| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| /* |
| * This file defines functions associated with the PKIX_CertSelector and the |
| * PKIX_ComCertSelParams types. |
| * |
| */ |
| |
| #ifndef _PKIX_CERTSEL_H |
| #define _PKIX_CERTSEL_H |
| |
| #include "pkixt.h" |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* General |
| * |
| * Please refer to the libpkix Programmer's Guide for detailed information |
| * about how to use the libpkix library. Certain key warnings and notices from |
| * that document are repeated here for emphasis. |
| * |
| * All identifiers in this file (and all public identifiers defined in |
| * libpkix) begin with "PKIX_". Private identifiers only intended for use |
| * within the library begin with "pkix_". |
| * |
| * A function returns NULL upon success, and a PKIX_Error pointer upon failure. |
| * |
| * Unless otherwise noted, for all accessor (gettor) functions that return a |
| * PKIX_PL_Object pointer, callers should assume that this pointer refers to a |
| * shared object. Therefore, the caller should treat this shared object as |
| * read-only and should not modify this shared object. When done using the |
| * shared object, the caller should release the reference to the object by |
| * using the PKIX_PL_Object_DecRef function. |
| * |
| * While a function is executing, if its arguments (or anything referred to by |
| * its arguments) are modified, free'd, or destroyed, the function's behavior |
| * is undefined. |
| * |
| */ |
| |
| /* PKIX_CertSelector |
| * |
| * PKIX_CertSelectors provide a standard way for the caller to select |
| * certificates based on particular criteria. A CertSelector is typically used |
| * by the caller to specify the constraints they wish to impose on the target |
| * certificate in a chain. (see pkix_params.h) A CertSelector is also often |
| * used to retrieve certificates from a CertStore that match the selector's |
| * criteria. (See pkix_certstore.h) For example, the caller may wish to only |
| * select those certificates that have a particular Subject Distinguished Name |
| * and a particular value for a private certificate extension. The |
| * MatchCallback allows the caller to specify the custom matching logic to be |
| * used by a CertSelector. |
| * |
| * By default, the MatchCallback is set to point to the default implementation |
| * provided by libpkix, which understands how to process the most common |
| * parameters. If the default implementation is used, the caller should set |
| * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams. |
| * Any common parameter that is not set is assumed to be disabled, which means |
| * the default MatchCallback implementation will select all certificates |
| * without regard to that particular disabled parameter. For example, if the |
| * SerialNumber parameter is not set, MatchCallback will not filter out any |
| * certificate based on its serial number. As such, if no parameters are set, |
| * all are disabled and any certificate will match. If a parameter is |
| * disabled, its associated PKIX_ComCertSelParams_Get* function returns a |
| * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints |
| * and PKIX_ComCertSelParams_GetVersion, or 0 for |
| * PKIX_ComCertSelParams_GetKeyUsage. |
| * |
| * If a custom implementation is desired, the default implementation can be |
| * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the |
| * CertSelector can be initialized with a certSelectorContext, which is where |
| * the caller can specify the desired parameters the caller wishes to match |
| * against. Note that this certSelectorContext must be an Object (although any |
| * object type), allowing it to be reference-counted and allowing it to |
| * provide the standard Object functions (Equals, Hashcode, ToString, Compare, |
| * Duplicate). |
| * |
| */ |
| |
| /* |
| * FUNCTION: PKIX_CertSelector_MatchCallback |
| * DESCRIPTION: |
| * |
| * This callback function determines whether the specified Cert pointed to by |
| * "cert" matches the criteria of the CertSelector pointed to by "selector". |
| * If the Cert does not matches the CertSelector's criteria, an exception will |
| * be thrown. |
| * |
| * PARAMETERS: |
| * "selector" |
| * Address of CertSelector whose MatchCallback logic and parameters are |
| * to be used. Must be non-NULL. |
| * "cert" |
| * Address of Cert that is to be matched using "selector". |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe |
| * |
| * Multiple threads must be able to safely call this function without |
| * worrying about conflicts, even if they're operating on the same object. |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| typedef PKIX_Error * |
| (*PKIX_CertSelector_MatchCallback)( |
| PKIX_CertSelector *selector, |
| PKIX_PL_Cert *cert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_CertSelector_Create |
| * DESCRIPTION: |
| * |
| * Creates a new CertSelector using the Object pointed to by |
| * "certSelectorContext" (if any) and stores it at "pSelector". As noted |
| * above, by default, the MatchCallback is set to point to the default |
| * implementation provided by libpkix, which understands how to process |
| * ComCertSelParams objects. This is overridden if the MatchCallback pointed |
| * to by "callback" is not NULL, in which case the parameters are specified |
| * using the certSelectorContext. |
| * |
| * PARAMETERS: |
| * "callback" |
| * The MatchCallback function to be used. |
| * "certSelectorContext" |
| * Address of Object representing the CertSelector's context (if any). |
| * "pSelector" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_CertSelector_Create( |
| PKIX_CertSelector_MatchCallback callback, |
| PKIX_PL_Object *certSelectorContext, |
| PKIX_CertSelector **pSelector, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_CertSelector_GetMatchCallback |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to "selector's" Match callback function and puts it in |
| * "pCallback". |
| * |
| * PARAMETERS: |
| * "selector" |
| * The CertSelector whose Match callback is desired. Must be non-NULL. |
| * "pCallback" |
| * Address where Match callback function pointer will be stored. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_CertSelector_GetMatchCallback( |
| PKIX_CertSelector *selector, |
| PKIX_CertSelector_MatchCallback *pCallback, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_CertSelector_GetCertSelectorContext |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) |
| * of the CertSelector pointed to by "selector" and stores it at |
| * "pCertSelectorContext". |
| * |
| * PARAMETERS: |
| * "selector" |
| * Address of CertSelector whose context is to be stored. |
| * Must be non-NULL. |
| * "pCertSelectorContext" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_CertSelector_GetCertSelectorContext( |
| PKIX_CertSelector *selector, |
| PKIX_PL_Object **pCertSelectorContext, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the ComCertSelParams object that represent the |
| * common parameters of the CertSelector pointed to by "selector" and stores |
| * it at "pCommonCertSelectorParams". If there are no common parameters |
| * stored with the CertSelector, this function stores NULL at |
| * "pCommonCertSelectorParams". |
| * |
| * PARAMETERS: |
| * "selector" |
| * Address of CertSelector whose ComCertSelParams object is to be stored. |
| * Must be non-NULL. |
| * "pCommonCertSelectorParams" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_CertSelector_GetCommonCertSelectorParams( |
| PKIX_CertSelector *selector, |
| PKIX_ComCertSelParams **pCommonCertSelectorParams, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams |
| * DESCRIPTION: |
| * |
| * Sets the common parameters for the CertSelector pointed to by "selector" |
| * using the ComCertSelParams object pointed to by "commonCertSelectorParams". |
| * |
| * PARAMETERS: |
| * "selector" |
| * Address of CertSelector whose common parameters are to be set. |
| * Must be non-NULL. |
| * "commonCertSelectorParams" |
| * Address of ComCertSelParams object representing the common parameters. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "selector" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_CertSelector_SetCommonCertSelectorParams( |
| PKIX_CertSelector *selector, |
| PKIX_ComCertSelParams *commonCertSelectorParams, |
| void *plContext); |
| |
| /* PKIX_ComCertSelParams |
| * |
| * PKIX_ComCertSelParams objects are X.509 parameters commonly used with |
| * CertSelectors, especially when enforcing constraints on a target |
| * certificate or determining which certificates to retrieve from a CertStore. |
| * ComCertSelParams objects are typically used with those CertSelectors that |
| * use the default implementation of MatchCallback, which understands how to |
| * process ComCertSelParams objects. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_Create |
| * DESCRIPTION: |
| * |
| * Creates a new ComCertSelParams object and stores it at "pParams". |
| * |
| * PARAMETERS: |
| * "pParams" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_Create( |
| PKIX_ComCertSelParams **pParams, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of GeneralNames (if any) representing the |
| * subject alternative names criterion that is set in the ComCertSelParams |
| * object pointed to by "params" and stores it at "pNames". In order to match |
| * against this criterion, a certificate must contain all or at least one of |
| * the criterion's subject alternative names (depending on the result of |
| * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior |
| * requires a certificate to contain all of the criterion's subject |
| * alternative names in order to match. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pNames", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject alternative names |
| * criterion (if any) is to be stored. Must be non-NULL. |
| * "pNames" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSubjAltNames( |
| PKIX_ComCertSelParams *params, |
| PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames |
| * DESCRIPTION: |
| * |
| * Sets the subject alternative names criterion of the ComCertSelParams object |
| * pointed to by "params" using a List of GeneralNames pointed to by "names". |
| * In order to match against this criterion, a certificate must contain all or |
| * at least one of the criterion's subject alternative names (depending on the |
| * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default |
| * behavior requires a certificate to contain all of the criterion's subject |
| * alternative names in order to match. |
| * |
| * If "names" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject alternative |
| * names criterion is to be set. Must be non-NULL. |
| * "names" |
| * Address of List of GeneralNames used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSubjAltNames( |
| PKIX_ComCertSelParams *params, |
| PKIX_List *names, /* list of PKIX_PL_GeneralName */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName |
| * DESCRIPTION: |
| * |
| * Adds to the subject alternative names criterion of the ComCertSelParams |
| * object pointed to by "params" using the GeneralName pointed to by "name". |
| * In order to match against this criterion, a certificate must contain all |
| * or at least one of the criterion's subject alternative names (depending on |
| * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default |
| * behavior requires a certificate to contain all of the criterion's subject |
| * alternative names in order to match. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject alternative names |
| * criterion is to be added to. Must be non-NULL. |
| * "name" |
| * Address of GeneralName to be added. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_AddSubjAltName( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_GeneralName *name, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetPathToNames |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of GeneralNames (if any) representing the |
| * path to names criterion that is set in the ComCertSelParams object pointed |
| * to by "params" and stores it at "pNames". In order to match against this |
| * criterion, a certificate must not include name constraints that would |
| * prohibit building a path to the criterion's specified names. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pNames", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose path to names criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pNames" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetPathToNames( |
| PKIX_ComCertSelParams *params, |
| PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetPathToNames |
| * DESCRIPTION: |
| * |
| * Sets the path to names criterion of the ComCertSelParams object pointed to |
| * by "params" using a List of GeneralNames pointed to by "names". In order to |
| * match against this criterion, a certificate must not include name |
| * constraints that would prohibit building a path to the criterion's |
| * specified names. |
| * |
| * If "names" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose path to names criterion |
| * is to be set. Must be non-NULL. |
| * "names" |
| * Address of List of GeneralNames used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetPathToNames( |
| PKIX_ComCertSelParams *params, |
| PKIX_List *names, /* list of PKIX_PL_GeneralName */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_AddPathToName |
| * DESCRIPTION: |
| * |
| * Adds to the path to names criterion of the ComCertSelParams object pointed |
| * to by "params" using the GeneralName pointed to by "pathToName". In order |
| * to match against this criterion, a certificate must not include name |
| * constraints that would prohibit building a path to the criterion's |
| * specified names. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose path to names criterion is to |
| * be added to. Must be non-NULL. |
| * "pathToName" |
| * Address of GeneralName to be added. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_AddPathToName( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_GeneralName *pathToName, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the ByteArray (if any) representing the authority |
| * key identifier criterion that is set in the ComCertSelParams object |
| * pointed to by "params" and stores it at "pAuthKeyId". In order to match |
| * against this criterion, a certificate must contain an |
| * AuthorityKeyIdentifier extension whose value matches the criterion's |
| * authority key identifier value. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pAuthKeyId", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose authority key identifier |
| * criterion (if any) is to be stored. Must be non-NULL. |
| * "pAuthKeyId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetAuthorityKeyIdentifier( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_ByteArray **pAuthKeyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier |
| * DESCRIPTION: |
| * |
| * Sets the authority key identifier criterion of the ComCertSelParams object |
| * pointed to by "params" to the ByteArray pointed to by "authKeyId". In |
| * order to match against this criterion, a certificate must contain an |
| * AuthorityKeyIdentifier extension whose value matches the criterion's |
| * authority key identifier value. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose authority key identifier |
| * criterion is to be set. Must be non-NULL. |
| * "authKeyId" |
| * Address of ByteArray used to set the criterion |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetAuthorityKeyIdentifier( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_ByteArray *authKeyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the ByteArray (if any) representing the subject key |
| * identifier criterion that is set in the ComCertSelParams object pointed to |
| * by "params" and stores it at "pSubjKeyId". In order to match against this |
| * criterion, a certificate must contain a SubjectKeyIdentifier extension |
| * whose value matches the criterion's subject key identifier value. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pSubjKeyId", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject key identifier |
| * criterion (if any) is to be stored. Must be non-NULL. |
| * "pSubjKeyId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSubjKeyIdentifier( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_ByteArray **pSubjKeyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier |
| * DESCRIPTION: |
| * |
| * Sets the subject key identifier criterion of the ComCertSelParams object |
| * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In |
| * order to match against this criterion, a certificate must contain an |
| * SubjectKeyIdentifier extension whose value matches the criterion's subject |
| * key identifier value. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject key identifier |
| * criterion is to be set. Must be non-NULL. |
| * "subjKeyId" |
| * Address of ByteArray used to set the criterion |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSubjKeyIdentifier( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_ByteArray *subKeyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the PublicKey (if any) representing the subject |
| * public key criterion that is set in the ComCertSelParams object pointed to |
| * by "params" and stores it at "pPubKey". In order to match against this |
| * criterion, a certificate must contain a SubjectPublicKey that matches the |
| * criterion's public key. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pPubKey", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject public key criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pPubKey" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSubjPubKey( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_PublicKey **pPubKey, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey |
| * DESCRIPTION: |
| * |
| * Sets the subject public key criterion of the ComCertSelParams object |
| * pointed to by "params" using a PublicKey pointed to by "pubKey". In order |
| * to match against this criterion, a certificate must contain a |
| * SubjectPublicKey that matches the criterion's public key. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject public key |
| * criterion is to be set. Must be non-NULL. |
| * "pubKey" |
| * Address of PublicKey used to set the criterion |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSubjPubKey( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_PublicKey *pubKey, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the OID (if any) representing the subject public key |
| * algorithm identifier criterion that is set in the ComCertSelParams object |
| * pointed to by "params" and stores it at "pPubKey". In order to match |
| * against this criterion, a certificate must contain a SubjectPublicKey with |
| * an algorithm that matches the criterion's algorithm. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pAlgId", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject public key algorithm |
| * identifier (if any) is to be stored. Must be non-NULL. |
| * "pAlgId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSubjPKAlgId( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_OID **pAlgId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId |
| * DESCRIPTION: |
| * |
| * Sets the subject public key algorithm identifier criterion of the |
| * ComCertSelParams object pointed to by "params" using an OID pointed to by |
| * "algId". In order to match against this criterion, a certificate must |
| * contain a SubjectPublicKey with an algorithm that matches the criterion's |
| * algorithm. |
| * |
| * If "algId" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject public key |
| * algorithm identifier criterion is to be set. Must be non-NULL. |
| * "algId" |
| * Address of OID used to set criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSubjPKAlgId( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_OID *algId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the minimum path length (if any) representing the |
| * basic constraints criterion that is set in the ComCertSelParams object |
| * pointed to by "params" and stores it at "pMinPathLength". In order to |
| * match against this criterion, there are several possibilities. |
| * |
| * 1) If the criterion's minimum path length is greater than or equal to zero, |
| * a certificate must include a BasicConstraints extension with a pathLen of |
| * at least this value. |
| * |
| * 2) If the criterion's minimum path length is -2, a certificate must be an |
| * end-entity certificate. |
| * |
| * 3) If the criterion's minimum path length is -1, no basic constraints check |
| * is done and all certificates are considered to match this criterion. |
| * |
| * The semantics of other values of the criterion's minimum path length are |
| * undefined but may be defined in future versions of the API. |
| * |
| * If "params" does not have this criterion set, this function stores -1 at |
| * "pMinPathLength", in which case all certificates are considered to match |
| * this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose basic constraints criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pMinPathLength" |
| * Address where PKIX_Int32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetBasicConstraints( |
| PKIX_ComCertSelParams *params, |
| PKIX_Int32 *pMinPathLength, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints |
| * DESCRIPTION: |
| * |
| * Sets the basic constraints criterion of the ComCertSelParams object |
| * pointed to by "params" using the integer value of "minPathLength". In |
| * order to match against this criterion, there are several possibilities. |
| * |
| * 1) If the criterion's minimum path length is greater than or equal to zero, |
| * a certificate must include a BasicConstraints extension with a pathLen of |
| * at least this value. |
| * |
| * 2) If the criterion's minimum path length is -2, a certificate must be an |
| * end-entity certificate. |
| * |
| * 3) If the criterion's minimum path length is -1, no basic constraints check |
| * is done and all certificates are considered to match this criterion. |
| * |
| * The semantics of other values of the criterion's minimum path length are |
| * undefined but may be defined in future versions of the API. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose basic constraints |
| * criterion is to be set. Must be non-NULL. |
| * "minPathLength" |
| * Value of PKIX_Int32 used to set the criterion |
| * (or -1 to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetBasicConstraints( |
| PKIX_ComCertSelParams *params, |
| PKIX_Int32 minPathLength, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetCertificate |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the Cert (if any) representing the certificate |
| * criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pCert". In order to match against this |
| * criterion, a certificate must be equal to the criterion's certificate. If |
| * this criterion is specified, it is usually not necessary to specify any |
| * other criteria, since this criterion requires an exact certificate match. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pCert", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose certificate criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pCert" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetCertificate( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_Cert **pCert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetCertificate |
| * DESCRIPTION: |
| * |
| * Sets the certificate criterion of the ComCertSelParams object pointed to by |
| * "params" using a Cert pointed to by "cert". In order to match against this |
| * criterion, a certificate must be equal to the criterion's certificate. |
| * If this criterion is specified, it is usually not necessary to specify |
| * any other criteria, since this criterion requires an exact certificate |
| * match. |
| * |
| * If "cert" is NULL, all certificates are considered to match this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose certificate criterion is to be |
| * set. Must be non-NULL. |
| * "cert" |
| * Address of Cert used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetCertificate( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_Cert *cert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the Date (if any) representing the certificate |
| * validity criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pDate". In order to match against this |
| * criterion, a certificate's validity period must include the criterion's |
| * Date. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pDate", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose certificate validity criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pDate" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetCertificateValid( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_Date **pDate, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid |
| * DESCRIPTION: |
| * |
| * Sets the certificate validity criterion of the ComCertSelParams object |
| * pointed to by "params" using a Date pointed to by "date". In order to |
| * match against this criterion, a certificate's validity period must include |
| * the criterion's Date. |
| * |
| * If "date" is NULL, all certificates are considered to match this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose certificate validity criterion |
| * is to be set. Must be non-NULL. |
| * "date" |
| * Address of Date used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetCertificateValid( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_Date *date, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the BigInt (if any) representing the serial number |
| * criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pSerialNumber". In order to match against this |
| * criterion, a certificate must have a serial number equal to the |
| * criterion's serial number. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pSerialNumber", in which case all certificates are considered to match |
| * this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose serial number criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pSerialNumber" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSerialNumber( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_BigInt **pSerialNumber, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber |
| * DESCRIPTION: |
| * |
| * Sets the serial number criterion of the ComCertSelParams object pointed to |
| * by "params" using a BigInt pointed to by "serialNumber". In order to match |
| * against this criterion, a certificate must have a serial number equal to |
| * the criterion's serial number. |
| * |
| * If "serialNumber" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose serial number criterion is to |
| * be set. Must be non-NULL. |
| * "serialNumber" |
| * Address of BigInt used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSerialNumber( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_BigInt *serialNumber, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetVersion |
| * DESCRIPTION: |
| * |
| * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is |
| * set in the ComCertSelParams object pointed to by "params" and stores it at |
| * "pVersion". In order to match against this criterion, a certificate's |
| * version must be equal to the criterion's version. |
| * |
| * The version number will either be 0, 1, or 2 (corresponding to |
| * v1, v2, or v3, respectively). |
| * |
| * If "params" does not have this criterion set, this function stores |
| * 0xFFFFFFFF at "pVersion", in which case all certificates are considered |
| * to match this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose version criterion (if any) is |
| * to be stored. Must be non-NULL. |
| * "pVersion" |
| * Address where PKIX_Int32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetVersion( |
| PKIX_ComCertSelParams *params, |
| PKIX_UInt32 *pVersion, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetVersion |
| * DESCRIPTION: |
| * |
| * Sets the version criterion of the ComCertSelParams object pointed to by |
| * "params" using the integer value of "version". In order to match against |
| * this criterion, a certificate's version must be equal to the criterion's |
| * version. If the criterion's version is -1, no version check is done and |
| * all certificates are considered to match this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose version criterion is to be |
| * set. Must be non-NULL. |
| * "version" |
| * Value of PKIX_Int32 used to set the criterion |
| * (or -1 to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetVersion( |
| PKIX_ComCertSelParams *params, |
| PKIX_Int32 version, |
| void *plContext); |
| |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage |
| * DESCRIPTION: |
| * |
| * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that |
| * is set in the ComCertSelParams object pointed to by "params" and stores it |
| * at "pKeyUsage". In order to match against this criterion, a certificate |
| * must allow the criterion's key usage values. Note that a certificate that |
| * has no KeyUsage extension implicity allows all key usages. Note also that |
| * this functions supports a maximum of 32 key usage bits. |
| * |
| * If "params" does not have this criterion set, this function stores zero at |
| * "pKeyUsage", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose key usage criterion (if any) |
| * is to be stored. Must be non-NULL. |
| * "pKeyUsage" |
| * Address where PKIX_UInt32 will be stored. Must not be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetKeyUsage( |
| PKIX_ComCertSelParams *params, |
| PKIX_UInt32 *pKeyUsage, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage |
| * DESCRIPTION: |
| * |
| * Sets the key usage criterion of the ComCertSelParams object pointed to by |
| * "params" using the integer value of "keyUsage". In order to match against |
| * this criterion, a certificate must allow the criterion's key usage values. |
| * Note that a certificate that has no KeyUsage extension implicity allows |
| * all key usages. Note also that this functions supports a maximum of 32 key |
| * usage bits. |
| * |
| * If the criterion's key usage value is zero, no key usage check is done and |
| * all certificates are considered to match this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose key usage criterion is to be |
| * set. Must be non-NULL. |
| * "keyUsage" |
| * Value of PKIX_Int32 used to set the criterion |
| * (or zero to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetKeyUsage( |
| PKIX_ComCertSelParams *params, |
| PKIX_UInt32 keyUsage, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of OIDs (if any) representing the extended |
| * key usage criterion that is set in the ComCertSelParams object pointed to |
| * by "params" and stores it at "pExtKeyUsage". In order to match against this |
| * criterion, a certificate's ExtendedKeyUsage extension must allow the |
| * criterion's extended key usages. Note that a certificate that has no |
| * ExtendedKeyUsage extension implicity allows all key purposes. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pExtKeyUsage", in which case all certificates are considered to match |
| * this criterion. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose extended key usage criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pExtKeyUsage" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetExtendedKeyUsage( |
| PKIX_ComCertSelParams *params, |
| PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage |
| * DESCRIPTION: |
| * |
| * Sets the extended key usage criterion of the ComCertSelParams object |
| * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage". |
| * In order to match against this criterion, a certificate's ExtendedKeyUsage |
| * extension must allow the criterion's extended key usages. Note that a |
| * certificate that has no ExtendedKeyUsage extension implicitly allows all |
| * key purposes. |
| * |
| * If "extKeyUsage" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose extended key usage criterion |
| * is to be set. Must be non-NULL. |
| * "extKeyUsage" |
| * Address of List of OIDs used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetExtendedKeyUsage( |
| PKIX_ComCertSelParams *params, |
| PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetPolicy |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of OIDs (if any) representing the policy |
| * criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pPolicy". In order to match against this |
| * criterion, a certificate's CertificatePolicies extension must include at |
| * least one of the criterion's policies. If "params" has this criterion set, |
| * but the List of OIDs is empty, then a certificate's CertificatePolicies |
| * extension must include at least some policy. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pPolicy", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose policy criterion (if any) is |
| * to be stored. Must be non-NULL. |
| * "pPolicy" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetPolicy( |
| PKIX_ComCertSelParams *params, |
| PKIX_List **pPolicy, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetPolicy |
| * DESCRIPTION: |
| * |
| * Sets the policy criterion of the ComCertSelParams object pointed to by |
| * "params" using a List of OIDs pointed to by "policy". In order to match |
| * against this criterion, a certificate's CertificatePolicies extension must |
| * include at least one of the criterion's policies. If "params" has this |
| * criterion set, but the List of OIDs is empty, then a certificate's |
| * CertificatePolicies extension must include at least some policy. |
| * |
| * If "policy" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose policy criterion is to be set. |
| * Must be non-NULL. |
| * "policy" |
| * Address of List of OIDs used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetPolicy( |
| PKIX_ComCertSelParams *params, |
| PKIX_List *policy, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetIssuer |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the X500Name (if any) representing the issuer |
| * criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pIssuer". In order to match against this |
| * criterion, a certificate's IssuerName must match the criterion's issuer |
| * name. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pIssuer", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose issuer criterion (if any) is |
| * to be stored. Must be non-NULL. |
| * "pIssuer" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetIssuer( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_X500Name **pIssuer, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetIssuer |
| * DESCRIPTION: |
| * |
| * Sets the issuer criterion of the ComCertSelParams object pointed to by |
| * "params" using an X500Name pointed to by "issuer". In order to match |
| * against this criterion, a certificate's IssuerName must match the |
| * criterion's issuer name. |
| * |
| * If "issuer" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose issuer criterion is to be set. |
| * Must be non-NULL. |
| * "issuer" |
| * Address of X500Name used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetIssuer( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_X500Name *issuer, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSubject |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the X500Name (if any) representing the subject |
| * criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pSubject". In order to match against this |
| * criterion, a certificate's SubjectName must match the criterion's subject |
| * name. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pSubject", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject criterion (if any) is |
| * to be stored. Must be non-NULL. |
| * "pSubject" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSubject( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_X500Name **pSubject, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSubject |
| * DESCRIPTION: |
| * |
| * Sets the subject criterion of the ComCertSelParams object pointed to by |
| * "params" using an X500Name pointed to by "subject". In order to match |
| * against this criterion, a certificate's SubjectName must match the |
| * criterion's subject name. |
| * |
| * If "subject" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject criterion is to be |
| * set. Must be non-NULL. |
| * "subject" |
| * Address of X500Name used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSubject( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_X500Name *subject, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the ByteArray (if any) representing the subject |
| * criterion that is set in the ComCertSelParams object pointed to by |
| * "params" and stores it at "pSubject". In order to match against this |
| * criterion, a certificate's SubjectName must match the criterion's subject |
| * name. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pSubject", in which case all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject criterion (if any) is |
| * to be stored. Must be non-NULL. |
| * "pSubject" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetSubjectAsByteArray( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_ByteArray **pSubject, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray |
| * DESCRIPTION: |
| * |
| * Sets the subject criterion of the ComCertSelParams object pointed to by |
| * "params" using a ByteArray pointed to by "subject". In order to match |
| * against this criterion, a certificate's SubjectName must match the |
| * criterion's subject name. |
| * |
| * If "subject" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose subject criterion is to be |
| * set. Must be non-NULL. |
| * "subject" |
| * Address of ByteArray used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetSubjectAsByteArray( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_ByteArray *subject, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the X500Name (if any) representing the name |
| * constraints criterion that is set in the ComCertSelParams object pointed |
| * to by "params" and stores it at "pConstraints". In order to match against |
| * this criterion, a certificate's subject and subject alternative names must |
| * be allowed by the criterion's name constraints. |
| * |
| * If "params" does not have this criterion set, this function stores NULL at |
| * "pConstraints", in which case all certificates are considered to match |
| * this criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose name constraints criterion |
| * (if any) is to be stored. Must be non-NULL. |
| * "pConstraints" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetNameConstraints( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_CertNameConstraints **pConstraints, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints |
| * DESCRIPTION: |
| * |
| * Sets the name constraints criterion of the ComCertSelParams object pointed |
| * to by "params" using the CertNameConstraints pointed to by "constraints". |
| * In order to match against this criterion, a certificate's subject and |
| * subject alternative names must be allowed by the criterion's name |
| * constraints. |
| * |
| * If "constraints" is NULL, all certificates are considered to match this |
| * criterion. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose name constraints criterion is |
| * to be set. Must be non-NULL. |
| * "constraints" |
| * Address of CertNameConstraints used to set the criterion |
| * (or NULL to disable the criterion). |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetNameConstraints( |
| PKIX_ComCertSelParams *params, |
| PKIX_PL_CertNameConstraints *constraints, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames |
| * DESCRIPTION: |
| * |
| * Checks whether the ComCertSelParams object pointed to by "params" indicate |
| * that all subject alternative names are to be matched and stores the Boolean |
| * result at "pMatch". This Boolean value determines the behavior of the |
| * subject alternative names criterion. |
| * |
| * In order to match against the subject alternative names criterion, if the |
| * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of |
| * the criterion's subject alternative names. If the Boolean value at |
| * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the |
| * criterion's subject alternative names. The default behavior is as if the |
| * Boolean value at "pMatch" is PKIX_TRUE. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object used to determine whether all |
| * subject alternative names must be matched. Must be non-NULL. |
| * "pMatch" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_GetMatchAllSubjAltNames( |
| PKIX_ComCertSelParams *params, |
| PKIX_Boolean *pMatch, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames |
| * DESCRIPTION: |
| * |
| * Sets the match flag of the ComCertSelParams object pointed to by "params" |
| * using the Boolean value of "match". This Boolean value determines the |
| * behavior of the subject alternative names criterion. |
| * |
| * In order to match against the subject alternative names criterion, if the |
| * "match" is PKIX_TRUE, a certificate must contain all of the criterion's |
| * subject alternative names. If the "match" is PKIX_FALSE, a certificate |
| * must contain at least one of the criterion's subject alternative names. |
| * The default behavior is as if "match" is PKIX_TRUE. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose match flag is to be set. |
| * Must be non-NULL. |
| * "match" |
| * Boolean value used to set the match flag. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetMatchAllSubjAltNames( |
| PKIX_ComCertSelParams *params, |
| PKIX_Boolean match, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag |
| * DESCRIPTION: |
| * |
| * Return "leafCert" flag of the ComCertSelParams structure. If set to true, |
| * the flag indicates that a selector should filter out all cert that are not |
| * qualified to be a leaf cert according to the specified key/ekey usages. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object used to determine whether all |
| * subject alternative names must be matched. Must be non-NULL. |
| * "pLeafFlag" |
| * Address of returned value. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Conditionally Thread Safe |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error* |
| PKIX_ComCertSelParams_GetLeafCertFlag( |
| PKIX_ComCertSelParams *params, |
| PKIX_Boolean *pLeafFlag, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag |
| * DESCRIPTION: |
| * |
| * Sets a flag that if its value is true, indicates that the selector |
| * should only pick certs that qualifies to be leaf for this cert path |
| * validation. |
| * |
| * PARAMETERS: |
| * "params" |
| * Address of ComCertSelParams object whose match flag is to be set. |
| * Must be non-NULL. |
| * "leafFlag" |
| * Boolean value used to set the leaf flag. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Not Thread Safe - assumes exclusive access to "params" |
| * (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertSelector Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_ComCertSelParams_SetLeafCertFlag( |
| PKIX_ComCertSelParams *params, |
| PKIX_Boolean leafFlag, |
| void *plContext); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* _PKIX_CERTSEL_H */ |