1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
44
#include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */
49
* initialize any global certificate locks
51
SECStatus nsslowcert_InitLocks(void);
54
** Add a DER encoded certificate to the permanent database.
55
** "derCert" is the DER encoded certificate.
56
** "nickname" is the nickname to use for the cert
57
** "trust" is the trust parameters for the cert
59
SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle,
60
NSSLOWCERTCertificate *cert,
61
char *nickname, NSSLOWCERTCertTrust *trust);
62
SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
63
NSSLOWCERTCertificate *cert, char *nickname);
65
SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
67
typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert,
68
SECItem *k, void *pdata);
70
** Traverse the entire permanent database, and pass the certs off to a
71
** user supplied function.
72
** "certfunc" is the user function to call for each certificate
73
** "udata" is the user's data, which is passed through to "certfunc"
76
nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
77
PermCertCallback certfunc,
81
nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
83
certDBEntryRevocation *
84
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
85
SECItem *crlKey, PRBool isKRL);
88
nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,SECItem *derName,
91
nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl ,
92
SECItem *derKey, char *url, PRBool isKRL);
94
NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
95
NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
97
NSSLOWCERTCertificate *
98
nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
99
char *nickname, PRBool isperm, PRBool copyDER);
100
NSSLOWCERTCertificate *
101
nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
102
void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
103
void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
106
* Lookup a certificate in the databases without locking
107
* "certKey" is the database key to look for
109
* XXX - this should be internal, but pkcs 11 needs to call it during a
112
NSSLOWCERTCertificate *
113
nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
116
* Lookup trust for a certificate in the databases without locking
117
* "certKey" is the database key to look for
119
* XXX - this should be internal, but pkcs 11 needs to call it during a
123
nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
126
** Generate a certificate key from the issuer and serialnumber, then look it
127
** up in the database. Return the cert if found.
128
** "issuerAndSN" is the issuer and serial number to look for
130
extern NSSLOWCERTCertificate *
131
nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
134
** Generate a certificate key from the issuer and serialnumber, then look it
135
** up in the database. Return the cert if found.
136
** "issuerAndSN" is the issuer and serial number to look for
138
extern NSSLOWCERTTrust *
139
nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
142
** Find a certificate in the database by a DER encoded certificate
143
** "derCert" is the DER encoded certificate
145
extern NSSLOWCERTCertificate *
146
nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
148
/* convert an email address to lower case */
149
char *nsslowcert_FixupEmailAddr(char *emailAddr);
152
** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
153
** "derSignedCert" is the DER encoded signed certificate
154
** "copyDER" is true if the DER should be copied, false if the
155
** existing copy should be referenced
156
** "nickname" is the nickname to use in the database. If it is NULL
157
** then a temporary nickname is generated.
159
extern NSSLOWCERTCertificate *
160
nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname);
163
nsslowcert_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key);
166
nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
169
nsslowcert_DestroyDBEntry(certDBEntry *entry);
172
nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
173
const char *domain, const char *prefix,
174
NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
177
nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
180
* is certa newer than certb? If one is expired, pick the other one.
183
nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
187
nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
188
certDBEntryType type,
189
SECStatus (* callback)(SECItem *data, SECItem *key,
190
certDBEntryType type, void *pdata),
193
nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
195
NSSLOWCERTCertCallback cb, void *cbarg);
197
nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
198
SECItem *derSubject);
200
nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
201
char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
204
nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
207
nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
208
NSSLOWCERTCertTrust *trust);
211
nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
212
SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
215
* Change the trust attributes of a certificate and make them permanent
219
nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
220
NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
223
nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
226
nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
229
nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
232
nsslowcert_DestroyFreeLists(void);
235
nsslowcert_DestroyGlobalLocks(void);
238
pkcs11_freeNickname(char *nickname, char *space);
241
pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
244
pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
247
pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
250
pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
252
NSSLOWCERTCertificate *
253
nsslowcert_CreateCert(void);
256
nsslowcert_DecodeAnyDBEntry(SECItem *dbData, SECItem *dbKey,
257
certDBEntryType entryType, void *pdata);
261
#endif /* _PCERTDB_H_ */