security/nss/lib/libpkix/include/pkix_certstore.h@b8a032363ba2
security/nss/lib/libpkix/include/pkix_certstore.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * This file defines functions associated with the PKIX_CertStore type.
6 *
7 */
9 #ifndef _PKIX_CERTSTORE_H
10 #define _PKIX_CERTSTORE_H
12 #include "pkixt.h"
14 #ifdef __cplusplus
15 extern "C" {
16 #endif
18 /* General
19 *
20 * Please refer to the libpkix Programmer's Guide for detailed information
21 * about how to use the libpkix library. Certain key warnings and notices from
22 * that document are repeated here for emphasis.
23 *
24 * All identifiers in this file (and all public identifiers defined in
25 * libpkix) begin with "PKIX_". Private identifiers only intended for use
26 * within the library begin with "pkix_".
27 *
28 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
29 *
30 * Unless otherwise noted, for all accessor (gettor) functions that return a
31 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
32 * shared object. Therefore, the caller should treat this shared object as
33 * read-only and should not modify this shared object. When done using the
34 * shared object, the caller should release the reference to the object by
35 * using the PKIX_PL_Object_DecRef function.
36 *
37 * While a function is executing, if its arguments (or anything referred to by
38 * its arguments) are modified, free'd, or destroyed, the function's behavior
39 * is undefined.
40 *
41 */
43 /* PKIX_CertStore
44 *
45 * A PKIX_CertStore provides a standard way for the caller to retrieve
46 * certificates and CRLs from a particular repository (or "store") of
47 * certificates and CRLs, including LDAP directories, flat files, local
48 * databases, etc. The CertCallback allows custom certificate retrieval logic
49 * to be used while the CRLCallback allows custom CRL retrieval logic to be
50 * used. Additionally, a CertStore can be initialized with a certStoreContext,
51 * which is where the caller can specify configuration data such as the host
52 * name of an LDAP server. Note that this certStoreContext must be an
53 * Object (although any object type), allowing it to be reference-counted and
54 * allowing it to provide the standard Object functions (Equals, Hashcode,
55 * ToString, Compare, Duplicate). Please note that each certStoreContext must
56 * provide Equals and Hashcode functions in order for the caching (on Cert and
57 * CertChain) to work correctly. When providing those two functions, it is not
58 * required that all the components of the object be hashed or checked for
59 * equality, but merely that the functions distinguish between unique
60 * instances of the certStoreContext.
61 *
62 * Once the caller has created the CertStore object, the caller then specifies
63 * these CertStore objects in a ProcessingParams object and passes that object
64 * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the
65 * user's callback functions as needed during the validation or building
66 * process.
67 *
68 * The order of CertStores stored (as a list) at ProcessingParams determines
69 * the order in which certificates are retrieved. Trusted CertStores should
70 * precede non-trusted ones on the list of CertStores so their certificates
71 * are evaluated ahead of other certificates selected on the basis of the same
72 * selector criteria.
73 *
74 * The CheckTrustCallback function is used when the CertStore object
75 * supports trust status, which means a Cert's trust status can be altered
76 * dynamically. When a CertStore object is created, if the
77 * CheckTrustCallback is initialized to be non-NULL, this CertStore is
78 * defaulted as supporting trust. Then whenever a Cert needs to (re)check its
79 * trust status, this callback can be invoked. When a Cert is retrieved by
80 * a CertStore supports trust, at its GetCertCallback, the CertStore
81 * information should be updated in Cert's data structure so the link between
82 * the Cert and CertStore exists.
83 *
84 */
86 /*
87 * FUNCTION: PKIX_CertStore_CertCallback
88 * DESCRIPTION:
89 *
90 * This callback function retrieves from the CertStore pointed to by "store"
91 * all the certificates that match the CertSelector pointed to by "selector".
92 * It places these certificates in a List and stores a pointer to the List at
93 * "pCerts". If no certificates are found which match the CertSelector's
94 * criteria, this function stores an empty List at "pCerts". In either case, if
95 * the operation is completed, NULL is stored at "pNBIOContext".
96 *
97 * A CertStore which uses non-blocking I/O may store platform-dependent
98 * information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is
99 * pending. A subsequent call to PKIX_CertStore_CertContinue is required to
100 * finish the operation and to obtain the List of Certs.
101 *
102 * Note that the List returned by this function is immutable.
103 *
104 * PARAMETERS:
105 * "store"
106 * Address of CertStore from which Certs are to be retrieved.
107 * Must be non-NULL.
108 * "selector"
109 * Address of CertSelector whose criteria must be satisfied.
110 * Must be non-NULL.
111 * "verifyNode"
112 * Parent log node for tracking of filtered out certs.
113 * "pNBIOContext"
114 * Address at which platform-dependent information is stored if the
115 * operation is suspended for non-blocking I/O. Must be non-NULL.
116 * "pCerts"
117 * Address where object pointer will be stored. Must be non-NULL.
118 * "plContext"
119 * Platform-specific context pointer.
120 * THREAD SAFETY:
121 * Thread Safe
122 *
123 * Multiple threads must be able to safely call this function without
124 * worrying about conflicts, even if they're operating on the same object.
125 * RETURNS:
126 * Returns NULL if the function succeeds.
127 * Returns a CertStore Error if the function fails in a non-fatal way.
128 * Returns a Fatal Error if the function fails in an unrecoverable way.
129 */
130 typedef PKIX_Error *
131 (*PKIX_CertStore_CertCallback)(
132 PKIX_CertStore *store,
133 PKIX_CertSelector *selector,
134 PKIX_VerifyNode *verifyNode,
135 void **pNBIOContext,
136 PKIX_List **pCerts, /* list of PKIX_PL_Cert */
137 void *plContext);
139 /*
140 * FUNCTION: PKIX_CertStore_CertContinue
141 * DESCRIPTION:
142 *
143 * This function continues the non-blocking operation initiated by an earlier
144 * call to the CertCallback function, for the CertStore pointed to by "store".
145 * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
146 * value returned in "pNBIOContext") calling this function will return a fatal
147 * error. If the operation is completed the certificates found are placed in a
148 * List, a pointer to which is stored at "pCerts". If no certificates are found
149 * which match the CertSelector's criteria, this function stores an empty List
150 * at "pCerts". In either case, if the operation is completed, NULL is stored
151 * at "pNBIOContext".
152 *
153 * If non-blocking I/O is still pending this function stores platform-dependent
154 * information at "pNBIOContext" and NULL at "pCerts". A subsequent call to
155 * PKIX_CertStore_CertContinue is required to finish the operation and to
156 * obtain the List of Certs.
157 *
158 * Note that the List returned by this function is immutable.
159 *
160 * PARAMETERS:
161 * "store"
162 * Address of CertStore from which Certs are to be retrieved.
163 * Must be non-NULL.
164 * "selector"
165 * Address of CertSelector whose criteria must be satisfied.
166 * Must be non-NULL.
167 * "verifyNode"
168 * Parent log node for tracking of filtered out certs.
169 * "pNBIOContext"
170 * Address at which platform-dependent information is stored if the
171 * operation is suspended for non-blocking I/O. Must be non-NULL.
172 * "pCerts"
173 * Address where object pointer will be stored. Must be non-NULL.
174 * "plContext"
175 * Platform-specific context pointer.
176 * THREAD SAFETY:
177 * Thread Safe
178 *
179 * Multiple threads must be able to safely call this function without
180 * worrying about conflicts, even if they're operating on the same object.
181 * RETURNS:
182 * Returns NULL if the function succeeds.
183 * Returns a CertStore Error if the function fails in a non-fatal way.
184 * Returns a Fatal Error if the function fails in an unrecoverable way.
185 */
186 PKIX_Error *
187 PKIX_CertStore_CertContinue(
188 PKIX_CertStore *store,
189 PKIX_CertSelector *selector,
190 PKIX_VerifyNode *verifyNode,
191 void **pNBIOContext,
192 PKIX_List **pCerts, /* list of PKIX_PL_Cert */
193 void *plContext);
195 typedef PKIX_Error *
196 (*PKIX_CertStore_CertContinueFunction)(
197 PKIX_CertStore *store,
198 PKIX_CertSelector *selector,
199 PKIX_VerifyNode *verifyNode,
200 void **pNBIOContext,
201 PKIX_List **pCerts, /* list of PKIX_PL_Cert */
202 void *plContext);
204 /*
205 * FUNCTION: PKIX_CertStore_CRLCallback
206 * DESCRIPTION:
207 *
208 * This callback function retrieves from the CertStore pointed to by "store"
209 * all the CRLs that match the CRLSelector pointed to by "selector". It
210 * places these CRLs in a List and stores a pointer to the List at "pCRLs".
211 * If no CRLs are found which match the CRLSelector's criteria, this function
212 * stores an empty List at "pCRLs". In either case, if the operation is
213 * completed, NULL is stored at "pNBIOContext".
214 *
215 * A CertStore which uses non-blocking I/O may store platform-dependent
216 * information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is
217 * pending. A subsequent call to PKIX_CertStore_CRLContinue is required to
218 * finish the operation and to obtain the List of Crls.
219 *
220 * Note that the List returned by this function is immutable.
221 *
222 * PARAMETERS:
223 * "store"
224 * Address of CertStore from which CRLs are to be retrieved.
225 * Must be non-NULL.
226 * "selector"
227 * Address of CRLSelector whose criteria must be satisfied.
228 * Must be non-NULL.
229 * "pCrls"
230 * Address where object pointer will be stored. Must be non-NULL.
231 * "plContext"
232 * Platform-specific context pointer.
233 * THREAD SAFETY:
234 * Thread Safe
235 *
236 * Multiple threads must be able to safely call this function without
237 * worrying about conflicts, even if they're operating on the same object.
238 * RETURNS:
239 * Returns NULL if the function succeeds.
240 * Returns a CertStore Error if the function fails in a non-fatal way.
241 * Returns a Fatal Error if the function fails in an unrecoverable way.
242 */
243 typedef PKIX_Error *
244 (*PKIX_CertStore_CRLCallback)(
245 PKIX_CertStore *store,
246 PKIX_CRLSelector *selector,
247 void **pNBIOContext,
248 PKIX_List **pCrls, /* list of PKIX_PL_CRL */
249 void *plContext);
251 /*
252 * FUNCTION: PKIX_CertStore_ImportCrlCallback
253 * DESCRIPTION:
254 *
255 * The function imports crl list into a cert store. Stores that
256 * have local cache may only have that function defined.
257 *
258 * PARAMETERS:
259 * "store"
260 * Address of CertStore from which CRLs are to be retrieved.
261 * Must be non-NULL.
262 * "issuerName"
263 * Name of the issuer that will be used to track bad der crls.
264 * "crlList"
265 * Address on the importing crl list.
266 * "plContext"
267 * Platform-specific context pointer.
268 * THREAD SAFETY:
269 * Thread Safe
270 *
271 * Multiple threads must be able to safely call this function without
272 * worrying about conflicts, even if they're operating on the same object.
273 * RETURNS:
274 * Returns NULL if the function succeeds.
275 * Returns a CertStore Error if the function fails in a non-fatal way.
276 * Returns a Fatal Error if the function fails in an unrecoverable way.
277 */
278 typedef PKIX_Error *
279 (*PKIX_CertStore_ImportCrlCallback)(
280 PKIX_CertStore *store,
281 PKIX_PL_X500Name *issuerName,
282 PKIX_List *crlList,
283 void *plContext);
285 /*
286 * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback
287 * DESCRIPTION:
288 *
289 * The function checks revocation status of a cert with specified
290 * issuer, date. It returns revocation status of a cert and
291 * a reason code(if any) if a cert was revoked.
292 *
293 * PARAMETERS:
294 * "store"
295 * Address of CertStore from which CRLs are to be retrieved.
296 * Must be non-NULL.
297 * "cert"
298 * Certificate which revocation status will be checked.
299 * "issuer"
300 * Issuer certificate of the "crl".
301 * "date"
302 * Date of the revocation check.
303 * "crlDownloadDone"
304 * Indicates, that all needed crl downloads are done by the time of
305 * the revocation check.
306 * "reasonCode"
307 * If cert is revoked, returned reason code for which a cert was revoked.
308 * "revStatus"
309 * Returned revocation status of the cert. See PKIX_RevocationStatus
310 * for more details
311 * "plContext"
312 * Platform-specific context pointer.
313 * THREAD SAFETY:
314 * Thread Safe
315 *
316 * Multiple threads must be able to safely call this function without
317 * worrying about conflicts, even if they're operating on the same object.
318 * RETURNS:
319 * Returns NULL if the function succeeds.
320 * Returns a CertStore Error if the function fails in a non-fatal way.
321 * Returns a Fatal Error if the function fails in an unrecoverable way.
322 */
323 typedef PKIX_Error *
324 (*PKIX_CertStore_CheckRevokationByCrlCallback)(
325 PKIX_CertStore *store,
326 PKIX_PL_Cert *cert,
327 PKIX_PL_Cert *issuer,
328 PKIX_PL_Date *date,
329 PKIX_Boolean crlDownloadDone,
330 PKIX_UInt32 *reasonCode,
331 PKIX_RevocationStatus *revStatus,
332 void *plContext);
334 /*
335 * FUNCTION: PKIX_CertStore_CrlContinue
336 * DESCRIPTION:
337 *
338 * This function continues the non-blocking operation initiated by an earlier
339 * call to the CRLCallback function, for the CertStore pointed to by "store".
340 * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
341 * value returned in "pNBIOContext") calling this function will return a fatal
342 * error. If the operation is completed the crls found are placed in a List, a
343 * pointer to which is stored at "pCrls". If no crls are found which match the
344 * CRLSelector's criteria, this function stores an empty List at "pCrls". In
345 * either case, if the operation is completed, NULL is stored at "pNBIOContext".
346 *
347 * If non-blocking I/O is still pending this function stores platform-dependent
348 * information at "pNBIOContext" and NULL at "pCrls". A subsequent call to
349 * PKIX_CertStore_CrlContinue is required to finish the operation and to
350 * obtain the List of Crls.
351 *
352 * Note that the List returned by this function is immutable.
353 *
354 * PARAMETERS:
355 * "store"
356 * Address of CertStore from which Crls are to be retrieved.
357 * Must be non-NULL.
358 * "selector"
359 * Address of CRLSelector whose criteria must be satisfied.
360 * Must be non-NULL.
361 * "pNBIOContext"
362 * Address at which platform-dependent information is stored if the
363 * operation is suspended for non-blocking I/O. Must be non-NULL.
364 * "pCrls"
365 * Address where object pointer will be stored. Must be non-NULL.
366 * "plContext"
367 * Platform-specific context pointer.
368 * THREAD SAFETY:
369 * Thread Safe
370 *
371 * Multiple threads must be able to safely call this function without
372 * worrying about conflicts, even if they're operating on the same object.
373 * RETURNS:
374 * Returns NULL if the function succeeds.
375 * Returns a CertStore Error if the function fails in a non-fatal way.
376 * Returns a Fatal Error if the function fails in an unrecoverable way.
377 */
378 PKIX_Error *
379 PKIX_CertStore_CrlContinue(
380 PKIX_CertStore *store,
381 PKIX_CRLSelector *selector,
382 void **pNBIOContext,
383 PKIX_List **pCrls, /* list of PKIX_PL_CRL */
384 void *plContext);
386 typedef PKIX_Error *
387 (*PKIX_CertStore_CrlContinueFunction)(
388 PKIX_CertStore *store,
389 PKIX_CRLSelector *selector,
390 void **pNBIOContext,
391 PKIX_List **pCrls, /* list of PKIX_PL_CRL */
392 void *plContext);
394 /*
395 * FUNCTION: PKIX_CertStore_CheckTrustCallback
396 * DESCRIPTION:
397 *
398 * This callback function rechecks "cert's" trust status from the CertStore
399 * pointed to by "store".
400 *
401 * PARAMETERS:
402 * "store"
403 * Address of CertStore from which Certs are to be checked.
404 * Must be non-NULL.
405 * "cert"
406 * Address of Cert whose trust status needs to be rechecked.
407 * Must be non-NULL.
408 * "pTrusted"
409 * Address of PKIX_Boolean where the trust status is returned.
410 * Must be non-NULL.
411 * "plContext"
412 * Platform-specific context pointer.
413 * THREAD SAFETY:
414 * Thread Safe
415 *
416 * Multiple threads must be able to safely call this function without
417 * worrying about conflicts, even if they're operating on the same object.
418 * RETURNS:
419 * Returns NULL if the function succeeds.
420 * Returns a CertStore Error if the function fails in a non-fatal way.
421 * Returns a Fatal Error if the function fails in an unrecoverable way.
422 */
423 typedef PKIX_Error *
424 (*PKIX_CertStore_CheckTrustCallback)(
425 PKIX_CertStore *store,
426 PKIX_PL_Cert *cert,
427 PKIX_Boolean *pTrusted,
428 void *plContext);
430 /*
431 * FUNCTION: PKIX_CertStore_Create
432 * DESCRIPTION:
433 *
434 * Creates a new CertStore and stores it at "pStore". The new CertStore uses
435 * the CertCallback pointed to by "certCallback" and the CRLCallback pointed
436 * to by "crlCallback" as its callback functions and uses the Object pointed
437 * to by "certStoreContext" as its context . Note that this certStoreContext
438 * must be an Object (although any object type), allowing it to be
439 * reference-counted and allowing it to provide the standard Object functions
440 * (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a
441 * CertStore object is immutable, although the underlying repository can
442 * change. For example, a CertStore will often be a front-end for a database
443 * or directory. The contents of that directory can change after the
444 * CertStore object is created, but the CertStore object remains immutable.
445 *
446 * PARAMETERS:
447 * "certCallback"
448 * The CertCallback function to be used. Must be non-NULL.
449 * "crlCallback"
450 * The CRLCallback function to be used. Must be non-NULL.
451 * "certContinue"
452 * The function to be used to resume a certCallback that returned with a
453 * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
454 * I/O.
455 * "crlContinue"
456 * The function to be used to resume a crlCallback that returned with a
457 * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
458 * I/O.
459 * "trustCallback"
460 * Address of PKIX_CertStore_CheckTrustCallback which is called to
461 * verify the trust status of Certs in this CertStore.
462 * "certStoreContext"
463 * Address of Object representing the CertStore's context (if any).
464 * "cachedFlag"
465 * If TRUE indicates data retrieved from CertStore should be cached.
466 * "localFlag"
467 * Boolean value indicating whether this CertStore is local.
468 * "pStore"
469 * Address where object pointer will be stored. Must be non-NULL.
470 * "plContext"
471 * Platform-specific context pointer.
472 * THREAD SAFETY:
473 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
474 * RETURNS:
475 * Returns NULL if the function succeeds.
476 * Returns a CertStore Error if the function fails in a non-fatal way.
477 * Returns a Fatal Error if the function fails in an unrecoverable way.
478 */
479 PKIX_Error *
480 PKIX_CertStore_Create(
481 PKIX_CertStore_CertCallback certCallback,
482 PKIX_CertStore_CRLCallback crlCallback,
483 PKIX_CertStore_CertContinueFunction certContinue,
484 PKIX_CertStore_CrlContinueFunction crlContinue,
485 PKIX_CertStore_CheckTrustCallback trustCallback,
486 PKIX_CertStore_ImportCrlCallback importCrlCallback,
487 PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
488 PKIX_PL_Object *certStoreContext,
489 PKIX_Boolean cachedFlag,
490 PKIX_Boolean localFlag,
491 PKIX_CertStore **pStore,
492 void *plContext);
494 /*
495 * FUNCTION: PKIX_CertStore_GetCertCallback
496 * DESCRIPTION:
497 *
498 * Retrieves a pointer to "store's" Cert callback function and put it in
499 * "pCallback".
500 *
501 * PARAMETERS:
502 * "store"
503 * The CertStore whose Cert callback is desired. Must be non-NULL.
504 * "pCallback"
505 * Address where Cert callback function pointer will be stored.
506 * Must be non-NULL.
507 * "plContext"
508 * Platform-specific context pointer.
509 * THREAD SAFETY:
510 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
511 * RETURNS:
512 * Returns NULL if the function succeeds.
513 * Returns a Fatal Error if the function fails in an unrecoverable way.
514 */
515 PKIX_Error *
516 PKIX_CertStore_GetCertCallback(
517 PKIX_CertStore *store,
518 PKIX_CertStore_CertCallback *pCallback,
519 void *plContext);
521 /*
522 * FUNCTION: PKIX_CertStore_GetCRLCallback
523 * DESCRIPTION:
524 *
525 * Retrieves a pointer to "store's" CRL callback function and put it in
526 * "pCallback".
527 *
528 * PARAMETERS:
529 * "store"
530 * The CertStore whose CRL callback is desired. Must be non-NULL.
531 * "pCallback"
532 * Address where CRL callback function pointer will be stored.
533 * Must be non-NULL.
534 * "plContext"
535 * Platform-specific context pointer.
536 * THREAD SAFETY:
537 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
538 * RETURNS:
539 * Returns NULL if the function succeeds.
540 * Returns a Fatal Error if the function fails in an unrecoverable way.
541 */
542 PKIX_Error *
543 PKIX_CertStore_GetCRLCallback(
544 PKIX_CertStore *store,
545 PKIX_CertStore_CRLCallback *pCallback,
546 void *plContext);
548 /*
549 * FUNCTION: PKIX_CertStore_GetImportCrlCallback
550 * DESCRIPTION:
551 *
552 * Retrieves a pointer to "store's" Import CRL callback function and put it in
553 * "pCallback".
554 *
555 * PARAMETERS:
556 * "store"
557 * The CertStore whose CRL callback is desired. Must be non-NULL.
558 * "pCallback"
559 * Address where CRL callback function pointer will be stored.
560 * Must be non-NULL.
561 * "plContext"
562 * Platform-specific context pointer.
563 * THREAD SAFETY:
564 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
565 * RETURNS:
566 * Returns NULL if the function succeeds.
567 * Returns a Fatal Error if the function fails in an unrecoverable way.
568 */
569 PKIX_Error *
570 PKIX_CertStore_GetImportCrlCallback(
571 PKIX_CertStore *store,
572 PKIX_CertStore_ImportCrlCallback *pCallback,
573 void *plContext);
575 /*
576 * FUNCTION: PKIX_CertStore_GetCheckRevByCrl
577 * DESCRIPTION:
578 *
579 * Retrieves a pointer to "store's" CRL revocation checker callback function
580 * and put it in "pCallback".
581 *
582 * PARAMETERS:
583 * "store"
584 * The CertStore whose CRL callback is desired. Must be non-NULL.
585 * "pCallback"
586 * Address where CRL callback function pointer will be stored.
587 * Must be non-NULL.
588 * "plContext"
589 * Platform-specific context pointer.
590 * THREAD SAFETY:
591 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
592 * RETURNS:
593 * Returns NULL if the function succeeds.
594 * Returns a Fatal Error if the function fails in an unrecoverable way.
595 */
596 PKIX_Error *
597 PKIX_CertStore_GetCrlCheckerFn(
598 PKIX_CertStore *store,
599 PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
600 void *plContext);
602 /*
603 * FUNCTION: PKIX_CertStore_GetTrustCallback
604 * DESCRIPTION:
605 *
606 * Retrieves the function pointer to the CheckTrust callback function of the
607 * CertStore pointed to by "store" and stores it at "pCallback".
608 *
609 * PARAMETERS:
610 * "store"
611 * The CertStore whose CheckTrust callback is desired. Must be non-NULL.
612 * "pCallback"
613 * Address where CheckTrust callback function pointer will be stored.
614 * Must be non-NULL.
615 * "plContext"
616 * Platform-specific context pointer.
617 * THREAD SAFETY:
618 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
619 * RETURNS:
620 * Returns NULL if the function succeeds.
621 * Returns a Fatal Error if the function fails in an unrecoverable way.
622 */
623 PKIX_Error *
624 PKIX_CertStore_GetTrustCallback(
625 PKIX_CertStore *store,
626 PKIX_CertStore_CheckTrustCallback *pCallback,
627 void *plContext);
629 /*
630 * FUNCTION: PKIX_CertStore_GetCertStoreContext
631 * DESCRIPTION:
632 *
633 * Retrieves a pointer to the Object representing the context (if any)
634 * of the CertStore pointed to by "store" and stores it at
635 * "pCertStoreContext".
636 *
637 * PARAMETERS:
638 * "store"
639 * Address of CertStore whose context is to be stored. Must be non-NULL.
640 * "pCertStoreContext"
641 * Address where object pointer will be stored. Must be non-NULL.
642 * "plContext"
643 * Platform-specific context pointer.
644 * THREAD SAFETY:
645 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
646 * RETURNS:
647 * Returns NULL if the function succeeds.
648 * Returns a Fatal Error if the function fails in an unrecoverable way.
649 */
650 PKIX_Error *
651 PKIX_CertStore_GetCertStoreContext(
652 PKIX_CertStore *store,
653 PKIX_PL_Object **pCertStoreContext,
654 void *plContext);
656 /*
657 * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
658 * DESCRIPTION:
659 *
660 * Retrieves the Boolean cache flag of the CertStore pointed to by "store" and
661 * stores it at "pCachedFlag".
662 *
663 * PARAMETERS:
664 * "store"
665 * Address of CertStore whose cache flag is to be stored. Must be non-NULL.
666 * "pCacheFlag"
667 * Address where the result will be stored. Must be non-NULL.
668 * "plContext"
669 * Platform-specific context pointer.
670 * THREAD SAFETY:
671 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
672 * RETURNS:
673 * Returns NULL if the function succeeds.
674 * Returns a Fatal Error if the function fails in an unrecoverable way.
675 */
676 PKIX_Error *
677 PKIX_CertStore_GetCertStoreCacheFlag(
678 PKIX_CertStore *store,
679 PKIX_Boolean *pCacheFlag,
680 void *plContext);
682 /*
683 * FUNCTION: PKIX_CertStore_GetLocalFlag
684 * DESCRIPTION:
685 *
686 * Retrieves the Boolean localFlag for the CertStore pointed to by "store" and
687 * stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can
688 * fulfill a request without performing network I/O.
689 *
690 * PARAMETERS:
691 * "store"
692 * The CertStore whose Local flag is desired. Must be non-NULL.
693 * "pCallback"
694 * Address where the Boolean LocalFlag will be stored. Must be non-NULL.
695 * "plContext"
696 * Platform-specific context pointer.
697 * THREAD SAFETY:
698 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
699 * RETURNS:
700 * Returns NULL if the function succeeds.
701 * Returns a Fatal Error if the function fails in an unrecoverable way.
702 */
703 PKIX_Error *
704 PKIX_CertStore_GetLocalFlag(
705 PKIX_CertStore *store,
706 PKIX_Boolean *pLocalFlag,
707 void *plContext);
709 #ifdef __cplusplus
710 }
711 #endif
713 #endif /* _PKIX_CERTSTORE_H */
