andre@3: /* This Source Code Form is subject to the terms of the Mozilla Public andre@3: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@3: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@3: andre@3: #ifndef _PCERTDB_H_ andre@3: #define _PCERTDB_H_ andre@3: andre@3: #include "plarena.h" andre@3: #include "prlong.h" andre@3: #include "pcertt.h" andre@3: andre@3: #include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */ andre@3: andre@3: SEC_BEGIN_PROTOS andre@3: andre@3: /* andre@3: * initialize any global certificate locks andre@3: */ andre@3: SECStatus nsslowcert_InitLocks(void); andre@3: andre@3: /* andre@3: ** Add a DER encoded certificate to the permanent database. andre@3: ** "derCert" is the DER encoded certificate. andre@3: ** "nickname" is the nickname to use for the cert andre@3: ** "trust" is the trust parameters for the cert andre@3: */ andre@3: SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, andre@3: NSSLOWCERTCertificate *cert, andre@3: char *nickname, NSSLOWCERTCertTrust *trust); andre@3: SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle, andre@3: NSSLOWCERTCertificate *cert, char *nickname); andre@3: andre@3: SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert); andre@3: andre@3: typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert, andre@3: SECItem *k, void *pdata); andre@3: /* andre@3: ** Traverse the entire permanent database, and pass the certs off to a andre@3: ** user supplied function. andre@3: ** "certfunc" is the user function to call for each certificate andre@3: ** "udata" is the user's data, which is passed through to "certfunc" andre@3: */ andre@3: SECStatus andre@3: nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle, andre@3: PermCertCallback certfunc, andre@3: void *udata ); andre@3: andre@3: PRBool andre@3: nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle); andre@3: andre@3: certDBEntryRevocation * andre@3: nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, andre@3: SECItem *crlKey, PRBool isKRL); andre@3: andre@3: SECStatus andre@3: nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,const SECItem *derName, andre@3: PRBool isKRL); andre@3: SECStatus andre@3: nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl , andre@3: SECItem *derKey, char *url, PRBool isKRL); andre@3: andre@3: NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB(); andre@3: NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *); andre@3: andre@3: NSSLOWCERTCertificate * andre@3: nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert, andre@3: char *nickname, PRBool isperm, PRBool copyDER); andre@3: NSSLOWCERTCertificate * andre@3: nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert); andre@3: void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert); andre@3: void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust); andre@3: andre@3: /* andre@3: * Lookup a certificate in the databases without locking andre@3: * "certKey" is the database key to look for andre@3: * andre@3: * XXX - this should be internal, but pkcs 11 needs to call it during a andre@3: * traversal. andre@3: */ andre@3: NSSLOWCERTCertificate * andre@3: nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); andre@3: andre@3: /* andre@3: * Lookup trust for a certificate in the databases without locking andre@3: * "certKey" is the database key to look for andre@3: * andre@3: * XXX - this should be internal, but pkcs 11 needs to call it during a andre@3: * traversal. andre@3: */ andre@3: NSSLOWCERTTrust * andre@3: nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); andre@3: andre@3: /* andre@3: ** Generate a certificate key from the issuer and serialnumber, then look it andre@3: ** up in the database. Return the cert if found. andre@3: ** "issuerAndSN" is the issuer and serial number to look for andre@3: */ andre@3: extern NSSLOWCERTCertificate * andre@3: nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); andre@3: andre@3: /* andre@3: ** Generate a certificate key from the issuer and serialnumber, then look it andre@3: ** up in the database. Return the cert if found. andre@3: ** "issuerAndSN" is the issuer and serial number to look for andre@3: */ andre@3: extern NSSLOWCERTTrust * andre@3: nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); andre@3: andre@3: /* andre@3: ** Find a certificate in the database by a DER encoded certificate andre@3: ** "derCert" is the DER encoded certificate andre@3: */ andre@3: extern NSSLOWCERTCertificate * andre@3: nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert); andre@3: andre@3: /* convert an email address to lower case */ andre@3: char *nsslowcert_FixupEmailAddr(char *emailAddr); andre@3: andre@3: /* andre@3: ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure andre@3: ** "derSignedCert" is the DER encoded signed certificate andre@3: ** "copyDER" is true if the DER should be copied, false if the andre@3: ** existing copy should be referenced andre@3: ** "nickname" is the nickname to use in the database. If it is NULL andre@3: ** then a temporary nickname is generated. andre@3: */ andre@3: extern NSSLOWCERTCertificate * andre@3: nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname); andre@3: andre@3: SECStatus andre@3: nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key); andre@3: andre@3: certDBEntrySMime * andre@3: nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle, andre@3: char *emailAddr); andre@3: void andre@3: nsslowcert_DestroyDBEntry(certDBEntry *entry); andre@3: andre@3: SECStatus andre@3: nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, andre@3: const char *domain, const char *prefix, andre@3: NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile); andre@3: andre@3: void andre@3: nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle); andre@3: andre@3: /* andre@3: * is certa newer than certb? If one is expired, pick the other one. andre@3: */ andre@3: PRBool andre@3: nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb); andre@3: andre@3: andre@3: SECStatus andre@3: nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle, andre@3: certDBEntryType type, andre@3: SECStatus (* callback)(SECItem *data, SECItem *key, andre@3: certDBEntryType type, void *pdata), andre@3: void *udata ); andre@3: SECStatus andre@3: nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle, andre@3: SECItem *derSubject, andre@3: NSSLOWCERTCertCallback cb, void *cbarg); andre@3: int andre@3: nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle, andre@3: SECItem *derSubject); andre@3: SECStatus andre@3: nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle, andre@3: char *nickname, NSSLOWCERTCertCallback cb, void *cbarg); andre@3: andre@3: int andre@3: nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, andre@3: char *nickname); andre@3: SECStatus andre@3: nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert, andre@3: NSSLOWCERTCertTrust *trust); andre@3: andre@3: SECStatus andre@3: nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, andre@3: SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime); andre@3: andre@3: /* andre@3: * Change the trust attributes of a certificate and make them permanent andre@3: * in the database. andre@3: */ andre@3: SECStatus andre@3: nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, andre@3: NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust); andre@3: andre@3: PRBool andre@3: nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle); andre@3: andre@3: void andre@3: nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value); andre@3: andre@3: PRBool andre@3: nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust); andre@3: andre@3: void andre@3: nsslowcert_DestroyFreeLists(void); andre@3: andre@3: void andre@3: nsslowcert_DestroyGlobalLocks(void); andre@3: andre@3: void andre@3: pkcs11_freeNickname(char *nickname, char *space); andre@3: andre@3: char * andre@3: pkcs11_copyNickname(char *nickname, char *space, int spaceLen); andre@3: andre@3: void andre@3: pkcs11_freeStaticData(unsigned char *data, unsigned char *space); andre@3: andre@3: unsigned char * andre@3: pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen); andre@3: andre@3: unsigned char * andre@3: pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space, andre@3: int spaceLen); andre@3: NSSLOWCERTCertificate * andre@3: nsslowcert_CreateCert(void); andre@3: andre@3: certDBEntry * andre@3: nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey, andre@3: certDBEntryType entryType, void *pdata); andre@3: andre@3: SEC_END_PROTOS andre@3: andre@3: #endif /* _PCERTDB_H_ */