|
Packit |
40b132 |
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef PKIT_H
|
|
Packit |
40b132 |
#define PKIT_H
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* pkit.h
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* This file contains definitions for the types of the top-level PKI objects.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef NSSBASET_H
|
|
Packit |
40b132 |
#include "nssbaset.h"
|
|
Packit |
40b132 |
#endif /* NSSBASET_H */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef BASET_H
|
|
Packit |
40b132 |
#include "baset.h"
|
|
Packit |
40b132 |
#endif /* BASET_H */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#include "certt.h"
|
|
Packit |
40b132 |
#include "pkcs11t.h"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef NSSPKIT_H
|
|
Packit |
40b132 |
#include "nsspkit.h"
|
|
Packit |
40b132 |
#endif /* NSSPKIT_H */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef NSSDEVT_H
|
|
Packit |
40b132 |
#include "nssdevt.h"
|
|
Packit |
40b132 |
#endif /* NSSDEVT_H */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef DEVT_H
|
|
Packit |
40b132 |
#include "devt.h"
|
|
Packit |
40b132 |
#endif /* DEVT_H */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef nssrwlkt_h__
|
|
Packit |
40b132 |
#include "nssrwlkt.h"
|
|
Packit |
40b132 |
#endif /* nssrwlkt_h__ */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
PR_BEGIN_EXTERN_C
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* A note on ephemeral certs
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* The key objects defined here can only be created on tokens, and can only
|
|
Packit |
40b132 |
* exist on tokens. Therefore, any instance of a key object must have
|
|
Packit |
40b132 |
* a corresponding cryptoki instance. OTOH, certificates created in
|
|
Packit |
40b132 |
* crypto contexts need not be stored as session objects on the token.
|
|
Packit |
40b132 |
* There are good performance reasons for not doing so. The certificate
|
|
Packit |
40b132 |
* and trust objects have been defined with a cryptoContext field to
|
|
Packit |
40b132 |
* allow for ephemeral certs, which may have a single instance in a crypto
|
|
Packit |
40b132 |
* context along with any number (including zero) of cryptoki instances.
|
|
Packit |
40b132 |
* Since contexts may not share objects, there can be only one context
|
|
Packit |
40b132 |
* for each object.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
nssPKILock = 1,
|
|
Packit |
40b132 |
nssPKIMonitor = 2
|
|
Packit |
40b132 |
} nssPKILockType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* nssPKIObject
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* This is the base object class, common to all PKI objects defined in
|
|
Packit |
40b132 |
* nsspkit.h
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
struct nssPKIObjectStr
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
/* The arena for all object memory */
|
|
Packit |
40b132 |
NSSArena *arena;
|
|
Packit |
40b132 |
/* Atomically incremented/decremented reference counting */
|
|
Packit |
40b132 |
PRInt32 refCount;
|
|
Packit |
40b132 |
/* lock protects the array of nssCryptokiInstance's of the object */
|
|
Packit |
40b132 |
union {
|
|
Packit |
40b132 |
PZLock* lock;
|
|
Packit |
40b132 |
PZMonitor *mlock;
|
|
Packit |
40b132 |
} sync;
|
|
Packit |
40b132 |
nssPKILockType lockType;
|
|
Packit |
40b132 |
/* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot
|
|
Packit |
40b132 |
* be compared against the update level of the trust domain, since it is
|
|
Packit |
40b132 |
* also affected by import/export. Where is this array needed?
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
nssCryptokiObject **instances;
|
|
Packit |
40b132 |
PRUint32 numInstances;
|
|
Packit |
40b132 |
/* The object must live in a trust domain */
|
|
Packit |
40b132 |
NSSTrustDomain *trustDomain;
|
|
Packit |
40b132 |
/* The object may live in a crypto context */
|
|
Packit |
40b132 |
NSSCryptoContext *cryptoContext;
|
|
Packit |
40b132 |
/* XXX added so temp certs can have nickname, think more ... */
|
|
Packit |
40b132 |
NSSUTF8 *tempName;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct nssDecodedCertStr nssDecodedCert;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct nssCertificateStoreStr nssCertificateStore;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* How wide is the scope of this? */
|
|
Packit |
40b132 |
typedef struct nssSMIMEProfileStr nssSMIMEProfile;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct nssPKIObjectStr nssPKIObject;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSTrustStr
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
nssPKIObject object;
|
|
Packit |
40b132 |
NSSCertificate *certificate;
|
|
Packit |
40b132 |
nssTrustLevel serverAuth;
|
|
Packit |
40b132 |
nssTrustLevel clientAuth;
|
|
Packit |
40b132 |
nssTrustLevel emailProtection;
|
|
Packit |
40b132 |
nssTrustLevel codeSigning;
|
|
Packit |
40b132 |
PRBool stepUpApproved;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct nssSMIMEProfileStr
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
nssPKIObject object;
|
|
Packit |
40b132 |
NSSCertificate *certificate;
|
|
Packit |
40b132 |
NSSASCII7 *email;
|
|
Packit |
40b132 |
NSSDER *subject;
|
|
Packit |
40b132 |
NSSItem *profileTime;
|
|
Packit |
40b132 |
NSSItem *profileData;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSCertificateStr
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
nssPKIObject object;
|
|
Packit |
40b132 |
NSSCertificateType type;
|
|
Packit |
40b132 |
NSSItem id;
|
|
Packit |
40b132 |
NSSBER encoding;
|
|
Packit |
40b132 |
NSSDER issuer;
|
|
Packit |
40b132 |
NSSDER subject;
|
|
Packit |
40b132 |
NSSDER serial;
|
|
Packit |
40b132 |
NSSASCII7 *email;
|
|
Packit |
40b132 |
nssDecodedCert *decoding;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSPrivateKeyStr;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSPublicKeyStr;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSSymmetricKeyStr;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSTrustDomainStr {
|
|
Packit |
40b132 |
PRInt32 refCount;
|
|
Packit |
40b132 |
NSSArena *arena;
|
|
Packit |
40b132 |
NSSCallback *defaultCallback;
|
|
Packit |
40b132 |
nssList *tokenList;
|
|
Packit |
40b132 |
nssListIterator *tokens;
|
|
Packit |
40b132 |
nssTDCertificateCache *cache;
|
|
Packit |
40b132 |
NSSRWLock *tokensLock;
|
|
Packit |
40b132 |
void *spkDigestInfo;
|
|
Packit |
40b132 |
CERTStatusConfig *statusConfig;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSCryptoContextStr
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
PRInt32 refCount;
|
|
Packit |
40b132 |
NSSArena *arena;
|
|
Packit |
40b132 |
NSSTrustDomain *td;
|
|
Packit |
40b132 |
NSSToken *token;
|
|
Packit |
40b132 |
nssSession *session;
|
|
Packit |
40b132 |
nssCertificateStore *certStore;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSTimeStr {
|
|
Packit |
40b132 |
PRTime prTime;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSCRLStr {
|
|
Packit |
40b132 |
nssPKIObject object;
|
|
Packit |
40b132 |
NSSDER encoding;
|
|
Packit |
40b132 |
NSSUTF8 *url;
|
|
Packit |
40b132 |
PRBool isKRL;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct NSSCRLStr NSSCRL;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSPoliciesStr;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSAlgorithmAndParametersStr;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct NSSPKIXCertificateStr;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
PR_END_EXTERN_C
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#endif /* PKIT_H */
|