1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
37
* certt.h - public data structures for the certificate library
39
* $Id: certt.h,v 1.33.2.1 2006/02/16 00:14:18 julien.pierre.bugs%sun.com Exp $
56
struct NSSCertificateStr;
57
struct NSSTrustDomainStr;
59
/* Non-opaque objects */
60
typedef struct CERTAVAStr CERTAVA;
61
typedef struct CERTAttributeStr CERTAttribute;
62
typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess;
63
typedef struct CERTAuthKeyIDStr CERTAuthKeyID;
64
typedef struct CERTBasicConstraintsStr CERTBasicConstraints;
66
typedef struct CERTCertDBHandleStr CERTCertDBHandle;
68
typedef struct NSSTrustDomainStr CERTCertDBHandle;
70
typedef struct CERTCertExtensionStr CERTCertExtension;
71
typedef struct CERTCertKeyStr CERTCertKey;
72
typedef struct CERTCertListStr CERTCertList;
73
typedef struct CERTCertListNodeStr CERTCertListNode;
74
typedef struct CERTCertNicknamesStr CERTCertNicknames;
75
typedef struct CERTCertTrustStr CERTCertTrust;
76
typedef struct CERTCertificateStr CERTCertificate;
77
typedef struct CERTCertificateListStr CERTCertificateList;
78
typedef struct CERTCertificateRequestStr CERTCertificateRequest;
79
typedef struct CERTCrlStr CERTCrl;
80
typedef struct CERTCrlDistributionPointsStr CERTCrlDistributionPoints;
81
typedef struct CERTCrlEntryStr CERTCrlEntry;
82
typedef struct CERTCrlHeadNodeStr CERTCrlHeadNode;
83
typedef struct CERTCrlKeyStr CERTCrlKey;
84
typedef struct CERTCrlNodeStr CERTCrlNode;
85
typedef struct CERTDERCertsStr CERTDERCerts;
86
typedef struct CERTDistNamesStr CERTDistNames;
87
typedef struct CERTGeneralNameStr CERTGeneralName;
88
typedef struct CERTGeneralNameListStr CERTGeneralNameList;
89
typedef struct CERTIssuerAndSNStr CERTIssuerAndSN;
90
typedef struct CERTNameStr CERTName;
91
typedef struct CERTNameConstraintStr CERTNameConstraint;
92
typedef struct CERTNameConstraintsStr CERTNameConstraints;
93
typedef struct CERTOKDomainNameStr CERTOKDomainName;
94
typedef struct CERTPrivKeyUsagePeriodStr CERTPrivKeyUsagePeriod;
95
typedef struct CERTPublicKeyAndChallengeStr CERTPublicKeyAndChallenge;
96
typedef struct CERTRDNStr CERTRDN;
97
typedef struct CERTSignedCrlStr CERTSignedCrl;
98
typedef struct CERTSignedDataStr CERTSignedData;
99
typedef struct CERTStatusConfigStr CERTStatusConfig;
100
typedef struct CERTSubjectListStr CERTSubjectList;
101
typedef struct CERTSubjectNodeStr CERTSubjectNode;
102
typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
103
typedef struct CERTValidityStr CERTValidity;
104
typedef struct CERTVerifyLogStr CERTVerifyLog;
105
typedef struct CERTVerifyLogNodeStr CERTVerifyLogNode;
106
typedef struct CRLDistributionPointStr CRLDistributionPoint;
108
/* CRL extensions type */
109
typedef unsigned long CERTCrlNumber;
112
** An X.500 AVA object
120
** An X.500 RDN object
127
** An X.500 name object
135
** An X.509 validity object
137
struct CERTValidityStr {
144
* A serial number and issuer name, which is used as a database key
146
struct CERTCertKeyStr {
147
SECItem serialNumber;
152
** A signed data object. Used to implement the "signed" macro used
153
** in the X.500 specs.
155
struct CERTSignedDataStr {
157
SECAlgorithmID signatureAlgorithm;
162
** An X.509 subject-public-key-info object
164
struct CERTSubjectPublicKeyInfoStr {
166
SECAlgorithmID algorithm;
167
SECItem subjectPublicKey;
170
struct CERTPublicKeyAndChallengeStr {
175
struct CERTCertTrustStr {
176
unsigned int sslFlags;
177
unsigned int emailFlags;
178
unsigned int objectSigningFlags;
182
* defined the types of trust that exist
184
typedef enum SECTrustTypeEnum {
187
trustObjectSigning = 2,
191
#define SEC_GET_TRUST_FLAGS(trust,type) \
192
(((type)==trustSSL)?((trust)->sslFlags): \
193
(((type)==trustEmail)?((trust)->emailFlags): \
194
(((type)==trustObjectSigning)?((trust)->objectSigningFlags):0)))
197
** An X.509.3 certificate extension
199
struct CERTCertExtensionStr {
205
struct CERTSubjectNodeStr {
206
struct CERTSubjectNodeStr *next;
207
struct CERTSubjectNodeStr *prev;
212
struct CERTSubjectListStr {
216
CERTSubjectNode *head;
217
CERTSubjectNode *tail; /* do we need tail? */
222
** An X.509 certificate object (the unsigned form)
224
struct CERTCertificateStr {
225
/* the arena is used to allocate any data structures that have the same
226
* lifetime as the cert. This is all stuff that hangs off of the cert
227
* structure, and is all freed at the same time. I is used when the
228
* cert is decoded, destroyed, and at some times when it changes
233
/* The following fields are static after the cert has been decoded */
236
CERTSignedData signatureWrap; /* XXX */
237
SECItem derCert; /* original DER for the cert */
238
SECItem derIssuer; /* DER for issuer name */
239
SECItem derSubject; /* DER for subject name */
240
SECItem derPublicKey; /* DER for the public key */
241
SECItem certKey; /* database key for this cert */
243
SECItem serialNumber;
244
SECAlgorithmID signature;
246
CERTValidity validity;
248
CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
251
CERTCertExtension **extensions;
253
CERTCertDBHandle *dbhandle;
254
SECItem subjectKeyID; /* x509v3 subject key identifier */
255
PRBool keyIDGenerated; /* was the keyid generated? */
256
unsigned int keyUsage; /* what uses are allowed for this cert */
257
unsigned int rawKeyUsage; /* value of the key usage extension */
258
PRBool keyUsagePresent; /* was the key usage extension present */
259
PRUint32 nsCertType; /* value of the ns cert type extension */
260
/* must be 32-bit for PR_AtomicSet */
262
/* these values can be set by the application to bypass certain checks
263
* or to keep the cert in memory for an entire session.
264
* XXX - need an api to set these
266
PRBool keepSession; /* keep this cert for entire session*/
267
PRBool timeOK; /* is the bad validity time ok? */
268
CERTOKDomainName *domainOK; /* these domain names are ok */
271
* these values can change when the cert changes state. These state
272
* changes include transitions from temp to perm or vice-versa, and
273
* changes of trust flags
279
struct NSSCertificateStr *nssCertificate; /* This is Stan stuff. */
280
CERTCertTrust *trust;
282
/* the reference count is modified whenever someone looks up, dups
283
* or destroys a certificate
287
/* The subject list is a list of all certs with the same subject name.
288
* It can be modified any time a cert is added or deleted from either
289
* the in-memory(temporary) or on-disk(permanent) database.
291
CERTSubjectList *subjectList;
293
/* these belong in the static section, but are here to maintain
294
* the structure's integrity
296
CERTAuthKeyID * authKeyID; /* x509v3 authority key identifier */
297
PRBool isRoot; /* cert is the end of a chain */
299
/* these fields are used by client GUI code to keep track of ssl sockets
300
* that are blocked waiting on GUI feedback related to this cert.
301
* XXX - these should be moved into some sort of application specific
302
* data structure. They are only used by the browser right now.
305
void* apointer; /* was struct SECSocketNode* authsocketlist */
307
unsigned int hasUnsupportedCriticalExt :1;
308
/* add any new option bits needed here */
311
int series; /* was int authsocketcount; record the series of the pkcs11ID */
313
/* This is PKCS #11 stuff. */
314
PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
315
CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
316
PRBool ownSlot; /*true if the cert owns the slot reference */
318
#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
319
#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
320
#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
322
#define SEC_CRL_VERSION_1 0 /* default */
323
#define SEC_CRL_VERSION_2 1 /* v2 extensions */
326
* used to identify class of cert in mime stream code
328
#define SEC_CERT_CLASS_CA 1
329
#define SEC_CERT_CLASS_SERVER 2
330
#define SEC_CERT_CLASS_USER 3
331
#define SEC_CERT_CLASS_EMAIL 4
333
struct CERTDERCertsStr {
340
** A PKCS ? Attribute
341
** XXX this is duplicated through out the code, it *should* be moved
342
** to a central location. Where would be appropriate?
344
struct CERTAttributeStr {
350
** A PKCS#10 certificate-request object (the unsigned form)
352
struct CERTCertificateRequestStr {
356
CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
357
CERTAttribute **attributes;
359
#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
363
** A certificate list object.
365
struct CERTCertificateListStr {
367
int len; /* number of certs */
371
struct CERTCertListNodeStr {
373
CERTCertificate *cert;
377
struct CERTCertListStr {
382
#define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
383
#define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
384
#define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
385
#define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l)
387
struct CERTCrlEntryStr {
388
SECItem serialNumber;
389
SECItem revocationDate;
390
CERTCertExtension **extensions;
396
SECAlgorithmID signatureAlg;
400
SECItem nextUpdate; /* optional for x.509 CRL */
401
CERTCrlEntry **entries;
402
CERTCertExtension **extensions;
403
/* can't add anything there for binary backwards compatibility reasons */
406
struct CERTCrlKeyStr {
408
SECItem dummy; /* The decoder can not skip a primitive,
409
this serves as a place holder for the
410
decoder to finish its task only
414
struct CERTSignedCrlStr {
422
CERTCertDBHandle *dbhandle;
423
CERTSignedData signatureWrap; /* XXX */
427
CK_OBJECT_HANDLE pkcs11ID;
428
void* opaque; /* do not touch */
432
struct CERTCrlHeadNodeStr {
434
CERTCertDBHandle *dbhandle;
440
struct CERTCrlNodeStr {
448
* Array of X.500 Distinguished Names
450
struct CERTDistNamesStr {
454
void *head; /* private */
458
#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
459
#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
460
#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
461
#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
462
#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
463
#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
464
#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
465
#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
467
#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
468
#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
470
#define NS_CERT_TYPE_APP ( NS_CERT_TYPE_SSL_CLIENT | \
471
NS_CERT_TYPE_SSL_SERVER | \
472
NS_CERT_TYPE_EMAIL | \
473
NS_CERT_TYPE_OBJECT_SIGNING )
475
#define NS_CERT_TYPE_CA ( NS_CERT_TYPE_SSL_CA | \
476
NS_CERT_TYPE_EMAIL_CA | \
477
NS_CERT_TYPE_OBJECT_SIGNING_CA | \
478
EXT_KEY_USAGE_STATUS_RESPONDER )
479
typedef enum SECCertUsageEnum {
480
certUsageSSLClient = 0,
481
certUsageSSLServer = 1,
482
certUsageSSLServerWithStepUp = 2,
484
certUsageEmailSigner = 4,
485
certUsageEmailRecipient = 5,
486
certUsageObjectSigner = 6,
487
certUsageUserCertImport = 7,
488
certUsageVerifyCA = 8,
489
certUsageProtectedObjectSigner = 9,
490
certUsageStatusResponder = 10,
494
typedef PRInt64 SECCertificateUsage;
496
#define certificateUsageSSLClient (0x0001)
497
#define certificateUsageSSLServer (0x0002)
498
#define certificateUsageSSLServerWithStepUp (0x0004)
499
#define certificateUsageSSLCA (0x0008)
500
#define certificateUsageEmailSigner (0x0010)
501
#define certificateUsageEmailRecipient (0x0020)
502
#define certificateUsageObjectSigner (0x0040)
503
#define certificateUsageUserCertImport (0x0080)
504
#define certificateUsageVerifyCA (0x0100)
505
#define certificateUsageProtectedObjectSigner (0x0200)
506
#define certificateUsageStatusResponder (0x0400)
507
#define certificateUsageAnyCA (0x0800)
509
#define certificateUsageHighest certificateUsageAnyCA
512
* Does the cert belong to the user, a peer, or a CA.
514
typedef enum CERTCertOwnerEnum {
521
* This enum represents the state of validity times of a certificate
523
typedef enum SECCertTimeValidityEnum {
524
secCertTimeValid = 0,
525
secCertTimeExpired = 1,
526
secCertTimeNotValidYet = 2,
527
secCertTimeUndetermined = 3 /* validity could not be decoded from the
528
cert, most likely because it was NULL */
529
} SECCertTimeValidity;
532
* This is used as return status in functions that compare the validity
533
* periods of two certificates A and B, currently only
534
* CERT_CompareValidityTimes.
537
typedef enum CERTCompareValidityStatusEnum
539
certValidityUndetermined = 0, /* the function is unable to select one cert
541
certValidityChooseB = 1, /* cert B should be preferred */
542
certValidityEqual = 2, /* both certs have the same validity period */
543
certValidityChooseA = 3 /* cert A should be preferred */
544
} CERTCompareValidityStatus;
547
* Interface for getting certificate nickname strings out of the database
550
/* these are values for the what argument below */
551
#define SEC_CERT_NICKNAMES_ALL 1
552
#define SEC_CERT_NICKNAMES_USER 2
553
#define SEC_CERT_NICKNAMES_SERVER 3
554
#define SEC_CERT_NICKNAMES_CA 4
556
struct CERTCertNicknamesStr {
565
struct CERTIssuerAndSNStr {
568
SECItem serialNumber;
572
/* X.509 v3 Key Usage Extension flags */
573
#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
574
#define KU_NON_REPUDIATION (0x40) /* bit 1 */
575
#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
576
#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
577
#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
578
#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
579
#define KU_CRL_SIGN (0x02) /* bit 6 */
580
#define KU_ALL (KU_DIGITAL_SIGNATURE | \
581
KU_NON_REPUDIATION | \
582
KU_KEY_ENCIPHERMENT | \
583
KU_DATA_ENCIPHERMENT | \
588
/* This value will not occur in certs. It is used internally for the case
589
* when the key type is not know ahead of time and either key agreement or
590
* key encipherment are the correct value based on key type
592
#define KU_KEY_AGREEMENT_OR_ENCIPHERMENT (0x4000)
594
/* internal bits that do not match bits in the x509v3 spec, but are used
595
* for similar purposes
597
#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
599
* x.509 v3 Basic Constraints Extension
600
* If isCA is false, the pathLenConstraint is ignored.
601
* Otherwise, the following pathLenConstraint values will apply:
602
* < 0 - there is no limit to the certificate path
603
* 0 - CA can issues end-entity certificates only
604
* > 0 - the number of certificates in the certificate path is
605
* limited to this number
607
#define CERT_UNLIMITED_PATH_CONSTRAINT -2
609
struct CERTBasicConstraintsStr {
610
PRBool isCA; /* on if is CA */
611
int pathLenConstraint; /* maximum number of certificates that can be
612
in the cert path. Only applies to a CA
613
certificate; otherwise, it's ignored.
617
/* Maximum length of a certificate chain */
618
#define CERT_MAX_CERT_CHAIN 20
620
/* x.509 v3 Reason Falgs, used in CRLDistributionPoint Extension */
621
#define RF_UNUSED (0x80) /* bit 0 */
622
#define RF_KEY_COMPROMISE (0x40) /* bit 1 */
623
#define RF_CA_COMPROMISE (0x20) /* bit 2 */
624
#define RF_AFFILIATION_CHANGED (0x10) /* bit 3 */
625
#define RF_SUPERSEDED (0x08) /* bit 4 */
626
#define RF_CESSATION_OF_OPERATION (0x04) /* bit 5 */
627
#define RF_CERTIFICATE_HOLD (0x02) /* bit 6 */
629
/* If we needed to extract the general name field, use this */
630
/* General Name types */
631
typedef enum CERTGeneralNameTypeEnum {
636
certDirectoryName = 5,
637
certEDIPartyName = 6,
641
} CERTGeneralNameType;
644
typedef struct OtherNameStr {
651
struct CERTGeneralNameStr {
652
CERTGeneralNameType type; /* name type */
654
CERTName directoryName; /* distinguish name */
655
OtherName OthName; /* Other Name */
656
SECItem other; /* the rest of the name forms */
658
SECItem derDirectoryName; /* this is saved to simplify directory name
663
struct CERTGeneralNameListStr {
665
CERTGeneralName *name;
671
struct CERTNameConstraintStr {
672
CERTGeneralName name;
680
struct CERTNameConstraintsStr {
681
CERTNameConstraint *permited;
682
CERTNameConstraint *excluded;
683
SECItem **DERPermited;
684
SECItem **DERExcluded;
688
/* Private Key Usage Period extension struct. */
689
struct CERTPrivKeyUsagePeriodStr {
695
/* X.509 v3 Authority Key Identifier extension. For the authority certificate
696
issuer field, we only support URI now.
698
struct CERTAuthKeyIDStr {
699
SECItem keyID; /* unique key identifier */
700
CERTGeneralName *authCertIssuer; /* CA's issuer name. End with a NULL */
701
SECItem authCertSerialNumber; /* CA's certificate serial number */
702
SECItem **DERAuthCertIssuer; /* This holds the DER encoded format of
703
the authCertIssuer field. It is used
704
by the encoding engine. It should be
705
used as a read only field by the caller.
709
/* x.509 v3 CRL Distributeion Point */
712
* defined the types of CRL Distribution points
714
typedef enum DistributionPointTypesEnum {
715
generalName = 1, /* only support this for now */
716
relativeDistinguishedName = 2
717
} DistributionPointTypes;
719
struct CRLDistributionPointStr {
720
DistributionPointTypes distPointType;
722
CERTGeneralName *fullName;
723
CERTRDN relativeName;
726
CERTGeneralName *crlIssuer;
728
/* Reserved for internal use only*/
729
SECItem derDistPoint;
730
SECItem derRelativeName;
731
SECItem **derCrlIssuer;
732
SECItem **derFullName;
736
struct CERTCrlDistributionPointsStr {
737
CRLDistributionPoint **distPoints;
741
* This structure is used to keep a log of errors when verifying
742
* a cert chain. This allows multiple errors to be reported all at
745
struct CERTVerifyLogNodeStr {
746
CERTCertificate *cert; /* what cert had the error */
747
long error; /* what error was it? */
748
unsigned int depth; /* how far up the chain are we */
749
void *arg; /* error specific argument */
750
struct CERTVerifyLogNodeStr *next; /* next in the list */
751
struct CERTVerifyLogNodeStr *prev; /* next in the list */
755
struct CERTVerifyLogStr {
758
struct CERTVerifyLogNodeStr *head;
759
struct CERTVerifyLogNodeStr *tail;
763
struct CERTOKDomainNameStr {
764
CERTOKDomainName *next;
765
char name[1]; /* actual length may be longer. */
769
typedef SECStatus (PR_CALLBACK *CERTStatusChecker) (CERTCertDBHandle *handle,
770
CERTCertificate *cert,
774
typedef SECStatus (PR_CALLBACK *CERTStatusDestroy) (CERTStatusConfig *handle);
776
struct CERTStatusConfigStr {
777
CERTStatusChecker statusChecker; /* NULL means no checking enabled */
778
CERTStatusDestroy statusDestroy; /* enabled or no, will clean up */
779
void *statusContext; /* cx specific to checking protocol */
782
struct CERTAuthInfoAccessStr {
785
CERTGeneralName *location; /* decoded location */
789
/* This is the typedef for the callback passed to CERT_OpenCertDB() */
790
/* callback to return database name based on version number */
791
typedef char * (*CERTDBNameFunc)(void *arg, int dbVersion);
794
* types of cert packages that we can decode
796
typedef enum CERTPackageTypeEnum {
799
certPackagePKCS7 = 2,
800
certPackageNSCertSeq = 3,
801
certPackageNSCertWrap = 4
805
* these types are for the PKIX Certificate Policies extension
810
SECItem qualifierValue;
811
} CERTPolicyQualifier;
816
CERTPolicyQualifier **policyQualifiers;
821
CERTPolicyInfo **policyInfos;
822
} CERTCertificatePolicies;
825
SECItem organization;
826
SECItem **noticeNumbers;
827
} CERTNoticeReference;
831
CERTNoticeReference noticeReference;
832
SECItem derNoticeReference;
842
/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
844
#include "secasn1t.h" /* way down here because I expect template stuff to
845
* move out of here anyway */
849
extern const SEC_ASN1Template CERT_CertificateRequestTemplate[];
850
extern const SEC_ASN1Template CERT_CertificateTemplate[];
851
extern const SEC_ASN1Template SEC_SignedCertificateTemplate[];
852
extern const SEC_ASN1Template CERT_CertExtensionTemplate[];
853
extern const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[];
854
extern const SEC_ASN1Template SECKEY_PublicKeyTemplate[];
855
extern const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[];
856
extern const SEC_ASN1Template CERT_TimeChoiceTemplate[];
857
extern const SEC_ASN1Template CERT_ValidityTemplate[];
858
extern const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[];
859
extern const SEC_ASN1Template SEC_CertSequenceTemplate[];
861
extern const SEC_ASN1Template CERT_IssuerAndSNTemplate[];
862
extern const SEC_ASN1Template CERT_NameTemplate[];
863
extern const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[];
864
extern const SEC_ASN1Template CERT_RDNTemplate[];
865
extern const SEC_ASN1Template CERT_SignedDataTemplate[];
866
extern const SEC_ASN1Template CERT_CrlTemplate[];
867
extern const SEC_ASN1Template CERT_SignedCrlTemplate[];
870
** XXX should the attribute stuff be centralized for all of ns/security?
872
extern const SEC_ASN1Template CERT_AttributeTemplate[];
873
extern const SEC_ASN1Template CERT_SetOfAttributeTemplate[];
875
/* These functions simply return the address of the above-declared templates.
876
** This is necessary for Windows DLLs. Sigh.
878
SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateRequestTemplate)
879
SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateTemplate)
880
SEC_ASN1_CHOOSER_DECLARE(CERT_CrlTemplate)
881
SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
882
SEC_ASN1_CHOOSER_DECLARE(CERT_NameTemplate)
883
SEC_ASN1_CHOOSER_DECLARE(CERT_SequenceOfCertExtensionTemplate)
884
SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate)
885
SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate)
886
SEC_ASN1_CHOOSER_DECLARE(CERT_SubjectPublicKeyInfoTemplate)
887
SEC_ASN1_CHOOSER_DECLARE(SEC_SignedCertificateTemplate)
888
SEC_ASN1_CHOOSER_DECLARE(CERT_SignedCrlTemplate)
889
SEC_ASN1_CHOOSER_DECLARE(CERT_TimeChoiceTemplate)
893
#endif /* _CERTT_H_ */
added
removed
security/nss-fips/lib/certdb/certt.h
