1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef _PCERTDB_H_ 6 #define _PCERTDB_H_ 7 8 #include "plarena.h" 9 #include "prlong.h" 10 #include "pcertt.h" 11 12 #include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */ 13 14 SEC_BEGIN_PROTOS 15 16 /* 17 * initialize any global certificate locks 18 */ 19 SECStatus nsslowcert_InitLocks(void); 20 21 /* 22 ** Add a DER encoded certificate to the permanent database. 23 ** "derCert" is the DER encoded certificate. 24 ** "nickname" is the nickname to use for the cert 25 ** "trust" is the trust parameters for the cert 26 */ 27 SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, 28 NSSLOWCERTCertificate *cert, 29 char *nickname, NSSLOWCERTCertTrust *trust); 30 SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle, 31 NSSLOWCERTCertificate *cert, char *nickname); 32 33 SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert); 34 35 typedef SECStatus(PR_CALLBACK *PermCertCallback)(NSSLOWCERTCertificate *cert, 36 SECItem *k, void *pdata); 37 /* 38 ** Traverse the entire permanent database, and pass the certs off to a 39 ** user supplied function. 40 ** "certfunc" is the user function to call for each certificate 41 ** "udata" is the user's data, which is passed through to "certfunc" 42 */ 43 SECStatus 44 nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle, 45 PermCertCallback certfunc, 46 void *udata); 47 48 PRBool 49 nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle); 50 51 certDBEntryRevocation * 52 nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, 53 SECItem *crlKey, PRBool isKRL); 54 55 SECStatus 56 nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, const SECItem *derName, 57 PRBool isKRL); 58 SECStatus 59 nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, 60 SECItem *derKey, char *url, PRBool isKRL); 61 62 NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB(); 63 NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *); 64 65 NSSLOWCERTCertificate * 66 nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert, 67 char *nickname, PRBool isperm, PRBool copyDER); 68 NSSLOWCERTCertificate * 69 nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert); 70 void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert); 71 void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust); 72 73 /* 74 * Lookup a certificate in the databases without locking 75 * "certKey" is the database key to look for 76 * 77 * XXX - this should be internal, but pkcs 11 needs to call it during a 78 * traversal. 79 */ 80 NSSLOWCERTCertificate * 81 nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); 82 83 /* 84 * Lookup trust for a certificate in the databases without locking 85 * "certKey" is the database key to look for 86 * 87 * XXX - this should be internal, but pkcs 11 needs to call it during a 88 * traversal. 89 */ 90 NSSLOWCERTTrust * 91 nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey); 92 93 /* 94 ** Generate a certificate key from the issuer and serialnumber, then look it 95 ** up in the database. Return the cert if found. 96 ** "issuerAndSN" is the issuer and serial number to look for 97 */ 98 extern NSSLOWCERTCertificate * 99 nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); 100 101 /* 102 ** Generate a certificate key from the issuer and serialnumber, then look it 103 ** up in the database. Return the cert if found. 104 ** "issuerAndSN" is the issuer and serial number to look for 105 */ 106 extern NSSLOWCERTTrust * 107 nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); 108 109 /* 110 ** Find a certificate in the database by a DER encoded certificate 111 ** "derCert" is the DER encoded certificate 112 */ 113 extern NSSLOWCERTCertificate * 114 nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert); 115 116 /* convert an email address to lower case */ 117 char *nsslowcert_FixupEmailAddr(char *emailAddr); 118 119 /* 120 ** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure 121 ** "derSignedCert" is the DER encoded signed certificate 122 ** "copyDER" is true if the DER should be copied, false if the 123 ** existing copy should be referenced 124 ** "nickname" is the nickname to use in the database. If it is NULL 125 ** then a temporary nickname is generated. 126 */ 127 extern NSSLOWCERTCertificate * 128 nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname); 129 130 SECStatus 131 nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key); 132 133 certDBEntrySMime * 134 nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle, 135 char *emailAddr); 136 void 137 nsslowcert_DestroyDBEntry(certDBEntry *entry); 138 139 SECStatus 140 nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, 141 const char *domain, const char *prefix, 142 NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile); 143 144 void 145 nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle); 146 147 /* 148 * is certa newer than certb? If one is expired, pick the other one. 149 */ 150 PRBool 151 nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb); 152 153 SECStatus 154 nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle, 155 certDBEntryType type, 156 SECStatus (*callback)(SECItem *data, SECItem *key, 157 certDBEntryType type, void *pdata), 158 void *udata); 159 SECStatus 160 nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle, 161 SECItem *derSubject, 162 NSSLOWCERTCertCallback cb, void *cbarg); 163 int 164 nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle, 165 SECItem *derSubject); 166 SECStatus 167 nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle, 168 char *nickname, NSSLOWCERTCertCallback cb, void *cbarg); 169 170 int 171 nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, 172 char *nickname); 173 SECStatus 174 nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert, 175 NSSLOWCERTCertTrust *trust); 176 177 SECStatus 178 nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, 179 SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime); 180 181 /* 182 * Change the trust attributes of a certificate and make them permanent 183 * in the database. 184 */ 185 SECStatus 186 nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, 187 NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust); 188 189 PRBool 190 nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle); 191 192 void 193 nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value); 194 195 PRBool 196 nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust); 197 198 void 199 nsslowcert_DestroyFreeLists(void); 200 201 void 202 nsslowcert_DestroyGlobalLocks(void); 203 204 void 205 pkcs11_freeNickname(char *nickname, char *space); 206 207 char * 208 pkcs11_copyNickname(char *nickname, char *space, int spaceLen); 209 210 void 211 pkcs11_freeStaticData(unsigned char *data, unsigned char *space); 212 213 unsigned char * 214 pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen); 215 216 unsigned char * 217 pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space, 218 int spaceLen); 219 NSSLOWCERTCertificate * 220 nsslowcert_CreateCert(void); 221 222 certDBEntry * 223 nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey, 224 certDBEntryType entryType, void *pdata); 225 226 SEC_END_PROTOS 227 228 #endif /* _PCERTDB_H_ */ 229