1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/libpkix/include/pkix_crlsel.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,759 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * This file defines functions associated with the PKIX_CRLSelector and the
1.9 + * PKIX_ComCRLSelParams types.
1.10 + *
1.11 + */
1.12 +
1.13 +
1.14 +#ifndef _PKIX_CRLSEL_H
1.15 +#define _PKIX_CRLSEL_H
1.16 +
1.17 +#include "pkixt.h"
1.18 +
1.19 +#ifdef __cplusplus
1.20 +extern "C" {
1.21 +#endif
1.22 +
1.23 +/* General
1.24 + *
1.25 + * Please refer to the libpkix Programmer's Guide for detailed information
1.26 + * about how to use the libpkix library. Certain key warnings and notices from
1.27 + * that document are repeated here for emphasis.
1.28 + *
1.29 + * All identifiers in this file (and all public identifiers defined in
1.30 + * libpkix) begin with "PKIX_". Private identifiers only intended for use
1.31 + * within the library begin with "pkix_".
1.32 + *
1.33 + * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
1.34 + *
1.35 + * Unless otherwise noted, for all accessor (gettor) functions that return a
1.36 + * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
1.37 + * shared object. Therefore, the caller should treat this shared object as
1.38 + * read-only and should not modify this shared object. When done using the
1.39 + * shared object, the caller should release the reference to the object by
1.40 + * using the PKIX_PL_Object_DecRef function.
1.41 + *
1.42 + * While a function is executing, if its arguments (or anything referred to by
1.43 + * its arguments) are modified, free'd, or destroyed, the function's behavior
1.44 + * is undefined.
1.45 + *
1.46 + */
1.47 +
1.48 +/* PKIX_CRLSelector
1.49 + *
1.50 + * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
1.51 + * based on particular criteria. A CRLSelector is typically used by libpkix
1.52 + * to retrieve CRLs from a CertStore during certificate chain validation or
1.53 + * building. (see pkix_certstore.h) For example, the caller may wish to only
1.54 + * select those CRLs that have a particular issuer or a particular value for a
1.55 + * private CRL extension. The MatchCallback allows the caller to specify the
1.56 + * custom matching logic to be used by a CRLSelector.
1.57 +
1.58 + * By default, the MatchCallback is set to point to the default implementation
1.59 + * provided by libpkix, which understands how to process the most common
1.60 + * parameters. If the default implementation is used, the caller should set
1.61 + * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
1.62 + * Any common parameter that is not set is assumed to be disabled, which means
1.63 + * the default MatchCallback implementation will select all CRLs without
1.64 + * regard to that particular disabled parameter. For example, if the
1.65 + * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
1.66 + * CRL based on its CRL number. As such, if no parameters are set, all are
1.67 + * disabled and any CRL will match. If a parameter is disabled, its associated
1.68 + * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
1.69 + *
1.70 + * If a custom implementation is desired, the default implementation can be
1.71 + * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
1.72 + * CRLSelector can be initialized with a crlSelectorContext, which is where
1.73 + * the caller can specify the desired parameters the caller wishes to match
1.74 + * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
1.75 + * allowing it to be reference-counted and allowing it to provide the standard
1.76 + * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
1.77 + *
1.78 + */
1.79 +
1.80 +/*
1.81 + * FUNCTION: PKIX_CRLSelector_MatchCallback
1.82 + * DESCRIPTION:
1.83 + *
1.84 + * This callback function determines whether the specified CRL pointed to by
1.85 + * "crl" matches the criteria of the CRLSelector pointed to by "selector".
1.86 + * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
1.87 + * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
1.88 + *
1.89 + * PARAMETERS:
1.90 + * "selector"
1.91 + * Address of CRLSelector whose MatchCallback logic and parameters are
1.92 + * to be used. Must be non-NULL.
1.93 + * "crl"
1.94 + * Address of CRL that is to be matched using "selector". Must be non-NULL.
1.95 + * "pMatch"
1.96 + * Address at which Boolean result is stored. Must be non-NULL.
1.97 + * "plContext"
1.98 + * Platform-specific context pointer.
1.99 + * THREAD SAFETY:
1.100 + * Thread Safe
1.101 + *
1.102 + * Multiple threads must be able to safely call this function without
1.103 + * worrying about conflicts, even if they're operating on the same objects.
1.104 + * RETURNS:
1.105 + * Returns NULL if the function succeeds.
1.106 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.107 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.108 + */
1.109 +typedef PKIX_Error *
1.110 +(*PKIX_CRLSelector_MatchCallback)(
1.111 + PKIX_CRLSelector *selector,
1.112 + PKIX_PL_CRL *crl,
1.113 + PKIX_Boolean *pMatch,
1.114 + void *plContext);
1.115 +
1.116 +/*
1.117 + * FUNCTION: PKIX_CRLSelector_Create
1.118 + * DESCRIPTION:
1.119 + *
1.120 + * Creates a new CRLSelector using the Object pointed to by
1.121 + * "crlSelectorContext" (if any) and stores it at "pSelector". As noted
1.122 + * above, by default, the MatchCallback is set to point to the default
1.123 + * implementation provided by libpkix, which understands how to process
1.124 + * ComCRLSelParams. This is overridden if the MatchCallback pointed to by
1.125 + * "callback" is not NULL, in which case the parameters are specified using
1.126 + * the Object pointed to by "crlSelectorContext".
1.127 + *
1.128 + * PARAMETERS:
1.129 + * "issue"
1.130 + * crl issuer.
1.131 + * "crlDpList"
1.132 + * distribution points list
1.133 + * "callback"
1.134 + * The MatchCallback function to be used.
1.135 + * "pSelector"
1.136 + * Address where object pointer will be stored. Must be non-NULL.
1.137 + * "plContext"
1.138 + * Platform-specific context pointer.
1.139 + * THREAD SAFETY:
1.140 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.141 + * RETURNS:
1.142 + * Returns NULL if the function succeeds.
1.143 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.144 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.145 + */
1.146 +PKIX_Error *
1.147 +PKIX_CRLSelector_Create(
1.148 + PKIX_PL_Cert *issuer,
1.149 + PKIX_List *crlDpList,
1.150 + PKIX_PL_Date *date,
1.151 + PKIX_CRLSelector **pSelector,
1.152 + void *plContext);
1.153 +
1.154 +/*
1.155 + * FUNCTION: PKIX_CRLSelector_GetMatchCallback
1.156 + * DESCRIPTION:
1.157 + *
1.158 + * Retrieves a pointer to "selector's" Match callback function and puts it in
1.159 + * "pCallback".
1.160 + *
1.161 + * PARAMETERS:
1.162 + * "selector"
1.163 + * The CRLSelector whose Match callback is desired. Must be non-NULL.
1.164 + * "pCallback"
1.165 + * Address where Match callback function pointer will be stored.
1.166 + * Must be non-NULL.
1.167 + * "plContext"
1.168 + * Platform-specific context pointer.
1.169 + * THREAD SAFETY:
1.170 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.171 + * RETURNS:
1.172 + * Returns NULL if the function succeeds.
1.173 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.174 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.175 + */
1.176 +PKIX_Error *
1.177 +PKIX_CRLSelector_GetMatchCallback(
1.178 + PKIX_CRLSelector *selector,
1.179 + PKIX_CRLSelector_MatchCallback *pCallback,
1.180 + void *plContext);
1.181 +
1.182 +/*
1.183 + * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
1.184 + * DESCRIPTION:
1.185 + *
1.186 + * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
1.187 + * of the CRLSelector pointed to by "selector" and stores it at
1.188 + * "pCRLSelectorContext".
1.189 + *
1.190 + * PARAMETERS:
1.191 + * "selector"
1.192 + * Address of CRLSelector whose context is to be stored. Must be non-NULL.
1.193 + * "pCRLSelectorContext"
1.194 + * Address where object pointer will be stored. Must be non-NULL.
1.195 + * "plContext"
1.196 + * Platform-specific context pointer.
1.197 + * THREAD SAFETY:
1.198 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.199 + * RETURNS:
1.200 + * Returns NULL if the function succeeds.
1.201 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.202 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.203 + */
1.204 +PKIX_Error *
1.205 +PKIX_CRLSelector_GetCRLSelectorContext(
1.206 + PKIX_CRLSelector *selector,
1.207 + void **pCRLSelectorContext,
1.208 + void *plContext);
1.209 +
1.210 +/*
1.211 + * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
1.212 + * DESCRIPTION:
1.213 + *
1.214 + * Retrieves a pointer to the ComCRLSelParams object that represent the common
1.215 + * parameters of the CRLSelector pointed to by "selector" and stores it at
1.216 + * "pCommonCRLSelectorParams". If there are no common parameters stored with
1.217 + * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
1.218 + *
1.219 + * PARAMETERS:
1.220 + * "selector"
1.221 + * Address of CRLSelector whose ComCRLSelParams are to be stored.
1.222 + * Must be non-NULL.
1.223 + * "pCommonCRLSelectorParams"
1.224 + * Address where object pointer will be stored. Must be non-NULL.
1.225 + * "plContext"
1.226 + * Platform-specific context pointer.
1.227 + * THREAD SAFETY:
1.228 + * Conditionally Thread Safe
1.229 + * (see Thread Safety Definitions in Programmer's Guide)
1.230 + * RETURNS:
1.231 + * Returns NULL if the function succeeds.
1.232 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.233 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.234 + */
1.235 +PKIX_Error *
1.236 +PKIX_CRLSelector_GetCommonCRLSelectorParams(
1.237 + PKIX_CRLSelector *selector,
1.238 + PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
1.239 + void *plContext);
1.240 +
1.241 +/*
1.242 + * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
1.243 + * DESCRIPTION:
1.244 + *
1.245 + * Sets the common parameters for the CRLSelector pointed to by "selector"
1.246 + * using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
1.247 + *
1.248 + * PARAMETERS:
1.249 + * "selector"
1.250 + * Address of CRLSelector whose common parameters are to be set.
1.251 + * Must be non-NULL.
1.252 + * "commonCRLSelectorParams"
1.253 + * Address of ComCRLSelParams representing the common parameters.
1.254 + * "plContext"
1.255 + * Platform-specific context pointer.
1.256 + * THREAD SAFETY:
1.257 + * Not Thread Safe - assumes exclusive access to "selector"
1.258 + * (see Thread Safety Definitions in Programmer's Guide)
1.259 + * RETURNS:
1.260 + * Returns NULL if the function succeeds.
1.261 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.262 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.263 + */
1.264 +PKIX_Error *
1.265 +PKIX_CRLSelector_SetCommonCRLSelectorParams(
1.266 + PKIX_CRLSelector *selector,
1.267 + PKIX_ComCRLSelParams *commonCRLSelectorParams,
1.268 + void *plContext);
1.269 +
1.270 +/* PKIX_ComCRLSelParams
1.271 + *
1.272 + * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
1.273 + * especially determining which CRLs to retrieve from a CertStore.
1.274 + * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
1.275 + * the default implementation of MatchCallback, which understands how to
1.276 + * process ComCRLSelParams.
1.277 + */
1.278 +
1.279 +/*
1.280 + * FUNCTION: PKIX_ComCRLSelParams_Create
1.281 + * DESCRIPTION:
1.282 + *
1.283 + * Creates a new ComCRLSelParams object and stores it at "pParams".
1.284 + *
1.285 + * PARAMETERS:
1.286 + * "pParams"
1.287 + * Address where object pointer will be stored. Must be non-NULL.
1.288 + * "plContext"
1.289 + * Platform-specific context pointer.
1.290 + * THREAD SAFETY:
1.291 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.292 + * RETURNS:
1.293 + * Returns NULL if the function succeeds.
1.294 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.295 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.296 + */
1.297 +PKIX_Error *
1.298 +PKIX_ComCRLSelParams_Create(
1.299 + PKIX_ComCRLSelParams **pParams,
1.300 + void *plContext);
1.301 +
1.302 +/*
1.303 + * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
1.304 + * DESCRIPTION:
1.305 + *
1.306 + * Retrieves a pointer to the List of X500Names (if any) representing the
1.307 + * issuer names criterion that is set in the ComCRLSelParams pointed to by
1.308 + * "params" and stores it at "pNames". In order to match against this
1.309 + * criterion, a CRL's IssuerName must match at least one of the criterion's
1.310 + * issuer names.
1.311 + *
1.312 + * If "params" does not have this criterion set, this function stores NULL at
1.313 + * "pNames", in which case all CRLs are considered to match.
1.314 + *
1.315 + * Note that the List returned by this function is immutable.
1.316 + *
1.317 + * PARAMETERS:
1.318 + * "params"
1.319 + * Address of ComCRLSelParams whose issuer names criterion (if any) is to
1.320 + * be stored. Must be non-NULL.
1.321 + * "pNames"
1.322 + * Address where object pointer will be stored. Must be non-NULL.
1.323 + * "plContext"
1.324 + * Platform-specific context pointer.
1.325 + * THREAD SAFETY:
1.326 + * Conditionally Thread Safe
1.327 + * (see Thread Safety Definitions in Programmer's Guide)
1.328 + * RETURNS:
1.329 + * Returns NULL if the function succeeds.
1.330 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.331 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.332 + */
1.333 +PKIX_Error *
1.334 +PKIX_ComCRLSelParams_GetIssuerNames(
1.335 + PKIX_ComCRLSelParams *params,
1.336 + PKIX_List **pNames, /* list of PKIX_PL_X500Name */
1.337 + void *plContext);
1.338 +
1.339 +/*
1.340 + * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
1.341 + * DESCRIPTION:
1.342 + *
1.343 + * Sets the issuer names criterion of the ComCRLSelParams pointed to by
1.344 + * "params" using a List of X500Names pointed to by "names". In order to match
1.345 + * against this criterion, a CRL's IssuerName must match at least one of the
1.346 + * criterion's issuer names.
1.347 + *
1.348 + * PARAMETERS:
1.349 + * "params"
1.350 + * Address of ComCRLSelParamsParams whose issuer names criterion is to be
1.351 + * set. Must be non-NULL.
1.352 + * "names"
1.353 + * Address of List of X500Names used to set the criterion
1.354 + * "plContext"
1.355 + * Platform-specific context pointer.
1.356 + * THREAD SAFETY:
1.357 + * Not Thread Safe - assumes exclusive access to "params"
1.358 + * (see Thread Safety Definitions in Programmer's Guide)
1.359 + * RETURNS:
1.360 + * Returns NULL if the function succeeds.
1.361 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.362 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.363 + */
1.364 +PKIX_Error *
1.365 +PKIX_ComCRLSelParams_SetIssuerNames(
1.366 + PKIX_ComCRLSelParams *params,
1.367 + PKIX_List *names, /* list of PKIX_PL_X500Name */
1.368 + void *plContext);
1.369 +
1.370 +/*
1.371 + * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
1.372 + * DESCRIPTION:
1.373 + *
1.374 + * Adds to the issuer names criterion of the ComCRLSelParams pointed to by
1.375 + * "params" using the X500Name pointed to by "name". In order to match
1.376 + * against this criterion, a CRL's IssuerName must match at least one of the
1.377 + * criterion's issuer names.
1.378 + *
1.379 + * PARAMETERS:
1.380 + * "params"
1.381 + * Address of ComCRLSelParams whose issuer names criterion is to be added
1.382 + * to. Must be non-NULL.
1.383 + * "name"
1.384 + * Address of X500Name to be added.
1.385 + * "plContext"
1.386 + * Platform-specific context pointer.
1.387 + * THREAD SAFETY:
1.388 + * Not Thread Safe - assumes exclusive access to "params"
1.389 + * (see Thread Safety Definitions in Programmer's Guide)
1.390 + * RETURNS:
1.391 + * Returns NULL if the function succeeds.
1.392 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.393 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.394 + */
1.395 +PKIX_Error *
1.396 +PKIX_ComCRLSelParams_AddIssuerName(
1.397 + PKIX_ComCRLSelParams *params,
1.398 + PKIX_PL_X500Name *name,
1.399 + void *plContext);
1.400 +
1.401 +/*
1.402 + * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
1.403 + * DESCRIPTION:
1.404 + *
1.405 + * Retrieves a pointer to the Cert (if any) representing the certificate whose
1.406 + * revocation status is being checked. This is not a criterion. It is simply
1.407 + * optional information that may help a CertStore find relevant CRLs.
1.408 + *
1.409 + * If "params" does not have a certificate set, this function stores NULL at
1.410 + * "pCert", in which case there is no optional information to provide.
1.411 + *
1.412 + * PARAMETERS:
1.413 + * "params"
1.414 + * Address of ComCRLSelParams whose certificate being checked (if any) is
1.415 + * to be stored. Must be non-NULL.
1.416 + * "pCert"
1.417 + * Address where object pointer will be stored. Must be non-NULL.
1.418 + * "plContext"
1.419 + * Platform-specific context pointer.
1.420 + * THREAD SAFETY:
1.421 + * Conditionally Thread Safe
1.422 + * (see Thread Safety Definitions in Programmer's Guide)
1.423 + * RETURNS:
1.424 + * Returns NULL if the function succeeds
1.425 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.426 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.427 + */
1.428 +PKIX_Error *
1.429 +PKIX_ComCRLSelParams_GetCertificateChecking(
1.430 + PKIX_ComCRLSelParams *params,
1.431 + PKIX_PL_Cert **pCert,
1.432 + void *plContext);
1.433 +
1.434 +/*
1.435 + * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
1.436 + * DESCRIPTION:
1.437 + *
1.438 + * Sets the ComCRLSelParams pointed to by "params" with the certificate
1.439 + * (pointed to by "cert") whose revocation status is being checked. This is
1.440 + * not a criterion. It is simply optional information that may help a
1.441 + * CertStore find relevant CRLs.
1.442 + *
1.443 + * PARAMETERS:
1.444 + * "params"
1.445 + * Address of ComCRLSelParams whose certificate being checked is to be
1.446 + * set. Must be non-NULL.
1.447 + * "cert"
1.448 + * Address of Cert whose revocation status is being checked
1.449 + * "plContext"
1.450 + * Platform-specific context pointer.
1.451 + * THREAD SAFETY:
1.452 + * Not Thread Safe - assumes exclusive access to "params"
1.453 + * (see Thread Safety Definitions in Programmer's Guide)
1.454 + * RETURNS:
1.455 + * Returns NULL if the function succeeds.
1.456 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.457 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.458 + */
1.459 +PKIX_Error *
1.460 +PKIX_ComCRLSelParams_SetCertificateChecking(
1.461 + PKIX_ComCRLSelParams *params,
1.462 + PKIX_PL_Cert *cert,
1.463 + void *plContext);
1.464 +
1.465 +/*
1.466 + * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
1.467 + * DESCRIPTION:
1.468 + *
1.469 + * Retrieves a pointer to the Date (if any) representing the dateAndTime
1.470 + * criterion that is set in the ComCRLSelParams pointed to by "params" and
1.471 + * stores it at "pDate". In order to match against this criterion, a CRL's
1.472 + * thisUpdate component must be less than or equal to the criterion's
1.473 + * dateAndTime and the CRL's nextUpdate component must be later than the
1.474 + * criterion's dateAndTime. There is no match if the CRL does not contain a
1.475 + * nextUpdate component.
1.476 + *
1.477 + * If "params" does not have this criterion set, this function stores NULL at
1.478 + * "pDate", in which case all CRLs are considered to match.
1.479 + *
1.480 + * PARAMETERS:
1.481 + * "params"
1.482 + * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
1.483 + * be stored. Must be non-NULL.
1.484 + * "pDate"
1.485 + * Address where object pointer will be stored. Must be non-NULL.
1.486 + * "plContext"
1.487 + * Platform-specific context pointer.
1.488 + * THREAD SAFETY:
1.489 + * Conditionally Thread Safe
1.490 + * (see Thread Safety Definitions in Programmer's Guide)
1.491 + * RETURNS:
1.492 + * Returns NULL if the function succeeds.
1.493 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.494 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.495 + */
1.496 +PKIX_Error *
1.497 +PKIX_ComCRLSelParams_GetDateAndTime(
1.498 + PKIX_ComCRLSelParams *params,
1.499 + PKIX_PL_Date **pDate,
1.500 + void *plContext);
1.501 +
1.502 +/*
1.503 + * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
1.504 + * DESCRIPTION:
1.505 + *
1.506 + * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
1.507 + * "params" using a Date pointed to by "date". In order to match against this
1.508 + * criterion, a CRL's thisUpdate component must be less than or equal to the
1.509 + * criterion's dateAndTime and the CRL's nextUpdate component must be later
1.510 + * than the criterion's dateAndTime. There is no match if the CRL does not
1.511 + * contain a nextUpdate component.
1.512 + *
1.513 + * PARAMETERS:
1.514 + * "params"
1.515 + * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
1.516 + * set. Must be non-NULL.
1.517 + * "date"
1.518 + * Address of Date used to set the criterion
1.519 + * "plContext"
1.520 + * Platform-specific context pointer.
1.521 + * THREAD SAFETY:
1.522 + * Not Thread Safe - assumes exclusive access to "params"
1.523 + * (see Thread Safety Definitions in Programmer's Guide)
1.524 + * RETURNS:
1.525 + * Returns NULL if the function succeeds.
1.526 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.527 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.528 + */
1.529 +PKIX_Error *
1.530 +PKIX_ComCRLSelParams_SetDateAndTime(
1.531 + PKIX_ComCRLSelParams *params,
1.532 + PKIX_PL_Date *date,
1.533 + void *plContext);
1.534 +
1.535 +/*
1.536 + * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
1.537 + * DESCRIPTION:
1.538 + *
1.539 + * Retrieves a pointer to the Boolean representing the NIST CRL policy
1.540 + * activation flag that is set in the ComCRLSelParams pointed to by "params"
1.541 + * and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
1.542 + *
1.543 + * Default value for this flag is TRUE.
1.544 + *
1.545 + * PARAMETERS:
1.546 + * "params"
1.547 + * Address of ComCRLSelParams whose NIST CRL policy criterion is to
1.548 + * be stored. Must be non-NULL.
1.549 + * "pEnabled"
1.550 + * Address where object pointer will be stored. Must be non-NULL.
1.551 + * "plContext"
1.552 + * Platform-specific context pointer.
1.553 + * THREAD SAFETY:
1.554 + * Conditionally Thread Safe
1.555 + * (see Thread Safety Definitions in Programmer's Guide)
1.556 + * RETURNS:
1.557 + * Returns NULL if the function succeeds.
1.558 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.559 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.560 + */
1.561 +PKIX_Error *
1.562 +PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
1.563 + PKIX_ComCRLSelParams *params,
1.564 + PKIX_Boolean *pEnabled,
1.565 + void *plContext);
1.566 +
1.567 +/*
1.568 + * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
1.569 + * DESCRIPTION:
1.570 + *
1.571 + * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
1.572 + * "params" using a "enabled" flag. In order to match against this
1.573 + * criterion, a CRL's nextUpdate must be available and criterion's
1.574 + * dataAndTime must be within thisUpdate and nextUpdate time period.
1.575 + *
1.576 + * PARAMETERS:
1.577 + * "params"
1.578 + * Address of ComCRLSelParamsParams whose NIST CRL policy criterion
1.579 + * is to be set. Must be non-NULL.
1.580 + * "enabled"
1.581 + * Address of Bollean used to set the criterion
1.582 + * "plContext"
1.583 + * Platform-specific context pointer.
1.584 + * THREAD SAFETY:
1.585 + * Not Thread Safe - assumes exclusive access to "params"
1.586 + * (see Thread Safety Definitions in Programmer's Guide)
1.587 + * RETURNS:
1.588 + * Returns NULL if the function succeeds.
1.589 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.590 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.591 + */
1.592 +PKIX_Error *
1.593 +PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
1.594 + PKIX_ComCRLSelParams *params,
1.595 + PKIX_Boolean enabled,
1.596 + void *plContext);
1.597 +
1.598 +/*
1.599 + * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
1.600 + * DESCRIPTION:
1.601 + *
1.602 + * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
1.603 + * criterion that is set in the ComCRLSelParams pointed to by "params" and
1.604 + * stores it at "pNumber". In order to match against this criterion, a CRL
1.605 + * must have a CRL number extension whose value is less than or equal to the
1.606 + * criterion's value.
1.607 + *
1.608 + * If "params" does not have this criterion set, this function stores NULL at
1.609 + * "pNumber", in which case all CRLs are considered to match.
1.610 + *
1.611 + * PARAMETERS:
1.612 + * "params"
1.613 + * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
1.614 + * be stored. Must be non-NULL.
1.615 + * "pNumber"
1.616 + * Address where object pointer will be stored. Must be non-NULL.
1.617 + * "plContext"
1.618 + * Platform-specific context pointer.
1.619 + * THREAD SAFETY:
1.620 + * Conditionally Thread Safe
1.621 + * (see Thread Safety Definitions in Programmer's Guide)
1.622 + * RETURNS:
1.623 + * Returns NULL if the function succeeds.
1.624 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.625 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.626 + */
1.627 +PKIX_Error *
1.628 +PKIX_ComCRLSelParams_GetMaxCRLNumber(
1.629 + PKIX_ComCRLSelParams *params,
1.630 + PKIX_PL_BigInt **pNumber,
1.631 + void *plContext);
1.632 +
1.633 +/*
1.634 + * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
1.635 + * DESCRIPTION:
1.636 + *
1.637 + * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
1.638 + * "params" using a BigInt pointed to by "number". In order to match against
1.639 + * this criterion, a CRL must have a CRL number extension whose value is less
1.640 + * than or equal to the criterion's value.
1.641 + *
1.642 + * PARAMETERS:
1.643 + * "params"
1.644 + * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
1.645 + * set. Must be non-NULL.
1.646 + * "number"
1.647 + * Address of BigInt used to set the criterion
1.648 + * "plContext"
1.649 + * Platform-specific context pointer.
1.650 + * THREAD SAFETY:
1.651 + * Not Thread Safe - assumes exclusive access to "params"
1.652 + * (see Thread Safety Definitions in Programmer's Guide)
1.653 + * RETURNS:
1.654 + * Returns NULL if the function succeeds.
1.655 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.656 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.657 + */
1.658 +PKIX_Error *
1.659 +PKIX_ComCRLSelParams_SetMaxCRLNumber(
1.660 + PKIX_ComCRLSelParams *params,
1.661 + PKIX_PL_BigInt *number,
1.662 + void *plContext);
1.663 +
1.664 +/*
1.665 + * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
1.666 + * DESCRIPTION:
1.667 + *
1.668 + * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
1.669 + * criterion that is set in the ComCRLSelParams pointed to by "params" and
1.670 + * stores it at "pNumber". In order to match against this criterion, a CRL
1.671 + * must have a CRL number extension whose value is greater than or equal to
1.672 + * the criterion's value.
1.673 + *
1.674 + * If "params" does not have this criterion set, this function stores NULL at
1.675 + * "pNumber", in which case all CRLs are considered to match.
1.676 + *
1.677 + * PARAMETERS:
1.678 + * "params"
1.679 + * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
1.680 + * be stored. Must be non-NULL.
1.681 + * "pNumber"
1.682 + * Address where object pointer will be stored. Must be non-NULL.
1.683 + * "plContext"
1.684 + * Platform-specific context pointer.
1.685 + * THREAD SAFETY:
1.686 + * Conditionally Thread Safe
1.687 + * (see Thread Safety Definitions in Programmer's Guide)
1.688 + * RETURNS:
1.689 + * Returns NULL if the function succeeds.
1.690 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.691 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.692 + */
1.693 +PKIX_Error *
1.694 +PKIX_ComCRLSelParams_GetMinCRLNumber(
1.695 + PKIX_ComCRLSelParams *params,
1.696 + PKIX_PL_BigInt **pNumber,
1.697 + void *plContext);
1.698 +
1.699 +/*
1.700 + * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
1.701 + * DESCRIPTION:
1.702 + *
1.703 + * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
1.704 + * "params" using a BigInt pointed to by "number". In order to match against
1.705 + * this criterion, a CRL must have a CRL number extension whose value is
1.706 + * greater than or equal to the criterion's value.
1.707 + *
1.708 + * PARAMETERS:
1.709 + * "params"
1.710 + * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
1.711 + * set. Must be non-NULL.
1.712 + * "number"
1.713 + * Address of BigInt used to set the criterion
1.714 + * "plContext"
1.715 + * Platform-specific context pointer.
1.716 + * THREAD SAFETY:
1.717 + * Not Thread Safe - assumes exclusive access to "params"
1.718 + * (see Thread Safety Definitions in Programmer's Guide)
1.719 + * RETURNS:
1.720 + * Returns NULL if the function succeeds.
1.721 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.722 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.723 + */
1.724 +PKIX_Error *
1.725 +PKIX_ComCRLSelParams_SetMinCRLNumber(
1.726 + PKIX_ComCRLSelParams *params,
1.727 + PKIX_PL_BigInt *number,
1.728 + void *plContext);
1.729 +
1.730 +/*
1.731 + * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
1.732 + * DESCRIPTION:
1.733 + *
1.734 + * Sets crldp list that can be used to download a crls.
1.735 + *
1.736 + * PARAMETERS:
1.737 + * "params"
1.738 + * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
1.739 + * set. Must be non-NULL.
1.740 + * "crldpList"
1.741 + * A list of CRLDPs. Can be an emptry list.
1.742 + * "plContext"
1.743 + * Platform-specific context pointer.
1.744 + * THREAD SAFETY:
1.745 + * Not Thread Safe - assumes exclusive access to "params"
1.746 + * (see Thread Safety Definitions in Programmer's Guide)
1.747 + * RETURNS:
1.748 + * Returns NULL if the function succeeds.
1.749 + * Returns a CRLSelector Error if the function fails in a non-fatal way.
1.750 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.751 + */
1.752 +PKIX_Error*
1.753 +PKIX_ComCRLSelParams_SetCrlDp(
1.754 + PKIX_ComCRLSelParams *params,
1.755 + PKIX_List *crldpList,
1.756 + void *plContext);
1.757 +
1.758 +#ifdef __cplusplus
1.759 +}
1.760 +#endif
1.761 +
1.762 +#endif /* _PKIX_CRLSEL_H */
