tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pcert.h (8008B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef _PCERTDB_H_
      6 #define _PCERTDB_H_
      7 
      8 #include "plarena.h"
      9 #include "prlong.h"
     10 #include "pcertt.h"
     11 
     12 #include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */
     13 
     14 SEC_BEGIN_PROTOS
     15 
     16 /*
     17 * initialize any global certificate locks
     18 */
     19 SECStatus nsslowcert_InitLocks(void);
     20 
     21 /*
     22 ** Add a DER encoded certificate to the permanent database.
     23 **  "derCert" is the DER encoded certificate.
     24 **  "nickname" is the nickname to use for the cert
     25 **  "trust" is the trust parameters for the cert
     26 */
     27 SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle,
     28                                 NSSLOWCERTCertificate *cert,
     29                                 char *nickname, NSSLOWCERTCertTrust *trust);
     30 SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
     31                                     NSSLOWCERTCertificate *cert, char *nickname);
     32 
     33 SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
     34 
     35 typedef SECStatus(PR_CALLBACK *PermCertCallback)(NSSLOWCERTCertificate *cert,
     36                                                 SECItem *k, void *pdata);
     37 /*
     38 ** Traverse the entire permanent database, and pass the certs off to a
     39 ** user supplied function.
     40 **  "certfunc" is the user function to call for each certificate
     41 **  "udata" is the user's data, which is passed through to "certfunc"
     42 */
     43 SECStatus
     44 nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
     45                             PermCertCallback certfunc,
     46                             void *udata);
     47 
     48 PRBool
     49 nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
     50 
     51 certDBEntryRevocation *
     52 nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
     53                        SECItem *crlKey, PRBool isKRL);
     54 
     55 SECStatus
     56 nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, const SECItem *derName,
     57                         PRBool isKRL);
     58 SECStatus
     59 nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl,
     60                  SECItem *derKey, char *url, PRBool isKRL);
     61 
     62 NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
     63 NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
     64 
     65 NSSLOWCERTCertificate *
     66 nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
     67                              char *nickname, PRBool isperm, PRBool copyDER);
     68 NSSLOWCERTCertificate *
     69 nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
     70 void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
     71 void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
     72 
     73 /*
     74 * Lookup a certificate in the databases without locking
     75 *  "certKey" is the database key to look for
     76 *
     77 * XXX - this should be internal, but pkcs 11 needs to call it during a
     78 * traversal.
     79 */
     80 NSSLOWCERTCertificate *
     81 nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
     82 
     83 /*
     84 * Lookup trust for a certificate in the databases without locking
     85 *  "certKey" is the database key to look for
     86 *
     87 * XXX - this should be internal, but pkcs 11 needs to call it during a
     88 * traversal.
     89 */
     90 NSSLOWCERTTrust *
     91 nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
     92 
     93 /*
     94 ** Generate a certificate key from the issuer and serialnumber, then look it
     95 ** up in the database.  Return the cert if found.
     96 **  "issuerAndSN" is the issuer and serial number to look for
     97 */
     98 extern NSSLOWCERTCertificate *
     99 nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
    100 
    101 /*
    102 ** Generate a certificate key from the issuer and serialnumber, then look it
    103 ** up in the database.  Return the cert if found.
    104 **  "issuerAndSN" is the issuer and serial number to look for
    105 */
    106 extern NSSLOWCERTTrust *
    107 nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
    108 
    109 /*
    110 ** Find a certificate in the database by a DER encoded certificate
    111 **  "derCert" is the DER encoded certificate
    112 */
    113 extern NSSLOWCERTCertificate *
    114 nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
    115 
    116 /* convert an email address to lower case */
    117 char *nsslowcert_FixupEmailAddr(char *emailAddr);
    118 
    119 /*
    120 ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
    121 **      "derSignedCert" is the DER encoded signed certificate
    122 **      "copyDER" is true if the DER should be copied, false if the
    123 **              existing copy should be referenced
    124 **      "nickname" is the nickname to use in the database.  If it is NULL
    125 **              then a temporary nickname is generated.
    126 */
    127 extern NSSLOWCERTCertificate *
    128 nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname);
    129 
    130 SECStatus
    131 nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key);
    132 
    133 certDBEntrySMime *
    134 nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
    135                            char *emailAddr);
    136 void
    137 nsslowcert_DestroyDBEntry(certDBEntry *entry);
    138 
    139 SECStatus
    140 nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
    141                      const char *domain, const char *prefix,
    142                      NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
    143 
    144 void
    145 nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
    146 
    147 /*
    148 * is certa newer than certb?  If one is expired, pick the other one.
    149 */
    150 PRBool
    151 nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
    152 
    153 SECStatus
    154 nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
    155                             certDBEntryType type,
    156                             SECStatus (*callback)(SECItem *data, SECItem *key,
    157                                                   certDBEntryType type, void *pdata),
    158                             void *udata);
    159 SECStatus
    160 nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
    161                                       SECItem *derSubject,
    162                                       NSSLOWCERTCertCallback cb, void *cbarg);
    163 int
    164 nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
    165                                  SECItem *derSubject);
    166 SECStatus
    167 nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
    168                                        char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
    169 
    170 int
    171 nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
    172                                   char *nickname);
    173 SECStatus
    174 nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
    175                        NSSLOWCERTCertTrust *trust);
    176 
    177 SECStatus
    178 nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
    179                            SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
    180 
    181 /*
    182 * Change the trust attributes of a certificate and make them permanent
    183 * in the database.
    184 */
    185 SECStatus
    186 nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
    187                           NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
    188 
    189 PRBool
    190 nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
    191 
    192 void
    193 nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
    194 
    195 PRBool
    196 nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
    197 
    198 void
    199 nsslowcert_DestroyFreeLists(void);
    200 
    201 void
    202 nsslowcert_DestroyGlobalLocks(void);
    203 
    204 void
    205 pkcs11_freeNickname(char *nickname, char *space);
    206 
    207 char *
    208 pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
    209 
    210 void
    211 pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
    212 
    213 unsigned char *
    214 pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
    215 
    216 unsigned char *
    217 pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
    218                      int spaceLen);
    219 NSSLOWCERTCertificate *
    220 nsslowcert_CreateCert(void);
    221 
    222 certDBEntry *
    223 nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey,
    224                            certDBEntryType entryType, void *pdata);
    225 
    226 SEC_END_PROTOS
    227 
    228 #endif /* _PCERTDB_H_ */