andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * This file defines functions associated with the various parameters used andre@0: * by the top-level functions. andre@0: * andre@0: */ andre@0: andre@0: #ifndef _PKIX_PARAMS_H andre@0: #define _PKIX_PARAMS_H andre@0: andre@0: #include "pkixt.h" andre@0: andre@0: #ifdef __cplusplus andre@0: extern "C" { andre@0: #endif andre@0: andre@0: /* General andre@0: * andre@0: * Please refer to the libpkix Programmer's Guide for detailed information andre@0: * about how to use the libpkix library. Certain key warnings and notices from andre@0: * that document are repeated here for emphasis. andre@0: * andre@0: * All identifiers in this file (and all public identifiers defined in andre@0: * libpkix) begin with "PKIX_". Private identifiers only intended for use andre@0: * within the library begin with "pkix_". andre@0: * andre@0: * A function returns NULL upon success, and a PKIX_Error pointer upon failure. andre@0: * andre@0: * Unless otherwise noted, for all accessor (gettor) functions that return a andre@0: * PKIX_PL_Object pointer, callers should assume that this pointer refers to a andre@0: * shared object. Therefore, the caller should treat this shared object as andre@0: * read-only and should not modify this shared object. When done using the andre@0: * shared object, the caller should release the reference to the object by andre@0: * using the PKIX_PL_Object_DecRef function. andre@0: * andre@0: * While a function is executing, if its arguments (or anything referred to by andre@0: * its arguments) are modified, free'd, or destroyed, the function's behavior andre@0: * is undefined. andre@0: * andre@0: */ andre@0: andre@0: /* PKIX_ProcessingParams andre@0: * andre@0: * PKIX_ProcessingParams are parameters used when validating or building a andre@0: * chain of certificates. Using the parameters, the caller can specify several andre@0: * things, including the various inputs to the PKIX chain validation andre@0: * algorithm (such as trust anchors, initial policies, etc), any customized andre@0: * functionality (such as CertChainCheckers, RevocationCheckers, CertStores), andre@0: * and whether revocation checking should be disabled. andre@0: * andre@0: * Once the caller has created the ProcessingParams object, the caller then andre@0: * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call andre@0: * the user's callback functions as needed during the validation or building andre@0: * process. andre@0: * andre@0: * If a parameter is not set (or is set to NULL), it will be set to the andre@0: * default value for that parameter. The default value for the Date parameter andre@0: * is NULL, which indicates the current time when the path is validated. The andre@0: * default for the remaining parameters is the least constrained. andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new ProcessingParams object. Trust anchor list is set to andre@0: * newly created empty list of trust. In this case trust anchors will andre@0: * be taken from provided cert store. Pointed to the created andre@0: * ProcessingParams object is stored in "pParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "anchors" andre@0: * Address of List of (non-empty) TrustAnchors to be used. andre@0: * Must be non-NULL. andre@0: * "pParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_Create( andre@0: PKIX_ProcessingParams **pParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of CertChainCheckers (if any) that are set andre@0: * in the ProcessingParams pointed to by "params" and stores it at andre@0: * "pCheckers". Each CertChainChecker represents a custom certificate andre@0: * validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed andre@0: * during the validation or building process. If "params" does not have any andre@0: * CertChainCheckers, this function stores an empty List at "pCheckers". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of CertChainCheckers (if any) andre@0: * are to be stored. Must be non-NULL. andre@0: * "pCheckers" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetCertChainCheckers( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a List of andre@0: * CertChainCheckers pointed to by "checkers". Each CertChainChecker andre@0: * represents a custom certificate validation check used by andre@0: * PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or andre@0: * building process. If "checkers" is NULL, no CertChainCheckers will be used. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of CertChainCheckers is to be andre@0: * set. Must be non-NULL. andre@0: * "checkers" andre@0: * Address of List of CertChainCheckers to be set. If NULL, no andre@0: * CertChainCheckers will be used. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" and "checkers" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetCertChainCheckers( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List *checkers, /* list of PKIX_CertChainChecker */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker andre@0: * DESCRIPTION: andre@0: * andre@0: * Adds the CertChainChecker pointed to by "checker" to the ProcessingParams andre@0: * pointed to by "params". The CertChainChecker represents a custom andre@0: * certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain andre@0: * as needed during the validation or building process. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams to be added to. Must be non-NULL. andre@0: * "checker" andre@0: * Address of CertChainChecker to be added. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_AddCertChainChecker( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_CertChainChecker *checker, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the RevocationChecker that are set andre@0: * in the ProcessingParams pointed to by "params" and stores it at andre@0: * "pRevChecker". Each RevocationChecker represents a revocation andre@0: * check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the andre@0: * validation or building process. If "params" does not have any andre@0: * RevocationCheckers, this function stores an empty List at "pRevChecker". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of RevocationCheckers andre@0: * is to be stored. Must be non-NULL. andre@0: * "pRevChecker" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetRevocationChecker( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_RevocationChecker **pChecker, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a andre@0: * RevocationChecker pointed to by "revChecker". Revocation andre@0: * checker object should be created and assigned to processing andre@0: * parameters before chain build or validation can begin. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of RevocationCheckers is to be andre@0: * set. Must be non-NULL. andre@0: * "revChecker" andre@0: * Address of RevocationChecker to be set. Must be set before chain andre@0: * building or validation. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetRevocationChecker( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_RevocationChecker *revChecker, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetCertStores andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of CertStores (if any) that are set in the andre@0: * ProcessingParams pointed to by "params" and stores it at "pStores". Each andre@0: * CertStore represents a particular repository from which certificates and andre@0: * CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed andre@0: * during the validation or building process. If "params" does not have any andre@0: * CertStores, this function stores an empty List at "pStores". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of CertStores (if any) are to andre@0: * be stored. Must be non-NULL. andre@0: * "pStores" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetCertStores( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List **pStores, /* list of PKIX_CertStore */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetCertStores andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a List of CertStores andre@0: * pointed to by "stores". Each CertStore represents a particular repository andre@0: * from which certificates and CRLs can be retrieved by PKIX_ValidateChain or andre@0: * PKIX_BuildChain as needed during the validation or building process. If andre@0: * "stores" is NULL, no CertStores will be used. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of CertStores is to be set. andre@0: * Must be non-NULL. andre@0: * "stores" andre@0: * Address of List of CertStores to be set. If NULL, no CertStores will andre@0: * be used. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetCertStores( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List *stores, /* list of PKIX_CertStore */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_AddCertStore andre@0: * DESCRIPTION: andre@0: * andre@0: * Adds the CertStore pointed to by "store" to the ProcessingParams pointed andre@0: * to by "params". The CertStore represents a particular repository from andre@0: * which certificates and CRLs can be retrieved by PKIX_ValidateChain or andre@0: * PKIX_BuildChain as needed during the validation or building process. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams to be added to. Must be non-NULL. andre@0: * "store" andre@0: * Address of CertStore to be added. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_AddCertStore( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_CertStore *store, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetDate andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Date (if any) that is set in the andre@0: * ProcessingParams pointed to by "params" and stores it at "pDate". The andre@0: * Date represents the time for which the validation of the certificate chain andre@0: * should be determined. If "params" does not have any Date set, this function andre@0: * stores NULL at "pDate". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose Date (if any) is to be stored. andre@0: * Must be non-NULL. andre@0: * "pDate" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetDate( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_PL_Date **pDate, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetDate andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a Date pointed to by andre@0: * "date". The Date represents the time for which the validation of the andre@0: * certificate chain should be determined. If "date" is NULL, the current andre@0: * time is used during validation. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose Date is to be set. Must be non-NULL. andre@0: * "date" andre@0: * Address of Date to be set. If NULL, current time is used. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetDate( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_PL_Date *date, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of OIDs (if any) that are set in the andre@0: * ProcessingParams pointed to by "params" and stores it at "pInitPolicies". andre@0: * Each OID represents an initial policy identifier, indicating that any andre@0: * one of these policies would be acceptable to the certificate user for andre@0: * the purposes of certification path processing. If "params" does not have andre@0: * any initial policies, this function stores an empty List at andre@0: * "pInitPolicies". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of OIDs (if any) are to be andre@0: * stored. Must be non-NULL. andre@0: * "pInitPolicies" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetInitialPolicies( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a List of OIDs andre@0: * pointed to by "initPolicies". andre@0: * andre@0: * Each OID represents an initial policy identifier, indicating that any andre@0: * one of these policies would be acceptable to the certificate user for andre@0: * the purposes of certification path processing. By default, any policy andre@0: * is acceptable (i.e. all policies), so a user that wants to allow any andre@0: * policy as acceptable does not need to call this method. Similarly, if andre@0: * initPolicies is NULL or points to an empty List, all policies are andre@0: * acceptable. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of OIDs is to be set. andre@0: * Must be non-NULL. andre@0: * "initPolicies" andre@0: * Address of List of OIDs to be set. If NULL or if pointing to an empty andre@0: * List, all policies are acceptable. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetInitialPolicies( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List *initPolicies, /* list of PKIX_PL_OID */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected andre@0: * DESCRIPTION: andre@0: * andre@0: * Checks whether the ProcessingParams pointed to by "params" indicate that andre@0: * policy qualifiers should be rejected and stores the Boolean result at andre@0: * "pRejected". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams used to determine whether or not policy andre@0: * qualifiers should be rejected. Must be non-NULL. andre@0: * "pRejected" andre@0: * Address where Boolean will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetPolicyQualifiersRejected( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean *pRejected, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected andre@0: * DESCRIPTION: andre@0: * andre@0: * Specifies in the ProcessingParams pointed to by "params" whether policy andre@0: * qualifiers are rejected using the Boolean value of "rejected". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams to be set. Must be non-NULL. andre@0: * "rejected" andre@0: * Boolean value indicating whether policy qualifiers are to be rejected. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetPolicyQualifiersRejected( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean rejected, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the CertSelector (if any) that is set in the andre@0: * ProcessingParams pointed to by "params" and stores it at "pConstraints". andre@0: * The CertSelector represents the constraints to be placed on the target andre@0: * certificate. If "params" does not have any CertSelector set, this function andre@0: * stores NULL at "pConstraints". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose CertSelector (if any) is to be andre@0: * stored. Must be non-NULL. andre@0: * "pConstraints" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetTargetCertConstraints( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_CertSelector **pConstraints, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a CertSelector andre@0: * pointed to by "constraints". The CertSelector represents the constraints andre@0: * to be placed on the target certificate. If "constraints" is NULL, no andre@0: * constraints are defined. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose CertSelector is to be set. andre@0: * Must be non-NULL. andre@0: * "constraints" andre@0: * Address of CertSelector to be set. If NULL, no constraints are defined. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetTargetCertConstraints( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_CertSelector *constraints, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of TrustAnchors that are set in andre@0: * the ProcessingParams pointed to by "params" and stores it at "pAnchors". andre@0: * If the function succeeds, the pointer to the List is guaranteed to be andre@0: * non-NULL and the List is guaranteed to be non-empty. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of TrustAnchors are to andre@0: * be stored. Must be non-NULL. andre@0: * "pAnchors" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetTrustAnchors( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List **pAnchors, /* list of TrustAnchor */ andre@0: void *plContext); andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets user defined set of trust anchors. The handling of the trust anchors andre@0: * may be furthered alter via PKIX_ProcessingParams_SetUseOnlyTrustAnchors. andre@0: * By default, a certificate will be considered invalid if it does not chain andre@0: * to a trusted anchor from this list. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of TrustAnchors are to andre@0: * be stored. Must be non-NULL. andre@0: * "anchors" andre@0: * Address of the trust anchors list object. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetTrustAnchors( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List *pAnchors, /* list of TrustAnchor */ andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetUseOnlyTrustAnchors andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Boolean. The boolean value represents andre@0: * the switch value that is used to identify whether trust anchors, if andre@0: * specified, should be the exclusive source of trust information. andre@0: * If the function succeeds, the pointer to the Boolean is guaranteed to be andre@0: * non-NULL. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams. Must be non-NULL. andre@0: * "pUseOnlyTrustAnchors" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetUseOnlyTrustAnchors( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean *pUseOnlyTrustAnchors, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors andre@0: * DESCRIPTION: andre@0: * andre@0: * Configures whether trust anchors are used as the exclusive source of trust. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams. Must be non-NULL. andre@0: * "useOnlyTrustAnchors" andre@0: * If true, indicates that trust anchors should be used exclusively when andre@0: * they have been specified via PKIX_ProcessingParams_SetTrustAnchors. A andre@0: * certificate will be considered invalid if it does not chain to a andre@0: * trusted anchor from that list. andre@0: * If false, indicates that the trust anchors are additive to whatever andre@0: * existing trust stores are configured. A certificate is considered andre@0: * valid if it chains to EITHER a trusted anchor from that list OR a andre@0: * certificate marked trusted in a trust store. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetUseOnlyTrustAnchors( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean useOnlyTrustAnchors, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Boolean. The boolean value represents andre@0: * the switch value that is used to identify if url in cert AIA extension andre@0: * may be used for cert fetching. andre@0: * If the function succeeds, the pointer to the Boolean is guaranteed to be andre@0: * non-NULL. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams. Must be non-NULL. andre@0: * "pUseAIA" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetUseAIAForCertFetching( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean *pUseAIA, /* list of TrustAnchor */ andre@0: void *plContext); andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets switch value that defines if url in cert AIA extension andre@0: * may be used for cert fetching. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams. andre@0: * "useAIA" andre@0: * Address of the trust anchors list object. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetUseAIAForCertFetching( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean useAIA, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets a boolean value that tells if libpkix needs to check that andre@0: * the target certificate satisfies the conditions set in processing andre@0: * parameters. Includes but not limited to date, ku and eku checks. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of TrustAnchors are to andre@0: * be stored. Must be non-NULL. andre@0: * "qualifyTargetCert" andre@0: * boolean value if set to true will trigger qualification of the andre@0: * target certificate. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetQualifyTargetCert( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean qualifyTargetCert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetHintCerts andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to a List of Certs supplied by the user as a suggested andre@0: * partial CertChain (subject to verification), that are set in the andre@0: * ProcessingParams pointed to by "params", and stores it at "pHintCerts". andre@0: * The List returned may be empty or NULL. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of TrustAnchors are to andre@0: * be stored. Must be non-NULL. andre@0: * "pHintCerts" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetHintCerts( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List **pHintCerts, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetHintCerts andre@0: * DESCRIPTION: andre@0: * andre@0: * Stores a pointer to a List of Certs supplied by the user as a suggested andre@0: * partial CertChain (subject to verification), as an element in the andre@0: * ProcessingParams pointed to by "params". The List may be empty or NULL. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose List of HintCerts is to be stored. andre@0: * Must be non-NULL. andre@0: * "hintCerts" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetHintCerts( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_List *hintCerts, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_GetResourceLimits andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ResourceLimits (if any) that is set in the andre@0: * ProcessingParams pointed to by "params" and stores it at "pResourceLimits". andre@0: * The ResourceLimits represent the maximum resource usage that the caller andre@0: * desires (such as MaxTime). The ValidateChain or BuildChain call will not andre@0: * exceed these maximum limits. If "params" does not have any ResourceLimits andre@0: * set, this function stores NULL at "pResourceLimits". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose ResourceLimits (if any) are to be andre@0: * stored. Must be non-NULL. andre@0: * "pResourceLimits" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_GetResourceLimits( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_ResourceLimits **pResourceLimits, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetResourceLimits andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the ProcessingParams pointed to by "params" with a ResourceLimits andre@0: * object pointed to by "resourceLimits". The ResourceLimits represent the andre@0: * maximum resource usage that the caller desires (such as MaxTime). The andre@0: * ValidateChain or BuildChain call will not exceed these maximum limits. andre@0: * If "resourceLimits" is NULL, no ResourceLimits are defined. andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams whose ResourceLimits are to be set. andre@0: * Must be non-NULL. andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits to be set. If NULL, no limits are defined. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetResourceLimits( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited andre@0: * DESCRIPTION: andre@0: * andre@0: * Checks whether the ProcessingParams pointed to by "params" indicate that andre@0: * anyPolicy is inhibited and stores the Boolean result at "pInhibited". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams used to determine whether or not anyPolicy andre@0: * inhibited. Must be non-NULL. andre@0: * "pInhibited" andre@0: * Address where Boolean will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_IsAnyPolicyInhibited( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean *pInhibited, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited andre@0: * DESCRIPTION: andre@0: * andre@0: * Specifies in the ProcessingParams pointed to by "params" whether anyPolicy andre@0: * is inhibited using the Boolean value of "inhibited". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams to be set. Must be non-NULL. andre@0: * "inhibited" andre@0: * Boolean value indicating whether anyPolicy is to be inhibited. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetAnyPolicyInhibited( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean inhibited, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired andre@0: * DESCRIPTION: andre@0: * andre@0: * Checks whether the ProcessingParams pointed to by "params" indicate that andre@0: * explicit policies are required and stores the Boolean result at andre@0: * "pRequired". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams used to determine whether or not explicit andre@0: * policies are required. Must be non-NULL. andre@0: * "pRequired" andre@0: * Address where Boolean will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_IsExplicitPolicyRequired( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean *pRequired, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired andre@0: * DESCRIPTION: andre@0: * andre@0: * Specifies in the ProcessingParams pointed to by "params" whether explicit andre@0: * policies are required using the Boolean value of "required". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams to be set. Must be non-NULL. andre@0: * "required" andre@0: * Boolean value indicating whether explicit policies are to be required. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetExplicitPolicyRequired( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean required, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited andre@0: * DESCRIPTION: andre@0: * andre@0: * Checks whether the ProcessingParams pointed to by "params" indicate that andre@0: * policyMapping is inhibited and stores the Boolean result at "pInhibited". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams used to determine whether or not policy andre@0: * mappings are inhibited. Must be non-NULL. andre@0: * "pInhibited" andre@0: * Address where Boolean will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_IsPolicyMappingInhibited( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean *pInhibited, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited andre@0: * DESCRIPTION: andre@0: * andre@0: * Specifies in the ProcessingParams pointed to by "params" whether policy andre@0: * mapping is inhibited using the Boolean value of "inhibited". andre@0: * andre@0: * PARAMETERS: andre@0: * "params" andre@0: * Address of ProcessingParams to be set. Must be non-NULL. andre@0: * "inhibited" andre@0: * Boolean value indicating whether policy mapping is to be inhibited. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ProcessingParams_SetPolicyMappingInhibited( andre@0: PKIX_ProcessingParams *params, andre@0: PKIX_Boolean inhibited, andre@0: void *plContext); andre@0: andre@0: andre@0: /* PKIX_ValidateParams andre@0: * andre@0: * PKIX_ValidateParams consists of a ProcessingParams object as well as the andre@0: * List of Certs (certChain) that the caller is trying to validate. andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ValidateParams_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new ValidateParams object and stores it at "pParams". andre@0: * andre@0: * PARAMETERS: andre@0: * "procParams" andre@0: * Address of ProcessingParams to be used. Must be non-NULL. andre@0: * "chain" andre@0: * Address of List of Certs (certChain) to be validated. Must be non-NULL. andre@0: * "pParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ValidateParams_Create( andre@0: PKIX_ProcessingParams *procParams, andre@0: PKIX_List *chain, andre@0: PKIX_ValidateParams **pParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ValidateParams_GetProcessingParams andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the ProcessingParams that represent the basic andre@0: * certificate processing parameters used during chain validation and chain andre@0: * building from the ValidateParams pointed to by "valParams" and stores it andre@0: * at "pProcParams". If the function succeeds, the pointer to the andre@0: * ProcessingParams is guaranteed to be non-NULL. andre@0: * andre@0: * PARAMETERS: andre@0: * "valParams" andre@0: * Address of ValidateParams whose ProcessingParams are to be stored. andre@0: * Must be non-NULL. andre@0: * "pProcParams" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ValidateParams_GetProcessingParams( andre@0: PKIX_ValidateParams *valParams, andre@0: PKIX_ProcessingParams **pProcParams, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ValidateParams_GetCertChain andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the List of Certs (certChain) that is set in the andre@0: * ValidateParams pointed to by "valParams" and stores it at "pChain". If the andre@0: * function succeeds, the pointer to the CertChain is guaranteed to be andre@0: * non-NULL. andre@0: * andre@0: * PARAMETERS: andre@0: * "valParams" andre@0: * Address of ValidateParams whose CertChain is to be stored. andre@0: * Must be non-NULL. andre@0: * "pChain" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ValidateParams_GetCertChain( andre@0: PKIX_ValidateParams *valParams, andre@0: PKIX_List **pChain, andre@0: void *plContext); andre@0: andre@0: /* PKIX_TrustAnchor andre@0: * andre@0: * A PKIX_TrustAnchor represents a trusted entity and can be specified using a andre@0: * self-signed certificate or using the trusted CA's name and public key. In andre@0: * order to limit the trust in the trusted entity, name constraints can also andre@0: * be imposed on the trust anchor. andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_TrustAnchor_CreateWithCert andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new TrustAnchor object using the Cert pointed to by "cert" as andre@0: * the trusted certificate and stores it at "pAnchor". Once created, a andre@0: * TrustAnchor is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "cert" andre@0: * Address of Cert to use as trusted certificate. Must be non-NULL. andre@0: * "pAnchor" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_TrustAnchor_CreateWithCert( andre@0: PKIX_PL_Cert *cert, andre@0: PKIX_TrustAnchor **pAnchor, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new TrustAnchor object using the X500Name pointed to by "name", andre@0: * and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The andre@0: * CertNameConstraints pointed to by "nameConstraints" (if any) are used to andre@0: * limit the trust placed in this trust anchor. To indicate that name andre@0: * constraints don't apply, set "nameConstraints" to NULL. Once created, a andre@0: * TrustAnchor is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "name" andre@0: * Address of X500Name to use as name of trusted CA. Must be non-NULL. andre@0: * "pubKey" andre@0: * Address of PublicKey to use as trusted public key. Must be non-NULL. andre@0: * "nameConstraints" andre@0: * Address of CertNameConstraints to use as initial name constraints. andre@0: * If NULL, no name constraints are applied. andre@0: * "pAnchor" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_TrustAnchor_CreateWithNameKeyPair( andre@0: PKIX_PL_X500Name *name, andre@0: PKIX_PL_PublicKey *pubKey, andre@0: PKIX_PL_CertNameConstraints *nameConstraints, andre@0: PKIX_TrustAnchor **pAnchor, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_TrustAnchor_GetTrustedCert andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to andre@0: * by "anchor" and stores it at "pCert". If "anchor" does not have a Cert andre@0: * set, this function stores NULL at "pCert". andre@0: * andre@0: * PARAMETERS: andre@0: * "anchor" andre@0: * Address of TrustAnchor whose Cert is to be stored. Must be non-NULL. andre@0: * "pChain" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_TrustAnchor_GetTrustedCert( andre@0: PKIX_TrustAnchor *anchor, andre@0: PKIX_PL_Cert **pCert, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_TrustAnchor_GetCAName andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the CA's X500Name (if any) that is set in the andre@0: * TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor" andre@0: * does not have an X500Name set, this function stores NULL at "pCAName". andre@0: * andre@0: * PARAMETERS: andre@0: * "anchor" andre@0: * Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL. andre@0: * "pCAName" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_TrustAnchor_GetCAName( andre@0: PKIX_TrustAnchor *anchor, andre@0: PKIX_PL_X500Name **pCAName, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the CA's PublicKey (if any) that is set in the andre@0: * TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor" andre@0: * does not have a PublicKey set, this function stores NULL at "pPubKey". andre@0: * andre@0: * PARAMETERS: andre@0: * "anchor" andre@0: * Address of TrustAnchor whose CA PublicKey is to be stored. andre@0: * Must be non-NULL. andre@0: * "pPubKey" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_TrustAnchor_GetCAPublicKey( andre@0: PKIX_TrustAnchor *anchor, andre@0: PKIX_PL_PublicKey **pPubKey, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_TrustAnchor_GetNameConstraints andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a pointer to the CertNameConstraints (if any) set in the andre@0: * TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If andre@0: * "anchor" does not have any CertNameConstraints set, this function stores andre@0: * NULL at "pConstraints". andre@0: * andre@0: * PARAMETERS: andre@0: * "anchor" andre@0: * Address of TrustAnchor whose CertNameConstraints are to be stored. andre@0: * Must be non-NULL. andre@0: * "pConstraints" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a Params Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_TrustAnchor_GetNameConstraints( andre@0: PKIX_TrustAnchor *anchor, andre@0: PKIX_PL_CertNameConstraints **pNameConstraints, andre@0: void *plContext); andre@0: andre@0: /* PKIX_ResourceLimits andre@0: * andre@0: * A PKIX_ResourceLimits object represents the maximum resource usage that andre@0: * the caller desires. The ValidateChain or BuildChain call andre@0: * will not exceed these maximum limits. For example, the caller may want andre@0: * a timeout value of 1 minute, meaning that if the ValidateChain or andre@0: * BuildChain function is unable to finish in 1 minute, it should abort andre@0: * with an Error. andre@0: */ andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_Create andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new ResourceLimits object and stores it at "pResourceLimits". andre@0: * andre@0: * PARAMETERS: andre@0: * "pResourceLimits" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_Create( andre@0: PKIX_ResourceLimits **pResourceLimits, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_GetMaxTime andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the maximum time that is andre@0: * set in the ResourceLimits object pointed to by "resourceLimits" and stores andre@0: * it at "pMaxTime". This maximum time (in seconds) should not be exceeded andre@0: * by the function whose ProcessingParams contain this ResourceLimits object andre@0: * (typically ValidateChain or BuildChain). It essentially functions as a andre@0: * time-out value and is only appropriate if blocking I/O is being used. andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum time (in seconds) is andre@0: * to be stored. Must be non-NULL. andre@0: * "pMaxTime" andre@0: * Address where PKIX_UInt32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_GetMaxTime( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 *pMaxTime, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_SetMaxTime andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the maximum time of the ResourceLimits object pointed to by andre@0: * "resourceLimits" using the PKIX_UInt32 value of "maxTime". This andre@0: * maximum time (in seconds) should not be exceeded by the function andre@0: * whose ProcessingParams contain this ResourceLimits object andre@0: * (typically ValidateChain or BuildChain). It essentially functions as a andre@0: * time-out value and is only appropriate if blocking I/O is being used. andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum time (in seconds) is andre@0: * to be set. Must be non-NULL. andre@0: * "maxTime" andre@0: * Value of PKIX_UInt32 representing the maximum time (in seconds) andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_SetMaxTime( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 maxTime, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_GetMaxFanout andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is andre@0: * set in the ResourceLimits object pointed to by "resourceLimits" and stores andre@0: * it at "pMaxFanout". This maximum fanout (number of certs) should not be andre@0: * exceeded by the function whose ProcessingParams contain this ResourceLimits andre@0: * object (typically ValidateChain or BuildChain). If the builder encounters andre@0: * more than this maximum number of certificates when searching for the next andre@0: * candidate certificate, it should abort and return an error. This andre@0: * parameter is only relevant for ValidateChain if it needs to internally call andre@0: * BuildChain (e.g. in order to build the chain to a CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum fanout (number of certs) andre@0: * is to be stored. Must be non-NULL. andre@0: * "pMaxFanout" andre@0: * Address where PKIX_UInt32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_GetMaxFanout( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 *pMaxFanout, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_SetMaxFanout andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the maximum fanout of the ResourceLimits object pointed to by andre@0: * "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum andre@0: * fanout (number of certs) should not be exceeded by the function whose andre@0: * ProcessingParams contain this ResourceLimits object (typically ValidateChain andre@0: * or BuildChain). If the builder encounters more than this maximum number of andre@0: * certificates when searching for the next candidate certificate, it should andre@0: * abort and return an Error. This parameter is only relevant for ValidateChain andre@0: * if it needs to internally call BuildChain (e.g. in order to build the andre@0: * chain to a CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum fanout (number of certs) andre@0: * is to be set. Must be non-NULL. andre@0: * "maxFanout" andre@0: * Value of PKIX_UInt32 representing the maximum fanout (number of certs) andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_SetMaxFanout( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 maxFanout, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_GetMaxDepth andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is andre@0: * set in the ResourceLimits object pointed to by "resourceLimits" and stores andre@0: * it at "pMaxDepth". This maximum depth (number of certs) should not be andre@0: * exceeded by the function whose ProcessingParams contain this ResourceLimits andre@0: * object (typically ValidateChain or BuildChain). If the builder encounters andre@0: * more than this maximum number of certificates when searching for the next andre@0: * candidate certificate, it should abort and return an error. This andre@0: * parameter is only relevant for ValidateChain if it needs to internally call andre@0: * BuildChain (e.g. in order to build the chain to a CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum depth (number of certs) andre@0: * is to be stored. Must be non-NULL. andre@0: * "pMaxDepth" andre@0: * Address where PKIX_UInt32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_GetMaxDepth( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 *pMaxDepth, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_SetMaxDepth andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the maximum depth of the ResourceLimits object pointed to by andre@0: * "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum andre@0: * depth (number of certs) should not be exceeded by the function whose andre@0: * ProcessingParams contain this ResourceLimits object (typically ValidateChain andre@0: * or BuildChain). If the builder encounters more than this maximum number of andre@0: * certificates when searching for the next candidate certificate, it should andre@0: * abort and return an Error. This parameter is only relevant for ValidateChain andre@0: * if it needs to internally call BuildChain (e.g. in order to build the andre@0: * chain to a CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum depth (number of certs) andre@0: * is to be set. Must be non-NULL. andre@0: * "maxDepth" andre@0: * Value of PKIX_UInt32 representing the maximum depth (number of certs) andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_SetMaxDepth( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 maxDepth, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed andre@0: * certs that is set in the ResourceLimits object pointed to by "resourceLimits" andre@0: * and stores it at "pMaxNumber". This maximum number of traversed certs should andre@0: * not be exceeded by the function whose ProcessingParams contain this ResourceLimits andre@0: * object (typically ValidateChain or BuildChain). If the builder traverses more andre@0: * than this number of certs during the build process, it should abort and andre@0: * return an Error. This parameter is only relevant for ValidateChain if it andre@0: * needs to internally call BuildChain (e.g. in order to build the chain to a andre@0: * CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum number of traversed certs andre@0: * is to be stored. Must be non-NULL. andre@0: * "pMaxNumber" andre@0: * Address where PKIX_UInt32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_GetMaxNumberOfCerts( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 *pMaxNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the maximum number of traversed certs of the ResourceLimits object andre@0: * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber". andre@0: * This maximum number of traversed certs should not be exceeded by the function andre@0: * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain andre@0: * or BuildChain). If the builder traverses more than this number of certs andre@0: * during the build process, it should abort and return an Error. This parameter andre@0: * is only relevant for ValidateChain if it needs to internally call BuildChain andre@0: * (e.g. in order to build the chain to a CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum number of traversed certs andre@0: * is to be set. Must be non-NULL. andre@0: * "maxNumber" andre@0: * Value of PKIX_UInt32 representing the maximum number of traversed certs andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_SetMaxNumberOfCerts( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 maxNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs andre@0: * DESCRIPTION: andre@0: * andre@0: * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed andre@0: * CRLs that is set in the ResourceLimits object pointed to by "resourceLimits" andre@0: * and stores it at "pMaxNumber". This maximum number of traversed CRLs should andre@0: * not be exceeded by the function whose ProcessingParams contain this ResourceLimits andre@0: * object (typically ValidateChain or BuildChain). If the builder traverses more andre@0: * than this number of CRLs during the build process, it should abort and andre@0: * return an Error. This parameter is only relevant for ValidateChain if it andre@0: * needs to internally call BuildChain (e.g. in order to build the chain to a andre@0: * CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum number of traversed CRLs andre@0: * is to be stored. Must be non-NULL. andre@0: * "pMaxNumber" andre@0: * Address where PKIX_UInt32 will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_GetMaxNumberOfCRLs( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 *pMaxNumber, andre@0: void *plContext); andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs andre@0: * DESCRIPTION: andre@0: * andre@0: * Sets the maximum number of traversed CRLs of the ResourceLimits object andre@0: * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber". andre@0: * This maximum number of traversed CRLs should not be exceeded by the function andre@0: * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain andre@0: * or BuildChain). If the builder traverses more than this number of CRLs andre@0: * during the build process, it should abort and return an Error. This parameter andre@0: * is only relevant for ValidateChain if it needs to internally call BuildChain andre@0: * (e.g. in order to build the chain to a CRL's issuer). andre@0: * andre@0: * PARAMETERS: andre@0: * "resourceLimits" andre@0: * Address of ResourceLimits object whose maximum number of traversed CRLs andre@0: * is to be set. Must be non-NULL. andre@0: * "maxNumber" andre@0: * Value of PKIX_UInt32 representing the maximum number of traversed CRLs andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - assumes exclusive access to "params" andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a ResourceLimits Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_ResourceLimits_SetMaxNumberOfCRLs( andre@0: PKIX_ResourceLimits *resourceLimits, andre@0: PKIX_UInt32 maxNumber, andre@0: void *plContext); andre@0: andre@0: #ifdef __cplusplus andre@0: } andre@0: #endif andre@0: andre@0: #endif /* _PKIX_PARAMS_H */