summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsNSSCertificateDB.h
blob: 125bb32acd4531b82e2bbe8ad909d5fc0540efd4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsNSSCertificateDB_h
#define nsNSSCertificateDB_h

#include "ScopedNSSTypes.h"
#include "certt.h"
#include "mozilla/Mutex.h"
#include "mozilla/NotNull.h"
#include "mozilla/RefPtr.h"
#include "mozilla/UniquePtr.h"
#include "nsIX509CertDB.h"
#include "nsString.h"

class nsIArray;

class nsNSSCertificateDB final : public nsIX509CertDB

{
 public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIX509CERTDB

  // This is a separate static method so nsNSSComponent can use it during NSS
  // initialization. Other code should probably not use it.
  static nsresult FindCertByDBKey(const nsACString& aDBKey,
                                  mozilla::UniqueCERTCertificate& cert);

  static nsresult ConstructCertArrayFromUniqueCertList(
      const mozilla::UniqueCERTCertList& aCertListIn,
      nsTArray<RefPtr<nsIX509Cert>>& aCertListOut);

 protected:
  virtual ~nsNSSCertificateDB() = default;

 private:
  // Use this function to generate a default nickname for a user
  // certificate that is to be imported onto a token.
  static void get_default_nickname(CERTCertificate* cert,
                                   nsIInterfaceRequestor* ctx,
                                   nsCString& nickname);

  static nsresult ImportCACerts(nsTArray<nsTArray<uint8_t>>& CACerts,
                                nsIInterfaceRequestor* ctx);

  static void DisplayCertificateAlert(nsIInterfaceRequestor* ctx,
                                      const char* stringID,
                                      nsIX509Cert* certToShow);

  nsresult getCertsFromPackage(nsTArray<nsTArray<uint8_t>>& collectArgs,
                               uint8_t* data, uint32_t length);
  nsresult handleCACertDownload(mozilla::NotNull<nsIArray*> x509Certs,
                                nsIInterfaceRequestor* ctx);
  nsresult ConstructX509FromSpan(const mozilla::Span<const uint8_t> aInputSpan,
                                 nsIX509Cert** _retval);
};

#define NS_X509CERTDB_CID                            \
  { /* fb0bbc5c-452e-4783-b32c-80124693d871 */       \
    0xfb0bbc5c, 0x452e, 0x4783, {                    \
      0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71 \
    }                                                \
  }

SECStatus ChangeCertTrustWithPossibleAuthentication(
    const mozilla::UniqueCERTCertificate& cert, CERTCertTrust& trust,
    void* ctx);

#endif  // nsNSSCertificateDB_h