1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
/** BEGIN COPYRIGHT BLOCK
* Copyright 2001 Sun Microsystems, Inc.
* Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifndef __nscert_h
#define __nscert_h
/*
* Description (nscert.h)
*
* This file describes the interface for accessing and storing
* information in a Netscape client certificate to username
* database. This facility is built on top of the Netscape
* (server) database interface as defined in nsdb.h.
*/
#include <libaccess/nserror.h> /* error frame list support */
#include <libaccess/nsautherr.h> /* authentication error codes */
#include <libaccess/nsauth.h>
#include <prtypes.h>
/* Removed for new ns security integration
#include <sec.h>
*/
#include <cert.h>
#if defined(CLIENT_AUTH)
/* Certificate to user record attribute tags */
#define CAT_USERNAME 0x61 /* username associated with cert */
#define CAT_CERTID 0x62 /* id assigned to cert */
/* Attribute tags used in certificate key encoding */
#define KAT_ISSUER 0x01 /* issuer DER */
#define KAT_SUBJECT 0x02 /* subject DER */
typedef struct CertObj_s CertObj_t;
struct CertObj_s {
SECItem co_issuer; /* issuing authority */
SECItem co_subject; /* certicate's subject */
char * co_username; /* the local name it mapps to */
USI_t co_certid; /* internal id for this client certificate */
};
typedef int (*CertEnumCallback)(NSErr_t * ferrp, void * authdb,
void * argp, CertObj_t * coptr);
NSPR_BEGIN_EXTERN_C
extern NSAPI_PUBLIC int nsadbCertInitialize(void);
extern NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr,
SECItem * issuer,
SECItem * subject);
extern NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr,
CertObj_t * coptr);
extern NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject,
int * keylen, char **keyptr);
extern NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb,
void * argp,
CertEnumCallback func);
extern NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr);
extern NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb,
USI_t certid, CertObj_t **coptr);
extern NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb,
CERTCertificate * cert,
char **username);
extern NSAPI_PUBLIC int nsadbOpenCerts(NSErr_t * errp,
void * authdb, int flags);
extern NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb,
CERTCertificate * cert,
const char * username);
extern NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb,
void * username, CertObj_t * coptr);
extern NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp, void * authdb,
char * username);
extern NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags);
extern NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags);
extern NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb,
const char * username, USI_t * id);
NSPR_END_EXTERN_C
#endif /* CLIENT_AUTH */
#endif /* __nscert_h */
|
