Back to index

lightning-sunbird  0.9+nobinonly
nsspki.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef NSSPKI_H
00038 #define NSSPKI_H
00039 
00040 #ifdef DEBUG
00041 static const char NSSPKI_CVS_ID[] = "@(#) $RCSfile: nsspki.h,v $ $Revision: 1.10.28.1 $ $Date: 2006/08/22 17:12:04 $";
00042 #endif /* DEBUG */
00043 
00044 /*
00045  * nsspki.h
00046  *
00047  * This file prototypes the methods of the top-level PKI objects.
00048  */
00049 
00050 #ifndef NSSDEVT_H
00051 #include "nssdevt.h"
00052 #endif /* NSSDEVT_H */
00053 
00054 #ifndef NSSPKIT_H
00055 #include "nsspkit.h"
00056 #endif /* NSSPKIT_H */
00057 
00058 #ifndef NSSPKI1_H
00059 #include "nsspki1.h"
00060 #endif /* NSSPKI1_H */
00061 
00062 #ifndef BASE_H
00063 #include "base.h"
00064 #endif /* BASE_H */
00065 
00066 PR_BEGIN_EXTERN_C
00067 
00068 /*
00069  * A note about interfaces
00070  *
00071  * Although these APIs are specified in C, a language which does
00072  * not have fancy support for abstract interfaces, this library
00073  * was designed from an object-oriented perspective.  It may be
00074  * useful to consider the standard interfaces which went into
00075  * the writing of these APIs.
00076  *
00077  * Basic operations on all objects:
00078  *  Destroy -- free a pointer to an object
00079  *  DeleteStoredObject -- delete an object permanently
00080  *
00081  * Public Key cryptographic operations:
00082  *  Encrypt
00083  *  Verify
00084  *  VerifyRecover
00085  *  Wrap
00086  *  Derive
00087  *
00088  * Private Key cryptographic operations:
00089  *  IsStillPresent
00090  *  Decrypt
00091  *  Sign
00092  *  SignRecover
00093  *  Unwrap
00094  *  Derive
00095  *
00096  * Symmetric Key cryptographic operations:
00097  *  IsStillPresent
00098  *  Encrypt
00099  *  Decrypt
00100  *  Sign
00101  *  SignRecover
00102  *  Verify
00103  *  VerifyRecover
00104  *  Wrap
00105  *  Unwrap
00106  *  Derive
00107  *
00108  */
00109 
00110 /*
00111  * NSSCertificate
00112  *
00113  * These things can do crypto ops like public keys, except that the trust, 
00114  * usage, and other constraints are checked.  These objects are "high-level,"
00115  * so trust, usages, etc. are in the form we throw around (client auth,
00116  * email signing, etc.).  Remember that theoretically another implementation
00117  * (think PGP) could be beneath this object.
00118  */
00119 
00120 /*
00121  * NSSCertificate_Destroy
00122  *
00123  * Free a pointer to a certificate object.
00124  */
00125 
00126 NSS_EXTERN PRStatus
00127 NSSCertificate_Destroy
00128 (
00129   NSSCertificate *c
00130 );
00131 
00132 /*
00133  * NSSCertificate_DeleteStoredObject
00134  *
00135  * Permanently remove this certificate from storage.  If this is the
00136  * only (remaining) certificate corresponding to a private key, 
00137  * public key, and/or other object; then that object (those objects)
00138  * are deleted too.
00139  */
00140 
00141 NSS_EXTERN PRStatus
00142 NSSCertificate_DeleteStoredObject
00143 (
00144   NSSCertificate *c,
00145   NSSCallback *uhh
00146 );
00147 
00148 /*
00149  * NSSCertificate_Validate
00150  *
00151  * Verify that this certificate is trusted, for the specified usage(s), 
00152  * at the specified time, {word word} the specified policies.
00153  */
00154 
00155 NSS_EXTERN PRStatus
00156 NSSCertificate_Validate
00157 (
00158   NSSCertificate *c,
00159   NSSTime *timeOpt, /* NULL for "now" */
00160   NSSUsage *usage,
00161   NSSPolicies *policiesOpt /* NULL for none */
00162 );
00163 
00164 /*
00165  * NSSCertificate_ValidateCompletely
00166  *
00167  * Verify that this certificate is trusted.  The difference between
00168  * this and the previous call is that NSSCertificate_Validate merely
00169  * returns success or failure with an appropriate error stack.
00170  * However, there may be (and often are) multiple problems with a
00171  * certificate.  This routine returns an array of errors, specifying
00172  * every problem.
00173  */
00174 
00175 /* 
00176  * Return value must be an array of objects, each of which has
00177  * an NSSError, and any corresponding certificate (in the chain)
00178  * and/or policy.
00179  */
00180 
00181 NSS_EXTERN void ** /* void *[] */
00182 NSSCertificate_ValidateCompletely
00183 (
00184   NSSCertificate *c,
00185   NSSTime *timeOpt, /* NULL for "now" */
00186   NSSUsage *usage,
00187   NSSPolicies *policiesOpt, /* NULL for none */
00188   void **rvOpt, /* NULL for allocate */
00189   PRUint32 rvLimit, /* zero for no limit */
00190   NSSArena *arenaOpt /* NULL for heap */
00191 );
00192 
00193 /*
00194  * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
00195  *
00196  * Returns PR_SUCCESS if the certificate is valid for at least something.
00197  */
00198 
00199 NSS_EXTERN PRStatus
00200 NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
00201 (
00202   NSSCertificate *c,
00203   NSSTime **notBeforeOutOpt,
00204   NSSTime **notAfterOutOpt,
00205   void *allowedUsages,
00206   void *disallowedUsages,
00207   void *allowedPolicies,
00208   void *disallowedPolicies,
00209   /* more args.. work on this fgmr */
00210   NSSArena *arenaOpt
00211 );
00212 
00213 /*
00214  * NSSCertificate_Encode
00215  *
00216  */
00217 
00218 NSS_EXTERN NSSDER *
00219 NSSCertificate_Encode
00220 (
00221   NSSCertificate *c,
00222   NSSDER *rvOpt,
00223   NSSArena *arenaOpt
00224 );
00225 
00226 /*
00227  * NSSCertificate_BuildChain
00228  *
00229  * This routine returns NSSCertificate *'s for each certificate
00230  * in the "chain" starting from the specified one up to and
00231  * including the root.  The zeroth element in the array is the
00232  * specified ("leaf") certificate.
00233  *
00234  * If statusOpt is supplied, and is returned as PR_FAILURE, possible
00235  * error values are:
00236  *
00237  * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete
00238  *
00239  */
00240 
00241 extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;
00242 
00243 NSS_EXTERN NSSCertificate **
00244 NSSCertificate_BuildChain
00245 (
00246   NSSCertificate *c,
00247   NSSTime *timeOpt,
00248   NSSUsage *usage,
00249   NSSPolicies *policiesOpt,
00250   NSSCertificate **rvOpt,
00251   PRUint32 rvLimit, /* zero for no limit */
00252   NSSArena *arenaOpt,
00253   PRStatus *statusOpt,
00254   NSSTrustDomain *td,
00255   NSSCryptoContext *cc 
00256 );
00257 
00258 /*
00259  * NSSCertificate_GetTrustDomain
00260  *
00261  */
00262 
00263 NSS_EXTERN NSSTrustDomain *
00264 NSSCertificate_GetTrustDomain
00265 (
00266   NSSCertificate *c
00267 );
00268 
00269 /*
00270  * NSSCertificate_GetToken
00271  *
00272  * There doesn't have to be one.
00273  */
00274 
00275 NSS_EXTERN NSSToken *
00276 NSSCertificate_GetToken
00277 (
00278   NSSCertificate *c,
00279   PRStatus *statusOpt
00280 );
00281 
00282 /*
00283  * NSSCertificate_GetSlot
00284  *
00285  * There doesn't have to be one.
00286  */
00287 
00288 NSS_EXTERN NSSSlot *
00289 NSSCertificate_GetSlot
00290 (
00291   NSSCertificate *c,
00292   PRStatus *statusOpt
00293 );
00294 
00295 /*
00296  * NSSCertificate_GetModule
00297  *
00298  * There doesn't have to be one.
00299  */
00300 
00301 NSS_EXTERN NSSModule *
00302 NSSCertificate_GetModule
00303 (
00304   NSSCertificate *c,
00305   PRStatus *statusOpt
00306 );
00307 
00308 /*
00309  * NSSCertificate_Encrypt
00310  *
00311  * Encrypt a single chunk of data with the public key corresponding to
00312  * this certificate.
00313  */
00314 
00315 NSS_EXTERN NSSItem *
00316 NSSCertificate_Encrypt
00317 (
00318   NSSCertificate *c,
00319   NSSAlgorithmAndParameters *apOpt,
00320   NSSItem *data,
00321   NSSTime *timeOpt,
00322   NSSUsage *usage,
00323   NSSPolicies *policiesOpt,
00324   NSSCallback *uhh,
00325   NSSItem *rvOpt,
00326   NSSArena *arenaOpt
00327 );
00328 
00329 /*
00330  * NSSCertificate_Verify
00331  *
00332  */
00333 
00334 NSS_EXTERN PRStatus
00335 NSSCertificate_Verify
00336 (
00337   NSSCertificate *c,
00338   NSSAlgorithmAndParameters *apOpt,
00339   NSSItem *data,
00340   NSSItem *signature,
00341   NSSTime *timeOpt,
00342   NSSUsage *usage,
00343   NSSPolicies *policiesOpt,
00344   NSSCallback *uhh
00345 );
00346 
00347 /*
00348  * NSSCertificate_VerifyRecover
00349  *
00350  */
00351 
00352 NSS_EXTERN NSSItem *
00353 NSSCertificate_VerifyRecover
00354 (
00355   NSSCertificate *c,
00356   NSSAlgorithmAndParameters *apOpt,
00357   NSSItem *signature,
00358   NSSTime *timeOpt,
00359   NSSUsage *usage,
00360   NSSPolicies *policiesOpt,
00361   NSSCallback *uhh,
00362   NSSItem *rvOpt,
00363   NSSArena *arenaOpt
00364 );
00365 
00366 /*
00367  * NSSCertificate_WrapSymmetricKey
00368  *
00369  * This method tries very hard to to succeed, even in situations 
00370  * involving sensitive keys and multiple modules.
00371  * { relyea: want to add verbiage? }
00372  */
00373 
00374 NSS_EXTERN NSSItem *
00375 NSSCertificate_WrapSymmetricKey
00376 (
00377   NSSCertificate *c,
00378   NSSAlgorithmAndParameters *apOpt,
00379   NSSSymmetricKey *keyToWrap,
00380   NSSTime *timeOpt,
00381   NSSUsage *usage,
00382   NSSPolicies *policiesOpt,
00383   NSSCallback *uhh,
00384   NSSItem *rvOpt,
00385   NSSArena *arenaOpt
00386 );
00387 
00388 /*
00389  * NSSCertificate_CreateCryptoContext
00390  *
00391  * Create a crypto context, in this certificate's trust domain, with this
00392  * as the distinguished certificate.
00393  */
00394 
00395 NSS_EXTERN NSSCryptoContext *
00396 NSSCertificate_CreateCryptoContext
00397 (
00398   NSSCertificate *c,
00399   NSSAlgorithmAndParameters *apOpt,
00400   NSSTime *timeOpt,
00401   NSSUsage *usage,
00402   NSSPolicies *policiesOpt,
00403   NSSCallback *uhh  
00404 );
00405 
00406 /*
00407  * NSSCertificate_GetPublicKey
00408  *
00409  * Returns the public key corresponding to this certificate.
00410  */
00411 
00412 NSS_EXTERN NSSPublicKey *
00413 NSSCertificate_GetPublicKey
00414 (
00415   NSSCertificate *c
00416 );
00417 
00418 /*
00419  * NSSCertificate_FindPrivateKey
00420  *
00421  * Finds and returns the private key corresponding to this certificate,
00422  * if it is available.
00423  *
00424  * { Should this hang off of NSSUserCertificate? }
00425  */
00426 
00427 NSS_EXTERN NSSPrivateKey *
00428 NSSCertificate_FindPrivateKey
00429 (
00430   NSSCertificate *c,
00431   NSSCallback *uhh
00432 );
00433 
00434 /*
00435  * NSSCertificate_IsPrivateKeyAvailable
00436  *
00437  * Returns success if the private key corresponding to this certificate
00438  * is available to be used.
00439  *
00440  * { Should *this* hang off of NSSUserCertificate?? }
00441  */
00442 
00443 NSS_EXTERN PRBool
00444 NSSCertificate_IsPrivateKeyAvailable
00445 (
00446   NSSCertificate *c,
00447   NSSCallback *uhh,
00448   PRStatus *statusOpt
00449 );
00450 
00451 /*
00452  * If we make NSSUserCertificate not a typedef of NSSCertificate, 
00453  * then we'll need implementations of the following:
00454  *
00455  *  NSSUserCertificate_Destroy
00456  *  NSSUserCertificate_DeleteStoredObject
00457  *  NSSUserCertificate_Validate
00458  *  NSSUserCertificate_ValidateCompletely
00459  *  NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies
00460  *  NSSUserCertificate_Encode
00461  *  NSSUserCertificate_BuildChain
00462  *  NSSUserCertificate_GetTrustDomain
00463  *  NSSUserCertificate_GetToken
00464  *  NSSUserCertificate_GetSlot
00465  *  NSSUserCertificate_GetModule
00466  *  NSSUserCertificate_GetCryptoContext
00467  *  NSSUserCertificate_GetPublicKey
00468  */
00469 
00470 /*
00471  * NSSUserCertificate_IsStillPresent
00472  *
00473  * Verify that if this certificate lives on a token, that the token
00474  * is still present and the certificate still exists.  This is a
00475  * lightweight call which should be used whenever it should be
00476  * verified that the user hasn't perhaps popped out his or her
00477  * token and strolled away.
00478  */
00479 
00480 NSS_EXTERN PRBool
00481 NSSUserCertificate_IsStillPresent
00482 (
00483   NSSUserCertificate *uc,
00484   PRStatus *statusOpt
00485 );
00486 
00487 /*
00488  * NSSUserCertificate_Decrypt
00489  *
00490  * Decrypt a single chunk of data with the private key corresponding
00491  * to this certificate.
00492  */
00493 
00494 NSS_EXTERN NSSItem *
00495 NSSUserCertificate_Decrypt
00496 (
00497   NSSUserCertificate *uc,
00498   NSSAlgorithmAndParameters *apOpt,
00499   NSSItem *data,
00500   NSSTime *timeOpt,
00501   NSSUsage *usage,
00502   NSSPolicies *policiesOpt,
00503   NSSCallback *uhh,
00504   NSSItem *rvOpt,
00505   NSSArena *arenaOpt
00506 );
00507 
00508 /*
00509  * NSSUserCertificate_Sign
00510  *
00511  */
00512 
00513 NSS_EXTERN NSSItem *
00514 NSSUserCertificate_Sign
00515 (
00516   NSSUserCertificate *uc,
00517   NSSAlgorithmAndParameters *apOpt,
00518   NSSItem *data,
00519   NSSTime *timeOpt,
00520   NSSUsage *usage,
00521   NSSPolicies *policiesOpt,
00522   NSSCallback *uhh,
00523   NSSItem *rvOpt,
00524   NSSArena *arenaOpt
00525 );
00526 
00527 /*
00528  * NSSUserCertificate_SignRecover
00529  *
00530  */
00531 
00532 NSS_EXTERN NSSItem *
00533 NSSUserCertificate_SignRecover
00534 (
00535   NSSUserCertificate *uc,
00536   NSSAlgorithmAndParameters *apOpt,
00537   NSSItem *data,
00538   NSSTime *timeOpt,
00539   NSSUsage *usage,
00540   NSSPolicies *policiesOpt,
00541   NSSCallback *uhh,
00542   NSSItem *rvOpt,
00543   NSSArena *arenaOpt
00544 );
00545 
00546 /*
00547  * NSSUserCertificate_UnwrapSymmetricKey
00548  *
00549  */
00550 
00551 NSS_EXTERN NSSSymmetricKey *
00552 NSSUserCertificate_UnwrapSymmetricKey
00553 (
00554   NSSUserCertificate *uc,
00555   NSSAlgorithmAndParameters *apOpt,
00556   NSSItem *wrappedKey,
00557   NSSTime *timeOpt,
00558   NSSUsage *usage,
00559   NSSPolicies *policiesOpt,
00560   NSSCallback *uhh,
00561   NSSItem *rvOpt,
00562   NSSArena *arenaOpt
00563 );
00564 
00565 /*
00566  * NSSUserCertificate_DeriveSymmetricKey
00567  *
00568  */
00569 
00570 NSS_EXTERN NSSSymmetricKey *
00571 NSSUserCertificate_DeriveSymmetricKey
00572 (
00573   NSSUserCertificate *uc, /* provides private key */
00574   NSSCertificate *c, /* provides public key */
00575   NSSAlgorithmAndParameters *apOpt,
00576   NSSOID *target,
00577   PRUint32 keySizeOpt, /* zero for best allowed */
00578   NSSOperations operations,
00579   NSSCallback *uhh
00580 );
00581 
00582 /* filter-certs function(s) */
00583 
00588 /*
00589  * NSSPrivateKey
00590  *
00591  */
00592 
00593 /*
00594  * NSSPrivateKey_Destroy
00595  *
00596  * Free a pointer to a private key object.
00597  */
00598 
00599 NSS_EXTERN PRStatus
00600 NSSPrivateKey_Destroy
00601 (
00602   NSSPrivateKey *vk
00603 );
00604 
00605 /*
00606  * NSSPrivateKey_DeleteStoredObject
00607  *
00608  * Permanently remove this object, and any related objects (such as the
00609  * certificates corresponding to this key).
00610  */
00611 
00612 NSS_EXTERN PRStatus
00613 NSSPrivateKey_DeleteStoredObject
00614 (
00615   NSSPrivateKey *vk,
00616   NSSCallback *uhh
00617 );
00618 
00619 /*
00620  * NSSPrivateKey_GetSignatureLength
00621  *
00622  */
00623 
00624 NSS_EXTERN PRUint32
00625 NSSPrivateKey_GetSignatureLength
00626 (
00627   NSSPrivateKey *vk
00628 );
00629 
00630 /*
00631  * NSSPrivateKey_GetPrivateModulusLength
00632  *
00633  */
00634 
00635 NSS_EXTERN PRUint32
00636 NSSPrivateKey_GetPrivateModulusLength
00637 (
00638   NSSPrivateKey *vk
00639 );
00640 
00641 /*
00642  * NSSPrivateKey_IsStillPresent
00643  *
00644  */
00645 
00646 NSS_EXTERN PRBool
00647 NSSPrivateKey_IsStillPresent
00648 (
00649   NSSPrivateKey *vk,
00650   PRStatus *statusOpt
00651 );
00652 
00653 /*
00654  * NSSPrivateKey_Encode
00655  *
00656  */
00657 
00658 NSS_EXTERN NSSItem *
00659 NSSPrivateKey_Encode
00660 (
00661   NSSPrivateKey *vk,
00662   NSSAlgorithmAndParameters *ap,
00663   NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */
00664   NSSCallback *uhhOpt,
00665   NSSItem *rvOpt,
00666   NSSArena *arenaOpt
00667 );
00668 
00669 /*
00670  * NSSPrivateKey_GetTrustDomain
00671  *
00672  * There doesn't have to be one.
00673  */
00674 
00675 NSS_EXTERN NSSTrustDomain *
00676 NSSPrivateKey_GetTrustDomain
00677 (
00678   NSSPrivateKey *vk,
00679   PRStatus *statusOpt
00680 );
00681 
00682 /*
00683  * NSSPrivateKey_GetToken
00684  *
00685  */
00686 
00687 NSS_EXTERN NSSToken *
00688 NSSPrivateKey_GetToken
00689 (
00690   NSSPrivateKey *vk
00691 );
00692 
00693 /*
00694  * NSSPrivateKey_GetSlot
00695  *
00696  */
00697 
00698 NSS_EXTERN NSSSlot *
00699 NSSPrivateKey_GetSlot
00700 (
00701   NSSPrivateKey *vk
00702 );
00703 
00704 /*
00705  * NSSPrivateKey_GetModule
00706  *
00707  */
00708 
00709 NSS_EXTERN NSSModule *
00710 NSSPrivateKey_GetModule
00711 (
00712   NSSPrivateKey *vk
00713 );
00714 
00715 /*
00716  * NSSPrivateKey_Decrypt
00717  *
00718  */
00719 
00720 NSS_EXTERN NSSItem *
00721 NSSPrivateKey_Decrypt
00722 (
00723   NSSPrivateKey *vk,
00724   NSSAlgorithmAndParameters *apOpt,
00725   NSSItem *encryptedData,
00726   NSSCallback *uhh,
00727   NSSItem *rvOpt,
00728   NSSArena *arenaOpt
00729 );
00730 
00731 /*
00732  * NSSPrivateKey_Sign
00733  *
00734  */
00735 
00736 NSS_EXTERN NSSItem *
00737 NSSPrivateKey_Sign
00738 (
00739   NSSPrivateKey *vk,
00740   NSSAlgorithmAndParameters *apOpt,
00741   NSSItem *data,
00742   NSSCallback *uhh,
00743   NSSItem *rvOpt,
00744   NSSArena *arenaOpt
00745 );
00746 
00747 /*
00748  * NSSPrivateKey_SignRecover
00749  *
00750  */
00751 
00752 NSS_EXTERN NSSItem *
00753 NSSPrivateKey_SignRecover
00754 (
00755   NSSPrivateKey *vk,
00756   NSSAlgorithmAndParameters *apOpt,
00757   NSSItem *data,
00758   NSSCallback *uhh,
00759   NSSItem *rvOpt,
00760   NSSArena *arenaOpt
00761 );
00762 
00763 /*
00764  * NSSPrivateKey_UnwrapSymmetricKey
00765  *
00766  */
00767 
00768 NSS_EXTERN NSSSymmetricKey *
00769 NSSPrivateKey_UnwrapSymmetricKey
00770 (
00771   NSSPrivateKey *vk,
00772   NSSAlgorithmAndParameters *apOpt,
00773   NSSItem *wrappedKey,
00774   NSSCallback *uhh
00775 );
00776 
00777 /*
00778  * NSSPrivateKey_DeriveSymmetricKey
00779  *
00780  */
00781 
00782 NSS_EXTERN NSSSymmetricKey *
00783 NSSPrivateKey_DeriveSymmetricKey
00784 (
00785   NSSPrivateKey *vk,
00786   NSSPublicKey *bk,
00787   NSSAlgorithmAndParameters *apOpt,
00788   NSSOID *target,
00789   PRUint32 keySizeOpt, /* zero for best allowed */
00790   NSSOperations operations,
00791   NSSCallback *uhh
00792 );
00793 
00794 /*
00795  * NSSPrivateKey_FindPublicKey
00796  *
00797  */
00798 
00799 NSS_EXTERN NSSPublicKey *
00800 NSSPrivateKey_FindPublicKey
00801 (
00802   NSSPrivateKey *vk
00803   /* { don't need the callback here, right? } */
00804 );
00805 
00806 /*
00807  * NSSPrivateKey_CreateCryptoContext
00808  *
00809  * Create a crypto context, in this key's trust domain,
00810  * with this as the distinguished private key.
00811  */
00812 
00813 NSS_EXTERN NSSCryptoContext *
00814 NSSPrivateKey_CreateCryptoContext
00815 (
00816   NSSPrivateKey *vk,
00817   NSSAlgorithmAndParameters *apOpt,
00818   NSSCallback *uhh
00819 );
00820 
00821 /*
00822  * NSSPrivateKey_FindCertificates
00823  *
00824  * Note that there may be more than one certificate for this
00825  * private key.  { FilterCertificates function to further
00826  * reduce the list. }
00827  */
00828 
00829 NSS_EXTERN NSSCertificate **
00830 NSSPrivateKey_FindCertificates
00831 (
00832   NSSPrivateKey *vk,
00833   NSSCertificate *rvOpt[],
00834   PRUint32 maximumOpt, /* 0 for no max */
00835   NSSArena *arenaOpt
00836 );
00837 
00838 /*
00839  * NSSPrivateKey_FindBestCertificate
00840  *
00841  * The parameters for this function will depend on what the users
00842  * need.  This is just a starting point.
00843  */
00844 
00845 NSS_EXTERN NSSCertificate *
00846 NSSPrivateKey_FindBestCertificate
00847 (
00848   NSSPrivateKey *vk,
00849   NSSTime *timeOpt,
00850   NSSUsage *usageOpt,
00851   NSSPolicies *policiesOpt
00852 );
00853 
00854 /*
00855  * NSSPublicKey
00856  *
00857  * Once you generate, find, or derive one of these, you can use it
00858  * to perform (simple) cryptographic operations.  Though there may
00859  * be certificates associated with these public keys, they are not
00860  * verified.
00861  */
00862 
00863 /*
00864  * NSSPublicKey_Destroy
00865  *
00866  * Free a pointer to a public key object.
00867  */
00868 
00869 NSS_EXTERN PRStatus
00870 NSSPublicKey_Destroy
00871 (
00872   NSSPublicKey *bk
00873 );
00874 
00875 /*
00876  * NSSPublicKey_DeleteStoredObject
00877  *
00878  * Permanently remove this object, and any related objects (such as the
00879  * corresponding private keys and certificates).
00880  */
00881 
00882 NSS_EXTERN PRStatus
00883 NSSPublicKey_DeleteStoredObject
00884 (
00885   NSSPublicKey *bk,
00886   NSSCallback *uhh
00887 );
00888 
00889 /*
00890  * NSSPublicKey_Encode
00891  *
00892  */
00893 
00894 NSS_EXTERN NSSItem *
00895 NSSPublicKey_Encode
00896 (
00897   NSSPublicKey *bk,
00898   NSSAlgorithmAndParameters *ap,
00899   NSSCallback *uhhOpt,
00900   NSSItem *rvOpt,
00901   NSSArena *arenaOpt
00902 );
00903 
00904 /*
00905  * NSSPublicKey_GetTrustDomain
00906  *
00907  * There doesn't have to be one.
00908  */
00909 
00910 NSS_EXTERN NSSTrustDomain *
00911 NSSPublicKey_GetTrustDomain
00912 (
00913   NSSPublicKey *bk,
00914   PRStatus *statusOpt
00915 );
00916 
00917 /*
00918  * NSSPublicKey_GetToken
00919  *
00920  * There doesn't have to be one.
00921  */
00922 
00923 NSS_EXTERN NSSToken *
00924 NSSPublicKey_GetToken
00925 (
00926   NSSPublicKey *bk,
00927   PRStatus *statusOpt
00928 );
00929 
00930 /*
00931  * NSSPublicKey_GetSlot
00932  *
00933  * There doesn't have to be one.
00934  */
00935 
00936 NSS_EXTERN NSSSlot *
00937 NSSPublicKey_GetSlot
00938 (
00939   NSSPublicKey *bk,
00940   PRStatus *statusOpt
00941 );
00942 
00943 /*
00944  * NSSPublicKey_GetModule
00945  *
00946  * There doesn't have to be one.
00947  */
00948 
00949 NSS_EXTERN NSSModule *
00950 NSSPublicKey_GetModule
00951 (
00952   NSSPublicKey *bk,
00953   PRStatus *statusOpt
00954 );
00955 
00956 /*
00957  * NSSPublicKey_Encrypt
00958  *
00959  * Encrypt a single chunk of data with the public key corresponding to
00960  * this certificate.
00961  */
00962 
00963 NSS_EXTERN NSSItem *
00964 NSSPublicKey_Encrypt
00965 (
00966   NSSPublicKey *bk,
00967   NSSAlgorithmAndParameters *apOpt,
00968   NSSItem *data,
00969   NSSCallback *uhh,
00970   NSSItem *rvOpt,
00971   NSSArena *arenaOpt
00972 );
00973 
00974 /*
00975  * NSSPublicKey_Verify
00976  *
00977  */
00978 
00979 NSS_EXTERN PRStatus
00980 NSSPublicKey_Verify
00981 (
00982   NSSPublicKey *bk,
00983   NSSAlgorithmAndParameters *apOpt,
00984   NSSItem *data,
00985   NSSItem *signature,
00986   NSSCallback *uhh
00987 );
00988 
00989 /*
00990  * NSSPublicKey_VerifyRecover
00991  *
00992  */
00993 
00994 NSS_EXTERN NSSItem *
00995 NSSPublicKey_VerifyRecover
00996 (
00997   NSSPublicKey *bk,
00998   NSSAlgorithmAndParameters *apOpt,
00999   NSSItem *signature,
01000   NSSCallback *uhh,
01001   NSSItem *rvOpt,
01002   NSSArena *arenaOpt
01003 );
01004 
01005 /*
01006  * NSSPublicKey_WrapSymmetricKey
01007  *
01008  */
01009 
01010 NSS_EXTERN NSSItem *
01011 NSSPublicKey_WrapSymmetricKey
01012 (
01013   NSSPublicKey *bk,
01014   NSSAlgorithmAndParameters *apOpt,
01015   NSSSymmetricKey *keyToWrap,
01016   NSSCallback *uhh,
01017   NSSItem *rvOpt,
01018   NSSArena *arenaOpt
01019 );
01020 
01021 /*
01022  * NSSPublicKey_CreateCryptoContext
01023  *
01024  * Create a crypto context, in this key's trust domain, with this
01025  * as the distinguished public key.
01026  */
01027 
01028 NSS_EXTERN NSSCryptoContext *
01029 NSSPublicKey_CreateCryptoContext
01030 (
01031   NSSPublicKey *bk,
01032   NSSAlgorithmAndParameters *apOpt,
01033   NSSCallback *uhh
01034 );
01035 
01036 /*
01037  * NSSPublicKey_FindCertificates
01038  *
01039  * Note that there may be more than one certificate for this
01040  * public key.  The current implementation may not find every
01041  * last certificate available for this public key: that would
01042  * involve trolling e.g. huge ldap databases, which will be
01043  * grossly inefficient and not generally useful.
01044  * { FilterCertificates function to further reduce the list }
01045  */
01046 
01047 NSS_EXTERN NSSCertificate **
01048 NSSPublicKey_FindCertificates
01049 (
01050   NSSPublicKey *bk,
01051   NSSCertificate *rvOpt[],
01052   PRUint32 maximumOpt, /* 0 for no max */
01053   NSSArena *arenaOpt
01054 );
01055 
01056 /*
01057  * NSSPrivateKey_FindBestCertificate
01058  *
01059  * The parameters for this function will depend on what the users
01060  * need.  This is just a starting point.
01061  */
01062 
01063 NSS_EXTERN NSSCertificate *
01064 NSSPublicKey_FindBestCertificate
01065 (
01066   NSSPublicKey *bk,
01067   NSSTime *timeOpt,
01068   NSSUsage *usageOpt,
01069   NSSPolicies *policiesOpt
01070 );
01071 
01072 /*
01073  * NSSPublicKey_FindPrivateKey
01074  *
01075  */
01076 
01077 NSS_EXTERN NSSPrivateKey *
01078 NSSPublicKey_FindPrivateKey
01079 (
01080   NSSPublicKey *bk,
01081   NSSCallback *uhh
01082 );
01083 
01084 /*
01085  * NSSSymmetricKey
01086  *
01087  */
01088 
01089 /*
01090  * NSSSymmetricKey_Destroy
01091  *
01092  * Free a pointer to a symmetric key object.
01093  */
01094 
01095 NSS_EXTERN PRStatus
01096 NSSSymmetricKey_Destroy
01097 (
01098   NSSSymmetricKey *mk
01099 );
01100 
01101 /*
01102  * NSSSymmetricKey_DeleteStoredObject
01103  *
01104  * Permanently remove this object.
01105  */
01106 
01107 NSS_EXTERN PRStatus
01108 NSSSymmetricKey_DeleteStoredObject
01109 (
01110   NSSSymmetricKey *mk,
01111   NSSCallback *uhh
01112 );
01113 
01114 /*
01115  * NSSSymmetricKey_GetKeyLength
01116  *
01117  */
01118 
01119 NSS_EXTERN PRUint32
01120 NSSSymmetricKey_GetKeyLength
01121 (
01122   NSSSymmetricKey *mk
01123 );
01124 
01125 /*
01126  * NSSSymmetricKey_GetKeyStrength
01127  *
01128  */
01129 
01130 NSS_EXTERN PRUint32
01131 NSSSymmetricKey_GetKeyStrength
01132 (
01133   NSSSymmetricKey *mk
01134 );
01135 
01136 /*
01137  * NSSSymmetricKey_IsStillPresent
01138  *
01139  */
01140 
01141 NSS_EXTERN PRStatus
01142 NSSSymmetricKey_IsStillPresent
01143 (
01144   NSSSymmetricKey *mk
01145 );
01146 
01147 /*
01148  * NSSSymmetricKey_GetTrustDomain
01149  *
01150  * There doesn't have to be one.
01151  */
01152 
01153 NSS_EXTERN NSSTrustDomain *
01154 NSSSymmetricKey_GetTrustDomain
01155 (
01156   NSSSymmetricKey *mk,
01157   PRStatus *statusOpt
01158 );
01159 
01160 /*
01161  * NSSSymmetricKey_GetToken
01162  *
01163  * There doesn't have to be one.
01164  */
01165 
01166 NSS_EXTERN NSSToken *
01167 NSSSymmetricKey_GetToken
01168 (
01169   NSSSymmetricKey *mk,
01170   PRStatus *statusOpt
01171 );
01172 
01173 /*
01174  * NSSSymmetricKey_GetSlot
01175  *
01176  * There doesn't have to be one.
01177  */
01178 
01179 NSS_EXTERN NSSSlot *
01180 NSSSymmetricKey_GetSlot
01181 (
01182   NSSSymmetricKey *mk,
01183   PRStatus *statusOpt
01184 );
01185 
01186 /*
01187  * NSSSymmetricKey_GetModule
01188  *
01189  * There doesn't have to be one.
01190  */
01191 
01192 NSS_EXTERN NSSModule *
01193 NSSSymmetricKey_GetModule
01194 (
01195   NSSSymmetricKey *mk,
01196   PRStatus *statusOpt
01197 );
01198 
01199 /*
01200  * NSSSymmetricKey_Encrypt
01201  *
01202  */
01203 
01204 NSS_EXTERN NSSItem *
01205 NSSSymmetricKey_Encrypt
01206 (
01207   NSSSymmetricKey *mk,
01208   NSSAlgorithmAndParameters *apOpt,
01209   NSSItem *data,
01210   NSSCallback *uhh,
01211   NSSItem *rvOpt,
01212   NSSArena *arenaOpt
01213 );
01214 
01215 /*
01216  * NSSSymmetricKey_Decrypt
01217  *
01218  */
01219 
01220 NSS_EXTERN NSSItem *
01221 NSSSymmetricKey_Decrypt
01222 (
01223   NSSSymmetricKey *mk,
01224   NSSAlgorithmAndParameters *apOpt,
01225   NSSItem *encryptedData,
01226   NSSCallback *uhh,
01227   NSSItem *rvOpt,
01228   NSSArena *arenaOpt
01229 );
01230 
01231 /*
01232  * NSSSymmetricKey_Sign
01233  *
01234  */
01235 
01236 NSS_EXTERN NSSItem *
01237 NSSSymmetricKey_Sign
01238 (
01239   NSSSymmetricKey *mk,
01240   NSSAlgorithmAndParameters *apOpt,
01241   NSSItem *data,
01242   NSSCallback *uhh,
01243   NSSItem *rvOpt,
01244   NSSArena *arenaOpt
01245 );
01246 
01247 /*
01248  * NSSSymmetricKey_SignRecover
01249  *
01250  */
01251 
01252 NSS_EXTERN NSSItem *
01253 NSSSymmetricKey_SignRecover
01254 (
01255   NSSSymmetricKey *mk,
01256   NSSAlgorithmAndParameters *apOpt,
01257   NSSItem *data,
01258   NSSCallback *uhh,
01259   NSSItem *rvOpt,
01260   NSSArena *arenaOpt
01261 );
01262 
01263 /*
01264  * NSSSymmetricKey_Verify
01265  *
01266  */
01267 
01268 NSS_EXTERN PRStatus
01269 NSSSymmetricKey_Verify
01270 (
01271   NSSSymmetricKey *mk,
01272   NSSAlgorithmAndParameters *apOpt,
01273   NSSItem *data,
01274   NSSItem *signature,
01275   NSSCallback *uhh
01276 );
01277 
01278 /*
01279  * NSSSymmetricKey_VerifyRecover
01280  *
01281  */
01282 
01283 NSS_EXTERN NSSItem *
01284 NSSSymmetricKey_VerifyRecover
01285 (
01286   NSSSymmetricKey *mk,
01287   NSSAlgorithmAndParameters *apOpt,
01288   NSSItem *signature,
01289   NSSCallback *uhh,
01290   NSSItem *rvOpt,
01291   NSSArena *arenaOpt
01292 );
01293 
01294 /*
01295  * NSSSymmetricKey_WrapSymmetricKey
01296  *
01297  */
01298 
01299 NSS_EXTERN NSSItem *
01300 NSSSymmetricKey_WrapSymmetricKey
01301 (
01302   NSSSymmetricKey *wrappingKey,
01303   NSSAlgorithmAndParameters *apOpt,
01304   NSSSymmetricKey *keyToWrap,
01305   NSSCallback *uhh,
01306   NSSItem *rvOpt,
01307   NSSArena *arenaOpt
01308 );
01309 
01310 /*
01311  * NSSSymmetricKey_WrapPrivateKey
01312  *
01313  */
01314 
01315 NSS_EXTERN NSSItem *
01316 NSSSymmetricKey_WrapPrivateKey
01317 (
01318   NSSSymmetricKey *wrappingKey,
01319   NSSAlgorithmAndParameters *apOpt,
01320   NSSPrivateKey *keyToWrap,
01321   NSSCallback *uhh,
01322   NSSItem *rvOpt,
01323   NSSArena *arenaOpt
01324 );
01325 
01326 /*
01327  * NSSSymmetricKey_UnwrapSymmetricKey
01328  *
01329  */
01330 
01331 NSS_EXTERN NSSSymmetricKey *
01332 NSSSymmetricKey_UnwrapSymmetricKey
01333 (
01334   NSSSymmetricKey *wrappingKey,
01335   NSSAlgorithmAndParameters *apOpt,
01336   NSSItem *wrappedKey,
01337   NSSOID *target,
01338   PRUint32 keySizeOpt,
01339   NSSOperations operations,
01340   NSSCallback *uhh
01341 );
01342 
01343 /*
01344  * NSSSymmetricKey_UnwrapPrivateKey
01345  *
01346  */
01347 
01348 NSS_EXTERN NSSPrivateKey *
01349 NSSSymmetricKey_UnwrapPrivateKey
01350 (
01351   NSSSymmetricKey *wrappingKey,
01352   NSSAlgorithmAndParameters *apOpt,
01353   NSSItem *wrappedKey,
01354   NSSUTF8 *labelOpt,
01355   NSSItem *keyIDOpt,
01356   PRBool persistant,
01357   PRBool sensitive,
01358   NSSToken *destinationOpt,
01359   NSSCallback *uhh
01360 );
01361 
01362 /*
01363  * NSSSymmetricKey_DeriveSymmetricKey
01364  *
01365  */
01366 
01367 NSS_EXTERN NSSSymmetricKey *
01368 NSSSymmetricKey_DeriveSymmetricKey
01369 (
01370   NSSSymmetricKey *originalKey,
01371   NSSAlgorithmAndParameters *apOpt,
01372   NSSOID *target,
01373   PRUint32 keySizeOpt,
01374   NSSOperations operations,
01375   NSSCallback *uhh
01376 );
01377 
01378 /*
01379  * NSSSymmetricKey_CreateCryptoContext
01380  *
01381  * Create a crypto context, in this key's trust domain,
01382  * with this as the distinguished symmetric key.
01383  */
01384 
01385 NSS_EXTERN NSSCryptoContext *
01386 NSSSymmetricKey_CreateCryptoContext
01387 (
01388   NSSSymmetricKey *mk,
01389   NSSAlgorithmAndParameters *apOpt,
01390   NSSCallback *uhh
01391 );
01392 
01393 /*
01394  * NSSTrustDomain
01395  *
01396  */
01397 
01398 /*
01399  * NSSTrustDomain_Create
01400  *
01401  * This creates a trust domain, optionally with an initial cryptoki
01402  * module.  If the module name is not null, the module is loaded if
01403  * needed (using the uriOpt argument), and initialized with the
01404  * opaqueOpt argument.  If mumble mumble priority settings, then
01405  * module-specification objects in the module can cause the loading
01406  * and initialization of further modules.
01407  *
01408  * The uriOpt is defined to take a URI.  At present, we only
01409  * support file: URLs pointing to platform-native shared libraries.
01410  * However, by specifying this as a URI, this keeps open the 
01411  * possibility of supporting other, possibly remote, resources.
01412  *
01413  * The "reserved" arguments is held for when we figure out the
01414  * module priority stuff.
01415  */
01416 
01417 NSS_EXTERN NSSTrustDomain *
01418 NSSTrustDomain_Create
01419 (
01420   NSSUTF8 *moduleOpt,
01421   NSSUTF8 *uriOpt,
01422   NSSUTF8 *opaqueOpt,
01423   void *reserved
01424 );
01425 
01426 /*
01427  * NSSTrustDomain_Destroy
01428  *
01429  */
01430 
01431 NSS_EXTERN PRStatus
01432 NSSTrustDomain_Destroy
01433 (
01434   NSSTrustDomain *td
01435 );
01436 
01437 /*
01438  * NSSTrustDomain_SetDefaultCallback
01439  *
01440  */
01441 
01442 NSS_EXTERN PRStatus
01443 NSSTrustDomain_SetDefaultCallback
01444 (
01445   NSSTrustDomain *td,
01446   NSSCallback *newCallback,
01447   NSSCallback **oldCallbackOpt
01448 );
01449 
01450 /*
01451  * NSSTrustDomain_GetDefaultCallback
01452  *
01453  */
01454 
01455 NSS_EXTERN NSSCallback *
01456 NSSTrustDomain_GetDefaultCallback
01457 (
01458   NSSTrustDomain *td,
01459   PRStatus *statusOpt
01460 );
01461 
01462 /*
01463  * Default policies?
01464  * Default usage?
01465  * Default time, for completeness?
01466  */
01467 
01468 /*
01469  * NSSTrustDomain_LoadModule
01470  *
01471  */
01472 
01473 NSS_EXTERN PRStatus
01474 NSSTrustDomain_LoadModule
01475 (
01476   NSSTrustDomain *td,
01477   NSSUTF8 *moduleOpt,
01478   NSSUTF8 *uriOpt,
01479   NSSUTF8 *opaqueOpt,
01480   void *reserved
01481 );
01482 
01483 /*
01484  * NSSTrustDomain_AddModule
01485  * NSSTrustDomain_AddSlot
01486  * NSSTrustDomain_UnloadModule
01487  * Managing modules, slots, tokens; priorities;
01488  * Traversing all of the above
01489  * this needs more work
01490  */
01491 
01492 /*
01493  * NSSTrustDomain_DisableToken
01494  *
01495  */
01496 
01497 NSS_EXTERN PRStatus
01498 NSSTrustDomain_DisableToken
01499 (
01500   NSSTrustDomain *td,
01501   NSSToken *token,
01502   NSSError why
01503 );
01504 
01505 /*
01506  * NSSTrustDomain_EnableToken
01507  *
01508  */
01509 
01510 NSS_EXTERN PRStatus
01511 NSSTrustDomain_EnableToken
01512 (
01513   NSSTrustDomain *td,
01514   NSSToken *token
01515 );
01516 
01517 /*
01518  * NSSTrustDomain_IsTokenEnabled
01519  *
01520  * If disabled, "why" is always on the error stack.
01521  * The optional argument is just for convenience.
01522  */
01523 
01524 NSS_EXTERN PRStatus
01525 NSSTrustDomain_IsTokenEnabled
01526 (
01527   NSSTrustDomain *td,
01528   NSSToken *token,
01529   NSSError *whyOpt
01530 );
01531 
01532 /*
01533  * NSSTrustDomain_FindSlotByName
01534  *
01535  */
01536 
01537 NSS_EXTERN NSSSlot *
01538 NSSTrustDomain_FindSlotByName
01539 (
01540   NSSTrustDomain *td,
01541   NSSUTF8 *slotName
01542 );
01543 
01544 /*
01545  * NSSTrustDomain_FindTokenByName
01546  *
01547  */
01548 
01549 NSS_EXTERN NSSToken *
01550 NSSTrustDomain_FindTokenByName
01551 (
01552   NSSTrustDomain *td,
01553   NSSUTF8 *tokenName
01554 );
01555 
01556 /*
01557  * NSSTrustDomain_FindTokenBySlotName
01558  *
01559  */
01560 
01561 NSS_EXTERN NSSToken *
01562 NSSTrustDomain_FindTokenBySlotName
01563 (
01564   NSSTrustDomain *td,
01565   NSSUTF8 *slotName
01566 );
01567 
01568 /*
01569  * NSSTrustDomain_FindBestTokenForAlgorithm
01570  *
01571  */
01572 
01573 NSS_EXTERN NSSToken *
01574 NSSTrustDomain_FindTokenForAlgorithm
01575 (
01576   NSSTrustDomain *td,
01577   NSSOID *algorithm
01578 );
01579 
01580 /*
01581  * NSSTrustDomain_FindBestTokenForAlgorithms
01582  *
01583  */
01584 
01585 NSS_EXTERN NSSToken *
01586 NSSTrustDomain_FindBestTokenForAlgorithms
01587 (
01588   NSSTrustDomain *td,
01589   NSSOID *algorithms[], /* may be null-terminated */
01590   PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
01591 );
01592 
01593 /*
01594  * NSSTrustDomain_Login
01595  *
01596  */
01597 
01598 NSS_EXTERN PRStatus
01599 NSSTrustDomain_Login
01600 (
01601   NSSTrustDomain *td,
01602   NSSCallback *uhhOpt
01603 );
01604 
01605 /*
01606  * NSSTrustDomain_Logout
01607  *
01608  */
01609 
01610 NSS_EXTERN PRStatus
01611 NSSTrustDomain_Logout
01612 (
01613   NSSTrustDomain *td
01614 );
01615 
01616 /* Importing things */
01617 
01618 /*
01619  * NSSTrustDomain_ImportCertificate
01620  *
01621  * The implementation will pull some data out of the certificate
01622  * (e.g. e-mail address) for use in pkcs#11 object attributes.
01623  */
01624 
01625 NSS_EXTERN NSSCertificate *
01626 NSSTrustDomain_ImportCertificate
01627 (
01628   NSSTrustDomain *td,
01629   NSSCertificate *c
01630 );
01631 
01632 /*
01633  * NSSTrustDomain_ImportPKIXCertificate
01634  *
01635  */
01636 
01637 NSS_EXTERN NSSCertificate *
01638 NSSTrustDomain_ImportPKIXCertificate
01639 (
01640   NSSTrustDomain *td,
01641   /* declared as a struct until these "data types" are defined */
01642   struct NSSPKIXCertificateStr *pc
01643 );
01644 
01645 /*
01646  * NSSTrustDomain_ImportEncodedCertificate
01647  *
01648  * Imports any type of certificate we support.
01649  */
01650 
01651 NSS_EXTERN NSSCertificate *
01652 NSSTrustDomain_ImportEncodedCertificate
01653 (
01654   NSSTrustDomain *td,
01655   NSSBER *ber
01656 );
01657 
01658 /*
01659  * NSSTrustDomain_ImportEncodedCertificateChain
01660  *
01661  * If you just want the leaf, pass in a maximum of one.
01662  */
01663 
01664 NSS_EXTERN NSSCertificate **
01665 NSSTrustDomain_ImportEncodedCertificateChain
01666 (
01667   NSSTrustDomain *td,
01668   NSSBER *ber,
01669   NSSCertificate *rvOpt[],
01670   PRUint32 maximumOpt, /* 0 for no max */
01671   NSSArena *arenaOpt
01672 );
01673 
01674 /*
01675  * NSSTrustDomain_ImportEncodedPrivateKey
01676  *
01677  */
01678 
01679 NSS_EXTERN NSSPrivateKey *
01680 NSSTrustDomain_ImportEncodedPrivateKey
01681 (
01682   NSSTrustDomain *td,
01683   NSSBER *ber,
01684   NSSItem *passwordOpt, /* NULL will cause a callback */
01685   NSSCallback *uhhOpt,
01686   NSSToken *destination
01687 );
01688 
01689 /*
01690  * NSSTrustDomain_ImportEncodedPublicKey
01691  *
01692  */
01693 
01694 NSS_EXTERN NSSPublicKey *
01695 NSSTrustDomain_ImportEncodedPublicKey
01696 (
01697   NSSTrustDomain *td,
01698   NSSBER *ber
01699 );
01700 
01701 /* Other importations: S/MIME capabilities */
01702 
01703 /*
01704  * NSSTrustDomain_FindBestCertificateByNickname
01705  *
01706  */
01707 
01708 NSS_EXTERN NSSCertificate *
01709 NSSTrustDomain_FindBestCertificateByNickname
01710 (
01711   NSSTrustDomain *td,
01712   NSSUTF8 *name,
01713   NSSTime *timeOpt, /* NULL for "now" */
01714   NSSUsage *usage,
01715   NSSPolicies *policiesOpt /* NULL for none */
01716 );
01717 
01718 /*
01719  * NSSTrustDomain_FindCertificatesByNickname
01720  *
01721  */
01722 
01723 NSS_EXTERN NSSCertificate **
01724 NSSTrustDomain_FindCertificatesByNickname
01725 (
01726   NSSTrustDomain *td,
01727   NSSUTF8 *name,
01728   NSSCertificate *rvOpt[],
01729   PRUint32 maximumOpt, /* 0 for no max */
01730   NSSArena *arenaOpt
01731 );
01732 
01733 /*
01734  * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
01735  *
01736  */
01737 
01738 NSS_EXTERN NSSCertificate *
01739 NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
01740 (
01741   NSSTrustDomain *td,
01742   NSSDER *issuer,
01743   NSSDER *serialNumber
01744 );
01745 
01746 /*
01747  * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber
01748  *
01749  * Theoretically, this should never happen.  However, some companies
01750  * we know have issued duplicate certificates with the same issuer
01751  * and serial number.  Do we just ignore them?  I'm thinking yes.
01752  */
01753 
01754 /*
01755  * NSSTrustDomain_FindBestCertificateBySubject
01756  *
01757  * This does not search through alternate names hidden in extensions.
01758  */
01759 
01760 NSS_EXTERN NSSCertificate *
01761 NSSTrustDomain_FindBestCertificateBySubject
01762 (
01763   NSSTrustDomain *td,
01764   NSSDER /*NSSUTF8*/ *subject,
01765   NSSTime *timeOpt,
01766   NSSUsage *usage,
01767   NSSPolicies *policiesOpt
01768 );
01769 
01770 /*
01771  * NSSTrustDomain_FindCertificatesBySubject
01772  *
01773  * This does not search through alternate names hidden in extensions.
01774  */
01775 
01776 NSS_EXTERN NSSCertificate **
01777 NSSTrustDomain_FindCertificatesBySubject
01778 (
01779   NSSTrustDomain *td,
01780   NSSDER /*NSSUTF8*/ *subject,
01781   NSSCertificate *rvOpt[],
01782   PRUint32 maximumOpt, /* 0 for no max */
01783   NSSArena *arenaOpt
01784 );
01785 
01786 /*
01787  * NSSTrustDomain_FindBestCertificateByNameComponents
01788  *
01789  * This call does try several tricks, including a pseudo pkcs#11 
01790  * attribute for the ldap module to try as a query.  Eventually
01791  * this call falls back to a traversal if that's what's required.
01792  * It will search through alternate names hidden in extensions.
01793  */
01794 
01795 NSS_EXTERN NSSCertificate *
01796 NSSTrustDomain_FindBestCertificateByNameComponents
01797 (
01798   NSSTrustDomain *td,
01799   NSSUTF8 *nameComponents,
01800   NSSTime *timeOpt,
01801   NSSUsage *usage,
01802   NSSPolicies *policiesOpt
01803 );
01804 
01805 /*
01806  * NSSTrustDomain_FindCertificatesByNameComponents
01807  *
01808  * This call, too, tries several tricks.  It will stop on the first
01809  * attempt that generates results, so it won't e.g. traverse the
01810  * entire ldap database.
01811  */
01812 
01813 NSS_EXTERN NSSCertificate **
01814 NSSTrustDomain_FindCertificatesByNameComponents
01815 (
01816   NSSTrustDomain *td,
01817   NSSUTF8 *nameComponents,
01818   NSSCertificate *rvOpt[],
01819   PRUint32 maximumOpt, /* 0 for no max */
01820   NSSArena *arenaOpt
01821 );
01822 
01823 /*
01824  * NSSTrustDomain_FindCertificateByEncodedCertificate
01825  *
01826  */
01827 
01828 NSS_EXTERN NSSCertificate *
01829 NSSTrustDomain_FindCertificateByEncodedCertificate
01830 (
01831   NSSTrustDomain *td,
01832   NSSBER *encodedCertificate
01833 );
01834 
01835 /*
01836  * NSSTrustDomain_FindBestCertificateByEmail
01837  *
01838  */
01839 
01840 NSS_EXTERN NSSCertificate *
01841 NSSTrustDomain_FindCertificateByEmail
01842 (
01843   NSSTrustDomain *td,
01844   NSSASCII7 *email,
01845   NSSTime *timeOpt,
01846   NSSUsage *usage,
01847   NSSPolicies *policiesOpt
01848 );
01849 
01850 /*
01851  * NSSTrustDomain_FindCertificatesByEmail
01852  *
01853  */
01854 
01855 NSS_EXTERN NSSCertificate **
01856 NSSTrustDomain_FindCertificatesByEmail
01857 (
01858   NSSTrustDomain *td,
01859   NSSASCII7 *email,
01860   NSSCertificate *rvOpt[],
01861   PRUint32 maximumOpt, /* 0 for no max */
01862   NSSArena *arenaOpt
01863 );
01864 
01865 /*
01866  * NSSTrustDomain_FindCertificateByOCSPHash
01867  *
01868  * There can be only one.
01869  */
01870 
01871 NSS_EXTERN NSSCertificate *
01872 NSSTrustDomain_FindCertificateByOCSPHash
01873 (
01874   NSSTrustDomain *td,
01875   NSSItem *hash
01876 );
01877 
01878 /*
01879  * NSSTrustDomain_TraverseCertificates
01880  *
01881  * This function descends from one in older versions of NSS which
01882  * traverses the certs in the permanent database.  That function
01883  * was used to implement selection routines, but was directly
01884  * available too.  Trust domains are going to contain a lot more
01885  * certs now (e.g., an ldap server), so we'd really like to
01886  * discourage traversal.  Thus for now, this is commented out.
01887  * If it's needed, let's look at the situation more closely to
01888  * find out what the actual requirements are.
01889  */
01890  
01891 /* For now, adding this function.  This may only be for debugging
01892  * purposes.
01893  * Perhaps some equivalent function, on a specified token, will be
01894  * needed in a "friend" header file?
01895  */
01896 NSS_EXTERN PRStatus *
01897 NSSTrustDomain_TraverseCertificates
01898 (
01899   NSSTrustDomain *td,
01900   PRStatus (*callback)(NSSCertificate *c, void *arg),
01901   void *arg
01902 );
01903 
01904 /*
01905  * NSSTrustDomain_FindBestUserCertificate
01906  *
01907  */
01908 
01909 NSS_EXTERN NSSCertificate *
01910 NSSTrustDomain_FindBestUserCertificate
01911 (
01912   NSSTrustDomain *td,
01913   NSSTime *timeOpt,
01914   NSSUsage *usage,
01915   NSSPolicies *policiesOpt
01916 );
01917 
01918 /*
01919  * NSSTrustDomain_FindUserCertificates
01920  *
01921  */
01922 
01923 NSS_EXTERN NSSCertificate **
01924 NSSTrustDomain_FindUserCertificates
01925 (
01926   NSSTrustDomain *td,
01927   NSSTime *timeOpt,
01928   NSSUsage *usageOpt,
01929   NSSPolicies *policiesOpt,
01930   NSSCertificate **rvOpt,
01931   PRUint32 rvLimit, /* zero for no limit */
01932   NSSArena *arenaOpt
01933 );
01934 
01935 /*
01936  * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
01937  *
01938  */
01939 
01940 NSS_EXTERN NSSCertificate *
01941 NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
01942 (
01943   NSSTrustDomain *td,
01944   NSSUTF8 *sslHostOpt,
01945   NSSDER *rootCAsOpt[], /* null pointer for none */
01946   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
01947   NSSAlgorithmAndParameters *apOpt,
01948   NSSPolicies *policiesOpt
01949 );
01950 
01951 /*
01952  * NSSTrustDomain_FindUserCertificatesForSSLClientAuth
01953  *
01954  */
01955 
01956 NSS_EXTERN NSSCertificate **
01957 NSSTrustDomain_FindUserCertificatesForSSLClientAuth
01958 (
01959   NSSTrustDomain *td,
01960   NSSUTF8 *sslHostOpt,
01961   NSSDER *rootCAsOpt[], /* null pointer for none */
01962   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
01963   NSSAlgorithmAndParameters *apOpt,
01964   NSSPolicies *policiesOpt,
01965   NSSCertificate **rvOpt,
01966   PRUint32 rvLimit, /* zero for no limit */
01967   NSSArena *arenaOpt
01968 );
01969 
01970 /*
01971  * NSSTrustDomain_FindBestUserCertificateForEmailSigning
01972  *
01973  */
01974 
01975 NSS_EXTERN NSSCertificate *
01976 NSSTrustDomain_FindBestUserCertificateForEmailSigning
01977 (
01978   NSSTrustDomain *td,
01979   NSSASCII7 *signerOpt,
01980   NSSASCII7 *recipientOpt,
01981   /* anything more here? */
01982   NSSAlgorithmAndParameters *apOpt,
01983   NSSPolicies *policiesOpt
01984 );
01985 
01986 /*
01987  * NSSTrustDomain_FindUserCertificatesForEmailSigning
01988  *
01989  */
01990 
01991 NSS_EXTERN NSSCertificate **
01992 NSSTrustDomain_FindUserCertificatesForEmailSigning
01993 (
01994   NSSTrustDomain *td,
01995   NSSASCII7 *signerOpt,
01996   NSSASCII7 *recipientOpt,
01997   /* anything more here? */
01998   NSSAlgorithmAndParameters *apOpt,
01999   NSSPolicies *policiesOpt,
02000   NSSCertificate **rvOpt,
02001   PRUint32 rvLimit, /* zero for no limit */
02002   NSSArena *arenaOpt
02003 );
02004 
02005 /*
02006  * Here is where we'd add more Find[Best]UserCertificate[s]For<usage>
02007  * routines.
02008  */
02009 
02010 /* Private Keys */
02011 
02012 /*
02013  * NSSTrustDomain_GenerateKeyPair
02014  *
02015  * Creates persistant objects.  If you want session objects, use
02016  * NSSCryptoContext_GenerateKeyPair.  The destination token is where
02017  * the keys are stored.  If that token can do the required math, then
02018  * that's where the keys are generated too.  Otherwise, the keys are
02019  * generated elsewhere and moved to that token.
02020  */
02021 
02022 NSS_EXTERN PRStatus
02023 NSSTrustDomain_GenerateKeyPair
02024 (
02025   NSSTrustDomain *td,
02026   NSSAlgorithmAndParameters *ap,
02027   NSSPrivateKey **pvkOpt,
02028   NSSPublicKey **pbkOpt,
02029   PRBool privateKeyIsSensitive,
02030   NSSToken *destination,
02031   NSSCallback *uhhOpt
02032 );
02033 
02034 /*
02035  * NSSTrustDomain_TraversePrivateKeys
02036  *
02037  * 
02038  * NSS_EXTERN PRStatus *
02039  * NSSTrustDomain_TraversePrivateKeys
02040  * (
02041  *   NSSTrustDomain *td,
02042  *   PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
02043  *   void *arg
02044  * );
02045  */
02046 
02047 /* Symmetric Keys */
02048 
02049 /*
02050  * NSSTrustDomain_GenerateSymmetricKey
02051  *
02052  */
02053 
02054 NSS_EXTERN NSSSymmetricKey *
02055 NSSTrustDomain_GenerateSymmetricKey
02056 (
02057   NSSTrustDomain *td,
02058   NSSAlgorithmAndParameters *ap,
02059   PRUint32 keysize,
02060   NSSToken *destination,
02061   NSSCallback *uhhOpt
02062 );
02063 
02064 /*
02065  * NSSTrustDomain_GenerateSymmetricKeyFromPassword
02066  *
02067  */
02068 
02069 NSS_EXTERN NSSSymmetricKey *
02070 NSSTrustDomain_GenerateSymmetricKeyFromPassword
02071 (
02072   NSSTrustDomain *td,
02073   NSSAlgorithmAndParameters *ap,
02074   NSSUTF8 *passwordOpt, /* if null, prompt */
02075   NSSToken *destinationOpt,
02076   NSSCallback *uhhOpt
02077 );
02078 
02079 /*
02080  * NSSTrustDomain_FindSymmetricKeyByAlgorithm
02081  *
02082  * Is this still needed?
02083  * 
02084  * NSS_EXTERN NSSSymmetricKey *
02085  * NSSTrustDomain_FindSymmetricKeyByAlgorithm
02086  * (
02087  *   NSSTrustDomain *td,
02088  *   NSSOID *algorithm,
02089  *   NSSCallback *uhhOpt
02090  * );
02091  */
02092 
02093 /*
02094  * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
02095  *
02096  */
02097 
02098 NSS_EXTERN NSSSymmetricKey *
02099 NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
02100 (
02101   NSSTrustDomain *td,
02102   NSSOID *algorithm,
02103   NSSItem *keyID,
02104   NSSCallback *uhhOpt
02105 );
02106 
02107 /*
02108  * NSSTrustDomain_TraverseSymmetricKeys
02109  *
02110  * 
02111  * NSS_EXTERN PRStatus *
02112  * NSSTrustDomain_TraverseSymmetricKeys
02113  * (
02114  *   NSSTrustDomain *td,
02115  *   PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
02116  *   void *arg
02117  * );
02118  */
02119 
02120 /*
02121  * NSSTrustDomain_CreateCryptoContext
02122  *
02123  * If a callback object is specified, it becomes the for the crypto
02124  * context; otherwise, this trust domain's default (if any) is
02125  * inherited.
02126  */
02127 
02128 NSS_EXTERN NSSCryptoContext *
02129 NSSTrustDomain_CreateCryptoContext
02130 (
02131   NSSTrustDomain *td,
02132   NSSCallback *uhhOpt
02133 );
02134 
02135 /*
02136  * NSSTrustDomain_CreateCryptoContextForAlgorithm
02137  *
02138  */
02139 
02140 NSS_EXTERN NSSCryptoContext *
02141 NSSTrustDomain_CreateCryptoContextForAlgorithm
02142 (
02143   NSSTrustDomain *td,
02144   NSSOID *algorithm
02145 );
02146 
02147 /*
02148  * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
02149  *
02150  */
02151 
02152 NSS_EXTERN NSSCryptoContext *
02153 NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
02154 (
02155   NSSTrustDomain *td,
02156   NSSAlgorithmAndParameters *ap
02157 );
02158 
02159 /* find/traverse other objects, e.g. s/mime profiles */
02160 
02161 /*
02162  * NSSCryptoContext
02163  *
02164  * A crypto context is sort of a short-term snapshot of a trust domain,
02165  * used for the life of "one crypto operation."  You can also think of
02166  * it as a "temporary database."
02167  * 
02168  * Just about all of the things you can do with a trust domain -- importing
02169  * or creating certs, keys, etc. -- can be done with a crypto context.
02170  * The difference is that the objects will be temporary ("session") objects.
02171  * 
02172  * Also, if the context was created for a key, cert, and/or algorithm; or
02173  * if such objects have been "associated" with the context, then the context
02174  * can do everything the keys can, like crypto operations.
02175  * 
02176  * And finally, because it keeps the state of the crypto operations, it
02177  * can do streaming crypto ops.
02178  */
02179 
02180 /*
02181  * NSSTrustDomain_Destroy
02182  *
02183  */
02184 
02185 NSS_EXTERN PRStatus
02186 NSSCryptoContext_Destroy
02187 (
02188   NSSCryptoContext *cc
02189 );
02190 
02191 /* establishing a default callback */
02192 
02193 /*
02194  * NSSCryptoContext_SetDefaultCallback
02195  *
02196  */
02197 
02198 NSS_EXTERN PRStatus
02199 NSSCryptoContext_SetDefaultCallback
02200 (
02201   NSSCryptoContext *cc,
02202   NSSCallback *newCallback,
02203   NSSCallback **oldCallbackOpt
02204 );
02205 
02206 /*
02207  * NSSCryptoContext_GetDefaultCallback
02208  *
02209  */
02210 
02211 NSS_EXTERN NSSCallback *
02212 NSSCryptoContext_GetDefaultCallback
02213 (
02214   NSSCryptoContext *cc,
02215   PRStatus *statusOpt
02216 );
02217 
02218 /*
02219  * NSSCryptoContext_GetTrustDomain
02220  *
02221  */
02222 
02223 NSS_EXTERN NSSTrustDomain *
02224 NSSCryptoContext_GetTrustDomain
02225 (
02226   NSSCryptoContext *cc
02227 );
02228 
02229 /* AddModule, etc: should we allow "temporary" changes here? */
02230 /* DisableToken, etc: ditto */
02231 /* Ordering of tokens? */
02232 /* Finding slots+token etc. */
02233 /* login+logout */
02234 
02235 /* Importing things */
02236 
02237 /*
02238  * NSSCryptoContext_FindOrImportCertificate
02239  *
02240  * If the certificate store already contains this DER cert, return the 
02241  * address of the matching NSSCertificate that is already in the store,
02242  * and bump its reference count.
02243  *
02244  * If this DER cert is NOT already in the store, then add the new
02245  * NSSCertificate to the store and bump its reference count, 
02246  * then return its address. 
02247  *
02248  * if this DER cert is not in the store and cannot be added to it, 
02249  * return NULL;
02250  *
02251  * Record the associated crypto context in the certificate.
02252  */
02253 
02254 NSS_EXTERN NSSCertificate *
02255 NSSCryptoContext_FindOrImportCertificate (
02256   NSSCryptoContext *cc,
02257   NSSCertificate *c
02258 );
02259 
02260 /*
02261  * NSSCryptoContext_ImportPKIXCertificate
02262  *
02263  */
02264 
02265 NSS_EXTERN NSSCertificate *
02266 NSSCryptoContext_ImportPKIXCertificate
02267 (
02268   NSSCryptoContext *cc,
02269   struct NSSPKIXCertificateStr *pc
02270 );
02271 
02272 /*
02273  * NSSCryptoContext_ImportEncodedCertificate
02274  *
02275  */
02276 
02277 NSS_EXTERN NSSCertificate *
02278 NSSCryptoContext_ImportEncodedCertificate
02279 (
02280   NSSCryptoContext *cc,
02281   NSSBER *ber
02282 );
02283 
02284 /*
02285  * NSSCryptoContext_ImportEncodedPKIXCertificateChain
02286  *
02287  */
02288 
02289 NSS_EXTERN PRStatus
02290 NSSCryptoContext_ImportEncodedPKIXCertificateChain
02291 (
02292   NSSCryptoContext *cc,
02293   NSSBER *ber
02294 );
02295 
02296 /* Other importations: S/MIME capabilities
02297  */
02298 
02299 /*
02300  * NSSCryptoContext_FindBestCertificateByNickname
02301  *
02302  */
02303 
02304 NSS_EXTERN NSSCertificate *
02305 NSSCryptoContext_FindBestCertificateByNickname
02306 (
02307   NSSCryptoContext *cc,
02308   NSSUTF8 *name,
02309   NSSTime *timeOpt, /* NULL for "now" */
02310   NSSUsage *usage,
02311   NSSPolicies *policiesOpt /* NULL for none */
02312 );
02313 
02314 /*
02315  * NSSCryptoContext_FindCertificatesByNickname
02316  *
02317  */
02318 
02319 NSS_EXTERN NSSCertificate **
02320 NSSCryptoContext_FindCertificatesByNickname
02321 (
02322   NSSCryptoContext *cc,
02323   NSSUTF8 *name,
02324   NSSCertificate *rvOpt[],
02325   PRUint32 maximumOpt, /* 0 for no max */
02326   NSSArena *arenaOpt
02327 );
02328 
02329 /*
02330  * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
02331  *
02332  */
02333 
02334 NSS_EXTERN NSSCertificate *
02335 NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
02336 (
02337   NSSCryptoContext *cc,
02338   NSSDER *issuer,
02339   NSSDER *serialNumber
02340 );
02341 
02342 /*
02343  * NSSCryptoContext_FindBestCertificateBySubject
02344  *
02345  * This does not search through alternate names hidden in extensions.
02346  */
02347 
02348 NSS_EXTERN NSSCertificate *
02349 NSSCryptoContext_FindBestCertificateBySubject
02350 (
02351   NSSCryptoContext *cc,
02352   NSSDER /*NSSUTF8*/ *subject,
02353   NSSTime *timeOpt,
02354   NSSUsage *usage,
02355   NSSPolicies *policiesOpt
02356 );
02357 
02358 /*
02359  * NSSCryptoContext_FindCertificatesBySubject
02360  *
02361  * This does not search through alternate names hidden in extensions.
02362  */
02363 
02364 NSS_EXTERN NSSCertificate **
02365 NSSCryptoContext_FindCertificatesBySubject
02366 (
02367   NSSCryptoContext *cc,
02368   NSSDER /*NSSUTF8*/ *subject,
02369   NSSCertificate *rvOpt[],
02370   PRUint32 maximumOpt, /* 0 for no max */
02371   NSSArena *arenaOpt
02372 );
02373 
02374 /*
02375  * NSSCryptoContext_FindBestCertificateByNameComponents
02376  *
02377  * This call does try several tricks, including a pseudo pkcs#11 
02378  * attribute for the ldap module to try as a query.  Eventually
02379  * this call falls back to a traversal if that's what's required.
02380  * It will search through alternate names hidden in extensions.
02381  */
02382 
02383 NSS_EXTERN NSSCertificate *
02384 NSSCryptoContext_FindBestCertificateByNameComponents
02385 (
02386   NSSCryptoContext *cc,
02387   NSSUTF8 *nameComponents,
02388   NSSTime *timeOpt,
02389   NSSUsage *usage,
02390   NSSPolicies *policiesOpt
02391 );
02392 
02393 /*
02394  * NSSCryptoContext_FindCertificatesByNameComponents
02395  *
02396  * This call, too, tries several tricks.  It will stop on the first
02397  * attempt that generates results, so it won't e.g. traverse the
02398  * entire ldap database.
02399  */
02400 
02401 NSS_EXTERN NSSCertificate **
02402 NSSCryptoContext_FindCertificatesByNameComponents
02403 (
02404   NSSCryptoContext *cc,
02405   NSSUTF8 *nameComponents,
02406   NSSCertificate *rvOpt[],
02407   PRUint32 maximumOpt, /* 0 for no max */
02408   NSSArena *arenaOpt
02409 );
02410 
02411 /*
02412  * NSSCryptoContext_FindCertificateByEncodedCertificate
02413  *
02414  */
02415 
02416 NSS_EXTERN NSSCertificate *
02417 NSSCryptoContext_FindCertificateByEncodedCertificate
02418 (
02419   NSSCryptoContext *cc,
02420   NSSBER *encodedCertificate
02421 );
02422 
02423 /*
02424  * NSSCryptoContext_FindBestCertificateByEmail
02425  *
02426  */
02427 
02428 NSS_EXTERN NSSCertificate *
02429 NSSCryptoContext_FindBestCertificateByEmail
02430 (
02431   NSSCryptoContext *cc,
02432   NSSASCII7 *email,
02433   NSSTime *timeOpt,
02434   NSSUsage *usage,
02435   NSSPolicies *policiesOpt
02436 );
02437 
02438 /*
02439  * NSSCryptoContext_FindCertificatesByEmail
02440  *
02441  */
02442 
02443 NSS_EXTERN NSSCertificate **
02444 NSSCryptoContext_FindCertificatesByEmail
02445 (
02446   NSSCryptoContext *cc,
02447   NSSASCII7 *email,
02448   NSSCertificate *rvOpt[],
02449   PRUint32 maximumOpt, /* 0 for no max */
02450   NSSArena *arenaOpt
02451 );
02452 
02453 /*
02454  * NSSCryptoContext_FindCertificateByOCSPHash
02455  *
02456  */
02457 
02458 NSS_EXTERN NSSCertificate *
02459 NSSCryptoContext_FindCertificateByOCSPHash
02460 (
02461   NSSCryptoContext *cc,
02462   NSSItem *hash
02463 );
02464 
02465 /*
02466  * NSSCryptoContext_TraverseCertificates
02467  *
02468  * 
02469  * NSS_EXTERN PRStatus *
02470  * NSSCryptoContext_TraverseCertificates
02471  * (
02472  *   NSSCryptoContext *cc,
02473  *   PRStatus (*callback)(NSSCertificate *c, void *arg),
02474  *   void *arg
02475  * );
02476  */
02477 
02478 /*
02479  * NSSCryptoContext_FindBestUserCertificate
02480  *
02481  */
02482 
02483 NSS_EXTERN NSSCertificate *
02484 NSSCryptoContext_FindBestUserCertificate
02485 (
02486   NSSCryptoContext *cc,
02487   NSSTime *timeOpt,
02488   NSSUsage *usage,
02489   NSSPolicies *policiesOpt
02490 );
02491 
02492 /*
02493  * NSSCryptoContext_FindUserCertificates
02494  *
02495  */
02496 
02497 NSS_EXTERN NSSCertificate **
02498 NSSCryptoContext_FindUserCertificates
02499 (
02500   NSSCryptoContext *cc,
02501   NSSTime *timeOpt,
02502   NSSUsage *usageOpt,
02503   NSSPolicies *policiesOpt,
02504   NSSCertificate **rvOpt,
02505   PRUint32 rvLimit, /* zero for no limit */
02506   NSSArena *arenaOpt
02507 );
02508 
02509 /*
02510  * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
02511  *
02512  */
02513 
02514 NSS_EXTERN NSSCertificate *
02515 NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
02516 (
02517   NSSCryptoContext *cc,
02518   NSSUTF8 *sslHostOpt,
02519   NSSDER *rootCAsOpt[], /* null pointer for none */
02520   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
02521   NSSAlgorithmAndParameters *apOpt,
02522   NSSPolicies *policiesOpt
02523 );
02524 
02525 /*
02526  * NSSCryptoContext_FindUserCertificatesForSSLClientAuth
02527  *
02528  */
02529 
02530 NSS_EXTERN NSSCertificate **
02531 NSSCryptoContext_FindUserCertificatesForSSLClientAuth
02532 (
02533   NSSCryptoContext *cc,
02534   NSSUTF8 *sslHostOpt,
02535   NSSDER *rootCAsOpt[], /* null pointer for none */
02536   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
02537   NSSAlgorithmAndParameters *apOpt,
02538   NSSPolicies *policiesOpt,
02539   NSSCertificate **rvOpt,
02540   PRUint32 rvLimit, /* zero for no limit */
02541   NSSArena *arenaOpt
02542 );
02543 
02544 /*
02545  * NSSCryptoContext_FindBestUserCertificateForEmailSigning
02546  *
02547  */
02548 
02549 NSS_EXTERN NSSCertificate *
02550 NSSCryptoContext_FindBestUserCertificateForEmailSigning
02551 (
02552   NSSCryptoContext *cc,
02553   NSSASCII7 *signerOpt,
02554   NSSASCII7 *recipientOpt,
02555   /* anything more here? */
02556   NSSAlgorithmAndParameters *apOpt,
02557   NSSPolicies *policiesOpt
02558 );
02559 
02560 /*
02561  * NSSCryptoContext_FindUserCertificatesForEmailSigning
02562  *
02563  */
02564 
02565 NSS_EXTERN NSSCertificate *
02566 NSSCryptoContext_FindUserCertificatesForEmailSigning
02567 (
02568   NSSCryptoContext *cc,
02569   NSSASCII7 *signerOpt, /* fgmr or a more general name? */
02570   NSSASCII7 *recipientOpt,
02571   /* anything more here? */
02572   NSSAlgorithmAndParameters *apOpt,
02573   NSSPolicies *policiesOpt,
02574   NSSCertificate **rvOpt,
02575   PRUint32 rvLimit, /* zero for no limit */
02576   NSSArena *arenaOpt
02577 );
02578 
02579 /* Private Keys */
02580 
02581 /*
02582  * NSSCryptoContext_GenerateKeyPair
02583  *
02584  * Creates session objects.  If you want persistant objects, use
02585  * NSSTrustDomain_GenerateKeyPair.  The destination token is where
02586  * the keys are stored.  If that token can do the required math, then
02587  * that's where the keys are generated too.  Otherwise, the keys are
02588  * generated elsewhere and moved to that token.
02589  */
02590 
02591 NSS_EXTERN PRStatus
02592 NSSCryptoContext_GenerateKeyPair
02593 (
02594   NSSCryptoContext *cc,
02595   NSSAlgorithmAndParameters *ap,
02596   NSSPrivateKey **pvkOpt,
02597   NSSPublicKey **pbkOpt,
02598   PRBool privateKeyIsSensitive,
02599   NSSToken *destination,
02600   NSSCallback *uhhOpt
02601 );
02602 
02603 /*
02604  * NSSCryptoContext_TraversePrivateKeys
02605  *
02606  * 
02607  * NSS_EXTERN PRStatus *
02608  * NSSCryptoContext_TraversePrivateKeys
02609  * (
02610  *   NSSCryptoContext *cc,
02611  *   PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
02612  *   void *arg
02613  * );
02614  */
02615 
02616 /* Symmetric Keys */
02617 
02618 /*
02619  * NSSCryptoContext_GenerateSymmetricKey
02620  *
02621  */
02622 
02623 NSS_EXTERN NSSSymmetricKey *
02624 NSSCryptoContext_GenerateSymmetricKey
02625 (
02626   NSSCryptoContext *cc,
02627   NSSAlgorithmAndParameters *ap,
02628   PRUint32 keysize,
02629   NSSToken *destination,
02630   NSSCallback *uhhOpt
02631 );
02632 
02633 /*
02634  * NSSCryptoContext_GenerateSymmetricKeyFromPassword
02635  *
02636  */
02637 
02638 NSS_EXTERN NSSSymmetricKey *
02639 NSSCryptoContext_GenerateSymmetricKeyFromPassword
02640 (
02641   NSSCryptoContext *cc,
02642   NSSAlgorithmAndParameters *ap,
02643   NSSUTF8 *passwordOpt, /* if null, prompt */
02644   NSSToken *destinationOpt,
02645   NSSCallback *uhhOpt
02646 );
02647 
02648 /*
02649  * NSSCryptoContext_FindSymmetricKeyByAlgorithm
02650  *
02651  * 
02652  * NSS_EXTERN NSSSymmetricKey *
02653  * NSSCryptoContext_FindSymmetricKeyByType
02654  * (
02655  *   NSSCryptoContext *cc,
02656  *   NSSOID *type,
02657  *   NSSCallback *uhhOpt
02658  * );
02659  */
02660 
02661 /*
02662  * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
02663  *
02664  */
02665 
02666 NSS_EXTERN NSSSymmetricKey *
02667 NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
02668 (
02669   NSSCryptoContext *cc,
02670   NSSOID *algorithm,
02671   NSSItem *keyID,
02672   NSSCallback *uhhOpt
02673 );
02674 
02675 /*
02676  * NSSCryptoContext_TraverseSymmetricKeys
02677  *
02678  * 
02679  * NSS_EXTERN PRStatus *
02680  * NSSCryptoContext_TraverseSymmetricKeys
02681  * (
02682  *   NSSCryptoContext *cc,
02683  *   PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
02684  *   void *arg
02685  * );
02686  */
02687 
02688 /* Crypto ops on distinguished keys */
02689 
02690 /*
02691  * NSSCryptoContext_Decrypt
02692  *
02693  */
02694 
02695 NSS_EXTERN NSSItem *
02696 NSSCryptoContext_Decrypt
02697 (
02698   NSSCryptoContext *cc,
02699   NSSAlgorithmAndParameters *apOpt,
02700   NSSItem *encryptedData,
02701   NSSCallback *uhhOpt,
02702   NSSItem *rvOpt,
02703   NSSArena *arenaOpt
02704 );
02705 
02706 /*
02707  * NSSCryptoContext_BeginDecrypt
02708  *
02709  */
02710 
02711 NSS_EXTERN PRStatus
02712 NSSCryptoContext_BeginDecrypt
02713 (
02714   NSSCryptoContext *cc,
02715   NSSAlgorithmAndParameters *apOpt,
02716   NSSCallback *uhhOpt
02717 );
02718 
02719 /*
02720  * NSSCryptoContext_ContinueDecrypt
02721  *
02722  */
02723 
02724 /*
02725  * NSSItem semantics:
02726  *
02727  *   If rvOpt is NULL, a new NSSItem and buffer are allocated.
02728  *   If rvOpt is not null, but the buffer pointer is null,
02729  *     then rvOpt is returned but a new buffer is allocated.
02730  *     In this case, if the length value is not zero, then
02731  *     no more than that much space will be allocated.
02732  *   If rvOpt is not null and the buffer pointer is not null,
02733  *     then that buffer is re-used.  No more than the buffer
02734  *     length value will be used; if it's not enough, an
02735  *     error is returned.  If less is used, the number is
02736  *     adjusted downwards.
02737  *
02738  *  Note that although this is short of some ideal "Item"
02739  *  definition, we can usually tell how big these buffers
02740  *  have to be.
02741  *
02742  *  Feedback is requested; and earlier is better than later.
02743  */
02744 
02745 NSS_EXTERN NSSItem *
02746 NSSCryptoContext_ContinueDecrypt
02747 (
02748   NSSCryptoContext *cc,
02749   NSSItem *data,
02750   NSSItem *rvOpt,
02751   NSSArena *arenaOpt
02752 );
02753 
02754 /*
02755  * NSSCryptoContext_FinishDecrypt
02756  *
02757  */
02758 
02759 NSS_EXTERN NSSItem *
02760 NSSCryptoContext_FinishDecrypt
02761 (
02762   NSSCryptoContext *cc,
02763   NSSItem *rvOpt,
02764   NSSArena *arenaOpt
02765 );
02766 
02767 /*
02768  * NSSCryptoContext_Sign
02769  *
02770  */
02771 
02772 NSS_EXTERN NSSItem *
02773 NSSCryptoContext_Sign
02774 (
02775   NSSCryptoContext *cc,
02776   NSSAlgorithmAndParameters *apOpt,
02777   NSSItem *data,
02778   NSSCallback *uhhOpt,
02779   NSSItem *rvOpt,
02780   NSSArena *arenaOpt
02781 );
02782 
02783 /*
02784  * NSSCryptoContext_BeginSign
02785  *
02786  */
02787 
02788 NSS_EXTERN PRStatus
02789 NSSCryptoContext_BeginSign
02790 (
02791   NSSCryptoContext *cc,
02792   NSSAlgorithmAndParameters *apOpt,
02793   NSSCallback *uhhOpt
02794 );
02795 
02796 /*
02797  * NSSCryptoContext_ContinueSign
02798  *
02799  */
02800 
02801 NSS_EXTERN PRStatus
02802 NSSCryptoContext_ContinueSign
02803 (
02804   NSSCryptoContext *cc,
02805   NSSItem *data
02806 );
02807 
02808 /*
02809  * NSSCryptoContext_FinishSign
02810  *
02811  */
02812 
02813 NSS_EXTERN NSSItem *
02814 NSSCryptoContext_FinishSign
02815 (
02816   NSSCryptoContext *cc,
02817   NSSItem *rvOpt,
02818   NSSArena *arenaOpt
02819 );
02820 
02821 /*
02822  * NSSCryptoContext_SignRecover
02823  *
02824  */
02825 
02826 NSS_EXTERN NSSItem *
02827 NSSCryptoContext_SignRecover
02828 (
02829   NSSCryptoContext *cc,
02830   NSSAlgorithmAndParameters *apOpt,
02831   NSSItem *data,
02832   NSSCallback *uhhOpt,
02833   NSSItem *rvOpt,
02834   NSSArena *arenaOpt
02835 );
02836 
02837 /*
02838  * NSSCryptoContext_BeginSignRecover
02839  *
02840  */
02841 
02842 NSS_EXTERN PRStatus
02843 NSSCryptoContext_BeginSignRecover
02844 (
02845   NSSCryptoContext *cc,
02846   NSSAlgorithmAndParameters *apOpt,
02847   NSSCallback *uhhOpt
02848 );
02849 
02850 /*
02851  * NSSCryptoContext_ContinueSignRecover
02852  *
02853  */
02854 
02855 NSS_EXTERN NSSItem *
02856 NSSCryptoContext_ContinueSignRecover
02857 (
02858   NSSCryptoContext *cc,
02859   NSSItem *data,
02860   NSSItem *rvOpt,
02861   NSSArena *arenaOpt
02862 );
02863 
02864 /*
02865  * NSSCryptoContext_FinishSignRecover
02866  *
02867  */
02868 
02869 NSS_EXTERN NSSItem *
02870 NSSCryptoContext_FinishSignRecover
02871 (
02872   NSSCryptoContext *cc,
02873   NSSItem *rvOpt,
02874   NSSArena *arenaOpt
02875 );
02876 
02877 /*
02878  * NSSCryptoContext_UnwrapSymmetricKey
02879  *
02880  */
02881 
02882 NSS_EXTERN NSSSymmetricKey *
02883 NSSCryptoContext_UnwrapSymmetricKey
02884 (
02885   NSSCryptoContext *cc,
02886   NSSAlgorithmAndParameters *apOpt,
02887   NSSItem *wrappedKey,
02888   NSSCallback *uhhOpt
02889 );
02890 
02891 /*
02892  * NSSCryptoContext_DeriveSymmetricKey
02893  *
02894  */
02895 
02896 NSS_EXTERN NSSSymmetricKey *
02897 NSSCryptoContext_DeriveSymmetricKey
02898 (
02899   NSSCryptoContext *cc,
02900   NSSPublicKey *bk,
02901   NSSAlgorithmAndParameters *apOpt,
02902   NSSOID *target,
02903   PRUint32 keySizeOpt, /* zero for best allowed */
02904   NSSOperations operations,
02905   NSSCallback *uhhOpt
02906 );
02907 
02908 /*
02909  * NSSCryptoContext_Encrypt
02910  *
02911  * Encrypt a single chunk of data with the distinguished public key
02912  * of this crypto context.
02913  */
02914 
02915 NSS_EXTERN NSSItem *
02916 NSSCryptoContext_Encrypt
02917 (
02918   NSSCryptoContext *cc,
02919   NSSAlgorithmAndParameters *apOpt,
02920   NSSItem *data,
02921   NSSCallback *uhhOpt,
02922   NSSItem *rvOpt,
02923   NSSArena *arenaOpt
02924 );
02925 
02926 /*
02927  * NSSCryptoContext_BeginEncrypt
02928  *
02929  */
02930 
02931 NSS_EXTERN PRStatus
02932 NSSCryptoContext_BeginEncrypt
02933 (
02934   NSSCryptoContext *cc,
02935   NSSAlgorithmAndParameters *apOpt,
02936   NSSCallback *uhhOpt
02937 );
02938 
02939 /*
02940  * NSSCryptoContext_ContinueEncrypt
02941  *
02942  */
02943 
02944 NSS_EXTERN NSSItem *
02945 NSSCryptoContext_ContinueEncrypt
02946 (
02947   NSSCryptoContext *cc,
02948   NSSItem *data,
02949   NSSItem *rvOpt,
02950   NSSArena *arenaOpt
02951 );
02952 
02953 /*
02954  * NSSCryptoContext_FinishEncrypt
02955  *
02956  */
02957 
02958 NSS_EXTERN NSSItem *
02959 NSSCryptoContext_FinishEncrypt
02960 (
02961   NSSCryptoContext *cc,
02962   NSSItem *rvOpt,
02963   NSSArena *arenaOpt
02964 );
02965 
02966 /*
02967  * NSSCryptoContext_Verify
02968  *
02969  */
02970 
02971 NSS_EXTERN PRStatus
02972 NSSCryptoContext_Verify
02973 (
02974   NSSCryptoContext *cc,
02975   NSSAlgorithmAndParameters *apOpt,
02976   NSSItem *data,
02977   NSSItem *signature,
02978   NSSCallback *uhhOpt
02979 );
02980 
02981 /*
02982  * NSSCryptoContext_BeginVerify
02983  *
02984  */
02985 
02986 NSS_EXTERN PRStatus
02987 NSSCryptoContext_BeginVerify
02988 (
02989   NSSCryptoContext *cc,
02990   NSSAlgorithmAndParameters *apOpt,
02991   NSSItem *signature,
02992   NSSCallback *uhhOpt
02993 );
02994 
02995 /*
02996  * NSSCryptoContext_ContinueVerify
02997  *
02998  */
02999 
03000 NSS_EXTERN PRStatus
03001 NSSCryptoContext_ContinueVerify
03002 (
03003   NSSCryptoContext *cc,
03004   NSSItem *data
03005 );
03006 
03007 /*
03008  * NSSCryptoContext_FinishVerify
03009  *
03010  */
03011 
03012 NSS_EXTERN PRStatus
03013 NSSCryptoContext_FinishVerify
03014 (
03015   NSSCryptoContext *cc
03016 );
03017 
03018 /*
03019  * NSSCryptoContext_VerifyRecover
03020  *
03021  */
03022 
03023 NSS_EXTERN NSSItem *
03024 NSSCryptoContext_VerifyRecover
03025 (
03026   NSSCryptoContext *cc,
03027   NSSAlgorithmAndParameters *apOpt,
03028   NSSItem *signature,
03029   NSSCallback *uhhOpt,
03030   NSSItem *rvOpt,
03031   NSSArena *arenaOpt
03032 );
03033 
03034 /*
03035  * NSSCryptoContext_BeginVerifyRecover
03036  *
03037  */
03038 
03039 NSS_EXTERN PRStatus
03040 NSSCryptoContext_BeginVerifyRecover
03041 (
03042   NSSCryptoContext *cc,
03043   NSSAlgorithmAndParameters *apOpt,
03044   NSSCallback *uhhOpt
03045 );
03046 
03047 /*
03048  * NSSCryptoContext_ContinueVerifyRecover
03049  *
03050  */
03051 
03052 NSS_EXTERN NSSItem *
03053 NSSCryptoContext_ContinueVerifyRecover
03054 (
03055   NSSCryptoContext *cc,
03056   NSSItem *data,
03057   NSSItem *rvOpt,
03058   NSSArena *arenaOpt
03059 );
03060 
03061 /*
03062  * NSSCryptoContext_FinishVerifyRecover
03063  *
03064  */
03065 
03066 NSS_EXTERN NSSItem *
03067 NSSCryptoContext_FinishVerifyRecover
03068 (
03069   NSSCryptoContext *cc,
03070   NSSItem *rvOpt,
03071   NSSArena *arenaOpt
03072 );
03073 
03074 /*
03075  * NSSCryptoContext_WrapSymmetricKey
03076  *
03077  */
03078 
03079 NSS_EXTERN NSSItem *
03080 NSSCryptoContext_WrapSymmetricKey
03081 (
03082   NSSCryptoContext *cc,
03083   NSSAlgorithmAndParameters *apOpt,
03084   NSSSymmetricKey *keyToWrap,
03085   NSSCallback *uhhOpt,
03086   NSSItem *rvOpt,
03087   NSSArena *arenaOpt
03088 );
03089 
03090 /*
03091  * NSSCryptoContext_Digest
03092  *
03093  * Digest a single chunk of data with the distinguished digest key
03094  * of this crypto context.
03095  */
03096 
03097 NSS_EXTERN NSSItem *
03098 NSSCryptoContext_Digest
03099 (
03100   NSSCryptoContext *cc,
03101   NSSAlgorithmAndParameters *apOpt,
03102   NSSItem *data,
03103   NSSCallback *uhhOpt,
03104   NSSItem *rvOpt,
03105   NSSArena *arenaOpt
03106 );
03107 
03108 /*
03109  * NSSCryptoContext_BeginDigest
03110  *
03111  */
03112 
03113 NSS_EXTERN PRStatus
03114 NSSCryptoContext_BeginDigest
03115 (
03116   NSSCryptoContext *cc,
03117   NSSAlgorithmAndParameters *apOpt,
03118   NSSCallback *uhhOpt
03119 );
03120 
03121 /*
03122  * NSSCryptoContext_ContinueDigest
03123  *
03124  */
03125 
03126 NSS_EXTERN PRStatus
03127 NSSCryptoContext_ContinueDigest
03128 (
03129   NSSCryptoContext *cc,
03130   NSSAlgorithmAndParameters *apOpt,
03131   NSSItem *item
03132 );
03133 
03134 /*
03135  * NSSCryptoContext_FinishDigest
03136  *
03137  */
03138 
03139 NSS_EXTERN NSSItem *
03140 NSSCryptoContext_FinishDigest
03141 (
03142   NSSCryptoContext *cc,
03143   NSSItem *rvOpt,
03144   NSSArena *arenaOpt
03145 );
03146 
03147 /*
03148  * tbd: Combination ops
03149  */
03150 
03151 /*
03152  * NSSCryptoContext_Clone
03153  *
03154  */
03155 
03156 NSS_EXTERN NSSCryptoContext *
03157 NSSCryptoContext_Clone
03158 (
03159   NSSCryptoContext *cc
03160 );
03161 
03162 /*
03163  * NSSCryptoContext_Save
03164  * NSSCryptoContext_Restore
03165  *
03166  * We need to be able to save and restore the state of contexts.
03167  * Perhaps a mark-and-release mechanism would be better?
03168  */
03169 
03170 /*
03171  * ..._SignTBSCertificate
03172  *
03173  * This requires feedback from the cert server team.
03174  */
03175 
03176 /*
03177  * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c);
03178  * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool trusted);
03179  *
03180  * These will be helper functions which get the trust object for a cert,
03181  * and then call the corresponding function(s) on it.
03182  *
03183  * PKIX trust objects will have methods to manipulate the low-level trust
03184  * bits (which are based on key usage and extended key usage), and also the
03185  * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.)
03186  *
03187  * Other types of trust objects (if any) might have different low-level
03188  * representations, but hopefully high-level concepts would map.
03189  *
03190  * Only these high-level general routines would be promoted to the
03191  * general certificate level here.  Hence the {xxx} above would be things
03192  * like "EmailSigning."
03193  *
03194  *
03195  * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c);
03196  * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t);
03197  *
03198  * I want to hold off on any general trust object until we've investigated
03199  * other models more thoroughly.
03200  */
03201 
03202 PR_END_EXTERN_C
03203 
03204 #endif /* NSSPKI_H */