1 /* This Source Code Form is subject to the terms of the Mozilla Public
2  * License, v. 2.0. If a copy of the MPL was not distributed with this
3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 
5 #ifndef _CERTDB_H_
6 #define _CERTDB_H_
7 
8 /* common flags for all types of certificates */
9 #define CERTDB_TERMINAL_RECORD (1u << 0)
10 #define CERTDB_TRUSTED (1u << 1)
11 #define CERTDB_SEND_WARN (1u << 2)
12 #define CERTDB_VALID_CA (1u << 3)
13 #define CERTDB_TRUSTED_CA (1u << 4) /* trusted for issuing server certs */
14 #define CERTDB_NS_TRUSTED_CA (1u << 5)
15 #define CERTDB_USER (1u << 6)
16 #define CERTDB_TRUSTED_CLIENT_CA (1u << 7) /* trusted for issuing client certs */
17 #define CERTDB_INVISIBLE_CA (1u << 8)      /* don't show in UI */
18 #define CERTDB_GOVT_APPROVED_CA (1u << 9)  /* can do strong crypto in export ver */
19 
20 /* old usage, to keep old programs compiling */
21 /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile
22  * time deprecation warnings when applications use the old CERTDB_VALID_PEER
23  * define */
24 #if __GNUC__ > 3
25 #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
26 typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated));
27 #else
28 typedef unsigned int __CERTDB_VALID_PEER __attribute__((
29     deprecated("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));
30 #endif
31 #define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER)CERTDB_TERMINAL_RECORD)
32 #else
33 #ifdef _WIN32
34 #pragma deprecated(CERTDB_VALID_PEER)
35 #endif
36 #define CERTDB_VALID_PEER CERTDB_TERMINAL_RECORD
37 #endif
38 
39 SEC_BEGIN_PROTOS
40 
41 CERTSignedCrl *SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey,
42                                 int type);
43 
44 CERTSignedCrl *SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey,
45                                  int type);
46 
47 CERTSignedCrl *SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl,
48                                     int type);
49 
50 PRBool SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
51                                 CERTCertDBHandle *handle);
52 CERTSignedCrl *SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl,
53                           int type);
54 
55 SECStatus SEC_DeletePermCRL(CERTSignedCrl *crl);
56 
57 SECStatus SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes,
58                          int type);
59 
60 SECStatus SEC_DestroyCrl(CERTSignedCrl *crl);
61 
62 CERTSignedCrl *SEC_DupCrl(CERTSignedCrl *acrl);
63 
64 SECStatus CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
65                                  CERTCertTrust *trust);
66 
67 SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
68 
69 PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
70 
71 /*
72 ** Extract the validity times from a CRL
73 **	"crl" is the CRL
74 **	"notBefore" is the start of the validity period (last update)
75 **	"notAfter" is the end of the validity period (next update)
76 */
77 SECStatus SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
78 
79 /*
80 ** Check the validity times of a crl vs. time 't', allowing
81 ** some slop for broken clocks and stuff.
82 **	"crl" is the certificate to be checked
83 **	"t" is the time to check against
84 */
85 SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
86 
87 SEC_END_PROTOS
88 
89 #endif /* _CERTDB_H_ */
90