Back to index

lightning-sunbird  0.9+nobinonly
pkit.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef PKIT_H
00038 #define PKIT_H
00039 
00040 #ifdef DEBUG
00041 static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.17.28.2 $ $Date: 2007/11/16 05:25:08 $";
00042 #endif /* DEBUG */
00043 
00044 /*
00045  * pkit.h
00046  *
00047  * This file contains definitions for the types of the top-level PKI objects.
00048  */
00049 
00050 #ifndef NSSBASET_H
00051 #include "nssbaset.h"
00052 #endif /* NSSBASET_H */
00053 
00054 #ifndef BASET_H
00055 #include "baset.h"
00056 #endif /* BASET_H */
00057 
00058 #include "certt.h"
00059 #include "pkcs11t.h"
00060 
00061 #ifndef NSSPKIT_H
00062 #include "nsspkit.h"
00063 #endif /* NSSPKIT_H */
00064 
00065 #ifndef NSSDEVT_H
00066 #include "nssdevt.h"
00067 #endif /* NSSDEVT_H */
00068 
00069 #ifndef DEVT_H
00070 #include "devt.h"
00071 #endif /* DEVT_H */
00072 
00073 #ifndef nssrwlkt_h__
00074 #include "nssrwlkt.h"
00075 #endif /* nssrwlkt_h__ */
00076 
00077 PR_BEGIN_EXTERN_C
00078 
00079 /*
00080  * A note on ephemeral certs
00081  *
00082  * The key objects defined here can only be created on tokens, and can only
00083  * exist on tokens.  Therefore, any instance of a key object must have
00084  * a corresponding cryptoki instance.  OTOH, certificates created in 
00085  * crypto contexts need not be stored as session objects on the token.
00086  * There are good performance reasons for not doing so.  The certificate
00087  * and trust objects have been defined with a cryptoContext field to
00088  * allow for ephemeral certs, which may have a single instance in a crypto
00089  * context along with any number (including zero) of cryptoki instances.
00090  * Since contexts may not share objects, there can be only one context
00091  * for each object.
00092  */
00093 
00094 typedef enum {
00095     nssPKILock = 1,
00096     nssPKIMonitor = 2
00097 } nssPKILockType;
00098 
00099 /* nssPKIObject
00100  *
00101  * This is the base object class, common to all PKI objects defined in
00102  * nsspkit.h
00103  */
00104 struct nssPKIObjectStr 
00105 {
00106     /* The arena for all object memory */
00107     NSSArena *arena;
00108     /* Atomically incremented/decremented reference counting */
00109     PRInt32 refCount;
00110     /* lock protects the array of nssCryptokiInstance's of the object */
00111     union {
00112         PZLock* lock;
00113         PZMonitor *mlock;
00114     } sync;
00115     nssPKILockType lockType;
00116     /* XXX with LRU cache, this cannot be guaranteed up-to-date.  It cannot
00117      * be compared against the update level of the trust domain, since it is
00118      * also affected by import/export.  Where is this array needed?
00119      */
00120     nssCryptokiObject **instances;
00121     PRUint32 numInstances;
00122     /* The object must live in a trust domain */
00123     NSSTrustDomain *trustDomain;
00124     /* The object may live in a crypto context */
00125     NSSCryptoContext *cryptoContext;
00126     /* XXX added so temp certs can have nickname, think more ... */
00127     NSSUTF8 *tempName;
00128 };
00129 
00130 typedef struct nssDecodedCertStr nssDecodedCert;
00131 
00132 typedef struct nssCertificateStoreStr nssCertificateStore;
00133 
00134 /* How wide is the scope of this? */
00135 typedef struct nssSMIMEProfileStr nssSMIMEProfile;
00136 
00137 typedef struct nssPKIObjectStr nssPKIObject;
00138 
00139 struct NSSTrustStr 
00140 {
00141     nssPKIObject object;
00142     NSSCertificate *certificate;
00143     nssTrustLevel serverAuth;
00144     nssTrustLevel clientAuth;
00145     nssTrustLevel emailProtection;
00146     nssTrustLevel codeSigning;
00147     PRBool stepUpApproved;
00148 };
00149 
00150 struct nssSMIMEProfileStr
00151 {
00152     nssPKIObject object;
00153     NSSCertificate *certificate;
00154     NSSASCII7 *email;
00155     NSSDER *subject;
00156     NSSItem *profileTime;
00157     NSSItem *profileData;
00158 };
00159 
00160 struct NSSCertificateStr
00161 {
00162     nssPKIObject object;
00163     NSSCertificateType type;
00164     NSSItem id;
00165     NSSBER encoding;
00166     NSSDER issuer;
00167     NSSDER subject;
00168     NSSDER serial;
00169     NSSASCII7 *email;
00170     nssDecodedCert *decoding;
00171 };
00172 
00173 struct NSSPrivateKeyStr;
00174 
00175 struct NSSPublicKeyStr;
00176 
00177 struct NSSSymmetricKeyStr;
00178 
00179 typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
00180 
00181 struct NSSTrustDomainStr {
00182     PRInt32 refCount;
00183     NSSArena *arena;
00184     NSSCallback *defaultCallback;
00185     nssList *tokenList;
00186     nssListIterator *tokens;
00187     nssTDCertificateCache *cache;
00188     NSSRWLock *tokensLock;
00189     void *spkDigestInfo;
00190     CERTStatusConfig *statusConfig;
00191 };
00192 
00193 struct NSSCryptoContextStr
00194 {
00195     PRInt32 refCount;
00196     NSSArena *arena;
00197     NSSTrustDomain *td;
00198     NSSToken *token;
00199     nssSession *session;
00200     nssCertificateStore *certStore;
00201 };
00202 
00203 struct NSSTimeStr {
00204     PRTime prTime;
00205 };
00206 
00207 struct NSSCRLStr {
00208   nssPKIObject object;
00209   NSSDER encoding;
00210   NSSUTF8 *url;
00211   PRBool isKRL;
00212 };
00213 
00214 typedef struct NSSCRLStr NSSCRL;
00215 
00216 struct NSSPoliciesStr;
00217 
00218 struct NSSAlgorithmAndParametersStr;
00219 
00220 struct NSSPKIXCertificateStr;
00221 
00222 PR_END_EXTERN_C
00223 
00224 #endif /* PKIT_H */