Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#ifndef _PCERTDB_H_
#define _PCERTDB_H_
#include "plarena.h"
#include "prlong.h"
#include "pcertt.h"
#include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */
SEC_BEGIN_PROTOS
/*
* initialize any global certificate locks
*/
SECStatus nsslowcert_InitLocks(void);
/*
** Add a DER encoded certificate to the permanent database.
** "derCert" is the DER encoded certificate.
** "nickname" is the nickname to use for the cert
** "trust" is the trust parameters for the cert
*/
SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle,
NSSLOWCERTCertificate *cert,
char *nickname, NSSLOWCERTCertTrust *trust);
SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
NSSLOWCERTCertificate *cert, char *nickname);
SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
typedef SECStatus(PR_CALLBACK *PermCertCallback)(NSSLOWCERTCertificate *cert,
SECItem *k, void *pdata);
/*
** Traverse the entire permanent database, and pass the certs off to a
** user supplied function.
** "certfunc" is the user function to call for each certificate
** "udata" is the user's data, which is passed through to "certfunc"
*/
SECStatus
nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
PermCertCallback certfunc,
void *udata);
PRBool
nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
certDBEntryRevocation *
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
SECItem *crlKey, PRBool isKRL);
SECStatus
nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, const SECItem *derName,
PRBool isKRL);
SECStatus
nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl,
SECItem *derKey, char *url, PRBool isKRL);
NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
NSSLOWCERTCertificate *
nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER);
NSSLOWCERTCertificate *
nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
/*
* Lookup a certificate in the databases without locking
* "certKey" is the database key to look for
*
* XXX - this should be internal, but pkcs 11 needs to call it during a
* traversal.
*/
NSSLOWCERTCertificate *
nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
/*
* Lookup trust for a certificate in the databases without locking
* "certKey" is the database key to look for
*
* XXX - this should be internal, but pkcs 11 needs to call it during a
* traversal.
*/
NSSLOWCERTTrust *
nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
/*
** Generate a certificate key from the issuer and serialnumber, then look it
** up in the database. Return the cert if found.
** "issuerAndSN" is the issuer and serial number to look for
*/
extern NSSLOWCERTCertificate *
nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
/*
** Generate a certificate key from the issuer and serialnumber, then look it
** up in the database. Return the cert if found.
** "issuerAndSN" is the issuer and serial number to look for
*/
extern NSSLOWCERTTrust *
nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
/*
** Find a certificate in the database by a DER encoded certificate
** "derCert" is the DER encoded certificate
*/
extern NSSLOWCERTCertificate *
nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
/* convert an email address to lower case */
char *nsslowcert_FixupEmailAddr(char *emailAddr);
/*
** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
** "derSignedCert" is the DER encoded signed certificate
** "copyDER" is true if the DER should be copied, false if the
** existing copy should be referenced
** "nickname" is the nickname to use in the database. If it is NULL
** then a temporary nickname is generated.
*/
extern NSSLOWCERTCertificate *
nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname);
SECStatus
nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key);
certDBEntrySMime *
nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
char *emailAddr);
void
nsslowcert_DestroyDBEntry(certDBEntry *entry);
SECStatus
nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
const char *domain, const char *prefix,
NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
void
nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
/*
* is certa newer than certb? If one is expired, pick the other one.
*/
PRBool
nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
SECStatus
nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
certDBEntryType type,
SECStatus (*callback)(SECItem *data, SECItem *key,
certDBEntryType type, void *pdata),
void *udata);
SECStatus
nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
SECItem *derSubject,
NSSLOWCERTCertCallback cb, void *cbarg);
int
nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
SECItem *derSubject);
SECStatus
nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
int
nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
char *nickname);
SECStatus
nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
NSSLOWCERTCertTrust *trust);
SECStatus
nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
/*
* Change the trust attributes of a certificate and make them permanent
* in the database.
*/
SECStatus
nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
PRBool
nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
void
nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
PRBool
nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
void
nsslowcert_DestroyFreeLists(void);
void
nsslowcert_DestroyGlobalLocks(void);
void
pkcs11_freeNickname(char *nickname, char *space);
char *
pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
void
pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
unsigned char *
pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
unsigned char *
pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
int spaceLen);
NSSLOWCERTCertificate *
nsslowcert_CreateCert(void);
certDBEntry *
nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey,
certDBEntryType entryType, void *pdata);
SEC_END_PROTOS
#endif /* _PCERTDB_H_ */