andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef PKITM_H andre@0: #define PKITM_H andre@0: andre@0: /* andre@0: * pkitm.h andre@0: * andre@0: * This file contains PKI-module specific types. andre@0: */ andre@0: andre@0: #ifndef BASET_H andre@0: #include "baset.h" andre@0: #endif /* BASET_H */ andre@0: andre@0: #ifndef PKIT_H andre@0: #include "pkit.h" andre@0: #endif /* PKIT_H */ andre@0: andre@0: PR_BEGIN_EXTERN_C andre@0: andre@0: typedef enum nssCertIDMatchEnum { andre@0: nssCertIDMatch_Yes = 0, andre@0: nssCertIDMatch_No = 1, andre@0: nssCertIDMatch_Unknown = 2 andre@0: } nssCertIDMatch; andre@0: andre@0: /* andre@0: * nssDecodedCert andre@0: * andre@0: * This is an interface to allow the PKI module access to certificate andre@0: * information that can only be found by decoding. The interface is andre@0: * generic, allowing each certificate type its own way of providing andre@0: * the information andre@0: */ andre@0: struct nssDecodedCertStr { andre@0: NSSCertificateType type; andre@0: void *data; andre@0: /* returns the unique identifier for the cert */ andre@0: NSSItem * (*getIdentifier)(nssDecodedCert *dc); andre@0: /* returns the unique identifier for this cert's issuer */ andre@0: void * (*getIssuerIdentifier)(nssDecodedCert *dc); andre@0: /* is id the identifier for this cert? */ andre@0: nssCertIDMatch (*matchIdentifier)(nssDecodedCert *dc, void *id); andre@0: /* is this cert a valid CA cert? */ andre@0: PRBool (*isValidIssuer)(nssDecodedCert *dc); andre@0: /* returns the cert usage */ andre@0: NSSUsage * (*getUsage)(nssDecodedCert *dc); andre@0: /* is time within the validity period of the cert? */ andre@0: PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time); andre@0: /* is the validity period of this cert newer than cmpdc? */ andre@0: PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc); andre@0: /* does the usage for this cert match the requested usage? */ andre@0: PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage); andre@0: /* is this cert trusted for the requested usage? */ andre@0: PRBool (*isTrustedForUsage)(nssDecodedCert *dc, andre@0: const NSSUsage *usage); andre@0: /* extract the email address */ andre@0: NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc); andre@0: /* extract the DER-encoded serial number */ andre@0: PRStatus (*getDERSerialNumber)(nssDecodedCert *dc, andre@0: NSSDER *derSerial, NSSArena *arena); andre@0: }; andre@0: andre@0: struct NSSUsageStr { andre@0: PRBool anyUsage; andre@0: SECCertUsage nss3usage; andre@0: PRBool nss3lookingForCA; andre@0: }; andre@0: andre@0: typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection; andre@0: andre@0: typedef struct andre@0: { andre@0: union { andre@0: PRStatus (* cert)(NSSCertificate *c, void *arg); andre@0: PRStatus (* crl)(NSSCRL *crl, void *arg); andre@0: PRStatus (* pvkey)(NSSPrivateKey *vk, void *arg); andre@0: PRStatus (* pbkey)(NSSPublicKey *bk, void *arg); andre@0: } func; andre@0: void *arg; andre@0: } nssPKIObjectCallback; andre@0: andre@0: PR_END_EXTERN_C andre@0: andre@0: #endif /* PKITM_H */