certfunc" is the user function to call for each certificate michael@0: ** "udata" is the user's data, which is passed through to "certfunc" michael@0: */ michael@0: SECStatus michael@0: nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle, michael@0: PermCertCallback certfunc, michael@0: void *udata ); michael@0: michael@0: PRBool michael@0: nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle); michael@0: michael@0: certDBEntryRevocation * michael@0: nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, michael@0: SECItem *crlKey, PRBool isKRL); michael@0: michael@0: SECStatus michael@0: nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,const SECItem *derName, michael@0: PRBool isKRL); michael@0: SECStatus michael@0: nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl , michael@0: SECItem *derKey, char *url, PRBool isKRL); michael@0: michael@0: NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB(); michael@0: NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *); michael@0: michael@0: NSSLOWCERTCertificate * michael@0: nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert, michael@0: char *nickname, PRBool isperm, PRBool copyDER); michael@0: NSSLOWCERTCertificate * michael@0: nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert); michael@0: void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert); michael@0: void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust); michael@0: michael@0: /* michael@0: * Lookup a certificate in the databases without locking michael@0: * "certKey" is the database key to look for michael@0: * michael@0: * XXX - this should be internal, but pkcs 11 needs to call it during a michael@0: * traversal. michael@0: */ michael@0: NSSLOWCERTCertificate * michael@0: nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); michael@0: michael@0: /* michael@0: * Lookup trust for a certificate in the databases without locking michael@0: * "certKey" is the database key to look for michael@0: * michael@0: * XXX - this should be internal, but pkcs 11 needs to call it during a michael@0: * traversal. michael@0: */ michael@0: NSSLOWCERTTrust * michael@0: nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); michael@0: michael@0: /* michael@0: ** Generate a certificate key from the issuer and serialnumber, then look it michael@0: ** up in the database. Return the cert if found. michael@0: ** "issuerAndSN" is the issuer and serial number to look for michael@0: */ michael@0: extern NSSLOWCERTCertificate * michael@0: nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); michael@0: michael@0: /* michael@0: ** Generate a certificate key from the issuer and serialnumber, then look it michael@0: ** up in the database. Return the cert if found. michael@0: ** "issuerAndSN" is the issuer and serial number to look for michael@0: */ michael@0: extern NSSLOWCERTTrust * michael@0: nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); michael@0: michael@0: /* michael@0: ** Find a certificate in the database by a DER encoded certificate michael@0: ** "derCert" is the DER encoded certificate michael@0: */ michael@0: extern NSSLOWCERTCertificate * michael@0: nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert); michael@0: michael@0: /* convert an email address to lower case */ michael@0: char *nsslowcert_FixupEmailAddr(char *emailAddr); michael@0: michael@0: /* michael@0: ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure michael@0: ** "derSignedCert" is the DER encoded signed certificate michael@0: ** "copyDER" is true if the DER should be copied, false if the michael@0: ** existing copy should be referenced michael@0: ** "nickname" is the nickname to use in the database. If it is NULL michael@0: ** then a temporary nickname is generated. michael@0: */ michael@0: extern NSSLOWCERTCertificate * michael@0: nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname); michael@0: michael@0: SECStatus michael@0: nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key); michael@0: michael@0: certDBEntrySMime * michael@0: nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle, michael@0: char *emailAddr); michael@0: void michael@0: nsslowcert_DestroyDBEntry(certDBEntry *entry); michael@0: michael@0: SECStatus michael@0: nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, michael@0: const char *domain, const char *prefix, michael@0: NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile); michael@0: michael@0: void michael@0: nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle); michael@0: michael@0: /* michael@0: * is certa newer than certb? If one is expired, pick the other one. michael@0: */ michael@0: PRBool michael@0: nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb); michael@0: michael@0: michael@0: SECStatus michael@0: nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle, michael@0: certDBEntryType type, michael@0: SECStatus (* callback)(SECItem *data, SECItem *key, michael@0: certDBEntryType type, void *pdata), michael@0: void *udata ); michael@0: SECStatus michael@0: nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle, michael@0: SECItem *derSubject, michael@0: NSSLOWCERTCertCallback cb, void *cbarg); michael@0: int michael@0: nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle, michael@0: SECItem *derSubject); michael@0: SECStatus michael@0: nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle, michael@0: char *nickname, NSSLOWCERTCertCallback cb, void *cbarg); michael@0: michael@0: int michael@0: nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, michael@0: char *nickname); michael@0: SECStatus michael@0: nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert, michael@0: NSSLOWCERTCertTrust *trust); michael@0: michael@0: SECStatus michael@0: nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, michael@0: SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime); michael@0: michael@0: /* michael@0: * Change the trust attributes of a certificate and make them permanent michael@0: * in the database. michael@0: */ michael@0: SECStatus michael@0: nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, michael@0: NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust); michael@0: michael@0: PRBool michael@0: nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle); michael@0: michael@0: void michael@0: nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value); michael@0: michael@0: PRBool michael@0: nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust); michael@0: michael@0: void michael@0: nsslowcert_DestroyFreeLists(void); michael@0: michael@0: void michael@0: nsslowcert_DestroyGlobalLocks(void); michael@0: michael@0: void michael@0: pkcs11_freeNickname(char *nickname, char *space); michael@0: michael@0: char * michael@0: pkcs11_copyNickname(char *nickname, char *space, int spaceLen); michael@0: michael@0: void michael@0: pkcs11_freeStaticData(unsigned char *data, unsigned char *space); michael@0: michael@0: unsigned char * michael@0: pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen); michael@0: michael@0: unsigned char * michael@0: pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space, michael@0: int spaceLen); michael@0: NSSLOWCERTCertificate * michael@0: nsslowcert_CreateCert(void); michael@0: michael@0: certDBEntry * michael@0: nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey, michael@0: certDBEntryType entryType, void *pdata); michael@0: michael@0: SEC_END_PROTOS michael@0: michael@0: #endif /* _PCERTDB_H_ */