1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/libpkix/include/pkixt.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,485 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * This file defines the types in the libpkix API.
1.9 + * XXX Maybe we should specify the API version number in all API header files
1.10 + *
1.11 + */
1.12 +
1.13 +#ifndef _PKIXT_H
1.14 +#define _PKIXT_H
1.15 +
1.16 +#ifdef __cplusplus
1.17 +extern "C" {
1.18 +#endif
1.19 +
1.20 +#include "secerr.h"
1.21 +
1.22 +/* Types
1.23 + *
1.24 + * This header file provides typedefs for the abstract types used by libpkix.
1.25 + * It also provides several useful macros.
1.26 + *
1.27 + * Note that all these abstract types are typedef'd as opaque structures. This
1.28 + * is intended to discourage the caller from looking at the contents directly,
1.29 + * since the format of the contents may change from one version of the library
1.30 + * to the next. Instead, callers should only access these types using the
1.31 + * functions defined in the public header files.
1.32 + *
1.33 + * An instance of an abstract type defined in this file is called an "object"
1.34 + * here, although C does not have real support for objects.
1.35 + *
1.36 + * Because C does not typically have automatic garbage collection, the caller
1.37 + * is expected to release the reference to any object that they create or that
1.38 + * is returned to them by a libpkix function. The caller should do this by
1.39 + * using the PKIX_PL_Object_DecRef function. Note that the caller should not
1.40 + * release the reference to an object if the object has been passed to a
1.41 + * libpkix function and that function has not returned.
1.42 + *
1.43 + * Please refer to libpkix Programmer's Guide for more details.
1.44 + */
1.45 +
1.46 +/* Version
1.47 + *
1.48 + * These macros specify the major and minor version of the libpkix API defined
1.49 + * by this header file.
1.50 + */
1.51 +
1.52 +#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0)
1.53 +#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3)
1.54 +
1.55 +/* Maximum minor version
1.56 + *
1.57 + * This macro is used to specify that the caller wants the largest minor
1.58 + * version available.
1.59 + */
1.60 +
1.61 +#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000)
1.62 +
1.63 +/* Define Cert Store type for database access */
1.64 +#define PKIX_STORE_TYPE_NONE 0
1.65 +#define PKIX_STORE_TYPE_PK11 1
1.66 +
1.67 +/* Portable Code (PC) data types
1.68 + *
1.69 + * These types are used to perform the primary operations of this library:
1.70 + * building and validating chains of X.509 certificates.
1.71 + */
1.72 +
1.73 +typedef struct PKIX_ErrorStruct PKIX_Error;
1.74 +typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
1.75 +typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
1.76 +typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
1.77 +typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
1.78 +typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
1.79 +typedef struct PKIX_CertStoreStruct PKIX_CertStore;
1.80 +typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
1.81 +typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
1.82 +typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
1.83 +typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
1.84 +typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
1.85 +typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
1.86 +typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
1.87 +typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
1.88 +typedef struct PKIX_LoggerStruct PKIX_Logger;
1.89 +typedef struct PKIX_ListStruct PKIX_List;
1.90 +typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
1.91 +typedef struct PKIX_DefaultRevocationCheckerStruct
1.92 + PKIX_DefaultRevocationChecker;
1.93 +typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
1.94 +
1.95 +/* Portability Layer (PL) data types
1.96 + *
1.97 + * These types are used are used as portable data types that are defined
1.98 + * consistently across platforms
1.99 + */
1.100 +
1.101 +typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;
1.102 +typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
1.103 +typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
1.104 +typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
1.105 +typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
1.106 +typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
1.107 +typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
1.108 +typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
1.109 +typedef struct PKIX_PL_StringStruct PKIX_PL_String;
1.110 +typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
1.111 +typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
1.112 +typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
1.113 +typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
1.114 +typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
1.115 +typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
1.116 +typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
1.117 +typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
1.118 +typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
1.119 +typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
1.120 +typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
1.121 +typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
1.122 +typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
1.123 +typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
1.124 +typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
1.125 +typedef struct PKIX_PL_CollectionCertStoreContext
1.126 + PKIX_PL_CollectionCertStoreContext;
1.127 +typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
1.128 +typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
1.129 +typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
1.130 +typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
1.131 +typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
1.132 +typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
1.133 +typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
1.134 +typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
1.135 +typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
1.136 +typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
1.137 +typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
1.138 +typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
1.139 +typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
1.140 +
1.141 +/* Primitive types
1.142 + *
1.143 + * In order to guarantee desired behavior as well as platform-independence, we
1.144 + * typedef these types depending on the platform. XXX This needs more work!
1.145 + */
1.146 +
1.147 +/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
1.148 + * We don't know what type is at least 32 bits long. ISO C probably requires
1.149 + * at least 32 bits for long. we could default to that and only list platforms
1.150 + * where that's not true.
1.151 + *
1.152 + * #elif
1.153 + * #error
1.154 + * #endif
1.155 + */
1.156 +
1.157 +/* currently, int is 32 bits on all our supported platforms */
1.158 +
1.159 +typedef unsigned int PKIX_UInt32;
1.160 +typedef int PKIX_Int32;
1.161 +
1.162 +typedef int PKIX_Boolean;
1.163 +
1.164 +/* Object Types
1.165 + *
1.166 + * Every reference-counted PKIX_PL_Object is associated with an integer type.
1.167 + */
1.168 +#define PKIX_TYPES \
1.169 + TYPEMACRO(AIAMGR), \
1.170 + TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
1.171 + TYPEMACRO(BIGINT), \
1.172 + TYPEMACRO(BUILDRESULT), \
1.173 + TYPEMACRO(BYTEARRAY), \
1.174 + TYPEMACRO(CERT), \
1.175 + TYPEMACRO(CERTBASICCONSTRAINTS), \
1.176 + TYPEMACRO(CERTCHAINCHECKER), \
1.177 + TYPEMACRO(CERTNAMECONSTRAINTS), \
1.178 + TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
1.179 + TYPEMACRO(CERTPOLICYCHECKERSTATE), \
1.180 + TYPEMACRO(CERTPOLICYINFO), \
1.181 + TYPEMACRO(CERTPOLICYMAP), \
1.182 + TYPEMACRO(CERTPOLICYNODE), \
1.183 + TYPEMACRO(CERTPOLICYQUALIFIER), \
1.184 + TYPEMACRO(CERTSELECTOR), \
1.185 + TYPEMACRO(CERTSTORE), \
1.186 + TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
1.187 + TYPEMACRO(COMCERTSELPARAMS), \
1.188 + TYPEMACRO(COMCRLSELPARAMS), \
1.189 + TYPEMACRO(CRL), \
1.190 + TYPEMACRO(CRLDP), \
1.191 + TYPEMACRO(CRLENTRY), \
1.192 + TYPEMACRO(CRLSELECTOR), \
1.193 + TYPEMACRO(DATE), \
1.194 + TYPEMACRO(CRLCHECKER), \
1.195 + TYPEMACRO(EKUCHECKER), \
1.196 + TYPEMACRO(ERROR), \
1.197 + TYPEMACRO(FORWARDBUILDERSTATE), \
1.198 + TYPEMACRO(GENERALNAME), \
1.199 + TYPEMACRO(HASHTABLE), \
1.200 + TYPEMACRO(HTTPCERTSTORECONTEXT), \
1.201 + TYPEMACRO(HTTPDEFAULTCLIENT), \
1.202 + TYPEMACRO(INFOACCESS), \
1.203 + TYPEMACRO(LDAPDEFAULTCLIENT), \
1.204 + TYPEMACRO(LDAPREQUEST), \
1.205 + TYPEMACRO(LDAPRESPONSE), \
1.206 + TYPEMACRO(LIST), \
1.207 + TYPEMACRO(LOGGER), \
1.208 + TYPEMACRO(MONITORLOCK), \
1.209 + TYPEMACRO(MUTEX), \
1.210 + TYPEMACRO(OBJECT), \
1.211 + TYPEMACRO(OCSPCERTID), \
1.212 + TYPEMACRO(OCSPCHECKER), \
1.213 + TYPEMACRO(OCSPREQUEST), \
1.214 + TYPEMACRO(OCSPRESPONSE), \
1.215 + TYPEMACRO(OID), \
1.216 + TYPEMACRO(REVOCATIONCHECKER), \
1.217 + TYPEMACRO(PROCESSINGPARAMS), \
1.218 + TYPEMACRO(PUBLICKEY), \
1.219 + TYPEMACRO(RESOURCELIMITS), \
1.220 + TYPEMACRO(RWLOCK), \
1.221 + TYPEMACRO(SIGNATURECHECKERSTATE), \
1.222 + TYPEMACRO(SOCKET), \
1.223 + TYPEMACRO(STRING), \
1.224 + TYPEMACRO(TARGETCERTCHECKERSTATE), \
1.225 + TYPEMACRO(TRUSTANCHOR), \
1.226 + TYPEMACRO(VALIDATEPARAMS), \
1.227 + TYPEMACRO(VALIDATERESULT), \
1.228 + TYPEMACRO(VERIFYNODE), \
1.229 + TYPEMACRO(X500NAME)
1.230 +
1.231 +#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
1.232 +
1.233 +typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */
1.234 + PKIX_TYPES,
1.235 + PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */
1.236 +} PKIX_TYPENUM;
1.237 +
1.238 +
1.239 +#ifdef PKIX_USER_OBJECT_TYPE
1.240 +
1.241 +/* User Define Object Types
1.242 + *
1.243 + * User may define their own object types offset from PKIX_USER_OBJECT_TYPE
1.244 + */
1.245 +#define PKIX_USER_OBJECT_TYPEBASE 1000
1.246 +
1.247 +#endif /* PKIX_USER_OBJECT_TYPE */
1.248 +
1.249 +/* Error Codes
1.250 + *
1.251 + * This list is used to define a set of PKIX_Error exception class numbers.
1.252 + * ERRMACRO is redefined to produce a corresponding set of
1.253 + * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in
1.254 + * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
1.255 + * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is
1.256 + * initialized in pkix_error.c with the value "MUTEX".
1.257 + */
1.258 +#define PKIX_ERRORCLASSES \
1.259 + ERRMACRO(AIAMGR), \
1.260 + ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
1.261 + ERRMACRO(BIGINT), \
1.262 + ERRMACRO(BUILD), \
1.263 + ERRMACRO(BUILDRESULT), \
1.264 + ERRMACRO(BYTEARRAY), \
1.265 + ERRMACRO(CERT), \
1.266 + ERRMACRO(CERTBASICCONSTRAINTS), \
1.267 + ERRMACRO(CERTCHAINCHECKER), \
1.268 + ERRMACRO(CERTNAMECONSTRAINTS), \
1.269 + ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
1.270 + ERRMACRO(CERTPOLICYCHECKERSTATE), \
1.271 + ERRMACRO(CERTPOLICYINFO), \
1.272 + ERRMACRO(CERTPOLICYMAP), \
1.273 + ERRMACRO(CERTPOLICYNODE), \
1.274 + ERRMACRO(CERTPOLICYQUALIFIER), \
1.275 + ERRMACRO(CERTSELECTOR), \
1.276 + ERRMACRO(CERTSTORE), \
1.277 + ERRMACRO(CERTVFYPKIX), \
1.278 + ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
1.279 + ERRMACRO(COMCERTSELPARAMS), \
1.280 + ERRMACRO(COMCRLSELPARAMS), \
1.281 + ERRMACRO(CONTEXT), \
1.282 + ERRMACRO(CRL), \
1.283 + ERRMACRO(CRLDP), \
1.284 + ERRMACRO(CRLENTRY), \
1.285 + ERRMACRO(CRLSELECTOR), \
1.286 + ERRMACRO(CRLCHECKER), \
1.287 + ERRMACRO(DATE), \
1.288 + ERRMACRO(EKUCHECKER), \
1.289 + ERRMACRO(ERROR), \
1.290 + ERRMACRO(FATAL), \
1.291 + ERRMACRO(FORWARDBUILDERSTATE), \
1.292 + ERRMACRO(GENERALNAME), \
1.293 + ERRMACRO(HASHTABLE), \
1.294 + ERRMACRO(HTTPCERTSTORECONTEXT), \
1.295 + ERRMACRO(HTTPDEFAULTCLIENT), \
1.296 + ERRMACRO(INFOACCESS), \
1.297 + ERRMACRO(LDAPCLIENT), \
1.298 + ERRMACRO(LDAPDEFAULTCLIENT), \
1.299 + ERRMACRO(LDAPREQUEST), \
1.300 + ERRMACRO(LDAPRESPONSE), \
1.301 + ERRMACRO(LIFECYCLE), \
1.302 + ERRMACRO(LIST), \
1.303 + ERRMACRO(LOGGER), \
1.304 + ERRMACRO(MEM), \
1.305 + ERRMACRO(MONITORLOCK), \
1.306 + ERRMACRO(MUTEX), \
1.307 + ERRMACRO(OBJECT), \
1.308 + ERRMACRO(OCSPCERTID), \
1.309 + ERRMACRO(OCSPCHECKER), \
1.310 + ERRMACRO(OCSPREQUEST), \
1.311 + ERRMACRO(OCSPRESPONSE), \
1.312 + ERRMACRO(OID), \
1.313 + ERRMACRO(PROCESSINGPARAMS), \
1.314 + ERRMACRO(PUBLICKEY), \
1.315 + ERRMACRO(RESOURCELIMITS), \
1.316 + ERRMACRO(REVOCATIONMETHOD), \
1.317 + ERRMACRO(REVOCATIONCHECKER), \
1.318 + ERRMACRO(RWLOCK), \
1.319 + ERRMACRO(SIGNATURECHECKERSTATE), \
1.320 + ERRMACRO(SOCKET), \
1.321 + ERRMACRO(STRING), \
1.322 + ERRMACRO(TARGETCERTCHECKERSTATE), \
1.323 + ERRMACRO(TRUSTANCHOR), \
1.324 + ERRMACRO(USERDEFINEDMODULES), \
1.325 + ERRMACRO(VALIDATE), \
1.326 + ERRMACRO(VALIDATEPARAMS), \
1.327 + ERRMACRO(VALIDATERESULT), \
1.328 + ERRMACRO(VERIFYNODE), \
1.329 + ERRMACRO(X500NAME)
1.330 +
1.331 +#define ERRMACRO(type) PKIX_ ## type ## _ERROR
1.332 +
1.333 +typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */
1.334 + PKIX_ERRORCLASSES,
1.335 + PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */
1.336 +} PKIX_ERRORCLASS;
1.337 +
1.338 +/* Now define error strings (for internationalization) */
1.339 +
1.340 +#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name
1.341 +
1.342 +/* Define all the error numbers */
1.343 +typedef enum {
1.344 +#include "pkix_errorstrings.h"
1.345 +, PKIX_NUMERRORCODES
1.346 +} PKIX_ERRORCODE;
1.347 +
1.348 +extern const char * const PKIX_ErrorText[];
1.349 +
1.350 +/* String Formats
1.351 + *
1.352 + * These formats specify supported encoding formats for Strings.
1.353 + */
1.354 +
1.355 +#define PKIX_ESCASCII 0
1.356 +#define PKIX_UTF8 1
1.357 +#define PKIX_UTF16 2
1.358 +#define PKIX_UTF8_NULL_TERM 3
1.359 +#define PKIX_ESCASCII_DEBUG 4
1.360 +
1.361 +/* Name Types
1.362 + *
1.363 + * These types specify supported formats for GeneralNames.
1.364 + */
1.365 +
1.366 +#define PKIX_OTHER_NAME 1
1.367 +#define PKIX_RFC822_NAME 2
1.368 +#define PKIX_DNS_NAME 3
1.369 +#define PKIX_X400_ADDRESS 4
1.370 +#define PKIX_DIRECTORY_NAME 5
1.371 +#define PKIX_EDIPARTY_NAME 6
1.372 +#define PKIX_URI_NAME 7
1.373 +#define PKIX_IP_NAME 8
1.374 +#define PKIX_OID_NAME 9
1.375 +
1.376 +/* Key Usages
1.377 + *
1.378 + * These types specify supported Key Usages
1.379 + */
1.380 +
1.381 +#define PKIX_DIGITAL_SIGNATURE 0x001
1.382 +#define PKIX_NON_REPUDIATION 0x002
1.383 +#define PKIX_KEY_ENCIPHERMENT 0x004
1.384 +#define PKIX_DATA_ENCIPHERMENT 0x008
1.385 +#define PKIX_KEY_AGREEMENT 0x010
1.386 +#define PKIX_KEY_CERT_SIGN 0x020
1.387 +#define PKIX_CRL_SIGN 0x040
1.388 +#define PKIX_ENCIPHER_ONLY 0x080
1.389 +#define PKIX_DECIPHER_ONLY 0x100
1.390 +
1.391 +/* Reason Flags
1.392 + *
1.393 + * These macros specify supported Reason Flags
1.394 + */
1.395 +
1.396 +#define PKIX_UNUSED 0x001
1.397 +#define PKIX_KEY_COMPROMISE 0x002
1.398 +#define PKIX_CA_COMPROMISE 0x004
1.399 +#define PKIX_AFFILIATION_CHANGED 0x008
1.400 +#define PKIX_SUPERSEDED 0x010
1.401 +#define PKIX_CESSATION_OF_OPERATION 0x020
1.402 +#define PKIX_CERTIFICATE_HOLD 0x040
1.403 +#define PKIX_PRIVILEGE_WITHDRAWN 0x080
1.404 +#define PKIX_AA_COMPROMISE 0x100
1.405 +
1.406 +/* Boolean values
1.407 + *
1.408 + * These macros specify the Boolean values of TRUE and FALSE
1.409 + * XXX Is it the case that any non-zero value is actually considered TRUE
1.410 + * and this is just a convenient mnemonic macro?
1.411 + */
1.412 +
1.413 +#define PKIX_TRUE ((PKIX_Boolean) 1)
1.414 +#define PKIX_FALSE ((PKIX_Boolean) 0)
1.415 +
1.416 +/*
1.417 + * Define constants for basic constraints selector
1.418 + * (see comments in pkix_certsel.h)
1.419 + */
1.420 +
1.421 +#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
1.422 +#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
1.423 +
1.424 +/*
1.425 + * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
1.426 + * object file. It is thrown if system memory cannot be allocated or may be
1.427 + * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
1.428 + * IncRef, DecRef and all Settor functions cannot be called.
1.429 + * XXX Does anyone actually need to know about this?
1.430 + * XXX Why no DecRef? Would be good to handle it the same.
1.431 + */
1.432 +
1.433 +PKIX_Error* PKIX_ALLOC_ERROR(void);
1.434 +
1.435 +/*
1.436 + * In a CertBasicConstraints extension, if the CA flag is set,
1.437 + * indicating the certificate refers to a Certification
1.438 + * Authority, then the pathLen field indicates how many intermediate
1.439 + * certificates (not counting self-signed ones) can exist in a valid
1.440 + * chain following this certificate. If the pathLen has the value
1.441 + * of this constant, then the length of the chain is unlimited
1.442 + */
1.443 +#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
1.444 +
1.445 +/*
1.446 + * Define Certificate Extension hard-coded OID's
1.447 + */
1.448 +#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN
1.449 +#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE
1.450 +#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME
1.451 +#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS
1.452 +#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE
1.453 +#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS
1.454 +#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES
1.455 +#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY
1.456 +#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS
1.457 +#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS
1.458 +#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE
1.459 +#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY
1.460 +#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE
1.461 +#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH
1.462 +#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH
1.463 +#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN
1.464 +#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT
1.465 +#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP
1.466 +#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER
1.467 +
1.468 +
1.469 +/* Available revocation method types. */
1.470 +typedef enum PKIX_RevocationMethodTypeEnum {
1.471 + PKIX_RevocationMethod_CRL = 0,
1.472 + PKIX_RevocationMethod_OCSP,
1.473 + PKIX_RevocationMethod_MAX
1.474 +} PKIX_RevocationMethodType;
1.475 +
1.476 +/* A set of statuses revocation checker operates on */
1.477 +typedef enum PKIX_RevocationStatusEnum {
1.478 + PKIX_RevStatus_NoInfo = 0,
1.479 + PKIX_RevStatus_Revoked,
1.480 + PKIX_RevStatus_Success
1.481 +} PKIX_RevocationStatus;
1.482 +
1.483 +
1.484 +#ifdef __cplusplus
1.485 +}
1.486 +#endif
1.487 +
1.488 +#endif /* _PKIXT_H */
