michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: /*
michael@0:  * pkix_policychecker.h
michael@0:  *
michael@0:  * Header file for policy checker.
michael@0:  *
michael@0:  */
michael@0: 
michael@0: #ifndef _PKIX_POLICYCHECKER_H
michael@0: #define _PKIX_POLICYCHECKER_H
michael@0: 
michael@0: #include "pkix_tools.h"
michael@0: 
michael@0: #ifdef __cplusplus
michael@0: extern "C" {
michael@0: #endif
michael@0: 
michael@0: typedef struct PKIX_PolicyCheckerStateStruct PKIX_PolicyCheckerState;
michael@0: 
michael@0: struct PKIX_PolicyCheckerStateStruct{
michael@0:         PKIX_PL_OID *certPoliciesExtension;             /* const */
michael@0:         PKIX_PL_OID *policyMappingsExtension;           /* const */
michael@0:         PKIX_PL_OID *policyConstraintsExtension;        /* const */
michael@0:         PKIX_PL_OID *inhibitAnyPolicyExtension;         /* const */
michael@0:         PKIX_PL_OID *anyPolicyOID;                      /* const */
michael@0:         PKIX_Boolean initialIsAnyPolicy;                /* const */
michael@0:         PKIX_PolicyNode *validPolicyTree;
michael@0:         PKIX_List *userInitialPolicySet;                /* immutable */
michael@0:         PKIX_List *mappedUserInitialPolicySet;
michael@0:         PKIX_Boolean policyQualifiersRejected;
michael@0:         PKIX_Boolean initialPolicyMappingInhibit;
michael@0:         PKIX_Boolean initialExplicitPolicy;
michael@0:         PKIX_Boolean initialAnyPolicyInhibit;
michael@0:         PKIX_UInt32 explicitPolicy;
michael@0:         PKIX_UInt32 inhibitAnyPolicy;
michael@0:         PKIX_UInt32 policyMapping;
michael@0:         PKIX_UInt32 numCerts;
michael@0:         PKIX_UInt32 certsProcessed;
michael@0:         PKIX_PolicyNode *anyPolicyNodeAtBottom;
michael@0:         PKIX_PolicyNode *newAnyPolicyNode;
michael@0:         /*
michael@0:          * The following variables do not survive from one
michael@0:          * certificate to the next. They are needed at each
michael@0:          * level of recursive routines, any by placing them
michael@0:          * in the state object we can pass fewer arguments.
michael@0:          */
michael@0:         PKIX_Boolean certPoliciesCritical;
michael@0:         PKIX_List *mappedPolicyOIDs;
michael@0: };
michael@0: 
michael@0: PKIX_Error *
michael@0: pkix_PolicyChecker_Initialize(
michael@0:         PKIX_List *initialPolicies,
michael@0:         PKIX_Boolean policyQualifiersRejected,
michael@0:         PKIX_Boolean initialPolicyMappingInhibit,
michael@0:         PKIX_Boolean initialExplicitPolicy,
michael@0:         PKIX_Boolean initialAnyPolicyInhibit,
michael@0:         PKIX_UInt32 numCerts,
michael@0:         PKIX_CertChainChecker **pChecker,
michael@0:         void *plContext);
michael@0: 
michael@0: /* --Private-Functions-------------------------------------------- */
michael@0: 
michael@0: PKIX_Error *
michael@0: pkix_PolicyCheckerState_RegisterSelf(void *plContext);
michael@0: 
michael@0: #ifdef __cplusplus
michael@0: }
michael@0: #endif
michael@0: 
michael@0: #endif /* _PKIX_POLICYCHECKER_H */