andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef PKIM_H andre@0: #define PKIM_H andre@0: andre@0: #ifndef BASE_H andre@0: #include "base.h" andre@0: #endif /* BASE_H */ andre@0: andre@0: #ifndef PKI_H andre@0: #include "pki.h" andre@0: #endif /* PKI_H */ andre@0: andre@0: #ifndef PKITM_H andre@0: #include "pkitm.h" andre@0: #endif /* PKITM_H */ andre@0: andre@0: PR_BEGIN_EXTERN_C andre@0: andre@0: /* nssPKIObject andre@0: * andre@0: * This is the base object class, common to all PKI objects defined in andre@0: * in this module. Each object can be safely 'casted' to an nssPKIObject, andre@0: * then passed to these methods. andre@0: * andre@0: * nssPKIObject_Create andre@0: * nssPKIObject_Destroy andre@0: * nssPKIObject_AddRef andre@0: * nssPKIObject_AddInstance andre@0: * nssPKIObject_HasInstance andre@0: * nssPKIObject_GetTokens andre@0: * nssPKIObject_GetNicknameForToken andre@0: * nssPKIObject_RemoveInstanceForToken andre@0: * nssPKIObject_DeleteStoredObject andre@0: */ andre@0: andre@0: NSS_EXTERN void nssPKIObject_Lock (nssPKIObject * object); andre@0: NSS_EXTERN void nssPKIObject_Unlock (nssPKIObject * object); andre@0: NSS_EXTERN PRStatus nssPKIObject_NewLock (nssPKIObject * object, andre@0: nssPKILockType lockType); andre@0: NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject * object); andre@0: andre@0: /* nssPKIObject_Create andre@0: * andre@0: * A generic PKI object. It must live in a trust domain. It may be andre@0: * initialized with a token instance, or alternatively in a crypto context. andre@0: */ andre@0: NSS_EXTERN nssPKIObject * andre@0: nssPKIObject_Create andre@0: ( andre@0: NSSArena *arenaOpt, andre@0: nssCryptokiObject *instanceOpt, andre@0: NSSTrustDomain *td, andre@0: NSSCryptoContext *ccOpt, andre@0: nssPKILockType lockType andre@0: ); andre@0: andre@0: /* nssPKIObject_AddRef andre@0: */ andre@0: NSS_EXTERN nssPKIObject * andre@0: nssPKIObject_AddRef andre@0: ( andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: /* nssPKIObject_Destroy andre@0: * andre@0: * Returns true if object was destroyed. This notifies the subclass that andre@0: * all references are gone and it should delete any members it owns. andre@0: */ andre@0: NSS_EXTERN PRBool andre@0: nssPKIObject_Destroy andre@0: ( andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: /* nssPKIObject_AddInstance andre@0: * andre@0: * Add a token instance to the object, if it does not have it already. andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObject_AddInstance andre@0: ( andre@0: nssPKIObject *object, andre@0: nssCryptokiObject *instance andre@0: ); andre@0: andre@0: /* nssPKIObject_HasInstance andre@0: * andre@0: * Query the object for a token instance. andre@0: */ andre@0: NSS_EXTERN PRBool andre@0: nssPKIObject_HasInstance andre@0: ( andre@0: nssPKIObject *object, andre@0: nssCryptokiObject *instance andre@0: ); andre@0: andre@0: /* nssPKIObject_GetTokens andre@0: * andre@0: * Get all tokens which have an instance of the object. andre@0: */ andre@0: NSS_EXTERN NSSToken ** andre@0: nssPKIObject_GetTokens andre@0: ( andre@0: nssPKIObject *object, andre@0: PRStatus *statusOpt andre@0: ); andre@0: andre@0: /* nssPKIObject_GetNicknameForToken andre@0: * andre@0: * tokenOpt == NULL means take the first available, otherwise return the andre@0: * nickname for the specified token. andre@0: */ andre@0: NSS_EXTERN NSSUTF8 * andre@0: nssPKIObject_GetNicknameForToken andre@0: ( andre@0: nssPKIObject *object, andre@0: NSSToken *tokenOpt andre@0: ); andre@0: andre@0: /* nssPKIObject_RemoveInstanceForToken andre@0: * andre@0: * Remove the instance of the object on the specified token. andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObject_RemoveInstanceForToken andre@0: ( andre@0: nssPKIObject *object, andre@0: NSSToken *token andre@0: ); andre@0: andre@0: /* nssPKIObject_DeleteStoredObject andre@0: * andre@0: * Delete all token instances of the object, as well as any crypto context andre@0: * instances (TODO). If any of the instances are read-only, or if the andre@0: * removal fails, the object will keep those instances. 'isFriendly' refers andre@0: * to the object -- can this object be removed from a friendly token without andre@0: * login? For example, certificates are friendly, private keys are not. andre@0: * Note that if the token is not friendly, authentication will be required andre@0: * regardless of the value of 'isFriendly'. andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObject_DeleteStoredObject andre@0: ( andre@0: nssPKIObject *object, andre@0: NSSCallback *uhh, andre@0: PRBool isFriendly andre@0: ); andre@0: andre@0: NSS_EXTERN nssCryptokiObject ** andre@0: nssPKIObject_GetInstances andre@0: ( andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssTrustDomain_FindCertificatesByID andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSItem *id, andre@0: NSSCertificate **rvOpt, andre@0: PRUint32 maximumOpt, andre@0: NSSArena *arenaOpt andre@0: ); andre@0: andre@0: NSS_EXTERN NSSCRL ** andre@0: nssTrustDomain_FindCRLsBySubject andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSDER *subject andre@0: ); andre@0: andre@0: /* module-private nsspki methods */ andre@0: andre@0: NSS_EXTERN NSSCryptoContext * andre@0: nssCryptoContext_Create andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSCallback *uhhOpt andre@0: ); andre@0: andre@0: /* XXX for the collection */ andre@0: NSS_EXTERN NSSCertificate * andre@0: nssCertificate_Create andre@0: ( andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssCertificate_SetCertTrust andre@0: ( andre@0: NSSCertificate *c, andre@0: NSSTrust *trust andre@0: ); andre@0: andre@0: NSS_EXTERN nssDecodedCert * andre@0: nssCertificate_GetDecoding andre@0: ( andre@0: NSSCertificate *c andre@0: ); andre@0: andre@0: extern PRIntn andre@0: nssCertificate_SubjectListSort andre@0: ( andre@0: void *v1, andre@0: void *v2 andre@0: ); andre@0: andre@0: NSS_EXTERN nssDecodedCert * andre@0: nssDecodedCert_Create andre@0: ( andre@0: NSSArena *arenaOpt, andre@0: NSSDER *encoding, andre@0: NSSCertificateType type andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssDecodedCert_Destroy andre@0: ( andre@0: nssDecodedCert *dc andre@0: ); andre@0: andre@0: NSS_EXTERN NSSTrust * andre@0: nssTrust_Create andre@0: ( andre@0: nssPKIObject *object, andre@0: NSSItem *certData andre@0: ); andre@0: andre@0: NSS_EXTERN NSSCRL * andre@0: nssCRL_Create andre@0: ( andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: NSS_EXTERN NSSCRL * andre@0: nssCRL_AddRef andre@0: ( andre@0: NSSCRL *crl andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssCRL_Destroy andre@0: ( andre@0: NSSCRL *crl andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssCRL_DeleteStoredObject andre@0: ( andre@0: NSSCRL *crl, andre@0: NSSCallback *uhh andre@0: ); andre@0: andre@0: NSS_EXTERN NSSPrivateKey * andre@0: nssPrivateKey_Create andre@0: ( andre@0: nssPKIObject *o andre@0: ); andre@0: andre@0: NSS_EXTERN NSSDER * andre@0: nssCRL_GetEncoding andre@0: ( andre@0: NSSCRL *crl andre@0: ); andre@0: andre@0: NSS_EXTERN NSSPublicKey * andre@0: nssPublicKey_Create andre@0: ( andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: /* nssCertificateArray andre@0: * andre@0: * These are being thrown around a lot, might as well group together some andre@0: * functionality. andre@0: * andre@0: * nssCertificateArray_Destroy andre@0: * nssCertificateArray_Join andre@0: * nssCertificateArray_FindBestCertificate andre@0: * nssCertificateArray_Traverse andre@0: */ andre@0: andre@0: /* nssCertificateArray_Destroy andre@0: * andre@0: * Will destroy the array and the certs within it. If the array was created andre@0: * in an arena, will *not* (of course) destroy the arena. However, is safe andre@0: * to call this method on an arena-allocated array. andre@0: */ andre@0: NSS_EXTERN void andre@0: nssCertificateArray_Destroy andre@0: ( andre@0: NSSCertificate **certs andre@0: ); andre@0: andre@0: /* nssCertificateArray_Join andre@0: * andre@0: * Join two arrays into one. The two arrays, certs1 and certs2, should andre@0: * be considered invalid after a call to this function (they may be destroyed andre@0: * as part of the join). certs1 and/or certs2 may be NULL. Safe to andre@0: * call with arrays allocated in an arena, the result will also be in the andre@0: * arena. andre@0: */ andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssCertificateArray_Join andre@0: ( andre@0: NSSCertificate **certs1, andre@0: NSSCertificate **certs2 andre@0: ); andre@0: andre@0: /* nssCertificateArray_FindBestCertificate andre@0: * andre@0: * Use the usual { time, usage, policies } to find the best cert in the andre@0: * array. andre@0: */ andre@0: NSS_EXTERN NSSCertificate * andre@0: nssCertificateArray_FindBestCertificate andre@0: ( andre@0: NSSCertificate **certs, andre@0: NSSTime *timeOpt, andre@0: const NSSUsage *usage, andre@0: NSSPolicies *policiesOpt andre@0: ); andre@0: andre@0: /* nssCertificateArray_Traverse andre@0: * andre@0: * Do the callback for each cert, terminate the traversal if the callback andre@0: * fails. andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssCertificateArray_Traverse andre@0: ( andre@0: NSSCertificate **certs, andre@0: PRStatus (* callback)(NSSCertificate *c, void *arg), andre@0: void *arg andre@0: ); andre@0: andre@0: NSS_EXTERN void andre@0: nssCRLArray_Destroy andre@0: ( andre@0: NSSCRL **crls andre@0: ); andre@0: andre@0: /* nssPKIObjectCollection andre@0: * andre@0: * This is a handy way to group objects together and perform operations andre@0: * on them. It can also handle "proto-objects"-- references to andre@0: * objects instances on tokens, where the actual object hasn't andre@0: * been formed yet. andre@0: * andre@0: * nssCertificateCollection_Create andre@0: * nssPrivateKeyCollection_Create andre@0: * nssPublicKeyCollection_Create andre@0: * andre@0: * If this was a language that provided for inheritance, each type would andre@0: * inherit all of the following methods. Instead, there is only one andre@0: * type (nssPKIObjectCollection), shared among all. This may cause andre@0: * confusion; an alternative would be to define all of the methods andre@0: * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't andre@0: * seem worth the code bloat.. It is left up to the caller to remember andre@0: * what type of collection he/she is dealing with. andre@0: * andre@0: * nssPKIObjectCollection_Destroy andre@0: * nssPKIObjectCollection_Count andre@0: * nssPKIObjectCollection_AddObject andre@0: * nssPKIObjectCollection_AddInstances andre@0: * nssPKIObjectCollection_Traverse andre@0: * andre@0: * Back to type-specific methods. andre@0: * andre@0: * nssPKIObjectCollection_GetCertificates andre@0: * nssPKIObjectCollection_GetCRLs andre@0: * nssPKIObjectCollection_GetPrivateKeys andre@0: * nssPKIObjectCollection_GetPublicKeys andre@0: */ andre@0: andre@0: /* nssCertificateCollection_Create andre@0: * andre@0: * Create a collection of certificates in the specified trust domain. andre@0: * Optionally provide a starting set of certs. andre@0: */ andre@0: NSS_EXTERN nssPKIObjectCollection * andre@0: nssCertificateCollection_Create andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSCertificate **certsOpt andre@0: ); andre@0: andre@0: /* nssCRLCollection_Create andre@0: * andre@0: * Create a collection of CRLs/KRLs in the specified trust domain. andre@0: * Optionally provide a starting set of CRLs. andre@0: */ andre@0: NSS_EXTERN nssPKIObjectCollection * andre@0: nssCRLCollection_Create andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSCRL **crlsOpt andre@0: ); andre@0: andre@0: /* nssPrivateKeyCollection_Create andre@0: * andre@0: * Create a collection of private keys in the specified trust domain. andre@0: * Optionally provide a starting set of keys. andre@0: */ andre@0: NSS_EXTERN nssPKIObjectCollection * andre@0: nssPrivateKeyCollection_Create andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSPrivateKey **pvkOpt andre@0: ); andre@0: andre@0: /* nssPublicKeyCollection_Create andre@0: * andre@0: * Create a collection of public keys in the specified trust domain. andre@0: * Optionally provide a starting set of keys. andre@0: */ andre@0: NSS_EXTERN nssPKIObjectCollection * andre@0: nssPublicKeyCollection_Create andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSPublicKey **pvkOpt andre@0: ); andre@0: andre@0: /* nssPKIObjectCollection_Destroy andre@0: */ andre@0: NSS_EXTERN void andre@0: nssPKIObjectCollection_Destroy andre@0: ( andre@0: nssPKIObjectCollection *collection andre@0: ); andre@0: andre@0: /* nssPKIObjectCollection_Count andre@0: */ andre@0: NSS_EXTERN PRUint32 andre@0: nssPKIObjectCollection_Count andre@0: ( andre@0: nssPKIObjectCollection *collection andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObjectCollection_AddObject andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: nssPKIObject *object andre@0: ); andre@0: andre@0: /* nssPKIObjectCollection_AddInstances andre@0: * andre@0: * Add a set of object instances to the collection. The instances andre@0: * will be sorted into any existing certs/proto-certs that may be in andre@0: * the collection. The instances will be absorbed by the collection, andre@0: * the array should not be used after this call (except to free it). andre@0: * andre@0: * Failure means the collection is in an invalid state. andre@0: * andre@0: * numInstances = 0 means the array is NULL-terminated andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObjectCollection_AddInstances andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: nssCryptokiObject **instances, andre@0: PRUint32 numInstances andre@0: ); andre@0: andre@0: /* nssPKIObjectCollection_Traverse andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObjectCollection_Traverse andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: nssPKIObjectCallback *callback andre@0: ); andre@0: andre@0: /* This function is being added for NSS 3.5. It corresponds to the function andre@0: * nssToken_TraverseCertificates. The idea is to use the collection during andre@0: * a traversal, creating certs each time a new instance is added for which andre@0: * a cert does not already exist. andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssPKIObjectCollection_AddInstanceAsObject andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: nssCryptokiObject *instance andre@0: ); andre@0: andre@0: /* nssPKIObjectCollection_GetCertificates andre@0: * andre@0: * Get all of the certificates in the collection. andre@0: */ andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssPKIObjectCollection_GetCertificates andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: NSSCertificate **rvOpt, andre@0: PRUint32 maximumOpt, andre@0: NSSArena *arenaOpt andre@0: ); andre@0: andre@0: NSS_EXTERN NSSCRL ** andre@0: nssPKIObjectCollection_GetCRLs andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: NSSCRL **rvOpt, andre@0: PRUint32 maximumOpt, andre@0: NSSArena *arenaOpt andre@0: ); andre@0: andre@0: NSS_EXTERN NSSPrivateKey ** andre@0: nssPKIObjectCollection_GetPrivateKeys andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: NSSPrivateKey **rvOpt, andre@0: PRUint32 maximumOpt, andre@0: NSSArena *arenaOpt andre@0: ); andre@0: andre@0: NSS_EXTERN NSSPublicKey ** andre@0: nssPKIObjectCollection_GetPublicKeys andre@0: ( andre@0: nssPKIObjectCollection *collection, andre@0: NSSPublicKey **rvOpt, andre@0: PRUint32 maximumOpt, andre@0: NSSArena *arenaOpt andre@0: ); andre@0: andre@0: NSS_EXTERN NSSTime * andre@0: NSSTime_Now andre@0: ( andre@0: NSSTime *timeOpt andre@0: ); andre@0: andre@0: NSS_EXTERN NSSTime * andre@0: NSSTime_SetPRTime andre@0: ( andre@0: NSSTime *timeOpt, andre@0: PRTime prTime andre@0: ); andre@0: andre@0: NSS_EXTERN PRTime andre@0: NSSTime_GetPRTime andre@0: ( andre@0: NSSTime *time andre@0: ); andre@0: andre@0: NSS_EXTERN nssHash * andre@0: nssHash_CreateCertificate andre@0: ( andre@0: NSSArena *arenaOpt, andre@0: PRUint32 numBuckets andre@0: ); andre@0: andre@0: /* 3.4 Certificate cache routines */ andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssTrustDomain_InitializeCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: PRUint32 cacheSize andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssTrustDomain_AddCertsToCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSCertificate **certs, andre@0: PRUint32 numCerts andre@0: ); andre@0: andre@0: NSS_EXTERN void andre@0: nssTrustDomain_RemoveCertFromCacheLOCKED ( andre@0: NSSTrustDomain *td, andre@0: NSSCertificate *cert andre@0: ); andre@0: andre@0: NSS_EXTERN void andre@0: nssTrustDomain_LockCertCache ( andre@0: NSSTrustDomain *td andre@0: ); andre@0: andre@0: NSS_EXTERN void andre@0: nssTrustDomain_UnlockCertCache ( andre@0: NSSTrustDomain *td andre@0: ); andre@0: andre@0: NSS_IMPLEMENT PRStatus andre@0: nssTrustDomain_DestroyCache andre@0: ( andre@0: NSSTrustDomain *td andre@0: ); andre@0: andre@0: /* andre@0: * Remove all certs for the given token from the cache. This is andre@0: * needed if the token is removed. andre@0: */ andre@0: NSS_EXTERN PRStatus andre@0: nssTrustDomain_RemoveTokenCertsFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSToken *token andre@0: ); andre@0: andre@0: NSS_EXTERN PRStatus andre@0: nssTrustDomain_UpdateCachedTokenCerts andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSToken *token andre@0: ); andre@0: andre@0: /* andre@0: * Find all cached certs with this nickname (label). andre@0: */ andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssTrustDomain_GetCertsForNicknameFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: const NSSUTF8 *nickname, andre@0: nssList *certListOpt andre@0: ); andre@0: andre@0: /* andre@0: * Find all cached certs with this email address. andre@0: */ andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssTrustDomain_GetCertsForEmailAddressFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSASCII7 *email, andre@0: nssList *certListOpt andre@0: ); andre@0: andre@0: /* andre@0: * Find all cached certs with this subject. andre@0: */ andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssTrustDomain_GetCertsForSubjectFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSDER *subject, andre@0: nssList *certListOpt andre@0: ); andre@0: andre@0: /* andre@0: * Look for a specific cert in the cache. andre@0: */ andre@0: NSS_EXTERN NSSCertificate * andre@0: nssTrustDomain_GetCertForIssuerAndSNFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSDER *issuer, andre@0: NSSDER *serialNum andre@0: ); andre@0: andre@0: /* andre@0: * Look for a specific cert in the cache. andre@0: */ andre@0: NSS_EXTERN NSSCertificate * andre@0: nssTrustDomain_GetCertByDERFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: NSSDER *der andre@0: ); andre@0: andre@0: /* Get all certs from the cache */ andre@0: /* XXX this is being included to make some old-style calls word, not to andre@0: * say we should keep it andre@0: */ andre@0: NSS_EXTERN NSSCertificate ** andre@0: nssTrustDomain_GetCertsFromCache andre@0: ( andre@0: NSSTrustDomain *td, andre@0: nssList *certListOpt andre@0: ); andre@0: andre@0: NSS_EXTERN void andre@0: nssTrustDomain_DumpCacheInfo andre@0: ( andre@0: NSSTrustDomain *td, andre@0: void (* cert_dump_iter)(const void *, void *, void *), andre@0: void *arg andre@0: ); andre@0: andre@0: NSS_EXTERN void andre@0: nssCertificateList_AddReferences andre@0: ( andre@0: nssList *certList andre@0: ); andre@0: andre@0: PR_END_EXTERN_C andre@0: andre@0: #endif /* PKIM_H */