/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef PKIT_H #define PKIT_H /* * pkit.h * * This file contains definitions for the types of the top-level PKI objects. */ #ifndef NSSBASET_H #include "nssbaset.h" #endif /* NSSBASET_H */ #ifndef BASET_H #include "baset.h" #endif /* BASET_H */ #include "certt.h" #include "pkcs11t.h" #ifndef NSSPKIT_H #include "nsspkit.h" #endif /* NSSPKIT_H */ #ifndef NSSDEVT_H #include "nssdevt.h" #endif /* NSSDEVT_H */ #ifndef DEVT_H #include "devt.h" #endif /* DEVT_H */ #ifndef nssrwlkt_h__ #include "nssrwlkt.h" #endif /* nssrwlkt_h__ */ PR_BEGIN_EXTERN_C /* * A note on ephemeral certs * * The key objects defined here can only be created on tokens, and can only * exist on tokens. Therefore, any instance of a key object must have * a corresponding cryptoki instance. OTOH, certificates created in * crypto contexts need not be stored as session objects on the token. * There are good performance reasons for not doing so. The certificate * and trust objects have been defined with a cryptoContext field to * allow for ephemeral certs, which may have a single instance in a crypto * context along with any number (including zero) of cryptoki instances. * Since contexts may not share objects, there can be only one context * for each object. */ typedef enum { nssPKILock = 1, nssPKIMonitor = 2 } nssPKILockType; /* nssPKIObject * * This is the base object class, common to all PKI objects defined in * nsspkit.h */ struct nssPKIObjectStr { /* The arena for all object memory */ NSSArena *arena; /* Atomically incremented/decremented reference counting */ PRInt32 refCount; /* lock protects the array of nssCryptokiInstance's of the object */ union { PZLock *lock; PZMonitor *mlock; } sync; nssPKILockType lockType; /* XXX with LRU cache, this cannot be guaranteed up-to-date. It cannot * be compared against the update level of the trust domain, since it is * also affected by import/export. Where is this array needed? */ nssCryptokiObject **instances; PRUint32 numInstances; /* The object must live in a trust domain */ NSSTrustDomain *trustDomain; /* The object may live in a crypto context */ NSSCryptoContext *cryptoContext; /* XXX added so temp certs can have nickname, think more ... */ NSSUTF8 *tempName; }; typedef struct nssDecodedCertStr nssDecodedCert; typedef struct nssCertificateStoreStr nssCertificateStore; /* How wide is the scope of this? */ typedef struct nssSMIMEProfileStr nssSMIMEProfile; typedef struct nssPKIObjectStr nssPKIObject; struct NSSTrustStr { nssPKIObject object; NSSCertificate *certificate; nssTrustLevel serverAuth; nssTrustLevel clientAuth; nssTrustLevel emailProtection; nssTrustLevel codeSigning; PRBool stepUpApproved; }; struct nssSMIMEProfileStr { nssPKIObject object; NSSCertificate *certificate; NSSASCII7 *email; NSSDER *subject; NSSItem *profileTime; NSSItem *profileData; }; struct NSSCertificateStr { nssPKIObject object; NSSCertificateType type; NSSItem id; NSSBER encoding; NSSDER issuer; NSSDER subject; NSSDER serial; NSSASCII7 *email; nssDecodedCert *decoding; }; struct NSSPrivateKeyStr; struct NSSPublicKeyStr; struct NSSSymmetricKeyStr; typedef struct nssTDCertificateCacheStr nssTDCertificateCache; struct NSSTrustDomainStr { PRInt32 refCount; NSSArena *arena; NSSCallback *defaultCallback; nssList *tokenList; nssListIterator *tokens; nssTDCertificateCache *cache; NSSRWLock *tokensLock; void *spkDigestInfo; CERTStatusConfig *statusConfig; }; struct NSSCryptoContextStr { PRInt32 refCount; NSSArena *arena; NSSTrustDomain *td; NSSToken *token; nssSession *session; nssCertificateStore *certStore; }; struct NSSTimeStr { PRTime prTime; }; struct NSSCRLStr { nssPKIObject object; NSSDER encoding; NSSUTF8 *url; PRBool isKRL; }; typedef struct NSSCRLStr NSSCRL; struct NSSPoliciesStr; struct NSSAlgorithmAndParametersStr; struct NSSPKIXCertificateStr; PR_END_EXTERN_C #endif /* PKIT_H */