michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * This file defines functions associated with the PKIX_CRLSelector and the michael@0: * PKIX_ComCRLSelParams types. michael@0: * michael@0: */ michael@0: michael@0: michael@0: #ifndef _PKIX_CRLSEL_H michael@0: #define _PKIX_CRLSEL_H michael@0: michael@0: #include "pkixt.h" michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: /* General michael@0: * michael@0: * Please refer to the libpkix Programmer's Guide for detailed information michael@0: * about how to use the libpkix library. Certain key warnings and notices from michael@0: * that document are repeated here for emphasis. michael@0: * michael@0: * All identifiers in this file (and all public identifiers defined in michael@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use michael@0: * within the library begin with "pkix_". michael@0: * michael@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. michael@0: * michael@0: * Unless otherwise noted, for all accessor (gettor) functions that return a michael@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a michael@0: * shared object. Therefore, the caller should treat this shared object as michael@0: * read-only and should not modify this shared object. When done using the michael@0: * shared object, the caller should release the reference to the object by michael@0: * using the PKIX_PL_Object_DecRef function. michael@0: * michael@0: * While a function is executing, if its arguments (or anything referred to by michael@0: * its arguments) are modified, free'd, or destroyed, the function's behavior michael@0: * is undefined. michael@0: * michael@0: */ michael@0: michael@0: /* PKIX_CRLSelector michael@0: * michael@0: * PKIX_CRLSelectors provide a standard way for the caller to select CRLs michael@0: * based on particular criteria. A CRLSelector is typically used by libpkix michael@0: * to retrieve CRLs from a CertStore during certificate chain validation or michael@0: * building. (see pkix_certstore.h) For example, the caller may wish to only michael@0: * select those CRLs that have a particular issuer or a particular value for a michael@0: * private CRL extension. The MatchCallback allows the caller to specify the michael@0: * custom matching logic to be used by a CRLSelector. michael@0: michael@0: * By default, the MatchCallback is set to point to the default implementation michael@0: * provided by libpkix, which understands how to process the most common michael@0: * parameters. If the default implementation is used, the caller should set michael@0: * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams. michael@0: * Any common parameter that is not set is assumed to be disabled, which means michael@0: * the default MatchCallback implementation will select all CRLs without michael@0: * regard to that particular disabled parameter. For example, if the michael@0: * MaxCRLNumber parameter is not set, MatchCallback will not filter out any michael@0: * CRL based on its CRL number. As such, if no parameters are set, all are michael@0: * disabled and any CRL will match. If a parameter is disabled, its associated michael@0: * PKIX_ComCRLSelParams_Get* function returns a default value of NULL. michael@0: * michael@0: * If a custom implementation is desired, the default implementation can be michael@0: * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the michael@0: * CRLSelector can be initialized with a crlSelectorContext, which is where michael@0: * the caller can specify the desired parameters the caller wishes to match michael@0: * against. Note that this crlSelectorContext must be a PKIX_PL_Object, michael@0: * allowing it to be reference-counted and allowing it to provide the standard michael@0: * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate). michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CRLSelector_MatchCallback michael@0: * DESCRIPTION: michael@0: * michael@0: * This callback function determines whether the specified CRL pointed to by michael@0: * "crl" matches the criteria of the CRLSelector pointed to by "selector". michael@0: * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at michael@0: * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CRLSelector whose MatchCallback logic and parameters are michael@0: * to be used. Must be non-NULL. michael@0: * "crl" michael@0: * Address of CRL that is to be matched using "selector". Must be non-NULL. michael@0: * "pMatch" michael@0: * Address at which Boolean result is stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe michael@0: * michael@0: * Multiple threads must be able to safely call this function without michael@0: * worrying about conflicts, even if they're operating on the same objects. michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: typedef PKIX_Error * michael@0: (*PKIX_CRLSelector_MatchCallback)( michael@0: PKIX_CRLSelector *selector, michael@0: PKIX_PL_CRL *crl, michael@0: PKIX_Boolean *pMatch, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CRLSelector_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new CRLSelector using the Object pointed to by michael@0: * "crlSelectorContext" (if any) and stores it at "pSelector". As noted michael@0: * above, by default, the MatchCallback is set to point to the default michael@0: * implementation provided by libpkix, which understands how to process michael@0: * ComCRLSelParams. This is overridden if the MatchCallback pointed to by michael@0: * "callback" is not NULL, in which case the parameters are specified using michael@0: * the Object pointed to by "crlSelectorContext". michael@0: * michael@0: * PARAMETERS: michael@0: * "issue" michael@0: * crl issuer. michael@0: * "crlDpList" michael@0: * distribution points list michael@0: * "callback" michael@0: * The MatchCallback function to be used. michael@0: * "pSelector" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CRLSelector_Create( michael@0: PKIX_PL_Cert *issuer, michael@0: PKIX_List *crlDpList, michael@0: PKIX_PL_Date *date, michael@0: PKIX_CRLSelector **pSelector, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CRLSelector_GetMatchCallback michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to "selector's" Match callback function and puts it in michael@0: * "pCallback". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * The CRLSelector whose Match callback is desired. Must be non-NULL. michael@0: * "pCallback" michael@0: * Address where Match callback function pointer will be stored. michael@0: * Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CRLSelector_GetMatchCallback( michael@0: PKIX_CRLSelector *selector, michael@0: PKIX_CRLSelector_MatchCallback *pCallback, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) michael@0: * of the CRLSelector pointed to by "selector" and stores it at michael@0: * "pCRLSelectorContext". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CRLSelector whose context is to be stored. Must be non-NULL. michael@0: * "pCRLSelectorContext" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CRLSelector_GetCRLSelectorContext( michael@0: PKIX_CRLSelector *selector, michael@0: void **pCRLSelectorContext, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the ComCRLSelParams object that represent the common michael@0: * parameters of the CRLSelector pointed to by "selector" and stores it at michael@0: * "pCommonCRLSelectorParams". If there are no common parameters stored with michael@0: * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CRLSelector whose ComCRLSelParams are to be stored. michael@0: * Must be non-NULL. michael@0: * "pCommonCRLSelectorParams" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CRLSelector_GetCommonCRLSelectorParams( michael@0: PKIX_CRLSelector *selector, michael@0: PKIX_ComCRLSelParams **pCommonCRLSelectorParams, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the common parameters for the CRLSelector pointed to by "selector" michael@0: * using the ComCRLSelParams pointed to by "commonCRLSelectorParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "selector" michael@0: * Address of CRLSelector whose common parameters are to be set. michael@0: * Must be non-NULL. michael@0: * "commonCRLSelectorParams" michael@0: * Address of ComCRLSelParams representing the common parameters. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "selector" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_CRLSelector_SetCommonCRLSelectorParams( michael@0: PKIX_CRLSelector *selector, michael@0: PKIX_ComCRLSelParams *commonCRLSelectorParams, michael@0: void *plContext); michael@0: michael@0: /* PKIX_ComCRLSelParams michael@0: * michael@0: * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors, michael@0: * especially determining which CRLs to retrieve from a CertStore. michael@0: * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use michael@0: * the default implementation of MatchCallback, which understands how to michael@0: * process ComCRLSelParams. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new ComCRLSelParams object and stores it at "pParams". michael@0: * michael@0: * PARAMETERS: michael@0: * "pParams" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_Create( michael@0: PKIX_ComCRLSelParams **pParams, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the List of X500Names (if any) representing the michael@0: * issuer names criterion that is set in the ComCRLSelParams pointed to by michael@0: * "params" and stores it at "pNames". In order to match against this michael@0: * criterion, a CRL's IssuerName must match at least one of the criterion's michael@0: * issuer names. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pNames", in which case all CRLs are considered to match. michael@0: * michael@0: * Note that the List returned by this function is immutable. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose issuer names criterion (if any) is to michael@0: * be stored. Must be non-NULL. michael@0: * "pNames" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_GetIssuerNames( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_List **pNames, /* list of PKIX_PL_X500Name */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the issuer names criterion of the ComCRLSelParams pointed to by michael@0: * "params" using a List of X500Names pointed to by "names". In order to match michael@0: * against this criterion, a CRL's IssuerName must match at least one of the michael@0: * criterion's issuer names. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParamsParams whose issuer names criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "names" michael@0: * Address of List of X500Names used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_SetIssuerNames( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_List *names, /* list of PKIX_PL_X500Name */ michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName michael@0: * DESCRIPTION: michael@0: * michael@0: * Adds to the issuer names criterion of the ComCRLSelParams pointed to by michael@0: * "params" using the X500Name pointed to by "name". In order to match michael@0: * against this criterion, a CRL's IssuerName must match at least one of the michael@0: * criterion's issuer names. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose issuer names criterion is to be added michael@0: * to. Must be non-NULL. michael@0: * "name" michael@0: * Address of X500Name to be added. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_AddIssuerName( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_X500Name *name, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the Cert (if any) representing the certificate whose michael@0: * revocation status is being checked. This is not a criterion. It is simply michael@0: * optional information that may help a CertStore find relevant CRLs. michael@0: * michael@0: * If "params" does not have a certificate set, this function stores NULL at michael@0: * "pCert", in which case there is no optional information to provide. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose certificate being checked (if any) is michael@0: * to be stored. Must be non-NULL. michael@0: * "pCert" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_GetCertificateChecking( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_Cert **pCert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the ComCRLSelParams pointed to by "params" with the certificate michael@0: * (pointed to by "cert") whose revocation status is being checked. This is michael@0: * not a criterion. It is simply optional information that may help a michael@0: * CertStore find relevant CRLs. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose certificate being checked is to be michael@0: * set. Must be non-NULL. michael@0: * "cert" michael@0: * Address of Cert whose revocation status is being checked michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_SetCertificateChecking( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_Cert *cert, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the Date (if any) representing the dateAndTime michael@0: * criterion that is set in the ComCRLSelParams pointed to by "params" and michael@0: * stores it at "pDate". In order to match against this criterion, a CRL's michael@0: * thisUpdate component must be less than or equal to the criterion's michael@0: * dateAndTime and the CRL's nextUpdate component must be later than the michael@0: * criterion's dateAndTime. There is no match if the CRL does not contain a michael@0: * nextUpdate component. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pDate", in which case all CRLs are considered to match. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to michael@0: * be stored. Must be non-NULL. michael@0: * "pDate" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_GetDateAndTime( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_Date **pDate, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by michael@0: * "params" using a Date pointed to by "date". In order to match against this michael@0: * criterion, a CRL's thisUpdate component must be less than or equal to the michael@0: * criterion's dateAndTime and the CRL's nextUpdate component must be later michael@0: * than the criterion's dateAndTime. There is no match if the CRL does not michael@0: * contain a nextUpdate component. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "date" michael@0: * Address of Date used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_SetDateAndTime( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_Date *date, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the Boolean representing the NIST CRL policy michael@0: * activation flag that is set in the ComCRLSelParams pointed to by "params" michael@0: * and stores it at "enabled". If enabled, a CRL must have nextUpdate field. michael@0: * michael@0: * Default value for this flag is TRUE. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose NIST CRL policy criterion is to michael@0: * be stored. Must be non-NULL. michael@0: * "pEnabled" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_GetNISTPolicyEnabled( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_Boolean *pEnabled, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by michael@0: * "params" using a "enabled" flag. In order to match against this michael@0: * criterion, a CRL's nextUpdate must be available and criterion's michael@0: * dataAndTime must be within thisUpdate and nextUpdate time period. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParamsParams whose NIST CRL policy criterion michael@0: * is to be set. Must be non-NULL. michael@0: * "enabled" michael@0: * Address of Bollean used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_SetNISTPolicyEnabled( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_Boolean enabled, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber michael@0: * criterion that is set in the ComCRLSelParams pointed to by "params" and michael@0: * stores it at "pNumber". In order to match against this criterion, a CRL michael@0: * must have a CRL number extension whose value is less than or equal to the michael@0: * criterion's value. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pNumber", in which case all CRLs are considered to match. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to michael@0: * be stored. Must be non-NULL. michael@0: * "pNumber" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_GetMaxCRLNumber( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_BigInt **pNumber, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by michael@0: * "params" using a BigInt pointed to by "number". In order to match against michael@0: * this criterion, a CRL must have a CRL number extension whose value is less michael@0: * than or equal to the criterion's value. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "number" michael@0: * Address of BigInt used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_SetMaxCRLNumber( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_BigInt *number, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber michael@0: * criterion that is set in the ComCRLSelParams pointed to by "params" and michael@0: * stores it at "pNumber". In order to match against this criterion, a CRL michael@0: * must have a CRL number extension whose value is greater than or equal to michael@0: * the criterion's value. michael@0: * michael@0: * If "params" does not have this criterion set, this function stores NULL at michael@0: * "pNumber", in which case all CRLs are considered to match. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to michael@0: * be stored. Must be non-NULL. michael@0: * "pNumber" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Conditionally Thread Safe michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_GetMinCRLNumber( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_BigInt **pNumber, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by michael@0: * "params" using a BigInt pointed to by "number". In order to match against michael@0: * this criterion, a CRL must have a CRL number extension whose value is michael@0: * greater than or equal to the criterion's value. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "number" michael@0: * Address of BigInt used to set the criterion michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_ComCRLSelParams_SetMinCRLNumber( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_PL_BigInt *number, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets crldp list that can be used to download a crls. michael@0: * michael@0: * PARAMETERS: michael@0: * "params" michael@0: * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be michael@0: * set. Must be non-NULL. michael@0: * "crldpList" michael@0: * A list of CRLDPs. Can be an emptry list. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Not Thread Safe - assumes exclusive access to "params" michael@0: * (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error* michael@0: PKIX_ComCRLSelParams_SetCrlDp( michael@0: PKIX_ComCRLSelParams *params, michael@0: PKIX_List *crldpList, michael@0: void *plContext); michael@0: michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* _PKIX_CRLSEL_H */