Update NSS to NSS_3_15_BETA2.

nss/lib/certdb/cert.h

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * cert.h - public data structures and prototypes for the certificate library
  *
  * $Id$
  */
 
@@ skipping 92 matching lines @@
 ** Create an X.500 style name using a NULL terminated list of RDN's.
 */
 extern CERTName *CERT_CreateName(CERTRDN *rdn, ...);
 
 /*
 ** Make a copy of "src" storing it in "dest". Memory is allocated in
 ** "dest" for each of the appropriate sub objects. Memory is not freed in
 ** "dest" before allocation is done (use CERT_DestroyName(dest, PR_FALSE) to
 ** do that).
 */
-extern SECStatus CERT_CopyName(PLArenaPool *arena, CERTName *dest, CERTName *src);
+extern SECStatus CERT_CopyName(PLArenaPool *arena, CERTName *dest,
+                               const CERTName *src);
 
 /*
 ** Destroy a Name object.
 **      "name" the CERTName to destroy
 **      "freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void CERT_DestroyName(CERTName *name);
 
 /*
 ** Add an RDN to a name.
@@ skipping 261 matching lines @@
 ** Type CERTCertNicknames is being used because it's a convenient 
 ** data structure to carry a list of strings and its count.
 */
 extern CERTCertNicknames *
   CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert);
 
 /*
 ** Check the hostname to make sure that it matches the shexp that
 ** is given in the common name of the certificate.
 */
-extern SECStatus CERT_VerifyCertName(CERTCertificate *cert, const char *hostname);
+extern SECStatus CERT_VerifyCertName(const CERTCertificate *cert,
+                                     const char *hostname);
 
 /*
 ** Add a domain name to the list of names that the user has explicitly
 ** allowed (despite cert name mismatches) for use with a server cert.
 */
 extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert, const char *hostname);
 
 /*
 ** Decode a DER encoded certificate into an CERTCertificate structure
 **      "derSignedCert" is the DER encoded signed certificate
@@ skipping 179 matching lines @@
 CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage);
 
 /*
 ** Check the validity times of a certificate vs. time 't', allowing
 ** some slop for broken clocks and stuff.
 **      "cert" is the certificate to be checked
 **      "t" is the time to check against
 **      "allowOverride" if true then check to see if the invalidity has
 **              been overridden by the user.
 */
-extern SECCertTimeValidity CERT_CheckCertValidTimes(CERTCertificate *cert,
+extern SECCertTimeValidity CERT_CheckCertValidTimes(const CERTCertificate *cert,
                                                     PRTime t,
                                                     PRBool allowOverride);
 
 /*
 ** WARNING - this function is deprecated, and will either go away or have
 **              a new API in the near future.
 **
 ** Check the validity times of a certificate vs. the current time, allowing
 ** some slop for broken clocks and stuff.
 **      "cert" is the certificate to be checked
 */
 extern SECStatus CERT_CertTimesValid(CERTCertificate *cert);
 
 /*
 ** Extract the validity times from a certificate
 **      "c" is the certificate
 **      "notBefore" is the start of the validity period
 **      "notAfter" is the end of the validity period
 */
 extern SECStatus
-CERT_GetCertTimes (CERTCertificate *c, PRTime *notBefore, PRTime *notAfter);
+CERT_GetCertTimes (const CERTCertificate *c, PRTime *notBefore,
+                   PRTime *notAfter);
 
 /*
 ** Extract the issuer and serial number from a certificate
 */
 extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *, 
                                                         CERTCertificate *);
 
 /*
 ** verify the signature of a signed data object with a given certificate
 **      "sd" the signed data object to be verified
 **      "cert" the certificate to use to check the signature
 */
 extern SECStatus CERT_VerifySignedData(CERTSignedData *sd,
                                        CERTCertificate *cert,
                                        PRTime t,
                                        void *wincx);
 /*
 ** verify the signature of a signed data object with the given DER publickey
 */
 extern SECStatus
 CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
                                        CERTSubjectPublicKeyInfo *pubKeyInfo,
                                        void *wincx);
 
 /*
 ** verify the signature of a signed data object with a SECKEYPublicKey.
 */
 extern SECStatus
-CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
+CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
                                    SECKEYPublicKey *pubKey, void *wincx);
 
 /*
 ** NEW FUNCTIONS with new bit-field-FIELD SECCertificateUsage - please use
 ** verify a certificate by checking validity times against a certain time,
 ** that we trust the issuer, and that the signature on the certificate is
 ** valid.
 **      "cert" the certificate to verify
 **      "checkSig" only check signatures if true
 */
@@ skipping 92 matching lines @@
 
 
 
 /*
 ** extract various element strings from a distinguished name.
 **      "name" the distinguished name
 */
 
 extern char *CERT_GetCertificateEmailAddress(CERTCertificate *cert);
 
-extern char *CERT_GetCertEmailAddress(CERTName *name);
+extern char *CERT_GetCertEmailAddress(const CERTName *name);
 
 extern const char * CERT_GetFirstEmailAddress(CERTCertificate * cert);
 
 extern const char * CERT_GetNextEmailAddress(CERTCertificate * cert, 
                                              const char * prev);
 
 /* The return value must be freed with PORT_Free. */
-extern char *CERT_GetCommonName(CERTName *name);
+extern char *CERT_GetCommonName(const CERTName *name);
 
-extern char *CERT_GetCountryName(CERTName *name);
+extern char *CERT_GetCountryName(const CERTName *name);
 
-extern char *CERT_GetLocalityName(CERTName *name);
+extern char *CERT_GetLocalityName(const CERTName *name);
 
-extern char *CERT_GetStateName(CERTName *name);
+extern char *CERT_GetStateName(const CERTName *name);
 
-extern char *CERT_GetOrgName(CERTName *name);
+extern char *CERT_GetOrgName(const CERTName *name);
 
-extern char *CERT_GetOrgUnitName(CERTName *name);
+extern char *CERT_GetOrgUnitName(const CERTName *name);
 
-extern char *CERT_GetDomainComponentName(CERTName *name);
+extern char *CERT_GetDomainComponentName(const CERTName *name);
 
-extern char *CERT_GetCertUid(CERTName *name);
+extern char *CERT_GetCertUid(const CERTName *name);
 
 /* manipulate the trust parameters of a certificate */
 
-extern SECStatus CERT_GetCertTrust(CERTCertificate *cert, CERTCertTrust *trust);
+extern SECStatus CERT_GetCertTrust(const CERTCertificate *cert,
+                                   CERTCertTrust *trust);
 
 extern SECStatus
 CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert,
                       CERTCertTrust *trust);
 
 extern SECStatus
 CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb, CERTCertificate *cert,
                             SECCertUsage usage);
 
 /*************************************************************************
@@ skipping 86 matching lines @@
 */
 extern SECStatus CERT_EncodeCRLDistributionPoints
    (PLArenaPool *arena, CERTCrlDistributionPoints *value,SECItem *derValue);
 
 /*
 ** Decodes a DER encoded basicConstaint extension value into a readable format
 **      value - decoded value
 **      encodedValue - value to decoded
 */
 extern SECStatus CERT_DecodeBasicConstraintValue
-   (CERTBasicConstraints *value, SECItem *encodedValue);
+   (CERTBasicConstraints *value, const SECItem *encodedValue);
 
 /* Decodes a DER encoded authorityKeyIdentifier extension value into a
 ** readable format.
 **      arena - where to allocate memory for the decoded value
 **      encodedValue - value to be decoded
 **      Returns a CERTAuthKeyID structure which contains the decoded value
 */
 extern CERTAuthKeyID *CERT_DecodeAuthKeyID 
-                        (PLArenaPool *arena, SECItem *encodedValue);
-
+                        (PLArenaPool *arena, const SECItem *encodedValue);
 
 /* Decodes a DER encoded crlDistributionPoints extension value into a 
 ** readable format.
 **      arena - where to allocate memory for the decoded value
 **      der - value to be decoded
 **      Returns a CERTCrlDistributionPoints structure which contains the 
 **          decoded value
 */
 extern CERTCrlDistributionPoints * CERT_DecodeCRLDistributionPoints
    (PLArenaPool *arena, SECItem *der);
 
 /* Extract certain name type from a generalName */
 extern void *CERT_GetGeneralNameByType
    (CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat);
 
 
 extern CERTOidSequence *
-CERT_DecodeOidSequence(SECItem *seqItem);
+CERT_DecodeOidSequence(const SECItem *seqItem);
 
 
 
 
 /****************************************************************************
  *
  * Find extension values of a certificate 
  *
  ***************************************************************************/
 
 extern SECStatus CERT_FindCertExtension
-   (CERTCertificate *cert, int tag, SECItem *value);
+   (const CERTCertificate *cert, int tag, SECItem *value);
 
 extern SECStatus CERT_FindNSCertTypeExtension
    (CERTCertificate *cert, SECItem *value);
 
 extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag);
 
 extern SECStatus CERT_FindIssuerCertExtension
    (CERTCertificate *cert, int tag, SECItem *value);
 
 extern SECStatus CERT_FindCertExtensionByOID
@@ skipping 80 matching lines @@
 ** Finds the crlNumber extension and decodes its value into 'value'
 */
 extern SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
                                           SECItem *value);
 
 extern SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
                                                CERTCRLEntryReasonCode *value);
 
 extern void CERT_FreeNicknames(CERTCertNicknames *nicknames);
 
-extern PRBool CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2);
+extern PRBool CERT_CompareCerts(const CERTCertificate *c1,
+                                const CERTCertificate *c2);
 
 extern PRBool CERT_CompareCertsForRedirection(CERTCertificate *c1,
                                                          CERTCertificate *c2);
 
 /*
 ** Generate an array of the Distinguished Names that the given cert database
 ** "trusts"
 */
 extern CERTDistNames *CERT_GetSSLCACerts(CERTCertDBHandle *handle);
 
@@ skipping 90 matching lines @@
 /*
  * find the smime symmetric capabilities profile for a given cert
  */
 SECItem *
 CERT_FindSMimeProfile(CERTCertificate *cert);
 
 SECStatus
 CERT_AddNewCerts(CERTCertDBHandle *handle);
 
 CERTCertificatePolicies *
-CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue);
+CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue);
 
 void
 CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies);
 
 CERTCertificatePolicyMappings *
 CERT_DecodePolicyMappingsExtension(SECItem *encodedCertPolicyMaps);
 
 SECStatus
 CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings);
 
 SECStatus
 CERT_DecodePolicyConstraintsExtension(
-    CERTCertificatePolicyConstraints *decodedValue, SECItem *encodedValue);
+    CERTCertificatePolicyConstraints *decodedValue,
+    const SECItem *encodedValue);
 
 SECStatus CERT_DecodeInhibitAnyExtension
     (CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
 
 CERTUserNotice *
 CERT_DecodeUserNotice(SECItem *noticeItem);
 
 extern CERTGeneralName *
 CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName);
 
 extern CERTNameConstraints *
 CERT_DecodeNameConstraintsExtension(PLArenaPool *arena, 
-                                    SECItem *encodedConstraints);
+                                    const SECItem *encodedConstraints);
 
 /* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
 extern CERTAuthInfoAccess **
 CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
                                    SECItem     *encodedExtension);
 
 extern CERTPrivKeyUsagePeriod *
 CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue);
 
 extern CERTGeneralName *
@@ skipping 71 matching lines @@
                     CERTCertificate *certb,
                     void *arg);
 
 SECStatus
 CERT_CheckForEvilCert(CERTCertificate *cert);
 
 CERTGeneralName *
 CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena);
 
 CERTGeneralName *
-CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PLArenaPool *arena,
+CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
+                                    PLArenaPool *arena,
                                     PRBool includeSubjectCommonName);
 
 /*
  * Creates or adds to a list of all certs with a give subject name, sorted by
  * validity time, newest first.  Invalid certs are considered older than
  * valid certs. If validOnly is set, do not include invalid certs on list.
  */
 CERTCertList *
 CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
-                           SECItem *name, PRTime sorttime, PRBool validOnly);
+                           const SECItem *name, PRTime sorttime,
+                           PRBool validOnly);
 
 /*
  * remove certs from a list that don't have keyUsage and certType
  * that match the given usage.
  */
 SECStatus
 CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
                            PRBool ca);
 
 /*
@@ skipping 189 matching lines @@
 void
 CERT_UnlockCertRefCount(CERTCertificate *cert);
 
 /*
  * Acquire the cert trust lock
  * There is currently one global lock for all certs, but I'm putting a cert
  * arg here so that it will be easy to make it per-cert in the future if
  * that turns out to be necessary.
  */
 void
-CERT_LockCertTrust(CERTCertificate *cert);
+CERT_LockCertTrust(const CERTCertificate *cert);
 
 /*
  * Free the cert trust lock
  */
 void
-CERT_UnlockCertTrust(CERTCertificate *cert);
+CERT_UnlockCertTrust(const CERTCertificate *cert);
 
 /*
  * Digest the cert's subject public key using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */ 
 extern SECItem *
 CERT_GetSPKIDigest(PLArenaPool *arena, const CERTCertificate *cert,
@@ skipping 20 matching lines @@
 CERT_CopyNameConstraint(PLArenaPool         *arena, 
                         CERTNameConstraint  *dest, 
                         CERTNameConstraint  *src);
 
 /*
  * Verify name against all the constraints relevant to that type of
  * the name.
  */
 extern SECStatus
 CERT_CheckNameSpace(PLArenaPool          *arena,
-                    CERTNameConstraints  *constraints,
-                    CERTGeneralName      *currentName);
+                    const CERTNameConstraints *constraints,
+                    const CERTGeneralName *currentName);
 
 /*
  * Extract and allocate the name constraints extension from the CA cert.
  */
 extern SECStatus
 CERT_FindNameConstraintsExten(PLArenaPool      *arena,
                               CERTCertificate  *cert,
                               CERTNameConstraints **constraints);
 
 /*
@@ skipping 101 matching lines @@
 /*
  * Destroy the arrays inside flags,
  * and destroy the object pointed to by flags, too.
  */
 extern void
 CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
 
 SEC_END_PROTOS
 
 #endif /* _CERT_H_ */