security/nss/lib/libpkix/include/pkix_crlsel.h@b8a032363ba2
security/nss/lib/libpkix/include/pkix_crlsel.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * This file defines functions associated with the PKIX_CRLSelector and the
6 * PKIX_ComCRLSelParams types.
7 *
8 */
11 #ifndef _PKIX_CRLSEL_H
12 #define _PKIX_CRLSEL_H
14 #include "pkixt.h"
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
20 /* General
21 *
22 * Please refer to the libpkix Programmer's Guide for detailed information
23 * about how to use the libpkix library. Certain key warnings and notices from
24 * that document are repeated here for emphasis.
25 *
26 * All identifiers in this file (and all public identifiers defined in
27 * libpkix) begin with "PKIX_". Private identifiers only intended for use
28 * within the library begin with "pkix_".
29 *
30 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
31 *
32 * Unless otherwise noted, for all accessor (gettor) functions that return a
33 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
34 * shared object. Therefore, the caller should treat this shared object as
35 * read-only and should not modify this shared object. When done using the
36 * shared object, the caller should release the reference to the object by
37 * using the PKIX_PL_Object_DecRef function.
38 *
39 * While a function is executing, if its arguments (or anything referred to by
40 * its arguments) are modified, free'd, or destroyed, the function's behavior
41 * is undefined.
42 *
43 */
45 /* PKIX_CRLSelector
46 *
47 * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
48 * based on particular criteria. A CRLSelector is typically used by libpkix
49 * to retrieve CRLs from a CertStore during certificate chain validation or
50 * building. (see pkix_certstore.h) For example, the caller may wish to only
51 * select those CRLs that have a particular issuer or a particular value for a
52 * private CRL extension. The MatchCallback allows the caller to specify the
53 * custom matching logic to be used by a CRLSelector.
55 * By default, the MatchCallback is set to point to the default implementation
56 * provided by libpkix, which understands how to process the most common
57 * parameters. If the default implementation is used, the caller should set
58 * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
59 * Any common parameter that is not set is assumed to be disabled, which means
60 * the default MatchCallback implementation will select all CRLs without
61 * regard to that particular disabled parameter. For example, if the
62 * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
63 * CRL based on its CRL number. As such, if no parameters are set, all are
64 * disabled and any CRL will match. If a parameter is disabled, its associated
65 * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
66 *
67 * If a custom implementation is desired, the default implementation can be
68 * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
69 * CRLSelector can be initialized with a crlSelectorContext, which is where
70 * the caller can specify the desired parameters the caller wishes to match
71 * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
72 * allowing it to be reference-counted and allowing it to provide the standard
73 * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
74 *
75 */
77 /*
78 * FUNCTION: PKIX_CRLSelector_MatchCallback
79 * DESCRIPTION:
80 *
81 * This callback function determines whether the specified CRL pointed to by
82 * "crl" matches the criteria of the CRLSelector pointed to by "selector".
83 * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
84 * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
85 *
86 * PARAMETERS:
87 * "selector"
88 * Address of CRLSelector whose MatchCallback logic and parameters are
89 * to be used. Must be non-NULL.
90 * "crl"
91 * Address of CRL that is to be matched using "selector". Must be non-NULL.
92 * "pMatch"
93 * Address at which Boolean result is stored. Must be non-NULL.
94 * "plContext"
95 * Platform-specific context pointer.
96 * THREAD SAFETY:
97 * Thread Safe
98 *
99 * Multiple threads must be able to safely call this function without
100 * worrying about conflicts, even if they're operating on the same objects.
101 * RETURNS:
102 * Returns NULL if the function succeeds.
103 * Returns a CRLSelector Error if the function fails in a non-fatal way.
104 * Returns a Fatal Error if the function fails in an unrecoverable way.
105 */
106 typedef PKIX_Error *
107 (*PKIX_CRLSelector_MatchCallback)(
108 PKIX_CRLSelector *selector,
109 PKIX_PL_CRL *crl,
110 PKIX_Boolean *pMatch,
111 void *plContext);
113 /*
114 * FUNCTION: PKIX_CRLSelector_Create
115 * DESCRIPTION:
116 *
117 * Creates a new CRLSelector using the Object pointed to by
118 * "crlSelectorContext" (if any) and stores it at "pSelector". As noted
119 * above, by default, the MatchCallback is set to point to the default
120 * implementation provided by libpkix, which understands how to process
121 * ComCRLSelParams. This is overridden if the MatchCallback pointed to by
122 * "callback" is not NULL, in which case the parameters are specified using
123 * the Object pointed to by "crlSelectorContext".
124 *
125 * PARAMETERS:
126 * "issue"
127 * crl issuer.
128 * "crlDpList"
129 * distribution points list
130 * "callback"
131 * The MatchCallback function to be used.
132 * "pSelector"
133 * Address where object pointer will be stored. Must be non-NULL.
134 * "plContext"
135 * Platform-specific context pointer.
136 * THREAD SAFETY:
137 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
138 * RETURNS:
139 * Returns NULL if the function succeeds.
140 * Returns a CRLSelector Error if the function fails in a non-fatal way.
141 * Returns a Fatal Error if the function fails in an unrecoverable way.
142 */
143 PKIX_Error *
144 PKIX_CRLSelector_Create(
145 PKIX_PL_Cert *issuer,
146 PKIX_List *crlDpList,
147 PKIX_PL_Date *date,
148 PKIX_CRLSelector **pSelector,
149 void *plContext);
151 /*
152 * FUNCTION: PKIX_CRLSelector_GetMatchCallback
153 * DESCRIPTION:
154 *
155 * Retrieves a pointer to "selector's" Match callback function and puts it in
156 * "pCallback".
157 *
158 * PARAMETERS:
159 * "selector"
160 * The CRLSelector whose Match callback is desired. Must be non-NULL.
161 * "pCallback"
162 * Address where Match callback function pointer will be stored.
163 * Must be non-NULL.
164 * "plContext"
165 * Platform-specific context pointer.
166 * THREAD SAFETY:
167 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
168 * RETURNS:
169 * Returns NULL if the function succeeds.
170 * Returns a CRLSelector Error if the function fails in a non-fatal way.
171 * Returns a Fatal Error if the function fails in an unrecoverable way.
172 */
173 PKIX_Error *
174 PKIX_CRLSelector_GetMatchCallback(
175 PKIX_CRLSelector *selector,
176 PKIX_CRLSelector_MatchCallback *pCallback,
177 void *plContext);
179 /*
180 * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
181 * DESCRIPTION:
182 *
183 * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
184 * of the CRLSelector pointed to by "selector" and stores it at
185 * "pCRLSelectorContext".
186 *
187 * PARAMETERS:
188 * "selector"
189 * Address of CRLSelector whose context is to be stored. Must be non-NULL.
190 * "pCRLSelectorContext"
191 * Address where object pointer will be stored. Must be non-NULL.
192 * "plContext"
193 * Platform-specific context pointer.
194 * THREAD SAFETY:
195 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
196 * RETURNS:
197 * Returns NULL if the function succeeds.
198 * Returns a CRLSelector Error if the function fails in a non-fatal way.
199 * Returns a Fatal Error if the function fails in an unrecoverable way.
200 */
201 PKIX_Error *
202 PKIX_CRLSelector_GetCRLSelectorContext(
203 PKIX_CRLSelector *selector,
204 void **pCRLSelectorContext,
205 void *plContext);
207 /*
208 * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
209 * DESCRIPTION:
210 *
211 * Retrieves a pointer to the ComCRLSelParams object that represent the common
212 * parameters of the CRLSelector pointed to by "selector" and stores it at
213 * "pCommonCRLSelectorParams". If there are no common parameters stored with
214 * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
215 *
216 * PARAMETERS:
217 * "selector"
218 * Address of CRLSelector whose ComCRLSelParams are to be stored.
219 * Must be non-NULL.
220 * "pCommonCRLSelectorParams"
221 * Address where object pointer will be stored. Must be non-NULL.
222 * "plContext"
223 * Platform-specific context pointer.
224 * THREAD SAFETY:
225 * Conditionally Thread Safe
226 * (see Thread Safety Definitions in Programmer's Guide)
227 * RETURNS:
228 * Returns NULL if the function succeeds.
229 * Returns a CRLSelector Error if the function fails in a non-fatal way.
230 * Returns a Fatal Error if the function fails in an unrecoverable way.
231 */
232 PKIX_Error *
233 PKIX_CRLSelector_GetCommonCRLSelectorParams(
234 PKIX_CRLSelector *selector,
235 PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
236 void *plContext);
238 /*
239 * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
240 * DESCRIPTION:
241 *
242 * Sets the common parameters for the CRLSelector pointed to by "selector"
243 * using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
244 *
245 * PARAMETERS:
246 * "selector"
247 * Address of CRLSelector whose common parameters are to be set.
248 * Must be non-NULL.
249 * "commonCRLSelectorParams"
250 * Address of ComCRLSelParams representing the common parameters.
251 * "plContext"
252 * Platform-specific context pointer.
253 * THREAD SAFETY:
254 * Not Thread Safe - assumes exclusive access to "selector"
255 * (see Thread Safety Definitions in Programmer's Guide)
256 * RETURNS:
257 * Returns NULL if the function succeeds.
258 * Returns a CRLSelector Error if the function fails in a non-fatal way.
259 * Returns a Fatal Error if the function fails in an unrecoverable way.
260 */
261 PKIX_Error *
262 PKIX_CRLSelector_SetCommonCRLSelectorParams(
263 PKIX_CRLSelector *selector,
264 PKIX_ComCRLSelParams *commonCRLSelectorParams,
265 void *plContext);
267 /* PKIX_ComCRLSelParams
268 *
269 * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
270 * especially determining which CRLs to retrieve from a CertStore.
271 * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
272 * the default implementation of MatchCallback, which understands how to
273 * process ComCRLSelParams.
274 */
276 /*
277 * FUNCTION: PKIX_ComCRLSelParams_Create
278 * DESCRIPTION:
279 *
280 * Creates a new ComCRLSelParams object and stores it at "pParams".
281 *
282 * PARAMETERS:
283 * "pParams"
284 * Address where object pointer will be stored. Must be non-NULL.
285 * "plContext"
286 * Platform-specific context pointer.
287 * THREAD SAFETY:
288 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
289 * RETURNS:
290 * Returns NULL if the function succeeds.
291 * Returns a CRLSelector Error if the function fails in a non-fatal way.
292 * Returns a Fatal Error if the function fails in an unrecoverable way.
293 */
294 PKIX_Error *
295 PKIX_ComCRLSelParams_Create(
296 PKIX_ComCRLSelParams **pParams,
297 void *plContext);
299 /*
300 * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
301 * DESCRIPTION:
302 *
303 * Retrieves a pointer to the List of X500Names (if any) representing the
304 * issuer names criterion that is set in the ComCRLSelParams pointed to by
305 * "params" and stores it at "pNames". In order to match against this
306 * criterion, a CRL's IssuerName must match at least one of the criterion's
307 * issuer names.
308 *
309 * If "params" does not have this criterion set, this function stores NULL at
310 * "pNames", in which case all CRLs are considered to match.
311 *
312 * Note that the List returned by this function is immutable.
313 *
314 * PARAMETERS:
315 * "params"
316 * Address of ComCRLSelParams whose issuer names criterion (if any) is to
317 * be stored. Must be non-NULL.
318 * "pNames"
319 * Address where object pointer will be stored. Must be non-NULL.
320 * "plContext"
321 * Platform-specific context pointer.
322 * THREAD SAFETY:
323 * Conditionally Thread Safe
324 * (see Thread Safety Definitions in Programmer's Guide)
325 * RETURNS:
326 * Returns NULL if the function succeeds.
327 * Returns a CRLSelector Error if the function fails in a non-fatal way.
328 * Returns a Fatal Error if the function fails in an unrecoverable way.
329 */
330 PKIX_Error *
331 PKIX_ComCRLSelParams_GetIssuerNames(
332 PKIX_ComCRLSelParams *params,
333 PKIX_List **pNames, /* list of PKIX_PL_X500Name */
334 void *plContext);
336 /*
337 * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
338 * DESCRIPTION:
339 *
340 * Sets the issuer names criterion of the ComCRLSelParams pointed to by
341 * "params" using a List of X500Names pointed to by "names". In order to match
342 * against this criterion, a CRL's IssuerName must match at least one of the
343 * criterion's issuer names.
344 *
345 * PARAMETERS:
346 * "params"
347 * Address of ComCRLSelParamsParams whose issuer names criterion is to be
348 * set. Must be non-NULL.
349 * "names"
350 * Address of List of X500Names used to set the criterion
351 * "plContext"
352 * Platform-specific context pointer.
353 * THREAD SAFETY:
354 * Not Thread Safe - assumes exclusive access to "params"
355 * (see Thread Safety Definitions in Programmer's Guide)
356 * RETURNS:
357 * Returns NULL if the function succeeds.
358 * Returns a CRLSelector Error if the function fails in a non-fatal way.
359 * Returns a Fatal Error if the function fails in an unrecoverable way.
360 */
361 PKIX_Error *
362 PKIX_ComCRLSelParams_SetIssuerNames(
363 PKIX_ComCRLSelParams *params,
364 PKIX_List *names, /* list of PKIX_PL_X500Name */
365 void *plContext);
367 /*
368 * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
369 * DESCRIPTION:
370 *
371 * Adds to the issuer names criterion of the ComCRLSelParams pointed to by
372 * "params" using the X500Name pointed to by "name". In order to match
373 * against this criterion, a CRL's IssuerName must match at least one of the
374 * criterion's issuer names.
375 *
376 * PARAMETERS:
377 * "params"
378 * Address of ComCRLSelParams whose issuer names criterion is to be added
379 * to. Must be non-NULL.
380 * "name"
381 * Address of X500Name to be added.
382 * "plContext"
383 * Platform-specific context pointer.
384 * THREAD SAFETY:
385 * Not Thread Safe - assumes exclusive access to "params"
386 * (see Thread Safety Definitions in Programmer's Guide)
387 * RETURNS:
388 * Returns NULL if the function succeeds.
389 * Returns a CRLSelector Error if the function fails in a non-fatal way.
390 * Returns a Fatal Error if the function fails in an unrecoverable way.
391 */
392 PKIX_Error *
393 PKIX_ComCRLSelParams_AddIssuerName(
394 PKIX_ComCRLSelParams *params,
395 PKIX_PL_X500Name *name,
396 void *plContext);
398 /*
399 * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
400 * DESCRIPTION:
401 *
402 * Retrieves a pointer to the Cert (if any) representing the certificate whose
403 * revocation status is being checked. This is not a criterion. It is simply
404 * optional information that may help a CertStore find relevant CRLs.
405 *
406 * If "params" does not have a certificate set, this function stores NULL at
407 * "pCert", in which case there is no optional information to provide.
408 *
409 * PARAMETERS:
410 * "params"
411 * Address of ComCRLSelParams whose certificate being checked (if any) is
412 * to be stored. Must be non-NULL.
413 * "pCert"
414 * Address where object pointer will be stored. Must be non-NULL.
415 * "plContext"
416 * Platform-specific context pointer.
417 * THREAD SAFETY:
418 * Conditionally Thread Safe
419 * (see Thread Safety Definitions in Programmer's Guide)
420 * RETURNS:
421 * Returns NULL if the function succeeds
422 * Returns a CRLSelector Error if the function fails in a non-fatal way.
423 * Returns a Fatal Error if the function fails in an unrecoverable way.
424 */
425 PKIX_Error *
426 PKIX_ComCRLSelParams_GetCertificateChecking(
427 PKIX_ComCRLSelParams *params,
428 PKIX_PL_Cert **pCert,
429 void *plContext);
431 /*
432 * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
433 * DESCRIPTION:
434 *
435 * Sets the ComCRLSelParams pointed to by "params" with the certificate
436 * (pointed to by "cert") whose revocation status is being checked. This is
437 * not a criterion. It is simply optional information that may help a
438 * CertStore find relevant CRLs.
439 *
440 * PARAMETERS:
441 * "params"
442 * Address of ComCRLSelParams whose certificate being checked is to be
443 * set. Must be non-NULL.
444 * "cert"
445 * Address of Cert whose revocation status is being checked
446 * "plContext"
447 * Platform-specific context pointer.
448 * THREAD SAFETY:
449 * Not Thread Safe - assumes exclusive access to "params"
450 * (see Thread Safety Definitions in Programmer's Guide)
451 * RETURNS:
452 * Returns NULL if the function succeeds.
453 * Returns a CRLSelector Error if the function fails in a non-fatal way.
454 * Returns a Fatal Error if the function fails in an unrecoverable way.
455 */
456 PKIX_Error *
457 PKIX_ComCRLSelParams_SetCertificateChecking(
458 PKIX_ComCRLSelParams *params,
459 PKIX_PL_Cert *cert,
460 void *plContext);
462 /*
463 * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
464 * DESCRIPTION:
465 *
466 * Retrieves a pointer to the Date (if any) representing the dateAndTime
467 * criterion that is set in the ComCRLSelParams pointed to by "params" and
468 * stores it at "pDate". In order to match against this criterion, a CRL's
469 * thisUpdate component must be less than or equal to the criterion's
470 * dateAndTime and the CRL's nextUpdate component must be later than the
471 * criterion's dateAndTime. There is no match if the CRL does not contain a
472 * nextUpdate component.
473 *
474 * If "params" does not have this criterion set, this function stores NULL at
475 * "pDate", in which case all CRLs are considered to match.
476 *
477 * PARAMETERS:
478 * "params"
479 * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
480 * be stored. Must be non-NULL.
481 * "pDate"
482 * Address where object pointer will be stored. Must be non-NULL.
483 * "plContext"
484 * Platform-specific context pointer.
485 * THREAD SAFETY:
486 * Conditionally Thread Safe
487 * (see Thread Safety Definitions in Programmer's Guide)
488 * RETURNS:
489 * Returns NULL if the function succeeds.
490 * Returns a CRLSelector Error if the function fails in a non-fatal way.
491 * Returns a Fatal Error if the function fails in an unrecoverable way.
492 */
493 PKIX_Error *
494 PKIX_ComCRLSelParams_GetDateAndTime(
495 PKIX_ComCRLSelParams *params,
496 PKIX_PL_Date **pDate,
497 void *plContext);
499 /*
500 * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
501 * DESCRIPTION:
502 *
503 * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
504 * "params" using a Date pointed to by "date". In order to match against this
505 * criterion, a CRL's thisUpdate component must be less than or equal to the
506 * criterion's dateAndTime and the CRL's nextUpdate component must be later
507 * than the criterion's dateAndTime. There is no match if the CRL does not
508 * contain a nextUpdate component.
509 *
510 * PARAMETERS:
511 * "params"
512 * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
513 * set. Must be non-NULL.
514 * "date"
515 * Address of Date used to set the criterion
516 * "plContext"
517 * Platform-specific context pointer.
518 * THREAD SAFETY:
519 * Not Thread Safe - assumes exclusive access to "params"
520 * (see Thread Safety Definitions in Programmer's Guide)
521 * RETURNS:
522 * Returns NULL if the function succeeds.
523 * Returns a CRLSelector Error if the function fails in a non-fatal way.
524 * Returns a Fatal Error if the function fails in an unrecoverable way.
525 */
526 PKIX_Error *
527 PKIX_ComCRLSelParams_SetDateAndTime(
528 PKIX_ComCRLSelParams *params,
529 PKIX_PL_Date *date,
530 void *plContext);
532 /*
533 * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
534 * DESCRIPTION:
535 *
536 * Retrieves a pointer to the Boolean representing the NIST CRL policy
537 * activation flag that is set in the ComCRLSelParams pointed to by "params"
538 * and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
539 *
540 * Default value for this flag is TRUE.
541 *
542 * PARAMETERS:
543 * "params"
544 * Address of ComCRLSelParams whose NIST CRL policy criterion is to
545 * be stored. Must be non-NULL.
546 * "pEnabled"
547 * Address where object pointer will be stored. Must be non-NULL.
548 * "plContext"
549 * Platform-specific context pointer.
550 * THREAD SAFETY:
551 * Conditionally Thread Safe
552 * (see Thread Safety Definitions in Programmer's Guide)
553 * RETURNS:
554 * Returns NULL if the function succeeds.
555 * Returns a CRLSelector Error if the function fails in a non-fatal way.
556 * Returns a Fatal Error if the function fails in an unrecoverable way.
557 */
558 PKIX_Error *
559 PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
560 PKIX_ComCRLSelParams *params,
561 PKIX_Boolean *pEnabled,
562 void *plContext);
564 /*
565 * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
566 * DESCRIPTION:
567 *
568 * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
569 * "params" using a "enabled" flag. In order to match against this
570 * criterion, a CRL's nextUpdate must be available and criterion's
571 * dataAndTime must be within thisUpdate and nextUpdate time period.
572 *
573 * PARAMETERS:
574 * "params"
575 * Address of ComCRLSelParamsParams whose NIST CRL policy criterion
576 * is to be set. Must be non-NULL.
577 * "enabled"
578 * Address of Bollean used to set the criterion
579 * "plContext"
580 * Platform-specific context pointer.
581 * THREAD SAFETY:
582 * Not Thread Safe - assumes exclusive access to "params"
583 * (see Thread Safety Definitions in Programmer's Guide)
584 * RETURNS:
585 * Returns NULL if the function succeeds.
586 * Returns a CRLSelector Error if the function fails in a non-fatal way.
587 * Returns a Fatal Error if the function fails in an unrecoverable way.
588 */
589 PKIX_Error *
590 PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
591 PKIX_ComCRLSelParams *params,
592 PKIX_Boolean enabled,
593 void *plContext);
595 /*
596 * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
597 * DESCRIPTION:
598 *
599 * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
600 * criterion that is set in the ComCRLSelParams pointed to by "params" and
601 * stores it at "pNumber". In order to match against this criterion, a CRL
602 * must have a CRL number extension whose value is less than or equal to the
603 * criterion's value.
604 *
605 * If "params" does not have this criterion set, this function stores NULL at
606 * "pNumber", in which case all CRLs are considered to match.
607 *
608 * PARAMETERS:
609 * "params"
610 * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
611 * be stored. Must be non-NULL.
612 * "pNumber"
613 * Address where object pointer will be stored. Must be non-NULL.
614 * "plContext"
615 * Platform-specific context pointer.
616 * THREAD SAFETY:
617 * Conditionally Thread Safe
618 * (see Thread Safety Definitions in Programmer's Guide)
619 * RETURNS:
620 * Returns NULL if the function succeeds.
621 * Returns a CRLSelector Error if the function fails in a non-fatal way.
622 * Returns a Fatal Error if the function fails in an unrecoverable way.
623 */
624 PKIX_Error *
625 PKIX_ComCRLSelParams_GetMaxCRLNumber(
626 PKIX_ComCRLSelParams *params,
627 PKIX_PL_BigInt **pNumber,
628 void *plContext);
630 /*
631 * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
632 * DESCRIPTION:
633 *
634 * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
635 * "params" using a BigInt pointed to by "number". In order to match against
636 * this criterion, a CRL must have a CRL number extension whose value is less
637 * than or equal to the criterion's value.
638 *
639 * PARAMETERS:
640 * "params"
641 * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
642 * set. Must be non-NULL.
643 * "number"
644 * Address of BigInt used to set the criterion
645 * "plContext"
646 * Platform-specific context pointer.
647 * THREAD SAFETY:
648 * Not Thread Safe - assumes exclusive access to "params"
649 * (see Thread Safety Definitions in Programmer's Guide)
650 * RETURNS:
651 * Returns NULL if the function succeeds.
652 * Returns a CRLSelector Error if the function fails in a non-fatal way.
653 * Returns a Fatal Error if the function fails in an unrecoverable way.
654 */
655 PKIX_Error *
656 PKIX_ComCRLSelParams_SetMaxCRLNumber(
657 PKIX_ComCRLSelParams *params,
658 PKIX_PL_BigInt *number,
659 void *plContext);
661 /*
662 * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
663 * DESCRIPTION:
664 *
665 * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
666 * criterion that is set in the ComCRLSelParams pointed to by "params" and
667 * stores it at "pNumber". In order to match against this criterion, a CRL
668 * must have a CRL number extension whose value is greater than or equal to
669 * the criterion's value.
670 *
671 * If "params" does not have this criterion set, this function stores NULL at
672 * "pNumber", in which case all CRLs are considered to match.
673 *
674 * PARAMETERS:
675 * "params"
676 * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
677 * be stored. Must be non-NULL.
678 * "pNumber"
679 * Address where object pointer will be stored. Must be non-NULL.
680 * "plContext"
681 * Platform-specific context pointer.
682 * THREAD SAFETY:
683 * Conditionally Thread Safe
684 * (see Thread Safety Definitions in Programmer's Guide)
685 * RETURNS:
686 * Returns NULL if the function succeeds.
687 * Returns a CRLSelector Error if the function fails in a non-fatal way.
688 * Returns a Fatal Error if the function fails in an unrecoverable way.
689 */
690 PKIX_Error *
691 PKIX_ComCRLSelParams_GetMinCRLNumber(
692 PKIX_ComCRLSelParams *params,
693 PKIX_PL_BigInt **pNumber,
694 void *plContext);
696 /*
697 * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
698 * DESCRIPTION:
699 *
700 * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
701 * "params" using a BigInt pointed to by "number". In order to match against
702 * this criterion, a CRL must have a CRL number extension whose value is
703 * greater than or equal to the criterion's value.
704 *
705 * PARAMETERS:
706 * "params"
707 * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
708 * set. Must be non-NULL.
709 * "number"
710 * Address of BigInt used to set the criterion
711 * "plContext"
712 * Platform-specific context pointer.
713 * THREAD SAFETY:
714 * Not Thread Safe - assumes exclusive access to "params"
715 * (see Thread Safety Definitions in Programmer's Guide)
716 * RETURNS:
717 * Returns NULL if the function succeeds.
718 * Returns a CRLSelector Error if the function fails in a non-fatal way.
719 * Returns a Fatal Error if the function fails in an unrecoverable way.
720 */
721 PKIX_Error *
722 PKIX_ComCRLSelParams_SetMinCRLNumber(
723 PKIX_ComCRLSelParams *params,
724 PKIX_PL_BigInt *number,
725 void *plContext);
727 /*
728 * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
729 * DESCRIPTION:
730 *
731 * Sets crldp list that can be used to download a crls.
732 *
733 * PARAMETERS:
734 * "params"
735 * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
736 * set. Must be non-NULL.
737 * "crldpList"
738 * A list of CRLDPs. Can be an emptry list.
739 * "plContext"
740 * Platform-specific context pointer.
741 * THREAD SAFETY:
742 * Not Thread Safe - assumes exclusive access to "params"
743 * (see Thread Safety Definitions in Programmer's Guide)
744 * RETURNS:
745 * Returns NULL if the function succeeds.
746 * Returns a CRLSelector Error if the function fails in a non-fatal way.
747 * Returns a Fatal Error if the function fails in an unrecoverable way.
748 */
749 PKIX_Error*
750 PKIX_ComCRLSelParams_SetCrlDp(
751 PKIX_ComCRLSelParams *params,
752 PKIX_List *crldpList,
753 void *plContext);
755 #ifdef __cplusplus
756 }
757 #endif
759 #endif /* _PKIX_CRLSEL_H */
