Delete bundled copy of NSS and replace with README.

nss/lib/libpkix/include/pkix_crlsel.h

-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * This file defines functions associated with the PKIX_CRLSelector and the
- * PKIX_ComCRLSelParams types.
- *
- */
-
-
-#ifndef _PKIX_CRLSEL_H
-#define _PKIX_CRLSEL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CRLSelector
- *
- * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
- * based on particular criteria. A CRLSelector is typically used by libpkix
- * to retrieve CRLs from a CertStore during certificate chain validation or
- * building. (see pkix_certstore.h) For example, the caller may wish to only
- * select those CRLs that have a particular issuer or a particular value for a
- * private CRL extension. The MatchCallback allows the caller to specify the
- * custom matching logic to be used by a CRLSelector.
-
- * By default, the MatchCallback is set to point to the default implementation
- * provided by libpkix, which understands how to process the most common
- * parameters. If the default implementation is used, the caller should set
- * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
- * Any common parameter that is not set is assumed to be disabled, which means
- * the default MatchCallback implementation will select all CRLs without
- * regard to that particular disabled parameter. For example, if the
- * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
- * CRL based on its CRL number. As such, if no parameters are set, all are
- * disabled and any CRL will match. If a parameter is disabled, its associated
- * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
- *
- * If a custom implementation is desired, the default implementation can be
- * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
- * CRLSelector can be initialized with a crlSelectorContext, which is where
- * the caller can specify the desired parameters the caller wishes to match
- * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
- * allowing it to be reference-counted and allowing it to provide the standard
- * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
- *
- */
-
-/*
- * FUNCTION: PKIX_CRLSelector_MatchCallback
- * DESCRIPTION:
- *
- *  This callback function determines whether the specified CRL pointed to by
- *  "crl" matches the criteria of the CRLSelector pointed to by "selector".
- *  If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
- *  "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
- *
- * PARAMETERS:
- *  "selector"
- *      Address of CRLSelector whose MatchCallback logic and parameters are
- *      to be used. Must be non-NULL.
- *  "crl"
- *      Address of CRL that is to be matched using "selector". Must be non-NULL.
- *  "pMatch"
- *      Address at which Boolean result is stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe
- *
- *  Multiple threads must be able to safely call this function without
- *  worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CRLSelector_MatchCallback)(
-        PKIX_CRLSelector *selector,
-        PKIX_PL_CRL *crl,
-        PKIX_Boolean *pMatch,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_Create
- * DESCRIPTION:
- *
- *  Creates a new CRLSelector using the Object pointed to by
- *  "crlSelectorContext" (if any) and stores it at "pSelector". As noted
- *  above, by default, the MatchCallback is set to point to the default
- *  implementation provided by libpkix, which understands how to process
- *  ComCRLSelParams. This is overridden if the MatchCallback pointed to by
- *  "callback" is not NULL, in which case the parameters are specified using
- *  the Object pointed to by "crlSelectorContext".
- *
- * PARAMETERS:
- *  "issue"
- *      crl issuer.
- *  "crlDpList"
- *      distribution points list
- *  "callback"
- *      The MatchCallback function to be used.
- *  "pSelector"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_Create(
-        PKIX_PL_Cert *issuer,
-        PKIX_List *crlDpList,
-        PKIX_PL_Date *date,
-        PKIX_CRLSelector **pSelector,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetMatchCallback
- * DESCRIPTION:
- *
- *  Retrieves a pointer to "selector's" Match callback function and puts it in
- *  "pCallback".
- *
- * PARAMETERS:
- *  "selector"
- *      The CRLSelector whose Match callback is desired. Must be non-NULL.
- *  "pCallback"
- *      Address where Match callback function pointer will be stored.
- *      Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetMatchCallback(
-        PKIX_CRLSelector *selector,
-        PKIX_CRLSelector_MatchCallback *pCallback,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
- * DESCRIPTION:
- *
- *  Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- *  of the CRLSelector pointed to by "selector" and stores it at
- *  "pCRLSelectorContext".
- *
- * PARAMETERS:
- *  "selector"
- *      Address of CRLSelector whose context is to be stored. Must be non-NULL.
- *  "pCRLSelectorContext"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCRLSelectorContext(
-        PKIX_CRLSelector *selector,
-        void **pCRLSelectorContext,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the ComCRLSelParams object that represent the common
- *  parameters of the CRLSelector pointed to by "selector" and stores it at
- *  "pCommonCRLSelectorParams". If there are no common parameters stored with
- *  the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
- *
- * PARAMETERS:
- *  "selector"
- *      Address of CRLSelector whose ComCRLSelParams are to be stored.
- *      Must be non-NULL.
- *  "pCommonCRLSelectorParams"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCommonCRLSelectorParams(
-        PKIX_CRLSelector *selector,
-        PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
- * DESCRIPTION:
- *
- *  Sets the common parameters for the CRLSelector pointed to by "selector"
- *  using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
- *
- * PARAMETERS:
- *  "selector"
- *      Address of CRLSelector whose common parameters are to be set.
- *      Must be non-NULL.
- *  "commonCRLSelectorParams"
- *      Address of ComCRLSelParams representing the common parameters.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "selector"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_SetCommonCRLSelectorParams(
-        PKIX_CRLSelector *selector,
-        PKIX_ComCRLSelParams *commonCRLSelectorParams,
-        void *plContext);
-
-/* PKIX_ComCRLSelParams
- *
- * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
- * especially determining which CRLs to retrieve from a CertStore.
- * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
- * the default implementation of MatchCallback, which understands how to
- * process ComCRLSelParams.
- */
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_Create
- * DESCRIPTION:
- *
- *  Creates a new ComCRLSelParams object and stores it at "pParams".
- *
- * PARAMETERS:
- *  "pParams"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_Create(
-        PKIX_ComCRLSelParams **pParams,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the List of X500Names (if any) representing the
- *  issuer names criterion that is set in the ComCRLSelParams pointed to by
- *  "params" and stores it at "pNames". In order to match against this
- *  criterion, a CRL's IssuerName must match at least one of the criterion's
- *  issuer names.
- *
- *  If "params" does not have this criterion set, this function stores NULL at
- *  "pNames", in which case all CRLs are considered to match.
- *
- *  Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose issuer names criterion (if any) is to
- *      be stored. Must be non-NULL.
- *  "pNames"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetIssuerNames(
-        PKIX_ComCRLSelParams *params,
-        PKIX_List **pNames,  /* list of PKIX_PL_X500Name */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
- * DESCRIPTION:
- *
- *  Sets the issuer names criterion of the ComCRLSelParams pointed to by
- *  "params" using a List of X500Names pointed to by "names". In order to match
- *  against this criterion, a CRL's IssuerName must match at least one of the
- *  criterion's issuer names.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParamsParams whose issuer names criterion is to be
- *      set. Must be non-NULL.
- *  "names"
- *      Address of List of X500Names used to set the criterion
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetIssuerNames(
-        PKIX_ComCRLSelParams *params,
-        PKIX_List *names,   /* list of PKIX_PL_X500Name */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
- * DESCRIPTION:
- *
- *  Adds to the issuer names criterion of the ComCRLSelParams pointed to by
- *  "params" using the X500Name pointed to by "name". In order to match
- *  against this criterion, a CRL's IssuerName must match at least one of the
- *  criterion's issuer names.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose issuer names criterion is to be added
- *      to. Must be non-NULL.
- *  "name"
- *      Address of X500Name to be added.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_AddIssuerName(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_X500Name *name,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the Cert (if any) representing the certificate whose
- *  revocation status is being checked. This is not a criterion. It is simply
- *  optional information that may help a CertStore find relevant CRLs.
- *
- *  If "params" does not have a certificate set, this function stores NULL at
- *  "pCert", in which case there is no optional information to provide.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose certificate being checked (if any) is
- *      to be stored. Must be non-NULL.
- *  "pCert"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetCertificateChecking(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_Cert **pCert,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
- * DESCRIPTION:
- *
- *  Sets the ComCRLSelParams pointed to by "params" with the certificate
- *  (pointed to by "cert") whose revocation status is being checked. This is
- *  not a criterion. It is simply optional information that may help a
- *  CertStore find relevant CRLs.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose certificate being checked is to be
- *      set. Must be non-NULL.
- *  "cert"
- *      Address of Cert whose revocation status is being checked
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetCertificateChecking(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_Cert *cert,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the Date (if any) representing the dateAndTime
- *  criterion that is set in the ComCRLSelParams pointed to by "params" and
- *  stores it at "pDate". In order to match against this criterion, a CRL's
- *  thisUpdate component must be less than or equal to the criterion's
- *  dateAndTime and the CRL's nextUpdate component must be later than the
- *  criterion's dateAndTime. There is no match if the CRL does not contain a
- *  nextUpdate component.
- *
- *  If "params" does not have this criterion set, this function stores NULL at
- *  "pDate", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
- *      be stored. Must be non-NULL.
- *  "pDate"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetDateAndTime(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_Date **pDate,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
- * DESCRIPTION:
- *
- *  Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
- *  "params" using a Date pointed to by "date". In order to match against this
- *  criterion, a CRL's thisUpdate component must be less than or equal to the
- *  criterion's dateAndTime and the CRL's nextUpdate component must be later
- *  than the criterion's dateAndTime. There is no match if the CRL does not
- *  contain a nextUpdate component.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
- *      set. Must be non-NULL.
- *  "date"
- *      Address of Date used to set the criterion
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetDateAndTime(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_Date *date,
-        void *plContext);
-
-/* 
- * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the Boolean representing the NIST CRL policy
- *  activation flag that is set in the ComCRLSelParams pointed to by "params"
- *  and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
- *
- *  Default value for this flag is TRUE.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose NIST CRL policy criterion  is to
- *      be stored. Must be non-NULL.
- *  "pEnabled"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
-        PKIX_ComCRLSelParams *params,
-        PKIX_Boolean *pEnabled,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
- * DESCRIPTION:
- *
- *  Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
- *  "params" using a "enabled" flag. In order to match against this
- *  criterion, a CRL's nextUpdate must be available and criterion's
- *  dataAndTime must be within thisUpdate and nextUpdate time period.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParamsParams whose NIST CRL policy criterion
- *      is to be set. Must be non-NULL.
- *  "enabled"
- *      Address of Bollean used to set the criterion
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
-        PKIX_ComCRLSelParams *params,
-        PKIX_Boolean enabled,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
- *  criterion that is set in the ComCRLSelParams pointed to by "params" and
- *  stores it at "pNumber". In order to match against this criterion, a CRL
- *  must have a CRL number extension whose value is less than or equal to the
- *  criterion's value.
- *
- *  If "params" does not have this criterion set, this function stores NULL at
- *  "pNumber", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
- *      be stored. Must be non-NULL.
- *  "pNumber"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMaxCRLNumber(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_BigInt **pNumber,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
- * DESCRIPTION:
- *
- *  Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
- *  "params" using a BigInt pointed to by "number". In order to match against
- *  this criterion, a CRL must have a CRL number extension whose value is less
- *  than or equal to the criterion's value.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
- *      set. Must be non-NULL.
- *  "number"
- *      Address of BigInt used to set the criterion
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMaxCRLNumber(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_BigInt *number,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
- *  criterion that is set in the ComCRLSelParams pointed to by "params" and
- *  stores it at "pNumber". In order to match against this criterion, a CRL
- *  must have a CRL number extension whose value is greater than or equal to
- *  the criterion's value.
- *
- *  If "params" does not have this criterion set, this function stores NULL at
- *  "pNumber", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
- *      be stored. Must be non-NULL.
- *  "pNumber"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMinCRLNumber(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_BigInt **pNumber,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
- * DESCRIPTION:
- *
- *  Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
- *  "params" using a BigInt pointed to by "number". In order to match against
- *  this criterion, a CRL must have a CRL number extension whose value is
- *  greater than or equal to the criterion's value.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
- *      set. Must be non-NULL.
- *  "number"
- *      Address of BigInt used to set the criterion
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMinCRLNumber(
-        PKIX_ComCRLSelParams *params,
-        PKIX_PL_BigInt *number,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
- * DESCRIPTION:
- *
- * Sets crldp list that can be used to download a crls.
- * 
- * PARAMETERS:
- *  "params"
- *      Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
- *      set. Must be non-NULL.
- *  "crldpList"
- *      A list of CRLDPs. Can be an emptry list.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a CRLSelector Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error*
-PKIX_ComCRLSelParams_SetCrlDp(
-         PKIX_ComCRLSelParams *params,
-         PKIX_List *crldpList,
-         void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CRLSEL_H */