| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| /* |
| * This file defines functions associated with CertStore types. |
| * |
| */ |
| |
| |
| #ifndef _PKIX_SAMPLEMODULES_H |
| #define _PKIX_SAMPLEMODULES_H |
| |
| #include "pkix_pl_common.h" |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* General |
| * |
| * Please refer to the libpkix Programmer's Guide for detailed information |
| * about how to use the libpkix library. Certain key warnings and notices from |
| * that document are repeated here for emphasis. |
| * |
| * All identifiers in this file (and all public identifiers defined in |
| * libpkix) begin with "PKIX_". Private identifiers only intended for use |
| * within the library begin with "pkix_". |
| * |
| * A function returns NULL upon success, and a PKIX_Error pointer upon failure. |
| * |
| * Unless otherwise noted, for all accessor (gettor) functions that return a |
| * PKIX_PL_Object pointer, callers should assume that this pointer refers to a |
| * shared object. Therefore, the caller should treat this shared object as |
| * read-only and should not modify this shared object. When done using the |
| * shared object, the caller should release the reference to the object by |
| * using the PKIX_PL_Object_DecRef function. |
| * |
| * While a function is executing, if its arguments (or anything referred to by |
| * its arguments) are modified, free'd, or destroyed, the function's behavior |
| * is undefined. |
| * |
| */ |
| |
| /* PKIX_PL_CollectionCertStore |
| * |
| * A PKIX_CollectionCertStore provides an example for showing how to retrieve |
| * certificates and CRLs from a repository, such as a directory in the system. |
| * It is expected the directory is an absolute directory which contains CRL |
| * and Cert data files. CRL files are expected to have the suffix of .crl |
| * and Cert files are expected to have the suffix of .crt . |
| * |
| * Once the caller has created the CollectionCertStoreContext object, the caller |
| * then can call pkix_pl_CollectionCertStore_GetCert or |
| * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or |
| * PKIX_PL_CRL objects, respectively. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_PL_CollectionCertStore_Create |
| * DESCRIPTION: |
| * |
| * Creates a new CollectionCertStore and returns it at |
| * "pColCertStore". |
| * |
| * PARAMETERS: |
| * "storeDir" |
| * The absolute path where *.crl files are located. |
| * "pColCertStoreContext" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CollectionCertStoreContext Error if the function fails in |
| * a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_CollectionCertStore_Create( |
| PKIX_PL_String *storeDir, |
| PKIX_CertStore **pCertStore, |
| void *plContext); |
| |
| /* PKIX_PL_PK11CertStore |
| * |
| * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11 |
| * database. The directory that contains the cert8.db, key3.db, and secmod.db |
| * files that comprise a PKCS11 database are specified in NSS initialization. |
| * |
| * Once the caller has created the Pk11CertStore object, the caller can call |
| * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain |
| * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_PL_Pk11CertStore_Create |
| * DESCRIPTION: |
| * |
| * Creates a new Pk11CertStore and returns it at "pPk11CertStore". |
| * |
| * PARAMETERS: |
| * "pPk11CertStore" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertStore Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_Pk11CertStore_Create( |
| PKIX_CertStore **pPk11CertStore, |
| void *plContext); |
| |
| #ifndef NSS_PKIX_NO_LDAP |
| /* PKIX_PL_LdapCertStore |
| * |
| * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server |
| * over a socket connection. It used the LDAP protocol as described in RFC1777. |
| * |
| * Once the caller has created the LdapCertStore object, the caller can call |
| * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain |
| * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_PL_LdapDefaultClient_Create |
| * DESCRIPTION: |
| * |
| * Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr", |
| * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI"; |
| * and stores the address of the default LdapClient at "pClient". |
| * |
| * At the time of this version, there are unresolved questions about the LDAP |
| * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not |
| * clear whether they are appropriate to this application. We have tested only |
| * using servers that do not expect authentication, and that reject BIND |
| * messages. It is not clear what values might be appropriate for the bindname |
| * and authentication fields, which are currently implemented as char strings |
| * supplied by the caller. (If this changes, the API and possibly the templates |
| * will have to change.) Therefore the Client_Create API contains a BindAPI |
| * structure, a union, which will have to be revised and extended when this |
| * area of the protocol is better understood. |
| * |
| * PARAMETERS: |
| * "sockaddr" |
| * Address of the PRNetAddr to be used for the socket connection. Must be |
| * non-NULL. |
| * "timeout" |
| * The PRIntervalTime value to be used as a timeout value in socket calls; |
| * a zero value indicates non-blocking I/O is to be used. |
| * "bindAPI" |
| * The address of a BindAPI to be used if a BIND message is required. If |
| * this argument is NULL, no Bind (or Unbind) will be sent. |
| * "pClient" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertStore Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_LdapDefaultClient_Create( |
| PRNetAddr *sockaddr, |
| PRIntervalTime timeout, |
| LDAPBindAPI *bindAPI, |
| PKIX_PL_LdapDefaultClient **pClient, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName |
| * DESCRIPTION: |
| * |
| * Creates an LdapDefaultClient using the hostname poined to by "hostname", |
| * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI"; |
| * and stores the address of the default LdapClient at "pClient". |
| * |
| * At the time of this version, there are unresolved questions about the LDAP |
| * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not |
| * clear whether they are appropriate to this application. We have tested only |
| * using servers that do not expect authentication, and that reject BIND |
| * messages. It is not clear what values might be appropriate for the bindname |
| * and authentication fields, which are currently implemented as char strings |
| * supplied by the caller. (If this changes, the API and possibly the templates |
| * will have to change.) Therefore the Client_Create API contains a BindAPI |
| * structure, a union, which will have to be revised and extended when this |
| * area of the protocol is better understood. |
| * |
| * PARAMETERS: |
| * "hostname" |
| * Address of the hostname to be used for the socket connection. Must be |
| * non-NULL. |
| * "timeout" |
| * The PRIntervalTime value to be used as a timeout value in socket calls; |
| * a zero value indicates non-blocking I/O is to be used. |
| * "bindAPI" |
| * The address of a BindAPI to be used if a BIND message is required. If |
| * this argument is NULL, no Bind (or Unbind) will be sent. |
| * "pClient" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertStore Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_LdapDefaultClient_CreateByName( |
| char *hostname, |
| PRIntervalTime timeout, |
| LDAPBindAPI *bindAPI, |
| PKIX_PL_LdapDefaultClient **pClient, |
| void *plContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_LdapCertStore_Create |
| * DESCRIPTION: |
| * |
| * Creates a new LdapCertStore using the LdapClient pointed to by "client", |
| * and stores the address of the CertStore at "pCertStore". |
| * |
| * PARAMETERS: |
| * "client" |
| * Address of the LdapClient to be used. Must be non-NULL. |
| * "pCertStore" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * "plContext" |
| * Platform-specific context pointer. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a CertStore Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_LdapCertStore_Create( |
| PKIX_PL_LdapClient *client, |
| PKIX_CertStore **pCertStore, |
| void *plContext); |
| #endif /* !NSS_PKIX_NO_LDAP */ |
| |
| /* PKIX_PL_NssContext |
| * |
| * A PKIX_PL_NssContext provides an example showing how the "plContext" |
| * argument, that is part of every libpkix function call, can be used. |
| * The "plContext" is the Portability Layer Context, which can be used |
| * to communicate layer-specific information from the application to the |
| * underlying Portability Layer (while bypassing the Portable Code, which |
| * blindly passes the plContext on to every function call). |
| * |
| * In this case, NSS serves as both the application and the Portability Layer. |
| * We define an NSS-specific structure, which includes an arena and a number |
| * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument, |
| * wincx, is used on Windows platforms for PKCS11 access, and should be set to |
| * NULL for other platforms. |
| * Before calling any of the libpkix functions, the caller should create the NSS |
| * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context |
| * as the "plContext" argument in every libpkix function call the caller makes. |
| * When the caller is finished using the NSS context (usually just after he |
| * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to |
| * free the NSS context structure. |
| */ |
| |
| /* |
| * FUNCTION: PKIX_PL_NssContext_Create |
| * DESCRIPTION: |
| * |
| * Creates a new NssContext using the certificate usage(s) specified by |
| * "certUsage" and stores it at "pNssContext". This function also internally |
| * creates an arena and stores it as part of the NssContext structure. Unlike |
| * most other libpkix API functions, this function does not take a "plContext" |
| * parameter. |
| * |
| * PARAMETERS: |
| * "certUsage" |
| * The desired SECCertificateUsage(s). |
| * "useNssArena" |
| * Boolean flag indicates NSS Arena is used for memory allocation. |
| * "wincx" |
| * A Windows-dependent pointer for PKCS11 token handling. |
| * "pNssContext" |
| * Address where object pointer will be stored. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Context Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_NssContext_Create( |
| PKIX_UInt32 certificateUsage, |
| PKIX_Boolean useNssArena, |
| void *wincx, |
| void **pNssContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_NssContext_Destroy |
| * DESCRIPTION: |
| * |
| * Frees the structure pointed to by "nssContext" along with any of its |
| * associated memory. Unlike most other libpkix API functions, this function |
| * does not take a "plContext" parameter. |
| * |
| * PARAMETERS: |
| * "nssContext" |
| * Address of NssContext to be destroyed. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Context Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_NssContext_Destroy( |
| void *nssContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_NssContext_SetTimeout |
| * DESCRIPTION: |
| * |
| * Sets IO timeout for network operations like OCSP response and cert |
| * fetching. |
| * |
| * PARAMETERS: |
| * "nssContext" |
| * Address of NssContext to be destroyed. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Context Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen |
| * DESCRIPTION: |
| * |
| * Sets maximum responce length allowed during network IO operations. |
| * |
| * PARAMETERS: |
| * "nssContext" |
| * Address of NssContext to be destroyed. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Context Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay |
| * DESCRIPTION: |
| * |
| * Sets user defined timeout between attempts to load crl using |
| * CRLDP. |
| * |
| * PARAMETERS: |
| * "delaySeconds" |
| * Reload delay in seconds. |
| * "nssContext" |
| * Address of NssContext to be destroyed. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Context Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds, |
| PKIX_PL_NssContext *nssContext); |
| |
| /* |
| * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay |
| * DESCRIPTION: |
| * |
| * Sets user defined timeout between attempts to load crls |
| * that failed to decode. |
| * |
| * PARAMETERS: |
| * "delaySeconds" |
| * Reload delay in seconds. |
| * "nssContext" |
| * Address of NssContext to be destroyed. Must be non-NULL. |
| * THREAD SAFETY: |
| * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| * RETURNS: |
| * Returns NULL if the function succeeds. |
| * Returns a Context Error if the function fails in a non-fatal way. |
| * Returns a Fatal Error if the function fails in an unrecoverable way. |
| */ |
| PKIX_Error * |
| PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds, |
| PKIX_PL_NssContext *nssContext); |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* _PKIX_SAMPLEMODULES_H */ |