andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef PKIT_H andre@0: #define PKIT_H andre@0: andre@0: /* andre@0: * pkit.h andre@0: * andre@0: * This file contains definitions for the types of the top-level PKI objects. andre@0: */ andre@0: andre@0: #ifndef NSSBASET_H andre@0: #include "nssbaset.h" andre@0: #endif /* NSSBASET_H */ andre@0: andre@0: #ifndef BASET_H andre@0: #include "baset.h" andre@0: #endif /* BASET_H */ andre@0: andre@0: #include "certt.h" andre@0: #include "pkcs11t.h" andre@0: andre@0: #ifndef NSSPKIT_H andre@0: #include "nsspkit.h" andre@0: #endif /* NSSPKIT_H */ andre@0: andre@0: #ifndef NSSDEVT_H andre@0: #include "nssdevt.h" andre@0: #endif /* NSSDEVT_H */ andre@0: andre@0: #ifndef DEVT_H andre@0: #include "devt.h" andre@0: #endif /* DEVT_H */ andre@0: andre@0: #ifndef nssrwlkt_h__ andre@0: #include "nssrwlkt.h" andre@0: #endif /* nssrwlkt_h__ */ andre@0: andre@0: PR_BEGIN_EXTERN_C andre@0: andre@0: /* andre@0: * A note on ephemeral certs andre@0: * andre@0: * The key objects defined here can only be created on tokens, and can only andre@0: * exist on tokens. Therefore, any instance of a key object must have andre@0: * a corresponding cryptoki instance. OTOH, certificates created in andre@0: * crypto contexts need not be stored as session objects on the token. andre@0: * There are good performance reasons for not doing so. The certificate andre@0: * and trust objects have been defined with a cryptoContext field to andre@0: * allow for ephemeral certs, which may have a single instance in a crypto andre@0: * context along with any number (including zero) of cryptoki instances. andre@0: * Since contexts may not share objects, there can be only one context andre@0: * for each object. andre@0: */ andre@0: andre@0: typedef enum { andre@0: nssPKILock = 1, andre@0: nssPKIMonitor = 2 andre@0: } nssPKILockType; andre@0: andre@0: /* nssPKIObject andre@0: * andre@0: * This is the base object class, common to all PKI objects defined in andre@0: * nsspkit.h andre@0: */ andre@0: struct nssPKIObjectStr andre@0: { andre@0: /* The arena for all object memory */ andre@0: NSSArena *arena; andre@0: /* Atomically incremented/decremented reference counting */ andre@0: PRInt32 refCount; andre@0: /* lock protects the array of nssCryptokiInstance's of the object */ andre@0: union { andre@0: PZLock* lock; andre@0: PZMonitor *mlock; andre@0: } sync; andre@0: nssPKILockType lockType; andre@0: /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot andre@0: * be compared against the update level of the trust domain, since it is andre@0: * also affected by import/export. Where is this array needed? andre@0: */ andre@0: nssCryptokiObject **instances; andre@0: PRUint32 numInstances; andre@0: /* The object must live in a trust domain */ andre@0: NSSTrustDomain *trustDomain; andre@0: /* The object may live in a crypto context */ andre@0: NSSCryptoContext *cryptoContext; andre@0: /* XXX added so temp certs can have nickname, think more ... */ andre@0: NSSUTF8 *tempName; andre@0: }; andre@0: andre@0: typedef struct nssDecodedCertStr nssDecodedCert; andre@0: andre@0: typedef struct nssCertificateStoreStr nssCertificateStore; andre@0: andre@0: /* How wide is the scope of this? */ andre@0: typedef struct nssSMIMEProfileStr nssSMIMEProfile; andre@0: andre@0: typedef struct nssPKIObjectStr nssPKIObject; andre@0: andre@0: struct NSSTrustStr andre@0: { andre@0: nssPKIObject object; andre@0: NSSCertificate *certificate; andre@0: nssTrustLevel serverAuth; andre@0: nssTrustLevel clientAuth; andre@0: nssTrustLevel emailProtection; andre@0: nssTrustLevel codeSigning; andre@0: PRBool stepUpApproved; andre@0: }; andre@0: andre@0: struct nssSMIMEProfileStr andre@0: { andre@0: nssPKIObject object; andre@0: NSSCertificate *certificate; andre@0: NSSASCII7 *email; andre@0: NSSDER *subject; andre@0: NSSItem *profileTime; andre@0: NSSItem *profileData; andre@0: }; andre@0: andre@0: struct NSSCertificateStr andre@0: { andre@0: nssPKIObject object; andre@0: NSSCertificateType type; andre@0: NSSItem id; andre@0: NSSBER encoding; andre@0: NSSDER issuer; andre@0: NSSDER subject; andre@0: NSSDER serial; andre@0: NSSASCII7 *email; andre@0: nssDecodedCert *decoding; andre@0: }; andre@0: andre@0: struct NSSPrivateKeyStr; andre@0: andre@0: struct NSSPublicKeyStr; andre@0: andre@0: struct NSSSymmetricKeyStr; andre@0: andre@0: typedef struct nssTDCertificateCacheStr nssTDCertificateCache; andre@0: andre@0: struct NSSTrustDomainStr { andre@0: PRInt32 refCount; andre@0: NSSArena *arena; andre@0: NSSCallback *defaultCallback; andre@0: nssList *tokenList; andre@0: nssListIterator *tokens; andre@0: nssTDCertificateCache *cache; andre@0: NSSRWLock *tokensLock; andre@0: void *spkDigestInfo; andre@0: CERTStatusConfig *statusConfig; andre@0: }; andre@0: andre@0: struct NSSCryptoContextStr andre@0: { andre@0: PRInt32 refCount; andre@0: NSSArena *arena; andre@0: NSSTrustDomain *td; andre@0: NSSToken *token; andre@0: nssSession *session; andre@0: nssCertificateStore *certStore; andre@0: }; andre@0: andre@0: struct NSSTimeStr { andre@0: PRTime prTime; andre@0: }; andre@0: andre@0: struct NSSCRLStr { andre@0: nssPKIObject object; andre@0: NSSDER encoding; andre@0: NSSUTF8 *url; andre@0: PRBool isKRL; andre@0: }; andre@0: andre@0: typedef struct NSSCRLStr NSSCRL; andre@0: andre@0: struct NSSPoliciesStr; andre@0: andre@0: struct NSSAlgorithmAndParametersStr; andre@0: andre@0: struct NSSPKIXCertificateStr; andre@0: andre@0: PR_END_EXTERN_C andre@0: andre@0: #endif /* PKIT_H */