/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef _P12_H_ #define _P12_H_ #include "secoid.h" #include "key.h" #include "secpkcs7.h" #include "p12t.h" typedef int (PR_CALLBACK * PKCS12OpenFunction)(void *arg); typedef int (PR_CALLBACK * PKCS12ReadFunction)(void *arg, unsigned char *buffer, unsigned int *lenRead, unsigned int maxLen); typedef int (PR_CALLBACK * PKCS12WriteFunction)(void *arg, unsigned char *buffer, unsigned int *bufLen, unsigned int *lenWritten); typedef int (PR_CALLBACK * PKCS12CloseFunction)(void *arg); typedef SECStatus (PR_CALLBACK * PKCS12UnicodeConvertFunction)( PLArenaPool *arena, SECItem *dest, SECItem *src, PRBool toUnicode, PRBool swapBytes); typedef void (PR_CALLBACK * SEC_PKCS12EncoderOutputCallback)( void *arg, const char *buf, unsigned long len); typedef void (PR_CALLBACK * SEC_PKCS12DecoderOutputCallback)( void *arg, const char *buf, unsigned long len); /* * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate, * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c. * See r1.35 of p12d.c ("Patch 2" in bug 321584). * * This callback might be called by SEC_PKCS12DecoderValidateBags each time * a nickname collission is detected. The callback must return a new * nickname. The returned SECItem should be of type siAsciiString, * it should be allocated using: * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) * and data must contain the new nickname as a zero terminated string. */ typedef SECItem * (PR_CALLBACK * SEC_PKCS12NicknameCollisionCallback)( SECItem *old_nickname, PRBool *cancel, void *arg); /* * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each * certificate found in the p12 source data. * * cert: A decoded certificate. * default_nickname: The nickname as found in the source data. * Will be NULL if source data doesn't have nickname. * new_nickname: Output parameter that may contain the renamed nickname. * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames. * * If the callback accept that NSS will use a nickname based on the * default_nickname (potentially resolving conflicts), then the callback * must set *new_nickname to NULL. * * If the callback wishes to override the nickname, it must set *new_nickname * to a new SECItem which should be allocated using * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) * new_nickname->type should be set to siAsciiString, and new_nickname->data * must contain the new nickname as a zero terminated string. * * A return value of SECFailure indicates that the renaming operation failed, * and callback should release new_nickname before returning if it's already * being allocated. * Otherwise, the callback function must return SECSuccess, including use * default nickname as mentioned above. */ typedef SECStatus (PR_CALLBACK * SEC_PKCS12NicknameRenameCallback)( const CERTCertificate *cert, const SECItem *default_nickname, SECItem **new_nickname, void *arg); typedef SECStatus (PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData); typedef SECStatus (PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile); typedef int (PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf, unsigned long len); typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext; typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo; typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext; typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem; struct sec_PKCS12PasswordModeInfo { SECItem *password; SECOidTag algorithm; }; struct sec_PKCS12PublicKeyModeInfo { CERTCertificate *cert; CERTCertDBHandle *certDb; SECOidTag algorithm; int keySize; }; struct SEC_PKCS12DecoderItemStr { SECItem *der; SECOidTag type; PRBool hasKey; SECItem *friendlyName; /* UTF-8 string */ SECAlgorithmID *shroudAlg; }; SEC_BEGIN_PROTOS SEC_PKCS12SafeInfo * SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt, CERTCertDBHandle *certDb, CERTCertificate *signer, CERTCertificate **recipients, SECOidTag algorithm, int keysize); extern SEC_PKCS12SafeInfo * SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt, SECItem *pwitem, SECOidTag privAlg); extern SEC_PKCS12SafeInfo * SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt); extern SECStatus SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt, SECItem *pwitem, SECOidTag integAlg); extern SECStatus SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt, CERTCertificate *cert, CERTCertDBHandle *certDb, SECOidTag algorithm, int keySize); extern SEC_PKCS12ExportContext * SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg, PK11SlotInfo *slot, void *wincx); extern SECStatus SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe, void *nestedDest, CERTCertificate *cert, CERTCertDBHandle *certDb, SECItem *keyId, PRBool includeCertChain); extern SECStatus SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe, void *nestedDest, CERTCertificate *cert, PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem, SECItem *keyId, SECItem *nickName); extern SECStatus SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, void *certSafe, void *certNestedDest, CERTCertificate *cert, CERTCertDBHandle *certDb, void *keySafe, void *keyNestedDest, PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm, PRBool includeCertChain); extern SECStatus SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, void *certSafe, void *certNestedDest, CERTCertificate *cert, CERTCertDBHandle *certDb, void *keySafe, void *keyNestedDest, PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm); extern void * SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt, void *baseSafe, void *nestedDest); extern SECStatus SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp, SEC_PKCS12EncoderOutputCallback output, void *outputarg); extern void SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp); extern SEC_PKCS12DecoderContext * SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx, digestOpenFn dOpen, digestCloseFn dClose, digestIOFn dRead, digestIOFn dWrite, void *dArg); extern SECStatus SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx, SECPKCS12TargetTokenCAs tokenCAs); extern SECStatus SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data, unsigned long len); extern void SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx); extern SECStatus SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx); extern SECStatus SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, SEC_PKCS12NicknameCollisionCallback nicknameCb); /* * SEC_PKCS12DecoderRenameCertNicknames() can be used to change * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling * SEC_PKCS12DecoderImportBags. * * arg: User-defined data that will be passed to nicknameCb. * * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname * will be changed. * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags() * will change the nickname of the corresponding private key, too. */ extern SECStatus SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, SEC_PKCS12NicknameRenameCallback nicknameCb, void *arg); extern SECStatus SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx); CERTCertList * SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx); SECStatus SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx); SECStatus SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx, const SEC_PKCS12DecoderItem **ipp); SEC_END_PROTOS #endif