| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #ifndef PKIT_H |
| #define PKIT_H |
| |
| /* |
| * pkit.h |
| * |
| * This file contains definitions for the types of the top-level PKI objects. |
| */ |
| |
| #ifndef NSSBASET_H |
| #include "nssbaset.h" |
| #endif /* NSSBASET_H */ |
| |
| #ifndef BASET_H |
| #include "baset.h" |
| #endif /* BASET_H */ |
| |
| #include "certt.h" |
| #include "pkcs11t.h" |
| |
| #ifndef NSSPKIT_H |
| #include "nsspkit.h" |
| #endif /* NSSPKIT_H */ |
| |
| #ifndef NSSDEVT_H |
| #include "nssdevt.h" |
| #endif /* NSSDEVT_H */ |
| |
| #ifndef DEVT_H |
| #include "devt.h" |
| #endif /* DEVT_H */ |
| |
| #ifndef nssrwlkt_h__ |
| #include "nssrwlkt.h" |
| #endif /* nssrwlkt_h__ */ |
| |
| PR_BEGIN_EXTERN_C |
| |
| /* |
| * A note on ephemeral certs |
| * |
| * The key objects defined here can only be created on tokens, and can only |
| * exist on tokens. Therefore, any instance of a key object must have |
| * a corresponding cryptoki instance. OTOH, certificates created in |
| * crypto contexts need not be stored as session objects on the token. |
| * There are good performance reasons for not doing so. The certificate |
| * and trust objects have been defined with a cryptoContext field to |
| * allow for ephemeral certs, which may have a single instance in a crypto |
| * context along with any number (including zero) of cryptoki instances. |
| * Since contexts may not share objects, there can be only one context |
| * for each object. |
| */ |
| |
| typedef enum { |
| nssPKILock = 1, |
| nssPKIMonitor = 2 |
| } nssPKILockType; |
| |
| /* nssPKIObject |
| * |
| * This is the base object class, common to all PKI objects defined in |
| * nsspkit.h |
| */ |
| struct nssPKIObjectStr { |
| /* The arena for all object memory */ |
| NSSArena *arena; |
| /* Atomically incremented/decremented reference counting */ |
| PRInt32 refCount; |
| /* lock protects the array of nssCryptokiInstance's of the object */ |
| union { |
| PZLock *lock; |
| PZMonitor *mlock; |
| } sync; |
| nssPKILockType lockType; |
| /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot |
| * be compared against the update level of the trust domain, since it is |
| * also affected by import/export. Where is this array needed? |
| */ |
| nssCryptokiObject **instances; |
| PRUint32 numInstances; |
| /* The object must live in a trust domain */ |
| NSSTrustDomain *trustDomain; |
| /* The object may live in a crypto context */ |
| NSSCryptoContext *cryptoContext; |
| /* XXX added so temp certs can have nickname, think more ... */ |
| NSSUTF8 *tempName; |
| }; |
| |
| typedef struct nssDecodedCertStr nssDecodedCert; |
| |
| typedef struct nssCertificateStoreStr nssCertificateStore; |
| |
| /* How wide is the scope of this? */ |
| typedef struct nssSMIMEProfileStr nssSMIMEProfile; |
| |
| typedef struct nssPKIObjectStr nssPKIObject; |
| |
| struct NSSTrustStr { |
| nssPKIObject object; |
| NSSCertificate *certificate; |
| nssTrustLevel serverAuth; |
| nssTrustLevel clientAuth; |
| nssTrustLevel emailProtection; |
| nssTrustLevel codeSigning; |
| PRBool stepUpApproved; |
| }; |
| |
| struct nssSMIMEProfileStr { |
| nssPKIObject object; |
| NSSCertificate *certificate; |
| NSSASCII7 *email; |
| NSSDER *subject; |
| NSSItem *profileTime; |
| NSSItem *profileData; |
| }; |
| |
| struct NSSCertificateStr { |
| nssPKIObject object; |
| NSSCertificateType type; |
| NSSItem id; |
| NSSBER encoding; |
| NSSDER issuer; |
| NSSDER subject; |
| NSSDER serial; |
| NSSASCII7 *email; |
| nssDecodedCert *decoding; |
| }; |
| |
| struct NSSPrivateKeyStr; |
| |
| struct NSSPublicKeyStr; |
| |
| struct NSSSymmetricKeyStr; |
| |
| typedef struct nssTDCertificateCacheStr nssTDCertificateCache; |
| |
| struct NSSTrustDomainStr { |
| PRInt32 refCount; |
| NSSArena *arena; |
| NSSCallback *defaultCallback; |
| nssList *tokenList; |
| nssListIterator *tokens; |
| nssTDCertificateCache *cache; |
| NSSRWLock *tokensLock; |
| void *spkDigestInfo; |
| CERTStatusConfig *statusConfig; |
| }; |
| |
| struct NSSCryptoContextStr { |
| PRInt32 refCount; |
| NSSArena *arena; |
| NSSTrustDomain *td; |
| NSSToken *token; |
| nssSession *session; |
| nssCertificateStore *certStore; |
| }; |
| |
| struct NSSTimeStr { |
| PRTime prTime; |
| }; |
| |
| struct NSSCRLStr { |
| nssPKIObject object; |
| NSSDER encoding; |
| NSSUTF8 *url; |
| PRBool isKRL; |
| }; |
| |
| typedef struct NSSCRLStr NSSCRL; |
| |
| struct NSSPoliciesStr; |
| |
| struct NSSAlgorithmAndParametersStr; |
| |
| struct NSSPKIXCertificateStr; |
| |
| PR_END_EXTERN_C |
| |
| #endif /* PKIT_H */ |