Mercurial > trustbridge > nss-cmake-static
view nss/lib/softoken/legacydb/pcert.h @ 3:150b72113545
Add DBM and legacydb support
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:32:02 +0200 |
parents | |
children |
line wrap: on
line source
/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef _PCERTDB_H_ #define _PCERTDB_H_ #include "plarena.h" #include "prlong.h" #include "pcertt.h" #include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */ SEC_BEGIN_PROTOS /* * initialize any global certificate locks */ SECStatus nsslowcert_InitLocks(void); /* ** Add a DER encoded certificate to the permanent database. ** "derCert" is the DER encoded certificate. ** "nickname" is the nickname to use for the cert ** "trust" is the trust parameters for the cert */ SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust); SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname); SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert); typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata); /* ** Traverse the entire permanent database, and pass the certs off to a ** user supplied function. ** "certfunc" is the user function to call for each certificate ** "udata" is the user's data, which is passed through to "certfunc" */ SECStatus nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle, PermCertCallback certfunc, void *udata ); PRBool nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle); certDBEntryRevocation * nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL); SECStatus nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,const SECItem *derName, PRBool isKRL); SECStatus nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl , SECItem *derKey, char *url, PRBool isKRL); NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB(); NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *); NSSLOWCERTCertificate * nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert, char *nickname, PRBool isperm, PRBool copyDER); NSSLOWCERTCertificate * nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert); void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert); void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust); /* * Lookup a certificate in the databases without locking * "certKey" is the database key to look for * * XXX - this should be internal, but pkcs 11 needs to call it during a * traversal. */ NSSLOWCERTCertificate * nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); /* * Lookup trust for a certificate in the databases without locking * "certKey" is the database key to look for * * XXX - this should be internal, but pkcs 11 needs to call it during a * traversal. */ NSSLOWCERTTrust * nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); /* ** Generate a certificate key from the issuer and serialnumber, then look it ** up in the database. Return the cert if found. ** "issuerAndSN" is the issuer and serial number to look for */ extern NSSLOWCERTCertificate * nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); /* ** Generate a certificate key from the issuer and serialnumber, then look it ** up in the database. Return the cert if found. ** "issuerAndSN" is the issuer and serial number to look for */ extern NSSLOWCERTTrust * nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); /* ** Find a certificate in the database by a DER encoded certificate ** "derCert" is the DER encoded certificate */ extern NSSLOWCERTCertificate * nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert); /* convert an email address to lower case */ char *nsslowcert_FixupEmailAddr(char *emailAddr); /* ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure ** "derSignedCert" is the DER encoded signed certificate ** "copyDER" is true if the DER should be copied, false if the ** existing copy should be referenced ** "nickname" is the nickname to use in the database. If it is NULL ** then a temporary nickname is generated. */ extern NSSLOWCERTCertificate * nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname); SECStatus nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key); certDBEntrySMime * nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle, char *emailAddr); void nsslowcert_DestroyDBEntry(certDBEntry *entry); SECStatus nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, const char *domain, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile); void nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle); /* * is certa newer than certb? If one is expired, pick the other one. */ PRBool nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb); SECStatus nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECStatus (* callback)(SECItem *data, SECItem *key, certDBEntryType type, void *pdata), void *udata ); SECStatus nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject, NSSLOWCERTCertCallback cb, void *cbarg); int nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject); SECStatus nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle, char *nickname, NSSLOWCERTCertCallback cb, void *cbarg); int nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, char *nickname); SECStatus nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust); SECStatus nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime); /* * Change the trust attributes of a certificate and make them permanent * in the database. */ SECStatus nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust); PRBool nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle); void nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value); PRBool nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust); void nsslowcert_DestroyFreeLists(void); void nsslowcert_DestroyGlobalLocks(void); void pkcs11_freeNickname(char *nickname, char *space); char * pkcs11_copyNickname(char *nickname, char *space, int spaceLen); void pkcs11_freeStaticData(unsigned char *data, unsigned char *space); unsigned char * pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen); unsigned char * pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space, int spaceLen); NSSLOWCERTCertificate * nsslowcert_CreateCert(void); certDBEntry * nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey, certDBEntryType entryType, void *pdata); SEC_END_PROTOS #endif /* _PCERTDB_H_ */