Back to index

lightning-sunbird  0.9+nobinonly
pcert.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef _PCERTDB_H_
00038 #define _PCERTDB_H_
00039 
00040 #include "plarena.h"
00041 #include "prlong.h"
00042 #include "pcertt.h"
00043 
00044 #include "lowkeyti.h"       /* for struct NSSLOWKEYPublicKeyStr */
00045 
00046 SEC_BEGIN_PROTOS
00047 
00048 /*
00049  * initialize any global certificate locks
00050  */
00051 SECStatus nsslowcert_InitLocks(void);
00052 
00053 /*
00054 ** Add a DER encoded certificate to the permanent database.
00055 **     "derCert" is the DER encoded certificate.
00056 **     "nickname" is the nickname to use for the cert
00057 **     "trust" is the trust parameters for the cert
00058 */
00059 SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, 
00060                      NSSLOWCERTCertificate *cert,
00061                             char *nickname, NSSLOWCERTCertTrust *trust);
00062 SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
00063                             NSSLOWCERTCertificate *cert, char *nickname);
00064 
00065 SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
00066 
00067 typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert,
00068                                                    SECItem *k, void *pdata);
00069 /*
00070 ** Traverse the entire permanent database, and pass the certs off to a
00071 ** user supplied function.
00072 **     "certfunc" is the user function to call for each certificate
00073 **     "udata" is the user's data, which is passed through to "certfunc"
00074 */
00075 SECStatus
00076 nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
00077                     PermCertCallback certfunc,
00078                     void *udata );
00079 
00080 PRBool
00081 nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
00082 
00083 certDBEntryRevocation *
00084 nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
00085                                     SECItem *crlKey, PRBool isKRL);
00086 
00087 SECStatus
00088 nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,SECItem *derName,
00089                                                         PRBool isKRL);
00090 SECStatus
00091 nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl ,
00092                             SECItem *derKey, char *url, PRBool isKRL);
00093 
00094 NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
00095 NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
00096 
00097 NSSLOWCERTCertificate *
00098 nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
00099                         char *nickname, PRBool isperm, PRBool copyDER);
00100 NSSLOWCERTCertificate *
00101 nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
00102 void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
00103 void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
00104 
00105 /*
00106  * Lookup a certificate in the databases without locking
00107  *     "certKey" is the database key to look for
00108  *
00109  * XXX - this should be internal, but pkcs 11 needs to call it during a
00110  * traversal.
00111  */
00112 NSSLOWCERTCertificate *
00113 nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
00114 
00115 /*
00116  * Lookup trust for a certificate in the databases without locking
00117  *     "certKey" is the database key to look for
00118  *
00119  * XXX - this should be internal, but pkcs 11 needs to call it during a
00120  * traversal.
00121  */
00122 NSSLOWCERTTrust *
00123 nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
00124 
00125 /*
00126 ** Generate a certificate key from the issuer and serialnumber, then look it
00127 ** up in the database.  Return the cert if found.
00128 **     "issuerAndSN" is the issuer and serial number to look for
00129 */
00130 extern NSSLOWCERTCertificate *
00131 nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
00132 
00133 /*
00134 ** Generate a certificate key from the issuer and serialnumber, then look it
00135 ** up in the database.  Return the cert if found.
00136 **     "issuerAndSN" is the issuer and serial number to look for
00137 */
00138 extern NSSLOWCERTTrust *
00139 nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
00140 
00141 /*
00142 ** Find a certificate in the database by a DER encoded certificate
00143 **     "derCert" is the DER encoded certificate
00144 */
00145 extern NSSLOWCERTCertificate *
00146 nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
00147 
00148 /* convert an email address to lower case */
00149 char *nsslowcert_FixupEmailAddr(char *emailAddr);
00150 
00151 /*
00152 ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
00153 **      "derSignedCert" is the DER encoded signed certificate
00154 **      "copyDER" is true if the DER should be copied, false if the
00155 **              existing copy should be referenced
00156 **      "nickname" is the nickname to use in the database.  If it is NULL
00157 **              then a temporary nickname is generated.
00158 */
00159 extern NSSLOWCERTCertificate *
00160 nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname);
00161 
00162 SECStatus
00163 nsslowcert_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key);
00164 
00165 certDBEntrySMime *
00166 nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
00167                                                   char *emailAddr);
00168 void
00169 nsslowcert_DestroyDBEntry(certDBEntry *entry);
00170 
00171 SECStatus
00172 nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
00173               const char *domain, const char *prefix,
00174                 NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
00175 
00176 void
00177 nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
00178 
00179 /*
00180  * is certa newer than certb?  If one is expired, pick the other one.
00181  */
00182 PRBool
00183 nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
00184 
00185 
00186 SECStatus
00187 nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
00188                     certDBEntryType type,
00189                     SECStatus (* callback)(SECItem *data, SECItem *key,
00190                                        certDBEntryType type, void *pdata),
00191                     void *udata );
00192 SECStatus
00193 nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
00194                              SECItem *derSubject,
00195                              NSSLOWCERTCertCallback cb, void *cbarg);
00196 int
00197 nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
00198                                                   SECItem *derSubject);
00199 SECStatus
00200 nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
00201               char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
00202 
00203 int
00204 nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, 
00205                                                  char *nickname);
00206 SECStatus
00207 nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
00208                                     NSSLOWCERTCertTrust *trust);
00209 
00210 SECStatus
00211 nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, 
00212        SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
00213 
00214 /*
00215  * Change the trust attributes of a certificate and make them permanent
00216  * in the database.
00217  */
00218 SECStatus
00219 nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, 
00220               NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
00221 
00222 PRBool
00223 nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
00224 
00225 void
00226 nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
00227 
00228 PRBool
00229 nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
00230 
00231 void
00232 nsslowcert_DestroyFreeLists(void);
00233 
00234 void
00235 nsslowcert_DestroyGlobalLocks(void);
00236 
00237 void
00238 pkcs11_freeNickname(char *nickname, char *space);
00239 
00240 char *
00241 pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
00242 
00243 void
00244 pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
00245 
00246 unsigned char *
00247 pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
00248 
00249 unsigned char *
00250 pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
00251                                           int spaceLen);
00252 NSSLOWCERTCertificate *
00253 nsslowcert_CreateCert(void);
00254 
00255 certDBEntry *
00256 nsslowcert_DecodeAnyDBEntry(SECItem *dbData, SECItem *dbKey, 
00257                             certDBEntryType entryType, void *pdata);
00258 
00259 SEC_END_PROTOS
00260 
00261  #endif /* _PCERTDB_H_ */