michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * This file defines functions associated with the PKIX_CertSelector and the michael@0: * PKIX_ComCertSelParams types. michael@0: * michael@0: */ michael@0: michael@0: #ifndef _PKIX_CERTSEL_H michael@0: #define _PKIX_CERTSEL_H michael@0: michael@0: #include "pkixt.h" michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: /* General michael@0: * michael@0: * Please refer to the libpkix Programmer's Guide for detailed information michael@0: * about how to use the libpkix library. Certain key warnings and notices from michael@0: * that document are repeated here for emphasis. michael@0: * michael@0: * All identifiers in this file (and all public identifiers defined in michael@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use michael@0: * within the library begin with "pkix_". michael@0: * michael@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. michael@0: * michael@0: * Unless otherwise noted, for all accessor (gettor) functions that return a michael@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a michael@0: * shared object. Therefore, the caller should treat this shared object as michael@0: * read-only and should not modify this shared object. When done using the michael@0: * shared object, the caller should release the reference to the object by michael@0: * using the PKIX_PL_Object_DecRef function. michael@0: * michael@0: * While a function is executing, if its arguments (or anything referred to by michael@0: * its arguments) are modified, free'd, or destroyed, the function's behavior michael@0: * is undefined. michael@0: * michael@0: */ michael@0: michael@0: /* PKIX_CertSelector michael@0: * michael@0: * PKIX_CertSelectors provide a standard way for the caller to select michael@0: * certificates based on particular criteria. A CertSelector is typically used michael@0: * by the caller to specify the constraints they wish to impose on the target michael@0: * certificate in a chain. (see pkix_params.h) A CertSelector is also often michael@0: * used to retrieve certificates from a CertStore that match the selector's michael@0: * criteria. (See pkix_certstore.h) For example, the caller may wish to only michael@0: * select those certificates that have a particular Subject Distinguished Name michael@0: * and a particular value for a private certificate extension. The michael@0: * MatchCallback allows the caller to specify the custom matching logic to be michael@0: * used by a CertSelector. michael@0: * michael@0: * By default, the MatchCallback is set to point to the default implementation michael@0: * provided by libpkix, which understands how to process the most common michael@0: * parameters. If the default implementation is used, the caller should set michael@0: * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams. michael@0: * Any common parameter that is not set is assumed to be disabled, which means michael@0: * the default MatchCallback implementation will select all certificates michael@0: * without regard to that particular disabled parameter. For example, if the michael@0: * SerialNumber parameter is not set, MatchCallback will not filter out any michael@0: * certificate based on its serial number. As such, if no parameters are set, michael@0: * all are disabled and any certificate will match. If a parameter is michael@0: * disabled, its associated PKIX_ComCertSelParams_Get* function returns a michael@0: * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints michael@0: * and PKIX_ComCertSelParams_GetVersion, or 0 for michael@0: * PKIX_ComCertSelParams_GetKeyUsage. michael@0: * michael@0: * If a custom implementation is desired, the default implementation can be michael@0: * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the michael@0: * CertSelector can be initialized with a certSelectorContext, which is where michael@0: * the caller can specify the desired parameters the caller wishes to match michael@0: * against. Note that this certSelectorContext must be an Object (although any michael@0: * object type), allowing it to be reference-counted and allowing it to michael@0: * provide the standard Object functions (Equals, Hashcode, ToString, Compare, michael@0: * Duplicate). michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CertSelector_MatchCallback michael@0: * DESCRIPTION: michael@0: * michael@0: * This callback function determines whether the specified Cert pointed to by michael@0: * "cert" matches the criteria of the CertSelector pointed to by "selector". michael@0: * If the Cert does not matches the CertSelector's criteria, an exception will michael@0: * be thrown. michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CertSelector whose MatchCallback logic and parameters are michael@0: * to be used. Must be non-NULL. michael@0: * "cert" michael@0: * Address of Cert that is to be matched using "selector". michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe michael@0: * michael@0: * Multiple threads must be able to safely call this function without michael@0: * worrying about conflicts, even if they're operating on the same object. michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: typedef PKIX_Error * michael@0: (*PKIX_CertSelector_MatchCallback)( michael@0: PKIX_CertSelector *selector, michael@0: PKIX_PL_Cert *cert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CertSelector_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new CertSelector using the Object pointed to by michael@0: * "certSelectorContext" (if any) and stores it at "pSelector". As noted michael@0: * above, by default, the MatchCallback is set to point to the default michael@0: * implementation provided by libpkix, which understands how to process michael@0: * ComCertSelParams objects. This is overridden if the MatchCallback pointed michael@0: * to by "callback" is not NULL, in which case the parameters are specified michael@0: * using the certSelectorContext. michael@0: * michael@0: * PARAMETERS: michael@0: * "callback" michael@0: * The MatchCallback function to be used. michael@0: * "certSelectorContext" michael@0: * Address of Object representing the CertSelector's context (if any). michael@0: * "pSelector" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CertSelector_Create( michael@0: PKIX_CertSelector_MatchCallback callback, michael@0: PKIX_PL_Object *certSelectorContext, michael@0: PKIX_CertSelector **pSelector, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CertSelector_GetMatchCallback michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to "selector's" Match callback function and puts it in michael@0: * "pCallback". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * The CertSelector whose Match callback is desired. Must be non-NULL. michael@0: * "pCallback" michael@0: * Address where Match callback function pointer will be stored. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CertSelector_GetMatchCallback( michael@0: PKIX_CertSelector *selector, michael@0: PKIX_CertSelector_MatchCallback *pCallback, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CertSelector_GetCertSelectorContext michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) michael@0: * of the CertSelector pointed to by "selector" and stores it at michael@0: * "pCertSelectorContext". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CertSelector whose context is to be stored. michael@0: * Must be non-NULL. michael@0: * "pCertSelectorContext" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CertSelector_GetCertSelectorContext( michael@0: PKIX_CertSelector *selector, michael@0: PKIX_PL_Object **pCertSelectorContext, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the ComCertSelParams object that represent the michael@0: * common parameters of the CertSelector pointed to by "selector" and stores michael@0: * it at "pCommonCertSelectorParams". If there are no common parameters michael@0: * stored with the CertSelector, this function stores NULL at michael@0: * "pCommonCertSelectorParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CertSelector whose ComCertSelParams object is to be stored. michael@0: * Must be non-NULL. michael@0: * "pCommonCertSelectorParams" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CertSelector_GetCommonCertSelectorParams( michael@0: PKIX_CertSelector *selector, michael@0: PKIX_ComCertSelParams **pCommonCertSelectorParams, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the common parameters for the CertSelector pointed to by "selector" michael@0: * using the ComCertSelParams object pointed to by "commonCertSelectorParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CertSelector whose common parameters are to be set. michael@0: * Must be non-NULL. michael@0: * "commonCertSelectorParams" michael@0: * Address of ComCertSelParams object representing the common parameters. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "selector" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CertSelector_SetCommonCertSelectorParams( michael@0: PKIX_CertSelector *selector, michael@0: PKIX_ComCertSelParams *commonCertSelectorParams, michael@0: void *plContext); michael@0: michael@0: /* PKIX_ComCertSelParams michael@0: * michael@0: * PKIX_ComCertSelParams objects are X.509 parameters commonly used with michael@0: * CertSelectors, especially when enforcing constraints on a target michael@0: * certificate or determining which certificates to retrieve from a CertStore. michael@0: * ComCertSelParams objects are typically used with those CertSelectors that michael@0: * use the default implementation of MatchCallback, which understands how to michael@0: * process ComCertSelParams objects. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new ComCertSelParams object and stores it at "pParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "pParams" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_Create( michael@0: PKIX_ComCertSelParams **pParams, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of GeneralNames (if any) representing the michael@0: * subject alternative names criterion that is set in the ComCertSelParams michael@0: * object pointed to by "params" and stores it at "pNames". In order to match michael@0: * against this criterion, a certificate must contain all or at least one of michael@0: * the criterion's subject alternative names (depending on the result of michael@0: * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior michael@0: * requires a certificate to contain all of the criterion's subject michael@0: * alternative names in order to match. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pNames", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject alternative names michael@0: * criterion (if any) is to be stored. Must be non-NULL. michael@0: * "pNames" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSubjAltNames( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the subject alternative names criterion of the ComCertSelParams object michael@0: * pointed to by "params" using a List of GeneralNames pointed to by "names". michael@0: * In order to match against this criterion, a certificate must contain all or michael@0: * at least one of the criterion's subject alternative names (depending on the michael@0: * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default michael@0: * behavior requires a certificate to contain all of the criterion's subject michael@0: * alternative names in order to match. michael@0: * michael@0: * If "names" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject alternative michael@0: * names criterion is to be set. Must be non-NULL. michael@0: * "names" michael@0: * Address of List of GeneralNames used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSubjAltNames( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List *names, /* list of PKIX_PL_GeneralName */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName michael@0: * DESCRIPTION: michael@0: * michael@0: * Adds to the subject alternative names criterion of the ComCertSelParams michael@0: * object pointed to by "params" using the GeneralName pointed to by "name". michael@0: * In order to match against this criterion, a certificate must contain all michael@0: * or at least one of the criterion's subject alternative names (depending on michael@0: * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default michael@0: * behavior requires a certificate to contain all of the criterion's subject michael@0: * alternative names in order to match. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject alternative names michael@0: * criterion is to be added to. Must be non-NULL. michael@0: * "name" michael@0: * Address of GeneralName to be added. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_AddSubjAltName( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_GeneralName *name, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetPathToNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of GeneralNames (if any) representing the michael@0: * path to names criterion that is set in the ComCertSelParams object pointed michael@0: * to by "params" and stores it at "pNames". In order to match against this michael@0: * criterion, a certificate must not include name constraints that would michael@0: * prohibit building a path to the criterion's specified names. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pNames", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose path to names criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pNames" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetPathToNames( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetPathToNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the path to names criterion of the ComCertSelParams object pointed to michael@0: * by "params" using a List of GeneralNames pointed to by "names". In order to michael@0: * match against this criterion, a certificate must not include name michael@0: * constraints that would prohibit building a path to the criterion's michael@0: * specified names. michael@0: * michael@0: * If "names" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose path to names criterion michael@0: * is to be set. Must be non-NULL. michael@0: * "names" michael@0: * Address of List of GeneralNames used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetPathToNames( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List *names, /* list of PKIX_PL_GeneralName */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_AddPathToName michael@0: * DESCRIPTION: michael@0: * michael@0: * Adds to the path to names criterion of the ComCertSelParams object pointed michael@0: * to by "params" using the GeneralName pointed to by "pathToName". In order michael@0: * to match against this criterion, a certificate must not include name michael@0: * constraints that would prohibit building a path to the criterion's michael@0: * specified names. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose path to names criterion is to michael@0: * be added to. Must be non-NULL. michael@0: * "pathToName" michael@0: * Address of GeneralName to be added. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_AddPathToName( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_GeneralName *pathToName, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the ByteArray (if any) representing the authority michael@0: * key identifier criterion that is set in the ComCertSelParams object michael@0: * pointed to by "params" and stores it at "pAuthKeyId". In order to match michael@0: * against this criterion, a certificate must contain an michael@0: * AuthorityKeyIdentifier extension whose value matches the criterion's michael@0: * authority key identifier value. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pAuthKeyId", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose authority key identifier michael@0: * criterion (if any) is to be stored. Must be non-NULL. michael@0: * "pAuthKeyId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_ByteArray **pAuthKeyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the authority key identifier criterion of the ComCertSelParams object michael@0: * pointed to by "params" to the ByteArray pointed to by "authKeyId". In michael@0: * order to match against this criterion, a certificate must contain an michael@0: * AuthorityKeyIdentifier extension whose value matches the criterion's michael@0: * authority key identifier value. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose authority key identifier michael@0: * criterion is to be set. Must be non-NULL. michael@0: * "authKeyId" michael@0: * Address of ByteArray used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_ByteArray *authKeyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the ByteArray (if any) representing the subject key michael@0: * identifier criterion that is set in the ComCertSelParams object pointed to michael@0: * by "params" and stores it at "pSubjKeyId". In order to match against this michael@0: * criterion, a certificate must contain a SubjectKeyIdentifier extension michael@0: * whose value matches the criterion's subject key identifier value. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pSubjKeyId", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject key identifier michael@0: * criterion (if any) is to be stored. Must be non-NULL. michael@0: * "pSubjKeyId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSubjKeyIdentifier( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_ByteArray **pSubjKeyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the subject key identifier criterion of the ComCertSelParams object michael@0: * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In michael@0: * order to match against this criterion, a certificate must contain an michael@0: * SubjectKeyIdentifier extension whose value matches the criterion's subject michael@0: * key identifier value. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject key identifier michael@0: * criterion is to be set. Must be non-NULL. michael@0: * "subjKeyId" michael@0: * Address of ByteArray used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSubjKeyIdentifier( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_ByteArray *subKeyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the PublicKey (if any) representing the subject michael@0: * public key criterion that is set in the ComCertSelParams object pointed to michael@0: * by "params" and stores it at "pPubKey". In order to match against this michael@0: * criterion, a certificate must contain a SubjectPublicKey that matches the michael@0: * criterion's public key. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pPubKey", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject public key criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pPubKey" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSubjPubKey( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_PublicKey **pPubKey, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the subject public key criterion of the ComCertSelParams object michael@0: * pointed to by "params" using a PublicKey pointed to by "pubKey". In order michael@0: * to match against this criterion, a certificate must contain a michael@0: * SubjectPublicKey that matches the criterion's public key. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject public key michael@0: * criterion is to be set. Must be non-NULL. michael@0: * "pubKey" michael@0: * Address of PublicKey used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSubjPubKey( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_PublicKey *pubKey, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the OID (if any) representing the subject public key michael@0: * algorithm identifier criterion that is set in the ComCertSelParams object michael@0: * pointed to by "params" and stores it at "pPubKey". In order to match michael@0: * against this criterion, a certificate must contain a SubjectPublicKey with michael@0: * an algorithm that matches the criterion's algorithm. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pAlgId", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject public key algorithm michael@0: * identifier (if any) is to be stored. Must be non-NULL. michael@0: * "pAlgId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSubjPKAlgId( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_OID **pAlgId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the subject public key algorithm identifier criterion of the michael@0: * ComCertSelParams object pointed to by "params" using an OID pointed to by michael@0: * "algId". In order to match against this criterion, a certificate must michael@0: * contain a SubjectPublicKey with an algorithm that matches the criterion's michael@0: * algorithm. michael@0: * michael@0: * If "algId" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject public key michael@0: * algorithm identifier criterion is to be set. Must be non-NULL. michael@0: * "algId" michael@0: * Address of OID used to set criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSubjPKAlgId( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_OID *algId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the minimum path length (if any) representing the michael@0: * basic constraints criterion that is set in the ComCertSelParams object michael@0: * pointed to by "params" and stores it at "pMinPathLength". In order to michael@0: * match against this criterion, there are several possibilities. michael@0: * michael@0: * 1) If the criterion's minimum path length is greater than or equal to zero, michael@0: * a certificate must include a BasicConstraints extension with a pathLen of michael@0: * at least this value. michael@0: * michael@0: * 2) If the criterion's minimum path length is -2, a certificate must be an michael@0: * end-entity certificate. michael@0: * michael@0: * 3) If the criterion's minimum path length is -1, no basic constraints check michael@0: * is done and all certificates are considered to match this criterion. michael@0: * michael@0: * The semantics of other values of the criterion's minimum path length are michael@0: * undefined but may be defined in future versions of the API. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores -1 at michael@0: * "pMinPathLength", in which case all certificates are considered to match michael@0: * this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose basic constraints criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pMinPathLength" michael@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetBasicConstraints( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Int32 *pMinPathLength, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the basic constraints criterion of the ComCertSelParams object michael@0: * pointed to by "params" using the integer value of "minPathLength". In michael@0: * order to match against this criterion, there are several possibilities. michael@0: * michael@0: * 1) If the criterion's minimum path length is greater than or equal to zero, michael@0: * a certificate must include a BasicConstraints extension with a pathLen of michael@0: * at least this value. michael@0: * michael@0: * 2) If the criterion's minimum path length is -2, a certificate must be an michael@0: * end-entity certificate. michael@0: * michael@0: * 3) If the criterion's minimum path length is -1, no basic constraints check michael@0: * is done and all certificates are considered to match this criterion. michael@0: * michael@0: * The semantics of other values of the criterion's minimum path length are michael@0: * undefined but may be defined in future versions of the API. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose basic constraints michael@0: * criterion is to be set. Must be non-NULL. michael@0: * "minPathLength" michael@0: * Value of PKIX_Int32 used to set the criterion michael@0: * (or -1 to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetBasicConstraints( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Int32 minPathLength, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetCertificate michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the Cert (if any) representing the certificate michael@0: * criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pCert". In order to match against this michael@0: * criterion, a certificate must be equal to the criterion's certificate. If michael@0: * this criterion is specified, it is usually not necessary to specify any michael@0: * other criteria, since this criterion requires an exact certificate match. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pCert", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose certificate criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pCert" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetCertificate( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_Cert **pCert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetCertificate michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the certificate criterion of the ComCertSelParams object pointed to by michael@0: * "params" using a Cert pointed to by "cert". In order to match against this michael@0: * criterion, a certificate must be equal to the criterion's certificate. michael@0: * If this criterion is specified, it is usually not necessary to specify michael@0: * any other criteria, since this criterion requires an exact certificate michael@0: * match. michael@0: * michael@0: * If "cert" is NULL, all certificates are considered to match this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose certificate criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "cert" michael@0: * Address of Cert used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetCertificate( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_Cert *cert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the Date (if any) representing the certificate michael@0: * validity criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pDate". In order to match against this michael@0: * criterion, a certificate's validity period must include the criterion's michael@0: * Date. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pDate", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose certificate validity criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pDate" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetCertificateValid( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_Date **pDate, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the certificate validity criterion of the ComCertSelParams object michael@0: * pointed to by "params" using a Date pointed to by "date". In order to michael@0: * match against this criterion, a certificate's validity period must include michael@0: * the criterion's Date. michael@0: * michael@0: * If "date" is NULL, all certificates are considered to match this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose certificate validity criterion michael@0: * is to be set. Must be non-NULL. michael@0: * "date" michael@0: * Address of Date used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetCertificateValid( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_Date *date, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the BigInt (if any) representing the serial number michael@0: * criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pSerialNumber". In order to match against this michael@0: * criterion, a certificate must have a serial number equal to the michael@0: * criterion's serial number. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pSerialNumber", in which case all certificates are considered to match michael@0: * this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose serial number criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pSerialNumber" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSerialNumber( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_BigInt **pSerialNumber, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the serial number criterion of the ComCertSelParams object pointed to michael@0: * by "params" using a BigInt pointed to by "serialNumber". In order to match michael@0: * against this criterion, a certificate must have a serial number equal to michael@0: * the criterion's serial number. michael@0: * michael@0: * If "serialNumber" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose serial number criterion is to michael@0: * be set. Must be non-NULL. michael@0: * "serialNumber" michael@0: * Address of BigInt used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSerialNumber( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_BigInt *serialNumber, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetVersion michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is michael@0: * set in the ComCertSelParams object pointed to by "params" and stores it at michael@0: * "pVersion". In order to match against this criterion, a certificate's michael@0: * version must be equal to the criterion's version. michael@0: * michael@0: * The version number will either be 0, 1, or 2 (corresponding to michael@0: * v1, v2, or v3, respectively). michael@0: * michael@0: * If "params" does not have this criterion set, this function stores michael@0: * 0xFFFFFFFF at "pVersion", in which case all certificates are considered michael@0: * to match this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose version criterion (if any) is michael@0: * to be stored. Must be non-NULL. michael@0: * "pVersion" michael@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetVersion( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_UInt32 *pVersion, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetVersion michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the version criterion of the ComCertSelParams object pointed to by michael@0: * "params" using the integer value of "version". In order to match against michael@0: * this criterion, a certificate's version must be equal to the criterion's michael@0: * version. If the criterion's version is -1, no version check is done and michael@0: * all certificates are considered to match this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose version criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "version" michael@0: * Value of PKIX_Int32 used to set the criterion michael@0: * (or -1 to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetVersion( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Int32 version, michael@0: void *plContext); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that michael@0: * is set in the ComCertSelParams object pointed to by "params" and stores it michael@0: * at "pKeyUsage". In order to match against this criterion, a certificate michael@0: * must allow the criterion's key usage values. Note that a certificate that michael@0: * has no KeyUsage extension implicity allows all key usages. Note also that michael@0: * this functions supports a maximum of 32 key usage bits. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores zero at michael@0: * "pKeyUsage", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose key usage criterion (if any) michael@0: * is to be stored. Must be non-NULL. michael@0: * "pKeyUsage" michael@0: * Address where PKIX_UInt32 will be stored. Must not be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetKeyUsage( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_UInt32 *pKeyUsage, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the key usage criterion of the ComCertSelParams object pointed to by michael@0: * "params" using the integer value of "keyUsage". In order to match against michael@0: * this criterion, a certificate must allow the criterion's key usage values. michael@0: * Note that a certificate that has no KeyUsage extension implicity allows michael@0: * all key usages. Note also that this functions supports a maximum of 32 key michael@0: * usage bits. michael@0: * michael@0: * If the criterion's key usage value is zero, no key usage check is done and michael@0: * all certificates are considered to match this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose key usage criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "keyUsage" michael@0: * Value of PKIX_Int32 used to set the criterion michael@0: * (or zero to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetKeyUsage( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_UInt32 keyUsage, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of OIDs (if any) representing the extended michael@0: * key usage criterion that is set in the ComCertSelParams object pointed to michael@0: * by "params" and stores it at "pExtKeyUsage". In order to match against this michael@0: * criterion, a certificate's ExtendedKeyUsage extension must allow the michael@0: * criterion's extended key usages. Note that a certificate that has no michael@0: * ExtendedKeyUsage extension implicity allows all key purposes. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pExtKeyUsage", in which case all certificates are considered to match michael@0: * this criterion. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose extended key usage criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pExtKeyUsage" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetExtendedKeyUsage( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the extended key usage criterion of the ComCertSelParams object michael@0: * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage". michael@0: * In order to match against this criterion, a certificate's ExtendedKeyUsage michael@0: * extension must allow the criterion's extended key usages. Note that a michael@0: * certificate that has no ExtendedKeyUsage extension implicitly allows all michael@0: * key purposes. michael@0: * michael@0: * If "extKeyUsage" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose extended key usage criterion michael@0: * is to be set. Must be non-NULL. michael@0: * "extKeyUsage" michael@0: * Address of List of OIDs used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetExtendedKeyUsage( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetPolicy michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of OIDs (if any) representing the policy michael@0: * criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pPolicy". In order to match against this michael@0: * criterion, a certificate's CertificatePolicies extension must include at michael@0: * least one of the criterion's policies. If "params" has this criterion set, michael@0: * but the List of OIDs is empty, then a certificate's CertificatePolicies michael@0: * extension must include at least some policy. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pPolicy", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose policy criterion (if any) is michael@0: * to be stored. Must be non-NULL. michael@0: * "pPolicy" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetPolicy( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List **pPolicy, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetPolicy michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the policy criterion of the ComCertSelParams object pointed to by michael@0: * "params" using a List of OIDs pointed to by "policy". In order to match michael@0: * against this criterion, a certificate's CertificatePolicies extension must michael@0: * include at least one of the criterion's policies. If "params" has this michael@0: * criterion set, but the List of OIDs is empty, then a certificate's michael@0: * CertificatePolicies extension must include at least some policy. michael@0: * michael@0: * If "policy" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose policy criterion is to be set. michael@0: * Must be non-NULL. michael@0: * "policy" michael@0: * Address of List of OIDs used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetPolicy( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_List *policy, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetIssuer michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the X500Name (if any) representing the issuer michael@0: * criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pIssuer". In order to match against this michael@0: * criterion, a certificate's IssuerName must match the criterion's issuer michael@0: * name. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pIssuer", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose issuer criterion (if any) is michael@0: * to be stored. Must be non-NULL. michael@0: * "pIssuer" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetIssuer( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_X500Name **pIssuer, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetIssuer michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the issuer criterion of the ComCertSelParams object pointed to by michael@0: * "params" using an X500Name pointed to by "issuer". In order to match michael@0: * against this criterion, a certificate's IssuerName must match the michael@0: * criterion's issuer name. michael@0: * michael@0: * If "issuer" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose issuer criterion is to be set. michael@0: * Must be non-NULL. michael@0: * "issuer" michael@0: * Address of X500Name used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetIssuer( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_X500Name *issuer, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSubject michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the X500Name (if any) representing the subject michael@0: * criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pSubject". In order to match against this michael@0: * criterion, a certificate's SubjectName must match the criterion's subject michael@0: * name. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pSubject", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject criterion (if any) is michael@0: * to be stored. Must be non-NULL. michael@0: * "pSubject" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSubject( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_X500Name **pSubject, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSubject michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the subject criterion of the ComCertSelParams object pointed to by michael@0: * "params" using an X500Name pointed to by "subject". In order to match michael@0: * against this criterion, a certificate's SubjectName must match the michael@0: * criterion's subject name. michael@0: * michael@0: * If "subject" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "subject" michael@0: * Address of X500Name used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSubject( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_X500Name *subject, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the ByteArray (if any) representing the subject michael@0: * criterion that is set in the ComCertSelParams object pointed to by michael@0: * "params" and stores it at "pSubject". In order to match against this michael@0: * criterion, a certificate's SubjectName must match the criterion's subject michael@0: * name. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pSubject", in which case all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject criterion (if any) is michael@0: * to be stored. Must be non-NULL. michael@0: * "pSubject" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetSubjectAsByteArray( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_ByteArray **pSubject, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the subject criterion of the ComCertSelParams object pointed to by michael@0: * "params" using a ByteArray pointed to by "subject". In order to match michael@0: * against this criterion, a certificate's SubjectName must match the michael@0: * criterion's subject name. michael@0: * michael@0: * If "subject" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose subject criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "subject" michael@0: * Address of ByteArray used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetSubjectAsByteArray( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_ByteArray *subject, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the X500Name (if any) representing the name michael@0: * constraints criterion that is set in the ComCertSelParams object pointed michael@0: * to by "params" and stores it at "pConstraints". In order to match against michael@0: * this criterion, a certificate's subject and subject alternative names must michael@0: * be allowed by the criterion's name constraints. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pConstraints", in which case all certificates are considered to match michael@0: * this criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose name constraints criterion michael@0: * (if any) is to be stored. Must be non-NULL. michael@0: * "pConstraints" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetNameConstraints( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_CertNameConstraints **pConstraints, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the name constraints criterion of the ComCertSelParams object pointed michael@0: * to by "params" using the CertNameConstraints pointed to by "constraints". michael@0: * In order to match against this criterion, a certificate's subject and michael@0: * subject alternative names must be allowed by the criterion's name michael@0: * constraints. michael@0: * michael@0: * If "constraints" is NULL, all certificates are considered to match this michael@0: * criterion. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose name constraints criterion is michael@0: * to be set. Must be non-NULL. michael@0: * "constraints" michael@0: * Address of CertNameConstraints used to set the criterion michael@0: * (or NULL to disable the criterion). michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetNameConstraints( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_PL_CertNameConstraints *constraints, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks whether the ComCertSelParams object pointed to by "params" indicate michael@0: * that all subject alternative names are to be matched and stores the Boolean michael@0: * result at "pMatch". This Boolean value determines the behavior of the michael@0: * subject alternative names criterion. michael@0: * michael@0: * In order to match against the subject alternative names criterion, if the michael@0: * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of michael@0: * the criterion's subject alternative names. If the Boolean value at michael@0: * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the michael@0: * criterion's subject alternative names. The default behavior is as if the michael@0: * Boolean value at "pMatch" is PKIX_TRUE. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object used to determine whether all michael@0: * subject alternative names must be matched. Must be non-NULL. michael@0: * "pMatch" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_GetMatchAllSubjAltNames( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Boolean *pMatch, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the match flag of the ComCertSelParams object pointed to by "params" michael@0: * using the Boolean value of "match". This Boolean value determines the michael@0: * behavior of the subject alternative names criterion. michael@0: * michael@0: * In order to match against the subject alternative names criterion, if the michael@0: * "match" is PKIX_TRUE, a certificate must contain all of the criterion's michael@0: * subject alternative names. If the "match" is PKIX_FALSE, a certificate michael@0: * must contain at least one of the criterion's subject alternative names. michael@0: * The default behavior is as if "match" is PKIX_TRUE. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose match flag is to be set. michael@0: * Must be non-NULL. michael@0: * "match" michael@0: * Boolean value used to set the match flag. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetMatchAllSubjAltNames( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Boolean match, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag michael@0: * DESCRIPTION: michael@0: * michael@0: * Return "leafCert" flag of the ComCertSelParams structure. If set to true, michael@0: * the flag indicates that a selector should filter out all cert that are not michael@0: * qualified to be a leaf cert according to the specified key/ekey usages. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object used to determine whether all michael@0: * subject alternative names must be matched. Must be non-NULL. michael@0: * "pLeafFlag" michael@0: * Address of returned value. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error* michael@0: PKIX_ComCertSelParams_GetLeafCertFlag( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Boolean *pLeafFlag, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets a flag that if its value is true, indicates that the selector michael@0: * should only pick certs that qualifies to be leaf for this cert path michael@0: * validation. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCertSelParams object whose match flag is to be set. michael@0: * Must be non-NULL. michael@0: * "leafFlag" michael@0: * Boolean value used to set the leaf flag. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCertSelParams_SetLeafCertFlag( michael@0: PKIX_ComCertSelParams *params, michael@0: PKIX_Boolean leafFlag, michael@0: void *plContext); michael@0: michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* _PKIX_CERTSEL_H */