Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1675)

Unified Diff: nss/lib/libpkix/include/pkix_certsel.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/libpkix/include/pkix.h ('k') | nss/lib/libpkix/include/pkix_certstore.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/libpkix/include/pkix_certsel.h
diff --git a/nss/lib/libpkix/include/pkix_certsel.h b/nss/lib/libpkix/include/pkix_certsel.h
deleted file mode 100755
index e6b20c8c5071897acf6a9671a9c7aead060a5690..0000000000000000000000000000000000000000
--- a/nss/lib/libpkix/include/pkix_certsel.h
+++ /dev/null
@@ -1,1826 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * This file defines functions associated with the PKIX_CertSelector and the
- * PKIX_ComCertSelParams types.
- *
- */
-
-#ifndef _PKIX_CERTSEL_H
-#define _PKIX_CERTSEL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertSelector
- *
- * PKIX_CertSelectors provide a standard way for the caller to select
- * certificates based on particular criteria. A CertSelector is typically used
- * by the caller to specify the constraints they wish to impose on the target
- * certificate in a chain. (see pkix_params.h) A CertSelector is also often
- * used to retrieve certificates from a CertStore that match the selector's
- * criteria. (See pkix_certstore.h) For example, the caller may wish to only
- * select those certificates that have a particular Subject Distinguished Name
- * and a particular value for a private certificate extension. The
- * MatchCallback allows the caller to specify the custom matching logic to be
- * used by a CertSelector.
- *
- * By default, the MatchCallback is set to point to the default implementation
- * provided by libpkix, which understands how to process the most common
- * parameters. If the default implementation is used, the caller should set
- * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams.
- * Any common parameter that is not set is assumed to be disabled, which means
- * the default MatchCallback implementation will select all certificates
- * without regard to that particular disabled parameter. For example, if the
- * SerialNumber parameter is not set, MatchCallback will not filter out any
- * certificate based on its serial number. As such, if no parameters are set,
- * all are disabled and any certificate will match. If a parameter is
- * disabled, its associated PKIX_ComCertSelParams_Get* function returns a
- * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints
- * and PKIX_ComCertSelParams_GetVersion, or 0 for
- * PKIX_ComCertSelParams_GetKeyUsage.
- *
- * If a custom implementation is desired, the default implementation can be
- * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the
- * CertSelector can be initialized with a certSelectorContext, which is where
- * the caller can specify the desired parameters the caller wishes to match
- * against. Note that this certSelectorContext must be an Object (although any
- * object type), allowing it to be reference-counted and allowing it to
- * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
- * Duplicate).
- *
- */
-
-/*
- * FUNCTION: PKIX_CertSelector_MatchCallback
- * DESCRIPTION:
- *
- * This callback function determines whether the specified Cert pointed to by
- * "cert" matches the criteria of the CertSelector pointed to by "selector".
- * If the Cert does not matches the CertSelector's criteria, an exception will
- * be thrown.
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose MatchCallback logic and parameters are
- * to be used. Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched using "selector".
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertSelector_MatchCallback)(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_Create
- * DESCRIPTION:
- *
- * Creates a new CertSelector using the Object pointed to by
- * "certSelectorContext" (if any) and stores it at "pSelector". As noted
- * above, by default, the MatchCallback is set to point to the default
- * implementation provided by libpkix, which understands how to process
- * ComCertSelParams objects. This is overridden if the MatchCallback pointed
- * to by "callback" is not NULL, in which case the parameters are specified
- * using the certSelectorContext.
- *
- * PARAMETERS:
- * "callback"
- * The MatchCallback function to be used.
- * "certSelectorContext"
- * Address of Object representing the CertSelector's context (if any).
- * "pSelector"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_Create(
- PKIX_CertSelector_MatchCallback callback,
- PKIX_PL_Object *certSelectorContext,
- PKIX_CertSelector **pSelector,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetMatchCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "selector's" Match callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "selector"
- * The CertSelector whose Match callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Match callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetMatchCallback(
- PKIX_CertSelector *selector,
- PKIX_CertSelector_MatchCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the CertSelector pointed to by "selector" and stores it at
- * "pCertSelectorContext".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose context is to be stored.
- * Must be non-NULL.
- * "pCertSelectorContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetCertSelectorContext(
- PKIX_CertSelector *selector,
- PKIX_PL_Object **pCertSelectorContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ComCertSelParams object that represent the
- * common parameters of the CertSelector pointed to by "selector" and stores
- * it at "pCommonCertSelectorParams". If there are no common parameters
- * stored with the CertSelector, this function stores NULL at
- * "pCommonCertSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose ComCertSelParams object is to be stored.
- * Must be non-NULL.
- * "pCommonCertSelectorParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams **pCommonCertSelectorParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
- * DESCRIPTION:
- *
- * Sets the common parameters for the CertSelector pointed to by "selector"
- * using the ComCertSelParams object pointed to by "commonCertSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose common parameters are to be set.
- * Must be non-NULL.
- * "commonCertSelectorParams"
- * Address of ComCertSelParams object representing the common parameters.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "selector"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_SetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams *commonCertSelectorParams,
- void *plContext);
-
-/* PKIX_ComCertSelParams
- *
- * PKIX_ComCertSelParams objects are X.509 parameters commonly used with
- * CertSelectors, especially when enforcing constraints on a target
- * certificate or determining which certificates to retrieve from a CertStore.
- * ComCertSelParams objects are typically used with those CertSelectors that
- * use the default implementation of MatchCallback, which understands how to
- * process ComCertSelParams objects.
- */
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_Create
- * DESCRIPTION:
- *
- * Creates a new ComCertSelParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_Create(
- PKIX_ComCertSelParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (if any) representing the
- * subject alternative names criterion that is set in the ComCertSelParams
- * object pointed to by "params" and stores it at "pNames". In order to match
- * against this criterion, a certificate must contain all or at least one of
- * the criterion's subject alternative names (depending on the result of
- * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior
- * requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative names
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
- * DESCRIPTION:
- *
- * Sets the subject alternative names criterion of the ComCertSelParams object
- * pointed to by "params" using a List of GeneralNames pointed to by "names".
- * In order to match against this criterion, a certificate must contain all or
- * at least one of the criterion's subject alternative names (depending on the
- * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
- * behavior requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * If "names" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative
- * names criterion is to be set. Must be non-NULL.
- * "names"
- * Address of List of GeneralNames used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName
- * DESCRIPTION:
- *
- * Adds to the subject alternative names criterion of the ComCertSelParams
- * object pointed to by "params" using the GeneralName pointed to by "name".
- * In order to match against this criterion, a certificate must contain all
- * or at least one of the criterion's subject alternative names (depending on
- * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
- * behavior requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative names
- * criterion is to be added to. Must be non-NULL.
- * "name"
- * Address of GeneralName to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddSubjAltName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *name,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (if any) representing the
- * path to names criterion that is set in the ComCertSelParams object pointed
- * to by "params" and stores it at "pNames". In order to match against this
- * criterion, a certificate must not include name constraints that would
- * prohibit building a path to the criterion's specified names.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
- * DESCRIPTION:
- *
- * Sets the path to names criterion of the ComCertSelParams object pointed to
- * by "params" using a List of GeneralNames pointed to by "names". In order to
- * match against this criterion, a certificate must not include name
- * constraints that would prohibit building a path to the criterion's
- * specified names.
- *
- * If "names" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion
- * is to be set. Must be non-NULL.
- * "names"
- * Address of List of GeneralNames used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddPathToName
- * DESCRIPTION:
- *
- * Adds to the path to names criterion of the ComCertSelParams object pointed
- * to by "params" using the GeneralName pointed to by "pathToName". In order
- * to match against this criterion, a certificate must not include name
- * constraints that would prohibit building a path to the criterion's
- * specified names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion is to
- * be added to. Must be non-NULL.
- * "pathToName"
- * Address of GeneralName to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddPathToName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *pathToName,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the authority
- * key identifier criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pAuthKeyId". In order to match
- * against this criterion, a certificate must contain an
- * AuthorityKeyIdentifier extension whose value matches the criterion's
- * authority key identifier value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pAuthKeyId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose authority key identifier
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pAuthKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Sets the authority key identifier criterion of the ComCertSelParams object
- * pointed to by "params" to the ByteArray pointed to by "authKeyId". In
- * order to match against this criterion, a certificate must contain an
- * AuthorityKeyIdentifier extension whose value matches the criterion's
- * authority key identifier value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose authority key identifier
- * criterion is to be set. Must be non-NULL.
- * "authKeyId"
- * Address of ByteArray used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *authKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the subject key
- * identifier criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pSubjKeyId". In order to match against this
- * criterion, a certificate must contain a SubjectKeyIdentifier extension
- * whose value matches the criterion's subject key identifier value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubjKeyId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject key identifier
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pSubjKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
- * DESCRIPTION:
- *
- * Sets the subject key identifier criterion of the ComCertSelParams object
- * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In
- * order to match against this criterion, a certificate must contain an
- * SubjectKeyIdentifier extension whose value matches the criterion's subject
- * key identifier value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject key identifier
- * criterion is to be set. Must be non-NULL.
- * "subjKeyId"
- * Address of ByteArray used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the PublicKey (if any) representing the subject
- * public key criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pPubKey". In order to match against this
- * criterion, a certificate must contain a SubjectPublicKey that matches the
- * criterion's public key.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pPubKey", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pPubKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey **pPubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
- * DESCRIPTION:
- *
- * Sets the subject public key criterion of the ComCertSelParams object
- * pointed to by "params" using a PublicKey pointed to by "pubKey". In order
- * to match against this criterion, a certificate must contain a
- * SubjectPublicKey that matches the criterion's public key.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key
- * criterion is to be set. Must be non-NULL.
- * "pubKey"
- * Address of PublicKey used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
- * DESCRIPTION:
- *
- * Retrieves a pointer to the OID (if any) representing the subject public key
- * algorithm identifier criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pPubKey". In order to match
- * against this criterion, a certificate must contain a SubjectPublicKey with
- * an algorithm that matches the criterion's algorithm.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pAlgId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key algorithm
- * identifier (if any) is to be stored. Must be non-NULL.
- * "pAlgId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID **pAlgId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
- * DESCRIPTION:
- *
- * Sets the subject public key algorithm identifier criterion of the
- * ComCertSelParams object pointed to by "params" using an OID pointed to by
- * "algId". In order to match against this criterion, a certificate must
- * contain a SubjectPublicKey with an algorithm that matches the criterion's
- * algorithm.
- *
- * If "algId" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key
- * algorithm identifier criterion is to be set. Must be non-NULL.
- * "algId"
- * Address of OID used to set criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID *algId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the minimum path length (if any) representing the
- * basic constraints criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pMinPathLength". In order to
- * match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * The semantics of other values of the criterion's minimum path length are
- * undefined but may be defined in future versions of the API.
- *
- * If "params" does not have this criterion set, this function stores -1 at
- * "pMinPathLength", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose basic constraints criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pMinPathLength"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 *pMinPathLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
- * DESCRIPTION:
- *
- * Sets the basic constraints criterion of the ComCertSelParams object
- * pointed to by "params" using the integer value of "minPathLength". In
- * order to match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * The semantics of other values of the criterion's minimum path length are
- * undefined but may be defined in future versions of the API.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose basic constraints
- * criterion is to be set. Must be non-NULL.
- * "minPathLength"
- * Value of PKIX_Int32 used to set the criterion
- * (or -1 to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 minPathLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificate
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert (if any) representing the certificate
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pCert". In order to match against this
- * criterion, a certificate must be equal to the criterion's certificate. If
- * this criterion is specified, it is usually not necessary to specify any
- * other criteria, since this criterion requires an exact certificate match.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pCert", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificate
- * DESCRIPTION:
- *
- * Sets the certificate criterion of the ComCertSelParams object pointed to by
- * "params" using a Cert pointed to by "cert". In order to match against this
- * criterion, a certificate must be equal to the criterion's certificate.
- * If this criterion is specified, it is usually not necessary to specify
- * any other criteria, since this criterion requires an exact certificate
- * match.
- *
- * If "cert" is NULL, all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate criterion is to be
- * set. Must be non-NULL.
- * "cert"
- * Address of Cert used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) representing the certificate
- * validity criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pDate". In order to match against this
- * criterion, a certificate's validity period must include the criterion's
- * Date.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pDate", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate validity criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
- * DESCRIPTION:
- *
- * Sets the certificate validity criterion of the ComCertSelParams object
- * pointed to by "params" using a Date pointed to by "date". In order to
- * match against this criterion, a certificate's validity period must include
- * the criterion's Date.
- *
- * If "date" is NULL, all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate validity criterion
- * is to be set. Must be non-NULL.
- * "date"
- * Address of Date used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the serial number
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSerialNumber". In order to match against this
- * criterion, a certificate must have a serial number equal to the
- * criterion's serial number.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSerialNumber", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose serial number criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pSerialNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt **pSerialNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
- * DESCRIPTION:
- *
- * Sets the serial number criterion of the ComCertSelParams object pointed to
- * by "params" using a BigInt pointed to by "serialNumber". In order to match
- * against this criterion, a certificate must have a serial number equal to
- * the criterion's serial number.
- *
- * If "serialNumber" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose serial number criterion is to
- * be set. Must be non-NULL.
- * "serialNumber"
- * Address of BigInt used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt *serialNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetVersion
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is
- * set in the ComCertSelParams object pointed to by "params" and stores it at
- * "pVersion". In order to match against this criterion, a certificate's
- * version must be equal to the criterion's version.
- *
- * The version number will either be 0, 1, or 2 (corresponding to
- * v1, v2, or v3, respectively).
- *
- * If "params" does not have this criterion set, this function stores
- * 0xFFFFFFFF at "pVersion", in which case all certificates are considered
- * to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose version criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pVersion"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pVersion,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetVersion
- * DESCRIPTION:
- *
- * Sets the version criterion of the ComCertSelParams object pointed to by
- * "params" using the integer value of "version". In order to match against
- * this criterion, a certificate's version must be equal to the criterion's
- * version. If the criterion's version is -1, no version check is done and
- * all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose version criterion is to be
- * set. Must be non-NULL.
- * "version"
- * Value of PKIX_Int32 used to set the criterion
- * (or -1 to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 version,
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that
- * is set in the ComCertSelParams object pointed to by "params" and stores it
- * at "pKeyUsage". In order to match against this criterion, a certificate
- * must allow the criterion's key usage values. Note that a certificate that
- * has no KeyUsage extension implicity allows all key usages. Note also that
- * this functions supports a maximum of 32 key usage bits.
- *
- * If "params" does not have this criterion set, this function stores zero at
- * "pKeyUsage", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose key usage criterion (if any)
- * is to be stored. Must be non-NULL.
- * "pKeyUsage"
- * Address where PKIX_UInt32 will be stored. Must not be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pKeyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
- * DESCRIPTION:
- *
- * Sets the key usage criterion of the ComCertSelParams object pointed to by
- * "params" using the integer value of "keyUsage". In order to match against
- * this criterion, a certificate must allow the criterion's key usage values.
- * Note that a certificate that has no KeyUsage extension implicity allows
- * all key usages. Note also that this functions supports a maximum of 32 key
- * usage bits.
- *
- * If the criterion's key usage value is zero, no key usage check is done and
- * all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose key usage criterion is to be
- * set. Must be non-NULL.
- * "keyUsage"
- * Value of PKIX_Int32 used to set the criterion
- * (or zero to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 keyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) representing the extended
- * key usage criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pExtKeyUsage". In order to match against this
- * criterion, a certificate's ExtendedKeyUsage extension must allow the
- * criterion's extended key usages. Note that a certificate that has no
- * ExtendedKeyUsage extension implicity allows all key purposes.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pExtKeyUsage", in which case all certificates are considered to match
- * this criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose extended key usage criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pExtKeyUsage"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Sets the extended key usage criterion of the ComCertSelParams object
- * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage".
- * In order to match against this criterion, a certificate's ExtendedKeyUsage
- * extension must allow the criterion's extended key usages. Note that a
- * certificate that has no ExtendedKeyUsage extension implicitly allows all
- * key purposes.
- *
- * If "extKeyUsage" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose extended key usage criterion
- * is to be set. Must be non-NULL.
- * "extKeyUsage"
- * Address of List of OIDs used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) representing the policy
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pPolicy". In order to match against this
- * criterion, a certificate's CertificatePolicies extension must include at
- * least one of the criterion's policies. If "params" has this criterion set,
- * but the List of OIDs is empty, then a certificate's CertificatePolicies
- * extension must include at least some policy.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pPolicy", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose policy criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List **pPolicy, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPolicy
- * DESCRIPTION:
- *
- * Sets the policy criterion of the ComCertSelParams object pointed to by
- * "params" using a List of OIDs pointed to by "policy". In order to match
- * against this criterion, a certificate's CertificatePolicies extension must
- * include at least one of the criterion's policies. If "params" has this
- * criterion set, but the List of OIDs is empty, then a certificate's
- * CertificatePolicies extension must include at least some policy.
- *
- * If "policy" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose policy criterion is to be set.
- * Must be non-NULL.
- * "policy"
- * Address of List of OIDs used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List *policy, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the issuer
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pIssuer". In order to match against this
- * criterion, a certificate's IssuerName must match the criterion's issuer
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pIssuer", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose issuer criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetIssuer
- * DESCRIPTION:
- *
- * Sets the issuer criterion of the ComCertSelParams object pointed to by
- * "params" using an X500Name pointed to by "issuer". In order to match
- * against this criterion, a certificate's IssuerName must match the
- * criterion's issuer name.
- *
- * If "issuer" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose issuer criterion is to be set.
- * Must be non-NULL.
- * "issuer"
- * Address of X500Name used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *issuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubject
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the subject
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSubject". In order to match against this
- * criterion, a certificate's SubjectName must match the criterion's subject
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubject", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubject
- * DESCRIPTION:
- *
- * Sets the subject criterion of the ComCertSelParams object pointed to by
- * "params" using an X500Name pointed to by "subject". In order to match
- * against this criterion, a certificate's SubjectName must match the
- * criterion's subject name.
- *
- * If "subject" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion is to be
- * set. Must be non-NULL.
- * "subject"
- * Address of X500Name used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *subject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the subject
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSubject". In order to match against this
- * criterion, a certificate's SubjectName must match the criterion's subject
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubject", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjectAsByteArray(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray
- * DESCRIPTION:
- *
- * Sets the subject criterion of the ComCertSelParams object pointed to by
- * "params" using a ByteArray pointed to by "subject". In order to match
- * against this criterion, a certificate's SubjectName must match the
- * criterion's subject name.
- *
- * If "subject" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion is to be
- * set. Must be non-NULL.
- * "subject"
- * Address of ByteArray used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjectAsByteArray(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the name
- * constraints criterion that is set in the ComCertSelParams object pointed
- * to by "params" and stores it at "pConstraints". In order to match against
- * this criterion, a certificate's subject and subject alternative names must
- * be allowed by the criterion's name constraints.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pConstraints", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose name constraints criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints **pConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
- * DESCRIPTION:
- *
- * Sets the name constraints criterion of the ComCertSelParams object pointed
- * to by "params" using the CertNameConstraints pointed to by "constraints".
- * In order to match against this criterion, a certificate's subject and
- * subject alternative names must be allowed by the criterion's name
- * constraints.
- *
- * If "constraints" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose name constraints criterion is
- * to be set. Must be non-NULL.
- * "constraints"
- * Address of CertNameConstraints used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints *constraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- * DESCRIPTION:
- *
- * Checks whether the ComCertSelParams object pointed to by "params" indicate
- * that all subject alternative names are to be matched and stores the Boolean
- * result at "pMatch". This Boolean value determines the behavior of the
- * subject alternative names criterion.
- *
- * In order to match against the subject alternative names criterion, if the
- * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of
- * the criterion's subject alternative names. If the Boolean value at
- * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the
- * criterion's subject alternative names. The default behavior is as if the
- * Boolean value at "pMatch" is PKIX_TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object used to determine whether all
- * subject alternative names must be matched. Must be non-NULL.
- * "pMatch"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pMatch,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- * DESCRIPTION:
- *
- * Sets the match flag of the ComCertSelParams object pointed to by "params"
- * using the Boolean value of "match". This Boolean value determines the
- * behavior of the subject alternative names criterion.
- *
- * In order to match against the subject alternative names criterion, if the
- * "match" is PKIX_TRUE, a certificate must contain all of the criterion's
- * subject alternative names. If the "match" is PKIX_FALSE, a certificate
- * must contain at least one of the criterion's subject alternative names.
- * The default behavior is as if "match" is PKIX_TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose match flag is to be set.
- * Must be non-NULL.
- * "match"
- * Boolean value used to set the match flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean match,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
- * DESCRIPTION:
- *
- * Return "leafCert" flag of the ComCertSelParams structure. If set to true,
- * the flag indicates that a selector should filter out all cert that are not
- * qualified to be a leaf cert according to the specified key/ekey usages.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object used to determine whether all
- * subject alternative names must be matched. Must be non-NULL.
- * "pLeafFlag"
- * Address of returned value.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error*
-PKIX_ComCertSelParams_GetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pLeafFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
- * DESCRIPTION:
- *
- * Sets a flag that if its value is true, indicates that the selector
- * should only pick certs that qualifies to be leaf for this cert path
- * validation.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose match flag is to be set.
- * Must be non-NULL.
- * "leafFlag"
- * Boolean value used to set the leaf flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean leafFlag,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTSEL_H */
« no previous file with comments | « nss/lib/libpkix/include/pkix.h ('k') | nss/lib/libpkix/include/pkix_certstore.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698