1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
14 * The Original Code is the Netscape security libraries.
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
35 * ***** END LICENSE BLOCK ***** */
41 static const char PKITM_CVS_ID[] = "@(#) $RCSfile: pkitm.h,v $ $Revision: 1.15.64.1 $ $Date: 2012/07/27 21:48:13 $";
47 * This file contains PKI-module specific types.
60 typedef enum nssCertIDMatchEnum {
61 nssCertIDMatch_Yes = 0,
62 nssCertIDMatch_No = 1,
63 nssCertIDMatch_Unknown = 2
69 * This is an interface to allow the PKI module access to certificate
70 * information that can only be found by decoding. The interface is
71 * generic, allowing each certificate type its own way of providing
74 struct nssDecodedCertStr {
75 NSSCertificateType type;
77 /* returns the unique identifier for the cert */
78 NSSItem * (*getIdentifier)(nssDecodedCert *dc);
79 /* returns the unique identifier for this cert's issuer */
80 void * (*getIssuerIdentifier)(nssDecodedCert *dc);
81 /* is id the identifier for this cert? */
82 nssCertIDMatch (*matchIdentifier)(nssDecodedCert *dc, void *id);
83 /* is this cert a valid CA cert? */
84 PRBool (*isValidIssuer)(nssDecodedCert *dc);
85 /* returns the cert usage */
86 NSSUsage * (*getUsage)(nssDecodedCert *dc);
87 /* is time within the validity period of the cert? */
88 PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time);
89 /* is the validity period of this cert newer than cmpdc? */
90 PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc);
91 /* does the usage for this cert match the requested usage? */
92 PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage);
93 /* is this cert trusted for the requested usage? */
94 PRBool (*isTrustedForUsage)(nssDecodedCert *dc,
95 const NSSUsage *usage);
96 /* extract the email address */
97 NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc);
98 /* extract the DER-encoded serial number */
99 PRStatus (*getDERSerialNumber)(nssDecodedCert *dc,
100 NSSDER *derSerial, NSSArena *arena);
105 SECCertUsage nss3usage;
106 PRBool nss3lookingForCA;
109 typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection;
114 PRStatus (* cert)(NSSCertificate *c, void *arg);
115 PRStatus (* crl)(NSSCRL *crl, void *arg);
116 PRStatus (* pvkey)(NSSPrivateKey *vk, void *arg);
117 PRStatus (* pbkey)(NSSPublicKey *bk, void *arg);
120 } nssPKIObjectCallback;