1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/libpkix/include/pkix_certstore.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,713 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * This file defines functions associated with the PKIX_CertStore type.
1.9 + *
1.10 + */
1.11 +
1.12 +#ifndef _PKIX_CERTSTORE_H
1.13 +#define _PKIX_CERTSTORE_H
1.14 +
1.15 +#include "pkixt.h"
1.16 +
1.17 +#ifdef __cplusplus
1.18 +extern "C" {
1.19 +#endif
1.20 +
1.21 +/* General
1.22 + *
1.23 + * Please refer to the libpkix Programmer's Guide for detailed information
1.24 + * about how to use the libpkix library. Certain key warnings and notices from
1.25 + * that document are repeated here for emphasis.
1.26 + *
1.27 + * All identifiers in this file (and all public identifiers defined in
1.28 + * libpkix) begin with "PKIX_". Private identifiers only intended for use
1.29 + * within the library begin with "pkix_".
1.30 + *
1.31 + * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
1.32 + *
1.33 + * Unless otherwise noted, for all accessor (gettor) functions that return a
1.34 + * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
1.35 + * shared object. Therefore, the caller should treat this shared object as
1.36 + * read-only and should not modify this shared object. When done using the
1.37 + * shared object, the caller should release the reference to the object by
1.38 + * using the PKIX_PL_Object_DecRef function.
1.39 + *
1.40 + * While a function is executing, if its arguments (or anything referred to by
1.41 + * its arguments) are modified, free'd, or destroyed, the function's behavior
1.42 + * is undefined.
1.43 + *
1.44 + */
1.45 +
1.46 +/* PKIX_CertStore
1.47 + *
1.48 + * A PKIX_CertStore provides a standard way for the caller to retrieve
1.49 + * certificates and CRLs from a particular repository (or "store") of
1.50 + * certificates and CRLs, including LDAP directories, flat files, local
1.51 + * databases, etc. The CertCallback allows custom certificate retrieval logic
1.52 + * to be used while the CRLCallback allows custom CRL retrieval logic to be
1.53 + * used. Additionally, a CertStore can be initialized with a certStoreContext,
1.54 + * which is where the caller can specify configuration data such as the host
1.55 + * name of an LDAP server. Note that this certStoreContext must be an
1.56 + * Object (although any object type), allowing it to be reference-counted and
1.57 + * allowing it to provide the standard Object functions (Equals, Hashcode,
1.58 + * ToString, Compare, Duplicate). Please note that each certStoreContext must
1.59 + * provide Equals and Hashcode functions in order for the caching (on Cert and
1.60 + * CertChain) to work correctly. When providing those two functions, it is not
1.61 + * required that all the components of the object be hashed or checked for
1.62 + * equality, but merely that the functions distinguish between unique
1.63 + * instances of the certStoreContext.
1.64 + *
1.65 + * Once the caller has created the CertStore object, the caller then specifies
1.66 + * these CertStore objects in a ProcessingParams object and passes that object
1.67 + * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the
1.68 + * user's callback functions as needed during the validation or building
1.69 + * process.
1.70 + *
1.71 + * The order of CertStores stored (as a list) at ProcessingParams determines
1.72 + * the order in which certificates are retrieved. Trusted CertStores should
1.73 + * precede non-trusted ones on the list of CertStores so their certificates
1.74 + * are evaluated ahead of other certificates selected on the basis of the same
1.75 + * selector criteria.
1.76 + *
1.77 + * The CheckTrustCallback function is used when the CertStore object
1.78 + * supports trust status, which means a Cert's trust status can be altered
1.79 + * dynamically. When a CertStore object is created, if the
1.80 + * CheckTrustCallback is initialized to be non-NULL, this CertStore is
1.81 + * defaulted as supporting trust. Then whenever a Cert needs to (re)check its
1.82 + * trust status, this callback can be invoked. When a Cert is retrieved by
1.83 + * a CertStore supports trust, at its GetCertCallback, the CertStore
1.84 + * information should be updated in Cert's data structure so the link between
1.85 + * the Cert and CertStore exists.
1.86 + *
1.87 + */
1.88 +
1.89 +/*
1.90 + * FUNCTION: PKIX_CertStore_CertCallback
1.91 + * DESCRIPTION:
1.92 + *
1.93 + * This callback function retrieves from the CertStore pointed to by "store"
1.94 + * all the certificates that match the CertSelector pointed to by "selector".
1.95 + * It places these certificates in a List and stores a pointer to the List at
1.96 + * "pCerts". If no certificates are found which match the CertSelector's
1.97 + * criteria, this function stores an empty List at "pCerts". In either case, if
1.98 + * the operation is completed, NULL is stored at "pNBIOContext".
1.99 + *
1.100 + * A CertStore which uses non-blocking I/O may store platform-dependent
1.101 + * information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is
1.102 + * pending. A subsequent call to PKIX_CertStore_CertContinue is required to
1.103 + * finish the operation and to obtain the List of Certs.
1.104 + *
1.105 + * Note that the List returned by this function is immutable.
1.106 + *
1.107 + * PARAMETERS:
1.108 + * "store"
1.109 + * Address of CertStore from which Certs are to be retrieved.
1.110 + * Must be non-NULL.
1.111 + * "selector"
1.112 + * Address of CertSelector whose criteria must be satisfied.
1.113 + * Must be non-NULL.
1.114 + * "verifyNode"
1.115 + * Parent log node for tracking of filtered out certs.
1.116 + * "pNBIOContext"
1.117 + * Address at which platform-dependent information is stored if the
1.118 + * operation is suspended for non-blocking I/O. Must be non-NULL.
1.119 + * "pCerts"
1.120 + * Address where object pointer will be stored. Must be non-NULL.
1.121 + * "plContext"
1.122 + * Platform-specific context pointer.
1.123 + * THREAD SAFETY:
1.124 + * Thread Safe
1.125 + *
1.126 + * Multiple threads must be able to safely call this function without
1.127 + * worrying about conflicts, even if they're operating on the same object.
1.128 + * RETURNS:
1.129 + * Returns NULL if the function succeeds.
1.130 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.131 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.132 + */
1.133 +typedef PKIX_Error *
1.134 +(*PKIX_CertStore_CertCallback)(
1.135 + PKIX_CertStore *store,
1.136 + PKIX_CertSelector *selector,
1.137 + PKIX_VerifyNode *verifyNode,
1.138 + void **pNBIOContext,
1.139 + PKIX_List **pCerts, /* list of PKIX_PL_Cert */
1.140 + void *plContext);
1.141 +
1.142 +/*
1.143 + * FUNCTION: PKIX_CertStore_CertContinue
1.144 + * DESCRIPTION:
1.145 + *
1.146 + * This function continues the non-blocking operation initiated by an earlier
1.147 + * call to the CertCallback function, for the CertStore pointed to by "store".
1.148 + * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
1.149 + * value returned in "pNBIOContext") calling this function will return a fatal
1.150 + * error. If the operation is completed the certificates found are placed in a
1.151 + * List, a pointer to which is stored at "pCerts". If no certificates are found
1.152 + * which match the CertSelector's criteria, this function stores an empty List
1.153 + * at "pCerts". In either case, if the operation is completed, NULL is stored
1.154 + * at "pNBIOContext".
1.155 + *
1.156 + * If non-blocking I/O is still pending this function stores platform-dependent
1.157 + * information at "pNBIOContext" and NULL at "pCerts". A subsequent call to
1.158 + * PKIX_CertStore_CertContinue is required to finish the operation and to
1.159 + * obtain the List of Certs.
1.160 + *
1.161 + * Note that the List returned by this function is immutable.
1.162 + *
1.163 + * PARAMETERS:
1.164 + * "store"
1.165 + * Address of CertStore from which Certs are to be retrieved.
1.166 + * Must be non-NULL.
1.167 + * "selector"
1.168 + * Address of CertSelector whose criteria must be satisfied.
1.169 + * Must be non-NULL.
1.170 + * "verifyNode"
1.171 + * Parent log node for tracking of filtered out certs.
1.172 + * "pNBIOContext"
1.173 + * Address at which platform-dependent information is stored if the
1.174 + * operation is suspended for non-blocking I/O. Must be non-NULL.
1.175 + * "pCerts"
1.176 + * Address where object pointer will be stored. Must be non-NULL.
1.177 + * "plContext"
1.178 + * Platform-specific context pointer.
1.179 + * THREAD SAFETY:
1.180 + * Thread Safe
1.181 + *
1.182 + * Multiple threads must be able to safely call this function without
1.183 + * worrying about conflicts, even if they're operating on the same object.
1.184 + * RETURNS:
1.185 + * Returns NULL if the function succeeds.
1.186 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.187 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.188 + */
1.189 +PKIX_Error *
1.190 +PKIX_CertStore_CertContinue(
1.191 + PKIX_CertStore *store,
1.192 + PKIX_CertSelector *selector,
1.193 + PKIX_VerifyNode *verifyNode,
1.194 + void **pNBIOContext,
1.195 + PKIX_List **pCerts, /* list of PKIX_PL_Cert */
1.196 + void *plContext);
1.197 +
1.198 +typedef PKIX_Error *
1.199 +(*PKIX_CertStore_CertContinueFunction)(
1.200 + PKIX_CertStore *store,
1.201 + PKIX_CertSelector *selector,
1.202 + PKIX_VerifyNode *verifyNode,
1.203 + void **pNBIOContext,
1.204 + PKIX_List **pCerts, /* list of PKIX_PL_Cert */
1.205 + void *plContext);
1.206 +
1.207 +/*
1.208 + * FUNCTION: PKIX_CertStore_CRLCallback
1.209 + * DESCRIPTION:
1.210 + *
1.211 + * This callback function retrieves from the CertStore pointed to by "store"
1.212 + * all the CRLs that match the CRLSelector pointed to by "selector". It
1.213 + * places these CRLs in a List and stores a pointer to the List at "pCRLs".
1.214 + * If no CRLs are found which match the CRLSelector's criteria, this function
1.215 + * stores an empty List at "pCRLs". In either case, if the operation is
1.216 + * completed, NULL is stored at "pNBIOContext".
1.217 + *
1.218 + * A CertStore which uses non-blocking I/O may store platform-dependent
1.219 + * information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is
1.220 + * pending. A subsequent call to PKIX_CertStore_CRLContinue is required to
1.221 + * finish the operation and to obtain the List of Crls.
1.222 + *
1.223 + * Note that the List returned by this function is immutable.
1.224 + *
1.225 + * PARAMETERS:
1.226 + * "store"
1.227 + * Address of CertStore from which CRLs are to be retrieved.
1.228 + * Must be non-NULL.
1.229 + * "selector"
1.230 + * Address of CRLSelector whose criteria must be satisfied.
1.231 + * Must be non-NULL.
1.232 + * "pCrls"
1.233 + * Address where object pointer will be stored. Must be non-NULL.
1.234 + * "plContext"
1.235 + * Platform-specific context pointer.
1.236 + * THREAD SAFETY:
1.237 + * Thread Safe
1.238 + *
1.239 + * Multiple threads must be able to safely call this function without
1.240 + * worrying about conflicts, even if they're operating on the same object.
1.241 + * RETURNS:
1.242 + * Returns NULL if the function succeeds.
1.243 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.244 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.245 + */
1.246 +typedef PKIX_Error *
1.247 +(*PKIX_CertStore_CRLCallback)(
1.248 + PKIX_CertStore *store,
1.249 + PKIX_CRLSelector *selector,
1.250 + void **pNBIOContext,
1.251 + PKIX_List **pCrls, /* list of PKIX_PL_CRL */
1.252 + void *plContext);
1.253 +
1.254 +/*
1.255 + * FUNCTION: PKIX_CertStore_ImportCrlCallback
1.256 + * DESCRIPTION:
1.257 + *
1.258 + * The function imports crl list into a cert store. Stores that
1.259 + * have local cache may only have that function defined.
1.260 + *
1.261 + * PARAMETERS:
1.262 + * "store"
1.263 + * Address of CertStore from which CRLs are to be retrieved.
1.264 + * Must be non-NULL.
1.265 + * "issuerName"
1.266 + * Name of the issuer that will be used to track bad der crls.
1.267 + * "crlList"
1.268 + * Address on the importing crl list.
1.269 + * "plContext"
1.270 + * Platform-specific context pointer.
1.271 + * THREAD SAFETY:
1.272 + * Thread Safe
1.273 + *
1.274 + * Multiple threads must be able to safely call this function without
1.275 + * worrying about conflicts, even if they're operating on the same object.
1.276 + * RETURNS:
1.277 + * Returns NULL if the function succeeds.
1.278 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.279 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.280 + */
1.281 +typedef PKIX_Error *
1.282 +(*PKIX_CertStore_ImportCrlCallback)(
1.283 + PKIX_CertStore *store,
1.284 + PKIX_PL_X500Name *issuerName,
1.285 + PKIX_List *crlList,
1.286 + void *plContext);
1.287 +
1.288 +/*
1.289 + * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback
1.290 + * DESCRIPTION:
1.291 + *
1.292 + * The function checks revocation status of a cert with specified
1.293 + * issuer, date. It returns revocation status of a cert and
1.294 + * a reason code(if any) if a cert was revoked.
1.295 + *
1.296 + * PARAMETERS:
1.297 + * "store"
1.298 + * Address of CertStore from which CRLs are to be retrieved.
1.299 + * Must be non-NULL.
1.300 + * "cert"
1.301 + * Certificate which revocation status will be checked.
1.302 + * "issuer"
1.303 + * Issuer certificate of the "crl".
1.304 + * "date"
1.305 + * Date of the revocation check.
1.306 + * "crlDownloadDone"
1.307 + * Indicates, that all needed crl downloads are done by the time of
1.308 + * the revocation check.
1.309 + * "reasonCode"
1.310 + * If cert is revoked, returned reason code for which a cert was revoked.
1.311 + * "revStatus"
1.312 + * Returned revocation status of the cert. See PKIX_RevocationStatus
1.313 + * for more details
1.314 + * "plContext"
1.315 + * Platform-specific context pointer.
1.316 + * THREAD SAFETY:
1.317 + * Thread Safe
1.318 + *
1.319 + * Multiple threads must be able to safely call this function without
1.320 + * worrying about conflicts, even if they're operating on the same object.
1.321 + * RETURNS:
1.322 + * Returns NULL if the function succeeds.
1.323 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.324 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.325 + */
1.326 +typedef PKIX_Error *
1.327 +(*PKIX_CertStore_CheckRevokationByCrlCallback)(
1.328 + PKIX_CertStore *store,
1.329 + PKIX_PL_Cert *cert,
1.330 + PKIX_PL_Cert *issuer,
1.331 + PKIX_PL_Date *date,
1.332 + PKIX_Boolean crlDownloadDone,
1.333 + PKIX_UInt32 *reasonCode,
1.334 + PKIX_RevocationStatus *revStatus,
1.335 + void *plContext);
1.336 +
1.337 +/*
1.338 + * FUNCTION: PKIX_CertStore_CrlContinue
1.339 + * DESCRIPTION:
1.340 + *
1.341 + * This function continues the non-blocking operation initiated by an earlier
1.342 + * call to the CRLCallback function, for the CertStore pointed to by "store".
1.343 + * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
1.344 + * value returned in "pNBIOContext") calling this function will return a fatal
1.345 + * error. If the operation is completed the crls found are placed in a List, a
1.346 + * pointer to which is stored at "pCrls". If no crls are found which match the
1.347 + * CRLSelector's criteria, this function stores an empty List at "pCrls". In
1.348 + * either case, if the operation is completed, NULL is stored at "pNBIOContext".
1.349 + *
1.350 + * If non-blocking I/O is still pending this function stores platform-dependent
1.351 + * information at "pNBIOContext" and NULL at "pCrls". A subsequent call to
1.352 + * PKIX_CertStore_CrlContinue is required to finish the operation and to
1.353 + * obtain the List of Crls.
1.354 + *
1.355 + * Note that the List returned by this function is immutable.
1.356 + *
1.357 + * PARAMETERS:
1.358 + * "store"
1.359 + * Address of CertStore from which Crls are to be retrieved.
1.360 + * Must be non-NULL.
1.361 + * "selector"
1.362 + * Address of CRLSelector whose criteria must be satisfied.
1.363 + * Must be non-NULL.
1.364 + * "pNBIOContext"
1.365 + * Address at which platform-dependent information is stored if the
1.366 + * operation is suspended for non-blocking I/O. Must be non-NULL.
1.367 + * "pCrls"
1.368 + * Address where object pointer will be stored. Must be non-NULL.
1.369 + * "plContext"
1.370 + * Platform-specific context pointer.
1.371 + * THREAD SAFETY:
1.372 + * Thread Safe
1.373 + *
1.374 + * Multiple threads must be able to safely call this function without
1.375 + * worrying about conflicts, even if they're operating on the same object.
1.376 + * RETURNS:
1.377 + * Returns NULL if the function succeeds.
1.378 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.379 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.380 + */
1.381 +PKIX_Error *
1.382 +PKIX_CertStore_CrlContinue(
1.383 + PKIX_CertStore *store,
1.384 + PKIX_CRLSelector *selector,
1.385 + void **pNBIOContext,
1.386 + PKIX_List **pCrls, /* list of PKIX_PL_CRL */
1.387 + void *plContext);
1.388 +
1.389 +typedef PKIX_Error *
1.390 +(*PKIX_CertStore_CrlContinueFunction)(
1.391 + PKIX_CertStore *store,
1.392 + PKIX_CRLSelector *selector,
1.393 + void **pNBIOContext,
1.394 + PKIX_List **pCrls, /* list of PKIX_PL_CRL */
1.395 + void *plContext);
1.396 +
1.397 +/*
1.398 + * FUNCTION: PKIX_CertStore_CheckTrustCallback
1.399 + * DESCRIPTION:
1.400 + *
1.401 + * This callback function rechecks "cert's" trust status from the CertStore
1.402 + * pointed to by "store".
1.403 + *
1.404 + * PARAMETERS:
1.405 + * "store"
1.406 + * Address of CertStore from which Certs are to be checked.
1.407 + * Must be non-NULL.
1.408 + * "cert"
1.409 + * Address of Cert whose trust status needs to be rechecked.
1.410 + * Must be non-NULL.
1.411 + * "pTrusted"
1.412 + * Address of PKIX_Boolean where the trust status is returned.
1.413 + * Must be non-NULL.
1.414 + * "plContext"
1.415 + * Platform-specific context pointer.
1.416 + * THREAD SAFETY:
1.417 + * Thread Safe
1.418 + *
1.419 + * Multiple threads must be able to safely call this function without
1.420 + * worrying about conflicts, even if they're operating on the same object.
1.421 + * RETURNS:
1.422 + * Returns NULL if the function succeeds.
1.423 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.424 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.425 + */
1.426 +typedef PKIX_Error *
1.427 +(*PKIX_CertStore_CheckTrustCallback)(
1.428 + PKIX_CertStore *store,
1.429 + PKIX_PL_Cert *cert,
1.430 + PKIX_Boolean *pTrusted,
1.431 + void *plContext);
1.432 +
1.433 +/*
1.434 + * FUNCTION: PKIX_CertStore_Create
1.435 + * DESCRIPTION:
1.436 + *
1.437 + * Creates a new CertStore and stores it at "pStore". The new CertStore uses
1.438 + * the CertCallback pointed to by "certCallback" and the CRLCallback pointed
1.439 + * to by "crlCallback" as its callback functions and uses the Object pointed
1.440 + * to by "certStoreContext" as its context . Note that this certStoreContext
1.441 + * must be an Object (although any object type), allowing it to be
1.442 + * reference-counted and allowing it to provide the standard Object functions
1.443 + * (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a
1.444 + * CertStore object is immutable, although the underlying repository can
1.445 + * change. For example, a CertStore will often be a front-end for a database
1.446 + * or directory. The contents of that directory can change after the
1.447 + * CertStore object is created, but the CertStore object remains immutable.
1.448 + *
1.449 + * PARAMETERS:
1.450 + * "certCallback"
1.451 + * The CertCallback function to be used. Must be non-NULL.
1.452 + * "crlCallback"
1.453 + * The CRLCallback function to be used. Must be non-NULL.
1.454 + * "certContinue"
1.455 + * The function to be used to resume a certCallback that returned with a
1.456 + * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
1.457 + * I/O.
1.458 + * "crlContinue"
1.459 + * The function to be used to resume a crlCallback that returned with a
1.460 + * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
1.461 + * I/O.
1.462 + * "trustCallback"
1.463 + * Address of PKIX_CertStore_CheckTrustCallback which is called to
1.464 + * verify the trust status of Certs in this CertStore.
1.465 + * "certStoreContext"
1.466 + * Address of Object representing the CertStore's context (if any).
1.467 + * "cachedFlag"
1.468 + * If TRUE indicates data retrieved from CertStore should be cached.
1.469 + * "localFlag"
1.470 + * Boolean value indicating whether this CertStore is local.
1.471 + * "pStore"
1.472 + * Address where object pointer will be stored. Must be non-NULL.
1.473 + * "plContext"
1.474 + * Platform-specific context pointer.
1.475 + * THREAD SAFETY:
1.476 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.477 + * RETURNS:
1.478 + * Returns NULL if the function succeeds.
1.479 + * Returns a CertStore Error if the function fails in a non-fatal way.
1.480 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.481 + */
1.482 +PKIX_Error *
1.483 +PKIX_CertStore_Create(
1.484 + PKIX_CertStore_CertCallback certCallback,
1.485 + PKIX_CertStore_CRLCallback crlCallback,
1.486 + PKIX_CertStore_CertContinueFunction certContinue,
1.487 + PKIX_CertStore_CrlContinueFunction crlContinue,
1.488 + PKIX_CertStore_CheckTrustCallback trustCallback,
1.489 + PKIX_CertStore_ImportCrlCallback importCrlCallback,
1.490 + PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
1.491 + PKIX_PL_Object *certStoreContext,
1.492 + PKIX_Boolean cachedFlag,
1.493 + PKIX_Boolean localFlag,
1.494 + PKIX_CertStore **pStore,
1.495 + void *plContext);
1.496 +
1.497 +/*
1.498 + * FUNCTION: PKIX_CertStore_GetCertCallback
1.499 + * DESCRIPTION:
1.500 + *
1.501 + * Retrieves a pointer to "store's" Cert callback function and put it in
1.502 + * "pCallback".
1.503 + *
1.504 + * PARAMETERS:
1.505 + * "store"
1.506 + * The CertStore whose Cert callback is desired. Must be non-NULL.
1.507 + * "pCallback"
1.508 + * Address where Cert callback function pointer will be stored.
1.509 + * Must be non-NULL.
1.510 + * "plContext"
1.511 + * Platform-specific context pointer.
1.512 + * THREAD SAFETY:
1.513 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.514 + * RETURNS:
1.515 + * Returns NULL if the function succeeds.
1.516 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.517 + */
1.518 +PKIX_Error *
1.519 +PKIX_CertStore_GetCertCallback(
1.520 + PKIX_CertStore *store,
1.521 + PKIX_CertStore_CertCallback *pCallback,
1.522 + void *plContext);
1.523 +
1.524 +/*
1.525 + * FUNCTION: PKIX_CertStore_GetCRLCallback
1.526 + * DESCRIPTION:
1.527 + *
1.528 + * Retrieves a pointer to "store's" CRL callback function and put it in
1.529 + * "pCallback".
1.530 + *
1.531 + * PARAMETERS:
1.532 + * "store"
1.533 + * The CertStore whose CRL callback is desired. Must be non-NULL.
1.534 + * "pCallback"
1.535 + * Address where CRL callback function pointer will be stored.
1.536 + * Must be non-NULL.
1.537 + * "plContext"
1.538 + * Platform-specific context pointer.
1.539 + * THREAD SAFETY:
1.540 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.541 + * RETURNS:
1.542 + * Returns NULL if the function succeeds.
1.543 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.544 + */
1.545 +PKIX_Error *
1.546 +PKIX_CertStore_GetCRLCallback(
1.547 + PKIX_CertStore *store,
1.548 + PKIX_CertStore_CRLCallback *pCallback,
1.549 + void *plContext);
1.550 +
1.551 +/*
1.552 + * FUNCTION: PKIX_CertStore_GetImportCrlCallback
1.553 + * DESCRIPTION:
1.554 + *
1.555 + * Retrieves a pointer to "store's" Import CRL callback function and put it in
1.556 + * "pCallback".
1.557 + *
1.558 + * PARAMETERS:
1.559 + * "store"
1.560 + * The CertStore whose CRL callback is desired. Must be non-NULL.
1.561 + * "pCallback"
1.562 + * Address where CRL callback function pointer will be stored.
1.563 + * Must be non-NULL.
1.564 + * "plContext"
1.565 + * Platform-specific context pointer.
1.566 + * THREAD SAFETY:
1.567 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.568 + * RETURNS:
1.569 + * Returns NULL if the function succeeds.
1.570 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.571 + */
1.572 +PKIX_Error *
1.573 +PKIX_CertStore_GetImportCrlCallback(
1.574 + PKIX_CertStore *store,
1.575 + PKIX_CertStore_ImportCrlCallback *pCallback,
1.576 + void *plContext);
1.577 +
1.578 +/*
1.579 + * FUNCTION: PKIX_CertStore_GetCheckRevByCrl
1.580 + * DESCRIPTION:
1.581 + *
1.582 + * Retrieves a pointer to "store's" CRL revocation checker callback function
1.583 + * and put it in "pCallback".
1.584 + *
1.585 + * PARAMETERS:
1.586 + * "store"
1.587 + * The CertStore whose CRL callback is desired. Must be non-NULL.
1.588 + * "pCallback"
1.589 + * Address where CRL callback function pointer will be stored.
1.590 + * Must be non-NULL.
1.591 + * "plContext"
1.592 + * Platform-specific context pointer.
1.593 + * THREAD SAFETY:
1.594 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.595 + * RETURNS:
1.596 + * Returns NULL if the function succeeds.
1.597 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.598 + */
1.599 +PKIX_Error *
1.600 +PKIX_CertStore_GetCrlCheckerFn(
1.601 + PKIX_CertStore *store,
1.602 + PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
1.603 + void *plContext);
1.604 +
1.605 +/*
1.606 + * FUNCTION: PKIX_CertStore_GetTrustCallback
1.607 + * DESCRIPTION:
1.608 + *
1.609 + * Retrieves the function pointer to the CheckTrust callback function of the
1.610 + * CertStore pointed to by "store" and stores it at "pCallback".
1.611 + *
1.612 + * PARAMETERS:
1.613 + * "store"
1.614 + * The CertStore whose CheckTrust callback is desired. Must be non-NULL.
1.615 + * "pCallback"
1.616 + * Address where CheckTrust callback function pointer will be stored.
1.617 + * Must be non-NULL.
1.618 + * "plContext"
1.619 + * Platform-specific context pointer.
1.620 + * THREAD SAFETY:
1.621 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.622 + * RETURNS:
1.623 + * Returns NULL if the function succeeds.
1.624 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.625 + */
1.626 +PKIX_Error *
1.627 +PKIX_CertStore_GetTrustCallback(
1.628 + PKIX_CertStore *store,
1.629 + PKIX_CertStore_CheckTrustCallback *pCallback,
1.630 + void *plContext);
1.631 +
1.632 +/*
1.633 + * FUNCTION: PKIX_CertStore_GetCertStoreContext
1.634 + * DESCRIPTION:
1.635 + *
1.636 + * Retrieves a pointer to the Object representing the context (if any)
1.637 + * of the CertStore pointed to by "store" and stores it at
1.638 + * "pCertStoreContext".
1.639 + *
1.640 + * PARAMETERS:
1.641 + * "store"
1.642 + * Address of CertStore whose context is to be stored. Must be non-NULL.
1.643 + * "pCertStoreContext"
1.644 + * Address where object pointer will be stored. Must be non-NULL.
1.645 + * "plContext"
1.646 + * Platform-specific context pointer.
1.647 + * THREAD SAFETY:
1.648 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.649 + * RETURNS:
1.650 + * Returns NULL if the function succeeds.
1.651 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.652 + */
1.653 +PKIX_Error *
1.654 +PKIX_CertStore_GetCertStoreContext(
1.655 + PKIX_CertStore *store,
1.656 + PKIX_PL_Object **pCertStoreContext,
1.657 + void *plContext);
1.658 +
1.659 +/*
1.660 + * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
1.661 + * DESCRIPTION:
1.662 + *
1.663 + * Retrieves the Boolean cache flag of the CertStore pointed to by "store" and
1.664 + * stores it at "pCachedFlag".
1.665 + *
1.666 + * PARAMETERS:
1.667 + * "store"
1.668 + * Address of CertStore whose cache flag is to be stored. Must be non-NULL.
1.669 + * "pCacheFlag"
1.670 + * Address where the result will be stored. Must be non-NULL.
1.671 + * "plContext"
1.672 + * Platform-specific context pointer.
1.673 + * THREAD SAFETY:
1.674 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.675 + * RETURNS:
1.676 + * Returns NULL if the function succeeds.
1.677 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.678 + */
1.679 +PKIX_Error *
1.680 +PKIX_CertStore_GetCertStoreCacheFlag(
1.681 + PKIX_CertStore *store,
1.682 + PKIX_Boolean *pCacheFlag,
1.683 + void *plContext);
1.684 +
1.685 +/*
1.686 + * FUNCTION: PKIX_CertStore_GetLocalFlag
1.687 + * DESCRIPTION:
1.688 + *
1.689 + * Retrieves the Boolean localFlag for the CertStore pointed to by "store" and
1.690 + * stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can
1.691 + * fulfill a request without performing network I/O.
1.692 + *
1.693 + * PARAMETERS:
1.694 + * "store"
1.695 + * The CertStore whose Local flag is desired. Must be non-NULL.
1.696 + * "pCallback"
1.697 + * Address where the Boolean LocalFlag will be stored. Must be non-NULL.
1.698 + * "plContext"
1.699 + * Platform-specific context pointer.
1.700 + * THREAD SAFETY:
1.701 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.702 + * RETURNS:
1.703 + * Returns NULL if the function succeeds.
1.704 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.705 + */
1.706 +PKIX_Error *
1.707 +PKIX_CertStore_GetLocalFlag(
1.708 + PKIX_CertStore *store,
1.709 + PKIX_Boolean *pLocalFlag,
1.710 + void *plContext);
1.711 +
1.712 +#ifdef __cplusplus
1.713 +}
1.714 +#endif
1.715 +
1.716 +#endif /* _PKIX_CERTSTORE_H */
