andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * This file defines functions associated with the PKIX_CertSelector and the andre@0: * PKIX_ComCertSelParams types. andre@0: * andre@0: */ andre@0: andre@0: #ifndef _PKIX_CERTSEL_H andre@0: #define _PKIX_CERTSEL_H andre@0: andre@0: #include "pkixt.h" andre@0: andre@0: #ifdef __cplusplus andre@0: extern "C" { andre@0: #endif andre@0: andre@0: /* General andre@0: * andre@0: * Please refer to the libpkix Programmer's Guide for detailed information andre@0: * about how to use the libpkix library. Certain key warnings and notices from andre@0: * that document are repeated here for emphasis. andre@0: * andre@0: * All identifiers in this file (and all public identifiers defined in andre@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use andre@0: * within the library begin with "pkix_". andre@0: * andre@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. andre@0: * andre@0: * Unless otherwise noted, for all accessor (gettor) functions that return a andre@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a andre@0: * shared object. Therefore, the caller should treat this shared object as andre@0: * read-only and should not modify this shared object. When done using the andre@0: * shared object, the caller should release the reference to the object by andre@0: * using the PKIX_PL_Object_DecRef function. andre@0: * andre@0: * While a function is executing, if its arguments (or anything referred to by andre@0: * its arguments) are modified, free'd, or destroyed, the function's behavior andre@0: * is undefined. andre@0: * andre@0: */ andre@0: andre@0: /* PKIX_CertSelector andre@0: * andre@0: * PKIX_CertSelectors provide a standard way for the caller to select andre@0: * certificates based on particular criteria. A CertSelector is typically used andre@0: * by the caller to specify the constraints they wish to impose on the target andre@0: * certificate in a chain. (see pkix_params.h) A CertSelector is also often andre@0: * used to retrieve certificates from a CertStore that match the selector's andre@0: * criteria. (See pkix_certstore.h) For example, the caller may wish to only andre@0: * select those certificates that have a particular Subject Distinguished Name andre@0: * and a particular value for a private certificate extension. The andre@0: * MatchCallback allows the caller to specify the custom matching logic to be andre@0: * used by a CertSelector. andre@0: * andre@0: * By default, the MatchCallback is set to point to the default implementation andre@0: * provided by libpkix, which understands how to process the most common andre@0: * parameters. If the default implementation is used, the caller should set andre@0: * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams. andre@0: * Any common parameter that is not set is assumed to be disabled, which means andre@0: * the default MatchCallback implementation will select all certificates andre@0: * without regard to that particular disabled parameter. For example, if the andre@0: * SerialNumber parameter is not set, MatchCallback will not filter out any andre@0: * certificate based on its serial number. As such, if no parameters are set, andre@0: * all are disabled and any certificate will match. If a parameter is andre@0: * disabled, its associated PKIX_ComCertSelParams_Get* function returns a andre@0: * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints andre@0: * and PKIX_ComCertSelParams_GetVersion, or 0 for andre@0: * PKIX_ComCertSelParams_GetKeyUsage. andre@0: * andre@0: * If a custom implementation is desired, the default implementation can be andre@0: * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the andre@0: * CertSelector can be initialized with a certSelectorContext, which is where andre@0: * the caller can specify the desired parameters the caller wishes to match andre@0: * against. Note that this certSelectorContext must be an Object (although any andre@0: * object type), allowing it to be reference-counted and allowing it to andre@0: * provide the standard Object functions (Equals, Hashcode, ToString, Compare, andre@0: * Duplicate). andre@0: * andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CertSelector_MatchCallback andre@0: * DESCRIPTION: andre@0: * andre@0: * This callback function determines whether the specified Cert pointed to by andre@0: * "cert" matches the criteria of the CertSelector pointed to by "selector". andre@0: * If the Cert does not matches the CertSelector's criteria, an exception will andre@0: * be thrown. andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CertSelector whose MatchCallback logic and parameters are andre@0: * to be used. Must be non-NULL. andre@0: * "cert" andre@0: * Address of Cert that is to be matched using "selector". andre@0: * Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe andre@0: * andre@0: * Multiple threads must be able to safely call this function without andre@0: * worrying about conflicts, even if they're operating on the same object. andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: typedef PKIX_Error * andre@0: (*PKIX_CertSelector_MatchCallback)( andre@0: PKIX_CertSelector *selector, andre@0: PKIX_PL_Cert *cert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CertSelector_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new CertSelector using the Object pointed to by andre@0: * "certSelectorContext" (if any) and stores it at "pSelector". As noted andre@0: * above, by default, the MatchCallback is set to point to the default andre@0: * implementation provided by libpkix, which understands how to process andre@0: * ComCertSelParams objects. This is overridden if the MatchCallback pointed andre@0: * to by "callback" is not NULL, in which case the parameters are specified andre@0: * using the certSelectorContext. andre@0: * andre@0: * PARAMETERS: andre@0: * "callback" andre@0: * The MatchCallback function to be used. andre@0: * "certSelectorContext" andre@0: * Address of Object representing the CertSelector's context (if any). andre@0: * "pSelector" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CertSelector_Create( andre@0: PKIX_CertSelector_MatchCallback callback, andre@0: PKIX_PL_Object *certSelectorContext, andre@0: PKIX_CertSelector **pSelector, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CertSelector_GetMatchCallback andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to "selector's" Match callback function and puts it in andre@0: * "pCallback". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * The CertSelector whose Match callback is desired. Must be non-NULL. andre@0: * "pCallback" andre@0: * Address where Match callback function pointer will be stored. andre@0: * Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CertSelector_GetMatchCallback( andre@0: PKIX_CertSelector *selector, andre@0: PKIX_CertSelector_MatchCallback *pCallback, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CertSelector_GetCertSelectorContext andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) andre@0: * of the CertSelector pointed to by "selector" and stores it at andre@0: * "pCertSelectorContext". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CertSelector whose context is to be stored. andre@0: * Must be non-NULL. andre@0: * "pCertSelectorContext" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CertSelector_GetCertSelectorContext( andre@0: PKIX_CertSelector *selector, andre@0: PKIX_PL_Object **pCertSelectorContext, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ComCertSelParams object that represent the andre@0: * common parameters of the CertSelector pointed to by "selector" and stores andre@0: * it at "pCommonCertSelectorParams". If there are no common parameters andre@0: * stored with the CertSelector, this function stores NULL at andre@0: * "pCommonCertSelectorParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CertSelector whose ComCertSelParams object is to be stored. andre@0: * Must be non-NULL. andre@0: * "pCommonCertSelectorParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CertSelector_GetCommonCertSelectorParams( andre@0: PKIX_CertSelector *selector, andre@0: PKIX_ComCertSelParams **pCommonCertSelectorParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the common parameters for the CertSelector pointed to by "selector" andre@0: * using the ComCertSelParams object pointed to by "commonCertSelectorParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CertSelector whose common parameters are to be set. andre@0: * Must be non-NULL. andre@0: * "commonCertSelectorParams" andre@0: * Address of ComCertSelParams object representing the common parameters. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "selector" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CertSelector_SetCommonCertSelectorParams( andre@0: PKIX_CertSelector *selector, andre@0: PKIX_ComCertSelParams *commonCertSelectorParams, andre@0: void *plContext); andre@0: andre@0: /* PKIX_ComCertSelParams andre@0: * andre@0: * PKIX_ComCertSelParams objects are X.509 parameters commonly used with andre@0: * CertSelectors, especially when enforcing constraints on a target andre@0: * certificate or determining which certificates to retrieve from a CertStore. andre@0: * ComCertSelParams objects are typically used with those CertSelectors that andre@0: * use the default implementation of MatchCallback, which understands how to andre@0: * process ComCertSelParams objects. andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new ComCertSelParams object and stores it at "pParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "pParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_Create( andre@0: PKIX_ComCertSelParams **pParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of GeneralNames (if any) representing the andre@0: * subject alternative names criterion that is set in the ComCertSelParams andre@0: * object pointed to by "params" and stores it at "pNames". In order to match andre@0: * against this criterion, a certificate must contain all or at least one of andre@0: * the criterion's subject alternative names (depending on the result of andre@0: * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior andre@0: * requires a certificate to contain all of the criterion's subject andre@0: * alternative names in order to match. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pNames", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * Note that the List returned by this function is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject alternative names andre@0: * criterion (if any) is to be stored. Must be non-NULL. andre@0: * "pNames" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSubjAltNames( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the subject alternative names criterion of the ComCertSelParams object andre@0: * pointed to by "params" using a List of GeneralNames pointed to by "names". andre@0: * In order to match against this criterion, a certificate must contain all or andre@0: * at least one of the criterion's subject alternative names (depending on the andre@0: * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default andre@0: * behavior requires a certificate to contain all of the criterion's subject andre@0: * alternative names in order to match. andre@0: * andre@0: * If "names" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject alternative andre@0: * names criterion is to be set. Must be non-NULL. andre@0: * "names" andre@0: * Address of List of GeneralNames used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSubjAltNames( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List *names, /* list of PKIX_PL_GeneralName */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName andre@0: * DESCRIPTION: andre@0: * andre@0: * Adds to the subject alternative names criterion of the ComCertSelParams andre@0: * object pointed to by "params" using the GeneralName pointed to by "name". andre@0: * In order to match against this criterion, a certificate must contain all andre@0: * or at least one of the criterion's subject alternative names (depending on andre@0: * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default andre@0: * behavior requires a certificate to contain all of the criterion's subject andre@0: * alternative names in order to match. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject alternative names andre@0: * criterion is to be added to. Must be non-NULL. andre@0: * "name" andre@0: * Address of GeneralName to be added. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_AddSubjAltName( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_GeneralName *name, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetPathToNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of GeneralNames (if any) representing the andre@0: * path to names criterion that is set in the ComCertSelParams object pointed andre@0: * to by "params" and stores it at "pNames". In order to match against this andre@0: * criterion, a certificate must not include name constraints that would andre@0: * prohibit building a path to the criterion's specified names. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pNames", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * Note that the List returned by this function is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose path to names criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pNames" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetPathToNames( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetPathToNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the path to names criterion of the ComCertSelParams object pointed to andre@0: * by "params" using a List of GeneralNames pointed to by "names". In order to andre@0: * match against this criterion, a certificate must not include name andre@0: * constraints that would prohibit building a path to the criterion's andre@0: * specified names. andre@0: * andre@0: * If "names" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose path to names criterion andre@0: * is to be set. Must be non-NULL. andre@0: * "names" andre@0: * Address of List of GeneralNames used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetPathToNames( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List *names, /* list of PKIX_PL_GeneralName */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_AddPathToName andre@0: * DESCRIPTION: andre@0: * andre@0: * Adds to the path to names criterion of the ComCertSelParams object pointed andre@0: * to by "params" using the GeneralName pointed to by "pathToName". In order andre@0: * to match against this criterion, a certificate must not include name andre@0: * constraints that would prohibit building a path to the criterion's andre@0: * specified names. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose path to names criterion is to andre@0: * be added to. Must be non-NULL. andre@0: * "pathToName" andre@0: * Address of GeneralName to be added. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_AddPathToName( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_GeneralName *pathToName, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ByteArray (if any) representing the authority andre@0: * key identifier criterion that is set in the ComCertSelParams object andre@0: * pointed to by "params" and stores it at "pAuthKeyId". In order to match andre@0: * against this criterion, a certificate must contain an andre@0: * AuthorityKeyIdentifier extension whose value matches the criterion's andre@0: * authority key identifier value. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pAuthKeyId", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose authority key identifier andre@0: * criterion (if any) is to be stored. Must be non-NULL. andre@0: * "pAuthKeyId" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_ByteArray **pAuthKeyId, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the authority key identifier criterion of the ComCertSelParams object andre@0: * pointed to by "params" to the ByteArray pointed to by "authKeyId". In andre@0: * order to match against this criterion, a certificate must contain an andre@0: * AuthorityKeyIdentifier extension whose value matches the criterion's andre@0: * authority key identifier value. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose authority key identifier andre@0: * criterion is to be set. Must be non-NULL. andre@0: * "authKeyId" andre@0: * Address of ByteArray used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_ByteArray *authKeyId, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ByteArray (if any) representing the subject key andre@0: * identifier criterion that is set in the ComCertSelParams object pointed to andre@0: * by "params" and stores it at "pSubjKeyId". In order to match against this andre@0: * criterion, a certificate must contain a SubjectKeyIdentifier extension andre@0: * whose value matches the criterion's subject key identifier value. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pSubjKeyId", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject key identifier andre@0: * criterion (if any) is to be stored. Must be non-NULL. andre@0: * "pSubjKeyId" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSubjKeyIdentifier( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_ByteArray **pSubjKeyId, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the subject key identifier criterion of the ComCertSelParams object andre@0: * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In andre@0: * order to match against this criterion, a certificate must contain an andre@0: * SubjectKeyIdentifier extension whose value matches the criterion's subject andre@0: * key identifier value. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject key identifier andre@0: * criterion is to be set. Must be non-NULL. andre@0: * "subjKeyId" andre@0: * Address of ByteArray used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSubjKeyIdentifier( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_ByteArray *subKeyId, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the PublicKey (if any) representing the subject andre@0: * public key criterion that is set in the ComCertSelParams object pointed to andre@0: * by "params" and stores it at "pPubKey". In order to match against this andre@0: * criterion, a certificate must contain a SubjectPublicKey that matches the andre@0: * criterion's public key. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pPubKey", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject public key criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pPubKey" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSubjPubKey( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_PublicKey **pPubKey, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the subject public key criterion of the ComCertSelParams object andre@0: * pointed to by "params" using a PublicKey pointed to by "pubKey". In order andre@0: * to match against this criterion, a certificate must contain a andre@0: * SubjectPublicKey that matches the criterion's public key. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject public key andre@0: * criterion is to be set. Must be non-NULL. andre@0: * "pubKey" andre@0: * Address of PublicKey used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSubjPubKey( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_PublicKey *pubKey, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the OID (if any) representing the subject public key andre@0: * algorithm identifier criterion that is set in the ComCertSelParams object andre@0: * pointed to by "params" and stores it at "pPubKey". In order to match andre@0: * against this criterion, a certificate must contain a SubjectPublicKey with andre@0: * an algorithm that matches the criterion's algorithm. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pAlgId", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject public key algorithm andre@0: * identifier (if any) is to be stored. Must be non-NULL. andre@0: * "pAlgId" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSubjPKAlgId( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_OID **pAlgId, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the subject public key algorithm identifier criterion of the andre@0: * ComCertSelParams object pointed to by "params" using an OID pointed to by andre@0: * "algId". In order to match against this criterion, a certificate must andre@0: * contain a SubjectPublicKey with an algorithm that matches the criterion's andre@0: * algorithm. andre@0: * andre@0: * If "algId" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject public key andre@0: * algorithm identifier criterion is to be set. Must be non-NULL. andre@0: * "algId" andre@0: * Address of OID used to set criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSubjPKAlgId( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_OID *algId, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the minimum path length (if any) representing the andre@0: * basic constraints criterion that is set in the ComCertSelParams object andre@0: * pointed to by "params" and stores it at "pMinPathLength". In order to andre@0: * match against this criterion, there are several possibilities. andre@0: * andre@0: * 1) If the criterion's minimum path length is greater than or equal to zero, andre@0: * a certificate must include a BasicConstraints extension with a pathLen of andre@0: * at least this value. andre@0: * andre@0: * 2) If the criterion's minimum path length is -2, a certificate must be an andre@0: * end-entity certificate. andre@0: * andre@0: * 3) If the criterion's minimum path length is -1, no basic constraints check andre@0: * is done and all certificates are considered to match this criterion. andre@0: * andre@0: * The semantics of other values of the criterion's minimum path length are andre@0: * undefined but may be defined in future versions of the API. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores -1 at andre@0: * "pMinPathLength", in which case all certificates are considered to match andre@0: * this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose basic constraints criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pMinPathLength" andre@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetBasicConstraints( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Int32 *pMinPathLength, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the basic constraints criterion of the ComCertSelParams object andre@0: * pointed to by "params" using the integer value of "minPathLength". In andre@0: * order to match against this criterion, there are several possibilities. andre@0: * andre@0: * 1) If the criterion's minimum path length is greater than or equal to zero, andre@0: * a certificate must include a BasicConstraints extension with a pathLen of andre@0: * at least this value. andre@0: * andre@0: * 2) If the criterion's minimum path length is -2, a certificate must be an andre@0: * end-entity certificate. andre@0: * andre@0: * 3) If the criterion's minimum path length is -1, no basic constraints check andre@0: * is done and all certificates are considered to match this criterion. andre@0: * andre@0: * The semantics of other values of the criterion's minimum path length are andre@0: * undefined but may be defined in future versions of the API. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose basic constraints andre@0: * criterion is to be set. Must be non-NULL. andre@0: * "minPathLength" andre@0: * Value of PKIX_Int32 used to set the criterion andre@0: * (or -1 to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetBasicConstraints( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Int32 minPathLength, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetCertificate andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Cert (if any) representing the certificate andre@0: * criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pCert". In order to match against this andre@0: * criterion, a certificate must be equal to the criterion's certificate. If andre@0: * this criterion is specified, it is usually not necessary to specify any andre@0: * other criteria, since this criterion requires an exact certificate match. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pCert", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose certificate criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pCert" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetCertificate( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_Cert **pCert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetCertificate andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the certificate criterion of the ComCertSelParams object pointed to by andre@0: * "params" using a Cert pointed to by "cert". In order to match against this andre@0: * criterion, a certificate must be equal to the criterion's certificate. andre@0: * If this criterion is specified, it is usually not necessary to specify andre@0: * any other criteria, since this criterion requires an exact certificate andre@0: * match. andre@0: * andre@0: * If "cert" is NULL, all certificates are considered to match this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose certificate criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "cert" andre@0: * Address of Cert used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetCertificate( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_Cert *cert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Date (if any) representing the certificate andre@0: * validity criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pDate". In order to match against this andre@0: * criterion, a certificate's validity period must include the criterion's andre@0: * Date. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pDate", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose certificate validity criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pDate" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetCertificateValid( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_Date **pDate, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the certificate validity criterion of the ComCertSelParams object andre@0: * pointed to by "params" using a Date pointed to by "date". In order to andre@0: * match against this criterion, a certificate's validity period must include andre@0: * the criterion's Date. andre@0: * andre@0: * If "date" is NULL, all certificates are considered to match this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose certificate validity criterion andre@0: * is to be set. Must be non-NULL. andre@0: * "date" andre@0: * Address of Date used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetCertificateValid( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_Date *date, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the BigInt (if any) representing the serial number andre@0: * criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pSerialNumber". In order to match against this andre@0: * criterion, a certificate must have a serial number equal to the andre@0: * criterion's serial number. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pSerialNumber", in which case all certificates are considered to match andre@0: * this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose serial number criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pSerialNumber" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSerialNumber( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_BigInt **pSerialNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the serial number criterion of the ComCertSelParams object pointed to andre@0: * by "params" using a BigInt pointed to by "serialNumber". In order to match andre@0: * against this criterion, a certificate must have a serial number equal to andre@0: * the criterion's serial number. andre@0: * andre@0: * If "serialNumber" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose serial number criterion is to andre@0: * be set. Must be non-NULL. andre@0: * "serialNumber" andre@0: * Address of BigInt used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSerialNumber( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_BigInt *serialNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetVersion andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is andre@0: * set in the ComCertSelParams object pointed to by "params" and stores it at andre@0: * "pVersion". In order to match against this criterion, a certificate's andre@0: * version must be equal to the criterion's version. andre@0: * andre@0: * The version number will either be 0, 1, or 2 (corresponding to andre@0: * v1, v2, or v3, respectively). andre@0: * andre@0: * If "params" does not have this criterion set, this function stores andre@0: * 0xFFFFFFFF at "pVersion", in which case all certificates are considered andre@0: * to match this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose version criterion (if any) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pVersion" andre@0: * Address where PKIX_Int32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetVersion( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_UInt32 *pVersion, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetVersion andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the version criterion of the ComCertSelParams object pointed to by andre@0: * "params" using the integer value of "version". In order to match against andre@0: * this criterion, a certificate's version must be equal to the criterion's andre@0: * version. If the criterion's version is -1, no version check is done and andre@0: * all certificates are considered to match this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose version criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "version" andre@0: * Value of PKIX_Int32 used to set the criterion andre@0: * (or -1 to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetVersion( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Int32 version, andre@0: void *plContext); andre@0: andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that andre@0: * is set in the ComCertSelParams object pointed to by "params" and stores it andre@0: * at "pKeyUsage". In order to match against this criterion, a certificate andre@0: * must allow the criterion's key usage values. Note that a certificate that andre@0: * has no KeyUsage extension implicity allows all key usages. Note also that andre@0: * this functions supports a maximum of 32 key usage bits. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores zero at andre@0: * "pKeyUsage", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose key usage criterion (if any) andre@0: * is to be stored. Must be non-NULL. andre@0: * "pKeyUsage" andre@0: * Address where PKIX_UInt32 will be stored. Must not be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetKeyUsage( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_UInt32 *pKeyUsage, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the key usage criterion of the ComCertSelParams object pointed to by andre@0: * "params" using the integer value of "keyUsage". In order to match against andre@0: * this criterion, a certificate must allow the criterion's key usage values. andre@0: * Note that a certificate that has no KeyUsage extension implicity allows andre@0: * all key usages. Note also that this functions supports a maximum of 32 key andre@0: * usage bits. andre@0: * andre@0: * If the criterion's key usage value is zero, no key usage check is done and andre@0: * all certificates are considered to match this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose key usage criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "keyUsage" andre@0: * Value of PKIX_Int32 used to set the criterion andre@0: * (or zero to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetKeyUsage( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_UInt32 keyUsage, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of OIDs (if any) representing the extended andre@0: * key usage criterion that is set in the ComCertSelParams object pointed to andre@0: * by "params" and stores it at "pExtKeyUsage". In order to match against this andre@0: * criterion, a certificate's ExtendedKeyUsage extension must allow the andre@0: * criterion's extended key usages. Note that a certificate that has no andre@0: * ExtendedKeyUsage extension implicity allows all key purposes. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pExtKeyUsage", in which case all certificates are considered to match andre@0: * this criterion. andre@0: * andre@0: * Note that the List returned by this function is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose extended key usage criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pExtKeyUsage" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetExtendedKeyUsage( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the extended key usage criterion of the ComCertSelParams object andre@0: * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage". andre@0: * In order to match against this criterion, a certificate's ExtendedKeyUsage andre@0: * extension must allow the criterion's extended key usages. Note that a andre@0: * certificate that has no ExtendedKeyUsage extension implicitly allows all andre@0: * key purposes. andre@0: * andre@0: * If "extKeyUsage" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose extended key usage criterion andre@0: * is to be set. Must be non-NULL. andre@0: * "extKeyUsage" andre@0: * Address of List of OIDs used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetExtendedKeyUsage( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetPolicy andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of OIDs (if any) representing the policy andre@0: * criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pPolicy". In order to match against this andre@0: * criterion, a certificate's CertificatePolicies extension must include at andre@0: * least one of the criterion's policies. If "params" has this criterion set, andre@0: * but the List of OIDs is empty, then a certificate's CertificatePolicies andre@0: * extension must include at least some policy. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pPolicy", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * Note that the List returned by this function is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose policy criterion (if any) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pPolicy" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetPolicy( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List **pPolicy, /* list of PKIX_PL_OID */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetPolicy andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the policy criterion of the ComCertSelParams object pointed to by andre@0: * "params" using a List of OIDs pointed to by "policy". In order to match andre@0: * against this criterion, a certificate's CertificatePolicies extension must andre@0: * include at least one of the criterion's policies. If "params" has this andre@0: * criterion set, but the List of OIDs is empty, then a certificate's andre@0: * CertificatePolicies extension must include at least some policy. andre@0: * andre@0: * If "policy" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose policy criterion is to be set. andre@0: * Must be non-NULL. andre@0: * "policy" andre@0: * Address of List of OIDs used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetPolicy( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_List *policy, /* list of PKIX_PL_OID */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetIssuer andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the X500Name (if any) representing the issuer andre@0: * criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pIssuer". In order to match against this andre@0: * criterion, a certificate's IssuerName must match the criterion's issuer andre@0: * name. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pIssuer", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose issuer criterion (if any) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pIssuer" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetIssuer( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_X500Name **pIssuer, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetIssuer andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the issuer criterion of the ComCertSelParams object pointed to by andre@0: * "params" using an X500Name pointed to by "issuer". In order to match andre@0: * against this criterion, a certificate's IssuerName must match the andre@0: * criterion's issuer name. andre@0: * andre@0: * If "issuer" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose issuer criterion is to be set. andre@0: * Must be non-NULL. andre@0: * "issuer" andre@0: * Address of X500Name used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetIssuer( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_X500Name *issuer, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSubject andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the X500Name (if any) representing the subject andre@0: * criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pSubject". In order to match against this andre@0: * criterion, a certificate's SubjectName must match the criterion's subject andre@0: * name. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pSubject", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject criterion (if any) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pSubject" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSubject( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_X500Name **pSubject, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSubject andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the subject criterion of the ComCertSelParams object pointed to by andre@0: * "params" using an X500Name pointed to by "subject". In order to match andre@0: * against this criterion, a certificate's SubjectName must match the andre@0: * criterion's subject name. andre@0: * andre@0: * If "subject" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "subject" andre@0: * Address of X500Name used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSubject( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_X500Name *subject, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ByteArray (if any) representing the subject andre@0: * criterion that is set in the ComCertSelParams object pointed to by andre@0: * "params" and stores it at "pSubject". In order to match against this andre@0: * criterion, a certificate's SubjectName must match the criterion's subject andre@0: * name. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pSubject", in which case all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject criterion (if any) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pSubject" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetSubjectAsByteArray( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_ByteArray **pSubject, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the subject criterion of the ComCertSelParams object pointed to by andre@0: * "params" using a ByteArray pointed to by "subject". In order to match andre@0: * against this criterion, a certificate's SubjectName must match the andre@0: * criterion's subject name. andre@0: * andre@0: * If "subject" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose subject criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "subject" andre@0: * Address of ByteArray used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetSubjectAsByteArray( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_ByteArray *subject, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the X500Name (if any) representing the name andre@0: * constraints criterion that is set in the ComCertSelParams object pointed andre@0: * to by "params" and stores it at "pConstraints". In order to match against andre@0: * this criterion, a certificate's subject and subject alternative names must andre@0: * be allowed by the criterion's name constraints. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pConstraints", in which case all certificates are considered to match andre@0: * this criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose name constraints criterion andre@0: * (if any) is to be stored. Must be non-NULL. andre@0: * "pConstraints" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetNameConstraints( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_CertNameConstraints **pConstraints, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the name constraints criterion of the ComCertSelParams object pointed andre@0: * to by "params" using the CertNameConstraints pointed to by "constraints". andre@0: * In order to match against this criterion, a certificate's subject and andre@0: * subject alternative names must be allowed by the criterion's name andre@0: * constraints. andre@0: * andre@0: * If "constraints" is NULL, all certificates are considered to match this andre@0: * criterion. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose name constraints criterion is andre@0: * to be set. Must be non-NULL. andre@0: * "constraints" andre@0: * Address of CertNameConstraints used to set the criterion andre@0: * (or NULL to disable the criterion). andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetNameConstraints( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_PL_CertNameConstraints *constraints, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Checks whether the ComCertSelParams object pointed to by "params" indicate andre@0: * that all subject alternative names are to be matched and stores the Boolean andre@0: * result at "pMatch". This Boolean value determines the behavior of the andre@0: * subject alternative names criterion. andre@0: * andre@0: * In order to match against the subject alternative names criterion, if the andre@0: * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of andre@0: * the criterion's subject alternative names. If the Boolean value at andre@0: * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the andre@0: * criterion's subject alternative names. The default behavior is as if the andre@0: * Boolean value at "pMatch" is PKIX_TRUE. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object used to determine whether all andre@0: * subject alternative names must be matched. Must be non-NULL. andre@0: * "pMatch" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_GetMatchAllSubjAltNames( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Boolean *pMatch, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the match flag of the ComCertSelParams object pointed to by "params" andre@0: * using the Boolean value of "match". This Boolean value determines the andre@0: * behavior of the subject alternative names criterion. andre@0: * andre@0: * In order to match against the subject alternative names criterion, if the andre@0: * "match" is PKIX_TRUE, a certificate must contain all of the criterion's andre@0: * subject alternative names. If the "match" is PKIX_FALSE, a certificate andre@0: * must contain at least one of the criterion's subject alternative names. andre@0: * The default behavior is as if "match" is PKIX_TRUE. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose match flag is to be set. andre@0: * Must be non-NULL. andre@0: * "match" andre@0: * Boolean value used to set the match flag. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetMatchAllSubjAltNames( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Boolean match, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag andre@0: * DESCRIPTION: andre@0: * andre@0: * Return "leafCert" flag of the ComCertSelParams structure. If set to true, andre@0: * the flag indicates that a selector should filter out all cert that are not andre@0: * qualified to be a leaf cert according to the specified key/ekey usages. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object used to determine whether all andre@0: * subject alternative names must be matched. Must be non-NULL. andre@0: * "pLeafFlag" andre@0: * Address of returned value. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error* andre@0: PKIX_ComCertSelParams_GetLeafCertFlag( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Boolean *pLeafFlag, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets a flag that if its value is true, indicates that the selector andre@0: * should only pick certs that qualifies to be leaf for this cert path andre@0: * validation. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCertSelParams object whose match flag is to be set. andre@0: * Must be non-NULL. andre@0: * "leafFlag" andre@0: * Boolean value used to set the leaf flag. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCertSelParams_SetLeafCertFlag( andre@0: PKIX_ComCertSelParams *params, andre@0: PKIX_Boolean leafFlag, andre@0: void *plContext); andre@0: andre@0: #ifdef __cplusplus andre@0: } andre@0: #endif andre@0: andre@0: #endif /* _PKIX_CERTSEL_H */