Delete bundled copy of NSS and replace with README.

nss/lib/libpkix/include/pkix_params.h

-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * This file defines functions associated with the various parameters used
- * by the top-level functions.
- *
- */
-
-#ifndef _PKIX_PARAMS_H
-#define _PKIX_PARAMS_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_ProcessingParams
- *
- * PKIX_ProcessingParams are parameters used when validating or building a
- * chain of certificates. Using the parameters, the caller can specify several
- * things, including the various inputs to the PKIX chain validation
- * algorithm (such as trust anchors, initial policies, etc), any customized
- * functionality (such as CertChainCheckers, RevocationCheckers, CertStores),
- * and whether revocation checking should be disabled.
- *
- * Once the caller has created the ProcessingParams object, the caller then
- * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call
- * the user's callback functions as needed during the validation or building
- * process.
- *
- * If a parameter is not set (or is set to NULL), it will be set to the
- * default value for that parameter. The default value for the Date parameter
- * is NULL, which indicates the current time when the path is validated. The
- * default for the remaining parameters is the least constrained.
- */
-
-/*
- * FUNCTION: PKIX_ProcessingParams_Create
- * DESCRIPTION:
- *
- *  Creates a new ProcessingParams object. Trust anchor list is set to
- *  newly created empty list of trust. In this case trust anchors will
- *  be taken from provided cert store. Pointed to the created
- *  ProcessingParams object is stored in "pParams".
- *
- * PARAMETERS:
- *  "anchors"
- *      Address of List of (non-empty) TrustAnchors to be used.
- *      Must be non-NULL.
- *  "pParams"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_Create(
-        PKIX_ProcessingParams **pParams,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the List of CertChainCheckers (if any) that are set
- *  in the ProcessingParams pointed to by "params" and stores it at
- *  "pCheckers". Each CertChainChecker represents a custom certificate
- *  validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed
- *  during the validation or building process. If "params" does not have any
- *  CertChainCheckers, this function stores an empty List at "pCheckers".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of CertChainCheckers (if any)
- *      are to be stored. Must be non-NULL.
- *  "pCheckers"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertChainCheckers(
-        PKIX_ProcessingParams *params,
-        PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a List of
- *  CertChainCheckers pointed to by "checkers". Each CertChainChecker
- *  represents a custom certificate validation check used by
- *  PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or
- *  building process. If "checkers" is NULL, no CertChainCheckers will be used.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of CertChainCheckers is to be
- *      set. Must be non-NULL.
- *  "checkers"
- *      Address of List of CertChainCheckers to be set. If NULL, no
- *      CertChainCheckers will be used.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params" and "checkers"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertChainCheckers(
-        PKIX_ProcessingParams *params,
-        PKIX_List *checkers,  /* list of PKIX_CertChainChecker */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker
- * DESCRIPTION:
- *
- *  Adds the CertChainChecker pointed to by "checker" to the ProcessingParams
- *  pointed to by "params". The CertChainChecker represents a custom
- *  certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain
- *  as needed during the validation or building process.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams to be added to. Must be non-NULL.
- *  "checker"
- *      Address of CertChainChecker to be added. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertChainChecker(
-        PKIX_ProcessingParams *params,
-        PKIX_CertChainChecker *checker,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the RevocationChecker that are set
- *  in the ProcessingParams pointed to by "params" and stores it at
- *  "pRevChecker". Each RevocationChecker represents a revocation
- *  check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the
- *  validation or building process. If "params" does not have any
- *  RevocationCheckers, this function stores an empty List at "pRevChecker".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of RevocationCheckers
- *      is to be stored. Must be non-NULL.
- *  "pRevChecker"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetRevocationChecker(
-        PKIX_ProcessingParams *params,
-        PKIX_RevocationChecker **pChecker,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a 
- *  RevocationChecker pointed to by "revChecker". Revocation
- *  checker object should be created and assigned to processing
- *  parameters before chain build or validation can begin.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of RevocationCheckers is to be
- *      set. Must be non-NULL.
- *  "revChecker"
- *      Address of RevocationChecker to be set. Must be set before chain
- *      building or validation.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetRevocationChecker(
-        PKIX_ProcessingParams *params,
-        PKIX_RevocationChecker *revChecker,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertStores
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the List of CertStores (if any) that are set in the
- *  ProcessingParams pointed to by "params" and stores it at "pStores". Each
- *  CertStore represents a particular repository from which certificates and
- *  CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed
- *  during the validation or building process. If "params" does not have any
- *  CertStores, this function stores an empty List at "pStores".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of CertStores (if any) are to
- *      be stored. Must be non-NULL.
- *  "pStores"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertStores(
-        PKIX_ProcessingParams *params,
-        PKIX_List **pStores,  /* list of PKIX_CertStore */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertStores
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a List of CertStores
- *  pointed to by "stores". Each CertStore represents a particular repository
- *  from which certificates and CRLs can be retrieved by PKIX_ValidateChain or
- *  PKIX_BuildChain as needed during the validation or building process. If
- *  "stores" is NULL, no CertStores will be used.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of CertStores is to be set.
- *      Must be non-NULL.
- *  "stores"
- *      Address of List of CertStores to be set. If NULL, no CertStores will
- *      be used.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertStores(
-        PKIX_ProcessingParams *params,
-        PKIX_List *stores,  /* list of PKIX_CertStore */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertStore
- * DESCRIPTION:
- *
- *  Adds the CertStore pointed to by "store" to the ProcessingParams pointed
- *  to by "params". The CertStore represents a particular repository from
- *  which certificates and CRLs can be retrieved by PKIX_ValidateChain or
- *  PKIX_BuildChain as needed during the validation or building process.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams to be added to. Must be non-NULL.
- *  "store"
- *      Address of CertStore to be added.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertStore(
-        PKIX_ProcessingParams *params,
-        PKIX_CertStore *store,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetDate
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the Date (if any) that is set in the
- *  ProcessingParams pointed to by "params" and stores it at "pDate". The
- *  Date represents the time for which the validation of the certificate chain
- *  should be determined. If "params" does not have any Date set, this function
- *  stores NULL at "pDate".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose Date (if any) is to be stored.
- *      Must be non-NULL.
- *  "pDate"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetDate(
-        PKIX_ProcessingParams *params,
-        PKIX_PL_Date **pDate,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetDate
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a Date pointed to by
- *  "date". The Date represents the time for which the validation of the
- *  certificate chain should be determined. If "date" is NULL, the current
- *  time is used during validation.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose Date is to be set. Must be non-NULL.
- *  "date"
- *      Address of Date to be set. If NULL, current time is used.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetDate(
-        PKIX_ProcessingParams *params,
-        PKIX_PL_Date *date,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the List of OIDs (if any) that are set in the
- *  ProcessingParams pointed to by "params" and stores it at "pInitPolicies".
- *  Each OID represents an initial policy identifier, indicating that any
- *  one of these policies would be acceptable to the certificate user for
- *  the purposes of certification path processing. If "params" does not have
- *  any initial policies, this function stores an empty List at
- *  "pInitPolicies".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of OIDs (if any) are to be
- *      stored. Must be non-NULL.
- *  "pInitPolicies"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetInitialPolicies(
-        PKIX_ProcessingParams *params,
-        PKIX_List **pInitPolicies,    /* list of PKIX_PL_OID */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a List of OIDs
- *  pointed to by "initPolicies".
- *
- *  Each OID represents an initial policy identifier, indicating that any
- *  one of these policies would be acceptable to the certificate user for
- *  the purposes of certification path processing. By default, any policy
- *  is acceptable (i.e. all policies), so a user that wants to allow any
- *  policy as acceptable does not need to call this method. Similarly, if
- *  initPolicies is NULL or points to an empty List, all policies are
- *  acceptable.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of OIDs is to be set.
- *      Must be non-NULL.
- *  "initPolicies"
- *      Address of List of OIDs to be set. If NULL or if pointing to an empty
- *      List, all policies are acceptable.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetInitialPolicies(
-        PKIX_ProcessingParams *params,
-        PKIX_List *initPolicies,    /* list of PKIX_PL_OID */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
- * DESCRIPTION:
- *
- *  Checks whether the ProcessingParams pointed to by "params" indicate that
- *  policy qualifiers should be rejected and stores the Boolean result at
- *  "pRejected".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams used to determine whether or not policy
- *      qualifiers should be rejected. Must be non-NULL.
- *  "pRejected"
- *      Address where Boolean will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetPolicyQualifiersRejected(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean *pRejected,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
- * DESCRIPTION:
- *
- *  Specifies in the ProcessingParams pointed to by "params" whether policy
- *  qualifiers are rejected using the Boolean value of "rejected".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams to be set. Must be non-NULL.
- *  "rejected"
- *      Boolean value indicating whether policy qualifiers are to be rejected.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyQualifiersRejected(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean rejected,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the CertSelector (if any) that is set in the
- *  ProcessingParams pointed to by "params" and stores it at "pConstraints".
- *  The CertSelector represents the constraints to be placed on the target
- *  certificate. If "params" does not have any CertSelector set, this function
- *  stores NULL at "pConstraints".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose CertSelector (if any) is to be
- *      stored. Must be non-NULL.
- *  "pConstraints"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTargetCertConstraints(
-        PKIX_ProcessingParams *params,
-        PKIX_CertSelector **pConstraints,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a CertSelector
- *  pointed to by "constraints". The CertSelector represents the constraints
- *  to be placed on the target certificate. If "constraints" is NULL, no
- *  constraints are defined.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose CertSelector is to be set.
- *      Must be non-NULL.
- *  "constraints"
- *      Address of CertSelector to be set. If NULL, no constraints are defined.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTargetCertConstraints(
-        PKIX_ProcessingParams *params,
-        PKIX_CertSelector *constraints,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the List of TrustAnchors that are set in
- *  the ProcessingParams pointed to by "params" and stores it at "pAnchors".
- *  If the function succeeds, the pointer to the List is guaranteed to be
- *  non-NULL and the List is guaranteed to be non-empty.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of TrustAnchors are to
- *      be stored. Must be non-NULL.
- *  "pAnchors"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTrustAnchors(
-        PKIX_ProcessingParams *params,
-        PKIX_List **pAnchors,  /* list of TrustAnchor */
-        void *plContext);
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * DESCRIPTION:
- *
- * Sets user defined set of trust anchors. The handling of the trust anchors
- * may be furthered alter via PKIX_ProcessingParams_SetUseOnlyTrustAnchors.
- * By default, a certificate will be considered invalid if it does not chain
- * to a trusted anchor from this list.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of TrustAnchors are to
- *      be stored. Must be non-NULL.
- *  "anchors"
- *      Address of the trust anchors list object. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTrustAnchors(
-        PKIX_ProcessingParams *params,
-        PKIX_List *pAnchors,  /* list of TrustAnchor */
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetUseOnlyTrustAnchors
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Boolean. The boolean value represents
- * the switch value that is used to identify whether trust anchors, if
- * specified, should be the exclusive source of trust information.
- * If the function succeeds, the pointer to the Boolean is guaranteed to be
- * non-NULL.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams. Must be non-NULL.
- *  "pUseOnlyTrustAnchors"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetUseOnlyTrustAnchors(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean *pUseOnlyTrustAnchors,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
- * DESCRIPTION:
- *
- * Configures whether trust anchors are used as the exclusive source of trust.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams. Must be non-NULL.
- *  "useOnlyTrustAnchors"
- *      If true, indicates that trust anchors should be used exclusively when
- *      they have been specified via PKIX_ProcessingParams_SetTrustAnchors. A
- *      certificate will be considered invalid if it does not chain to a
- *      trusted anchor from that list.
- *      If false, indicates that the trust anchors are additive to whatever
- *      existing trust stores are configured. A certificate is considered
- *      valid if it chains to EITHER a trusted anchor from that list OR a
- *      certificate marked trusted in a trust store.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetUseOnlyTrustAnchors(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean useOnlyTrustAnchors,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the Boolean. The boolean value represents
- *  the switch value that is used to identify if url in cert AIA extension
- *  may be used for cert fetching.
- *  If the function succeeds, the pointer to the Boolean is guaranteed to be
- *  non-NULL.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams. Must be non-NULL.
- *  "pUseAIA"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetUseAIAForCertFetching(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean *pUseAIA,  /* list of TrustAnchor */
-        void *plContext);
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * DESCRIPTION:
- *
- * Sets switch value that defines if url in cert AIA extension
- * may be used for cert fetching.
- * 
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams.
- *  "useAIA"
- *      Address of the trust anchors list object. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetUseAIAForCertFetching(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean useAIA,  
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
- * DESCRIPTION:
- *
- * Sets a boolean value that tells if libpkix needs to check that
- * the target certificate satisfies the conditions set in processing
- * parameters. Includes but not limited to date, ku and eku checks.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of TrustAnchors are to
- *      be stored. Must be non-NULL.
- *  "qualifyTargetCert"
- *      boolean value if set to true will trigger qualification of the
- *      target certificate.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetQualifyTargetCert(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean qualifyTargetCert,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetHintCerts
- * DESCRIPTION:
- *
- *  Retrieves a pointer to a List of Certs supplied by the user as a suggested
- *  partial CertChain (subject to verification), that are set in the
- *  ProcessingParams pointed to by "params", and stores it at "pHintCerts".
- *  The List returned may be empty or NULL.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of TrustAnchors are to
- *      be stored. Must be non-NULL.
- *  "pHintCerts"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetHintCerts(
-        PKIX_ProcessingParams *params,
-        PKIX_List **pHintCerts,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetHintCerts
- * DESCRIPTION:
- *
- *  Stores a pointer to a List of Certs supplied by the user as a suggested
- *  partial CertChain (subject to verification), as an element in the
- *  ProcessingParams pointed to by "params". The List may be empty or NULL.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose List of HintCerts is to be stored.
- *      Must be non-NULL.
- *  "hintCerts"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetHintCerts(
-        PKIX_ProcessingParams *params,
-        PKIX_List *hintCerts,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the ResourceLimits (if any) that is set in the
- *  ProcessingParams pointed to by "params" and stores it at "pResourceLimits".
- *  The ResourceLimits represent the maximum resource usage that the caller 
- *  desires (such as MaxTime). The ValidateChain or BuildChain call will not
- *  exceed these maximum limits. If "params" does not have any ResourceLimits
- *  set, this function stores NULL at "pResourceLimits".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose ResourceLimits (if any) are to be
- *      stored. Must be non-NULL.
- *  "pResourceLimits"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetResourceLimits(
-        PKIX_ProcessingParams *params,
-        PKIX_ResourceLimits **pResourceLimits,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
- * DESCRIPTION:
- *
- *  Sets the ProcessingParams pointed to by "params" with a ResourceLimits
- *  object pointed to by "resourceLimits". The ResourceLimits represent the
- *  maximum resource usage that the caller desires (such as MaxTime). The
- *  ValidateChain or BuildChain call will not exceed these maximum limits.
- *  If "resourceLimits" is NULL, no ResourceLimits are defined.
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams whose ResourceLimits are to be set.
- *      Must be non-NULL.
- *  "resourceLimits"
- *      Address of ResourceLimits to be set. If NULL, no limits are defined.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetResourceLimits(
-        PKIX_ProcessingParams *params,
-        PKIX_ResourceLimits *resourceLimits,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
- * DESCRIPTION:
- *
- *  Checks whether the ProcessingParams pointed to by "params" indicate that
- *  anyPolicy is inhibited and stores the Boolean result at "pInhibited".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams used to determine whether or not anyPolicy
- *      inhibited. Must be non-NULL.
- *  "pInhibited"
- *      Address where Boolean will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsAnyPolicyInhibited(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean *pInhibited,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
- * DESCRIPTION:
- *
- *  Specifies in the ProcessingParams pointed to by "params" whether anyPolicy
- *  is inhibited using the Boolean value of "inhibited".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams to be set. Must be non-NULL.
- *  "inhibited"
- *      Boolean value indicating whether anyPolicy is to be inhibited.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetAnyPolicyInhibited(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean inhibited,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
- * DESCRIPTION:
- *
- *  Checks whether the ProcessingParams pointed to by "params" indicate that
- *  explicit policies are required and stores the Boolean result at
- *  "pRequired".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams used to determine whether or not explicit
- *      policies are required. Must be non-NULL.
- *  "pRequired"
- *      Address where Boolean will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsExplicitPolicyRequired(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean *pRequired,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
- * DESCRIPTION:
- *
- *  Specifies in the ProcessingParams pointed to by "params" whether explicit
- *  policies are required using the Boolean value of "required".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams to be set. Must be non-NULL.
- *  "required"
- *      Boolean value indicating whether explicit policies are to be required.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetExplicitPolicyRequired(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean required,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
- * DESCRIPTION:
- *
- *  Checks whether the ProcessingParams pointed to by "params" indicate that
- *  policyMapping is inhibited and stores the Boolean result at "pInhibited".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams used to determine whether or not policy
- *      mappings are inhibited. Must be non-NULL.
- *  "pInhibited"
- *      Address where Boolean will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsPolicyMappingInhibited(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean *pInhibited,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
- * DESCRIPTION:
- *
- *  Specifies in the ProcessingParams pointed to by "params" whether policy
- *  mapping is inhibited using the Boolean value of "inhibited".
- *
- * PARAMETERS:
- *  "params"
- *      Address of ProcessingParams to be set. Must be non-NULL.
- *  "inhibited"
- *      Boolean value indicating whether policy mapping is to be inhibited.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyMappingInhibited(
-        PKIX_ProcessingParams *params,
-        PKIX_Boolean inhibited,
-        void *plContext);
-
-
-/* PKIX_ValidateParams
- *
- * PKIX_ValidateParams consists of a ProcessingParams object as well as the
- * List of Certs (certChain) that the caller is trying to validate.
- */
-
-/*
- * FUNCTION: PKIX_ValidateParams_Create
- * DESCRIPTION:
- *
- *  Creates a new ValidateParams object and stores it at "pParams".
- *
- * PARAMETERS:
- *  "procParams"
- *      Address of ProcessingParams to be used. Must be non-NULL.
- *  "chain"
- *      Address of List of Certs (certChain) to be validated. Must be non-NULL.
- *  "pParams"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_Create(
-        PKIX_ProcessingParams *procParams,
-        PKIX_List *chain,
-        PKIX_ValidateParams **pParams,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetProcessingParams
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the ProcessingParams that represent the basic
- *  certificate processing parameters used during chain validation and chain
- *  building from the ValidateParams pointed to by "valParams" and stores it
- *  at "pProcParams". If the function succeeds, the pointer to the
- *  ProcessingParams is guaranteed to be non-NULL.
- *
- * PARAMETERS:
- *  "valParams"
- *      Address of ValidateParams whose ProcessingParams are to be stored.
- *      Must be non-NULL.
- *  "pProcParams"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_GetProcessingParams(
-        PKIX_ValidateParams *valParams,
-        PKIX_ProcessingParams **pProcParams,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetCertChain
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the List of Certs (certChain) that is set in the
- *  ValidateParams pointed to by "valParams" and stores it at "pChain". If the
- *  function succeeds, the pointer to the CertChain is guaranteed to be
- *  non-NULL.
- *
- * PARAMETERS:
- *  "valParams"
- *      Address of ValidateParams whose CertChain is to be stored.
- *      Must be non-NULL.
- *  "pChain"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_GetCertChain(
-        PKIX_ValidateParams *valParams,
-        PKIX_List **pChain,
-        void *plContext);
-
-/* PKIX_TrustAnchor
- *
- * A PKIX_TrustAnchor represents a trusted entity and can be specified using a
- * self-signed certificate or using the trusted CA's name and public key. In
- * order to limit the trust in the trusted entity, name constraints can also
- * be imposed on the trust anchor.
- */
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithCert
- * DESCRIPTION:
- *
- *  Creates a new TrustAnchor object using the Cert pointed to by "cert" as
- *  the trusted certificate and stores it at "pAnchor". Once created, a
- *  TrustAnchor is immutable.
- *
- * PARAMETERS:
- *  "cert"
- *      Address of Cert to use as trusted certificate. Must be non-NULL.
- *  "pAnchor"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithCert(
-        PKIX_PL_Cert *cert,
-        PKIX_TrustAnchor **pAnchor,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
- * DESCRIPTION:
- *
- *  Creates a new TrustAnchor object using the X500Name pointed to by "name",
- *  and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The
- *  CertNameConstraints pointed to by "nameConstraints" (if any) are used to
- *  limit the trust placed in this trust anchor. To indicate that name
- *  constraints don't apply, set "nameConstraints" to NULL. Once created, a
- *  TrustAnchor is immutable.
- *
- * PARAMETERS:
- *  "name"
- *      Address of X500Name to use as name of trusted CA. Must be non-NULL.
- *  "pubKey"
- *      Address of PublicKey to use as trusted public key. Must be non-NULL.
- *  "nameConstraints"
- *      Address of CertNameConstraints to use as initial name constraints.
- *      If NULL, no name constraints are applied.
- *  "pAnchor"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithNameKeyPair(
-        PKIX_PL_X500Name *name,
-        PKIX_PL_PublicKey *pubKey,
-        PKIX_PL_CertNameConstraints *nameConstraints,
-        PKIX_TrustAnchor **pAnchor,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetTrustedCert
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to
- *  by "anchor" and stores it at "pCert". If "anchor" does not have a Cert
- *  set, this function stores NULL at "pCert".
- *
- * PARAMETERS:
- *  "anchor"
- *      Address of TrustAnchor whose Cert is to be stored. Must be non-NULL.
- *  "pChain"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetTrustedCert(
-        PKIX_TrustAnchor *anchor,
-        PKIX_PL_Cert **pCert,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAName
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the CA's X500Name (if any) that is set in the
- *  TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor"
- *  does not have an X500Name set, this function stores NULL at "pCAName".
- *
- * PARAMETERS:
- *  "anchor"
- *      Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL.
- *  "pCAName"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAName(
-        PKIX_TrustAnchor *anchor,
-        PKIX_PL_X500Name **pCAName,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the CA's PublicKey (if any) that is set in the
- *  TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor"
- *  does not have a PublicKey set, this function stores NULL at "pPubKey".
- *
- * PARAMETERS:
- *  "anchor"
- *      Address of TrustAnchor whose CA PublicKey is to be stored.
- *      Must be non-NULL.
- *  "pPubKey"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAPublicKey(
-        PKIX_TrustAnchor *anchor,
-        PKIX_PL_PublicKey **pPubKey,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
- * DESCRIPTION:
- *
- *  Retrieves a pointer to the CertNameConstraints (if any) set in the
- *  TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If
- *  "anchor" does not have any CertNameConstraints set, this function stores
- *  NULL at "pConstraints".
- *
- * PARAMETERS:
- *  "anchor"
- *      Address of TrustAnchor whose CertNameConstraints are to be stored.
- *      Must be non-NULL.
- *  "pConstraints"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a Params Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetNameConstraints(
-        PKIX_TrustAnchor *anchor,
-        PKIX_PL_CertNameConstraints **pNameConstraints,
-        void *plContext);
-
-/* PKIX_ResourceLimits
- *
- *  A PKIX_ResourceLimits object represents the maximum resource usage that
- *  the caller desires. The ValidateChain or BuildChain call
- *  will not exceed these maximum limits. For example, the caller may want
- *  a timeout value of 1 minute, meaning that if the ValidateChain or
- *  BuildChain function is unable to finish in 1 minute, it should abort
- *  with an Error.
- */
-
-/*
- * FUNCTION: PKIX_ResourceLimits_Create
- * DESCRIPTION:
- *
- *  Creates a new ResourceLimits object and stores it at "pResourceLimits".
- *
- * PARAMETERS:
- *  "pResourceLimits"
- *      Address where object pointer will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_Create(
-        PKIX_ResourceLimits **pResourceLimits,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxTime
- * DESCRIPTION:
- *
- *  Retrieves a PKIX_UInt32 (if any) representing the maximum time that is
- *  set in the ResourceLimits object pointed to by "resourceLimits" and stores
- *  it at "pMaxTime". This maximum time (in seconds) should not be exceeded
- *  by the function whose ProcessingParams contain this ResourceLimits object
- *  (typically ValidateChain or BuildChain). It essentially functions as a
- *  time-out value and is only appropriate if blocking I/O is being used.
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum time (in seconds) is
- *      to be stored. Must be non-NULL.
- *  "pMaxTime"
- *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxTime(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 *pMaxTime,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxTime
- * DESCRIPTION:
- *
- *  Sets the maximum time of the ResourceLimits object pointed to by
- *  "resourceLimits" using the PKIX_UInt32 value of "maxTime". This
- *  maximum time (in seconds) should not be exceeded by the function
- *  whose ProcessingParams contain this ResourceLimits object
- *  (typically ValidateChain or BuildChain). It essentially functions as a
- *  time-out value and is only appropriate if blocking I/O is being used.
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum time (in seconds) is
- *      to be set. Must be non-NULL.
- *  "maxTime"
- *      Value of PKIX_UInt32 representing the maximum time (in seconds)
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxTime(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 maxTime,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
- * DESCRIPTION:
- *
- *  Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is
- *  set in the ResourceLimits object pointed to by "resourceLimits" and stores
- *  it at "pMaxFanout". This maximum fanout (number of certs) should not be
- *  exceeded by the function whose ProcessingParams contain this ResourceLimits
- *  object (typically ValidateChain or BuildChain). If the builder encounters
- *  more than this maximum number of certificates when searching for the next
- *  candidate certificate, it should abort and return an error. This
- *  parameter is only relevant for ValidateChain if it needs to internally call
- *  BuildChain (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum fanout (number of certs)
- *      is to be stored. Must be non-NULL.
- *  "pMaxFanout"
- *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxFanout(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 *pMaxFanout,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
- * DESCRIPTION:
- *
- *  Sets the maximum fanout of the ResourceLimits object pointed to by
- *  "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum
- *  fanout (number of certs) should not be exceeded by the function whose
- *  ProcessingParams contain this ResourceLimits object (typically ValidateChain
- *  or BuildChain). If the builder encounters more than this maximum number of
- *  certificates when searching for the next candidate certificate, it should
- *  abort and return an Error. This parameter is only relevant for ValidateChain
- *  if it needs to internally call BuildChain (e.g. in order to build the
- *  chain to a CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum fanout (number of certs)
- *      is to be set. Must be non-NULL.
- *  "maxFanout"
- *      Value of PKIX_UInt32 representing the maximum fanout (number of certs)
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxFanout(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 maxFanout,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
- * DESCRIPTION:
- *
- *  Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is
- *  set in the ResourceLimits object pointed to by "resourceLimits" and stores
- *  it at "pMaxDepth". This maximum depth (number of certs) should not be
- *  exceeded by the function whose ProcessingParams contain this ResourceLimits
- *  object (typically ValidateChain or BuildChain). If the builder encounters
- *  more than this maximum number of certificates when searching for the next
- *  candidate certificate, it should abort and return an error. This
- *  parameter is only relevant for ValidateChain if it needs to internally call
- *  BuildChain (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum depth (number of certs)
- *      is to be stored. Must be non-NULL.
- *  "pMaxDepth"
- *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxDepth(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 *pMaxDepth,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
- * DESCRIPTION:
- *
- *  Sets the maximum depth of the ResourceLimits object pointed to by
- *  "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum
- *  depth (number of certs) should not be exceeded by the function whose
- *  ProcessingParams contain this ResourceLimits object (typically ValidateChain
- *  or BuildChain). If the builder encounters more than this maximum number of
- *  certificates when searching for the next candidate certificate, it should
- *  abort and return an Error. This parameter is only relevant for ValidateChain
- *  if it needs to internally call BuildChain (e.g. in order to build the
- *  chain to a CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum depth (number of certs)
- *      is to be set. Must be non-NULL.
- *  "maxDepth"
- *      Value of PKIX_UInt32 representing the maximum depth (number of certs)
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxDepth(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 maxDepth,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
- * DESCRIPTION:
- *
- *  Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
- *  certs that is set in the ResourceLimits object pointed to by "resourceLimits"
- *  and stores it at "pMaxNumber". This maximum number of traversed certs should
- *  not be exceeded by the function whose ProcessingParams contain this ResourceLimits
- *  object (typically ValidateChain or BuildChain). If the builder traverses more
- *  than this number of certs during the build process, it should abort and
- *  return an Error. This parameter is only relevant for ValidateChain if it
- *  needs to internally call BuildChain (e.g. in order to build the chain to a
- *  CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum number of traversed certs
- *      is to be stored. Must be non-NULL.
- *  "pMaxNumber"
- *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCerts(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 *pMaxNumber,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
- * DESCRIPTION:
- *
- *  Sets the maximum number of traversed certs of the ResourceLimits object
- *  pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
- *  This maximum number of traversed certs should not be exceeded by the function 
- *  whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
- *  or BuildChain). If the builder traverses more than this number of certs
- *  during the build process, it should abort and return an Error. This parameter
- *  is only relevant for ValidateChain if it needs to internally call BuildChain
- *  (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum number of traversed certs
- *      is to be set. Must be non-NULL.
- *  "maxNumber"
- *      Value of PKIX_UInt32 representing the maximum number of traversed certs
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCerts(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 maxNumber,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
- * DESCRIPTION:
- *
- *  Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
- *  CRLs that is set in the ResourceLimits object pointed to by "resourceLimits"
- *  and stores it at "pMaxNumber". This maximum number of traversed CRLs should
- *  not be exceeded by the function whose ProcessingParams contain this ResourceLimits
- *  object (typically ValidateChain or BuildChain). If the builder traverses more
- *  than this number of CRLs during the build process, it should abort and
- *  return an Error. This parameter is only relevant for ValidateChain if it
- *  needs to internally call BuildChain (e.g. in order to build the chain to a
- *  CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum number of traversed CRLs
- *      is to be stored. Must be non-NULL.
- *  "pMaxNumber"
- *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Conditionally Thread Safe
- *      (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCRLs(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 *pMaxNumber,
-        void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
- * DESCRIPTION:
- *
- *  Sets the maximum number of traversed CRLs of the ResourceLimits object
- *  pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
- *  This maximum number of traversed CRLs should not be exceeded by the function 
- *  whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
- *  or BuildChain). If the builder traverses more than this number of CRLs
- *  during the build process, it should abort and return an Error. This parameter
- *  is only relevant for ValidateChain if it needs to internally call BuildChain
- *  (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- *  "resourceLimits"
- *      Address of ResourceLimits object whose maximum number of traversed CRLs
- *      is to be set. Must be non-NULL.
- *  "maxNumber"
- *      Value of PKIX_UInt32 representing the maximum number of traversed CRLs
- *  "plContext"
- *      Platform-specific context pointer.
- * THREAD SAFETY:
- *  Not Thread Safe - assumes exclusive access to "params"
- *  (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- *  Returns NULL if the function succeeds.
- *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
- *  Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCRLs(
-        PKIX_ResourceLimits *resourceLimits,
-        PKIX_UInt32 maxNumber,
-        void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PARAMS_H */