summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pki/pkit.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/pki/pkit.h')
-rw-r--r--security/nss/lib/pki/pkit.h183
1 files changed, 183 insertions, 0 deletions
diff --git a/security/nss/lib/pki/pkit.h b/security/nss/lib/pki/pkit.h
new file mode 100644
index 0000000000..5d17a45312
--- /dev/null
+++ b/security/nss/lib/pki/pkit.h
@@ -0,0 +1,183 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIT_H
+#define PKIT_H
+
+/*
+ * pkit.h
+ *
+ * This file contains definitions for the types of the top-level PKI objects.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef BASET_H
+#include "baset.h"
+#endif /* BASET_H */
+
+#include "certt.h"
+#include "pkcs11t.h"
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
+#ifndef nssrwlkt_h__
+#include "nssrwlkt.h"
+#endif /* nssrwlkt_h__ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * A note on ephemeral certs
+ *
+ * The key objects defined here can only be created on tokens, and can only
+ * exist on tokens. Therefore, any instance of a key object must have
+ * a corresponding cryptoki instance. OTOH, certificates created in
+ * crypto contexts need not be stored as session objects on the token.
+ * There are good performance reasons for not doing so. The certificate
+ * and trust objects have been defined with a cryptoContext field to
+ * allow for ephemeral certs, which may have a single instance in a crypto
+ * context along with any number (including zero) of cryptoki instances.
+ * Since contexts may not share objects, there can be only one context
+ * for each object.
+ */
+
+typedef enum {
+ nssPKILock = 1,
+ nssPKIMonitor = 2
+} nssPKILockType;
+
+/* nssPKIObject
+ *
+ * This is the base object class, common to all PKI objects defined in
+ * nsspkit.h
+ */
+struct nssPKIObjectStr {
+ /* The arena for all object memory */
+ NSSArena *arena;
+ /* Atomically incremented/decremented reference counting */
+ PRInt32 refCount;
+ /* lock protects the array of nssCryptokiInstance's of the object */
+ union {
+ PZLock *lock;
+ PZMonitor *mlock;
+ } sync;
+ nssPKILockType lockType;
+ /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot
+ * be compared against the update level of the trust domain, since it is
+ * also affected by import/export. Where is this array needed?
+ */
+ nssCryptokiObject **instances;
+ PRUint32 numInstances;
+ /* The object must live in a trust domain */
+ NSSTrustDomain *trustDomain;
+ /* The object may live in a crypto context */
+ NSSCryptoContext *cryptoContext;
+ /* XXX added so temp certs can have nickname, think more ... */
+ NSSUTF8 *tempName;
+};
+
+typedef struct nssDecodedCertStr nssDecodedCert;
+
+typedef struct nssCertificateStoreStr nssCertificateStore;
+
+/* How wide is the scope of this? */
+typedef struct nssSMIMEProfileStr nssSMIMEProfile;
+
+typedef struct nssPKIObjectStr nssPKIObject;
+
+struct NSSTrustStr {
+ nssPKIObject object;
+ NSSCertificate *certificate;
+ nssTrustLevel serverAuth;
+ nssTrustLevel clientAuth;
+ nssTrustLevel emailProtection;
+ nssTrustLevel codeSigning;
+ PRBool stepUpApproved;
+};
+
+struct nssSMIMEProfileStr {
+ nssPKIObject object;
+ NSSCertificate *certificate;
+ NSSASCII7 *email;
+ NSSDER *subject;
+ NSSItem *profileTime;
+ NSSItem *profileData;
+};
+
+struct NSSCertificateStr {
+ nssPKIObject object;
+ NSSCertificateType type;
+ NSSItem id;
+ NSSBER encoding;
+ NSSDER issuer;
+ NSSDER subject;
+ NSSDER serial;
+ NSSASCII7 *email;
+ nssDecodedCert *decoding;
+};
+
+struct NSSPrivateKeyStr;
+
+struct NSSPublicKeyStr;
+
+struct NSSSymmetricKeyStr;
+
+typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
+
+struct NSSTrustDomainStr {
+ PRInt32 refCount;
+ NSSArena *arena;
+ NSSCallback *defaultCallback;
+ nssList *tokenList;
+ nssListIterator *tokens;
+ nssTDCertificateCache *cache;
+ NSSRWLock *tokensLock;
+ void *spkDigestInfo;
+ CERTStatusConfig *statusConfig;
+};
+
+struct NSSCryptoContextStr {
+ PRInt32 refCount;
+ NSSArena *arena;
+ NSSTrustDomain *td;
+ NSSToken *token;
+ nssSession *session;
+ nssCertificateStore *certStore;
+};
+
+struct NSSTimeStr {
+ PRTime prTime;
+};
+
+struct NSSCRLStr {
+ nssPKIObject object;
+ NSSDER encoding;
+ NSSUTF8 *url;
+ PRBool isKRL;
+};
+
+typedef struct NSSCRLStr NSSCRL;
+
+struct NSSPoliciesStr;
+
+struct NSSAlgorithmAndParametersStr;
+
+struct NSSPKIXCertificateStr;
+
+PR_END_EXTERN_C
+
+#endif /* PKIT_H */