| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| /* |
| * This file defines several platform independent functions to |
| * manipulate certificates and CRLs in a portable manner. |
| * |
| */ |
| |
| #ifndef _PKIX_PL_PKI_H |
| #define _PKIX_PL_PKI_H |
| |
| #include "pkixt.h" |
| #include "seccomon.h" |
| #include "certt.h" |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* General |
| * |
| * Please refer to the libpkix Programmer's Guide for detailed information |
| * about how to use the libpkix library. Certain key warnings and notices from |
| * that document are repeated here for emphasis. |
| * |
| * All identifiers in this file (and all public identifiers defined in |
| * libpkix) begin with "PKIX_". Private identifiers only intended for use |
| * within the library begin with "pkix_". |
| * |
| * A function returns NULL upon success, and a PKIX_Error pointer upon failure. |
| * |
| * Unless otherwise noted, for all accessor (gettor) functions that return a |
| * PKIX_PL_Object pointer, callers should assume that this pointer refers to a |
| * shared object. Therefore, the caller should treat this shared object as |
| * read-only and should not modify this shared object. When done using the |
| * shared object, the caller should release the reference to the object by |
| * using the PKIX_PL_Object_DecRef function. |
| * |
| * While a function is executing, if its arguments (or anything referred to by |
| * its arguments) are modified, free'd, or destroyed, the function's behavior |
| * is undefined. |
| * |
| */ |
| |
| /* |
| * Cert |
| * |
| * A Cert represents an X.509 certificate. It can be created using the bytes |
| * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The |
| * following functions include accessors (gettors) for the various components |
| * of an X.509 certificate. Also included are functions to perform various |
| * checks on a certificate, including name constraints, key usage, validity |
| * (expiration), and signature verification. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_Create |
| * DESCRIPTION: |
| * |
| * Creates a new certificate using the bytes in the ByteArray pointed to by |
| * "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1 |
| * DER encoding of a certificate, a PKIX_Error pointer is returned. Once |
| * created, a Cert is immutable. |
| * |
| * Certificate ::= SEQUENCE { |
| * tbsCertificate TBSCertificate, |
| * signatureAlgorithm AlgorithmIdentifier, |
| * signatureValue BIT STRING } |
| * |
| * AlgorithmIdentifier ::= SEQUENCE { |
| * algorithm OBJECT IDENTIFIER, |
| * parameters ANY DEFINED BY algorithm OPTIONAL } |
| * |
| * TBSCertificate ::= SEQUENCE { |
| * version [0] EXPLICIT Version DEFAULT v1, |
| * serialNumber CertificateSerialNumber, |
| * signature AlgorithmIdentifier, |
| * issuer Name, |
| * validity Validity, |
| * subject Name, |
| * subjectPublicKeyInfo SubjectPublicKeyInfo, |
| * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, |
| * -- If present, version MUST be v2 or v3 |
| * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, |
| * -- If present, version MUST be v2 or v3 |
| * extensions [3] EXPLICIT Extensions OPTIONAL |
| * -- If present, version MUST be v3 |
| * } |
| * |
| * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
| * |
| * CertificateSerialNumber ::= INTEGER |
| * |
| * Validity ::= SEQUENCE { |
| * notBefore Time, |
| * notAfter Time } |
| * |
| * Time ::= CHOICE { |
| * utcTime UTCTime, |
| * generalTime GeneralizedTime } |
| * |
| * UniqueIdentifier ::= BIT STRING |
| * |
| * SubjectPublicKeyInfo ::= SEQUENCE { |
| * algorithm AlgorithmIdentifier, |
| * subjectPublicKey BIT STRING } |
| * |
| * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension |
| * |
| * Extension ::= SEQUENCE { |
| * extnID OBJECT IDENTIFIER, |
| * critical BOOLEAN DEFAULT FALSE, |
| * extnValue OCTET STRING } |
| * |
| * PARAMETERS: |
| * "byteArray" |
| * Address of ByteArray representing the CERT's DER encoding. |
| * Must be non-NULL. |
| * "pCert" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_Create( |
| PKIX_PL_ByteArray *byteArray, |
| PKIX_PL_Cert **pCert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate |
| * DESCRIPTION: |
| * |
| * Creates a new certificate using passed in CERTCertificate object. |
| * |
| * PARAMETERS: |
| * "nssCert" |
| * The object that will be used to create new PKIX_PL_Cert. |
| * "pCert" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_CreateFromCERTCertificate( |
| const CERTCertificate *nssCert, |
| PKIX_PL_Cert **pCert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetCERTCertificate |
| * DESCRIPTION: |
| * |
| * Returns underlying CERTCertificate structure. Return CERTCertificate |
| * object is duplicated and should be destroyed by caller. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of PKIX_PL_Cert. Must be non-NULL. |
| * "pCert" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetCERTCertificate( |
| PKIX_PL_Cert *cert, |
| CERTCertificate **pnssCert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetVersion |
| * DESCRIPTION: |
| * |
| * Retrieves the version of the Cert pointed to by "cert" and stores it at |
| * "pVersion". The version number will either be 0, 1, or 2 (corresponding to |
| * v1, v2, or v3, respectively). |
| * |
| * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose version is to be stored. Must be non-NULL. |
| * "pVersion" |
| * Address where PKIX_UInt32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetVersion( |
| PKIX_PL_Cert *cert, |
| PKIX_UInt32 *pVersion, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSerialNumber |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the BigInt that represents the serial number of the |
| * Cert pointed to by "cert" and stores it at "pSerialNumber". |
| * |
| * CertificateSerialNumber ::= INTEGER |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose serial number is to be stored. Must be non-NULL. |
| * "pSerial" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSerialNumber( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_BigInt **pSerial, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetIssuer |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the X500Name that represents the issuer DN of the |
| * Cert pointed to by "cert" and stores it at "pIssuer". |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose issuer is to be stored. Must be non-NULL. |
| * "pIssuer" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetIssuer( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_X500Name **pIssuer, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSubject |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the X500Name that represents the subject DN of the |
| * Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not |
| * have a subject DN, this function stores NULL at "pSubject". |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subject is to be stored. Must be non-NULL. |
| * "pSubject" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSubject( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_X500Name **pSubject, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the OID that represents the subject public key |
| * algorithm of the Cert pointed to by "cert" and stores it at |
| * "pSubjKeyAlgId". |
| * |
| * SubjectPublicKeyInfo ::= SEQUENCE { |
| * algorithm AlgorithmIdentifier, |
| * subjectPublicKey BIT STRING } |
| * |
| * AlgorithmIdentifier ::= SEQUENCE { |
| * algorithm OBJECT IDENTIFIER, |
| * parameters ANY DEFINED BY algorithm OPTIONAL } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subject public key algorithm OID is to be stored. |
| * Must be non-NULL. |
| * "pSubjKeyAlgId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSubjectPublicKeyAlgId( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_OID **pSubjKeyAlgId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the PublicKey that represents the subject public key |
| * of the Cert pointed to by "cert" and stores it at "pPublicKey". |
| * |
| * SubjectPublicKeyInfo ::= SEQUENCE { |
| * algorithm AlgorithmIdentifier, |
| * subjectPublicKey BIT STRING } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subject public key is to be stored. |
| * Must be non-NULL. |
| * "pPublicKey" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSubjectPublicKey( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_PublicKey **pPublicKey, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters |
| * DESCRIPTION: |
| * |
| * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null |
| * parameters and stores the result at "pNeedsParams". |
| * |
| * PARAMETERS: |
| * "pubKey" |
| * Address of the Public Key of interest. Must be non-NULL. |
| * "pNeedsParams" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a PublicKey Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_PublicKey_NeedsDSAParameters( |
| PKIX_PL_PublicKey *pubKey, |
| PKIX_Boolean *pNeedsParams, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey |
| * DESCRIPTION: |
| * |
| * This function is used for DSA key parameter inheritance, which allows a |
| * first DSA key with omitted parameters (pointed to by "firstKey") to inherit |
| * the PQG parameters of a second DSA key that does have parameters. (pointed |
| * to by "secondKey"). Once created, a PublicKey is immutable. |
| * |
| * Specifically, the algorithm used by the function is: |
| * |
| * If the first PublicKey is not a DSA public key with omitted parameters, |
| * the function stores NULL at "pResultKey". (No Error is returned) |
| * Else if the second PublicKey is not a DSA public key with non-NULL, |
| * parameters, the function returns an Error. |
| * Else |
| * the function creates a third PublicKey with a "Y" value from the |
| * first PublicKey and the DSA parameters from the second PublicKey, |
| * and stores it at "pResultKey". |
| * |
| * PARAMETERS: |
| * "firstKey" |
| * Address of a Public Key that needs to inherit DSA parameters. |
| * Must be non-NULL. |
| * "secondKey" |
| * Address of a Public Key that has DSA parameters that will be inherited |
| * by "firstKey". Must be non-NULL. |
| * "pResultKey" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a PublicKey Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_PublicKey_MakeInheritedDSAPublicKey( |
| PKIX_PL_PublicKey *firstKey, |
| PKIX_PL_PublicKey *secondKey, |
| PKIX_PL_PublicKey **pResultKey, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of OIDs (each OID corresponding to a |
| * critical extension of the Cert pointed to by "cert") and stores it at |
| * "pExtensions". If "cert" does not have any critical extensions, this |
| * function stores an empty List at "pExtensions". |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose critical extension OIDs are to be stored. |
| * Must be non-NULL. |
| * "pExtensions" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetCriticalExtensionOIDs( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pExtensions, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a ByteArray representing the authority key |
| * identifier extension of the Cert pointed to by "cert" and stores it at |
| * "pAuthKeyId". |
| * |
| * Note that this function only retrieves the keyIdentifier component |
| * (OCTET STRING) of the AuthorityKeyIdentifier extension, when present. |
| * |
| * If "cert" does not have an AuthorityKeyIdentifier extension or if the |
| * keyIdentifier component of the AuthorityKeyIdentifier extension is not |
| * present, this function stores NULL at "pAuthKeyId". |
| * |
| * AuthorityKeyIdentifier ::= SEQUENCE { |
| * keyIdentifier [0] KeyIdentifier OPTIONAL, |
| * authorityCertIssuer [1] GeneralNames OPTIONAL, |
| * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose authority key identifier is to be stored. |
| * Must be non-NULL. |
| * "pAuthKeyId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetAuthorityKeyIdentifier( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_ByteArray **pAuthKeyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a ByteArray representing the subject key identifier |
| * extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId". |
| * If "cert" does not have a SubjectKeyIdentifier extension, this function |
| * stores NULL at "pSubjKeyId". |
| * |
| * SubjectKeyIdentifier ::= KeyIdentifier |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subject key identifier is to be stored. |
| * Must be non-NULL. |
| * "pSubjKeyId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSubjectKeyIdentifier( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_ByteArray **pSubjKeyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of GeneralNames (each GeneralName |
| * representing a subject alternative name found in the subject alternative |
| * names extension of the Cert pointed to by "cert") and stores it at |
| * "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames |
| * extension, this function stores NULL at "pSubjectAltNames". |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * SubjectAltName ::= GeneralNames |
| * |
| * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName |
| * |
| * GeneralName ::= CHOICE { |
| * otherName [0] OtherName, |
| * rfc822Name [1] IA5String, |
| * dNSName [2] IA5String, |
| * x400Address [3] ORAddress, |
| * directoryName [4] Name, |
| * ediPartyName [5] EDIPartyName, |
| * uniformResourceIdentifier [6] IA5String, |
| * iPAddress [7] OCTET STRING, |
| * registeredID [8] OBJECT IDENTIFIER } |
| * |
| * OtherName ::= SEQUENCE { |
| * type-id OBJECT IDENTIFIER, |
| * value [0] EXPLICIT ANY DEFINED BY type-id } |
| * |
| * EDIPartyName ::= SEQUENCE { |
| * nameAssigner [0] DirectoryString OPTIONAL, |
| * partyName [1] DirectoryString } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subjectAltNames are to be stored. |
| * Must be non-NULL. |
| * "pSubjectAltNames" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSubjectAltNames( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of GeneralNames (each GeneralName |
| * representing a subject DN or a subject alternative name found in the |
| * subject alternative names extension of the Cert pointed to by "cert") and |
| * stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and |
| * it does not have a SubjectAlternativeNames extension, this function stores |
| * NULL at "pAllSubjectNames". |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subject DN and subjectAltNames are to be stored. |
| * Must be non-NULL. |
| * "pAllSubjectNames" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetAllSubjectNames( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a List of OIDs (each OID corresponding to an |
| * extended key usage of the Cert pointed to by "cert") and stores it at |
| * "pKeyUsage". If "cert" does not have an extended key usage extension, this |
| * function stores a NULL at "pKeyUsage". |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId |
| * |
| * KeyPurposeId ::= OBJECT IDENTIFIER |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose extended key usage OIDs are to be stored. |
| * Must be non-NULL. |
| * "pKeyUsage" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetExtendedKeyUsage( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetNameConstraints |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a CertNameConstraints object representing the name |
| * constraints extension of the Cert pointed to by "cert" and stores it at |
| * "pNameConstraints". |
| * |
| * If "cert" does not have a name constraints extension, this function stores |
| * NULL at "pNameConstraints". |
| * |
| * NameConstraints ::= SEQUENCE { |
| * permittedSubtrees [0] GeneralSubtrees OPTIONAL, |
| * excludedSubtrees [1] GeneralSubtrees OPTIONAL } |
| * |
| * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree |
| * |
| * GeneralSubtree ::= SEQUENCE { |
| * base GeneralName, |
| * minimum [0] BaseDistance DEFAULT 0, |
| * maximum [1] BaseDistance OPTIONAL } |
| * |
| * BaseDistance ::= INTEGER (0..MAX) |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose name constraints extension is to be stored. |
| * Must be non-NULL. |
| * "pNameConstraints" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetNameConstraints( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_CertNameConstraints **pNameConstraints, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetBasicConstraints |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a CertBasicConstraints object representing the basic |
| * constraints extension of the Cert pointed to by "cert" and stores it at |
| * "pBasicConstraints". |
| * |
| * If "cert" does not have a basic constraints extension, this function stores |
| * NULL at "pBasicConstraints". Once created, a CertBasicConstraints object |
| * is immutable. |
| * |
| * BasicConstraints ::= SEQUENCE { |
| * cA BOOLEAN DEFAULT FALSE, |
| * pathLenConstraint INTEGER (0..MAX) OPTIONAL } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose basic constraints extension is to be stored. |
| * Must be non-NULL. |
| * "pBasicConstraints" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetBasicConstraints( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_CertBasicConstraints **pBasicConstraints, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a Boolean value representing the cA Flag component |
| * of the CertBasicConstraints object pointed to by "basicConstraints" and |
| * stores it at "pResult". |
| * |
| * BasicConstraints ::= SEQUENCE { |
| * cA BOOLEAN DEFAULT FALSE, |
| * pathLenConstraint INTEGER (0..MAX) OPTIONAL } |
| * |
| * PARAMETERS: |
| * "basicConstraints" |
| * Address of CertBasicConstraints whose cA Flag is to be stored. |
| * Must be non-NULL. |
| * "pResult" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_BasicConstraints_GetCAFlag( |
| PKIX_PL_CertBasicConstraints *basicConstraints, |
| PKIX_Boolean *pResult, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to an integer value representing the pathLenConstraint |
| * component of the CertBasicConstraints object pointed to by |
| * "basicConstraints" and stores it at "pPathLenConstraint". If the |
| * pathLenConstraint component is not present, this function stores -1 at |
| * "pPathLenConstraint". |
| * |
| * PARAMETERS: |
| * "basicConstraints" |
| * Address of CertBasicConstraints whose pathLen is to be stored. |
| * Must be non-NULL. |
| * "pPathLenConstraint" |
| * Address where PKIX_Int32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_BasicConstraints_GetPathLenConstraint( |
| PKIX_PL_CertBasicConstraints *basicConstraints, |
| PKIX_Int32 *pPathLenConstraint, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetPolicyInformation |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a List of CertPolicyInfos found in the certificate |
| * policies extension of the Cert pointed to by "cert" and stores it at |
| * "pPolicyInfo". If "cert" does not have a certificate policies extension, |
| * this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo |
| * object is immutable. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
| * |
| * PolicyInformation ::= SEQUENCE { |
| * policyIdentifier CertPolicyId, |
| * policyQualifiers SEQUENCE SIZE (1..MAX) OF |
| * PolicyQualifierInfo OPTIONAL } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose CertPolicyInfos are to be stored. |
| * Must be non-NULL. |
| * "pPolicyInfo" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetPolicyInformation( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to an OID representing the policyIdentifier of the |
| * CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId". |
| * |
| * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
| * |
| * PolicyInformation ::= SEQUENCE { |
| * policyIdentifier CertPolicyId, |
| * policyQualifiers SEQUENCE SIZE (1..MAX) OF |
| * PolicyQualifierInfo OPTIONAL } |
| * |
| * CertPolicyId ::= OBJECT IDENTIFIER |
| * |
| * PARAMETERS: |
| * "policyInfo" |
| * Address of CertPolicyInfo whose policy identifier is to be stored. |
| * Must be non-NULL. |
| * "pCertPolicyId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CertPolicyInfo_GetPolicyId( |
| PKIX_PL_CertPolicyInfo *policyInfo, |
| PKIX_PL_OID **pCertPolicyId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a List of the CertPolicyQualifiers representing |
| * the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and |
| * stores it at "pPolicyQualifiers". If "policyInfo" does not have any |
| * policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once |
| * created, a CertPolicyQualifier is immutable. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
| * |
| * PolicyInformation ::= SEQUENCE { |
| * policyIdentifier CertPolicyId, |
| * policyQualifiers SEQUENCE SIZE (1..MAX) OF |
| * PolicyQualifierInfo OPTIONAL } |
| * |
| * PolicyQualifierInfo ::= SEQUENCE { |
| * policyQualifierId PolicyQualifierId, |
| * qualifier ANY DEFINED BY policyQualifierId } |
| * |
| * PARAMETERS: |
| * "policyInfo" |
| * Address of CertPolicyInfo whose policy qualifiers List is to be stored. |
| * Must be non-NULL. |
| * "pPolicyQualifiers" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CertPolicyInfo_GetPolQualifiers( |
| PKIX_PL_CertPolicyInfo *policyInfo, |
| PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to an OID representing the policyQualifierId of the |
| * CertPolicyQualifier pointed to by "policyQualifier" and stores it at |
| * "pPolicyQualifierId". |
| * |
| * PolicyQualifierInfo ::= SEQUENCE { |
| * policyQualifierId PolicyQualifierId, |
| * qualifier ANY DEFINED BY policyQualifierId } |
| * |
| * PolicyQualifierId ::= |
| * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) |
| * |
| * PARAMETERS: |
| * "policyQualifier" |
| * Address of CertPolQualifier whose policyQualifierId is to be stored. |
| * Must be non-NULL. |
| * "pPolicyQualifierId" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_PolicyQualifier_GetPolicyQualifierId( |
| PKIX_PL_CertPolicyQualifier *policyQualifier, |
| PKIX_PL_OID **pPolicyQualifierId, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a ByteArray representing the qualifier of the |
| * CertPolicyQualifier pointed to by "policyQualifier" and stores it at |
| * "pQualifier". |
| * |
| * PolicyQualifierInfo ::= SEQUENCE { |
| * policyQualifierId PolicyQualifierId, |
| * qualifier ANY DEFINED BY policyQualifierId } |
| * |
| * PARAMETERS: |
| * "policyQualifier" |
| * Address of CertPolicyQualifier whose qualifier is to be stored. |
| * Must be non-NULL. |
| * "pQualifier" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_PolicyQualifier_GetQualifier( |
| PKIX_PL_CertPolicyQualifier *policyQualifier, |
| PKIX_PL_ByteArray **pQualifier, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetPolicyMappings |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to a List of CertPolicyMaps found in the policy |
| * mappings extension of the Cert pointed to by "cert" and stores it at |
| * "pPolicyMappings". If "cert" does not have a policy mappings extension, |
| * this function stores NULL at "pPolicyMappings". Once created, a |
| * CertPolicyMap is immutable. |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| * issuerDomainPolicy CertPolicyId, |
| * subjectDomainPolicy CertPolicyId } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose CertPolicyMaps are to be stored. |
| * Must be non-NULL. |
| * "pPolicyMappings" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetPolicyMappings( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to an OID representing the issuerDomainPolicy of the |
| * CertPolicyMap pointed to by "policyMapping" and stores it at |
| * "pIssuerDomainPolicy". |
| * |
| * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| * issuerDomainPolicy CertPolicyId, |
| * subjectDomainPolicy CertPolicyId } |
| * |
| * PARAMETERS: |
| * "policyMapping" |
| * Address of CertPolicyMap whose issuerDomainPolicy is to be stored. |
| * Must be non-NULL. |
| * "pIssuerDomainPolicy" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy( |
| PKIX_PL_CertPolicyMap *policyMapping, |
| PKIX_PL_OID **pIssuerDomainPolicy, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to an OID representing the subjectDomainPolicy of the |
| * CertPolicyMap pointed to by "policyMapping" and stores it at |
| * "pSubjectDomainPolicy". |
| * |
| * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| * issuerDomainPolicy CertPolicyId, |
| * subjectDomainPolicy CertPolicyId } |
| * |
| * PARAMETERS: |
| * "policyMapping" |
| * Address of CertPolicyMap whose subjectDomainPolicy is to be stored. |
| * Must be non-NULL. |
| * "pSubjectDomainPolicy" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy( |
| PKIX_PL_CertPolicyMap *policyMapping, |
| PKIX_PL_OID **pSubjectDomainPolicy, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy |
| * DESCRIPTION: |
| * |
| * Retrieves the requireExplicitPolicy value of the policy constraints |
| * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts". |
| * If "cert" does not have a policy constraints extension or the |
| * requireExplicitPolicy component is not populated, this function stores -1 |
| * at "pSkipCerts". |
| * |
| * PolicyConstraints ::= SEQUENCE { |
| * requireExplicitPolicy [0] SkipCerts OPTIONAL, |
| * inhibitPolicyMapping [1] SkipCerts OPTIONAL } |
| * |
| * SkipCerts ::= INTEGER (0..MAX) |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose requireExplicitPolicy value is to be stored. |
| * Must be non-NULL. |
| * "pSkipCerts" |
| * Address where PKIX_Int32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetRequireExplicitPolicy( |
| PKIX_PL_Cert *cert, |
| PKIX_Int32 *pSkipCerts, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited |
| * DESCRIPTION: |
| * |
| * Retrieves the inhibitPolicyMapping value of the policy constraints |
| * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts". |
| * If "cert" does not have a policy constraints extension or the |
| * inhibitPolicyMapping component is not populated, this function stores -1 |
| * at "pSkipCerts". |
| * |
| * PolicyConstraints ::= SEQUENCE { |
| * requireExplicitPolicy [0] SkipCerts OPTIONAL, |
| * inhibitPolicyMapping [1] SkipCerts OPTIONAL } |
| * |
| * SkipCerts ::= INTEGER (0..MAX) |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose requireExplicitPolicy value is to be stored. |
| * Must be non-NULL. |
| * "pSkipCerts" |
| * Address where PKIX_Int32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetPolicyMappingInhibited( |
| PKIX_PL_Cert *cert, |
| PKIX_Int32 *pSkipCerts, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy |
| * DESCRIPTION: |
| * |
| * Retrieves the value of the inhibit any-policy extension of the Cert |
| * pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have |
| * an inhibit any-policy extension, this function stores -1 at "pSkipCerts". |
| * |
| * InhibitAnyPolicy ::= SkipCerts |
| * |
| * SkipCerts ::= INTEGER (0..MAX) |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose inhibit any-policy extensions value is to be |
| * stored. Must be non-NULL. |
| * "pSkipCerts" |
| * Address where PKIX_Int32 will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetInhibitAnyPolicy( |
| PKIX_PL_Cert *cert, |
| PKIX_Int32 *pSkipCerts, |
| void *plContext); |
| |
| /* policy processing functions */ |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical |
| * DESCRIPTION: |
| * |
| * Checks whether the certificate policies extension of the Cert pointed to |
| * by "cert" is critical and stores the Boolean result at "pCritical". If |
| * "cert" does not have a certificate policies extension, this function |
| * stores NULL at "pCritical". |
| * |
| * XXX what distinguishes NULL from PKIX_FALSE? |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose certificate policies extension's criticality is |
| * to be determined. Must be non-NULL. |
| * "pCritical" |
| * Address where PKIX_Boolean will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_AreCertPoliciesCritical( |
| PKIX_PL_Cert *cert, |
| PKIX_Boolean *pCritical, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_CheckNameConstraints |
| * DESCRIPTION: |
| * |
| * Checks whether the subject distinguished name and subject alternative names |
| * of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed |
| * to by "nameConstraints". If the CertNameConstraints are not satisfied, a |
| * PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function |
| * does nothing. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose subject names are to be checked. |
| * Must be non-NULL. |
| * "nameConstraints" |
| * Address of CertNameConstraints that need to be satisfied. |
| * "treatCommonNameAsDNSName" |
| * PKIX_TRUE if the subject common name should be considered a dNSName |
| * when evaluating name constraints. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_CheckNameConstraints( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_CertNameConstraints *nameConstraints, |
| PKIX_Boolean treatCommonNameAsDNSName, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_MergeNameConstraints |
| * DESCRIPTION: |
| * |
| * Merges the CertNameConstraints pointed to by "firstNC" and the |
| * CertNameConstraints pointed to by "secondNC" and stores the merged |
| * CertNameConstraints at "pResultNC". If "secondNC" is NULL, the |
| * CertNameConstraints pointed to by "firstNC" is stored at "pResultNC". |
| * |
| * Once created, a CertNameConstraints object is immutable. |
| * |
| * PARAMETERS: |
| * "firstNC" |
| * Address of first CertNameConstraints to be merged. Must be non-NULL. |
| * "secondNC" |
| * Address of second CertNameConstraints to be merged |
| * "pResultNC" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_MergeNameConstraints( |
| PKIX_PL_CertNameConstraints *firstNC, |
| PKIX_PL_CertNameConstraints *secondNC, |
| PKIX_PL_CertNameConstraints **pResultNC, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage |
| * DESCRIPTION: |
| * |
| * Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the |
| * keyUsage extension of the Cert pointed to by "cert". The keyUsage bit |
| * values specified in pkixt.h are supported, and can be bitwise or'ed if |
| * multiple bit values are to be verified. If the keyUsages do not all appear |
| * in the keyUsage extension of "cert", a PKIX_Error pointer is returned. |
| * |
| * KeyUsage ::= BIT STRING { |
| * digitalSignature (0), |
| * nonRepudiation (1), |
| * keyEncipherment (2), |
| * dataEncipherment (3), |
| * keyAgreement (4), |
| * keyCertSign (5), |
| * cRLSign (6), |
| * encipherOnly (7), |
| * decipherOnly (8) } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose keyUsage bits are to be verified. |
| * Must be non-NULL. |
| * "keyUsage" |
| * Constant representing keyUsage bit(s) that all must appear in keyUsage |
| * extension of "cert". |
| * "plContext" - Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_VerifyKeyUsage( |
| PKIX_PL_Cert *cert, |
| PKIX_UInt32 keyUsage, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType |
| * DESCRIPTION: |
| * |
| * Verifies cert and key types against certificate usage that is |
| * a part of plContext(pkix_pl_nsscontext) structure. Throws an error |
| * if cert or key types does not match. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose keyUsage bits are to be verified. |
| * Must be non-NULL. |
| * "isLeafCert" |
| * What type of a cert has been verified. |
| * "plContext" - Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_VerifyCertAndKeyType( |
| PKIX_PL_Cert *cert, |
| PKIX_Boolean isChainCert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_CheckValidity |
| * DESCRIPTION: |
| * |
| * Checks whether the Cert pointed to by "cert" would be valid at the time |
| * represented by the Date pointed to by "date". If "date" is NULL, then this |
| * function checks whether the Cert would be valid at the current time. If the |
| * Cert would not be valid at the specified Date, a PKIX_Error pointer is |
| * returned. |
| * |
| * Validity ::= SEQUENCE { |
| * notBefore Time, |
| * notAfter Time } |
| * |
| * Time ::= CHOICE { |
| * utcTime UTCTime, |
| * generalTime GeneralizedTime } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose validity is to be checked. Must be non-NULL. |
| * "date" |
| * Address of Date at which the Cert is being checked for validity. |
| * If NULL, the current time is used for the Date. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_CheckValidity( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_Date *date, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the Date that represents the notAfter time of the |
| * Certificate pointed to by "cert" and stores it at "pDate". |
| * |
| * Validity ::= SEQUENCE { |
| * notBefore Time, |
| * notAfter Time } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose validity time is to be retrieved. Must be |
| * non-NULL. |
| * "date" |
| * Address of Date at which the Cert's notAfter time is being retrieved. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetValidityNotAfter( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_Date **pDate, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_VerifySignature |
| * DESCRIPTION: |
| * |
| * Verifies the signature on the Cert pointed to by "cert" using the |
| * PublicKey pointed to by "pubKey". If the signature doesn't verify, an |
| * Error pointer is returned. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose signature is to be verified. Must be non-NULL. |
| * "pubKey" |
| * Address of a Public Key used to verify the signature. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_VerifySignature( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_PublicKey *pubKey, |
| void *plContext); |
| |
| /* A set of flags to indicate how explicitly configured trust anchors should be |
| * handled by PKIX_PL_Cert_IsCertTrusted |
| */ |
| typedef enum PKIX_PL_TrustAnchorModeEnum { |
| /* Indicates trust anchors should be ignored; only the underlying |
| * platform's trust settings should be used. |
| */ |
| PKIX_PL_TrustAnchorMode_Ignore, |
| |
| /* Indicates that explicitly configured trust anchors may be considered |
| * trustworthy, if present. |
| * Note: If the underlying platform supports marking a certificate as |
| * explicitly untrustworthy, explicitly configured trust anchors |
| * MAY be ignored/rejected. |
| */ |
| PKIX_PL_TrustAnchorMode_Additive, |
| |
| /* Indicates that ONLY trust anchors should be considered as |
| * trustworthy. |
| * Note: If the underlying platform supports marking a certificate as |
| * explicitly untrustworthy, explicitly configured trust anchors |
| * MAY be ignored/rejected. |
| */ |
| PKIX_PL_TrustAnchorMode_Exclusive |
| } PKIX_PL_TrustAnchorMode; |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_IsCertTrusted |
| * DESCRIPTION: |
| * |
| * Checks the Cert specified by "cert" to determine, in a manner that depends |
| * on the underlying platform, whether it is trusted, and stores the result in |
| * "pTrusted". If a certificate is trusted it means that a chain built to that |
| * certificate, and satisfying all the usage, policy, validity, and other |
| * tests, is a valid chain and the End Entity certificate from which it was |
| * built can be trusted. |
| * |
| * If the Certificate is not intrinsically trustworthy, it still might end up a |
| * component in a successful chain. |
| * |
| * If the Certificate is intrinsically untrustworthy, this function will return |
| * an error. |
| * |
| * PARAMETERS |
| * "cert" |
| * Address of Cert whose trustworthiness is to be determined. Must be |
| * non-NULL. |
| * "trustAnchorMode" |
| * A PKIX_PL_TrustAnchorMode that indicates how explicitly defined user |
| * trust anchors should be handled. |
| * "pTrusted" |
| * Address where the Boolean value will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CERT Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_IsCertTrusted( |
| PKIX_PL_Cert *cert, |
| PKIX_PL_TrustAnchorMode trustAnchorMode, |
| PKIX_Boolean *pTrusted, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted |
| * DESCRIPTION: |
| * |
| * Checks the Leaf Cert specified by "cert" to determine, in a manner that |
| * depends on the underlying platform, whether it is trusted, and stores the |
| * result in "pTrusted". If a certificate is trusted it means that this |
| * End Entify certificate has been marked as trusted for the requested usage, |
| * policy, validity, and other tests. |
| * |
| * If the Certificate is not intrinsically trustworthy, we can still try to |
| * build a successful chain. |
| * |
| * If the Certificate is intrinsically untrustworthy, this function will return |
| * an error. |
| * |
| * PARAMETERS |
| * "cert" |
| * Address of Cert whose trustworthiness is to be determined. Must be |
| * non-NULL. |
| * "pTrusted" |
| * Address where the Boolean value will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CERT Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_IsLeafCertTrusted( |
| PKIX_PL_Cert *cert, |
| PKIX_Boolean *pTrusted, |
| void *plContext); |
| |
| /* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */ |
| PKIX_Error* |
| PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetCacheFlag |
| * DESCRIPTION: |
| * |
| * Retrieves the value of the cache flag in "cert" and return it at address |
| * pointed by "pCacheFlag". The initila cache flag is determined by the |
| * CertStore this "cert" is fetched from. When CertStore is created, user |
| * need to specify if the data should be cached. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose cache flag is fetched. Must be non-NULL. |
| * "pCacheFlag" |
| * Address where PKIX_Boolean will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetCacheFlag( |
| PKIX_PL_Cert *cert, |
| PKIX_Boolean *pCacheFlag, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_SetCacheFlag |
| * DESCRIPTION: |
| * |
| * Set the value of the cache flag in "cert" base on the boolean value stored |
| * at "cacheFlag". This function is meant to be used by CertStore after a |
| * Cert is created. |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert where "cacheFlag" is stored. Must be non-NULL. |
| * "cacheFlag" |
| * PKIX_Boolean flag for cache flag. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_SetCacheFlag( |
| PKIX_PL_Cert *cert, |
| PKIX_Boolean cacheFlag, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetTrustCertStore |
| * DESCRIPTION: |
| * |
| * Retrieves the value of the CertStore in "cert" and return it at address |
| * pointed by "pCertStore". |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose CertStore is fetched. Must be non-NULL. |
| * "pTrustCertStore" |
| * Address where CertStore will be stored and returned. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetTrustCertStore( |
| PKIX_PL_Cert *cert, |
| PKIX_CertStore **pTrustCertStore, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_SetTrustCertStore |
| * DESCRIPTION: |
| * |
| * Set the value of the CertStore "certStore" in "cert". |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert where "certStore" will be stored. Must be non-NULL. |
| * "trustCertStore" |
| * Address where the CertStore is. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_SetTrustCertStore( |
| PKIX_PL_Cert *cert, |
| PKIX_CertStore *trustCertStore, |
| void *plContext); |
| |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess |
| * DESCRIPTION: |
| * |
| * Retrieves the value(s) of the Authority Information Access in "cert" and |
| * returns it in a list at address pointed by "pAuthorityInfoAccess". |
| * |
| * SubjectInfoAccess ::= |
| * SEQUENCE SIZE (1..MAX) of AccessDescription |
| * AccessDescription ::= SEQUENCE { |
| * accessMethod OBJECT IDENTIFIER, |
| * accessLocation GeneralName |
| * } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose Authority Information Access is fetched. |
| * Must be non-NULL. |
| * "pAuthorityInfoAccess" |
| * Address where Authority InfoAccess will be stored and returned. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetAuthorityInfoAccess( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */ |
| void *plContext); |
| |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess |
| * DESCRIPTION: |
| * |
| * Retrieves the value(s) of the Subject Information Access in "cert" and |
| * returns it in a list at address pointed by "pSubjectInfoAccess". |
| * |
| * SubjectInfoAccess ::= |
| * SEQUENCE SIZE (1..MAX) of AccessDescription |
| * AccessDescription ::= SEQUENCE { |
| * accessMethod OBJECT IDENTIFIER, |
| * accessLocation GeneralName |
| * } |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose Subject Information Access is fetched. |
| * Must be non-NULL. |
| * "pSubjectInfoAccess" |
| * Address where Subject InfoAccess will be stored and returned. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetSubjectInfoAccess( |
| PKIX_PL_Cert *cert, |
| PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */ |
| void *plContext); |
| |
| |
| |
| /* |
| * FUNCTION: PKIX_PL_Cert_GetCrlDp |
| * DESCRIPTION: |
| * |
| * Retrieves the value(s) of the CRL Distribution Point Extension and |
| * returns it in a list at address pointed by "pDpList". |
| * |
| * PARAMETERS: |
| * "cert" |
| * Address of Cert whose Subject Information Access is fetched. |
| * Must be non-NULL. |
| * "pDpList" |
| * Address where CRL DP will be stored and returned. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert, |
| PKIX_List **pDpList, |
| void *plContext); |
| |
| |
| /* |
| * InfoAccess |
| * |
| * To hold Authority Information Access or Subject Information Access |
| * retrieved from a Certificate. |
| */ |
| |
| #define PKIX_INFOACCESS_OCSP 1 |
| #define PKIX_INFOACCESS_CA_ISSUERS 2 |
| #define PKIX_INFOACCESS_TIMESTAMPING 3 |
| #define PKIX_INFOACCESS_CA_REPOSITORY 5 |
| |
| #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0 |
| #define PKIX_INFOACCESS_LOCATION_HTTP 1 |
| #ifndef NSS_PKIX_NO_LDAP |
| #define PKIX_INFOACCESS_LOCATION_LDAP 2 |
| #endif |
| |
| /* |
| * FUNCTION: PKIX_PL_InfoAccess_GetMethod |
| * DESCRIPTION: |
| * |
| * Stores the method of the Information Access from "infoAccess" and |
| * returns in "pMethod". |
| * |
| * SubjectInfoAccess ::= |
| * AccessDescription ::= SEQUENCE { |
| * accessMethod OBJECT IDENTIFIER, |
| * accessLocation GeneralName |
| * } |
| * |
| * PARAMETERS: |
| * "infoAccess" |
| * Address of PKIX_PL_InfoAccess that has the access data. |
| * Must be non-NULL. |
| * "pMethod" |
| * Address where access method will be stored and returned. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_InfoAccess_GetMethod( |
| PKIX_PL_InfoAccess *infoAccess, |
| PKIX_UInt32 *pMethod, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_InfoAccess_GetLocation |
| * DESCRIPTION: |
| * |
| * Stores the location of the Information Access from "infoAccess" and |
| * returns in "pLocation". |
| * |
| * SubjectInfoAccess ::= |
| * AccessDescription ::= SEQUENCE { |
| * accessMethod OBJECT IDENTIFIER, |
| * accessLocation GeneralName |
| * } |
| * |
| * PARAMETERS: |
| * "infoAccess" |
| * Address of PKIX_PL_InfoAccess that has the access data. |
| * Must be non-NULL. |
| * "pLocation" |
| * Address where access location will be stored and returned. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_InfoAccess_GetLocation( |
| PKIX_PL_InfoAccess *infoAccess, |
| PKIX_PL_GeneralName **pLocation, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_InfoAccess_GetLocationType |
| * DESCRIPTION: |
| * |
| * Stores the type of location of the Information Access from "infoAccess" and |
| * returns in "pType". |
| * |
| * SubjectInfoAccess ::= |
| * AccessDescription ::= SEQUENCE { |
| * accessMethod OBJECT IDENTIFIER, |
| * accessLocation GeneralName |
| * } |
| * |
| * PARAMETERS: |
| * "infoAccess" |
| * Address of PKIX_PL_InfoAccess that has the access data. |
| * Must be non-NULL. |
| * "pType" |
| * Address where access location type will be stored and returned. |
| * Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Cert Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_InfoAccess_GetLocationType( |
| PKIX_PL_InfoAccess *infoAccess, |
| PKIX_UInt32 *pType, |
| void *plContext); |
| |
| PKIX_Error * |
| pkix_pl_InfoAccess_GetAIACerts( |
| PKIX_PL_InfoAccess *ia, |
| void **pNBIOContext, |
| void **pHandle, |
| PKIX_List **pCerts, |
| void *plContext); |
| |
| /* |
| * CRL |
| * |
| * A CRL represents an X.509 certificate revocation list. It can be created |
| * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is |
| * immutable. The following functions include accessors (gettors) for the |
| * various components of an X.509 CRL, as well as a function for signature |
| * verification. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_Create |
| * DESCRIPTION: |
| * |
| * Creates a new CRL using the bytes in the ByteArray pointed to by |
| * "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1 |
| * DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a |
| * CRL is immutable. |
| * |
| * CertificateList ::= SEQUENCE { |
| * tbsCertList TBSCertList, |
| * signatureAlgorithm AlgorithmIdentifier, |
| * signatureValue BIT STRING } |
| * |
| * TBSCertList ::= SEQUENCE { |
| * version Version OPTIONAL, |
| * -- if present, MUST be v2 |
| * signature AlgorithmIdentifier, |
| * issuer Name, |
| * thisUpdate Time, |
| * nextUpdate Time OPTIONAL, |
| * revokedCertificates SEQUENCE OF SEQUENCE { |
| * userCertificate CertificateSerialNumber, |
| * revocationDate Time, |
| * crlEntryExtensions Extensions OPTIONAL |
| * -- if present, MUST be v2 |
| * } OPTIONAL, |
| * crlExtensions [0] EXPLICIT Extensions OPTIONAL |
| * -- if present, MUST be v2 |
| * } |
| * |
| * PARAMETERS: |
| * "byteArray" |
| * Address of ByteArray representing the CRL's DER encoding. |
| * Must be non-NULL. |
| * "pCRL" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_Create( |
| PKIX_PL_ByteArray *byteArray, |
| PKIX_PL_CRL **pCRL, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_GetIssuer |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the X500Name that represents the issuer of the CRL |
| * pointed to by "crl" and stores it at "pCRLIssuer". |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose issuer is to be stored. Must be non-NULL. |
| * "pCRLIssuer" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_GetIssuer( |
| PKIX_PL_CRL *crl, |
| PKIX_PL_X500Name **pCRLIssuer, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of OIDs (each OID corresponding to a |
| * critical extension of the CRL pointed to by "crl") and stores it at |
| * "pExtensions". If "crl" does not have any critical extensions, this |
| * function stores an empty List at "pExtensions". |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose critical extension OIDs are to be stored. |
| * Must be non-NULL. |
| * "pExtensions" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_GetCriticalExtensionOIDs( |
| PKIX_PL_CRL *crl, |
| PKIX_List **pExtensions, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl") |
| * corresponding to the BigInt pointed to by "serialNumber" and stores it at |
| * "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at |
| * "pCRLEntry". Once created, a CRLEntry is immutable. |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose CRL Entries are to be searched. Must be non-NULL. |
| * "serialNumber" |
| * Address of BigInt representing serial number of certificate whose |
| * CRLEntry is to be found. Must be non-NULL. |
| * "pCRLEntry" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_GetCRLEntryForSerialNumber( |
| PKIX_PL_CRL *crl, |
| PKIX_PL_BigInt *serialNumber, |
| PKIX_PL_CRLEntry **pCRLEntry, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_GetCRLNumber |
| * DESCRIPTION: |
| * Retrieves the CRL Number from extension. This is non-critical extension. |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose version is to be stored. Must be non-NULL. |
| * "pCrlNumber" |
| * Address where a CRL Number will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_GetCRLNumber( |
| PKIX_PL_CRL *crl, |
| PKIX_PL_BigInt **pCrlNumber, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime |
| * DESCRIPTION: |
| * |
| * Checks whether the CRL pointed to by "crl" would be valid at the time |
| * represented by the Date pointed to by "date" and stores the Boolean result |
| * at "pResult". This check is done only when NIST policy is enforced. |
| * |
| * Time ::= CHOICE { |
| * utcTime UTCTime, |
| * generalTime GeneralizedTime } |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose validity is to be checked. Must be non-NULL. |
| * "date" |
| * Address of Date at which the CRL is being checked for validity. |
| * Must be non-NULL. |
| * "pResult" |
| * Address of Boolean result. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_VerifyUpdateTime( |
| PKIX_PL_CRL *crl, |
| PKIX_PL_Date *date, |
| PKIX_Boolean *pResult, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_VerifySignature |
| * DESCRIPTION: |
| * |
| * Verifies the signature on the CRL pointed to by "crl" using the PublicKey |
| * pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error |
| * pointer is returned. |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose signature is to be verified. Must be non-NULL. |
| * "pubKey" |
| * Address of a Public Key used to verify the signature. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_VerifySignature( |
| PKIX_PL_CRL *crl, |
| PKIX_PL_PublicKey *pubKey, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRL_ReleaseDerCrl |
| * DESCRIPTION: |
| * |
| * Relinguish the ownership for the crl der. The operation will succeed if |
| * a crl owns the der. If the crl was created from existing crl and does not |
| * own the der, then the function will return null. |
| * |
| * PARAMETERS: |
| * "crl" |
| * Address of CRL whose signature is to be verified. Must be non-NULL. |
| * "derCrl" |
| * Pointer to a SECItem that has der crl. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl, |
| SECItem **derCrl, |
| void *plContext); |
| /* |
| * FUNCTION: PKIX_PL_CRL_AdoptDerCrl |
| * DESCRIPTION: |
| * |
| * Adopt memory of the der. The secItem that contains der will be |
| * freed with destruction of parent pkix crl structure. |
| * |
| * * PARAMETERS: |
| * "crl" |
| * Address of CRL whose signature is to be verified. Must be non-NULL. |
| * "derCrl" |
| * Pointer to a SECItem that has der crl. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl, |
| SECItem *derCrl, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode |
| * DESCRIPTION: |
| * |
| * Retrieves the value of the reason code extension of the CRLEntry pointed |
| * to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no |
| * reason code extension, this function stores -1 at "pReason". |
| * |
| * CRLReason ::= ENUMERATED { |
| * unspecified (0), |
| * keyCompromise (1), |
| * cACompromise (2), |
| * affiliationChanged (3), |
| * superseded (4), |
| * cessationOfOperation (5), |
| * certificateHold (6), |
| * removeFromCRL (8), |
| * privilegeWithdrawn (9), |
| * aACompromise (10) } |
| * |
| * PARAMETERS: |
| * "crlEntry" |
| * Address of CRLEntry whose reason code bit values are to be returned |
| * at "pReason". Must be non-NULL. |
| * "pReason" |
| * Address of PKIX_Int32 where reason code is stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRLEntry_GetCRLEntryReasonCode( |
| PKIX_PL_CRLEntry *crlEntry, |
| PKIX_Int32 *pReason, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs |
| * DESCRIPTION: |
| * |
| * Retrieves a pointer to the List of OIDs (each OID corresponding to a |
| * critical extension of the CRLEntry pointed to by "crlEntry") and stores it |
| * at "pExtensions". If "crlEntry" does not have any critical extensions, this |
| * function stores an empty List at "pExtensions". |
| * |
| * Note that the List returned by this function is immutable. |
| * |
| * PARAMETERS: |
| * "crlEntry" |
| * Address of CRLEntry whose critical extension OIDs are to be stored. |
| * Must be non-NULL. |
| * "pExtensions" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CRL Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CRLEntry_GetCriticalExtensionOIDs( |
| PKIX_PL_CRLEntry *crlEntry, |
| PKIX_List **pExtensions, /* list of PKIX_PL_OID */ |
| void *plContext); |
| |
| #ifdef BUILD_LIBPKIX_TESTS |
| /* |
| * FUNCTION: PKIX_PL_X500Name_Create |
| * DESCRIPTION: |
| * |
| * Creates a new X500Name using the UTF8 string representation pointed to by |
| * "stringRep" and stores it at "pName". Once created, an X500Name is |
| * immutable. |
| * |
| * Name ::= CHOICE { |
| * RDNSequence } |
| * |
| * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName |
| * |
| * RelativeDistinguishedName ::= |
| * SET OF AttributeTypeAndValue |
| * |
| * AttributeTypeAndValue ::= SEQUENCE { |
| * type AttributeType, |
| * value AttributeValue } |
| * |
| * AttributeType ::= OBJECT IDENTIFIER |
| * |
| * AttributeValue ::= ANY DEFINED BY AttributeType |
| * |
| * DirectoryString ::= CHOICE { |
| * teletexString TeletexString (SIZE (1..MAX)), |
| * printableString PrintableString (SIZE (1..MAX)), |
| * universalString UniversalString (SIZE (1..MAX)), |
| * utf8String UTF8String (SIZE (1..MAX)), |
| * bmpString BMPString (SIZE (1..MAX)) } |
| * |
| * PARAMETERS: |
| * "stringRep" |
| * Address of UTF8 String representation of X500Name. Must be non-NULL. |
| * "pName" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns an X500Name Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_X500Name_Create ( |
| PKIX_PL_String *stringRep, |
| PKIX_PL_X500Name **pName, |
| void *plContext); |
| |
| #endif /* BUILD_LIBPKIX_TESTS */ |
| |
| /* |
| * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName |
| * DESCRIPTION: |
| * |
| * The function creates x500Name using der encoded DN and/or pointer to |
| * CERTName. If arument "name" is NULL, but derName is supplied when |
| * the function generates nssDN(CERTName type) from der data. If derName |
| * is not supplied, CERTName *name will not be used to generate DN DER |
| * encoding. |
| * |
| * PARAMETERS: |
| * "derName" |
| * Address of DER representation of X500Name. Can be NULL |
| * "name" |
| * Address of CERTName representation of X500Name. Can be NULL |
| * "pName" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns an X500Name Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_X500Name_CreateFromCERTName( |
| SECItem *derName, |
| CERTName *name, |
| PKIX_PL_X500Name **pName, |
| void *plContext); |
| |
| |
| /* |
| * TYPE: PKIX_PL_X500Name_Match |
| * DESCRIPTION: |
| * Checks whether the X500Name pointed to by "firstX500Name" MATCHES the |
| * X500Name pointed to by "secondX500Name" and stores the boolean result at |
| * "pResult". Two X500Names MATCH if they meet the conditions specified by |
| * RFC 3280 (section 4.1.2.4). Namely: |
| * |
| * "This specification requires only a subset of the name comparison |
| * functionality specified in the X.500 series of specifications. |
| * Conforming implementations are REQUIRED to implement the following |
| * name comparison rules: |
| * |
| * (a) attribute values encoded in different types (e.g., PrintableString |
| * and BMPString) MAY be assumed to represent different strings; |
| * |
| * (b) attribute values in types other than PrintableString are case |
| * sensitive (this permits matching of attribute values as binary objects) |
| * |
| * (c) attribute values in PrintableString are not case sensitive |
| * (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and |
| * |
| * (d) attribute values in PrintableString are compared after removing |
| * leading and trailing white space and converting internal substrings of |
| * one or more consecutive white space characters to a single space." |
| * |
| * PARAMETERS: |
| * "firstX500Name" |
| * Address of first X500Name to compare. Must be non-NULL. |
| * "secondX500Name" |
| * Address of second X500Name to compare. Must be non-NULL. |
| * "pResult" |
| * Address of Boolean result. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns an X500Name Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_X500Name_Match( |
| PKIX_PL_X500Name *firstX500Name, |
| PKIX_PL_X500Name *secondX500Name, |
| PKIX_Boolean *pResult, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Date_Create_UTCTime |
| * DESCRIPTION: |
| * Creates a new Date of type UTCTime using the string representation pointed |
| * to by "stringRep" and stores it at "pDate". The UTCTime restriction means |
| * that the year can only be specified by the least significant two digits |
| * (YY). As such, Only the years 1950-2049 can be represented. If "stringRep" |
| * is NULL, this function creates a new Date representing the current time |
| * and stores it at "pDate". Once created, a Date is immutable. |
| * |
| * If YY is greater than or equal to 50, the year is interpreted as 19YY. |
| * If YY is less than 50, the year is interpreted as 20YY. |
| * |
| * The string representation of the date must be in the following form: |
| * "YYMMDDhhmmssZ" where: |
| * |
| * YY is the least significant two digits of the year |
| * MM is the month (01 to 12) |
| * DD is the day (01 to 31) |
| * hh is the hour (00 to 23) |
| * mm are the minutes (00 to 59) |
| * ss are the seconds (00 to 59) |
| * Z indicates that local time is GMT |
| * |
| * PARAMETERS: |
| * "stringRep" |
| * Address of String representation of Date. |
| * If NULL, current time is used. |
| * "pDate" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Date Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Date_Create_UTCTime ( |
| PKIX_PL_String *stringRep, |
| PKIX_PL_Date **pDate, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Date_Create_UTCTime |
| * DESCRIPTION: |
| * Creates a new Date from PRTime data. |
| * |
| * PARAMETERS: |
| * "time" |
| * Represented time in PRTime type. |
| * "pDate" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Date Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Date_CreateFromPRTime( |
| PRTime time, |
| PKIX_PL_Date **pDate, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds |
| * DESCRIPTION: |
| * Creates a new Date of type UTCTime for current time with seconds off by |
| * "secondsOffset" and returns it at "pDate". |
| * |
| * PARAMETERS: |
| * "secondsOffset" |
| * A PKIX_Int32 indicates the time offset from current. If "secondsOffset" |
| * is negative, the time is in past. |
| * "pDate" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Date Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Date_Create_CurrentOffBySeconds( |
| PKIX_Int32 secondsOffset, |
| PKIX_PL_Date **pDate, |
| void *plContext); |
| |
| #ifdef BUILD_LIBPKIX_TESTS |
| /* |
| * FUNCTION: PKIX_PL_GeneralName_Create |
| * DESCRIPTION: |
| * |
| * Creates a new GeneralName of type "nameType" using the string |
| * representation pointed to by "stringRep" and stores it at "pGName". |
| * All of the GeneralName type format values specified in pkixt.h are |
| * supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME, |
| * PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation |
| * should be used for all supported nameTypes, with the exception of |
| * registeredID and directoryName. For registeredID, the string representation |
| * should be the same as that used by PKIX_PL_OID_Create. For directoryName, |
| * the string representation should be the same as that used by |
| * PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is |
| * returned. Once created, a GeneralName is immutable. |
| * |
| * GeneralName ::= CHOICE { |
| * otherName [0] OtherName, |
| * rfc822Name [1] IA5String, |
| * dNSName [2] IA5String, |
| * x400Address [3] ORAddress, |
| * directoryName [4] Name, |
| * ediPartyName [5] EDIPartyName, |
| * uniformResourceIdentifier [6] IA5String, |
| * iPAddress [7] OCTET STRING, |
| * registeredID [8] OBJECT IDENTIFIER } |
| * |
| * |
| * NOTE: This function is allowed to be called only by pkix tests programs. |
| * |
| * PARAMETERS: |
| * "nameType" |
| * Type of GeneralName to be created. This must be one of the GeneralName |
| * type format values specified in pkixt.h |
| * "stringRep" |
| * Address of String representation of GeneralName. Must be non-NULL. |
| * "pGName" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a GeneralName Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_GeneralName_Create ( |
| PKIX_UInt32 nameType, |
| PKIX_PL_String *stringRep, |
| PKIX_PL_GeneralName **pGName, |
| void *plContext); |
| #endif /* BUILD_LIBPKIX_TESTS */ |
| |
| /* |
| * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace |
| * DESCRIPTION: |
| * |
| * This function checks whether names in "nameList" comply with |
| * "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the |
| * requirement of the NameConstraints, PKIX_FALSE otherwise. |
| * |
| * PARAMETERS |
| * "nameList" |
| * List of GeneralNames that are checked for compliance. May be empty |
| * or NULL. |
| * "nameConstraints" |
| * Address of CertNameConstraints that provides lists of permitted |
| * and excluded names. Must be non-NULL. |
| * "pCheckPass" |
| * Address where PKIX_TRUE is returned if the all names in "nameList" are |
| * valid. Must be non-NULL. |
| * "plContext" - Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a NameConstraints Error if the function fails in a |
| * non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CertNameConstraints_CheckNamesInNameSpace( |
| PKIX_List *nameList, /* List of PKIX_PL_GeneralName */ |
| PKIX_PL_CertNameConstraints *nameConstraints, |
| PKIX_Boolean *pCheckPass, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_AIAMgr_Create |
| * DESCRIPTION: |
| * |
| * This function creates an AIAMgr to handle retrieval of Certs and CRLs |
| * from servers given by AIA Certificate extensions. It manages connections |
| * and caches. The manager created is stored at "pAIAMgr". |
| * |
| * PARAMETERS: |
| * "pAIAMgr" |
| * The address at which the result is stored. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns an AIAMgr Error if the function fails in a non-fatal way |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_AIAMgr_Create( |
| PKIX_PL_AIAMgr **pAIAMgr, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts |
| * DESCRIPTION: |
| * |
| * This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs |
| * specified by an AIA certificate extension, if any, in the Cert pointed to by |
| * "prevCert", storing the results at "pCerts". If the certificate has no such |
| * extension, this function stores NULL at "pCerts". |
| * |
| * If the request is suspended for non-blocking I/O, a platform-dependent |
| * context is stored at "pNBIOContext" and NULL is stored at "pCerts". This |
| * return is referred to as the WOULDBLOCK state. Note that the caller must |
| * check for a non-NULL value at "pNBIOContext", to distinguish this state from |
| * the "no such extension" return described in the first paragraph. (The |
| * alternative would be to return an empty List, but it seemed wrong to incur |
| * the overhead of creating and destroying an empty List for the most common |
| * situation.) |
| * |
| * After a WOULDBLOCK return, the user may continue the operation by calling |
| * pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again |
| * returns in the WOULDBLOCK state) with the previously-returned non-NULL |
| * value of "pNBIOContext". When results are complete, NULL is stored at |
| * "pNBIOContext", and the results (which may be NULL) are stored at "pCerts". |
| * |
| * PARAMETERS: |
| * "aiaMgr" |
| * The AIAMgr which controls the retrieval of certificates. Must be |
| * non-NULL. |
| * "prevCert" |
| * Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must |
| * be non-NULL. |
| * "pNBIOContext" |
| * Address at which platform-dependent information is returned if request |
| * is suspended for non-blocking I/O. Must be non-NULL. |
| * "pCerts" |
| * Address at which the returned List is stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns an AIAMgr Error if the function fails in a non-fatal way |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_AIAMgr_GetAIACerts( |
| PKIX_PL_AIAMgr *aiaMgr, |
| PKIX_PL_Cert *prevCert, |
| void **pNBIOContext, |
| PKIX_List **pCerts, |
| void *plContext); |
| |
| typedef PKIX_Error * |
| (*PKIX_PL_VerifyCallback)( |
| PKIX_PL_Object *signedObject, |
| PKIX_PL_Cert *signerCert, /* can be unknown */ |
| PKIX_PL_Date *producedAt, |
| PKIX_ProcessingParams *procParams, |
| void **pNBIOContext, |
| void **pState, |
| PKIX_BuildResult **pBuildResult, |
| PKIX_VerifyNode **pVerifyTree, |
| void *plContext); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* _PKIX_PL_PKI_H */ |