Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/libpkix/include/pkix_certsel.h @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1e5118fa0cb1
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * This file defines functions associated with the PKIX_CertSelector and the
6 * PKIX_ComCertSelParams types.
7 *
8 */
9
10 #ifndef _PKIX_CERTSEL_H
11 #define _PKIX_CERTSEL_H
12
13 #include "pkixt.h"
14
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18
19 /* General
20 *
21 * Please refer to the libpkix Programmer's Guide for detailed information
22 * about how to use the libpkix library. Certain key warnings and notices from
23 * that document are repeated here for emphasis.
24 *
25 * All identifiers in this file (and all public identifiers defined in
26 * libpkix) begin with "PKIX_". Private identifiers only intended for use
27 * within the library begin with "pkix_".
28 *
29 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
30 *
31 * Unless otherwise noted, for all accessor (gettor) functions that return a
32 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
33 * shared object. Therefore, the caller should treat this shared object as
34 * read-only and should not modify this shared object. When done using the
35 * shared object, the caller should release the reference to the object by
36 * using the PKIX_PL_Object_DecRef function.
37 *
38 * While a function is executing, if its arguments (or anything referred to by
39 * its arguments) are modified, free'd, or destroyed, the function's behavior
40 * is undefined.
41 *
42 */
43
44 /* PKIX_CertSelector
45 *
46 * PKIX_CertSelectors provide a standard way for the caller to select
47 * certificates based on particular criteria. A CertSelector is typically used
48 * by the caller to specify the constraints they wish to impose on the target
49 * certificate in a chain. (see pkix_params.h) A CertSelector is also often
50 * used to retrieve certificates from a CertStore that match the selector's
51 * criteria. (See pkix_certstore.h) For example, the caller may wish to only
52 * select those certificates that have a particular Subject Distinguished Name
53 * and a particular value for a private certificate extension. The
54 * MatchCallback allows the caller to specify the custom matching logic to be
55 * used by a CertSelector.
56 *
57 * By default, the MatchCallback is set to point to the default implementation
58 * provided by libpkix, which understands how to process the most common
59 * parameters. If the default implementation is used, the caller should set
60 * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams.
61 * Any common parameter that is not set is assumed to be disabled, which means
62 * the default MatchCallback implementation will select all certificates
63 * without regard to that particular disabled parameter. For example, if the
64 * SerialNumber parameter is not set, MatchCallback will not filter out any
65 * certificate based on its serial number. As such, if no parameters are set,
66 * all are disabled and any certificate will match. If a parameter is
67 * disabled, its associated PKIX_ComCertSelParams_Get* function returns a
68 * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints
69 * and PKIX_ComCertSelParams_GetVersion, or 0 for
70 * PKIX_ComCertSelParams_GetKeyUsage.
71 *
72 * If a custom implementation is desired, the default implementation can be
73 * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the
74 * CertSelector can be initialized with a certSelectorContext, which is where
75 * the caller can specify the desired parameters the caller wishes to match
76 * against. Note that this certSelectorContext must be an Object (although any
77 * object type), allowing it to be reference-counted and allowing it to
78 * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
79 * Duplicate).
80 *
81 */
82
83 /*
84 * FUNCTION: PKIX_CertSelector_MatchCallback
85 * DESCRIPTION:
86 *
87 * This callback function determines whether the specified Cert pointed to by
88 * "cert" matches the criteria of the CertSelector pointed to by "selector".
89 * If the Cert does not matches the CertSelector's criteria, an exception will
90 * be thrown.
91 *
92 * PARAMETERS:
93 * "selector"
94 * Address of CertSelector whose MatchCallback logic and parameters are
95 * to be used. Must be non-NULL.
96 * "cert"
97 * Address of Cert that is to be matched using "selector".
98 * Must be non-NULL.
99 * "plContext"
100 * Platform-specific context pointer.
101 * THREAD SAFETY:
102 * Thread Safe
103 *
104 * Multiple threads must be able to safely call this function without
105 * worrying about conflicts, even if they're operating on the same object.
106 * RETURNS:
107 * Returns NULL if the function succeeds.
108 * Returns a CertSelector Error if the function fails in a non-fatal way.
109 * Returns a Fatal Error if the function fails in an unrecoverable way.
110 */
111 typedef PKIX_Error *
112 (*PKIX_CertSelector_MatchCallback)(
113 PKIX_CertSelector *selector,
114 PKIX_PL_Cert *cert,
115 void *plContext);
116
117 /*
118 * FUNCTION: PKIX_CertSelector_Create
119 * DESCRIPTION:
120 *
121 * Creates a new CertSelector using the Object pointed to by
122 * "certSelectorContext" (if any) and stores it at "pSelector". As noted
123 * above, by default, the MatchCallback is set to point to the default
124 * implementation provided by libpkix, which understands how to process
125 * ComCertSelParams objects. This is overridden if the MatchCallback pointed
126 * to by "callback" is not NULL, in which case the parameters are specified
127 * using the certSelectorContext.
128 *
129 * PARAMETERS:
130 * "callback"
131 * The MatchCallback function to be used.
132 * "certSelectorContext"
133 * Address of Object representing the CertSelector's context (if any).
134 * "pSelector"
135 * Address where object pointer will be stored. Must be non-NULL.
136 * "plContext"
137 * Platform-specific context pointer.
138 * THREAD SAFETY:
139 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
140 * RETURNS:
141 * Returns NULL if the function succeeds.
142 * Returns a CertSelector Error if the function fails in a non-fatal way.
143 * Returns a Fatal Error if the function fails in an unrecoverable way.
144 */
145 PKIX_Error *
146 PKIX_CertSelector_Create(
147 PKIX_CertSelector_MatchCallback callback,
148 PKIX_PL_Object *certSelectorContext,
149 PKIX_CertSelector **pSelector,
150 void *plContext);
151
152 /*
153 * FUNCTION: PKIX_CertSelector_GetMatchCallback
154 * DESCRIPTION:
155 *
156 * Retrieves a pointer to "selector's" Match callback function and puts it in
157 * "pCallback".
158 *
159 * PARAMETERS:
160 * "selector"
161 * The CertSelector whose Match callback is desired. Must be non-NULL.
162 * "pCallback"
163 * Address where Match callback function pointer will be stored.
164 * Must be non-NULL.
165 * "plContext"
166 * Platform-specific context pointer.
167 * THREAD SAFETY:
168 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
169 * RETURNS:
170 * Returns NULL if the function succeeds.
171 * Returns a CertSelector Error if the function fails in a non-fatal way.
172 * Returns a Fatal Error if the function fails in an unrecoverable way.
173 */
174 PKIX_Error *
175 PKIX_CertSelector_GetMatchCallback(
176 PKIX_CertSelector *selector,
177 PKIX_CertSelector_MatchCallback *pCallback,
178 void *plContext);
179
180 /*
181 * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
182 * DESCRIPTION:
183 *
184 * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
185 * of the CertSelector pointed to by "selector" and stores it at
186 * "pCertSelectorContext".
187 *
188 * PARAMETERS:
189 * "selector"
190 * Address of CertSelector whose context is to be stored.
191 * Must be non-NULL.
192 * "pCertSelectorContext"
193 * Address where object pointer will be stored. Must be non-NULL.
194 * "plContext"
195 * Platform-specific context pointer.
196 * THREAD SAFETY:
197 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
198 * RETURNS:
199 * Returns NULL if the function succeeds.
200 * Returns a CertSelector Error if the function fails in a non-fatal way.
201 * Returns a Fatal Error if the function fails in an unrecoverable way.
202 */
203 PKIX_Error *
204 PKIX_CertSelector_GetCertSelectorContext(
205 PKIX_CertSelector *selector,
206 PKIX_PL_Object **pCertSelectorContext,
207 void *plContext);
208
209 /*
210 * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
211 * DESCRIPTION:
212 *
213 * Retrieves a pointer to the ComCertSelParams object that represent the
214 * common parameters of the CertSelector pointed to by "selector" and stores
215 * it at "pCommonCertSelectorParams". If there are no common parameters
216 * stored with the CertSelector, this function stores NULL at
217 * "pCommonCertSelectorParams".
218 *
219 * PARAMETERS:
220 * "selector"
221 * Address of CertSelector whose ComCertSelParams object is to be stored.
222 * Must be non-NULL.
223 * "pCommonCertSelectorParams"
224 * Address where object pointer will be stored. Must be non-NULL.
225 * "plContext"
226 * Platform-specific context pointer.
227 * THREAD SAFETY:
228 * Conditionally Thread Safe
229 * (see Thread Safety Definitions in Programmer's Guide)
230 * RETURNS:
231 * Returns NULL if the function succeeds.
232 * Returns a CertSelector Error if the function fails in a non-fatal way.
233 * Returns a Fatal Error if the function fails in an unrecoverable way.
234 */
235 PKIX_Error *
236 PKIX_CertSelector_GetCommonCertSelectorParams(
237 PKIX_CertSelector *selector,
238 PKIX_ComCertSelParams **pCommonCertSelectorParams,
239 void *plContext);
240
241 /*
242 * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
243 * DESCRIPTION:
244 *
245 * Sets the common parameters for the CertSelector pointed to by "selector"
246 * using the ComCertSelParams object pointed to by "commonCertSelectorParams".
247 *
248 * PARAMETERS:
249 * "selector"
250 * Address of CertSelector whose common parameters are to be set.
251 * Must be non-NULL.
252 * "commonCertSelectorParams"
253 * Address of ComCertSelParams object representing the common parameters.
254 * "plContext"
255 * Platform-specific context pointer.
256 * THREAD SAFETY:
257 * Not Thread Safe - assumes exclusive access to "selector"
258 * (see Thread Safety Definitions in Programmer's Guide)
259 * RETURNS:
260 * Returns NULL if the function succeeds.
261 * Returns a CertSelector Error if the function fails in a non-fatal way.
262 * Returns a Fatal Error if the function fails in an unrecoverable way.
263 */
264 PKIX_Error *
265 PKIX_CertSelector_SetCommonCertSelectorParams(
266 PKIX_CertSelector *selector,
267 PKIX_ComCertSelParams *commonCertSelectorParams,
268 void *plContext);
269
270 /* PKIX_ComCertSelParams
271 *
272 * PKIX_ComCertSelParams objects are X.509 parameters commonly used with
273 * CertSelectors, especially when enforcing constraints on a target
274 * certificate or determining which certificates to retrieve from a CertStore.
275 * ComCertSelParams objects are typically used with those CertSelectors that
276 * use the default implementation of MatchCallback, which understands how to
277 * process ComCertSelParams objects.
278 */
279
280 /*
281 * FUNCTION: PKIX_ComCertSelParams_Create
282 * DESCRIPTION:
283 *
284 * Creates a new ComCertSelParams object and stores it at "pParams".
285 *
286 * PARAMETERS:
287 * "pParams"
288 * Address where object pointer will be stored. Must be non-NULL.
289 * "plContext"
290 * Platform-specific context pointer.
291 * THREAD SAFETY:
292 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
293 * RETURNS:
294 * Returns NULL if the function succeeds.
295 * Returns a CertSelector Error if the function fails in a non-fatal way.
296 * Returns a Fatal Error if the function fails in an unrecoverable way.
297 */
298 PKIX_Error *
299 PKIX_ComCertSelParams_Create(
300 PKIX_ComCertSelParams **pParams,
301 void *plContext);
302
303 /*
304 * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
305 * DESCRIPTION:
306 *
307 * Retrieves a pointer to the List of GeneralNames (if any) representing the
308 * subject alternative names criterion that is set in the ComCertSelParams
309 * object pointed to by "params" and stores it at "pNames". In order to match
310 * against this criterion, a certificate must contain all or at least one of
311 * the criterion's subject alternative names (depending on the result of
312 * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior
313 * requires a certificate to contain all of the criterion's subject
314 * alternative names in order to match.
315 *
316 * If "params" does not have this criterion set, this function stores NULL at
317 * "pNames", in which case all certificates are considered to match this
318 * criterion.
319 *
320 * Note that the List returned by this function is immutable.
321 *
322 * PARAMETERS:
323 * "params"
324 * Address of ComCertSelParams object whose subject alternative names
325 * criterion (if any) is to be stored. Must be non-NULL.
326 * "pNames"
327 * Address where object pointer will be stored. Must be non-NULL.
328 * "plContext"
329 * Platform-specific context pointer.
330 * THREAD SAFETY:
331 * Conditionally Thread Safe
332 * (see Thread Safety Definitions in Programmer's Guide)
333 * RETURNS:
334 * Returns NULL if the function succeeds.
335 * Returns a CertSelector Error if the function fails in a non-fatal way.
336 * Returns a Fatal Error if the function fails in an unrecoverable way.
337 */
338 PKIX_Error *
339 PKIX_ComCertSelParams_GetSubjAltNames(
340 PKIX_ComCertSelParams *params,
341 PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
342 void *plContext);
343
344 /*
345 * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
346 * DESCRIPTION:
347 *
348 * Sets the subject alternative names criterion of the ComCertSelParams object
349 * pointed to by "params" using a List of GeneralNames pointed to by "names".
350 * In order to match against this criterion, a certificate must contain all or
351 * at least one of the criterion's subject alternative names (depending on the
352 * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
353 * behavior requires a certificate to contain all of the criterion's subject
354 * alternative names in order to match.
355 *
356 * If "names" is NULL, all certificates are considered to match this
357 * criterion.
358 *
359 * PARAMETERS:
360 * "params"
361 * Address of ComCertSelParams object whose subject alternative
362 * names criterion is to be set. Must be non-NULL.
363 * "names"
364 * Address of List of GeneralNames used to set the criterion
365 * (or NULL to disable the criterion).
366 * "plContext"
367 * Platform-specific context pointer.
368 * THREAD SAFETY:
369 * Not Thread Safe - assumes exclusive access to "params"
370 * (see Thread Safety Definitions in Programmer's Guide)
371 * RETURNS:
372 * Returns NULL if the function succeeds.
373 * Returns a CertSelector Error if the function fails in a non-fatal way.
374 * Returns a Fatal Error if the function fails in an unrecoverable way.
375 */
376 PKIX_Error *
377 PKIX_ComCertSelParams_SetSubjAltNames(
378 PKIX_ComCertSelParams *params,
379 PKIX_List *names, /* list of PKIX_PL_GeneralName */
380 void *plContext);
381
382 /*
383 * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName
384 * DESCRIPTION:
385 *
386 * Adds to the subject alternative names criterion of the ComCertSelParams
387 * object pointed to by "params" using the GeneralName pointed to by "name".
388 * In order to match against this criterion, a certificate must contain all
389 * or at least one of the criterion's subject alternative names (depending on
390 * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
391 * behavior requires a certificate to contain all of the criterion's subject
392 * alternative names in order to match.
393 *
394 * PARAMETERS:
395 * "params"
396 * Address of ComCertSelParams object whose subject alternative names
397 * criterion is to be added to. Must be non-NULL.
398 * "name"
399 * Address of GeneralName to be added.
400 * "plContext"
401 * Platform-specific context pointer.
402 * THREAD SAFETY:
403 * Not Thread Safe - assumes exclusive access to "params"
404 * (see Thread Safety Definitions in Programmer's Guide)
405 * RETURNS:
406 * Returns NULL if the function succeeds.
407 * Returns a CertSelector Error if the function fails in a non-fatal way.
408 * Returns a Fatal Error if the function fails in an unrecoverable way.
409 */
410 PKIX_Error *
411 PKIX_ComCertSelParams_AddSubjAltName(
412 PKIX_ComCertSelParams *params,
413 PKIX_PL_GeneralName *name,
414 void *plContext);
415
416 /*
417 * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
418 * DESCRIPTION:
419 *
420 * Retrieves a pointer to the List of GeneralNames (if any) representing the
421 * path to names criterion that is set in the ComCertSelParams object pointed
422 * to by "params" and stores it at "pNames". In order to match against this
423 * criterion, a certificate must not include name constraints that would
424 * prohibit building a path to the criterion's specified names.
425 *
426 * If "params" does not have this criterion set, this function stores NULL at
427 * "pNames", in which case all certificates are considered to match this
428 * criterion.
429 *
430 * Note that the List returned by this function is immutable.
431 *
432 * PARAMETERS:
433 * "params"
434 * Address of ComCertSelParams object whose path to names criterion
435 * (if any) is to be stored. Must be non-NULL.
436 * "pNames"
437 * Address where object pointer will be stored. Must be non-NULL.
438 * "plContext"
439 * Platform-specific context pointer.
440 * THREAD SAFETY:
441 * Conditionally Thread Safe
442 * (see Thread Safety Definitions in Programmer's Guide)
443 * RETURNS:
444 * Returns NULL if the function succeeds.
445 * Returns a CertSelector Error if the function fails in a non-fatal way.
446 * Returns a Fatal Error if the function fails in an unrecoverable way.
447 */
448 PKIX_Error *
449 PKIX_ComCertSelParams_GetPathToNames(
450 PKIX_ComCertSelParams *params,
451 PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
452 void *plContext);
453
454 /*
455 * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
456 * DESCRIPTION:
457 *
458 * Sets the path to names criterion of the ComCertSelParams object pointed to
459 * by "params" using a List of GeneralNames pointed to by "names". In order to
460 * match against this criterion, a certificate must not include name
461 * constraints that would prohibit building a path to the criterion's
462 * specified names.
463 *
464 * If "names" is NULL, all certificates are considered to match this
465 * criterion.
466 *
467 * PARAMETERS:
468 * "params"
469 * Address of ComCertSelParams object whose path to names criterion
470 * is to be set. Must be non-NULL.
471 * "names"
472 * Address of List of GeneralNames used to set the criterion
473 * (or NULL to disable the criterion).
474 * "plContext"
475 * Platform-specific context pointer.
476 * THREAD SAFETY:
477 * Not Thread Safe - assumes exclusive access to "params"
478 * (see Thread Safety Definitions in Programmer's Guide)
479 * RETURNS:
480 * Returns NULL if the function succeeds.
481 * Returns a CertSelector Error if the function fails in a non-fatal way.
482 * Returns a Fatal Error if the function fails in an unrecoverable way.
483 */
484 PKIX_Error *
485 PKIX_ComCertSelParams_SetPathToNames(
486 PKIX_ComCertSelParams *params,
487 PKIX_List *names, /* list of PKIX_PL_GeneralName */
488 void *plContext);
489
490 /*
491 * FUNCTION: PKIX_ComCertSelParams_AddPathToName
492 * DESCRIPTION:
493 *
494 * Adds to the path to names criterion of the ComCertSelParams object pointed
495 * to by "params" using the GeneralName pointed to by "pathToName". In order
496 * to match against this criterion, a certificate must not include name
497 * constraints that would prohibit building a path to the criterion's
498 * specified names.
499 *
500 * PARAMETERS:
501 * "params"
502 * Address of ComCertSelParams object whose path to names criterion is to
503 * be added to. Must be non-NULL.
504 * "pathToName"
505 * Address of GeneralName to be added.
506 * "plContext"
507 * Platform-specific context pointer.
508 * THREAD SAFETY:
509 * Not Thread Safe - assumes exclusive access to "params"
510 * (see Thread Safety Definitions in Programmer's Guide)
511 * RETURNS:
512 * Returns NULL if the function succeeds.
513 * Returns a CertSelector Error if the function fails in a non-fatal way.
514 * Returns a Fatal Error if the function fails in an unrecoverable way.
515 */
516 PKIX_Error *
517 PKIX_ComCertSelParams_AddPathToName(
518 PKIX_ComCertSelParams *params,
519 PKIX_PL_GeneralName *pathToName,
520 void *plContext);
521
522 /*
523 * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
524 * DESCRIPTION:
525 *
526 * Retrieves a pointer to the ByteArray (if any) representing the authority
527 * key identifier criterion that is set in the ComCertSelParams object
528 * pointed to by "params" and stores it at "pAuthKeyId". In order to match
529 * against this criterion, a certificate must contain an
530 * AuthorityKeyIdentifier extension whose value matches the criterion's
531 * authority key identifier value.
532 *
533 * If "params" does not have this criterion set, this function stores NULL at
534 * "pAuthKeyId", in which case all certificates are considered to match this
535 * criterion.
536 *
537 * PARAMETERS:
538 * "params"
539 * Address of ComCertSelParams object whose authority key identifier
540 * criterion (if any) is to be stored. Must be non-NULL.
541 * "pAuthKeyId"
542 * Address where object pointer will be stored. Must be non-NULL.
543 * "plContext"
544 * Platform-specific context pointer.
545 * THREAD SAFETY:
546 * Conditionally Thread Safe
547 * (see Thread Safety Definitions in Programmer's Guide)
548 * RETURNS:
549 * Returns NULL if the function succeeds.
550 * Returns a CertSelector Error if the function fails in a non-fatal way.
551 * Returns a Fatal Error if the function fails in an unrecoverable way.
552 */
553 PKIX_Error *
554 PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
555 PKIX_ComCertSelParams *params,
556 PKIX_PL_ByteArray **pAuthKeyId,
557 void *plContext);
558
559 /*
560 * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
561 * DESCRIPTION:
562 *
563 * Sets the authority key identifier criterion of the ComCertSelParams object
564 * pointed to by "params" to the ByteArray pointed to by "authKeyId". In
565 * order to match against this criterion, a certificate must contain an
566 * AuthorityKeyIdentifier extension whose value matches the criterion's
567 * authority key identifier value.
568 *
569 * PARAMETERS:
570 * "params"
571 * Address of ComCertSelParams object whose authority key identifier
572 * criterion is to be set. Must be non-NULL.
573 * "authKeyId"
574 * Address of ByteArray used to set the criterion
575 * "plContext"
576 * Platform-specific context pointer.
577 * THREAD SAFETY:
578 * Not Thread Safe - assumes exclusive access to "params"
579 * (see Thread Safety Definitions in Programmer's Guide)
580 * RETURNS:
581 * Returns NULL if the function succeeds.
582 * Returns a CertSelector Error if the function fails in a non-fatal way.
583 * Returns a Fatal Error if the function fails in an unrecoverable way.
584 */
585 PKIX_Error *
586 PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
587 PKIX_ComCertSelParams *params,
588 PKIX_PL_ByteArray *authKeyId,
589 void *plContext);
590
591 /*
592 * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
593 * DESCRIPTION:
594 *
595 * Retrieves a pointer to the ByteArray (if any) representing the subject key
596 * identifier criterion that is set in the ComCertSelParams object pointed to
597 * by "params" and stores it at "pSubjKeyId". In order to match against this
598 * criterion, a certificate must contain a SubjectKeyIdentifier extension
599 * whose value matches the criterion's subject key identifier value.
600 *
601 * If "params" does not have this criterion set, this function stores NULL at
602 * "pSubjKeyId", in which case all certificates are considered to match this
603 * criterion.
604 *
605 * PARAMETERS:
606 * "params"
607 * Address of ComCertSelParams object whose subject key identifier
608 * criterion (if any) is to be stored. Must be non-NULL.
609 * "pSubjKeyId"
610 * Address where object pointer will be stored. Must be non-NULL.
611 * "plContext"
612 * Platform-specific context pointer.
613 * THREAD SAFETY:
614 * Conditionally Thread Safe
615 * (see Thread Safety Definitions in Programmer's Guide)
616 * RETURNS:
617 * Returns NULL if the function succeeds.
618 * Returns a CertSelector Error if the function fails in a non-fatal way.
619 * Returns a Fatal Error if the function fails in an unrecoverable way.
620 */
621 PKIX_Error *
622 PKIX_ComCertSelParams_GetSubjKeyIdentifier(
623 PKIX_ComCertSelParams *params,
624 PKIX_PL_ByteArray **pSubjKeyId,
625 void *plContext);
626
627 /*
628 * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
629 * DESCRIPTION:
630 *
631 * Sets the subject key identifier criterion of the ComCertSelParams object
632 * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In
633 * order to match against this criterion, a certificate must contain an
634 * SubjectKeyIdentifier extension whose value matches the criterion's subject
635 * key identifier value.
636 *
637 * PARAMETERS:
638 * "params"
639 * Address of ComCertSelParams object whose subject key identifier
640 * criterion is to be set. Must be non-NULL.
641 * "subjKeyId"
642 * Address of ByteArray used to set the criterion
643 * "plContext"
644 * Platform-specific context pointer.
645 * THREAD SAFETY:
646 * Not Thread Safe - assumes exclusive access to "params"
647 * (see Thread Safety Definitions in Programmer's Guide)
648 * RETURNS:
649 * Returns NULL if the function succeeds.
650 * Returns a CertSelector Error if the function fails in a non-fatal way.
651 * Returns a Fatal Error if the function fails in an unrecoverable way.
652 */
653 PKIX_Error *
654 PKIX_ComCertSelParams_SetSubjKeyIdentifier(
655 PKIX_ComCertSelParams *params,
656 PKIX_PL_ByteArray *subKeyId,
657 void *plContext);
658
659 /*
660 * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
661 * DESCRIPTION:
662 *
663 * Retrieves a pointer to the PublicKey (if any) representing the subject
664 * public key criterion that is set in the ComCertSelParams object pointed to
665 * by "params" and stores it at "pPubKey". In order to match against this
666 * criterion, a certificate must contain a SubjectPublicKey that matches the
667 * criterion's public key.
668 *
669 * If "params" does not have this criterion set, this function stores NULL at
670 * "pPubKey", in which case all certificates are considered to match this
671 * criterion.
672 *
673 * PARAMETERS:
674 * "params"
675 * Address of ComCertSelParams object whose subject public key criterion
676 * (if any) is to be stored. Must be non-NULL.
677 * "pPubKey"
678 * Address where object pointer will be stored. Must be non-NULL.
679 * "plContext"
680 * Platform-specific context pointer.
681 * THREAD SAFETY:
682 * Conditionally Thread Safe
683 * (see Thread Safety Definitions in Programmer's Guide)
684 * RETURNS:
685 * Returns NULL if the function succeeds.
686 * Returns a CertSelector Error if the function fails in a non-fatal way.
687 * Returns a Fatal Error if the function fails in an unrecoverable way.
688 */
689 PKIX_Error *
690 PKIX_ComCertSelParams_GetSubjPubKey(
691 PKIX_ComCertSelParams *params,
692 PKIX_PL_PublicKey **pPubKey,
693 void *plContext);
694
695 /*
696 * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
697 * DESCRIPTION:
698 *
699 * Sets the subject public key criterion of the ComCertSelParams object
700 * pointed to by "params" using a PublicKey pointed to by "pubKey". In order
701 * to match against this criterion, a certificate must contain a
702 * SubjectPublicKey that matches the criterion's public key.
703 *
704 * PARAMETERS:
705 * "params"
706 * Address of ComCertSelParams object whose subject public key
707 * criterion is to be set. Must be non-NULL.
708 * "pubKey"
709 * Address of PublicKey used to set the criterion
710 * "plContext"
711 * Platform-specific context pointer.
712 * THREAD SAFETY:
713 * Not Thread Safe - assumes exclusive access to "params"
714 * (see Thread Safety Definitions in Programmer's Guide)
715 * RETURNS:
716 * Returns NULL if the function succeeds.
717 * Returns a CertSelector Error if the function fails in a non-fatal way.
718 * Returns a Fatal Error if the function fails in an unrecoverable way.
719 */
720 PKIX_Error *
721 PKIX_ComCertSelParams_SetSubjPubKey(
722 PKIX_ComCertSelParams *params,
723 PKIX_PL_PublicKey *pubKey,
724 void *plContext);
725
726 /*
727 * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
728 * DESCRIPTION:
729 *
730 * Retrieves a pointer to the OID (if any) representing the subject public key
731 * algorithm identifier criterion that is set in the ComCertSelParams object
732 * pointed to by "params" and stores it at "pPubKey". In order to match
733 * against this criterion, a certificate must contain a SubjectPublicKey with
734 * an algorithm that matches the criterion's algorithm.
735 *
736 * If "params" does not have this criterion set, this function stores NULL at
737 * "pAlgId", in which case all certificates are considered to match this
738 * criterion.
739 *
740 * PARAMETERS:
741 * "params"
742 * Address of ComCertSelParams object whose subject public key algorithm
743 * identifier (if any) is to be stored. Must be non-NULL.
744 * "pAlgId"
745 * Address where object pointer will be stored. Must be non-NULL.
746 * "plContext"
747 * Platform-specific context pointer.
748 * THREAD SAFETY:
749 * Conditionally Thread Safe
750 * (see Thread Safety Definitions in Programmer's Guide)
751 * RETURNS:
752 * Returns NULL if the function succeeds.
753 * Returns a CertSelector Error if the function fails in a non-fatal way.
754 * Returns a Fatal Error if the function fails in an unrecoverable way.
755 */
756 PKIX_Error *
757 PKIX_ComCertSelParams_GetSubjPKAlgId(
758 PKIX_ComCertSelParams *params,
759 PKIX_PL_OID **pAlgId,
760 void *plContext);
761
762 /*
763 * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
764 * DESCRIPTION:
765 *
766 * Sets the subject public key algorithm identifier criterion of the
767 * ComCertSelParams object pointed to by "params" using an OID pointed to by
768 * "algId". In order to match against this criterion, a certificate must
769 * contain a SubjectPublicKey with an algorithm that matches the criterion's
770 * algorithm.
771 *
772 * If "algId" is NULL, all certificates are considered to match this
773 * criterion.
774 *
775 * PARAMETERS:
776 * "params"
777 * Address of ComCertSelParams object whose subject public key
778 * algorithm identifier criterion is to be set. Must be non-NULL.
779 * "algId"
780 * Address of OID used to set criterion
781 * (or NULL to disable the criterion).
782 * "plContext"
783 * Platform-specific context pointer.
784 * THREAD SAFETY:
785 * Not Thread Safe - assumes exclusive access to "params"
786 * (see Thread Safety Definitions in Programmer's Guide)
787 * RETURNS:
788 * Returns NULL if the function succeeds.
789 * Returns a CertSelector Error if the function fails in a non-fatal way.
790 * Returns a Fatal Error if the function fails in an unrecoverable way.
791 */
792 PKIX_Error *
793 PKIX_ComCertSelParams_SetSubjPKAlgId(
794 PKIX_ComCertSelParams *params,
795 PKIX_PL_OID *algId,
796 void *plContext);
797
798 /*
799 * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
800 * DESCRIPTION:
801 *
802 * Retrieves a pointer to the minimum path length (if any) representing the
803 * basic constraints criterion that is set in the ComCertSelParams object
804 * pointed to by "params" and stores it at "pMinPathLength". In order to
805 * match against this criterion, there are several possibilities.
806 *
807 * 1) If the criterion's minimum path length is greater than or equal to zero,
808 * a certificate must include a BasicConstraints extension with a pathLen of
809 * at least this value.
810 *
811 * 2) If the criterion's minimum path length is -2, a certificate must be an
812 * end-entity certificate.
813 *
814 * 3) If the criterion's minimum path length is -1, no basic constraints check
815 * is done and all certificates are considered to match this criterion.
816 *
817 * The semantics of other values of the criterion's minimum path length are
818 * undefined but may be defined in future versions of the API.
819 *
820 * If "params" does not have this criterion set, this function stores -1 at
821 * "pMinPathLength", in which case all certificates are considered to match
822 * this criterion.
823 *
824 * PARAMETERS:
825 * "params"
826 * Address of ComCertSelParams object whose basic constraints criterion
827 * (if any) is to be stored. Must be non-NULL.
828 * "pMinPathLength"
829 * Address where PKIX_Int32 will be stored. Must be non-NULL.
830 * "plContext"
831 * Platform-specific context pointer.
832 * THREAD SAFETY:
833 * Conditionally Thread Safe
834 * (see Thread Safety Definitions in Programmer's Guide)
835 * RETURNS:
836 * Returns NULL if the function succeeds.
837 * Returns a CertSelector Error if the function fails in a non-fatal way.
838 * Returns a Fatal Error if the function fails in an unrecoverable way.
839 */
840 PKIX_Error *
841 PKIX_ComCertSelParams_GetBasicConstraints(
842 PKIX_ComCertSelParams *params,
843 PKIX_Int32 *pMinPathLength,
844 void *plContext);
845
846 /*
847 * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
848 * DESCRIPTION:
849 *
850 * Sets the basic constraints criterion of the ComCertSelParams object
851 * pointed to by "params" using the integer value of "minPathLength". In
852 * order to match against this criterion, there are several possibilities.
853 *
854 * 1) If the criterion's minimum path length is greater than or equal to zero,
855 * a certificate must include a BasicConstraints extension with a pathLen of
856 * at least this value.
857 *
858 * 2) If the criterion's minimum path length is -2, a certificate must be an
859 * end-entity certificate.
860 *
861 * 3) If the criterion's minimum path length is -1, no basic constraints check
862 * is done and all certificates are considered to match this criterion.
863 *
864 * The semantics of other values of the criterion's minimum path length are
865 * undefined but may be defined in future versions of the API.
866 *
867 * PARAMETERS:
868 * "params"
869 * Address of ComCertSelParams object whose basic constraints
870 * criterion is to be set. Must be non-NULL.
871 * "minPathLength"
872 * Value of PKIX_Int32 used to set the criterion
873 * (or -1 to disable the criterion).
874 * "plContext"
875 * Platform-specific context pointer.
876 * THREAD SAFETY:
877 * Not Thread Safe - assumes exclusive access to "params"
878 * (see Thread Safety Definitions in Programmer's Guide)
879 * RETURNS:
880 * Returns NULL if the function succeeds.
881 * Returns a CertSelector Error if the function fails in a non-fatal way.
882 * Returns a Fatal Error if the function fails in an unrecoverable way.
883 */
884 PKIX_Error *
885 PKIX_ComCertSelParams_SetBasicConstraints(
886 PKIX_ComCertSelParams *params,
887 PKIX_Int32 minPathLength,
888 void *plContext);
889
890 /*
891 * FUNCTION: PKIX_ComCertSelParams_GetCertificate
892 * DESCRIPTION:
893 *
894 * Retrieves a pointer to the Cert (if any) representing the certificate
895 * criterion that is set in the ComCertSelParams object pointed to by
896 * "params" and stores it at "pCert". In order to match against this
897 * criterion, a certificate must be equal to the criterion's certificate. If
898 * this criterion is specified, it is usually not necessary to specify any
899 * other criteria, since this criterion requires an exact certificate match.
900 *
901 * If "params" does not have this criterion set, this function stores NULL at
902 * "pCert", in which case all certificates are considered to match this
903 * criterion.
904 *
905 * PARAMETERS:
906 * "params"
907 * Address of ComCertSelParams object whose certificate criterion
908 * (if any) is to be stored. Must be non-NULL.
909 * "pCert"
910 * Address where object pointer will be stored. Must be non-NULL.
911 * "plContext"
912 * Platform-specific context pointer.
913 * THREAD SAFETY:
914 * Conditionally Thread Safe
915 * (see Thread Safety Definitions in Programmer's Guide)
916 * RETURNS:
917 * Returns NULL if the function succeeds.
918 * Returns a CertSelector Error if the function fails in a non-fatal way.
919 * Returns a Fatal Error if the function fails in an unrecoverable way.
920 */
921 PKIX_Error *
922 PKIX_ComCertSelParams_GetCertificate(
923 PKIX_ComCertSelParams *params,
924 PKIX_PL_Cert **pCert,
925 void *plContext);
926
927 /*
928 * FUNCTION: PKIX_ComCertSelParams_SetCertificate
929 * DESCRIPTION:
930 *
931 * Sets the certificate criterion of the ComCertSelParams object pointed to by
932 * "params" using a Cert pointed to by "cert". In order to match against this
933 * criterion, a certificate must be equal to the criterion's certificate.
934 * If this criterion is specified, it is usually not necessary to specify
935 * any other criteria, since this criterion requires an exact certificate
936 * match.
937 *
938 * If "cert" is NULL, all certificates are considered to match this criterion.
939 *
940 * PARAMETERS:
941 * "params"
942 * Address of ComCertSelParams object whose certificate criterion is to be
943 * set. Must be non-NULL.
944 * "cert"
945 * Address of Cert used to set the criterion
946 * (or NULL to disable the criterion).
947 * "plContext"
948 * Platform-specific context pointer.
949 * THREAD SAFETY:
950 * Not Thread Safe - assumes exclusive access to "params"
951 * (see Thread Safety Definitions in Programmer's Guide)
952 * RETURNS:
953 * Returns NULL if the function succeeds.
954 * Returns a CertSelector Error if the function fails in a non-fatal way.
955 * Returns a Fatal Error if the function fails in an unrecoverable way.
956 */
957 PKIX_Error *
958 PKIX_ComCertSelParams_SetCertificate(
959 PKIX_ComCertSelParams *params,
960 PKIX_PL_Cert *cert,
961 void *plContext);
962
963 /*
964 * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
965 * DESCRIPTION:
966 *
967 * Retrieves a pointer to the Date (if any) representing the certificate
968 * validity criterion that is set in the ComCertSelParams object pointed to by
969 * "params" and stores it at "pDate". In order to match against this
970 * criterion, a certificate's validity period must include the criterion's
971 * Date.
972 *
973 * If "params" does not have this criterion set, this function stores NULL at
974 * "pDate", in which case all certificates are considered to match this
975 * criterion.
976 *
977 * PARAMETERS:
978 * "params"
979 * Address of ComCertSelParams object whose certificate validity criterion
980 * (if any) is to be stored. Must be non-NULL.
981 * "pDate"
982 * Address where object pointer will be stored. Must be non-NULL.
983 * "plContext"
984 * Platform-specific context pointer.
985 * THREAD SAFETY:
986 * Conditionally Thread Safe
987 * (see Thread Safety Definitions in Programmer's Guide)
988 * RETURNS:
989 * Returns NULL if the function succeeds.
990 * Returns a CertSelector Error if the function fails in a non-fatal way.
991 * Returns a Fatal Error if the function fails in an unrecoverable way.
992 */
993 PKIX_Error *
994 PKIX_ComCertSelParams_GetCertificateValid(
995 PKIX_ComCertSelParams *params,
996 PKIX_PL_Date **pDate,
997 void *plContext);
998
999 /*
1000 * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
1001 * DESCRIPTION:
1002 *
1003 * Sets the certificate validity criterion of the ComCertSelParams object
1004 * pointed to by "params" using a Date pointed to by "date". In order to
1005 * match against this criterion, a certificate's validity period must include
1006 * the criterion's Date.
1007 *
1008 * If "date" is NULL, all certificates are considered to match this criterion.
1009 *
1010 * PARAMETERS:
1011 * "params"
1012 * Address of ComCertSelParams object whose certificate validity criterion
1013 * is to be set. Must be non-NULL.
1014 * "date"
1015 * Address of Date used to set the criterion
1016 * (or NULL to disable the criterion).
1017 * "plContext"
1018 * Platform-specific context pointer.
1019 * THREAD SAFETY:
1020 * Not Thread Safe - assumes exclusive access to "params"
1021 * (see Thread Safety Definitions in Programmer's Guide)
1022 * RETURNS:
1023 * Returns NULL if the function succeeds.
1024 * Returns a CertSelector Error if the function fails in a non-fatal way.
1025 * Returns a Fatal Error if the function fails in an unrecoverable way.
1026 */
1027 PKIX_Error *
1028 PKIX_ComCertSelParams_SetCertificateValid(
1029 PKIX_ComCertSelParams *params,
1030 PKIX_PL_Date *date,
1031 void *plContext);
1032
1033 /*
1034 * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
1035 * DESCRIPTION:
1036 *
1037 * Retrieves a pointer to the BigInt (if any) representing the serial number
1038 * criterion that is set in the ComCertSelParams object pointed to by
1039 * "params" and stores it at "pSerialNumber". In order to match against this
1040 * criterion, a certificate must have a serial number equal to the
1041 * criterion's serial number.
1042 *
1043 * If "params" does not have this criterion set, this function stores NULL at
1044 * "pSerialNumber", in which case all certificates are considered to match
1045 * this criterion.
1046 *
1047 * PARAMETERS:
1048 * "params"
1049 * Address of ComCertSelParams object whose serial number criterion
1050 * (if any) is to be stored. Must be non-NULL.
1051 * "pSerialNumber"
1052 * Address where object pointer will be stored. Must be non-NULL.
1053 * "plContext"
1054 * Platform-specific context pointer.
1055 * THREAD SAFETY:
1056 * Conditionally Thread Safe
1057 * (see Thread Safety Definitions in Programmer's Guide)
1058 * RETURNS:
1059 * Returns NULL if the function succeeds.
1060 * Returns a CertSelector Error if the function fails in a non-fatal way.
1061 * Returns a Fatal Error if the function fails in an unrecoverable way.
1062 */
1063 PKIX_Error *
1064 PKIX_ComCertSelParams_GetSerialNumber(
1065 PKIX_ComCertSelParams *params,
1066 PKIX_PL_BigInt **pSerialNumber,
1067 void *plContext);
1068
1069 /*
1070 * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
1071 * DESCRIPTION:
1072 *
1073 * Sets the serial number criterion of the ComCertSelParams object pointed to
1074 * by "params" using a BigInt pointed to by "serialNumber". In order to match
1075 * against this criterion, a certificate must have a serial number equal to
1076 * the criterion's serial number.
1077 *
1078 * If "serialNumber" is NULL, all certificates are considered to match this
1079 * criterion.
1080 *
1081 * PARAMETERS:
1082 * "params"
1083 * Address of ComCertSelParams object whose serial number criterion is to
1084 * be set. Must be non-NULL.
1085 * "serialNumber"
1086 * Address of BigInt used to set the criterion
1087 * (or NULL to disable the criterion).
1088 * "plContext"
1089 * Platform-specific context pointer.
1090 * THREAD SAFETY:
1091 * Not Thread Safe - assumes exclusive access to "params"
1092 * (see Thread Safety Definitions in Programmer's Guide)
1093 * RETURNS:
1094 * Returns NULL if the function succeeds.
1095 * Returns a CertSelector Error if the function fails in a non-fatal way.
1096 * Returns a Fatal Error if the function fails in an unrecoverable way.
1097 */
1098 PKIX_Error *
1099 PKIX_ComCertSelParams_SetSerialNumber(
1100 PKIX_ComCertSelParams *params,
1101 PKIX_PL_BigInt *serialNumber,
1102 void *plContext);
1103
1104 /*
1105 * FUNCTION: PKIX_ComCertSelParams_GetVersion
1106 * DESCRIPTION:
1107 *
1108 * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is
1109 * set in the ComCertSelParams object pointed to by "params" and stores it at
1110 * "pVersion". In order to match against this criterion, a certificate's
1111 * version must be equal to the criterion's version.
1112 *
1113 * The version number will either be 0, 1, or 2 (corresponding to
1114 * v1, v2, or v3, respectively).
1115 *
1116 * If "params" does not have this criterion set, this function stores
1117 * 0xFFFFFFFF at "pVersion", in which case all certificates are considered
1118 * to match this criterion.
1119 *
1120 * PARAMETERS:
1121 * "params"
1122 * Address of ComCertSelParams object whose version criterion (if any) is
1123 * to be stored. Must be non-NULL.
1124 * "pVersion"
1125 * Address where PKIX_Int32 will be stored. Must be non-NULL.
1126 * "plContext"
1127 * Platform-specific context pointer.
1128 * THREAD SAFETY:
1129 * Conditionally Thread Safe
1130 * (see Thread Safety Definitions in Programmer's Guide)
1131 * RETURNS:
1132 * Returns NULL if the function succeeds.
1133 * Returns a CertSelector Error if the function fails in a non-fatal way.
1134 * Returns a Fatal Error if the function fails in an unrecoverable way.
1135 */
1136 PKIX_Error *
1137 PKIX_ComCertSelParams_GetVersion(
1138 PKIX_ComCertSelParams *params,
1139 PKIX_UInt32 *pVersion,
1140 void *plContext);
1141
1142 /*
1143 * FUNCTION: PKIX_ComCertSelParams_SetVersion
1144 * DESCRIPTION:
1145 *
1146 * Sets the version criterion of the ComCertSelParams object pointed to by
1147 * "params" using the integer value of "version". In order to match against
1148 * this criterion, a certificate's version must be equal to the criterion's
1149 * version. If the criterion's version is -1, no version check is done and
1150 * all certificates are considered to match this criterion.
1151 *
1152 * PARAMETERS:
1153 * "params"
1154 * Address of ComCertSelParams object whose version criterion is to be
1155 * set. Must be non-NULL.
1156 * "version"
1157 * Value of PKIX_Int32 used to set the criterion
1158 * (or -1 to disable the criterion).
1159 * "plContext"
1160 * Platform-specific context pointer.
1161 * THREAD SAFETY:
1162 * Not Thread Safe - assumes exclusive access to "params"
1163 * (see Thread Safety Definitions in Programmer's Guide)
1164 * RETURNS:
1165 * Returns NULL if the function succeeds.
1166 * Returns a CertSelector Error if the function fails in a non-fatal way.
1167 * Returns a Fatal Error if the function fails in an unrecoverable way.
1168 */
1169 PKIX_Error *
1170 PKIX_ComCertSelParams_SetVersion(
1171 PKIX_ComCertSelParams *params,
1172 PKIX_Int32 version,
1173 void *plContext);
1174
1175
1176 /*
1177 * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
1178 * DESCRIPTION:
1179 *
1180 * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that
1181 * is set in the ComCertSelParams object pointed to by "params" and stores it
1182 * at "pKeyUsage". In order to match against this criterion, a certificate
1183 * must allow the criterion's key usage values. Note that a certificate that
1184 * has no KeyUsage extension implicity allows all key usages. Note also that
1185 * this functions supports a maximum of 32 key usage bits.
1186 *
1187 * If "params" does not have this criterion set, this function stores zero at
1188 * "pKeyUsage", in which case all certificates are considered to match this
1189 * criterion.
1190 *
1191 * PARAMETERS:
1192 * "params"
1193 * Address of ComCertSelParams object whose key usage criterion (if any)
1194 * is to be stored. Must be non-NULL.
1195 * "pKeyUsage"
1196 * Address where PKIX_UInt32 will be stored. Must not be non-NULL.
1197 * "plContext"
1198 * Platform-specific context pointer.
1199 * THREAD SAFETY:
1200 * Conditionally Thread Safe
1201 * (see Thread Safety Definitions in Programmer's Guide)
1202 * RETURNS:
1203 * Returns NULL if the function succeeds.
1204 * Returns a CertSelector Error if the function fails in a non-fatal way.
1205 * Returns a Fatal Error if the function fails in an unrecoverable way.
1206 */
1207 PKIX_Error *
1208 PKIX_ComCertSelParams_GetKeyUsage(
1209 PKIX_ComCertSelParams *params,
1210 PKIX_UInt32 *pKeyUsage,
1211 void *plContext);
1212
1213 /*
1214 * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
1215 * DESCRIPTION:
1216 *
1217 * Sets the key usage criterion of the ComCertSelParams object pointed to by
1218 * "params" using the integer value of "keyUsage". In order to match against
1219 * this criterion, a certificate must allow the criterion's key usage values.
1220 * Note that a certificate that has no KeyUsage extension implicity allows
1221 * all key usages. Note also that this functions supports a maximum of 32 key
1222 * usage bits.
1223 *
1224 * If the criterion's key usage value is zero, no key usage check is done and
1225 * all certificates are considered to match this criterion.
1226 *
1227 * PARAMETERS:
1228 * "params"
1229 * Address of ComCertSelParams object whose key usage criterion is to be
1230 * set. Must be non-NULL.
1231 * "keyUsage"
1232 * Value of PKIX_Int32 used to set the criterion
1233 * (or zero to disable the criterion).
1234 * "plContext"
1235 * Platform-specific context pointer.
1236 * THREAD SAFETY:
1237 * Not Thread Safe - assumes exclusive access to "params"
1238 * (see Thread Safety Definitions in Programmer's Guide)
1239 * RETURNS:
1240 * Returns NULL if the function succeeds.
1241 * Returns a CertSelector Error if the function fails in a non-fatal way.
1242 * Returns a Fatal Error if the function fails in an unrecoverable way.
1243 */
1244 PKIX_Error *
1245 PKIX_ComCertSelParams_SetKeyUsage(
1246 PKIX_ComCertSelParams *params,
1247 PKIX_UInt32 keyUsage,
1248 void *plContext);
1249
1250 /*
1251 * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
1252 * DESCRIPTION:
1253 *
1254 * Retrieves a pointer to the List of OIDs (if any) representing the extended
1255 * key usage criterion that is set in the ComCertSelParams object pointed to
1256 * by "params" and stores it at "pExtKeyUsage". In order to match against this
1257 * criterion, a certificate's ExtendedKeyUsage extension must allow the
1258 * criterion's extended key usages. Note that a certificate that has no
1259 * ExtendedKeyUsage extension implicity allows all key purposes.
1260 *
1261 * If "params" does not have this criterion set, this function stores NULL at
1262 * "pExtKeyUsage", in which case all certificates are considered to match
1263 * this criterion.
1264 *
1265 * Note that the List returned by this function is immutable.
1266 *
1267 * PARAMETERS:
1268 * "params"
1269 * Address of ComCertSelParams object whose extended key usage criterion
1270 * (if any) is to be stored. Must be non-NULL.
1271 * "pExtKeyUsage"
1272 * Address where object pointer will be stored. Must be non-NULL.
1273 * "plContext"
1274 * Platform-specific context pointer.
1275 * THREAD SAFETY:
1276 * Conditionally Thread Safe
1277 * (see Thread Safety Definitions in Programmer's Guide)
1278 * RETURNS:
1279 * Returns NULL if the function succeeds.
1280 * Returns a CertSelector Error if the function fails in a non-fatal way.
1281 * Returns a Fatal Error if the function fails in an unrecoverable way.
1282 */
1283 PKIX_Error *
1284 PKIX_ComCertSelParams_GetExtendedKeyUsage(
1285 PKIX_ComCertSelParams *params,
1286 PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
1287 void *plContext);
1288
1289 /*
1290 * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
1291 * DESCRIPTION:
1292 *
1293 * Sets the extended key usage criterion of the ComCertSelParams object
1294 * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage".
1295 * In order to match against this criterion, a certificate's ExtendedKeyUsage
1296 * extension must allow the criterion's extended key usages. Note that a
1297 * certificate that has no ExtendedKeyUsage extension implicitly allows all
1298 * key purposes.
1299 *
1300 * If "extKeyUsage" is NULL, all certificates are considered to match this
1301 * criterion.
1302 *
1303 * PARAMETERS:
1304 * "params"
1305 * Address of ComCertSelParams object whose extended key usage criterion
1306 * is to be set. Must be non-NULL.
1307 * "extKeyUsage"
1308 * Address of List of OIDs used to set the criterion
1309 * (or NULL to disable the criterion).
1310 * "plContext"
1311 * Platform-specific context pointer.
1312 * THREAD SAFETY:
1313 * Not Thread Safe - assumes exclusive access to "params"
1314 * (see Thread Safety Definitions in Programmer's Guide)
1315 * RETURNS:
1316 * Returns NULL if the function succeeds.
1317 * Returns a CertSelector Error if the function fails in a non-fatal way.
1318 * Returns a Fatal Error if the function fails in an unrecoverable way.
1319 */
1320 PKIX_Error *
1321 PKIX_ComCertSelParams_SetExtendedKeyUsage(
1322 PKIX_ComCertSelParams *params,
1323 PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */
1324 void *plContext);
1325
1326 /*
1327 * FUNCTION: PKIX_ComCertSelParams_GetPolicy
1328 * DESCRIPTION:
1329 *
1330 * Retrieves a pointer to the List of OIDs (if any) representing the policy
1331 * criterion that is set in the ComCertSelParams object pointed to by
1332 * "params" and stores it at "pPolicy". In order to match against this
1333 * criterion, a certificate's CertificatePolicies extension must include at
1334 * least one of the criterion's policies. If "params" has this criterion set,
1335 * but the List of OIDs is empty, then a certificate's CertificatePolicies
1336 * extension must include at least some policy.
1337 *
1338 * If "params" does not have this criterion set, this function stores NULL at
1339 * "pPolicy", in which case all certificates are considered to match this
1340 * criterion.
1341 *
1342 * Note that the List returned by this function is immutable.
1343 *
1344 * PARAMETERS:
1345 * "params"
1346 * Address of ComCertSelParams object whose policy criterion (if any) is
1347 * to be stored. Must be non-NULL.
1348 * "pPolicy"
1349 * Address where object pointer will be stored. Must be non-NULL.
1350 * "plContext"
1351 * Platform-specific context pointer.
1352 * THREAD SAFETY:
1353 * Conditionally Thread Safe
1354 * (see Thread Safety Definitions in Programmer's Guide)
1355 * RETURNS:
1356 * Returns NULL if the function succeeds.
1357 * Returns a CertSelector Error if the function fails in a non-fatal way.
1358 * Returns a Fatal Error if the function fails in an unrecoverable way.
1359 */
1360 PKIX_Error *
1361 PKIX_ComCertSelParams_GetPolicy(
1362 PKIX_ComCertSelParams *params,
1363 PKIX_List **pPolicy, /* list of PKIX_PL_OID */
1364 void *plContext);
1365
1366 /*
1367 * FUNCTION: PKIX_ComCertSelParams_SetPolicy
1368 * DESCRIPTION:
1369 *
1370 * Sets the policy criterion of the ComCertSelParams object pointed to by
1371 * "params" using a List of OIDs pointed to by "policy". In order to match
1372 * against this criterion, a certificate's CertificatePolicies extension must
1373 * include at least one of the criterion's policies. If "params" has this
1374 * criterion set, but the List of OIDs is empty, then a certificate's
1375 * CertificatePolicies extension must include at least some policy.
1376 *
1377 * If "policy" is NULL, all certificates are considered to match this
1378 * criterion.
1379 *
1380 * PARAMETERS:
1381 * "params"
1382 * Address of ComCertSelParams object whose policy criterion is to be set.
1383 * Must be non-NULL.
1384 * "policy"
1385 * Address of List of OIDs used to set the criterion
1386 * (or NULL to disable the criterion).
1387 * "plContext"
1388 * Platform-specific context pointer.
1389 * THREAD SAFETY:
1390 * Not Thread Safe - assumes exclusive access to "params"
1391 * (see Thread Safety Definitions in Programmer's Guide)
1392 * RETURNS:
1393 * Returns NULL if the function succeeds.
1394 * Returns a CertSelector Error if the function fails in a non-fatal way.
1395 * Returns a Fatal Error if the function fails in an unrecoverable way.
1396 */
1397 PKIX_Error *
1398 PKIX_ComCertSelParams_SetPolicy(
1399 PKIX_ComCertSelParams *params,
1400 PKIX_List *policy, /* list of PKIX_PL_OID */
1401 void *plContext);
1402
1403 /*
1404 * FUNCTION: PKIX_ComCertSelParams_GetIssuer
1405 * DESCRIPTION:
1406 *
1407 * Retrieves a pointer to the X500Name (if any) representing the issuer
1408 * criterion that is set in the ComCertSelParams object pointed to by
1409 * "params" and stores it at "pIssuer". In order to match against this
1410 * criterion, a certificate's IssuerName must match the criterion's issuer
1411 * name.
1412 *
1413 * If "params" does not have this criterion set, this function stores NULL at
1414 * "pIssuer", in which case all certificates are considered to match this
1415 * criterion.
1416 *
1417 * PARAMETERS:
1418 * "params"
1419 * Address of ComCertSelParams object whose issuer criterion (if any) is
1420 * to be stored. Must be non-NULL.
1421 * "pIssuer"
1422 * Address where object pointer will be stored. Must be non-NULL.
1423 * "plContext"
1424 * Platform-specific context pointer.
1425 * THREAD SAFETY:
1426 * Conditionally Thread Safe
1427 * (see Thread Safety Definitions in Programmer's Guide)
1428 * RETURNS:
1429 * Returns NULL if the function succeeds.
1430 * Returns a CertSelector Error if the function fails in a non-fatal way.
1431 * Returns a Fatal Error if the function fails in an unrecoverable way.
1432 */
1433 PKIX_Error *
1434 PKIX_ComCertSelParams_GetIssuer(
1435 PKIX_ComCertSelParams *params,
1436 PKIX_PL_X500Name **pIssuer,
1437 void *plContext);
1438
1439 /*
1440 * FUNCTION: PKIX_ComCertSelParams_SetIssuer
1441 * DESCRIPTION:
1442 *
1443 * Sets the issuer criterion of the ComCertSelParams object pointed to by
1444 * "params" using an X500Name pointed to by "issuer". In order to match
1445 * against this criterion, a certificate's IssuerName must match the
1446 * criterion's issuer name.
1447 *
1448 * If "issuer" is NULL, all certificates are considered to match this
1449 * criterion.
1450 *
1451 * PARAMETERS:
1452 * "params"
1453 * Address of ComCertSelParams object whose issuer criterion is to be set.
1454 * Must be non-NULL.
1455 * "issuer"
1456 * Address of X500Name used to set the criterion
1457 * (or NULL to disable the criterion).
1458 * "plContext"
1459 * Platform-specific context pointer.
1460 * THREAD SAFETY:
1461 * Not Thread Safe - assumes exclusive access to "params"
1462 * (see Thread Safety Definitions in Programmer's Guide)
1463 * RETURNS:
1464 * Returns NULL if the function succeeds.
1465 * Returns a CertSelector Error if the function fails in a non-fatal way.
1466 * Returns a Fatal Error if the function fails in an unrecoverable way.
1467 */
1468 PKIX_Error *
1469 PKIX_ComCertSelParams_SetIssuer(
1470 PKIX_ComCertSelParams *params,
1471 PKIX_PL_X500Name *issuer,
1472 void *plContext);
1473
1474 /*
1475 * FUNCTION: PKIX_ComCertSelParams_GetSubject
1476 * DESCRIPTION:
1477 *
1478 * Retrieves a pointer to the X500Name (if any) representing the subject
1479 * criterion that is set in the ComCertSelParams object pointed to by
1480 * "params" and stores it at "pSubject". In order to match against this
1481 * criterion, a certificate's SubjectName must match the criterion's subject
1482 * name.
1483 *
1484 * If "params" does not have this criterion set, this function stores NULL at
1485 * "pSubject", in which case all certificates are considered to match this
1486 * criterion.
1487 *
1488 * PARAMETERS:
1489 * "params"
1490 * Address of ComCertSelParams object whose subject criterion (if any) is
1491 * to be stored. Must be non-NULL.
1492 * "pSubject"
1493 * Address where object pointer will be stored. Must be non-NULL.
1494 * "plContext"
1495 * Platform-specific context pointer.
1496 * THREAD SAFETY:
1497 * Conditionally Thread Safe
1498 * (see Thread Safety Definitions in Programmer's Guide)
1499 * RETURNS:
1500 * Returns NULL if the function succeeds.
1501 * Returns a CertSelector Error if the function fails in a non-fatal way.
1502 * Returns a Fatal Error if the function fails in an unrecoverable way.
1503 */
1504 PKIX_Error *
1505 PKIX_ComCertSelParams_GetSubject(
1506 PKIX_ComCertSelParams *params,
1507 PKIX_PL_X500Name **pSubject,
1508 void *plContext);
1509
1510 /*
1511 * FUNCTION: PKIX_ComCertSelParams_SetSubject
1512 * DESCRIPTION:
1513 *
1514 * Sets the subject criterion of the ComCertSelParams object pointed to by
1515 * "params" using an X500Name pointed to by "subject". In order to match
1516 * against this criterion, a certificate's SubjectName must match the
1517 * criterion's subject name.
1518 *
1519 * If "subject" is NULL, all certificates are considered to match this
1520 * criterion.
1521 *
1522 * PARAMETERS:
1523 * "params"
1524 * Address of ComCertSelParams object whose subject criterion is to be
1525 * set. Must be non-NULL.
1526 * "subject"
1527 * Address of X500Name used to set the criterion
1528 * (or NULL to disable the criterion).
1529 * "plContext"
1530 * Platform-specific context pointer.
1531 * THREAD SAFETY:
1532 * Not Thread Safe - assumes exclusive access to "params"
1533 * (see Thread Safety Definitions in Programmer's Guide)
1534 * RETURNS:
1535 * Returns NULL if the function succeeds.
1536 * Returns a CertSelector Error if the function fails in a non-fatal way.
1537 * Returns a Fatal Error if the function fails in an unrecoverable way.
1538 */
1539 PKIX_Error *
1540 PKIX_ComCertSelParams_SetSubject(
1541 PKIX_ComCertSelParams *params,
1542 PKIX_PL_X500Name *subject,
1543 void *plContext);
1544
1545 /*
1546 * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray
1547 * DESCRIPTION:
1548 *
1549 * Retrieves a pointer to the ByteArray (if any) representing the subject
1550 * criterion that is set in the ComCertSelParams object pointed to by
1551 * "params" and stores it at "pSubject". In order to match against this
1552 * criterion, a certificate's SubjectName must match the criterion's subject
1553 * name.
1554 *
1555 * If "params" does not have this criterion set, this function stores NULL at
1556 * "pSubject", in which case all certificates are considered to match this
1557 * criterion.
1558 *
1559 * PARAMETERS:
1560 * "params"
1561 * Address of ComCertSelParams object whose subject criterion (if any) is
1562 * to be stored. Must be non-NULL.
1563 * "pSubject"
1564 * Address where object pointer will be stored. Must be non-NULL.
1565 * "plContext"
1566 * Platform-specific context pointer.
1567 * THREAD SAFETY:
1568 * Conditionally Thread Safe
1569 * (see Thread Safety Definitions in Programmer's Guide)
1570 * RETURNS:
1571 * Returns NULL if the function succeeds.
1572 * Returns a CertSelector Error if the function fails in a non-fatal way.
1573 * Returns a Fatal Error if the function fails in an unrecoverable way.
1574 */
1575 PKIX_Error *
1576 PKIX_ComCertSelParams_GetSubjectAsByteArray(
1577 PKIX_ComCertSelParams *params,
1578 PKIX_PL_ByteArray **pSubject,
1579 void *plContext);
1580
1581 /*
1582 * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray
1583 * DESCRIPTION:
1584 *
1585 * Sets the subject criterion of the ComCertSelParams object pointed to by
1586 * "params" using a ByteArray pointed to by "subject". In order to match
1587 * against this criterion, a certificate's SubjectName must match the
1588 * criterion's subject name.
1589 *
1590 * If "subject" is NULL, all certificates are considered to match this
1591 * criterion.
1592 *
1593 * PARAMETERS:
1594 * "params"
1595 * Address of ComCertSelParams object whose subject criterion is to be
1596 * set. Must be non-NULL.
1597 * "subject"
1598 * Address of ByteArray used to set the criterion
1599 * (or NULL to disable the criterion).
1600 * "plContext"
1601 * Platform-specific context pointer.
1602 * THREAD SAFETY:
1603 * Not Thread Safe - assumes exclusive access to "params"
1604 * (see Thread Safety Definitions in Programmer's Guide)
1605 * RETURNS:
1606 * Returns NULL if the function succeeds.
1607 * Returns a CertSelector Error if the function fails in a non-fatal way.
1608 * Returns a Fatal Error if the function fails in an unrecoverable way.
1609 */
1610 PKIX_Error *
1611 PKIX_ComCertSelParams_SetSubjectAsByteArray(
1612 PKIX_ComCertSelParams *params,
1613 PKIX_PL_ByteArray *subject,
1614 void *plContext);
1615
1616 /*
1617 * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
1618 * DESCRIPTION:
1619 *
1620 * Retrieves a pointer to the X500Name (if any) representing the name
1621 * constraints criterion that is set in the ComCertSelParams object pointed
1622 * to by "params" and stores it at "pConstraints". In order to match against
1623 * this criterion, a certificate's subject and subject alternative names must
1624 * be allowed by the criterion's name constraints.
1625 *
1626 * If "params" does not have this criterion set, this function stores NULL at
1627 * "pConstraints", in which case all certificates are considered to match
1628 * this criterion.
1629 *
1630 * PARAMETERS:
1631 * "params"
1632 * Address of ComCertSelParams object whose name constraints criterion
1633 * (if any) is to be stored. Must be non-NULL.
1634 * "pConstraints"
1635 * Address where object pointer will be stored. Must be non-NULL.
1636 * "plContext"
1637 * Platform-specific context pointer.
1638 * THREAD SAFETY:
1639 * Conditionally Thread Safe
1640 * (see Thread Safety Definitions in Programmer's Guide)
1641 * RETURNS:
1642 * Returns NULL if the function succeeds.
1643 * Returns a CertSelector Error if the function fails in a non-fatal way.
1644 * Returns a Fatal Error if the function fails in an unrecoverable way.
1645 */
1646 PKIX_Error *
1647 PKIX_ComCertSelParams_GetNameConstraints(
1648 PKIX_ComCertSelParams *params,
1649 PKIX_PL_CertNameConstraints **pConstraints,
1650 void *plContext);
1651
1652 /*
1653 * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
1654 * DESCRIPTION:
1655 *
1656 * Sets the name constraints criterion of the ComCertSelParams object pointed
1657 * to by "params" using the CertNameConstraints pointed to by "constraints".
1658 * In order to match against this criterion, a certificate's subject and
1659 * subject alternative names must be allowed by the criterion's name
1660 * constraints.
1661 *
1662 * If "constraints" is NULL, all certificates are considered to match this
1663 * criterion.
1664 *
1665 * PARAMETERS:
1666 * "params"
1667 * Address of ComCertSelParams object whose name constraints criterion is
1668 * to be set. Must be non-NULL.
1669 * "constraints"
1670 * Address of CertNameConstraints used to set the criterion
1671 * (or NULL to disable the criterion).
1672 * "plContext"
1673 * Platform-specific context pointer.
1674 * THREAD SAFETY:
1675 * Not Thread Safe - assumes exclusive access to "params"
1676 * (see Thread Safety Definitions in Programmer's Guide)
1677 * RETURNS:
1678 * Returns NULL if the function succeeds.
1679 * Returns a CertSelector Error if the function fails in a non-fatal way.
1680 * Returns a Fatal Error if the function fails in an unrecoverable way.
1681 */
1682 PKIX_Error *
1683 PKIX_ComCertSelParams_SetNameConstraints(
1684 PKIX_ComCertSelParams *params,
1685 PKIX_PL_CertNameConstraints *constraints,
1686 void *plContext);
1687
1688 /*
1689 * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
1690 * DESCRIPTION:
1691 *
1692 * Checks whether the ComCertSelParams object pointed to by "params" indicate
1693 * that all subject alternative names are to be matched and stores the Boolean
1694 * result at "pMatch". This Boolean value determines the behavior of the
1695 * subject alternative names criterion.
1696 *
1697 * In order to match against the subject alternative names criterion, if the
1698 * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of
1699 * the criterion's subject alternative names. If the Boolean value at
1700 * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the
1701 * criterion's subject alternative names. The default behavior is as if the
1702 * Boolean value at "pMatch" is PKIX_TRUE.
1703 *
1704 * PARAMETERS:
1705 * "params"
1706 * Address of ComCertSelParams object used to determine whether all
1707 * subject alternative names must be matched. Must be non-NULL.
1708 * "pMatch"
1709 * Address where object pointer will be stored. Must be non-NULL.
1710 * "plContext"
1711 * Platform-specific context pointer.
1712 * THREAD SAFETY:
1713 * Conditionally Thread Safe
1714 * (see Thread Safety Definitions in Programmer's Guide)
1715 * RETURNS:
1716 * Returns NULL if the function succeeds.
1717 * Returns a CertSelector Error if the function fails in a non-fatal way.
1718 * Returns a Fatal Error if the function fails in an unrecoverable way.
1719 */
1720 PKIX_Error *
1721 PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
1722 PKIX_ComCertSelParams *params,
1723 PKIX_Boolean *pMatch,
1724 void *plContext);
1725
1726 /*
1727 * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
1728 * DESCRIPTION:
1729 *
1730 * Sets the match flag of the ComCertSelParams object pointed to by "params"
1731 * using the Boolean value of "match". This Boolean value determines the
1732 * behavior of the subject alternative names criterion.
1733 *
1734 * In order to match against the subject alternative names criterion, if the
1735 * "match" is PKIX_TRUE, a certificate must contain all of the criterion's
1736 * subject alternative names. If the "match" is PKIX_FALSE, a certificate
1737 * must contain at least one of the criterion's subject alternative names.
1738 * The default behavior is as if "match" is PKIX_TRUE.
1739 *
1740 * PARAMETERS:
1741 * "params"
1742 * Address of ComCertSelParams object whose match flag is to be set.
1743 * Must be non-NULL.
1744 * "match"
1745 * Boolean value used to set the match flag.
1746 * "plContext"
1747 * Platform-specific context pointer.
1748 * THREAD SAFETY:
1749 * Not Thread Safe - assumes exclusive access to "params"
1750 * (see Thread Safety Definitions in Programmer's Guide)
1751 * RETURNS:
1752 * Returns NULL if the function succeeds.
1753 * Returns a CertSelector Error if the function fails in a non-fatal way.
1754 * Returns a Fatal Error if the function fails in an unrecoverable way.
1755 */
1756 PKIX_Error *
1757 PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
1758 PKIX_ComCertSelParams *params,
1759 PKIX_Boolean match,
1760 void *plContext);
1761
1762 /*
1763 * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
1764 * DESCRIPTION:
1765 *
1766 * Return "leafCert" flag of the ComCertSelParams structure. If set to true,
1767 * the flag indicates that a selector should filter out all cert that are not
1768 * qualified to be a leaf cert according to the specified key/ekey usages.
1769 *
1770 * PARAMETERS:
1771 * "params"
1772 * Address of ComCertSelParams object used to determine whether all
1773 * subject alternative names must be matched. Must be non-NULL.
1774 * "pLeafFlag"
1775 * Address of returned value.
1776 * "plContext"
1777 * Platform-specific context pointer.
1778 * THREAD SAFETY:
1779 * Conditionally Thread Safe
1780 * (see Thread Safety Definitions in Programmer's Guide)
1781 * RETURNS:
1782 * Returns NULL if the function succeeds.
1783 * Returns a CertSelector Error if the function fails in a non-fatal way.
1784 * Returns a Fatal Error if the function fails in an unrecoverable way.
1785 */
1786 PKIX_Error*
1787 PKIX_ComCertSelParams_GetLeafCertFlag(
1788 PKIX_ComCertSelParams *params,
1789 PKIX_Boolean *pLeafFlag,
1790 void *plContext);
1791
1792 /*
1793 * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
1794 * DESCRIPTION:
1795 *
1796 * Sets a flag that if its value is true, indicates that the selector
1797 * should only pick certs that qualifies to be leaf for this cert path
1798 * validation.
1799 *
1800 * PARAMETERS:
1801 * "params"
1802 * Address of ComCertSelParams object whose match flag is to be set.
1803 * Must be non-NULL.
1804 * "leafFlag"
1805 * Boolean value used to set the leaf flag.
1806 * "plContext"
1807 * Platform-specific context pointer.
1808 * THREAD SAFETY:
1809 * Not Thread Safe - assumes exclusive access to "params"
1810 * (see Thread Safety Definitions in Programmer's Guide)
1811 * RETURNS:
1812 * Returns NULL if the function succeeds.
1813 * Returns a CertSelector Error if the function fails in a non-fatal way.
1814 * Returns a Fatal Error if the function fails in an unrecoverable way.
1815 */
1816 PKIX_Error *
1817 PKIX_ComCertSelParams_SetLeafCertFlag(
1818 PKIX_ComCertSelParams *params,
1819 PKIX_Boolean leafFlag,
1820 void *plContext);
1821
1822 #ifdef __cplusplus
1823 }
1824 #endif
1825
1826 #endif /* _PKIX_CERTSEL_H */
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)