nss: import at 3.0.1 beta 1
[mozilla-nss.git] / security / nss / lib / libpkix / include / pkix_pl_pki.h
blob02a4fa165e9a55d62a4c1df183b0a44a53985e15
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
14 * The Original Code is the PKIX-C library.
16 * The Initial Developer of the Original Code is
17 * Sun Microsystems, Inc.
18 * Portions created by the Initial Developer are
19 * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
21 * Contributor(s):
22 * Sun Microsystems, Inc.
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
36 * ***** END LICENSE BLOCK ***** */
38 * This file defines several platform independent functions to
39 * manipulate certificates and CRLs in a portable manner.
43 #ifndef _PKIX_PL_PKI_H
44 #define _PKIX_PL_PKI_H
46 #include "pkixt.h"
47 #include "seccomon.h"
48 #include "certt.h"
50 #ifdef __cplusplus
51 extern "C" {
52 #endif
54 /* General
56 * Please refer to the libpkix Programmer's Guide for detailed information
57 * about how to use the libpkix library. Certain key warnings and notices from
58 * that document are repeated here for emphasis.
60 * All identifiers in this file (and all public identifiers defined in
61 * libpkix) begin with "PKIX_". Private identifiers only intended for use
62 * within the library begin with "pkix_".
64 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
66 * Unless otherwise noted, for all accessor (gettor) functions that return a
67 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
68 * shared object. Therefore, the caller should treat this shared object as
69 * read-only and should not modify this shared object. When done using the
70 * shared object, the caller should release the reference to the object by
71 * using the PKIX_PL_Object_DecRef function.
73 * While a function is executing, if its arguments (or anything referred to by
74 * its arguments) are modified, free'd, or destroyed, the function's behavior
75 * is undefined.
80 * Cert
82 * A Cert represents an X.509 certificate. It can be created using the bytes
83 * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The
84 * following functions include accessors (gettors) for the various components
85 * of an X.509 certificate. Also included are functions to perform various
86 * checks on a certificate, including name constraints, key usage, validity
87 * (expiration), and signature verification.
91 * FUNCTION: PKIX_PL_Cert_Create
92 * DESCRIPTION:
94 * Creates a new certificate using the bytes in the ByteArray pointed to by
95 * "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1
96 * DER encoding of a certificate, a PKIX_Error pointer is returned. Once
97 * created, a Cert is immutable.
99 * Certificate ::= SEQUENCE {
100 * tbsCertificate TBSCertificate,
101 * signatureAlgorithm AlgorithmIdentifier,
102 * signatureValue BIT STRING }
104 * AlgorithmIdentifier ::= SEQUENCE {
105 * algorithm OBJECT IDENTIFIER,
106 * parameters ANY DEFINED BY algorithm OPTIONAL }
108 * TBSCertificate ::= SEQUENCE {
109 * version [0] EXPLICIT Version DEFAULT v1,
110 * serialNumber CertificateSerialNumber,
111 * signature AlgorithmIdentifier,
112 * issuer Name,
113 * validity Validity,
114 * subject Name,
115 * subjectPublicKeyInfo SubjectPublicKeyInfo,
116 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
117 * -- If present, version MUST be v2 or v3
118 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
119 * -- If present, version MUST be v2 or v3
120 * extensions [3] EXPLICIT Extensions OPTIONAL
121 * -- If present, version MUST be v3
124 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
126 * CertificateSerialNumber ::= INTEGER
128 * Validity ::= SEQUENCE {
129 * notBefore Time,
130 * notAfter Time }
132 * Time ::= CHOICE {
133 * utcTime UTCTime,
134 * generalTime GeneralizedTime }
136 * UniqueIdentifier ::= BIT STRING
138 * SubjectPublicKeyInfo ::= SEQUENCE {
139 * algorithm AlgorithmIdentifier,
140 * subjectPublicKey BIT STRING }
142 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
144 * Extension ::= SEQUENCE {
145 * extnID OBJECT IDENTIFIER,
146 * critical BOOLEAN DEFAULT FALSE,
147 * extnValue OCTET STRING }
149 * PARAMETERS:
150 * "byteArray"
151 * Address of ByteArray representing the CERT's DER encoding.
152 * Must be non-NULL.
153 * "pCert"
154 * Address where object pointer will be stored. Must be non-NULL.
155 * "plContext"
156 * Platform-specific context pointer.
157 * THREAD SAFETY:
158 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
159 * RETURNS:
160 * Returns NULL if the function succeeds.
161 * Returns a Cert Error if the function fails in a non-fatal way.
162 * Returns a Fatal Error if the function fails in an unrecoverable way.
164 PKIX_Error *
165 PKIX_PL_Cert_Create(
166 PKIX_PL_ByteArray *byteArray,
167 PKIX_PL_Cert **pCert,
168 void *plContext);
171 * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
172 * DESCRIPTION:
174 * Creates a new certificate using passed in CERTCertificate object.
176 * PARAMETERS:
177 * "nssCert"
178 * The object that will be used to create new PKIX_PL_Cert.
179 * "pCert"
180 * Address where object pointer will be stored. Must be non-NULL.
181 * "plContext"
182 * Platform-specific context pointer.
183 * THREAD SAFETY:
184 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
185 * RETURNS:
186 * Returns NULL if the function succeeds.
187 * Returns a Cert Error if the function fails in a non-fatal way.
188 * Returns a Fatal Error if the function fails in an unrecoverable way.
190 PKIX_Error *
191 PKIX_PL_Cert_CreateFromCERTCertificate(
192 const CERTCertificate *nssCert,
193 PKIX_PL_Cert **pCert,
194 void *plContext);
197 * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
198 * DESCRIPTION:
200 * Returns underlying CERTCertificate structure. Return CERTCertificate
201 * object is duplicated and should be destroyed by caller.
203 * PARAMETERS:
204 * "cert"
205 * Address of PKIX_PL_Cert. Must be non-NULL.
206 * "pCert"
207 * Address where object pointer will be stored. Must be non-NULL.
208 * "plContext"
209 * Platform-specific context pointer.
210 * THREAD SAFETY:
211 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
212 * RETURNS:
213 * Returns NULL if the function succeeds.
214 * Returns a Cert Error if the function fails in a non-fatal way.
215 * Returns a Fatal Error if the function fails in an unrecoverable way.
217 PKIX_Error *
218 PKIX_PL_Cert_GetCERTCertificate(
219 PKIX_PL_Cert *cert,
220 CERTCertificate **pnssCert,
221 void *plContext);
224 * FUNCTION: PKIX_PL_Cert_GetVersion
225 * DESCRIPTION:
227 * Retrieves the version of the Cert pointed to by "cert" and stores it at
228 * "pVersion". The version number will either be 0, 1, or 2 (corresponding to
229 * v1, v2, or v3, respectively).
231 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
233 * PARAMETERS:
234 * "cert"
235 * Address of Cert whose version is to be stored. Must be non-NULL.
236 * "pVersion"
237 * Address where PKIX_UInt32 will be stored. Must be non-NULL.
238 * "plContext"
239 * Platform-specific context pointer.
240 * THREAD SAFETY:
241 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
242 * RETURNS:
243 * Returns NULL if the function succeeds.
244 * Returns a Cert Error if the function fails in a non-fatal way.
245 * Returns a Fatal Error if the function fails in an unrecoverable way.
247 PKIX_Error *
248 PKIX_PL_Cert_GetVersion(
249 PKIX_PL_Cert *cert,
250 PKIX_UInt32 *pVersion,
251 void *plContext);
254 * FUNCTION: PKIX_PL_Cert_GetSerialNumber
255 * DESCRIPTION:
257 * Retrieves a pointer to the BigInt that represents the serial number of the
258 * Cert pointed to by "cert" and stores it at "pSerialNumber".
260 * CertificateSerialNumber ::= INTEGER
262 * PARAMETERS:
263 * "cert"
264 * Address of Cert whose serial number is to be stored. Must be non-NULL.
265 * "pSerial"
266 * Address where object pointer will be stored. Must be non-NULL.
267 * "plContext"
268 * Platform-specific context pointer.
269 * THREAD SAFETY:
270 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
271 * RETURNS:
272 * Returns NULL if the function succeeds.
273 * Returns a Cert Error if the function fails in a non-fatal way.
274 * Returns a Fatal Error if the function fails in an unrecoverable way.
276 PKIX_Error *
277 PKIX_PL_Cert_GetSerialNumber(
278 PKIX_PL_Cert *cert,
279 PKIX_PL_BigInt **pSerial,
280 void *plContext);
283 * FUNCTION: PKIX_PL_Cert_GetIssuer
284 * DESCRIPTION:
286 * Retrieves a pointer to the X500Name that represents the issuer DN of the
287 * Cert pointed to by "cert" and stores it at "pIssuer".
289 * PARAMETERS:
290 * "cert"
291 * Address of Cert whose issuer is to be stored. Must be non-NULL.
292 * "pIssuer"
293 * Address where object pointer will be stored. Must be non-NULL.
294 * "plContext"
295 * Platform-specific context pointer.
296 * THREAD SAFETY:
297 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
298 * RETURNS:
299 * Returns NULL if the function succeeds.
300 * Returns a Cert Error if the function fails in a non-fatal way.
301 * Returns a Fatal Error if the function fails in an unrecoverable way.
303 PKIX_Error *
304 PKIX_PL_Cert_GetIssuer(
305 PKIX_PL_Cert *cert,
306 PKIX_PL_X500Name **pIssuer,
307 void *plContext);
310 * FUNCTION: PKIX_PL_Cert_GetSubject
311 * DESCRIPTION:
313 * Retrieves a pointer to the X500Name that represents the subject DN of the
314 * Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not
315 * have a subject DN, this function stores NULL at "pSubject".
317 * PARAMETERS:
318 * "cert"
319 * Address of Cert whose subject is to be stored. Must be non-NULL.
320 * "pSubject"
321 * Address where object pointer will be stored. Must be non-NULL.
322 * "plContext"
323 * Platform-specific context pointer.
324 * THREAD SAFETY:
325 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
326 * RETURNS:
327 * Returns NULL if the function succeeds.
328 * Returns a Cert Error if the function fails in a non-fatal way.
329 * Returns a Fatal Error if the function fails in an unrecoverable way.
331 PKIX_Error *
332 PKIX_PL_Cert_GetSubject(
333 PKIX_PL_Cert *cert,
334 PKIX_PL_X500Name **pSubject,
335 void *plContext);
338 * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
339 * DESCRIPTION:
341 * Retrieves a pointer to the OID that represents the subject public key
342 * algorithm of the Cert pointed to by "cert" and stores it at
343 * "pSubjKeyAlgId".
345 * SubjectPublicKeyInfo ::= SEQUENCE {
346 * algorithm AlgorithmIdentifier,
347 * subjectPublicKey BIT STRING }
349 * AlgorithmIdentifier ::= SEQUENCE {
350 * algorithm OBJECT IDENTIFIER,
351 * parameters ANY DEFINED BY algorithm OPTIONAL }
353 * PARAMETERS:
354 * "cert"
355 * Address of Cert whose subject public key algorithm OID is to be stored.
356 * Must be non-NULL.
357 * "pSubjKeyAlgId"
358 * Address where object pointer will be stored. Must be non-NULL.
359 * "plContext"
360 * Platform-specific context pointer.
361 * THREAD SAFETY:
362 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
363 * RETURNS:
364 * Returns NULL if the function succeeds.
365 * Returns a Cert Error if the function fails in a non-fatal way.
366 * Returns a Fatal Error if the function fails in an unrecoverable way.
368 PKIX_Error *
369 PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
370 PKIX_PL_Cert *cert,
371 PKIX_PL_OID **pSubjKeyAlgId,
372 void *plContext);
375 * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey
376 * DESCRIPTION:
378 * Retrieves a pointer to the PublicKey that represents the subject public key
379 * of the Cert pointed to by "cert" and stores it at "pPublicKey".
381 * SubjectPublicKeyInfo ::= SEQUENCE {
382 * algorithm AlgorithmIdentifier,
383 * subjectPublicKey BIT STRING }
385 * PARAMETERS:
386 * "cert"
387 * Address of Cert whose subject public key is to be stored.
388 * Must be non-NULL.
389 * "pPublicKey"
390 * Address where object pointer will be stored. Must be non-NULL.
391 * "plContext"
392 * Platform-specific context pointer.
393 * THREAD SAFETY:
394 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
395 * RETURNS:
396 * Returns NULL if the function succeeds.
397 * Returns a Cert Error if the function fails in a non-fatal way.
398 * Returns a Fatal Error if the function fails in an unrecoverable way.
400 PKIX_Error *
401 PKIX_PL_Cert_GetSubjectPublicKey(
402 PKIX_PL_Cert *cert,
403 PKIX_PL_PublicKey **pPublicKey,
404 void *plContext);
407 * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
408 * DESCRIPTION:
410 * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null
411 * parameters and stores the result at "pNeedsParams".
413 * PARAMETERS:
414 * "pubKey"
415 * Address of the Public Key of interest. Must be non-NULL.
416 * "pNeedsParams"
417 * Address where object pointer will be stored. Must be non-NULL.
418 * "plContext"
419 * Platform-specific context pointer.
420 * THREAD SAFETY:
421 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
422 * RETURNS:
423 * Returns NULL if the function succeeds.
424 * Returns a PublicKey Error if the function fails in a non-fatal way.
425 * Returns a Fatal Error if the function fails in an unrecoverable way.
427 PKIX_Error *
428 PKIX_PL_PublicKey_NeedsDSAParameters(
429 PKIX_PL_PublicKey *pubKey,
430 PKIX_Boolean *pNeedsParams,
431 void *plContext);
434 * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
435 * DESCRIPTION:
437 * This function is used for DSA key parameter inheritance, which allows a
438 * first DSA key with omitted parameters (pointed to by "firstKey") to inherit
439 * the PQG parameters of a second DSA key that does have parameters. (pointed
440 * to by "secondKey"). Once created, a PublicKey is immutable.
442 * Specifically, the algorithm used by the function is:
444 * If the first PublicKey is not a DSA public key with omitted parameters,
445 * the function stores NULL at "pResultKey". (No Error is returned)
446 * Else if the second PublicKey is not a DSA public key with non-NULL,
447 * parameters, the function returns an Error.
448 * Else
449 * the function creates a third PublicKey with a "Y" value from the
450 * first PublicKey and the DSA parameters from the second PublicKey,
451 * and stores it at "pResultKey".
453 * PARAMETERS:
454 * "firstKey"
455 * Address of a Public Key that needs to inherit DSA parameters.
456 * Must be non-NULL.
457 * "secondKey"
458 * Address of a Public Key that has DSA parameters that will be inherited
459 * by "firstKey". Must be non-NULL.
460 * "pResultKey"
461 * Address where object pointer will be stored. Must be non-NULL.
462 * "plContext"
463 * Platform-specific context pointer.
464 * THREAD SAFETY:
465 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
466 * RETURNS:
467 * Returns NULL if the function succeeds.
468 * Returns a PublicKey Error if the function fails in a non-fatal way.
469 * Returns a Fatal Error if the function fails in an unrecoverable way.
471 PKIX_Error *
472 PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
473 PKIX_PL_PublicKey *firstKey,
474 PKIX_PL_PublicKey *secondKey,
475 PKIX_PL_PublicKey **pResultKey,
476 void *plContext);
479 * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
480 * DESCRIPTION:
482 * Retrieves a pointer to the List of OIDs (each OID corresponding to a
483 * critical extension of the Cert pointed to by "cert") and stores it at
484 * "pExtensions". If "cert" does not have any critical extensions, this
485 * function stores an empty List at "pExtensions".
487 * Note that the List returned by this function is immutable.
489 * PARAMETERS:
490 * "cert"
491 * Address of Cert whose critical extension OIDs are to be stored.
492 * Must be non-NULL.
493 * "pExtensions"
494 * Address where object pointer will be stored. Must be non-NULL.
495 * "plContext"
496 * Platform-specific context pointer.
497 * THREAD SAFETY:
498 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
499 * RETURNS:
500 * Returns NULL if the function succeeds.
501 * Returns a Cert Error if the function fails in a non-fatal way.
502 * Returns a Fatal Error if the function fails in an unrecoverable way.
504 PKIX_Error *
505 PKIX_PL_Cert_GetCriticalExtensionOIDs(
506 PKIX_PL_Cert *cert,
507 PKIX_List **pExtensions, /* list of PKIX_PL_OID */
508 void *plContext);
511 * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
512 * DESCRIPTION:
514 * Retrieves a pointer to a ByteArray representing the authority key
515 * identifier extension of the Cert pointed to by "cert" and stores it at
516 * "pAuthKeyId".
518 * Note that this function only retrieves the keyIdentifier component
519 * (OCTET STRING) of the AuthorityKeyIdentifier extension, when present.
521 * If "cert" does not have an AuthorityKeyIdentifier extension or if the
522 * keyIdentifier component of the AuthorityKeyIdentifier extension is not
523 * present, this function stores NULL at "pAuthKeyId".
525 * AuthorityKeyIdentifier ::= SEQUENCE {
526 * keyIdentifier [0] KeyIdentifier OPTIONAL,
527 * authorityCertIssuer [1] GeneralNames OPTIONAL,
528 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
530 * PARAMETERS:
531 * "cert"
532 * Address of Cert whose authority key identifier is to be stored.
533 * Must be non-NULL.
534 * "pAuthKeyId"
535 * Address where object pointer will be stored. Must be non-NULL.
536 * "plContext"
537 * Platform-specific context pointer.
538 * THREAD SAFETY:
539 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
540 * RETURNS:
541 * Returns NULL if the function succeeds.
542 * Returns a Cert Error if the function fails in a non-fatal way.
543 * Returns a Fatal Error if the function fails in an unrecoverable way.
545 PKIX_Error *
546 PKIX_PL_Cert_GetAuthorityKeyIdentifier(
547 PKIX_PL_Cert *cert,
548 PKIX_PL_ByteArray **pAuthKeyId,
549 void *plContext);
552 * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
553 * DESCRIPTION:
555 * Retrieves a pointer to a ByteArray representing the subject key identifier
556 * extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId".
557 * If "cert" does not have a SubjectKeyIdentifier extension, this function
558 * stores NULL at "pSubjKeyId".
560 * SubjectKeyIdentifier ::= KeyIdentifier
562 * PARAMETERS:
563 * "cert"
564 * Address of Cert whose subject key identifier is to be stored.
565 * Must be non-NULL.
566 * "pSubjKeyId"
567 * Address where object pointer will be stored. Must be non-NULL.
568 * "plContext"
569 * Platform-specific context pointer.
570 * THREAD SAFETY:
571 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
572 * RETURNS:
573 * Returns NULL if the function succeeds.
574 * Returns a Cert Error if the function fails in a non-fatal way.
575 * Returns a Fatal Error if the function fails in an unrecoverable way.
577 PKIX_Error *
578 PKIX_PL_Cert_GetSubjectKeyIdentifier(
579 PKIX_PL_Cert *cert,
580 PKIX_PL_ByteArray **pSubjKeyId,
581 void *plContext);
584 * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames
585 * DESCRIPTION:
587 * Retrieves a pointer to the List of GeneralNames (each GeneralName
588 * representing a subject alternative name found in the subject alternative
589 * names extension of the Cert pointed to by "cert") and stores it at
590 * "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames
591 * extension, this function stores NULL at "pSubjectAltNames".
593 * Note that the List returned by this function is immutable.
595 * SubjectAltName ::= GeneralNames
597 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
599 * GeneralName ::= CHOICE {
600 * otherName [0] OtherName,
601 * rfc822Name [1] IA5String,
602 * dNSName [2] IA5String,
603 * x400Address [3] ORAddress,
604 * directoryName [4] Name,
605 * ediPartyName [5] EDIPartyName,
606 * uniformResourceIdentifier [6] IA5String,
607 * iPAddress [7] OCTET STRING,
608 * registeredID [8] OBJECT IDENTIFIER }
610 * OtherName ::= SEQUENCE {
611 * type-id OBJECT IDENTIFIER,
612 * value [0] EXPLICIT ANY DEFINED BY type-id }
614 * EDIPartyName ::= SEQUENCE {
615 * nameAssigner [0] DirectoryString OPTIONAL,
616 * partyName [1] DirectoryString }
618 * PARAMETERS:
619 * "cert"
620 * Address of Cert whose subjectAltNames are to be stored.
621 * Must be non-NULL.
622 * "pSubjectAltNames"
623 * Address where object pointer will be stored. Must be non-NULL.
624 * "plContext"
625 * Platform-specific context pointer.
626 * THREAD SAFETY:
627 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
628 * RETURNS:
629 * Returns NULL if the function succeeds.
630 * Returns a Cert Error if the function fails in a non-fatal way.
631 * Returns a Fatal Error if the function fails in an unrecoverable way.
633 PKIX_Error *
634 PKIX_PL_Cert_GetSubjectAltNames(
635 PKIX_PL_Cert *cert,
636 PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */
637 void *plContext);
640 * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames
641 * DESCRIPTION:
643 * Retrieves a pointer to the List of GeneralNames (each GeneralName
644 * representing a subject DN or a subject alternative name found in the
645 * subject alternative names extension of the Cert pointed to by "cert") and
646 * stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and
647 * it does not have a SubjectAlternativeNames extension, this function stores
648 * NULL at "pAllSubjectNames".
650 * Note that the List returned by this function is immutable.
652 * PARAMETERS:
653 * "cert"
654 * Address of Cert whose subject DN and subjectAltNames are to be stored.
655 * Must be non-NULL.
656 * "pAllSubjectNames"
657 * Address where object pointer will be stored. Must be non-NULL.
658 * "plContext"
659 * Platform-specific context pointer.
660 * THREAD SAFETY:
661 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
662 * RETURNS:
663 * Returns NULL if the function succeeds.
664 * Returns a Cert Error if the function fails in a non-fatal way.
665 * Returns a Fatal Error if the function fails in an unrecoverable way.
667 PKIX_Error *
668 PKIX_PL_Cert_GetAllSubjectNames(
669 PKIX_PL_Cert *cert,
670 PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */
671 void *plContext);
674 * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage
675 * DESCRIPTION:
677 * Retrieves a pointer to a List of OIDs (each OID corresponding to an
678 * extended key usage of the Cert pointed to by "cert") and stores it at
679 * "pKeyUsage". If "cert" does not have an extended key usage extension, this
680 * function stores a NULL at "pKeyUsage".
682 * Note that the List returned by this function is immutable.
684 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
686 * KeyPurposeId ::= OBJECT IDENTIFIER
688 * PARAMETERS:
689 * "cert"
690 * Address of Cert whose extended key usage OIDs are to be stored.
691 * Must be non-NULL.
692 * "pKeyUsage"
693 * Address where object pointer will be stored. Must be non-NULL.
694 * "plContext"
695 * Platform-specific context pointer.
696 * THREAD SAFETY:
697 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
698 * RETURNS:
699 * Returns NULL if the function succeeds.
700 * Returns a Cert Error if the function fails in a non-fatal way.
701 * Returns a Fatal Error if the function fails in an unrecoverable way.
703 PKIX_Error *
704 PKIX_PL_Cert_GetExtendedKeyUsage(
705 PKIX_PL_Cert *cert,
706 PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */
707 void *plContext);
710 * FUNCTION: PKIX_PL_Cert_GetNameConstraints
711 * DESCRIPTION:
713 * Retrieves a pointer to a CertNameConstraints object representing the name
714 * constraints extension of the Cert pointed to by "cert" and stores it at
715 * "pNameConstraints".
717 * If "cert" does not have a name constraints extension, this function stores
718 * NULL at "pNameConstraints".
720 * NameConstraints ::= SEQUENCE {
721 * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
722 * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
724 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
726 * GeneralSubtree ::= SEQUENCE {
727 * base GeneralName,
728 * minimum [0] BaseDistance DEFAULT 0,
729 * maximum [1] BaseDistance OPTIONAL }
731 * BaseDistance ::= INTEGER (0..MAX)
733 * PARAMETERS:
734 * "cert"
735 * Address of Cert whose name constraints extension is to be stored.
736 * Must be non-NULL.
737 * "pNameConstraints"
738 * Address where object pointer will be stored. Must be non-NULL.
739 * "plContext"
740 * Platform-specific context pointer.
741 * THREAD SAFETY:
742 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
743 * RETURNS:
744 * Returns NULL if the function succeeds.
745 * Returns a Cert Error if the function fails in a non-fatal way.
746 * Returns a Fatal Error if the function fails in an unrecoverable way.
748 PKIX_Error *
749 PKIX_PL_Cert_GetNameConstraints(
750 PKIX_PL_Cert *cert,
751 PKIX_PL_CertNameConstraints **pNameConstraints,
752 void *plContext);
755 * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
756 * DESCRIPTION:
758 * Retrieves a pointer to a CertBasicConstraints object representing the basic
759 * constraints extension of the Cert pointed to by "cert" and stores it at
760 * "pBasicConstraints".
762 * If "cert" does not have a basic constraints extension, this function stores
763 * NULL at "pBasicConstraints". Once created, a CertBasicConstraints object
764 * is immutable.
766 * BasicConstraints ::= SEQUENCE {
767 * cA BOOLEAN DEFAULT FALSE,
768 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
770 * PARAMETERS:
771 * "cert"
772 * Address of Cert whose basic constraints extension is to be stored.
773 * Must be non-NULL.
774 * "pBasicConstraints"
775 * Address where object pointer will be stored. Must be non-NULL.
776 * "plContext"
777 * Platform-specific context pointer.
778 * THREAD SAFETY:
779 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
780 * RETURNS:
781 * Returns NULL if the function succeeds.
782 * Returns a Cert Error if the function fails in a non-fatal way.
783 * Returns a Fatal Error if the function fails in an unrecoverable way.
785 PKIX_Error *
786 PKIX_PL_Cert_GetBasicConstraints(
787 PKIX_PL_Cert *cert,
788 PKIX_PL_CertBasicConstraints **pBasicConstraints,
789 void *plContext);
792 * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
793 * DESCRIPTION:
795 * Retrieves a pointer to a Boolean value representing the cA Flag component
796 * of the CertBasicConstraints object pointed to by "basicConstraints" and
797 * stores it at "pResult".
799 * BasicConstraints ::= SEQUENCE {
800 * cA BOOLEAN DEFAULT FALSE,
801 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
803 * PARAMETERS:
804 * "basicConstraints"
805 * Address of CertBasicConstraints whose cA Flag is to be stored.
806 * Must be non-NULL.
807 * "pResult"
808 * Address where object pointer will be stored. Must be non-NULL.
809 * "plContext"
810 * Platform-specific context pointer.
811 * THREAD SAFETY:
812 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
813 * RETURNS:
814 * Returns NULL if the function succeeds.
815 * Returns a Cert Error if the function fails in a non-fatal way.
816 * Returns a Fatal Error if the function fails in an unrecoverable way.
818 PKIX_Error *
819 PKIX_PL_BasicConstraints_GetCAFlag(
820 PKIX_PL_CertBasicConstraints *basicConstraints,
821 PKIX_Boolean *pResult,
822 void *plContext);
825 * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
826 * DESCRIPTION:
828 * Retrieves a pointer to an integer value representing the pathLenConstraint
829 * component of the CertBasicConstraints object pointed to by
830 * "basicConstraints" and stores it at "pPathLenConstraint". If the
831 * pathLenConstraint component is not present, this function stores -1 at
832 * "pPathLenConstraint".
834 * PARAMETERS:
835 * "basicConstraints"
836 * Address of CertBasicConstraints whose pathLen is to be stored.
837 * Must be non-NULL.
838 * "pPathLenConstraint"
839 * Address where PKIX_Int32 will be stored. Must be non-NULL.
840 * "plContext"
841 * Platform-specific context pointer.
842 * THREAD SAFETY:
843 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
844 * RETURNS:
845 * Returns NULL if the function succeeds.
846 * Returns a Cert Error if the function fails in a non-fatal way.
847 * Returns a Fatal Error if the function fails in an unrecoverable way.
849 PKIX_Error *
850 PKIX_PL_BasicConstraints_GetPathLenConstraint(
851 PKIX_PL_CertBasicConstraints *basicConstraints,
852 PKIX_Int32 *pPathLenConstraint,
853 void *plContext);
856 * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
857 * DESCRIPTION:
859 * Retrieves a pointer to a List of CertPolicyInfos found in the certificate
860 * policies extension of the Cert pointed to by "cert" and stores it at
861 * "pPolicyInfo". If "cert" does not have a certificate policies extension,
862 * this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo
863 * object is immutable.
865 * Note that the List returned by this function is immutable.
867 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
869 * PolicyInformation ::= SEQUENCE {
870 * policyIdentifier CertPolicyId,
871 * policyQualifiers SEQUENCE SIZE (1..MAX) OF
872 * PolicyQualifierInfo OPTIONAL }
874 * PARAMETERS:
875 * "cert"
876 * Address of Cert whose CertPolicyInfos are to be stored.
877 * Must be non-NULL.
878 * "pPolicyInfo"
879 * Address where object pointer will be stored. Must be non-NULL.
880 * "plContext"
881 * Platform-specific context pointer.
882 * THREAD SAFETY:
883 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
884 * RETURNS:
885 * Returns NULL if the function succeeds.
886 * Returns a Cert Error if the function fails in a non-fatal way.
887 * Returns a Fatal Error if the function fails in an unrecoverable way.
889 PKIX_Error *
890 PKIX_PL_Cert_GetPolicyInformation(
891 PKIX_PL_Cert *cert,
892 PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */
893 void *plContext);
896 * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
897 * DESCRIPTION:
899 * Retrieves a pointer to an OID representing the policyIdentifier of the
900 * CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId".
902 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
904 * PolicyInformation ::= SEQUENCE {
905 * policyIdentifier CertPolicyId,
906 * policyQualifiers SEQUENCE SIZE (1..MAX) OF
907 * PolicyQualifierInfo OPTIONAL }
909 * CertPolicyId ::= OBJECT IDENTIFIER
911 * PARAMETERS:
912 * "policyInfo"
913 * Address of CertPolicyInfo whose policy identifier is to be stored.
914 * Must be non-NULL.
915 * "pCertPolicyId"
916 * Address where object pointer will be stored. Must be non-NULL.
917 * "plContext"
918 * Platform-specific context pointer.
919 * THREAD SAFETY:
920 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
921 * RETURNS:
922 * Returns NULL if the function succeeds.
923 * Returns a Cert Error if the function fails in a non-fatal way.
924 * Returns a Fatal Error if the function fails in an unrecoverable way.
926 PKIX_Error *
927 PKIX_PL_CertPolicyInfo_GetPolicyId(
928 PKIX_PL_CertPolicyInfo *policyInfo,
929 PKIX_PL_OID **pCertPolicyId,
930 void *plContext);
933 * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
934 * DESCRIPTION:
936 * Retrieves a pointer to a List of the CertPolicyQualifiers representing
937 * the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and
938 * stores it at "pPolicyQualifiers". If "policyInfo" does not have any
939 * policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once
940 * created, a CertPolicyQualifier is immutable.
942 * Note that the List returned by this function is immutable.
944 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
946 * PolicyInformation ::= SEQUENCE {
947 * policyIdentifier CertPolicyId,
948 * policyQualifiers SEQUENCE SIZE (1..MAX) OF
949 * PolicyQualifierInfo OPTIONAL }
951 * PolicyQualifierInfo ::= SEQUENCE {
952 * policyQualifierId PolicyQualifierId,
953 * qualifier ANY DEFINED BY policyQualifierId }
955 * PARAMETERS:
956 * "policyInfo"
957 * Address of CertPolicyInfo whose policy qualifiers List is to be stored.
958 * Must be non-NULL.
959 * "pPolicyQualifiers"
960 * Address where object pointer will be stored. Must be non-NULL.
961 * "plContext"
962 * Platform-specific context pointer.
963 * THREAD SAFETY:
964 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
965 * RETURNS:
966 * Returns NULL if the function succeeds.
967 * Returns a Cert Error if the function fails in a non-fatal way.
968 * Returns a Fatal Error if the function fails in an unrecoverable way.
970 PKIX_Error *
971 PKIX_PL_CertPolicyInfo_GetPolQualifiers(
972 PKIX_PL_CertPolicyInfo *policyInfo,
973 PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
974 void *plContext);
977 * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
978 * DESCRIPTION:
980 * Retrieves a pointer to an OID representing the policyQualifierId of the
981 * CertPolicyQualifier pointed to by "policyQualifier" and stores it at
982 * "pPolicyQualifierId".
984 * PolicyQualifierInfo ::= SEQUENCE {
985 * policyQualifierId PolicyQualifierId,
986 * qualifier ANY DEFINED BY policyQualifierId }
988 * PolicyQualifierId ::=
989 * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
991 * PARAMETERS:
992 * "policyQualifier"
993 * Address of CertPolQualifier whose policyQualifierId is to be stored.
994 * Must be non-NULL.
995 * "pPolicyQualifierId"
996 * Address where object pointer will be stored. Must be non-NULL.
997 * "plContext"
998 * Platform-specific context pointer.
999 * THREAD SAFETY:
1000 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1001 * RETURNS:
1002 * Returns NULL if the function succeeds.
1003 * Returns a Cert Error if the function fails in a non-fatal way.
1004 * Returns a Fatal Error if the function fails in an unrecoverable way.
1006 PKIX_Error *
1007 PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
1008 PKIX_PL_CertPolicyQualifier *policyQualifier,
1009 PKIX_PL_OID **pPolicyQualifierId,
1010 void *plContext);
1013 * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
1014 * DESCRIPTION:
1016 * Retrieves a pointer to a ByteArray representing the qualifier of the
1017 * CertPolicyQualifier pointed to by "policyQualifier" and stores it at
1018 * "pQualifier".
1020 * PolicyQualifierInfo ::= SEQUENCE {
1021 * policyQualifierId PolicyQualifierId,
1022 * qualifier ANY DEFINED BY policyQualifierId }
1024 * PARAMETERS:
1025 * "policyQualifier"
1026 * Address of CertPolicyQualifier whose qualifier is to be stored.
1027 * Must be non-NULL.
1028 * "pQualifier"
1029 * Address where object pointer will be stored. Must be non-NULL.
1030 * "plContext"
1031 * Platform-specific context pointer.
1032 * THREAD SAFETY:
1033 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1034 * RETURNS:
1035 * Returns NULL if the function succeeds.
1036 * Returns a Cert Error if the function fails in a non-fatal way.
1037 * Returns a Fatal Error if the function fails in an unrecoverable way.
1039 PKIX_Error *
1040 PKIX_PL_PolicyQualifier_GetQualifier(
1041 PKIX_PL_CertPolicyQualifier *policyQualifier,
1042 PKIX_PL_ByteArray **pQualifier,
1043 void *plContext);
1046 * FUNCTION: PKIX_PL_Cert_GetPolicyMappings
1047 * DESCRIPTION:
1049 * Retrieves a pointer to a List of CertPolicyMaps found in the policy
1050 * mappings extension of the Cert pointed to by "cert" and stores it at
1051 * "pPolicyMappings". If "cert" does not have a policy mappings extension,
1052 * this function stores NULL at "pPolicyMappings". Once created, a
1053 * CertPolicyMap is immutable.
1055 * Note that the List returned by this function is immutable.
1057 * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
1058 * issuerDomainPolicy CertPolicyId,
1059 * subjectDomainPolicy CertPolicyId }
1061 * PARAMETERS:
1062 * "cert"
1063 * Address of Cert whose CertPolicyMaps are to be stored.
1064 * Must be non-NULL.
1065 * "pPolicyMappings"
1066 * Address where object pointer will be stored. Must be non-NULL.
1067 * "plContext"
1068 * Platform-specific context pointer.
1069 * THREAD SAFETY:
1070 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1071 * RETURNS:
1072 * Returns NULL if the function succeeds.
1073 * Returns a Cert Error if the function fails in a non-fatal way.
1074 * Returns a Fatal Error if the function fails in an unrecoverable way.
1076 PKIX_Error *
1077 PKIX_PL_Cert_GetPolicyMappings(
1078 PKIX_PL_Cert *cert,
1079 PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
1080 void *plContext);
1083 * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
1084 * DESCRIPTION:
1086 * Retrieves a pointer to an OID representing the issuerDomainPolicy of the
1087 * CertPolicyMap pointed to by "policyMapping" and stores it at
1088 * "pIssuerDomainPolicy".
1090 * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
1091 * issuerDomainPolicy CertPolicyId,
1092 * subjectDomainPolicy CertPolicyId }
1094 * PARAMETERS:
1095 * "policyMapping"
1096 * Address of CertPolicyMap whose issuerDomainPolicy is to be stored.
1097 * Must be non-NULL.
1098 * "pIssuerDomainPolicy"
1099 * Address where object pointer will be stored. Must be non-NULL.
1100 * "plContext"
1101 * Platform-specific context pointer.
1102 * THREAD SAFETY:
1103 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1104 * RETURNS:
1105 * Returns NULL if the function succeeds.
1106 * Returns a Cert Error if the function fails in a non-fatal way.
1107 * Returns a Fatal Error if the function fails in an unrecoverable way.
1109 PKIX_Error *
1110 PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
1111 PKIX_PL_CertPolicyMap *policyMapping,
1112 PKIX_PL_OID **pIssuerDomainPolicy,
1113 void *plContext);
1116 * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
1117 * DESCRIPTION:
1119 * Retrieves a pointer to an OID representing the subjectDomainPolicy of the
1120 * CertPolicyMap pointed to by "policyMapping" and stores it at
1121 * "pSubjectDomainPolicy".
1123 * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
1124 * issuerDomainPolicy CertPolicyId,
1125 * subjectDomainPolicy CertPolicyId }
1127 * PARAMETERS:
1128 * "policyMapping"
1129 * Address of CertPolicyMap whose subjectDomainPolicy is to be stored.
1130 * Must be non-NULL.
1131 * "pSubjectDomainPolicy"
1132 * Address where object pointer will be stored. Must be non-NULL.
1133 * "plContext"
1134 * Platform-specific context pointer.
1135 * THREAD SAFETY:
1136 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1137 * RETURNS:
1138 * Returns NULL if the function succeeds.
1139 * Returns a Cert Error if the function fails in a non-fatal way.
1140 * Returns a Fatal Error if the function fails in an unrecoverable way.
1142 PKIX_Error *
1143 PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
1144 PKIX_PL_CertPolicyMap *policyMapping,
1145 PKIX_PL_OID **pSubjectDomainPolicy,
1146 void *plContext);
1149 * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
1150 * DESCRIPTION:
1152 * Retrieves the requireExplicitPolicy value of the policy constraints
1153 * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
1154 * If "cert" does not have a policy constraints extension or the
1155 * requireExplicitPolicy component is not populated, this function stores -1
1156 * at "pSkipCerts".
1158 * PolicyConstraints ::= SEQUENCE {
1159 * requireExplicitPolicy [0] SkipCerts OPTIONAL,
1160 * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
1162 * SkipCerts ::= INTEGER (0..MAX)
1164 * PARAMETERS:
1165 * "cert"
1166 * Address of Cert whose requireExplicitPolicy value is to be stored.
1167 * Must be non-NULL.
1168 * "pSkipCerts"
1169 * Address where PKIX_Int32 will be stored. Must be non-NULL.
1170 * "plContext"
1171 * Platform-specific context pointer.
1172 * THREAD SAFETY:
1173 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1174 * RETURNS:
1175 * Returns NULL if the function succeeds.
1176 * Returns a Cert Error if the function fails in a non-fatal way.
1177 * Returns a Fatal Error if the function fails in an unrecoverable way.
1179 PKIX_Error *
1180 PKIX_PL_Cert_GetRequireExplicitPolicy(
1181 PKIX_PL_Cert *cert,
1182 PKIX_Int32 *pSkipCerts,
1183 void *plContext);
1186 * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
1187 * DESCRIPTION:
1189 * Retrieves the inhibitPolicyMapping value of the policy constraints
1190 * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
1191 * If "cert" does not have a policy constraints extension or the
1192 * inhibitPolicyMapping component is not populated, this function stores -1
1193 * at "pSkipCerts".
1195 * PolicyConstraints ::= SEQUENCE {
1196 * requireExplicitPolicy [0] SkipCerts OPTIONAL,
1197 * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
1199 * SkipCerts ::= INTEGER (0..MAX)
1201 * PARAMETERS:
1202 * "cert"
1203 * Address of Cert whose requireExplicitPolicy value is to be stored.
1204 * Must be non-NULL.
1205 * "pSkipCerts"
1206 * Address where PKIX_Int32 will be stored. Must be non-NULL.
1207 * "plContext"
1208 * Platform-specific context pointer.
1209 * THREAD SAFETY:
1210 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1211 * RETURNS:
1212 * Returns NULL if the function succeeds.
1213 * Returns a Cert Error if the function fails in a non-fatal way.
1214 * Returns a Fatal Error if the function fails in an unrecoverable way.
1216 PKIX_Error *
1217 PKIX_PL_Cert_GetPolicyMappingInhibited(
1218 PKIX_PL_Cert *cert,
1219 PKIX_Int32 *pSkipCerts,
1220 void *plContext);
1223 * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy
1224 * DESCRIPTION:
1226 * Retrieves the value of the inhibit any-policy extension of the Cert
1227 * pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have
1228 * an inhibit any-policy extension, this function stores -1 at "pSkipCerts".
1230 * InhibitAnyPolicy ::= SkipCerts
1232 * SkipCerts ::= INTEGER (0..MAX)
1234 * PARAMETERS:
1235 * "cert"
1236 * Address of Cert whose inhibit any-policy extensions value is to be
1237 * stored. Must be non-NULL.
1238 * "pSkipCerts"
1239 * Address where PKIX_Int32 will be stored. Must be non-NULL.
1240 * "plContext"
1241 * Platform-specific context pointer.
1242 * THREAD SAFETY:
1243 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1244 * RETURNS:
1245 * Returns NULL if the function succeeds.
1246 * Returns a Cert Error if the function fails in a non-fatal way.
1247 * Returns a Fatal Error if the function fails in an unrecoverable way.
1249 PKIX_Error *
1250 PKIX_PL_Cert_GetInhibitAnyPolicy(
1251 PKIX_PL_Cert *cert,
1252 PKIX_Int32 *pSkipCerts,
1253 void *plContext);
1255 /* policy processing functions */
1258 * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
1259 * DESCRIPTION:
1261 * Checks whether the certificate policies extension of the Cert pointed to
1262 * by "cert" is critical and stores the Boolean result at "pCritical". If
1263 * "cert" does not have a certificate policies extension, this function
1264 * stores NULL at "pCritical".
1266 * XXX what distinguishes NULL from PKIX_FALSE?
1268 * PARAMETERS:
1269 * "cert"
1270 * Address of Cert whose certificate policies extension's criticality is
1271 * to be determined. Must be non-NULL.
1272 * "pCritical"
1273 * Address where PKIX_Boolean will be stored. Must be non-NULL.
1274 * "plContext"
1275 * Platform-specific context pointer.
1276 * THREAD SAFETY:
1277 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1278 * RETURNS:
1279 * Returns NULL if the function succeeds.
1280 * Returns a Cert Error if the function fails in a non-fatal way.
1281 * Returns a Fatal Error if the function fails in an unrecoverable way.
1283 PKIX_Error *
1284 PKIX_PL_Cert_AreCertPoliciesCritical(
1285 PKIX_PL_Cert *cert,
1286 PKIX_Boolean *pCritical,
1287 void *plContext);
1290 * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
1291 * DESCRIPTION:
1293 * Checks whether the subject distinguished name and subject alternative names
1294 * of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed
1295 * to by "nameConstraints". If the CertNameConstraints are not satisfied, a
1296 * PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function
1297 * does nothing.
1299 * PARAMETERS:
1300 * "cert"
1301 * Address of Cert whose subject names are to be checked.
1302 * Must be non-NULL.
1303 * "nameConstraints"
1304 * Address of CertNameConstraints that need to be satisfied.
1305 * "plContext"
1306 * Platform-specific context pointer.
1307 * THREAD SAFETY:
1308 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1309 * RETURNS:
1310 * Returns NULL if the function succeeds.
1311 * Returns a Cert Error if the function fails in a non-fatal way.
1312 * Returns a Fatal Error if the function fails in an unrecoverable way.
1314 PKIX_Error *
1315 PKIX_PL_Cert_CheckNameConstraints(
1316 PKIX_PL_Cert *cert,
1317 PKIX_PL_CertNameConstraints *nameConstraints,
1318 void *plContext);
1321 * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
1322 * DESCRIPTION:
1324 * Merges the CertNameConstraints pointed to by "firstNC" and the
1325 * CertNameConstraints pointed to by "secondNC" and stores the merged
1326 * CertNameConstraints at "pResultNC". If "secondNC" is NULL, the
1327 * CertNameConstraints pointed to by "firstNC" is stored at "pResultNC".
1329 * Once created, a CertNameConstraints object is immutable.
1331 * PARAMETERS:
1332 * "firstNC"
1333 * Address of first CertNameConstraints to be merged. Must be non-NULL.
1334 * "secondNC"
1335 * Address of second CertNameConstraints to be merged
1336 * "pResultNC"
1337 * Address where object pointer will be stored. Must be non-NULL.
1338 * "plContext"
1339 * Platform-specific context pointer.
1340 * THREAD SAFETY:
1341 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1342 * RETURNS:
1343 * Returns NULL if the function succeeds.
1344 * Returns a Cert Error if the function fails in a non-fatal way.
1345 * Returns a Fatal Error if the function fails in an unrecoverable way.
1347 PKIX_Error *
1348 PKIX_PL_Cert_MergeNameConstraints(
1349 PKIX_PL_CertNameConstraints *firstNC,
1350 PKIX_PL_CertNameConstraints *secondNC,
1351 PKIX_PL_CertNameConstraints **pResultNC,
1352 void *plContext);
1355 * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage
1356 * DESCRIPTION:
1358 * Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the
1359 * keyUsage extension of the Cert pointed to by "cert". The keyUsage bit
1360 * values specified in pkixt.h are supported, and can be bitwise or'ed if
1361 * multiple bit values are to be verified. If the keyUsages do not all appear
1362 * in the keyUsage extension of "cert", a PKIX_Error pointer is returned.
1364 * KeyUsage ::= BIT STRING {
1365 * digitalSignature (0),
1366 * nonRepudiation (1),
1367 * keyEncipherment (2),
1368 * dataEncipherment (3),
1369 * keyAgreement (4),
1370 * keyCertSign (5),
1371 * cRLSign (6),
1372 * encipherOnly (7),
1373 * decipherOnly (8) }
1375 * PARAMETERS:
1376 * "cert"
1377 * Address of Cert whose keyUsage bits are to be verified.
1378 * Must be non-NULL.
1379 * "keyUsage"
1380 * Constant representing keyUsage bit(s) that all must appear in keyUsage
1381 * extension of "cert".
1382 * "plContext" - Platform-specific context pointer.
1383 * THREAD SAFETY:
1384 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1385 * RETURNS:
1386 * Returns NULL if the function succeeds.
1387 * Returns a Cert Error if the function fails in a non-fatal way.
1388 * Returns a Fatal Error if the function fails in an unrecoverable way.
1390 PKIX_Error *
1391 PKIX_PL_Cert_VerifyKeyUsage(
1392 PKIX_PL_Cert *cert,
1393 PKIX_UInt32 keyUsage,
1394 void *plContext);
1397 * FUNCTION: PKIX_PL_Cert_CheckValidity
1398 * DESCRIPTION:
1400 * Checks whether the Cert pointed to by "cert" would be valid at the time
1401 * represented by the Date pointed to by "date". If "date" is NULL, then this
1402 * function checks whether the Cert would be valid at the current time. If the
1403 * Cert would not be valid at the specified Date, a PKIX_Error pointer is
1404 * returned.
1406 * Validity ::= SEQUENCE {
1407 * notBefore Time,
1408 * notAfter Time }
1410 * Time ::= CHOICE {
1411 * utcTime UTCTime,
1412 * generalTime GeneralizedTime }
1414 * PARAMETERS:
1415 * "cert"
1416 * Address of Cert whose validity is to be checked. Must be non-NULL.
1417 * "date"
1418 * Address of Date at which the Cert is being checked for validity.
1419 * If NULL, the current time is used for the Date.
1420 * "plContext"
1421 * Platform-specific context pointer.
1422 * THREAD SAFETY:
1423 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1424 * RETURNS:
1425 * Returns NULL if the function succeeds.
1426 * Returns a Cert Error if the function fails in a non-fatal way.
1427 * Returns a Fatal Error if the function fails in an unrecoverable way.
1429 PKIX_Error *
1430 PKIX_PL_Cert_CheckValidity(
1431 PKIX_PL_Cert *cert,
1432 PKIX_PL_Date *date,
1433 void *plContext);
1436 * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter
1437 * DESCRIPTION:
1439 * Retrieves a pointer to the Date that represents the notAfter time of the
1440 * Certificate pointed to by "cert" and stores it at "pDate".
1442 * Validity ::= SEQUENCE {
1443 * notBefore Time,
1444 * notAfter Time }
1446 * PARAMETERS:
1447 * "cert"
1448 * Address of Cert whose validity time is to be retrieved. Must be
1449 * non-NULL.
1450 * "date"
1451 * Address of Date at which the Cert's notAfter time is being retrieved.
1452 * Must be non-NULL.
1453 * "plContext"
1454 * Platform-specific context pointer.
1455 * THREAD SAFETY:
1456 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1457 * RETURNS:
1458 * Returns NULL if the function succeeds.
1459 * Returns a Cert Error if the function fails in a non-fatal way.
1460 * Returns a Fatal Error if the function fails in an unrecoverable way.
1462 PKIX_Error *
1463 PKIX_PL_Cert_GetValidityNotAfter(
1464 PKIX_PL_Cert *cert,
1465 PKIX_PL_Date **pDate,
1466 void *plContext);
1469 * FUNCTION: PKIX_PL_Cert_VerifySignature
1470 * DESCRIPTION:
1472 * Verifies the signature on the Cert pointed to by "cert" using the
1473 * PublicKey pointed to by "pubKey". If the signature doesn't verify, an
1474 * Error pointer is returned.
1476 * PARAMETERS:
1477 * "cert"
1478 * Address of Cert whose signature is to be verified. Must be non-NULL.
1479 * "pubKey"
1480 * Address of a Public Key used to verify the signature. Must be non-NULL.
1481 * "plContext"
1482 * Platform-specific context pointer.
1483 * THREAD SAFETY:
1484 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1485 * RETURNS:
1486 * Returns NULL if the function succeeds.
1487 * Returns a Cert Error if the function fails in a non-fatal way.
1488 * Returns a Fatal Error if the function fails in an unrecoverable way.
1490 PKIX_Error *
1491 PKIX_PL_Cert_VerifySignature(
1492 PKIX_PL_Cert *cert,
1493 PKIX_PL_PublicKey *pubKey,
1494 void *plContext);
1497 * FUNCTION: PKIX_PL_Cert_IsCertTrusted
1498 * DESCRIPTION:
1500 * Checks the Cert specified by "cert" to determine, in a manner that depends
1501 * on the underlying platform, whether it is trusted, and stores the result in
1502 * "pTrusted". If a certificate is trusted it means that a chain built to that
1503 * certificate, and satisfying all the usage, policy, validity, and other
1504 * tests, is a valid chain and the End Entity certificate from which it was
1505 * built can be trusted.
1507 * If the Certificate is not intrinsically trustworthy, it still might end up a
1508 * component in a successful chain.
1510 * PARAMETERS
1511 * "cert"
1512 * Address of Cert whose trustworthiness is to be determined. Must be
1513 * non-NULL.
1514 * "pTrusted"
1515 * Address where the Boolean value will be stored. Must be non-NULL.
1516 * "plContext"
1517 * Platform-specific context pointer.
1518 * THREAD SAFETY:
1519 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1520 * RETURNS:
1521 * Returns NULL if the function succeeds.
1522 * Returns a CERT Error if the function fails in a non-fatal way.
1523 * Returns a Fatal Error if the function fails in an unrecoverable way.
1525 PKIX_Error *
1526 PKIX_PL_Cert_IsCertTrusted(
1527 PKIX_PL_Cert *cert,
1528 PKIX_Boolean *pTrusted,
1529 void *plContext);
1532 * FUNCTION: PKIX_PL_Cert_GetCacheFlag
1533 * DESCRIPTION:
1535 * Retrieves the value of the cache flag in "cert" and return it at address
1536 * pointed by "pCacheFlag". The initila cache flag is determined by the
1537 * CertStore this "cert" is fetched from. When CertStore is created, user
1538 * need to specify if the data should be cached.
1540 * PARAMETERS:
1541 * "cert"
1542 * Address of Cert whose cache flag is fetched. Must be non-NULL.
1543 * "pCacheFlag"
1544 * Address where PKIX_Boolean will be stored. Must be non-NULL.
1545 * "plContext"
1546 * Platform-specific context pointer.
1547 * THREAD SAFETY:
1548 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1549 * RETURNS:
1550 * Returns NULL if the function succeeds.
1551 * Returns a Cert Error if the function fails in a non-fatal way.
1552 * Returns a Fatal Error if the function fails in an unrecoverable way.
1554 PKIX_Error *
1555 PKIX_PL_Cert_GetCacheFlag(
1556 PKIX_PL_Cert *cert,
1557 PKIX_Boolean *pCacheFlag,
1558 void *plContext);
1561 * FUNCTION: PKIX_PL_Cert_SetCacheFlag
1562 * DESCRIPTION:
1564 * Set the value of the cache flag in "cert" base on the boolean value stored
1565 * at "cacheFlag". This function is meant to be used by CertStore after a
1566 * Cert is created.
1568 * PARAMETERS:
1569 * "cert"
1570 * Address of Cert where "cacheFlag" is stored. Must be non-NULL.
1571 * "cacheFlag"
1572 * PKIX_Boolean flag for cache flag.
1573 * "plContext"
1574 * Platform-specific context pointer.
1575 * THREAD SAFETY:
1576 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1577 * RETURNS:
1578 * Returns NULL if the function succeeds.
1579 * Returns a Cert Error if the function fails in a non-fatal way.
1580 * Returns a Fatal Error if the function fails in an unrecoverable way.
1582 PKIX_Error *
1583 PKIX_PL_Cert_SetCacheFlag(
1584 PKIX_PL_Cert *cert,
1585 PKIX_Boolean cacheFlag,
1586 void *plContext);
1589 * FUNCTION: PKIX_PL_Cert_GetTrustCertStore
1590 * DESCRIPTION:
1592 * Retrieves the value of the CertStore in "cert" and return it at address
1593 * pointed by "pCertStore".
1595 * PARAMETERS:
1596 * "cert"
1597 * Address of Cert whose CertStore is fetched. Must be non-NULL.
1598 * "pTrustCertStore"
1599 * Address where CertStore will be stored and returned. Must be non-NULL.
1600 * "plContext"
1601 * Platform-specific context pointer.
1602 * THREAD SAFETY:
1603 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1604 * RETURNS:
1605 * Returns NULL if the function succeeds.
1606 * Returns a Cert Error if the function fails in a non-fatal way.
1607 * Returns a Fatal Error if the function fails in an unrecoverable way.
1609 PKIX_Error *
1610 PKIX_PL_Cert_GetTrustCertStore(
1611 PKIX_PL_Cert *cert,
1612 PKIX_CertStore **pTrustCertStore,
1613 void *plContext);
1616 * FUNCTION: PKIX_PL_Cert_SetTrustCertStore
1617 * DESCRIPTION:
1619 * Set the value of the CertStore "certStore" in "cert".
1621 * PARAMETERS:
1622 * "cert"
1623 * Address of Cert where "certStore" will be stored. Must be non-NULL.
1624 * "trustCertStore"
1625 * Address where the CertStore is. Must be non-NULL.
1626 * "plContext"
1627 * Platform-specific context pointer.
1628 * THREAD SAFETY:
1629 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1630 * RETURNS:
1631 * Returns NULL if the function succeeds.
1632 * Returns a Cert Error if the function fails in a non-fatal way.
1633 * Returns a Fatal Error if the function fails in an unrecoverable way.
1635 PKIX_Error *
1636 PKIX_PL_Cert_SetTrustCertStore(
1637 PKIX_PL_Cert *cert,
1638 PKIX_CertStore *trustCertStore,
1639 void *plContext);
1643 * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
1644 * DESCRIPTION:
1646 * Retrieves the value(s) of the Authority Information Access in "cert" and
1647 * returns it in a list at address pointed by "pAuthorityInfoAccess".
1649 * SubjectInfoAccess ::=
1650 * SEQUENCE SIZE (1..MAX) of AccessDescription
1651 * AccessDescription ::= SEQUENCE {
1652 * accessMethod OBJECT IDENTIFIER,
1653 * accessLocation GeneralName
1656 * PARAMETERS:
1657 * "cert"
1658 * Address of Cert whose Authority Information Access is fetched.
1659 * Must be non-NULL.
1660 * "pAuthorityInfoAccess"
1661 * Address where Authority InfoAccess will be stored and returned.
1662 * Must be non-NULL.
1663 * "plContext"
1664 * Platform-specific context pointer.
1665 * THREAD SAFETY:
1666 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1667 * RETURNS:
1668 * Returns NULL if the function succeeds.
1669 * Returns a Cert Error if the function fails in a non-fatal way.
1670 * Returns a Fatal Error if the function fails in an unrecoverable way.
1672 PKIX_Error *
1673 PKIX_PL_Cert_GetAuthorityInfoAccess(
1674 PKIX_PL_Cert *cert,
1675 PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
1676 void *plContext);
1680 * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
1681 * DESCRIPTION:
1683 * Retrieves the value(s) of the Subject Information Access in "cert" and
1684 * returns it in a list at address pointed by "pSubjectInfoAccess".
1686 * SubjectInfoAccess ::=
1687 * SEQUENCE SIZE (1..MAX) of AccessDescription
1688 * AccessDescription ::= SEQUENCE {
1689 * accessMethod OBJECT IDENTIFIER,
1690 * accessLocation GeneralName
1693 * PARAMETERS:
1694 * "cert"
1695 * Address of Cert whose Subject Information Access is fetched.
1696 * Must be non-NULL.
1697 * "pSubjectInfoAccess"
1698 * Address where Subject InfoAccess will be stored and returned.
1699 * Must be non-NULL.
1700 * "plContext"
1701 * Platform-specific context pointer.
1702 * THREAD SAFETY:
1703 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1704 * RETURNS:
1705 * Returns NULL if the function succeeds.
1706 * Returns a Cert Error if the function fails in a non-fatal way.
1707 * Returns a Fatal Error if the function fails in an unrecoverable way.
1709 PKIX_Error *
1710 PKIX_PL_Cert_GetSubjectInfoAccess(
1711 PKIX_PL_Cert *cert,
1712 PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
1713 void *plContext);
1717 * InfoAccess
1719 * To hold Authority Information Access or Subject Information Access
1720 * retrieved from a Certificate.
1723 #define PKIX_INFOACCESS_OCSP 1
1724 #define PKIX_INFOACCESS_CA_ISSUERS 2
1725 #define PKIX_INFOACCESS_TIMESTAMPING 3
1726 #define PKIX_INFOACCESS_CA_REPOSITORY 5
1728 #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
1729 #define PKIX_INFOACCESS_LOCATION_HTTP 1
1730 #define PKIX_INFOACCESS_LOCATION_LDAP 2
1733 * FUNCTION: PKIX_PL_InfoAccess_GetMethod
1734 * DESCRIPTION:
1736 * Stores the method of the Information Access from "infoAccess" and
1737 * returns in "pMethod".
1739 * SubjectInfoAccess ::=
1740 * AccessDescription ::= SEQUENCE {
1741 * accessMethod OBJECT IDENTIFIER,
1742 * accessLocation GeneralName
1745 * PARAMETERS:
1746 * "infoAccess"
1747 * Address of PKIX_PL_InfoAccess that has the access data.
1748 * Must be non-NULL.
1749 * "pMethod"
1750 * Address where access method will be stored and returned.
1751 * Must be non-NULL.
1752 * "plContext"
1753 * Platform-specific context pointer.
1754 * THREAD SAFETY:
1755 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1756 * RETURNS:
1757 * Returns NULL if the function succeeds.
1758 * Returns a Cert Error if the function fails in a non-fatal way.
1759 * Returns a Fatal Error if the function fails in an unrecoverable way.
1761 PKIX_Error *
1762 PKIX_PL_InfoAccess_GetMethod(
1763 PKIX_PL_InfoAccess *infoAccess,
1764 PKIX_UInt32 *pMethod,
1765 void *plContext);
1768 * FUNCTION: PKIX_PL_InfoAccess_GetLocation
1769 * DESCRIPTION:
1771 * Stores the location of the Information Access from "infoAccess" and
1772 * returns in "pLocation".
1774 * SubjectInfoAccess ::=
1775 * AccessDescription ::= SEQUENCE {
1776 * accessMethod OBJECT IDENTIFIER,
1777 * accessLocation GeneralName
1780 * PARAMETERS:
1781 * "infoAccess"
1782 * Address of PKIX_PL_InfoAccess that has the access data.
1783 * Must be non-NULL.
1784 * "pLocation"
1785 * Address where access location will be stored and returned.
1786 * Must be non-NULL.
1787 * "plContext"
1788 * Platform-specific context pointer.
1789 * THREAD SAFETY:
1790 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1791 * RETURNS:
1792 * Returns NULL if the function succeeds.
1793 * Returns a Cert Error if the function fails in a non-fatal way.
1794 * Returns a Fatal Error if the function fails in an unrecoverable way.
1796 PKIX_Error *
1797 PKIX_PL_InfoAccess_GetLocation(
1798 PKIX_PL_InfoAccess *infoAccess,
1799 PKIX_PL_GeneralName **pLocation,
1800 void *plContext);
1803 * FUNCTION: PKIX_PL_InfoAccess_GetLocationType
1804 * DESCRIPTION:
1806 * Stores the type of location of the Information Access from "infoAccess" and
1807 * returns in "pType".
1809 * SubjectInfoAccess ::=
1810 * AccessDescription ::= SEQUENCE {
1811 * accessMethod OBJECT IDENTIFIER,
1812 * accessLocation GeneralName
1815 * PARAMETERS:
1816 * "infoAccess"
1817 * Address of PKIX_PL_InfoAccess that has the access data.
1818 * Must be non-NULL.
1819 * "pType"
1820 * Address where access location type will be stored and returned.
1821 * Must be non-NULL.
1822 * "plContext"
1823 * Platform-specific context pointer.
1824 * THREAD SAFETY:
1825 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1826 * RETURNS:
1827 * Returns NULL if the function succeeds.
1828 * Returns a Cert Error if the function fails in a non-fatal way.
1829 * Returns a Fatal Error if the function fails in an unrecoverable way.
1831 PKIX_Error *
1832 PKIX_PL_InfoAccess_GetLocationType(
1833 PKIX_PL_InfoAccess *infoAccess,
1834 PKIX_UInt32 *pType,
1835 void *plContext);
1837 PKIX_Error *
1838 pkix_pl_InfoAccess_GetAIACerts(
1839 PKIX_PL_InfoAccess *ia,
1840 void **pNBIOContext,
1841 void **pHandle,
1842 PKIX_List **pCerts,
1843 void *plContext);
1846 * CRL
1848 * A CRL represents an X.509 certificate revocation list. It can be created
1849 * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is
1850 * immutable. The following functions include accessors (gettors) for the
1851 * various components of an X.509 CRL, as well as a function for signature
1852 * verification.
1856 * FUNCTION: PKIX_PL_CRL_Create
1857 * DESCRIPTION:
1859 * Creates a new CRL using the bytes in the ByteArray pointed to by
1860 * "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1
1861 * DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a
1862 * CRL is immutable.
1864 * CertificateList ::= SEQUENCE {
1865 * tbsCertList TBSCertList,
1866 * signatureAlgorithm AlgorithmIdentifier,
1867 * signatureValue BIT STRING }
1869 * TBSCertList ::= SEQUENCE {
1870 * version Version OPTIONAL,
1871 * -- if present, MUST be v2
1872 * signature AlgorithmIdentifier,
1873 * issuer Name,
1874 * thisUpdate Time,
1875 * nextUpdate Time OPTIONAL,
1876 * revokedCertificates SEQUENCE OF SEQUENCE {
1877 * userCertificate CertificateSerialNumber,
1878 * revocationDate Time,
1879 * crlEntryExtensions Extensions OPTIONAL
1880 * -- if present, MUST be v2
1881 * } OPTIONAL,
1882 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
1883 * -- if present, MUST be v2
1886 * PARAMETERS:
1887 * "byteArray"
1888 * Address of ByteArray representing the CRL's DER encoding.
1889 * Must be non-NULL.
1890 * "pCRL"
1891 * Address where object pointer will be stored. Must be non-NULL.
1892 * "plContext"
1893 * Platform-specific context pointer.
1894 * THREAD SAFETY:
1895 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1896 * RETURNS:
1897 * Returns NULL if the function succeeds.
1898 * Returns a CRL Error if the function fails in a non-fatal way.
1899 * Returns a Fatal Error if the function fails in an unrecoverable way.
1901 PKIX_Error *
1902 PKIX_PL_CRL_Create(
1903 PKIX_PL_ByteArray *byteArray,
1904 PKIX_PL_CRL **pCRL,
1905 void *plContext);
1908 * FUNCTION: PKIX_PL_CRL_GetIssuer
1909 * DESCRIPTION:
1911 * Retrieves a pointer to the X500Name that represents the issuer of the CRL
1912 * pointed to by "crl" and stores it at "pCRLIssuer".
1914 * PARAMETERS:
1915 * "crl"
1916 * Address of CRL whose issuer is to be stored. Must be non-NULL.
1917 * "pCRLIssuer"
1918 * Address where object pointer will be stored. Must be non-NULL.
1919 * "plContext"
1920 * Platform-specific context pointer.
1921 * THREAD SAFETY:
1922 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1923 * RETURNS:
1924 * Returns NULL if the function succeeds.
1925 * Returns a CRL Error if the function fails in a non-fatal way.
1926 * Returns a Fatal Error if the function fails in an unrecoverable way.
1928 PKIX_Error *
1929 PKIX_PL_CRL_GetIssuer(
1930 PKIX_PL_CRL *crl,
1931 PKIX_PL_X500Name **pCRLIssuer,
1932 void *plContext);
1935 * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
1936 * DESCRIPTION:
1938 * Retrieves a pointer to the List of OIDs (each OID corresponding to a
1939 * critical extension of the CRL pointed to by "crl") and stores it at
1940 * "pExtensions". If "crl" does not have any critical extensions, this
1941 * function stores an empty List at "pExtensions".
1943 * Note that the List returned by this function is immutable.
1945 * PARAMETERS:
1946 * "crl"
1947 * Address of CRL whose critical extension OIDs are to be stored.
1948 * Must be non-NULL.
1949 * "pExtensions"
1950 * Address where object pointer will be stored. Must be non-NULL.
1951 * "plContext"
1952 * Platform-specific context pointer.
1953 * THREAD SAFETY:
1954 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1955 * RETURNS:
1956 * Returns NULL if the function succeeds.
1957 * Returns a CRL Error if the function fails in a non-fatal way.
1958 * Returns a Fatal Error if the function fails in an unrecoverable way.
1960 PKIX_Error *
1961 PKIX_PL_CRL_GetCriticalExtensionOIDs(
1962 PKIX_PL_CRL *crl,
1963 PKIX_List **pExtensions, /* list of PKIX_PL_OID */
1964 void *plContext);
1967 * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber
1968 * DESCRIPTION:
1970 * Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl")
1971 * corresponding to the BigInt pointed to by "serialNumber" and stores it at
1972 * "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at
1973 * "pCRLEntry". Once created, a CRLEntry is immutable.
1975 * PARAMETERS:
1976 * "crl"
1977 * Address of CRL whose CRL Entries are to be searched. Must be non-NULL.
1978 * "serialNumber"
1979 * Address of BigInt representing serial number of certificate whose
1980 * CRLEntry is to be found. Must be non-NULL.
1981 * "pCRLEntry"
1982 * Address where object pointer will be stored. Must be non-NULL.
1983 * "plContext"
1984 * Platform-specific context pointer.
1985 * THREAD SAFETY:
1986 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1987 * RETURNS:
1988 * Returns NULL if the function succeeds.
1989 * Returns a CRL Error if the function fails in a non-fatal way.
1990 * Returns a Fatal Error if the function fails in an unrecoverable way.
1992 PKIX_Error *
1993 PKIX_PL_CRL_GetCRLEntryForSerialNumber(
1994 PKIX_PL_CRL *crl,
1995 PKIX_PL_BigInt *serialNumber,
1996 PKIX_PL_CRLEntry **pCRLEntry,
1997 void *plContext);
2000 * FUNCTION: PKIX_PL_CRL_GetCRLNumber
2001 * DESCRIPTION:
2002 * Retrieves the CRL Number from extension. This is non-critical extension.
2004 * PARAMETERS:
2005 * "crl"
2006 * Address of CRL whose version is to be stored. Must be non-NULL.
2007 * "pCrlNumber"
2008 * Address where a CRL Number will be stored. Must be non-NULL.
2009 * "plContext"
2010 * Platform-specific context pointer.
2011 * THREAD SAFETY:
2012 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2013 * RETURNS:
2014 * Returns NULL if the function succeeds.
2015 * Returns a CRL Error if the function fails in a non-fatal way.
2016 * Returns a Fatal Error if the function fails in an unrecoverable way.
2018 PKIX_Error *
2019 PKIX_PL_CRL_GetCRLNumber(
2020 PKIX_PL_CRL *crl,
2021 PKIX_PL_BigInt **pCrlNumber,
2022 void *plContext);
2025 * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime
2026 * DESCRIPTION:
2028 * Checks whether the CRL pointed to by "crl" would be valid at the time
2029 * represented by the Date pointed to by "date" and stores the Boolean result
2030 * at "pResult". This check is done only when NIST policy is enforced.
2032 * Time ::= CHOICE {
2033 * utcTime UTCTime,
2034 * generalTime GeneralizedTime }
2036 * PARAMETERS:
2037 * "crl"
2038 * Address of CRL whose validity is to be checked. Must be non-NULL.
2039 * "date"
2040 * Address of Date at which the CRL is being checked for validity.
2041 * Must be non-NULL.
2042 * "pResult"
2043 * Address of Boolean result. Must be non-NULL.
2044 * "plContext"
2045 * Platform-specific context pointer.
2046 * THREAD SAFETY:
2047 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2048 * RETURNS:
2049 * Returns NULL if the function succeeds.
2050 * Returns a CRL Error if the function fails in a non-fatal way.
2051 * Returns a Fatal Error if the function fails in an unrecoverable way.
2053 PKIX_Error *
2054 PKIX_PL_CRL_VerifyUpdateTime(
2055 PKIX_PL_CRL *crl,
2056 PKIX_PL_Date *date,
2057 PKIX_Boolean *pResult,
2058 void *plContext);
2061 * FUNCTION: PKIX_PL_CRL_VerifySignature
2062 * DESCRIPTION:
2064 * Verifies the signature on the CRL pointed to by "crl" using the PublicKey
2065 * pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error
2066 * pointer is returned.
2068 * PARAMETERS:
2069 * "crl"
2070 * Address of CRL whose signature is to be verified. Must be non-NULL.
2071 * "pubKey"
2072 * Address of a Public Key used to verify the signature. Must be non-NULL.
2073 * "plContext"
2074 * Platform-specific context pointer.
2075 * THREAD SAFETY:
2076 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2077 * RETURNS:
2078 * Returns NULL if the function succeeds.
2079 * Returns a CRL Error if the function fails in a non-fatal way.
2080 * Returns a Fatal Error if the function fails in an unrecoverable way.
2082 PKIX_Error *
2083 PKIX_PL_CRL_VerifySignature(
2084 PKIX_PL_CRL *crl,
2085 PKIX_PL_PublicKey *pubKey,
2086 void *plContext);
2089 * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
2090 * DESCRIPTION:
2092 * Retrieves the value of the reason code extension of the CRLEntry pointed
2093 * to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no
2094 * reason code extension, this function stores -1 at "pReason".
2096 * CRLReason ::= ENUMERATED {
2097 * unspecified (0),
2098 * keyCompromise (1),
2099 * cACompromise (2),
2100 * affiliationChanged (3),
2101 * superseded (4),
2102 * cessationOfOperation (5),
2103 * certificateHold (6),
2104 * removeFromCRL (8),
2105 * privilegeWithdrawn (9),
2106 * aACompromise (10) }
2108 * PARAMETERS:
2109 * "crlEntry"
2110 * Address of CRLEntry whose reason code bit values are to be returned
2111 * at "pReason". Must be non-NULL.
2112 * "pReason"
2113 * Address of PKIX_Int32 where reason code is stored. Must be non-NULL.
2114 * "plContext"
2115 * Platform-specific context pointer.
2116 * THREAD SAFETY:
2117 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2118 * RETURNS:
2119 * Returns NULL if the function succeeds.
2120 * Returns a CRL Error if the function fails in a non-fatal way.
2121 * Returns a Fatal Error if the function fails in an unrecoverable way.
2123 PKIX_Error *
2124 PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
2125 PKIX_PL_CRLEntry *crlEntry,
2126 PKIX_Int32 *pReason,
2127 void *plContext);
2130 * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
2131 * DESCRIPTION:
2133 * Retrieves a pointer to the List of OIDs (each OID corresponding to a
2134 * critical extension of the CRLEntry pointed to by "crlEntry") and stores it
2135 * at "pExtensions". If "crlEntry" does not have any critical extensions, this
2136 * function stores an empty List at "pExtensions".
2138 * Note that the List returned by this function is immutable.
2140 * PARAMETERS:
2141 * "crlEntry"
2142 * Address of CRLEntry whose critical extension OIDs are to be stored.
2143 * Must be non-NULL.
2144 * "pExtensions"
2145 * Address where object pointer will be stored. Must be non-NULL.
2146 * "plContext"
2147 * Platform-specific context pointer.
2148 * THREAD SAFETY:
2149 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2150 * RETURNS:
2151 * Returns NULL if the function succeeds.
2152 * Returns a CRL Error if the function fails in a non-fatal way.
2153 * Returns a Fatal Error if the function fails in an unrecoverable way.
2155 PKIX_Error *
2156 PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(
2157 PKIX_PL_CRLEntry *crlEntry,
2158 PKIX_List **pExtensions, /* list of PKIX_PL_OID */
2159 void *plContext);
2161 #ifdef BUILD_LIBPKIX_TESTS
2163 * FUNCTION: PKIX_PL_X500Name_Create
2164 * DESCRIPTION:
2166 * Creates a new X500Name using the UTF8 string representation pointed to by
2167 * "stringRep" and stores it at "pName". Once created, an X500Name is
2168 * immutable.
2170 * Name ::= CHOICE {
2171 * RDNSequence }
2173 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
2175 * RelativeDistinguishedName ::=
2176 * SET OF AttributeTypeAndValue
2178 * AttributeTypeAndValue ::= SEQUENCE {
2179 * type AttributeType,
2180 * value AttributeValue }
2182 * AttributeType ::= OBJECT IDENTIFIER
2184 * AttributeValue ::= ANY DEFINED BY AttributeType
2186 * DirectoryString ::= CHOICE {
2187 * teletexString TeletexString (SIZE (1..MAX)),
2188 * printableString PrintableString (SIZE (1..MAX)),
2189 * universalString UniversalString (SIZE (1..MAX)),
2190 * utf8String UTF8String (SIZE (1..MAX)),
2191 * bmpString BMPString (SIZE (1..MAX)) }
2193 * PARAMETERS:
2194 * "stringRep"
2195 * Address of UTF8 String representation of X500Name. Must be non-NULL.
2196 * "pName"
2197 * Address where object pointer will be stored. Must be non-NULL.
2198 * "plContext"
2199 * Platform-specific context pointer.
2200 * THREAD SAFETY:
2201 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2202 * RETURNS:
2203 * Returns NULL if the function succeeds.
2204 * Returns an X500Name Error if the function fails in a non-fatal way.
2205 * Returns a Fatal Error if the function fails in an unrecoverable way.
2207 PKIX_Error *
2208 PKIX_PL_X500Name_Create (
2209 PKIX_PL_String *stringRep,
2210 PKIX_PL_X500Name **pName,
2211 void *plContext);
2213 #endif /* BUILD_LIBPKIX_TESTS */
2216 * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName
2217 * DESCRIPTION:
2219 * The function creates x500Name using der encoded DN and/or pointer to
2220 * CERTName. If arument "name" is NULL, but derName is supplied when
2221 * the function generates nssDN(CERTName type) from der data. If derName
2222 * is not supplied, CERTName *name will not be used to generate DN DER
2223 * encoding.
2225 * PARAMETERS:
2226 * "derName"
2227 * Address of DER representation of X500Name. Can be NULL
2228 * "name"
2229 * Address of CERTName representation of X500Name. Can be NULL
2230 * "pName"
2231 * Address where object pointer will be stored. Must be non-NULL.
2232 * "plContext"
2233 * Platform-specific context pointer.
2234 * THREAD SAFETY:
2235 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2236 * RETURNS:
2237 * Returns NULL if the function succeeds.
2238 * Returns an X500Name Error if the function fails in a non-fatal way.
2239 * Returns a Fatal Error if the function fails in an unrecoverable way.
2241 PKIX_Error *
2242 PKIX_PL_X500Name_CreateFromCERTName(
2243 SECItem *derName,
2244 CERTName *name,
2245 PKIX_PL_X500Name **pName,
2246 void *plContext);
2250 * TYPE: PKIX_PL_X500Name_Match
2251 * DESCRIPTION:
2252 * Checks whether the X500Name pointed to by "firstX500Name" MATCHES the
2253 * X500Name pointed to by "secondX500Name" and stores the boolean result at
2254 * "pResult". Two X500Names MATCH if they meet the conditions specified by
2255 * RFC 3280 (section 4.1.2.4). Namely:
2257 * "This specification requires only a subset of the name comparison
2258 * functionality specified in the X.500 series of specifications.
2259 * Conforming implementations are REQUIRED to implement the following
2260 * name comparison rules:
2262 * (a) attribute values encoded in different types (e.g., PrintableString
2263 * and BMPString) MAY be assumed to represent different strings;
2265 * (b) attribute values in types other than PrintableString are case
2266 * sensitive (this permits matching of attribute values as binary objects)
2268 * (c) attribute values in PrintableString are not case sensitive
2269 * (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and
2271 * (d) attribute values in PrintableString are compared after removing
2272 * leading and trailing white space and converting internal substrings of
2273 * one or more consecutive white space characters to a single space."
2275 * PARAMETERS:
2276 * "firstX500Name"
2277 * Address of first X500Name to compare. Must be non-NULL.
2278 * "secondX500Name"
2279 * Address of second X500Name to compare. Must be non-NULL.
2280 * "pResult"
2281 * Address of Boolean result. Must be non-NULL.
2282 * "plContext"
2283 * Platform-specific context pointer.
2284 * THREAD SAFETY:
2285 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2286 * RETURNS:
2287 * Returns NULL if the function succeeds.
2288 * Returns an X500Name Error if the function fails in a non-fatal way.
2289 * Returns a Fatal Error if the function fails in an unrecoverable way.
2291 PKIX_Error *
2292 PKIX_PL_X500Name_Match(
2293 PKIX_PL_X500Name *firstX500Name,
2294 PKIX_PL_X500Name *secondX500Name,
2295 PKIX_Boolean *pResult,
2296 void *plContext);
2299 * FUNCTION: PKIX_PL_Date_Create_UTCTime
2300 * DESCRIPTION:
2301 * Creates a new Date of type UTCTime using the string representation pointed
2302 * to by "stringRep" and stores it at "pDate". The UTCTime restriction means
2303 * that the year can only be specified by the least significant two digits
2304 * (YY). As such, Only the years 1950-2049 can be represented. If "stringRep"
2305 * is NULL, this function creates a new Date representing the current time
2306 * and stores it at "pDate". Once created, a Date is immutable.
2308 * If YY is greater than or equal to 50, the year is interpreted as 19YY.
2309 * If YY is less than 50, the year is interpreted as 20YY.
2311 * The string representation of the date must be in the following form:
2312 * "YYMMDDhhmmssZ" where:
2314 * YY is the least significant two digits of the year
2315 * MM is the month (01 to 12)
2316 * DD is the day (01 to 31)
2317 * hh is the hour (00 to 23)
2318 * mm are the minutes (00 to 59)
2319 * ss are the seconds (00 to 59)
2320 * Z indicates that local time is GMT
2322 * PARAMETERS:
2323 * "stringRep"
2324 * Address of String representation of Date.
2325 * If NULL, current time is used.
2326 * "pDate"
2327 * Address where object pointer will be stored. Must be non-NULL.
2328 * "plContext"
2329 * Platform-specific context pointer.
2330 * THREAD SAFETY:
2331 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2332 * RETURNS:
2333 * Returns NULL if the function succeeds.
2334 * Returns a Date Error if the function fails in a non-fatal way.
2335 * Returns a Fatal Error if the function fails in an unrecoverable way.
2337 PKIX_Error *
2338 PKIX_PL_Date_Create_UTCTime (
2339 PKIX_PL_String *stringRep,
2340 PKIX_PL_Date **pDate,
2341 void *plContext);
2344 * FUNCTION: PKIX_PL_Date_Create_UTCTime
2345 * DESCRIPTION:
2346 * Creates a new Date from PRTime data.
2348 * PARAMETERS:
2349 * "time"
2350 * Represented time in PRTime type.
2351 * "pDate"
2352 * Address where object pointer will be stored. Must be non-NULL.
2353 * "plContext"
2354 * Platform-specific context pointer.
2355 * THREAD SAFETY:
2356 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2357 * RETURNS:
2358 * Returns NULL if the function succeeds.
2359 * Returns a Date Error if the function fails in a non-fatal way.
2360 * Returns a Fatal Error if the function fails in an unrecoverable way.
2362 PKIX_Error *
2363 PKIX_PL_Date_CreateFromPRTime(
2364 PRTime time,
2365 PKIX_PL_Date **pDate,
2366 void *plContext);
2369 * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
2370 * DESCRIPTION:
2371 * Creates a new Date of type UTCTime for current time with seconds off by
2372 * "secondsOffset" and returns it at "pDate".
2374 * PARAMETERS:
2375 * "secondsOffset"
2376 * A PKIX_Int32 indicates the time offset from current. If "secondsOffset"
2377 * is negative, the time is in past.
2378 * "pDate"
2379 * Address where object pointer will be stored. Must be non-NULL.
2380 * "plContext"
2381 * Platform-specific context pointer.
2382 * THREAD SAFETY:
2383 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2384 * RETURNS:
2385 * Returns NULL if the function succeeds.
2386 * Returns a Date Error if the function fails in a non-fatal way.
2387 * Returns a Fatal Error if the function fails in an unrecoverable way.
2389 PKIX_Error *
2390 PKIX_PL_Date_Create_CurrentOffBySeconds(
2391 PKIX_Int32 secondsOffset,
2392 PKIX_PL_Date **pDate,
2393 void *plContext);
2395 #ifdef BUILD_LIBPKIX_TESTS
2397 * FUNCTION: PKIX_PL_GeneralName_Create
2398 * DESCRIPTION:
2400 * Creates a new GeneralName of type "nameType" using the string
2401 * representation pointed to by "stringRep" and stores it at "pGName".
2402 * All of the GeneralName type format values specified in pkixt.h are
2403 * supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME,
2404 * PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation
2405 * should be used for all supported nameTypes, with the exception of
2406 * registeredID and directoryName. For registeredID, the string representation
2407 * should be the same as that used by PKIX_PL_OID_Create. For directoryName,
2408 * the string representation should be the same as that used by
2409 * PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is
2410 * returned. Once created, a GeneralName is immutable.
2412 * GeneralName ::= CHOICE {
2413 * otherName [0] OtherName,
2414 * rfc822Name [1] IA5String,
2415 * dNSName [2] IA5String,
2416 * x400Address [3] ORAddress,
2417 * directoryName [4] Name,
2418 * ediPartyName [5] EDIPartyName,
2419 * uniformResourceIdentifier [6] IA5String,
2420 * iPAddress [7] OCTET STRING,
2421 * registeredID [8] OBJECT IDENTIFIER }
2424 * NOTE: This function is allowed to be called only by pkix tests programs.
2426 * PARAMETERS:
2427 * "nameType"
2428 * Type of GeneralName to be created. This must be one of the GeneralName
2429 * type format values specified in pkixt.h
2430 * "stringRep"
2431 * Address of String representation of GeneralName. Must be non-NULL.
2432 * "pGName"
2433 * Address where object pointer will be stored. Must be non-NULL.
2434 * "plContext"
2435 * Platform-specific context pointer.
2436 * THREAD SAFETY:
2437 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2438 * RETURNS:
2439 * Returns NULL if the function succeeds.
2440 * Returns a GeneralName Error if the function fails in a non-fatal way.
2441 * Returns a Fatal Error if the function fails in an unrecoverable way.
2443 PKIX_Error *
2444 PKIX_PL_GeneralName_Create (
2445 PKIX_UInt32 nameType,
2446 PKIX_PL_String *stringRep,
2447 PKIX_PL_GeneralName **pGName,
2448 void *plContext);
2449 #endif /* BUILD_LIBPKIX_TESTS */
2452 * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
2453 * DESCRIPTION:
2455 * This function checks whether names in "nameList" comply with
2456 * "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the
2457 * requirement of the NameConstraints, PKIX_FALSE otherwise.
2459 * PARAMETERS
2460 * "nameList"
2461 * List of GeneralNames that are checked for compliance. May be empty
2462 * or NULL.
2463 * "nameConstraints"
2464 * Address of CertNameConstraints that provides lists of permitted
2465 * and excluded names. Must be non-NULL.
2466 * "pCheckPass"
2467 * Address where PKIX_TRUE is returned if the all names in "nameList" are
2468 * valid. Must be non-NULL.
2469 * "plContext" - Platform-specific context pointer.
2470 * THREAD SAFETY:
2471 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2472 * RETURNS:
2473 * Returns NULL if the function succeeds.
2474 * Returns a NameConstraints Error if the function fails in a
2475 * non-fatal way.
2476 * Returns a Fatal Error if the function fails in an unrecoverable way.
2478 PKIX_Error *
2479 PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
2480 PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
2481 PKIX_PL_CertNameConstraints *nameConstraints,
2482 PKIX_Boolean *pCheckPass,
2483 void *plContext);
2486 * FUNCTION: PKIX_PL_AIAMgr_Create
2487 * DESCRIPTION:
2489 * This function creates an AIAMgr to handle retrieval of Certs and CRLs
2490 * from servers given by AIA Certificate extensions. It manages connections
2491 * and caches. The manager created is stored at "pAIAMgr".
2493 * PARAMETERS:
2494 * "pAIAMgr"
2495 * The address at which the result is stored. Must be non-NULL.
2496 * THREAD SAFETY:
2497 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2498 * RETURNS:
2499 * Returns NULL if the function succeeds.
2500 * Returns an AIAMgr Error if the function fails in a non-fatal way
2501 * Returns a Fatal Error if the function fails in an unrecoverable way.
2503 PKIX_Error *
2504 PKIX_PL_AIAMgr_Create(
2505 PKIX_PL_AIAMgr **pAIAMgr,
2506 void *plContext);
2509 * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts
2510 * DESCRIPTION:
2512 * This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs
2513 * specified by an AIA certificate extension, if any, in the Cert pointed to by
2514 * "prevCert", storing the results at "pCerts". If the certificate has no such
2515 * extension, this function stores NULL at "pCerts".
2517 * If the request is suspended for non-blocking I/O, a platform-dependent
2518 * context is stored at "pNBIOContext" and NULL is stored at "pCerts". This
2519 * return is referred to as the WOULDBLOCK state. Note that the caller must
2520 * check for a non-NULL value at "pNBIOContext", to distinguish this state from
2521 * the "no such extension" return described in the first paragraph. (The
2522 * alternative would be to return an empty List, but it seemed wrong to incur
2523 * the overhead of creating and destroying an empty List for the most common
2524 * situation.)
2526 * After a WOULDBLOCK return, the user may continue the operation by calling
2527 * pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again
2528 * returns in the WOULDBLOCK state) with the previously-returned non-NULL
2529 * value of "pNBIOContext". When results are complete, NULL is stored at
2530 * "pNBIOContext", and the results (which may be NULL) are stored at "pCerts".
2532 * PARAMETERS:
2533 * "aiaMgr"
2534 * The AIAMgr which controls the retrieval of certificates. Must be
2535 * non-NULL.
2536 * "prevCert"
2537 * Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must
2538 * be non-NULL.
2539 * "pNBIOContext"
2540 * Address at which platform-dependent information is returned if request
2541 * is suspended for non-blocking I/O. Must be non-NULL.
2542 * "pCerts"
2543 * Address at which the returned List is stored. Must be non-NULL.
2544 * "plContext"
2545 * Platform-specific context pointer.
2546 * THREAD SAFETY:
2547 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2548 * RETURNS:
2549 * Returns NULL if the function succeeds.
2550 * Returns an AIAMgr Error if the function fails in a non-fatal way
2551 * Returns a Fatal Error if the function fails in an unrecoverable way.
2553 PKIX_Error *
2554 PKIX_PL_AIAMgr_GetAIACerts(
2555 PKIX_PL_AIAMgr *aiaMgr,
2556 PKIX_PL_Cert *prevCert,
2557 void **pNBIOContext,
2558 PKIX_List **pCerts,
2559 void *plContext);
2561 typedef PKIX_Error *
2562 (*PKIX_PL_OcspResponse_VerifyCallback)(
2563 PKIX_PL_Cert *signerCert,
2564 PKIX_PL_Date *producedAt,
2565 PKIX_ProcessingParams *procParams,
2566 void **pNBIOContext,
2567 void **pState,
2568 PKIX_BuildResult **pBuildResult,
2569 PKIX_VerifyNode **pVerifyTree,
2570 void *plContext);
2572 PKIX_Error *
2573 pkix_pl_OcspRequest_Create(
2574 PKIX_PL_Cert *cert,
2575 PKIX_PL_OcspCertID *cid,
2576 PKIX_PL_Date *validity,
2577 PKIX_Boolean addServiceLocator,
2578 PKIX_PL_Cert *signerCert,
2579 PKIX_Boolean *pURIFound,
2580 PKIX_PL_OcspRequest **pRequest,
2581 void *plContext);
2583 PKIX_Error *
2584 pkix_pl_OcspResponse_Create(
2585 PKIX_PL_OcspRequest *request,
2586 void *responder,
2587 PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
2588 void **pNBIOContext,
2589 PKIX_PL_OcspResponse **pResponse,
2590 void *plContext);
2592 PKIX_Error *
2593 pkix_pl_OcspResponse_Decode(
2594 PKIX_PL_OcspResponse *response,
2595 PKIX_Boolean *passed,
2596 SECErrorCodes *pReturnCode,
2597 void *plContext);
2599 PKIX_Error *
2600 pkix_pl_OcspResponse_GetStatus(
2601 PKIX_PL_OcspResponse *response,
2602 PKIX_Boolean *passed,
2603 SECErrorCodes *pReturnCode,
2604 void *plContext);
2606 PKIX_Error *
2607 pkix_pl_OcspResponse_VerifySignature(
2608 PKIX_PL_OcspResponse *response,
2609 PKIX_PL_Cert *cert,
2610 PKIX_ProcessingParams *procParams,
2611 PKIX_Boolean *pPassed,
2612 void **pNBIOContext,
2613 void *plContext);
2615 PKIX_Error *
2616 pkix_pl_OcspResponse_GetStatusForCert(
2617 PKIX_PL_OcspCertID *cid,
2618 PKIX_PL_OcspResponse *response,
2619 PKIX_Boolean *pPassed,
2620 SECErrorCodes *pReturnCode,
2621 void *plContext);
2623 #ifdef __cplusplus
2625 #endif
2627 #endif /* _PKIX_PL_PKI_H */