Add m-esr52 at 52.6.0

1 files changed, 547 insertions, 0 deletions

diff --git a/security/nss/lib/pki/pkim.h b/security/nss/lib/pki/pkim.h
new file mode 100644
index 000000000..3be3337cc
--- /dev/null
+++ b/security/nss/lib/pki/pkim.h
@@ -0,0 +1,547 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIM_H
+#define PKIM_H
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#ifndef PKI_H
+#include "pki.h"
+#endif /* PKI_H */
+
+#ifndef PKITM_H
+#include "pkitm.h"
+#endif /* PKITM_H */
+
+PR_BEGIN_EXTERN_C
+
+/* nssPKIObject
+ *
+ * This is the base object class, common to all PKI objects defined in
+ * in this module.  Each object can be safely 'casted' to an nssPKIObject,
+ * then passed to these methods.
+ *
+ * nssPKIObject_Create
+ * nssPKIObject_Destroy
+ * nssPKIObject_AddRef
+ * nssPKIObject_AddInstance
+ * nssPKIObject_HasInstance
+ * nssPKIObject_GetTokens
+ * nssPKIObject_GetNicknameForToken
+ * nssPKIObject_RemoveInstanceForToken
+ * nssPKIObject_DeleteStoredObject
+ */
+
+NSS_EXTERN void nssPKIObject_Lock(nssPKIObject *object);
+NSS_EXTERN void nssPKIObject_Unlock(nssPKIObject *object);
+NSS_EXTERN PRStatus nssPKIObject_NewLock(nssPKIObject *object,
+                                         nssPKILockType lockType);
+NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject *object);
+
+/* nssPKIObject_Create
+ *
+ * A generic PKI object.  It must live in a trust domain.  It may be
+ * initialized with a token instance, or alternatively in a crypto context.
+ */
+NSS_EXTERN nssPKIObject *
+nssPKIObject_Create(
+    NSSArena *arenaOpt,
+    nssCryptokiObject *instanceOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *ccOpt,
+    nssPKILockType lockType);
+
+/* nssPKIObject_AddRef
+ */
+NSS_EXTERN nssPKIObject *
+nssPKIObject_AddRef(nssPKIObject *object);
+
+/* nssPKIObject_Destroy
+ *
+ * Returns true if object was destroyed.  This notifies the subclass that
+ * all references are gone and it should delete any members it owns.
+ */
+NSS_EXTERN PRBool
+nssPKIObject_Destroy(nssPKIObject *object);
+
+/* nssPKIObject_AddInstance
+ *
+ * Add a token instance to the object, if it does not have it already.
+ */
+NSS_EXTERN PRStatus
+nssPKIObject_AddInstance(
+    nssPKIObject *object,
+    nssCryptokiObject *instance);
+
+/* nssPKIObject_HasInstance
+ *
+ * Query the object for a token instance.
+ */
+NSS_EXTERN PRBool
+nssPKIObject_HasInstance(
+    nssPKIObject *object,
+    nssCryptokiObject *instance);
+
+/* nssPKIObject_GetTokens
+ *
+ * Get all tokens which have an instance of the object.
+ */
+NSS_EXTERN NSSToken **
+nssPKIObject_GetTokens(
+    nssPKIObject *object,
+    PRStatus *statusOpt);
+
+/* nssPKIObject_GetNicknameForToken
+ *
+ * tokenOpt == NULL means take the first available, otherwise return the
+ * nickname for the specified token.
+ */
+NSS_EXTERN NSSUTF8 *
+nssPKIObject_GetNicknameForToken(
+    nssPKIObject *object,
+    NSSToken *tokenOpt);
+
+/* nssPKIObject_RemoveInstanceForToken
+ *
+ * Remove the instance of the object on the specified token.
+ */
+NSS_EXTERN PRStatus
+nssPKIObject_RemoveInstanceForToken(
+    nssPKIObject *object,
+    NSSToken *token);
+
+/* nssPKIObject_DeleteStoredObject
+ *
+ * Delete all token instances of the object, as well as any crypto context
+ * instances (TODO).  If any of the instances are read-only, or if the
+ * removal fails, the object will keep those instances.  'isFriendly' refers
+ * to the object -- can this object be removed from a friendly token without
+ * login?  For example, certificates are friendly, private keys are not.
+ * Note that if the token is not friendly, authentication will be required
+ * regardless of the value of 'isFriendly'.
+ */
+NSS_EXTERN PRStatus
+nssPKIObject_DeleteStoredObject(
+    nssPKIObject *object,
+    NSSCallback *uhh,
+    PRBool isFriendly);
+
+NSS_EXTERN nssCryptokiObject **
+nssPKIObject_GetInstances(
+    nssPKIObject *object);
+
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_FindCertificatesByID(
+    NSSTrustDomain *td,
+    NSSItem *id,
+    NSSCertificate **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCRL **
+nssTrustDomain_FindCRLsBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject);
+
+/* module-private nsspki methods */
+
+NSS_EXTERN NSSCryptoContext *
+nssCryptoContext_Create(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt);
+
+/* XXX for the collection */
+NSS_EXTERN NSSCertificate *
+nssCertificate_Create(nssPKIObject *object);
+
+NSS_EXTERN PRStatus
+nssCertificate_SetCertTrust(
+    NSSCertificate *c,
+    NSSTrust *trust);
+
+NSS_EXTERN nssDecodedCert *
+nssCertificate_GetDecoding(NSSCertificate *c);
+
+extern PRIntn
+nssCertificate_SubjectListSort(
+    void *v1,
+    void *v2);
+
+NSS_EXTERN nssDecodedCert *
+nssDecodedCert_Create(
+    NSSArena *arenaOpt,
+    NSSDER *encoding,
+    NSSCertificateType type);
+
+NSS_EXTERN PRStatus
+nssDecodedCert_Destroy(nssDecodedCert *dc);
+
+NSS_EXTERN NSSTrust *
+nssTrust_Create(
+    nssPKIObject *object,
+    NSSItem *certData);
+
+NSS_EXTERN NSSCRL *
+nssCRL_Create(nssPKIObject *object);
+
+NSS_EXTERN NSSCRL *
+nssCRL_AddRef(NSSCRL *crl);
+
+NSS_EXTERN PRStatus
+nssCRL_Destroy(NSSCRL *crl);
+
+NSS_EXTERN PRStatus
+nssCRL_DeleteStoredObject(
+    NSSCRL *crl,
+    NSSCallback *uhh);
+
+NSS_EXTERN NSSPrivateKey *
+nssPrivateKey_Create(nssPKIObject *o);
+
+NSS_EXTERN NSSDER *
+nssCRL_GetEncoding(NSSCRL *crl);
+
+NSS_EXTERN NSSPublicKey *
+nssPublicKey_Create(nssPKIObject *object);
+
+/* nssCertificateArray
+ *
+ * These are being thrown around a lot, might as well group together some
+ * functionality.
+ *
+ * nssCertificateArray_Destroy
+ * nssCertificateArray_Join
+ * nssCertificateArray_FindBestCertificate
+ * nssCertificateArray_Traverse
+ */
+
+/* nssCertificateArray_Destroy
+ *
+ * Will destroy the array and the certs within it.  If the array was created
+ * in an arena, will *not* (of course) destroy the arena.  However, is safe
+ * to call this method on an arena-allocated array.
+ */
+NSS_EXTERN void
+nssCertificateArray_Destroy(NSSCertificate **certs);
+
+/* nssCertificateArray_Join
+ *
+ * Join two arrays into one.  The two arrays, certs1 and certs2, should
+ * be considered invalid after a call to this function (they may be destroyed
+ * as part of the join).  certs1 and/or certs2 may be NULL.  Safe to
+ * call with arrays allocated in an arena, the result will also be in the
+ * arena.
+ */
+NSS_EXTERN NSSCertificate **
+nssCertificateArray_Join(
+    NSSCertificate **certs1,
+    NSSCertificate **certs2);
+
+/* nssCertificateArray_FindBestCertificate
+ *
+ * Use the usual { time, usage, policies } to find the best cert in the
+ * array.
+ */
+NSS_EXTERN NSSCertificate *
+nssCertificateArray_FindBestCertificate(
+    NSSCertificate **certs,
+    NSSTime *timeOpt,
+    const NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/* nssCertificateArray_Traverse
+ *
+ * Do the callback for each cert, terminate the traversal if the callback
+ * fails.
+ */
+NSS_EXTERN PRStatus
+nssCertificateArray_Traverse(
+    NSSCertificate **certs,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg);
+
+NSS_EXTERN void
+nssCRLArray_Destroy(NSSCRL **crls);
+
+/* nssPKIObjectCollection
+ *
+ * This is a handy way to group objects together and perform operations
+ * on them.  It can also handle "proto-objects"-- references to
+ * objects instances on tokens, where the actual object hasn't
+ * been formed yet.
+ *
+ * nssCertificateCollection_Create
+ * nssPrivateKeyCollection_Create
+ * nssPublicKeyCollection_Create
+ *
+ * If this was a language that provided for inheritance, each type would
+ * inherit all of the following methods.  Instead, there is only one
+ * type (nssPKIObjectCollection), shared among all.  This may cause
+ * confusion; an alternative would be to define all of the methods
+ * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't
+ * seem worth the code bloat..  It is left up to the caller to remember
+ * what type of collection he/she is dealing with.
+ *
+ * nssPKIObjectCollection_Destroy
+ * nssPKIObjectCollection_Count
+ * nssPKIObjectCollection_AddObject
+ * nssPKIObjectCollection_AddInstances
+ * nssPKIObjectCollection_Traverse
+ *
+ * Back to type-specific methods.
+ *
+ * nssPKIObjectCollection_GetCertificates
+ * nssPKIObjectCollection_GetCRLs
+ * nssPKIObjectCollection_GetPrivateKeys
+ * nssPKIObjectCollection_GetPublicKeys
+ */
+
+/* nssCertificateCollection_Create
+ *
+ * Create a collection of certificates in the specified trust domain.
+ * Optionally provide a starting set of certs.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssCertificateCollection_Create(
+    NSSTrustDomain *td,
+    NSSCertificate **certsOpt);
+
+/* nssCRLCollection_Create
+ *
+ * Create a collection of CRLs/KRLs in the specified trust domain.
+ * Optionally provide a starting set of CRLs.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssCRLCollection_Create(
+    NSSTrustDomain *td,
+    NSSCRL **crlsOpt);
+
+/* nssPrivateKeyCollection_Create
+ *
+ * Create a collection of private keys in the specified trust domain.
+ * Optionally provide a starting set of keys.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssPrivateKeyCollection_Create(
+    NSSTrustDomain *td,
+    NSSPrivateKey **pvkOpt);
+
+/* nssPublicKeyCollection_Create
+ *
+ * Create a collection of public keys in the specified trust domain.
+ * Optionally provide a starting set of keys.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssPublicKeyCollection_Create(
+    NSSTrustDomain *td,
+    NSSPublicKey **pvkOpt);
+
+/* nssPKIObjectCollection_Destroy
+ */
+NSS_EXTERN void
+nssPKIObjectCollection_Destroy(nssPKIObjectCollection *collection);
+
+/* nssPKIObjectCollection_Count
+ */
+NSS_EXTERN PRUint32
+nssPKIObjectCollection_Count(nssPKIObjectCollection *collection);
+
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_AddObject(
+    nssPKIObjectCollection *collection,
+    nssPKIObject *object);
+
+/* nssPKIObjectCollection_AddInstances
+ *
+ * Add a set of object instances to the collection.  The instances
+ * will be sorted into any existing certs/proto-certs that may be in
+ * the collection.  The instances will be absorbed by the collection,
+ * the array should not be used after this call (except to free it).
+ *
+ * Failure means the collection is in an invalid state.
+ *
+ * numInstances = 0 means the array is NULL-terminated
+ */
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_AddInstances(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject **instances,
+    PRUint32 numInstances);
+
+/* nssPKIObjectCollection_Traverse
+ */
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_Traverse(
+    nssPKIObjectCollection *collection,
+    nssPKIObjectCallback *callback);
+
+/* This function is being added for NSS 3.5.  It corresponds to the function
+ * nssToken_TraverseCertificates.  The idea is to use the collection during
+ * a traversal, creating certs each time a new instance is added for which
+ * a cert does not already exist.
+ */
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_AddInstanceAsObject(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject *instance);
+
+/* nssPKIObjectCollection_GetCertificates
+ *
+ * Get all of the certificates in the collection.
+ */
+NSS_EXTERN NSSCertificate **
+nssPKIObjectCollection_GetCertificates(
+    nssPKIObjectCollection *collection,
+    NSSCertificate **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCRL **
+nssPKIObjectCollection_GetCRLs(
+    nssPKIObjectCollection *collection,
+    NSSCRL **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSPrivateKey **
+nssPKIObjectCollection_GetPrivateKeys(
+    nssPKIObjectCollection *collection,
+    NSSPrivateKey **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSPublicKey **
+nssPKIObjectCollection_GetPublicKeys(
+    nssPKIObjectCollection *collection,
+    NSSPublicKey **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSTime *
+NSSTime_Now(NSSTime *timeOpt);
+
+NSS_EXTERN NSSTime *
+NSSTime_SetPRTime(
+    NSSTime *timeOpt,
+    PRTime prTime);
+
+NSS_EXTERN PRTime
+NSSTime_GetPRTime(
+    NSSTime *time);
+
+NSS_EXTERN nssHash *
+nssHash_CreateCertificate(
+    NSSArena *arenaOpt,
+    PRUint32 numBuckets);
+
+/* 3.4 Certificate cache routines */
+
+NSS_EXTERN PRStatus
+nssTrustDomain_InitializeCache(
+    NSSTrustDomain *td,
+    PRUint32 cacheSize);
+
+NSS_EXTERN PRStatus
+nssTrustDomain_AddCertsToCache(
+    NSSTrustDomain *td,
+    NSSCertificate **certs,
+    PRUint32 numCerts);
+
+NSS_EXTERN void
+nssTrustDomain_RemoveCertFromCacheLOCKED(
+    NSSTrustDomain *td,
+    NSSCertificate *cert);
+
+NSS_EXTERN void
+nssTrustDomain_LockCertCache(NSSTrustDomain *td);
+
+NSS_EXTERN void
+nssTrustDomain_UnlockCertCache(NSSTrustDomain *td);
+
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_DestroyCache(NSSTrustDomain *td);
+
+/*
+ * Remove all certs for the given token from the cache.  This is
+ * needed if the token is removed.
+ */
+NSS_EXTERN PRStatus
+nssTrustDomain_RemoveTokenCertsFromCache(
+    NSSTrustDomain *td,
+    NSSToken *token);
+
+NSS_EXTERN PRStatus
+nssTrustDomain_UpdateCachedTokenCerts(
+    NSSTrustDomain *td,
+    NSSToken *token);
+
+/*
+ * Find all cached certs with this nickname (label).
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsForNicknameFromCache(
+    NSSTrustDomain *td,
+    const NSSUTF8 *nickname,
+    nssList *certListOpt);
+
+/*
+ * Find all cached certs with this email address.
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsForEmailAddressFromCache(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    nssList *certListOpt);
+
+/*
+ * Find all cached certs with this subject.
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsForSubjectFromCache(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    nssList *certListOpt);
+
+/*
+ * Look for a specific cert in the cache.
+ */
+NSS_EXTERN NSSCertificate *
+nssTrustDomain_GetCertForIssuerAndSNFromCache(
+    NSSTrustDomain *td,
+    NSSDER *issuer,
+    NSSDER *serialNum);
+
+/*
+ * Look for a specific cert in the cache.
+ */
+NSS_EXTERN NSSCertificate *
+nssTrustDomain_GetCertByDERFromCache(
+    NSSTrustDomain *td,
+    NSSDER *der);
+
+/* Get all certs from the cache */
+/* XXX this is being included to make some old-style calls word, not to
+ *     say we should keep it
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsFromCache(
+    NSSTrustDomain *td,
+    nssList *certListOpt);
+
+NSS_EXTERN void
+nssTrustDomain_DumpCacheInfo(
+    NSSTrustDomain *td,
+    void (*cert_dump_iter)(const void *, void *, void *),
+    void *arg);
+
+NSS_EXTERN void
+nssCertificateList_AddReferences(
+    nssList *certList);
+
+PR_END_EXTERN_C
+
+#endif /* PKIM_H */