|
Packit |
40b132 |
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef _P12_H_
|
|
Packit |
40b132 |
#define _P12_H_
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#include "secoid.h"
|
|
Packit |
40b132 |
#include "key.h"
|
|
Packit |
40b132 |
#include "secpkcs7.h"
|
|
Packit |
40b132 |
#include "p12t.h"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef int (PR_CALLBACK * PKCS12OpenFunction)(void *arg);
|
|
Packit |
40b132 |
typedef int (PR_CALLBACK * PKCS12ReadFunction)(void *arg,
|
|
Packit |
40b132 |
unsigned char *buffer,
|
|
Packit |
40b132 |
unsigned int *lenRead,
|
|
Packit |
40b132 |
unsigned int maxLen);
|
|
Packit |
40b132 |
typedef int (PR_CALLBACK * PKCS12WriteFunction)(void *arg,
|
|
Packit |
40b132 |
unsigned char *buffer,
|
|
Packit |
40b132 |
unsigned int *bufLen,
|
|
Packit |
40b132 |
unsigned int *lenWritten);
|
|
Packit |
40b132 |
typedef int (PR_CALLBACK * PKCS12CloseFunction)(void *arg);
|
|
Packit |
40b132 |
typedef SECStatus (PR_CALLBACK * PKCS12UnicodeConvertFunction)(
|
|
Packit |
40b132 |
PLArenaPool *arena,
|
|
Packit |
40b132 |
SECItem *dest, SECItem *src,
|
|
Packit |
40b132 |
PRBool toUnicode,
|
|
Packit |
40b132 |
PRBool swapBytes);
|
|
Packit |
40b132 |
typedef void (PR_CALLBACK * SEC_PKCS12EncoderOutputCallback)(
|
|
Packit |
40b132 |
void *arg, const char *buf,
|
|
Packit |
40b132 |
unsigned long len);
|
|
Packit |
40b132 |
typedef void (PR_CALLBACK * SEC_PKCS12DecoderOutputCallback)(
|
|
Packit |
40b132 |
void *arg, const char *buf,
|
|
Packit |
40b132 |
unsigned long len);
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* In NSS 3.12 or later, 'arg' actually points to a CERTCertificate,
|
|
Packit |
40b132 |
* the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c.
|
|
Packit |
40b132 |
* See r1.35 of p12d.c ("Patch 2" in bug 321584).
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* This callback might be called by SEC_PKCS12DecoderValidateBags each time
|
|
Packit |
40b132 |
* a nickname collission is detected. The callback must return a new
|
|
Packit |
40b132 |
* nickname. The returned SECItem should be of type siAsciiString,
|
|
Packit |
40b132 |
* it should be allocated using:
|
|
Packit |
40b132 |
* SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
|
|
Packit |
40b132 |
* and data must contain the new nickname as a zero terminated string.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
typedef SECItem * (PR_CALLBACK * SEC_PKCS12NicknameCollisionCallback)(
|
|
Packit |
40b132 |
SECItem *old_nickname,
|
|
Packit |
40b132 |
PRBool *cancel,
|
|
Packit |
40b132 |
void *arg);
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each
|
|
Packit |
40b132 |
* certificate found in the p12 source data.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* cert: A decoded certificate.
|
|
Packit |
40b132 |
* default_nickname: The nickname as found in the source data.
|
|
Packit |
40b132 |
* Will be NULL if source data doesn't have nickname.
|
|
Packit |
40b132 |
* new_nickname: Output parameter that may contain the renamed nickname.
|
|
Packit |
40b132 |
* arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* If the callback accept that NSS will use a nickname based on the
|
|
Packit |
40b132 |
* default_nickname (potentially resolving conflicts), then the callback
|
|
Packit |
40b132 |
* must set *new_nickname to NULL.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* If the callback wishes to override the nickname, it must set *new_nickname
|
|
Packit |
40b132 |
* to a new SECItem which should be allocated using
|
|
Packit |
40b132 |
* SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
|
|
Packit |
40b132 |
* new_nickname->type should be set to siAsciiString, and new_nickname->data
|
|
Packit |
40b132 |
* must contain the new nickname as a zero terminated string.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* A return value of SECFailure indicates that the renaming operation failed,
|
|
Packit |
40b132 |
* and callback should release new_nickname before returning if it's already
|
|
Packit |
40b132 |
* being allocated.
|
|
Packit |
40b132 |
* Otherwise, the callback function must return SECSuccess, including use
|
|
Packit |
40b132 |
* default nickname as mentioned above.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
typedef SECStatus (PR_CALLBACK * SEC_PKCS12NicknameRenameCallback)(
|
|
Packit |
40b132 |
const CERTCertificate *cert,
|
|
Packit |
40b132 |
const SECItem *default_nickname,
|
|
Packit |
40b132 |
SECItem **new_nickname,
|
|
Packit |
40b132 |
void *arg);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef SECStatus (PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData);
|
|
Packit |
40b132 |
typedef SECStatus (PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile);
|
|
Packit |
40b132 |
typedef int (PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf,
|
|
Packit |
40b132 |
unsigned long len);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext;
|
|
Packit |
40b132 |
typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo;
|
|
Packit |
40b132 |
typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext;
|
|
Packit |
40b132 |
typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct sec_PKCS12PasswordModeInfo {
|
|
Packit |
40b132 |
SECItem *password;
|
|
Packit |
40b132 |
SECOidTag algorithm;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct sec_PKCS12PublicKeyModeInfo {
|
|
Packit |
40b132 |
CERTCertificate *cert;
|
|
Packit |
40b132 |
CERTCertDBHandle *certDb;
|
|
Packit |
40b132 |
SECOidTag algorithm;
|
|
Packit |
40b132 |
int keySize;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct SEC_PKCS12DecoderItemStr {
|
|
Packit |
40b132 |
SECItem *der;
|
|
Packit |
40b132 |
SECOidTag type;
|
|
Packit |
40b132 |
PRBool hasKey;
|
|
Packit |
40b132 |
SECItem *friendlyName; /* UTF-8 string */
|
|
Packit |
40b132 |
SECAlgorithmID *shroudAlg;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
SEC_BEGIN_PROTOS
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
SEC_PKCS12SafeInfo *
|
|
Packit |
40b132 |
SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
CERTCertDBHandle *certDb,
|
|
Packit |
40b132 |
CERTCertificate *signer,
|
|
Packit |
40b132 |
CERTCertificate **recipients,
|
|
Packit |
40b132 |
SECOidTag algorithm, int keysize);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SEC_PKCS12SafeInfo *
|
|
Packit |
40b132 |
SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
SECItem *pwitem, SECOidTag privAlg);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SEC_PKCS12SafeInfo *
|
|
Packit |
40b132 |
SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
SECItem *pwitem, SECOidTag integAlg);
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
CERTCertificate *cert, CERTCertDBHandle *certDb,
|
|
Packit |
40b132 |
SECOidTag algorithm, int keySize);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SEC_PKCS12ExportContext *
|
|
Packit |
40b132 |
SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,
|
|
Packit |
40b132 |
PK11SlotInfo *slot, void *wincx);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
SEC_PKCS12SafeInfo *safe, void *nestedDest,
|
|
Packit |
40b132 |
CERTCertificate *cert, CERTCertDBHandle *certDb,
|
|
Packit |
40b132 |
SECItem *keyId, PRBool includeCertChain);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
SEC_PKCS12SafeInfo *safe,
|
|
Packit |
40b132 |
void *nestedDest, CERTCertificate *cert,
|
|
Packit |
40b132 |
PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
|
|
Packit |
40b132 |
SECItem *keyId, SECItem *nickName);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
void *certSafe, void *certNestedDest,
|
|
Packit |
40b132 |
CERTCertificate *cert, CERTCertDBHandle *certDb,
|
|
Packit |
40b132 |
void *keySafe, void *keyNestedDest, PRBool shroudKey,
|
|
Packit |
40b132 |
SECItem *pwitem, SECOidTag algorithm,
|
|
Packit |
40b132 |
PRBool includeCertChain);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
void *certSafe, void *certNestedDest,
|
|
Packit |
40b132 |
CERTCertificate *cert, CERTCertDBHandle *certDb,
|
|
Packit |
40b132 |
void *keySafe, void *keyNestedDest,
|
|
Packit |
40b132 |
PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern void *
|
|
Packit |
40b132 |
SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
|
|
Packit |
40b132 |
void *baseSafe, void *nestedDest);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,
|
|
Packit |
40b132 |
SEC_PKCS12EncoderOutputCallback output, void *outputarg);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern void
|
|
Packit |
40b132 |
SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SEC_PKCS12DecoderContext *
|
|
Packit |
40b132 |
SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
|
|
Packit |
40b132 |
digestOpenFn dOpen, digestCloseFn dClose,
|
|
Packit |
40b132 |
digestIOFn dRead, digestIOFn dWrite, void *dArg);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx,
|
|
Packit |
40b132 |
SECPKCS12TargetTokenCAs tokenCAs);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data,
|
|
Packit |
40b132 |
unsigned long len);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern void
|
|
Packit |
40b132 |
SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
|
|
Packit |
40b132 |
SEC_PKCS12NicknameCollisionCallback nicknameCb);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* SEC_PKCS12DecoderRenameCertNicknames() can be used to change
|
|
Packit |
40b132 |
* certificate nicknames in SEC_PKCS12DecoderContext, prior to calling
|
|
Packit |
40b132 |
* SEC_PKCS12DecoderImportBags.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* arg: User-defined data that will be passed to nicknameCb.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* If SEC_PKCS12DecoderRenameCertNicknames() is called after calling
|
|
Packit |
40b132 |
* SEC_PKCS12DecoderValidateBags(), then only the certificate nickname
|
|
Packit |
40b132 |
* will be changed.
|
|
Packit |
40b132 |
* If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling
|
|
Packit |
40b132 |
* SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags()
|
|
Packit |
40b132 |
* will change the nickname of the corresponding private key, too.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,
|
|
Packit |
40b132 |
SEC_PKCS12NicknameRenameCallback nicknameCb,
|
|
Packit |
40b132 |
void *arg);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
CERTCertList *
|
|
Packit |
40b132 |
SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
SECStatus
|
|
Packit |
40b132 |
SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx,
|
|
Packit |
40b132 |
const SEC_PKCS12DecoderItem **ipp);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
SEC_END_PROTOS
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#endif
|