зеркало из https://github.com/mozilla/gecko-dev.git
1860 строки
69 KiB
C
Executable File
1860 строки
69 KiB
C
Executable File
/* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is the PKIX-C library.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* Sun Microsystems, Inc.
|
|
* Portions created by the Initial Developer are
|
|
* Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Sun Microsystems, Inc.
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
/*
|
|
* This file defines functions associated with the PKIX_CertSelector and the
|
|
* PKIX_ComCertSelParams types.
|
|
*
|
|
*/
|
|
|
|
#ifndef _PKIX_CERTSEL_H
|
|
#define _PKIX_CERTSEL_H
|
|
|
|
#include "pkixt.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* General
|
|
*
|
|
* Please refer to the libpkix Programmer's Guide for detailed information
|
|
* about how to use the libpkix library. Certain key warnings and notices from
|
|
* that document are repeated here for emphasis.
|
|
*
|
|
* All identifiers in this file (and all public identifiers defined in
|
|
* libpkix) begin with "PKIX_". Private identifiers only intended for use
|
|
* within the library begin with "pkix_".
|
|
*
|
|
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
|
|
*
|
|
* Unless otherwise noted, for all accessor (gettor) functions that return a
|
|
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
|
|
* shared object. Therefore, the caller should treat this shared object as
|
|
* read-only and should not modify this shared object. When done using the
|
|
* shared object, the caller should release the reference to the object by
|
|
* using the PKIX_PL_Object_DecRef function.
|
|
*
|
|
* While a function is executing, if its arguments (or anything referred to by
|
|
* its arguments) are modified, free'd, or destroyed, the function's behavior
|
|
* is undefined.
|
|
*
|
|
*/
|
|
|
|
/* PKIX_CertSelector
|
|
*
|
|
* PKIX_CertSelectors provide a standard way for the caller to select
|
|
* certificates based on particular criteria. A CertSelector is typically used
|
|
* by the caller to specify the constraints they wish to impose on the target
|
|
* certificate in a chain. (see pkix_params.h) A CertSelector is also often
|
|
* used to retrieve certificates from a CertStore that match the selector's
|
|
* criteria. (See pkix_certstore.h) For example, the caller may wish to only
|
|
* select those certificates that have a particular Subject Distinguished Name
|
|
* and a particular value for a private certificate extension. The
|
|
* MatchCallback allows the caller to specify the custom matching logic to be
|
|
* used by a CertSelector.
|
|
*
|
|
* By default, the MatchCallback is set to point to the default implementation
|
|
* provided by libpkix, which understands how to process the most common
|
|
* parameters. If the default implementation is used, the caller should set
|
|
* these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams.
|
|
* Any common parameter that is not set is assumed to be disabled, which means
|
|
* the default MatchCallback implementation will select all certificates
|
|
* without regard to that particular disabled parameter. For example, if the
|
|
* SerialNumber parameter is not set, MatchCallback will not filter out any
|
|
* certificate based on its serial number. As such, if no parameters are set,
|
|
* all are disabled and any certificate will match. If a parameter is
|
|
* disabled, its associated PKIX_ComCertSelParams_Get* function returns a
|
|
* default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints
|
|
* and PKIX_ComCertSelParams_GetVersion, or 0 for
|
|
* PKIX_ComCertSelParams_GetKeyUsage.
|
|
*
|
|
* If a custom implementation is desired, the default implementation can be
|
|
* overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the
|
|
* CertSelector can be initialized with a certSelectorContext, which is where
|
|
* the caller can specify the desired parameters the caller wishes to match
|
|
* against. Note that this certSelectorContext must be an Object (although any
|
|
* object type), allowing it to be reference-counted and allowing it to
|
|
* provide the standard Object functions (Equals, Hashcode, ToString, Compare,
|
|
* Duplicate).
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* FUNCTION: PKIX_CertSelector_MatchCallback
|
|
* DESCRIPTION:
|
|
*
|
|
* This callback function determines whether the specified Cert pointed to by
|
|
* "cert" matches the criteria of the CertSelector pointed to by "selector".
|
|
* If the Cert does not matches the CertSelector's criteria, an exception will
|
|
* be thrown.
|
|
*
|
|
* PARAMETERS:
|
|
* "selector"
|
|
* Address of CertSelector whose MatchCallback logic and parameters are
|
|
* to be used. Must be non-NULL.
|
|
* "cert"
|
|
* Address of Cert that is to be matched using "selector".
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe
|
|
*
|
|
* Multiple threads must be able to safely call this function without
|
|
* worrying about conflicts, even if they're operating on the same object.
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
typedef PKIX_Error *
|
|
(*PKIX_CertSelector_MatchCallback)(
|
|
PKIX_CertSelector *selector,
|
|
PKIX_PL_Cert *cert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_CertSelector_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new CertSelector using the Object pointed to by
|
|
* "certSelectorContext" (if any) and stores it at "pSelector". As noted
|
|
* above, by default, the MatchCallback is set to point to the default
|
|
* implementation provided by libpkix, which understands how to process
|
|
* ComCertSelParams objects. This is overridden if the MatchCallback pointed
|
|
* to by "callback" is not NULL, in which case the parameters are specified
|
|
* using the certSelectorContext.
|
|
*
|
|
* PARAMETERS:
|
|
* "callback"
|
|
* The MatchCallback function to be used.
|
|
* "certSelectorContext"
|
|
* Address of Object representing the CertSelector's context (if any).
|
|
* "pSelector"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_CertSelector_Create(
|
|
PKIX_CertSelector_MatchCallback callback,
|
|
PKIX_PL_Object *certSelectorContext,
|
|
PKIX_CertSelector **pSelector,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_CertSelector_GetMatchCallback
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to "selector's" Match callback function and puts it in
|
|
* "pCallback".
|
|
*
|
|
* PARAMETERS:
|
|
* "selector"
|
|
* The CertSelector whose Match callback is desired. Must be non-NULL.
|
|
* "pCallback"
|
|
* Address where Match callback function pointer will be stored.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_CertSelector_GetMatchCallback(
|
|
PKIX_CertSelector *selector,
|
|
PKIX_CertSelector_MatchCallback *pCallback,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_CertSelector_GetCertSelectorContext
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
|
|
* of the CertSelector pointed to by "selector" and stores it at
|
|
* "pCertSelectorContext".
|
|
*
|
|
* PARAMETERS:
|
|
* "selector"
|
|
* Address of CertSelector whose context is to be stored.
|
|
* Must be non-NULL.
|
|
* "pCertSelectorContext"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_CertSelector_GetCertSelectorContext(
|
|
PKIX_CertSelector *selector,
|
|
PKIX_PL_Object **pCertSelectorContext,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the ComCertSelParams object that represent the
|
|
* common parameters of the CertSelector pointed to by "selector" and stores
|
|
* it at "pCommonCertSelectorParams". If there are no common parameters
|
|
* stored with the CertSelector, this function stores NULL at
|
|
* "pCommonCertSelectorParams".
|
|
*
|
|
* PARAMETERS:
|
|
* "selector"
|
|
* Address of CertSelector whose ComCertSelParams object is to be stored.
|
|
* Must be non-NULL.
|
|
* "pCommonCertSelectorParams"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_CertSelector_GetCommonCertSelectorParams(
|
|
PKIX_CertSelector *selector,
|
|
PKIX_ComCertSelParams **pCommonCertSelectorParams,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the common parameters for the CertSelector pointed to by "selector"
|
|
* using the ComCertSelParams object pointed to by "commonCertSelectorParams".
|
|
*
|
|
* PARAMETERS:
|
|
* "selector"
|
|
* Address of CertSelector whose common parameters are to be set.
|
|
* Must be non-NULL.
|
|
* "commonCertSelectorParams"
|
|
* Address of ComCertSelParams object representing the common parameters.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "selector"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_CertSelector_SetCommonCertSelectorParams(
|
|
PKIX_CertSelector *selector,
|
|
PKIX_ComCertSelParams *commonCertSelectorParams,
|
|
void *plContext);
|
|
|
|
/* PKIX_ComCertSelParams
|
|
*
|
|
* PKIX_ComCertSelParams objects are X.509 parameters commonly used with
|
|
* CertSelectors, especially when enforcing constraints on a target
|
|
* certificate or determining which certificates to retrieve from a CertStore.
|
|
* ComCertSelParams objects are typically used with those CertSelectors that
|
|
* use the default implementation of MatchCallback, which understands how to
|
|
* process ComCertSelParams objects.
|
|
*/
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_Create
|
|
* DESCRIPTION:
|
|
*
|
|
* Creates a new ComCertSelParams object and stores it at "pParams".
|
|
*
|
|
* PARAMETERS:
|
|
* "pParams"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_Create(
|
|
PKIX_ComCertSelParams **pParams,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of GeneralNames (if any) representing the
|
|
* subject alternative names criterion that is set in the ComCertSelParams
|
|
* object pointed to by "params" and stores it at "pNames". In order to match
|
|
* against this criterion, a certificate must contain all or at least one of
|
|
* the criterion's subject alternative names (depending on the result of
|
|
* PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior
|
|
* requires a certificate to contain all of the criterion's subject
|
|
* alternative names in order to match.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pNames", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject alternative names
|
|
* criterion (if any) is to be stored. Must be non-NULL.
|
|
* "pNames"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSubjAltNames(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the subject alternative names criterion of the ComCertSelParams object
|
|
* pointed to by "params" using a List of GeneralNames pointed to by "names".
|
|
* In order to match against this criterion, a certificate must contain all or
|
|
* at least one of the criterion's subject alternative names (depending on the
|
|
* result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
|
|
* behavior requires a certificate to contain all of the criterion's subject
|
|
* alternative names in order to match.
|
|
*
|
|
* If "names" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject alternative
|
|
* names criterion is to be set. Must be non-NULL.
|
|
* "names"
|
|
* Address of List of GeneralNames used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSubjAltNames(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List *names, /* list of PKIX_PL_GeneralName */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_AddSubjAltName
|
|
* DESCRIPTION:
|
|
*
|
|
* Adds to the subject alternative names criterion of the ComCertSelParams
|
|
* object pointed to by "params" using the GeneralName pointed to by "name".
|
|
* In order to match against this criterion, a certificate must contain all
|
|
* or at least one of the criterion's subject alternative names (depending on
|
|
* the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
|
|
* behavior requires a certificate to contain all of the criterion's subject
|
|
* alternative names in order to match.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject alternative names
|
|
* criterion is to be added to. Must be non-NULL.
|
|
* "name"
|
|
* Address of GeneralName to be added.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_AddSubjAltName(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_GeneralName *name,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetPathToNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of GeneralNames (if any) representing the
|
|
* path to names criterion that is set in the ComCertSelParams object pointed
|
|
* to by "params" and stores it at "pNames". In order to match against this
|
|
* criterion, a certificate must not include name constraints that would
|
|
* prohibit building a path to the criterion's specified names.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pNames", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose path to names criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pNames"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetPathToNames(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetPathToNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the path to names criterion of the ComCertSelParams object pointed to
|
|
* by "params" using a List of GeneralNames pointed to by "names". In order to
|
|
* match against this criterion, a certificate must not include name
|
|
* constraints that would prohibit building a path to the criterion's
|
|
* specified names.
|
|
*
|
|
* If "names" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose path to names criterion
|
|
* is to be set. Must be non-NULL.
|
|
* "names"
|
|
* Address of List of GeneralNames used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetPathToNames(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List *names, /* list of PKIX_PL_GeneralName */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_AddPathToName
|
|
* DESCRIPTION:
|
|
*
|
|
* Adds to the path to names criterion of the ComCertSelParams object pointed
|
|
* to by "params" using the GeneralName pointed to by "pathToName". In order
|
|
* to match against this criterion, a certificate must not include name
|
|
* constraints that would prohibit building a path to the criterion's
|
|
* specified names.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose path to names criterion is to
|
|
* be added to. Must be non-NULL.
|
|
* "pathToName"
|
|
* Address of GeneralName to be added.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_AddPathToName(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_GeneralName *pathToName,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the ByteArray (if any) representing the authority
|
|
* key identifier criterion that is set in the ComCertSelParams object
|
|
* pointed to by "params" and stores it at "pAuthKeyId". In order to match
|
|
* against this criterion, a certificate must contain an
|
|
* AuthorityKeyIdentifier extension whose value matches the criterion's
|
|
* authority key identifier value.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pAuthKeyId", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose authority key identifier
|
|
* criterion (if any) is to be stored. Must be non-NULL.
|
|
* "pAuthKeyId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_ByteArray **pAuthKeyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the authority key identifier criterion of the ComCertSelParams object
|
|
* pointed to by "params" to the ByteArray pointed to by "authKeyId". In
|
|
* order to match against this criterion, a certificate must contain an
|
|
* AuthorityKeyIdentifier extension whose value matches the criterion's
|
|
* authority key identifier value.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose authority key identifier
|
|
* criterion is to be set. Must be non-NULL.
|
|
* "authKeyId"
|
|
* Address of ByteArray used to set the criterion
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_ByteArray *authKeyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the ByteArray (if any) representing the subject key
|
|
* identifier criterion that is set in the ComCertSelParams object pointed to
|
|
* by "params" and stores it at "pSubjKeyId". In order to match against this
|
|
* criterion, a certificate must contain a SubjectKeyIdentifier extension
|
|
* whose value matches the criterion's subject key identifier value.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pSubjKeyId", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject key identifier
|
|
* criterion (if any) is to be stored. Must be non-NULL.
|
|
* "pSubjKeyId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSubjKeyIdentifier(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_ByteArray **pSubjKeyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the subject key identifier criterion of the ComCertSelParams object
|
|
* pointed to by "params" using a ByteArray pointed to by "subjKeyId". In
|
|
* order to match against this criterion, a certificate must contain an
|
|
* SubjectKeyIdentifier extension whose value matches the criterion's subject
|
|
* key identifier value.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject key identifier
|
|
* criterion is to be set. Must be non-NULL.
|
|
* "subjKeyId"
|
|
* Address of ByteArray used to set the criterion
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSubjKeyIdentifier(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_ByteArray *subKeyId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the PublicKey (if any) representing the subject
|
|
* public key criterion that is set in the ComCertSelParams object pointed to
|
|
* by "params" and stores it at "pPubKey". In order to match against this
|
|
* criterion, a certificate must contain a SubjectPublicKey that matches the
|
|
* criterion's public key.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pPubKey", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject public key criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pPubKey"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSubjPubKey(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_PublicKey **pPubKey,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the subject public key criterion of the ComCertSelParams object
|
|
* pointed to by "params" using a PublicKey pointed to by "pubKey". In order
|
|
* to match against this criterion, a certificate must contain a
|
|
* SubjectPublicKey that matches the criterion's public key.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject public key
|
|
* criterion is to be set. Must be non-NULL.
|
|
* "pubKey"
|
|
* Address of PublicKey used to set the criterion
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSubjPubKey(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_PublicKey *pubKey,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the OID (if any) representing the subject public key
|
|
* algorithm identifier criterion that is set in the ComCertSelParams object
|
|
* pointed to by "params" and stores it at "pPubKey". In order to match
|
|
* against this criterion, a certificate must contain a SubjectPublicKey with
|
|
* an algorithm that matches the criterion's algorithm.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pAlgId", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject public key algorithm
|
|
* identifier (if any) is to be stored. Must be non-NULL.
|
|
* "pAlgId"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSubjPKAlgId(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_OID **pAlgId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the subject public key algorithm identifier criterion of the
|
|
* ComCertSelParams object pointed to by "params" using an OID pointed to by
|
|
* "algId". In order to match against this criterion, a certificate must
|
|
* contain a SubjectPublicKey with an algorithm that matches the criterion's
|
|
* algorithm.
|
|
*
|
|
* If "algId" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject public key
|
|
* algorithm identifier criterion is to be set. Must be non-NULL.
|
|
* "algId"
|
|
* Address of OID used to set criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSubjPKAlgId(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_OID *algId,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the minimum path length (if any) representing the
|
|
* basic constraints criterion that is set in the ComCertSelParams object
|
|
* pointed to by "params" and stores it at "pMinPathLength". In order to
|
|
* match against this criterion, there are several possibilities.
|
|
*
|
|
* 1) If the criterion's minimum path length is greater than or equal to zero,
|
|
* a certificate must include a BasicConstraints extension with a pathLen of
|
|
* at least this value.
|
|
*
|
|
* 2) If the criterion's minimum path length is -2, a certificate must be an
|
|
* end-entity certificate.
|
|
*
|
|
* 3) If the criterion's minimum path length is -1, no basic constraints check
|
|
* is done and all certificates are considered to match this criterion.
|
|
*
|
|
* The semantics of other values of the criterion's minimum path length are
|
|
* undefined but may be defined in future versions of the API.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores -1 at
|
|
* "pMinPathLength", in which case all certificates are considered to match
|
|
* this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose basic constraints criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pMinPathLength"
|
|
* Address where PKIX_Int32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetBasicConstraints(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Int32 *pMinPathLength,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the basic constraints criterion of the ComCertSelParams object
|
|
* pointed to by "params" using the integer value of "minPathLength". In
|
|
* order to match against this criterion, there are several possibilities.
|
|
*
|
|
* 1) If the criterion's minimum path length is greater than or equal to zero,
|
|
* a certificate must include a BasicConstraints extension with a pathLen of
|
|
* at least this value.
|
|
*
|
|
* 2) If the criterion's minimum path length is -2, a certificate must be an
|
|
* end-entity certificate.
|
|
*
|
|
* 3) If the criterion's minimum path length is -1, no basic constraints check
|
|
* is done and all certificates are considered to match this criterion.
|
|
*
|
|
* The semantics of other values of the criterion's minimum path length are
|
|
* undefined but may be defined in future versions of the API.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose basic constraints
|
|
* criterion is to be set. Must be non-NULL.
|
|
* "minPathLength"
|
|
* Value of PKIX_Int32 used to set the criterion
|
|
* (or -1 to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetBasicConstraints(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Int32 minPathLength,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetCertificate
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the Cert (if any) representing the certificate
|
|
* criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pCert". In order to match against this
|
|
* criterion, a certificate must be equal to the criterion's certificate. If
|
|
* this criterion is specified, it is usually not necessary to specify any
|
|
* other criteria, since this criterion requires an exact certificate match.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pCert", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose certificate criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pCert"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetCertificate(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_Cert **pCert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetCertificate
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the certificate criterion of the ComCertSelParams object pointed to by
|
|
* "params" using a Cert pointed to by "cert". In order to match against this
|
|
* criterion, a certificate must be equal to the criterion's certificate.
|
|
* If this criterion is specified, it is usually not necessary to specify
|
|
* any other criteria, since this criterion requires an exact certificate
|
|
* match.
|
|
*
|
|
* If "cert" is NULL, all certificates are considered to match this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose certificate criterion is to be
|
|
* set. Must be non-NULL.
|
|
* "cert"
|
|
* Address of Cert used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetCertificate(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_Cert *cert,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the Date (if any) representing the certificate
|
|
* validity criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pDate". In order to match against this
|
|
* criterion, a certificate's validity period must include the criterion's
|
|
* Date.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pDate", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose certificate validity criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pDate"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetCertificateValid(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_Date **pDate,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the certificate validity criterion of the ComCertSelParams object
|
|
* pointed to by "params" using a Date pointed to by "date". In order to
|
|
* match against this criterion, a certificate's validity period must include
|
|
* the criterion's Date.
|
|
*
|
|
* If "date" is NULL, all certificates are considered to match this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose certificate validity criterion
|
|
* is to be set. Must be non-NULL.
|
|
* "date"
|
|
* Address of Date used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetCertificateValid(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_Date *date,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the BigInt (if any) representing the serial number
|
|
* criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pSerialNumber". In order to match against this
|
|
* criterion, a certificate must have a serial number equal to the
|
|
* criterion's serial number.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pSerialNumber", in which case all certificates are considered to match
|
|
* this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose serial number criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pSerialNumber"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSerialNumber(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_BigInt **pSerialNumber,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the serial number criterion of the ComCertSelParams object pointed to
|
|
* by "params" using a BigInt pointed to by "serialNumber". In order to match
|
|
* against this criterion, a certificate must have a serial number equal to
|
|
* the criterion's serial number.
|
|
*
|
|
* If "serialNumber" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose serial number criterion is to
|
|
* be set. Must be non-NULL.
|
|
* "serialNumber"
|
|
* Address of BigInt used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSerialNumber(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_BigInt *serialNumber,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetVersion
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a PKIX_UInt32 (if any) representing the version criterion that is
|
|
* set in the ComCertSelParams object pointed to by "params" and stores it at
|
|
* "pVersion". In order to match against this criterion, a certificate's
|
|
* version must be equal to the criterion's version.
|
|
*
|
|
* The version number will either be 0, 1, or 2 (corresponding to
|
|
* v1, v2, or v3, respectively).
|
|
*
|
|
* If "params" does not have this criterion set, this function stores
|
|
* 0xFFFFFFFF at "pVersion", in which case all certificates are considered
|
|
* to match this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose version criterion (if any) is
|
|
* to be stored. Must be non-NULL.
|
|
* "pVersion"
|
|
* Address where PKIX_Int32 will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetVersion(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_UInt32 *pVersion,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetVersion
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the version criterion of the ComCertSelParams object pointed to by
|
|
* "params" using the integer value of "version". In order to match against
|
|
* this criterion, a certificate's version must be equal to the criterion's
|
|
* version. If the criterion's version is -1, no version check is done and
|
|
* all certificates are considered to match this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose version criterion is to be
|
|
* set. Must be non-NULL.
|
|
* "version"
|
|
* Value of PKIX_Int32 used to set the criterion
|
|
* (or -1 to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetVersion(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Int32 version,
|
|
void *plContext);
|
|
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that
|
|
* is set in the ComCertSelParams object pointed to by "params" and stores it
|
|
* at "pKeyUsage". In order to match against this criterion, a certificate
|
|
* must allow the criterion's key usage values. Note that a certificate that
|
|
* has no KeyUsage extension implicity allows all key usages. Note also that
|
|
* this functions supports a maximum of 32 key usage bits.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores zero at
|
|
* "pKeyUsage", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose key usage criterion (if any)
|
|
* is to be stored. Must be non-NULL.
|
|
* "pKeyUsage"
|
|
* Address where PKIX_UInt32 will be stored. Must not be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetKeyUsage(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_UInt32 *pKeyUsage,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the key usage criterion of the ComCertSelParams object pointed to by
|
|
* "params" using the integer value of "keyUsage". In order to match against
|
|
* this criterion, a certificate must allow the criterion's key usage values.
|
|
* Note that a certificate that has no KeyUsage extension implicity allows
|
|
* all key usages. Note also that this functions supports a maximum of 32 key
|
|
* usage bits.
|
|
*
|
|
* If the criterion's key usage value is zero, no key usage check is done and
|
|
* all certificates are considered to match this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose key usage criterion is to be
|
|
* set. Must be non-NULL.
|
|
* "keyUsage"
|
|
* Value of PKIX_Int32 used to set the criterion
|
|
* (or zero to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetKeyUsage(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_UInt32 keyUsage,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of OIDs (if any) representing the extended
|
|
* key usage criterion that is set in the ComCertSelParams object pointed to
|
|
* by "params" and stores it at "pExtKeyUsage". In order to match against this
|
|
* criterion, a certificate's ExtendedKeyUsage extension must allow the
|
|
* criterion's extended key usages. Note that a certificate that has no
|
|
* ExtendedKeyUsage extension implicity allows all key purposes.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pExtKeyUsage", in which case all certificates are considered to match
|
|
* this criterion.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose extended key usage criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pExtKeyUsage"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetExtendedKeyUsage(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the extended key usage criterion of the ComCertSelParams object
|
|
* pointed to by "params" using a List of OIDs pointed to by "extKeyUsage".
|
|
* In order to match against this criterion, a certificate's ExtendedKeyUsage
|
|
* extension must allow the criterion's extended key usages. Note that a
|
|
* certificate that has no ExtendedKeyUsage extension implicitly allows all
|
|
* key purposes.
|
|
*
|
|
* If "extKeyUsage" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose extended key usage criterion
|
|
* is to be set. Must be non-NULL.
|
|
* "extKeyUsage"
|
|
* Address of List of OIDs used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetExtendedKeyUsage(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetPolicy
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the List of OIDs (if any) representing the policy
|
|
* criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pPolicy". In order to match against this
|
|
* criterion, a certificate's CertificatePolicies extension must include at
|
|
* least one of the criterion's policies. If "params" has this criterion set,
|
|
* but the List of OIDs is empty, then a certificate's CertificatePolicies
|
|
* extension must include at least some policy.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pPolicy", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* Note that the List returned by this function is immutable.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose policy criterion (if any) is
|
|
* to be stored. Must be non-NULL.
|
|
* "pPolicy"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetPolicy(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List **pPolicy, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetPolicy
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the policy criterion of the ComCertSelParams object pointed to by
|
|
* "params" using a List of OIDs pointed to by "policy". In order to match
|
|
* against this criterion, a certificate's CertificatePolicies extension must
|
|
* include at least one of the criterion's policies. If "params" has this
|
|
* criterion set, but the List of OIDs is empty, then a certificate's
|
|
* CertificatePolicies extension must include at least some policy.
|
|
*
|
|
* If "policy" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose policy criterion is to be set.
|
|
* Must be non-NULL.
|
|
* "policy"
|
|
* Address of List of OIDs used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetPolicy(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_List *policy, /* list of PKIX_PL_OID */
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetIssuer
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the X500Name (if any) representing the issuer
|
|
* criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pIssuer". In order to match against this
|
|
* criterion, a certificate's IssuerName must match the criterion's issuer
|
|
* name.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pIssuer", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose issuer criterion (if any) is
|
|
* to be stored. Must be non-NULL.
|
|
* "pIssuer"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetIssuer(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_X500Name **pIssuer,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetIssuer
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the issuer criterion of the ComCertSelParams object pointed to by
|
|
* "params" using an X500Name pointed to by "issuer". In order to match
|
|
* against this criterion, a certificate's IssuerName must match the
|
|
* criterion's issuer name.
|
|
*
|
|
* If "issuer" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose issuer criterion is to be set.
|
|
* Must be non-NULL.
|
|
* "issuer"
|
|
* Address of X500Name used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetIssuer(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_X500Name *issuer,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSubject
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the X500Name (if any) representing the subject
|
|
* criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pSubject". In order to match against this
|
|
* criterion, a certificate's SubjectName must match the criterion's subject
|
|
* name.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pSubject", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject criterion (if any) is
|
|
* to be stored. Must be non-NULL.
|
|
* "pSubject"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSubject(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_X500Name **pSubject,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSubject
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the subject criterion of the ComCertSelParams object pointed to by
|
|
* "params" using an X500Name pointed to by "subject". In order to match
|
|
* against this criterion, a certificate's SubjectName must match the
|
|
* criterion's subject name.
|
|
*
|
|
* If "subject" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject criterion is to be
|
|
* set. Must be non-NULL.
|
|
* "subject"
|
|
* Address of X500Name used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSubject(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_X500Name *subject,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the ByteArray (if any) representing the subject
|
|
* criterion that is set in the ComCertSelParams object pointed to by
|
|
* "params" and stores it at "pSubject". In order to match against this
|
|
* criterion, a certificate's SubjectName must match the criterion's subject
|
|
* name.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pSubject", in which case all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject criterion (if any) is
|
|
* to be stored. Must be non-NULL.
|
|
* "pSubject"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetSubjectAsByteArray(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_ByteArray **pSubject,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the subject criterion of the ComCertSelParams object pointed to by
|
|
* "params" using a ByteArray pointed to by "subject". In order to match
|
|
* against this criterion, a certificate's SubjectName must match the
|
|
* criterion's subject name.
|
|
*
|
|
* If "subject" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose subject criterion is to be
|
|
* set. Must be non-NULL.
|
|
* "subject"
|
|
* Address of ByteArray used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetSubjectAsByteArray(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_ByteArray *subject,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Retrieves a pointer to the X500Name (if any) representing the name
|
|
* constraints criterion that is set in the ComCertSelParams object pointed
|
|
* to by "params" and stores it at "pConstraints". In order to match against
|
|
* this criterion, a certificate's subject and subject alternative names must
|
|
* be allowed by the criterion's name constraints.
|
|
*
|
|
* If "params" does not have this criterion set, this function stores NULL at
|
|
* "pConstraints", in which case all certificates are considered to match
|
|
* this criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose name constraints criterion
|
|
* (if any) is to be stored. Must be non-NULL.
|
|
* "pConstraints"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetNameConstraints(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_CertNameConstraints **pConstraints,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the name constraints criterion of the ComCertSelParams object pointed
|
|
* to by "params" using the CertNameConstraints pointed to by "constraints".
|
|
* In order to match against this criterion, a certificate's subject and
|
|
* subject alternative names must be allowed by the criterion's name
|
|
* constraints.
|
|
*
|
|
* If "constraints" is NULL, all certificates are considered to match this
|
|
* criterion.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose name constraints criterion is
|
|
* to be set. Must be non-NULL.
|
|
* "constraints"
|
|
* Address of CertNameConstraints used to set the criterion
|
|
* (or NULL to disable the criterion).
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetNameConstraints(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_PL_CertNameConstraints *constraints,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Checks whether the ComCertSelParams object pointed to by "params" indicate
|
|
* that all subject alternative names are to be matched and stores the Boolean
|
|
* result at "pMatch". This Boolean value determines the behavior of the
|
|
* subject alternative names criterion.
|
|
*
|
|
* In order to match against the subject alternative names criterion, if the
|
|
* Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of
|
|
* the criterion's subject alternative names. If the Boolean value at
|
|
* "pMatch" is PKIX_FALSE, a certificate must contain at least one of the
|
|
* criterion's subject alternative names. The default behavior is as if the
|
|
* Boolean value at "pMatch" is PKIX_TRUE.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object used to determine whether all
|
|
* subject alternative names must be matched. Must be non-NULL.
|
|
* "pMatch"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Boolean *pMatch,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets the match flag of the ComCertSelParams object pointed to by "params"
|
|
* using the Boolean value of "match". This Boolean value determines the
|
|
* behavior of the subject alternative names criterion.
|
|
*
|
|
* In order to match against the subject alternative names criterion, if the
|
|
* "match" is PKIX_TRUE, a certificate must contain all of the criterion's
|
|
* subject alternative names. If the "match" is PKIX_FALSE, a certificate
|
|
* must contain at least one of the criterion's subject alternative names.
|
|
* The default behavior is as if "match" is PKIX_TRUE.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose match flag is to be set.
|
|
* Must be non-NULL.
|
|
* "match"
|
|
* Boolean value used to set the match flag.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Boolean match,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
|
|
* DESCRIPTION:
|
|
*
|
|
* Return "leafCert" flag of the ComCertSelParams structure. If set to true,
|
|
* the flag indicates that a selector should filter out all cert that are not
|
|
* qualified to be a leaf cert according to the specified key/ekey usages.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object used to determine whether all
|
|
* subject alternative names must be matched. Must be non-NULL.
|
|
* "pLeafFlag"
|
|
* Address of returned value.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Conditionally Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error*
|
|
PKIX_ComCertSelParams_GetLeafCertFlag(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Boolean *pLeafFlag,
|
|
void *plContext);
|
|
|
|
/*
|
|
* FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
|
|
* DESCRIPTION:
|
|
*
|
|
* Sets a flag that if its value is true, indicates that the selector
|
|
* should only pick certs that qualifies to be leaf for this cert path
|
|
* validation.
|
|
*
|
|
* PARAMETERS:
|
|
* "params"
|
|
* Address of ComCertSelParams object whose match flag is to be set.
|
|
* Must be non-NULL.
|
|
* "leafFlag"
|
|
* Boolean value used to set the leaf flag.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - assumes exclusive access to "params"
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertSelector Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error if the function fails in an unrecoverable way.
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_ComCertSelParams_SetLeafCertFlag(
|
|
PKIX_ComCertSelParams *params,
|
|
PKIX_Boolean leafFlag,
|
|
void *plContext);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _PKIX_CERTSEL_H */
|