andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * This file defines the types in the libpkix API. andre@0: * XXX Maybe we should specify the API version number in all API header files andre@0: * andre@0: */ andre@0: andre@0: #ifndef _PKIXT_H andre@0: #define _PKIXT_H andre@0: andre@0: #ifdef __cplusplus andre@0: extern "C" { andre@0: #endif andre@0: andre@0: #include "secerr.h" andre@0: andre@0: /* Types andre@0: * andre@0: * This header file provides typedefs for the abstract types used by libpkix. andre@0: * It also provides several useful macros. andre@0: * andre@0: * Note that all these abstract types are typedef'd as opaque structures. This andre@0: * is intended to discourage the caller from looking at the contents directly, andre@0: * since the format of the contents may change from one version of the library andre@0: * to the next. Instead, callers should only access these types using the andre@0: * functions defined in the public header files. andre@0: * andre@0: * An instance of an abstract type defined in this file is called an "object" andre@0: * here, although C does not have real support for objects. andre@0: * andre@0: * Because C does not typically have automatic garbage collection, the caller andre@0: * is expected to release the reference to any object that they create or that andre@0: * is returned to them by a libpkix function. The caller should do this by andre@0: * using the PKIX_PL_Object_DecRef function. Note that the caller should not andre@0: * release the reference to an object if the object has been passed to a andre@0: * libpkix function and that function has not returned. andre@0: * andre@0: * Please refer to libpkix Programmer's Guide for more details. andre@0: */ andre@0: andre@0: /* Version andre@0: * andre@0: * These macros specify the major and minor version of the libpkix API defined andre@0: * by this header file. andre@0: */ andre@0: andre@0: #define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0) andre@0: #define PKIX_MINOR_VERSION ((PKIX_UInt32) 3) andre@0: andre@0: /* Maximum minor version andre@0: * andre@0: * This macro is used to specify that the caller wants the largest minor andre@0: * version available. andre@0: */ andre@0: andre@0: #define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000) andre@0: andre@0: /* Define Cert Store type for database access */ andre@0: #define PKIX_STORE_TYPE_NONE 0 andre@0: #define PKIX_STORE_TYPE_PK11 1 andre@0: andre@0: /* Portable Code (PC) data types andre@0: * andre@0: * These types are used to perform the primary operations of this library: andre@0: * building and validating chains of X.509 certificates. andre@0: */ andre@0: andre@0: typedef struct PKIX_ErrorStruct PKIX_Error; andre@0: typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams; andre@0: typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams; andre@0: typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult; andre@0: typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits; andre@0: typedef struct PKIX_BuildResultStruct PKIX_BuildResult; andre@0: typedef struct PKIX_CertStoreStruct PKIX_CertStore; andre@0: typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker; andre@0: typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker; andre@0: typedef struct PKIX_CertSelectorStruct PKIX_CertSelector; andre@0: typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector; andre@0: typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams; andre@0: typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams; andre@0: typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor; andre@0: typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode; andre@0: typedef struct PKIX_LoggerStruct PKIX_Logger; andre@0: typedef struct PKIX_ListStruct PKIX_List; andre@0: typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState; andre@0: typedef struct PKIX_DefaultRevocationCheckerStruct andre@0: PKIX_DefaultRevocationChecker; andre@0: typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode; andre@0: andre@0: /* Portability Layer (PL) data types andre@0: * andre@0: * These types are used are used as portable data types that are defined andre@0: * consistently across platforms andre@0: */ andre@0: andre@0: typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext; andre@0: typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object; andre@0: typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray; andre@0: typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable; andre@0: typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex; andre@0: typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock; andre@0: typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock; andre@0: typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt; andre@0: typedef struct PKIX_PL_StringStruct PKIX_PL_String; andre@0: typedef struct PKIX_PL_OIDStruct PKIX_PL_OID; andre@0: typedef struct PKIX_PL_CertStruct PKIX_PL_Cert; andre@0: typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName; andre@0: typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name; andre@0: typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey; andre@0: typedef struct PKIX_PL_DateStruct PKIX_PL_Date; andre@0: typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints; andre@0: typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints; andre@0: typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies; andre@0: typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo; andre@0: typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier; andre@0: typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap; andre@0: typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL; andre@0: typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry; andre@0: typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore; andre@0: typedef struct PKIX_PL_CollectionCertStoreContext andre@0: PKIX_PL_CollectionCertStoreContext; andre@0: typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext; andre@0: typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest; andre@0: typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse; andre@0: typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient; andre@0: typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket; andre@0: typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess; andre@0: typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr; andre@0: typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID; andre@0: typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest; andre@0: typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse; andre@0: typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient; andre@0: typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient; andre@0: typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext; andre@0: andre@0: /* Primitive types andre@0: * andre@0: * In order to guarantee desired behavior as well as platform-independence, we andre@0: * typedef these types depending on the platform. XXX This needs more work! andre@0: */ andre@0: andre@0: /* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32. andre@0: * We don't know what type is at least 32 bits long. ISO C probably requires andre@0: * at least 32 bits for long. we could default to that and only list platforms andre@0: * where that's not true. andre@0: * andre@0: * #elif andre@0: * #error andre@0: * #endif andre@0: */ andre@0: andre@0: /* currently, int is 32 bits on all our supported platforms */ andre@0: andre@0: typedef unsigned int PKIX_UInt32; andre@0: typedef int PKIX_Int32; andre@0: andre@0: typedef int PKIX_Boolean; andre@0: andre@0: /* Object Types andre@0: * andre@0: * Every reference-counted PKIX_PL_Object is associated with an integer type. andre@0: */ andre@0: #define PKIX_TYPES \ andre@0: TYPEMACRO(AIAMGR), \ andre@0: TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \ andre@0: TYPEMACRO(BIGINT), \ andre@0: TYPEMACRO(BUILDRESULT), \ andre@0: TYPEMACRO(BYTEARRAY), \ andre@0: TYPEMACRO(CERT), \ andre@0: TYPEMACRO(CERTBASICCONSTRAINTS), \ andre@0: TYPEMACRO(CERTCHAINCHECKER), \ andre@0: TYPEMACRO(CERTNAMECONSTRAINTS), \ andre@0: TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \ andre@0: TYPEMACRO(CERTPOLICYCHECKERSTATE), \ andre@0: TYPEMACRO(CERTPOLICYINFO), \ andre@0: TYPEMACRO(CERTPOLICYMAP), \ andre@0: TYPEMACRO(CERTPOLICYNODE), \ andre@0: TYPEMACRO(CERTPOLICYQUALIFIER), \ andre@0: TYPEMACRO(CERTSELECTOR), \ andre@0: TYPEMACRO(CERTSTORE), \ andre@0: TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \ andre@0: TYPEMACRO(COMCERTSELPARAMS), \ andre@0: TYPEMACRO(COMCRLSELPARAMS), \ andre@0: TYPEMACRO(CRL), \ andre@0: TYPEMACRO(CRLDP), \ andre@0: TYPEMACRO(CRLENTRY), \ andre@0: TYPEMACRO(CRLSELECTOR), \ andre@0: TYPEMACRO(DATE), \ andre@0: TYPEMACRO(CRLCHECKER), \ andre@0: TYPEMACRO(EKUCHECKER), \ andre@0: TYPEMACRO(ERROR), \ andre@0: TYPEMACRO(FORWARDBUILDERSTATE), \ andre@0: TYPEMACRO(GENERALNAME), \ andre@0: TYPEMACRO(HASHTABLE), \ andre@0: TYPEMACRO(HTTPCERTSTORECONTEXT), \ andre@0: TYPEMACRO(HTTPDEFAULTCLIENT), \ andre@0: TYPEMACRO(INFOACCESS), \ andre@0: TYPEMACRO(LDAPDEFAULTCLIENT), \ andre@0: TYPEMACRO(LDAPREQUEST), \ andre@0: TYPEMACRO(LDAPRESPONSE), \ andre@0: TYPEMACRO(LIST), \ andre@0: TYPEMACRO(LOGGER), \ andre@0: TYPEMACRO(MONITORLOCK), \ andre@0: TYPEMACRO(MUTEX), \ andre@0: TYPEMACRO(OBJECT), \ andre@0: TYPEMACRO(OCSPCERTID), \ andre@0: TYPEMACRO(OCSPCHECKER), \ andre@0: TYPEMACRO(OCSPREQUEST), \ andre@0: TYPEMACRO(OCSPRESPONSE), \ andre@0: TYPEMACRO(OID), \ andre@0: TYPEMACRO(REVOCATIONCHECKER), \ andre@0: TYPEMACRO(PROCESSINGPARAMS), \ andre@0: TYPEMACRO(PUBLICKEY), \ andre@0: TYPEMACRO(RESOURCELIMITS), \ andre@0: TYPEMACRO(RWLOCK), \ andre@0: TYPEMACRO(SIGNATURECHECKERSTATE), \ andre@0: TYPEMACRO(SOCKET), \ andre@0: TYPEMACRO(STRING), \ andre@0: TYPEMACRO(TARGETCERTCHECKERSTATE), \ andre@0: TYPEMACRO(TRUSTANCHOR), \ andre@0: TYPEMACRO(VALIDATEPARAMS), \ andre@0: TYPEMACRO(VALIDATERESULT), \ andre@0: TYPEMACRO(VERIFYNODE), \ andre@0: TYPEMACRO(X500NAME) andre@0: andre@0: #define TYPEMACRO(type) PKIX_ ## type ## _TYPE andre@0: andre@0: typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */ andre@0: PKIX_TYPES, andre@0: PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */ andre@0: } PKIX_TYPENUM; andre@0: andre@0: andre@0: #ifdef PKIX_USER_OBJECT_TYPE andre@0: andre@0: /* User Define Object Types andre@0: * andre@0: * User may define their own object types offset from PKIX_USER_OBJECT_TYPE andre@0: */ andre@0: #define PKIX_USER_OBJECT_TYPEBASE 1000 andre@0: andre@0: #endif /* PKIX_USER_OBJECT_TYPE */ andre@0: andre@0: /* Error Codes andre@0: * andre@0: * This list is used to define a set of PKIX_Error exception class numbers. andre@0: * ERRMACRO is redefined to produce a corresponding set of andre@0: * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in andre@0: * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then andre@0: * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is andre@0: * initialized in pkix_error.c with the value "MUTEX". andre@0: */ andre@0: #define PKIX_ERRORCLASSES \ andre@0: ERRMACRO(AIAMGR), \ andre@0: ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \ andre@0: ERRMACRO(BIGINT), \ andre@0: ERRMACRO(BUILD), \ andre@0: ERRMACRO(BUILDRESULT), \ andre@0: ERRMACRO(BYTEARRAY), \ andre@0: ERRMACRO(CERT), \ andre@0: ERRMACRO(CERTBASICCONSTRAINTS), \ andre@0: ERRMACRO(CERTCHAINCHECKER), \ andre@0: ERRMACRO(CERTNAMECONSTRAINTS), \ andre@0: ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \ andre@0: ERRMACRO(CERTPOLICYCHECKERSTATE), \ andre@0: ERRMACRO(CERTPOLICYINFO), \ andre@0: ERRMACRO(CERTPOLICYMAP), \ andre@0: ERRMACRO(CERTPOLICYNODE), \ andre@0: ERRMACRO(CERTPOLICYQUALIFIER), \ andre@0: ERRMACRO(CERTSELECTOR), \ andre@0: ERRMACRO(CERTSTORE), \ andre@0: ERRMACRO(CERTVFYPKIX), \ andre@0: ERRMACRO(COLLECTIONCERTSTORECONTEXT), \ andre@0: ERRMACRO(COMCERTSELPARAMS), \ andre@0: ERRMACRO(COMCRLSELPARAMS), \ andre@0: ERRMACRO(CONTEXT), \ andre@0: ERRMACRO(CRL), \ andre@0: ERRMACRO(CRLDP), \ andre@0: ERRMACRO(CRLENTRY), \ andre@0: ERRMACRO(CRLSELECTOR), \ andre@0: ERRMACRO(CRLCHECKER), \ andre@0: ERRMACRO(DATE), \ andre@0: ERRMACRO(EKUCHECKER), \ andre@0: ERRMACRO(ERROR), \ andre@0: ERRMACRO(FATAL), \ andre@0: ERRMACRO(FORWARDBUILDERSTATE), \ andre@0: ERRMACRO(GENERALNAME), \ andre@0: ERRMACRO(HASHTABLE), \ andre@0: ERRMACRO(HTTPCERTSTORECONTEXT), \ andre@0: ERRMACRO(HTTPDEFAULTCLIENT), \ andre@0: ERRMACRO(INFOACCESS), \ andre@0: ERRMACRO(LDAPCLIENT), \ andre@0: ERRMACRO(LDAPDEFAULTCLIENT), \ andre@0: ERRMACRO(LDAPREQUEST), \ andre@0: ERRMACRO(LDAPRESPONSE), \ andre@0: ERRMACRO(LIFECYCLE), \ andre@0: ERRMACRO(LIST), \ andre@0: ERRMACRO(LOGGER), \ andre@0: ERRMACRO(MEM), \ andre@0: ERRMACRO(MONITORLOCK), \ andre@0: ERRMACRO(MUTEX), \ andre@0: ERRMACRO(OBJECT), \ andre@0: ERRMACRO(OCSPCERTID), \ andre@0: ERRMACRO(OCSPCHECKER), \ andre@0: ERRMACRO(OCSPREQUEST), \ andre@0: ERRMACRO(OCSPRESPONSE), \ andre@0: ERRMACRO(OID), \ andre@0: ERRMACRO(PROCESSINGPARAMS), \ andre@0: ERRMACRO(PUBLICKEY), \ andre@0: ERRMACRO(RESOURCELIMITS), \ andre@0: ERRMACRO(REVOCATIONMETHOD), \ andre@0: ERRMACRO(REVOCATIONCHECKER), \ andre@0: ERRMACRO(RWLOCK), \ andre@0: ERRMACRO(SIGNATURECHECKERSTATE), \ andre@0: ERRMACRO(SOCKET), \ andre@0: ERRMACRO(STRING), \ andre@0: ERRMACRO(TARGETCERTCHECKERSTATE), \ andre@0: ERRMACRO(TRUSTANCHOR), \ andre@0: ERRMACRO(USERDEFINEDMODULES), \ andre@0: ERRMACRO(VALIDATE), \ andre@0: ERRMACRO(VALIDATEPARAMS), \ andre@0: ERRMACRO(VALIDATERESULT), \ andre@0: ERRMACRO(VERIFYNODE), \ andre@0: ERRMACRO(X500NAME) andre@0: andre@0: #define ERRMACRO(type) PKIX_ ## type ## _ERROR andre@0: andre@0: typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */ andre@0: PKIX_ERRORCLASSES, andre@0: PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */ andre@0: } PKIX_ERRORCLASS; andre@0: andre@0: /* Now define error strings (for internationalization) */ andre@0: andre@0: #define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name andre@0: andre@0: /* Define all the error numbers */ andre@0: typedef enum { andre@0: #include "pkix_errorstrings.h" andre@0: , PKIX_NUMERRORCODES andre@0: } PKIX_ERRORCODE; andre@0: andre@0: extern const char * const PKIX_ErrorText[]; andre@0: andre@0: /* String Formats andre@0: * andre@0: * These formats specify supported encoding formats for Strings. andre@0: */ andre@0: andre@0: #define PKIX_ESCASCII 0 andre@0: #define PKIX_UTF8 1 andre@0: #define PKIX_UTF16 2 andre@0: #define PKIX_UTF8_NULL_TERM 3 andre@0: #define PKIX_ESCASCII_DEBUG 4 andre@0: andre@0: /* Name Types andre@0: * andre@0: * These types specify supported formats for GeneralNames. andre@0: */ andre@0: andre@0: #define PKIX_OTHER_NAME 1 andre@0: #define PKIX_RFC822_NAME 2 andre@0: #define PKIX_DNS_NAME 3 andre@0: #define PKIX_X400_ADDRESS 4 andre@0: #define PKIX_DIRECTORY_NAME 5 andre@0: #define PKIX_EDIPARTY_NAME 6 andre@0: #define PKIX_URI_NAME 7 andre@0: #define PKIX_IP_NAME 8 andre@0: #define PKIX_OID_NAME 9 andre@0: andre@0: /* Key Usages andre@0: * andre@0: * These types specify supported Key Usages andre@0: */ andre@0: andre@0: #define PKIX_DIGITAL_SIGNATURE 0x001 andre@0: #define PKIX_NON_REPUDIATION 0x002 andre@0: #define PKIX_KEY_ENCIPHERMENT 0x004 andre@0: #define PKIX_DATA_ENCIPHERMENT 0x008 andre@0: #define PKIX_KEY_AGREEMENT 0x010 andre@0: #define PKIX_KEY_CERT_SIGN 0x020 andre@0: #define PKIX_CRL_SIGN 0x040 andre@0: #define PKIX_ENCIPHER_ONLY 0x080 andre@0: #define PKIX_DECIPHER_ONLY 0x100 andre@0: andre@0: /* Reason Flags andre@0: * andre@0: * These macros specify supported Reason Flags andre@0: */ andre@0: andre@0: #define PKIX_UNUSED 0x001 andre@0: #define PKIX_KEY_COMPROMISE 0x002 andre@0: #define PKIX_CA_COMPROMISE 0x004 andre@0: #define PKIX_AFFILIATION_CHANGED 0x008 andre@0: #define PKIX_SUPERSEDED 0x010 andre@0: #define PKIX_CESSATION_OF_OPERATION 0x020 andre@0: #define PKIX_CERTIFICATE_HOLD 0x040 andre@0: #define PKIX_PRIVILEGE_WITHDRAWN 0x080 andre@0: #define PKIX_AA_COMPROMISE 0x100 andre@0: andre@0: /* Boolean values andre@0: * andre@0: * These macros specify the Boolean values of TRUE and FALSE andre@0: * XXX Is it the case that any non-zero value is actually considered TRUE andre@0: * and this is just a convenient mnemonic macro? andre@0: */ andre@0: andre@0: #define PKIX_TRUE ((PKIX_Boolean) 1) andre@0: #define PKIX_FALSE ((PKIX_Boolean) 0) andre@0: andre@0: /* andre@0: * Define constants for basic constraints selector andre@0: * (see comments in pkix_certsel.h) andre@0: */ andre@0: andre@0: #define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2) andre@0: #define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1) andre@0: andre@0: /* andre@0: * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o andre@0: * object file. It is thrown if system memory cannot be allocated or may be andre@0: * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable. andre@0: * IncRef, DecRef and all Settor functions cannot be called. andre@0: * XXX Does anyone actually need to know about this? andre@0: * XXX Why no DecRef? Would be good to handle it the same. andre@0: */ andre@0: andre@0: PKIX_Error* PKIX_ALLOC_ERROR(void); andre@0: andre@0: /* andre@0: * In a CertBasicConstraints extension, if the CA flag is set, andre@0: * indicating the certificate refers to a Certification andre@0: * Authority, then the pathLen field indicates how many intermediate andre@0: * certificates (not counting self-signed ones) can exist in a valid andre@0: * chain following this certificate. If the pathLen has the value andre@0: * of this constant, then the length of the chain is unlimited andre@0: */ andre@0: #define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1) andre@0: andre@0: /* andre@0: * Define Certificate Extension hard-coded OID's andre@0: */ andre@0: #define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN andre@0: #define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE andre@0: #define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME andre@0: #define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS andre@0: #define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE andre@0: #define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS andre@0: #define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES andre@0: #define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY andre@0: #define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS andre@0: #define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS andre@0: #define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE andre@0: #define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY andre@0: #define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE andre@0: #define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH andre@0: #define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH andre@0: #define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN andre@0: #define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT andre@0: #define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP andre@0: #define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER andre@0: andre@0: andre@0: /* Available revocation method types. */ andre@0: typedef enum PKIX_RevocationMethodTypeEnum { andre@0: PKIX_RevocationMethod_CRL = 0, andre@0: PKIX_RevocationMethod_OCSP, andre@0: PKIX_RevocationMethod_MAX andre@0: } PKIX_RevocationMethodType; andre@0: andre@0: /* A set of statuses revocation checker operates on */ andre@0: typedef enum PKIX_RevocationStatusEnum { andre@0: PKIX_RevStatus_NoInfo = 0, andre@0: PKIX_RevStatus_Revoked, andre@0: PKIX_RevStatus_Success andre@0: } PKIX_RevocationStatus; andre@0: andre@0: andre@0: #ifdef __cplusplus andre@0: } andre@0: #endif andre@0: andre@0: #endif /* _PKIXT_H */