Back to index

lightning-sunbird  0.9+nobinonly
pkit.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef PKIT_H
00038 #define PKIT_H
00039 
00040 #ifdef DEBUG
00041 static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.17.28.1 $ $Date: 2006/08/23 01:36:31 $";
00042 #endif /* DEBUG */
00043 
00044 /*
00045  * pkit.h
00046  *
00047  * This file contains definitions for the types of the top-level PKI objects.
00048  */
00049 
00050 #ifndef NSSBASET_H
00051 #include "nssbaset.h"
00052 #endif /* NSSBASET_H */
00053 
00054 #ifndef BASET_H
00055 #include "baset.h"
00056 #endif /* BASET_H */
00057 
00058 #ifdef NSS_3_4_CODE
00059 #include "certt.h"
00060 #include "pkcs11t.h"
00061 #endif /* NSS_3_4_CODE */
00062 
00063 #ifndef NSSPKIT_H
00064 #include "nsspkit.h"
00065 #endif /* NSSPKIT_H */
00066 
00067 #ifndef NSSDEVT_H
00068 #include "nssdevt.h"
00069 #endif /* NSSDEVT_H */
00070 
00071 #ifndef DEVT_H
00072 #include "devt.h"
00073 #endif /* DEVT_H */
00074 
00075 #ifndef nssrwlkt_h__
00076 #include "nssrwlkt.h"
00077 #endif /* nssrwlkt_h__ */
00078 
00079 PR_BEGIN_EXTERN_C
00080 
00081 /*
00082  * A note on ephemeral certs
00083  *
00084  * The key objects defined here can only be created on tokens, and can only
00085  * exist on tokens.  Therefore, any instance of a key object must have
00086  * a corresponding cryptoki instance.  OTOH, certificates created in 
00087  * crypto contexts need not be stored as session objects on the token.
00088  * There are good performance reasons for not doing so.  The certificate
00089  * and trust objects have been defined with a cryptoContext field to
00090  * allow for ephemeral certs, which may have a single instance in a crypto
00091  * context along with any number (including zero) of cryptoki instances.
00092  * Since contexts may not share objects, there can be only one context
00093  * for each object.
00094  */
00095 
00096 typedef enum {
00097     nssPKILock = 1,
00098     nssPKIMonitor = 2
00099 } nssPKILockType;
00100 
00101 /* nssPKIObject
00102  *
00103  * This is the base object class, common to all PKI objects defined in
00104  * nsspkit.h
00105  */
00106 struct nssPKIObjectStr 
00107 {
00108     /* The arena for all object memory */
00109     NSSArena *arena;
00110     /* Atomically incremented/decremented reference counting */
00111     PRInt32 refCount;
00112     /* lock protects the array of nssCryptokiInstance's of the object */
00113     union {
00114         PZLock* lock;
00115         PZMonitor *mlock;
00116     } sync;
00117     nssPKILockType lockType;
00118     /* XXX with LRU cache, this cannot be guaranteed up-to-date.  It cannot
00119      * be compared against the update level of the trust domain, since it is
00120      * also affected by import/export.  Where is this array needed?
00121      */
00122     nssCryptokiObject **instances;
00123     PRUint32 numInstances;
00124     /* The object must live in a trust domain */
00125     NSSTrustDomain *trustDomain;
00126     /* The object may live in a crypto context */
00127     NSSCryptoContext *cryptoContext;
00128     /* XXX added so temp certs can have nickname, think more ... */
00129     NSSUTF8 *tempName;
00130 };
00131 
00132 typedef struct nssDecodedCertStr nssDecodedCert;
00133 
00134 typedef struct nssCertificateStoreStr nssCertificateStore;
00135 
00136 /* How wide is the scope of this? */
00137 typedef struct nssSMIMEProfileStr nssSMIMEProfile;
00138 
00139 typedef struct nssPKIObjectStr nssPKIObject;
00140 
00141 struct NSSTrustStr 
00142 {
00143     nssPKIObject object;
00144     NSSCertificate *certificate;
00145     nssTrustLevel serverAuth;
00146     nssTrustLevel clientAuth;
00147     nssTrustLevel emailProtection;
00148     nssTrustLevel codeSigning;
00149     PRBool stepUpApproved;
00150 };
00151 
00152 struct nssSMIMEProfileStr
00153 {
00154     nssPKIObject object;
00155     NSSCertificate *certificate;
00156     NSSASCII7 *email;
00157     NSSDER *subject;
00158     NSSItem *profileTime;
00159     NSSItem *profileData;
00160 };
00161 
00162 struct NSSCertificateStr
00163 {
00164     nssPKIObject object;
00165     NSSCertificateType type;
00166     NSSItem id;
00167     NSSBER encoding;
00168     NSSDER issuer;
00169     NSSDER subject;
00170     NSSDER serial;
00171     NSSASCII7 *email;
00172     nssDecodedCert *decoding;
00173 };
00174 
00175 struct NSSPrivateKeyStr;
00176 
00177 struct NSSPublicKeyStr;
00178 
00179 struct NSSSymmetricKeyStr;
00180 
00181 typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
00182 
00183 struct NSSTrustDomainStr {
00184     PRInt32 refCount;
00185     NSSArena *arena;
00186     NSSCallback *defaultCallback;
00187     nssList *tokenList;
00188     nssListIterator *tokens;
00189     nssTDCertificateCache *cache;
00190     NSSRWLock *tokensLock;
00191 #ifdef NSS_3_4_CODE
00192     void *spkDigestInfo;
00193     CERTStatusConfig *statusConfig;
00194 #endif
00195 };
00196 
00197 struct NSSCryptoContextStr
00198 {
00199     PRInt32 refCount;
00200     NSSArena *arena;
00201     NSSTrustDomain *td;
00202     NSSToken *token;
00203     nssSession *session;
00204     nssCertificateStore *certStore;
00205 };
00206 
00207 struct NSSTimeStr {
00208     PRTime prTime;
00209 };
00210 
00211 struct NSSCRLStr {
00212   nssPKIObject object;
00213   NSSDER encoding;
00214   NSSUTF8 *url;
00215   PRBool isKRL;
00216 };
00217 
00218 typedef struct NSSCRLStr NSSCRL;
00219 
00220 struct NSSPoliciesStr;
00221 
00222 struct NSSAlgorithmAndParametersStr;
00223 
00224 struct NSSPKIXCertificateStr;
00225 
00226 PR_END_EXTERN_C
00227 
00228 #endif /* PKIT_H */