security/manager/ssl/nsNSSCertificateDB.h

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 #ifndef nsNSSCertificateDB_h
   6 #define nsNSSCertificateDB_h
   7
   8 #include "ScopedNSSTypes.h"
   9 #include "certt.h"
  10 #include "mozilla/Mutex.h"
  11 #include "mozilla/NotNull.h"
  12 #include "mozilla/RefPtr.h"
  13 #include "mozilla/UniquePtr.h"
  14 #include "nsIX509CertDB.h"
  15 #include "nsString.h"
  16
  17 class nsIArray;
  18
  19 class nsNSSCertificateDB final : public nsIX509CertDB
  20
  21 {
  22  public:
  23   NS_DECL_THREADSAFE_ISUPPORTS
  24   NS_DECL_NSIX509CERTDB
  25
  26   // This is a separate static method so nsNSSComponent can use it during NSS
  27   // initialization. Other code should probably not use it.
  28   static nsresult FindCertByDBKey(const nsACString& aDBKey,
  29                                   mozilla::UniqueCERTCertificate& cert);
  30
  31   static nsresult ConstructCertArrayFromUniqueCertList(
  32       const mozilla::UniqueCERTCertList& aCertListIn,
  33       nsTArray<RefPtr<nsIX509Cert>>& aCertListOut);
  34
  35  protected:
  36   virtual ~nsNSSCertificateDB() = default;
  37
  38  private:
  39   // Use this function to generate a default nickname for a user
  40   // certificate that is to be imported onto a token.
  41   static void get_default_nickname(CERTCertificate* cert,
  42                                    nsIInterfaceRequestor* ctx,
  43                                    nsCString& nickname);
  44
  45   static nsresult ImportCACerts(nsTArray<nsTArray<uint8_t>>& CACerts,
  46                                 nsIInterfaceRequestor* ctx);
  47
  48   static void DisplayCertificateAlert(nsIInterfaceRequestor* ctx,
  49                                       const char* stringID,
  50                                       nsIX509Cert* certToShow);
  51
  52   nsresult getCertsFromPackage(nsTArray<nsTArray<uint8_t>>& collectArgs,
  53                                uint8_t* data, uint32_t length);
  54   nsresult handleCACertDownload(mozilla::NotNull<nsIArray*> x509Certs,
  55                                 nsIInterfaceRequestor* ctx);
  56   nsresult ConstructX509FromSpan(const mozilla::Span<const uint8_t> aInputSpan,
  57                                  nsIX509Cert** _retval);
  58 };
  59
  60 #define NS_X509CERTDB_CID                            \
  61   { /* fb0bbc5c-452e-4783-b32c-80124693d871 */       \
  62     0xfb0bbc5c, 0x452e, 0x4783, {                    \
  63       0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71 \
  64     }                                                \
  65   }
  66
  67 SECStatus ChangeCertTrustWithPossibleAuthentication(
  68     const mozilla::UniqueCERTCertificate& cert, CERTCertTrust& trust,
  69     void* ctx);
  70
  71 #endif  // nsNSSCertificateDB_h