PageRenderTime 15ms CodeModel.GetById 3ms app.highlight 7ms RepoModel.GetById 2ms app.codeStats 0ms

/gecko_api/include/nss.h

http://firefox-mac-pdf.googlecode.com/
C++ Header | 265 lines | 66 code | 23 blank | 176 comment | 0 complexity | ebe123ffa9bf247745b26ce452540199 MD5 | raw file
  1/*
  2 * NSS utility functions
  3 *
  4 * ***** BEGIN LICENSE BLOCK *****
  5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  6 *
  7 * The contents of this file are subject to the Mozilla Public License Version
  8 * 1.1 (the "License"); you may not use this file except in compliance with
  9 * the License. You may obtain a copy of the License at
 10 * http://www.mozilla.org/MPL/
 11 *
 12 * Software distributed under the License is distributed on an "AS IS" basis,
 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 14 * for the specific language governing rights and limitations under the
 15 * License.
 16 *
 17 * The Original Code is the Netscape security libraries.
 18 *
 19 * The Initial Developer of the Original Code is
 20 * Netscape Communications Corporation.
 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 22 * the Initial Developer. All Rights Reserved.
 23 *
 24 * Contributor(s):
 25 *
 26 * Alternatively, the contents of this file may be used under the terms of
 27 * either the GNU General Public License Version 2 or later (the "GPL"), or
 28 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 29 * in which case the provisions of the GPL or the LGPL are applicable instead
 30 * of those above. If you wish to allow use of your version of this file only
 31 * under the terms of either the GPL or the LGPL, and not to allow others to
 32 * use your version of this file under the terms of the MPL, indicate your
 33 * decision by deleting the provisions above and replace them with the notice
 34 * and other provisions required by the GPL or the LGPL. If you do not delete
 35 * the provisions above, a recipient may use your version of this file under
 36 * the terms of any one of the MPL, the GPL or the LGPL.
 37 *
 38 * ***** END LICENSE BLOCK ***** */
 39/* $Id: nss.h,v 1.56.2.1 2008/04/17 20:18:48 christophe.ravel.bugs%sun.com Exp $ */
 40
 41#ifndef __nss_h_
 42#define __nss_h_
 43
 44#include "seccomon.h"
 45
 46SEC_BEGIN_PROTOS
 47
 48/* The private macro _NSS_ECC_STRING is for NSS internal use only. */
 49#ifdef NSS_ENABLE_ECC
 50#ifdef NSS_ECC_MORE_THAN_SUITE_B
 51#define _NSS_ECC_STRING " Extended ECC"
 52#else
 53#define _NSS_ECC_STRING " Basic ECC"
 54#endif
 55#else
 56#define _NSS_ECC_STRING ""
 57#endif
 58
 59/* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */
 60#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
 61#define _NSS_CUSTOMIZED " (Customized build)"
 62#else
 63#define _NSS_CUSTOMIZED 
 64#endif
 65
 66/*
 67 * NSS's major version, minor version, patch level, and whether
 68 * this is a beta release.
 69 *
 70 * The format of the version string should be
 71 *     "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
 72 */
 73#define NSS_VERSION  "3.12.0.2" _NSS_ECC_STRING _NSS_CUSTOMIZED
 74#define NSS_VMAJOR   3
 75#define NSS_VMINOR   12
 76#define NSS_VPATCH   0
 77#define NSS_BETA     PR_FALSE
 78
 79/*
 80 * Return a boolean that indicates whether the underlying library
 81 * will perform as the caller expects.
 82 *
 83 * The only argument is a string, which should be the verson
 84 * identifier of the NSS library. That string will be compared
 85 * against a string that represents the actual build version of
 86 * the NSS library.  It also invokes the version checking functions
 87 * of the dependent libraries such as NSPR.
 88 */
 89extern PRBool NSS_VersionCheck(const char *importedVersion);
 90
 91/*
 92 * Open the Cert, Key, and Security Module databases, read only.
 93 * Initialize the Random Number Generator.
 94 * Does not initialize the cipher policies or enables.
 95 * Default policy settings disallow all ciphers.
 96 */
 97extern SECStatus NSS_Init(const char *configdir);
 98
 99/*
100 * Returns whether NSS has already been initialized or not.
101 */
102extern PRBool NSS_IsInitialized(void);
103
104/*
105 * Open the Cert, Key, and Security Module databases, read/write.
106 * Initialize the Random Number Generator.
107 * Does not initialize the cipher policies or enables.
108 * Default policy settings disallow all ciphers.
109 */
110extern SECStatus NSS_InitReadWrite(const char *configdir);
111
112/*
113 * Open the Cert, Key, and Security Module databases, read/write.
114 * Initialize the Random Number Generator.
115 * Does not initialize the cipher policies or enables.
116 * Default policy settings disallow all ciphers.
117 *
118 * This allows using application defined prefixes for the cert and key db's
119 * and an alternate name for the secmod database. NOTE: In future releases,
120 * the database prefixes my not necessarily map to database names.
121 *
122 * configdir - base directory where all the cert, key, and module datbases live.
123 * certPrefix - prefix added to the beginning of the cert database example: "
124 * 			"https-server1-"
125 * keyPrefix - prefix added to the beginning of the key database example: "
126 * 			"https-server1-"
127 * secmodName - name of the security module database (usually "secmod.db").
128 * flags - change the open options of NSS_Initialize as follows:
129 * 	NSS_INIT_READONLY - Open the databases read only.
130 * 	NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just 
131 * 			initialize the volatile certdb.
132 * 	NSS_INIT_NOMODDB  - Don't open the security module DB, just 
133 *			initialize the 	PKCS #11 module.
134 *      NSS_INIT_FORCEOPEN - Continue to force initializations even if the 
135 * 			databases cannot be opened.
136 *      NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
137 *			automatically.
138 *      NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
139 *      NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
140 *                      thread-safe, ie. that support locking - either OS
141 *                      locking or NSS-provided locks . If a PKCS#11
142 *                      module isn't thread-safe, don't serialize its
143 *                      calls; just don't load it instead. This is necessary
144 *                      if another piece of code is using the same PKCS#11
145 *                      modules that NSS is accessing without going through
146 *                      NSS, for example the Java SunPKCS11 provider.
147 *      NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
148 *                      error when loading PKCS#11 modules. This is necessary
149 *                      if another piece of code is using the same PKCS#11
150 *                      modules that NSS is accessing without going through
151 *                      NSS, for example Java SunPKCS11 provider.
152 *      NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
153 *                      PKCS#11 module. This may be necessary in order to
154 *                      ensure continuous operation and proper shutdown
155 *                      sequence if another piece of code is using the same
156 *                      PKCS#11 modules that NSS is accessing without going
157 *                      through NSS, for example Java SunPKCS11 provider.
158 *                      The following limitation applies when this is set :
159 *                      SECMOD_WaitForAnyTokenEvent will not use
160 *                      C_WaitForSlotEvent, in order to prevent the need for
161 *                      C_Finalize. This call will be emulated instead.
162 *      NSS_INIT_RESERVED - Currently has no effect, but may be used in the
163 *                      future to trigger better cooperation between PKCS#11
164 *                      modules used by both NSS and the Java SunPKCS11
165 *                      provider. This should occur after a new flag is defined
166 *                      for C_Initialize by the PKCS#11 working group.
167 *      NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
168 *                      use both NSS and the Java SunPKCS11 provider.
169 *
170 * Also NOTE: This is not the recommended method for initializing NSS. 
171 * The prefered method is NSS_init().
172 */
173#define NSS_INIT_READONLY	0x1
174#define NSS_INIT_NOCERTDB	0x2
175#define NSS_INIT_NOMODDB	0x4
176#define NSS_INIT_FORCEOPEN	0x8
177#define NSS_INIT_NOROOTINIT     0x10
178#define NSS_INIT_OPTIMIZESPACE  0x20
179#define NSS_INIT_PK11THREADSAFE   0x40
180#define NSS_INIT_PK11RELOAD       0x80
181#define NSS_INIT_NOPK11FINALIZE   0x100
182#define NSS_INIT_RESERVED         0x200
183
184#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \
185        NSS_INIT_PK11RELOAD | \
186        NSS_INIT_NOPK11FINALIZE | \
187        NSS_INIT_RESERVED
188
189#ifdef macintosh
190#define SECMOD_DB "Security Modules"
191#else
192#define SECMOD_DB "secmod.db"
193#endif
194
195extern SECStatus NSS_Initialize(const char *configdir, 
196	const char *certPrefix, const char *keyPrefix, 
197	const char *secmodName, PRUint32 flags);
198
199/*
200 * same as NSS_Init, but checks to see if we need to merge an
201 * old database in.
202 *   updatedir is the directory where the old database lives.
203 *   updCertPrefix is the certPrefix for the old database.
204 *   updKeyPrefix is the keyPrefix for the old database.
205 *   updateID is a unique identifier chosen by the application for
206 *      the specific database.
207 *   updatName is the name the user will be prompted for when
208 *      asking to authenticate to the old database  */
209extern SECStatus NSS_InitWithMerge(const char *configdir, 
210	const char *certPrefix, const char *keyPrefix, const char *secmodName,
211	const char *updatedir,  const char *updCertPrefix, 
212	const char *updKeyPrefix, const char *updateID, 
213	const char *updateName, PRUint32 flags);
214/*
215 * initialize NSS without a creating cert db's, key db's, or secmod db's.
216 */
217SECStatus NSS_NoDB_Init(const char *configdir);
218
219/*
220 * Allow applications and libraries to register with NSS so that they are called
221 * when NSS shuts down.
222 *
223 * void *appData application specific data passed in by the application at 
224 * NSS_RegisterShutdown() time.
225 * void *nssData is NULL in this release, but is reserved for future versions of 
226 * NSS to pass some future status information * back to the shutdown function. 
227 *
228 * If the shutdown function returns SECFailure,
229 * Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
230 */
231typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
232
233/*
234 * Register a shutdown function.
235 */
236SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
237
238/*
239 * Remove an existing shutdown function (you may do this if your library is
240 * complete and going away, but NSS is still running).
241 */
242SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
243
244/* 
245 * Close the Cert, Key databases.
246 */
247extern SECStatus NSS_Shutdown(void);
248
249/*
250 * set the PKCS #11 strings for the internal token.
251 */
252void PK11_ConfigurePKCS11(const char *man, const char *libdes, 
253	const char *tokdes, const char *ptokdes, const char *slotdes, 
254	const char *pslotdes, const char *fslotdes, const char *fpslotdes,
255        int minPwd, int pwRequired);
256
257/*
258 * Dump the contents of the certificate cache and the temporary cert store.
259 * Use to detect leaked references of certs at shutdown time.
260 */
261void nss_DumpCertificateCacheInfo(void);
262
263SEC_END_PROTOS
264
265#endif /* __nss_h_ */