mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-16 04:20:32 +01:00
30d33aa8e8
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2736 lines
93 KiB
C
2736 lines
93 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
/*
|
|
* This file defines several platform independent functions to
|
|
* manipulate certificates and CRLs in a portable manner.
|
|
*
|
|
*/
|
|
|
|
#ifndef _PKIX_PL_PKI_H
|
|
#define _PKIX_PL_PKI_H
|
|
|
|
#include "pkixt.h"
|
|
#include "seccomon.h"
|
|
#include "certt.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* General
|
|
*
|
|
* Please refer to the libpkix Programmer's Guide for detailed information
|
|
* about how to use the libpkix library. Certain key warnings and notices from
|
|
* that document are repeated here for emphasis.
|
|
*
|
|
* All identifiers in this file (and all public identifiers defined in
|
|
* libpkix) begin with "PKIX_". Private identifiers only intended for use
|
|
* within the library begin with "pkix_".
|
|
*
|
|
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
|
|
*
|
|
* Unless otherwise noted, for all accessor (gettor) functions that return a
|
|
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
|
|
* shared object. Therefore, the caller should treat this shared object as
|
|
* read-only and should not modify this shared object. When done using the
|
|
* shared object, the caller should release the reference to the object by
|
|
* using the PKIX_PL_Object_DecRef function.
|
|
*
|
|
* While a function is executing, if its arguments (or anything referred to by
|
|
* its arguments) are modified, free'd, or destroyed, the function's behavior
|
|
* is undefined.
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* Cert
|
|
*
|
|
* A Cert represents an X.509 certificate. It can be created using the bytes
|
|
* of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The
|
|
* following functions include accessors (gettors) for the various components
|
|
* of an X.509 certificate. Also included are functions to perform various
|
|
* checks on a certificate, including name constraints, key usage, validity
|
|
* (expiration), and signature verification.
|
|
*/
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new certificate using the bytes in the ByteArray pointed to by
|
|
* "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1
|
|
* DER encoding of a certificate, a PKIX_Error pointer is returned. Once
|
|
* created, a Cert is immutable.
|
|
*
|
|
* Certificate ::= SEQUENCE {
|
|
* tbsCertificate TBSCertificate,
|
|
* signatureAlgorithm AlgorithmIdentifier,
|
|
* signatureValue BIT STRING }
|
|
*
|
|
* AlgorithmIdentifier ::= SEQUENCE {
|
|
* algorithm OBJECT IDENTIFIER,
|
|
* parameters ANY DEFINED BY algorithm OPTIONAL }
|
|
*
|
|
* TBSCertificate ::= SEQUENCE {
|
|
* version [0] EXPLICIT Version DEFAULT v1,
|
|
* serialNumber CertificateSerialNumber,
|
|
* signature AlgorithmIdentifier,
|
|
* issuer Name,
|
|
* validity Validity,
|
|
* subject Name,
|
|
* subjectPublicKeyInfo SubjectPublicKeyInfo,
|
|
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
* -- If present, version MUST be v2 or v3
|
|
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
* -- If present, version MUST be v2 or v3
|
|
* extensions [3] EXPLICIT Extensions OPTIONAL
|
|
* -- If present, version MUST be v3
|
|
* }
|
|
*
|
|
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
|
*
|
|
* CertificateSerialNumber ::= INTEGER
|
|
*
|
|
* Validity ::= SEQUENCE {
|
|
* notBefore Time,
|
|
* notAfter Time }
|
|
*
|
|
* Time ::= CHOICE {
|
|
* utcTime UTCTime,
|
|
* generalTime GeneralizedTime }
|
|
*
|
|
* UniqueIdentifier ::= BIT STRING
|
|
*
|
|
* SubjectPublicKeyInfo ::= SEQUENCE {
|
|
* algorithm AlgorithmIdentifier,
|
|
* subjectPublicKey BIT STRING }
|
|
*
|
|
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
|
*
|
|
* Extension ::= SEQUENCE {
|
|
* extnID OBJECT IDENTIFIER,
|
|
* critical BOOLEAN DEFAULT FALSE,
|
|
* extnValue OCTET STRING }
|
|
*
|
|
* PARAMETERS:
|
|
* "byteArray"
|
|
* Address of ByteArray representing the CERT's DER encoding.
|
|
* Must be non-NULL.
|
|
* "pCert"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_Create(
|
|
PKIX_PL_ByteArray *byteArray,
|
|
PKIX_PL_Cert **pCert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new certificate using passed in CERTCertificate object.
|
|
*
|
|
* PARAMETERS:
|
|
* "nssCert"
|
|
* The object that will be used to create new PKIX_PL_Cert.
|
|
* "pCert"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_CreateFromCERTCertificate(
|
|
const CERTCertificate *nssCert,
|
|
PKIX_PL_Cert **pCert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetCERTCertificate
|
|
* DESCRIPTION:
|
|
*
|
|
* Returns underlying CERTCertificate structure. Return CERTCertificate
|
|
* object is duplicated and should be destroyed by caller.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of PKIX_PL_Cert. Must be non-NULL.
|
|
* "pCert"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetCERTCertificate(
|
|
PKIX_PL_Cert *cert,
|
|
CERTCertificate **pnssCert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetVersion
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the version of the Cert pointed to by "cert" and stores it at
|
|
* "pVersion". The version number will either be 0, 1, or 2 (corresponding to
|
|
* v1, v2, or v3, respectively).
|
|
*
|
|
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose version is to be stored. Must be non-NULL.
|
|
* "pVersion"
|
|
* Address where PKIX_UInt32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetVersion(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_UInt32 *pVersion,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSerialNumber
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the BigInt that represents the serial number of the
|
|
* Cert pointed to by "cert" and stores it at "pSerialNumber".
|
|
*
|
|
* CertificateSerialNumber ::= INTEGER
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose serial number is to be stored. Must be non-NULL.
|
|
* "pSerial"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSerialNumber(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_BigInt **pSerial,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetIssuer
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the X500Name that represents the issuer DN of the
|
|
* Cert pointed to by "cert" and stores it at "pIssuer".
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose issuer is to be stored. Must be non-NULL.
|
|
* "pIssuer"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetIssuer(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_X500Name **pIssuer,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSubject
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the X500Name that represents the subject DN of the
|
|
* Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not
|
|
* have a subject DN, this function stores NULL at "pSubject".
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subject is to be stored. Must be non-NULL.
|
|
* "pSubject"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSubject(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_X500Name **pSubject,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the OID that represents the subject public key
|
|
* algorithm of the Cert pointed to by "cert" and stores it at
|
|
* "pSubjKeyAlgId".
|
|
*
|
|
* SubjectPublicKeyInfo ::= SEQUENCE {
|
|
* algorithm AlgorithmIdentifier,
|
|
* subjectPublicKey BIT STRING }
|
|
*
|
|
* AlgorithmIdentifier ::= SEQUENCE {
|
|
* algorithm OBJECT IDENTIFIER,
|
|
* parameters ANY DEFINED BY algorithm OPTIONAL }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subject public key algorithm OID is to be stored.
|
|
* Must be non-NULL.
|
|
* "pSubjKeyAlgId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_OID **pSubjKeyAlgId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the PublicKey that represents the subject public key
|
|
* of the Cert pointed to by "cert" and stores it at "pPublicKey".
|
|
*
|
|
* SubjectPublicKeyInfo ::= SEQUENCE {
|
|
* algorithm AlgorithmIdentifier,
|
|
* subjectPublicKey BIT STRING }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subject public key is to be stored.
|
|
* Must be non-NULL.
|
|
* "pPublicKey"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSubjectPublicKey(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_PublicKey **pPublicKey,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
|
|
* DESCRIPTION:
|
|
*
|
|
* Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null
|
|
* parameters and stores the result at "pNeedsParams".
|
|
*
|
|
* PARAMETERS:
|
|
* "pubKey"
|
|
* Address of the Public Key of interest. Must be non-NULL.
|
|
* "pNeedsParams"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a PublicKey Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_PublicKey_NeedsDSAParameters(
|
|
PKIX_PL_PublicKey *pubKey,
|
|
PKIX_Boolean *pNeedsParams,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
|
|
* DESCRIPTION:
|
|
*
|
|
* This function is used for DSA key parameter inheritance, which allows a
|
|
* first DSA key with omitted parameters (pointed to by "firstKey") to inherit
|
|
* the PQG parameters of a second DSA key that does have parameters. (pointed
|
|
* to by "secondKey"). Once created, a PublicKey is immutable.
|
|
*
|
|
* Specifically, the algorithm used by the function is:
|
|
*
|
|
* If the first PublicKey is not a DSA public key with omitted parameters,
|
|
* the function stores NULL at "pResultKey". (No Error is returned)
|
|
* Else if the second PublicKey is not a DSA public key with non-NULL,
|
|
* parameters, the function returns an Error.
|
|
* Else
|
|
* the function creates a third PublicKey with a "Y" value from the
|
|
* first PublicKey and the DSA parameters from the second PublicKey,
|
|
* and stores it at "pResultKey".
|
|
*
|
|
* PARAMETERS:
|
|
* "firstKey"
|
|
* Address of a Public Key that needs to inherit DSA parameters.
|
|
* Must be non-NULL.
|
|
* "secondKey"
|
|
* Address of a Public Key that has DSA parameters that will be inherited
|
|
* by "firstKey". Must be non-NULL.
|
|
* "pResultKey"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a PublicKey Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
|
|
PKIX_PL_PublicKey *firstKey,
|
|
PKIX_PL_PublicKey *secondKey,
|
|
PKIX_PL_PublicKey **pResultKey,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of OIDs (each OID corresponding to a
|
|
* critical extension of the Cert pointed to by "cert") and stores it at
|
|
* "pExtensions". If "cert" does not have any critical extensions, this
|
|
* function stores an empty List at "pExtensions".
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose critical extension OIDs are to be stored.
|
|
* Must be non-NULL.
|
|
* "pExtensions"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetCriticalExtensionOIDs(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a ByteArray representing the authority key
|
|
* identifier extension of the Cert pointed to by "cert" and stores it at
|
|
* "pAuthKeyId".
|
|
*
|
|
* Note that this function only retrieves the keyIdentifier component
|
|
* (OCTET STRING) of the AuthorityKeyIdentifier extension, when present.
|
|
*
|
|
* If "cert" does not have an AuthorityKeyIdentifier extension or if the
|
|
* keyIdentifier component of the AuthorityKeyIdentifier extension is not
|
|
* present, this function stores NULL at "pAuthKeyId".
|
|
*
|
|
* AuthorityKeyIdentifier ::= SEQUENCE {
|
|
* keyIdentifier [0] KeyIdentifier OPTIONAL,
|
|
* authorityCertIssuer [1] GeneralNames OPTIONAL,
|
|
* authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose authority key identifier is to be stored.
|
|
* Must be non-NULL.
|
|
* "pAuthKeyId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetAuthorityKeyIdentifier(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_ByteArray **pAuthKeyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a ByteArray representing the subject key identifier
|
|
* extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId".
|
|
* If "cert" does not have a SubjectKeyIdentifier extension, this function
|
|
* stores NULL at "pSubjKeyId".
|
|
*
|
|
* SubjectKeyIdentifier ::= KeyIdentifier
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subject key identifier is to be stored.
|
|
* Must be non-NULL.
|
|
* "pSubjKeyId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSubjectKeyIdentifier(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_ByteArray **pSubjKeyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSubjectAltNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of GeneralNames (each GeneralName
|
|
* representing a subject alternative name found in the subject alternative
|
|
* names extension of the Cert pointed to by "cert") and stores it at
|
|
* "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames
|
|
* extension, this function stores NULL at "pSubjectAltNames".
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* SubjectAltName ::= GeneralNames
|
|
*
|
|
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
|
*
|
|
* GeneralName ::= CHOICE {
|
|
* otherName [0] OtherName,
|
|
* rfc822Name [1] IA5String,
|
|
* dNSName [2] IA5String,
|
|
* x400Address [3] ORAddress,
|
|
* directoryName [4] Name,
|
|
* ediPartyName [5] EDIPartyName,
|
|
* uniformResourceIdentifier [6] IA5String,
|
|
* iPAddress [7] OCTET STRING,
|
|
* registeredID [8] OBJECT IDENTIFIER }
|
|
*
|
|
* OtherName ::= SEQUENCE {
|
|
* type-id OBJECT IDENTIFIER,
|
|
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
|
*
|
|
* EDIPartyName ::= SEQUENCE {
|
|
* nameAssigner [0] DirectoryString OPTIONAL,
|
|
* partyName [1] DirectoryString }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subjectAltNames are to be stored.
|
|
* Must be non-NULL.
|
|
* "pSubjectAltNames"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSubjectAltNames(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetAllSubjectNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of GeneralNames (each GeneralName
|
|
* representing a subject DN or a subject alternative name found in the
|
|
* subject alternative names extension of the Cert pointed to by "cert") and
|
|
* stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and
|
|
* it does not have a SubjectAlternativeNames extension, this function stores
|
|
* NULL at "pAllSubjectNames".
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subject DN and subjectAltNames are to be stored.
|
|
* Must be non-NULL.
|
|
* "pAllSubjectNames"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetAllSubjectNames(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a List of OIDs (each OID corresponding to an
|
|
* extended key usage of the Cert pointed to by "cert") and stores it at
|
|
* "pKeyUsage". If "cert" does not have an extended key usage extension, this
|
|
* function stores a NULL at "pKeyUsage".
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
|
*
|
|
* KeyPurposeId ::= OBJECT IDENTIFIER
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose extended key usage OIDs are to be stored.
|
|
* Must be non-NULL.
|
|
* "pKeyUsage"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetExtendedKeyUsage(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetNameConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a CertNameConstraints object representing the name
|
|
* constraints extension of the Cert pointed to by "cert" and stores it at
|
|
* "pNameConstraints".
|
|
*
|
|
* If "cert" does not have a name constraints extension, this function stores
|
|
* NULL at "pNameConstraints".
|
|
*
|
|
* NameConstraints ::= SEQUENCE {
|
|
* permittedSubtrees [0] GeneralSubtrees OPTIONAL,
|
|
* excludedSubtrees [1] GeneralSubtrees OPTIONAL }
|
|
*
|
|
* GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
|
|
*
|
|
* GeneralSubtree ::= SEQUENCE {
|
|
* base GeneralName,
|
|
* minimum [0] BaseDistance DEFAULT 0,
|
|
* maximum [1] BaseDistance OPTIONAL }
|
|
*
|
|
* BaseDistance ::= INTEGER (0..MAX)
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose name constraints extension is to be stored.
|
|
* Must be non-NULL.
|
|
* "pNameConstraints"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetNameConstraints(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_CertNameConstraints **pNameConstraints,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetBasicConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a CertBasicConstraints object representing the basic
|
|
* constraints extension of the Cert pointed to by "cert" and stores it at
|
|
* "pBasicConstraints".
|
|
*
|
|
* If "cert" does not have a basic constraints extension, this function stores
|
|
* NULL at "pBasicConstraints". Once created, a CertBasicConstraints object
|
|
* is immutable.
|
|
*
|
|
* BasicConstraints ::= SEQUENCE {
|
|
* cA BOOLEAN DEFAULT FALSE,
|
|
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose basic constraints extension is to be stored.
|
|
* Must be non-NULL.
|
|
* "pBasicConstraints"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetBasicConstraints(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_CertBasicConstraints **pBasicConstraints,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a Boolean value representing the cA Flag component
|
|
* of the CertBasicConstraints object pointed to by "basicConstraints" and
|
|
* stores it at "pResult".
|
|
*
|
|
* BasicConstraints ::= SEQUENCE {
|
|
* cA BOOLEAN DEFAULT FALSE,
|
|
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
|
*
|
|
* PARAMETERS:
|
|
* "basicConstraints"
|
|
* Address of CertBasicConstraints whose cA Flag is to be stored.
|
|
* Must be non-NULL.
|
|
* "pResult"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_BasicConstraints_GetCAFlag(
|
|
PKIX_PL_CertBasicConstraints *basicConstraints,
|
|
PKIX_Boolean *pResult,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to an integer value representing the pathLenConstraint
|
|
* component of the CertBasicConstraints object pointed to by
|
|
* "basicConstraints" and stores it at "pPathLenConstraint". If the
|
|
* pathLenConstraint component is not present, this function stores -1 at
|
|
* "pPathLenConstraint".
|
|
*
|
|
* PARAMETERS:
|
|
* "basicConstraints"
|
|
* Address of CertBasicConstraints whose pathLen is to be stored.
|
|
* Must be non-NULL.
|
|
* "pPathLenConstraint"
|
|
* Address where PKIX_Int32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_BasicConstraints_GetPathLenConstraint(
|
|
PKIX_PL_CertBasicConstraints *basicConstraints,
|
|
PKIX_Int32 *pPathLenConstraint,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetPolicyInformation
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a List of CertPolicyInfos found in the certificate
|
|
* policies extension of the Cert pointed to by "cert" and stores it at
|
|
* "pPolicyInfo". If "cert" does not have a certificate policies extension,
|
|
* this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo
|
|
* object is immutable.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
|
|
*
|
|
* PolicyInformation ::= SEQUENCE {
|
|
* policyIdentifier CertPolicyId,
|
|
* policyQualifiers SEQUENCE SIZE (1..MAX) OF
|
|
* PolicyQualifierInfo OPTIONAL }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose CertPolicyInfos are to be stored.
|
|
* Must be non-NULL.
|
|
* "pPolicyInfo"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetPolicyInformation(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to an OID representing the policyIdentifier of the
|
|
* CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId".
|
|
*
|
|
* certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
|
|
*
|
|
* PolicyInformation ::= SEQUENCE {
|
|
* policyIdentifier CertPolicyId,
|
|
* policyQualifiers SEQUENCE SIZE (1..MAX) OF
|
|
* PolicyQualifierInfo OPTIONAL }
|
|
*
|
|
* CertPolicyId ::= OBJECT IDENTIFIER
|
|
*
|
|
* PARAMETERS:
|
|
* "policyInfo"
|
|
* Address of CertPolicyInfo whose policy identifier is to be stored.
|
|
* Must be non-NULL.
|
|
* "pCertPolicyId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CertPolicyInfo_GetPolicyId(
|
|
PKIX_PL_CertPolicyInfo *policyInfo,
|
|
PKIX_PL_OID **pCertPolicyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a List of the CertPolicyQualifiers representing
|
|
* the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and
|
|
* stores it at "pPolicyQualifiers". If "policyInfo" does not have any
|
|
* policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once
|
|
* created, a CertPolicyQualifier is immutable.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
|
|
*
|
|
* PolicyInformation ::= SEQUENCE {
|
|
* policyIdentifier CertPolicyId,
|
|
* policyQualifiers SEQUENCE SIZE (1..MAX) OF
|
|
* PolicyQualifierInfo OPTIONAL }
|
|
*
|
|
* PolicyQualifierInfo ::= SEQUENCE {
|
|
* policyQualifierId PolicyQualifierId,
|
|
* qualifier ANY DEFINED BY policyQualifierId }
|
|
*
|
|
* PARAMETERS:
|
|
* "policyInfo"
|
|
* Address of CertPolicyInfo whose policy qualifiers List is to be stored.
|
|
* Must be non-NULL.
|
|
* "pPolicyQualifiers"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CertPolicyInfo_GetPolQualifiers(
|
|
PKIX_PL_CertPolicyInfo *policyInfo,
|
|
PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to an OID representing the policyQualifierId of the
|
|
* CertPolicyQualifier pointed to by "policyQualifier" and stores it at
|
|
* "pPolicyQualifierId".
|
|
*
|
|
* PolicyQualifierInfo ::= SEQUENCE {
|
|
* policyQualifierId PolicyQualifierId,
|
|
* qualifier ANY DEFINED BY policyQualifierId }
|
|
*
|
|
* PolicyQualifierId ::=
|
|
* OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
|
|
*
|
|
* PARAMETERS:
|
|
* "policyQualifier"
|
|
* Address of CertPolQualifier whose policyQualifierId is to be stored.
|
|
* Must be non-NULL.
|
|
* "pPolicyQualifierId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
|
|
PKIX_PL_CertPolicyQualifier *policyQualifier,
|
|
PKIX_PL_OID **pPolicyQualifierId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a ByteArray representing the qualifier of the
|
|
* CertPolicyQualifier pointed to by "policyQualifier" and stores it at
|
|
* "pQualifier".
|
|
*
|
|
* PolicyQualifierInfo ::= SEQUENCE {
|
|
* policyQualifierId PolicyQualifierId,
|
|
* qualifier ANY DEFINED BY policyQualifierId }
|
|
*
|
|
* PARAMETERS:
|
|
* "policyQualifier"
|
|
* Address of CertPolicyQualifier whose qualifier is to be stored.
|
|
* Must be non-NULL.
|
|
* "pQualifier"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_PolicyQualifier_GetQualifier(
|
|
PKIX_PL_CertPolicyQualifier *policyQualifier,
|
|
PKIX_PL_ByteArray **pQualifier,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetPolicyMappings
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a List of CertPolicyMaps found in the policy
|
|
* mappings extension of the Cert pointed to by "cert" and stores it at
|
|
* "pPolicyMappings". If "cert" does not have a policy mappings extension,
|
|
* this function stores NULL at "pPolicyMappings". Once created, a
|
|
* CertPolicyMap is immutable.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
|
* issuerDomainPolicy CertPolicyId,
|
|
* subjectDomainPolicy CertPolicyId }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose CertPolicyMaps are to be stored.
|
|
* Must be non-NULL.
|
|
* "pPolicyMappings"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetPolicyMappings(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to an OID representing the issuerDomainPolicy of the
|
|
* CertPolicyMap pointed to by "policyMapping" and stores it at
|
|
* "pIssuerDomainPolicy".
|
|
*
|
|
* PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
|
* issuerDomainPolicy CertPolicyId,
|
|
* subjectDomainPolicy CertPolicyId }
|
|
*
|
|
* PARAMETERS:
|
|
* "policyMapping"
|
|
* Address of CertPolicyMap whose issuerDomainPolicy is to be stored.
|
|
* Must be non-NULL.
|
|
* "pIssuerDomainPolicy"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
|
|
PKIX_PL_CertPolicyMap *policyMapping,
|
|
PKIX_PL_OID **pIssuerDomainPolicy,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to an OID representing the subjectDomainPolicy of the
|
|
* CertPolicyMap pointed to by "policyMapping" and stores it at
|
|
* "pSubjectDomainPolicy".
|
|
*
|
|
* PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
|
* issuerDomainPolicy CertPolicyId,
|
|
* subjectDomainPolicy CertPolicyId }
|
|
*
|
|
* PARAMETERS:
|
|
* "policyMapping"
|
|
* Address of CertPolicyMap whose subjectDomainPolicy is to be stored.
|
|
* Must be non-NULL.
|
|
* "pSubjectDomainPolicy"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
|
|
PKIX_PL_CertPolicyMap *policyMapping,
|
|
PKIX_PL_OID **pSubjectDomainPolicy,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the requireExplicitPolicy value of the policy constraints
|
|
* extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
|
|
* If "cert" does not have a policy constraints extension or the
|
|
* requireExplicitPolicy component is not populated, this function stores -1
|
|
* at "pSkipCerts".
|
|
*
|
|
* PolicyConstraints ::= SEQUENCE {
|
|
* requireExplicitPolicy [0] SkipCerts OPTIONAL,
|
|
* inhibitPolicyMapping [1] SkipCerts OPTIONAL }
|
|
*
|
|
* SkipCerts ::= INTEGER (0..MAX)
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose requireExplicitPolicy value is to be stored.
|
|
* Must be non-NULL.
|
|
* "pSkipCerts"
|
|
* Address where PKIX_Int32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetRequireExplicitPolicy(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Int32 *pSkipCerts,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the inhibitPolicyMapping value of the policy constraints
|
|
* extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
|
|
* If "cert" does not have a policy constraints extension or the
|
|
* inhibitPolicyMapping component is not populated, this function stores -1
|
|
* at "pSkipCerts".
|
|
*
|
|
* PolicyConstraints ::= SEQUENCE {
|
|
* requireExplicitPolicy [0] SkipCerts OPTIONAL,
|
|
* inhibitPolicyMapping [1] SkipCerts OPTIONAL }
|
|
*
|
|
* SkipCerts ::= INTEGER (0..MAX)
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose requireExplicitPolicy value is to be stored.
|
|
* Must be non-NULL.
|
|
* "pSkipCerts"
|
|
* Address where PKIX_Int32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetPolicyMappingInhibited(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Int32 *pSkipCerts,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value of the inhibit any-policy extension of the Cert
|
|
* pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have
|
|
* an inhibit any-policy extension, this function stores -1 at "pSkipCerts".
|
|
*
|
|
* InhibitAnyPolicy ::= SkipCerts
|
|
*
|
|
* SkipCerts ::= INTEGER (0..MAX)
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose inhibit any-policy extensions value is to be
|
|
* stored. Must be non-NULL.
|
|
* "pSkipCerts"
|
|
* Address where PKIX_Int32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetInhibitAnyPolicy(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Int32 *pSkipCerts,
|
|
void *plContext);
|
|
|
|
/* policy processing functions */
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks whether the certificate policies extension of the Cert pointed to
|
|
* by "cert" is critical and stores the Boolean result at "pCritical". If
|
|
* "cert" does not have a certificate policies extension, this function
|
|
* stores NULL at "pCritical".
|
|
*
|
|
* XXX what distinguishes NULL from PKIX_FALSE?
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose certificate policies extension's criticality is
|
|
* to be determined. Must be non-NULL.
|
|
* "pCritical"
|
|
* Address where PKIX_Boolean will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_AreCertPoliciesCritical(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Boolean *pCritical,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_CheckNameConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks whether the subject distinguished name and subject alternative names
|
|
* of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed
|
|
* to by "nameConstraints". If the CertNameConstraints are not satisfied, a
|
|
* PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function
|
|
* does nothing.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose subject names are to be checked.
|
|
* Must be non-NULL.
|
|
* "nameConstraints"
|
|
* Address of CertNameConstraints that need to be satisfied.
|
|
* "treatCommonNameAsDNSName"
|
|
* PKIX_TRUE if the subject common name should be considered a dNSName
|
|
* when evaluating name constraints.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_CheckNameConstraints(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_CertNameConstraints *nameConstraints,
|
|
PKIX_Boolean treatCommonNameAsDNSName,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_MergeNameConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Merges the CertNameConstraints pointed to by "firstNC" and the
|
|
* CertNameConstraints pointed to by "secondNC" and stores the merged
|
|
* CertNameConstraints at "pResultNC". If "secondNC" is NULL, the
|
|
* CertNameConstraints pointed to by "firstNC" is stored at "pResultNC".
|
|
*
|
|
* Once created, a CertNameConstraints object is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "firstNC"
|
|
* Address of first CertNameConstraints to be merged. Must be non-NULL.
|
|
* "secondNC"
|
|
* Address of second CertNameConstraints to be merged
|
|
* "pResultNC"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_MergeNameConstraints(
|
|
PKIX_PL_CertNameConstraints *firstNC,
|
|
PKIX_PL_CertNameConstraints *secondNC,
|
|
PKIX_PL_CertNameConstraints **pResultNC,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_VerifyKeyUsage
|
|
* DESCRIPTION:
|
|
*
|
|
* Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the
|
|
* keyUsage extension of the Cert pointed to by "cert". The keyUsage bit
|
|
* values specified in pkixt.h are supported, and can be bitwise or'ed if
|
|
* multiple bit values are to be verified. If the keyUsages do not all appear
|
|
* in the keyUsage extension of "cert", a PKIX_Error pointer is returned.
|
|
*
|
|
* KeyUsage ::= BIT STRING {
|
|
* digitalSignature (0),
|
|
* nonRepudiation (1),
|
|
* keyEncipherment (2),
|
|
* dataEncipherment (3),
|
|
* keyAgreement (4),
|
|
* keyCertSign (5),
|
|
* cRLSign (6),
|
|
* encipherOnly (7),
|
|
* decipherOnly (8) }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose keyUsage bits are to be verified.
|
|
* Must be non-NULL.
|
|
* "keyUsage"
|
|
* Constant representing keyUsage bit(s) that all must appear in keyUsage
|
|
* extension of "cert".
|
|
* "plContext" - Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_VerifyKeyUsage(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_UInt32 keyUsage,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType
|
|
* DESCRIPTION:
|
|
*
|
|
* Verifies cert and key types against certificate usage that is
|
|
* a part of plContext(pkix_pl_nsscontext) structure. Throws an error
|
|
* if cert or key types does not match.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose keyUsage bits are to be verified.
|
|
* Must be non-NULL.
|
|
* "isLeafCert"
|
|
* What type of a cert has been verified.
|
|
* "plContext" - Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_VerifyCertAndKeyType(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Boolean isChainCert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_CheckValidity
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks whether the Cert pointed to by "cert" would be valid at the time
|
|
* represented by the Date pointed to by "date". If "date" is NULL, then this
|
|
* function checks whether the Cert would be valid at the current time. If the
|
|
* Cert would not be valid at the specified Date, a PKIX_Error pointer is
|
|
* returned.
|
|
*
|
|
* Validity ::= SEQUENCE {
|
|
* notBefore Time,
|
|
* notAfter Time }
|
|
*
|
|
* Time ::= CHOICE {
|
|
* utcTime UTCTime,
|
|
* generalTime GeneralizedTime }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose validity is to be checked. Must be non-NULL.
|
|
* "date"
|
|
* Address of Date at which the Cert is being checked for validity.
|
|
* If NULL, the current time is used for the Date.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_CheckValidity(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_Date *date,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetValidityNotAfter
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the Date that represents the notAfter time of the
|
|
* Certificate pointed to by "cert" and stores it at "pDate".
|
|
*
|
|
* Validity ::= SEQUENCE {
|
|
* notBefore Time,
|
|
* notAfter Time }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose validity time is to be retrieved. Must be
|
|
* non-NULL.
|
|
* "date"
|
|
* Address of Date at which the Cert's notAfter time is being retrieved.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetValidityNotAfter(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_Date **pDate,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_VerifySignature
|
|
* DESCRIPTION:
|
|
*
|
|
* Verifies the signature on the Cert pointed to by "cert" using the
|
|
* PublicKey pointed to by "pubKey". If the signature doesn't verify, an
|
|
* Error pointer is returned.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose signature is to be verified. Must be non-NULL.
|
|
* "pubKey"
|
|
* Address of a Public Key used to verify the signature. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_VerifySignature(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_PublicKey *pubKey,
|
|
void *plContext);
|
|
|
|
/* A set of flags to indicate how explicitly configured trust anchors should be
|
|
* handled by PKIX_PL_Cert_IsCertTrusted
|
|
*/
|
|
typedef enum PKIX_PL_TrustAnchorModeEnum {
|
|
/* Indicates trust anchors should be ignored; only the underlying
|
|
* platform's trust settings should be used.
|
|
*/
|
|
PKIX_PL_TrustAnchorMode_Ignore,
|
|
|
|
/* Indicates that explicitly configured trust anchors may be considered
|
|
* trustworthy, if present.
|
|
* Note: If the underlying platform supports marking a certificate as
|
|
* explicitly untrustworthy, explicitly configured trust anchors
|
|
* MAY be ignored/rejected.
|
|
*/
|
|
PKIX_PL_TrustAnchorMode_Additive,
|
|
|
|
/* Indicates that ONLY trust anchors should be considered as
|
|
* trustworthy.
|
|
* Note: If the underlying platform supports marking a certificate as
|
|
* explicitly untrustworthy, explicitly configured trust anchors
|
|
* MAY be ignored/rejected.
|
|
*/
|
|
PKIX_PL_TrustAnchorMode_Exclusive
|
|
} PKIX_PL_TrustAnchorMode;
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_IsCertTrusted
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks the Cert specified by "cert" to determine, in a manner that depends
|
|
* on the underlying platform, whether it is trusted, and stores the result in
|
|
* "pTrusted". If a certificate is trusted it means that a chain built to that
|
|
* certificate, and satisfying all the usage, policy, validity, and other
|
|
* tests, is a valid chain and the End Entity certificate from which it was
|
|
* built can be trusted.
|
|
*
|
|
* If the Certificate is not intrinsically trustworthy, it still might end up a
|
|
* component in a successful chain.
|
|
*
|
|
* If the Certificate is intrinsically untrustworthy, this function will return
|
|
* an error.
|
|
*
|
|
* PARAMETERS
|
|
* "cert"
|
|
* Address of Cert whose trustworthiness is to be determined. Must be
|
|
* non-NULL.
|
|
* "trustAnchorMode"
|
|
* A PKIX_PL_TrustAnchorMode that indicates how explicitly defined user
|
|
* trust anchors should be handled.
|
|
* "pTrusted"
|
|
* Address where the Boolean value will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CERT Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_IsCertTrusted(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_PL_TrustAnchorMode trustAnchorMode,
|
|
PKIX_Boolean *pTrusted,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks the Leaf Cert specified by "cert" to determine, in a manner that
|
|
* depends on the underlying platform, whether it is trusted, and stores the
|
|
* result in "pTrusted". If a certificate is trusted it means that this
|
|
* End Entify certificate has been marked as trusted for the requested usage,
|
|
* policy, validity, and other tests.
|
|
*
|
|
* If the Certificate is not intrinsically trustworthy, we can still try to
|
|
* build a successful chain.
|
|
*
|
|
* If the Certificate is intrinsically untrustworthy, this function will return
|
|
* an error.
|
|
*
|
|
* PARAMETERS
|
|
* "cert"
|
|
* Address of Cert whose trustworthiness is to be determined. Must be
|
|
* non-NULL.
|
|
* "pTrusted"
|
|
* Address where the Boolean value will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CERT Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_IsLeafCertTrusted(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Boolean *pTrusted,
|
|
void *plContext);
|
|
|
|
/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
|
|
PKIX_Error*
|
|
PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetCacheFlag
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value of the cache flag in "cert" and return it at address
|
|
* pointed by "pCacheFlag". The initila cache flag is determined by the
|
|
* CertStore this "cert" is fetched from. When CertStore is created, user
|
|
* need to specify if the data should be cached.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose cache flag is fetched. Must be non-NULL.
|
|
* "pCacheFlag"
|
|
* Address where PKIX_Boolean will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetCacheFlag(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Boolean *pCacheFlag,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_SetCacheFlag
|
|
* DESCRIPTION:
|
|
*
|
|
* Set the value of the cache flag in "cert" base on the boolean value stored
|
|
* at "cacheFlag". This function is meant to be used by CertStore after a
|
|
* Cert is created.
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert where "cacheFlag" is stored. Must be non-NULL.
|
|
* "cacheFlag"
|
|
* PKIX_Boolean flag for cache flag.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_SetCacheFlag(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_Boolean cacheFlag,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetTrustCertStore
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value of the CertStore in "cert" and return it at address
|
|
* pointed by "pCertStore".
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose CertStore is fetched. Must be non-NULL.
|
|
* "pTrustCertStore"
|
|
* Address where CertStore will be stored and returned. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetTrustCertStore(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_CertStore **pTrustCertStore,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_SetTrustCertStore
|
|
* DESCRIPTION:
|
|
*
|
|
* Set the value of the CertStore "certStore" in "cert".
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert where "certStore" will be stored. Must be non-NULL.
|
|
* "trustCertStore"
|
|
* Address where the CertStore is. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_SetTrustCertStore(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_CertStore *trustCertStore,
|
|
void *plContext);
|
|
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value(s) of the Authority Information Access in "cert" and
|
|
* returns it in a list at address pointed by "pAuthorityInfoAccess".
|
|
*
|
|
* SubjectInfoAccess ::=
|
|
* SEQUENCE SIZE (1..MAX) of AccessDescription
|
|
* AccessDescription ::= SEQUENCE {
|
|
* accessMethod OBJECT IDENTIFIER,
|
|
* accessLocation GeneralName
|
|
* }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose Authority Information Access is fetched.
|
|
* Must be non-NULL.
|
|
* "pAuthorityInfoAccess"
|
|
* Address where Authority InfoAccess will be stored and returned.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetAuthorityInfoAccess(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
|
|
void *plContext);
|
|
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value(s) of the Subject Information Access in "cert" and
|
|
* returns it in a list at address pointed by "pSubjectInfoAccess".
|
|
*
|
|
* SubjectInfoAccess ::=
|
|
* SEQUENCE SIZE (1..MAX) of AccessDescription
|
|
* AccessDescription ::= SEQUENCE {
|
|
* accessMethod OBJECT IDENTIFIER,
|
|
* accessLocation GeneralName
|
|
* }
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose Subject Information Access is fetched.
|
|
* Must be non-NULL.
|
|
* "pSubjectInfoAccess"
|
|
* Address where Subject InfoAccess will be stored and returned.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetSubjectInfoAccess(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
|
|
void *plContext);
|
|
|
|
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Cert_GetCrlDp
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value(s) of the CRL Distribution Point Extension and
|
|
* returns it in a list at address pointed by "pDpList".
|
|
*
|
|
* PARAMETERS:
|
|
* "cert"
|
|
* Address of Cert whose Subject Information Access is fetched.
|
|
* Must be non-NULL.
|
|
* "pDpList"
|
|
* Address where CRL DP will be stored and returned.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert,
|
|
PKIX_List **pDpList,
|
|
void *plContext);
|
|
|
|
|
|
/*
|
|
* InfoAccess
|
|
*
|
|
* To hold Authority Information Access or Subject Information Access
|
|
* retrieved from a Certificate.
|
|
*/
|
|
|
|
#define PKIX_INFOACCESS_OCSP 1
|
|
#define PKIX_INFOACCESS_CA_ISSUERS 2
|
|
#define PKIX_INFOACCESS_TIMESTAMPING 3
|
|
#define PKIX_INFOACCESS_CA_REPOSITORY 5
|
|
|
|
#define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
|
|
#define PKIX_INFOACCESS_LOCATION_HTTP 1
|
|
#ifndef NSS_PKIX_NO_LDAP
|
|
#define PKIX_INFOACCESS_LOCATION_LDAP 2
|
|
#endif
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_InfoAccess_GetMethod
|
|
* DESCRIPTION:
|
|
*
|
|
* Stores the method of the Information Access from "infoAccess" and
|
|
* returns in "pMethod".
|
|
*
|
|
* SubjectInfoAccess ::=
|
|
* AccessDescription ::= SEQUENCE {
|
|
* accessMethod OBJECT IDENTIFIER,
|
|
* accessLocation GeneralName
|
|
* }
|
|
*
|
|
* PARAMETERS:
|
|
* "infoAccess"
|
|
* Address of PKIX_PL_InfoAccess that has the access data.
|
|
* Must be non-NULL.
|
|
* "pMethod"
|
|
* Address where access method will be stored and returned.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_InfoAccess_GetMethod(
|
|
PKIX_PL_InfoAccess *infoAccess,
|
|
PKIX_UInt32 *pMethod,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_InfoAccess_GetLocation
|
|
* DESCRIPTION:
|
|
*
|
|
* Stores the location of the Information Access from "infoAccess" and
|
|
* returns in "pLocation".
|
|
*
|
|
* SubjectInfoAccess ::=
|
|
* AccessDescription ::= SEQUENCE {
|
|
* accessMethod OBJECT IDENTIFIER,
|
|
* accessLocation GeneralName
|
|
* }
|
|
*
|
|
* PARAMETERS:
|
|
* "infoAccess"
|
|
* Address of PKIX_PL_InfoAccess that has the access data.
|
|
* Must be non-NULL.
|
|
* "pLocation"
|
|
* Address where access location will be stored and returned.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_InfoAccess_GetLocation(
|
|
PKIX_PL_InfoAccess *infoAccess,
|
|
PKIX_PL_GeneralName **pLocation,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_InfoAccess_GetLocationType
|
|
* DESCRIPTION:
|
|
*
|
|
* Stores the type of location of the Information Access from "infoAccess" and
|
|
* returns in "pType".
|
|
*
|
|
* SubjectInfoAccess ::=
|
|
* AccessDescription ::= SEQUENCE {
|
|
* accessMethod OBJECT IDENTIFIER,
|
|
* accessLocation GeneralName
|
|
* }
|
|
*
|
|
* PARAMETERS:
|
|
* "infoAccess"
|
|
* Address of PKIX_PL_InfoAccess that has the access data.
|
|
* Must be non-NULL.
|
|
* "pType"
|
|
* Address where access location type will be stored and returned.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Cert Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_InfoAccess_GetLocationType(
|
|
PKIX_PL_InfoAccess *infoAccess,
|
|
PKIX_UInt32 *pType,
|
|
void *plContext);
|
|
|
|
PKIX_Error *
|
|
pkix_pl_InfoAccess_GetAIACerts(
|
|
PKIX_PL_InfoAccess *ia,
|
|
void **pNBIOContext,
|
|
void **pHandle,
|
|
PKIX_List **pCerts,
|
|
void *plContext);
|
|
|
|
/*
|
|
* CRL
|
|
*
|
|
* A CRL represents an X.509 certificate revocation list. It can be created
|
|
* using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is
|
|
* immutable. The following functions include accessors (gettors) for the
|
|
* various components of an X.509 CRL, as well as a function for signature
|
|
* verification.
|
|
*/
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new CRL using the bytes in the ByteArray pointed to by
|
|
* "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1
|
|
* DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a
|
|
* CRL is immutable.
|
|
*
|
|
* CertificateList ::= SEQUENCE {
|
|
* tbsCertList TBSCertList,
|
|
* signatureAlgorithm AlgorithmIdentifier,
|
|
* signatureValue BIT STRING }
|
|
*
|
|
* TBSCertList ::= SEQUENCE {
|
|
* version Version OPTIONAL,
|
|
* -- if present, MUST be v2
|
|
* signature AlgorithmIdentifier,
|
|
* issuer Name,
|
|
* thisUpdate Time,
|
|
* nextUpdate Time OPTIONAL,
|
|
* revokedCertificates SEQUENCE OF SEQUENCE {
|
|
* userCertificate CertificateSerialNumber,
|
|
* revocationDate Time,
|
|
* crlEntryExtensions Extensions OPTIONAL
|
|
* -- if present, MUST be v2
|
|
* } OPTIONAL,
|
|
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
|
* -- if present, MUST be v2
|
|
* }
|
|
*
|
|
* PARAMETERS:
|
|
* "byteArray"
|
|
* Address of ByteArray representing the CRL's DER encoding.
|
|
* Must be non-NULL.
|
|
* "pCRL"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_Create(
|
|
PKIX_PL_ByteArray *byteArray,
|
|
PKIX_PL_CRL **pCRL,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_GetIssuer
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the X500Name that represents the issuer of the CRL
|
|
* pointed to by "crl" and stores it at "pCRLIssuer".
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose issuer is to be stored. Must be non-NULL.
|
|
* "pCRLIssuer"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_GetIssuer(
|
|
PKIX_PL_CRL *crl,
|
|
PKIX_PL_X500Name **pCRLIssuer,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of OIDs (each OID corresponding to a
|
|
* critical extension of the CRL pointed to by "crl") and stores it at
|
|
* "pExtensions". If "crl" does not have any critical extensions, this
|
|
* function stores an empty List at "pExtensions".
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose critical extension OIDs are to be stored.
|
|
* Must be non-NULL.
|
|
* "pExtensions"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_GetCriticalExtensionOIDs(
|
|
PKIX_PL_CRL *crl,
|
|
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl")
|
|
* corresponding to the BigInt pointed to by "serialNumber" and stores it at
|
|
* "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at
|
|
* "pCRLEntry". Once created, a CRLEntry is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose CRL Entries are to be searched. Must be non-NULL.
|
|
* "serialNumber"
|
|
* Address of BigInt representing serial number of certificate whose
|
|
* CRLEntry is to be found. Must be non-NULL.
|
|
* "pCRLEntry"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_GetCRLEntryForSerialNumber(
|
|
PKIX_PL_CRL *crl,
|
|
PKIX_PL_BigInt *serialNumber,
|
|
PKIX_PL_CRLEntry **pCRLEntry,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_GetCRLNumber
|
|
* DESCRIPTION:
|
|
* Retrieves the CRL Number from extension. This is non-critical extension.
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose version is to be stored. Must be non-NULL.
|
|
* "pCrlNumber"
|
|
* Address where a CRL Number will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_GetCRLNumber(
|
|
PKIX_PL_CRL *crl,
|
|
PKIX_PL_BigInt **pCrlNumber,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_VerifyUpdateTime
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks whether the CRL pointed to by "crl" would be valid at the time
|
|
* represented by the Date pointed to by "date" and stores the Boolean result
|
|
* at "pResult". This check is done only when NIST policy is enforced.
|
|
*
|
|
* Time ::= CHOICE {
|
|
* utcTime UTCTime,
|
|
* generalTime GeneralizedTime }
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose validity is to be checked. Must be non-NULL.
|
|
* "date"
|
|
* Address of Date at which the CRL is being checked for validity.
|
|
* Must be non-NULL.
|
|
* "pResult"
|
|
* Address of Boolean result. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_VerifyUpdateTime(
|
|
PKIX_PL_CRL *crl,
|
|
PKIX_PL_Date *date,
|
|
PKIX_Boolean *pResult,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_VerifySignature
|
|
* DESCRIPTION:
|
|
*
|
|
* Verifies the signature on the CRL pointed to by "crl" using the PublicKey
|
|
* pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error
|
|
* pointer is returned.
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose signature is to be verified. Must be non-NULL.
|
|
* "pubKey"
|
|
* Address of a Public Key used to verify the signature. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_VerifySignature(
|
|
PKIX_PL_CRL *crl,
|
|
PKIX_PL_PublicKey *pubKey,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_ReleaseDerCrl
|
|
* DESCRIPTION:
|
|
*
|
|
* Relinguish the ownership for the crl der. The operation will succeed if
|
|
* a crl owns the der. If the crl was created from existing crl and does not
|
|
* own the der, then the function will return null.
|
|
*
|
|
* PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose signature is to be verified. Must be non-NULL.
|
|
* "derCrl"
|
|
* Pointer to a SECItem that has der crl.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl,
|
|
SECItem **derCrl,
|
|
void *plContext);
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRL_AdoptDerCrl
|
|
* DESCRIPTION:
|
|
*
|
|
* Adopt memory of the der. The secItem that contains der will be
|
|
* freed with destruction of parent pkix crl structure.
|
|
*
|
|
* * PARAMETERS:
|
|
* "crl"
|
|
* Address of CRL whose signature is to be verified. Must be non-NULL.
|
|
* "derCrl"
|
|
* Pointer to a SECItem that has der crl.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl,
|
|
SECItem *derCrl,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves the value of the reason code extension of the CRLEntry pointed
|
|
* to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no
|
|
* reason code extension, this function stores -1 at "pReason".
|
|
*
|
|
* CRLReason ::= ENUMERATED {
|
|
* unspecified (0),
|
|
* keyCompromise (1),
|
|
* cACompromise (2),
|
|
* affiliationChanged (3),
|
|
* superseded (4),
|
|
* cessationOfOperation (5),
|
|
* certificateHold (6),
|
|
* removeFromCRL (8),
|
|
* privilegeWithdrawn (9),
|
|
* aACompromise (10) }
|
|
*
|
|
* PARAMETERS:
|
|
* "crlEntry"
|
|
* Address of CRLEntry whose reason code bit values are to be returned
|
|
* at "pReason". Must be non-NULL.
|
|
* "pReason"
|
|
* Address of PKIX_Int32 where reason code is stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
|
|
PKIX_PL_CRLEntry *crlEntry,
|
|
PKIX_Int32 *pReason,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of OIDs (each OID corresponding to a
|
|
* critical extension of the CRLEntry pointed to by "crlEntry") and stores it
|
|
* at "pExtensions". If "crlEntry" does not have any critical extensions, this
|
|
* function stores an empty List at "pExtensions".
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "crlEntry"
|
|
* Address of CRLEntry whose critical extension OIDs are to be stored.
|
|
* Must be non-NULL.
|
|
* "pExtensions"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CRL Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(
|
|
PKIX_PL_CRLEntry *crlEntry,
|
|
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
#ifdef BUILD_LIBPKIX_TESTS
|
|
/*
|
|
* FUNCTION: PKIX_PL_X500Name_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new X500Name using the UTF8 string representation pointed to by
|
|
* "stringRep" and stores it at "pName". Once created, an X500Name is
|
|
* immutable.
|
|
*
|
|
* Name ::= CHOICE {
|
|
* RDNSequence }
|
|
*
|
|
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
|
*
|
|
* RelativeDistinguishedName ::=
|
|
* SET OF AttributeTypeAndValue
|
|
*
|
|
* AttributeTypeAndValue ::= SEQUENCE {
|
|
* type AttributeType,
|
|
* value AttributeValue }
|
|
*
|
|
* AttributeType ::= OBJECT IDENTIFIER
|
|
*
|
|
* AttributeValue ::= ANY DEFINED BY AttributeType
|
|
*
|
|
* DirectoryString ::= CHOICE {
|
|
* teletexString TeletexString (SIZE (1..MAX)),
|
|
* printableString PrintableString (SIZE (1..MAX)),
|
|
* universalString UniversalString (SIZE (1..MAX)),
|
|
* utf8String UTF8String (SIZE (1..MAX)),
|
|
* bmpString BMPString (SIZE (1..MAX)) }
|
|
*
|
|
* PARAMETERS:
|
|
* "stringRep"
|
|
* Address of UTF8 String representation of X500Name. Must be non-NULL.
|
|
* "pName"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns an X500Name Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_X500Name_Create (
|
|
PKIX_PL_String *stringRep,
|
|
PKIX_PL_X500Name **pName,
|
|
void *plContext);
|
|
|
|
#endif /* BUILD_LIBPKIX_TESTS */
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_X500Name_CreateFromCERTName
|
|
* DESCRIPTION:
|
|
*
|
|
* The function creates x500Name using der encoded DN and/or pointer to
|
|
* CERTName. If arument "name" is NULL, but derName is supplied when
|
|
* the function generates nssDN(CERTName type) from der data. If derName
|
|
* is not supplied, CERTName *name will not be used to generate DN DER
|
|
* encoding.
|
|
*
|
|
* PARAMETERS:
|
|
* "derName"
|
|
* Address of DER representation of X500Name. Can be NULL
|
|
* "name"
|
|
* Address of CERTName representation of X500Name. Can be NULL
|
|
* "pName"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns an X500Name Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_X500Name_CreateFromCERTName(
|
|
SECItem *derName,
|
|
CERTName *name,
|
|
PKIX_PL_X500Name **pName,
|
|
void *plContext);
|
|
|
|
|
|
/*
|
|
* TYPE: PKIX_PL_X500Name_Match
|
|
* DESCRIPTION:
|
|
* Checks whether the X500Name pointed to by "firstX500Name" MATCHES the
|
|
* X500Name pointed to by "secondX500Name" and stores the boolean result at
|
|
* "pResult". Two X500Names MATCH if they meet the conditions specified by
|
|
* RFC 3280 (section 4.1.2.4). Namely:
|
|
*
|
|
* "This specification requires only a subset of the name comparison
|
|
* functionality specified in the X.500 series of specifications.
|
|
* Conforming implementations are REQUIRED to implement the following
|
|
* name comparison rules:
|
|
*
|
|
* (a) attribute values encoded in different types (e.g., PrintableString
|
|
* and BMPString) MAY be assumed to represent different strings;
|
|
*
|
|
* (b) attribute values in types other than PrintableString are case
|
|
* sensitive (this permits matching of attribute values as binary objects)
|
|
*
|
|
* (c) attribute values in PrintableString are not case sensitive
|
|
* (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and
|
|
*
|
|
* (d) attribute values in PrintableString are compared after removing
|
|
* leading and trailing white space and converting internal substrings of
|
|
* one or more consecutive white space characters to a single space."
|
|
*
|
|
* PARAMETERS:
|
|
* "firstX500Name"
|
|
* Address of first X500Name to compare. Must be non-NULL.
|
|
* "secondX500Name"
|
|
* Address of second X500Name to compare. Must be non-NULL.
|
|
* "pResult"
|
|
* Address of Boolean result. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns an X500Name Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_X500Name_Match(
|
|
PKIX_PL_X500Name *firstX500Name,
|
|
PKIX_PL_X500Name *secondX500Name,
|
|
PKIX_Boolean *pResult,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Date_Create_UTCTime
|
|
* DESCRIPTION:
|
|
* Creates a new Date of type UTCTime using the string representation pointed
|
|
* to by "stringRep" and stores it at "pDate". The UTCTime restriction means
|
|
* that the year can only be specified by the least significant two digits
|
|
* (YY). As such, Only the years 1950-2049 can be represented. If "stringRep"
|
|
* is NULL, this function creates a new Date representing the current time
|
|
* and stores it at "pDate". Once created, a Date is immutable.
|
|
*
|
|
* If YY is greater than or equal to 50, the year is interpreted as 19YY.
|
|
* If YY is less than 50, the year is interpreted as 20YY.
|
|
*
|
|
* The string representation of the date must be in the following form:
|
|
* "YYMMDDhhmmssZ" where:
|
|
*
|
|
* YY is the least significant two digits of the year
|
|
* MM is the month (01 to 12)
|
|
* DD is the day (01 to 31)
|
|
* hh is the hour (00 to 23)
|
|
* mm are the minutes (00 to 59)
|
|
* ss are the seconds (00 to 59)
|
|
* Z indicates that local time is GMT
|
|
*
|
|
* PARAMETERS:
|
|
* "stringRep"
|
|
* Address of String representation of Date.
|
|
* If NULL, current time is used.
|
|
* "pDate"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Date Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Date_Create_UTCTime (
|
|
PKIX_PL_String *stringRep,
|
|
PKIX_PL_Date **pDate,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Date_Create_UTCTime
|
|
* DESCRIPTION:
|
|
* Creates a new Date from PRTime data.
|
|
*
|
|
* PARAMETERS:
|
|
* "time"
|
|
* Represented time in PRTime type.
|
|
* "pDate"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Date Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Date_CreateFromPRTime(
|
|
PRTime time,
|
|
PKIX_PL_Date **pDate,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
|
|
* DESCRIPTION:
|
|
* Creates a new Date of type UTCTime for current time with seconds off by
|
|
* "secondsOffset" and returns it at "pDate".
|
|
*
|
|
* PARAMETERS:
|
|
* "secondsOffset"
|
|
* A PKIX_Int32 indicates the time offset from current. If "secondsOffset"
|
|
* is negative, the time is in past.
|
|
* "pDate"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a Date Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_Date_Create_CurrentOffBySeconds(
|
|
PKIX_Int32 secondsOffset,
|
|
PKIX_PL_Date **pDate,
|
|
void *plContext);
|
|
|
|
#ifdef BUILD_LIBPKIX_TESTS
|
|
/*
|
|
* FUNCTION: PKIX_PL_GeneralName_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new GeneralName of type "nameType" using the string
|
|
* representation pointed to by "stringRep" and stores it at "pGName".
|
|
* All of the GeneralName type format values specified in pkixt.h are
|
|
* supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME,
|
|
* PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation
|
|
* should be used for all supported nameTypes, with the exception of
|
|
* registeredID and directoryName. For registeredID, the string representation
|
|
* should be the same as that used by PKIX_PL_OID_Create. For directoryName,
|
|
* the string representation should be the same as that used by
|
|
* PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is
|
|
* returned. Once created, a GeneralName is immutable.
|
|
*
|
|
* GeneralName ::= CHOICE {
|
|
* otherName [0] OtherName,
|
|
* rfc822Name [1] IA5String,
|
|
* dNSName [2] IA5String,
|
|
* x400Address [3] ORAddress,
|
|
* directoryName [4] Name,
|
|
* ediPartyName [5] EDIPartyName,
|
|
* uniformResourceIdentifier [6] IA5String,
|
|
* iPAddress [7] OCTET STRING,
|
|
* registeredID [8] OBJECT IDENTIFIER }
|
|
*
|
|
*
|
|
* NOTE: This function is allowed to be called only by pkix tests programs.
|
|
*
|
|
* PARAMETERS:
|
|
* "nameType"
|
|
* Type of GeneralName to be created. This must be one of the GeneralName
|
|
* type format values specified in pkixt.h
|
|
* "stringRep"
|
|
* Address of String representation of GeneralName. Must be non-NULL.
|
|
* "pGName"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a GeneralName Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_GeneralName_Create (
|
|
PKIX_UInt32 nameType,
|
|
PKIX_PL_String *stringRep,
|
|
PKIX_PL_GeneralName **pGName,
|
|
void *plContext);
|
|
#endif /* BUILD_LIBPKIX_TESTS */
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
|
|
* DESCRIPTION:
|
|
*
|
|
* This function checks whether names in "nameList" comply with
|
|
* "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the
|
|
* requirement of the NameConstraints, PKIX_FALSE otherwise.
|
|
*
|
|
* PARAMETERS
|
|
* "nameList"
|
|
* List of GeneralNames that are checked for compliance. May be empty
|
|
* or NULL.
|
|
* "nameConstraints"
|
|
* Address of CertNameConstraints that provides lists of permitted
|
|
* and excluded names. Must be non-NULL.
|
|
* "pCheckPass"
|
|
* Address where PKIX_TRUE is returned if the all names in "nameList" are
|
|
* valid. Must be non-NULL.
|
|
* "plContext" - Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a NameConstraints Error if the function fails in a
|
|
* non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
|
|
PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
|
|
PKIX_PL_CertNameConstraints *nameConstraints,
|
|
PKIX_Boolean *pCheckPass,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_AIAMgr_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* This function creates an AIAMgr to handle retrieval of Certs and CRLs
|
|
* from servers given by AIA Certificate extensions. It manages connections
|
|
* and caches. The manager created is stored at "pAIAMgr".
|
|
*
|
|
* PARAMETERS:
|
|
* "pAIAMgr"
|
|
* The address at which the result is stored. Must be non-NULL.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns an AIAMgr Error if the function fails in a non-fatal way
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_AIAMgr_Create(
|
|
PKIX_PL_AIAMgr **pAIAMgr,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_PL_AIAMgr_GetAIACerts
|
|
* DESCRIPTION:
|
|
*
|
|
* This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs
|
|
* specified by an AIA certificate extension, if any, in the Cert pointed to by
|
|
* "prevCert", storing the results at "pCerts". If the certificate has no such
|
|
* extension, this function stores NULL at "pCerts".
|
|
*
|
|
* If the request is suspended for non-blocking I/O, a platform-dependent
|
|
* context is stored at "pNBIOContext" and NULL is stored at "pCerts". This
|
|
* return is referred to as the WOULDBLOCK state. Note that the caller must
|
|
* check for a non-NULL value at "pNBIOContext", to distinguish this state from
|
|
* the "no such extension" return described in the first paragraph. (The
|
|
* alternative would be to return an empty List, but it seemed wrong to incur
|
|
* the overhead of creating and destroying an empty List for the most common
|
|
* situation.)
|
|
*
|
|
* After a WOULDBLOCK return, the user may continue the operation by calling
|
|
* pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again
|
|
* returns in the WOULDBLOCK state) with the previously-returned non-NULL
|
|
* value of "pNBIOContext". When results are complete, NULL is stored at
|
|
* "pNBIOContext", and the results (which may be NULL) are stored at "pCerts".
|
|
*
|
|
* PARAMETERS:
|
|
* "aiaMgr"
|
|
* The AIAMgr which controls the retrieval of certificates. Must be
|
|
* non-NULL.
|
|
* "prevCert"
|
|
* Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must
|
|
* be non-NULL.
|
|
* "pNBIOContext"
|
|
* Address at which platform-dependent information is returned if request
|
|
* is suspended for non-blocking I/O. Must be non-NULL.
|
|
* "pCerts"
|
|
* Address at which the returned List is stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns an AIAMgr Error if the function fails in a non-fatal way
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_PL_AIAMgr_GetAIACerts(
|
|
PKIX_PL_AIAMgr *aiaMgr,
|
|
PKIX_PL_Cert *prevCert,
|
|
void **pNBIOContext,
|
|
PKIX_List **pCerts,
|
|
void *plContext);
|
|
|
|
typedef PKIX_Error *
|
|
(*PKIX_PL_VerifyCallback)(
|
|
PKIX_PL_Object *signedObject,
|
|
PKIX_PL_Cert *signerCert, /* can be unknown */
|
|
PKIX_PL_Date *producedAt,
|
|
PKIX_ProcessingParams *procParams,
|
|
void **pNBIOContext,
|
|
void **pState,
|
|
PKIX_BuildResult **pBuildResult,
|
|
PKIX_VerifyNode **pVerifyTree,
|
|
void *plContext);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _PKIX_PL_PKI_H */
|