michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * This file defines functions associated with CertStore types. michael@0: * michael@0: */ michael@0: michael@0: michael@0: #ifndef _PKIX_SAMPLEMODULES_H michael@0: #define _PKIX_SAMPLEMODULES_H michael@0: michael@0: #include "pkix_pl_common.h" michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: /* General michael@0: * michael@0: * Please refer to the libpkix Programmer's Guide for detailed information michael@0: * about how to use the libpkix library. Certain key warnings and notices from michael@0: * that document are repeated here for emphasis. michael@0: * michael@0: * All identifiers in this file (and all public identifiers defined in michael@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use michael@0: * within the library begin with "pkix_". michael@0: * michael@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. michael@0: * michael@0: * Unless otherwise noted, for all accessor (gettor) functions that return a michael@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a michael@0: * shared object. Therefore, the caller should treat this shared object as michael@0: * read-only and should not modify this shared object. When done using the michael@0: * shared object, the caller should release the reference to the object by michael@0: * using the PKIX_PL_Object_DecRef function. michael@0: * michael@0: * While a function is executing, if its arguments (or anything referred to by michael@0: * its arguments) are modified, free'd, or destroyed, the function's behavior michael@0: * is undefined. michael@0: * michael@0: */ michael@0: michael@0: /* PKIX_PL_CollectionCertStore michael@0: * michael@0: * A PKIX_CollectionCertStore provides an example for showing how to retrieve michael@0: * certificates and CRLs from a repository, such as a directory in the system. michael@0: * It is expected the directory is an absolute directory which contains CRL michael@0: * and Cert data files. CRL files are expected to have the suffix of .crl michael@0: * and Cert files are expected to have the suffix of .crt . michael@0: * michael@0: * Once the caller has created the CollectionCertStoreContext object, the caller michael@0: * then can call pkix_pl_CollectionCertStore_GetCert or michael@0: * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or michael@0: * PKIX_PL_CRL objects, respectively. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_CollectionCertStore_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new CollectionCertStore and returns it at michael@0: * "pColCertStore". michael@0: * michael@0: * PARAMETERS: michael@0: * "storeDir" michael@0: * The absolute path where *.crl files are located. michael@0: * "pColCertStoreContext" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CollectionCertStoreContext Error if the function fails in michael@0: * a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_CollectionCertStore_Create( michael@0: PKIX_PL_String *storeDir, michael@0: PKIX_CertStore **pCertStore, michael@0: void *plContext); michael@0: michael@0: /* PKIX_PL_PK11CertStore michael@0: * michael@0: * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11 michael@0: * database. The directory that contains the cert8.db, key3.db, and secmod.db michael@0: * files that comprise a PKCS11 database are specified in NSS initialization. michael@0: * michael@0: * Once the caller has created the Pk11CertStore object, the caller can call michael@0: * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain michael@0: * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_Pk11CertStore_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new Pk11CertStore and returns it at "pPk11CertStore". michael@0: * michael@0: * PARAMETERS: michael@0: * "pPk11CertStore" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertStore Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_Pk11CertStore_Create( michael@0: PKIX_CertStore **pPk11CertStore, michael@0: void *plContext); michael@0: michael@0: #ifndef NSS_PKIX_NO_LDAP michael@0: /* PKIX_PL_LdapCertStore michael@0: * michael@0: * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server michael@0: * over a socket connection. It used the LDAP protocol as described in RFC1777. michael@0: * michael@0: * Once the caller has created the LdapCertStore object, the caller can call michael@0: * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain michael@0: * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_LdapDefaultClient_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr", michael@0: * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI"; michael@0: * and stores the address of the default LdapClient at "pClient". michael@0: * michael@0: * At the time of this version, there are unresolved questions about the LDAP michael@0: * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not michael@0: * clear whether they are appropriate to this application. We have tested only michael@0: * using servers that do not expect authentication, and that reject BIND michael@0: * messages. It is not clear what values might be appropriate for the bindname michael@0: * and authentication fields, which are currently implemented as char strings michael@0: * supplied by the caller. (If this changes, the API and possibly the templates michael@0: * will have to change.) Therefore the Client_Create API contains a BindAPI michael@0: * structure, a union, which will have to be revised and extended when this michael@0: * area of the protocol is better understood. michael@0: * michael@0: * PARAMETERS: michael@0: * "sockaddr" michael@0: * Address of the PRNetAddr to be used for the socket connection. Must be michael@0: * non-NULL. michael@0: * "timeout" michael@0: * The PRIntervalTime value to be used as a timeout value in socket calls; michael@0: * a zero value indicates non-blocking I/O is to be used. michael@0: * "bindAPI" michael@0: * The address of a BindAPI to be used if a BIND message is required. If michael@0: * this argument is NULL, no Bind (or Unbind) will be sent. michael@0: * "pClient" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertStore Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_LdapDefaultClient_Create( michael@0: PRNetAddr *sockaddr, michael@0: PRIntervalTime timeout, michael@0: LDAPBindAPI *bindAPI, michael@0: PKIX_PL_LdapDefaultClient **pClient, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates an LdapDefaultClient using the hostname poined to by "hostname", michael@0: * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI"; michael@0: * and stores the address of the default LdapClient at "pClient". michael@0: * michael@0: * At the time of this version, there are unresolved questions about the LDAP michael@0: * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not michael@0: * clear whether they are appropriate to this application. We have tested only michael@0: * using servers that do not expect authentication, and that reject BIND michael@0: * messages. It is not clear what values might be appropriate for the bindname michael@0: * and authentication fields, which are currently implemented as char strings michael@0: * supplied by the caller. (If this changes, the API and possibly the templates michael@0: * will have to change.) Therefore the Client_Create API contains a BindAPI michael@0: * structure, a union, which will have to be revised and extended when this michael@0: * area of the protocol is better understood. michael@0: * michael@0: * PARAMETERS: michael@0: * "hostname" michael@0: * Address of the hostname to be used for the socket connection. Must be michael@0: * non-NULL. michael@0: * "timeout" michael@0: * The PRIntervalTime value to be used as a timeout value in socket calls; michael@0: * a zero value indicates non-blocking I/O is to be used. michael@0: * "bindAPI" michael@0: * The address of a BindAPI to be used if a BIND message is required. If michael@0: * this argument is NULL, no Bind (or Unbind) will be sent. michael@0: * "pClient" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertStore Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_LdapDefaultClient_CreateByName( michael@0: char *hostname, michael@0: PRIntervalTime timeout, michael@0: LDAPBindAPI *bindAPI, michael@0: PKIX_PL_LdapDefaultClient **pClient, michael@0: void *plContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_LdapCertStore_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new LdapCertStore using the LdapClient pointed to by "client", michael@0: * and stores the address of the CertStore at "pCertStore". michael@0: * michael@0: * PARAMETERS: michael@0: * "client" michael@0: * Address of the LdapClient to be used. Must be non-NULL. michael@0: * "pCertStore" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertStore Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_LdapCertStore_Create( michael@0: PKIX_PL_LdapClient *client, michael@0: PKIX_CertStore **pCertStore, michael@0: void *plContext); michael@0: #endif /* !NSS_PKIX_NO_LDAP */ michael@0: michael@0: /* PKIX_PL_NssContext michael@0: * michael@0: * A PKIX_PL_NssContext provides an example showing how the "plContext" michael@0: * argument, that is part of every libpkix function call, can be used. michael@0: * The "plContext" is the Portability Layer Context, which can be used michael@0: * to communicate layer-specific information from the application to the michael@0: * underlying Portability Layer (while bypassing the Portable Code, which michael@0: * blindly passes the plContext on to every function call). michael@0: * michael@0: * In this case, NSS serves as both the application and the Portability Layer. michael@0: * We define an NSS-specific structure, which includes an arena and a number michael@0: * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument, michael@0: * wincx, is used on Windows platforms for PKCS11 access, and should be set to michael@0: * NULL for other platforms. michael@0: * Before calling any of the libpkix functions, the caller should create the NSS michael@0: * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context michael@0: * as the "plContext" argument in every libpkix function call the caller makes. michael@0: * When the caller is finished using the NSS context (usually just after he michael@0: * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to michael@0: * free the NSS context structure. michael@0: */ michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_NssContext_Create michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new NssContext using the certificate usage(s) specified by michael@0: * "certUsage" and stores it at "pNssContext". This function also internally michael@0: * creates an arena and stores it as part of the NssContext structure. Unlike michael@0: * most other libpkix API functions, this function does not take a "plContext" michael@0: * parameter. michael@0: * michael@0: * PARAMETERS: michael@0: * "certUsage" michael@0: * The desired SECCertificateUsage(s). michael@0: * "useNssArena" michael@0: * Boolean flag indicates NSS Arena is used for memory allocation. michael@0: * "wincx" michael@0: * A Windows-dependent pointer for PKCS11 token handling. michael@0: * "pNssContext" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Context Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_NssContext_Create( michael@0: PKIX_UInt32 certificateUsage, michael@0: PKIX_Boolean useNssArena, michael@0: void *wincx, michael@0: void **pNssContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_NssContext_Destroy michael@0: * DESCRIPTION: michael@0: * michael@0: * Frees the structure pointed to by "nssContext" along with any of its michael@0: * associated memory. Unlike most other libpkix API functions, this function michael@0: * does not take a "plContext" parameter. michael@0: * michael@0: * PARAMETERS: michael@0: * "nssContext" michael@0: * Address of NssContext to be destroyed. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Context Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_NssContext_Destroy( michael@0: void *nssContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_NssContext_SetTimeout michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets IO timeout for network operations like OCSP response and cert michael@0: * fetching. michael@0: * michael@0: * PARAMETERS: michael@0: * "nssContext" michael@0: * Address of NssContext to be destroyed. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Context Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets maximum responce length allowed during network IO operations. michael@0: * michael@0: * PARAMETERS: michael@0: * "nssContext" michael@0: * Address of NssContext to be destroyed. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Context Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets user defined timeout between attempts to load crl using michael@0: * CRLDP. michael@0: * michael@0: * PARAMETERS: michael@0: * "delaySeconds" michael@0: * Reload delay in seconds. michael@0: * "nssContext" michael@0: * Address of NssContext to be destroyed. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Context Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds, michael@0: PKIX_PL_NssContext *nssContext); michael@0: michael@0: /* michael@0: * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay michael@0: * DESCRIPTION: michael@0: * michael@0: * Sets user defined timeout between attempts to load crls michael@0: * that failed to decode. michael@0: * michael@0: * PARAMETERS: michael@0: * "delaySeconds" michael@0: * Reload delay in seconds. michael@0: * "nssContext" michael@0: * Address of NssContext to be destroyed. Must be non-NULL. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a Context Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds, michael@0: PKIX_PL_NssContext *nssContext); michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* _PKIX_SAMPLEMODULES_H */