pkixtm.h

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C头文件 代码 · 共 1,582 行 · 第 1/3 页

/* 
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

#ifndef PKIXTM_H
#define PKIXTM_H

#ifdef DEBUG
static const char PKIXTM_CVS_ID[] = "@(#) $Source: /cvsroot/mozilla/security/nss/lib/pkix/include/pkixtm.h,v $ $Revision: 1.1 $ $Date: 2000/03/31 19:04:49 $ $Name: NSS_3_1_1_RTM $";
#endif /* DEBUG */

/*
 * pkixtm.h
 *
 * This file contains the module-private type definitions for the 
 * PKIX part-1 objects.  Mostly, this file contains the actual 
 * structure definitions for the NSSPKIX types declared in nsspkixt.h.
 */

#ifndef NSSPKIXT_H
#include "nsspkixt.h"
#endif /* NSSPKIXT_H */

PR_BEGIN_EXTERN_C

/*
 * Attribute
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  Attribute       ::=     SEQUENCE {
 *          type            AttributeType,
 *          values  SET OF AttributeValue
 *                  -- at least one value is required -- }
 *
 */

struct NSSPKIXAttributeStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSBER *ber;
  NSSDER *der;
  nssASN1Item asn1type;
  nssASN1Item **asn1values;
  NSSPKIXAttributeType *type;
  PRUint32 valuesCount;
};

/*
 * AttributeTypeAndValue
 *
 * This structure contains an attribute type (indicated by an OID), 
 * and the type-specific value.  RelativeDistinguishedNamess consist
 * of a set of these.  These are distinct from Attributes (which have
 * SET of values), from AttributeDescriptions (which have qualifiers
 * on the types), and from AttributeValueAssertions (which assert a
 * a value comparison under some matching rule).
 *
 * From RFC 2459:
 *
 *  AttributeTypeAndValue           ::=     SEQUENCE {
 *          type    AttributeType,
 *          value   AttributeValue }
 * 
 */

struct NSSPKIXAttributeTypeAndValueStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  nssASN1Item asn1type;
  nssASN1Item asn1value;
  NSSPKIXAttributeType *type;
  NSSUTF8 *utf8;
};

/*
 * X520Name
 *
 * From RFC 2459:
 *
 *  X520name        ::= CHOICE {
 *        teletexString         TeletexString (SIZE (1..ub-name)),
 *        printableString       PrintableString (SIZE (1..ub-name)),
 *        universalString       UniversalString (SIZE (1..ub-name)),
 *        utf8String            UTF8String (SIZE (1..ub-name)),
 *        bmpString             BMPString (SIZE(1..ub-name))   }
 *
 *
 *  ub-name INTEGER ::=     32768
 *
 */

struct NSSPKIXX520NameStr {
  nssASN1Item string;
  NSSUTF8 *utf8;
  NSSDER *der;
  PRBool wasPrintable;
  PRBool inArena;
};

/*
 * From RFC 2459:
 *
 *  X520CommonName  ::=      CHOICE {
 *        teletexString         TeletexString (SIZE (1..ub-common-name)),
 *        printableString       PrintableString (SIZE (1..ub-common-name)),
 *        universalString       UniversalString (SIZE (1..ub-common-name)),
 *        utf8String            UTF8String (SIZE (1..ub-common-name)),
 *        bmpString             BMPString (SIZE(1..ub-common-name))   }
 * 
 *  ub-common-name  INTEGER ::=     64
 *
 */

struct NSSPKIXX520CommonNameStr {
};

/*
 * Name
 *
 * This structure contains a union of the possible name formats,
 * which at the moment is limited to an RDNSequence.
 *
 * From RFC 2459:
 *
 *  Name            ::=   CHOICE { -- only one possibility for now --
 *                                   rdnSequence  RDNSequence }
 *
 */

struct NSSPKIXNameStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *ber;
  NSSDER *der;
  NSSUTF8 *utf;
  NSSPKIXNameChoice choice;
  union {
    NSSPKIXRDNSequence *rdnSequence;
  } u;
};

/*
 * RDNSequence
 *
 * This structure contains a sequence of RelativeDistinguishedName
 * objects.
 *
 * From RFC 2459:
 *
 *  RDNSequence     ::=   SEQUENCE OF RelativeDistinguishedName
 *
 */

struct NSSPKIXRDNSequenceStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSBER *ber;
  NSSDER *der;
  NSSUTF8 *utf8;
  PRUint32 count;
  NSSPKIXRelativeDistinguishedName **rdns;
};

/*
 * RelativeDistinguishedName
 *
 * This structure contains an unordered set of AttributeTypeAndValue 
 * objects.  RDNs are used to distinguish a set of objects underneath 
 * a common object.
 *
 * Often, a single ATAV is sufficient to make a unique distinction.
 * For example, if a company assigns its people unique uid values,
 * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
 * ATAV by itself forms an RDN.  However, sometimes a set of ATAVs is
 * needed.  For example, if a company needed to distinguish between
 * two Smiths by specifying their corporate divisions, then in the
 * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
 * set of ATAVs forms the RDN.
 *
 * From RFC 2459:
 *
 *  RelativeDistinguishedName  ::=
 *                      SET SIZE (1 .. MAX) OF AttributeTypeAndValue
 *
 */

struct NSSPKIXRelativeDistinguishedNameStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSBER *ber;
  NSSUTF8 *utf8;
  PRUint32 count;
  NSSPKIXAttributeTypeAndValue **atavs;
};

/*
 * Certificate
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  Certificate  ::=  SEQUENCE  {
 *       tbsCertificate       TBSCertificate,
 *       signatureAlgorithm   AlgorithmIdentifier,
 *       signature            BIT STRING  }
 *
 */

struct NSSPKIXCertificateStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSPKIXTBSCertificate *tbsCertificate;
  NSSPKIXAlgorithmIdentifier *signatureAlgorithm;
  NSSItem *signature;
};

/*
 * TBSCertificate
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  TBSCertificate  ::=  SEQUENCE  {
 *       version         [0]  Version DEFAULT v1,
 *       serialNumber         CertificateSerialNumber,
 *       signature            AlgorithmIdentifier,
 *       issuer               Name,
 *       validity             Validity,
 *       subject              Name,
 *       subjectPublicKeyInfo SubjectPublicKeyInfo,
 *       issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 *                            -- If present, version shall be v2 or v3
 *       subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
 *                            -- If present, version shall be v2 or v3
 *       extensions      [3]  Extensions OPTIONAL
 *                            -- If present, version shall be v3 --  }
 *
 */

struct NSSPKIXTBSCertificateStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSPKIXVersion version;
  NSSPKIXCertificateSerialNumber serialNumber;
  NSSPKIXAlgorithmIdentifier *signature;
  NSSPKIXName *issuer;
  NSSPKIXValidity *validity;
  NSSPKIXName *subject;
  NSSPKIXSubjectPublicKeyInfo *subjectPublicKeyInfo;
  NSSPKIXUniqueIdentifier *issuerUniqueID;
  NSSPKIXUniqueIdentifier *subjectUniqueID;
  NSSPKIXExtensions *extensions;
};

/*
 * Validity
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  Validity ::= SEQUENCE {
 *       notBefore      Time,
 *       notAfter       Time }
 *
 */

struct NSSPKIXValidityStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  ...
};

/*
 * Time
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  Time ::= CHOICE {
 *       utcTime        UTCTime,
 *       generalTime    GeneralizedTime }
 *
 */

struct NSSPKIXTimeStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSBER *ber;
  nssASN1Item asn1item;
  PRTime prTime;
  PRBool prTimeValid;
};

/*
 * SubjectPublicKeyInfo
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *       algorithm            AlgorithmIdentifier,
 *       subjectPublicKey     BIT STRING  }
 *
 */

struct NSSPKIXSubjectPublicKeyInfoStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSPKIXAlgorithmIdentifier *algorithm;
  NSSItem *subjectPublicKey;
};

/*
 * Extensions
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
 *
 */

struct NSSPKIXExtensionsStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  ...
};

/*
 * Extension
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  Extension  ::=  SEQUENCE  {
 *       extnID      OBJECT IDENTIFIER,
 *       critical    BOOLEAN DEFAULT FALSE,
 *       extnValue   OCTET STRING  }
 *
 */

struct NSSPKIXExtensionStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSOID *extnID;
  PRBool critical;
  NSSItem *extnValue;
};

/*
 * CertificateList
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  CertificateList  ::=  SEQUENCE  {
 *       tbsCertList          TBSCertList,
 *       signatureAlgorithm   AlgorithmIdentifier,
 *       signature            BIT STRING  }
 *
 */

struct NSSPKIXCertificateListStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSPKIXTBSCertList *tbsCertList;
  NSSPKIXAlgorithmIdentifier *signatureAlgorithm;
  NSSItem *signature;
};

/*
 * TBSCertList
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 *  TBSCertList  ::=  SEQUENCE  {
 *       version                 Version OPTIONAL,
 *                                    -- if present, shall be v2
 *       signature               AlgorithmIdentifier,
 *       issuer                  Name,
 *       thisUpdate              Time,
 *       nextUpdate              Time OPTIONAL,
 *       revokedCertificates     SEQUENCE OF SEQUENCE  {
 *            userCertificate         CertificateSerialNumber,
 *            revocationDate          Time,
 *            crlEntryExtensions      Extensions OPTIONAL
 *                                           -- if present, shall be v2
 *                                 }  OPTIONAL,
 *       crlExtensions           [0] Extensions OPTIONAL
 *                                           -- if present, shall be v2 -- }
 *
 */

struct NSSPKIXTBSCertListStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSPKIXVersion version;
  NSSPKIXAlgorithmIdentifier *signature;
  NSSPKIXName *issuer;
  -time- thisUpdate;
  -time- nextUpdate;
  NSSPKIXrevokedCertificates *revokedCertificates;
  NSSPKIXExtensions *crlExtensions;  
};

/*
 * revokedCertificates
 *
 * This is a "helper type" to simplify handling of TBSCertList objects.
 *
 *       revokedCertificates     SEQUENCE OF SEQUENCE  {
 *            userCertificate         CertificateSerialNumber,
 *            revocationDate          Time,
 *            crlEntryExtensions      Extensions OPTIONAL
 *                                           -- if present, shall be v2
 *                                 }  OPTIONAL,
 *
 */

struct NSSPKIXrevokedCertificatesStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  ...
};

/*
 * revokedCertificate
 *
 * This is a "helper type" to simplify handling of TBSCertList objects.
 *
 *                                           SEQUENCE  {
 *            userCertificate         CertificateSerialNumber,
 *            revocationDate          Time,
 *            crlEntryExtensions      Extensions OPTIONAL
 *                                           -- if present, shall be v2
 *                                 }  OPTIONAL,
 *
 */

struct NSSPKIXrevokedCertificateStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSPKIXCertificateSerialNumber *userCertificate;
  -time- revocationDate;
  NSSPKIXExtensions *crlEntryExtensions;
};

/*
 * AlgorithmIdentifier
 *
 * -- fgmr comments --
 *
 * From RFC 2459:
 *
 * (1988 syntax)
 *
 *  AlgorithmIdentifier  ::=  SEQUENCE  {
 *       algorithm               OBJECT IDENTIFIER,
 *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
 *                                  -- contains a value of the type
 *                                  -- registered for use with the
 *                                  -- algorithm object identifier value
 *
 *
 */

struct NSSPKIXAlgorithmIdentifierStr {
  NSSArena *arena;
  PRBool i_allocated_arena;
  NSSDER *der;
  NSSBER *ber;
  NSSOID *algorithm;
  NSSItem *parameters;