andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * This file defines functions associated with the PKIX_CRLSelector and the andre@0: * PKIX_ComCRLSelParams types. andre@0: * andre@0: */ andre@0: andre@0: andre@0: #ifndef _PKIX_CRLSEL_H andre@0: #define _PKIX_CRLSEL_H andre@0: andre@0: #include "pkixt.h" andre@0: andre@0: #ifdef __cplusplus andre@0: extern "C" { andre@0: #endif andre@0: andre@0: /* General andre@0: * andre@0: * Please refer to the libpkix Programmer's Guide for detailed information andre@0: * about how to use the libpkix library. Certain key warnings and notices from andre@0: * that document are repeated here for emphasis. andre@0: * andre@0: * All identifiers in this file (and all public identifiers defined in andre@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use andre@0: * within the library begin with "pkix_". andre@0: * andre@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. andre@0: * andre@0: * Unless otherwise noted, for all accessor (gettor) functions that return a andre@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a andre@0: * shared object. Therefore, the caller should treat this shared object as andre@0: * read-only and should not modify this shared object. When done using the andre@0: * shared object, the caller should release the reference to the object by andre@0: * using the PKIX_PL_Object_DecRef function. andre@0: * andre@0: * While a function is executing, if its arguments (or anything referred to by andre@0: * its arguments) are modified, free'd, or destroyed, the function's behavior andre@0: * is undefined. andre@0: * andre@0: */ andre@0: andre@0: /* PKIX_CRLSelector andre@0: * andre@0: * PKIX_CRLSelectors provide a standard way for the caller to select CRLs andre@0: * based on particular criteria. A CRLSelector is typically used by libpkix andre@0: * to retrieve CRLs from a CertStore during certificate chain validation or andre@0: * building. (see pkix_certstore.h) For example, the caller may wish to only andre@0: * select those CRLs that have a particular issuer or a particular value for a andre@0: * private CRL extension. The MatchCallback allows the caller to specify the andre@0: * custom matching logic to be used by a CRLSelector. andre@0: andre@0: * By default, the MatchCallback is set to point to the default implementation andre@0: * provided by libpkix, which understands how to process the most common andre@0: * parameters. If the default implementation is used, the caller should set andre@0: * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams. andre@0: * Any common parameter that is not set is assumed to be disabled, which means andre@0: * the default MatchCallback implementation will select all CRLs without andre@0: * regard to that particular disabled parameter. For example, if the andre@0: * MaxCRLNumber parameter is not set, MatchCallback will not filter out any andre@0: * CRL based on its CRL number. As such, if no parameters are set, all are andre@0: * disabled and any CRL will match. If a parameter is disabled, its associated andre@0: * PKIX_ComCRLSelParams_Get* function returns a default value of NULL. andre@0: * andre@0: * If a custom implementation is desired, the default implementation can be andre@0: * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the andre@0: * CRLSelector can be initialized with a crlSelectorContext, which is where andre@0: * the caller can specify the desired parameters the caller wishes to match andre@0: * against. Note that this crlSelectorContext must be a PKIX_PL_Object, andre@0: * allowing it to be reference-counted and allowing it to provide the standard andre@0: * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate). andre@0: * andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_MatchCallback andre@0: * DESCRIPTION: andre@0: * andre@0: * This callback function determines whether the specified CRL pointed to by andre@0: * "crl" matches the criteria of the CRLSelector pointed to by "selector". andre@0: * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at andre@0: * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CRLSelector whose MatchCallback logic and parameters are andre@0: * to be used. Must be non-NULL. andre@0: * "crl" andre@0: * Address of CRL that is to be matched using "selector". Must be non-NULL. andre@0: * "pMatch" andre@0: * Address at which Boolean result is stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe andre@0: * andre@0: * Multiple threads must be able to safely call this function without andre@0: * worrying about conflicts, even if they're operating on the same objects. andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: typedef PKIX_Error * andre@0: (*PKIX_CRLSelector_MatchCallback)( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_PL_CRL *crl, andre@0: PKIX_Boolean *pMatch, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new CRLSelector using the Object pointed to by andre@0: * "crlSelectorContext" (if any) and stores it at "pSelector". As noted andre@0: * above, by default, the MatchCallback is set to point to the default andre@0: * implementation provided by libpkix, which understands how to process andre@0: * ComCRLSelParams. This is overridden if the MatchCallback pointed to by andre@0: * "callback" is not NULL, in which case the parameters are specified using andre@0: * the Object pointed to by "crlSelectorContext". andre@0: * andre@0: * PARAMETERS: andre@0: * "issue" andre@0: * crl issuer. andre@0: * "crlDpList" andre@0: * distribution points list andre@0: * "callback" andre@0: * The MatchCallback function to be used. andre@0: * "pSelector" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_Create( andre@0: PKIX_PL_Cert *issuer, andre@0: PKIX_List *crlDpList, andre@0: PKIX_PL_Date *date, andre@0: PKIX_CRLSelector **pSelector, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_GetMatchCallback andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to "selector's" Match callback function and puts it in andre@0: * "pCallback". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * The CRLSelector whose Match callback is desired. Must be non-NULL. andre@0: * "pCallback" andre@0: * Address where Match callback function pointer will be stored. andre@0: * Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_GetMatchCallback( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_CRLSelector_MatchCallback *pCallback, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) andre@0: * of the CRLSelector pointed to by "selector" and stores it at andre@0: * "pCRLSelectorContext". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CRLSelector whose context is to be stored. Must be non-NULL. andre@0: * "pCRLSelectorContext" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_GetCRLSelectorContext( andre@0: PKIX_CRLSelector *selector, andre@0: void **pCRLSelectorContext, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ComCRLSelParams object that represent the common andre@0: * parameters of the CRLSelector pointed to by "selector" and stores it at andre@0: * "pCommonCRLSelectorParams". If there are no common parameters stored with andre@0: * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CRLSelector whose ComCRLSelParams are to be stored. andre@0: * Must be non-NULL. andre@0: * "pCommonCRLSelectorParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_GetCommonCRLSelectorParams( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_ComCRLSelParams **pCommonCRLSelectorParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the common parameters for the CRLSelector pointed to by "selector" andre@0: * using the ComCRLSelParams pointed to by "commonCRLSelectorParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CRLSelector whose common parameters are to be set. andre@0: * Must be non-NULL. andre@0: * "commonCRLSelectorParams" andre@0: * Address of ComCRLSelParams representing the common parameters. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "selector" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_SetCommonCRLSelectorParams( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_ComCRLSelParams *commonCRLSelectorParams, andre@0: void *plContext); andre@0: andre@0: /* PKIX_ComCRLSelParams andre@0: * andre@0: * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors, andre@0: * especially determining which CRLs to retrieve from a CertStore. andre@0: * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use andre@0: * the default implementation of MatchCallback, which understands how to andre@0: * process ComCRLSelParams. andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new ComCRLSelParams object and stores it at "pParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "pParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_Create( andre@0: PKIX_ComCRLSelParams **pParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of X500Names (if any) representing the andre@0: * issuer names criterion that is set in the ComCRLSelParams pointed to by andre@0: * "params" and stores it at "pNames". In order to match against this andre@0: * criterion, a CRL's IssuerName must match at least one of the criterion's andre@0: * issuer names. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pNames", in which case all CRLs are considered to match. andre@0: * andre@0: * Note that the List returned by this function is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose issuer names criterion (if any) is to andre@0: * be stored. Must be non-NULL. andre@0: * "pNames" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_GetIssuerNames( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_List **pNames, /* list of PKIX_PL_X500Name */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the issuer names criterion of the ComCRLSelParams pointed to by andre@0: * "params" using a List of X500Names pointed to by "names". In order to match andre@0: * against this criterion, a CRL's IssuerName must match at least one of the andre@0: * criterion's issuer names. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParamsParams whose issuer names criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "names" andre@0: * Address of List of X500Names used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_SetIssuerNames( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_List *names, /* list of PKIX_PL_X500Name */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName andre@0: * DESCRIPTION: andre@0: * andre@0: * Adds to the issuer names criterion of the ComCRLSelParams pointed to by andre@0: * "params" using the X500Name pointed to by "name". In order to match andre@0: * against this criterion, a CRL's IssuerName must match at least one of the andre@0: * criterion's issuer names. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose issuer names criterion is to be added andre@0: * to. Must be non-NULL. andre@0: * "name" andre@0: * Address of X500Name to be added. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_AddIssuerName( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_X500Name *name, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Cert (if any) representing the certificate whose andre@0: * revocation status is being checked. This is not a criterion. It is simply andre@0: * optional information that may help a CertStore find relevant CRLs. andre@0: * andre@0: * If "params" does not have a certificate set, this function stores NULL at andre@0: * "pCert", in which case there is no optional information to provide. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose certificate being checked (if any) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pCert" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_GetCertificateChecking( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_Cert **pCert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ComCRLSelParams pointed to by "params" with the certificate andre@0: * (pointed to by "cert") whose revocation status is being checked. This is andre@0: * not a criterion. It is simply optional information that may help a andre@0: * CertStore find relevant CRLs. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose certificate being checked is to be andre@0: * set. Must be non-NULL. andre@0: * "cert" andre@0: * Address of Cert whose revocation status is being checked andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_SetCertificateChecking( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_Cert *cert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Date (if any) representing the dateAndTime andre@0: * criterion that is set in the ComCRLSelParams pointed to by "params" and andre@0: * stores it at "pDate". In order to match against this criterion, a CRL's andre@0: * thisUpdate component must be less than or equal to the criterion's andre@0: * dateAndTime and the CRL's nextUpdate component must be later than the andre@0: * criterion's dateAndTime. There is no match if the CRL does not contain a andre@0: * nextUpdate component. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pDate", in which case all CRLs are considered to match. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to andre@0: * be stored. Must be non-NULL. andre@0: * "pDate" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_GetDateAndTime( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_Date **pDate, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by andre@0: * "params" using a Date pointed to by "date". In order to match against this andre@0: * criterion, a CRL's thisUpdate component must be less than or equal to the andre@0: * criterion's dateAndTime and the CRL's nextUpdate component must be later andre@0: * than the criterion's dateAndTime. There is no match if the CRL does not andre@0: * contain a nextUpdate component. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "date" andre@0: * Address of Date used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_SetDateAndTime( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_Date *date, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Boolean representing the NIST CRL policy andre@0: * activation flag that is set in the ComCRLSelParams pointed to by "params" andre@0: * and stores it at "enabled". If enabled, a CRL must have nextUpdate field. andre@0: * andre@0: * Default value for this flag is TRUE. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose NIST CRL policy criterion is to andre@0: * be stored. Must be non-NULL. andre@0: * "pEnabled" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_GetNISTPolicyEnabled( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_Boolean *pEnabled, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by andre@0: * "params" using a "enabled" flag. In order to match against this andre@0: * criterion, a CRL's nextUpdate must be available and criterion's andre@0: * dataAndTime must be within thisUpdate and nextUpdate time period. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParamsParams whose NIST CRL policy criterion andre@0: * is to be set. Must be non-NULL. andre@0: * "enabled" andre@0: * Address of Bollean used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_SetNISTPolicyEnabled( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_Boolean enabled, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber andre@0: * criterion that is set in the ComCRLSelParams pointed to by "params" and andre@0: * stores it at "pNumber". In order to match against this criterion, a CRL andre@0: * must have a CRL number extension whose value is less than or equal to the andre@0: * criterion's value. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pNumber", in which case all CRLs are considered to match. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to andre@0: * be stored. Must be non-NULL. andre@0: * "pNumber" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_GetMaxCRLNumber( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_BigInt **pNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by andre@0: * "params" using a BigInt pointed to by "number". In order to match against andre@0: * this criterion, a CRL must have a CRL number extension whose value is less andre@0: * than or equal to the criterion's value. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "number" andre@0: * Address of BigInt used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_SetMaxCRLNumber( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_BigInt *number, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber andre@0: * criterion that is set in the ComCRLSelParams pointed to by "params" and andre@0: * stores it at "pNumber". In order to match against this criterion, a CRL andre@0: * must have a CRL number extension whose value is greater than or equal to andre@0: * the criterion's value. andre@0: * andre@0: * If "params" does not have this criterion set, this function stores NULL at andre@0: * "pNumber", in which case all CRLs are considered to match. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to andre@0: * be stored. Must be non-NULL. andre@0: * "pNumber" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_GetMinCRLNumber( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_BigInt **pNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by andre@0: * "params" using a BigInt pointed to by "number". In order to match against andre@0: * this criterion, a CRL must have a CRL number extension whose value is andre@0: * greater than or equal to the criterion's value. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "number" andre@0: * Address of BigInt used to set the criterion andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ComCRLSelParams_SetMinCRLNumber( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_PL_BigInt *number, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets crldp list that can be used to download a crls. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be andre@0: * set. Must be non-NULL. andre@0: * "crldpList" andre@0: * A list of CRLDPs. Can be an emptry list. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error* andre@0: PKIX_ComCRLSelParams_SetCrlDp( andre@0: PKIX_ComCRLSelParams *params, andre@0: PKIX_List *crldpList, andre@0: void *plContext); andre@0: andre@0: #ifdef __cplusplus andre@0: } andre@0: #endif andre@0: andre@0: #endif /* _PKIX_CRLSEL_H */