michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * This file defines several platform independent functions to michael@0: * manipulate certificates and CRLs in a portable manner. michael@0: * michael@0: */ michael@0: michael@0: #ifndef _PKIX_PL_PKI_H michael@0: #define _PKIX_PL_PKI_H michael@0: michael@0: #include "pkixt.h" michael@0: #include "seccomon.h" michael@0: #include "certt.h" michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: /* General michael@0: * michael@0: * Please refer to the libpkix Programmer's Guide for detailed information michael@0: * about how to use the libpkix library. Certain key warnings and notices from michael@0: * that document are repeated here for emphasis. michael@0: * michael@0: * All identifiers in this file (and all public identifiers defined in michael@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use michael@0: * within the library begin with "pkix_". michael@0: * michael@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. michael@0: * michael@0: * Unless otherwise noted, for all accessor (gettor) functions that return a michael@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a michael@0: * shared object. Therefore, the caller should treat this shared object as michael@0: * read-only and should not modify this shared object. When done using the michael@0: * shared object, the caller should release the reference to the object by michael@0: * using the PKIX_PL_Object_DecRef function. michael@0: * michael@0: * While a function is executing, if its arguments (or anything referred to by michael@0: * its arguments) are modified, free'd, or destroyed, the function's behavior michael@0: * is undefined. michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * Cert michael@0: * michael@0: * A Cert represents an X.509 certificate. It can be created using the bytes michael@0: * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The michael@0: * following functions include accessors (gettors) for the various components michael@0: * of an X.509 certificate. Also included are functions to perform various michael@0: * checks on a certificate, including name constraints, key usage, validity michael@0: * (expiration), and signature verification. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new certificate using the bytes in the ByteArray pointed to by michael@0: * "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1 michael@0: * DER encoding of a certificate, a PKIX_Error pointer is returned. Once michael@0: * created, a Cert is immutable. michael@0: * michael@0: * Certificate ::= SEQUENCE { michael@0: * tbsCertificate TBSCertificate, michael@0: * signatureAlgorithm AlgorithmIdentifier, michael@0: * signatureValue BIT STRING } michael@0: * michael@0: * AlgorithmIdentifier ::= SEQUENCE { michael@0: * algorithm OBJECT IDENTIFIER, michael@0: * parameters ANY DEFINED BY algorithm OPTIONAL } michael@0: * michael@0: * TBSCertificate ::= SEQUENCE { michael@0: * version [0] EXPLICIT Version DEFAULT v1, michael@0: * serialNumber CertificateSerialNumber, michael@0: * signature AlgorithmIdentifier, michael@0: * issuer Name, michael@0: * validity Validity, michael@0: * subject Name, michael@0: * subjectPublicKeyInfo SubjectPublicKeyInfo, michael@0: * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, michael@0: * -- If present, version MUST be v2 or v3 michael@0: * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, michael@0: * -- If present, version MUST be v2 or v3 michael@0: * extensions [3] EXPLICIT Extensions OPTIONAL michael@0: * -- If present, version MUST be v3 michael@0: * } michael@0: * michael@0: * Version ::= INTEGER { v1(0), v2(1), v3(2) } michael@0: * michael@0: * CertificateSerialNumber ::= INTEGER michael@0: * michael@0: * Validity ::= SEQUENCE { michael@0: * notBefore Time, michael@0: * notAfter Time } michael@0: * michael@0: * Time ::= CHOICE { michael@0: * utcTime UTCTime, michael@0: * generalTime GeneralizedTime } michael@0: * michael@0: * UniqueIdentifier ::= BIT STRING michael@0: * michael@0: * SubjectPublicKeyInfo ::= SEQUENCE { michael@0: * algorithm AlgorithmIdentifier, michael@0: * subjectPublicKey BIT STRING } michael@0: * michael@0: * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension michael@0: * michael@0: * Extension ::= SEQUENCE { michael@0: * extnID OBJECT IDENTIFIER, michael@0: * critical BOOLEAN DEFAULT FALSE, michael@0: * extnValue OCTET STRING } michael@0: * michael@0: * PARAMETERS: michael@0: * "byteArray" michael@0: * Address of ByteArray representing the CERT's DER encoding. michael@0: * Must be non-NULL. michael@0: * "pCert" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_Create( michael@0: PKIX_PL_ByteArray *byteArray, michael@0: PKIX_PL_Cert **pCert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new certificate using passed in CERTCertificate object. michael@0: * michael@0: * PARAMETERS: michael@0: * "nssCert" michael@0: * The object that will be used to create new PKIX_PL_Cert. michael@0: * "pCert" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_CreateFromCERTCertificate( michael@0: const CERTCertificate *nssCert, michael@0: PKIX_PL_Cert **pCert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetCERTCertificate michael@0: * DESCRIPTION: michael@0: * michael@0: * Returns underlying CERTCertificate structure. Return CERTCertificate michael@0: * object is duplicated and should be destroyed by caller. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of PKIX_PL_Cert. Must be non-NULL. michael@0: * "pCert" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetCERTCertificate( michael@0: PKIX_PL_Cert *cert, michael@0: CERTCertificate **pnssCert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetVersion michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the version of the Cert pointed to by "cert" and stores it at michael@0: * "pVersion". The version number will either be 0, 1, or 2 (corresponding to michael@0: * v1, v2, or v3, respectively). michael@0: * michael@0: * Version ::= INTEGER { v1(0), v2(1), v3(2) } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose version is to be stored. Must be non-NULL. michael@0: * "pVersion" michael@0: * Address where PKIX_UInt32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetVersion( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_UInt32 *pVersion, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSerialNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the BigInt that represents the serial number of the michael@0: * Cert pointed to by "cert" and stores it at "pSerialNumber". michael@0: * michael@0: * CertificateSerialNumber ::= INTEGER michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose serial number is to be stored. Must be non-NULL. michael@0: * "pSerial" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSerialNumber( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_BigInt **pSerial, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetIssuer michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the X500Name that represents the issuer DN of the michael@0: * Cert pointed to by "cert" and stores it at "pIssuer". michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose issuer is to be stored. Must be non-NULL. michael@0: * "pIssuer" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetIssuer( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_X500Name **pIssuer, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSubject michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the X500Name that represents the subject DN of the michael@0: * Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not michael@0: * have a subject DN, this function stores NULL at "pSubject". michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subject is to be stored. Must be non-NULL. michael@0: * "pSubject" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSubject( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_X500Name **pSubject, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the OID that represents the subject public key michael@0: * algorithm of the Cert pointed to by "cert" and stores it at michael@0: * "pSubjKeyAlgId". michael@0: * michael@0: * SubjectPublicKeyInfo ::= SEQUENCE { michael@0: * algorithm AlgorithmIdentifier, michael@0: * subjectPublicKey BIT STRING } michael@0: * michael@0: * AlgorithmIdentifier ::= SEQUENCE { michael@0: * algorithm OBJECT IDENTIFIER, michael@0: * parameters ANY DEFINED BY algorithm OPTIONAL } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subject public key algorithm OID is to be stored. michael@0: * Must be non-NULL. michael@0: * "pSubjKeyAlgId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSubjectPublicKeyAlgId( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_OID **pSubjKeyAlgId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the PublicKey that represents the subject public key michael@0: * of the Cert pointed to by "cert" and stores it at "pPublicKey". michael@0: * michael@0: * SubjectPublicKeyInfo ::= SEQUENCE { michael@0: * algorithm AlgorithmIdentifier, michael@0: * subjectPublicKey BIT STRING } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subject public key is to be stored. michael@0: * Must be non-NULL. michael@0: * "pPublicKey" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSubjectPublicKey( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_PublicKey **pPublicKey, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters michael@0: * DESCRIPTION: michael@0: * michael@0: * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null michael@0: * parameters and stores the result at "pNeedsParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "pubKey" michael@0: * Address of the Public Key of interest. Must be non-NULL. michael@0: * "pNeedsParams" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a PublicKey Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_PublicKey_NeedsDSAParameters( michael@0: PKIX_PL_PublicKey *pubKey, michael@0: PKIX_Boolean *pNeedsParams, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey michael@0: * DESCRIPTION: michael@0: * michael@0: * This function is used for DSA key parameter inheritance, which allows a michael@0: * first DSA key with omitted parameters (pointed to by "firstKey") to inherit michael@0: * the PQG parameters of a second DSA key that does have parameters. (pointed michael@0: * to by "secondKey"). Once created, a PublicKey is immutable. michael@0: * michael@0: * Specifically, the algorithm used by the function is: michael@0: * michael@0: * If the first PublicKey is not a DSA public key with omitted parameters, michael@0: * the function stores NULL at "pResultKey". (No Error is returned) michael@0: * Else if the second PublicKey is not a DSA public key with non-NULL, michael@0: * parameters, the function returns an Error. michael@0: * Else michael@0: * the function creates a third PublicKey with a "Y" value from the michael@0: * first PublicKey and the DSA parameters from the second PublicKey, michael@0: * and stores it at "pResultKey". michael@0: * michael@0: * PARAMETERS: michael@0: * "firstKey" michael@0: * Address of a Public Key that needs to inherit DSA parameters. michael@0: * Must be non-NULL. michael@0: * "secondKey" michael@0: * Address of a Public Key that has DSA parameters that will be inherited michael@0: * by "firstKey". Must be non-NULL. michael@0: * "pResultKey" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a PublicKey Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey( michael@0: PKIX_PL_PublicKey *firstKey, michael@0: PKIX_PL_PublicKey *secondKey, michael@0: PKIX_PL_PublicKey **pResultKey, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of OIDs (each OID corresponding to a michael@0: * critical extension of the Cert pointed to by "cert") and stores it at michael@0: * "pExtensions". If "cert" does not have any critical extensions, this michael@0: * function stores an empty List at "pExtensions". michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose critical extension OIDs are to be stored. michael@0: * Must be non-NULL. michael@0: * "pExtensions" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetCriticalExtensionOIDs( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pExtensions, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a ByteArray representing the authority key michael@0: * identifier extension of the Cert pointed to by "cert" and stores it at michael@0: * "pAuthKeyId". michael@0: * michael@0: * Note that this function only retrieves the keyIdentifier component michael@0: * (OCTET STRING) of the AuthorityKeyIdentifier extension, when present. michael@0: * michael@0: * If "cert" does not have an AuthorityKeyIdentifier extension or if the michael@0: * keyIdentifier component of the AuthorityKeyIdentifier extension is not michael@0: * present, this function stores NULL at "pAuthKeyId". michael@0: * michael@0: * AuthorityKeyIdentifier ::= SEQUENCE { michael@0: * keyIdentifier [0] KeyIdentifier OPTIONAL, michael@0: * authorityCertIssuer [1] GeneralNames OPTIONAL, michael@0: * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose authority key identifier is to be stored. michael@0: * Must be non-NULL. michael@0: * "pAuthKeyId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetAuthorityKeyIdentifier( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_ByteArray **pAuthKeyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a ByteArray representing the subject key identifier michael@0: * extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId". michael@0: * If "cert" does not have a SubjectKeyIdentifier extension, this function michael@0: * stores NULL at "pSubjKeyId". michael@0: * michael@0: * SubjectKeyIdentifier ::= KeyIdentifier michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subject key identifier is to be stored. michael@0: * Must be non-NULL. michael@0: * "pSubjKeyId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSubjectKeyIdentifier( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_ByteArray **pSubjKeyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of GeneralNames (each GeneralName michael@0: * representing a subject alternative name found in the subject alternative michael@0: * names extension of the Cert pointed to by "cert") and stores it at michael@0: * "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames michael@0: * extension, this function stores NULL at "pSubjectAltNames". michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * SubjectAltName ::= GeneralNames michael@0: * michael@0: * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName michael@0: * michael@0: * GeneralName ::= CHOICE { michael@0: * otherName [0] OtherName, michael@0: * rfc822Name [1] IA5String, michael@0: * dNSName [2] IA5String, michael@0: * x400Address [3] ORAddress, michael@0: * directoryName [4] Name, michael@0: * ediPartyName [5] EDIPartyName, michael@0: * uniformResourceIdentifier [6] IA5String, michael@0: * iPAddress [7] OCTET STRING, michael@0: * registeredID [8] OBJECT IDENTIFIER } michael@0: * michael@0: * OtherName ::= SEQUENCE { michael@0: * type-id OBJECT IDENTIFIER, michael@0: * value [0] EXPLICIT ANY DEFINED BY type-id } michael@0: * michael@0: * EDIPartyName ::= SEQUENCE { michael@0: * nameAssigner [0] DirectoryString OPTIONAL, michael@0: * partyName [1] DirectoryString } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subjectAltNames are to be stored. michael@0: * Must be non-NULL. michael@0: * "pSubjectAltNames" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSubjectAltNames( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of GeneralNames (each GeneralName michael@0: * representing a subject DN or a subject alternative name found in the michael@0: * subject alternative names extension of the Cert pointed to by "cert") and michael@0: * stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and michael@0: * it does not have a SubjectAlternativeNames extension, this function stores michael@0: * NULL at "pAllSubjectNames". michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subject DN and subjectAltNames are to be stored. michael@0: * Must be non-NULL. michael@0: * "pAllSubjectNames" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetAllSubjectNames( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a List of OIDs (each OID corresponding to an michael@0: * extended key usage of the Cert pointed to by "cert") and stores it at michael@0: * "pKeyUsage". If "cert" does not have an extended key usage extension, this michael@0: * function stores a NULL at "pKeyUsage". michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId michael@0: * michael@0: * KeyPurposeId ::= OBJECT IDENTIFIER michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose extended key usage OIDs are to be stored. michael@0: * Must be non-NULL. michael@0: * "pKeyUsage" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetExtendedKeyUsage( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetNameConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a CertNameConstraints object representing the name michael@0: * constraints extension of the Cert pointed to by "cert" and stores it at michael@0: * "pNameConstraints". michael@0: * michael@0: * If "cert" does not have a name constraints extension, this function stores michael@0: * NULL at "pNameConstraints". michael@0: * michael@0: * NameConstraints ::= SEQUENCE { michael@0: * permittedSubtrees [0] GeneralSubtrees OPTIONAL, michael@0: * excludedSubtrees [1] GeneralSubtrees OPTIONAL } michael@0: * michael@0: * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree michael@0: * michael@0: * GeneralSubtree ::= SEQUENCE { michael@0: * base GeneralName, michael@0: * minimum [0] BaseDistance DEFAULT 0, michael@0: * maximum [1] BaseDistance OPTIONAL } michael@0: * michael@0: * BaseDistance ::= INTEGER (0..MAX) michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose name constraints extension is to be stored. michael@0: * Must be non-NULL. michael@0: * "pNameConstraints" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetNameConstraints( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_CertNameConstraints **pNameConstraints, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetBasicConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a CertBasicConstraints object representing the basic michael@0: * constraints extension of the Cert pointed to by "cert" and stores it at michael@0: * "pBasicConstraints". michael@0: * michael@0: * If "cert" does not have a basic constraints extension, this function stores michael@0: * NULL at "pBasicConstraints". Once created, a CertBasicConstraints object michael@0: * is immutable. michael@0: * michael@0: * BasicConstraints ::= SEQUENCE { michael@0: * cA BOOLEAN DEFAULT FALSE, michael@0: * pathLenConstraint INTEGER (0..MAX) OPTIONAL } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose basic constraints extension is to be stored. michael@0: * Must be non-NULL. michael@0: * "pBasicConstraints" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetBasicConstraints( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_CertBasicConstraints **pBasicConstraints, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a Boolean value representing the cA Flag component michael@0: * of the CertBasicConstraints object pointed to by "basicConstraints" and michael@0: * stores it at "pResult". michael@0: * michael@0: * BasicConstraints ::= SEQUENCE { michael@0: * cA BOOLEAN DEFAULT FALSE, michael@0: * pathLenConstraint INTEGER (0..MAX) OPTIONAL } michael@0: * michael@0: * PARAMETERS: michael@0: * "basicConstraints" michael@0: * Address of CertBasicConstraints whose cA Flag is to be stored. michael@0: * Must be non-NULL. michael@0: * "pResult" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_BasicConstraints_GetCAFlag( michael@0: PKIX_PL_CertBasicConstraints *basicConstraints, michael@0: PKIX_Boolean *pResult, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to an integer value representing the pathLenConstraint michael@0: * component of the CertBasicConstraints object pointed to by michael@0: * "basicConstraints" and stores it at "pPathLenConstraint". If the michael@0: * pathLenConstraint component is not present, this function stores -1 at michael@0: * "pPathLenConstraint". michael@0: * michael@0: * PARAMETERS: michael@0: * "basicConstraints" michael@0: * Address of CertBasicConstraints whose pathLen is to be stored. michael@0: * Must be non-NULL. michael@0: * "pPathLenConstraint" michael@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_BasicConstraints_GetPathLenConstraint( michael@0: PKIX_PL_CertBasicConstraints *basicConstraints, michael@0: PKIX_Int32 *pPathLenConstraint, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetPolicyInformation michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a List of CertPolicyInfos found in the certificate michael@0: * policies extension of the Cert pointed to by "cert" and stores it at michael@0: * "pPolicyInfo". If "cert" does not have a certificate policies extension, michael@0: * this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo michael@0: * object is immutable. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation michael@0: * michael@0: * PolicyInformation ::= SEQUENCE { michael@0: * policyIdentifier CertPolicyId, michael@0: * policyQualifiers SEQUENCE SIZE (1..MAX) OF michael@0: * PolicyQualifierInfo OPTIONAL } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose CertPolicyInfos are to be stored. michael@0: * Must be non-NULL. michael@0: * "pPolicyInfo" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetPolicyInformation( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to an OID representing the policyIdentifier of the michael@0: * CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId". michael@0: * michael@0: * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation michael@0: * michael@0: * PolicyInformation ::= SEQUENCE { michael@0: * policyIdentifier CertPolicyId, michael@0: * policyQualifiers SEQUENCE SIZE (1..MAX) OF michael@0: * PolicyQualifierInfo OPTIONAL } michael@0: * michael@0: * CertPolicyId ::= OBJECT IDENTIFIER michael@0: * michael@0: * PARAMETERS: michael@0: * "policyInfo" michael@0: * Address of CertPolicyInfo whose policy identifier is to be stored. michael@0: * Must be non-NULL. michael@0: * "pCertPolicyId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CertPolicyInfo_GetPolicyId( michael@0: PKIX_PL_CertPolicyInfo *policyInfo, michael@0: PKIX_PL_OID **pCertPolicyId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a List of the CertPolicyQualifiers representing michael@0: * the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and michael@0: * stores it at "pPolicyQualifiers". If "policyInfo" does not have any michael@0: * policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once michael@0: * created, a CertPolicyQualifier is immutable. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation michael@0: * michael@0: * PolicyInformation ::= SEQUENCE { michael@0: * policyIdentifier CertPolicyId, michael@0: * policyQualifiers SEQUENCE SIZE (1..MAX) OF michael@0: * PolicyQualifierInfo OPTIONAL } michael@0: * michael@0: * PolicyQualifierInfo ::= SEQUENCE { michael@0: * policyQualifierId PolicyQualifierId, michael@0: * qualifier ANY DEFINED BY policyQualifierId } michael@0: * michael@0: * PARAMETERS: michael@0: * "policyInfo" michael@0: * Address of CertPolicyInfo whose policy qualifiers List is to be stored. michael@0: * Must be non-NULL. michael@0: * "pPolicyQualifiers" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CertPolicyInfo_GetPolQualifiers( michael@0: PKIX_PL_CertPolicyInfo *policyInfo, michael@0: PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to an OID representing the policyQualifierId of the michael@0: * CertPolicyQualifier pointed to by "policyQualifier" and stores it at michael@0: * "pPolicyQualifierId". michael@0: * michael@0: * PolicyQualifierInfo ::= SEQUENCE { michael@0: * policyQualifierId PolicyQualifierId, michael@0: * qualifier ANY DEFINED BY policyQualifierId } michael@0: * michael@0: * PolicyQualifierId ::= michael@0: * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) michael@0: * michael@0: * PARAMETERS: michael@0: * "policyQualifier" michael@0: * Address of CertPolQualifier whose policyQualifierId is to be stored. michael@0: * Must be non-NULL. michael@0: * "pPolicyQualifierId" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_PolicyQualifier_GetPolicyQualifierId( michael@0: PKIX_PL_CertPolicyQualifier *policyQualifier, michael@0: PKIX_PL_OID **pPolicyQualifierId, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a ByteArray representing the qualifier of the michael@0: * CertPolicyQualifier pointed to by "policyQualifier" and stores it at michael@0: * "pQualifier". michael@0: * michael@0: * PolicyQualifierInfo ::= SEQUENCE { michael@0: * policyQualifierId PolicyQualifierId, michael@0: * qualifier ANY DEFINED BY policyQualifierId } michael@0: * michael@0: * PARAMETERS: michael@0: * "policyQualifier" michael@0: * Address of CertPolicyQualifier whose qualifier is to be stored. michael@0: * Must be non-NULL. michael@0: * "pQualifier" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_PolicyQualifier_GetQualifier( michael@0: PKIX_PL_CertPolicyQualifier *policyQualifier, michael@0: PKIX_PL_ByteArray **pQualifier, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetPolicyMappings michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a List of CertPolicyMaps found in the policy michael@0: * mappings extension of the Cert pointed to by "cert" and stores it at michael@0: * "pPolicyMappings". If "cert" does not have a policy mappings extension, michael@0: * this function stores NULL at "pPolicyMappings". Once created, a michael@0: * CertPolicyMap is immutable. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { michael@0: * issuerDomainPolicy CertPolicyId, michael@0: * subjectDomainPolicy CertPolicyId } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose CertPolicyMaps are to be stored. michael@0: * Must be non-NULL. michael@0: * "pPolicyMappings" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetPolicyMappings( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to an OID representing the issuerDomainPolicy of the michael@0: * CertPolicyMap pointed to by "policyMapping" and stores it at michael@0: * "pIssuerDomainPolicy". michael@0: * michael@0: * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { michael@0: * issuerDomainPolicy CertPolicyId, michael@0: * subjectDomainPolicy CertPolicyId } michael@0: * michael@0: * PARAMETERS: michael@0: * "policyMapping" michael@0: * Address of CertPolicyMap whose issuerDomainPolicy is to be stored. michael@0: * Must be non-NULL. michael@0: * "pIssuerDomainPolicy" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy( michael@0: PKIX_PL_CertPolicyMap *policyMapping, michael@0: PKIX_PL_OID **pIssuerDomainPolicy, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to an OID representing the subjectDomainPolicy of the michael@0: * CertPolicyMap pointed to by "policyMapping" and stores it at michael@0: * "pSubjectDomainPolicy". michael@0: * michael@0: * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { michael@0: * issuerDomainPolicy CertPolicyId, michael@0: * subjectDomainPolicy CertPolicyId } michael@0: * michael@0: * PARAMETERS: michael@0: * "policyMapping" michael@0: * Address of CertPolicyMap whose subjectDomainPolicy is to be stored. michael@0: * Must be non-NULL. michael@0: * "pSubjectDomainPolicy" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy( michael@0: PKIX_PL_CertPolicyMap *policyMapping, michael@0: PKIX_PL_OID **pSubjectDomainPolicy, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the requireExplicitPolicy value of the policy constraints michael@0: * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts". michael@0: * If "cert" does not have a policy constraints extension or the michael@0: * requireExplicitPolicy component is not populated, this function stores -1 michael@0: * at "pSkipCerts". michael@0: * michael@0: * PolicyConstraints ::= SEQUENCE { michael@0: * requireExplicitPolicy [0] SkipCerts OPTIONAL, michael@0: * inhibitPolicyMapping [1] SkipCerts OPTIONAL } michael@0: * michael@0: * SkipCerts ::= INTEGER (0..MAX) michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose requireExplicitPolicy value is to be stored. michael@0: * Must be non-NULL. michael@0: * "pSkipCerts" michael@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetRequireExplicitPolicy( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Int32 *pSkipCerts, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the inhibitPolicyMapping value of the policy constraints michael@0: * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts". michael@0: * If "cert" does not have a policy constraints extension or the michael@0: * inhibitPolicyMapping component is not populated, this function stores -1 michael@0: * at "pSkipCerts". michael@0: * michael@0: * PolicyConstraints ::= SEQUENCE { michael@0: * requireExplicitPolicy [0] SkipCerts OPTIONAL, michael@0: * inhibitPolicyMapping [1] SkipCerts OPTIONAL } michael@0: * michael@0: * SkipCerts ::= INTEGER (0..MAX) michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose requireExplicitPolicy value is to be stored. michael@0: * Must be non-NULL. michael@0: * "pSkipCerts" michael@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetPolicyMappingInhibited( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Int32 *pSkipCerts, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value of the inhibit any-policy extension of the Cert michael@0: * pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have michael@0: * an inhibit any-policy extension, this function stores -1 at "pSkipCerts". michael@0: * michael@0: * InhibitAnyPolicy ::= SkipCerts michael@0: * michael@0: * SkipCerts ::= INTEGER (0..MAX) michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose inhibit any-policy extensions value is to be michael@0: * stored. Must be non-NULL. michael@0: * "pSkipCerts" michael@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetInhibitAnyPolicy( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Int32 *pSkipCerts, michael@0: void *plContext); michael@0: michael@0: /* policy processing functions */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks whether the certificate policies extension of the Cert pointed to michael@0: * by "cert" is critical and stores the Boolean result at "pCritical". If michael@0: * "cert" does not have a certificate policies extension, this function michael@0: * stores NULL at "pCritical". michael@0: * michael@0: * XXX what distinguishes NULL from PKIX_FALSE? michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose certificate policies extension's criticality is michael@0: * to be determined. Must be non-NULL. michael@0: * "pCritical" michael@0: * Address where PKIX_Boolean will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_AreCertPoliciesCritical( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Boolean *pCritical, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_CheckNameConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks whether the subject distinguished name and subject alternative names michael@0: * of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed michael@0: * to by "nameConstraints". If the CertNameConstraints are not satisfied, a michael@0: * PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function michael@0: * does nothing. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose subject names are to be checked. michael@0: * Must be non-NULL. michael@0: * "nameConstraints" michael@0: * Address of CertNameConstraints that need to be satisfied. michael@0: * "treatCommonNameAsDNSName" michael@0: * PKIX_TRUE if the subject common name should be considered a dNSName michael@0: * when evaluating name constraints. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_CheckNameConstraints( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_CertNameConstraints *nameConstraints, michael@0: PKIX_Boolean treatCommonNameAsDNSName, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_MergeNameConstraints michael@0: * DESCRIPTION: michael@0: * michael@0: * Merges the CertNameConstraints pointed to by "firstNC" and the michael@0: * CertNameConstraints pointed to by "secondNC" and stores the merged michael@0: * CertNameConstraints at "pResultNC". If "secondNC" is NULL, the michael@0: * CertNameConstraints pointed to by "firstNC" is stored at "pResultNC". michael@0: * michael@0: * Once created, a CertNameConstraints object is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "firstNC" michael@0: * Address of first CertNameConstraints to be merged. Must be non-NULL. michael@0: * "secondNC" michael@0: * Address of second CertNameConstraints to be merged michael@0: * "pResultNC" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_MergeNameConstraints( michael@0: PKIX_PL_CertNameConstraints *firstNC, michael@0: PKIX_PL_CertNameConstraints *secondNC, michael@0: PKIX_PL_CertNameConstraints **pResultNC, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage michael@0: * DESCRIPTION: michael@0: * michael@0: * Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the michael@0: * keyUsage extension of the Cert pointed to by "cert". The keyUsage bit michael@0: * values specified in pkixt.h are supported, and can be bitwise or'ed if michael@0: * multiple bit values are to be verified. If the keyUsages do not all appear michael@0: * in the keyUsage extension of "cert", a PKIX_Error pointer is returned. michael@0: * michael@0: * KeyUsage ::= BIT STRING { michael@0: * digitalSignature (0), michael@0: * nonRepudiation (1), michael@0: * keyEncipherment (2), michael@0: * dataEncipherment (3), michael@0: * keyAgreement (4), michael@0: * keyCertSign (5), michael@0: * cRLSign (6), michael@0: * encipherOnly (7), michael@0: * decipherOnly (8) } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose keyUsage bits are to be verified. michael@0: * Must be non-NULL. michael@0: * "keyUsage" michael@0: * Constant representing keyUsage bit(s) that all must appear in keyUsage michael@0: * extension of "cert". michael@0: * "plContext" - Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_VerifyKeyUsage( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_UInt32 keyUsage, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType michael@0: * DESCRIPTION: michael@0: * michael@0: * Verifies cert and key types against certificate usage that is michael@0: * a part of plContext(pkix_pl_nsscontext) structure. Throws an error michael@0: * if cert or key types does not match. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose keyUsage bits are to be verified. michael@0: * Must be non-NULL. michael@0: * "isLeafCert" michael@0: * What type of a cert has been verified. michael@0: * "plContext" - Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_VerifyCertAndKeyType( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Boolean isChainCert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_CheckValidity michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks whether the Cert pointed to by "cert" would be valid at the time michael@0: * represented by the Date pointed to by "date". If "date" is NULL, then this michael@0: * function checks whether the Cert would be valid at the current time. If the michael@0: * Cert would not be valid at the specified Date, a PKIX_Error pointer is michael@0: * returned. michael@0: * michael@0: * Validity ::= SEQUENCE { michael@0: * notBefore Time, michael@0: * notAfter Time } michael@0: * michael@0: * Time ::= CHOICE { michael@0: * utcTime UTCTime, michael@0: * generalTime GeneralizedTime } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose validity is to be checked. Must be non-NULL. michael@0: * "date" michael@0: * Address of Date at which the Cert is being checked for validity. michael@0: * If NULL, the current time is used for the Date. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_CheckValidity( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_Date *date, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the Date that represents the notAfter time of the michael@0: * Certificate pointed to by "cert" and stores it at "pDate". michael@0: * michael@0: * Validity ::= SEQUENCE { michael@0: * notBefore Time, michael@0: * notAfter Time } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose validity time is to be retrieved. Must be michael@0: * non-NULL. michael@0: * "date" michael@0: * Address of Date at which the Cert's notAfter time is being retrieved. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetValidityNotAfter( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_Date **pDate, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_VerifySignature michael@0: * DESCRIPTION: michael@0: * michael@0: * Verifies the signature on the Cert pointed to by "cert" using the michael@0: * PublicKey pointed to by "pubKey". If the signature doesn't verify, an michael@0: * Error pointer is returned. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose signature is to be verified. Must be non-NULL. michael@0: * "pubKey" michael@0: * Address of a Public Key used to verify the signature. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_VerifySignature( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_PublicKey *pubKey, michael@0: void *plContext); michael@0: michael@0: /* A set of flags to indicate how explicitly configured trust anchors should be michael@0: * handled by PKIX_PL_Cert_IsCertTrusted michael@0: */ michael@0: typedef enum PKIX_PL_TrustAnchorModeEnum { michael@0: /* Indicates trust anchors should be ignored; only the underlying michael@0: * platform's trust settings should be used. michael@0: */ michael@0: PKIX_PL_TrustAnchorMode_Ignore, michael@0: michael@0: /* Indicates that explicitly configured trust anchors may be considered michael@0: * trustworthy, if present. michael@0: * Note: If the underlying platform supports marking a certificate as michael@0: * explicitly untrustworthy, explicitly configured trust anchors michael@0: * MAY be ignored/rejected. michael@0: */ michael@0: PKIX_PL_TrustAnchorMode_Additive, michael@0: michael@0: /* Indicates that ONLY trust anchors should be considered as michael@0: * trustworthy. michael@0: * Note: If the underlying platform supports marking a certificate as michael@0: * explicitly untrustworthy, explicitly configured trust anchors michael@0: * MAY be ignored/rejected. michael@0: */ michael@0: PKIX_PL_TrustAnchorMode_Exclusive michael@0: } PKIX_PL_TrustAnchorMode; michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_IsCertTrusted michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks the Cert specified by "cert" to determine, in a manner that depends michael@0: * on the underlying platform, whether it is trusted, and stores the result in michael@0: * "pTrusted". If a certificate is trusted it means that a chain built to that michael@0: * certificate, and satisfying all the usage, policy, validity, and other michael@0: * tests, is a valid chain and the End Entity certificate from which it was michael@0: * built can be trusted. michael@0: * michael@0: * If the Certificate is not intrinsically trustworthy, it still might end up a michael@0: * component in a successful chain. michael@0: * michael@0: * If the Certificate is intrinsically untrustworthy, this function will return michael@0: * an error. michael@0: * michael@0: * PARAMETERS michael@0: * "cert" michael@0: * Address of Cert whose trustworthiness is to be determined. Must be michael@0: * non-NULL. michael@0: * "trustAnchorMode" michael@0: * A PKIX_PL_TrustAnchorMode that indicates how explicitly defined user michael@0: * trust anchors should be handled. michael@0: * "pTrusted" michael@0: * Address where the Boolean value will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CERT Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_IsCertTrusted( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_PL_TrustAnchorMode trustAnchorMode, michael@0: PKIX_Boolean *pTrusted, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks the Leaf Cert specified by "cert" to determine, in a manner that michael@0: * depends on the underlying platform, whether it is trusted, and stores the michael@0: * result in "pTrusted". If a certificate is trusted it means that this michael@0: * End Entify certificate has been marked as trusted for the requested usage, michael@0: * policy, validity, and other tests. michael@0: * michael@0: * If the Certificate is not intrinsically trustworthy, we can still try to michael@0: * build a successful chain. michael@0: * michael@0: * If the Certificate is intrinsically untrustworthy, this function will return michael@0: * an error. michael@0: * michael@0: * PARAMETERS michael@0: * "cert" michael@0: * Address of Cert whose trustworthiness is to be determined. Must be michael@0: * non-NULL. michael@0: * "pTrusted" michael@0: * Address where the Boolean value will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CERT Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_IsLeafCertTrusted( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Boolean *pTrusted, michael@0: void *plContext); michael@0: michael@0: /* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */ michael@0: PKIX_Error* michael@0: PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetCacheFlag michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value of the cache flag in "cert" and return it at address michael@0: * pointed by "pCacheFlag". The initila cache flag is determined by the michael@0: * CertStore this "cert" is fetched from. When CertStore is created, user michael@0: * need to specify if the data should be cached. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose cache flag is fetched. Must be non-NULL. michael@0: * "pCacheFlag" michael@0: * Address where PKIX_Boolean will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetCacheFlag( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Boolean *pCacheFlag, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_SetCacheFlag michael@0: * DESCRIPTION: michael@0: * michael@0: * Set the value of the cache flag in "cert" base on the boolean value stored michael@0: * at "cacheFlag". This function is meant to be used by CertStore after a michael@0: * Cert is created. michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert where "cacheFlag" is stored. Must be non-NULL. michael@0: * "cacheFlag" michael@0: * PKIX_Boolean flag for cache flag. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_SetCacheFlag( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_Boolean cacheFlag, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetTrustCertStore michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value of the CertStore in "cert" and return it at address michael@0: * pointed by "pCertStore". michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose CertStore is fetched. Must be non-NULL. michael@0: * "pTrustCertStore" michael@0: * Address where CertStore will be stored and returned. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetTrustCertStore( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_CertStore **pTrustCertStore, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_SetTrustCertStore michael@0: * DESCRIPTION: michael@0: * michael@0: * Set the value of the CertStore "certStore" in "cert". michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert where "certStore" will be stored. Must be non-NULL. michael@0: * "trustCertStore" michael@0: * Address where the CertStore is. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_SetTrustCertStore( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_CertStore *trustCertStore, michael@0: void *plContext); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value(s) of the Authority Information Access in "cert" and michael@0: * returns it in a list at address pointed by "pAuthorityInfoAccess". michael@0: * michael@0: * SubjectInfoAccess ::= michael@0: * SEQUENCE SIZE (1..MAX) of AccessDescription michael@0: * AccessDescription ::= SEQUENCE { michael@0: * accessMethod OBJECT IDENTIFIER, michael@0: * accessLocation GeneralName michael@0: * } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose Authority Information Access is fetched. michael@0: * Must be non-NULL. michael@0: * "pAuthorityInfoAccess" michael@0: * Address where Authority InfoAccess will be stored and returned. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetAuthorityInfoAccess( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */ michael@0: void *plContext); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value(s) of the Subject Information Access in "cert" and michael@0: * returns it in a list at address pointed by "pSubjectInfoAccess". michael@0: * michael@0: * SubjectInfoAccess ::= michael@0: * SEQUENCE SIZE (1..MAX) of AccessDescription michael@0: * AccessDescription ::= SEQUENCE { michael@0: * accessMethod OBJECT IDENTIFIER, michael@0: * accessLocation GeneralName michael@0: * } michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose Subject Information Access is fetched. michael@0: * Must be non-NULL. michael@0: * "pSubjectInfoAccess" michael@0: * Address where Subject InfoAccess will be stored and returned. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetSubjectInfoAccess( michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */ michael@0: void *plContext); michael@0: michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Cert_GetCrlDp michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value(s) of the CRL Distribution Point Extension and michael@0: * returns it in a list at address pointed by "pDpList". michael@0: * michael@0: * PARAMETERS: michael@0: * "cert" michael@0: * Address of Cert whose Subject Information Access is fetched. michael@0: * Must be non-NULL. michael@0: * "pDpList" michael@0: * Address where CRL DP will be stored and returned. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert, michael@0: PKIX_List **pDpList, michael@0: void *plContext); michael@0: michael@0: michael@0: /* michael@0: * InfoAccess michael@0: * michael@0: * To hold Authority Information Access or Subject Information Access michael@0: * retrieved from a Certificate. michael@0: */ michael@0: michael@0: #define PKIX_INFOACCESS_OCSP 1 michael@0: #define PKIX_INFOACCESS_CA_ISSUERS 2 michael@0: #define PKIX_INFOACCESS_TIMESTAMPING 3 michael@0: #define PKIX_INFOACCESS_CA_REPOSITORY 5 michael@0: michael@0: #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0 michael@0: #define PKIX_INFOACCESS_LOCATION_HTTP 1 michael@0: #ifndef NSS_PKIX_NO_LDAP michael@0: #define PKIX_INFOACCESS_LOCATION_LDAP 2 michael@0: #endif michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_InfoAccess_GetMethod michael@0: * DESCRIPTION: michael@0: * michael@0: * Stores the method of the Information Access from "infoAccess" and michael@0: * returns in "pMethod". michael@0: * michael@0: * SubjectInfoAccess ::= michael@0: * AccessDescription ::= SEQUENCE { michael@0: * accessMethod OBJECT IDENTIFIER, michael@0: * accessLocation GeneralName michael@0: * } michael@0: * michael@0: * PARAMETERS: michael@0: * "infoAccess" michael@0: * Address of PKIX_PL_InfoAccess that has the access data. michael@0: * Must be non-NULL. michael@0: * "pMethod" michael@0: * Address where access method will be stored and returned. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_InfoAccess_GetMethod( michael@0: PKIX_PL_InfoAccess *infoAccess, michael@0: PKIX_UInt32 *pMethod, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_InfoAccess_GetLocation michael@0: * DESCRIPTION: michael@0: * michael@0: * Stores the location of the Information Access from "infoAccess" and michael@0: * returns in "pLocation". michael@0: * michael@0: * SubjectInfoAccess ::= michael@0: * AccessDescription ::= SEQUENCE { michael@0: * accessMethod OBJECT IDENTIFIER, michael@0: * accessLocation GeneralName michael@0: * } michael@0: * michael@0: * PARAMETERS: michael@0: * "infoAccess" michael@0: * Address of PKIX_PL_InfoAccess that has the access data. michael@0: * Must be non-NULL. michael@0: * "pLocation" michael@0: * Address where access location will be stored and returned. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_InfoAccess_GetLocation( michael@0: PKIX_PL_InfoAccess *infoAccess, michael@0: PKIX_PL_GeneralName **pLocation, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_InfoAccess_GetLocationType michael@0: * DESCRIPTION: michael@0: * michael@0: * Stores the type of location of the Information Access from "infoAccess" and michael@0: * returns in "pType". michael@0: * michael@0: * SubjectInfoAccess ::= michael@0: * AccessDescription ::= SEQUENCE { michael@0: * accessMethod OBJECT IDENTIFIER, michael@0: * accessLocation GeneralName michael@0: * } michael@0: * michael@0: * PARAMETERS: michael@0: * "infoAccess" michael@0: * Address of PKIX_PL_InfoAccess that has the access data. michael@0: * Must be non-NULL. michael@0: * "pType" michael@0: * Address where access location type will be stored and returned. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Cert Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_InfoAccess_GetLocationType( michael@0: PKIX_PL_InfoAccess *infoAccess, michael@0: PKIX_UInt32 *pType, michael@0: void *plContext); michael@0: michael@0: PKIX_Error * michael@0: pkix_pl_InfoAccess_GetAIACerts( michael@0: PKIX_PL_InfoAccess *ia, michael@0: void **pNBIOContext, michael@0: void **pHandle, michael@0: PKIX_List **pCerts, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * CRL michael@0: * michael@0: * A CRL represents an X.509 certificate revocation list. It can be created michael@0: * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is michael@0: * immutable. The following functions include accessors (gettors) for the michael@0: * various components of an X.509 CRL, as well as a function for signature michael@0: * verification. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new CRL using the bytes in the ByteArray pointed to by michael@0: * "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1 michael@0: * DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a michael@0: * CRL is immutable. michael@0: * michael@0: * CertificateList ::= SEQUENCE { michael@0: * tbsCertList TBSCertList, michael@0: * signatureAlgorithm AlgorithmIdentifier, michael@0: * signatureValue BIT STRING } michael@0: * michael@0: * TBSCertList ::= SEQUENCE { michael@0: * version Version OPTIONAL, michael@0: * -- if present, MUST be v2 michael@0: * signature AlgorithmIdentifier, michael@0: * issuer Name, michael@0: * thisUpdate Time, michael@0: * nextUpdate Time OPTIONAL, michael@0: * revokedCertificates SEQUENCE OF SEQUENCE { michael@0: * userCertificate CertificateSerialNumber, michael@0: * revocationDate Time, michael@0: * crlEntryExtensions Extensions OPTIONAL michael@0: * -- if present, MUST be v2 michael@0: * } OPTIONAL, michael@0: * crlExtensions [0] EXPLICIT Extensions OPTIONAL michael@0: * -- if present, MUST be v2 michael@0: * } michael@0: * michael@0: * PARAMETERS: michael@0: * "byteArray" michael@0: * Address of ByteArray representing the CRL's DER encoding. michael@0: * Must be non-NULL. michael@0: * "pCRL" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_Create( michael@0: PKIX_PL_ByteArray *byteArray, michael@0: PKIX_PL_CRL **pCRL, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_GetIssuer michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the X500Name that represents the issuer of the CRL michael@0: * pointed to by "crl" and stores it at "pCRLIssuer". michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose issuer is to be stored. Must be non-NULL. michael@0: * "pCRLIssuer" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_GetIssuer( michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_PL_X500Name **pCRLIssuer, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of OIDs (each OID corresponding to a michael@0: * critical extension of the CRL pointed to by "crl") and stores it at michael@0: * "pExtensions". If "crl" does not have any critical extensions, this michael@0: * function stores an empty List at "pExtensions". michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose critical extension OIDs are to be stored. michael@0: * Must be non-NULL. michael@0: * "pExtensions" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_GetCriticalExtensionOIDs( michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_List **pExtensions, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl") michael@0: * corresponding to the BigInt pointed to by "serialNumber" and stores it at michael@0: * "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at michael@0: * "pCRLEntry". Once created, a CRLEntry is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose CRL Entries are to be searched. Must be non-NULL. michael@0: * "serialNumber" michael@0: * Address of BigInt representing serial number of certificate whose michael@0: * CRLEntry is to be found. Must be non-NULL. michael@0: * "pCRLEntry" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_GetCRLEntryForSerialNumber( michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_PL_BigInt *serialNumber, michael@0: PKIX_PL_CRLEntry **pCRLEntry, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_GetCRLNumber michael@0: * DESCRIPTION: michael@0: * Retrieves the CRL Number from extension. This is non-critical extension. michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose version is to be stored. Must be non-NULL. michael@0: * "pCrlNumber" michael@0: * Address where a CRL Number will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_GetCRLNumber( michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_PL_BigInt **pCrlNumber, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime michael@0: * DESCRIPTION: michael@0: * michael@0: * Checks whether the CRL pointed to by "crl" would be valid at the time michael@0: * represented by the Date pointed to by "date" and stores the Boolean result michael@0: * at "pResult". This check is done only when NIST policy is enforced. michael@0: * michael@0: * Time ::= CHOICE { michael@0: * utcTime UTCTime, michael@0: * generalTime GeneralizedTime } michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose validity is to be checked. Must be non-NULL. michael@0: * "date" michael@0: * Address of Date at which the CRL is being checked for validity. michael@0: * Must be non-NULL. michael@0: * "pResult" michael@0: * Address of Boolean result. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_VerifyUpdateTime( michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_PL_Date *date, michael@0: PKIX_Boolean *pResult, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_VerifySignature michael@0: * DESCRIPTION: michael@0: * michael@0: * Verifies the signature on the CRL pointed to by "crl" using the PublicKey michael@0: * pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error michael@0: * pointer is returned. michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose signature is to be verified. Must be non-NULL. michael@0: * "pubKey" michael@0: * Address of a Public Key used to verify the signature. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_VerifySignature( michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_PL_PublicKey *pubKey, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_ReleaseDerCrl michael@0: * DESCRIPTION: michael@0: * michael@0: * Relinguish the ownership for the crl der. The operation will succeed if michael@0: * a crl owns the der. If the crl was created from existing crl and does not michael@0: * own the der, then the function will return null. michael@0: * michael@0: * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose signature is to be verified. Must be non-NULL. michael@0: * "derCrl" michael@0: * Pointer to a SECItem that has der crl. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl, michael@0: SECItem **derCrl, michael@0: void *plContext); michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRL_AdoptDerCrl michael@0: * DESCRIPTION: michael@0: * michael@0: * Adopt memory of the der. The secItem that contains der will be michael@0: * freed with destruction of parent pkix crl structure. michael@0: * michael@0: * * PARAMETERS: michael@0: * "crl" michael@0: * Address of CRL whose signature is to be verified. Must be non-NULL. michael@0: * "derCrl" michael@0: * Pointer to a SECItem that has der crl. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl, michael@0: SECItem *derCrl, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves the value of the reason code extension of the CRLEntry pointed michael@0: * to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no michael@0: * reason code extension, this function stores -1 at "pReason". michael@0: * michael@0: * CRLReason ::= ENUMERATED { michael@0: * unspecified (0), michael@0: * keyCompromise (1), michael@0: * cACompromise (2), michael@0: * affiliationChanged (3), michael@0: * superseded (4), michael@0: * cessationOfOperation (5), michael@0: * certificateHold (6), michael@0: * removeFromCRL (8), michael@0: * privilegeWithdrawn (9), michael@0: * aACompromise (10) } michael@0: * michael@0: * PARAMETERS: michael@0: * "crlEntry" michael@0: * Address of CRLEntry whose reason code bit values are to be returned michael@0: * at "pReason". Must be non-NULL. michael@0: * "pReason" michael@0: * Address of PKIX_Int32 where reason code is stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRLEntry_GetCRLEntryReasonCode( michael@0: PKIX_PL_CRLEntry *crlEntry, michael@0: PKIX_Int32 *pReason, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of OIDs (each OID corresponding to a michael@0: * critical extension of the CRLEntry pointed to by "crlEntry") and stores it michael@0: * at "pExtensions". If "crlEntry" does not have any critical extensions, this michael@0: * function stores an empty List at "pExtensions". michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "crlEntry" michael@0: * Address of CRLEntry whose critical extension OIDs are to be stored. michael@0: * Must be non-NULL. michael@0: * "pExtensions" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRL Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs( michael@0: PKIX_PL_CRLEntry *crlEntry, michael@0: PKIX_List **pExtensions, /* list of PKIX_PL_OID */ michael@0: void *plContext); michael@0: michael@0: #ifdef BUILD_LIBPKIX_TESTS michael@0: /* michael@0: * FUNCTION: PKIX_PL_X500Name_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new X500Name using the UTF8 string representation pointed to by michael@0: * "stringRep" and stores it at "pName". Once created, an X500Name is michael@0: * immutable. michael@0: * michael@0: * Name ::= CHOICE { michael@0: * RDNSequence } michael@0: * michael@0: * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName michael@0: * michael@0: * RelativeDistinguishedName ::= michael@0: * SET OF AttributeTypeAndValue michael@0: * michael@0: * AttributeTypeAndValue ::= SEQUENCE { michael@0: * type AttributeType, michael@0: * value AttributeValue } michael@0: * michael@0: * AttributeType ::= OBJECT IDENTIFIER michael@0: * michael@0: * AttributeValue ::= ANY DEFINED BY AttributeType michael@0: * michael@0: * DirectoryString ::= CHOICE { michael@0: * teletexString TeletexString (SIZE (1..MAX)), michael@0: * printableString PrintableString (SIZE (1..MAX)), michael@0: * universalString UniversalString (SIZE (1..MAX)), michael@0: * utf8String UTF8String (SIZE (1..MAX)), michael@0: * bmpString BMPString (SIZE (1..MAX)) } michael@0: * michael@0: * PARAMETERS: michael@0: * "stringRep" michael@0: * Address of UTF8 String representation of X500Name. Must be non-NULL. michael@0: * "pName" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns an X500Name Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_X500Name_Create ( michael@0: PKIX_PL_String *stringRep, michael@0: PKIX_PL_X500Name **pName, michael@0: void *plContext); michael@0: michael@0: #endif /* BUILD_LIBPKIX_TESTS */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName michael@0: * DESCRIPTION: michael@0: * michael@0: * The function creates x500Name using der encoded DN and/or pointer to michael@0: * CERTName. If arument "name" is NULL, but derName is supplied when michael@0: * the function generates nssDN(CERTName type) from der data. If derName michael@0: * is not supplied, CERTName *name will not be used to generate DN DER michael@0: * encoding. michael@0: * michael@0: * PARAMETERS: michael@0: * "derName" michael@0: * Address of DER representation of X500Name. Can be NULL michael@0: * "name" michael@0: * Address of CERTName representation of X500Name. Can be NULL michael@0: * "pName" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns an X500Name Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_X500Name_CreateFromCERTName( michael@0: SECItem *derName, michael@0: CERTName *name, michael@0: PKIX_PL_X500Name **pName, michael@0: void *plContext); michael@0: michael@0: michael@0: /* michael@0: * TYPE: PKIX_PL_X500Name_Match michael@0: * DESCRIPTION: michael@0: * Checks whether the X500Name pointed to by "firstX500Name" MATCHES the michael@0: * X500Name pointed to by "secondX500Name" and stores the boolean result at michael@0: * "pResult". Two X500Names MATCH if they meet the conditions specified by michael@0: * RFC 3280 (section 4.1.2.4). Namely: michael@0: * michael@0: * "This specification requires only a subset of the name comparison michael@0: * functionality specified in the X.500 series of specifications. michael@0: * Conforming implementations are REQUIRED to implement the following michael@0: * name comparison rules: michael@0: * michael@0: * (a) attribute values encoded in different types (e.g., PrintableString michael@0: * and BMPString) MAY be assumed to represent different strings; michael@0: * michael@0: * (b) attribute values in types other than PrintableString are case michael@0: * sensitive (this permits matching of attribute values as binary objects) michael@0: * michael@0: * (c) attribute values in PrintableString are not case sensitive michael@0: * (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and michael@0: * michael@0: * (d) attribute values in PrintableString are compared after removing michael@0: * leading and trailing white space and converting internal substrings of michael@0: * one or more consecutive white space characters to a single space." michael@0: * michael@0: * PARAMETERS: michael@0: * "firstX500Name" michael@0: * Address of first X500Name to compare. Must be non-NULL. michael@0: * "secondX500Name" michael@0: * Address of second X500Name to compare. Must be non-NULL. michael@0: * "pResult" michael@0: * Address of Boolean result. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns an X500Name Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_X500Name_Match( michael@0: PKIX_PL_X500Name *firstX500Name, michael@0: PKIX_PL_X500Name *secondX500Name, michael@0: PKIX_Boolean *pResult, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Date_Create_UTCTime michael@0: * DESCRIPTION: michael@0: * Creates a new Date of type UTCTime using the string representation pointed michael@0: * to by "stringRep" and stores it at "pDate". The UTCTime restriction means michael@0: * that the year can only be specified by the least significant two digits michael@0: * (YY). As such, Only the years 1950-2049 can be represented. If "stringRep" michael@0: * is NULL, this function creates a new Date representing the current time michael@0: * and stores it at "pDate". Once created, a Date is immutable. michael@0: * michael@0: * If YY is greater than or equal to 50, the year is interpreted as 19YY. michael@0: * If YY is less than 50, the year is interpreted as 20YY. michael@0: * michael@0: * The string representation of the date must be in the following form: michael@0: * "YYMMDDhhmmssZ" where: michael@0: * michael@0: * YY is the least significant two digits of the year michael@0: * MM is the month (01 to 12) michael@0: * DD is the day (01 to 31) michael@0: * hh is the hour (00 to 23) michael@0: * mm are the minutes (00 to 59) michael@0: * ss are the seconds (00 to 59) michael@0: * Z indicates that local time is GMT michael@0: * michael@0: * PARAMETERS: michael@0: * "stringRep" michael@0: * Address of String representation of Date. michael@0: * If NULL, current time is used. michael@0: * "pDate" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Date Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Date_Create_UTCTime ( michael@0: PKIX_PL_String *stringRep, michael@0: PKIX_PL_Date **pDate, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Date_Create_UTCTime michael@0: * DESCRIPTION: michael@0: * Creates a new Date from PRTime data. michael@0: * michael@0: * PARAMETERS: michael@0: * "time" michael@0: * Represented time in PRTime type. michael@0: * "pDate" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Date Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Date_CreateFromPRTime( michael@0: PRTime time, michael@0: PKIX_PL_Date **pDate, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds michael@0: * DESCRIPTION: michael@0: * Creates a new Date of type UTCTime for current time with seconds off by michael@0: * "secondsOffset" and returns it at "pDate". michael@0: * michael@0: * PARAMETERS: michael@0: * "secondsOffset" michael@0: * A PKIX_Int32 indicates the time offset from current. If "secondsOffset" michael@0: * is negative, the time is in past. michael@0: * "pDate" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Date Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Date_Create_CurrentOffBySeconds( michael@0: PKIX_Int32 secondsOffset, michael@0: PKIX_PL_Date **pDate, michael@0: void *plContext); michael@0: michael@0: #ifdef BUILD_LIBPKIX_TESTS michael@0: /* michael@0: * FUNCTION: PKIX_PL_GeneralName_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new GeneralName of type "nameType" using the string michael@0: * representation pointed to by "stringRep" and stores it at "pGName". michael@0: * All of the GeneralName type format values specified in pkixt.h are michael@0: * supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME, michael@0: * PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation michael@0: * should be used for all supported nameTypes, with the exception of michael@0: * registeredID and directoryName. For registeredID, the string representation michael@0: * should be the same as that used by PKIX_PL_OID_Create. For directoryName, michael@0: * the string representation should be the same as that used by michael@0: * PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is michael@0: * returned. Once created, a GeneralName is immutable. michael@0: * michael@0: * GeneralName ::= CHOICE { michael@0: * otherName [0] OtherName, michael@0: * rfc822Name [1] IA5String, michael@0: * dNSName [2] IA5String, michael@0: * x400Address [3] ORAddress, michael@0: * directoryName [4] Name, michael@0: * ediPartyName [5] EDIPartyName, michael@0: * uniformResourceIdentifier [6] IA5String, michael@0: * iPAddress [7] OCTET STRING, michael@0: * registeredID [8] OBJECT IDENTIFIER } michael@0: * michael@0: * michael@0: * NOTE: This function is allowed to be called only by pkix tests programs. michael@0: * michael@0: * PARAMETERS: michael@0: * "nameType" michael@0: * Type of GeneralName to be created. This must be one of the GeneralName michael@0: * type format values specified in pkixt.h michael@0: * "stringRep" michael@0: * Address of String representation of GeneralName. Must be non-NULL. michael@0: * "pGName" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a GeneralName Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_GeneralName_Create ( michael@0: PKIX_UInt32 nameType, michael@0: PKIX_PL_String *stringRep, michael@0: PKIX_PL_GeneralName **pGName, michael@0: void *plContext); michael@0: #endif /* BUILD_LIBPKIX_TESTS */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace michael@0: * DESCRIPTION: michael@0: * michael@0: * This function checks whether names in "nameList" comply with michael@0: * "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the michael@0: * requirement of the NameConstraints, PKIX_FALSE otherwise. michael@0: * michael@0: * PARAMETERS michael@0: * "nameList" michael@0: * List of GeneralNames that are checked for compliance. May be empty michael@0: * or NULL. michael@0: * "nameConstraints" michael@0: * Address of CertNameConstraints that provides lists of permitted michael@0: * and excluded names. Must be non-NULL. michael@0: * "pCheckPass" michael@0: * Address where PKIX_TRUE is returned if the all names in "nameList" are michael@0: * valid. Must be non-NULL. michael@0: * "plContext" - Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a NameConstraints Error if the function fails in a michael@0: * non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace( michael@0: PKIX_List *nameList, /* List of PKIX_PL_GeneralName */ michael@0: PKIX_PL_CertNameConstraints *nameConstraints, michael@0: PKIX_Boolean *pCheckPass, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_AIAMgr_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * This function creates an AIAMgr to handle retrieval of Certs and CRLs michael@0: * from servers given by AIA Certificate extensions. It manages connections michael@0: * and caches. The manager created is stored at "pAIAMgr". michael@0: * michael@0: * PARAMETERS: michael@0: * "pAIAMgr" michael@0: * The address at which the result is stored. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns an AIAMgr Error if the function fails in a non-fatal way michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_AIAMgr_Create( michael@0: PKIX_PL_AIAMgr **pAIAMgr, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts michael@0: * DESCRIPTION: michael@0: * michael@0: * This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs michael@0: * specified by an AIA certificate extension, if any, in the Cert pointed to by michael@0: * "prevCert", storing the results at "pCerts". If the certificate has no such michael@0: * extension, this function stores NULL at "pCerts". michael@0: * michael@0: * If the request is suspended for non-blocking I/O, a platform-dependent michael@0: * context is stored at "pNBIOContext" and NULL is stored at "pCerts". This michael@0: * return is referred to as the WOULDBLOCK state. Note that the caller must michael@0: * check for a non-NULL value at "pNBIOContext", to distinguish this state from michael@0: * the "no such extension" return described in the first paragraph. (The michael@0: * alternative would be to return an empty List, but it seemed wrong to incur michael@0: * the overhead of creating and destroying an empty List for the most common michael@0: * situation.) michael@0: * michael@0: * After a WOULDBLOCK return, the user may continue the operation by calling michael@0: * pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again michael@0: * returns in the WOULDBLOCK state) with the previously-returned non-NULL michael@0: * value of "pNBIOContext". When results are complete, NULL is stored at michael@0: * "pNBIOContext", and the results (which may be NULL) are stored at "pCerts". michael@0: * michael@0: * PARAMETERS: michael@0: * "aiaMgr" michael@0: * The AIAMgr which controls the retrieval of certificates. Must be michael@0: * non-NULL. michael@0: * "prevCert" michael@0: * Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must michael@0: * be non-NULL. michael@0: * "pNBIOContext" michael@0: * Address at which platform-dependent information is returned if request michael@0: * is suspended for non-blocking I/O. Must be non-NULL. michael@0: * "pCerts" michael@0: * Address at which the returned List is stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns an AIAMgr Error if the function fails in a non-fatal way michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_AIAMgr_GetAIACerts( michael@0: PKIX_PL_AIAMgr *aiaMgr, michael@0: PKIX_PL_Cert *prevCert, michael@0: void **pNBIOContext, michael@0: PKIX_List **pCerts, michael@0: void *plContext); michael@0: michael@0: typedef PKIX_Error * michael@0: (*PKIX_PL_VerifyCallback)( michael@0: PKIX_PL_Object *signedObject, michael@0: PKIX_PL_Cert *signerCert, /* can be unknown */ michael@0: PKIX_PL_Date *producedAt, michael@0: PKIX_ProcessingParams *procParams, michael@0: void **pNBIOContext, michael@0: void **pState, michael@0: PKIX_BuildResult **pBuildResult, michael@0: PKIX_VerifyNode **pVerifyTree, michael@0: void *plContext); michael@0: michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* _PKIX_PL_PKI_H */