| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #ifndef _P12_H_ |
| #define _P12_H_ |
| |
| #include "secoid.h" |
| #include "keyhi.h" |
| #include "secpkcs7.h" |
| #include "p12t.h" |
| |
| typedef int(PR_CALLBACK *PKCS12OpenFunction)(void *arg); |
| typedef int(PR_CALLBACK *PKCS12ReadFunction)(void *arg, |
| unsigned char *buffer, |
| unsigned int *lenRead, |
| unsigned int maxLen); |
| typedef int(PR_CALLBACK *PKCS12WriteFunction)(void *arg, |
| unsigned char *buffer, |
| unsigned int *bufLen, |
| unsigned int *lenWritten); |
| typedef int(PR_CALLBACK *PKCS12CloseFunction)(void *arg); |
| typedef SECStatus(PR_CALLBACK *PKCS12UnicodeConvertFunction)( |
| PLArenaPool *arena, |
| SECItem *dest, SECItem *src, |
| PRBool toUnicode, |
| PRBool swapBytes); |
| typedef void(PR_CALLBACK *SEC_PKCS12EncoderOutputCallback)( |
| void *arg, const char *buf, |
| unsigned long len); |
| typedef void(PR_CALLBACK *SEC_PKCS12DecoderOutputCallback)( |
| void *arg, const char *buf, |
| unsigned long len); |
| /* |
| * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate, |
| * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c. |
| * See r1.35 of p12d.c ("Patch 2" in bug 321584). |
| * |
| * This callback might be called by SEC_PKCS12DecoderValidateBags each time |
| * a nickname collission is detected. The callback must return a new |
| * nickname. The returned SECItem should be of type siAsciiString, |
| * it should be allocated using: |
| * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) |
| * and data must contain the new nickname as a zero terminated string. |
| */ |
| typedef SECItem *(PR_CALLBACK *SEC_PKCS12NicknameCollisionCallback)( |
| SECItem *old_nickname, |
| PRBool *cancel, |
| void *arg); |
| /* |
| * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each |
| * certificate found in the p12 source data. |
| * |
| * cert: A decoded certificate. |
| * default_nickname: The nickname as found in the source data. |
| * Will be NULL if source data doesn't have nickname. |
| * new_nickname: Output parameter that may contain the renamed nickname. |
| * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames. |
| * |
| * If the callback accept that NSS will use a nickname based on the |
| * default_nickname (potentially resolving conflicts), then the callback |
| * must set *new_nickname to NULL. |
| * |
| * If the callback wishes to override the nickname, it must set *new_nickname |
| * to a new SECItem which should be allocated using |
| * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) |
| * new_nickname->type should be set to siAsciiString, and new_nickname->data |
| * must contain the new nickname as a zero terminated string. |
| * |
| * A return value of SECFailure indicates that the renaming operation failed, |
| * and callback should release new_nickname before returning if it's already |
| * being allocated. |
| * Otherwise, the callback function must return SECSuccess, including use |
| * default nickname as mentioned above. |
| */ |
| typedef SECStatus(PR_CALLBACK *SEC_PKCS12NicknameRenameCallback)( |
| const CERTCertificate *cert, |
| const SECItem *default_nickname, |
| SECItem **new_nickname, |
| void *arg); |
| |
| typedef SECStatus(PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData); |
| typedef SECStatus(PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile); |
| typedef int(PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf, |
| unsigned long len); |
| |
| typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext; |
| typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo; |
| typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext; |
| typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem; |
| |
| struct sec_PKCS12PasswordModeInfo { |
| SECItem *password; |
| SECOidTag algorithm; |
| }; |
| |
| struct sec_PKCS12PublicKeyModeInfo { |
| CERTCertificate *cert; |
| CERTCertDBHandle *certDb; |
| SECOidTag algorithm; |
| int keySize; |
| }; |
| |
| struct SEC_PKCS12DecoderItemStr { |
| SECItem *der; |
| SECOidTag type; |
| PRBool hasKey; |
| SECItem *friendlyName; /* UTF-8 string */ |
| SECAlgorithmID *shroudAlg; |
| }; |
| |
| SEC_BEGIN_PROTOS |
| |
| SEC_PKCS12SafeInfo * |
| SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt, |
| CERTCertDBHandle *certDb, |
| CERTCertificate *signer, |
| CERTCertificate **recipients, |
| SECOidTag algorithm, int keysize); |
| |
| extern SEC_PKCS12SafeInfo * |
| SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt, |
| SECItem *pwitem, SECOidTag privAlg); |
| |
| extern SEC_PKCS12SafeInfo * |
| SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt); |
| |
| extern SECStatus |
| SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt, |
| SECItem *pwitem, SECOidTag integAlg); |
| extern SECStatus |
| SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt, |
| CERTCertificate *cert, CERTCertDBHandle *certDb, |
| SECOidTag algorithm, int keySize); |
| |
| extern SEC_PKCS12ExportContext * |
| SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg, |
| PK11SlotInfo *slot, void *wincx); |
| |
| extern SECStatus |
| SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, |
| SEC_PKCS12SafeInfo *safe, void *nestedDest, |
| CERTCertificate *cert, CERTCertDBHandle *certDb, |
| SECItem *keyId, PRBool includeCertChain); |
| |
| extern SECStatus |
| SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, |
| SEC_PKCS12SafeInfo *safe, |
| void *nestedDest, CERTCertificate *cert, |
| PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem, |
| SECItem *keyId, SECItem *nickName); |
| |
| extern SECStatus |
| SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, |
| void *certSafe, void *certNestedDest, |
| CERTCertificate *cert, CERTCertDBHandle *certDb, |
| void *keySafe, void *keyNestedDest, PRBool shroudKey, |
| SECItem *pwitem, SECOidTag algorithm, |
| PRBool includeCertChain); |
| |
| extern SECStatus |
| SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, |
| void *certSafe, void *certNestedDest, |
| CERTCertificate *cert, CERTCertDBHandle *certDb, |
| void *keySafe, void *keyNestedDest, |
| PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm); |
| |
| extern void * |
| SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt, |
| void *baseSafe, void *nestedDest); |
| |
| extern SECStatus |
| SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp, |
| SEC_PKCS12EncoderOutputCallback output, void *outputarg); |
| |
| extern void |
| SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp); |
| |
| extern SEC_PKCS12DecoderContext * |
| SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx, |
| digestOpenFn dOpen, digestCloseFn dClose, |
| digestIOFn dRead, digestIOFn dWrite, void *dArg); |
| |
| extern SECStatus |
| SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx, |
| SECPKCS12TargetTokenCAs tokenCAs); |
| |
| extern SECStatus |
| SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data, |
| unsigned long len); |
| |
| extern void |
| SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx); |
| |
| extern SECStatus |
| SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx); |
| |
| extern SECStatus |
| SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, |
| SEC_PKCS12NicknameCollisionCallback nicknameCb); |
| |
| /* |
| * SEC_PKCS12DecoderRenameCertNicknames() can be used to change |
| * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling |
| * SEC_PKCS12DecoderImportBags. |
| * |
| * arg: User-defined data that will be passed to nicknameCb. |
| * |
| * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling |
| * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname |
| * will be changed. |
| * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling |
| * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags() |
| * will change the nickname of the corresponding private key, too. |
| */ |
| extern SECStatus |
| SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, |
| SEC_PKCS12NicknameRenameCallback nicknameCb, |
| void *arg); |
| |
| extern SECStatus |
| SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx); |
| |
| CERTCertList * |
| SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx); |
| |
| SECStatus |
| SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx); |
| |
| SECStatus |
| SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx, |
| const SEC_PKCS12DecoderItem **ipp); |
| |
| SEC_END_PROTOS |
| |
| #endif |