RetroZilla/security/nss/lib/pkcs12/p12.h

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */


#ifndef _P12_H_
#define _P12_H_

#include "secoid.h"
#include "key.h"
#include "secpkcs7.h"
#include "p12t.h"

typedef int (PR_CALLBACK * PKCS12OpenFunction)(void *arg);
typedef int (PR_CALLBACK * PKCS12ReadFunction)(void *arg,
                                               unsigned char *buffer, 
                                               unsigned int *lenRead,
                                               unsigned int maxLen);
typedef int (PR_CALLBACK * PKCS12WriteFunction)(void *arg,
                                                unsigned char *buffer, 
                                                unsigned int *bufLen,
                                                unsigned int *lenWritten);
typedef int (PR_CALLBACK * PKCS12CloseFunction)(void *arg);
typedef SECStatus (PR_CALLBACK * PKCS12UnicodeConvertFunction)(
                                 PLArenaPool *arena,
                                 SECItem *dest, SECItem *src,
                                 PRBool toUnicode,
                                 PRBool swapBytes);
typedef void (PR_CALLBACK * SEC_PKCS12EncoderOutputCallback)(
                            void *arg, const char *buf,
                            unsigned long len);
typedef void (PR_CALLBACK * SEC_PKCS12DecoderOutputCallback)(
                            void *arg, const char *buf,
                            unsigned long len);
/*
 * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate,
 * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c. 
 * See r1.35 of p12d.c ("Patch 2" in bug 321584).
 *
 * This callback might be called by SEC_PKCS12DecoderValidateBags each time
 * a nickname collission is detected. The callback must return a new
 * nickname. The returned SECItem should be of type siAsciiString,
 * it should be allocated using:
 *     SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
 * and data must contain the new nickname as a zero terminated string.
 */
typedef SECItem * (PR_CALLBACK * SEC_PKCS12NicknameCollisionCallback)(
                                 SECItem *old_nickname,
                                 PRBool *cancel,
                                 void *arg);
/*
 * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each
 * certificate found in the p12 source data.
 *
 * cert: A decoded certificate.
 * default_nickname: The nickname as found in the source data.
 *                   Will be NULL if source data doesn't have nickname.
 * new_nickname: Output parameter that may contain the renamed nickname.
 * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames.
 *
 * If the callback accept that NSS will use a nickname based on the
 * default_nickname (potentially resolving conflicts), then the callback
 * must set *new_nickname to NULL.
 *
 * If the callback wishes to override the nickname, it must set *new_nickname
 * to a new SECItem which should be allocated using
 *     SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
 * new_nickname->type should be set to siAsciiString, and new_nickname->data
 * must contain the new nickname as a zero terminated string.
 *
 * A return value of SECFailure indicates that the renaming operation failed,
 * and callback should release new_nickname before returning if it's already
 * being allocated.
 * Otherwise, the callback function must return SECSuccess, including use
 * default nickname as mentioned above.
 */
typedef SECStatus (PR_CALLBACK * SEC_PKCS12NicknameRenameCallback)(
                                 const CERTCertificate *cert,
                                 const SECItem *default_nickname,
                                 SECItem **new_nickname,
                                 void *arg);

typedef SECStatus (PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData);
typedef SECStatus (PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile);
typedef int (PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf, 
                                      unsigned long len);

typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext;
typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo;
typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext;
typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem;

struct sec_PKCS12PasswordModeInfo {
    SECItem	*password;
    SECOidTag	algorithm;
};

struct sec_PKCS12PublicKeyModeInfo {
    CERTCertificate	*cert;
    CERTCertDBHandle *certDb;
    SECOidTag	algorithm;
    int keySize;
};

struct SEC_PKCS12DecoderItemStr {
    SECItem *der;
    SECOidTag type;
    PRBool hasKey;
    SECItem *friendlyName;      /* UTF-8 string */
    SECAlgorithmID *shroudAlg;
};
    

SEC_BEGIN_PROTOS

SEC_PKCS12SafeInfo *
SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
				    CERTCertDBHandle *certDb,
				    CERTCertificate *signer,
				    CERTCertificate **recipients,
				    SECOidTag algorithm, int keysize);

extern SEC_PKCS12SafeInfo *
SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt, 
				 SECItem *pwitem, SECOidTag privAlg);

extern SEC_PKCS12SafeInfo *
SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt);

extern SECStatus
SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
			       SECItem *pwitem, SECOidTag integAlg);
extern SECStatus
SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
				CERTCertificate *cert, CERTCertDBHandle *certDb,
				SECOidTag algorithm, int keySize);

extern SEC_PKCS12ExportContext *
SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,  
			      PK11SlotInfo *slot, void *wincx);

extern SECStatus
SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, 
		  SEC_PKCS12SafeInfo *safe, void *nestedDest,
		  CERTCertificate *cert, CERTCertDBHandle *certDb,
		  SECItem *keyId, PRBool includeCertChain);

extern SECStatus
SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, 
			SEC_PKCS12SafeInfo *safe, 
			void *nestedDest, CERTCertificate *cert,
			PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
			SECItem *keyId, SECItem *nickName);

extern SECStatus
SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, 
			void *certSafe, void *certNestedDest, 
			CERTCertificate *cert, CERTCertDBHandle *certDb,
			void *keySafe, void *keyNestedDest, PRBool shroudKey, 
			SECItem *pwitem, SECOidTag algorithm,
			PRBool includeCertChain);


extern SECStatus
SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, 
			void *certSafe, void *certNestedDest, 
			CERTCertificate *cert, CERTCertDBHandle *certDb,
			void *keySafe, void *keyNestedDest, 
			PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm);

extern void *
SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
				   void *baseSafe, void *nestedDest);

extern SECStatus
SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp, 
		 SEC_PKCS12EncoderOutputCallback output, void *outputarg);

extern void
SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp);

extern SEC_PKCS12DecoderContext *
SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
		       digestOpenFn dOpen, digestCloseFn dClose,
		       digestIOFn dRead, digestIOFn dWrite, void *dArg);

extern SECStatus
SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx,
                		   SECPKCS12TargetTokenCAs tokenCAs);

extern SECStatus
SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data,
			unsigned long len);

extern void
SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx);

extern SECStatus
SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx);

extern SECStatus
SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
			      SEC_PKCS12NicknameCollisionCallback nicknameCb);

/*
 * SEC_PKCS12DecoderRenameCertNicknames() can be used to change
 * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling
 * SEC_PKCS12DecoderImportBags.
 *
 * arg: User-defined data that will be passed to nicknameCb.
 *
 * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling
 * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname
 * will be changed.
 * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling
 * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags()
 * will change the nickname of the corresponding private key, too.
 */
extern SECStatus
SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,
                                     SEC_PKCS12NicknameRenameCallback nicknameCb,
                                     void *arg);


extern SECStatus
SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx);

CERTCertList *
SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx);

SECStatus
SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx);

SECStatus
SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx,
                             const SEC_PKCS12DecoderItem **ipp);

SEC_END_PROTOS

#endif
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`
first commit 2015-10-21 05:03:22 +02:00

			`#ifndef _P12_H_`
			`#define _P12_H_`

			`#include "secoid.h"`
			`#include "key.h"`
			`#include "secpkcs7.h"`
			`#include "p12t.h"`

			`typedef int (PR_CALLBACK * PKCS12OpenFunction)(void *arg);`
			`typedef int (PR_CALLBACK * PKCS12ReadFunction)(void *arg,`
			`unsigned char *buffer,`
			`unsigned int *lenRead,`
			`unsigned int maxLen);`
			`typedef int (PR_CALLBACK * PKCS12WriteFunction)(void *arg,`
			`unsigned char *buffer,`
			`unsigned int *bufLen,`
			`unsigned int *lenWritten);`
			`typedef int (PR_CALLBACK * PKCS12CloseFunction)(void *arg);`
			`typedef SECStatus (PR_CALLBACK * PKCS12UnicodeConvertFunction)(`
			`PLArenaPool *arena,`
			`SECItem dest, SECItem src,`
			`PRBool toUnicode,`
			`PRBool swapBytes);`
			`typedef void (PR_CALLBACK * SEC_PKCS12EncoderOutputCallback)(`
			`void arg, const char buf,`
			`unsigned long len);`
			`typedef void (PR_CALLBACK * SEC_PKCS12DecoderOutputCallback)(`
			`void arg, const char buf,`
			`unsigned long len);`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`/*`
			`* In NSS 3.12 or later, 'arg' actually points to a CERTCertificate,`
			`* the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c.`
			`* See r1.35 of p12d.c ("Patch 2" in bug 321584).`
cherry-picked mozilla NSS upstream changes (to rev 82de44ead36f, which is on par with 3.18): bug1095307, bug1073330(backout), bug1084986, bug1050069, bug942172, bug1054547, bug532081, bug1096348, bug1058870, bug1093940, bug1102985, bug1112461, bug1094492, bug112029, bug1119983, bug1120685, bug1120691, bug1113632, bug863076, bug1082973, bug1124539, bug1117617, bug1117621, bug1121273, bug753136, bug921684, bug1132818, bug1125375, bug647690, bug1055441, bug1134455, bug975010, bug950369, bug1128367, bug1129573, bug1136095, bug1117897, bug1113453, bug1061725, bug1073330, bug1111901, bug1083900, bug1136095, bug1138820, bug1096741, bug1134548, bug345725, bug950348, bug950344, bug1151037, bug991783, bug1153994 2018-07-11 16:42:30 +02:00			`*`
			`* This callback might be called by SEC_PKCS12DecoderValidateBags each time`
			`* a nickname collission is detected. The callback must return a new`
			`* nickname. The returned SECItem should be of type siAsciiString,`
			`* it should be allocated using:`
			`* SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)`
			`* and data must contain the new nickname as a zero terminated string.`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`*/`
first commit 2015-10-21 05:03:22 +02:00			`typedef SECItem * (PR_CALLBACK * SEC_PKCS12NicknameCollisionCallback)(`
			`SECItem *old_nickname,`
			`PRBool *cancel,`
			`void *arg);`
cherry-picked mozilla NSS upstream changes (to rev 82de44ead36f, which is on par with 3.18): bug1095307, bug1073330(backout), bug1084986, bug1050069, bug942172, bug1054547, bug532081, bug1096348, bug1058870, bug1093940, bug1102985, bug1112461, bug1094492, bug112029, bug1119983, bug1120685, bug1120691, bug1113632, bug863076, bug1082973, bug1124539, bug1117617, bug1117621, bug1121273, bug753136, bug921684, bug1132818, bug1125375, bug647690, bug1055441, bug1134455, bug975010, bug950369, bug1128367, bug1129573, bug1136095, bug1117897, bug1113453, bug1061725, bug1073330, bug1111901, bug1083900, bug1136095, bug1138820, bug1096741, bug1134548, bug345725, bug950348, bug950344, bug1151037, bug991783, bug1153994 2018-07-11 16:42:30 +02:00			`/*`
			`* This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each`
			`* certificate found in the p12 source data.`
			`*`
			`* cert: A decoded certificate.`
			`* default_nickname: The nickname as found in the source data.`
			`* Will be NULL if source data doesn't have nickname.`
			`* new_nickname: Output parameter that may contain the renamed nickname.`
			`* arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames.`
			`*`
			`* If the callback accept that NSS will use a nickname based on the`
			`* default_nickname (potentially resolving conflicts), then the callback`
			`* must set *new_nickname to NULL.`
			`*`
			`* If the callback wishes to override the nickname, it must set *new_nickname`
			`* to a new SECItem which should be allocated using`
			`* SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)`
			`* new_nickname->type should be set to siAsciiString, and new_nickname->data`
			`* must contain the new nickname as a zero terminated string.`
			`*`
			`* A return value of SECFailure indicates that the renaming operation failed,`
			`* and callback should release new_nickname before returning if it's already`
			`* being allocated.`
			`* Otherwise, the callback function must return SECSuccess, including use`
			`* default nickname as mentioned above.`
			`*/`
			`typedef SECStatus (PR_CALLBACK * SEC_PKCS12NicknameRenameCallback)(`
			`const CERTCertificate *cert,`
			`const SECItem *default_nickname,`
			`SECItem **new_nickname,`
			`void *arg);`
first commit 2015-10-21 05:03:22 +02:00
			`typedef SECStatus (PR_CALLBACK digestOpenFn)(void arg, PRBool readData);`
			`typedef SECStatus (PR_CALLBACK digestCloseFn)(void arg, PRBool removeFile);`
			`typedef int (PR_CALLBACK digestIOFn)(void arg, unsigned char *buf,`
			`unsigned long len);`

			`typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext;`
			`typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo;`
			`typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext;`
			`typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem;`

			`struct sec_PKCS12PasswordModeInfo {`
			`SECItem *password;`
			`SECOidTag algorithm;`
			`};`

			`struct sec_PKCS12PublicKeyModeInfo {`
			`CERTCertificate *cert;`
			`CERTCertDBHandle *certDb;`
			`SECOidTag algorithm;`
			`int keySize;`
			`};`

			`struct SEC_PKCS12DecoderItemStr {`
			`SECItem *der;`
			`SECOidTag type;`
			`PRBool hasKey;`
			`SECItem friendlyName; / UTF-8 string */`
			`SECAlgorithmID *shroudAlg;`
			`};`


			`SEC_BEGIN_PROTOS`

			`SEC_PKCS12SafeInfo *`
			`SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,`
			`CERTCertDBHandle *certDb,`
			`CERTCertificate *signer,`
			`CERTCertificate **recipients,`
			`SECOidTag algorithm, int keysize);`

			`extern SEC_PKCS12SafeInfo *`
			`SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,`
			`SECItem *pwitem, SECOidTag privAlg);`

			`extern SEC_PKCS12SafeInfo *`
			`SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt);`

			`extern SECStatus`
			`SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,`
			`SECItem *pwitem, SECOidTag integAlg);`
			`extern SECStatus`
			`SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,`
			`CERTCertificate cert, CERTCertDBHandle certDb,`
			`SECOidTag algorithm, int keySize);`

			`extern SEC_PKCS12ExportContext *`
			`SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,`
			`PK11SlotInfo slot, void wincx);`

			`extern SECStatus`
			`SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt,`
			`SEC_PKCS12SafeInfo safe, void nestedDest,`
			`CERTCertificate cert, CERTCertDBHandle certDb,`
			`SECItem *keyId, PRBool includeCertChain);`

			`extern SECStatus`
			`SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt,`
			`SEC_PKCS12SafeInfo *safe,`
			`void nestedDest, CERTCertificate cert,`
			`PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,`
			`SECItem keyId, SECItem nickName);`

			`extern SECStatus`
			`SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt,`
			`void certSafe, void certNestedDest,`
			`CERTCertificate cert, CERTCertDBHandle certDb,`
			`void keySafe, void keyNestedDest, PRBool shroudKey,`
			`SECItem *pwitem, SECOidTag algorithm,`
			`PRBool includeCertChain);`


			`extern SECStatus`
			`SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,`
			`void certSafe, void certNestedDest,`
			`CERTCertificate cert, CERTCertDBHandle certDb,`
			`void keySafe, void keyNestedDest,`
			`PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm);`

			`extern void *`
			`SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,`
			`void baseSafe, void nestedDest);`

			`extern SECStatus`
			`SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,`
			`SEC_PKCS12EncoderOutputCallback output, void *outputarg);`

			`extern void`
			`SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp);`

			`extern SEC_PKCS12DecoderContext *`
			`SEC_PKCS12DecoderStart(SECItem pwitem, PK11SlotInfo slot, void *wincx,`
			`digestOpenFn dOpen, digestCloseFn dClose,`
			`digestIOFn dRead, digestIOFn dWrite, void *dArg);`

			`extern SECStatus`
			`SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx,`
			`SECPKCS12TargetTokenCAs tokenCAs);`

			`extern SECStatus`
			`SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext p12dcx, unsigned char data,`
			`unsigned long len);`

			`extern void`
			`SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx);`

			`extern SECStatus`
			`SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx);`

			`extern SECStatus`
			`SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,`
			`SEC_PKCS12NicknameCollisionCallback nicknameCb);`

cherry-picked mozilla NSS upstream changes (to rev 82de44ead36f, which is on par with 3.18): bug1095307, bug1073330(backout), bug1084986, bug1050069, bug942172, bug1054547, bug532081, bug1096348, bug1058870, bug1093940, bug1102985, bug1112461, bug1094492, bug112029, bug1119983, bug1120685, bug1120691, bug1113632, bug863076, bug1082973, bug1124539, bug1117617, bug1117621, bug1121273, bug753136, bug921684, bug1132818, bug1125375, bug647690, bug1055441, bug1134455, bug975010, bug950369, bug1128367, bug1129573, bug1136095, bug1117897, bug1113453, bug1061725, bug1073330, bug1111901, bug1083900, bug1136095, bug1138820, bug1096741, bug1134548, bug345725, bug950348, bug950344, bug1151037, bug991783, bug1153994 2018-07-11 16:42:30 +02:00			`/*`
			`* SEC_PKCS12DecoderRenameCertNicknames() can be used to change`
			`* certificate nicknames in SEC_PKCS12DecoderContext, prior to calling`
			`* SEC_PKCS12DecoderImportBags.`
			`*`
			`* arg: User-defined data that will be passed to nicknameCb.`
			`*`
			`* If SEC_PKCS12DecoderRenameCertNicknames() is called after calling`
			`* SEC_PKCS12DecoderValidateBags(), then only the certificate nickname`
			`* will be changed.`
			`* If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling`
			`* SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags()`
			`* will change the nickname of the corresponding private key, too.`
			`*/`
			`extern SECStatus`
			`SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,`
			`SEC_PKCS12NicknameRenameCallback nicknameCb,`
			`void *arg);`


first commit 2015-10-21 05:03:22 +02:00			`extern SECStatus`
			`SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx);`

			`CERTCertList *`
			`SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx);`

			`SECStatus`
			`SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx);`

			`SECStatus`
			`SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx,`
			`const SEC_PKCS12DecoderItem **ipp);`

			`SEC_END_PROTOS`

			`#endif`