diff options
Diffstat (limited to 'security/nss/lib/libpkix/include/pkixt.h')
-rwxr-xr-x | security/nss/lib/libpkix/include/pkixt.h | 485 |
1 files changed, 485 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/include/pkixt.h b/security/nss/lib/libpkix/include/pkixt.h new file mode 100755 index 000000000..71997f700 --- /dev/null +++ b/security/nss/lib/libpkix/include/pkixt.h @@ -0,0 +1,485 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * This file defines the types in the libpkix API. + * XXX Maybe we should specify the API version number in all API header files + * + */ + +#ifndef _PKIXT_H +#define _PKIXT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "secerr.h" + +/* Types + * + * This header file provides typedefs for the abstract types used by libpkix. + * It also provides several useful macros. + * + * Note that all these abstract types are typedef'd as opaque structures. This + * is intended to discourage the caller from looking at the contents directly, + * since the format of the contents may change from one version of the library + * to the next. Instead, callers should only access these types using the + * functions defined in the public header files. + * + * An instance of an abstract type defined in this file is called an "object" + * here, although C does not have real support for objects. + * + * Because C does not typically have automatic garbage collection, the caller + * is expected to release the reference to any object that they create or that + * is returned to them by a libpkix function. The caller should do this by + * using the PKIX_PL_Object_DecRef function. Note that the caller should not + * release the reference to an object if the object has been passed to a + * libpkix function and that function has not returned. + * + * Please refer to libpkix Programmer's Guide for more details. + */ + +/* Version + * + * These macros specify the major and minor version of the libpkix API defined + * by this header file. + */ + +#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0) +#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3) + +/* Maximum minor version + * + * This macro is used to specify that the caller wants the largest minor + * version available. + */ + +#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000) + +/* Define Cert Store type for database access */ +#define PKIX_STORE_TYPE_NONE 0 +#define PKIX_STORE_TYPE_PK11 1 + +/* Portable Code (PC) data types + * + * These types are used to perform the primary operations of this library: + * building and validating chains of X.509 certificates. + */ + +typedef struct PKIX_ErrorStruct PKIX_Error; +typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams; +typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams; +typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult; +typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits; +typedef struct PKIX_BuildResultStruct PKIX_BuildResult; +typedef struct PKIX_CertStoreStruct PKIX_CertStore; +typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker; +typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker; +typedef struct PKIX_CertSelectorStruct PKIX_CertSelector; +typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector; +typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams; +typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams; +typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor; +typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode; +typedef struct PKIX_LoggerStruct PKIX_Logger; +typedef struct PKIX_ListStruct PKIX_List; +typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState; +typedef struct PKIX_DefaultRevocationCheckerStruct + PKIX_DefaultRevocationChecker; +typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode; + +/* Portability Layer (PL) data types + * + * These types are used are used as portable data types that are defined + * consistently across platforms + */ + +typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext; +typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object; +typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray; +typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable; +typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex; +typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock; +typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock; +typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt; +typedef struct PKIX_PL_StringStruct PKIX_PL_String; +typedef struct PKIX_PL_OIDStruct PKIX_PL_OID; +typedef struct PKIX_PL_CertStruct PKIX_PL_Cert; +typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName; +typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name; +typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey; +typedef struct PKIX_PL_DateStruct PKIX_PL_Date; +typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints; +typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints; +typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies; +typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo; +typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier; +typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap; +typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL; +typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry; +typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore; +typedef struct PKIX_PL_CollectionCertStoreContext + PKIX_PL_CollectionCertStoreContext; +typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext; +typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest; +typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse; +typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient; +typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket; +typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess; +typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr; +typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID; +typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest; +typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse; +typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient; +typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient; +typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext; + +/* Primitive types + * + * In order to guarantee desired behavior as well as platform-independence, we + * typedef these types depending on the platform. XXX This needs more work! + */ + +/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32. + * We don't know what type is at least 32 bits long. ISO C probably requires + * at least 32 bits for long. we could default to that and only list platforms + * where that's not true. + * + * #elif + * #error + * #endif + */ + +/* currently, int is 32 bits on all our supported platforms */ + +typedef unsigned int PKIX_UInt32; +typedef int PKIX_Int32; + +typedef int PKIX_Boolean; + +/* Object Types + * + * Every reference-counted PKIX_PL_Object is associated with an integer type. + */ +#define PKIX_TYPES \ + TYPEMACRO(AIAMGR), \ + TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \ + TYPEMACRO(BIGINT), \ + TYPEMACRO(BUILDRESULT), \ + TYPEMACRO(BYTEARRAY), \ + TYPEMACRO(CERT), \ + TYPEMACRO(CERTBASICCONSTRAINTS), \ + TYPEMACRO(CERTCHAINCHECKER), \ + TYPEMACRO(CERTNAMECONSTRAINTS), \ + TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \ + TYPEMACRO(CERTPOLICYCHECKERSTATE), \ + TYPEMACRO(CERTPOLICYINFO), \ + TYPEMACRO(CERTPOLICYMAP), \ + TYPEMACRO(CERTPOLICYNODE), \ + TYPEMACRO(CERTPOLICYQUALIFIER), \ + TYPEMACRO(CERTSELECTOR), \ + TYPEMACRO(CERTSTORE), \ + TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \ + TYPEMACRO(COMCERTSELPARAMS), \ + TYPEMACRO(COMCRLSELPARAMS), \ + TYPEMACRO(CRL), \ + TYPEMACRO(CRLDP), \ + TYPEMACRO(CRLENTRY), \ + TYPEMACRO(CRLSELECTOR), \ + TYPEMACRO(DATE), \ + TYPEMACRO(CRLCHECKER), \ + TYPEMACRO(EKUCHECKER), \ + TYPEMACRO(ERROR), \ + TYPEMACRO(FORWARDBUILDERSTATE), \ + TYPEMACRO(GENERALNAME), \ + TYPEMACRO(HASHTABLE), \ + TYPEMACRO(HTTPCERTSTORECONTEXT), \ + TYPEMACRO(HTTPDEFAULTCLIENT), \ + TYPEMACRO(INFOACCESS), \ + TYPEMACRO(LDAPDEFAULTCLIENT), \ + TYPEMACRO(LDAPREQUEST), \ + TYPEMACRO(LDAPRESPONSE), \ + TYPEMACRO(LIST), \ + TYPEMACRO(LOGGER), \ + TYPEMACRO(MONITORLOCK), \ + TYPEMACRO(MUTEX), \ + TYPEMACRO(OBJECT), \ + TYPEMACRO(OCSPCERTID), \ + TYPEMACRO(OCSPCHECKER), \ + TYPEMACRO(OCSPREQUEST), \ + TYPEMACRO(OCSPRESPONSE), \ + TYPEMACRO(OID), \ + TYPEMACRO(REVOCATIONCHECKER), \ + TYPEMACRO(PROCESSINGPARAMS), \ + TYPEMACRO(PUBLICKEY), \ + TYPEMACRO(RESOURCELIMITS), \ + TYPEMACRO(RWLOCK), \ + TYPEMACRO(SIGNATURECHECKERSTATE), \ + TYPEMACRO(SOCKET), \ + TYPEMACRO(STRING), \ + TYPEMACRO(TARGETCERTCHECKERSTATE), \ + TYPEMACRO(TRUSTANCHOR), \ + TYPEMACRO(VALIDATEPARAMS), \ + TYPEMACRO(VALIDATERESULT), \ + TYPEMACRO(VERIFYNODE), \ + TYPEMACRO(X500NAME) + +#define TYPEMACRO(type) PKIX_ ## type ## _TYPE + +typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */ + PKIX_TYPES, + PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */ +} PKIX_TYPENUM; + + +#ifdef PKIX_USER_OBJECT_TYPE + +/* User Define Object Types + * + * User may define their own object types offset from PKIX_USER_OBJECT_TYPE + */ +#define PKIX_USER_OBJECT_TYPEBASE 1000 + +#endif /* PKIX_USER_OBJECT_TYPE */ + +/* Error Codes + * + * This list is used to define a set of PKIX_Error exception class numbers. + * ERRMACRO is redefined to produce a corresponding set of + * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in + * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then + * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is + * initialized in pkix_error.c with the value "MUTEX". + */ +#define PKIX_ERRORCLASSES \ + ERRMACRO(AIAMGR), \ + ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \ + ERRMACRO(BIGINT), \ + ERRMACRO(BUILD), \ + ERRMACRO(BUILDRESULT), \ + ERRMACRO(BYTEARRAY), \ + ERRMACRO(CERT), \ + ERRMACRO(CERTBASICCONSTRAINTS), \ + ERRMACRO(CERTCHAINCHECKER), \ + ERRMACRO(CERTNAMECONSTRAINTS), \ + ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \ + ERRMACRO(CERTPOLICYCHECKERSTATE), \ + ERRMACRO(CERTPOLICYINFO), \ + ERRMACRO(CERTPOLICYMAP), \ + ERRMACRO(CERTPOLICYNODE), \ + ERRMACRO(CERTPOLICYQUALIFIER), \ + ERRMACRO(CERTSELECTOR), \ + ERRMACRO(CERTSTORE), \ + ERRMACRO(CERTVFYPKIX), \ + ERRMACRO(COLLECTIONCERTSTORECONTEXT), \ + ERRMACRO(COMCERTSELPARAMS), \ + ERRMACRO(COMCRLSELPARAMS), \ + ERRMACRO(CONTEXT), \ + ERRMACRO(CRL), \ + ERRMACRO(CRLDP), \ + ERRMACRO(CRLENTRY), \ + ERRMACRO(CRLSELECTOR), \ + ERRMACRO(CRLCHECKER), \ + ERRMACRO(DATE), \ + ERRMACRO(EKUCHECKER), \ + ERRMACRO(ERROR), \ + ERRMACRO(FATAL), \ + ERRMACRO(FORWARDBUILDERSTATE), \ + ERRMACRO(GENERALNAME), \ + ERRMACRO(HASHTABLE), \ + ERRMACRO(HTTPCERTSTORECONTEXT), \ + ERRMACRO(HTTPDEFAULTCLIENT), \ + ERRMACRO(INFOACCESS), \ + ERRMACRO(LDAPCLIENT), \ + ERRMACRO(LDAPDEFAULTCLIENT), \ + ERRMACRO(LDAPREQUEST), \ + ERRMACRO(LDAPRESPONSE), \ + ERRMACRO(LIFECYCLE), \ + ERRMACRO(LIST), \ + ERRMACRO(LOGGER), \ + ERRMACRO(MEM), \ + ERRMACRO(MONITORLOCK), \ + ERRMACRO(MUTEX), \ + ERRMACRO(OBJECT), \ + ERRMACRO(OCSPCERTID), \ + ERRMACRO(OCSPCHECKER), \ + ERRMACRO(OCSPREQUEST), \ + ERRMACRO(OCSPRESPONSE), \ + ERRMACRO(OID), \ + ERRMACRO(PROCESSINGPARAMS), \ + ERRMACRO(PUBLICKEY), \ + ERRMACRO(RESOURCELIMITS), \ + ERRMACRO(REVOCATIONMETHOD), \ + ERRMACRO(REVOCATIONCHECKER), \ + ERRMACRO(RWLOCK), \ + ERRMACRO(SIGNATURECHECKERSTATE), \ + ERRMACRO(SOCKET), \ + ERRMACRO(STRING), \ + ERRMACRO(TARGETCERTCHECKERSTATE), \ + ERRMACRO(TRUSTANCHOR), \ + ERRMACRO(USERDEFINEDMODULES), \ + ERRMACRO(VALIDATE), \ + ERRMACRO(VALIDATEPARAMS), \ + ERRMACRO(VALIDATERESULT), \ + ERRMACRO(VERIFYNODE), \ + ERRMACRO(X500NAME) + +#define ERRMACRO(type) PKIX_ ## type ## _ERROR + +typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */ + PKIX_ERRORCLASSES, + PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */ +} PKIX_ERRORCLASS; + +/* Now define error strings (for internationalization) */ + +#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name + +/* Define all the error numbers */ +typedef enum { +#include "pkix_errorstrings.h" +, PKIX_NUMERRORCODES +} PKIX_ERRORCODE; + +extern const char * const PKIX_ErrorText[]; + +/* String Formats + * + * These formats specify supported encoding formats for Strings. + */ + +#define PKIX_ESCASCII 0 +#define PKIX_UTF8 1 +#define PKIX_UTF16 2 +#define PKIX_UTF8_NULL_TERM 3 +#define PKIX_ESCASCII_DEBUG 4 + +/* Name Types + * + * These types specify supported formats for GeneralNames. + */ + +#define PKIX_OTHER_NAME 1 +#define PKIX_RFC822_NAME 2 +#define PKIX_DNS_NAME 3 +#define PKIX_X400_ADDRESS 4 +#define PKIX_DIRECTORY_NAME 5 +#define PKIX_EDIPARTY_NAME 6 +#define PKIX_URI_NAME 7 +#define PKIX_IP_NAME 8 +#define PKIX_OID_NAME 9 + +/* Key Usages + * + * These types specify supported Key Usages + */ + +#define PKIX_DIGITAL_SIGNATURE 0x001 +#define PKIX_NON_REPUDIATION 0x002 +#define PKIX_KEY_ENCIPHERMENT 0x004 +#define PKIX_DATA_ENCIPHERMENT 0x008 +#define PKIX_KEY_AGREEMENT 0x010 +#define PKIX_KEY_CERT_SIGN 0x020 +#define PKIX_CRL_SIGN 0x040 +#define PKIX_ENCIPHER_ONLY 0x080 +#define PKIX_DECIPHER_ONLY 0x100 + +/* Reason Flags + * + * These macros specify supported Reason Flags + */ + +#define PKIX_UNUSED 0x001 +#define PKIX_KEY_COMPROMISE 0x002 +#define PKIX_CA_COMPROMISE 0x004 +#define PKIX_AFFILIATION_CHANGED 0x008 +#define PKIX_SUPERSEDED 0x010 +#define PKIX_CESSATION_OF_OPERATION 0x020 +#define PKIX_CERTIFICATE_HOLD 0x040 +#define PKIX_PRIVILEGE_WITHDRAWN 0x080 +#define PKIX_AA_COMPROMISE 0x100 + +/* Boolean values + * + * These macros specify the Boolean values of TRUE and FALSE + * XXX Is it the case that any non-zero value is actually considered TRUE + * and this is just a convenient mnemonic macro? + */ + +#define PKIX_TRUE ((PKIX_Boolean) 1) +#define PKIX_FALSE ((PKIX_Boolean) 0) + +/* + * Define constants for basic constraints selector + * (see comments in pkix_certsel.h) + */ + +#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2) +#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1) + +/* + * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o + * object file. It is thrown if system memory cannot be allocated or may be + * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable. + * IncRef, DecRef and all Settor functions cannot be called. + * XXX Does anyone actually need to know about this? + * XXX Why no DecRef? Would be good to handle it the same. + */ + +PKIX_Error* PKIX_ALLOC_ERROR(void); + +/* + * In a CertBasicConstraints extension, if the CA flag is set, + * indicating the certificate refers to a Certification + * Authority, then the pathLen field indicates how many intermediate + * certificates (not counting self-signed ones) can exist in a valid + * chain following this certificate. If the pathLen has the value + * of this constant, then the length of the chain is unlimited + */ +#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1) + +/* + * Define Certificate Extension hard-coded OID's + */ +#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN +#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE +#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME +#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS +#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE +#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS +#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES +#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY +#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS +#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS +#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE +#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY +#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE +#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH +#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH +#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN +#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT +#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP +#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER + + +/* Available revocation method types. */ +typedef enum PKIX_RevocationMethodTypeEnum { + PKIX_RevocationMethod_CRL = 0, + PKIX_RevocationMethod_OCSP, + PKIX_RevocationMethod_MAX +} PKIX_RevocationMethodType; + +/* A set of statuses revocation checker operates on */ +typedef enum PKIX_RevocationStatusEnum { + PKIX_RevStatus_NoInfo = 0, + PKIX_RevStatus_Revoked, + PKIX_RevStatus_Success +} PKIX_RevocationStatus; + + +#ifdef __cplusplus +} +#endif + +#endif /* _PKIXT_H */ |