1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/libpkix/include/pkix_params.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1793 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * This file defines functions associated with the various parameters used
1.9 + * by the top-level functions.
1.10 + *
1.11 + */
1.12 +
1.13 +#ifndef _PKIX_PARAMS_H
1.14 +#define _PKIX_PARAMS_H
1.15 +
1.16 +#include "pkixt.h"
1.17 +
1.18 +#ifdef __cplusplus
1.19 +extern "C" {
1.20 +#endif
1.21 +
1.22 +/* General
1.23 + *
1.24 + * Please refer to the libpkix Programmer's Guide for detailed information
1.25 + * about how to use the libpkix library. Certain key warnings and notices from
1.26 + * that document are repeated here for emphasis.
1.27 + *
1.28 + * All identifiers in this file (and all public identifiers defined in
1.29 + * libpkix) begin with "PKIX_". Private identifiers only intended for use
1.30 + * within the library begin with "pkix_".
1.31 + *
1.32 + * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
1.33 + *
1.34 + * Unless otherwise noted, for all accessor (gettor) functions that return a
1.35 + * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
1.36 + * shared object. Therefore, the caller should treat this shared object as
1.37 + * read-only and should not modify this shared object. When done using the
1.38 + * shared object, the caller should release the reference to the object by
1.39 + * using the PKIX_PL_Object_DecRef function.
1.40 + *
1.41 + * While a function is executing, if its arguments (or anything referred to by
1.42 + * its arguments) are modified, free'd, or destroyed, the function's behavior
1.43 + * is undefined.
1.44 + *
1.45 + */
1.46 +
1.47 +/* PKIX_ProcessingParams
1.48 + *
1.49 + * PKIX_ProcessingParams are parameters used when validating or building a
1.50 + * chain of certificates. Using the parameters, the caller can specify several
1.51 + * things, including the various inputs to the PKIX chain validation
1.52 + * algorithm (such as trust anchors, initial policies, etc), any customized
1.53 + * functionality (such as CertChainCheckers, RevocationCheckers, CertStores),
1.54 + * and whether revocation checking should be disabled.
1.55 + *
1.56 + * Once the caller has created the ProcessingParams object, the caller then
1.57 + * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call
1.58 + * the user's callback functions as needed during the validation or building
1.59 + * process.
1.60 + *
1.61 + * If a parameter is not set (or is set to NULL), it will be set to the
1.62 + * default value for that parameter. The default value for the Date parameter
1.63 + * is NULL, which indicates the current time when the path is validated. The
1.64 + * default for the remaining parameters is the least constrained.
1.65 + */
1.66 +
1.67 +/*
1.68 + * FUNCTION: PKIX_ProcessingParams_Create
1.69 + * DESCRIPTION:
1.70 + *
1.71 + * Creates a new ProcessingParams object. Trust anchor list is set to
1.72 + * newly created empty list of trust. In this case trust anchors will
1.73 + * be taken from provided cert store. Pointed to the created
1.74 + * ProcessingParams object is stored in "pParams".
1.75 + *
1.76 + * PARAMETERS:
1.77 + * "anchors"
1.78 + * Address of List of (non-empty) TrustAnchors to be used.
1.79 + * Must be non-NULL.
1.80 + * "pParams"
1.81 + * Address where object pointer will be stored. Must be non-NULL.
1.82 + * "plContext"
1.83 + * Platform-specific context pointer.
1.84 + * THREAD SAFETY:
1.85 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.86 + * RETURNS:
1.87 + * Returns NULL if the function succeeds.
1.88 + * Returns a Params Error if the function fails in a non-fatal way.
1.89 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.90 + */
1.91 +PKIX_Error *
1.92 +PKIX_ProcessingParams_Create(
1.93 + PKIX_ProcessingParams **pParams,
1.94 + void *plContext);
1.95 +
1.96 +/*
1.97 + * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
1.98 + * DESCRIPTION:
1.99 + *
1.100 + * Retrieves a pointer to the List of CertChainCheckers (if any) that are set
1.101 + * in the ProcessingParams pointed to by "params" and stores it at
1.102 + * "pCheckers". Each CertChainChecker represents a custom certificate
1.103 + * validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed
1.104 + * during the validation or building process. If "params" does not have any
1.105 + * CertChainCheckers, this function stores an empty List at "pCheckers".
1.106 + *
1.107 + * PARAMETERS:
1.108 + * "params"
1.109 + * Address of ProcessingParams whose List of CertChainCheckers (if any)
1.110 + * are to be stored. Must be non-NULL.
1.111 + * "pCheckers"
1.112 + * Address where object pointer will be stored. Must be non-NULL.
1.113 + * "plContext"
1.114 + * Platform-specific context pointer.
1.115 + * THREAD SAFETY:
1.116 + * Conditionally Thread Safe
1.117 + * (see Thread Safety Definitions in Programmer's Guide)
1.118 + * RETURNS:
1.119 + * Returns NULL if the function succeeds.
1.120 + * Returns a Params Error if the function fails in a non-fatal way.
1.121 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.122 + */
1.123 +PKIX_Error *
1.124 +PKIX_ProcessingParams_GetCertChainCheckers(
1.125 + PKIX_ProcessingParams *params,
1.126 + PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
1.127 + void *plContext);
1.128 +
1.129 +/*
1.130 + * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
1.131 + * DESCRIPTION:
1.132 + *
1.133 + * Sets the ProcessingParams pointed to by "params" with a List of
1.134 + * CertChainCheckers pointed to by "checkers". Each CertChainChecker
1.135 + * represents a custom certificate validation check used by
1.136 + * PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or
1.137 + * building process. If "checkers" is NULL, no CertChainCheckers will be used.
1.138 + *
1.139 + * PARAMETERS:
1.140 + * "params"
1.141 + * Address of ProcessingParams whose List of CertChainCheckers is to be
1.142 + * set. Must be non-NULL.
1.143 + * "checkers"
1.144 + * Address of List of CertChainCheckers to be set. If NULL, no
1.145 + * CertChainCheckers will be used.
1.146 + * "plContext"
1.147 + * Platform-specific context pointer.
1.148 + * THREAD SAFETY:
1.149 + * Not Thread Safe - assumes exclusive access to "params" and "checkers"
1.150 + * (see Thread Safety Definitions in Programmer's Guide)
1.151 + * RETURNS:
1.152 + * Returns NULL if the function succeeds.
1.153 + * Returns a Params Error if the function fails in a non-fatal way.
1.154 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.155 + */
1.156 +PKIX_Error *
1.157 +PKIX_ProcessingParams_SetCertChainCheckers(
1.158 + PKIX_ProcessingParams *params,
1.159 + PKIX_List *checkers, /* list of PKIX_CertChainChecker */
1.160 + void *plContext);
1.161 +
1.162 +/*
1.163 + * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker
1.164 + * DESCRIPTION:
1.165 + *
1.166 + * Adds the CertChainChecker pointed to by "checker" to the ProcessingParams
1.167 + * pointed to by "params". The CertChainChecker represents a custom
1.168 + * certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain
1.169 + * as needed during the validation or building process.
1.170 + *
1.171 + * PARAMETERS:
1.172 + * "params"
1.173 + * Address of ProcessingParams to be added to. Must be non-NULL.
1.174 + * "checker"
1.175 + * Address of CertChainChecker to be added. Must be non-NULL.
1.176 + * "plContext"
1.177 + * Platform-specific context pointer.
1.178 + * THREAD SAFETY:
1.179 + * Not Thread Safe - assumes exclusive access to "params"
1.180 + * (see Thread Safety Definitions in Programmer's Guide)
1.181 + * RETURNS:
1.182 + * Returns NULL if the function succeeds.
1.183 + * Returns a Params Error if the function fails in a non-fatal way.
1.184 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.185 + */
1.186 +PKIX_Error *
1.187 +PKIX_ProcessingParams_AddCertChainChecker(
1.188 + PKIX_ProcessingParams *params,
1.189 + PKIX_CertChainChecker *checker,
1.190 + void *plContext);
1.191 +
1.192 +/*
1.193 + * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
1.194 + * DESCRIPTION:
1.195 + *
1.196 + * Retrieves a pointer to the RevocationChecker that are set
1.197 + * in the ProcessingParams pointed to by "params" and stores it at
1.198 + * "pRevChecker". Each RevocationChecker represents a revocation
1.199 + * check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the
1.200 + * validation or building process. If "params" does not have any
1.201 + * RevocationCheckers, this function stores an empty List at "pRevChecker".
1.202 + *
1.203 + * PARAMETERS:
1.204 + * "params"
1.205 + * Address of ProcessingParams whose List of RevocationCheckers
1.206 + * is to be stored. Must be non-NULL.
1.207 + * "pRevChecker"
1.208 + * Address where object pointer will be stored. Must be non-NULL.
1.209 + * "plContext"
1.210 + * Platform-specific context pointer.
1.211 + * THREAD SAFETY:
1.212 + * Conditionally Thread Safe
1.213 + * (see Thread Safety Definitions in Programmer's Guide)
1.214 + * RETURNS:
1.215 + * Returns NULL if the function succeeds.
1.216 + * Returns a Params Error if the function fails in a non-fatal way.
1.217 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.218 + */
1.219 +PKIX_Error *
1.220 +PKIX_ProcessingParams_GetRevocationChecker(
1.221 + PKIX_ProcessingParams *params,
1.222 + PKIX_RevocationChecker **pChecker,
1.223 + void *plContext);
1.224 +
1.225 +/*
1.226 + * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
1.227 + * DESCRIPTION:
1.228 + *
1.229 + * Sets the ProcessingParams pointed to by "params" with a
1.230 + * RevocationChecker pointed to by "revChecker". Revocation
1.231 + * checker object should be created and assigned to processing
1.232 + * parameters before chain build or validation can begin.
1.233 + *
1.234 + * PARAMETERS:
1.235 + * "params"
1.236 + * Address of ProcessingParams whose List of RevocationCheckers is to be
1.237 + * set. Must be non-NULL.
1.238 + * "revChecker"
1.239 + * Address of RevocationChecker to be set. Must be set before chain
1.240 + * building or validation.
1.241 + * "plContext"
1.242 + * Platform-specific context pointer.
1.243 + * THREAD SAFETY:
1.244 + * Not Thread Safe - assumes exclusive access to "params"
1.245 + * (see Thread Safety Definitions in Programmer's Guide)
1.246 + * RETURNS:
1.247 + * Returns NULL if the function succeeds.
1.248 + * Returns a Params Error if the function fails in a non-fatal way.
1.249 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.250 + */
1.251 +PKIX_Error *
1.252 +PKIX_ProcessingParams_SetRevocationChecker(
1.253 + PKIX_ProcessingParams *params,
1.254 + PKIX_RevocationChecker *revChecker,
1.255 + void *plContext);
1.256 +
1.257 +/*
1.258 + * FUNCTION: PKIX_ProcessingParams_GetCertStores
1.259 + * DESCRIPTION:
1.260 + *
1.261 + * Retrieves a pointer to the List of CertStores (if any) that are set in the
1.262 + * ProcessingParams pointed to by "params" and stores it at "pStores". Each
1.263 + * CertStore represents a particular repository from which certificates and
1.264 + * CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed
1.265 + * during the validation or building process. If "params" does not have any
1.266 + * CertStores, this function stores an empty List at "pStores".
1.267 + *
1.268 + * PARAMETERS:
1.269 + * "params"
1.270 + * Address of ProcessingParams whose List of CertStores (if any) are to
1.271 + * be stored. Must be non-NULL.
1.272 + * "pStores"
1.273 + * Address where object pointer will be stored. Must be non-NULL.
1.274 + * "plContext"
1.275 + * Platform-specific context pointer.
1.276 + * THREAD SAFETY:
1.277 + * Conditionally Thread Safe
1.278 + * (see Thread Safety Definitions in Programmer's Guide)
1.279 + * RETURNS:
1.280 + * Returns NULL if the function succeeds.
1.281 + * Returns a Params Error if the function fails in a non-fatal way.
1.282 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.283 + */
1.284 +PKIX_Error *
1.285 +PKIX_ProcessingParams_GetCertStores(
1.286 + PKIX_ProcessingParams *params,
1.287 + PKIX_List **pStores, /* list of PKIX_CertStore */
1.288 + void *plContext);
1.289 +
1.290 +/*
1.291 + * FUNCTION: PKIX_ProcessingParams_SetCertStores
1.292 + * DESCRIPTION:
1.293 + *
1.294 + * Sets the ProcessingParams pointed to by "params" with a List of CertStores
1.295 + * pointed to by "stores". Each CertStore represents a particular repository
1.296 + * from which certificates and CRLs can be retrieved by PKIX_ValidateChain or
1.297 + * PKIX_BuildChain as needed during the validation or building process. If
1.298 + * "stores" is NULL, no CertStores will be used.
1.299 + *
1.300 + * PARAMETERS:
1.301 + * "params"
1.302 + * Address of ProcessingParams whose List of CertStores is to be set.
1.303 + * Must be non-NULL.
1.304 + * "stores"
1.305 + * Address of List of CertStores to be set. If NULL, no CertStores will
1.306 + * be used.
1.307 + * "plContext"
1.308 + * Platform-specific context pointer.
1.309 + * THREAD SAFETY:
1.310 + * Not Thread Safe - assumes exclusive access to "params"
1.311 + * (see Thread Safety Definitions in Programmer's Guide)
1.312 + * RETURNS:
1.313 + * Returns NULL if the function succeeds.
1.314 + * Returns a Params Error if the function fails in a non-fatal way.
1.315 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.316 + */
1.317 +PKIX_Error *
1.318 +PKIX_ProcessingParams_SetCertStores(
1.319 + PKIX_ProcessingParams *params,
1.320 + PKIX_List *stores, /* list of PKIX_CertStore */
1.321 + void *plContext);
1.322 +
1.323 +/*
1.324 + * FUNCTION: PKIX_ProcessingParams_AddCertStore
1.325 + * DESCRIPTION:
1.326 + *
1.327 + * Adds the CertStore pointed to by "store" to the ProcessingParams pointed
1.328 + * to by "params". The CertStore represents a particular repository from
1.329 + * which certificates and CRLs can be retrieved by PKIX_ValidateChain or
1.330 + * PKIX_BuildChain as needed during the validation or building process.
1.331 + *
1.332 + * PARAMETERS:
1.333 + * "params"
1.334 + * Address of ProcessingParams to be added to. Must be non-NULL.
1.335 + * "store"
1.336 + * Address of CertStore to be added.
1.337 + * "plContext"
1.338 + * Platform-specific context pointer.
1.339 + * THREAD SAFETY:
1.340 + * Not Thread Safe - assumes exclusive access to "params"
1.341 + * (see Thread Safety Definitions in Programmer's Guide)
1.342 + * RETURNS:
1.343 + * Returns NULL if the function succeeds.
1.344 + * Returns a Params Error if the function fails in a non-fatal way.
1.345 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.346 + */
1.347 +PKIX_Error *
1.348 +PKIX_ProcessingParams_AddCertStore(
1.349 + PKIX_ProcessingParams *params,
1.350 + PKIX_CertStore *store,
1.351 + void *plContext);
1.352 +
1.353 +/*
1.354 + * FUNCTION: PKIX_ProcessingParams_GetDate
1.355 + * DESCRIPTION:
1.356 + *
1.357 + * Retrieves a pointer to the Date (if any) that is set in the
1.358 + * ProcessingParams pointed to by "params" and stores it at "pDate". The
1.359 + * Date represents the time for which the validation of the certificate chain
1.360 + * should be determined. If "params" does not have any Date set, this function
1.361 + * stores NULL at "pDate".
1.362 + *
1.363 + * PARAMETERS:
1.364 + * "params"
1.365 + * Address of ProcessingParams whose Date (if any) is to be stored.
1.366 + * Must be non-NULL.
1.367 + * "pDate"
1.368 + * Address where object pointer will be stored. Must be non-NULL.
1.369 + * "plContext"
1.370 + * Platform-specific context pointer.
1.371 + * THREAD SAFETY:
1.372 + * Conditionally Thread Safe
1.373 + * (see Thread Safety Definitions in Programmer's Guide)
1.374 + * RETURNS:
1.375 + * Returns NULL if the function succeeds.
1.376 + * Returns a Params Error if the function fails in a non-fatal way.
1.377 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.378 + */
1.379 +PKIX_Error *
1.380 +PKIX_ProcessingParams_GetDate(
1.381 + PKIX_ProcessingParams *params,
1.382 + PKIX_PL_Date **pDate,
1.383 + void *plContext);
1.384 +
1.385 +/*
1.386 + * FUNCTION: PKIX_ProcessingParams_SetDate
1.387 + * DESCRIPTION:
1.388 + *
1.389 + * Sets the ProcessingParams pointed to by "params" with a Date pointed to by
1.390 + * "date". The Date represents the time for which the validation of the
1.391 + * certificate chain should be determined. If "date" is NULL, the current
1.392 + * time is used during validation.
1.393 + *
1.394 + * PARAMETERS:
1.395 + * "params"
1.396 + * Address of ProcessingParams whose Date is to be set. Must be non-NULL.
1.397 + * "date"
1.398 + * Address of Date to be set. If NULL, current time is used.
1.399 + * "plContext"
1.400 + * Platform-specific context pointer.
1.401 + * THREAD SAFETY:
1.402 + * Not Thread Safe - assumes exclusive access to "params"
1.403 + * (see Thread Safety Definitions in Programmer's Guide)
1.404 + * RETURNS:
1.405 + * Returns NULL if the function succeeds.
1.406 + * Returns a Params Error if the function fails in a non-fatal way.
1.407 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.408 + */
1.409 +PKIX_Error *
1.410 +PKIX_ProcessingParams_SetDate(
1.411 + PKIX_ProcessingParams *params,
1.412 + PKIX_PL_Date *date,
1.413 + void *plContext);
1.414 +
1.415 +/*
1.416 + * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
1.417 + * DESCRIPTION:
1.418 + *
1.419 + * Retrieves a pointer to the List of OIDs (if any) that are set in the
1.420 + * ProcessingParams pointed to by "params" and stores it at "pInitPolicies".
1.421 + * Each OID represents an initial policy identifier, indicating that any
1.422 + * one of these policies would be acceptable to the certificate user for
1.423 + * the purposes of certification path processing. If "params" does not have
1.424 + * any initial policies, this function stores an empty List at
1.425 + * "pInitPolicies".
1.426 + *
1.427 + * PARAMETERS:
1.428 + * "params"
1.429 + * Address of ProcessingParams whose List of OIDs (if any) are to be
1.430 + * stored. Must be non-NULL.
1.431 + * "pInitPolicies"
1.432 + * Address where object pointer will be stored. Must be non-NULL.
1.433 + * "plContext"
1.434 + * Platform-specific context pointer.
1.435 + * THREAD SAFETY:
1.436 + * Conditionally Thread Safe
1.437 + * (see Thread Safety Definitions in Programmer's Guide)
1.438 + * RETURNS:
1.439 + * Returns NULL if the function succeeds.
1.440 + * Returns a Params Error if the function fails in a non-fatal way.
1.441 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.442 + */
1.443 +PKIX_Error *
1.444 +PKIX_ProcessingParams_GetInitialPolicies(
1.445 + PKIX_ProcessingParams *params,
1.446 + PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
1.447 + void *plContext);
1.448 +
1.449 +/*
1.450 + * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
1.451 + * DESCRIPTION:
1.452 + *
1.453 + * Sets the ProcessingParams pointed to by "params" with a List of OIDs
1.454 + * pointed to by "initPolicies".
1.455 + *
1.456 + * Each OID represents an initial policy identifier, indicating that any
1.457 + * one of these policies would be acceptable to the certificate user for
1.458 + * the purposes of certification path processing. By default, any policy
1.459 + * is acceptable (i.e. all policies), so a user that wants to allow any
1.460 + * policy as acceptable does not need to call this method. Similarly, if
1.461 + * initPolicies is NULL or points to an empty List, all policies are
1.462 + * acceptable.
1.463 + *
1.464 + * PARAMETERS:
1.465 + * "params"
1.466 + * Address of ProcessingParams whose List of OIDs is to be set.
1.467 + * Must be non-NULL.
1.468 + * "initPolicies"
1.469 + * Address of List of OIDs to be set. If NULL or if pointing to an empty
1.470 + * List, all policies are acceptable.
1.471 + * "plContext"
1.472 + * Platform-specific context pointer.
1.473 + * THREAD SAFETY:
1.474 + * Not Thread Safe - assumes exclusive access to "params"
1.475 + * (see Thread Safety Definitions in Programmer's Guide)
1.476 + * RETURNS:
1.477 + * Returns NULL if the function succeeds.
1.478 + * Returns a Params Error if the function fails in a non-fatal way.
1.479 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.480 + */
1.481 +PKIX_Error *
1.482 +PKIX_ProcessingParams_SetInitialPolicies(
1.483 + PKIX_ProcessingParams *params,
1.484 + PKIX_List *initPolicies, /* list of PKIX_PL_OID */
1.485 + void *plContext);
1.486 +
1.487 +/*
1.488 + * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
1.489 + * DESCRIPTION:
1.490 + *
1.491 + * Checks whether the ProcessingParams pointed to by "params" indicate that
1.492 + * policy qualifiers should be rejected and stores the Boolean result at
1.493 + * "pRejected".
1.494 + *
1.495 + * PARAMETERS:
1.496 + * "params"
1.497 + * Address of ProcessingParams used to determine whether or not policy
1.498 + * qualifiers should be rejected. Must be non-NULL.
1.499 + * "pRejected"
1.500 + * Address where Boolean will be stored. Must be non-NULL.
1.501 + * "plContext"
1.502 + * Platform-specific context pointer.
1.503 + * THREAD SAFETY:
1.504 + * Conditionally Thread Safe
1.505 + * (see Thread Safety Definitions in Programmer's Guide)
1.506 + * RETURNS:
1.507 + * Returns NULL if the function succeeds.
1.508 + * Returns a Params Error if the function fails in a non-fatal way.
1.509 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.510 + */
1.511 +PKIX_Error *
1.512 +PKIX_ProcessingParams_GetPolicyQualifiersRejected(
1.513 + PKIX_ProcessingParams *params,
1.514 + PKIX_Boolean *pRejected,
1.515 + void *plContext);
1.516 +
1.517 +/*
1.518 + * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
1.519 + * DESCRIPTION:
1.520 + *
1.521 + * Specifies in the ProcessingParams pointed to by "params" whether policy
1.522 + * qualifiers are rejected using the Boolean value of "rejected".
1.523 + *
1.524 + * PARAMETERS:
1.525 + * "params"
1.526 + * Address of ProcessingParams to be set. Must be non-NULL.
1.527 + * "rejected"
1.528 + * Boolean value indicating whether policy qualifiers are to be rejected.
1.529 + * "plContext"
1.530 + * Platform-specific context pointer.
1.531 + * THREAD SAFETY:
1.532 + * Not Thread Safe - assumes exclusive access to "params"
1.533 + * (see Thread Safety Definitions in Programmer's Guide)
1.534 + * RETURNS:
1.535 + * Returns NULL if the function succeeds.
1.536 + * Returns a Params Error if the function fails in a non-fatal way.
1.537 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.538 + */
1.539 +PKIX_Error *
1.540 +PKIX_ProcessingParams_SetPolicyQualifiersRejected(
1.541 + PKIX_ProcessingParams *params,
1.542 + PKIX_Boolean rejected,
1.543 + void *plContext);
1.544 +
1.545 +/*
1.546 + * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
1.547 + * DESCRIPTION:
1.548 + *
1.549 + * Retrieves a pointer to the CertSelector (if any) that is set in the
1.550 + * ProcessingParams pointed to by "params" and stores it at "pConstraints".
1.551 + * The CertSelector represents the constraints to be placed on the target
1.552 + * certificate. If "params" does not have any CertSelector set, this function
1.553 + * stores NULL at "pConstraints".
1.554 + *
1.555 + * PARAMETERS:
1.556 + * "params"
1.557 + * Address of ProcessingParams whose CertSelector (if any) is to be
1.558 + * stored. Must be non-NULL.
1.559 + * "pConstraints"
1.560 + * Address where object pointer will be stored. Must be non-NULL.
1.561 + * "plContext"
1.562 + * Platform-specific context pointer.
1.563 + * THREAD SAFETY:
1.564 + * Conditionally Thread Safe
1.565 + * (see Thread Safety Definitions in Programmer's Guide)
1.566 + * RETURNS:
1.567 + * Returns NULL if the function succeeds.
1.568 + * Returns a Params Error if the function fails in a non-fatal way.
1.569 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.570 + */
1.571 +PKIX_Error *
1.572 +PKIX_ProcessingParams_GetTargetCertConstraints(
1.573 + PKIX_ProcessingParams *params,
1.574 + PKIX_CertSelector **pConstraints,
1.575 + void *plContext);
1.576 +
1.577 +/*
1.578 + * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
1.579 + * DESCRIPTION:
1.580 + *
1.581 + * Sets the ProcessingParams pointed to by "params" with a CertSelector
1.582 + * pointed to by "constraints". The CertSelector represents the constraints
1.583 + * to be placed on the target certificate. If "constraints" is NULL, no
1.584 + * constraints are defined.
1.585 + *
1.586 + * PARAMETERS:
1.587 + * "params"
1.588 + * Address of ProcessingParams whose CertSelector is to be set.
1.589 + * Must be non-NULL.
1.590 + * "constraints"
1.591 + * Address of CertSelector to be set. If NULL, no constraints are defined.
1.592 + * "plContext"
1.593 + * Platform-specific context pointer.
1.594 + * THREAD SAFETY:
1.595 + * Not Thread Safe - assumes exclusive access to "params"
1.596 + * (see Thread Safety Definitions in Programmer's Guide)
1.597 + * RETURNS:
1.598 + * Returns NULL if the function succeeds.
1.599 + * Returns a Params Error if the function fails in a non-fatal way.
1.600 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.601 + */
1.602 +PKIX_Error *
1.603 +PKIX_ProcessingParams_SetTargetCertConstraints(
1.604 + PKIX_ProcessingParams *params,
1.605 + PKIX_CertSelector *constraints,
1.606 + void *plContext);
1.607 +
1.608 +/*
1.609 + * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
1.610 + * DESCRIPTION:
1.611 + *
1.612 + * Retrieves a pointer to the List of TrustAnchors that are set in
1.613 + * the ProcessingParams pointed to by "params" and stores it at "pAnchors".
1.614 + * If the function succeeds, the pointer to the List is guaranteed to be
1.615 + * non-NULL and the List is guaranteed to be non-empty.
1.616 + *
1.617 + * PARAMETERS:
1.618 + * "params"
1.619 + * Address of ProcessingParams whose List of TrustAnchors are to
1.620 + * be stored. Must be non-NULL.
1.621 + * "pAnchors"
1.622 + * Address where object pointer will be stored. Must be non-NULL.
1.623 + * "plContext"
1.624 + * Platform-specific context pointer.
1.625 + * THREAD SAFETY:
1.626 + * Conditionally Thread Safe
1.627 + * (see Thread Safety Definitions in Programmer's Guide)
1.628 + * RETURNS:
1.629 + * Returns NULL if the function succeeds.
1.630 + * Returns a Params Error if the function fails in a non-fatal way.
1.631 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.632 + */
1.633 +PKIX_Error *
1.634 +PKIX_ProcessingParams_GetTrustAnchors(
1.635 + PKIX_ProcessingParams *params,
1.636 + PKIX_List **pAnchors, /* list of TrustAnchor */
1.637 + void *plContext);
1.638 +/*
1.639 + * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
1.640 + * DESCRIPTION:
1.641 + *
1.642 + * Sets user defined set of trust anchors. The handling of the trust anchors
1.643 + * may be furthered alter via PKIX_ProcessingParams_SetUseOnlyTrustAnchors.
1.644 + * By default, a certificate will be considered invalid if it does not chain
1.645 + * to a trusted anchor from this list.
1.646 + *
1.647 + * PARAMETERS:
1.648 + * "params"
1.649 + * Address of ProcessingParams whose List of TrustAnchors are to
1.650 + * be stored. Must be non-NULL.
1.651 + * "anchors"
1.652 + * Address of the trust anchors list object. Must be non-NULL.
1.653 + * "plContext"
1.654 + * Platform-specific context pointer.
1.655 + * THREAD SAFETY:
1.656 + * Conditionally Thread Safe
1.657 + * (see Thread Safety Definitions in Programmer's Guide)
1.658 + * RETURNS:
1.659 + * Returns NULL if the function succeeds.
1.660 + * Returns a Params Error if the function fails in a non-fatal way.
1.661 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.662 + */
1.663 +PKIX_Error *
1.664 +PKIX_ProcessingParams_SetTrustAnchors(
1.665 + PKIX_ProcessingParams *params,
1.666 + PKIX_List *pAnchors, /* list of TrustAnchor */
1.667 + void *plContext);
1.668 +
1.669 +/*
1.670 + * FUNCTION: PKIX_ProcessingParams_GetUseOnlyTrustAnchors
1.671 + * DESCRIPTION:
1.672 + *
1.673 + * Retrieves a pointer to the Boolean. The boolean value represents
1.674 + * the switch value that is used to identify whether trust anchors, if
1.675 + * specified, should be the exclusive source of trust information.
1.676 + * If the function succeeds, the pointer to the Boolean is guaranteed to be
1.677 + * non-NULL.
1.678 + *
1.679 + * PARAMETERS:
1.680 + * "params"
1.681 + * Address of ProcessingParams. Must be non-NULL.
1.682 + * "pUseOnlyTrustAnchors"
1.683 + * Address where object pointer will be stored. Must be non-NULL.
1.684 + * "plContext"
1.685 + * Platform-specific context pointer.
1.686 + * THREAD SAFETY:
1.687 + * Conditionally Thread Safe
1.688 + * (see Thread Safety Definitions in Programmer's Guide)
1.689 + * RETURNS:
1.690 + * Returns NULL if the function succeeds.
1.691 + * Returns a Params Error if the function fails in a non-fatal way.
1.692 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.693 + */
1.694 +PKIX_Error *
1.695 +PKIX_ProcessingParams_GetUseOnlyTrustAnchors(
1.696 + PKIX_ProcessingParams *params,
1.697 + PKIX_Boolean *pUseOnlyTrustAnchors,
1.698 + void *plContext);
1.699 +
1.700 +/*
1.701 + * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
1.702 + * DESCRIPTION:
1.703 + *
1.704 + * Configures whether trust anchors are used as the exclusive source of trust.
1.705 + *
1.706 + * PARAMETERS:
1.707 + * "params"
1.708 + * Address of ProcessingParams. Must be non-NULL.
1.709 + * "useOnlyTrustAnchors"
1.710 + * If true, indicates that trust anchors should be used exclusively when
1.711 + * they have been specified via PKIX_ProcessingParams_SetTrustAnchors. A
1.712 + * certificate will be considered invalid if it does not chain to a
1.713 + * trusted anchor from that list.
1.714 + * If false, indicates that the trust anchors are additive to whatever
1.715 + * existing trust stores are configured. A certificate is considered
1.716 + * valid if it chains to EITHER a trusted anchor from that list OR a
1.717 + * certificate marked trusted in a trust store.
1.718 + * "plContext"
1.719 + * Platform-specific context pointer.
1.720 + * THREAD SAFETY:
1.721 + * Conditionally Thread Safe
1.722 + * (see Thread Safety Definitions in Programmer's Guide)
1.723 + * RETURNS:
1.724 + * Returns NULL if the function succeeds.
1.725 + * Returns a Params Error if the function fails in a non-fatal way.
1.726 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.727 + */
1.728 +PKIX_Error *
1.729 +PKIX_ProcessingParams_SetUseOnlyTrustAnchors(
1.730 + PKIX_ProcessingParams *params,
1.731 + PKIX_Boolean useOnlyTrustAnchors,
1.732 + void *plContext);
1.733 +
1.734 +/*
1.735 + * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
1.736 + * DESCRIPTION:
1.737 + *
1.738 + * Retrieves a pointer to the Boolean. The boolean value represents
1.739 + * the switch value that is used to identify if url in cert AIA extension
1.740 + * may be used for cert fetching.
1.741 + * If the function succeeds, the pointer to the Boolean is guaranteed to be
1.742 + * non-NULL.
1.743 + *
1.744 + * PARAMETERS:
1.745 + * "params"
1.746 + * Address of ProcessingParams. Must be non-NULL.
1.747 + * "pUseAIA"
1.748 + * Address where object pointer will be stored. Must be non-NULL.
1.749 + * "plContext"
1.750 + * Platform-specific context pointer.
1.751 + * THREAD SAFETY:
1.752 + * Conditionally Thread Safe
1.753 + * (see Thread Safety Definitions in Programmer's Guide)
1.754 + * RETURNS:
1.755 + * Returns NULL if the function succeeds.
1.756 + * Returns a Params Error if the function fails in a non-fatal way.
1.757 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.758 + */
1.759 +PKIX_Error *
1.760 +PKIX_ProcessingParams_GetUseAIAForCertFetching(
1.761 + PKIX_ProcessingParams *params,
1.762 + PKIX_Boolean *pUseAIA, /* list of TrustAnchor */
1.763 + void *plContext);
1.764 +/*
1.765 + * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
1.766 + * DESCRIPTION:
1.767 + *
1.768 + * Sets switch value that defines if url in cert AIA extension
1.769 + * may be used for cert fetching.
1.770 + *
1.771 + * PARAMETERS:
1.772 + * "params"
1.773 + * Address of ProcessingParams.
1.774 + * "useAIA"
1.775 + * Address of the trust anchors list object. Must be non-NULL.
1.776 + * "plContext"
1.777 + * Platform-specific context pointer.
1.778 + * THREAD SAFETY:
1.779 + * Conditionally Thread Safe
1.780 + * (see Thread Safety Definitions in Programmer's Guide)
1.781 + * RETURNS:
1.782 + * Returns NULL if the function succeeds.
1.783 + * Returns a Params Error if the function fails in a non-fatal way.
1.784 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.785 + */
1.786 +PKIX_Error *
1.787 +PKIX_ProcessingParams_SetUseAIAForCertFetching(
1.788 + PKIX_ProcessingParams *params,
1.789 + PKIX_Boolean useAIA,
1.790 + void *plContext);
1.791 +
1.792 +/*
1.793 + * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
1.794 + * DESCRIPTION:
1.795 + *
1.796 + * Sets a boolean value that tells if libpkix needs to check that
1.797 + * the target certificate satisfies the conditions set in processing
1.798 + * parameters. Includes but not limited to date, ku and eku checks.
1.799 + *
1.800 + * PARAMETERS:
1.801 + * "params"
1.802 + * Address of ProcessingParams whose List of TrustAnchors are to
1.803 + * be stored. Must be non-NULL.
1.804 + * "qualifyTargetCert"
1.805 + * boolean value if set to true will trigger qualification of the
1.806 + * target certificate.
1.807 + * "plContext"
1.808 + * Platform-specific context pointer.
1.809 + * THREAD SAFETY:
1.810 + * Conditionally Thread Safe
1.811 + * (see Thread Safety Definitions in Programmer's Guide)
1.812 + * RETURNS:
1.813 + * Returns NULL if the function succeeds.
1.814 + * Returns a Params Error if the function fails in a non-fatal way.
1.815 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.816 + */
1.817 +PKIX_Error *
1.818 +PKIX_ProcessingParams_SetQualifyTargetCert(
1.819 + PKIX_ProcessingParams *params,
1.820 + PKIX_Boolean qualifyTargetCert,
1.821 + void *plContext);
1.822 +
1.823 +/*
1.824 + * FUNCTION: PKIX_ProcessingParams_GetHintCerts
1.825 + * DESCRIPTION:
1.826 + *
1.827 + * Retrieves a pointer to a List of Certs supplied by the user as a suggested
1.828 + * partial CertChain (subject to verification), that are set in the
1.829 + * ProcessingParams pointed to by "params", and stores it at "pHintCerts".
1.830 + * The List returned may be empty or NULL.
1.831 + *
1.832 + * PARAMETERS:
1.833 + * "params"
1.834 + * Address of ProcessingParams whose List of TrustAnchors are to
1.835 + * be stored. Must be non-NULL.
1.836 + * "pHintCerts"
1.837 + * Address where object pointer will be stored. Must be non-NULL.
1.838 + * "plContext"
1.839 + * Platform-specific context pointer.
1.840 + * THREAD SAFETY:
1.841 + * Conditionally Thread Safe
1.842 + * (see Thread Safety Definitions in Programmer's Guide)
1.843 + * RETURNS:
1.844 + * Returns NULL if the function succeeds.
1.845 + * Returns a Params Error if the function fails in a non-fatal way.
1.846 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.847 + */
1.848 +PKIX_Error *
1.849 +PKIX_ProcessingParams_GetHintCerts(
1.850 + PKIX_ProcessingParams *params,
1.851 + PKIX_List **pHintCerts,
1.852 + void *plContext);
1.853 +
1.854 +/*
1.855 + * FUNCTION: PKIX_ProcessingParams_SetHintCerts
1.856 + * DESCRIPTION:
1.857 + *
1.858 + * Stores a pointer to a List of Certs supplied by the user as a suggested
1.859 + * partial CertChain (subject to verification), as an element in the
1.860 + * ProcessingParams pointed to by "params". The List may be empty or NULL.
1.861 + *
1.862 + * PARAMETERS:
1.863 + * "params"
1.864 + * Address of ProcessingParams whose List of HintCerts is to be stored.
1.865 + * Must be non-NULL.
1.866 + * "hintCerts"
1.867 + * Address where object pointer will be stored. Must be non-NULL.
1.868 + * "plContext"
1.869 + * Platform-specific context pointer.
1.870 + * THREAD SAFETY:
1.871 + * Conditionally Thread Safe
1.872 + * (see Thread Safety Definitions in Programmer's Guide)
1.873 + * RETURNS:
1.874 + * Returns NULL if the function succeeds.
1.875 + * Returns a Params Error if the function fails in a non-fatal way.
1.876 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.877 + */
1.878 +PKIX_Error *
1.879 +PKIX_ProcessingParams_SetHintCerts(
1.880 + PKIX_ProcessingParams *params,
1.881 + PKIX_List *hintCerts,
1.882 + void *plContext);
1.883 +
1.884 +/*
1.885 + * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
1.886 + * DESCRIPTION:
1.887 + *
1.888 + * Retrieves a pointer to the ResourceLimits (if any) that is set in the
1.889 + * ProcessingParams pointed to by "params" and stores it at "pResourceLimits".
1.890 + * The ResourceLimits represent the maximum resource usage that the caller
1.891 + * desires (such as MaxTime). The ValidateChain or BuildChain call will not
1.892 + * exceed these maximum limits. If "params" does not have any ResourceLimits
1.893 + * set, this function stores NULL at "pResourceLimits".
1.894 + *
1.895 + * PARAMETERS:
1.896 + * "params"
1.897 + * Address of ProcessingParams whose ResourceLimits (if any) are to be
1.898 + * stored. Must be non-NULL.
1.899 + * "pResourceLimits"
1.900 + * Address where object pointer will be stored. Must be non-NULL.
1.901 + * "plContext"
1.902 + * Platform-specific context pointer.
1.903 + * THREAD SAFETY:
1.904 + * Conditionally Thread Safe
1.905 + * (see Thread Safety Definitions in Programmer's Guide)
1.906 + * RETURNS:
1.907 + * Returns NULL if the function succeeds.
1.908 + * Returns a Params Error if the function fails in a non-fatal way.
1.909 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.910 + */
1.911 +PKIX_Error *
1.912 +PKIX_ProcessingParams_GetResourceLimits(
1.913 + PKIX_ProcessingParams *params,
1.914 + PKIX_ResourceLimits **pResourceLimits,
1.915 + void *plContext);
1.916 +
1.917 +/*
1.918 + * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
1.919 + * DESCRIPTION:
1.920 + *
1.921 + * Sets the ProcessingParams pointed to by "params" with a ResourceLimits
1.922 + * object pointed to by "resourceLimits". The ResourceLimits represent the
1.923 + * maximum resource usage that the caller desires (such as MaxTime). The
1.924 + * ValidateChain or BuildChain call will not exceed these maximum limits.
1.925 + * If "resourceLimits" is NULL, no ResourceLimits are defined.
1.926 + *
1.927 + * PARAMETERS:
1.928 + * "params"
1.929 + * Address of ProcessingParams whose ResourceLimits are to be set.
1.930 + * Must be non-NULL.
1.931 + * "resourceLimits"
1.932 + * Address of ResourceLimits to be set. If NULL, no limits are defined.
1.933 + * "plContext"
1.934 + * Platform-specific context pointer.
1.935 + * THREAD SAFETY:
1.936 + * Not Thread Safe - assumes exclusive access to "params"
1.937 + * (see Thread Safety Definitions in Programmer's Guide)
1.938 + * RETURNS:
1.939 + * Returns NULL if the function succeeds.
1.940 + * Returns a Params Error if the function fails in a non-fatal way.
1.941 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.942 + */
1.943 +PKIX_Error *
1.944 +PKIX_ProcessingParams_SetResourceLimits(
1.945 + PKIX_ProcessingParams *params,
1.946 + PKIX_ResourceLimits *resourceLimits,
1.947 + void *plContext);
1.948 +
1.949 +/*
1.950 + * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
1.951 + * DESCRIPTION:
1.952 + *
1.953 + * Checks whether the ProcessingParams pointed to by "params" indicate that
1.954 + * anyPolicy is inhibited and stores the Boolean result at "pInhibited".
1.955 + *
1.956 + * PARAMETERS:
1.957 + * "params"
1.958 + * Address of ProcessingParams used to determine whether or not anyPolicy
1.959 + * inhibited. Must be non-NULL.
1.960 + * "pInhibited"
1.961 + * Address where Boolean will be stored. Must be non-NULL.
1.962 + * "plContext"
1.963 + * Platform-specific context pointer.
1.964 + * THREAD SAFETY:
1.965 + * Conditionally Thread Safe
1.966 + * (see Thread Safety Definitions in Programmer's Guide)
1.967 + * RETURNS:
1.968 + * Returns NULL if the function succeeds.
1.969 + * Returns a Params Error if the function fails in a non-fatal way.
1.970 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.971 + */
1.972 +PKIX_Error *
1.973 +PKIX_ProcessingParams_IsAnyPolicyInhibited(
1.974 + PKIX_ProcessingParams *params,
1.975 + PKIX_Boolean *pInhibited,
1.976 + void *plContext);
1.977 +
1.978 +/*
1.979 + * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
1.980 + * DESCRIPTION:
1.981 + *
1.982 + * Specifies in the ProcessingParams pointed to by "params" whether anyPolicy
1.983 + * is inhibited using the Boolean value of "inhibited".
1.984 + *
1.985 + * PARAMETERS:
1.986 + * "params"
1.987 + * Address of ProcessingParams to be set. Must be non-NULL.
1.988 + * "inhibited"
1.989 + * Boolean value indicating whether anyPolicy is to be inhibited.
1.990 + * "plContext"
1.991 + * Platform-specific context pointer.
1.992 + * THREAD SAFETY:
1.993 + * Not Thread Safe - assumes exclusive access to "params"
1.994 + * (see Thread Safety Definitions in Programmer's Guide)
1.995 + * RETURNS:
1.996 + * Returns NULL if the function succeeds.
1.997 + * Returns a Params Error if the function fails in a non-fatal way.
1.998 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.999 + */
1.1000 +PKIX_Error *
1.1001 +PKIX_ProcessingParams_SetAnyPolicyInhibited(
1.1002 + PKIX_ProcessingParams *params,
1.1003 + PKIX_Boolean inhibited,
1.1004 + void *plContext);
1.1005 +
1.1006 +/*
1.1007 + * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
1.1008 + * DESCRIPTION:
1.1009 + *
1.1010 + * Checks whether the ProcessingParams pointed to by "params" indicate that
1.1011 + * explicit policies are required and stores the Boolean result at
1.1012 + * "pRequired".
1.1013 + *
1.1014 + * PARAMETERS:
1.1015 + * "params"
1.1016 + * Address of ProcessingParams used to determine whether or not explicit
1.1017 + * policies are required. Must be non-NULL.
1.1018 + * "pRequired"
1.1019 + * Address where Boolean will be stored. Must be non-NULL.
1.1020 + * "plContext"
1.1021 + * Platform-specific context pointer.
1.1022 + * THREAD SAFETY:
1.1023 + * Conditionally Thread Safe
1.1024 + * (see Thread Safety Definitions in Programmer's Guide)
1.1025 + * RETURNS:
1.1026 + * Returns NULL if the function succeeds.
1.1027 + * Returns a Params Error if the function fails in a non-fatal way.
1.1028 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1029 + */
1.1030 +PKIX_Error *
1.1031 +PKIX_ProcessingParams_IsExplicitPolicyRequired(
1.1032 + PKIX_ProcessingParams *params,
1.1033 + PKIX_Boolean *pRequired,
1.1034 + void *plContext);
1.1035 +
1.1036 +/*
1.1037 + * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
1.1038 + * DESCRIPTION:
1.1039 + *
1.1040 + * Specifies in the ProcessingParams pointed to by "params" whether explicit
1.1041 + * policies are required using the Boolean value of "required".
1.1042 + *
1.1043 + * PARAMETERS:
1.1044 + * "params"
1.1045 + * Address of ProcessingParams to be set. Must be non-NULL.
1.1046 + * "required"
1.1047 + * Boolean value indicating whether explicit policies are to be required.
1.1048 + * "plContext"
1.1049 + * Platform-specific context pointer.
1.1050 + * THREAD SAFETY:
1.1051 + * Not Thread Safe - assumes exclusive access to "params"
1.1052 + * (see Thread Safety Definitions in Programmer's Guide)
1.1053 + * RETURNS:
1.1054 + * Returns NULL if the function succeeds.
1.1055 + * Returns a Params Error if the function fails in a non-fatal way.
1.1056 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1057 + */
1.1058 +PKIX_Error *
1.1059 +PKIX_ProcessingParams_SetExplicitPolicyRequired(
1.1060 + PKIX_ProcessingParams *params,
1.1061 + PKIX_Boolean required,
1.1062 + void *plContext);
1.1063 +
1.1064 +/*
1.1065 + * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
1.1066 + * DESCRIPTION:
1.1067 + *
1.1068 + * Checks whether the ProcessingParams pointed to by "params" indicate that
1.1069 + * policyMapping is inhibited and stores the Boolean result at "pInhibited".
1.1070 + *
1.1071 + * PARAMETERS:
1.1072 + * "params"
1.1073 + * Address of ProcessingParams used to determine whether or not policy
1.1074 + * mappings are inhibited. Must be non-NULL.
1.1075 + * "pInhibited"
1.1076 + * Address where Boolean will be stored. Must be non-NULL.
1.1077 + * "plContext"
1.1078 + * Platform-specific context pointer.
1.1079 + * THREAD SAFETY:
1.1080 + * Conditionally Thread Safe
1.1081 + * (see Thread Safety Definitions in Programmer's Guide)
1.1082 + * RETURNS:
1.1083 + * Returns NULL if the function succeeds.
1.1084 + * Returns a Params Error if the function fails in a non-fatal way.
1.1085 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1086 + */
1.1087 +PKIX_Error *
1.1088 +PKIX_ProcessingParams_IsPolicyMappingInhibited(
1.1089 + PKIX_ProcessingParams *params,
1.1090 + PKIX_Boolean *pInhibited,
1.1091 + void *plContext);
1.1092 +
1.1093 +/*
1.1094 + * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
1.1095 + * DESCRIPTION:
1.1096 + *
1.1097 + * Specifies in the ProcessingParams pointed to by "params" whether policy
1.1098 + * mapping is inhibited using the Boolean value of "inhibited".
1.1099 + *
1.1100 + * PARAMETERS:
1.1101 + * "params"
1.1102 + * Address of ProcessingParams to be set. Must be non-NULL.
1.1103 + * "inhibited"
1.1104 + * Boolean value indicating whether policy mapping is to be inhibited.
1.1105 + * "plContext"
1.1106 + * Platform-specific context pointer.
1.1107 + * THREAD SAFETY:
1.1108 + * Not Thread Safe - assumes exclusive access to "params"
1.1109 + * (see Thread Safety Definitions in Programmer's Guide)
1.1110 + * RETURNS:
1.1111 + * Returns NULL if the function succeeds.
1.1112 + * Returns a Params Error if the function fails in a non-fatal way.
1.1113 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1114 + */
1.1115 +PKIX_Error *
1.1116 +PKIX_ProcessingParams_SetPolicyMappingInhibited(
1.1117 + PKIX_ProcessingParams *params,
1.1118 + PKIX_Boolean inhibited,
1.1119 + void *plContext);
1.1120 +
1.1121 +
1.1122 +/* PKIX_ValidateParams
1.1123 + *
1.1124 + * PKIX_ValidateParams consists of a ProcessingParams object as well as the
1.1125 + * List of Certs (certChain) that the caller is trying to validate.
1.1126 + */
1.1127 +
1.1128 +/*
1.1129 + * FUNCTION: PKIX_ValidateParams_Create
1.1130 + * DESCRIPTION:
1.1131 + *
1.1132 + * Creates a new ValidateParams object and stores it at "pParams".
1.1133 + *
1.1134 + * PARAMETERS:
1.1135 + * "procParams"
1.1136 + * Address of ProcessingParams to be used. Must be non-NULL.
1.1137 + * "chain"
1.1138 + * Address of List of Certs (certChain) to be validated. Must be non-NULL.
1.1139 + * "pParams"
1.1140 + * Address where object pointer will be stored. Must be non-NULL.
1.1141 + * "plContext"
1.1142 + * Platform-specific context pointer.
1.1143 + * THREAD SAFETY:
1.1144 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1145 + * RETURNS:
1.1146 + * Returns NULL if the function succeeds.
1.1147 + * Returns a Params Error if the function fails in a non-fatal way.
1.1148 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1149 + */
1.1150 +PKIX_Error *
1.1151 +PKIX_ValidateParams_Create(
1.1152 + PKIX_ProcessingParams *procParams,
1.1153 + PKIX_List *chain,
1.1154 + PKIX_ValidateParams **pParams,
1.1155 + void *plContext);
1.1156 +
1.1157 +/*
1.1158 + * FUNCTION: PKIX_ValidateParams_GetProcessingParams
1.1159 + * DESCRIPTION:
1.1160 + *
1.1161 + * Retrieves a pointer to the ProcessingParams that represent the basic
1.1162 + * certificate processing parameters used during chain validation and chain
1.1163 + * building from the ValidateParams pointed to by "valParams" and stores it
1.1164 + * at "pProcParams". If the function succeeds, the pointer to the
1.1165 + * ProcessingParams is guaranteed to be non-NULL.
1.1166 + *
1.1167 + * PARAMETERS:
1.1168 + * "valParams"
1.1169 + * Address of ValidateParams whose ProcessingParams are to be stored.
1.1170 + * Must be non-NULL.
1.1171 + * "pProcParams"
1.1172 + * Address where object pointer will be stored. Must be non-NULL.
1.1173 + * "plContext"
1.1174 + * Platform-specific context pointer.
1.1175 + * THREAD SAFETY:
1.1176 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1177 + * RETURNS:
1.1178 + * Returns NULL if the function succeeds.
1.1179 + * Returns a Params Error if the function fails in a non-fatal way.
1.1180 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1181 + */
1.1182 +PKIX_Error *
1.1183 +PKIX_ValidateParams_GetProcessingParams(
1.1184 + PKIX_ValidateParams *valParams,
1.1185 + PKIX_ProcessingParams **pProcParams,
1.1186 + void *plContext);
1.1187 +
1.1188 +/*
1.1189 + * FUNCTION: PKIX_ValidateParams_GetCertChain
1.1190 + * DESCRIPTION:
1.1191 + *
1.1192 + * Retrieves a pointer to the List of Certs (certChain) that is set in the
1.1193 + * ValidateParams pointed to by "valParams" and stores it at "pChain". If the
1.1194 + * function succeeds, the pointer to the CertChain is guaranteed to be
1.1195 + * non-NULL.
1.1196 + *
1.1197 + * PARAMETERS:
1.1198 + * "valParams"
1.1199 + * Address of ValidateParams whose CertChain is to be stored.
1.1200 + * Must be non-NULL.
1.1201 + * "pChain"
1.1202 + * Address where object pointer will be stored. Must be non-NULL.
1.1203 + * "plContext"
1.1204 + * Platform-specific context pointer.
1.1205 + * THREAD SAFETY:
1.1206 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1207 + * RETURNS:
1.1208 + * Returns NULL if the function succeeds.
1.1209 + * Returns a Params Error if the function fails in a non-fatal way.
1.1210 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1211 + */
1.1212 +PKIX_Error *
1.1213 +PKIX_ValidateParams_GetCertChain(
1.1214 + PKIX_ValidateParams *valParams,
1.1215 + PKIX_List **pChain,
1.1216 + void *plContext);
1.1217 +
1.1218 +/* PKIX_TrustAnchor
1.1219 + *
1.1220 + * A PKIX_TrustAnchor represents a trusted entity and can be specified using a
1.1221 + * self-signed certificate or using the trusted CA's name and public key. In
1.1222 + * order to limit the trust in the trusted entity, name constraints can also
1.1223 + * be imposed on the trust anchor.
1.1224 + */
1.1225 +
1.1226 +/*
1.1227 + * FUNCTION: PKIX_TrustAnchor_CreateWithCert
1.1228 + * DESCRIPTION:
1.1229 + *
1.1230 + * Creates a new TrustAnchor object using the Cert pointed to by "cert" as
1.1231 + * the trusted certificate and stores it at "pAnchor". Once created, a
1.1232 + * TrustAnchor is immutable.
1.1233 + *
1.1234 + * PARAMETERS:
1.1235 + * "cert"
1.1236 + * Address of Cert to use as trusted certificate. Must be non-NULL.
1.1237 + * "pAnchor"
1.1238 + * Address where object pointer will be stored. Must be non-NULL.
1.1239 + * "plContext"
1.1240 + * Platform-specific context pointer.
1.1241 + * THREAD SAFETY:
1.1242 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1243 + * RETURNS:
1.1244 + * Returns NULL if the function succeeds.
1.1245 + * Returns a Params Error if the function fails in a non-fatal way.
1.1246 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1247 + */
1.1248 +PKIX_Error *
1.1249 +PKIX_TrustAnchor_CreateWithCert(
1.1250 + PKIX_PL_Cert *cert,
1.1251 + PKIX_TrustAnchor **pAnchor,
1.1252 + void *plContext);
1.1253 +
1.1254 +/*
1.1255 + * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
1.1256 + * DESCRIPTION:
1.1257 + *
1.1258 + * Creates a new TrustAnchor object using the X500Name pointed to by "name",
1.1259 + * and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The
1.1260 + * CertNameConstraints pointed to by "nameConstraints" (if any) are used to
1.1261 + * limit the trust placed in this trust anchor. To indicate that name
1.1262 + * constraints don't apply, set "nameConstraints" to NULL. Once created, a
1.1263 + * TrustAnchor is immutable.
1.1264 + *
1.1265 + * PARAMETERS:
1.1266 + * "name"
1.1267 + * Address of X500Name to use as name of trusted CA. Must be non-NULL.
1.1268 + * "pubKey"
1.1269 + * Address of PublicKey to use as trusted public key. Must be non-NULL.
1.1270 + * "nameConstraints"
1.1271 + * Address of CertNameConstraints to use as initial name constraints.
1.1272 + * If NULL, no name constraints are applied.
1.1273 + * "pAnchor"
1.1274 + * Address where object pointer will be stored. Must be non-NULL.
1.1275 + * "plContext"
1.1276 + * Platform-specific context pointer.
1.1277 + * THREAD SAFETY:
1.1278 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1279 + * RETURNS:
1.1280 + * Returns NULL if the function succeeds.
1.1281 + * Returns a Params Error if the function fails in a non-fatal way.
1.1282 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1283 + */
1.1284 +PKIX_Error *
1.1285 +PKIX_TrustAnchor_CreateWithNameKeyPair(
1.1286 + PKIX_PL_X500Name *name,
1.1287 + PKIX_PL_PublicKey *pubKey,
1.1288 + PKIX_PL_CertNameConstraints *nameConstraints,
1.1289 + PKIX_TrustAnchor **pAnchor,
1.1290 + void *plContext);
1.1291 +
1.1292 +/*
1.1293 + * FUNCTION: PKIX_TrustAnchor_GetTrustedCert
1.1294 + * DESCRIPTION:
1.1295 + *
1.1296 + * Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to
1.1297 + * by "anchor" and stores it at "pCert". If "anchor" does not have a Cert
1.1298 + * set, this function stores NULL at "pCert".
1.1299 + *
1.1300 + * PARAMETERS:
1.1301 + * "anchor"
1.1302 + * Address of TrustAnchor whose Cert is to be stored. Must be non-NULL.
1.1303 + * "pChain"
1.1304 + * Address where object pointer will be stored. Must be non-NULL.
1.1305 + * "plContext"
1.1306 + * Platform-specific context pointer.
1.1307 + * THREAD SAFETY:
1.1308 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1309 + * RETURNS:
1.1310 + * Returns NULL if the function succeeds.
1.1311 + * Returns a Params Error if the function fails in a non-fatal way.
1.1312 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1313 + */
1.1314 +PKIX_Error *
1.1315 +PKIX_TrustAnchor_GetTrustedCert(
1.1316 + PKIX_TrustAnchor *anchor,
1.1317 + PKIX_PL_Cert **pCert,
1.1318 + void *plContext);
1.1319 +
1.1320 +/*
1.1321 + * FUNCTION: PKIX_TrustAnchor_GetCAName
1.1322 + * DESCRIPTION:
1.1323 + *
1.1324 + * Retrieves a pointer to the CA's X500Name (if any) that is set in the
1.1325 + * TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor"
1.1326 + * does not have an X500Name set, this function stores NULL at "pCAName".
1.1327 + *
1.1328 + * PARAMETERS:
1.1329 + * "anchor"
1.1330 + * Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL.
1.1331 + * "pCAName"
1.1332 + * Address where object pointer will be stored. Must be non-NULL.
1.1333 + * "plContext"
1.1334 + * Platform-specific context pointer.
1.1335 + * THREAD SAFETY:
1.1336 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1337 + * RETURNS:
1.1338 + * Returns NULL if the function succeeds.
1.1339 + * Returns a Params Error if the function fails in a non-fatal way.
1.1340 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1341 + */
1.1342 +PKIX_Error *
1.1343 +PKIX_TrustAnchor_GetCAName(
1.1344 + PKIX_TrustAnchor *anchor,
1.1345 + PKIX_PL_X500Name **pCAName,
1.1346 + void *plContext);
1.1347 +
1.1348 +/*
1.1349 + * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey
1.1350 + * DESCRIPTION:
1.1351 + *
1.1352 + * Retrieves a pointer to the CA's PublicKey (if any) that is set in the
1.1353 + * TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor"
1.1354 + * does not have a PublicKey set, this function stores NULL at "pPubKey".
1.1355 + *
1.1356 + * PARAMETERS:
1.1357 + * "anchor"
1.1358 + * Address of TrustAnchor whose CA PublicKey is to be stored.
1.1359 + * Must be non-NULL.
1.1360 + * "pPubKey"
1.1361 + * Address where object pointer will be stored. Must be non-NULL.
1.1362 + * "plContext"
1.1363 + * Platform-specific context pointer.
1.1364 + * THREAD SAFETY:
1.1365 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1366 + * RETURNS:
1.1367 + * Returns NULL if the function succeeds.
1.1368 + * Returns a Params Error if the function fails in a non-fatal way.
1.1369 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1370 + */
1.1371 +PKIX_Error *
1.1372 +PKIX_TrustAnchor_GetCAPublicKey(
1.1373 + PKIX_TrustAnchor *anchor,
1.1374 + PKIX_PL_PublicKey **pPubKey,
1.1375 + void *plContext);
1.1376 +
1.1377 +/*
1.1378 + * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
1.1379 + * DESCRIPTION:
1.1380 + *
1.1381 + * Retrieves a pointer to the CertNameConstraints (if any) set in the
1.1382 + * TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If
1.1383 + * "anchor" does not have any CertNameConstraints set, this function stores
1.1384 + * NULL at "pConstraints".
1.1385 + *
1.1386 + * PARAMETERS:
1.1387 + * "anchor"
1.1388 + * Address of TrustAnchor whose CertNameConstraints are to be stored.
1.1389 + * Must be non-NULL.
1.1390 + * "pConstraints"
1.1391 + * Address where object pointer will be stored. Must be non-NULL.
1.1392 + * "plContext"
1.1393 + * Platform-specific context pointer.
1.1394 + * THREAD SAFETY:
1.1395 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1396 + * RETURNS:
1.1397 + * Returns NULL if the function succeeds.
1.1398 + * Returns a Params Error if the function fails in a non-fatal way.
1.1399 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1400 + */
1.1401 +PKIX_Error *
1.1402 +PKIX_TrustAnchor_GetNameConstraints(
1.1403 + PKIX_TrustAnchor *anchor,
1.1404 + PKIX_PL_CertNameConstraints **pNameConstraints,
1.1405 + void *plContext);
1.1406 +
1.1407 +/* PKIX_ResourceLimits
1.1408 + *
1.1409 + * A PKIX_ResourceLimits object represents the maximum resource usage that
1.1410 + * the caller desires. The ValidateChain or BuildChain call
1.1411 + * will not exceed these maximum limits. For example, the caller may want
1.1412 + * a timeout value of 1 minute, meaning that if the ValidateChain or
1.1413 + * BuildChain function is unable to finish in 1 minute, it should abort
1.1414 + * with an Error.
1.1415 + */
1.1416 +
1.1417 +/*
1.1418 + * FUNCTION: PKIX_ResourceLimits_Create
1.1419 + * DESCRIPTION:
1.1420 + *
1.1421 + * Creates a new ResourceLimits object and stores it at "pResourceLimits".
1.1422 + *
1.1423 + * PARAMETERS:
1.1424 + * "pResourceLimits"
1.1425 + * Address where object pointer will be stored. Must be non-NULL.
1.1426 + * "plContext"
1.1427 + * Platform-specific context pointer.
1.1428 + * THREAD SAFETY:
1.1429 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.1430 + * RETURNS:
1.1431 + * Returns NULL if the function succeeds.
1.1432 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1433 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1434 + */
1.1435 +PKIX_Error *
1.1436 +PKIX_ResourceLimits_Create(
1.1437 + PKIX_ResourceLimits **pResourceLimits,
1.1438 + void *plContext);
1.1439 +
1.1440 +/*
1.1441 + * FUNCTION: PKIX_ResourceLimits_GetMaxTime
1.1442 + * DESCRIPTION:
1.1443 + *
1.1444 + * Retrieves a PKIX_UInt32 (if any) representing the maximum time that is
1.1445 + * set in the ResourceLimits object pointed to by "resourceLimits" and stores
1.1446 + * it at "pMaxTime". This maximum time (in seconds) should not be exceeded
1.1447 + * by the function whose ProcessingParams contain this ResourceLimits object
1.1448 + * (typically ValidateChain or BuildChain). It essentially functions as a
1.1449 + * time-out value and is only appropriate if blocking I/O is being used.
1.1450 + *
1.1451 + * PARAMETERS:
1.1452 + * "resourceLimits"
1.1453 + * Address of ResourceLimits object whose maximum time (in seconds) is
1.1454 + * to be stored. Must be non-NULL.
1.1455 + * "pMaxTime"
1.1456 + * Address where PKIX_UInt32 will be stored. Must be non-NULL.
1.1457 + * "plContext"
1.1458 + * Platform-specific context pointer.
1.1459 + * THREAD SAFETY:
1.1460 + * Conditionally Thread Safe
1.1461 + * (see Thread Safety Definitions in Programmer's Guide)
1.1462 + * RETURNS:
1.1463 + * Returns NULL if the function succeeds.
1.1464 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1465 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1466 + */
1.1467 +PKIX_Error *
1.1468 +PKIX_ResourceLimits_GetMaxTime(
1.1469 + PKIX_ResourceLimits *resourceLimits,
1.1470 + PKIX_UInt32 *pMaxTime,
1.1471 + void *plContext);
1.1472 +
1.1473 +/*
1.1474 + * FUNCTION: PKIX_ResourceLimits_SetMaxTime
1.1475 + * DESCRIPTION:
1.1476 + *
1.1477 + * Sets the maximum time of the ResourceLimits object pointed to by
1.1478 + * "resourceLimits" using the PKIX_UInt32 value of "maxTime". This
1.1479 + * maximum time (in seconds) should not be exceeded by the function
1.1480 + * whose ProcessingParams contain this ResourceLimits object
1.1481 + * (typically ValidateChain or BuildChain). It essentially functions as a
1.1482 + * time-out value and is only appropriate if blocking I/O is being used.
1.1483 + *
1.1484 + * PARAMETERS:
1.1485 + * "resourceLimits"
1.1486 + * Address of ResourceLimits object whose maximum time (in seconds) is
1.1487 + * to be set. Must be non-NULL.
1.1488 + * "maxTime"
1.1489 + * Value of PKIX_UInt32 representing the maximum time (in seconds)
1.1490 + * "plContext"
1.1491 + * Platform-specific context pointer.
1.1492 + * THREAD SAFETY:
1.1493 + * Not Thread Safe - assumes exclusive access to "params"
1.1494 + * (see Thread Safety Definitions in Programmer's Guide)
1.1495 + * RETURNS:
1.1496 + * Returns NULL if the function succeeds.
1.1497 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1498 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1499 + */
1.1500 +PKIX_Error *
1.1501 +PKIX_ResourceLimits_SetMaxTime(
1.1502 + PKIX_ResourceLimits *resourceLimits,
1.1503 + PKIX_UInt32 maxTime,
1.1504 + void *plContext);
1.1505 +
1.1506 +/*
1.1507 + * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
1.1508 + * DESCRIPTION:
1.1509 + *
1.1510 + * Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is
1.1511 + * set in the ResourceLimits object pointed to by "resourceLimits" and stores
1.1512 + * it at "pMaxFanout". This maximum fanout (number of certs) should not be
1.1513 + * exceeded by the function whose ProcessingParams contain this ResourceLimits
1.1514 + * object (typically ValidateChain or BuildChain). If the builder encounters
1.1515 + * more than this maximum number of certificates when searching for the next
1.1516 + * candidate certificate, it should abort and return an error. This
1.1517 + * parameter is only relevant for ValidateChain if it needs to internally call
1.1518 + * BuildChain (e.g. in order to build the chain to a CRL's issuer).
1.1519 + *
1.1520 + * PARAMETERS:
1.1521 + * "resourceLimits"
1.1522 + * Address of ResourceLimits object whose maximum fanout (number of certs)
1.1523 + * is to be stored. Must be non-NULL.
1.1524 + * "pMaxFanout"
1.1525 + * Address where PKIX_UInt32 will be stored. Must be non-NULL.
1.1526 + * "plContext"
1.1527 + * Platform-specific context pointer.
1.1528 + * THREAD SAFETY:
1.1529 + * Conditionally Thread Safe
1.1530 + * (see Thread Safety Definitions in Programmer's Guide)
1.1531 + * RETURNS:
1.1532 + * Returns NULL if the function succeeds.
1.1533 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1534 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1535 + */
1.1536 +PKIX_Error *
1.1537 +PKIX_ResourceLimits_GetMaxFanout(
1.1538 + PKIX_ResourceLimits *resourceLimits,
1.1539 + PKIX_UInt32 *pMaxFanout,
1.1540 + void *plContext);
1.1541 +
1.1542 +/*
1.1543 + * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
1.1544 + * DESCRIPTION:
1.1545 + *
1.1546 + * Sets the maximum fanout of the ResourceLimits object pointed to by
1.1547 + * "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum
1.1548 + * fanout (number of certs) should not be exceeded by the function whose
1.1549 + * ProcessingParams contain this ResourceLimits object (typically ValidateChain
1.1550 + * or BuildChain). If the builder encounters more than this maximum number of
1.1551 + * certificates when searching for the next candidate certificate, it should
1.1552 + * abort and return an Error. This parameter is only relevant for ValidateChain
1.1553 + * if it needs to internally call BuildChain (e.g. in order to build the
1.1554 + * chain to a CRL's issuer).
1.1555 + *
1.1556 + * PARAMETERS:
1.1557 + * "resourceLimits"
1.1558 + * Address of ResourceLimits object whose maximum fanout (number of certs)
1.1559 + * is to be set. Must be non-NULL.
1.1560 + * "maxFanout"
1.1561 + * Value of PKIX_UInt32 representing the maximum fanout (number of certs)
1.1562 + * "plContext"
1.1563 + * Platform-specific context pointer.
1.1564 + * THREAD SAFETY:
1.1565 + * Not Thread Safe - assumes exclusive access to "params"
1.1566 + * (see Thread Safety Definitions in Programmer's Guide)
1.1567 + * RETURNS:
1.1568 + * Returns NULL if the function succeeds.
1.1569 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1570 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1571 + */
1.1572 +PKIX_Error *
1.1573 +PKIX_ResourceLimits_SetMaxFanout(
1.1574 + PKIX_ResourceLimits *resourceLimits,
1.1575 + PKIX_UInt32 maxFanout,
1.1576 + void *plContext);
1.1577 +
1.1578 +/*
1.1579 + * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
1.1580 + * DESCRIPTION:
1.1581 + *
1.1582 + * Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is
1.1583 + * set in the ResourceLimits object pointed to by "resourceLimits" and stores
1.1584 + * it at "pMaxDepth". This maximum depth (number of certs) should not be
1.1585 + * exceeded by the function whose ProcessingParams contain this ResourceLimits
1.1586 + * object (typically ValidateChain or BuildChain). If the builder encounters
1.1587 + * more than this maximum number of certificates when searching for the next
1.1588 + * candidate certificate, it should abort and return an error. This
1.1589 + * parameter is only relevant for ValidateChain if it needs to internally call
1.1590 + * BuildChain (e.g. in order to build the chain to a CRL's issuer).
1.1591 + *
1.1592 + * PARAMETERS:
1.1593 + * "resourceLimits"
1.1594 + * Address of ResourceLimits object whose maximum depth (number of certs)
1.1595 + * is to be stored. Must be non-NULL.
1.1596 + * "pMaxDepth"
1.1597 + * Address where PKIX_UInt32 will be stored. Must be non-NULL.
1.1598 + * "plContext"
1.1599 + * Platform-specific context pointer.
1.1600 + * THREAD SAFETY:
1.1601 + * Conditionally Thread Safe
1.1602 + * (see Thread Safety Definitions in Programmer's Guide)
1.1603 + * RETURNS:
1.1604 + * Returns NULL if the function succeeds.
1.1605 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1606 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1607 + */
1.1608 +PKIX_Error *
1.1609 +PKIX_ResourceLimits_GetMaxDepth(
1.1610 + PKIX_ResourceLimits *resourceLimits,
1.1611 + PKIX_UInt32 *pMaxDepth,
1.1612 + void *plContext);
1.1613 +
1.1614 +/*
1.1615 + * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
1.1616 + * DESCRIPTION:
1.1617 + *
1.1618 + * Sets the maximum depth of the ResourceLimits object pointed to by
1.1619 + * "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum
1.1620 + * depth (number of certs) should not be exceeded by the function whose
1.1621 + * ProcessingParams contain this ResourceLimits object (typically ValidateChain
1.1622 + * or BuildChain). If the builder encounters more than this maximum number of
1.1623 + * certificates when searching for the next candidate certificate, it should
1.1624 + * abort and return an Error. This parameter is only relevant for ValidateChain
1.1625 + * if it needs to internally call BuildChain (e.g. in order to build the
1.1626 + * chain to a CRL's issuer).
1.1627 + *
1.1628 + * PARAMETERS:
1.1629 + * "resourceLimits"
1.1630 + * Address of ResourceLimits object whose maximum depth (number of certs)
1.1631 + * is to be set. Must be non-NULL.
1.1632 + * "maxDepth"
1.1633 + * Value of PKIX_UInt32 representing the maximum depth (number of certs)
1.1634 + * "plContext"
1.1635 + * Platform-specific context pointer.
1.1636 + * THREAD SAFETY:
1.1637 + * Not Thread Safe - assumes exclusive access to "params"
1.1638 + * (see Thread Safety Definitions in Programmer's Guide)
1.1639 + * RETURNS:
1.1640 + * Returns NULL if the function succeeds.
1.1641 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1642 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1643 + */
1.1644 +PKIX_Error *
1.1645 +PKIX_ResourceLimits_SetMaxDepth(
1.1646 + PKIX_ResourceLimits *resourceLimits,
1.1647 + PKIX_UInt32 maxDepth,
1.1648 + void *plContext);
1.1649 +
1.1650 +/*
1.1651 + * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
1.1652 + * DESCRIPTION:
1.1653 + *
1.1654 + * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
1.1655 + * certs that is set in the ResourceLimits object pointed to by "resourceLimits"
1.1656 + * and stores it at "pMaxNumber". This maximum number of traversed certs should
1.1657 + * not be exceeded by the function whose ProcessingParams contain this ResourceLimits
1.1658 + * object (typically ValidateChain or BuildChain). If the builder traverses more
1.1659 + * than this number of certs during the build process, it should abort and
1.1660 + * return an Error. This parameter is only relevant for ValidateChain if it
1.1661 + * needs to internally call BuildChain (e.g. in order to build the chain to a
1.1662 + * CRL's issuer).
1.1663 + *
1.1664 + * PARAMETERS:
1.1665 + * "resourceLimits"
1.1666 + * Address of ResourceLimits object whose maximum number of traversed certs
1.1667 + * is to be stored. Must be non-NULL.
1.1668 + * "pMaxNumber"
1.1669 + * Address where PKIX_UInt32 will be stored. Must be non-NULL.
1.1670 + * "plContext"
1.1671 + * Platform-specific context pointer.
1.1672 + * THREAD SAFETY:
1.1673 + * Conditionally Thread Safe
1.1674 + * (see Thread Safety Definitions in Programmer's Guide)
1.1675 + * RETURNS:
1.1676 + * Returns NULL if the function succeeds.
1.1677 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1678 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1679 + */
1.1680 +PKIX_Error *
1.1681 +PKIX_ResourceLimits_GetMaxNumberOfCerts(
1.1682 + PKIX_ResourceLimits *resourceLimits,
1.1683 + PKIX_UInt32 *pMaxNumber,
1.1684 + void *plContext);
1.1685 +
1.1686 +/*
1.1687 + * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
1.1688 + * DESCRIPTION:
1.1689 + *
1.1690 + * Sets the maximum number of traversed certs of the ResourceLimits object
1.1691 + * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
1.1692 + * This maximum number of traversed certs should not be exceeded by the function
1.1693 + * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
1.1694 + * or BuildChain). If the builder traverses more than this number of certs
1.1695 + * during the build process, it should abort and return an Error. This parameter
1.1696 + * is only relevant for ValidateChain if it needs to internally call BuildChain
1.1697 + * (e.g. in order to build the chain to a CRL's issuer).
1.1698 + *
1.1699 + * PARAMETERS:
1.1700 + * "resourceLimits"
1.1701 + * Address of ResourceLimits object whose maximum number of traversed certs
1.1702 + * is to be set. Must be non-NULL.
1.1703 + * "maxNumber"
1.1704 + * Value of PKIX_UInt32 representing the maximum number of traversed certs
1.1705 + * "plContext"
1.1706 + * Platform-specific context pointer.
1.1707 + * THREAD SAFETY:
1.1708 + * Not Thread Safe - assumes exclusive access to "params"
1.1709 + * (see Thread Safety Definitions in Programmer's Guide)
1.1710 + * RETURNS:
1.1711 + * Returns NULL if the function succeeds.
1.1712 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1713 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1714 + */
1.1715 +PKIX_Error *
1.1716 +PKIX_ResourceLimits_SetMaxNumberOfCerts(
1.1717 + PKIX_ResourceLimits *resourceLimits,
1.1718 + PKIX_UInt32 maxNumber,
1.1719 + void *plContext);
1.1720 +
1.1721 +/*
1.1722 + * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
1.1723 + * DESCRIPTION:
1.1724 + *
1.1725 + * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
1.1726 + * CRLs that is set in the ResourceLimits object pointed to by "resourceLimits"
1.1727 + * and stores it at "pMaxNumber". This maximum number of traversed CRLs should
1.1728 + * not be exceeded by the function whose ProcessingParams contain this ResourceLimits
1.1729 + * object (typically ValidateChain or BuildChain). If the builder traverses more
1.1730 + * than this number of CRLs during the build process, it should abort and
1.1731 + * return an Error. This parameter is only relevant for ValidateChain if it
1.1732 + * needs to internally call BuildChain (e.g. in order to build the chain to a
1.1733 + * CRL's issuer).
1.1734 + *
1.1735 + * PARAMETERS:
1.1736 + * "resourceLimits"
1.1737 + * Address of ResourceLimits object whose maximum number of traversed CRLs
1.1738 + * is to be stored. Must be non-NULL.
1.1739 + * "pMaxNumber"
1.1740 + * Address where PKIX_UInt32 will be stored. Must be non-NULL.
1.1741 + * "plContext"
1.1742 + * Platform-specific context pointer.
1.1743 + * THREAD SAFETY:
1.1744 + * Conditionally Thread Safe
1.1745 + * (see Thread Safety Definitions in Programmer's Guide)
1.1746 + * RETURNS:
1.1747 + * Returns NULL if the function succeeds.
1.1748 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1749 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1750 + */
1.1751 +PKIX_Error *
1.1752 +PKIX_ResourceLimits_GetMaxNumberOfCRLs(
1.1753 + PKIX_ResourceLimits *resourceLimits,
1.1754 + PKIX_UInt32 *pMaxNumber,
1.1755 + void *plContext);
1.1756 +
1.1757 +/*
1.1758 + * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
1.1759 + * DESCRIPTION:
1.1760 + *
1.1761 + * Sets the maximum number of traversed CRLs of the ResourceLimits object
1.1762 + * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
1.1763 + * This maximum number of traversed CRLs should not be exceeded by the function
1.1764 + * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
1.1765 + * or BuildChain). If the builder traverses more than this number of CRLs
1.1766 + * during the build process, it should abort and return an Error. This parameter
1.1767 + * is only relevant for ValidateChain if it needs to internally call BuildChain
1.1768 + * (e.g. in order to build the chain to a CRL's issuer).
1.1769 + *
1.1770 + * PARAMETERS:
1.1771 + * "resourceLimits"
1.1772 + * Address of ResourceLimits object whose maximum number of traversed CRLs
1.1773 + * is to be set. Must be non-NULL.
1.1774 + * "maxNumber"
1.1775 + * Value of PKIX_UInt32 representing the maximum number of traversed CRLs
1.1776 + * "plContext"
1.1777 + * Platform-specific context pointer.
1.1778 + * THREAD SAFETY:
1.1779 + * Not Thread Safe - assumes exclusive access to "params"
1.1780 + * (see Thread Safety Definitions in Programmer's Guide)
1.1781 + * RETURNS:
1.1782 + * Returns NULL if the function succeeds.
1.1783 + * Returns a ResourceLimits Error if the function fails in a non-fatal way.
1.1784 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.1785 + */
1.1786 +PKIX_Error *
1.1787 +PKIX_ResourceLimits_SetMaxNumberOfCRLs(
1.1788 + PKIX_ResourceLimits *resourceLimits,
1.1789 + PKIX_UInt32 maxNumber,
1.1790 + void *plContext);
1.1791 +
1.1792 +#ifdef __cplusplus
1.1793 +}
1.1794 +#endif
1.1795 +
1.1796 +#endif /* _PKIX_PARAMS_H */
