Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/pki/pkit.h @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1e5118fa0cb1
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef PKIT_H
6 #define PKIT_H
7
8 /*
9 * pkit.h
10 *
11 * This file contains definitions for the types of the top-level PKI objects.
12 */
13
14 #ifndef NSSBASET_H
15 #include "nssbaset.h"
16 #endif /* NSSBASET_H */
17
18 #ifndef BASET_H
19 #include "baset.h"
20 #endif /* BASET_H */
21
22 #include "certt.h"
23 #include "pkcs11t.h"
24
25 #ifndef NSSPKIT_H
26 #include "nsspkit.h"
27 #endif /* NSSPKIT_H */
28
29 #ifndef NSSDEVT_H
30 #include "nssdevt.h"
31 #endif /* NSSDEVT_H */
32
33 #ifndef DEVT_H
34 #include "devt.h"
35 #endif /* DEVT_H */
36
37 #ifndef nssrwlkt_h__
38 #include "nssrwlkt.h"
39 #endif /* nssrwlkt_h__ */
40
41 PR_BEGIN_EXTERN_C
42
43 /*
44 * A note on ephemeral certs
45 *
46 * The key objects defined here can only be created on tokens, and can only
47 * exist on tokens. Therefore, any instance of a key object must have
48 * a corresponding cryptoki instance. OTOH, certificates created in
49 * crypto contexts need not be stored as session objects on the token.
50 * There are good performance reasons for not doing so. The certificate
51 * and trust objects have been defined with a cryptoContext field to
52 * allow for ephemeral certs, which may have a single instance in a crypto
53 * context along with any number (including zero) of cryptoki instances.
54 * Since contexts may not share objects, there can be only one context
55 * for each object.
56 */
57
58 typedef enum {
59 nssPKILock = 1,
60 nssPKIMonitor = 2
61 } nssPKILockType;
62
63 /* nssPKIObject
64 *
65 * This is the base object class, common to all PKI objects defined in
66 * nsspkit.h
67 */
68 struct nssPKIObjectStr
69 {
70 /* The arena for all object memory */
71 NSSArena *arena;
72 /* Atomically incremented/decremented reference counting */
73 PRInt32 refCount;
74 /* lock protects the array of nssCryptokiInstance's of the object */
75 union {
76 PZLock* lock;
77 PZMonitor *mlock;
78 } sync;
79 nssPKILockType lockType;
80 /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot
81 * be compared against the update level of the trust domain, since it is
82 * also affected by import/export. Where is this array needed?
83 */
84 nssCryptokiObject **instances;
85 PRUint32 numInstances;
86 /* The object must live in a trust domain */
87 NSSTrustDomain *trustDomain;
88 /* The object may live in a crypto context */
89 NSSCryptoContext *cryptoContext;
90 /* XXX added so temp certs can have nickname, think more ... */
91 NSSUTF8 *tempName;
92 };
93
94 typedef struct nssDecodedCertStr nssDecodedCert;
95
96 typedef struct nssCertificateStoreStr nssCertificateStore;
97
98 /* How wide is the scope of this? */
99 typedef struct nssSMIMEProfileStr nssSMIMEProfile;
100
101 typedef struct nssPKIObjectStr nssPKIObject;
102
103 struct NSSTrustStr
104 {
105 nssPKIObject object;
106 NSSCertificate *certificate;
107 nssTrustLevel serverAuth;
108 nssTrustLevel clientAuth;
109 nssTrustLevel emailProtection;
110 nssTrustLevel codeSigning;
111 PRBool stepUpApproved;
112 };
113
114 struct nssSMIMEProfileStr
115 {
116 nssPKIObject object;
117 NSSCertificate *certificate;
118 NSSASCII7 *email;
119 NSSDER *subject;
120 NSSItem *profileTime;
121 NSSItem *profileData;
122 };
123
124 struct NSSCertificateStr
125 {
126 nssPKIObject object;
127 NSSCertificateType type;
128 NSSItem id;
129 NSSBER encoding;
130 NSSDER issuer;
131 NSSDER subject;
132 NSSDER serial;
133 NSSASCII7 *email;
134 nssDecodedCert *decoding;
135 };
136
137 struct NSSPrivateKeyStr;
138
139 struct NSSPublicKeyStr;
140
141 struct NSSSymmetricKeyStr;
142
143 typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
144
145 struct NSSTrustDomainStr {
146 PRInt32 refCount;
147 NSSArena *arena;
148 NSSCallback *defaultCallback;
149 nssList *tokenList;
150 nssListIterator *tokens;
151 nssTDCertificateCache *cache;
152 NSSRWLock *tokensLock;
153 void *spkDigestInfo;
154 CERTStatusConfig *statusConfig;
155 };
156
157 struct NSSCryptoContextStr
158 {
159 PRInt32 refCount;
160 NSSArena *arena;
161 NSSTrustDomain *td;
162 NSSToken *token;
163 nssSession *session;
164 nssCertificateStore *certStore;
165 };
166
167 struct NSSTimeStr {
168 PRTime prTime;
169 };
170
171 struct NSSCRLStr {
172 nssPKIObject object;
173 NSSDER encoding;
174 NSSUTF8 *url;
175 PRBool isKRL;
176 };
177
178 typedef struct NSSCRLStr NSSCRL;
179
180 struct NSSPoliciesStr;
181
182 struct NSSAlgorithmAndParametersStr;
183
184 struct NSSPKIXCertificateStr;
185
186 PR_END_EXTERN_C
187
188 #endif /* PKIT_H */
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)