1 #ifndef __ISDS_ISDS_H__
2 #define __ISDS_ISDS_H__
4 /* Public interface for libisds.
5 * Private declarations in isds_priv.h. */
7 #include <stdlib.h> /* For size_t */
8 #include <time.h> /* For struct tm */
9 #include <sys/time.h> /* For struct timeval */
10 #include <libxml/tree.h> /* Gor xmlDoc and xmlNodePtr */
12 #ifdef __cplusplus /* For C++ linker sake */
16 /* _deprecated macro marks library symbols as deprecated. Application should
17 * avoid using such function as soon as possible. */
19 #define _deprecated __attribute__((deprecated))
24 /* Service locators */
25 /* Base URL of production ISDS instance */
26 extern const char isds_locator
[]; /* Without client certificate auth. */
27 extern const char isds_cert_locator
[]; /* With client certificate auth. */
28 extern const char isds_otp_locator
[]; /* With OTP authentication */
29 /* Base URL of testing ISDS instance */
30 extern const char isds_testing_locator
[]; /* Without client certificate */
31 extern const char isds_cert_testing_locator
[]; /* With client certificate */
32 extern const char isds_otp_testing_locator
[]; /* With OTP authentication */
35 struct isds_ctx
; /* Context for specific ISDS box */
38 IE_SUCCESS
= 0, /* No error, just for C convenience (0 means Ok) */
39 IE_ERROR
, /* Unspecified error */
84 /* Return text description of ISDS error */
85 const char *isds_strerror(const isds_error error
);
89 IOPT_TLS_VERIFY_SERVER
, /* _Bool: Verify server identity?
90 Default value is true. */
91 IOPT_TLS_CA_FILE
, /* char *: File name with CA certificates.
92 Default value depends on cryptographic
94 IOPT_TLS_CA_DIRECTORY
, /* char *: Directory name with CA certificates.
95 Default value depends on cryptographic
97 IOPT_TLS_CRL_FILE
, /* char *: File name with CRL in PEM format.
98 Default value depends on cryptographic
100 IOPT_NORMALIZE_MIME_TYPE
, /* _Bool: Normalize MIME type values?
101 Default value is false. */
104 /* TLS libisds options */
106 ITLS_VERIFY_SERVER
, /* _Bool: Verify server identity? */
107 ITLS_CA_FILE
, /* char *: File name with CA certificates */
108 ITLS_CA_DIRECTORY
, /* char *: Directory name with CA certificates */
109 ITLS_CRL_FILE
/* char *: File name with CRL in PEM format */
112 /* Cryptographic material encoding */
114 PKI_FORMAT_PEM
, /* PEM format */
115 PKI_FORMAT_DER
, /* DER format */
116 PKI_FORMAT_ENG
/* Stored in crypto engine */
119 /* Public key crypto material to authenticate client */
120 struct isds_pki_credentials
{
121 char *engine
; /* String identifier of crypto engine to use
122 (where key is stored). Use NULL for no engine */
123 isds_pki_format certificate_format
; /* Certificate format */
124 char *certificate
; /* Path to client certificate, or certificate
125 nickname in case of NSS as curl back-end,
126 or key slot identifier inside crypto engine.
127 Some crypto engines can pair certificate with
128 key automatically (NULL value) */
129 isds_pki_format key_format
; /* Private key format */
130 char *key
; /* Path to client private key, or key identifier
131 in case of used engine */
132 char *passphrase
; /* Zero terminated string with password for
133 decrypting private key, or engine PIN.
134 Use NULL for no pass-phrase or question by
138 /* One-time password authentication method */
140 OTP_HMAC
= 0, /* HMAC-based OTP method */
141 OTP_TIME
/* Time-based OTP method */
144 /* One-time passwed authentication resolution */
146 OTP_RESOLUTION_SUCCESS
= 0, /* Authentication succeded */
147 OTP_RESOLUTION_UNKNOWN
, /* Status is unkown */
148 OTP_RESOLUTION_BAD_AUTHENTICATION
, /* Bad log-in, retry */
149 OTP_RESOLUTION_ACCESS_BLOCKED
, /* Access blocked for 60 minutes
150 (brute force attack detected) */
151 OTP_RESOLUTION_PASSWORD_EXPIRED
, /* Password has expired.
152 ???: OTP or regular password
154 OTP_RESOLUTION_TO_FAST
, /* OTP cannot be sent repeatedly
155 at this rate (minimal delay
156 depends on TOTP window setting) */
157 OTP_RESOLUTION_UNAUTHORIZED
, /* User name is not allowed to
158 access requested URI */
159 OTP_RESOLUTION_TOTP_SENT
, /* OTP has been generated and sent by
161 OTP_RESOLUTION_TOTP_NOT_SENT
, /* OTP could not been sent.
163 } isds_otp_resolution
;
165 /* One-time password to authenticate client */
168 isds_otp_method method
; /* Select OTP method to use */
169 char *otp_code
; /* One-time password to use. Pass NULL,
170 if you do not know it yet (e.g. in case
171 of first phase of time-based OTP to
172 request new code from ISDS.) */
174 isds_otp_resolution resolution
; /* Fine-grade resolution of OTP
175 authentication attempt. */
180 DBTYPE_SYSTEM
= 0, /* This is special sender value for messages
183 DBTYPE_OVM_NOTAR
= 11,
184 DBTYPE_OVM_EXEKUT
= 12,
190 DBTYPE_PFO_ADVOK
= 31,
191 DBTYPE_PFO_DANPOR
= 32,
192 DBTYPE_PFO_INSSPR
= 33,
196 /* Box status from point of view of accessibility */
198 DBSTATE_ACCESSIBLE
= 1,
199 DBSTATE_TEMP_UNACCESSIBLE
= 2,
200 DBSTATE_NOT_YET_ACCESSIBLE
= 3,
201 DBSTATE_PERM_UNACCESSIBLE
= 4,
205 /* User permissions from point of view of ISDS.
206 * Instances can be bitmaps of any discrete values. */
208 PRIVIL_READ_NON_PERSONAL
= 0x1, /* Can download and read messages with
209 dmPersonalDelivery == false */
210 PRIVIL_READ_ALL
= 0x2, /* Can download and read messages with
211 dmPersonalDelivery == true */
212 PRIVIL_CREATE_DM
= 0x4, /* Can create and sent messages,
213 can download outgoing (sent) messages */
214 PRIVIL_VIEW_INFO
= 0x8, /* Can list messages and data about
216 PRIVIL_SEARCH_DB
= 0x10, /* Can search for boxes */
217 PRIVIL_OWNER_ADM
= 0x20, /* Can administer his box (add/remove
218 permitted users and theirs
220 PRIVIL_READ_VAULT
= 0x40, /* Can read message stored in long term
221 storage (does not exists since
223 PRIVIL_ERASE_VAULT
= 0x80 /* Can delete messages from long term
229 MESSAGESTATE_SENT
= 0x2, /* Message has been put into ISDS */
230 MESSAGESTATE_STAMPED
= 0x4, /* Message stamped by TSA */
231 MESSAGESTATE_INFECTED
= 0x8, /* Message included viruses,
232 infected document has been removed */
233 MESSAGESTATE_DELIVERED
= 0x10, /* Message delivered
234 (dmDeliveryTime stored) */
235 MESSAGESTATE_SUBSTITUTED
= 0x20, /* Message delivered through fiction,
236 dmAcceptanceTime stored */
237 MESSAGESTATE_RECEIVED
= 0x40, /* Message accepted (by user log-in or
238 user explicit request),
239 dmAcceptanceTime stored */
240 MESSAGESTATE_READ
= 0x80, /* Message has been read by user */
241 MESSAGESTATE_UNDELIVERABLE
= 0x100, /* Message could not been delivered
242 (e.g. recipient box has been made
243 inaccessible meantime) */
244 MESSAGESTATE_REMOVED
= 0x200, /* Message content deleted */
245 MESSAGESTATE_IN_SAFE
= 0x400 /* Message stored in long term storage */
246 } isds_message_status
;
247 #define MESSAGESTATE_ANY 0x7FE /* Union of all isds_message_status
250 /* Hash algorithm types */
253 HASH_ALGORITHM_SHA_1
,
254 HASH_ALGORITHM_SHA_224
,
255 HASH_ALGORITHM_SHA_256
,
256 HASH_ALGORITHM_SHA_384
,
257 HASH_ALGORITHM_SHA_512
,
258 } isds_hash_algorithm
;
260 /* Buffer storage strategy.
261 * How function should embed application provided buffer into raw element of
262 * output structure. */
264 BUFFER_DONT_STORE
, /* Don't fill raw member */
265 BUFFER_COPY
, /* Copy buffer content into newly allocated raw */
266 BUFFER_MOVE
/* Just copy pointer.
267 But leave deallocation to isds_*_free(). */
268 } isds_buffer_strategy
;
270 /* Hash value storage */
272 isds_hash_algorithm algorithm
; /* Hash algorithm */
273 size_t length
; /* Hash value length in bytes */
274 void *value
; /* Hash value */
278 struct isds_PersonName
{
282 char *pnLastNameAtBirth
;
285 /* Date and place of birth */
286 struct isds_BirthInfo
{
287 struct tm
*biDate
; /* Date of Birth in local time at birth place,
288 only tm_year, tm_mon and tm_mday carry sane
291 char *biCounty
; /* German: Bezirk, Czech: okres */
296 struct isds_Address
{
299 char *adNumberInStreet
;
300 char *adNumberInMunicipality
;
305 /* Data about box and his owner.
306 * NULL pointer means undefined value */
307 struct isds_DbOwnerInfo
{
308 char *dbID
; /* Box ID [Max. 7 chars] */
309 isds_DbType
*dbType
; /* Box Type */
311 struct isds_PersonName
*personName
; /* Name of person */
312 char *firmName
; /* Name of firm */
313 struct isds_BirthInfo
*birthInfo
; /* Birth of person */
314 struct isds_Address
*address
; /* Post address */
318 char *identifier
; /* External box identifier for data
319 provider (OVM, PO, maybe PFO)
321 char *registryCode
; /* PFO External registry code
323 long int *dbState
; /* Box state; 1 <=> active box;
324 long int because xsd:integer
326 _Bool
*dbEffectiveOVM
; /* Box has OVM role (§ 5a) */
327 _Bool
*dbOpenAddressing
; /* Non-OVM Box is free to receive
328 messages from anybody */
333 USERTYPE_PRIMARY
, /* Owner of the box */
334 USERTYPE_ENTRUSTED
, /* User with limited access to the box */
335 USERTYPE_ADMINISTRATOR
, /* User to manage ENTRUSTED_USERs */
336 USERTYPE_OFFICIAL
, /* ??? */
337 USERTYPE_OFFICIAL_CERT
, /* ??? */
338 USERTYPE_LIQUIDATOR
/* Company liquidator */
342 * NULL pointer means undefined value */
343 struct isds_DbUserInfo
{
344 char *userID
; /* User ID [Min. 6, max. 12 characters] */
345 isds_UserType
*userType
; /* User type */
346 long int *userPrivils
; /* Set of user permissions */
347 struct isds_PersonName
*personName
; /* Name of the person */
348 struct isds_Address
*address
; /* Post address */
349 struct tm
*biDate
; /* Date of birth in local time,
350 only tm_year, tm_mon and tm_mday carry sane
352 char *ic
; /* ID of a supervising firm [Max. 8 chars] */
353 char *firmName
; /* Name of a supervising firm
355 char *caStreet
; /* Street and number of contact address */
356 char *caCity
; /* Czech City of contact address */
357 char *caZipCode
; /* Post office code of contact address */
358 char *caState
; /* Abbreviated country of contact address;
359 Implicit value is "CZ"; Optional. */
362 /* Message event type */
364 EVENT_UKNOWN
, /* Event unknown to this library */
365 EVENT_ACCEPTED_BY_RECIPIENT
, /* Message has been delivered and accepted
366 by recipient action */
367 EVENT_ACCEPTED_BY_FICTION
, /* Message has been delivered, acceptance
368 timed out, considered as accepted */
369 EVENT_UNDELIVERABLE
, /* Recipient box made inaccessible,
370 thus message is undeliverable */
371 EVENT_COMMERCIAL_ACCEPTED
, /* Recipient confirmed acceptance of
372 commercial message */
373 EVENT_ENTERED_SYSTEM
, /* Message entered ISDS, i.e. has been just
375 EVENT_DELIVERED
, /* Message has been delivered */
376 EVENT_PRIMARY_LOGIN
, /* Primary user has logged in */
377 EVENT_ENTRUSTED_LOGIN
, /* Entrusted user with capability to read
379 EVENT_SYSCERT_LOGIN
/* Application authenticated by `system'
380 certificate has logged in */
384 * All members are optional as specification states so. */
386 struct timeval
*time
; /* When the event occurred */
387 isds_event_type
*type
; /* Type of the event */
388 char *description
; /* Human readable event description
389 generated by ISDS (Czech) */
393 * Be ware that the string length constraints are forced only on output
394 * members transmitted to ISDS. The other direction (downloaded from ISDS)
395 * can break these rules. It should not happen, but nobody knows how much
396 * incompatible new version of ISDS protocol will be. This is the gold
397 * Internet rule: be strict on what you put, be tolerant on what you get. */
398 struct isds_envelope
{
399 /* Following members apply to incoming messages only: */
400 char *dmID
; /* Message ID.
401 Maximal length is 20 characters. */
402 char *dbIDSender
; /* Box ID of sender.
403 Special value "aaaaaaa" means sent by
405 Maximal length is 7 characters. */
406 char *dmSender
; /* Sender name;
407 Maximal length is 100 characters. */
408 char *dmSenderAddress
; /* Postal address of sender;
409 Maximal length is 100 characters. */
410 long int *dmSenderType
; /* Gross Box type of sender
411 TODO: isds_DbType ? */
412 char *dmRecipient
; /* Recipient name;
413 Maximal length is 100 characters. */
414 char *dmRecipientAddress
; /* Postal address of recipient;
415 Maximal length is 100 characters. */
416 _Bool
*dmAmbiguousRecipient
; /* Recipient has OVM role */
418 /* Following members are assigned by ISDS in different phases of message
420 unsigned long int *dmOrdinal
; /* Ordinal number in list of
421 incoming/outgoing messages */
422 isds_message_status
*dmMessageStatus
; /* Message state */
423 long int *dmAttachmentSize
; /* Size of message documents in
424 kilobytes (rounded). */
425 struct timeval
*dmDeliveryTime
; /* Time of delivery into a box
426 NULL, if message has not been
428 struct timeval
*dmAcceptanceTime
; /* Time of acceptance of the message
429 by an user. NULL if message has not
430 been accepted yet. */
431 struct isds_hash
*hash
; /* Message hash.
432 This is hash of isds:dmDM subtree. */
433 void *timestamp
; /* Qualified time stamp; Optional. */
434 size_t timestamp_length
; /* Length of timestamp in bytes */
435 struct isds_list
*events
; /* Events message passed trough;
436 List of isds_event's. */
439 /* Following members apply to both outgoing and incoming messages: */
440 char *dmSenderOrgUnit
; /* Organisation unit of sender as string;
442 long int *dmSenderOrgUnitNum
; /* Organisation unit of sender as number;
444 char *dbIDRecipient
; /* Box ID of recipient; Mandatory.
445 Maximal length is 7 characters. */
446 char *dmRecipientOrgUnit
; /* Organisation unit of recipient as
448 long int *dmRecipientOrgUnitNum
; /* Organisation unit of recipient as
450 char *dmToHands
; /* Person in recipient organisation;
452 char *dmAnnotation
; /* Subject (title) of the message.
453 Maximal length is 255 characters. */
454 char *dmRecipientRefNumber
; /* Czech: číslo jednací příjemce; Optional.
455 Maximal length is 50 characters. */
456 char *dmSenderRefNumber
; /* Czech: číslo jednací odesílatele;
457 Optional. Maximal length is 50 chars. */
458 char *dmRecipientIdent
; /* Czech: spisová značka příjemce; Optional.
459 Maximal length is 50 characters. */
460 char *dmSenderIdent
; /* Czech: spisová značka odesílatele;
461 Optional. Maximal length is 50 chars. */
463 /* Act addressing in Czech Republic:
464 * Point (Paragraph) § Section Law/Year Coll. */
465 long int *dmLegalTitleLaw
; /* Number of act mandating authority */
466 long int *dmLegalTitleYear
; /* Year of act issue mandating authority */
467 char *dmLegalTitleSect
; /* Section of act mandating authority.
469 char *dmLegalTitlePar
; /* Paragraph of act mandating authority.
471 char *dmLegalTitlePoint
; /* Point of act mandating authority.
474 _Bool
*dmPersonalDelivery
; /* If true, only person with higher
475 privileges can read this message */
476 _Bool
*dmAllowSubstDelivery
; /* Allow delivery through fiction.
477 I.e. Even if recipient did not read this
478 message, message is considered as
479 delivered after (currently) 10 days.
480 This is delivery through fiction.
481 Applies only to OVM dbType sender. */
482 char *dmType
; /* Message type (commercial subtypes or
484 Input values (when sending a message):
485 "I" is commercial message offering
486 paying the response (initiatory
488 it's necessary to define
490 "K" is commercial message paid by sender
492 "O" is commercial response paid by
493 sender of initiatory message; it's
494 necessary to copy value from
495 dmSenderRefNumber of initiatory
496 message to dmRecipientRefNumber
498 "V" is noncommercial government message
499 Default value while sending is undefined
500 which has the same meaning as "V".
501 Output values (when retrieving
503 "A" is subsidized initiatory commercial
504 message which can pay a response
505 "B" is subsidized initiatory commercial
506 message which has already paid the
508 "C" is subsidized initiatory commercial
509 message where the response offer has
511 "D" is externally subsidized commercial
513 "E" is commercial message prepaid by
515 "G" is commerical message paid by
521 "X" is initiatory commercial message
522 where the response offer has expired
523 "Y" initiatory commercial message which
524 has already paid the response
525 "Z" is limitedly subsidized commercial
527 Length: Exactly 1 UTF-8 character if
530 /* Following members apply to outgoing messages only: */
531 _Bool
*dmOVM
; /* OVM sending mode.
532 Non-OVM dbType boxes that has
533 dbEffectiveOVM == true MUST select
534 between true (OVM mode) and
535 false (non-OVM mode).
536 Optional; Implicit value is true. */
537 _Bool
*dmPublishOwnID
; /* Allow sender to express his name shall
538 be available to recipient by
539 isds_get_message_sender(). Sender type
540 will be always available.
541 Optional; Default value is false. */
545 /* Document type from point of hierarchy */
547 FILEMETATYPE_MAIN
, /* Main document */
548 FILEMETATYPE_ENCLOSURE
, /* Appendix */
549 FILEMETATYPE_SIGNATURE
, /* Digital signature of other document */
550 FILEMETATYPE_META
/* XML document for ESS (electronic
551 document information system) purposes */
555 struct isds_document
{
556 _Bool is_xml
; /* True if document is ISDS XML document.
557 False if document is ISDS binary
559 xmlNodePtr xml_node_list
; /* XML node-set presenting current XML
560 document content. This is pointer to
561 first node of the document in
562 isds_message.xml tree. Use `children'
563 and `next' members to iterate the
565 It will be NULL if document is empty.
566 Valid only if is_xml is true. */
567 void *data
; /* Document content.
568 The encoding and interpretation depends
570 Valid only if is_xml is false. */
571 size_t data_length
; /* Length of the data in bytes.
572 Valid only if is_xml is false. */
574 char *dmMimeType
; /* MIME type of data; Mandatory. */
575 isds_FileMetaType dmFileMetaType
; /* Document type to create hierarchy */
576 char *dmFileGuid
; /* Message-local document identifier;
578 char *dmUpFileGuid
; /* Reference to upper document identifier
579 (dmFileGuid); Optional. */
580 char *dmFileDescr
; /* Document name (title). E.g. file name;
582 char *dmFormat
; /* Reference to XML form definition;
583 Defines how to interpret XML document;
587 /* Raw message representation content type.
588 * This is necessary to distinguish between different representations without
589 * expensive repeated detection.
591 * PLAIN_SIGNED data are XML with namespace mangled to signed alternative
592 * CMS_SIGNED data are XML with signed namespace encapsulated in CMS */
594 RAWTYPE_INCOMING_MESSAGE
,
595 RAWTYPE_PLAIN_SIGNED_INCOMING_MESSAGE
,
596 RAWTYPE_CMS_SIGNED_INCOMING_MESSAGE
,
597 RAWTYPE_PLAIN_SIGNED_OUTGOING_MESSAGE
,
598 RAWTYPE_CMS_SIGNED_OUTGOING_MESSAGE
,
599 RAWTYPE_DELIVERYINFO
,
600 RAWTYPE_PLAIN_SIGNED_DELIVERYINFO
,
601 RAWTYPE_CMS_SIGNED_DELIVERYINFO
605 struct isds_message
{
606 void *raw
; /* Raw message in XML format as send to or
607 from the ISDS. You can use it to store
608 local copy. This is binary buffer. */
609 size_t raw_length
; /* Length of raw message in bytes */
610 isds_raw_type raw_type
; /* Content type of raw representation
611 Meaningful only with non-NULL raw
613 xmlDocPtr xml
; /* Parsed XML document with attached ISDS
614 message XML documents.
615 Can be NULL. May be freed AFTER deallocating
616 documents member structure. */
617 struct isds_envelope
*envelope
; /* Message envelope */
618 struct isds_list
*documents
; /* List of isds_document's.
619 Valid message must contain exactly one
620 document of type FILEMETATYPE_MAIN and
621 can contain any number of other type
622 documents. Total size of documents
623 must not exceed 10 MB. */
626 /* Message copy recipient and assigned message ID */
627 struct isds_message_copy
{
628 /* Input members defined by application */
629 char *dbIDRecipient
; /* Box ID of recipient; Mandatory.
630 Maximal length is 7 characters. */
631 char *dmRecipientOrgUnit
; /* Organisation unit of recipient as
633 long int *dmRecipientOrgUnitNum
; /* Organisation unit of recipient as
635 char *dmToHands
; /* Person in recipient organisation;
638 /* Output members returned from ISDS */
639 isds_error error
; /* libisds compatible error of delivery to o ne recipient */
640 char *dmStatus
; /* Error description returned by ISDS;
642 char *dmID
; /* Assigned message ID; Meaningful only
643 for error == IE_SUCCESS */
646 /* Message state change event */
647 struct isds_message_status_change
{
648 char *dmID
; /* Message ID. */
649 isds_message_status
*dmMessageStatus
; /* Message state */
650 struct timeval
*time
; /* When the state changed */
653 /* How outgoing commercial message gets paid */
655 PAYMENT_SENDER
, /* Payed by a sender */
656 PAYMENT_STAMP
, /* Pre-paid stamp by a sender; Undocumented. */
657 PAYMENT_SPONSOR
, /* A sponsor pays all messages */
658 PAYMENT_RESPONSE
, /* Recipient pays a response */
659 PAYMENT_SPONSOR_LIMITED
, /* Undocumented */
660 PAYMENT_SPONSOR_EXTERNAL
/* Undocomented */
663 /* Permission to send commercial message */
664 struct isds_commercial_permission
{
665 isds_payment_type type
; /* Payment method */
666 char *recipient
; /* Send to this box ID only;
667 NULL means to anybody. */
668 char *payer
; /* Owner of this box ID pays */
669 struct timeval
*expiration
; /* This permissions is valid until;
670 NULL means indefinitivly. */
671 unsigned long int *count
; /* Number of messages that can be sent
673 NULL means unlimited. */
674 char *reply_identifier
; /* Identifier to pair request and response
675 message. Meaningful only with type
679 /* General linked list */
681 struct isds_list
*next
; /* Next list item,
682 or NULL if current is last */
683 void *data
; /* Payload */
684 void (*destructor
) (void **); /* Payload deallocator;
685 Use NULL to have static data member. */
688 /* External box approval */
689 struct isds_approval
{
690 _Bool approved
; /* True if request for box has been
691 approved out of ISDS */
692 char *refference
; /* Identifier of the approval */
695 /* Message sender type.
696 * Similar but not equivalent to isds_UserType. */
698 SENDERTYPE_PRIMARY
, /* Owner of the box */
699 SENDERTYPE_ENTRUSTED
, /* User with limited access to the box */
700 SENDERTYPE_ADMINISTRATOR
, /* User to manage ENTRUSTED_USERs */
701 SENDERTYPE_OFFICIAL
, /* ISDS; sender of system message */
702 SENDERTYPE_VIRTUAL
, /* An application (e.g. document
703 information system) */
704 SENDERTYPE_OFFICIAL_CERT
, /* ???; Non-normative */
705 SENDERTYPE_LIQUIDATOR
/* Liquidator of the company; Non-normative */
708 /* Digital delivery of credentials */
709 struct isds_credentials_delivery
{
711 char *email
; /* e-mail address where to send
712 notification with link to service where
713 user can get know his new credentials */
715 char *token
; /* token user needs to use to authorize on
716 the web server to view his new
718 char *new_user_name
; /* user's log-in name that ISDS created/
719 changed up on a call. */
722 /* Initialize ISDS library.
723 * Global function, must be called before other functions.
724 * If it fails you can not use ISDS library and must call isds_cleanup() to
725 * free partially initialized global variables. */
726 isds_error
isds_init(void);
728 /* Deinitialize ISDS library.
729 * Global function, must be called as last library function. */
730 isds_error
isds_cleanup(void);
732 /* Return version string of this library. Version of dependencies can be
733 * embedded. Do no try to parse it. You must free it. */
734 char *isds_version(void);
736 /* Create ISDS context.
737 * Each context can be used for different sessions to (possibly) different
738 * ISDS server with different credentials.
739 * Returns new context, or NULL */
740 struct isds_ctx
*isds_ctx_create(void);
742 /* Destroy ISDS context and free memory.
743 * @context will be NULLed on success. */
744 isds_error
isds_ctx_free(struct isds_ctx
**context
);
746 /* Return long message text produced by library function, e.g. detailed error
747 * message. Returned pointer is only valid until new library function is
748 * called for the same context. Could be NULL, especially if NULL context is
749 * supplied. Return string is locale encoded. */
750 char *isds_long_message(const struct isds_ctx
*context
);
753 * @facilities is bit mask of isds_log_facility values,
754 * @level is verbosity level. */
755 void isds_set_logging(const unsigned int facilities
,
756 const isds_log_level level
);
758 /* Function provided by application libisds will call to pass log message.
759 * The message is usually locale encoded, but raw strings (UTF-8 usually) can
760 * occur when logging raw communication with ISDS servers. Infixed zero byte
761 * is not excluded, but should not present. Use @length argument to get real
762 * length of the message.
763 * TODO: We will try to fix the encoding issue
764 * @facility is log message class
765 * @level is log message severity
766 * @message is string with zero byte terminator. This can be any arbitrary
767 * chunk of a sentence with or without new line, a sentence can be splitted
768 * into more messages. However it should not happen. If you discover message
769 * without new line, report it as a bug.
770 * @length is size of @message string in bytes excluding trailing zero
771 * @data is pointer that will be passed unchanged to this function at run-time
773 typedef void (*isds_log_callback
)(
774 isds_log_facility facility
, isds_log_level level
,
775 const char *message
, int length
, void *data
);
777 /* Register callback function libisds calls when new global log message is
778 * produced by library. Library logs to stderr by default.
779 * @callback is function provided by application libisds will call. See type
780 * definition for @callback argument explanation. Pass NULL to revert logging to
782 * @data is application specific data @callback gets as last argument */
783 void isds_set_log_callback(isds_log_callback callback
, void *data
);
785 /* Set timeout in milliseconds for each network job like connecting to server
786 * or sending message. Use 0 to disable timeout limits. */
787 isds_error
isds_set_timeout(struct isds_ctx
*context
,
788 const unsigned int timeout
);
790 /* Function provided by application libisds will call with
791 * following five arguments. Value zero of any argument means the value is
793 * @upload_total is expected total upload,
794 * @upload_current is cumulative current upload progress
795 * @dowload_total is expected total download
796 * @download_current is cumulative current download progress
797 * @data is pointer that will be passed unchanged to this function at run-time
798 * @return 0 to continue HTTP transfer, or non-zero to abort transfer */
799 typedef int (*isds_progress_callback
)(
800 double upload_total
, double upload_current
,
801 double download_total
, double download_current
,
804 /* Register callback function libisds calls periodically during HTTP data
806 * @context is session context
807 * @callback is function provided by application libisds will call. See type
808 * definition for @callback argument explanation.
809 * @data is application specific data @callback gets as last argument */
810 isds_error
isds_set_progress_callback(struct isds_ctx
*context
,
811 isds_progress_callback callback
, void *data
);
813 /* Change context settings.
814 * @context is context which setting will be applied to
815 * @option is name of option. It determines the type of last argument. See
816 * isds_option definition for more info.
817 * @... is value of new setting. Type is determined by @option
819 isds_error
isds_set_opt(struct isds_ctx
*context
, const isds_option option
,
822 /* Connect and log into ISDS server.
823 * All required arguments will be copied, you do not have to keep them after
825 * ISDS supports six different authentication methods. Exact method is
826 * selected on @username, @password, @pki_credentials, and @otp arguments:
827 * - If @pki_credentials == NULL, @username and @password must be supplied
829 * - If @otp == NULL, simple authentication by username and password will
831 * - If @otp != NULL, authentication by username and password and OTP
833 * - If @pki_credentials != NULL, then
834 * - If @username == NULL, only certificate will be used
835 * - If @username != NULL, then
836 * - If @password == NULL, then certificate will be used and
837 * @username shifts meaning to box ID. This is used for hosted
839 * - Otherwise all three arguments will be used.
840 * Please note, that different cases require different certificate type
841 * (system qualified one or commercial non qualified one). This library
842 * does not check such political issues. Please see ISDS Specification
844 * @url is base address of ISDS web service. Pass extern isds_locator
845 * variable to use production ISDS instance without client certificate
846 * authentication (or extern isds_cert_locator with client certificate
847 * authentication or extern isds_otp_locators with OTP authentication).
848 * Passing NULL has the same effect, autoselection between isds_locator,
849 * isds_cert_locator, and isds_otp_locator is performed in addition. You can
850 * pass extern isds_testing_locator (or isds_cert_testing_locator or
851 * isds_otp_testing_locator) variable to select testing instance.
852 * @username is user name of ISDS user or box ID
853 * @password is user's secret password
854 * @pki_credentials defines public key cryptographic material to use in client
856 * @otp selects one-time password authentication method to use, defines OTP
857 * code (if known) and returns fine grade resolution of OTP procedure.
859 * IE_SUCCESS if authentication succeeds
860 * IE_NOT_LOGGED_IN if authentication fails. If OTP authentication has been
861 * requested, fine grade reason will be set into @otp->resolution. Error
862 * message from server can be obtained by isds_long_message() call.
863 * IE_PARTIAL_SUCCESS if time-based OTP authentication has been requested and
864 * server has sent OTP code through side channel. Application is expected to
865 * fill the code into @otp->otp_code, keep other arguments unchanged, and retry
866 * this call to complete second phase of TOTP authentication;
867 * or other appropriate error. */
868 isds_error
isds_login(struct isds_ctx
*context
, const char *url
,
869 const char *username
, const char *password
,
870 const struct isds_pki_credentials
*pki_credentials
,
871 struct isds_otp
*otp
);
873 /* Log out from ISDS server and close connection. */
874 isds_error
isds_logout(struct isds_ctx
*context
);
876 /* Verify connection to ISDS is alive and server is responding.
877 * Send dummy request to ISDS and expect dummy response. */
878 isds_error
isds_ping(struct isds_ctx
*context
);
880 /* Get data about logged in user and his box. */
881 isds_error
isds_GetOwnerInfoFromLogin(struct isds_ctx
*context
,
882 struct isds_DbOwnerInfo
**db_owner_info
);
884 /* Get data about logged in user. */
885 isds_error
isds_GetUserInfoFromLogin(struct isds_ctx
*context
,
886 struct isds_DbUserInfo
**db_user_info
);
888 /* Get expiration time of current password
889 * @context is session context
890 * @expiration is automatically reallocated time when password expires. If
891 * password expiration is disables, NULL will be returned. In case of error
892 * it will be nulled too. */
893 isds_error
isds_get_password_expiration(struct isds_ctx
*context
,
894 struct timeval
**expiration
);
896 /* Change user password in ISDS.
897 * User must supply old password, new password will takes effect after some
898 * time, current session can continue. Password must fulfill some constraints.
899 * @context is session context
900 * @old_password is current password.
901 * @new_password is requested new password
902 * @otp auxiliary data required if one-time password authentication is in use,
903 * defines OTP code (if known) and returns fine grade resolution of OTP
904 * procedure. Pass NULL, if one-time password authentication is not needed.
905 * Please note the @otp argument must match OTP method used at log-in time. See
906 * isds_login() function for more details.
907 * @refnumber is reallocated serial number of request assigned by ISDS. Use
908 * NULL, if you don't care.
909 * @return IE_SUCCESS, if password has been changed. Or returns appropriate
910 * error code. It can return IE_PARTIAL_SUCCESS if OTP is in use and server is
911 * awaiting OTP code that has been delivered by side channel to the user. */
912 isds_error
isds_change_password(struct isds_ctx
*context
,
913 const char *old_password
, const char *new_password
,
914 struct isds_otp
*otp
, char **refnumber
);
917 * @context is session context
918 * @box is box description to create including single primary user (in case of
919 * FO box type). It outputs box ID assigned by ISDS in dbID element.
920 * @users is list of struct isds_DbUserInfo (primary users in case of non-FO
921 * box, or contact address of PFO box owner)
922 * @former_names is optional former name of box owner. Pass NULL if you don't care.
923 * @upper_box_id is optional ID of supper box if currently created box is
925 * @ceo_label is optional title of OVM box owner (e.g. mayor)
926 * @credentials_delivery is NULL if new password should be delivered off-line
927 * to box owner. It is valid pointer if owner should obtain new password on-line
928 * on dedicated web server. Then input @credentials_delivery.email value is
929 * his e-mail address he must provide to dedicated web server together
930 * with output reallocated @credentials_delivery.token member. Output
931 * member @credentials_delivery.new_user_name is unused up on this call.
932 * @approval is optional external approval of box manipulation
933 * @refnumber is reallocated serial number of request assigned by ISDS. Use
934 * NULL, if you don't care.*/
935 isds_error
isds_add_box(struct isds_ctx
*context
,
936 struct isds_DbOwnerInfo
*box
, const struct isds_list
*users
,
937 const char *former_names
, const char *upper_box_id
,
938 const char *ceo_label
,
939 struct isds_credentials_delivery
*credentials_delivery
,
940 const struct isds_approval
*approval
, char **refnumber
);
942 /* Notify ISDS about new PFO entity.
943 * This function has no real effect.
944 * @context is session context
945 * @box is PFO description including single primary user.
946 * @users is list of struct isds_DbUserInfo (contact address of PFO box owner)
947 * @former_names is optional undocumented string. Pass NULL if you don't care.
948 * @upper_box_id is optional ID of supper box if currently created box is
950 * @ceo_label is optional title of OVM box owner (e.g. mayor)
951 * @approval is optional external approval of box manipulation
952 * @refnumber is reallocated serial number of request assigned by ISDS. Use
953 * NULL, if you don't care.*/
954 isds_error
isds_add_pfoinfo(struct isds_ctx
*context
,
955 const struct isds_DbOwnerInfo
*box
, const struct isds_list
*users
,
956 const char *former_names
, const char *upper_box_id
,
957 const char *ceo_label
, const struct isds_approval
*approval
,
960 /* Remove given box permanently.
961 * @context is session context
962 * @box is box description to delete
963 * @since is date of box owner cancellation. Only tm_year, tm_mon and tm_mday
965 * @approval is optional external approval of box manipulation
966 * @refnumber is reallocated serial number of request assigned by ISDS. Use
967 * NULL, if you don't care.*/
968 isds_error
isds_delete_box(struct isds_ctx
*context
,
969 const struct isds_DbOwnerInfo
*box
, const struct tm
*since
,
970 const struct isds_approval
*approval
, char **refnumber
);
972 /* Undocumented function.
973 * @context is session context
974 * @box is box description to delete
975 * @approval is optional external approval of box manipulation
976 * @refnumber is reallocated serial number of request assigned by ISDS. Use
977 * NULL, if you don't care.*/
978 isds_error
isds_delete_box_promptly(struct isds_ctx
*context
,
979 const struct isds_DbOwnerInfo
*box
,
980 const struct isds_approval
*approval
, char **refnumber
);
982 /* Update data about given box.
983 * @context is session context
984 * @old_box current box description
985 * @new_box are updated data about @old_box
986 * @approval is optional external approval of box manipulation
987 * @refnumber is reallocated serial number of request assigned by ISDS. Use
988 * NULL, if you don't care.*/
989 isds_error
isds_UpdateDataBoxDescr(struct isds_ctx
*context
,
990 const struct isds_DbOwnerInfo
*old_box
,
991 const struct isds_DbOwnerInfo
*new_box
,
992 const struct isds_approval
*approval
, char **refnumber
);
994 /* Get data about all users assigned to given box.
995 * @context is session context
997 * @users is automatically reallocated list of struct isds_DbUserInfo */
998 isds_error
isds_GetDataBoxUsers(struct isds_ctx
*context
, const char *box_id
,
999 struct isds_list
**users
);
1001 /* Update data about user assigned to given box.
1002 * @context is session context
1003 * @box is box identification
1004 * @old_user identifies user to update
1005 * @new_user are updated data about @old_user
1006 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1007 * NULL, if you don't care.*/
1008 isds_error
isds_UpdateDataBoxUser(struct isds_ctx
*context
,
1009 const struct isds_DbOwnerInfo
*box
,
1010 const struct isds_DbUserInfo
*old_user
,
1011 const struct isds_DbUserInfo
*new_user
,
1014 /* Undocumented function.
1015 * @context is session context
1016 * @box_id is UTF-8 encoded box identifier
1017 * @token is UTF-8 encoded temporary password
1018 * @user_id outputs UTF-8 encoded reallocated user identifier
1019 * @password outpus UTF-8 encoded reallocated user password
1020 * Output arguments will be nulled in case of error */
1021 isds_error
isds_activate(struct isds_ctx
*context
,
1022 const char *box_id
, const char *token
,
1023 char **user_id
, char **password
);
1025 /* Reset credentials of user assigned to given box.
1026 * @context is session context
1027 * @box is box identification
1028 * @user identifies user to reset password
1029 * @fee_paid is true if fee has been paid, false otherwise
1030 * @approval is optional external approval of box manipulation
1031 * @credentials_delivery is NULL if new password should be delivered off-line
1032 * to the user. It is valid pointer if user should obtain new password on-line
1033 * on dedicated web server. Then input @credentials_delivery.email value is
1034 * user's e-mail address user must provide to dedicated web server together
1035 * with @credentials_delivery.token. The output reallocated token user needs
1036 * to use to authorize on the web server to view his new password. Output
1037 * reallocated @credentials_delivery.new_user_name is user's log-in name that
1038 * ISDS changed up on this call. (No reason why server could change the name
1040 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1041 * NULL, if you don't care.*/
1042 isds_error
isds_reset_password(struct isds_ctx
*context
,
1043 const struct isds_DbOwnerInfo
*box
,
1044 const struct isds_DbUserInfo
*user
,
1045 const _Bool fee_paid
, const struct isds_approval
*approval
,
1046 struct isds_credentials_delivery
*credentials_delivery
,
1049 /* Assign new user to given box.
1050 * @context is session context
1051 * @box is box identification
1052 * @user defines new user to add
1053 * @credentials_delivery is NULL if new user's password should be delivered
1054 * off-line to the user. It is valid pointer if user should obtain new
1055 * password on-line on dedicated web server. Then input
1056 * @credentials_delivery.email value is user's e-mail address user must
1057 * provide to dedicated web server together with @credentials_delivery.token.
1058 * The output reallocated token user needs to use to authorize on the web
1059 * server to view his new password. Output reallocated
1060 * @credentials_delivery.new_user_name is user's log-in name that ISDS
1061 * assingned up on this call.
1062 * @approval is optional external approval of box manipulation
1063 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1064 * NULL, if you don't care.*/
1065 isds_error
isds_add_user(struct isds_ctx
*context
,
1066 const struct isds_DbOwnerInfo
*box
, const struct isds_DbUserInfo
*user
,
1067 struct isds_credentials_delivery
*credentials_delivery
,
1068 const struct isds_approval
*approval
, char **refnumber
);
1070 /* Remove user assigned to given box.
1071 * @context is session context
1072 * @box is box identification
1073 * @user identifies user to remove
1074 * @approval is optional external approval of box manipulation
1075 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1076 * NULL, if you don't care.*/
1077 isds_error
isds_delete_user(struct isds_ctx
*context
,
1078 const struct isds_DbOwnerInfo
*box
, const struct isds_DbUserInfo
*user
,
1079 const struct isds_approval
*approval
, char **refnumber
);
1081 /* Get list of boxes in ZIP archive.
1082 * @context is session context
1083 * @list_identifier is UTF-8 encoded string identifying boxes of interrest.
1084 * System recognizes following values currently: ALL (all boxes), UPG
1085 * (effectively OVM boxes), OVM (OVM gross type boxes), OPN (boxes allowing
1086 * receiving commercial messages). This argument is a string because
1087 * specification states new values can appear in the future. Not all list
1088 * types are available to all users.
1089 * @buffer is automatically reallocated memory to store the list of boxes. The
1090 * list is zipped CSV file.
1091 * @buffer_length is size of @buffer data in bytes.
1092 * In case of error @buffer will be freed and @buffer_length will be
1094 isds_error
isds_get_box_list_archive(struct isds_ctx
*context
,
1095 const char *list_identifier
, void **buffer
, size_t *buffer_length
);
1097 /* Find boxes suiting given criteria.
1098 * @context is ISDS session context.
1099 * @criteria is filter. You should fill in at least some members.
1100 * @boxes is automatically reallocated list of isds_DbOwnerInfo structures,
1101 * possibly empty. Input NULL or valid old structure.
1103 * IE_SUCCESS if search succeeded, @boxes contains useful data
1104 * IE_NOEXIST if no such box exists, @boxes will be NULL
1105 * IE_2BIG if too much boxes exist and server truncated the results, @boxes
1106 * contains still valid data
1107 * other code if something bad happens. @boxes will be NULL. */
1108 isds_error
isds_FindDataBox(struct isds_ctx
*context
,
1109 const struct isds_DbOwnerInfo
*criteria
,
1110 struct isds_list
**boxes
);
1112 /* Get status of a box.
1113 * @context is ISDS session context.
1114 * @box_id is UTF-8 encoded box identifier as zero terminated string
1115 * @box_status is return value of box status.
1117 * IE_SUCCESS if box has been found and its status retrieved
1118 * IE_NOEXIST if box is not known to ISDS server
1119 * or other appropriate error.
1120 * You can use isds_DbState to enumerate box status. However out of enum
1121 * range value can be returned too. This is feature because ISDS
1122 * specification leaves the set of values open.
1123 * Be ware that status DBSTATE_REMOVED is signaled as IE_SUCCESS. That means
1124 * the box has been deleted, but ISDS still lists its former existence. */
1125 isds_error
isds_CheckDataBox(struct isds_ctx
*context
, const char *box_id
,
1126 long int *box_status
);
1128 /* Get list of permissions to send commercial messages.
1129 * @context is ISDS session context.
1130 * @box_id is UTF-8 encoded sender box identifier as zero terminated string
1131 * @permissions is a reallocated list of permissions (struct
1132 * isds_commercial_permission*) to send commercial messages from @box_id. The
1133 * order of permissions is significant as the server applies the permissions
1134 * and associated pre-paid credits in the order. Empty list means no
1137 * IE_SUCCESS if the list has been obtained correctly,
1138 * or other appropriate error. */
1139 isds_error
isds_get_commercial_permissions(struct isds_ctx
*context
,
1140 const char *box_id
, struct isds_list
**permissions
);
1142 /* Switch box into state where box can receive commercial messages (off by
1144 * @context is ISDS session context.
1145 * @box_id is UTF-8 encoded box identifier as zero terminated string
1146 * @allow is true for enable, false for disable commercial messages income
1147 * @approval is optional external approval of box manipulation
1148 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1149 * NULL, if you don't care. */
1150 isds_error
isds_switch_commercial_receiving(struct isds_ctx
*context
,
1151 const char *box_id
, const _Bool allow
,
1152 const struct isds_approval
*approval
, char **refnumber
);
1154 /* Switch box into / out of state where non-OVM box can act as OVM (e.g. force
1155 * message acceptance). This is just a box permission. Sender must apply
1156 * such role by sending each message.
1157 * @context is ISDS session context.
1158 * @box_id is UTF-8 encoded box identifier as zero terminated string
1159 * @allow is true for enable, false for disable OVM role permission
1160 * @approval is optional external approval of box manipulation
1161 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1162 * NULL, if you don't care. */
1163 isds_error
isds_switch_effective_ovm(struct isds_ctx
*context
,
1164 const char *box_id
, const _Bool allow
,
1165 const struct isds_approval
*approval
, char **refnumber
);
1167 /* Switch box accessibility state on request of box owner.
1168 * Despite the name, owner must do the request off-line. This function is
1169 * designed for such off-line meeting points (e.g. Czech POINT).
1170 * @context is ISDS session context.
1171 * @box identifies box to switch accessibility state.
1172 * @allow is true for making accessible, false to disallow access.
1173 * @approval is optional external approval of box manipulation
1174 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1175 * NULL, if you don't care. */
1176 isds_error
isds_switch_box_accessibility_on_owner_request(
1177 struct isds_ctx
*context
, const struct isds_DbOwnerInfo
*box
,
1178 const _Bool allow
, const struct isds_approval
*approval
,
1181 /* Disable box accessibility on law enforcement (e.g. by prison) since exact
1183 * @context is ISDS session context.
1184 * @box identifies box to switch accessibility state.
1185 * @since is date since accessibility has been denied. This can be past too.
1186 * Only tm_year, tm_mon and tm_mday carry sane value.
1187 * @approval is optional external approval of box manipulation
1188 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1189 * NULL, if you don't care. */
1190 isds_error
isds_disable_box_accessibility_externaly(
1191 struct isds_ctx
*context
, const struct isds_DbOwnerInfo
*box
,
1192 const struct tm
*since
, const struct isds_approval
*approval
,
1195 /* Send a message via ISDS to a recipient
1196 * @context is session context
1197 * @outgoing_message is message to send; Some members are mandatory (like
1198 * dbIDRecipient), some are optional and some are irrelevant (especially data
1199 * about sender). Included pointer to isds_list documents must contain at
1200 * least one document of FILEMETATYPE_MAIN. This is read-write structure, some
1201 * members will be filled with valid data from ISDS. Exact list of write
1202 * members is subject to change. Currently dmID is changed.
1203 * @return ISDS_SUCCESS, or other error code if something goes wrong. */
1204 isds_error
isds_send_message(struct isds_ctx
*context
,
1205 struct isds_message
*outgoing_message
);
1207 /* Send a message via ISDS to a multiple recipients
1208 * @context is session context
1209 * @outgoing_message is message to send; Some members are mandatory,
1210 * some are optional and some are irrelevant (especially data
1211 * about sender). Data about recipient will be substituted by ISDS from
1212 * @copies. Included pointer to isds_list documents must
1213 * contain at least one document of FILEMETATYPE_MAIN.
1214 * @copies is list of isds_message_copy structures addressing all desired
1215 * recipients. This is read-write structure, some members will be filled with
1216 * valid data from ISDS (message IDs, error codes, error descriptions).
1218 * ISDS_SUCCESS if all messages have been sent
1219 * ISDS_PARTIAL_SUCCESS if sending of some messages has failed (failed and
1220 * succeeded messages can be identified by copies->data->error),
1221 * or other error code if something other goes wrong. */
1222 isds_error
isds_send_message_to_multiple_recipients(struct isds_ctx
*context
,
1223 const struct isds_message
*outgoing_message
,
1224 struct isds_list
*copies
);
1226 /* Get list of outgoing (already sent) messages.
1227 * Any criterion argument can be NULL, if you don't care about it.
1228 * @context is session context. Must not be NULL.
1229 * @from_time is minimal time and date of message sending inclusive.
1230 * @to_time is maximal time and date of message sending inclusive
1231 * @dmSenderOrgUnitNum is the same as isds_envelope.dmSenderOrgUnitNum
1232 * @status_filter is bit field of isds_message_status values. Use special
1233 * value MESSAGESTATE_ANY to signal you don't care. (It's defined as union of
1234 * all values, you can use bit-wise arithmetic if you want.)
1235 * @offset is index of first message we are interested in. First message is 1.
1236 * Set to 0 (or 1) if you don't care.
1237 * @number is maximal length of list you want to get as input value, outputs
1238 * number of messages matching these criteria. Can be NULL if you don't care
1239 * (applies to output value either).
1240 * @messages is automatically reallocated list of isds_message's. Be ware that
1241 * it returns only brief overview (envelope and some other fields) about each
1242 * message, not the complete message. FIXME: Specify exact fields.
1243 * The list is sorted by delivery time in ascending order.
1244 * Use NULL if you don't care about the meta data (useful if you want to know
1245 * only the @number). If you provide &NULL, list will be allocated on heap,
1246 * if you provide pointer to non-NULL, list will be freed automatically at
1247 * first. Also in case of error the list will be NULLed.
1248 * @return IE_SUCCESS or appropriate error code. */
1249 isds_error
isds_get_list_of_sent_messages(struct isds_ctx
*context
,
1250 const struct timeval
*from_time
, const struct timeval
*to_time
,
1251 const long int *dmSenderOrgUnitNum
, const unsigned int status_filter
,
1252 const unsigned long int offset
, unsigned long int *number
,
1253 struct isds_list
**messages
);
1255 /* Get list of incoming (addressed to you) messages.
1256 * Any criterion argument can be NULL, if you don't care about it.
1257 * @context is session context. Must not be NULL.
1258 * @from_time is minimal time and date of message sending inclusive.
1259 * @to_time is maximal time and date of message sending inclusive
1260 * @dmRecipientOrgUnitNum is the same as isds_envelope.dmRecipientOrgUnitNum
1261 * @status_filter is bit field of isds_message_status values. Use special
1262 * value MESSAGESTATE_ANY to signal you don't care. (It's defined as union of
1263 * all values, you can use bit-wise arithmetic if you want.)
1264 * @offset is index of first message we are interested in. First message is 1.
1265 * Set to 0 (or 1) if you don't care.
1266 * @number is maximal length of list you want to get as input value, outputs
1267 * number of messages matching these criteria. Can be NULL if you don't care
1268 * (applies to output value either).
1269 * @messages is automatically reallocated list of isds_message's. Be ware that
1270 * it returns only brief overview (envelope and some other fields) about each
1271 * message, not the complete message. FIXME: Specify exact fields.
1272 * Use NULL if you don't care about the meta data (useful if you want to know
1273 * only the @number). If you provide &NULL, list will be allocated on heap,
1274 * if you provide pointer to non-NULL, list will be freed automatically at
1275 * first. Also in case of error the list will be NULLed.
1276 * @return IE_SUCCESS or appropriate error code. */
1277 isds_error
isds_get_list_of_received_messages(struct isds_ctx
*context
,
1278 const struct timeval
*from_time
, const struct timeval
*to_time
,
1279 const long int *dmRecipientOrgUnitNum
,
1280 const unsigned int status_filter
,
1281 const unsigned long int offset
, unsigned long int *number
,
1282 struct isds_list
**messages
);
1284 /* Get list of sent message state changes.
1285 * Any criterion argument can be NULL, if you don't care about it.
1286 * @context is session context. Must not be NULL.
1287 * @from_time is minimal time and date of status changes inclusive
1288 * @to_time is maximal time and date of status changes inclusive
1289 * @changed_states is automatically reallocated list of
1290 * isds_message_status_change's. If you provide &NULL, list will be allocated
1291 * on heap, if you provide pointer to non-NULL, list will be freed
1292 * automatically at first. Also in case of error the list will be NULLed.
1293 * XXX: The list item ordering is not specified.
1294 * XXX: Server provides only `recent' changes.
1295 * @return IE_SUCCESS or appropriate error code. */
1296 isds_error
isds_get_list_of_sent_message_state_changes(
1297 struct isds_ctx
*context
,
1298 const struct timeval
*from_time
, const struct timeval
*to_time
,
1299 struct isds_list
**changed_states
);
1301 /* Download incoming message envelope identified by ID.
1302 * @context is session context
1303 * @message_id is message identifier (you can get them from
1304 * isds_get_list_of_received_messages())
1305 * @message is automatically reallocated message retrieved from ISDS.
1306 * It will miss documents per se. Use isds_get_received_message(), if you are
1307 * interested in documents (content) too.
1308 * Returned hash and timestamp require documents to be verifiable. */
1309 isds_error
isds_get_received_envelope(struct isds_ctx
*context
,
1310 const char *message_id
, struct isds_message
**message
);
1312 /* Download signed delivery info-sheet of given message identified by ID.
1313 * @context is session context
1314 * @message_id is message identifier (you can get them from
1315 * isds_get_list_of_{sent,received}_messages())
1316 * @message is automatically reallocated message retrieved from ISDS.
1317 * It will miss documents per se. Use isds_get_signed_received_message(),
1318 * if you are interested in documents (content). OTOH, only this function
1319 * can get list events message has gone through. */
1320 isds_error
isds_get_signed_delivery_info(struct isds_ctx
*context
,
1321 const char *message_id
, struct isds_message
**message
);
1323 /* Load delivery info of any format from buffer.
1324 * @context is session context
1325 * @raw_type advertises format of @buffer content. Only delivery info types
1327 * @buffer is DER encoded PKCS#7 structure with signed delivery info. You can
1328 * retrieve such data from message->raw after calling
1329 * isds_get_signed_delivery_info().
1330 * @length is length of buffer in bytes.
1331 * @message is automatically reallocated message parsed from @buffer.
1332 * @strategy selects how buffer will be attached into raw isds_message member.
1334 isds_error
isds_load_delivery_info(struct isds_ctx
*context
,
1335 const isds_raw_type raw_type
,
1336 const void *buffer
, const size_t length
,
1337 struct isds_message
**message
, const isds_buffer_strategy strategy
);
1339 /* Download delivery info-sheet of given message identified by ID.
1340 * @context is session context
1341 * @message_id is message identifier (you can get them from
1342 * isds_get_list_of_{sent,received}_messages())
1343 * @message is automatically reallocated message retrieved from ISDS.
1344 * It will miss documents per se. Use isds_get_received_message(), if you are
1345 * interested in documents (content). OTOH, only this function can get list
1346 * of events message has gone through. */
1347 isds_error
isds_get_delivery_info(struct isds_ctx
*context
,
1348 const char *message_id
, struct isds_message
**message
);
1350 /* Download incoming message identified by ID.
1351 * @context is session context
1352 * @message_id is message identifier (you can get them from
1353 * isds_get_list_of_received_messages())
1354 * @message is automatically reallocated message retrieved from ISDS */
1355 isds_error
isds_get_received_message(struct isds_ctx
*context
,
1356 const char *message_id
, struct isds_message
**message
);
1358 /* Load message of any type from buffer.
1359 * @context is session context
1360 * @raw_type defines content type of @buffer. Only message types are allowed.
1361 * @buffer is message raw representation. Format (CMS, plain signed,
1362 * message direction) is defined in @raw_type. You can retrieve such data
1363 * from message->raw after calling isds_get_[signed]{received,sent}_message().
1364 * @length is length of buffer in bytes.
1365 * @message is automatically reallocated message parsed from @buffer.
1366 * @strategy selects how buffer will be attached into raw isds_message member.
1368 isds_error
isds_load_message(struct isds_ctx
*context
,
1369 const isds_raw_type raw_type
, const void *buffer
, const size_t length
,
1370 struct isds_message
**message
, const isds_buffer_strategy strategy
);
1372 /* Determine type of raw message or delivery info according some heuristics.
1373 * It does not validate the raw blob.
1374 * @context is session context
1375 * @raw_type returns content type of @buffer. Valid only if exit code of this
1376 * function is IE_SUCCESS. The pointer must be valid. This is no automatically
1377 * reallocated memory.
1378 * @buffer is message raw representation.
1379 * @length is length of buffer in bytes. */
1380 isds_error
isds_guess_raw_type(struct isds_ctx
*context
,
1381 isds_raw_type
*raw_type
, const void *buffer
, const size_t length
);
1383 /* Download signed incoming message identified by ID.
1384 * @context is session context
1385 * @message_id is message identifier (you can get them from
1386 * isds_get_list_of_received_messages())
1387 * @message is automatically reallocated message retrieved from ISDS. The raw
1388 * member will be filled with PKCS#7 structure in DER format. */
1389 isds_error
isds_get_signed_received_message(struct isds_ctx
*context
,
1390 const char *message_id
, struct isds_message
**message
);
1392 /* Download signed outgoing message identified by ID.
1393 * @context is session context
1394 * @message_id is message identifier (you can get them from
1395 * isds_get_list_of_sent_messages())
1396 * @message is automatically reallocated message retrieved from ISDS. The raw
1397 * member will be filled with PKCS#7 structure in DER format. */
1398 isds_error
isds_get_signed_sent_message(struct isds_ctx
*context
,
1399 const char *message_id
, struct isds_message
**message
);
1401 /* Get type and name of user who sent a message identified by ID.
1402 * @context is session context
1403 * @message_id is message identifier
1404 * @sender_type is pointer to automatically allocated type of sender detected
1405 * from @raw_sender_type string. If @raw_sender_type is unknown to this
1406 * library or to the server, NULL will be returned. Pass NULL if you don't
1408 * @raw_sender_type is automatically reallocated UTF-8 string describing
1409 * sender type or NULL if not known to server. Pass NULL if you don't care.
1410 * @sender_name is automatically reallocated UTF-8 name of user who sent the
1411 * message, or NULL if not known to ISDS. Pass NULL if you don't care. */
1412 isds_error
isds_get_message_sender(struct isds_ctx
*context
,
1413 const char *message_id
, isds_sender_type
**sender_type
,
1414 char **raw_sender_type
, char **sender_name
);
1416 /* Retrieve hash of message identified by ID stored in ISDS.
1417 * @context is session context
1418 * @message_id is message identifier
1419 * @hash is automatically reallocated message hash downloaded from ISDS.
1420 * Message must exist in system and must not be deleted. */
1421 isds_error
isds_download_message_hash(struct isds_ctx
*context
,
1422 const char *message_id
, struct isds_hash
**hash
);
1424 /* Compute hash of message from raw representation and store it into envelope.
1425 * Original hash structure will be destroyed in envelope.
1426 * @context is session context
1427 * @message is message carrying raw XML message blob
1428 * @algorithm is desired hash algorithm to use */
1429 isds_error
isds_compute_message_hash(struct isds_ctx
*context
,
1430 struct isds_message
*message
, const isds_hash_algorithm algorithm
);
1432 /* Compare two hashes.
1434 * @h2 is another hash
1436 * IE_SUCCESS if hashes equal
1437 * IE_NOTUNIQ if hashes are comparable, but they don't equal
1438 * IE_ENUM if not comparable, but both structures defined
1439 * IE_INVAL if some of the structures are undefined (NULL)
1440 * IE_ERROR if internal error occurs */
1441 isds_error
isds_hash_cmp(const struct isds_hash
*h1
,
1442 const struct isds_hash
*h2
);
1444 /* Check message has gone through ISDS by comparing message hash stored in
1445 * ISDS and locally computed hash. You must provide message with valid raw
1446 * member (do not use isds_load_message(..., BUFFER_DONT_STORE)).
1447 * This is convenient wrapper for isds_download_message_hash(),
1448 * isds_compute_message_hash(), and isds_hash_cmp() sequence.
1449 * @context is session context
1450 * @message is message with valid raw and envelope member; envelope->hash
1451 * member will be changed during function run. Use envelope on heap only.
1453 * IE_SUCCESS if message originates in ISDS
1454 * IE_NOTEQUAL if message is unknown to ISDS
1455 * other code for other errors */
1456 isds_error
isds_verify_message_hash(struct isds_ctx
*context
,
1457 struct isds_message
*message
);
1459 /* Submit CMS signed message to ISDS to verify its originality. This is
1460 * stronger form of isds_verify_message_hash() because ISDS does more checks
1461 * than simple one (potentialy old weak) hash comparison.
1462 * @context is session context
1463 * @message is memory with raw CMS signed message bit stream
1464 * @length is @message size in bytes
1466 * IE_SUCCESS if message originates in ISDS
1467 * IE_NOTEQUAL if message is unknown to ISDS
1468 * other code for other errors */
1469 isds_error
isds_authenticate_message(struct isds_ctx
*context
,
1470 const void *message
, size_t length
);
1472 /* Erase message specified by @message_id from long term storage. Other
1473 * message cannot be erased on user request.
1474 * @context is session context
1475 * @message_id is message identifier.
1476 * @incoming is true for incoming message, false for outgoing message.
1478 * IE_SUCCESS if message has ben removed
1479 * IE_INVAL if message does not exist in long term storage or message
1480 * belongs to different box
1481 * TODO: IE_NOEPRM if user has no permission to erase a message */
1482 isds_error
isds_delete_message_from_storage(struct isds_ctx
*context
,
1483 const char *message_id
, _Bool incoming
);
1485 /* Mark message as read. This is a transactional commit function to acknowledge
1486 * to ISDS the message has been downloaded and processed by client properly.
1487 * @context is session context
1488 * @message_id is message identifier. */
1489 isds_error
isds_mark_message_read(struct isds_ctx
*context
,
1490 const char *message_id
);
1492 /* Mark message as received by recipient. This is applicable only to
1493 * commercial message. Use envelope->dmType message member to distinguish
1494 * commercial message from government message. Government message is
1495 * received automatically (by law), commercial message on recipient request.
1496 * @context is session context
1497 * @message_id is message identifier. */
1498 isds_error
isds_mark_message_received(struct isds_ctx
*context
,
1499 const char *message_id
);
1501 /* Send bogus request to ISDS.
1502 * Just for test purposes */
1503 isds_error
isds_bogus_request(struct isds_ctx
*context
);
1505 /* Send document for authorized conversion into Czech POINT system.
1506 * This is public anonymous service, no log-in necessary. Special context is
1507 * used to reuse keep-a-live HTTPS connection.
1508 * @context is Czech POINT session context. DO NOT use context connected to
1509 * ISDS server. Use new context or context used by this function previously.
1510 * @document is document to convert. Only data, data_length, dmFileDescr and
1511 * is_xml members are significant. Be ware that not all document formats can be
1512 * converted (signed PDF 1.3 and higher only (2010-02 state)).
1513 * @id is reallocated identifier assigned by Czech POINT system to
1514 * your document on submit. Use is to tell it to Czech POINT officer.
1515 * @date is reallocated document submit date (submitted documents
1516 * expires after some period). Only tm_year, tm_mon and tm_mday carry sane
1518 isds_error
czp_convert_document(struct isds_ctx
*context
,
1519 const struct isds_document
*document
,
1520 char **id
, struct tm
**date
);
1522 /* Close possibly opened connection to Czech POINT document deposit.
1523 * @context is Czech POINT session context. */
1524 isds_error
czp_close_connection(struct isds_ctx
*context
);
1526 /* Send request for new box creation in testing ISDS instance.
1527 * It's not possible to request for a production box currently, as it
1528 * communicates via e-mail.
1529 * XXX: This function does not work either. Server complains about invalid
1531 * XXX: Remove context->type hacks in isds.c and validator.c when removing
1533 * @context is special session context for box creation request. DO NOT use
1534 * standard context as it could reveal your password. Use fresh new context or
1535 * context previously used by this function.
1536 * @box is box description to create including single primary user (in case of
1537 * FO box type). It outputs box ID assigned by ISDS in dbID element.
1538 * @users is list of struct isds_DbUserInfo (primary users in case of non-FO
1539 * box, or contact address of PFO box owner). The email member is mandatory as
1540 * it will be used to deliver credentials.
1541 * @former_names is optional undocumented string. Pass NULL if you don't care.
1542 * @approval is optional external approval of box manipulation
1543 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1544 * NULL, if you don't care.*/
1545 isds_error
isds_request_new_testing_box(struct isds_ctx
*context
,
1546 struct isds_DbOwnerInfo
*box
, const struct isds_list
*users
,
1547 const char *former_names
, const struct isds_approval
*approval
,
1550 /* Search for document by document ID in list of documents. IDs are compared
1552 * @documents is list of isds_documents
1553 * @id is document identifier
1554 * @return first matching document or NULL. */
1555 const struct isds_document
*isds_find_document_by_id(
1556 const struct isds_list
*documents
, const char *id
);
1558 /* Normalize @mime_type to be proper MIME type.
1559 * ISDS servers pass invalid MIME types (e.g. "pdf"). This function tries to
1560 * guess regular MIME type (e.g. "application/pdf").
1561 * @mime_type is UTF-8 encoded MIME type to fix
1562 * @return original @mime_type if no better interpretation exists, or
1563 * constant static UTF-8 encoded string with proper MIME type. */
1564 const char *isds_normalize_mime_type(const char *mime_type
);
1566 /* Deallocate structure isds_pki_credentials and NULL it.
1567 * Pass-phrase is discarded.
1568 * @pki credentials to to free */
1569 void isds_pki_credentials_free(struct isds_pki_credentials
**pki
);
1571 /* Free isds_list with all member data.
1572 * @list list to free, on return will be NULL */
1573 void isds_list_free(struct isds_list
**list
);
1575 /* Deallocate structure isds_hash and NULL it.
1576 * @hash hash to to free */
1577 void isds_hash_free(struct isds_hash
**hash
);
1579 /* Deallocate structure isds_DbOwnerInfo recursively and NULL it */
1580 void isds_DbOwnerInfo_free(struct isds_DbOwnerInfo
**db_owner_info
);
1582 /* Deallocate structure isds_DbUserInfo recursively and NULL it */
1583 void isds_DbUserInfo_free(struct isds_DbUserInfo
**db_user_info
);
1585 /* Deallocate struct isds_event recursively and NULL it */
1586 void isds_event_free(struct isds_event
**event
);
1588 /* Deallocate struct isds_envelope recursively and NULL it */
1589 void isds_envelope_free(struct isds_envelope
**envelope
);
1591 /* Deallocate struct isds_document recursively and NULL it */
1592 void isds_document_free(struct isds_document
**document
);
1594 /* Deallocate struct isds_message recursively and NULL it */
1595 void isds_message_free(struct isds_message
**message
);
1597 /* Deallocate struct isds_message_copy recursively and NULL it */
1598 void isds_message_copy_free(struct isds_message_copy
**copy
);
1600 /* Deallocate struct isds_message_status_change recursively and NULL it */
1601 void isds_message_status_change_free(
1602 struct isds_message_status_change
**message_status_change
);
1604 /* Deallocate struct isds_approval recursively and NULL it */
1605 void isds_approval_free(struct isds_approval
**approval
);
1607 /* Deallocate struct isds_commercial_permission recursively and NULL it */
1608 void isds_commercial_permission_free(
1609 struct isds_commercial_permission
**permission
);
1611 /* Deallocate struct isds_credentials_delivery recursively and NULL it.
1612 * The email string is deallocated too. */
1613 void isds_credentials_delivery_free(
1614 struct isds_credentials_delivery
**credentials_delivery
);
1616 /* Copy structure isds_PersonName recursively */
1617 struct isds_PersonName
*isds_PersonName_duplicate(
1618 const struct isds_PersonName
*template);
1620 /* Copy structure isds_Address recursively */
1621 struct isds_Address
*isds_Address_duplicate(
1622 const struct isds_Address
*template);
1624 /* Copy structure isds_DbOwnerInfo recursively */
1625 struct isds_DbOwnerInfo
*isds_DbOwnerInfo_duplicate(
1626 const struct isds_DbOwnerInfo
*template);
1628 /* Copy structure isds_DbUserInfo recursively */
1629 struct isds_DbUserInfo
*isds_DbUserInfo_duplicate(
1630 const struct isds_DbUserInfo
*template);
1632 #ifdef __cplusplus /* For C++ linker sake */