summaryrefslogtreecommitdiff
path: root/security/nss/lib/libpkix/include
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/libpkix/include')
-rwxr-xr-xsecurity/nss/lib/libpkix/include/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/include/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/include/manifest.mn65
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix.h334
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_certsel.h1859
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_certstore.h746
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_checker.h427
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_crlsel.h792
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_errorstrings.h1128
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_params.h1759
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_pl_pki.h2695
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_pl_system.h1578
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_results.h458
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_revchecker.h250
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_sample_modules.h451
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_util.h974
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkixt.h518
17 files changed, 0 insertions, 14163 deletions
diff --git a/security/nss/lib/libpkix/include/Makefile b/security/nss/lib/libpkix/include/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/include/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/include/config.mk b/security/nss/lib/libpkix/include/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/include/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/include/manifest.mn b/security/nss/lib/libpkix/include/manifest.mn
deleted file mode 100755
index 57163667c..000000000
--- a/security/nss/lib/libpkix/include/manifest.mn
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix.h \
- pkix_crlsel.h \
- pkix_errorstrings.h \
- pkix_results.h \
- pkixt.h \
- pkix_certsel.h \
- pkix_params.h \
- pkix_revchecker.h \
- pkix_certstore.h \
- pkix_pl_pki.h \
- pkix_sample_modules.h \
- pkix_checker.h \
- pkix_pl_system.h \
- pkix_util.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- $(NULL)
-
-REQUIRES = dbm
diff --git a/security/nss/lib/libpkix/include/pkix.h b/security/nss/lib/libpkix/include/pkix.h
deleted file mode 100755
index 71acf2886..000000000
--- a/security/nss/lib/libpkix/include/pkix.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines the public API for libpkix. These are the top-level
- * functions in the library. They perform the primary operations of this
- * library: building and validating chains of X.509 certificates.
- *
- */
-
-#ifndef _PKIX_H
-#define _PKIX_H
-
-#include "pkixt.h"
-#include "pkix_util.h"
-#include "pkix_results.h"
-#include "pkix_certstore.h"
-#include "pkix_certsel.h"
-#include "pkix_crlsel.h"
-#include "pkix_checker.h"
-#include "pkix_revchecker.h"
-#include "pkix_pl_system.h"
-#include "pkix_pl_pki.h"
-#include "pkix_params.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/*
- * FUNCTION: PKIX_Initialize
- * DESCRIPTION:
- *
- * No PKIX_* types and functions should be used before this function is called
- * and returns successfully. This function should only be called once. If it
- * is called more than once, the behavior is undefined.
- *
- * NSS applications are expected to call NSS_Init, and need not know that
- * NSS will call this function (with "platformInitNeeded" set to PKIX_FALSE).
- * PKIX applications are expected instead to call this function with
- * "platformInitNeeded" set to PKIX_TRUE.
- *
- * This function initializes data structures critical to the operation of
- * libpkix. It also ensures that the API version (major.minor) desired by the
- * caller (the "desiredMajorVersion", "minDesiredMinorVersion", and
- * "maxDesiredMinorVersion") is compatible with the API version supported by
- * the library. As such, the library must support the "desiredMajorVersion"
- * of the API and must support a minor version that falls between
- * "minDesiredMinorVersion" and "maxDesiredMinorVersion", inclusive. If
- * compatibility exists, the function returns NULL and stores the library's
- * actual minor version at "pActualMinorVersion" (which may be greater than
- * "desiredMinorVersion"). If no compatibility exists, the function returns a
- * PKIX_Error pointer. If the caller wishes to specify that the largest
- * minor version available should be used, then maxDesiredMinorVersion should
- * be set to the macro PKIX_MAX_MINOR_VERSION (defined in pkixt.h).
- *
- * PARAMETERS:
- * "platformInitNeeded"
- * Boolean indicating whether the platform layer initialization code
- * has previously been run, or should be called from this function.
- * "desiredMajorVersion"
- * The major version of the libpkix API the application wishes to use.
- * "minDesiredMinorVersion"
- * The minimum minor version of the libpkix API the application wishes
- * to use.
- * "maxDesiredMinorVersion"
- * The maximum minor version of the libpkix API the application wishes
- * to use.
- * "pActualMinorVersion"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "pPlContext"
- * Address at which platform-specific context pointer is stored. Must
- * be non-NULL.
- * THREAD SAFETY:
- * Not Thread Safe
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Initialize Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Initialize(
- PKIX_Boolean platformInitNeeded,
- PKIX_UInt32 desiredMajorVersion,
- PKIX_UInt32 minDesiredMinorVersion,
- PKIX_UInt32 maxDesiredMinorVersion,
- PKIX_UInt32 *pActualMinorVersion,
- void **pPlContext);
-
-/*
- * FUNCTION: PKIX_Shutdown
- * DESCRIPTION:
- *
- * This function deallocates any memory used by libpkix and shuts down any
- * ongoing operations. This function should only be called once. If it is
- * called more than once, the behavior is undefined.
- *
- * No PKIX_* types and functions should be used after this function is called
- * and returns successfully.
- * PARAMETERS:
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Shutdown(void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateChain
- * DESCRIPTION:
- *
- * This function attempts to validate the CertChain that has been set in the
- * ValidateParams pointed to by "params" using an RFC 3280-compliant
- * algorithm. If successful, this function returns NULL and stores the
- * ValidateResult at "pResult", which holds additional information, such as
- * the policy tree and the target's public key. If unsuccessful, an Error is
- * returned. Note: This function does not currently support non-blocking I/O.
- *
- * If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
- * tracks the results of the validation. That is, either each node in the
- * chain has a NULL Error component, or the last node contains an Error
- * which indicates why the validation failed.
- *
- * PARAMETERS:
- * "params"
- * Address of ValidateParams used to validate CertChain. Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (See Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateChain(
- PKIX_ValidateParams *params,
- PKIX_ValidateResult **pResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateChain_NB
- * DESCRIPTION:
- *
- * This function is the equivalent of PKIX_ValidateChain, except that it
- * supports non-blocking I/O. When called with "pNBIOContext" pointing to NULL
- * it initiates a new chain validation as in PKIX_ValidateChain, ignoring the
- * value in all input variables except "params". If forced to suspend
- * processing by a WOULDBLOCK return from some operation, such as a CertStore
- * request, it stores the platform-dependent I/O context at "pNBIOContext" and
- * stores other intermediate variables at "pCertIndex", "pAnchorIndex",
- * "pCheckerIndex", "pRevChecking", and "pCheckers".
- *
- * When called subsequently with that non-NULL value at "pNBIOContext", it
- * relies on those intermediate values to be untouched, and it resumes chain
- * validation where it left off. Its behavior is undefined if any of the
- * intermediate values was not preserved.
- *
- * PARAMETERS:
- * "params"
- * Address of ValidateParams used to validate CertChain. Must be non-NULL.
- * "pCertIndex"
- * The UInt32 value of the index to the Cert chain, indicating which Cert
- * is currently being processed.
- * "pAnchorIndex"
- * The UInt32 value of the index to the Anchor chain, indicating which
- * Trust Anchor is currently being processed.
- * "pCheckerIndex"
- * The UInt32 value of the index to the List of CertChainCheckers,
- * indicating which Checker is currently processing.
- * "pRevChecking"
- * The Boolean flag indicating whether normal checking or revocation
- * checking is occurring for the Cert indicated by "pCertIndex".
- * "pCheckers"
- * The address of the List of CertChainCheckers. Must be non-NULL.
- * "pNBIOContext"
- * The address of the platform-dependend I/O context. Must be a non-NULL
- * pointer to a NULL value for the call to initiate chain validation.
- * "pResult"
- * Address where ValidateResult object pointer will be stored. Must be
- * non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a VALIDATE Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */PKIX_Error *
-PKIX_ValidateChain_NB(
- PKIX_ValidateParams *params,
- PKIX_UInt32 *pCertIndex,
- PKIX_UInt32 *pAnchorIndex,
- PKIX_UInt32 *pCheckerIndex,
- PKIX_Boolean *pRevChecking,
- PKIX_List **pCheckers,
- void **pNBIOContext,
- PKIX_ValidateResult **pResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_BuildChain
- * DESCRIPTION:
- *
- * If called with a NULL "state", this function attempts to build and validate
- * a CertChain according to the ProcessingParams pointed to by "params", using
- * an RFC 3280-compliant validation algorithm. If successful, this function
- * returns NULL and stores the BuildResult at "pResult", which holds the built
- * CertChain, as well as additional information, such as the policy tree and
- * the target's public key. If unsuccessful, an Error is returned.
- *
- * If the chain building is blocked by a CertStore using non-blocking I/O, this
- * function stores platform-dependent non-blocking I/O context at
- * "pNBIOContext", its state at "pState", and NULL at "pResult". The caller
- * may be able to determine, in a platform-dependent way, when the I/O has
- * completed. In any case, calling the function again with "pState" containing
- * the returned value will allow the chain building to resume.
- *
- * If chain building is completed, either successfully or unsuccessfully, NULL
- * is stored at "pNBIOContext".
- *
- * If "pVerifyTree" is non-NULL, a tree of VerifyNodes is created which
- * tracks the results of the building. That is, each node of the tree either
- * has a NULL Error component, or it is a leaf node and it contains an Error
- * which indicates why the chain building could not proceed on this branch.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to build and validate CertChain.
- * Must be non-NULL.
- * "pNBIOContext"
- * Address where platform-dependent information is store if the build
- * is suspended waiting for non-blocking I/O. Must be non-NULL.
- * "pState"
- * Address of BuildChain state. Must be NULL on initial call, and the
- * value previously returned on subsequent calls.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (See Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_BuildChain(
- PKIX_ProcessingParams *params,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pResult,
- PKIX_VerifyNode **pVerifyNode,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_H */
diff --git a/security/nss/lib/libpkix/include/pkix_certsel.h b/security/nss/lib/libpkix/include/pkix_certsel.h
deleted file mode 100755
index e4f886240..000000000
--- a/security/nss/lib/libpkix/include/pkix_certsel.h
+++ /dev/null
@@ -1,1859 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CertSelector and the
- * PKIX_ComCertSelParams types.
- *
- */
-
-#ifndef _PKIX_CERTSEL_H
-#define _PKIX_CERTSEL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertSelector
- *
- * PKIX_CertSelectors provide a standard way for the caller to select
- * certificates based on particular criteria. A CertSelector is typically used
- * by the caller to specify the constraints they wish to impose on the target
- * certificate in a chain. (see pkix_params.h) A CertSelector is also often
- * used to retrieve certificates from a CertStore that match the selector's
- * criteria. (See pkix_certstore.h) For example, the caller may wish to only
- * select those certificates that have a particular Subject Distinguished Name
- * and a particular value for a private certificate extension. The
- * MatchCallback allows the caller to specify the custom matching logic to be
- * used by a CertSelector.
- *
- * By default, the MatchCallback is set to point to the default implementation
- * provided by libpkix, which understands how to process the most common
- * parameters. If the default implementation is used, the caller should set
- * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams.
- * Any common parameter that is not set is assumed to be disabled, which means
- * the default MatchCallback implementation will select all certificates
- * without regard to that particular disabled parameter. For example, if the
- * SerialNumber parameter is not set, MatchCallback will not filter out any
- * certificate based on its serial number. As such, if no parameters are set,
- * all are disabled and any certificate will match. If a parameter is
- * disabled, its associated PKIX_ComCertSelParams_Get* function returns a
- * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints
- * and PKIX_ComCertSelParams_GetVersion, or 0 for
- * PKIX_ComCertSelParams_GetKeyUsage.
- *
- * If a custom implementation is desired, the default implementation can be
- * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the
- * CertSelector can be initialized with a certSelectorContext, which is where
- * the caller can specify the desired parameters the caller wishes to match
- * against. Note that this certSelectorContext must be an Object (although any
- * object type), allowing it to be reference-counted and allowing it to
- * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
- * Duplicate).
- *
- */
-
-/*
- * FUNCTION: PKIX_CertSelector_MatchCallback
- * DESCRIPTION:
- *
- * This callback function determines whether the specified Cert pointed to by
- * "cert" matches the criteria of the CertSelector pointed to by "selector".
- * If the Cert does not matches the CertSelector's criteria, an exception will
- * be thrown.
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose MatchCallback logic and parameters are
- * to be used. Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched using "selector".
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertSelector_MatchCallback)(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_Create
- * DESCRIPTION:
- *
- * Creates a new CertSelector using the Object pointed to by
- * "certSelectorContext" (if any) and stores it at "pSelector". As noted
- * above, by default, the MatchCallback is set to point to the default
- * implementation provided by libpkix, which understands how to process
- * ComCertSelParams objects. This is overridden if the MatchCallback pointed
- * to by "callback" is not NULL, in which case the parameters are specified
- * using the certSelectorContext.
- *
- * PARAMETERS:
- * "callback"
- * The MatchCallback function to be used.
- * "certSelectorContext"
- * Address of Object representing the CertSelector's context (if any).
- * "pSelector"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_Create(
- PKIX_CertSelector_MatchCallback callback,
- PKIX_PL_Object *certSelectorContext,
- PKIX_CertSelector **pSelector,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetMatchCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "selector's" Match callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "selector"
- * The CertSelector whose Match callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Match callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetMatchCallback(
- PKIX_CertSelector *selector,
- PKIX_CertSelector_MatchCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the CertSelector pointed to by "selector" and stores it at
- * "pCertSelectorContext".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose context is to be stored.
- * Must be non-NULL.
- * "pCertSelectorContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetCertSelectorContext(
- PKIX_CertSelector *selector,
- PKIX_PL_Object **pCertSelectorContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ComCertSelParams object that represent the
- * common parameters of the CertSelector pointed to by "selector" and stores
- * it at "pCommonCertSelectorParams". If there are no common parameters
- * stored with the CertSelector, this function stores NULL at
- * "pCommonCertSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose ComCertSelParams object is to be stored.
- * Must be non-NULL.
- * "pCommonCertSelectorParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams **pCommonCertSelectorParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
- * DESCRIPTION:
- *
- * Sets the common parameters for the CertSelector pointed to by "selector"
- * using the ComCertSelParams object pointed to by "commonCertSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose common parameters are to be set.
- * Must be non-NULL.
- * "commonCertSelectorParams"
- * Address of ComCertSelParams object representing the common parameters.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "selector"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_SetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams *commonCertSelectorParams,
- void *plContext);
-
-/* PKIX_ComCertSelParams
- *
- * PKIX_ComCertSelParams objects are X.509 parameters commonly used with
- * CertSelectors, especially when enforcing constraints on a target
- * certificate or determining which certificates to retrieve from a CertStore.
- * ComCertSelParams objects are typically used with those CertSelectors that
- * use the default implementation of MatchCallback, which understands how to
- * process ComCertSelParams objects.
- */
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_Create
- * DESCRIPTION:
- *
- * Creates a new ComCertSelParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_Create(
- PKIX_ComCertSelParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (if any) representing the
- * subject alternative names criterion that is set in the ComCertSelParams
- * object pointed to by "params" and stores it at "pNames". In order to match
- * against this criterion, a certificate must contain all or at least one of
- * the criterion's subject alternative names (depending on the result of
- * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior
- * requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative names
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
- * DESCRIPTION:
- *
- * Sets the subject alternative names criterion of the ComCertSelParams object
- * pointed to by "params" using a List of GeneralNames pointed to by "names".
- * In order to match against this criterion, a certificate must contain all or
- * at least one of the criterion's subject alternative names (depending on the
- * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
- * behavior requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * If "names" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative
- * names criterion is to be set. Must be non-NULL.
- * "names"
- * Address of List of GeneralNames used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName
- * DESCRIPTION:
- *
- * Adds to the subject alternative names criterion of the ComCertSelParams
- * object pointed to by "params" using the GeneralName pointed to by "name".
- * In order to match against this criterion, a certificate must contain all
- * or at least one of the criterion's subject alternative names (depending on
- * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
- * behavior requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative names
- * criterion is to be added to. Must be non-NULL.
- * "name"
- * Address of GeneralName to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddSubjAltName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *name,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (if any) representing the
- * path to names criterion that is set in the ComCertSelParams object pointed
- * to by "params" and stores it at "pNames". In order to match against this
- * criterion, a certificate must not include name constraints that would
- * prohibit building a path to the criterion's specified names.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
- * DESCRIPTION:
- *
- * Sets the path to names criterion of the ComCertSelParams object pointed to
- * by "params" using a List of GeneralNames pointed to by "names". In order to
- * match against this criterion, a certificate must not include name
- * constraints that would prohibit building a path to the criterion's
- * specified names.
- *
- * If "names" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion
- * is to be set. Must be non-NULL.
- * "names"
- * Address of List of GeneralNames used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddPathToName
- * DESCRIPTION:
- *
- * Adds to the path to names criterion of the ComCertSelParams object pointed
- * to by "params" using the GeneralName pointed to by "pathToName". In order
- * to match against this criterion, a certificate must not include name
- * constraints that would prohibit building a path to the criterion's
- * specified names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion is to
- * be added to. Must be non-NULL.
- * "pathToName"
- * Address of GeneralName to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddPathToName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *pathToName,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the authority
- * key identifier criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pAuthKeyId". In order to match
- * against this criterion, a certificate must contain an
- * AuthorityKeyIdentifier extension whose value matches the criterion's
- * authority key identifier value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pAuthKeyId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose authority key identifier
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pAuthKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Sets the authority key identifier criterion of the ComCertSelParams object
- * pointed to by "params" to the ByteArray pointed to by "authKeyId". In
- * order to match against this criterion, a certificate must contain an
- * AuthorityKeyIdentifier extension whose value matches the criterion's
- * authority key identifier value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose authority key identifier
- * criterion is to be set. Must be non-NULL.
- * "authKeyId"
- * Address of ByteArray used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *authKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the subject key
- * identifier criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pSubjKeyId". In order to match against this
- * criterion, a certificate must contain a SubjectKeyIdentifier extension
- * whose value matches the criterion's subject key identifier value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubjKeyId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject key identifier
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pSubjKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
- * DESCRIPTION:
- *
- * Sets the subject key identifier criterion of the ComCertSelParams object
- * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In
- * order to match against this criterion, a certificate must contain an
- * SubjectKeyIdentifier extension whose value matches the criterion's subject
- * key identifier value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject key identifier
- * criterion is to be set. Must be non-NULL.
- * "subjKeyId"
- * Address of ByteArray used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the PublicKey (if any) representing the subject
- * public key criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pPubKey". In order to match against this
- * criterion, a certificate must contain a SubjectPublicKey that matches the
- * criterion's public key.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pPubKey", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pPubKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey **pPubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
- * DESCRIPTION:
- *
- * Sets the subject public key criterion of the ComCertSelParams object
- * pointed to by "params" using a PublicKey pointed to by "pubKey". In order
- * to match against this criterion, a certificate must contain a
- * SubjectPublicKey that matches the criterion's public key.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key
- * criterion is to be set. Must be non-NULL.
- * "pubKey"
- * Address of PublicKey used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
- * DESCRIPTION:
- *
- * Retrieves a pointer to the OID (if any) representing the subject public key
- * algorithm identifier criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pPubKey". In order to match
- * against this criterion, a certificate must contain a SubjectPublicKey with
- * an algorithm that matches the criterion's algorithm.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pAlgId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key algorithm
- * identifier (if any) is to be stored. Must be non-NULL.
- * "pAlgId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID **pAlgId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
- * DESCRIPTION:
- *
- * Sets the subject public key algorithm identifier criterion of the
- * ComCertSelParams object pointed to by "params" using an OID pointed to by
- * "algId". In order to match against this criterion, a certificate must
- * contain a SubjectPublicKey with an algorithm that matches the criterion's
- * algorithm.
- *
- * If "algId" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key
- * algorithm identifier criterion is to be set. Must be non-NULL.
- * "algId"
- * Address of OID used to set criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID *algId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the minimum path length (if any) representing the
- * basic constraints criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pMinPathLength". In order to
- * match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * The semantics of other values of the criterion's minimum path length are
- * undefined but may be defined in future versions of the API.
- *
- * If "params" does not have this criterion set, this function stores -1 at
- * "pMinPathLength", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose basic constraints criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pMinPathLength"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 *pMinPathLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
- * DESCRIPTION:
- *
- * Sets the basic constraints criterion of the ComCertSelParams object
- * pointed to by "params" using the integer value of "minPathLength". In
- * order to match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * The semantics of other values of the criterion's minimum path length are
- * undefined but may be defined in future versions of the API.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose basic constraints
- * criterion is to be set. Must be non-NULL.
- * "minPathLength"
- * Value of PKIX_Int32 used to set the criterion
- * (or -1 to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 minPathLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificate
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert (if any) representing the certificate
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pCert". In order to match against this
- * criterion, a certificate must be equal to the criterion's certificate. If
- * this criterion is specified, it is usually not necessary to specify any
- * other criteria, since this criterion requires an exact certificate match.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pCert", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificate
- * DESCRIPTION:
- *
- * Sets the certificate criterion of the ComCertSelParams object pointed to by
- * "params" using a Cert pointed to by "cert". In order to match against this
- * criterion, a certificate must be equal to the criterion's certificate.
- * If this criterion is specified, it is usually not necessary to specify
- * any other criteria, since this criterion requires an exact certificate
- * match.
- *
- * If "cert" is NULL, all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate criterion is to be
- * set. Must be non-NULL.
- * "cert"
- * Address of Cert used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) representing the certificate
- * validity criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pDate". In order to match against this
- * criterion, a certificate's validity period must include the criterion's
- * Date.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pDate", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate validity criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
- * DESCRIPTION:
- *
- * Sets the certificate validity criterion of the ComCertSelParams object
- * pointed to by "params" using a Date pointed to by "date". In order to
- * match against this criterion, a certificate's validity period must include
- * the criterion's Date.
- *
- * If "date" is NULL, all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate validity criterion
- * is to be set. Must be non-NULL.
- * "date"
- * Address of Date used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the serial number
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSerialNumber". In order to match against this
- * criterion, a certificate must have a serial number equal to the
- * criterion's serial number.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSerialNumber", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose serial number criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pSerialNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt **pSerialNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
- * DESCRIPTION:
- *
- * Sets the serial number criterion of the ComCertSelParams object pointed to
- * by "params" using a BigInt pointed to by "serialNumber". In order to match
- * against this criterion, a certificate must have a serial number equal to
- * the criterion's serial number.
- *
- * If "serialNumber" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose serial number criterion is to
- * be set. Must be non-NULL.
- * "serialNumber"
- * Address of BigInt used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt *serialNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetVersion
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is
- * set in the ComCertSelParams object pointed to by "params" and stores it at
- * "pVersion". In order to match against this criterion, a certificate's
- * version must be equal to the criterion's version.
- *
- * The version number will either be 0, 1, or 2 (corresponding to
- * v1, v2, or v3, respectively).
- *
- * If "params" does not have this criterion set, this function stores
- * 0xFFFFFFFF at "pVersion", in which case all certificates are considered
- * to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose version criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pVersion"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pVersion,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetVersion
- * DESCRIPTION:
- *
- * Sets the version criterion of the ComCertSelParams object pointed to by
- * "params" using the integer value of "version". In order to match against
- * this criterion, a certificate's version must be equal to the criterion's
- * version. If the criterion's version is -1, no version check is done and
- * all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose version criterion is to be
- * set. Must be non-NULL.
- * "version"
- * Value of PKIX_Int32 used to set the criterion
- * (or -1 to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 version,
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that
- * is set in the ComCertSelParams object pointed to by "params" and stores it
- * at "pKeyUsage". In order to match against this criterion, a certificate
- * must allow the criterion's key usage values. Note that a certificate that
- * has no KeyUsage extension implicity allows all key usages. Note also that
- * this functions supports a maximum of 32 key usage bits.
- *
- * If "params" does not have this criterion set, this function stores zero at
- * "pKeyUsage", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose key usage criterion (if any)
- * is to be stored. Must be non-NULL.
- * "pKeyUsage"
- * Address where PKIX_UInt32 will be stored. Must not be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pKeyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
- * DESCRIPTION:
- *
- * Sets the key usage criterion of the ComCertSelParams object pointed to by
- * "params" using the integer value of "keyUsage". In order to match against
- * this criterion, a certificate must allow the criterion's key usage values.
- * Note that a certificate that has no KeyUsage extension implicity allows
- * all key usages. Note also that this functions supports a maximum of 32 key
- * usage bits.
- *
- * If the criterion's key usage value is zero, no key usage check is done and
- * all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose key usage criterion is to be
- * set. Must be non-NULL.
- * "keyUsage"
- * Value of PKIX_Int32 used to set the criterion
- * (or zero to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 keyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) representing the extended
- * key usage criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pExtKeyUsage". In order to match against this
- * criterion, a certificate's ExtendedKeyUsage extension must allow the
- * criterion's extended key usages. Note that a certificate that has no
- * ExtendedKeyUsage extension implicity allows all key purposes.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pExtKeyUsage", in which case all certificates are considered to match
- * this criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose extended key usage criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pExtKeyUsage"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Sets the extended key usage criterion of the ComCertSelParams object
- * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage".
- * In order to match against this criterion, a certificate's ExtendedKeyUsage
- * extension must allow the criterion's extended key usages. Note that a
- * certificate that has no ExtendedKeyUsage extension implicitly allows all
- * key purposes.
- *
- * If "extKeyUsage" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose extended key usage criterion
- * is to be set. Must be non-NULL.
- * "extKeyUsage"
- * Address of List of OIDs used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) representing the policy
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pPolicy". In order to match against this
- * criterion, a certificate's CertificatePolicies extension must include at
- * least one of the criterion's policies. If "params" has this criterion set,
- * but the List of OIDs is empty, then a certificate's CertificatePolicies
- * extension must include at least some policy.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pPolicy", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose policy criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List **pPolicy, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPolicy
- * DESCRIPTION:
- *
- * Sets the policy criterion of the ComCertSelParams object pointed to by
- * "params" using a List of OIDs pointed to by "policy". In order to match
- * against this criterion, a certificate's CertificatePolicies extension must
- * include at least one of the criterion's policies. If "params" has this
- * criterion set, but the List of OIDs is empty, then a certificate's
- * CertificatePolicies extension must include at least some policy.
- *
- * If "policy" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose policy criterion is to be set.
- * Must be non-NULL.
- * "policy"
- * Address of List of OIDs used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List *policy, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the issuer
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pIssuer". In order to match against this
- * criterion, a certificate's IssuerName must match the criterion's issuer
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pIssuer", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose issuer criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetIssuer
- * DESCRIPTION:
- *
- * Sets the issuer criterion of the ComCertSelParams object pointed to by
- * "params" using an X500Name pointed to by "issuer". In order to match
- * against this criterion, a certificate's IssuerName must match the
- * criterion's issuer name.
- *
- * If "issuer" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose issuer criterion is to be set.
- * Must be non-NULL.
- * "issuer"
- * Address of X500Name used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *issuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubject
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the subject
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSubject". In order to match against this
- * criterion, a certificate's SubjectName must match the criterion's subject
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubject", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubject
- * DESCRIPTION:
- *
- * Sets the subject criterion of the ComCertSelParams object pointed to by
- * "params" using an X500Name pointed to by "subject". In order to match
- * against this criterion, a certificate's SubjectName must match the
- * criterion's subject name.
- *
- * If "subject" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion is to be
- * set. Must be non-NULL.
- * "subject"
- * Address of X500Name used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *subject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the subject
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSubject". In order to match against this
- * criterion, a certificate's SubjectName must match the criterion's subject
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubject", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjectAsByteArray(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray
- * DESCRIPTION:
- *
- * Sets the subject criterion of the ComCertSelParams object pointed to by
- * "params" using a ByteArray pointed to by "subject". In order to match
- * against this criterion, a certificate's SubjectName must match the
- * criterion's subject name.
- *
- * If "subject" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion is to be
- * set. Must be non-NULL.
- * "subject"
- * Address of ByteArray used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjectAsByteArray(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the name
- * constraints criterion that is set in the ComCertSelParams object pointed
- * to by "params" and stores it at "pConstraints". In order to match against
- * this criterion, a certificate's subject and subject alternative names must
- * be allowed by the criterion's name constraints.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pConstraints", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose name constraints criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints **pConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
- * DESCRIPTION:
- *
- * Sets the name constraints criterion of the ComCertSelParams object pointed
- * to by "params" using the CertNameConstraints pointed to by "constraints".
- * In order to match against this criterion, a certificate's subject and
- * subject alternative names must be allowed by the criterion's name
- * constraints.
- *
- * If "constraints" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose name constraints criterion is
- * to be set. Must be non-NULL.
- * "constraints"
- * Address of CertNameConstraints used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints *constraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- * DESCRIPTION:
- *
- * Checks whether the ComCertSelParams object pointed to by "params" indicate
- * that all subject alternative names are to be matched and stores the Boolean
- * result at "pMatch". This Boolean value determines the behavior of the
- * subject alternative names criterion.
- *
- * In order to match against the subject alternative names criterion, if the
- * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of
- * the criterion's subject alternative names. If the Boolean value at
- * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the
- * criterion's subject alternative names. The default behavior is as if the
- * Boolean value at "pMatch" is PKIX_TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object used to determine whether all
- * subject alternative names must be matched. Must be non-NULL.
- * "pMatch"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pMatch,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- * DESCRIPTION:
- *
- * Sets the match flag of the ComCertSelParams object pointed to by "params"
- * using the Boolean value of "match". This Boolean value determines the
- * behavior of the subject alternative names criterion.
- *
- * In order to match against the subject alternative names criterion, if the
- * "match" is PKIX_TRUE, a certificate must contain all of the criterion's
- * subject alternative names. If the "match" is PKIX_FALSE, a certificate
- * must contain at least one of the criterion's subject alternative names.
- * The default behavior is as if "match" is PKIX_TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose match flag is to be set.
- * Must be non-NULL.
- * "match"
- * Boolean value used to set the match flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean match,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
- * DESCRIPTION:
- *
- * Return "leafCert" flag of the ComCertSelParams structure. If set to true,
- * the flag indicates that a selector should filter out all cert that are not
- * qualified to be a leaf cert according to the specified key/ekey usages.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object used to determine whether all
- * subject alternative names must be matched. Must be non-NULL.
- * "pLeafFlag"
- * Address of returned value.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error*
-PKIX_ComCertSelParams_GetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pLeafFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
- * DESCRIPTION:
- *
- * Sets a flag that if its value is true, indicates that the selector
- * should only pick certs that qualifies to be leaf for this cert path
- * validation.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose match flag is to be set.
- * Must be non-NULL.
- * "leafFlag"
- * Boolean value used to set the leaf flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean leafFlag,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTSEL_H */
diff --git a/security/nss/lib/libpkix/include/pkix_certstore.h b/security/nss/lib/libpkix/include/pkix_certstore.h
deleted file mode 100755
index f17845d7d..000000000
--- a/security/nss/lib/libpkix/include/pkix_certstore.h
+++ /dev/null
@@ -1,746 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CertStore type.
- *
- */
-
-#ifndef _PKIX_CERTSTORE_H
-#define _PKIX_CERTSTORE_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertStore
- *
- * A PKIX_CertStore provides a standard way for the caller to retrieve
- * certificates and CRLs from a particular repository (or "store") of
- * certificates and CRLs, including LDAP directories, flat files, local
- * databases, etc. The CertCallback allows custom certificate retrieval logic
- * to be used while the CRLCallback allows custom CRL retrieval logic to be
- * used. Additionally, a CertStore can be initialized with a certStoreContext,
- * which is where the caller can specify configuration data such as the host
- * name of an LDAP server. Note that this certStoreContext must be an
- * Object (although any object type), allowing it to be reference-counted and
- * allowing it to provide the standard Object functions (Equals, Hashcode,
- * ToString, Compare, Duplicate). Please note that each certStoreContext must
- * provide Equals and Hashcode functions in order for the caching (on Cert and
- * CertChain) to work correctly. When providing those two functions, it is not
- * required that all the components of the object be hashed or checked for
- * equality, but merely that the functions distinguish between unique
- * instances of the certStoreContext.
- *
- * Once the caller has created the CertStore object, the caller then specifies
- * these CertStore objects in a ProcessingParams object and passes that object
- * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the
- * user's callback functions as needed during the validation or building
- * process.
- *
- * The order of CertStores stored (as a list) at ProcessingParams determines
- * the order in which certificates are retrieved. Trusted CertStores should
- * precede non-trusted ones on the list of CertStores so their certificates
- * are evaluated ahead of other certificates selected on the basis of the same
- * selector criteria.
- *
- * The CheckTrustCallback function is used when the CertStore object
- * supports trust status, which means a Cert's trust status can be altered
- * dynamically. When a CertStore object is created, if the
- * CheckTrustCallback is initialized to be non-NULL, this CertStore is
- * defaulted as supporting trust. Then whenever a Cert needs to (re)check its
- * trust status, this callback can be invoked. When a Cert is retrieved by
- * a CertStore supports trust, at its GetCertCallback, the CertStore
- * information should be updated in Cert's data structure so the link between
- * the Cert and CertStore exists.
- *
- */
-
-/*
- * FUNCTION: PKIX_CertStore_CertCallback
- * DESCRIPTION:
- *
- * This callback function retrieves from the CertStore pointed to by "store"
- * all the certificates that match the CertSelector pointed to by "selector".
- * It places these certificates in a List and stores a pointer to the List at
- * "pCerts". If no certificates are found which match the CertSelector's
- * criteria, this function stores an empty List at "pCerts". In either case, if
- * the operation is completed, NULL is stored at "pNBIOContext".
- *
- * A CertStore which uses non-blocking I/O may store platform-dependent
- * information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is
- * pending. A subsequent call to PKIX_CertStore_CertContinue is required to
- * finish the operation and to obtain the List of Certs.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Certs are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CertSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "verifyNode"
- * Parent log node for tracking of filtered out certs.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored if the
- * operation is suspended for non-blocking I/O. Must be non-NULL.
- * "pCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CertCallback)(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CertContinue
- * DESCRIPTION:
- *
- * This function continues the non-blocking operation initiated by an earlier
- * call to the CertCallback function, for the CertStore pointed to by "store".
- * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
- * value returned in "pNBIOContext") calling this function will return a fatal
- * error. If the operation is completed the certificates found are placed in a
- * List, a pointer to which is stored at "pCerts". If no certificates are found
- * which match the CertSelector's criteria, this function stores an empty List
- * at "pCerts". In either case, if the operation is completed, NULL is stored
- * at "pNBIOContext".
- *
- * If non-blocking I/O is still pending this function stores platform-dependent
- * information at "pNBIOContext" and NULL at "pCerts". A subsequent call to
- * PKIX_CertStore_CertContinue is required to finish the operation and to
- * obtain the List of Certs.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Certs are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CertSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "verifyNode"
- * Parent log node for tracking of filtered out certs.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored if the
- * operation is suspended for non-blocking I/O. Must be non-NULL.
- * "pCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_CertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_CertStore_CertContinueFunction)(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CRLCallback
- * DESCRIPTION:
- *
- * This callback function retrieves from the CertStore pointed to by "store"
- * all the CRLs that match the CRLSelector pointed to by "selector". It
- * places these CRLs in a List and stores a pointer to the List at "pCRLs".
- * If no CRLs are found which match the CRLSelector's criteria, this function
- * stores an empty List at "pCRLs". In either case, if the operation is
- * completed, NULL is stored at "pNBIOContext".
- *
- * A CertStore which uses non-blocking I/O may store platform-dependent
- * information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is
- * pending. A subsequent call to PKIX_CertStore_CRLContinue is required to
- * finish the operation and to obtain the List of Crls.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which CRLs are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CRLSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "pCrls"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CRLCallback)(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_CRL */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_ImportCrlCallback
- * DESCRIPTION:
- *
- * The function imports crl list into a cert store. Stores that
- * have local cache may only have that function defined.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which CRLs are to be retrieved.
- * Must be non-NULL.
- * "issuerName"
- * Name of the issuer that will be used to track bad der crls.
- * "crlList"
- * Address on the importing crl list.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_ImportCrlCallback)(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *issuerName,
- PKIX_List *crlList,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback
- * DESCRIPTION:
- *
- * The function checks revocation status of a cert with specified
- * issuer, date. It returns revocation status of a cert and
- * a reason code(if any) if a cert was revoked.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which CRLs are to be retrieved.
- * Must be non-NULL.
- * "cert"
- * Certificate which revocation status will be checked.
- * "issuer"
- * Issuer certificate of the "crl".
- * "date"
- * Date of the revocation check.
- * "crlDownloadDone"
- * Indicates, that all needed crl downloads are done by the time of
- * the revocation check.
- * "reasonCode"
- * If cert is revoked, returned reason code for which a cert was revoked.
- * "revStatus"
- * Returned revocation status of the cert. See PKIX_RevocationStatus
- * for more details
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CheckRevokationByCrlCallback)(
- PKIX_CertStore *store,
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- PKIX_Boolean crlDownloadDone,
- PKIX_UInt32 *reasonCode,
- PKIX_RevocationStatus *revStatus,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CrlContinue
- * DESCRIPTION:
- *
- * This function continues the non-blocking operation initiated by an earlier
- * call to the CRLCallback function, for the CertStore pointed to by "store".
- * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
- * value returned in "pNBIOContext") calling this function will return a fatal
- * error. If the operation is completed the crls found are placed in a List, a
- * pointer to which is stored at "pCrls". If no crls are found which match the
- * CRLSelector's criteria, this function stores an empty List at "pCrls". In
- * either case, if the operation is completed, NULL is stored at "pNBIOContext".
- *
- * If non-blocking I/O is still pending this function stores platform-dependent
- * information at "pNBIOContext" and NULL at "pCrls". A subsequent call to
- * PKIX_CertStore_CrlContinue is required to finish the operation and to
- * obtain the List of Crls.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Crls are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CRLSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored if the
- * operation is suspended for non-blocking I/O. Must be non-NULL.
- * "pCrls"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_CrlContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_CRL */
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_CertStore_CrlContinueFunction)(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_CRL */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CheckTrustCallback
- * DESCRIPTION:
- *
- * This callback function rechecks "cert's" trust status from the CertStore
- * pointed to by "store".
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Certs are to be checked.
- * Must be non-NULL.
- * "cert"
- * Address of Cert whose trust status needs to be rechecked.
- * Must be non-NULL.
- * "pTrusted"
- * Address of PKIX_Boolean where the trust status is returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CheckTrustCallback)(
- PKIX_CertStore *store,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pTrusted,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_Create
- * DESCRIPTION:
- *
- * Creates a new CertStore and stores it at "pStore". The new CertStore uses
- * the CertCallback pointed to by "certCallback" and the CRLCallback pointed
- * to by "crlCallback" as its callback functions and uses the Object pointed
- * to by "certStoreContext" as its context . Note that this certStoreContext
- * must be an Object (although any object type), allowing it to be
- * reference-counted and allowing it to provide the standard Object functions
- * (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a
- * CertStore object is immutable, although the underlying repository can
- * change. For example, a CertStore will often be a front-end for a database
- * or directory. The contents of that directory can change after the
- * CertStore object is created, but the CertStore object remains immutable.
- *
- * PARAMETERS:
- * "certCallback"
- * The CertCallback function to be used. Must be non-NULL.
- * "crlCallback"
- * The CRLCallback function to be used. Must be non-NULL.
- * "certContinue"
- * The function to be used to resume a certCallback that returned with a
- * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
- * I/O.
- * "crlContinue"
- * The function to be used to resume a crlCallback that returned with a
- * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
- * I/O.
- * "trustCallback"
- * Address of PKIX_CertStore_CheckTrustCallback which is called to
- * verify the trust status of Certs in this CertStore.
- * "certStoreContext"
- * Address of Object representing the CertStore's context (if any).
- * "cachedFlag"
- * If TRUE indicates data retrieved from CertStore should be cached.
- * "localFlag"
- * Boolean value indicating whether this CertStore is local.
- * "pStore"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_Create(
- PKIX_CertStore_CertCallback certCallback,
- PKIX_CertStore_CRLCallback crlCallback,
- PKIX_CertStore_CertContinueFunction certContinue,
- PKIX_CertStore_CrlContinueFunction crlContinue,
- PKIX_CertStore_CheckTrustCallback trustCallback,
- PKIX_CertStore_ImportCrlCallback importCrlCallback,
- PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
- PKIX_PL_Object *certStoreContext,
- PKIX_Boolean cachedFlag,
- PKIX_Boolean localFlag,
- PKIX_CertStore **pStore,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" Cert callback function and put it in
- * "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose Cert callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Cert callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCertCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CertCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCRLCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" CRL callback function and put it in
- * "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CRL callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CRL callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCRLCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CRLCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetImportCrlCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" Import CRL callback function and put it in
- * "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CRL callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CRL callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetImportCrlCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_ImportCrlCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCheckRevByCrl
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" CRL revocation checker callback function
- * and put it in "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CRL callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CRL callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCrlCheckerFn(
- PKIX_CertStore *store,
- PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetTrustCallback
- * DESCRIPTION:
- *
- * Retrieves the function pointer to the CheckTrust callback function of the
- * CertStore pointed to by "store" and stores it at "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CheckTrust callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CheckTrust callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetTrustCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CheckTrustCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertStoreContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Object representing the context (if any)
- * of the CertStore pointed to by "store" and stores it at
- * "pCertStoreContext".
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore whose context is to be stored. Must be non-NULL.
- * "pCertStoreContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCertStoreContext(
- PKIX_CertStore *store,
- PKIX_PL_Object **pCertStoreContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
- * DESCRIPTION:
- *
- * Retrieves the Boolean cache flag of the CertStore pointed to by "store" and
- * stores it at "pCachedFlag".
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore whose cache flag is to be stored. Must be non-NULL.
- * "pCacheFlag"
- * Address where the result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCertStoreCacheFlag(
- PKIX_CertStore *store,
- PKIX_Boolean *pCacheFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetLocalFlag
- * DESCRIPTION:
- *
- * Retrieves the Boolean localFlag for the CertStore pointed to by "store" and
- * stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can
- * fulfill a request without performing network I/O.
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose Local flag is desired. Must be non-NULL.
- * "pCallback"
- * Address where the Boolean LocalFlag will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetLocalFlag(
- PKIX_CertStore *store,
- PKIX_Boolean *pLocalFlag,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTSTORE_H */
diff --git a/security/nss/lib/libpkix/include/pkix_checker.h b/security/nss/lib/libpkix/include/pkix_checker.h
deleted file mode 100755
index 236112e11..000000000
--- a/security/nss/lib/libpkix/include/pkix_checker.h
+++ /dev/null
@@ -1,427 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CertChainChecker type.
- *
- */
-
-#ifndef _PKIX_CHECKER_H
-#define _PKIX_CHECKER_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertChainChecker
- *
- * PKIX_CertChainCheckers provide a standard way for the caller to insert their
- * own custom checks to validate certificates. This may be useful in many
- * scenarios, including when the caller wishes to validate private certificate
- * extensions. The CheckCallback allows custom certificate processing to take
- * place. Additionally, a CertChainChecker can optionally maintain state
- * between successive calls to the CheckCallback. This certChainCheckerState
- * must be an Object (although any object type), allowing it to be
- * reference-counted and allowing it to provide the standard Object functions
- * (Equals, Hashcode, ToString, Compare, Duplicate). If the caller wishes
- * their CertChainChecker to be used during chain building, their
- * certChainCheckerState object must implement an appropriate Duplicate
- * function. The builder uses this Duplicate function when backtracking.
- *
- * Once the caller has created a CertChainChecker object, the caller then
- * specifies a CertChainChecker object in a ProcessingParams object
- * and passes the ProcessingParams object to PKIX_ValidateChain or
- * PKIX_BuildChain, which uses the objects to call the user's callback
- * functions as needed during the validation or building process.
- *
- * A CertChainChecker may be presented certificates in the "reverse" direction
- * (from trust anchor to target) or in the "forward" direction (from target to
- * trust anchor). All CertChainCheckers must support "reverse checking", while
- * support for "forward checking" is optional, but recommended. If "forward
- * checking" is not supported, building chains may be much less efficient. The
- * PKIX_CertChainChecker_IsForwardCheckingSupported function is used to
- * determine whether forward checking is supported, and the
- * PKIX_CertChainChecker_IsForwardDirectionExpected function is used to
- * determine whether the CertChainChecker has been initialized to expect the
- * certificates to be presented in the "forward" direction.
- */
-
-/*
- * FUNCTION: PKIX_CertChainChecker_CheckCallback
- * DESCRIPTION:
- *
- * This callback function checks whether the specified Cert pointed to by
- * "cert" is valid using "checker's" internal certChainCheckerState (if any)
- * and removes the critical extensions that it processes (if any) from the
- * List of OIDs (possibly empty) pointed to by "unresolvedCriticalExtensions".
- * If the checker finds that the certificate is not valid, an Error pointer is
- * returned.
- *
- * If the checker uses non-blocking I/O, the address of a platform-dependent
- * non-blocking I/O context ("nbioContext") will be stored at "pNBIOContext",
- * which the caller may use, in a platform-dependent way, to wait, poll, or
- * otherwise determine when to try again. If the checker does not use
- * non-blocking I/O, NULL will always be stored at "pNBIOContext". If a non-NULL
- * value was stored, on a subsequent call the checker will attempt to complete
- * the pending I/O and, if successful, NULL will be stored at "pNBIOContext".
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose certChainCheckerState and
- * CheckCallback logic is to be used. Must be non-NULL.
- * "cert"
- * Address of Cert that is to be validated using "checker".
- * Must be non-NULL.
- * "unresolvedCriticalExtensions"
- * Address of List of OIDs that represents the critical certificate
- * extensions that have yet to be resolved. This parameter may be
- * modified during the function call. Must be non-NULL.
- * "pNBIOContext"
- * Address at which is stored a platform-dependent structure indicating
- * whether checking was suspended for non-blocking I/O. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertChainChecker_CheckCallback)(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
- void **pNBIOContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_Create
- * DESCRIPTION:
- *
- * Creates a new CertChainChecker and stores it at "pChecker". The new
- * CertChainChecker uses the CheckCallback pointed to by "callback" as its
- * callback function. It uses the Object pointed to by "initialState" (if
- * any) as its initial state. As noted above, the initial state Object must
- * provide a custom implementation of PKIX_PL_Object_Duplicate if the
- * CertChainChecker is to be used during certificate chain building.
- *
- * A CertChainChecker may be presented certificates in the "reverse"
- * direction (from trust anchor to target) or in the "forward" direction
- * (from target to trust anchor). All CertChainCheckers must support
- * "reverse checking", while support for "forward checking" is optional. The
- * CertChainChecker is initialized with two Boolean flags that deal with this
- * distinction: "forwardCheckingSupported" and "forwardDirectionExpected".
- * If the "forwardCheckingSupported" Boolean flag is TRUE, it indicates that
- * this CertChainChecker is capable of checking certificates in the "forward"
- * direction (as well as the "reverse" direction, which all CertChainCheckers
- * MUST support). The "forwardDirectionExpected" Boolean flag indicates in
- * which direction the CertChainChecker should expect the certificates to be
- * presented. This is particularly useful for CertChainCheckers that are
- * capable of checking in either the "forward" direction or the "reverse"
- * direction, but have different processing steps depending on the direction.
- *
- * The CertChainChecker also uses the List of OIDs pointed to by "extensions"
- * as the supported certificate extensions. All certificate extensions that
- * the CertChainChecker might possibly recognize and be able to process
- * should be included in the List of supported extensions. If "checker" does
- * not recognize or process any certificate extensions, "extensions" should
- * be set to NULL.
- *
- * PARAMETERS:
- * "callback"
- * The CheckCallback function to be used. Must be non-NULL.
- * "forwardCheckingSupported"
- * A Boolean value indicating whether or not this CertChainChecker is
- * capable of checking certificates in the "forward" direction.
- * "forwardDirectionExpected"
- * A Boolean value indicating whether or not this CertChainChecker should
- * be used to check in the "forward" direction.
- * "extensions"
- * Address of List of OIDs representing the supported extensions.
- * "initialState"
- * Address of Object representing the CertChainChecker's initial state
- * (if any).
- * "pChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_Create(
- PKIX_CertChainChecker_CheckCallback callback,
- PKIX_Boolean forwardCheckingSupported,
- PKIX_Boolean forwardDirectionExpected,
- PKIX_List *extensions, /* list of PKIX_PL_OID */
- PKIX_PL_Object *initialState,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "checker's" Check callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "checker"
- * The CertChainChecker whose Check callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Check callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetCheckCallback(
- PKIX_CertChainChecker *checker,
- PKIX_CertChainChecker_CheckCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
- * DESCRIPTION:
- *
- * Checks whether forward checking is supported by the CertChainChecker
- * pointed to by "checker" and stores the Boolean result at
- * "pForwardCheckingSupported".
- *
- * A CertChainChecker may be presented certificates in the "reverse"
- * direction (from trust anchor to target) or in the "forward" direction
- * (from target to trust anchor). All CertChainCheckers must support
- * "reverse checking", while support for "forward checking" is optional. This
- * function is used to determine whether forward checking is supported.
- *
- * PARAMETERS:
- * "checker"
- * The CertChainChecker whose ability to validate certificates in the
- * "forward" direction is to be checked. Must be non-NULL.
- * "pForwardCheckingSupported"
- * Destination of the Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_IsForwardCheckingSupported(
- PKIX_CertChainChecker *checker,
- PKIX_Boolean *pForwardCheckingSupported,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
- * DESCRIPTION:
- *
- * Checks whether the CertChainChecker pointed to by "checker" has been
- * initialized to expect the certificates to be presented in the "forward"
- * direction and stores the Boolean result at "pForwardDirectionExpected".
- *
- * A CertChainChecker may be presented certificates in the "reverse"
- * direction (from trust anchor to target) or in the "forward" direction
- * (from target to trust anchor). All CertChainCheckers must support
- * "reverse checking", while support for "forward checking" is optional. This
- * function is used to determine in which direction the CertChainChecker
- * expects the certificates to be presented.
- *
- * PARAMETERS:
- * "checker"
- * The CertChainChecker that has been initialized to expect certificates
- * in either the "forward" or "reverse" directions. Must be non-NULL.
- * "pForwardDirectionExpected"
- * Destination of the Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_IsForwardDirectionExpected(
- PKIX_CertChainChecker *checker,
- PKIX_Boolean *pForwardDirectionExpected,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of OIDs (each OID corresponding to a
- * certificate extension supported by the CertChainChecker pointed to by
- * "checker") and stores it at "pExtensions". All certificate extensions that
- * the CertChainChecker might possibly recognize and be able to process
- * should be included in the List of supported extensions. If "checker" does
- * not recognize or process any certificate extensions, this function stores
- * NULL at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose supported extension OIDs are to be
- * stored. Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetSupportedExtensions(
- PKIX_CertChainChecker *checker,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the internal state
- * (if any) of the CertChainChecker pointed to by "checker" and stores it at
- * "pCertChainCheckerState".
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose state is to be stored.
- * Must be non-NULL.
- * "pCertChainCheckerState"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetCertChainCheckerState(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Object **pCertChainCheckerState,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
- * DESCRIPTION:
- *
- * Sets the internal state of the CertChainChecker pointed to by "checker"
- * using the Object pointed to by "certChainCheckerState". If "checker" needs
- * a NULL internal state, "certChainCheckerState" should be set to NULL.
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose state is to be set. Must be non-NULL.
- * "certChainCheckerState"
- * Address of Object representing internal state.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "checker"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_SetCertChainCheckerState(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Object *certChainCheckerState,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CHECKER_H */
diff --git a/security/nss/lib/libpkix/include/pkix_crlsel.h b/security/nss/lib/libpkix/include/pkix_crlsel.h
deleted file mode 100755
index 0d00df4d0..000000000
--- a/security/nss/lib/libpkix/include/pkix_crlsel.h
+++ /dev/null
@@ -1,792 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CRLSelector and the
- * PKIX_ComCRLSelParams types.
- *
- */
-
-
-#ifndef _PKIX_CRLSEL_H
-#define _PKIX_CRLSEL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CRLSelector
- *
- * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
- * based on particular criteria. A CRLSelector is typically used by libpkix
- * to retrieve CRLs from a CertStore during certificate chain validation or
- * building. (see pkix_certstore.h) For example, the caller may wish to only
- * select those CRLs that have a particular issuer or a particular value for a
- * private CRL extension. The MatchCallback allows the caller to specify the
- * custom matching logic to be used by a CRLSelector.
-
- * By default, the MatchCallback is set to point to the default implementation
- * provided by libpkix, which understands how to process the most common
- * parameters. If the default implementation is used, the caller should set
- * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
- * Any common parameter that is not set is assumed to be disabled, which means
- * the default MatchCallback implementation will select all CRLs without
- * regard to that particular disabled parameter. For example, if the
- * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
- * CRL based on its CRL number. As such, if no parameters are set, all are
- * disabled and any CRL will match. If a parameter is disabled, its associated
- * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
- *
- * If a custom implementation is desired, the default implementation can be
- * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
- * CRLSelector can be initialized with a crlSelectorContext, which is where
- * the caller can specify the desired parameters the caller wishes to match
- * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
- * allowing it to be reference-counted and allowing it to provide the standard
- * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
- *
- */
-
-/*
- * FUNCTION: PKIX_CRLSelector_MatchCallback
- * DESCRIPTION:
- *
- * This callback function determines whether the specified CRL pointed to by
- * "crl" matches the criteria of the CRLSelector pointed to by "selector".
- * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
- * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose MatchCallback logic and parameters are
- * to be used. Must be non-NULL.
- * "crl"
- * Address of CRL that is to be matched using "selector". Must be non-NULL.
- * "pMatch"
- * Address at which Boolean result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CRLSelector_MatchCallback)(
- PKIX_CRLSelector *selector,
- PKIX_PL_CRL *crl,
- PKIX_Boolean *pMatch,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_Create
- * DESCRIPTION:
- *
- * Creates a new CRLSelector using the Object pointed to by
- * "crlSelectorContext" (if any) and stores it at "pSelector". As noted
- * above, by default, the MatchCallback is set to point to the default
- * implementation provided by libpkix, which understands how to process
- * ComCRLSelParams. This is overridden if the MatchCallback pointed to by
- * "callback" is not NULL, in which case the parameters are specified using
- * the Object pointed to by "crlSelectorContext".
- *
- * PARAMETERS:
- * "issue"
- * crl issuer.
- * "crlDpList"
- * distribution points list
- * "callback"
- * The MatchCallback function to be used.
- * "pSelector"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_Create(
- PKIX_PL_Cert *issuer,
- PKIX_List *crlDpList,
- PKIX_PL_Date *date,
- PKIX_CRLSelector **pSelector,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetMatchCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "selector's" Match callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "selector"
- * The CRLSelector whose Match callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Match callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetMatchCallback(
- PKIX_CRLSelector *selector,
- PKIX_CRLSelector_MatchCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the CRLSelector pointed to by "selector" and stores it at
- * "pCRLSelectorContext".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose context is to be stored. Must be non-NULL.
- * "pCRLSelectorContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCRLSelectorContext(
- PKIX_CRLSelector *selector,
- void **pCRLSelectorContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ComCRLSelParams object that represent the common
- * parameters of the CRLSelector pointed to by "selector" and stores it at
- * "pCommonCRLSelectorParams". If there are no common parameters stored with
- * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose ComCRLSelParams are to be stored.
- * Must be non-NULL.
- * "pCommonCRLSelectorParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCommonCRLSelectorParams(
- PKIX_CRLSelector *selector,
- PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
- * DESCRIPTION:
- *
- * Sets the common parameters for the CRLSelector pointed to by "selector"
- * using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose common parameters are to be set.
- * Must be non-NULL.
- * "commonCRLSelectorParams"
- * Address of ComCRLSelParams representing the common parameters.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "selector"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_SetCommonCRLSelectorParams(
- PKIX_CRLSelector *selector,
- PKIX_ComCRLSelParams *commonCRLSelectorParams,
- void *plContext);
-
-/* PKIX_ComCRLSelParams
- *
- * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
- * especially determining which CRLs to retrieve from a CertStore.
- * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
- * the default implementation of MatchCallback, which understands how to
- * process ComCRLSelParams.
- */
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_Create
- * DESCRIPTION:
- *
- * Creates a new ComCRLSelParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_Create(
- PKIX_ComCRLSelParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of X500Names (if any) representing the
- * issuer names criterion that is set in the ComCRLSelParams pointed to by
- * "params" and stores it at "pNames". In order to match against this
- * criterion, a CRL's IssuerName must match at least one of the criterion's
- * issuer names.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all CRLs are considered to match.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose issuer names criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetIssuerNames(
- PKIX_ComCRLSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_X500Name */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
- * DESCRIPTION:
- *
- * Sets the issuer names criterion of the ComCRLSelParams pointed to by
- * "params" using a List of X500Names pointed to by "names". In order to match
- * against this criterion, a CRL's IssuerName must match at least one of the
- * criterion's issuer names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose issuer names criterion is to be
- * set. Must be non-NULL.
- * "names"
- * Address of List of X500Names used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetIssuerNames(
- PKIX_ComCRLSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_X500Name */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
- * DESCRIPTION:
- *
- * Adds to the issuer names criterion of the ComCRLSelParams pointed to by
- * "params" using the X500Name pointed to by "name". In order to match
- * against this criterion, a CRL's IssuerName must match at least one of the
- * criterion's issuer names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose issuer names criterion is to be added
- * to. Must be non-NULL.
- * "name"
- * Address of X500Name to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_AddIssuerName(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_X500Name *name,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert (if any) representing the certificate whose
- * revocation status is being checked. This is not a criterion. It is simply
- * optional information that may help a CertStore find relevant CRLs.
- *
- * If "params" does not have a certificate set, this function stores NULL at
- * "pCert", in which case there is no optional information to provide.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose certificate being checked (if any) is
- * to be stored. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetCertificateChecking(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
- * DESCRIPTION:
- *
- * Sets the ComCRLSelParams pointed to by "params" with the certificate
- * (pointed to by "cert") whose revocation status is being checked. This is
- * not a criterion. It is simply optional information that may help a
- * CertStore find relevant CRLs.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose certificate being checked is to be
- * set. Must be non-NULL.
- * "cert"
- * Address of Cert whose revocation status is being checked
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetCertificateChecking(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) representing the dateAndTime
- * criterion that is set in the ComCRLSelParams pointed to by "params" and
- * stores it at "pDate". In order to match against this criterion, a CRL's
- * thisUpdate component must be less than or equal to the criterion's
- * dateAndTime and the CRL's nextUpdate component must be later than the
- * criterion's dateAndTime. There is no match if the CRL does not contain a
- * nextUpdate component.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pDate", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetDateAndTime(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
- * DESCRIPTION:
- *
- * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
- * "params" using a Date pointed to by "date". In order to match against this
- * criterion, a CRL's thisUpdate component must be less than or equal to the
- * criterion's dateAndTime and the CRL's nextUpdate component must be later
- * than the criterion's dateAndTime. There is no match if the CRL does not
- * contain a nextUpdate component.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
- * set. Must be non-NULL.
- * "date"
- * Address of Date used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetDateAndTime(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Boolean representing the NIST CRL policy
- * activation flag that is set in the ComCRLSelParams pointed to by "params"
- * and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
- *
- * Default value for this flag is TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose NIST CRL policy criterion is to
- * be stored. Must be non-NULL.
- * "pEnabled"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
- PKIX_ComCRLSelParams *params,
- PKIX_Boolean *pEnabled,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
- * DESCRIPTION:
- *
- * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
- * "params" using a "enabled" flag. In order to match against this
- * criterion, a CRL's nextUpdate must be available and criterion's
- * dataAndTime must be within thisUpdate and nextUpdate time period.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose NIST CRL policy criterion
- * is to be set. Must be non-NULL.
- * "enabled"
- * Address of Bollean used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
- PKIX_ComCRLSelParams *params,
- PKIX_Boolean enabled,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
- * criterion that is set in the ComCRLSelParams pointed to by "params" and
- * stores it at "pNumber". In order to match against this criterion, a CRL
- * must have a CRL number extension whose value is less than or equal to the
- * criterion's value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNumber", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMaxCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt **pNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
- * DESCRIPTION:
- *
- * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
- * "params" using a BigInt pointed to by "number". In order to match against
- * this criterion, a CRL must have a CRL number extension whose value is less
- * than or equal to the criterion's value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
- * set. Must be non-NULL.
- * "number"
- * Address of BigInt used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMaxCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt *number,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
- * criterion that is set in the ComCRLSelParams pointed to by "params" and
- * stores it at "pNumber". In order to match against this criterion, a CRL
- * must have a CRL number extension whose value is greater than or equal to
- * the criterion's value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNumber", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMinCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt **pNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
- * DESCRIPTION:
- *
- * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
- * "params" using a BigInt pointed to by "number". In order to match against
- * this criterion, a CRL must have a CRL number extension whose value is
- * greater than or equal to the criterion's value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
- * set. Must be non-NULL.
- * "number"
- * Address of BigInt used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMinCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt *number,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
- * DESCRIPTION:
- *
- * Sets crldp list that can be used to download a crls.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
- * set. Must be non-NULL.
- * "crldpList"
- * A list of CRLDPs. Can be an emptry list.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error*
-PKIX_ComCRLSelParams_SetCrlDp(
- PKIX_ComCRLSelParams *params,
- PKIX_List *crldpList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CRLSEL_H */
diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h
deleted file mode 100755
index 324e22761..000000000
--- a/security/nss/lib/libpkix/include/pkix_errorstrings.h
+++ /dev/null
@@ -1,1128 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * This file is intended to be included after different definitions of
- * PKIX_ERRORENTRY. It is included in pkixt.h to define a number for each error
- * by defining PKIX_ERRORENTRY(x,y) as PKIX_ ## x and then listing thim within
- * an enum. It is included in pkix_error.c to define an array of error strings
- * by defining PKIX_ERRORENTRY(x,y) #y and then listing thim within an array
- * const char * const PKIX_ErrorText[]
- */
-/* ALLOCERROR should always be the first */
-PKIX_ERRORENTRY(ALLOCERROR,Allocation Error,SEC_ERROR_NO_MEMORY),
-PKIX_ERRORENTRY(ADDHEADERFUNCTIONNOTSUPPORTED,AddHeader function not supported,0),
-PKIX_ERRORENTRY(ADDTOVERIFYLOGFAILED,pkix_AddToVerifyLog failed,0),
-PKIX_ERRORENTRY(AIAMGRCREATEFAILED,PKIX_PL_AIAMgr_Create failed,0),
-PKIX_ERRORENTRY(AIAMGRFINDLDAPCLIENTFAILED,pkix_pl_AiaMgr_FindLDAPClient failed,0),
-PKIX_ERRORENTRY(AIAMGRGETAIACERTSFAILED,PKIX_PL_AIAMgr_GetAIACerts failed,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(AIAMGRGETHTTPCERTSFAILED,pkix_pl_AIAMgr_GetHTTPCerts failed,0),
-PKIX_ERRORENTRY(AIAMGRGETLDAPCERTSFAILED,pkix_pl_AIAMgr_GetLDAPCerts failed,0),
-PKIX_ERRORENTRY(ALGORITHMBYTESLENGTH0,Algorithm bytes length is 0,0),
-PKIX_ERRORENTRY(ALLOCATENEWCERTGENERALNAMEFAILED,Allocate new CERTGeneralName failed,0),
-PKIX_ERRORENTRY(AMBIGUOUSPARENTAGEOFVERIFYNODE,Ambiguous parentage of VerifyNode,0),
-PKIX_ERRORENTRY(ANCHORDIDNOTCHAINTOCERT,Anchor did not chain to Cert,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(ANCHORDIDNOTPASSCERTSELECTORCRITERIA,Anchor did not pass CertSelector criteria,0),
-PKIX_ERRORENTRY(APPENDLISTFAILED,pkix_pl_AppendList failed,0),
-PKIX_ERRORENTRY(ARGUMENTNOTSTRING,Argument is not a String,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTBIGINTS,Arguments are not BigInts,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTBYTEARRAYS,Arguments are not Byte Arrays,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTDATES,Arguments are not Dates,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTOIDS,Arguments are not OIDs,0),
-PKIX_ERRORENTRY(ATTEMPTTOADDDUPLICATEKEY,Attempt to add duplicate key,0),
-PKIX_ERRORENTRY(ATTEMPTTODECODEANINCOMPLETERESPONSE,Attempt to decode an incomplete response,SEC_ERROR_BAD_DER),
-PKIX_ERRORENTRY(ATTEMPTTODECREFALLOCERROR,Attempt to DecRef Alloc Error,0),
-PKIX_ERRORENTRY(ATTEMPTTOINCREFALLOCERROR,Attempt to IncRef Alloc Error,0),
-PKIX_ERRORENTRY(BADHTTPRESPONSE,Bad Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERINITIALIZEFAILED,pkix_BasicConstraintsChecker_Initialize failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERSTATECREATEFAILED,PKIX_BasicConstraintsCheckerState_Create failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSGETCAFLAGFAILED,PKIX_PL_BasicConstraints_GetCAFlag failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED,PKIX_PL_BasicConstraints_GetPathLenConstraint failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDCA,PKIX_BasicConstraints validation failed: CA Flag not set,SEC_ERROR_CA_CERT_INVALID),
-PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDLN,PKIX_BasicConstraints validation failed: maximum length mismatch,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID),
-PKIX_ERRORENTRY(BIGINTCOMPARATORFAILED,pkix_pl_BigInt_Comparator failed,0),
-PKIX_ERRORENTRY(BIGINTCREATEWITHBYTESFAILED,pkix_pl_BigInt_CreateWithBytes failed,0),
-PKIX_ERRORENTRY(BIGINTEQUALSFAILED,PKIX_PL_BigInt_Equals failed,0),
-PKIX_ERRORENTRY(BIGINTLENGTH0INVALID,BigInt length 0 is invalid,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(BIGINTTOSTRINGFAILED,pkix_pl_BigInt_ToString failed,0),
-PKIX_ERRORENTRY(BIGINTTOSTRINGHELPERFAILED,PKIX_PL_BigInt_ToString_Helper failed,0),
-PKIX_ERRORENTRY(BINDREJECTEDBYSERVER,BIND rejected by server,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(BUILDANDVALIDATECHAINFAILED,Failed to build and validate a chain,0),
-PKIX_ERRORENTRY(BUILDBUILDSELECTORANDPARAMSFAILED,pkix_Build_BuildSelectorAndParams failed,0),
-PKIX_ERRORENTRY(BUILDCOMBINEWITHTRUSTFAILED,pkix_Build_CombineWithTrust failed,0),
-PKIX_ERRORENTRY(BUILDFORWARDDEPTHFIRSTSEARCHFAILED,pkix_BuildForwardDepthFirstSearch failed,0),
-PKIX_ERRORENTRY(BUILDGATHERCERTSFAILED,pkix_Build_GatherCerts failed,0),
-PKIX_ERRORENTRY(BUILDGETRESOURCELIMITSFAILED,pkix_Build_GetResourceLimits failed,0),
-PKIX_ERRORENTRY(BUILDINITIATEBUILDCHAINFAILED,pkix_Build_InitiateBuildChain failed,0),
-PKIX_ERRORENTRY(BUILDRESULTCREATEFAILED,pkix_BuildResult_Create failed,0),
-PKIX_ERRORENTRY(BUILDRESULTGETCERTCHAINFAILED,PKIX_BuildResult_GetCertChain failed,0),
-PKIX_ERRORENTRY(BUILDRESULTGETVALIDATERESULTFAILED,PKIX_BuildResult_GetValidateResult failed,0),
-PKIX_ERRORENTRY(BUILDREVCHECKPREPFAILED,pkix_Build_RevCheckPrep failed,0),
-PKIX_ERRORENTRY(BUILDSORTCANDIDATECERTSFAILED,pkix_Build_SortCandidateCerts failed,0),
-PKIX_ERRORENTRY(BUILDSTATECREATEFAILED,pkix_BuildState_Create failed,0),
-PKIX_ERRORENTRY(BUILDTRYSHORTCUTFAILED,pkix_Build_TryShortcut failed,0),
-PKIX_ERRORENTRY(BUILDUPDATEDATEFAILED,pkix_Build_UpdateDate failed,0),
-PKIX_ERRORENTRY(BUILDVALIDATEENTIRECHAINFAILED,pkix_Build_ValidateEntireChain failed,0),
-PKIX_ERRORENTRY(BUILDVALIDATIONCHECKERSFAILED,pkix_Build_ValidationCheckers failed,0),
-PKIX_ERRORENTRY(BUILDVERIFYCERTIFICATEFAILED,pkix_Build_VerifyCertificate failed,0),
-PKIX_ERRORENTRY(BYTEARRAYCOMPARATORFAILED,pkix_pl_ByteArray_Comparator failed,0),
-PKIX_ERRORENTRY(BYTEARRAYCREATEFAILED,PKIX_PL_ByteArray_Create failed,0),
-PKIX_ERRORENTRY(BYTEARRAYEQUALSFAILED,PKIX_PL_ByteArray_Equals failed,0),
-PKIX_ERRORENTRY(BYTEARRAYGETLENGTHFAILED,PKIX_PL_ByteArray_GetLength failed,0),
-PKIX_ERRORENTRY(BYTEARRAYGETPOINTERFAILED,PKIX_PL_ByteArray_GetPointer failed,0),
-PKIX_ERRORENTRY(BYTEARRAYTOHEXSTRINGFAILED,pkix_pl_ByteArray_ToHexString failed,0),
-PKIX_ERRORENTRY(BYTEARRAYTOSTRINGFAILED,PKIX_PL_ByteArray_ToString failed,0),
-PKIX_ERRORENTRY(CACHECERTADDFAILED,pkix_CacheCert_Add failed,0),
-PKIX_ERRORENTRY(CACHECERTCHAINADDFAILED,pkix_CacheCertChain_Add failed,0),
-PKIX_ERRORENTRY(CACHECERTCHAINLOOKUPFAILED,pkix_CacheCertChain_Lookup failed,0),
-PKIX_ERRORENTRY(CACHECERTCHAINREMOVEFAILED,pkix_CacheCertChain_Remove failed,0),
-PKIX_ERRORENTRY(CACHECRLENTRYADDFAILED,pkix_CacheCrlEntry_Add failed,0),
-PKIX_ERRORENTRY(CACHECRLENTRYLOOKUPFAILED,pkix_CacheCrlEntry_Lookup failed,0),
-PKIX_ERRORENTRY(CALLOCFAILED,PKIX_PL_Calloc failed,0),
-PKIX_ERRORENTRY(CANNOTAQUIRECRLDER,PKIX_PL_CRL_AquireDerCrl failed,0),
-PKIX_ERRORENTRY(CANNOTCONVERTCERTUSAGETOPKIXKEYANDEKUSAGES, Fail to convert certificate usage to pkix KU and EKU,0),
-PKIX_ERRORENTRY(CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY,Cannot open CollectionCertStoreContext directory,0),
-PKIX_ERRORENTRY(CANTCREATESTRING,Cannot create PKIX_PL_String,0),
-PKIX_ERRORENTRY(CANTDECODEBINDRESPONSEFROMSERVER,Cannot decode BIND response from server,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(CANTDECODESEARCHRESPONSEFROMSERVER,Cannot decode SEARCH response from server,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(CANTENABLEREVOCATIONWITHOUTCERTSTORE,Cannot enable Revocation without CertStore,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(CANTLOADLIBSMIME,Cannot load smime3 library,0),
-PKIX_ERRORENTRY(CANTREREGISTERSYSTEMTYPE,Cannot reregister system type,0),
-PKIX_ERRORENTRY(CERTARECERTPOLICIESCRITICALFAILED,PKIX_PL_Cert_AreCertPoliciesCritical failed,0),
-PKIX_ERRORENTRY(CERTBASICCONSTRAINTSCREATEFAILED,pkix_pl_CertBasicConstraints_Create failed,0),
-PKIX_ERRORENTRY(CERTBASICCONSTRAINTSTOSTRINGFAILED,PKIX_PL_CertBasicConstraints_ToString failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKCALLBACKFAILED,PKIX_CertChainChecker_CheckCallback failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKFAILED,PKIX_CertChainChecker_Check failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERCREATEFAILED,PKIX_CertChainChecker_Create failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_GetCertChainCheckerState failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERGETCHECKCALLBACKFAILED,PKIX_CertChainChecker_GetCheckCallback failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED,PKIX_CertChainChecker_GetSupportedExtensions failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED,PKIX_CertChainChecker_IsForwardCheckingSupported failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_SetCertChainCheckerState failed,0),
-PKIX_ERRORENTRY(CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION,CertChain fails Certificate Policy validation,SEC_ERROR_POLICY_VALIDATION_FAILED),
-PKIX_ERRORENTRY(CERTCHAINTONSSCHAINFAILED,Fail to convert pkix cert chain to nss cert chain,0),
-PKIX_ERRORENTRY(CERTCHAINTOPKIXCERTLISTFAILED,Failed to convert nss cert chain to pkix cert chain,0),
-PKIX_ERRORENTRY(CERTCHECKCERTTYPEFAILED,Check cert type failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
-PKIX_ERRORENTRY(CERTCHECKCERTVALIDTIMESFAILED,CERT_CheckCertValidTimes failed,SEC_ERROR_EXPIRED_CERTIFICATE),
-PKIX_ERRORENTRY(CERTCHECKCRLFAILED,Fail to get crl cache issued by cert,0),
-PKIX_ERRORENTRY(CERTCHECKEXTENDEDKEYUSAGEFAILED,pkix_pl_Cert_CheckExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(CERTCHECKKEYUSAGEFAILED,CERT_CheckKeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE),
-PKIX_ERRORENTRY(CERTCHECKNAMECONSTRAINTSFAILED,PKIX_PL_Cert_CheckNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTCHECKVALIDITYFAILED,PKIX_PL_Cert_CheckValidity failed,0),
-PKIX_ERRORENTRY(CERTCOMPLETECRLDECODEDENTRIESFAILED,CERT_CompleteCRLDecodedEntries failed,0),
-PKIX_ERRORENTRY(CERTCOPYNAMECONSTRAINTFAILED,CERT_CopyNameConstraint failed,0),
-PKIX_ERRORENTRY(CERTCOPYNAMEFAILED,CERT_CopyName failed,0),
-PKIX_ERRORENTRY(CERTCREATEFAILED,PKIX_PL_Cert_Create failed,0),
-PKIX_ERRORENTRY(CERTCREATEGENERALNAMELISTFAILED,CERT_CreateGeneralNameList failed,0),
-PKIX_ERRORENTRY(CERTCREATETOLISTFAILED,pkix_pl_Cert_CreateToList failed,0),
-PKIX_ERRORENTRY(CERTCREATEWITHNSSCERTFAILED,pkix_pl_Cert_CreateWithNSSCert failed,0),
-PKIX_ERRORENTRY(CERTDECODEALTNAMEEXTENSIONFAILED,CERT_DecodeAltNameExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED,CERT_DecodeCertificatePoliciesExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODEDERCERTIFICATEFAILED,CERT_DecodeDERCertificate failed,0),
-PKIX_ERRORENTRY(CERTDECODEDERCRLFAILED,CERT_DecodeDERCrl failed,0),
-PKIX_ERRORENTRY(CERTDECODEINHIBITANYEXTENSIONFAILED,CERT_DecodeInhibitAnyExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODEINHIBITANYPOLICYFAILED,pkix_pl_Cert_DecodeInhibitAnyPolicy failed,0),
-PKIX_ERRORENTRY(CERTDECODEOIDSEQUENCEFAILED,CERT_DecodeOidSequence failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED,CERT_DecodePolicyConstraintsExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSFAILED,pkix_pl_Cert_DecodePolicyConstraints failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYINFOFAILED,pkix_pl_Cert_DecodePolicyInfo failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGFAILED,pkix_pl_Cert_DecodePolicyMapping failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED,CERT_DecodePolicyMappingsExtension failed,0),
-PKIX_ERRORENTRY(CERTEQUALSFAILED,pkix_pl_Cert_Equals failed,0),
-PKIX_ERRORENTRY(CERTFAILEDNAMECONSTRAINTSCHECKING,Cert failed NameConstraints checking,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTGETALLSUBJECTNAMESFAILED,PKIX_PL_Cert_GetAllSubjectNames failed,0),
-PKIX_ERRORENTRY(CERTGETAUTHORITYINFOACCESSFAILED,PKIX_PL_Cert_GetAuthorityInfoAccess failed,0),
-PKIX_ERRORENTRY(CERTGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetAuthorityKeyIdentifier failed,0),
-PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTFAILED,PKIX_PL_Cert_GetBasicConstraint failed,0),
-PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTSFAILED,PKIX_PL_Cert_GetBasicConstraints failed,0),
-PKIX_ERRORENTRY(CERTGETCACHEFLAGFAILED,PKIX_Cert_GetCacheFlag failed,0),
-PKIX_ERRORENTRY(CERTGETCERTCERTIFICATEFAILED,PKIX_PL_Cert_GetCERTCertificate failed,0),
-PKIX_ERRORENTRY(CERTGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_Cert_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(CERTGETCRLDPFAILED,Failed to get cert crldp extension, 0),
-PKIX_ERRORENTRY(CERTGETEXTENDEDKEYUSAGEFAILED,PKIX_PL_Cert_GetExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(CERTGETINHIBITANYPOLICYFAILED,PKIX_PL_Cert_GetInhibitAnyPolicy failed,0),
-PKIX_ERRORENTRY(CERTGETISSUERFAILED,PKIX_PL_Cert_GetIssuer failed,0),
-PKIX_ERRORENTRY(CERTGETNAMECONSTRAINTSFAILED,PKIX_PL_CertGetNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTGETNSSSUBJECTALTNAMESFAILED,pkix_pl_Cert_GetNssSubjectAltNames failed,0),
-PKIX_ERRORENTRY(CERTGETPOLICYINFORMATIONFAILED,PKIX_PL_Cert_GetPolicyInformation failed,0),
-PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGINHIBITEDFAILED,PKIX_PL_Cert_GetPolicyMappingInhibited failed,0),
-PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGSFAILED,PKIX_PL_Cert_GetPolicyMappings failed,0),
-PKIX_ERRORENTRY(CERTGETREQUIREEXPLICITPOLICYFAILED,PKIX_PL_Cert_GetRequireExplicitPolicy failed,0),
-PKIX_ERRORENTRY(CERTGETSERIALNUMBERFAILED,PKIX_PL_Cert_GetSerialNumber failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJALTNAMESFAILED,PKIX_PL_Cert_GetSubjAltNames failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTALTNAMESFAILED,PKIX_PL_Cert_GetSubjectAltNames failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTFAILED,PKIX_PL_Cert_GetSubject failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTINFOACCESSFAILED,PKIX_PL_Cert_GetSubjectInfoAccess failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetSubjectKeyIdentifier failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYALGIDFAILED,PKIX_PL_Cert_GetSubjectPublicKeyAlgId failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYFAILED,PKIX_PL_Cert_GetSubjectPublicKey failed,0),
-PKIX_ERRORENTRY(CERTGETVALIDITYNOTAFTERFAILED,PKIX_PL_Cert_GetValidityNotAfter failed,0),
-PKIX_ERRORENTRY(CERTGETVERSIONFAILED,PKIX_PL_Cert_GetVersion failed,0),
-PKIX_ERRORENTRY(CERTHASHCODEFAILED,PKIX_PL_Cert_Hashcode failed,0),
-PKIX_ERRORENTRY(CERTIFICATEDOESNTHAVEVALIDCRL,Certificate does not have a valid CRL,SEC_ERROR_CRL_NOT_FOUND),
-PKIX_ERRORENTRY(CERTIFICATEREVOKED,Certificate is revoked,SEC_ERROR_REVOKED_CERTIFICATE),
-PKIX_ERRORENTRY(CERTIMPORTCERTIFICATEFUNCTIONFAILED,CERTImportCertificate function failed,0),
-PKIX_ERRORENTRY(CERTISCERTTRUSTEDFAILED,PKIX_PL_Cert_IsCertTrusted failed,SEC_ERROR_UNTRUSTED_CERT),
-PKIX_ERRORENTRY(CERTISEXTENSIONCRITICALFAILED,pkix_pl_Cert_IsExtensionCritical failed,0),
-PKIX_ERRORENTRY(CERTMERGENAMECONSTRAINTSFAILED,PKIX_PL_Cert_MergeNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNameInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNamesInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED,pkix_pl_CertNameConstraints_CheckNameSpaceNssNames failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED,pkix_pl_CertNameConstraints_CopyNssNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEBYMERGEFAILED,pkix_pl_CertNameConstraints_CreateByMerge failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEFAILED,pkix_pl_CertNameConstraints_Create failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEHELPERFAILED,pkix_pl_CertNameConstraints_Create_Helper failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETEXCLUDEDFAILED,pkix_pl_CertNameConstraints_GetExcluded failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETPERMITTEDFAILED,pkix_pl_CertNameConstraints_GetPermitted failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSMERGEFAILED,pkix_pl_CertNameConstraints_Merge failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED,pkix_pl_CertNameConstraints_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CERTNAMETOASCIIFAILED,CERT_NameToAscii failed,0),
-PKIX_ERRORENTRY(CERTNOTALLOWEDTOSIGNCERTIFICATES,Cert not allowed to sign certificates,SEC_ERROR_CA_CERT_INVALID),
-PKIX_ERRORENTRY(CERTPOLICYINFOCREATEFAILED,pkix_pl_CertPolicyInfo_Create failed,0),
-PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLICYIDFAILED,PKIX_PL_CertPolicyInfo_GetPolicyId failed,0),
-PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLQUALIFIERSFAILED,PKIX_PL_CertPolicyInfo_GetPolQualifiers failed,0),
-PKIX_ERRORENTRY(CERTPOLICYMAPCREATEFAILED,pkix_pl_CertPolicyMap_Create failed,0),
-PKIX_ERRORENTRY(CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy failed,0),
-PKIX_ERRORENTRY(CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy failed,0),
-PKIX_ERRORENTRY(CERTPOLICYQUALIFIERCREATEFAILED,pkix_pl_CertPolicyQualifier_Create failed,0),
-PKIX_ERRORENTRY(CERTREJECTEDBYREVOCATIONCHECKER,Cert rejected by revocation checker,0),
-PKIX_ERRORENTRY(CERTSELECTORCHECKFAILED,Validation failed: CertSelector check failed,0),
-PKIX_ERRORENTRY(CERTSELECTORCREATEFAILED,PKIX_CertSelector_Create failed,0),
-PKIX_ERRORENTRY(CERTSELECTORFAILED,certSelector failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CertSelector_GetComCertSelParams failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED,PKIX_CertSelector_GetCommonCertSelectorParam failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_GetCommonCertSelectorParams failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETMATCHCALLBACKFAILED,PKIX_CertSelector_GetMatchCallback failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHAUTHKEYIDFAILED,pkix_CertSelector_Match_AuthKeyId failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHBASICCONSTRAINTFAILED,pkix_CertSelector_Match_BasicConstraint failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCALLBACKFAILED,PKIX_CertSelector_MatchCallback failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTIFICATEVALIDFAILED,pkix_CertSelector_Match_CertificateValid failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTISSUERFAILED,cert does not match issuer name,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTOBJECTFAILED,cert does not match cert object,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSERIALNUMFAILED,cert does not match serial number,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSUBJECTFAILED,cert does not match subject name,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTVERSIONFAILED,cert does not match cert version,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED,pkix_CertSelector_Match_ExtendedKeyUsage failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
-PKIX_ERRORENTRY(CERTSELECTORMATCHFAILED,certSelectorMatch failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHKEYUSAGEFAILED,pkix_CertSelector_Match_KeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE),
-PKIX_ERRORENTRY(CERTSELECTORMATCHNAMECONSTRAINTSFAILED,pkix_CertSelector_Match_NameConstraints failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHPATHTONAMESFAILED,pkix_CertSelector_Match_PathToNames failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHPOLICIESFAILED,pkix_CertSelector_Match_Policies failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJALTNAMESFAILED,pkix_CertSelector_Match_SubjAltNames failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJKEYIDFAILED,pkix_CertSelector_Match_SubjKeyId failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPKALGIDFAILED,pkix_CertSelector_Match_SubjPKAlgId failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPUBKEYFAILED,pkix_CertSelector_Match_SubjPubKey failed,0),
-PKIX_ERRORENTRY(CERTSELECTORSELECTFAILED,pkix_CertSelector_Select failed,0),
-PKIX_ERRORENTRY(CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_SetCommonCertSelectorParams failed,0),
-PKIX_ERRORENTRY(CERTSETASTRUSTANCHORFAILED, PKIX_PL_Cert_SetAsTrustAnchor failed, 0),
-PKIX_ERRORENTRY(CERTSETCACHEFLAGFAILED,PKIX_PL_Cert_SetCacheFlag failed,0),
-PKIX_ERRORENTRY(CERTSETTRUSTCERTSTOREFAILED,PKIX_PL_Cert_SetTrustCertStore failed,0),
-PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFAILED,PKIX_CertStore_CertContinue failed,0),
-PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFUNCTIONFAILED,PKIX_CertStore_CertContinueFunction failed,0),
-PKIX_ERRORENTRY(CERTSTORECREATEFAILED,PKIX_CertStore_Create failed,0),
-PKIX_ERRORENTRY(CERTSTORECRLCONTINUEFAILED,PKIX_CertStore_CrlContinue failed,0),
-PKIX_ERRORENTRY(CERTSTOREEQUALSFAILED,pkix_CertStore_Equals failed,0),
-PKIX_ERRORENTRY(CERTSTORECRLCHECKFAILED,Fail to check cert crl revocation,0),
-PKIX_ERRORENTRY(CERTSTOREGETCHECKREVBYCRLFAILED,Can not get revocation check function,0),
-PKIX_ERRORENTRY(CERTSTOREFAILTOIMPORTCRLLIST,Fail to import crls,0),
-PKIX_ERRORENTRY(CERTSTOREGETCERTCALLBACKFAILED,PKIX_CertStore_GetCertCallback failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECACHEFLAGFAILED,PKIX_CertStore_GetCertStoreCacheFlag failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECONTEXTFAILED,PKIX_CertStore_GetCertStoreContext failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETCRLCALLBACKFAILED,PKIX_CertStore_GetCRLCallback failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETLOCALFLAGFAILED,PKIX_CertStore_GetLocalFlag failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETTRUSTCALLBACKFAILED,PKIX_CertStore_GetTrustCallback failed,0),
-PKIX_ERRORENTRY(CERTSTOREHASHCODEFAILED,pkix_CertStore_Hashcode failed,0),
-PKIX_ERRORENTRY(CERTTOSTRINGFAILED,PKIX_PL_Cert_ToString failed,0),
-PKIX_ERRORENTRY(CERTTOSTRINGHELPERFAILED,pkix_pl_Cert_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CERTVERIFYCERTTYPEFAILED,PKIX_PL_Cert_VerifyCertAndKeyType failed,0),
-PKIX_ERRORENTRY(CERTVERIFYKEYUSAGEFAILED,PKIX_PL_Cert_VerifyKeyUsage failed,0),
-PKIX_ERRORENTRY(CERTVERIFYSIGNATUREFAILED,PKIX_PL_Cert_VerifySignature failed,0),
-PKIX_ERRORENTRY(CHAINREJECTEDBYREVOCATIONCHECKER,Chain rejected by Revocation Checker,0),
-PKIX_ERRORENTRY(CHECKCERTAGAINSTANCHORFAILED,pkix_CheckCertAgainstAnchor failed,0),
-PKIX_ERRORENTRY(CHECKCERTFAILED,pkix_CheckCert failed,0),
-PKIX_ERRORENTRY(CHECKCHAINFAILED,pkix_CheckChain failed,0),
-PKIX_ERRORENTRY(CHECKTRUSTCALLBACKFAILED,CheckTrustCallback failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCrl failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECERTFAILED,pkix_pl_CollectionCertStoreContext_CreateCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECRLFAILED,pkix_pl_CollectionCertStoreContext_CreateCRL failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCERTFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCRL failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCRL failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSCREATEFAILED,PKIX_ComCertSelParams_Create failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetAuthorityKeyIdentifier failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_GetBasicConstraints failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEFAILED,PKIX_ComCertSelParams_GetCertificate failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_GetCertificateValid failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED,PKIX_ComCertSelParams_GetExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETISSUERFAILED,PKIX_ComCertSelParams_GetIssuer failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETKEYUSAGEFAILED,PKIX_ComCertSelParams_GetKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_GetLeafCertFlag failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetMatchAllSubjAltNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED,PKIX_ComCertSelParams_GetNameConstraints failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETPATHTONAMESFAILED,PKIX_ComCertSelParams_GetPathToNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETPOLICYFAILED,PKIX_ComCertSelParams_GetPolicy failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSERIALNUMBERFAILED,PKIX_ComCertSelParams_GetSerialNumber failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetSubjAltNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJECTFAILED,PKIX_ComCertSelParams_GetSubject failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetSubjKeyIdentifier failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPKALGIDFAILED,PKIX_ComCertSelParams_GetSubjPKAlgId failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPUBKEYFAILED,PKIX_ComCertSelParams_GetSubjPubKey failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETVERSIONFAILED,PKIX_ComCertSelParams_GetVersion failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_SetBasicConstraints failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEFAILED,PKIX_ComCertSelParams_SetCertificate failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_SetCertificateValid failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETEXTKEYUSAGEFAILED,PKIX_ComCertSelParams_SetExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETKEYUSAGEFAILED,PKIX_ComCertSelParams_SetKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_SetLeafCertFlag failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETNISTPOLICYENABLEDFAILED,PKIX_ComCertSelParams_SetNISTPolicyEnabled failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETPATHTONAMESFAILED,PKIX_ComCertSelParams_SetPathToNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETSUBJECTFAILED,PKIX_ComCertSelParams_SetSubject failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSADDISSUERNAMEFAILED,PKIX_ComCRLSelParams_AddIssuerName failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSCREATEFAILED,PKIX_ComCRLSelParams_Create failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSEQUALSFAILED,pkix_ComCRLSelParams_Equals failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_GetDateAndTime failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETISSUERNAMESFAILED,PKIX_ComCRLSelParams_GetIssuerNames failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETMAXCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMaxCRLNumber failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETMINCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMinCRLNumber failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED,PKIX_ComCRLSelParams_GetNISTPolicyEnabled failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSSETCERTFAILED,PKIX_ComCRLSelParams_SetCertificateChecking failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSSETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_SetDateAndTime failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGFAILED,pkix_ComCRLSelParams_ToString failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGHELPERFAILED,pkix_ComCRLSelParams_ToString_Helper failed,0),
-PKIX_ERRORENTRY(COMPARATORCALLBACKFAILED,comparator callback failed,0),
-PKIX_ERRORENTRY(CONTENTTYPENOTPKCS7MIME,Content type is not application/pkcs7-mime,0),
-PKIX_ERRORENTRY(CONTENTTYPENOTPKIXCRL,Content type is not application/pkix-crl,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(COULDNOTALLOCATEMEMORY,Could not allocate memory,0),
-PKIX_ERRORENTRY(COULDNOTALLOCATENEWSTRINGOBJECT,Could not allocate new string object,0),
-PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST,Could not append child to parent PolicyNode list,0),
-PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST,Could not append child to parent VerifyNode list,0),
-PKIX_ERRORENTRY(COULDNOTCREATEAIAMGROBJECT,Could not create AiaMgr object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT,Could not create basic constraints state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEBUILDPARAMSOBJECT,Could not create build params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEBUILDRESULTOBJECT,Could not create build result object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTBASICCONSTRAINTSOBJECT,Could not create a CertBasicConstraints object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTCHAINCHECKEROBJECT,Could not create cert chain checker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTNAMECONSTRAINTSOBJECT,Could not create CertNameConstraints object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYINFOOBJECT,Could not create a CertPolicyInfo object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYMAPOBJECT,Could not create a CertPolicyMap object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYQUALIFIEROBJECT,Could not create a CertPolicyQualifier object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTSELECTOROBJECT,Could not create cert selector object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTSTOREOBJECT,Could not create CertStore object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT,Could not create CollectionCertStoreContext object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECOMMONCERTSELPARAMSOBJECT,Could not create common certsel params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT,Could not create common crl selector params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLENTRYOBJECT,Could not create CRLENTRY object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLOBJECT,Could not create CRL object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLSELECTOROBJECT,Could not create CRLSelector object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLCHECKEROBJECT,Could not create CRLChecker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEOCSPCHECKEROBJECT,Could not create OcspChecker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEREVOCATIONMETHODOBJECT,Could not create RevocationMethod object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT,Could not create DefaultRevocationChecker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEEKUCHECKERSTATEOBJECT,Could not create EkuCheckerState object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEFORWARDBUILDERSTATEOBJECT,Could not create forwardBuilder state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEHASHTABLEOBJECT,Could not create HashTable object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEHTTPDEFAULTCLIENTOBJECT,Could not create HttpDefaultClient object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEINFOACCESSOBJECT,Could not create InfoAccess object,0),
-PKIX_ERRORENTRY(COULDNOTCREATELDAPDEFAULTCLIENTOBJECT,Could not create LdapDefaultClient object,0),
-PKIX_ERRORENTRY(COULDNOTCREATELOCKOBJECT,Could not create lock object,0),
-PKIX_ERRORENTRY(COULDNOTCREATELOGGEROBJECT,Could not create Logger object,0),
-PKIX_ERRORENTRY(COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT,Could not create NameConstraintsCheckerState object,0),
-PKIX_ERRORENTRY(COULDNOTCREATENSSDN,Could not create NSS DN,0),
-PKIX_ERRORENTRY(COULDNOTCREATEOBJECT,Could not create object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEOBJECTSTORAGE,Could not create object storage,0),
-PKIX_ERRORENTRY(COULDNOTCREATEPOLICYCHECKERSTATEOBJECT,Could not create policyChecker state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEPOLICYNODEOBJECT,Could not create a PolicyNode object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEPROCESSINGPARAMSOBJECT,Could not create processing params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATERESOURCELIMITOBJECT,Could not create ResourceLimit object,0),
-PKIX_ERRORENTRY(COULDNOTCREATESIGNATURECHECKERSTATEOBJECT,Could not create SignatureCheckerState object,0),
-PKIX_ERRORENTRY(COULDNOTCREATESOCKETOBJECT,Could not create Socket object,0),
-PKIX_ERRORENTRY(COULDNOTCREATESTRING,Could not create string,0),
-PKIX_ERRORENTRY(COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT,Could not create target cert checker state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATETRUSTANCHOROBJECT,Could not create trust anchor object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEVALIDATEPARAMSOBJECT,Could not create validate params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEVALIDATERESULTOBJECT,Could not create validate result object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEVERIFYNODEOBJECT,Could not create a VerifyNode object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEX500NAMEOBJECT,Could not create X500Name object,0),
-PKIX_ERRORENTRY(COULDNOTGETFIRSTOBJECTTYPE,Could not get first object type,0),
-PKIX_ERRORENTRY(COULDNOTGETSECONDOBJECTTYPE,Could not get second object type,0),
-PKIX_ERRORENTRY(COULDNOTGETTYPEOFSECONDARGUMENT,Could not get type of second argument,0),
-PKIX_ERRORENTRY(COULDNOTLOOKUPINHASHTABLE,Could not lookup in hashtable,0),
-PKIX_ERRORENTRY(COULDNOTMALLOCNEWKEY,Could not malloc new key,0),
-PKIX_ERRORENTRY(COULDNOTTESTWHETHERKEYSEQUAL,Could not test whether keys are equal,0),
-PKIX_ERRORENTRY(CREATECERTFAILED,CreateCert failed,0),
-PKIX_ERRORENTRY(CREATECRLSELECTORDUPLICATEOBJECTFAILED,Create CRLSelector Duplicate Object failed,0),
-PKIX_ERRORENTRY(CREATEPROCESSINGPARAMSFAILED,Failed to create processing parameters,0),
-PKIX_ERRORENTRY(CRLCHECKERCREATEFAILED,pkix_CRLChecker_Create failed,0),
-PKIX_ERRORENTRY(CRLCHECKERINITIALIZEFAILED,pkix_CRLChecker_Initialize failed,0),
-PKIX_ERRORENTRY(CRLCHECKERNOLOCALCERTSTOREFOUND,No local cert store found, 0),
-PKIX_ERRORENTRY(CRLCHECKERSETSELECTORFAILED,pkix_CRLChecker_SetSelector failed,0),
-PKIX_ERRORENTRY(CRLCREATEFAILED,PKIX_PL_CRL_Create failed,0),
-PKIX_ERRORENTRY(CRLCREATETOLISTFAILED,pkix_pl_CRL_CreateToList failed,0),
-PKIX_ERRORENTRY(CRLCREATEWITHSIGNEDCRLFAILED,pkix_pl_CRL_CreateWithSignedCRL failed,0),
-PKIX_ERRORENTRY(CRLCRITICALEXTENSIONOIDSNOTPROCESSED,CRL Critical Extension OIDs not processed,0),
-PKIX_ERRORENTRY(CRLDPCREATEFAILED, Failed to create CRL DP,0),
-PKIX_ERRORENTRY(CRLENTRYCREATEFAILED,pkix_pl_CRLEntry_Create failed,0),
-PKIX_ERRORENTRY(CRLENTRYCRITICALEXTENSIONWASNOTPROCESSED,CRLEntry Critical Extension was not processed,0),
-PKIX_ERRORENTRY(CRLENTRYEXTENSIONSEQUALSFAILED,PKIX_PL_CRLEntry_Extensions_Equals failed,0),
-PKIX_ERRORENTRY(CRLENTRYEXTENSIONSHASHCODEFAILED,pkix_pl_CRLEntry_Extensions_Hashcode failed,0),
-PKIX_ERRORENTRY(CRLENTRYGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRLEntry_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(CRLENTRYGETCRLENTRYREASONCODEFAILED,PKIX_PL_CRLEntry_GetCRLEntryReasonCode failed,0),
-PKIX_ERRORENTRY(CRLENTRYTOSTRINGHELPERFAILED,pkix_pl_CRLEntry_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CRLGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRL_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(CRLGETCRLENTRIESFAILED,pkix_pl_CRL_GetCRLEntries failed,0),
-PKIX_ERRORENTRY(CRLGETCRLENTRYFORSERIALNUMBERFAILED,PKIX_PL_CRL_GetCRLEntryForSerialNumber failed,0),
-PKIX_ERRORENTRY(CRLGETCRLNUMBERFAILED,PKIX_PL_CRL_GetCRLNumber failed,0),
-PKIX_ERRORENTRY(CRLGETISSUERFAILED,PKIX_PL_CRL_GetIssuer failed,0),
-PKIX_ERRORENTRY(CRLGETPARTITIONEDFLAGFAILED,PKIX_PL_CRL_IsPartitioned failed,0),
-PKIX_ERRORENTRY(CRLGETSIGNATUREALGIDFAILED,pkix_pl_CRL_GetSignatureAlgId failed,0),
-PKIX_ERRORENTRY(CRLGETVERSIONFAILED,pkix_pl_CRL_GetVersion failed,0),
-PKIX_ERRORENTRY(CRLISSUECERTEXPIRED,CRL issue cert has expired,0),
-PKIX_ERRORENTRY(CRLMAXNUMBERRANGEMATCHFAILED,CRL MaxNumber Range Match Failed,0),
-PKIX_ERRORENTRY(CRLSELECTORCREATEFAILED,PKIX_CRLSelector_Create failed,0),
-PKIX_ERRORENTRY(CRLSELECTORFAILED,crlSelector failed,0),
-PKIX_ERRORENTRY(CRLSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CRLSelector_GetComCertSelParams failed,0),
-PKIX_ERRORENTRY(CRLSELECTORGETMATCHCALLBACKFAILED,PKIX_CRLSelector_GetMatchCallback failed,0),
-PKIX_ERRORENTRY(CRLSELECTORMATCHCALLBACKFAILED,PKIX_CRLSelector_MatchCallback failed,0),
-PKIX_ERRORENTRY(CRLSELECTORMATCHFAILED,crlSelectorMatch failed,0),
-PKIX_ERRORENTRY(CRLSELECTORSELECTFAILED,pkix_CRLSelector_Select failed,0),
-PKIX_ERRORENTRY(CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED,PKIX_CRLSelector_SetCommonCRLSelectorParams failed,0),
-PKIX_ERRORENTRY(CRLSELECTORTOSTRINGHELPERFAILED,pkix_CRLSelector_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CRLTOSTRINGHELPERFAILED,pkix_pl_CRL_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CRLVERIFYUPDATETIMEFAILED,pkix_pl_CRL_VerifyUpdateTime failed,0),
-PKIX_ERRORENTRY(DATECREATECURRENTOFFBYSECONDSFAILED,PKIX_PL_Date_Create_CurrentOffBySeconds failed,0),
-PKIX_ERRORENTRY(DATECREATEFROMPRTIMEFAILED,pkix_pl_Date_CreateFromPRTime failed,0),
-PKIX_ERRORENTRY(DATECREATEUTCTIMEFAILED,PKIX_PL_Date_Create_UTCTime failed,0),
-PKIX_ERRORENTRY(DATEDERTIMETOPRTIMEFAILED,Fail to convert encoded time to PRTime,0),
-PKIX_ERRORENTRY(DATEEQUALSFAILED,PKIX_PL_Date_Equals failed,0),
-PKIX_ERRORENTRY(DATEGETPRTIMEFAILED,pkix_pl_Date_GetPRTime failed,0),
-PKIX_ERRORENTRY(DATEHASHCODEFAILED,PKIX_PL_Date_Hashcode failed,0),
-PKIX_ERRORENTRY(DATETOSTRINGFAILED,PKIX_Date_ToString failed,0),
-PKIX_ERRORENTRY(DATETOSTRINGHELPERFAILED,pkix_pl_Date_ToString_Helper failed,0),
-PKIX_ERRORENTRY(DECIPHERONLYKEYUSAGENOTSUPPORTED,decipherOnly key usage not supported,0),
-PKIX_ERRORENTRY(DECODINGCERTNAMECONSTRAINTSFAILED,Decoding Cert NameConstraints failed,0),
-PKIX_ERRORENTRY(DEFAULTREVCHECKERCREATEFAILED,pkix_DefaultRevChecker_Create failed,0),
-PKIX_ERRORENTRY(DEFAULTREVCHECKERINITIALIZEFAILED,pkix_DefaultRevChecker_Initialize failed,0),
-PKIX_ERRORENTRY(DEPTHWOULDEXCEEDRESOURCELIMITS,Depth would exceed Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS),
-PKIX_ERRORENTRY(DERASCIITOTIMEFAILED,DER_AsciiToTime failed,0),
-PKIX_ERRORENTRY(DERDECODETIMECHOICEFAILED,DER_DecodeTimeChoice failed,0),
-PKIX_ERRORENTRY(DERDECODETIMECHOICEFORLASTUPDATEFAILED,DER_DecodeTimeChoice for lastUpdate failed,0),
-PKIX_ERRORENTRY(DERDECODETIMECHOICEFORNEXTUPDATEFAILED,DER_DecodeTimeChoice for nextUpdate failed,0),
-PKIX_ERRORENTRY(DERENCODETIMECHOICEFAILED,DER_EncodeTimeChoice failed,0),
-PKIX_ERRORENTRY(DERGENERALIZEDDAYTOASCIIFAILED,DER_GeneralizedDayToAscii failed,0),
-PKIX_ERRORENTRY(DERTIMETOUTCTIMEFAILED,DER_TimeToUTCTime failed,0),
-PKIX_ERRORENTRY(DERUTCTIMETOASCIIFAILED,DER_UTCTimeToAscii failed,0),
-PKIX_ERRORENTRY(DESTROYSPKIFAILED,pkix_pl_DestroySPKI failed,0),
-PKIX_ERRORENTRY(DIRECTORYNAMECREATEFAILED,pkix_pl_DirectoryName_Create failed,0),
-PKIX_ERRORENTRY(DUPLICATEIMMUTABLEFAILED,pkix_duplicateImmutable failed,0),
-PKIX_ERRORENTRY(CANNOTSORTIMMUTABLELIST,pkix_List_BubbleSort can not sort immutable list,0),
-PKIX_ERRORENTRY(EKUCHECKERGETREQUIREDEKUFAILED,pkix_pl_EkuChecker_GetRequiredEku failed,0),
-PKIX_ERRORENTRY(EKUCHECKERINITIALIZEFAILED,PKIX_PL_EkuChecker_Initialize failed,0),
-PKIX_ERRORENTRY(EKUCHECKERSTATECREATEFAILED,pkix_pl_EkuCheckerState_Create failed,0),
-PKIX_ERRORENTRY(ENABLEREVOCATIONWITHOUTCERTSTORE,Enable Revocation without CertStore,0),
-PKIX_ERRORENTRY(ERRORALLOCATINGMONITORLOCK,Error Allocating MonitorLock,0),
-PKIX_ERRORENTRY(ERRORALLOCATINGRWLOCK,Error Allocating RWLock,0),
-PKIX_ERRORENTRY(ERRORCREATINGCHILDSTRING,Error creating child string,0),
-PKIX_ERRORENTRY(ERRORCREATINGFORMATSTRING,Error creating format string,0),
-PKIX_ERRORENTRY(ERRORCREATINGINDENTSTRING,Error creating indent string,0),
-PKIX_ERRORENTRY(ERRORCREATINGITEMSTRING,Error creating item string,0),
-PKIX_ERRORENTRY(ERRORCREATINGLISTITEM,Error Creating List Item,0),
-PKIX_ERRORENTRY(ERRORCREATINGSUBTREESTRING,Error creating subtree string,0),
-PKIX_ERRORENTRY(ERRORCREATINGTABLELOCK,Error creating table lock,0),
-PKIX_ERRORENTRY(ERRORFINDINGORPROCESSINGURI,Error finding or processing URI,0),
-PKIX_ERRORENTRY(ERRORGETTINGCAUSESTRING,Error getting cause string,0),
-PKIX_ERRORENTRY(ERRORGETTINGCLASSTABLEENTRY,Error getting class table entry,0),
-PKIX_ERRORENTRY(ERRORGETTINGHASHCODE,Error getting hashcode,0),
-PKIX_ERRORENTRY(ERRORGETTINGSECONDOBJECTTYPE,Error getting second object type,0),
-PKIX_ERRORENTRY(ERRORINBYTEARRAYHASHCODE,Error in PKIX_PL_ByteArray_Hashcode,0),
-PKIX_ERRORENTRY(ERRORINGETTINGDESTRUCTOR,Error in getting destructor,0),
-PKIX_ERRORENTRY(ERRORINHASH,Error in pkix_hash,0),
-PKIX_ERRORENTRY(ERRORINLISTHASHCODE,Error in PKIX_List_Hashcode,0),
-PKIX_ERRORENTRY(ERRORINOBJECTDEFINEDESTROY,Error in object-defined destroy callback,0),
-PKIX_ERRORENTRY(ERRORINOIDHASHCODE,Error in PKIX_PL_OID_Hashcode,0),
-PKIX_ERRORENTRY(ERRORINRECURSIVEEQUALSCALL,Error in recursive equals call,0),
-PKIX_ERRORENTRY(ERRORINSINGLEPOLICYNODETOSTRING,Error in pkix_SinglePolicyNode_ToString,0),
-PKIX_ERRORENTRY(ERRORINSINGLEVERIFYNODETOSTRING,Error in pkix_SingleVerifyNode_ToString,0),
-PKIX_ERRORENTRY(ERRORINSPRINTF,Error in PKIX_PL_Sprintf,0),
-PKIX_ERRORENTRY(ERRORINSTRINGCREATE,Error in PKIX_PL_String_Create,0),
-PKIX_ERRORENTRY(ERRORLOCKINGOBJECT,Error locking object,0),
-PKIX_ERRORENTRY(ERRORTOSTRINGFAILED,PKIX_Error_ToString failed,0),
-PKIX_ERRORENTRY(ERRORTRAVERSINGBUCKET,Error traversing bucket,0),
-PKIX_ERRORENTRY(ERRORUNLOCKINGMUTEX,Error unlocking mutex,0),
-PKIX_ERRORENTRY(ERRORUNLOCKINGOBJECT,Error unlocking object,0),
-PKIX_ERRORENTRY(ESCASCIITOUTF16FAILED,pkix_EscASCII_to_UTF16 failed,0),
-PKIX_ERRORENTRY(EXPIRATIONCHECKERINITIALIZEFAILED,pkix_ExpirationChecker_Initialize failed,0),
-PKIX_ERRORENTRY(EXTENDEDKEYUSAGECHECKINGFAILED,Extended Key Usage Checking failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
-PKIX_ERRORENTRY(EXTENDEDKEYUSAGEUSEROBJECT,Extended Key Usage User Object,0),
-PKIX_ERRORENTRY(EXTRACTPARAMETERSFAILED,pkix_ExtractParameters failed,0),
-PKIX_ERRORENTRY(FAILEDINENCODINGSEARCHREQUEST,failed in encoding searchRequest,SEC_ERROR_FAILED_TO_ENCODE_DATA),
-PKIX_ERRORENTRY(FAILEDTODECODECRL, failed to decode CRL,SEC_ERROR_BAD_DER),
-PKIX_ERRORENTRY(FAILEDTOGETNSSTRUSTANCHORS,Failed to get nss trusted roots,0),
-PKIX_ERRORENTRY(FAILEDTOGETTRUST, failed to get trust from the cert,0),
-PKIX_ERRORENTRY(FAILTOREMOVEDPFROMLIST, failed to remove dp from the list,0),
-PKIX_ERRORENTRY(FAILTOSELECTCERTSFROMANCHORS,failed to select certs from anchors,0),
-PKIX_ERRORENTRY(FAILUREHASHINGCERT,Failure hashing Cert,0),
-PKIX_ERRORENTRY(FAILUREHASHINGERROR,Failure hashing Error,0),
-PKIX_ERRORENTRY(FAILUREHASHINGLISTEXPECTEDPOLICYSET,Failure hashing PKIX_List expectedPolicySet,0),
-PKIX_ERRORENTRY(FAILUREHASHINGLISTQUALIFIERSET,Failure hashing PKIX_List qualifierSet,0),
-PKIX_ERRORENTRY(FAILUREHASHINGOIDVALIDPOLICY,Failure hashing PKIX_PL_OID validPolicy,0),
-PKIX_ERRORENTRY(FANOUTEXCEEDSRESOURCELIMITS,Fanout exceeds Resource Limits,0),
-PKIX_ERRORENTRY(FETCHINGCACHEDCRLFAILED,Fetching Cached CRLfailed,0),
-PKIX_ERRORENTRY(FILLINPROCESSINGPARAMSFAILED,Fail to fill in parameters,0),
-PKIX_ERRORENTRY(FILLINRETURNRESULTSFAILED,Fail to fill in return results,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTANOID,FirstObject is not an OID,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTBYTEARRAY,FirstObject is not a ByteArray,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT,First argument is not a CertBasicConstraints Object,0),
-PKIX_ERRORENTRY(FIRSTDOUBLEHEXMUSTNOTBE00,First DoubleHex MUST NOT be 00,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(FIRSTFIELDMUSTBEBETWEEN02,First field must be between 0-2,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTANOCSPRESPONSE,FirstObject is not an OcspResponse,0),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPREQUEST,FirstObject is not a LdapRequest,0),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPRESPONSE,FirstObject is not a LdapResponse,0),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTOCSPREQUEST,FirstObject is not a OcspRequest,0),
-PKIX_ERRORENTRY(FIRSTOBJECTARGUMENTNOTANX500NAME,FirstObject is not an X500Name,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTANERROROBJECT,FirstObject is not an Error object,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTBIGINT,FirstObject not a BigInt,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDPARAMS,FirstObject is not a BuildParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDRESULT,FirstObject is not a BuildResult,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERT,FirstObject is not a Cert,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTBASICCONSTRAINTS,FirstObject is not a CertBasicConstraints,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTNAMECONSTRAINTS,FirstObject is not a CertNameConstraints,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYINFO,FirstObject is not a CertPolicyInfo,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYMAP,FirstObject is not a CertPolicyMap,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYQUALIFIER,FirstObject is not a CertPolicyQualifier,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCOMCRLSELPARAMS,FirstObject is not a ComCRLSelParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCRL,FirstObject is not a CRL,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLENTRY,FirstObject is not a CRLEntry,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLSELECTOR,FirstObject is not a CRLSelector,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTDATE,FirstObject is not a Date,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTERROR,FirstObject is not an Error,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTGENERALNAME,FirstObject is not a GeneralName,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTINFOACCESS,FirstObject is not a InfoAccess,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTLIST,FirstObject is not a List,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTLOGGER,FirstObject is not a Logger,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTPOLICYNODE,FirstObject is not a PolicyNode,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTPROCESSINGPARAMS,FirstObject is not a ProcessingParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTPUBLICKEY,FirstObject is not a PublicKey,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTRESOURCELIMITS,FirstObject is not a ResourceLimits,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTSTRING,FirstObject is not a String,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTTRUSTANCHOR,FirstObject is not a TrustAnchor,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATEPARAMS,FirstObject is not a ValidateParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATERESULT,FirstObject is not a ValidateResult,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTVERIFYNODE,FirstObject is not a VerifyNode,0),
-PKIX_ERRORENTRY(FIRSTPUBKEYTYPENULLKEY,firstPubKeyType is nullKey,0),
-PKIX_ERRORENTRY(FUNCTIONMUSTNOTBEUSED,Function MUST not be used,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(FORWARDBUILDERSTATEDUMPSTATEFAILED,pkix_ForwardBuilderState_DumpState failed,0),
-PKIX_ERRORENTRY(FORWARDBUILDERSTATEISIOPENDINGFAILED,pkix_ForwardBuilderState_IsIOPending failed,0),
-PKIX_ERRORENTRY(FORWARDBUILDSTATECREATEFAILED,pkix_ForwardBuildState_Create failed,0),
-PKIX_ERRORENTRY(FREEFAILED,PKIX_PL_Free failed,0),
-PKIX_ERRORENTRY(GENERALNAMECREATEFAILED,pkix_pl_GeneralName_Create failed,0),
-PKIX_ERRORENTRY(GENERALNAMEGETNSSGENERALNAMEFAILED,pkix_pl_GeneralName_GetNssGeneralName failed,0),
-PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGDOUBLESLASH,GeneralName string missing double slash,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGLOCATIONTYPE,GeneralName string missing location type,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGSERVERSITE,GeneralName string missing server-site,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(GENERALNAMETOSTRINGFAILED,pkix_pl_GeneralName_ToString failed,0),
-PKIX_ERRORENTRY(GENERALNAMETOSTRINGHELPERFAILED,pkix_pl_GeneralName_ToString_Helper failed,0),
-PKIX_ERRORENTRY(GENERICCLIENTNOTANLDAPDEFAULTCLIENT,genericClient is not an LdapDefaultClient,0),
-PKIX_ERRORENTRY(GETATTRIBUTESCALLEDFORNONENTRYMESSAGE,GetAttributes called for non-Entry message,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(GETCERTSFAILED,getCerts failed,0),
-PKIX_ERRORENTRY(GETCRITICALEXTENSIONOIDSFAILED,pkix_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(GETCRLSFAILED,getCrls failed,0),
-PKIX_ERRORENTRY(GETOIDTOKENFAILED,pkix_pl_getOIDToken failed,0),
-PKIX_ERRORENTRY(GETPKIXERRORCODEFAILED,Get PKIX error code failed,0),
-PKIX_ERRORENTRY(GETREQCERTIFICATEUSAGESFAILED,Fail to get required certificate usages,0),
-PKIX_ERRORENTRY(GETRESULTCODECALLEDFORNONRESULTMESSAGE,GetResultCode called for non-Result message,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(GETRETCERTIFICATEUSAGESFAILED,Fail to get returned certificate usages,0),
-PKIX_ERRORENTRY(GETTRUSTEDCERTLISTFAILED,Fail to get trusted cert list,0),
-PKIX_ERRORENTRY(HASHFAILED,pkix_hash failed,0),
-PKIX_ERRORENTRY(HASHTABLEADDFAILED,PKIX_PL_HashTable_Add failed,0),
-PKIX_ERRORENTRY(HASHTABLECREATEFAILED,PKIX_PL_HashTable_Create failed,0),
-PKIX_ERRORENTRY(HASHTABLELOOKUPFAILED,PKIX_PL_HashTable_Lookup failed,0),
-PKIX_ERRORENTRY(HASHTABLEREMOVEFAILED,PKIX_PL_HashTable_Remove failed,0),
-PKIX_ERRORENTRY(HELPERBYTES2ASCIIFAILED,pkix_pl_helperBytes2Ascii failed,0),
-PKIX_ERRORENTRY(HELPERBYTES2ASCIINUMTOKENSZERO,pkix_pl_helperBytes2Ascii: numTokens is zero,0),
-PKIX_ERRORENTRY(HTTPCERTSTORECREATEREQUESTSESSIONFAILED,pkix_pl_HttpCertStore_CreateRequestSession failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTORECREATEWITHASCIINAMEFAILED,PKIX_PL_HttpCertStore_CreateWithAsciiName failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREDECODECERTPACKAGEFAILED,pkix_pl_HttpCertStore_DecodeCertPackage failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED,pkix_HttpCertStore_FindSocketConnection failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCERTRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCertResponse failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCRLRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCrlResponse failed,0),
-PKIX_ERRORENTRY(HTTPCLIENTCREATESESSIONFAILED,HttpClient->CreateSession failed,0),
-PKIX_ERRORENTRY(HTTPCLIENTININVALIDSTATE,HttpClient in invalid state,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_HttpDefaultClient_ConnectContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCREATEFAILED,pkix_pl_HttpDefaultClient_Create failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_HttpDefaultClient_Dispatch failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED,pkix_pl_HttpDefaultClient_HdrCheckComplete failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTINILLEGALSTATE,HttpDefaultClient in illegal state,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvBodyContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYFAILED,pkix_pl_HttpDefaultClient_RecvBody failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvHdrContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRFAILED,pkix_pl_HttpDefaultClient_RecvHdr failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_HttpDefaultClient_SendContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDFAILED,pkix_pl_HttpDefaultClient_Send failed,0),
-PKIX_ERRORENTRY(HTTPSERVERERROR,HTTP Server Error,0),
-PKIX_ERRORENTRY(ILLEGALCHARACTERINESCAPEDASCII,Illegal character in Escaped ASCII String,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALCHARACTERINOID,Illegal character in OID,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALDOTINOID,Illegal period in OID,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALSURROGATEPAIR,Illegal surrogate pair in EscapedASCII,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALUNICODECHARACTER,Illegal Unicode character in EscapedASCII,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALUSEOFAMP,Illegal use of ampersand character,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(IMPOSSIBLECRITERIONFORCRLQUERY,Impossible criterion for Crl Query,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INDEXOUTOFBOUNDS,Index out of bounds,SEC_ERROR_LIBPKIX_INTERNAL),
-PKIX_ERRORENTRY(INESCAPEDASCII,in EscapedASCII,0),
-PKIX_ERRORENTRY(INFOACCESSCREATEFAILED,pkix_pl_InfoAccess_Create failed,0),
-PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed,0),
-PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0),
-PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0),
-PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0),
-PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,0),
-PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,0),
-PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0),
-PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0),
-PKIX_ERRORENTRY(INPUTLISTMUSTBEHEADER,Input List must be header,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INPUTLISTSMUSTBELISTHEADERS,Input Lists must be list headers,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCERTQUERY,Insufficient criteria for Cert query,0),
-PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCRLQUERY,Insufficient criteria for Crl Query,0),
-PKIX_ERRORENTRY(INTRUSTEDCERT,in Trusted Cert,0),
-PKIX_ERRORENTRY(INVALIDCHARACTERINBIGINT,Invalid character in BigInt,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INVALIDDERENCODINGFOROID,Invalid DER-encoding for OID,0),
-PKIX_ERRORENTRY(INVALIDENCODINGOIDTOKENVALUETOOBIG,Invalid encoding: OID token value too big,0),
-PKIX_ERRORENTRY(INVALIDPOLICYMAPPINGINCLUDESANYPOLICY,Invalid policyMapping includes anyPolicy,SEC_ERROR_INVALID_POLICY_MAPPING),
-PKIX_ERRORENTRY(INVALIDREVOCATIONMETHOD,Invalid revocation method,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INVALIDSIGNINGCERTINOCSPRESPONSE,Invalid signing Cert in OCSP response,SEC_ERROR_OCSP_INVALID_SIGNING_CERT),
-PKIX_ERRORENTRY(INVALIDSTATUS,INVALID STATUS,0),
-PKIX_ERRORENTRY(INVALIDSTORETYPEFORSETTINGCONFIGDIR,Invalid Store type for Setting ConfigDir,0),
-PKIX_ERRORENTRY(IPADDRBYTES2ASCIIDATALENGTHZERO,pkix_pl_ipAddrBytes2Ascii: data length is zero,0),
-PKIX_ERRORENTRY(IPADDRBYTES2ASCIIFAILED,pkix_pl_ipAddrBytes2Ascii failed,0),
-PKIX_ERRORENTRY(ISCERTSELFISSUEDFAILED,pkix_IsCertSelfIssued failed,0),
-PKIX_ERRORENTRY(ISCERTSELFISSUEFAILED,pkix_IsCertSelfIssue failed,0),
-PKIX_ERRORENTRY(KEYUSAGEKEYCERTSIGNBITNOTON,Validation failed: KeyUsage KeyCertSign bit is not on,SEC_ERROR_CA_CERT_INVALID),
-PKIX_ERRORENTRY(KEYUSAGEKEYCRLSIGNBITNOTON,Validation failed: KeyUsage CRLSign bit is not on,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCERTLISTFAILED,pkix_pl_LdapCertStore_BuildCertList failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCRLLISTFAILED,pkix_pl_LdapCertStore_BuildCrlList failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREDECODECROSSCERTPAIRFAILED,pkix_pl_LdapCertStore_DecodeCrossCertPair failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREDESTROYAVALISTFAILED,pkix_pl_LdapCertStore_DestroyAVAList failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREINILLEGALSTATE,LDAP CertStore in illegal state,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREMAKENAMEAVALISTFAILED,pkix_pl_LdapCertStore_MakeNameAVAList failed,0),
-PKIX_ERRORENTRY(LDAPCLIENTINITIATEREQUESTFAILED,PKIX_PL_LdapClient_InitiateRequest failed,0),
-PKIX_ERRORENTRY(LDAPCLIENTRESUMEREQUESTFAILED,PKIX_PL_LdapClient_ResumeRequest failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTABANDONCONTINUEFAILED,pkix_pl_LdapDefaultClient_AbandonContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDCONTINUEFAILED,pkix_pl_LdapDefaultClient_BindContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDFAILED,pkix_pl_LdapDefaultClient_Bind failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSECONTINUEFAILED,pkix_pl_LdapDefaultClient_BindResponseContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_BindResponse failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_LdapDefaultClient_ConnectContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEBYNAMEFAILED,PKIX_PL_LdapDefaultClient_CreateByName failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEHELPERFAILED,pkix_pl_LdapDefaultClient_CreateHelper failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_DecodeBindResponse failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_LdapDefaultClient_Dispatch failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTINILLEGALSTATE,LDAP DefaultClient in illegal state,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEABANDONFAILED,pkix_pl_LdapDefaultClient_MakeAbandon failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEANDFILTERFAILED,pkix_pl_LdapDefaultClient_MakeAndFilter failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEBINDFAILED,pkix_pl_LdapDefaultClient_MakeBind failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEUNBINDFAILED,pkix_pl_LdapDefaultClient_MakeUnbind failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED,pkix_pl_LdapDefaultClient_RecvCheckComplete failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCONTINUEFAILED,pkix_pl_LdapDefaultClient_RecvContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVFAILED,pkix_pl_LdapDefaultClient_Recv failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVINITIALFAILED,pkix_pl_LdapDefaultClient_RecvInitial failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVNONINITIALFAILED,pkix_pl_LdapDefaultClient_RecvNonInitial failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_LdapDefaultClient_SendContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDFAILED,pkix_pl_LdapDefaultClient_Send failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_VerifyBindResponse failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTATTRSTRINGTOBITFAILED,pkix_pl_LdapRequest_AttrStringToBit failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTATTRTYPETOBITFAILED,pkix_pl_LdapRequest_AttrTypeToBit failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTCREATEFAILED,pkix_pl_LdapRequest_Create failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTENCODEATTRSFAILED,pkix_pl_LdapRequest_EncodeAttrs failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTGETENCODEDFAILED,pkix_pl_LdapRequest_GetEncoded failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEAPPENDFAILED,pkix_pl_LdapResponse_Append failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSECREATEFAILED,pkix_pl_LdapResponseCreate failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEDECODEFAILED,pkix_pl_LDAPResponse_Decode failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETCAPACITYFAILED,pkix_pl_LdapResponse_GetCapacity failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGEFAILED,pkix_pl_LdapResponse_GetMessage failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGETYPEFAILED,pkix_pl_LdapResponse_GetMessageType failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETRESULTCODEFAILED,pkix_pl_LdapResponse_GetResultCode failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEISCOMPLETEFAILED,pkix_pl_LdapResponse_IsComplete failed,0),
-PKIX_ERRORENTRY(LISTAPPENDFAILED,PKIX_List_Append failed,0),
-PKIX_ERRORENTRY(LISTAPPENDITEMFAILED,PKIX_List_AppendItem failed,0),
-PKIX_ERRORENTRY(LISTAPPENDLISTFAILED,pkix_List_AppendList failed,0),
-PKIX_ERRORENTRY(LISTAPPENDUNIQUEFAILED,pkix_List_AppendUnique failed,0),
-PKIX_ERRORENTRY(LISTBUBBLESORTFAILED,pkix_List_BubbleSort failed,0),
-PKIX_ERRORENTRY(LISTCONTAINSFAILED,pkix_List_Contains failed,0),
-PKIX_ERRORENTRY(LISTCREATEFAILED,PKIX_List_Create failed,0),
-PKIX_ERRORENTRY(LISTCREATEINTERNALFAILED,pkix_List_Create_Internal failed,0),
-PKIX_ERRORENTRY(LISTDELETEITEMFAILED,PKIX_List_DeleteItem failed,0),
-PKIX_ERRORENTRY(LISTDUPLICATEFAILED,pkix_List_Duplicate failed,0),
-PKIX_ERRORENTRY(LISTEQUALSFAILED,PKIX_List_Equals failed,0),
-PKIX_ERRORENTRY(LISTGETELEMENTFAILED,pkix_List_GetElement failed,0),
-PKIX_ERRORENTRY(LISTGETITEMFAILED,PKIX_List_GetItem failed,0),
-PKIX_ERRORENTRY(LISTGETLENGTHFAILED,PKIX_List_GetLength failed,0),
-PKIX_ERRORENTRY(LISTHASHCODEFAILED,pkix_List_Hashcode failed,0),
-PKIX_ERRORENTRY(LISTINSERTITEMFAILED,PKIX_List_InsertItem failed,0),
-PKIX_ERRORENTRY(LISTISEMPTYFAILED,PKIX_List_IsEmpty failed,0),
-PKIX_ERRORENTRY(LISTMERGEFAILED,pkix_List_MergeList failed,0),
-PKIX_ERRORENTRY(LISTQUICKSORTFAILED,pkix_List_QuickSort failed,0),
-PKIX_ERRORENTRY(LISTREMOVEFAILED,pkix_List_Remove failed,0),
-PKIX_ERRORENTRY(LISTREMOVEITEMSFAILED,pkix_List_RemoveItems failed,0),
-PKIX_ERRORENTRY(LISTREVERSELISTFAILED,PKIX_List_ReverseList failed,0),
-PKIX_ERRORENTRY(LISTSETIMMUTABLEFAILED,PKIX_List_SetImmutable failed,0),
-PKIX_ERRORENTRY(LISTSETITEMFAILED,PKIX_List_SetItem failed,0),
-PKIX_ERRORENTRY(LISTTOSTRINGFAILED,pkix_List_ToString failed,0),
-PKIX_ERRORENTRY(LISTTOSTRINGHELPERFAILED,pkix_List_ToString Helper failed,0),
-PKIX_ERRORENTRY(LOCATIONSTRINGNOTPROPERLYTERMINATED,Location string not properly terminated,0),
-PKIX_ERRORENTRY(LOCKHASNONZEROREADCOUNT,Lock has non-zero read count,0),
-PKIX_ERRORENTRY(LOCKOBJECTFAILED,pkix_LockObject failed,0),
-PKIX_ERRORENTRY(LOGGERDUPLICATEFAILED,pkix_Logger_Duplicate failed,0),
-PKIX_ERRORENTRY(LOGGINGLEVELEXCEEDSMAXIMUM,Logging Level exceeds Maximum,0),
-PKIX_ERRORENTRY(LOOPDISCOVEREDDUPCERTSNOTALLOWED,Loop discovered: duplicate certificates not allowed,SEC_ERROR_UNTRUSTED_ISSUER),
-PKIX_ERRORENTRY(LOOPOFERRORCAUSEDETECTED,Loop of error causes detected,0),
-PKIX_ERRORENTRY(MAJORVERSIONSDONTMATCH,Major versions do not match,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(MALLOCFAILED,PKIX_PL_Malloc failed,0),
-PKIX_ERRORENTRY(MEMLEAKGENERATEDERROR,Error generated for memory leak testing,SEC_ERROR_NO_MEMORY),
-PKIX_ERRORENTRY(MINORVERSIONNOTBETWEENDESIREDMINANDMAX,Minor version does not fall between desired minimum and maximum,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(MISSINGDSAPARAMETERS,Missing DSA parameters in Trusted Cert,SEC_ERROR_INVALID_KEY),
-PKIX_ERRORENTRY(MONITORLOCKCREATEFAILED,PKIX_PL_MonitorLock_Create failed,0),
-PKIX_ERRORENTRY(MONITORLOCKENTERFAILED,PKIX_PL_MonitorLock_Enter failed,0),
-PKIX_ERRORENTRY(MONITORLOCKEXITFAILED,PKIX_PL_MonitorLock_Exit failed,0),
-PKIX_ERRORENTRY(MUTEXLOCKFAILED,PKIX_PL_Mutex_Lock failed,0),
-PKIX_ERRORENTRY(NAMECHAININGCHECKERINITIALIZEFAILED,pkix_NameChainingChecker_Initialize failed,0),
-PKIX_ERRORENTRY(NAMECHAININGCHECKFAILED,Name Chaining Check failed,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(NAMECOMPONENTWITHNOEQ,Name Component with no equal sign,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERINITIALIZEFAILED,pkix_NameConstraintsChecker_Initialize failed,0),
-PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERSTATECREATEFAILED,pkix_NameConstraintsCheckerState_Create failed,0),
-PKIX_ERRORENTRY(NAMETYPENOTSUPPORTED,name type not supported,0),
-PKIX_ERRORENTRY(NOCONTENTTYPEINHTTPRESPONSE,No content type in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(NODESMISSINGFROMCHAIN,Nodes missing from chain,0),
-PKIX_ERRORENTRY(NOREGISTEREDHTTPCLIENT,No registered Http Client,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(NORESPONSEDATAINHTTPRESPONSE,No responseData in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(NOTARGETCERTSUPPLIED,No target cert supplied,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(NOTCONFORMINGCRLDP,Cert CRL DP does not conform to the rfc, 0),
-PKIX_ERRORENTRY(NOTDERPACKAGE,Not a DER package,0),
-PKIX_ERRORENTRY(NOTENOUGHNAMECOMPONENTSINGENERALNAME,Not enough name components in GeneralName,0),
-PKIX_ERRORENTRY(NSSCERTIFICATEUSAGETOPKIXKUANDEKUFAILED,Failed to convert nss certificate usage to pkix ku and eku data structures,0),
-PKIX_ERRORENTRY(NSSCONTEXTCREATEFAILED,PKIX_PL_NssContext_Create failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTDESTROYFAILED,PKIX_PL_NssContext_Destroy failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTGETCHECKALLUSAGESFAILED, pkix_pl_NssContext_GetCheckAllUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTGETRETURNUSAGESFAILED, pkix_pl_NssContext_GetReturnUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTGETWINCXFAILED,pkix_pl_NssContext_GetWincx failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETCERTSIGNCHECKFAILED, pkix_pl_NssContext_SetCertSignatureCheck,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETCERTUSAGEFAILED, pkix_pl_NssContext_SetCertUsage failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETCHECKALLUSAGESFAILED, pkix_pl_NssContext_SetCheckAllUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETRETURNEDCERTUSAGEFAILED, pkix_pl_NssContext_SetReturnedCertUsage,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETRETURNUSAGESFAILED, pkix_pl_NssContext_SetReturnUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTVALIDATINGRESPONDERCERTFAILED,pkix_pl_NssContext_ValidatingResponderCert failed,0),
-PKIX_ERRORENTRY(NSSTRUSTEDLISTISEMPTY,nss trusted roots list is empty,0),
-PKIX_ERRORENTRY(NULLARGUMENT,Null argument,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(NUMBUCKETSEQUALSZERO,NumBuckets equals zero,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OBJECTALLOCFAILED,PKIX_PL_Object_Alloc failed,0),
-PKIX_ERRORENTRY(OBJECTARGUMENTNOTPOLICYMAP,object argument is not a PolicyMap,0),
-PKIX_ERRORENTRY(OBJECTCOMPARATORFAILED,PKIX_PL_Object_Comparator failed,0),
-PKIX_ERRORENTRY(OBJECTDEFINED,object-defined ,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATECERTFAILED,PKIX_PL_Object_Duplicate Cert failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATECONTEXTFAILED,PKIX_PL_Object_Duplicate Context failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEDATEFAILED,PKIX_PL_Object_Duplicate Date failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEFAILED,PKIX_PL_Object_Duplicate failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEISSUERNAMESFAILED,PKIX_PL_Object_Duplicate IssuerNames failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATELISTFAILED,PKIX_PL_Object_Duplicate List failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEMAXCRLNUMBERFAILED,PKIX_PL_Object_Duplicate maxCRLNumber failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEMINCRLNUMBERFAILED,PKIX_PL_Object_Duplicate minCRLNumber failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEPARAMSFAILED,PKIX_PL_Object_Duplicate Params failed,0),
-PKIX_ERRORENTRY(OBJECTEQUALSFAILED,PKIX_PL_Object_Equals failed,0),
-PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONCHILDREN,PKIX_PL_Object_Equals failed on children,0),
-PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS,PKIX_PL_Object_Equals failed on expectedPolicySets,0),
-PKIX_ERRORENTRY(OBJECTGETTYPEFAILED,PKIX_PL_Object_GetType failed,0),
-PKIX_ERRORENTRY(OBJECTHASHCODEFAILED,PKIX_PL_Object_Hashcode failed,0),
-PKIX_ERRORENTRY(OBJECTINVALIDATECACHEFAILED,PKIX_PL_Object_InvalidateCache failed,0),
-PKIX_ERRORENTRY(OBJECTISTYPEREGISTEREDFAILED,PKIX_PL_Object_IsTypeRegistered failed,0),
-PKIX_ERRORENTRY(OBJECTLOCKFAILED,PKIX_PL_Object_Lock failed,0),
-PKIX_ERRORENTRY(OBJECTNOTAIAMGR,Object is not a AIAMgr,0),
-PKIX_ERRORENTRY(OBJECTNOTANEKUCHECKERSTATE,Object is not an EKU Checker State,0),
-PKIX_ERRORENTRY(OBJECTNOTANERROR,Object is not an Error,0),
-PKIX_ERRORENTRY(OBJECTNOTANHTTPCERTSTORECONTEXT,Object is not an HttpCertStoreContext,0),
-PKIX_ERRORENTRY(OBJECTNOTANHTTPDEFAULTCLIENT,Object is not an HttpDefaultClient,0),
-PKIX_ERRORENTRY(OBJECTNOTANINFOACCESS,Object is not an InfoAccess,0),
-PKIX_ERRORENTRY(OBJECTNOTANLDAPDEFAULTCLIENT,Object is not an LdapDefaultClient,0),
-PKIX_ERRORENTRY(OBJECTNOTANOCSPRESPONSE,Object is not an OcspResponse,0),
-PKIX_ERRORENTRY(OBJECTNOTANOID,Object is not an OID,0),
-PKIX_ERRORENTRY(OBJECTNOTANSOCKET,Object is not an Socket,0),
-PKIX_ERRORENTRY(OBJECTNOTANX500NAME,Object is not an X500Name,0),
-PKIX_ERRORENTRY(OBJECTNOTBASICCONSTRAINTSCHECKERSTATE,Object is not a basic constraints checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTBIGINT,Object is not a BigInt,0),
-PKIX_ERRORENTRY(OBJECTNOTBUILDPARAMS,Object is not a BuildParams,0),
-PKIX_ERRORENTRY(OBJECTNOTBUILDRESULT,Object is not a BuildResult,0),
-PKIX_ERRORENTRY(OBJECTNOTBYTEARRAY,Object is not a bytearray,0),
-PKIX_ERRORENTRY(OBJECTNOTCERT,Object is not a Cert,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTBASICCONSTRAINTS,Object is not a CertBasicConstraints,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTCHAINCHECKER,Object is not a cert chain checker,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTNAMECONSTRAINTS,Object is not a CertNameConstraints,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYINFO,Object is not a CertPolicyInfo,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYMAP,Object is not a CertPolicyMap,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYQUALIFIER,Object is not a CertPolicyQualifier,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTSELECTOR,Object is not a cert selector,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTSTORE,Object is not a CertStore,0),
-PKIX_ERRORENTRY(OBJECTNOTCOLLECTIONCERTSTORECONTEXT,Object is not a CollectionCertStoreContext,0),
-PKIX_ERRORENTRY(OBJECTNOTCOMCERTSELPARAMS,Object is not a comCertSelParams,0),
-PKIX_ERRORENTRY(OBJECTNOTCOMCRLSELPARAMS,Object is not a ComCRLSelParams,0),
-PKIX_ERRORENTRY(OBJECTNOTCRL,Object is not a CRL,0),
-PKIX_ERRORENTRY(OBJECTNOTCRLENTRY,Object is not a CRLEntry,0),
-PKIX_ERRORENTRY(OBJECTNOTCRLSELECTOR,Object is not a CRLSelector,0),
-PKIX_ERRORENTRY(OBJECTNOTDATE,Object is not a Date,0),
-PKIX_ERRORENTRY(OBJECTNOTCRLCHECKER,Object is not a CRLChecker,0),
-PKIX_ERRORENTRY(OBJECTNOTDEFAULTREVOCATIONCHECKER,Object is not a DefaultRevocationChecker,0),
-PKIX_ERRORENTRY(OBJECTNOTFORWARDBUILDERSTATE,Object is not a PKIX_ForwardBuilderState,0),
-PKIX_ERRORENTRY(OBJECTNOTGENERALNAME,Object is not a GeneralName,0),
-PKIX_ERRORENTRY(OBJECTNOTHASHTABLE,Object is not a hashtable,0),
-PKIX_ERRORENTRY(OBJECTNOTINFOACCESS,Object is not a InfoAccess,0),
-PKIX_ERRORENTRY(OBJECTNOTLDAPREQUEST,Object is not a LdapRequest,0),
-PKIX_ERRORENTRY(OBJECTNOTLDAPRESPONSE,Object is not a LdapResponse,0),
-PKIX_ERRORENTRY(OBJECTNOTLIST,Object is not a list,0),
-PKIX_ERRORENTRY(OBJECTNOTLOGGER,Object is not a Logger,0),
-PKIX_ERRORENTRY(OBJECTNOTMONITORLOCK,Object is not a MonitorLock,0),
-PKIX_ERRORENTRY(OBJECTNOTMUTEX,Object is not a Mutex,0),
-PKIX_ERRORENTRY(OBJECTNOTNAMECONSTRAINTSCHECKERSTATE,Object is not a name constraints checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTOCSPCERTID,Object is not an OcspCertID,0),
-PKIX_ERRORENTRY(OBJECTNOTOCSPCHECKER,Object is not an OCSPChecker,0),
-PKIX_ERRORENTRY(OBJECTNOTOCSPREQUEST,Object is not an OcspRequest,0),
-PKIX_ERRORENTRY(OBJECTNOTPOLICYCHECKERSTATE,Object is not a PKIX_PolicyCheckerState,0),
-PKIX_ERRORENTRY(OBJECTNOTPOLICYNODE,Object is not a PolicyNode,0),
-PKIX_ERRORENTRY(OBJECTNOTPROCESSINGPARAMS,Object is not a ProcessingParams,0),
-PKIX_ERRORENTRY(OBJECTNOTPUBLICKEY,Object is not a PublicKey,0),
-PKIX_ERRORENTRY(OBJECTNOTRESOURCELIMITS,Object is not a ResourceLimits,0),
-PKIX_ERRORENTRY(OBJECTNOTREVOCATIONCHECKER,Object is not a revocation checker,0),
-PKIX_ERRORENTRY(OBJECTNOTRWLOCK,Object is not a RWLock,0),
-PKIX_ERRORENTRY(OBJECTNOTSIGNATURECHECKERSTATE,Object is not a signature checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTSOCKET,Object is not a Socket,0),
-PKIX_ERRORENTRY(OBJECTNOTSTRING,Object is not a string,0),
-PKIX_ERRORENTRY(OBJECTNOTTARGETCERTCHECKERSTATE,Object is not a target cert checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTTRUSTANCHOR,Object is not a trustAnchor,0),
-PKIX_ERRORENTRY(OBJECTNOTVALIDATEPARAMS,Object is not a ValidateParams,0),
-PKIX_ERRORENTRY(OBJECTNOTVALIDATERESULT,Object is not a ValidateResult,0),
-PKIX_ERRORENTRY(OBJECTNOTVERIFYNODE,Object is not a VerifyNode,0),
-PKIX_ERRORENTRY(OBJECTREGISTERTYPEFAILED,PKIX_PL_Object_RegisterType failed,0),
-PKIX_ERRORENTRY(OBJECTRETRIEVEEQUALSCALLBACKFAILED,pkix_pl_Object_RetrieveEqualsCallback failed,0),
-PKIX_ERRORENTRY(OBJECTSPECIFICFUNCTIONFAILED,object-specific function failed,0),
-PKIX_ERRORENTRY(OBJECTSTILLREFERENCED,Object is still referenced,0),
-PKIX_ERRORENTRY(OBJECTTOSTRINGFAILED,PKIX_PL_Object_ToString failed,0),
-PKIX_ERRORENTRY(OBJECTTYPESDONOTMATCH,Object types do not match,0),
-PKIX_ERRORENTRY(OBJECTWITHNONPOSITIVEREFERENCES,Object with non-positive references,0),
-PKIX_ERRORENTRY(OCSPCERTIDCREATEFAILED,PKIX_PL_OcspCertID_Create failed,0),
-PKIX_ERRORENTRY(OCSPCERTIDGETFRESHCACHESTATUSFAILED,PKIX_PL_OcspCertID_GetFreshCacheStatus returned an error,0),
-PKIX_ERRORENTRY(OCSPCERTIDREMEMBEROCSPFAILUREDFAILED,PKIX_PL_OcspCertID_RememberOCSPProcessingFailure,0),
-PKIX_ERRORENTRY(OCSPCHECKERCREATEFAILED,PKIX_OcspChecker_Create failed,0),
-PKIX_ERRORENTRY(OCSPBADHTTPRESPONSE,Bad Http Response,SEC_ERROR_OCSP_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(OCSPREQUESTCREATEFAILED,PKIX_PL_OcspRequest_Create failed,0),
-PKIX_ERRORENTRY(OCSPREQUESTGETCERTIDFAILED,pkix_pl_OcspRequest_GetCertID failed,0),
-PKIX_ERRORENTRY(OCSPREQUESTGETENCODEDFAILED,pkix_pl_OcspRequest_GetEncoded failed,0),
-PKIX_ERRORENTRY(OCSPREQUESTGETLOCATIONFAILED,pkix_pl_OcspRequest_GetLocation failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSECREATEFAILED,pkix_pl_OcspResponse_Create failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSEDECODEFAILED,pkix_pl_OcspResponse_Decode failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSFORCERTFAILED,pkix_pl_OcspResponse_GetStatusForCert failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSRETURNEDANERROR,pkix_pl_OcspResponse_GetStatus returned an error,0),
-PKIX_ERRORENTRY(OCSPRESPONSESAYSCERTREVOKED,OCSP response says Cert revoked,SEC_ERROR_REVOKED_CERTIFICATE_OCSP),
-PKIX_ERRORENTRY(OCSPRESPONSEVERIFYSIGNATUREFAILED,pkix_pl_OcspResponse_VerifySignature failed,0),
-PKIX_ERRORENTRY(OCSPSERVERERROR,OCSP Server Error,SEC_ERROR_OCSP_SERVER_ERROR),
-PKIX_ERRORENTRY(OIDBYTES2ASCIIDATALENGTHZERO,pkix_pl_oidBytes2Ascii: data length is zero,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OIDBYTES2ASCIIFAILED,pkix_pl_oidBytes2Ascii failed,0),
-PKIX_ERRORENTRY(OIDBYTESLENGTH0,Oid bytes length is 0,0),
-PKIX_ERRORENTRY(OIDCOMPARATORFAILED,pkix_pl_OID_Comparator failed,0),
-PKIX_ERRORENTRY(OIDCOMPONENTTOOBIG,Overflow error: OID component > 2^32,0),
-PKIX_ERRORENTRY(OIDCREATEFAILED,PKIX_PL_OID_Create failed,0),
-PKIX_ERRORENTRY(OIDEQUALFAILED,PKIX_PL_OID_Equal failed,0),
-PKIX_ERRORENTRY(OIDEQUALSFAILED,PKIX_PL_OID_Equals failed,0),
-PKIX_ERRORENTRY(OIDGETNEXTTOKENFAILED,pkix_pl_OID_GetNextToken failed,0),
-PKIX_ERRORENTRY(OIDHASHCODEFAILED,PKIX_PL_OID_Hashcode failed,0),
-PKIX_ERRORENTRY(OIDLENGTHTOOSHORT,OID length too short,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OIDNEEDS2ORMOREFIELDS,OID needs 2 or more fields,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OIDTOSTRINGFAILED,PKIX_PL_OID_ToString failed,0),
-PKIX_ERRORENTRY(OPERATIONNOTPERMITTEDONIMMUTABLELIST,Operation not permitted on Immutable List,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OTHERNAMECREATEFAILED,pkix_pl_OtherName_Create failed,0),
-PKIX_ERRORENTRY(OUTOFMEMORY,Out of Memory,0),
-PKIX_ERRORENTRY(PATHLENCONSTRAINTINVALID,Certificate path length constraint is invalid,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID),
-PKIX_ERRORENTRY(PK11CERTSTORECERTQUERYFAILED,pkix_pl_Pk11CertStore_CertQuery failed,0),
-PKIX_ERRORENTRY(PK11CERTSTORECREATEFAILED,PKIX_PL_Pk11CertStore_Create failed,0),
-PKIX_ERRORENTRY(PK11CERTSTORECRLQUERYFAILED,pkix_pl_Pk11CertStore_CrlQuery failed,0),
-PKIX_ERRORENTRY(PKIXUNKNOWNERROR,PKIX uninitialized error code,0),
-PKIX_ERRORENTRY(POLICYCHECKERCALCULATEINTERSECTIONFAILED,pkix_PolicyChecker_CalculateIntersection failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERCHECKANYFAILED,pkix_PolicyChecker_CheckAny failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERCHECKPOLICYRECURSIVEFAILED,pkix_PolicyChecker_CheckPolicyRecursive failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERERROR,PolicyChecker Error,0),
-PKIX_ERRORENTRY(POLICYCHECKERINITIALIZEFAILED,pkix_PolicyChecker_Initialize failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAKEMUTABLECOPYFAILED,pkix_PolicyChecker_MakeMutableCopy failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAKESINGLETONFAILED,pkix_PolicyChecker_MakeSingleton failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAPCONTAINSFAILED,pkix_PolicyChecker_MapContains failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED,pkix_PolicyChecker_MapGetMappedPolicies failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED,pkix_PolicyChecker_MapGetSubjectDomainPolicies failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERSPAWNFAILED,pkix_PolicyChecker_Spawn failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERSTATECREATEFAILED,PKIX_PolicyCheckerState_Create failed,0),
-PKIX_ERRORENTRY(POLICYNODEADDTOPARENTFAILED,pkix_PolicyNode_AddToParent failed,0),
-PKIX_ERRORENTRY(POLICYNODECREATEFAILED,pkix_PolicyNode_Create failed,0),
-PKIX_ERRORENTRY(POLICYNODEDUPLICATEHELPERFAILED,pkix_PolicyNode_DuplicateHelper failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETCHILDRENMUTABLEFAILED,pkix_PolicyNode_GetChildrenMutable failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETDEPTHFAILED,PKIX_PolicyNode_GetDepth failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETEXPECTEDPOLICIESFAILED,PKIX_PolicyNode_GetExpectedPolicies failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETPARENTFAILED,PKIX_PolicyNode_GetParent failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETPOLICYQUALIFIERSFAILED,PKIX_PolicyNode_GetPolicyQualifiers failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETVALIDPOLICYFAILED,PKIX_PolicyNode_GetValidPolicy failed,0),
-PKIX_ERRORENTRY(POLICYNODEISCRITICALFAILED,PKIX_PolicyNode_IsCritical failed,0),
-PKIX_ERRORENTRY(POLICYNODEPRUNEFAILED,pkix_PolicyNode_Prune failed,0),
-PKIX_ERRORENTRY(POLICYTREETOOIDSFAILED,Failed to convert policy tree to oid,0),
-PKIX_ERRORENTRY(PORTARENAALLOCFAILED,PORT Arena Allocation failed, 0),
-PKIX_ERRORENTRY(PORTUCS2UTF8CONVERSIONFAILED,PORT_UCS2_UTF8Conversion failed.,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(PRACCEPTFAILED,PR_Accept failed,0),
-PKIX_ERRORENTRY(PRBINDFAILED,PR_Bind failed,0),
-PKIX_ERRORENTRY(PRCONNECTCONTINUEFAILED,PR_ConnectContinue failed,0),
-PKIX_ERRORENTRY(PRCONNECTFAILED,PR_Connect failed,0),
-PKIX_ERRORENTRY(PRENUMERATEHOSTENTFAILED,PR_EnumerateHostEnt failed.,0),
-PKIX_ERRORENTRY(PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT,PR_GetHostByName rejects hostname argument.,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEADDFAILED,pkix_pl_PrimHashTable_Add failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLECREATEFAILED,pkix_pl_PrimHashTable_Create failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEDESTROYFAILED,pkix_pl_PrimHashTable_Destroy failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEGETBUCKETSIZEFAILED,pkix_pl_PrimHashTable_GetBucketSize failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLELOOKUPFAILED,pkix_pl_PrimHashTable_Lookup failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEREMOVEFAILED,pkix_pl_PrimHashTable_Remove failed,0),
-PKIX_ERRORENTRY(PRLISTENFAILED,PR_Listen failed,0),
-PKIX_ERRORENTRY(PRNEWTCPSOCKETFAILED,PR_NewTCPSocket failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTCHAINCHECKERFAILED,PKIX_ProcessingParams_AddCertChainChecker failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTSTOREFAILED,PKIX_ProcessingParams_AddCertStore failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSADDREVMETHODFAILED,PKIX_ProcessingParams_AddRevocationMethod failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSCREATEFAILED,PKIX_ProcessingParams_Create failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED,PKIX_ProcessingParams_GetCertChainCheckers failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTSTORESFAILED,PKIX_ProcessingParams_GetCertStores failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETDATEFAILED,PKIX_ProcessingParams_GetDate failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETHINTCERTSFAILED,PKIX_ProcessingParams_GetHintCerts failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETINITIALPOLICIESFAILED,PKIX_ProcessingParams_GetInitialPolicies failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETNISTREVPOLICYENABLEDFAILED,pkix_ProcessingParams_GetNISTRevocationPolicyEnabled failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED,PKIX_ProcessingParams_GetPolicyQualifiersRejected failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETRESOURCELIMITSFAILED,PKIX_ProcessingParams_GetResourceLimits failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_GetRevocationChecker failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_GetRevocationEnabled failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_GetTargetCertConstraints failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETTRUSTANCHORSFAILED,PKIX_ProcessingParams_GetTrustAnchors failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED,PKIX_ProcessingParams_IsAnyPolicyInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED,PKIX_ProcessingParams_IsExplicitPolicyRequired failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED,PKIX_ProcessingParams_IsPolicyMappingInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETANYPOLICYINHIBITED,PKIX_ProcessingParams_SetAnyPolicyInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETCERTSTORESFAILED,PKIX_ProcessingParams_SetCertStores failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETDATEFAILED,PKIX_ProcessingParams_SetDate failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETEXPLICITPOLICYREQUIRED,PKIX_ProcessingParams_SetExplicitPolicyRequired failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETHINTCERTSFAILED,PKIX_ProcessingParams_SetHintCerts failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETINITIALPOLICIESFAILED,PKIX_ProcessingParams_SetInitialPolicies failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETNISTREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_SetNISTRevocationEnabled failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETPOLICYMAPPINGINHIBITED,PKIX_ProcessingParams_SetPolicyMappingInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_SetRevocationChecker failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_SetTargetCertConstraints failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETQUALIFYTARGETCERTFLAGFAILED,ProcessingParams_SetQualifyTargetCertFlag failed,0),
-PKIX_ERRORENTRY(PRPOLLFAILED,PR_Poll failed,0),
-PKIX_ERRORENTRY(PRPOLLRETBADFILENUM,PR_Poll failed,0),
-PKIX_ERRORENTRY(PRRECVFAILED,PR_Recv failed,0),
-PKIX_ERRORENTRY(PRRECVREPORTSNETWORKCONNECTIONCLOSED,PR_Recv reports network connection is closed,0),
-PKIX_ERRORENTRY(PRSENDFAILED,PR_Send failed,0),
-PKIX_ERRORENTRY(PRSHUTDOWNFAILED,PR_Shutdown failed,0),
-PKIX_ERRORENTRY(PRSMPRINTFFAILED,PR_smprintf failed,0),
-PKIX_ERRORENTRY(PRSNPRINTFFAILED,PR_snprintf failed,0),
-PKIX_ERRORENTRY(PUBKEYTYPENULLKEY,pubKeyType is nullKey,0),
-PKIX_ERRORENTRY(PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED,PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed,0),
-PKIX_ERRORENTRY(PUBLICKEYNEEDSDSAPARAMETERSFAILED,PKIX_PL_PublicKey_NeedsDSAParameters failed,0),
-PKIX_ERRORENTRY(PUBLICKEYTOSTRINGFAILED,PKIX_PL_PublicKey_ToString failed,0),
-PKIX_ERRORENTRY(PUBLICKEYTOSTRINGHELPERFAILED,pkix_pl_PublicKey_ToString_Helper failed,0),
-PKIX_ERRORENTRY(QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION,Qualifiers in critical Certificate Policy extension,0),
-PKIX_ERRORENTRY(REALLOCFAILED,PKIX_PL_Realloc failed,0),
-PKIX_ERRORENTRY(RECEIVEDCORRUPTEDOBJECTARGUMENT,Received corrupted object argument,0),
-PKIX_ERRORENTRY(REGISTERCERTSTOREFAILED,RegisterCertStores failed,0),
-PKIX_ERRORENTRY(REMOVEDUPUNTRUSTEDCERTSFAILED, pkix_Build_RemoveDupUntrustedCerts failed,0),
-PKIX_ERRORENTRY(REQUESTNOTANHTTPDEFAULTCLIENT,request is not an HttpDefaultClient,0),
-PKIX_ERRORENTRY(RESOURCELIMITSGETMAXDEPTHFAILED,PKIX_ResourceLimits_GetMaxDepth failed,0),
-PKIX_ERRORENTRY(RESOURCELIMITSGETMAXFANOUTFAILED,PKIX_ResourceLimits_GetMaxFanout failed,0),
-PKIX_ERRORENTRY(RESOURCELIMITSGETMAXTIMEFAILED,PKIX_ResourceLimits_GetMaxTime failed,0),
-PKIX_ERRORENTRY(RETRIEVEOUTPUTSFAILED,pkix_RetrieveOutputs failed,0),
-PKIX_ERRORENTRY(REVCHECKCERTFAILED,pkix_RevCheckCert failed,0),
-PKIX_ERRORENTRY(REVCHECKERCHECKFAILED,revCheckerCheck failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERADDMETHODFAILED,Can not add revocation method,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERCREATEFAILED,PKIX_RevocationChecker_Create failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCALLBACKFAILED,PKIX_RevocationChecker_GetRevCallback failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCHECKERCONTEXTFAILED,PKIX_RevocationChecker_GetRevCheckerContext failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERWASNOTSET,Revocation chekcer was not set,0),
-PKIX_ERRORENTRY(REVOKEDBYUNKNOWNCRLREASONCODE,Revoked by Unknown CRL ReasonCode,0),
-PKIX_ERRORENTRY(SEARCHRESPONSEPACKETOFUNKNOWNTYPE,SearchResponse packet of unknown type,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(SECASN1ENCODEITEMFAILED,SEC_ASN1EncodeItem failed,SEC_ERROR_FAILED_TO_ENCODE_DATA),
-PKIX_ERRORENTRY(SECERRORUNKNOWNISSUER,Nss legacy err code: build failed. Issuer is unknown.,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED,SECKEY_CopySubjectPublicKeyInfo failed,0),
-PKIX_ERRORENTRY(SECKEYEXTRACTPUBLICKEYFAILED,SECKEY_ExtractPublicKey failed,0),
-PKIX_ERRORENTRY(SECOIDCOPYALGORITHMIDFAILED,SECOID_CopyAlgorithmID failed,0),
-PKIX_ERRORENTRY(SECOIDFINDOIDTAGDESCRIPTIONFAILED,SECOID_FindOIDTag Description failed,0),
-PKIX_ERRORENTRY(SECONDFIELDMUSTBEBETWEEN039,Second field must be between 0-39,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SECONDKEYDSAPUBLICKEY,Second key is a DSA public key but has null parameters,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SECONDKEYNOTDSAPUBLICKEY,Second key is not a DSA public key,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SECONDPUBKEYTYPENULLKEY,secondPubKeyType is nullKey,0),
-PKIX_ERRORENTRY(SECQUICKDERDECODERFAILED,SEC_QuickDERDecodeItem failed,0),
-PKIX_ERRORENTRY(SECREADPKCS7CERTSFAILED,SEC_ReadPKCS7Certs failed,0),
-PKIX_ERRORENTRY(SELECTORMATCHFAILED,selectorMatch failed,0),
-PKIX_ERRORENTRY(SESSIONNOTANHTTPDEFAULTCLIENT,session is not an HttpDefaultClient,0),
-PKIX_ERRORENTRY(SETPOLICIESFAILED,Fail to set cert validation policies,0),
-PKIX_ERRORENTRY(SHUTDOWNFAILED,PKIX_PL_Shutdown failed,0),
-PKIX_ERRORENTRY(SIGNATURECHECKERINITIALIZEFAILED,pkix_SignatureChecker_Initialize failed,0),
-PKIX_ERRORENTRY(SIGNATURECHECKERSTATECREATEFAILED,pkix_SignatureCheckerState_Create failed,0),
-PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,SEC_ERROR_BAD_SIGNATURE),
-PKIX_ERRORENTRY(SINGLEPOLICYNODEEQUALSFAILED,PKIX_PL_SinglePolicyNode_Equals failed,0),
-PKIX_ERRORENTRY(SINGLEPOLICYNODEHASHCODEFAILED,pkix_SinglePolicyNode_Hashcode failed,0),
-PKIX_ERRORENTRY(SINGLEPOLICYNODETOSTRINGFAILED,pkix_SinglePolicyNode_ToString failed,0),
-PKIX_ERRORENTRY(SINGLEVERIFYNODEEQUALSFAILED,PKIX_PL_SingleVerifyNode_Equals failed,0),
-PKIX_ERRORENTRY(SINGLEVERIFYNODEHASHCODEFAILED,pkix_SingleVerifyNode_Hashcode failed,0),
-PKIX_ERRORENTRY(SOCKETCONNECTCONTINUEFAILED,pkix_pl_Socket_ConnectContinue failed,0),
-PKIX_ERRORENTRY(SOCKETCONNECTFAILED,pkix_pl_Socket_Connect failed,0),
-PKIX_ERRORENTRY(SOCKETCREATEBYHOSTANDPORTFAILED,pkix_pl_Socket_CreateByHostAndPort failed,0),
-PKIX_ERRORENTRY(SOCKETCREATEBYNAMEFAILED,pkix_pl_Socket_CreateByName failed,0),
-PKIX_ERRORENTRY(SOCKETCREATECLIENTFAILED,pkix_pl_Socket_CreateClient failed,0),
-PKIX_ERRORENTRY(SOCKETCREATEFAILED,pkix_pl_Socket_Create failed,0),
-PKIX_ERRORENTRY(SOCKETCREATESERVERFAILED,pkix_pl_Socket_CreateServer failed,0),
-PKIX_ERRORENTRY(SOCKETEQUALSFAILED,PKIX_PL_Socket_Equals failed,0),
-PKIX_ERRORENTRY(SOCKETGETCALLBACKLISTFAILED,pkix_pl_Socket_GetCallbackList failed,0),
-PKIX_ERRORENTRY(SOCKETGETPRFILEDESCFAILED,pkix_pl_Socket_GetPRFileDesc failed,0),
-PKIX_ERRORENTRY(SOCKETHASHCODEFAILED,PKIX_PL_Socket_Hashcode failed,0),
-PKIX_ERRORENTRY(SOCKETPOLLFAILED,pkix_pl_Socket_Poll failed,0),
-PKIX_ERRORENTRY(SOCKETRECVFAILED,pkix_pl_Socket_Recv failed,0),
-PKIX_ERRORENTRY(SOCKETSENDFAILED,pkix_pl_Socket_Send failed,0),
-PKIX_ERRORENTRY(SOCKETSETNONBLOCKINGFAILED,pkix_pl_Socket_SetNonBlocking failed,0),
-PKIX_ERRORENTRY(SOURCESTRINGHASINVALIDLENGTH,Source string has invalid length,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SPRINTFFAILED,PKIX_PL_Sprintf failed,0),
-PKIX_ERRORENTRY(STRINGCOMPARATORFAILED,pkix_pl_String_Comparator failed,0),
-PKIX_ERRORENTRY(STRINGCREATEFAILED,PKIX_PL_String_Create failed,0),
-PKIX_ERRORENTRY(STRINGEQUALSFAILED,pkix_pl_String_Equals failed,0),
-PKIX_ERRORENTRY(STRINGGETENCODEDFAILED,PKIX_PL_String_GetEncoded failed,0),
-PKIX_ERRORENTRY(STRINGHASHCODEFAILED,pkix_pl_String_Hashcode failed,0),
-PKIX_ERRORENTRY(SUBJALTNAMECHECKFAILED,Validation failed: SubjAltNamecheck failed,0),
-PKIX_ERRORENTRY(TARGETCERTCHECKERINITIALIZEFAILED,pkix_TargetCertChecker_Initialize failed,0),
-PKIX_ERRORENTRY(TARGETCERTCHECKERSTATECREATEFAILED,pkix_TargetCertCheckerState_Create failed,0),
-PKIX_ERRORENTRY(TESTANOTHERERRORMESSAGE, Another Error Message,0),
-PKIX_ERRORENTRY(TESTERRORMESSAGE, Error Message,0),
-PKIX_ERRORENTRY(TESTNOMATCHINGPOLICY, No Matching Policy,0),
-PKIX_ERRORENTRY(TESTNOTANERRORCRLSELECTMISMATCH, Not an error CRL Select mismatch,0),
-PKIX_ERRORENTRY(TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, Policies extension but no Policy Qualifiers,0),
-PKIX_ERRORENTRY(TIMECONSUMEDEXCEEDSRESOURCELIMITS,Time consumed exceeds Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS),
-PKIX_ERRORENTRY(TOOLITTLEDATAINDERSEQUENCE,Too little data in DER Sequence,0),
-PKIX_ERRORENTRY(TOOMUCHDATAINDERSEQUENCE,Too much data in DER Sequence,0),
-PKIX_ERRORENTRY(TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED,ToString for this GeneralName type not supported,0),
-PKIX_ERRORENTRY(TRUNCATEDUNICODEINESCAPEDASCII,Truncated Unicode in EscapedASCII,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(TRUSTANCHORCREATEWITHCERTFAILED,PKIX_TrustAnchor_CreateWithCert failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETCANAMEFAILED,PKIX_TrustAnchor_GetCAName failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETCAPUBLICKEYFAILED,PKIX_TrustAnchor_GetCAPublicKey failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETNAMECONSTRAINTSFAILED,PKIX_TrustAnchor_GetNameConstraints failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETTRUSTEDCERTFAILED,PKIX_TrustAnchor_GetTrustedCert failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORTOCERTFAILED,Fail to convert trust anchor to cert,0),
-PKIX_ERRORENTRY(TYPEALREADYREGISTERED,Type is already registered,0),
-PKIX_ERRORENTRY(UNABLETOADDACCEPTABLERESPONSESTOREQUEST,Unable to add acceptableResponses to request,0),
-PKIX_ERRORENTRY(UNABLETOADDCERTTOCERTLIST,Unable to add Cert to CertList,0),
-PKIX_ERRORENTRY(UNABLETOBUILDCHAIN,Unable to build chain,0),
-PKIX_ERRORENTRY(UNABLETOCREATECERTOCSPREQUEST,Unable to create a CertOCSPRequest,0),
-PKIX_ERRORENTRY(UNABLETOCREATECRLSTRING,Unable to create crlString,0),
-PKIX_ERRORENTRY(UNABLETOCREATEGENERALNAMEOFTHISTYPE,Unable to create GeneralName of this type,0),
-PKIX_ERRORENTRY(UNABLETOCREATEISSUER,Unable to create Issuer,0),
-PKIX_ERRORENTRY(UNABLETOCREATELIST,Unable to create list,0),
-PKIX_ERRORENTRY(UNABLETOCREATENEWCERTLIST,Unable to create a new CertList,0),
-PKIX_ERRORENTRY(UNABLETOCREATEPSTRING,Unable to create pString,0),
-PKIX_ERRORENTRY(UNABLETOFINDSTATUSINOCSPRESPONSE,Unable to find status in OCSP response,SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS),
-PKIX_ERRORENTRY(UNABLETOMAKELISTIMMUTABLE,Unable to make list immutable,0),
-PKIX_ERRORENTRY(UNABLETOOPENCERTFILE,Unable to open cert file,0),
-PKIX_ERRORENTRY(UNABLETOOPENCRLFILE,Unable to open crl file,0),
-PKIX_ERRORENTRY(UNABLETOPARSEOCSPRESPONSE,Unable to parse OCSP response,SEC_ERROR_OCSP_MALFORMED_RESPONSE),
-PKIX_ERRORENTRY(UNABLETOREADDERFROMCERTFILE,Unable to read DER from cert file,0),
-PKIX_ERRORENTRY(UNABLETOREADDERFROMCRLFILE,Unable to read DER from crl file,0),
-PKIX_ERRORENTRY(UNABLETOSETSOCKETTONONBLOCKING,Unable to set socket to non-blocking I/O,0),
-PKIX_ERRORENTRY(UNDEFINEDCALLBACK,Undefined callback,0),
-PKIX_ERRORENTRY(UNDEFINEDCLASSTABLEENTRY,Undefined class table entry,0),
-PKIX_ERRORENTRY(UNDEFINEDCOMPARATOR,Undefined Comparator,0),
-PKIX_ERRORENTRY(UNDEFINEDDUPLICATEFUNCTION,Undefined Duplicate function,0),
-PKIX_ERRORENTRY(UNDEFINEDEQUALSCALLBACK,Undefined equals callback,0),
-PKIX_ERRORENTRY(UNEXPECTEDERRORINESTABLISHINGCONNECTION,Unexpected error in establishing connection,0),
-PKIX_ERRORENTRY(UNEXPECTEDRESULTCODEINRESPONSE,Unexpected result code in Response,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(UNKNOWNFORMAT,Unknown format,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UNKNOWNINFOACCESSTYPE,Unknown InfoAccess type,SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE),
-PKIX_ERRORENTRY(UNKNOWNINFOACCESSMETHOD,Unknown InfoAccess method,SEC_ERROR_BAD_INFO_ACCESS_METHOD),
-PKIX_ERRORENTRY(UNKNOWNOBJECTOID,Unknown object OID,0),
-PKIX_ERRORENTRY(UNKNOWNOBJECTTYPE,Unknown object type,0),
-PKIX_ERRORENTRY(UNKNOWNTYPEARGUMENT,Unknown type argument,0),
-PKIX_ERRORENTRY(UNLOCKOBJECTFAILED,pkix_UnlockObject failed,0),
-PKIX_ERRORENTRY(UNRECOGNIZEDCRITICALEXTENSION,Unrecognized Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION),
-PKIX_ERRORENTRY(UNRECOGNIZEDCRLENTRYCRITICALEXTENSION,Unrecognized CRLEntry Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION),
-PKIX_ERRORENTRY(UNRECOGNIZEDPROTOCOLREQUESTED,Unrecognized protocol requested,0),
-PKIX_ERRORENTRY(UNRECOGNIZEDREQUESTMETHOD,Unrecognized request method,0),
-PKIX_ERRORENTRY(UNRECOGNIZEDTIMETYPE,Unrecognized time type,0),
-PKIX_ERRORENTRY(UNSUPPORTEDCRLDPTYPE,CrlDp type is not supported,0),
-PKIX_ERRORENTRY(UNSUPPORTEDVERSIONOFHTTPCLIENT,Unsupported version of Http Client,0),
-PKIX_ERRORENTRY(UNSUPPORTEDCERTUSAGE,Specified certificate usage is unsupported,SEC_ERROR_CERT_USAGES_INVALID),
-PKIX_ERRORENTRY(URLPARSINGFAILED,URL Parsing failed,0),
-PKIX_ERRORENTRY(USERCHECKERCHECKFAILED,userCheckerCheck failed,0),
-PKIX_ERRORENTRY(UTF16ALIGNMENTERROR,UTF16 Alignment Error,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UTF16HIGHZONEALIGNMENTERROR,UTF16 High Zone Alignment Error,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UTF16LOWZONEERROR,UTF16 Low Zone Error,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UTF16TOESCASCIIFAILED,pkix_UTF16_to_EscASCII failed,0),
-PKIX_ERRORENTRY(UTF16TOUTF8FAILED,pkix_UTF16_to_UTF8 failed,0),
-PKIX_ERRORENTRY(UTF8TOUTF16FAILED,pkix_UTF8_to_UTF16 failed,0),
-PKIX_ERRORENTRY(VALIDATEBUILDUSEROIDSFAILED,pkix_Validate_BuildUserOIDs failed,0),
-PKIX_ERRORENTRY(VALIDATECERTCHAINFAILED,Failed to validate cert chain,0),
-PKIX_ERRORENTRY(VALIDATECHAINFAILED,PKIX_ValidateChain failed,0),
-PKIX_ERRORENTRY(VALIDATEPARAMSGETCERTCHAINFAILED,PKIX_ValidateParams_GetCertChain failed,0),
-PKIX_ERRORENTRY(VALIDATEPARAMSGETPROCESSINGPARAMSFAILED,PKIX_ValidateParams_GetProcessingParams failed,0),
-PKIX_ERRORENTRY(VALIDATERESULTCREATEFAILED,pkix_ValidateResult_Create failed,0),
-PKIX_ERRORENTRY(VALIDATERESULTGETPOLICYTREEFAILED,PKIX_ValidateResult_GetPolicyTree failed,0),
-PKIX_ERRORENTRY(VALIDATERESULTGETTRUSTANCHORFAILED,PKIX_ValidateResult_GetTrustAnchor failed,0),
-PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,SEC_ERROR_BAD_SIGNATURE),
-PKIX_ERRORENTRY(VALIDATIONFAILEDNULLCERTPOINTER,Validation failed: NULL Cert pointer,0),
-PKIX_ERRORENTRY(VALIDATIONFAILEDPATHTONAMECHECKFAILED,Validation failed: PathToName check failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(VALUEINESCAPEDASCII,value in EscapedASCII,0),
-PKIX_ERRORENTRY(VERIFYNODEADDTOCHAINFAILED,pkix_VerifyNode_AddToChain failed,0),
-PKIX_ERRORENTRY(VERIFYNODEADDTOTREEFAILED,pkix_VerifyNode_AddToTree failed,0),
-PKIX_ERRORENTRY(VERIFYNODECREATEFAILED,pkix_VerifyNode_Create failed,0),
-PKIX_ERRORENTRY(VERIFYNODEDUPLICATEHELPERFAILED,pkix_VerifyNode_DuplicateHelper failed,0),
-PKIX_ERRORENTRY(VERIFYNODEFINDERRORFAILED,pkix_VerifyNode_FindError failed,0),
-PKIX_ERRORENTRY(VERIFYNODESETDEPTHFAILED,pkix_VerifyNode_SetDepth failed,0),
-PKIX_ERRORENTRY(VERIFYNODESETERRORFAILED,pkix_VerifyNode_SetError failed,0),
-PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1ORV2,Version value must be V1(0) or V2(1),SEC_ERROR_CRL_INVALID),
-PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1V2ORV3,Version value must be v1(0) v2(1) or v3(2),SEC_ERROR_CERT_VALID),
-PKIX_ERRORENTRY(X500NAMECOMPAREDERBYTESFAILED,pkix_pl_X500Name_CompareDERBytes failed,0),
-PKIX_ERRORENTRY(X500NAMECREATEFAILED,PKIX_PL_X500Name_Create failed,0),
-PKIX_ERRORENTRY(X500NAMECREATEFROMCERTNAMEFAILED,pkix_pl_X500Name_CreateFromCERTName failed,0),
-PKIX_ERRORENTRY(X500NAMECREATEFROMUTF8FAILED,pkix_pl_X500Name_CreateFromUtf8 failed,0),
-PKIX_ERRORENTRY(X500NAMEEQUALSFAILED,PKIX_PL_X500Name_Equals failed,0),
-PKIX_ERRORENTRY(X500NAMEGETCOMMONNAMEFAILED,pkix_pl_X500Name_GetCommonName failed,0),
-PKIX_ERRORENTRY(X500NAMEGETCOUNTRYNAMEFAILED,pkix_pl_X500Name_GetCountryName failed,0),
-PKIX_ERRORENTRY(X500NAMEGETORGNAMEFAILED,pkix_pl_X500Name_GetOrgName failed,0),
-PKIX_ERRORENTRY(X500NAMEGETSECNAMEFAILED,pkix_pl_X500Name_GetSECName failed,0),
-PKIX_ERRORENTRY(X500NAMEHASHCODEFAILED,PKIX_PL_X500Name_Hashcode failed,0),
-PKIX_ERRORENTRY(X500NAMEMATCHFAILED,PKIX_PL_X500Name_Match failed,0),
-PKIX_ERRORENTRY(X500NAMETOSTRINGFAILED,PKIX_PL_X500Name_ToString failed,0),
-PKIX_ERRORENTRY(X500NAMETOSTRINGHELPERFAILED,pkix_pl_X500Name_ToString_Helper failed,0),
-PKIX_ERRORENTRY(ZEROLENGTHBYTEARRAYFORCRLENCODING,Zero-length ByteArray for CRL encoding,0)
diff --git a/security/nss/lib/libpkix/include/pkix_params.h b/security/nss/lib/libpkix/include/pkix_params.h
deleted file mode 100755
index f0aed9225..000000000
--- a/security/nss/lib/libpkix/include/pkix_params.h
+++ /dev/null
@@ -1,1759 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the various parameters used
- * by the top-level functions.
- *
- */
-
-#ifndef _PKIX_PARAMS_H
-#define _PKIX_PARAMS_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_ProcessingParams
- *
- * PKIX_ProcessingParams are parameters used when validating or building a
- * chain of certificates. Using the parameters, the caller can specify several
- * things, including the various inputs to the PKIX chain validation
- * algorithm (such as trust anchors, initial policies, etc), any customized
- * functionality (such as CertChainCheckers, RevocationCheckers, CertStores),
- * and whether revocation checking should be disabled.
- *
- * Once the caller has created the ProcessingParams object, the caller then
- * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call
- * the user's callback functions as needed during the validation or building
- * process.
- *
- * If a parameter is not set (or is set to NULL), it will be set to the
- * default value for that parameter. The default value for the Date parameter
- * is NULL, which indicates the current time when the path is validated. The
- * default for the remaining parameters is the least constrained.
- */
-
-/*
- * FUNCTION: PKIX_ProcessingParams_Create
- * DESCRIPTION:
- *
- * Creates a new ProcessingParams object. Trust anchor list is set to
- * newly created empty list of trust. In this case trust anchors will
- * be taken from provided cert store. Pointed to the created
- * ProcessingParams object is stored in "pParams".
- *
- * PARAMETERS:
- * "anchors"
- * Address of List of (non-empty) TrustAnchors to be used.
- * Must be non-NULL.
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_Create(
- PKIX_ProcessingParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of CertChainCheckers (if any) that are set
- * in the ProcessingParams pointed to by "params" and stores it at
- * "pCheckers". Each CertChainChecker represents a custom certificate
- * validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed
- * during the validation or building process. If "params" does not have any
- * CertChainCheckers, this function stores an empty List at "pCheckers".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertChainCheckers (if any)
- * are to be stored. Must be non-NULL.
- * "pCheckers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertChainCheckers(
- PKIX_ProcessingParams *params,
- PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a List of
- * CertChainCheckers pointed to by "checkers". Each CertChainChecker
- * represents a custom certificate validation check used by
- * PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or
- * building process. If "checkers" is NULL, no CertChainCheckers will be used.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertChainCheckers is to be
- * set. Must be non-NULL.
- * "checkers"
- * Address of List of CertChainCheckers to be set. If NULL, no
- * CertChainCheckers will be used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params" and "checkers"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertChainCheckers(
- PKIX_ProcessingParams *params,
- PKIX_List *checkers, /* list of PKIX_CertChainChecker */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker
- * DESCRIPTION:
- *
- * Adds the CertChainChecker pointed to by "checker" to the ProcessingParams
- * pointed to by "params". The CertChainChecker represents a custom
- * certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain
- * as needed during the validation or building process.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be added to. Must be non-NULL.
- * "checker"
- * Address of CertChainChecker to be added. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertChainChecker(
- PKIX_ProcessingParams *params,
- PKIX_CertChainChecker *checker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
- * DESCRIPTION:
- *
- * Retrieves a pointer to the RevocationChecker that are set
- * in the ProcessingParams pointed to by "params" and stores it at
- * "pRevChecker". Each RevocationChecker represents a revocation
- * check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the
- * validation or building process. If "params" does not have any
- * RevocationCheckers, this function stores an empty List at "pRevChecker".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of RevocationCheckers
- * is to be stored. Must be non-NULL.
- * "pRevChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetRevocationChecker(
- PKIX_ProcessingParams *params,
- PKIX_RevocationChecker **pChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a
- * RevocationChecker pointed to by "revChecker". Revocation
- * checker object should be created and assigned to processing
- * parameters before chain build or validation can begin.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of RevocationCheckers is to be
- * set. Must be non-NULL.
- * "revChecker"
- * Address of RevocationChecker to be set. Must be set before chain
- * building or validation.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetRevocationChecker(
- PKIX_ProcessingParams *params,
- PKIX_RevocationChecker *revChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertStores
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of CertStores (if any) that are set in the
- * ProcessingParams pointed to by "params" and stores it at "pStores". Each
- * CertStore represents a particular repository from which certificates and
- * CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed
- * during the validation or building process. If "params" does not have any
- * CertStores, this function stores an empty List at "pStores".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertStores (if any) are to
- * be stored. Must be non-NULL.
- * "pStores"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertStores(
- PKIX_ProcessingParams *params,
- PKIX_List **pStores, /* list of PKIX_CertStore */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertStores
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a List of CertStores
- * pointed to by "stores". Each CertStore represents a particular repository
- * from which certificates and CRLs can be retrieved by PKIX_ValidateChain or
- * PKIX_BuildChain as needed during the validation or building process. If
- * "stores" is NULL, no CertStores will be used.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertStores is to be set.
- * Must be non-NULL.
- * "stores"
- * Address of List of CertStores to be set. If NULL, no CertStores will
- * be used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertStores(
- PKIX_ProcessingParams *params,
- PKIX_List *stores, /* list of PKIX_CertStore */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertStore
- * DESCRIPTION:
- *
- * Adds the CertStore pointed to by "store" to the ProcessingParams pointed
- * to by "params". The CertStore represents a particular repository from
- * which certificates and CRLs can be retrieved by PKIX_ValidateChain or
- * PKIX_BuildChain as needed during the validation or building process.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be added to. Must be non-NULL.
- * "store"
- * Address of CertStore to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertStore(
- PKIX_ProcessingParams *params,
- PKIX_CertStore *store,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetDate
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) that is set in the
- * ProcessingParams pointed to by "params" and stores it at "pDate". The
- * Date represents the time for which the validation of the certificate chain
- * should be determined. If "params" does not have any Date set, this function
- * stores NULL at "pDate".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose Date (if any) is to be stored.
- * Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetDate(
- PKIX_ProcessingParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetDate
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a Date pointed to by
- * "date". The Date represents the time for which the validation of the
- * certificate chain should be determined. If "date" is NULL, the current
- * time is used during validation.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose Date is to be set. Must be non-NULL.
- * "date"
- * Address of Date to be set. If NULL, current time is used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetDate(
- PKIX_ProcessingParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) that are set in the
- * ProcessingParams pointed to by "params" and stores it at "pInitPolicies".
- * Each OID represents an initial policy identifier, indicating that any
- * one of these policies would be acceptable to the certificate user for
- * the purposes of certification path processing. If "params" does not have
- * any initial policies, this function stores an empty List at
- * "pInitPolicies".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of OIDs (if any) are to be
- * stored. Must be non-NULL.
- * "pInitPolicies"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetInitialPolicies(
- PKIX_ProcessingParams *params,
- PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a List of OIDs
- * pointed to by "initPolicies".
- *
- * Each OID represents an initial policy identifier, indicating that any
- * one of these policies would be acceptable to the certificate user for
- * the purposes of certification path processing. By default, any policy
- * is acceptable (i.e. all policies), so a user that wants to allow any
- * policy as acceptable does not need to call this method. Similarly, if
- * initPolicies is NULL or points to an empty List, all policies are
- * acceptable.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of OIDs is to be set.
- * Must be non-NULL.
- * "initPolicies"
- * Address of List of OIDs to be set. If NULL or if pointing to an empty
- * List, all policies are acceptable.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetInitialPolicies(
- PKIX_ProcessingParams *params,
- PKIX_List *initPolicies, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * policy qualifiers should be rejected and stores the Boolean result at
- * "pRejected".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not policy
- * qualifiers should be rejected. Must be non-NULL.
- * "pRejected"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetPolicyQualifiersRejected(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pRejected,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether policy
- * qualifiers are rejected using the Boolean value of "rejected".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "rejected"
- * Boolean value indicating whether policy qualifiers are to be rejected.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyQualifiersRejected(
- PKIX_ProcessingParams *params,
- PKIX_Boolean rejected,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CertSelector (if any) that is set in the
- * ProcessingParams pointed to by "params" and stores it at "pConstraints".
- * The CertSelector represents the constraints to be placed on the target
- * certificate. If "params" does not have any CertSelector set, this function
- * stores NULL at "pConstraints".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose CertSelector (if any) is to be
- * stored. Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTargetCertConstraints(
- PKIX_ProcessingParams *params,
- PKIX_CertSelector **pConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a CertSelector
- * pointed to by "constraints". The CertSelector represents the constraints
- * to be placed on the target certificate. If "constraints" is NULL, no
- * constraints are defined.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose CertSelector is to be set.
- * Must be non-NULL.
- * "constraints"
- * Address of CertSelector to be set. If NULL, no constraints are defined.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTargetCertConstraints(
- PKIX_ProcessingParams *params,
- PKIX_CertSelector *constraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of TrustAnchors that are set in
- * the ProcessingParams pointed to by "params" and stores it at "pAnchors".
- * If the function succeeds, the pointer to the List is guaranteed to be
- * non-NULL and the List is guaranteed to be non-empty.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "pAnchors"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTrustAnchors(
- PKIX_ProcessingParams *params,
- PKIX_List **pAnchors, /* list of TrustAnchor */
- void *plContext);
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * DESCRIPTION:
- *
- * Sets user defined set of trust anchors. A certificate will be considered
- * invalid if it does not chain to a trusted anchor from this list.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "anchors"
- * Address of the trust anchors list object. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTrustAnchors(
- PKIX_ProcessingParams *params,
- PKIX_List *pAnchors, /* list of TrustAnchor */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Boolean. The boolean value represents
- * the switch value that is used to identify if url in cert AIA extension
- * may be used for cert fetching.
- * If the function succeeds, the pointer to the Boolean is guaranteed to be
- * non-NULL.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams. Must be non-NULL.
- * "pUseAIA"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetUseAIAForCertFetching(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pUseAIA, /* list of TrustAnchor */
- void *plContext);
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * DESCRIPTION:
- *
- * Sets switch value that defines if url in cert AIA extension
- * may be used for cert fetching.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams.
- * "useAIA"
- * Address of the trust anchors list object. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetUseAIAForCertFetching(
- PKIX_ProcessingParams *params,
- PKIX_Boolean useAIA,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
- * DESCRIPTION:
- *
- * Sets a boolean value that tells if libpkix needs to check that
- * the target certificate satisfies the conditions set in processing
- * parameters. Includes but not limited to date, ku and eku checks.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "qualifyTargetCert"
- * boolean value if set to true will trigger qualification of the
- * target certificate.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetQualifyTargetCert(
- PKIX_ProcessingParams *params,
- PKIX_Boolean qualifyTargetCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetHintCerts
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of Certs supplied by the user as a suggested
- * partial CertChain (subject to verification), that are set in the
- * ProcessingParams pointed to by "params", and stores it at "pHintCerts".
- * The List returned may be empty or NULL.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "pHintCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetHintCerts(
- PKIX_ProcessingParams *params,
- PKIX_List **pHintCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetHintCerts
- * DESCRIPTION:
- *
- * Stores a pointer to a List of Certs supplied by the user as a suggested
- * partial CertChain (subject to verification), as an element in the
- * ProcessingParams pointed to by "params". The List may be empty or NULL.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of HintCerts is to be stored.
- * Must be non-NULL.
- * "hintCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetHintCerts(
- PKIX_ProcessingParams *params,
- PKIX_List *hintCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ResourceLimits (if any) that is set in the
- * ProcessingParams pointed to by "params" and stores it at "pResourceLimits".
- * The ResourceLimits represent the maximum resource usage that the caller
- * desires (such as MaxTime). The ValidateChain or BuildChain call will not
- * exceed these maximum limits. If "params" does not have any ResourceLimits
- * set, this function stores NULL at "pResourceLimits".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose ResourceLimits (if any) are to be
- * stored. Must be non-NULL.
- * "pResourceLimits"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetResourceLimits(
- PKIX_ProcessingParams *params,
- PKIX_ResourceLimits **pResourceLimits,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a ResourceLimits
- * object pointed to by "resourceLimits". The ResourceLimits represent the
- * maximum resource usage that the caller desires (such as MaxTime). The
- * ValidateChain or BuildChain call will not exceed these maximum limits.
- * If "resourceLimits" is NULL, no ResourceLimits are defined.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose ResourceLimits are to be set.
- * Must be non-NULL.
- * "resourceLimits"
- * Address of ResourceLimits to be set. If NULL, no limits are defined.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetResourceLimits(
- PKIX_ProcessingParams *params,
- PKIX_ResourceLimits *resourceLimits,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * anyPolicy is inhibited and stores the Boolean result at "pInhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not anyPolicy
- * inhibited. Must be non-NULL.
- * "pInhibited"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsAnyPolicyInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pInhibited,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether anyPolicy
- * is inhibited using the Boolean value of "inhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "inhibited"
- * Boolean value indicating whether anyPolicy is to be inhibited.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetAnyPolicyInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean inhibited,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * explicit policies are required and stores the Boolean result at
- * "pRequired".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not explicit
- * policies are required. Must be non-NULL.
- * "pRequired"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsExplicitPolicyRequired(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pRequired,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether explicit
- * policies are required using the Boolean value of "required".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "required"
- * Boolean value indicating whether explicit policies are to be required.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetExplicitPolicyRequired(
- PKIX_ProcessingParams *params,
- PKIX_Boolean required,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * policyMapping is inhibited and stores the Boolean result at "pInhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not policy
- * mappings are inhibited. Must be non-NULL.
- * "pInhibited"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsPolicyMappingInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pInhibited,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether policy
- * mapping is inhibited using the Boolean value of "inhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "inhibited"
- * Boolean value indicating whether policy mapping is to be inhibited.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyMappingInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean inhibited,
- void *plContext);
-
-
-/* PKIX_ValidateParams
- *
- * PKIX_ValidateParams consists of a ProcessingParams object as well as the
- * List of Certs (certChain) that the caller is trying to validate.
- */
-
-/*
- * FUNCTION: PKIX_ValidateParams_Create
- * DESCRIPTION:
- *
- * Creates a new ValidateParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "procParams"
- * Address of ProcessingParams to be used. Must be non-NULL.
- * "chain"
- * Address of List of Certs (certChain) to be validated. Must be non-NULL.
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_Create(
- PKIX_ProcessingParams *procParams,
- PKIX_List *chain,
- PKIX_ValidateParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetProcessingParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ProcessingParams that represent the basic
- * certificate processing parameters used during chain validation and chain
- * building from the ValidateParams pointed to by "valParams" and stores it
- * at "pProcParams". If the function succeeds, the pointer to the
- * ProcessingParams is guaranteed to be non-NULL.
- *
- * PARAMETERS:
- * "valParams"
- * Address of ValidateParams whose ProcessingParams are to be stored.
- * Must be non-NULL.
- * "pProcParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_GetProcessingParams(
- PKIX_ValidateParams *valParams,
- PKIX_ProcessingParams **pProcParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetCertChain
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of Certs (certChain) that is set in the
- * ValidateParams pointed to by "valParams" and stores it at "pChain". If the
- * function succeeds, the pointer to the CertChain is guaranteed to be
- * non-NULL.
- *
- * PARAMETERS:
- * "valParams"
- * Address of ValidateParams whose CertChain is to be stored.
- * Must be non-NULL.
- * "pChain"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_GetCertChain(
- PKIX_ValidateParams *valParams,
- PKIX_List **pChain,
- void *plContext);
-
-/* PKIX_TrustAnchor
- *
- * A PKIX_TrustAnchor represents a trusted entity and can be specified using a
- * self-signed certificate or using the trusted CA's name and public key. In
- * order to limit the trust in the trusted entity, name constraints can also
- * be imposed on the trust anchor.
- */
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithCert
- * DESCRIPTION:
- *
- * Creates a new TrustAnchor object using the Cert pointed to by "cert" as
- * the trusted certificate and stores it at "pAnchor". Once created, a
- * TrustAnchor is immutable.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert to use as trusted certificate. Must be non-NULL.
- * "pAnchor"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithCert(
- PKIX_PL_Cert *cert,
- PKIX_TrustAnchor **pAnchor,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
- * DESCRIPTION:
- *
- * Creates a new TrustAnchor object using the X500Name pointed to by "name",
- * and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The
- * CertNameConstraints pointed to by "nameConstraints" (if any) are used to
- * limit the trust placed in this trust anchor. To indicate that name
- * constraints don't apply, set "nameConstraints" to NULL. Once created, a
- * TrustAnchor is immutable.
- *
- * PARAMETERS:
- * "name"
- * Address of X500Name to use as name of trusted CA. Must be non-NULL.
- * "pubKey"
- * Address of PublicKey to use as trusted public key. Must be non-NULL.
- * "nameConstraints"
- * Address of CertNameConstraints to use as initial name constraints.
- * If NULL, no name constraints are applied.
- * "pAnchor"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithNameKeyPair(
- PKIX_PL_X500Name *name,
- PKIX_PL_PublicKey *pubKey,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_TrustAnchor **pAnchor,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetTrustedCert
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to
- * by "anchor" and stores it at "pCert". If "anchor" does not have a Cert
- * set, this function stores NULL at "pCert".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose Cert is to be stored. Must be non-NULL.
- * "pChain"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetTrustedCert(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAName
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CA's X500Name (if any) that is set in the
- * TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor"
- * does not have an X500Name set, this function stores NULL at "pCAName".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL.
- * "pCAName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAName(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_X500Name **pCAName,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CA's PublicKey (if any) that is set in the
- * TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor"
- * does not have a PublicKey set, this function stores NULL at "pPubKey".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose CA PublicKey is to be stored.
- * Must be non-NULL.
- * "pPubKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAPublicKey(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_PublicKey **pPubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CertNameConstraints (if any) set in the
- * TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If
- * "anchor" does not have any CertNameConstraints set, this function stores
- * NULL at "pConstraints".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose CertNameConstraints are to be stored.
- * Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetNameConstraints(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext);
-
-/* PKIX_ResourceLimits
- *
- * A PKIX_ResourceLimits object represents the maximum resource usage that
- * the caller desires. The ValidateChain or BuildChain call
- * will not exceed these maximum limits. For example, the caller may want
- * a timeout value of 1 minute, meaning that if the ValidateChain or
- * BuildChain function is unable to finish in 1 minute, it should abort
- * with an Error.
- */
-
-/*
- * FUNCTION: PKIX_ResourceLimits_Create
- * DESCRIPTION:
- *
- * Creates a new ResourceLimits object and stores it at "pResourceLimits".
- *
- * PARAMETERS:
- * "pResourceLimits"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_Create(
- PKIX_ResourceLimits **pResourceLimits,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxTime
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum time that is
- * set in the ResourceLimits object pointed to by "resourceLimits" and stores
- * it at "pMaxTime". This maximum time (in seconds) should not be exceeded
- * by the function whose ProcessingParams contain this ResourceLimits object
- * (typically ValidateChain or BuildChain). It essentially functions as a
- * time-out value and is only appropriate if blocking I/O is being used.
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum time (in seconds) is
- * to be stored. Must be non-NULL.
- * "pMaxTime"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxTime(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxTime,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxTime
- * DESCRIPTION:
- *
- * Sets the maximum time of the ResourceLimits object pointed to by
- * "resourceLimits" using the PKIX_UInt32 value of "maxTime". This
- * maximum time (in seconds) should not be exceeded by the function
- * whose ProcessingParams contain this ResourceLimits object
- * (typically ValidateChain or BuildChain). It essentially functions as a
- * time-out value and is only appropriate if blocking I/O is being used.
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum time (in seconds) is
- * to be set. Must be non-NULL.
- * "maxTime"
- * Value of PKIX_UInt32 representing the maximum time (in seconds)
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxTime(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxTime,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is
- * set in the ResourceLimits object pointed to by "resourceLimits" and stores
- * it at "pMaxFanout". This maximum fanout (number of certs) should not be
- * exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder encounters
- * more than this maximum number of certificates when searching for the next
- * candidate certificate, it should abort and return an error. This
- * parameter is only relevant for ValidateChain if it needs to internally call
- * BuildChain (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum fanout (number of certs)
- * is to be stored. Must be non-NULL.
- * "pMaxFanout"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxFanout(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxFanout,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
- * DESCRIPTION:
- *
- * Sets the maximum fanout of the ResourceLimits object pointed to by
- * "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum
- * fanout (number of certs) should not be exceeded by the function whose
- * ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder encounters more than this maximum number of
- * certificates when searching for the next candidate certificate, it should
- * abort and return an Error. This parameter is only relevant for ValidateChain
- * if it needs to internally call BuildChain (e.g. in order to build the
- * chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum fanout (number of certs)
- * is to be set. Must be non-NULL.
- * "maxFanout"
- * Value of PKIX_UInt32 representing the maximum fanout (number of certs)
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxFanout(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxFanout,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is
- * set in the ResourceLimits object pointed to by "resourceLimits" and stores
- * it at "pMaxDepth". This maximum depth (number of certs) should not be
- * exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder encounters
- * more than this maximum number of certificates when searching for the next
- * candidate certificate, it should abort and return an error. This
- * parameter is only relevant for ValidateChain if it needs to internally call
- * BuildChain (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum depth (number of certs)
- * is to be stored. Must be non-NULL.
- * "pMaxDepth"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxDepth(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxDepth,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
- * DESCRIPTION:
- *
- * Sets the maximum depth of the ResourceLimits object pointed to by
- * "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum
- * depth (number of certs) should not be exceeded by the function whose
- * ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder encounters more than this maximum number of
- * certificates when searching for the next candidate certificate, it should
- * abort and return an Error. This parameter is only relevant for ValidateChain
- * if it needs to internally call BuildChain (e.g. in order to build the
- * chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum depth (number of certs)
- * is to be set. Must be non-NULL.
- * "maxDepth"
- * Value of PKIX_UInt32 representing the maximum depth (number of certs)
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxDepth(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxDepth,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
- * certs that is set in the ResourceLimits object pointed to by "resourceLimits"
- * and stores it at "pMaxNumber". This maximum number of traversed certs should
- * not be exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder traverses more
- * than this number of certs during the build process, it should abort and
- * return an Error. This parameter is only relevant for ValidateChain if it
- * needs to internally call BuildChain (e.g. in order to build the chain to a
- * CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed certs
- * is to be stored. Must be non-NULL.
- * "pMaxNumber"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCerts(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
- * DESCRIPTION:
- *
- * Sets the maximum number of traversed certs of the ResourceLimits object
- * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
- * This maximum number of traversed certs should not be exceeded by the function
- * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder traverses more than this number of certs
- * during the build process, it should abort and return an Error. This parameter
- * is only relevant for ValidateChain if it needs to internally call BuildChain
- * (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed certs
- * is to be set. Must be non-NULL.
- * "maxNumber"
- * Value of PKIX_UInt32 representing the maximum number of traversed certs
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCerts(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
- * CRLs that is set in the ResourceLimits object pointed to by "resourceLimits"
- * and stores it at "pMaxNumber". This maximum number of traversed CRLs should
- * not be exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder traverses more
- * than this number of CRLs during the build process, it should abort and
- * return an Error. This parameter is only relevant for ValidateChain if it
- * needs to internally call BuildChain (e.g. in order to build the chain to a
- * CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed CRLs
- * is to be stored. Must be non-NULL.
- * "pMaxNumber"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCRLs(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
- * DESCRIPTION:
- *
- * Sets the maximum number of traversed CRLs of the ResourceLimits object
- * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
- * This maximum number of traversed CRLs should not be exceeded by the function
- * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder traverses more than this number of CRLs
- * during the build process, it should abort and return an Error. This parameter
- * is only relevant for ValidateChain if it needs to internally call BuildChain
- * (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed CRLs
- * is to be set. Must be non-NULL.
- * "maxNumber"
- * Value of PKIX_UInt32 representing the maximum number of traversed CRLs
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCRLs(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxNumber,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PARAMS_H */
diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h
deleted file mode 100755
index 32d3a79a4..000000000
--- a/security/nss/lib/libpkix/include/pkix_pl_pki.h
+++ /dev/null
@@ -1,2695 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines several platform independent functions to
- * manipulate certificates and CRLs in a portable manner.
- *
- */
-
-#ifndef _PKIX_PL_PKI_H
-#define _PKIX_PL_PKI_H
-
-#include "pkixt.h"
-#include "seccomon.h"
-#include "certt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/*
- * Cert
- *
- * A Cert represents an X.509 certificate. It can be created using the bytes
- * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The
- * following functions include accessors (gettors) for the various components
- * of an X.509 certificate. Also included are functions to perform various
- * checks on a certificate, including name constraints, key usage, validity
- * (expiration), and signature verification.
- */
-
-/*
- * FUNCTION: PKIX_PL_Cert_Create
- * DESCRIPTION:
- *
- * Creates a new certificate using the bytes in the ByteArray pointed to by
- * "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1
- * DER encoding of a certificate, a PKIX_Error pointer is returned. Once
- * created, a Cert is immutable.
- *
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- *
- * TBSCertificate ::= SEQUENCE {
- * version [0] EXPLICIT Version DEFAULT v1,
- * serialNumber CertificateSerialNumber,
- * signature AlgorithmIdentifier,
- * issuer Name,
- * validity Validity,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version MUST be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version MUST be v2 or v3
- * extensions [3] EXPLICIT Extensions OPTIONAL
- * -- If present, version MUST be v3
- * }
- *
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * UniqueIdentifier ::= BIT STRING
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray representing the CERT's DER encoding.
- * Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_Create(
- PKIX_PL_ByteArray *byteArray,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
- * DESCRIPTION:
- *
- * Creates a new certificate using passed in CERTCertificate object.
- *
- * PARAMETERS:
- * "nssCert"
- * The object that will be used to create new PKIX_PL_Cert.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_CreateFromCERTCertificate(
- const CERTCertificate *nssCert,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
- * DESCRIPTION:
- *
- * Returns underlying CERTCertificate structure. Return CERTCertificate
- * object is duplicated and should be destroyed by caller.
- *
- * PARAMETERS:
- * "cert"
- * Address of PKIX_PL_Cert. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCERTCertificate(
- PKIX_PL_Cert *cert,
- CERTCertificate **pnssCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetVersion
- * DESCRIPTION:
- *
- * Retrieves the version of the Cert pointed to by "cert" and stores it at
- * "pVersion". The version number will either be 0, 1, or 2 (corresponding to
- * v1, v2, or v3, respectively).
- *
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose version is to be stored. Must be non-NULL.
- * "pVersion"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetVersion(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 *pVersion,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt that represents the serial number of the
- * Cert pointed to by "cert" and stores it at "pSerialNumber".
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose serial number is to be stored. Must be non-NULL.
- * "pSerial"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSerialNumber(
- PKIX_PL_Cert *cert,
- PKIX_PL_BigInt **pSerial,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name that represents the issuer DN of the
- * Cert pointed to by "cert" and stores it at "pIssuer".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose issuer is to be stored. Must be non-NULL.
- * "pIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetIssuer(
- PKIX_PL_Cert *cert,
- PKIX_PL_X500Name **pIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubject
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name that represents the subject DN of the
- * Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not
- * have a subject DN, this function stores NULL at "pSubject".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject is to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubject(
- PKIX_PL_Cert *cert,
- PKIX_PL_X500Name **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
- * DESCRIPTION:
- *
- * Retrieves a pointer to the OID that represents the subject public key
- * algorithm of the Cert pointed to by "cert" and stores it at
- * "pSubjKeyAlgId".
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject public key algorithm OID is to be stored.
- * Must be non-NULL.
- * "pSubjKeyAlgId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
- PKIX_PL_Cert *cert,
- PKIX_PL_OID **pSubjKeyAlgId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the PublicKey that represents the subject public key
- * of the Cert pointed to by "cert" and stores it at "pPublicKey".
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject public key is to be stored.
- * Must be non-NULL.
- * "pPublicKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectPublicKey(
- PKIX_PL_Cert *cert,
- PKIX_PL_PublicKey **pPublicKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
- * DESCRIPTION:
- *
- * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null
- * parameters and stores the result at "pNeedsParams".
- *
- * PARAMETERS:
- * "pubKey"
- * Address of the Public Key of interest. Must be non-NULL.
- * "pNeedsParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PublicKey Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PublicKey_NeedsDSAParameters(
- PKIX_PL_PublicKey *pubKey,
- PKIX_Boolean *pNeedsParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
- * DESCRIPTION:
- *
- * This function is used for DSA key parameter inheritance, which allows a
- * first DSA key with omitted parameters (pointed to by "firstKey") to inherit
- * the PQG parameters of a second DSA key that does have parameters. (pointed
- * to by "secondKey"). Once created, a PublicKey is immutable.
- *
- * Specifically, the algorithm used by the function is:
- *
- * If the first PublicKey is not a DSA public key with omitted parameters,
- * the function stores NULL at "pResultKey". (No Error is returned)
- * Else if the second PublicKey is not a DSA public key with non-NULL,
- * parameters, the function returns an Error.
- * Else
- * the function creates a third PublicKey with a "Y" value from the
- * first PublicKey and the DSA parameters from the second PublicKey,
- * and stores it at "pResultKey".
- *
- * PARAMETERS:
- * "firstKey"
- * Address of a Public Key that needs to inherit DSA parameters.
- * Must be non-NULL.
- * "secondKey"
- * Address of a Public Key that has DSA parameters that will be inherited
- * by "firstKey". Must be non-NULL.
- * "pResultKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PublicKey Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
- PKIX_PL_PublicKey *firstKey,
- PKIX_PL_PublicKey *secondKey,
- PKIX_PL_PublicKey **pResultKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (each OID corresponding to a
- * critical extension of the Cert pointed to by "cert") and stores it at
- * "pExtensions". If "cert" does not have any critical extensions, this
- * function stores an empty List at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose critical extension OIDs are to be stored.
- * Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCriticalExtensionOIDs(
- PKIX_PL_Cert *cert,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to a ByteArray representing the authority key
- * identifier extension of the Cert pointed to by "cert" and stores it at
- * "pAuthKeyId".
- *
- * Note that this function only retrieves the keyIdentifier component
- * (OCTET STRING) of the AuthorityKeyIdentifier extension, when present.
- *
- * If "cert" does not have an AuthorityKeyIdentifier extension or if the
- * keyIdentifier component of the AuthorityKeyIdentifier extension is not
- * present, this function stores NULL at "pAuthKeyId".
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose authority key identifier is to be stored.
- * Must be non-NULL.
- * "pAuthKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAuthorityKeyIdentifier(
- PKIX_PL_Cert *cert,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to a ByteArray representing the subject key identifier
- * extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId".
- * If "cert" does not have a SubjectKeyIdentifier extension, this function
- * stores NULL at "pSubjKeyId".
- *
- * SubjectKeyIdentifier ::= KeyIdentifier
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject key identifier is to be stored.
- * Must be non-NULL.
- * "pSubjKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectKeyIdentifier(
- PKIX_PL_Cert *cert,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (each GeneralName
- * representing a subject alternative name found in the subject alternative
- * names extension of the Cert pointed to by "cert") and stores it at
- * "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames
- * extension, this function stores NULL at "pSubjectAltNames".
- *
- * Note that the List returned by this function is immutable.
- *
- * SubjectAltName ::= GeneralNames
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * GeneralName ::= CHOICE {
- * otherName [0] OtherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- * OtherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subjectAltNames are to be stored.
- * Must be non-NULL.
- * "pSubjectAltNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectAltNames(
- PKIX_PL_Cert *cert,
- PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (each GeneralName
- * representing a subject DN or a subject alternative name found in the
- * subject alternative names extension of the Cert pointed to by "cert") and
- * stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and
- * it does not have a SubjectAlternativeNames extension, this function stores
- * NULL at "pAllSubjectNames".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject DN and subjectAltNames are to be stored.
- * Must be non-NULL.
- * "pAllSubjectNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAllSubjectNames(
- PKIX_PL_Cert *cert,
- PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of OIDs (each OID corresponding to an
- * extended key usage of the Cert pointed to by "cert") and stores it at
- * "pKeyUsage". If "cert" does not have an extended key usage extension, this
- * function stores a NULL at "pKeyUsage".
- *
- * Note that the List returned by this function is immutable.
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose extended key usage OIDs are to be stored.
- * Must be non-NULL.
- * "pKeyUsage"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetExtendedKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to a CertNameConstraints object representing the name
- * constraints extension of the Cert pointed to by "cert" and stores it at
- * "pNameConstraints".
- *
- * If "cert" does not have a name constraints extension, this function stores
- * NULL at "pNameConstraints".
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- * BaseDistance ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose name constraints extension is to be stored.
- * Must be non-NULL.
- * "pNameConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to a CertBasicConstraints object representing the basic
- * constraints extension of the Cert pointed to by "cert" and stores it at
- * "pBasicConstraints".
- *
- * If "cert" does not have a basic constraints extension, this function stores
- * NULL at "pBasicConstraints". Once created, a CertBasicConstraints object
- * is immutable.
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose basic constraints extension is to be stored.
- * Must be non-NULL.
- * "pBasicConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetBasicConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertBasicConstraints **pBasicConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
- * DESCRIPTION:
- *
- * Retrieves a pointer to a Boolean value representing the cA Flag component
- * of the CertBasicConstraints object pointed to by "basicConstraints" and
- * stores it at "pResult".
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * PARAMETERS:
- * "basicConstraints"
- * Address of CertBasicConstraints whose cA Flag is to be stored.
- * Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_BasicConstraints_GetCAFlag(
- PKIX_PL_CertBasicConstraints *basicConstraints,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
- * DESCRIPTION:
- *
- * Retrieves a pointer to an integer value representing the pathLenConstraint
- * component of the CertBasicConstraints object pointed to by
- * "basicConstraints" and stores it at "pPathLenConstraint". If the
- * pathLenConstraint component is not present, this function stores -1 at
- * "pPathLenConstraint".
- *
- * PARAMETERS:
- * "basicConstraints"
- * Address of CertBasicConstraints whose pathLen is to be stored.
- * Must be non-NULL.
- * "pPathLenConstraint"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_BasicConstraints_GetPathLenConstraint(
- PKIX_PL_CertBasicConstraints *basicConstraints,
- PKIX_Int32 *pPathLenConstraint,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of CertPolicyInfos found in the certificate
- * policies extension of the Cert pointed to by "cert" and stores it at
- * "pPolicyInfo". If "cert" does not have a certificate policies extension,
- * this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo
- * object is immutable.
- *
- * Note that the List returned by this function is immutable.
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose CertPolicyInfos are to be stored.
- * Must be non-NULL.
- * "pPolicyInfo"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyInformation(
- PKIX_PL_Cert *cert,
- PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the policyIdentifier of the
- * CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId".
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * CertPolicyId ::= OBJECT IDENTIFIER
- *
- * PARAMETERS:
- * "policyInfo"
- * Address of CertPolicyInfo whose policy identifier is to be stored.
- * Must be non-NULL.
- * "pCertPolicyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyInfo_GetPolicyId(
- PKIX_PL_CertPolicyInfo *policyInfo,
- PKIX_PL_OID **pCertPolicyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of the CertPolicyQualifiers representing
- * the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and
- * stores it at "pPolicyQualifiers". If "policyInfo" does not have any
- * policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once
- * created, a CertPolicyQualifier is immutable.
- *
- * Note that the List returned by this function is immutable.
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PARAMETERS:
- * "policyInfo"
- * Address of CertPolicyInfo whose policy qualifiers List is to be stored.
- * Must be non-NULL.
- * "pPolicyQualifiers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyInfo_GetPolQualifiers(
- PKIX_PL_CertPolicyInfo *policyInfo,
- PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the policyQualifierId of the
- * CertPolicyQualifier pointed to by "policyQualifier" and stores it at
- * "pPolicyQualifierId".
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PolicyQualifierId ::=
- * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
- *
- * PARAMETERS:
- * "policyQualifier"
- * Address of CertPolQualifier whose policyQualifierId is to be stored.
- * Must be non-NULL.
- * "pPolicyQualifierId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
- PKIX_PL_CertPolicyQualifier *policyQualifier,
- PKIX_PL_OID **pPolicyQualifierId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to a ByteArray representing the qualifier of the
- * CertPolicyQualifier pointed to by "policyQualifier" and stores it at
- * "pQualifier".
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PARAMETERS:
- * "policyQualifier"
- * Address of CertPolicyQualifier whose qualifier is to be stored.
- * Must be non-NULL.
- * "pQualifier"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PolicyQualifier_GetQualifier(
- PKIX_PL_CertPolicyQualifier *policyQualifier,
- PKIX_PL_ByteArray **pQualifier,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyMappings
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of CertPolicyMaps found in the policy
- * mappings extension of the Cert pointed to by "cert" and stores it at
- * "pPolicyMappings". If "cert" does not have a policy mappings extension,
- * this function stores NULL at "pPolicyMappings". Once created, a
- * CertPolicyMap is immutable.
- *
- * Note that the List returned by this function is immutable.
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose CertPolicyMaps are to be stored.
- * Must be non-NULL.
- * "pPolicyMappings"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyMappings(
- PKIX_PL_Cert *cert,
- PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the issuerDomainPolicy of the
- * CertPolicyMap pointed to by "policyMapping" and stores it at
- * "pIssuerDomainPolicy".
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * PARAMETERS:
- * "policyMapping"
- * Address of CertPolicyMap whose issuerDomainPolicy is to be stored.
- * Must be non-NULL.
- * "pIssuerDomainPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
- PKIX_PL_CertPolicyMap *policyMapping,
- PKIX_PL_OID **pIssuerDomainPolicy,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the subjectDomainPolicy of the
- * CertPolicyMap pointed to by "policyMapping" and stores it at
- * "pSubjectDomainPolicy".
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * PARAMETERS:
- * "policyMapping"
- * Address of CertPolicyMap whose subjectDomainPolicy is to be stored.
- * Must be non-NULL.
- * "pSubjectDomainPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
- PKIX_PL_CertPolicyMap *policyMapping,
- PKIX_PL_OID **pSubjectDomainPolicy,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
- * DESCRIPTION:
- *
- * Retrieves the requireExplicitPolicy value of the policy constraints
- * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
- * If "cert" does not have a policy constraints extension or the
- * requireExplicitPolicy component is not populated, this function stores -1
- * at "pSkipCerts".
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose requireExplicitPolicy value is to be stored.
- * Must be non-NULL.
- * "pSkipCerts"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetRequireExplicitPolicy(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
- * DESCRIPTION:
- *
- * Retrieves the inhibitPolicyMapping value of the policy constraints
- * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
- * If "cert" does not have a policy constraints extension or the
- * inhibitPolicyMapping component is not populated, this function stores -1
- * at "pSkipCerts".
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose requireExplicitPolicy value is to be stored.
- * Must be non-NULL.
- * "pSkipCerts"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyMappingInhibited(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy
- * DESCRIPTION:
- *
- * Retrieves the value of the inhibit any-policy extension of the Cert
- * pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have
- * an inhibit any-policy extension, this function stores -1 at "pSkipCerts".
- *
- * InhibitAnyPolicy ::= SkipCerts
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose inhibit any-policy extensions value is to be
- * stored. Must be non-NULL.
- * "pSkipCerts"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetInhibitAnyPolicy(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext);
-
-/* policy processing functions */
-
-/*
- * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
- * DESCRIPTION:
- *
- * Checks whether the certificate policies extension of the Cert pointed to
- * by "cert" is critical and stores the Boolean result at "pCritical". If
- * "cert" does not have a certificate policies extension, this function
- * stores NULL at "pCritical".
- *
- * XXX what distinguishes NULL from PKIX_FALSE?
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose certificate policies extension's criticality is
- * to be determined. Must be non-NULL.
- * "pCritical"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_AreCertPoliciesCritical(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pCritical,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
- * DESCRIPTION:
- *
- * Checks whether the subject distinguished name and subject alternative names
- * of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed
- * to by "nameConstraints". If the CertNameConstraints are not satisfied, a
- * PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function
- * does nothing.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject names are to be checked.
- * Must be non-NULL.
- * "nameConstraints"
- * Address of CertNameConstraints that need to be satisfied.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_CheckNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints *nameConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
- * DESCRIPTION:
- *
- * Merges the CertNameConstraints pointed to by "firstNC" and the
- * CertNameConstraints pointed to by "secondNC" and stores the merged
- * CertNameConstraints at "pResultNC". If "secondNC" is NULL, the
- * CertNameConstraints pointed to by "firstNC" is stored at "pResultNC".
- *
- * Once created, a CertNameConstraints object is immutable.
- *
- * PARAMETERS:
- * "firstNC"
- * Address of first CertNameConstraints to be merged. Must be non-NULL.
- * "secondNC"
- * Address of second CertNameConstraints to be merged
- * "pResultNC"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_MergeNameConstraints(
- PKIX_PL_CertNameConstraints *firstNC,
- PKIX_PL_CertNameConstraints *secondNC,
- PKIX_PL_CertNameConstraints **pResultNC,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage
- * DESCRIPTION:
- *
- * Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the
- * keyUsage extension of the Cert pointed to by "cert". The keyUsage bit
- * values specified in pkixt.h are supported, and can be bitwise or'ed if
- * multiple bit values are to be verified. If the keyUsages do not all appear
- * in the keyUsage extension of "cert", a PKIX_Error pointer is returned.
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose keyUsage bits are to be verified.
- * Must be non-NULL.
- * "keyUsage"
- * Constant representing keyUsage bit(s) that all must appear in keyUsage
- * extension of "cert".
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifyKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 keyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType
- * DESCRIPTION:
- *
- * Verifies cert and key types against certificate usage that is
- * a part of plContext(pkix_pl_nsscontext) structure. Throws an error
- * if cert or key types does not match.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose keyUsage bits are to be verified.
- * Must be non-NULL.
- * "isLeafCert"
- * What type of a cert has been verified.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifyCertAndKeyType(
- PKIX_PL_Cert *cert,
- PKIX_Boolean isChainCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_CheckValidity
- * DESCRIPTION:
- *
- * Checks whether the Cert pointed to by "cert" would be valid at the time
- * represented by the Date pointed to by "date". If "date" is NULL, then this
- * function checks whether the Cert would be valid at the current time. If the
- * Cert would not be valid at the specified Date, a PKIX_Error pointer is
- * returned.
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose validity is to be checked. Must be non-NULL.
- * "date"
- * Address of Date at which the Cert is being checked for validity.
- * If NULL, the current time is used for the Date.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_CheckValidity(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date that represents the notAfter time of the
- * Certificate pointed to by "cert" and stores it at "pDate".
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose validity time is to be retrieved. Must be
- * non-NULL.
- * "date"
- * Address of Date at which the Cert's notAfter time is being retrieved.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetValidityNotAfter(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifySignature
- * DESCRIPTION:
- *
- * Verifies the signature on the Cert pointed to by "cert" using the
- * PublicKey pointed to by "pubKey". If the signature doesn't verify, an
- * Error pointer is returned.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose signature is to be verified. Must be non-NULL.
- * "pubKey"
- * Address of a Public Key used to verify the signature. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifySignature(
- PKIX_PL_Cert *cert,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_IsCertTrusted
- * DESCRIPTION:
- *
- * Checks the Cert specified by "cert" to determine, in a manner that depends
- * on the underlying platform, whether it is trusted, and stores the result in
- * "pTrusted". If a certificate is trusted it means that a chain built to that
- * certificate, and satisfying all the usage, policy, validity, and other
- * tests, is a valid chain and the End Entity certificate from which it was
- * built can be trusted.
- *
- * If the Certificate is not intrinsically trustworthy, it still might end up a
- * component in a successful chain.
- *
- * PARAMETERS
- * "cert"
- * Address of Cert whose trustworthiness is to be determined. Must be
- * non-NULL.
- * "trustOnlyUserAnchors"
- * States that we can only trust explicitly defined user trust anchors.
- * "pTrusted"
- * Address where the Boolean value will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CERT Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_IsCertTrusted(
- PKIX_PL_Cert *cert,
- PKIX_Boolean trustOnlyUserAnchors,
- PKIX_Boolean *pTrusted,
- void *plContext);
-
-/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
-PKIX_Error*
-PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCacheFlag
- * DESCRIPTION:
- *
- * Retrieves the value of the cache flag in "cert" and return it at address
- * pointed by "pCacheFlag". The initila cache flag is determined by the
- * CertStore this "cert" is fetched from. When CertStore is created, user
- * need to specify if the data should be cached.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose cache flag is fetched. Must be non-NULL.
- * "pCacheFlag"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCacheFlag(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pCacheFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_SetCacheFlag
- * DESCRIPTION:
- *
- * Set the value of the cache flag in "cert" base on the boolean value stored
- * at "cacheFlag". This function is meant to be used by CertStore after a
- * Cert is created.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert where "cacheFlag" is stored. Must be non-NULL.
- * "cacheFlag"
- * PKIX_Boolean flag for cache flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_SetCacheFlag(
- PKIX_PL_Cert *cert,
- PKIX_Boolean cacheFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetTrustCertStore
- * DESCRIPTION:
- *
- * Retrieves the value of the CertStore in "cert" and return it at address
- * pointed by "pCertStore".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose CertStore is fetched. Must be non-NULL.
- * "pTrustCertStore"
- * Address where CertStore will be stored and returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetTrustCertStore(
- PKIX_PL_Cert *cert,
- PKIX_CertStore **pTrustCertStore,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_SetTrustCertStore
- * DESCRIPTION:
- *
- * Set the value of the CertStore "certStore" in "cert".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert where "certStore" will be stored. Must be non-NULL.
- * "trustCertStore"
- * Address where the CertStore is. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_SetTrustCertStore(
- PKIX_PL_Cert *cert,
- PKIX_CertStore *trustCertStore,
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
- * DESCRIPTION:
- *
- * Retrieves the value(s) of the Authority Information Access in "cert" and
- * returns it in a list at address pointed by "pAuthorityInfoAccess".
- *
- * SubjectInfoAccess ::=
- * SEQUENCE SIZE (1..MAX) of AccessDescription
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose Authority Information Access is fetched.
- * Must be non-NULL.
- * "pAuthorityInfoAccess"
- * Address where Authority InfoAccess will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAuthorityInfoAccess(
- PKIX_PL_Cert *cert,
- PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
- * DESCRIPTION:
- *
- * Retrieves the value(s) of the Subject Information Access in "cert" and
- * returns it in a list at address pointed by "pSubjectInfoAccess".
- *
- * SubjectInfoAccess ::=
- * SEQUENCE SIZE (1..MAX) of AccessDescription
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose Subject Information Access is fetched.
- * Must be non-NULL.
- * "pSubjectInfoAccess"
- * Address where Subject InfoAccess will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectInfoAccess(
- PKIX_PL_Cert *cert,
- PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
- void *plContext);
-
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCrlDp
- * DESCRIPTION:
- *
- * Retrieves the value(s) of the CRL Distribution Point Extension and
- * returns it in a list at address pointed by "pDpList".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose Subject Information Access is fetched.
- * Must be non-NULL.
- * "pDpList"
- * Address where CRL DP will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert,
- PKIX_List **pDpList,
- void *plContext);
-
-
-/*
- * InfoAccess
- *
- * To hold Authority Information Access or Subject Information Access
- * retrieved from a Certificate.
- */
-
-#define PKIX_INFOACCESS_OCSP 1
-#define PKIX_INFOACCESS_CA_ISSUERS 2
-#define PKIX_INFOACCESS_TIMESTAMPING 3
-#define PKIX_INFOACCESS_CA_REPOSITORY 5
-
-#define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
-#define PKIX_INFOACCESS_LOCATION_HTTP 1
-#define PKIX_INFOACCESS_LOCATION_LDAP 2
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetMethod
- * DESCRIPTION:
- *
- * Stores the method of the Information Access from "infoAccess" and
- * returns in "pMethod".
- *
- * SubjectInfoAccess ::=
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "infoAccess"
- * Address of PKIX_PL_InfoAccess that has the access data.
- * Must be non-NULL.
- * "pMethod"
- * Address where access method will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetMethod(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_UInt32 *pMethod,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetLocation
- * DESCRIPTION:
- *
- * Stores the location of the Information Access from "infoAccess" and
- * returns in "pLocation".
- *
- * SubjectInfoAccess ::=
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "infoAccess"
- * Address of PKIX_PL_InfoAccess that has the access data.
- * Must be non-NULL.
- * "pLocation"
- * Address where access location will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetLocation(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_PL_GeneralName **pLocation,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetLocationType
- * DESCRIPTION:
- *
- * Stores the type of location of the Information Access from "infoAccess" and
- * returns in "pType".
- *
- * SubjectInfoAccess ::=
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "infoAccess"
- * Address of PKIX_PL_InfoAccess that has the access data.
- * Must be non-NULL.
- * "pType"
- * Address where access location type will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetLocationType(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_UInt32 *pType,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_InfoAccess_GetAIACerts(
- PKIX_PL_InfoAccess *ia,
- void **pNBIOContext,
- void **pHandle,
- PKIX_List **pCerts,
- void *plContext);
-
-/*
- * CRL
- *
- * A CRL represents an X.509 certificate revocation list. It can be created
- * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is
- * immutable. The following functions include accessors (gettors) for the
- * various components of an X.509 CRL, as well as a function for signature
- * verification.
- */
-
-/*
- * FUNCTION: PKIX_PL_CRL_Create
- * DESCRIPTION:
- *
- * Creates a new CRL using the bytes in the ByteArray pointed to by
- * "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1
- * DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a
- * CRL is immutable.
- *
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- *
- * TBSCertList ::= SEQUENCE {
- * version Version OPTIONAL,
- * -- if present, MUST be v2
- * signature AlgorithmIdentifier,
- * issuer Name,
- * thisUpdate Time,
- * nextUpdate Time OPTIONAL,
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, MUST be v2
- * } OPTIONAL,
- * crlExtensions [0] EXPLICIT Extensions OPTIONAL
- * -- if present, MUST be v2
- * }
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray representing the CRL's DER encoding.
- * Must be non-NULL.
- * "pCRL"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_Create(
- PKIX_PL_ByteArray *byteArray,
- PKIX_PL_CRL **pCRL,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name that represents the issuer of the CRL
- * pointed to by "crl" and stores it at "pCRLIssuer".
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose issuer is to be stored. Must be non-NULL.
- * "pCRLIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetIssuer(
- PKIX_PL_CRL *crl,
- PKIX_PL_X500Name **pCRLIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (each OID corresponding to a
- * critical extension of the CRL pointed to by "crl") and stores it at
- * "pExtensions". If "crl" does not have any critical extensions, this
- * function stores an empty List at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose critical extension OIDs are to be stored.
- * Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCriticalExtensionOIDs(
- PKIX_PL_CRL *crl,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl")
- * corresponding to the BigInt pointed to by "serialNumber" and stores it at
- * "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at
- * "pCRLEntry". Once created, a CRLEntry is immutable.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose CRL Entries are to be searched. Must be non-NULL.
- * "serialNumber"
- * Address of BigInt representing serial number of certificate whose
- * CRLEntry is to be found. Must be non-NULL.
- * "pCRLEntry"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCRLEntryForSerialNumber(
- PKIX_PL_CRL *crl,
- PKIX_PL_BigInt *serialNumber,
- PKIX_PL_CRLEntry **pCRLEntry,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCRLNumber
- * DESCRIPTION:
- * Retrieves the CRL Number from extension. This is non-critical extension.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose version is to be stored. Must be non-NULL.
- * "pCrlNumber"
- * Address where a CRL Number will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCRLNumber(
- PKIX_PL_CRL *crl,
- PKIX_PL_BigInt **pCrlNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime
- * DESCRIPTION:
- *
- * Checks whether the CRL pointed to by "crl" would be valid at the time
- * represented by the Date pointed to by "date" and stores the Boolean result
- * at "pResult". This check is done only when NIST policy is enforced.
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose validity is to be checked. Must be non-NULL.
- * "date"
- * Address of Date at which the CRL is being checked for validity.
- * Must be non-NULL.
- * "pResult"
- * Address of Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_VerifyUpdateTime(
- PKIX_PL_CRL *crl,
- PKIX_PL_Date *date,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_VerifySignature
- * DESCRIPTION:
- *
- * Verifies the signature on the CRL pointed to by "crl" using the PublicKey
- * pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error
- * pointer is returned.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose signature is to be verified. Must be non-NULL.
- * "pubKey"
- * Address of a Public Key used to verify the signature. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_VerifySignature(
- PKIX_PL_CRL *crl,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_ReleaseDerCrl
- * DESCRIPTION:
- *
- * Relinguish the ownership for the crl der. The operation will succeed if
- * a crl owns the der. If the crl was created from existing crl and does not
- * own the der, then the function will return null.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose signature is to be verified. Must be non-NULL.
- * "derCrl"
- * Pointer to a SECItem that has der crl.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl,
- SECItem **derCrl,
- void *plContext);
-/*
- * FUNCTION: PKIX_PL_CRL_AdoptDerCrl
- * DESCRIPTION:
- *
- * Adopt memory of the der. The secItem that contains der will be
- * freed with destruction of parent pkix crl structure.
- *
- * * PARAMETERS:
- * "crl"
- * Address of CRL whose signature is to be verified. Must be non-NULL.
- * "derCrl"
- * Pointer to a SECItem that has der crl.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl,
- SECItem *derCrl,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
- * DESCRIPTION:
- *
- * Retrieves the value of the reason code extension of the CRLEntry pointed
- * to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no
- * reason code extension, this function stores -1 at "pReason".
- *
- * CRLReason ::= ENUMERATED {
- * unspecified (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6),
- * removeFromCRL (8),
- * privilegeWithdrawn (9),
- * aACompromise (10) }
- *
- * PARAMETERS:
- * "crlEntry"
- * Address of CRLEntry whose reason code bit values are to be returned
- * at "pReason". Must be non-NULL.
- * "pReason"
- * Address of PKIX_Int32 where reason code is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_Int32 *pReason,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (each OID corresponding to a
- * critical extension of the CRLEntry pointed to by "crlEntry") and stores it
- * at "pExtensions". If "crlEntry" does not have any critical extensions, this
- * function stores an empty List at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "crlEntry"
- * Address of CRLEntry whose critical extension OIDs are to be stored.
- * Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: PKIX_PL_X500Name_Create
- * DESCRIPTION:
- *
- * Creates a new X500Name using the UTF8 string representation pointed to by
- * "stringRep" and stores it at "pName". Once created, an X500Name is
- * immutable.
- *
- * Name ::= CHOICE {
- * RDNSequence }
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- * RelativeDistinguishedName ::=
- * SET OF AttributeTypeAndValue
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- * AttributeType ::= OBJECT IDENTIFIER
- *
- * AttributeValue ::= ANY DEFINED BY AttributeType
- *
- * DirectoryString ::= CHOICE {
- * teletexString TeletexString (SIZE (1..MAX)),
- * printableString PrintableString (SIZE (1..MAX)),
- * universalString UniversalString (SIZE (1..MAX)),
- * utf8String UTF8String (SIZE (1..MAX)),
- * bmpString BMPString (SIZE (1..MAX)) }
- *
- * PARAMETERS:
- * "stringRep"
- * Address of UTF8 String representation of X500Name. Must be non-NULL.
- * "pName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_X500Name_Create (
- PKIX_PL_String *stringRep,
- PKIX_PL_X500Name **pName,
- void *plContext);
-
-#endif /* BUILD_LIBPKIX_TESTS */
-
-/*
- * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName
- * DESCRIPTION:
- *
- * The function creates x500Name using der encoded DN and/or pointer to
- * CERTName. If arument "name" is NULL, but derName is supplied when
- * the function generates nssDN(CERTName type) from der data. If derName
- * is not supplied, CERTName *name will not be used to generate DN DER
- * encoding.
- *
- * PARAMETERS:
- * "derName"
- * Address of DER representation of X500Name. Can be NULL
- * "name"
- * Address of CERTName representation of X500Name. Can be NULL
- * "pName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_X500Name_CreateFromCERTName(
- SECItem *derName,
- CERTName *name,
- PKIX_PL_X500Name **pName,
- void *plContext);
-
-
-/*
- * TYPE: PKIX_PL_X500Name_Match
- * DESCRIPTION:
- * Checks whether the X500Name pointed to by "firstX500Name" MATCHES the
- * X500Name pointed to by "secondX500Name" and stores the boolean result at
- * "pResult". Two X500Names MATCH if they meet the conditions specified by
- * RFC 3280 (section 4.1.2.4). Namely:
- *
- * "This specification requires only a subset of the name comparison
- * functionality specified in the X.500 series of specifications.
- * Conforming implementations are REQUIRED to implement the following
- * name comparison rules:
- *
- * (a) attribute values encoded in different types (e.g., PrintableString
- * and BMPString) MAY be assumed to represent different strings;
- *
- * (b) attribute values in types other than PrintableString are case
- * sensitive (this permits matching of attribute values as binary objects)
- *
- * (c) attribute values in PrintableString are not case sensitive
- * (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and
- *
- * (d) attribute values in PrintableString are compared after removing
- * leading and trailing white space and converting internal substrings of
- * one or more consecutive white space characters to a single space."
- *
- * PARAMETERS:
- * "firstX500Name"
- * Address of first X500Name to compare. Must be non-NULL.
- * "secondX500Name"
- * Address of second X500Name to compare. Must be non-NULL.
- * "pResult"
- * Address of Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_X500Name_Match(
- PKIX_PL_X500Name *firstX500Name,
- PKIX_PL_X500Name *secondX500Name,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_UTCTime
- * DESCRIPTION:
- * Creates a new Date of type UTCTime using the string representation pointed
- * to by "stringRep" and stores it at "pDate". The UTCTime restriction means
- * that the year can only be specified by the least significant two digits
- * (YY). As such, Only the years 1950-2049 can be represented. If "stringRep"
- * is NULL, this function creates a new Date representing the current time
- * and stores it at "pDate". Once created, a Date is immutable.
- *
- * If YY is greater than or equal to 50, the year is interpreted as 19YY.
- * If YY is less than 50, the year is interpreted as 20YY.
- *
- * The string representation of the date must be in the following form:
- * "YYMMDDhhmmssZ" where:
- *
- * YY is the least significant two digits of the year
- * MM is the month (01 to 12)
- * DD is the day (01 to 31)
- * hh is the hour (00 to 23)
- * mm are the minutes (00 to 59)
- * ss are the seconds (00 to 59)
- * Z indicates that local time is GMT
- *
- * PARAMETERS:
- * "stringRep"
- * Address of String representation of Date.
- * If NULL, current time is used.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Date_Create_UTCTime (
- PKIX_PL_String *stringRep,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_UTCTime
- * DESCRIPTION:
- * Creates a new Date from PRTime data.
- *
- * PARAMETERS:
- * "time"
- * Represented time in PRTime type.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Date_CreateFromPRTime(
- PRTime time,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
- * DESCRIPTION:
- * Creates a new Date of type UTCTime for current time with seconds off by
- * "secondsOffset" and returns it at "pDate".
- *
- * PARAMETERS:
- * "secondsOffset"
- * A PKIX_Int32 indicates the time offset from current. If "secondsOffset"
- * is negative, the time is in past.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Date_Create_CurrentOffBySeconds(
- PKIX_Int32 secondsOffset,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: PKIX_PL_GeneralName_Create
- * DESCRIPTION:
- *
- * Creates a new GeneralName of type "nameType" using the string
- * representation pointed to by "stringRep" and stores it at "pGName".
- * All of the GeneralName type format values specified in pkixt.h are
- * supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME,
- * PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation
- * should be used for all supported nameTypes, with the exception of
- * registeredID and directoryName. For registeredID, the string representation
- * should be the same as that used by PKIX_PL_OID_Create. For directoryName,
- * the string representation should be the same as that used by
- * PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is
- * returned. Once created, a GeneralName is immutable.
- *
- * GeneralName ::= CHOICE {
- * otherName [0] OtherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- *
- * NOTE: This function is allowed to be called only by pkix tests programs.
- *
- * PARAMETERS:
- * "nameType"
- * Type of GeneralName to be created. This must be one of the GeneralName
- * type format values specified in pkixt.h
- * "stringRep"
- * Address of String representation of GeneralName. Must be non-NULL.
- * "pGName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_GeneralName_Create (
- PKIX_UInt32 nameType,
- PKIX_PL_String *stringRep,
- PKIX_PL_GeneralName **pGName,
- void *plContext);
-#endif /* BUILD_LIBPKIX_TESTS */
-
-/*
- * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
- * DESCRIPTION:
- *
- * This function checks whether names in "nameList" comply with
- * "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the
- * requirement of the NameConstraints, PKIX_FALSE otherwise.
- *
- * PARAMETERS
- * "nameList"
- * List of GeneralNames that are checked for compliance. May be empty
- * or NULL.
- * "nameConstraints"
- * Address of CertNameConstraints that provides lists of permitted
- * and excluded names. Must be non-NULL.
- * "pCheckPass"
- * Address where PKIX_TRUE is returned if the all names in "nameList" are
- * valid. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
- PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean *pCheckPass,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_AIAMgr_Create
- * DESCRIPTION:
- *
- * This function creates an AIAMgr to handle retrieval of Certs and CRLs
- * from servers given by AIA Certificate extensions. It manages connections
- * and caches. The manager created is stored at "pAIAMgr".
- *
- * PARAMETERS:
- * "pAIAMgr"
- * The address at which the result is stored. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an AIAMgr Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_AIAMgr_Create(
- PKIX_PL_AIAMgr **pAIAMgr,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts
- * DESCRIPTION:
- *
- * This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs
- * specified by an AIA certificate extension, if any, in the Cert pointed to by
- * "prevCert", storing the results at "pCerts". If the certificate has no such
- * extension, this function stores NULL at "pCerts".
- *
- * If the request is suspended for non-blocking I/O, a platform-dependent
- * context is stored at "pNBIOContext" and NULL is stored at "pCerts". This
- * return is referred to as the WOULDBLOCK state. Note that the caller must
- * check for a non-NULL value at "pNBIOContext", to distinguish this state from
- * the "no such extension" return described in the first paragraph. (The
- * alternative would be to return an empty List, but it seemed wrong to incur
- * the overhead of creating and destroying an empty List for the most common
- * situation.)
- *
- * After a WOULDBLOCK return, the user may continue the operation by calling
- * pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again
- * returns in the WOULDBLOCK state) with the previously-returned non-NULL
- * value of "pNBIOContext". When results are complete, NULL is stored at
- * "pNBIOContext", and the results (which may be NULL) are stored at "pCerts".
- *
- * PARAMETERS:
- * "aiaMgr"
- * The AIAMgr which controls the retrieval of certificates. Must be
- * non-NULL.
- * "prevCert"
- * Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must
- * be non-NULL.
- * "pNBIOContext"
- * Address at which platform-dependent information is returned if request
- * is suspended for non-blocking I/O. Must be non-NULL.
- * "pCerts"
- * Address at which the returned List is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an AIAMgr Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_AIAMgr_GetAIACerts(
- PKIX_PL_AIAMgr *aiaMgr,
- PKIX_PL_Cert *prevCert,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_PL_VerifyCallback)(
- PKIX_PL_Object *signedObject,
- PKIX_PL_Cert *signerCert, /* can be unknown */
- PKIX_PL_Date *producedAt,
- PKIX_ProcessingParams *procParams,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_PKI_H */
diff --git a/security/nss/lib/libpkix/include/pkix_pl_system.h b/security/nss/lib/libpkix/include/pkix_pl_system.h
deleted file mode 100755
index 053942a22..000000000
--- a/security/nss/lib/libpkix/include/pkix_pl_system.h
+++ /dev/null
@@ -1,1578 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines several platform independent functions to make system
- * calls in a portable manner.
- *
- */
-
-#ifndef _PKIX_PL_SYSTEM_H
-#define _PKIX_PL_SYSTEM_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/*
- * FUNCTION: PKIX_PL_Initialize
- * DESCRIPTION:
- *
- * XXX If this function is really only meant to be used by PKIX_Initialize,
- * why don't we just put it in a private header file rather than the public
- * API. I think it may confuse users.
- *
- * This function should NOT be called by applications. It is only meant to
- * be used internally. The application needs only to call PKIX_Initialize,
- * which in turn will call this function.
- *
- * This function initializes data structures critical to the operation of
- * libpkix. If initialization is not successful, an Error pointer is
- * returned. This function should only be called once. If it is called more
- * than once, the behavior is undefined.
- *
- * No PKIX_* types and functions should be used before this function is
- * called and returns successfully.
- *
- * PARAMETERS:
- * "platformInitNeeded"
- * Boolean indicating whether platform initialization is to be called
- * "useArenas"
- * Boolean indicating whether allocation is to be done using arenas or
- * individual allocation (malloc).
- * "pPlContext"
- * Address at which platform-specific context pointer is stored. Must be
- * non-NULL.
- * THREAD SAFETY:
- * Not Thread Safe
- *
- * This function assumes that no other thread is calling this function while
- * it is executing.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Initialize(
- PKIX_Boolean platformInitNeeded,
- PKIX_Boolean useArenas,
- void **pPlContext);
-
-/*
- * FUNCTION: PKIX_PL_Shutdown
- * DESCRIPTION:
- *
- * XXX If this function is really only meant to be used by PKIX_Shutdown,
- * why don't we just put it in a private header file rather than the public
- * API. I think it may confuse users.
- *
- * This function should NOT be called by applications. It is only meant to
- * be used internally. The application needs only to call PKIX_Shutdown,
- * which in turn will call this function.
- *
- * This function deallocates any memory used by the Portability Layer (PL)
- * component of the libpkix library and shuts down any ongoing operations.
- * This function should only be called once. If it is called more than once,
- * the behavior is undefined.
- *
- * No PKIX_* types and functions should be used after this function is called
- * and returns successfully.
- *
- * PARAMETERS:
- * "platformInitNeeded"
- * Boolean value of whether PKIX initialized NSS: PKIX_TRUE if we
- * called nssInit, PKIX_FALSE otherwise
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- *
- * This function makes use of global variables and should only be called once.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Shutdown(void *plContext);
-
-/* standard memory management operations (not reference-counted) */
-
-/*
- * FUNCTION: PKIX_PL_Malloc
- * DESCRIPTION:
- *
- * Allocates a block of "size" bytes. The bytes are not initialized. A
- * pointer to the newly allocated memory will be stored at "pMemory". The
- * memory allocated by PKIX_PL_Malloc() may only be freed by PKIX_PL_Free().
- * If "size" equals zero, this function stores NULL at "pMemory".
- *
- * PARAMETERS:
- * "size"
- * Number of bytes to allocate.
- * "pMemory"
- * Address where newly allocated pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Malloc(
- PKIX_UInt32 size,
- void **pMemory,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Calloc
- * DESCRIPTION:
- *
- * Allocates memory for an array of "nElem" elements, with each element
- * requiring "elSize" bytes, and with all the bits initialized to zero. A
- * pointer to the newly allocated memory will be stored at "pMemory". The
- * memory allocated by PKIX_PL_Calloc() may only be freed by PKIX_PL_Free().
- * If "nElem" equals zero or "elSize" equals zero, this function stores NULL
- * at "pMemory".
- *
- * PARAMETERS:
- * "nElem"
- * Number of elements needed.
- * "elSize"
- * Number of bytes needed per element.
- * "pMemory"
- * Address where newly allocated pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Calloc(
- PKIX_UInt32 nElem,
- PKIX_UInt32 elSize,
- void **pMemory,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Realloc
- * DESCRIPTION:
- *
- * Resizes an existing block of memory (pointed to by "ptr") to "size" bytes.
- * Stores a pointer to the resized memory at "pNewPtr". The "ptr" must
- * originate from either PKIX_PL_Malloc(), PKIX_PL_Realloc(), or
- * PKIX_PL_Calloc(). If "ptr" is NULL, this function behaves as if
- * PKIX_PL_Malloc were called. If "ptr" is not NULL and "size" equals zero,
- * the memory pointed to by "ptr" is deallocated and this function stores
- * NULL at "pPtr".
- *
- * PARAMETERS:
- * "ptr"
- * A pointer to an existing block of memory.
- * "size"
- * New size in bytes.
- * "pPtr"
- * Address where newly allocated pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Realloc(
- void *ptr,
- PKIX_UInt32 size,
- void **pNewPtr,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Free
- * DESCRIPTION:
- *
- * Frees a block of memory pointed to by "ptr". This value must originate with
- * either PKIX_PL_Malloc(), PKIX_PL_Calloc, or PKIX_PL_Realloc(). If "ptr" is
- * NULL, the function has no effect.
- *
- * PARAMETERS:
- * "ptr"
- * A pointer to an existing block of memory.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL always.
- */
-PKIX_Error *
-PKIX_PL_Free(
- void *ptr,
- void *plContext);
-
-/* Callback Types
- *
- * The next few typedefs define function pointer types for the standard
- * functions associated with every object type. See the Implementation
- * Guidelines or the comments below for more information.
- */
-
-/*
- * TYPE: PKIX_PL_DestructorCallback
- * DESCRIPTION:
- *
- * This callback function destroys (or DecRef's) any pointers contained in
- * the user data for the Object pointed to by "object" before the Object is
- * destroyed.
- *
- * PARAMETERS:
- * "object"
- * Address of Object to destroy. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts (as long as they're not operating on the same
- * object and nobody else is performing an operation on the object at the
- * same time). Both of these conditions should be guaranteed by the fact that
- * the object's ref count was reduced to 0 in a lock that's still held when
- * this callback is called.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_DestructorCallback)(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_EqualsCallback
- * DESCRIPTION:
- *
- * This callback function compares the Object pointed to by "firstObject" with
- * the Object pointed to by "secondObject" for equality and stores the result
- * at "pResult" (PKIX_TRUE if equal; PKIX_FALSE if not).
- *
- * PARAMETERS:
- * "firstObject"
- * Address of first object to compare. Must be non-NULL.
- * "secondObject"
- * Address of second object to compare. Must be non-NULL.
- * "pResult"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_EqualsCallback)(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_HashcodeCallback
- * DESCRIPTION:
- *
- * This callback function computes the hashcode of the Object pointed to by
- * "object" and stores the result at "pValue".
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose hashcode is desired. Must be non-NULL.
- * "pValue"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_HashcodeCallback)(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_ToStringCallback
- * DESCRIPTION:
- *
- * This callback function converts the Object pointed to by "object" to a
- * string representation and stores the result at "pString".
- *
- * PARAMETERS:
- * "object"
- * Object to get a string representation from. Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_ToStringCallback)(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_ComparatorCallback
- * DESCRIPTION:
- *
- * This callback function determines how the Object pointed to by
- * "firstObject" compares to the Object pointed to by "secondObject" and
- * stores the result at "pResult".
- *
- * Result is less than 0 if firstObject < secondObject
- * Result equals 0 if firstObject = secondObject
- * Result is greater than 0 if firstObject > secondObject
- *
- * PARAMETERS:
- * "firstObject"
- * Address of the first Object to compare. Must be non-NULL.
- * "secondObject"
- * Address of the second Object to compare. Must be non-NULL.
- * "pResult"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_ComparatorCallback)(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_DuplicateCallback
- * DESCRIPTION:
- *
- * This callback function creates a copy of the Object pointed to by "object"
- * and stores it at "pNewObject". Changes to the copy will not affect the
- * original and vice versa.
- *
- * Note that if "object" is immutable, the Duplicate callback function simply
- * needs to increment the reference count on "object" and return a reference
- * to "object".
- *
- * PARAMETERS:
- * "object"
- * Address of the object to be copied. Must be non-NULL.
- * "pNewObject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_DuplicateCallback)(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext);
-
-/* reference-counted objects */
-
-/*
- * FUNCTION: PKIX_PL_Object_Alloc
- * DESCRIPTION:
- *
- * Allocates a new Object of type "type" with "size" bytes and stores the
- * resulting pointer at "pObject". The reference count of the newly
- * allocated object will be initialized to 1. To improve performance, each
- * object maintains a small cache for the results of Hashcode and ToString.
- * Mutable objects should call InvalidateCache whenever changes are made to
- * the object's state (after creation). If an error occurs during allocation,
- * "pObject" will be set to NULL. If "size" equals zero, this function creates
- * an Object with a reference count of 1, and places a pointer to unallocated
- * memory at "pMemory".
- *
- * PARAMETERS:
- * "type"
- * The type code of this object. See pkixt.h for codes. The type code
- * must be previously registered with PKIX_PL_Object_RegisterType().
- * "size"
- * The number of bytes needed for this object.
- * "pMemory"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Alloc(
- PKIX_TYPENUM type,
- PKIX_UInt32 size,
- PKIX_PL_Object **pObject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_IsTypeRegistered
- * DESCRIPTION:
- *
- * Checks whether "type" has been registered by a previous call to
- * PKIX_PL_Object_RegisterType() and stores the Boolean result at "pBool".
- * This function will typically only be called by constructors for specific
- * types.
- *
- * PARAMETERS:
- * "type"
- * The type code to check if valid.
- * "pBool"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_IsTypeRegistered(
- PKIX_UInt32 type,
- PKIX_Boolean *pBool,
- void *plContext);
-
-#ifdef PKIX_USER_OBJECT_TYPE
-/*
- * FUNCTION: PKIX_PL_Object_RegisterType
- * DESCRIPTION:
- *
- * Registers a new Object with type value "type" and associates it with a set
- * of functions ("destructor", "equalsFunction", "hashcodeFunction",
- * "toStringFunction", "comparator", "duplicateFunction"). The new type value
- * is also associated with a string pointed to by "description", which is used
- * by the default ToStringCallback. This function may only be called with a
- * particular "type" value once. If "destructor", "equalsFunction",
- * "hashcodeFunction", or "toStringFunction" are NULL, default functions will
- * be registered. However, if "comparator" and "duplicateFunction" are NULL,
- * no functions will be registered and calls to PKIX_PL_Object_Compare and
- * PKIX_PL_Object_Duplicate will result in an error.
- *
- * PARAMETERS:
- * "type"
- * The type code.
- * "description"
- * The string used by the default ToStringCallback. Default used if NULL.
- * "destructor"
- * The DestructorCallback function to be set. Default used if NULL.
- * "equalsFunction"
- * The EqualsCallback function to be set. Default used if NULL.
- * "hashcodeFunction"
- * The HashcodeCallback function to be set. Default used if NULL.
- * "toStringFunction"
- * The ToStringCallback function to be set. Default used if NULL.
- * "comparator"
- * The ComparatorCallback function to be set. None set if NULL. If no
- * callback function is set in this field, calls to
- * PKIX_PL_Object_Compare() will result in an error.
- * "duplicateFunction"
- * The DuplicateCallback function to be set. None set if NULL. If no
- * callback function is set in this field, calls to
- * PKIX_PL_Object_Duplicate() will result in an error.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if "type" is already registered.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_RegisterType(
- PKIX_UInt32 type,
- char *description,
- PKIX_PL_DestructorCallback destructor,
- PKIX_PL_EqualsCallback equalsFunction,
- PKIX_PL_HashcodeCallback hashcodeFunction,
- PKIX_PL_ToStringCallback toStringFunction,
- PKIX_PL_ComparatorCallback comparator,
- PKIX_PL_DuplicateCallback duplicateFunction,
- void *plContext);
-
-#endif
-/*
- * FUNCTION: PKIX_PL_Object_InvalidateCache
- * DESCRIPTION:
- *
- * Invalidates the cache of the Object pointed to by "object". The cache
- * contains results of Hashcode and ToString. This function should be used by
- * mutable objects whenever changes are made to the Object's state (after
- * creation).
- *
- * For example, if ToString is called on a mutable Object, the result will be
- * computed, cached, and returned. If the Object's state does not change, a
- * subsequent call to ToString will recognize that the relevant result is
- * cached and will simply return the result (without calling the Object's
- * ToStringCallback to recompute it). However, when the Object's state
- * changes, the cache needs to be invalidated in order to force a subsequent
- * call to ToString to recompute the result.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose cache is to be invalidated. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY
- * Thread Safe - Object Type Table is locked during modification.
- *
- * Multiple threads can safely call this function without worrying about
- * conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_InvalidateCache(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_IncRef
- * DESCRIPTION:
- *
- * Increments the reference count of the Object pointed to by "object".
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose reference count is to be incremented.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_IncRef(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_DecRef
- * DESCRIPTION:
- *
- * Decrements the reference count of the Object pointed to by "object". If the
- * resulting reference count is zero, the destructor (if any) registered for
- * the Object's type (by PKIX_PL_RegisterType) will be called and then the
- * Object will be destroyed.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose reference count is to be decremented.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * If destructor is not called, multiple threads can safely call this function
- * without worrying about conflicts, even if they're operating on the same
- * object. If destructor is called, thread safety depends on the callback
- * defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_DecRef(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Equals
- * DESCRIPTION:
- *
- * Compares the Object pointed to by "firstObject" with the Object pointed to
- * by "secondObject" for equality using the callback function registered for
- * "firstObject"'s type, and stores the Boolean result at "pResult". While
- * typical callbacks will return PKIX_FALSE if the objects are of different
- * types, other callbacks may be capable of comparing objects of different
- * types [which may correctly result in cases where Equals(first, second)
- * differs from Equals(second, first)].
- *
- * PARAMETERS:
- * "firstObject"
- * Address of the first Object to compare. Must be non-NULL.
- * The EqualsCallback for this Object will be called.
- * "secondObject"
- * Address of the second Object to compare. Must be non-NULL.
- * "pResult"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Hashcode
- * DESCRIPTION:
- *
- * Computes a hashcode of the Object pointed to by "object" using the
- * callback registered for "object"'s type and stores it at "pValue". Two
- * objects which are equal should have the same hashcode. Once a call to
- * Hashcode has been made, the results are cached and subsequent calls to
- * Hashcode will return the cached value. For mutable objects, an
- * InvalidateCache function is provided, which should be called whenever
- * changes are made to the object's state (after creation).
- *
- * PARAMETERS:
- * "object"
- * Address of the Object whose hashcode is desired. Must be non-NULL.
- * The HashcodeCallback for this object will be called.
- * "pValue"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_ToString
- * DESCRIPTION:
- *
- * Creates a string representation of the Object pointed to by "object" using
- * the callback registered for "object"'s type and stores it at "pString".
- * Once a call to ToString has been made, the results are cached and
- * subsequent calls to ToString will return the cached value. For mutable
- * objects, an InvalidateCache function is provided, which should be called
- * whenever changes are made to the object's state (after creation).
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose string representation is desired.
- * Must be non-NULL. The ToStringCallback for this object will be called.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Compare
- * DESCRIPTION:
- *
- * Compares the Object pointed to by "firstObject" and the Object pointed to
- * by "secondObject" using the comparator registered for "firstObject"'s type
- * and stores the result at "pResult". Different types may be compared. This
- * may correctly result in cases where Compare(first, second) is not the
- * opposite of Compare(second, first). The PKIX_Int32 value stored at
- * "pResult" will be:
- * Less than 0 if "firstObject" < "secondObject"
- * Equals to 0 if "firstObject" = "secondObject"
- * Greater than 0 if "firstObject" > "secondObject"
- *
- * PARAMETERS:
- * "firstObject"
- * Address of first Object to compare. Must be non-NULL.
- * The ComparatorCallback for this object will be called.
- * "secondObject"
- * Address of second object to compare. Must be non-NULL.
- * "pResult
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the comparator defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Compare(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Duplicate
- * DESCRIPTION:
- *
- * Creates a duplicate copy of the Object pointed to by "object" using the
- * callback registered for "object"'s type and stores the copy at
- * "pNewObject". Changes to the new object will not affect the original and
- * vice versa.
- *
- * Note that if "object" is immutable, the Duplicate callback function simply
- * needs to increment the reference count on "object" and return a reference
- * to "object".
- *
- * PARAMETERS:
- * "object"
- * Address of Object to be duplicated. Must be non-NULL.
- * The DuplicateCallback for this Object will be called.
- * "pNewObject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_GetType
- * DESCRIPTION:
- *
- * Retrieves the type code of the Object pointed to by "object" and stores it
- * at "pType". See pkixt.h for type codes.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose type is desired. Must be non-NULL.
- * "pType"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_GetType(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pType,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Lock
- * DESCRIPTION:
- *
- * Locks the Mutex associated with the Object pointed to by "object". When an
- * object is created, it is associated with an object-specific Mutex to allow
- * for synchronization when the fields of the object are modified.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose Mutex is to be locked. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Lock(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Unlock
- * DESCRIPTION:
- *
- * Unlocks the Mutex associated with the Object pointed to by "object". When
- * an object is created, it is associated with an object-specific Mutex to
- * allow for synchronization when the fields of the object are modified.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose Mutex is to be unlocked. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Unlock(
- PKIX_PL_Object *object,
- void *plContext);
-
-/* mutexes (locks) */
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Create
- * DESCRIPTION:
- *
- * Creates a new Mutex and stores it at "pNewLock".
- *
- * PARAMETERS:
- * "pNewLock"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Mutex_Create(
- PKIX_PL_Mutex **pNewLock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Lock
- * DESCRIPTION:
- *
- * Locks the Mutex pointed to by "lock". If the Mutex is already locked, this
- * function will block the current thread until the mutex can be locked by
- * this thread.
- *
- * PARAMETERS:
- * "lock"
- * Address of Mutex to lock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Mutex_Lock(
- PKIX_PL_Mutex *lock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Unlock
- * DESCRIPTION:
- *
- * Unlocks the Mutex pointed to by "lock" if the current thread holds the
- * Mutex.
- *
- * PARAMETERS:
- * "lock"
- * Address of Mutex to unlock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Mutex_Unlock(
- PKIX_PL_Mutex *lock,
- void *plContext);
-
-/* monitor (locks) */
-
-/*
- * FUNCTION: PKIX_PL_MonitorLock_Create
- * DESCRIPTION:
- *
- * Creates a new PKIX_PL_MonitorLock and stores it at "pNewLock".
- *
- * PARAMETERS:
- * "pNewLock"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_MonitorLock_Create(
- PKIX_PL_MonitorLock **pNewLock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_MonitorLock_Enter
- * DESCRIPTION:
- *
- * Locks the MonitorLock pointed to by "lock". If the MonitorLock is already
- * locked by other thread, this function will block the current thread. If
- * the "lock" had been locked by current thread, this function will NOT block.
- *
- * PARAMETERS:
- * "lock"
- * Address of MonitorLock to lock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_MonitorLock_Enter(
- PKIX_PL_MonitorLock *lock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_MonitorLock_Exit
- * DESCRIPTION:
- *
- * Unlocks the MonitorLock pointed to by "lock" if the lock counter of
- * current thread holds the MonitorLock reach 0, the lock is released.
- *
- * PARAMETERS:
- * "lock"
- * Address of MonitorLock to unlock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_MonitorLock_Exit(
- PKIX_PL_MonitorLock *lock,
- void *plContext);
-
-/* strings and formatted printing */
-
-/*
- * FUNCTION: PKIX_PL_String_Create
- * DESCRIPTION:
- *
- * Creates a new String using the data pointed to by "pString", the
- * PKIX_UInt32 pointed to by "stringLen", and the PKIX_UInt32 pointed to by
- * "fmtIndicator" and stores it at "pString". If the format is PKIX_ESCASCII
- * the "stringLen" parameter is ignored and the string extends until a zero
- * byte is found. Once created, a String object is immutable.
- *
- * Valid formats are:
- * PKIX_ESCASCII
- * PKIX_ESCASCII_DEBUG
- * PKIX_UTF8
- * PKIX_UTF8_NULL_TERM
- * PKIX_UTF16
- *
- * PARAMETERS:
- * "fmtIndicator"
- * Format that "stringRep" is encoded with. Must be non-NULL.
- * "stringRep"
- * Address of encoded string representation. Must be non-NULL.
- * "stringLen"
- * Length of data stored at stringRep.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_String_Create(
- PKIX_UInt32 fmtIndicator,
- const void *stringRep,
- PKIX_UInt32 stringLen,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Sprintf
- * DESCRIPTION:
- *
- * Creates a formatted string at "pOut" using the given format "fmt" and a
- * variable length list of arguments. The format flags are identical to
- * standard C with the exception that %s expects a PKIX_PL_String*, rather
- * than a char *, and that {%d, %i, %o, %u, %x, %X} expect PKIX_UInt32 or
- * PKIX_Int32 instead of int or unsigned int.
- *
- * PARAMETERS:
- * "pOut"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * "fmt"
- * Address of format string. Must be non-NULL.
- * THREAD SAFETY:
- * Not Thread Safe - Caller must have exclusive access to all arguments.
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Sprintf(
- PKIX_PL_String **pOut,
- void *plContext,
- const PKIX_PL_String *fmt, ...);
-
-/*
- * FUNCTION: PKIX_PL_GetString
- * DESCRIPTION:
- *
- * Retrieves the String associated with the value of "stringID" (if any) and
- * stores it at "pString". If no such string is associated with "stringID",
- * this function uses "defaultString" to create a String and stores it at
- * "pString".
- *
- * PARAMETERS:
- * "stringID"
- * PKIX_UInt32 valud of string identifier.
- * "defaultString"
- * Address of a PKIX_ESCASCII encoded string representation.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_GetString(
- PKIX_UInt32 stringID,
- char *defaultString,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_String_GetEncoded
- * DESCRIPTION:
- *
- * Retrieves the value of the String pointed to by "string" in the encoding
- * specified by "fmtIndicator" and stores the result in "pStringRep" and
- * "pLength", respectively. Note that "pStringRep" is not reference counted
- * and will need to be freed with PKIX_PL_Free().
- *
- * PARAMETERS:
- * "string"
- * Address of String whose encoded value is desired. Must be non-NULL.
- * "fmtIndicator"
- * Format of encoding. Supported formats are:
- * PKIX_ESCASCII, PKIX_ESCASII_DEBUG, PKIX_UTF8, PKIX_UTF8_NULL_TERM, and
- * PKIX_UTF16. XXX Where are these documented?
- * "pStringRep"
- * Address where pointer to encoded value will be stored.
- * Must be non-NULL.
- * "pLength"
- * Address where byte length of encoded value will be stored.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_String_GetEncoded(
- PKIX_PL_String *string,
- PKIX_UInt32 fmtIndicator,
- void **pStringRep,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-/*
- * Hashtable
- *
- * A hashtable is a very efficient data structure used for mapping keys to
- * values. Any non-null PKIX_PL_Object can be used as a key or as a value,
- * provided that it correctly implements the PKIX_PL_EqualsCallback and the
- * PKIX_PL_HashcodeCallback. A hashtable consists of several buckets, with
- * each bucket capable of holding a linked list of key/value mappings. When
- * adding, retrieving, or deleting a value, the hashcode of the key is used to
- * determine which bucket's linked list is relevant. The corresponding
- * key/value pair is then appended, retrieved, or deleted.
- */
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Create
- * DESCRIPTION:
- *
- * Creates a new Hashtable with an initial capacity of "numBuckets" buckets
- * and "maxEntriesPerBucket" of entries limit for each bucket and stores it
- * at "pResult".
- *
- * PARAMETERS:
- * "numBuckets"
- * The initial number of hash table buckets. Must be non-zero.
- * "maxEntriesPerBucket"
- * The limit of entries per bucket. Zero means no limit.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Create(
- PKIX_UInt32 numBuckets,
- PKIX_UInt32 maxEntriesPerBucket,
- PKIX_PL_HashTable **pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Add
- * DESCRIPTION:
- *
- * Adds a key/value mapping using the Objects pointed to by "key" and "value"
- * to the Hashtable pointed to by "ht".
- *
- * Function increments key/value reference counts. Caller is responsible to
- * to decrement(destroy) key/value ref counts(objects).
- *
- * PARAMETERS:
- * "ht"
- * Address of Hashtable to be added to. Must be non-NULL.
- * "key"
- * Address of Object to be associated with "value". Must be non-NULL.
- * "value"
- * Address of Object to be added to Hashtable. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Hashtable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Add(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- PKIX_PL_Object *value,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Remove
- * DESCRIPTION:
- *
- * Removes the Object value whose key is equal to the Object pointed to by
- * "key" from the Hashtable pointed to by "ht". If no such object exists,
- * this function throws an Error.
- *
- * Function frees "value" object. Caller is responsible to free "key"
- * object.
- *
- * PARAMETERS:
- * "ht"
- * Address of Hashtable to remove object from. Must be non-NULL.
- * "key"
- * Address of Object used for lookup. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Hashtable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Remove(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Lookup
- * DESCRIPTION:
- *
- * Retrieves the Object whose key equals the Object pointed to by "key" from
- * the Hashtable associated with "ht" and stores it at "pResult". If no
- * Object is found, this function stores NULL at "pResult".
- *
- * PARAMETERS:
- * "ht"
- * Address of Hashtable to lookup Object from. Must be non-NULL.
- * "key"
- * Address of key Object used for lookup. Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Hashtable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Lookup(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- PKIX_PL_Object **pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_Create
- * DESCRIPTION:
- *
- * Creates a new ByteArray using "length" bytes of data pointed to by "array"
- * and stores it at "pByteArray". Once created, a ByteArray is immutable.
- *
- * PARAMETERS:
- * "array"
- * Address of source data.
- * "length"
- * Number of bytes to copy.
- * "pByteArray"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_ByteArray_Create(
- void *array,
- PKIX_UInt32 length,
- PKIX_PL_ByteArray **pByteArray,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_GetPointer
- * DESCRIPTION:
- *
- * Allocates enough memory to hold the contents of the ByteArray pointed to
- * by "byteArray", copies the data from the ByteArray pointed to by
- * "byteArray" into the newly allocated memory, and stores a pointer to the
- * memory at "pArray". Note that "pArray" is not reference counted. It will
- * need to be freed with PKIX_PL_Free().
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray whose data is desired. Must be non-NULL.
- * "pArray"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_ByteArray_GetPointer(
- PKIX_PL_ByteArray *byteArray,
- void **pArray,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_GetLength
- * DESCRIPTION:
- *
- * Retrieves the length of the ByteArray pointed to by "byteArray" and stores
- * the length at "pLength".
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray whose length is desired. Must be non-NULL.
- * "pLength"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_ByteArray_GetLength(
- PKIX_PL_ByteArray *byteArray,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_OID_Create
- * DESCRIPTION:
- *
- * Creates a new OID using NSS oid tag.
- *
- * PARAMETERS:
- * "idtag"
- * nss oid id tag.
- * "pOID"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OID_Create(
- SECOidTag idtag,
- PKIX_PL_OID **pOID,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_OID_CreateBySECItem
- * DESCRIPTION:
- *
- * Creates a new OID using a DER encoded OID stored as SECItem.
- *
- * PARAMETERS:
- * "derOid"
- * Address of SECItem that holds DER encoded OID.
- * "pOID"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OID_CreateBySECItem(
- SECItem *derOid,
- PKIX_PL_OID **pOID,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_BigInt_Create
- * DESCRIPTION:
- *
- * Creates a new BigInt using the source String pointed to by "stringRep" and
- * stores it at "pBigInt". Valid source Strings consist of an even number of
- * hexadecimal digits, which are always interpreted as a positive number.
- * Once created, a BigInt is immutable.
- *
- * The regexp format is:
- * HexDigit ::= [0-9] | [A-F] | [a-f]
- * DoubleHex ::= HexDigit HexDigit
- * BigIntSrc ::= (DoubleHex)+
- *
- * Note that since we are using DoubleHex, the number of characters in the
- * source MUST be even. Additionally, the first DoubleHex MUST NOT be "00"
- * unless it is the only DoubleHex.
- *
- * Valid : "09"
- * Valid : "00" (special case where first and only DoubleHex is "00")
- * Invalid: "9" (not DoubleHex: odd number of characters)
- * Invalid: "0009" (first DoubleHex is "00")
- *
- * XXX Why does this take a String object while OID_Create takes a char* ?
- * Perhaps because OID_Create is often used with constant strings and
- * this function isn't. That's a good reason, but we should explain it
- * (if it's right)
- * PARAMETERS:
- * "stringRep"
- * Address of String representing a BigInt. Must be non-NULL.
- * "pBigInt"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a BigInt Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_BigInt_Create(
- PKIX_PL_String *stringRep,
- PKIX_PL_BigInt **pBigInt,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-/*
- * FUNCTION: PKIX_PL_GetPLErrorCode
- * DESCRIPTION:
- *
- * Returns error code from PL layer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * PL layer error code.
- */
-int
-PKIX_PL_GetPLErrorCode();
-
-#endif /* _LIBPKIX_SYSTEM_H */
diff --git a/security/nss/lib/libpkix/include/pkix_results.h b/security/nss/lib/libpkix/include/pkix_results.h
deleted file mode 100755
index ea9e77883..000000000
--- a/security/nss/lib/libpkix/include/pkix_results.h
+++ /dev/null
@@ -1,458 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the results used
- * by the top-level functions.
- *
- */
-
-#ifndef _PKIX_RESULTS_H
-#define _PKIX_RESULTS_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-/* PKIX_ValidateResult
- *
- * PKIX_ValidateResult represents the result of a PKIX_ValidateChain call. It
- * consists of the valid policy tree and public key resulting from validation,
- * as well as the trust anchor used for this chain. Once created, a
- * ValidateResult object is immutable.
- */
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetPolicyTree
- * DESCRIPTION:
- *
- * Retrieves the PolicyNode component (representing the valid_policy_tree)
- * from the ValidateResult object pointed to by "result" and stores it at
- * "pPolicyTree".
- *
- * PARAMETERS:
- * "result"
- * Address of ValidateResult whose policy tree is to be stored. Must be
- * non-NULL.
- * "pPolicyTree"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateResult_GetPolicyTree(
- PKIX_ValidateResult *result,
- PKIX_PolicyNode **pPolicyTree,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetPublicKey
- * DESCRIPTION:
- *
- * Retrieves the PublicKey component (representing the valid public_key) of
- * the ValidateResult object pointed to by "result" and stores it at
- * "pPublicKey".
- *
- * PARAMETERS:
- * "result"
- * Address of ValidateResult whose public key is to be stored.
- * Must be non-NULL.
- * "pPublicKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateResult_GetPublicKey(
- PKIX_ValidateResult *result,
- PKIX_PL_PublicKey **pPublicKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetTrustAnchor
- * DESCRIPTION:
- *
- * Retrieves the TrustAnchor component (representing the trust anchor used
- * during chain validation) of the ValidateResult object pointed to by
- * "result" and stores it at "pTrustAnchor".
- *
- * PARAMETERS:
- * "result"
- * Address of ValidateResult whose trust anchor is to be stored.
- * Must be non-NULL.
- * "pTrustAnchor"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateResult_GetTrustAnchor(
- PKIX_ValidateResult *result,
- PKIX_TrustAnchor **pTrustAnchor,
- void *plContext);
-
-/* PKIX_BuildResult
- *
- * PKIX_BuildResult represents the result of a PKIX_BuildChain call. It
- * consists of a ValidateResult object, as well as the built and validated
- * CertChain. Once created, a BuildResult object is immutable.
- */
-
-/*
- * FUNCTION: PKIX_BuildResult_GetValidateResult
- * DESCRIPTION:
- *
- * Retrieves the ValidateResult component (representing the build's validate
- * result) of the BuildResult object pointed to by "result" and stores it at
- * "pResult".
- *
- * PARAMETERS:
- * "result"
- * Address of BuildResult whose ValidateResult component is to be stored.
- * Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_BuildResult_GetValidateResult(
- PKIX_BuildResult *result,
- PKIX_ValidateResult **pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_BuildResult_GetCertChain
- * DESCRIPTION:
- *
- * Retrieves the List of Certs (certChain) component (representing the built
- * and validated CertChain) of the BuildResult object pointed to by "result"
- * and stores it at "pChain".
- *
- * PARAMETERS:
- * "result"
- * Address of BuildResult whose CertChain component is to be stored.
- * Must be non-NULL.
- * "pChain"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_BuildResult_GetCertChain(
- PKIX_BuildResult *result,
- PKIX_List **pChain,
- void *plContext);
-
-/* PKIX_PolicyNode
- *
- * PKIX_PolicyNode represents a node in the policy tree returned in
- * ValidateResult. The policy tree is the same length as the validated
- * certificate chain and the nodes are associated with a particular depth
- * (corresponding to a particular certificate in the chain).
- * PKIX_ValidateResult_GetPolicyTree returns the root node of the valid policy
- * tree. Other nodes can be accessed using the getChildren and getParents
- * functions, and individual elements of a node can be accessed with the
- * appropriate gettors. Once created, a PolicyNode is immutable.
- */
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetChildren
- * DESCRIPTION:
- *
- * Retrieves the List of PolicyNodes representing the child nodes of the
- * Policy Node pointed to by "node" and stores it at "pChildren". If "node"
- * has no child nodes, this function stores an empty List at "pChildren".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose child nodes are to be stored.
- * Must be non-NULL.
- * "pChildren"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetChildren(
- PKIX_PolicyNode *node,
- PKIX_List **pChildren, /* list of PKIX_PolicyNode */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetParent
- * DESCRIPTION:
- *
- * Retrieves the PolicyNode representing the parent node of the PolicyNode
- * pointed to by "node" and stores it at "pParent". If "node" has no parent
- * node, this function stores NULL at "pParent".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose parent node is to be stored.
- * Must be non-NULL.
- * "pParent"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetParent(
- PKIX_PolicyNode *node,
- PKIX_PolicyNode **pParent,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetValidPolicy
- * DESCRIPTION:
- *
- * Retrieves the OID representing the valid policy of the PolicyNode pointed
- * to by "node" and stores it at "pValidPolicy".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose valid policy is to be stored.
- * Must be non-NULL.
- * "pValidPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetValidPolicy(
- PKIX_PolicyNode *node,
- PKIX_PL_OID **pValidPolicy,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
- * DESCRIPTION:
- *
- * Retrieves the List of CertPolicyQualifiers representing the policy
- * qualifiers associated with the PolicyNode pointed to by "node" and stores
- * it at "pQualifiers". If "node" has no policy qualifiers, this function
- * stores an empty List at "pQualifiers".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose policy qualifiers are to be stored.
- * Must be non-NULL.
- * "pQualifiers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetPolicyQualifiers(
- PKIX_PolicyNode *node,
- PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
- * DESCRIPTION:
- *
- * Retrieves the List of OIDs representing the expected policies associated
- * with the PolicyNode pointed to by "node" and stores it at "pExpPolicies".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose expected policies are to be stored.
- * Must be non-NULL.
- * "pExpPolicies"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetExpectedPolicies(
- PKIX_PolicyNode *node,
- PKIX_List **pExpPolicies, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_IsCritical
- * DESCRIPTION:
- *
- * Checks the criticality field of the PolicyNode pointed to by "node" and
- * stores the Boolean result at "pCritical".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose criticality field is examined.
- * Must be non-NULL.
- * "pCritical"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_IsCritical(
- PKIX_PolicyNode *node,
- PKIX_Boolean *pCritical,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetDepth
- * DESCRIPTION:
- *
- * Retrieves the depth component of the PolicyNode pointed to by "node" and
- * stores it at "pDepth".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose depth component is to be stored.
- * Must be non-NULL.
- * "pDepth"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetDepth(
- PKIX_PolicyNode *node,
- PKIX_UInt32 *pDepth,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_RESULTS_H */
diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h
deleted file mode 100755
index 261f7859e..000000000
--- a/security/nss/lib/libpkix/include/pkix_revchecker.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_RevocationChecker
- * type.
- *
- */
-
-#ifndef _PKIX_REVCHECKER_H
-#define _PKIX_REVCHECKER_H
-
-#include "pkixt.h"
-#include "pkix_pl_pki.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_RevocationChecker
- *
- * PKIX_RevocationChecker provides a standard way of revocation checking.
- * Caller should configure two set of tests(represented at lists of
- * RevocationMethod objects) to be performed on the leaf and on the rest of
- * the chain certificates.
- *
- * PKIX_RevocationMethods provide a standard way for the caller to insert
- * their own custom revocation checks to verify the revocation status of
- * certificates. This may be useful in many scenarios, including when the
- * caller wishes to use their own revocation checking mechanism instead of (or
- * in addition to) the default revocation checking mechanism provided by
- * libpkix, which uses CRLs and OCSP.
- *
- * Once the caller has created the RevocationMethod object(s), the caller
- * then specifies the RevocationMethod object(s) in a RevocationCheck object
- * and sets it into a ProcessingParams.
- */
-
-/*
- * FUNCTION: PKIX_RevocationChecker_Create
- * DESCRIPTION:
- *
- * Creates revocation checker object with a given flags.
- *
- * PARAMETERS:
- * "revDate"
- * Revocation will be checked at this date. Current date is taken if the
- * parameter is not specified.
- * "leafMethodListFlags"
- * Defines a set of method independent flags that will be used to check
- * revocation of the leaf cert in the chain.
- * "chainMethodListFlags"
- * Defines a set of method independent flags that will be used to check
- * revocation of the remaining certs in the chain.
- * "pChecker"
- * The return address of created checker.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a RevocationChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_RevocationChecker_Create(
- PKIX_UInt32 leafMethodListFlags,
- PKIX_UInt32 chainMethodListFlags,
- PKIX_RevocationChecker **pChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
- * DESCRIPTION:
- *
- * Creates revocation method object with given parameters and adds it
- * to revocation checker method list.
- *
- * PARAMETERS:
- * "revChecker"
- * Address of revocation checker structure.
- * "procParams"
- * Address of ProcessingParams used to initialize the checker.
- * Must be non-NULL.
- * "methodType"
- * Type of the method. Currently only two types are
- * supported: crl and ocsp. (See PKIX_RevocationMethodType enum).
- * "methodFlags"
- * Set of flags for the method.
- * "methodPriority"
- * Method priority. (0 corresponds to a highest priority)
- * "verificationFn"
- * User call back function that will perform validation of fetched
- * revocation information(new crl or ocsp response)
- * "isLeafMethod"
- * Boolean flag that if set to true indicates that the method should
- * should be used for leaf cert revocation test(false for chain set
- * methods).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a RevocationChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_RevocationChecker_CreateAndAddMethod(
- PKIX_RevocationChecker *revChecker,
- PKIX_ProcessingParams *params,
- PKIX_RevocationMethodType methodType,
- PKIX_UInt32 methodFlags,
- PKIX_UInt32 mathodPriority,
- PKIX_PL_VerifyCallback verificationFn,
- PKIX_Boolean isLeafMethod,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_RevocationChecker_Check
- * DESCRIPTION:
- *
- * Verifies revocation status of the certificate. Issuer cert is given to
- * be used in verification of revocation information. Performed verification
- * check depends on configured revocation methods(ocsp, crl. See
- * PKIX_RevocationChecker_CreateAndAddMethod function) and a point of chain
- * building process at which PKIX_RevocationChecker_Check was invoked.
- * For security reasons, the cert status is checked only against cached
- * revocation information during chain building stage(no trust anchor yes has
- * been found). The fresh revocation information fetching is done only at chain
- * verification stage after trust anchor was identified.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose revocation status is to be determined.
- * Must be non-NULL.
- * "issuer"
- * Issuer cert that potentially holds public key that will be used
- * to verify revocation info.
- * "revChecker"
- * Address of revocation checker structure.
- * "procParams"
- * Address of ProcessingParams used to initialize the checker.
- * Must be non-NULL.
- * "chainVerificationState"
- * Need to be set to true, if the check was called during chain verification
- * as an opposite to chain building.
- * "testingLeafCert"
- * Set to true if verifying revocation status of a leaf cert.
- * "revStatus"
- * Address of the returned revocation status of the cert.
- * "pResultCode"
- * Address where revocation status will be stored. Must be non-NULL.
- * "pNBIOContext"
- * Address at which platform-dependent non-blocking I/O context is stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a RevocationChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_RevocationChecker_Check(PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_RevocationChecker *revChecker,
- PKIX_ProcessingParams *procParams,
- PKIX_Boolean chainVerificationState,
- PKIX_Boolean testingLeafCert,
- PKIX_RevocationStatus *revStatus,
- PKIX_UInt32 *pReasonCode,
- void **pNbioContext,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_REVCHECKER_H */
diff --git a/security/nss/lib/libpkix/include/pkix_sample_modules.h b/security/nss/lib/libpkix/include/pkix_sample_modules.h
deleted file mode 100755
index c0c6098ce..000000000
--- a/security/nss/lib/libpkix/include/pkix_sample_modules.h
+++ /dev/null
@@ -1,451 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with CertStore types.
- *
- */
-
-
-#ifndef _PKIX_SAMPLEMODULES_H
-#define _PKIX_SAMPLEMODULES_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_PL_CollectionCertStore
- *
- * A PKIX_CollectionCertStore provides an example for showing how to retrieve
- * certificates and CRLs from a repository, such as a directory in the system.
- * It is expected the directory is an absolute directory which contains CRL
- * and Cert data files. CRL files are expected to have the suffix of .crl
- * and Cert files are expected to have the suffix of .crt .
- *
- * Once the caller has created the CollectionCertStoreContext object, the caller
- * then can call pkix_pl_CollectionCertStore_GetCert or
- * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or
- * PKIX_PL_CRL objects, respectively.
- */
-
-/*
- * FUNCTION: PKIX_PL_CollectionCertStore_Create
- * DESCRIPTION:
- *
- * Creates a new CollectionCertStore and returns it at
- * "pColCertStore".
- *
- * PARAMETERS:
- * "storeDir"
- * The absolute path where *.crl files are located.
- * "pColCertStoreContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CollectionCertStore_Create(
- PKIX_PL_String *storeDir,
- PKIX_CertStore **pCertStore,
- void *plContext);
-
-/* PKIX_PL_PK11CertStore
- *
- * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11
- * database. The directory that contains the cert8.db, key3.db, and secmod.db
- * files that comprise a PKCS11 database are specified in NSS initialization.
- *
- * Once the caller has created the Pk11CertStore object, the caller can call
- * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain
- * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
- */
-
-/*
- * FUNCTION: PKIX_PL_Pk11CertStore_Create
- * DESCRIPTION:
- *
- * Creates a new Pk11CertStore and returns it at "pPk11CertStore".
- *
- * PARAMETERS:
- * "pPk11CertStore"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Pk11CertStore_Create(
- PKIX_CertStore **pPk11CertStore,
- void *plContext);
-
-/* PKIX_PL_LdapCertStore
- *
- * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
- * over a socket connection. It used the LDAP protocol as described in RFC1777.
- *
- * Once the caller has created the LdapCertStore object, the caller can call
- * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain
- * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
- */
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_Create
- * DESCRIPTION:
- *
- * Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr",
- * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
- * and stores the address of the default LdapClient at "pClient".
- *
- * At the time of this version, there are unresolved questions about the LDAP
- * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
- * clear whether they are appropriate to this application. We have tested only
- * using servers that do not expect authentication, and that reject BIND
- * messages. It is not clear what values might be appropriate for the bindname
- * and authentication fields, which are currently implemented as char strings
- * supplied by the caller. (If this changes, the API and possibly the templates
- * will have to change.) Therefore the Client_Create API contains a BindAPI
- * structure, a union, which will have to be revised and extended when this
- * area of the protocol is better understood.
- *
- * PARAMETERS:
- * "sockaddr"
- * Address of the PRNetAddr to be used for the socket connection. Must be
- * non-NULL.
- * "timeout"
- * The PRIntervalTime value to be used as a timeout value in socket calls;
- * a zero value indicates non-blocking I/O is to be used.
- * "bindAPI"
- * The address of a BindAPI to be used if a BIND message is required. If
- * this argument is NULL, no Bind (or Unbind) will be sent.
- * "pClient"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_Create(
- PRNetAddr *sockaddr,
- PRIntervalTime timeout,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
- * DESCRIPTION:
- *
- * Creates an LdapDefaultClient using the hostname poined to by "hostname",
- * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
- * and stores the address of the default LdapClient at "pClient".
- *
- * At the time of this version, there are unresolved questions about the LDAP
- * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
- * clear whether they are appropriate to this application. We have tested only
- * using servers that do not expect authentication, and that reject BIND
- * messages. It is not clear what values might be appropriate for the bindname
- * and authentication fields, which are currently implemented as char strings
- * supplied by the caller. (If this changes, the API and possibly the templates
- * will have to change.) Therefore the Client_Create API contains a BindAPI
- * structure, a union, which will have to be revised and extended when this
- * area of the protocol is better understood.
- *
- * PARAMETERS:
- * "hostname"
- * Address of the hostname to be used for the socket connection. Must be
- * non-NULL.
- * "timeout"
- * The PRIntervalTime value to be used as a timeout value in socket calls;
- * a zero value indicates non-blocking I/O is to be used.
- * "bindAPI"
- * The address of a BindAPI to be used if a BIND message is required. If
- * this argument is NULL, no Bind (or Unbind) will be sent.
- * "pClient"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_CreateByName(
- char *hostname,
- PRIntervalTime timeout,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_LdapCertStore_Create
- * DESCRIPTION:
- *
- * Creates a new LdapCertStore using the LdapClient pointed to by "client",
- * and stores the address of the CertStore at "pCertStore".
- *
- * PARAMETERS:
- * "client"
- * Address of the LdapClient to be used. Must be non-NULL.
- * "pCertStore"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapCertStore_Create(
- PKIX_PL_LdapClient *client,
- PKIX_CertStore **pCertStore,
- void *plContext);
-
-/* PKIX_PL_NssContext
- *
- * A PKIX_PL_NssContext provides an example showing how the "plContext"
- * argument, that is part of every libpkix function call, can be used.
- * The "plContext" is the Portability Layer Context, which can be used
- * to communicate layer-specific information from the application to the
- * underlying Portability Layer (while bypassing the Portable Code, which
- * blindly passes the plContext on to every function call).
- *
- * In this case, NSS serves as both the application and the Portability Layer.
- * We define an NSS-specific structure, which includes an arena and a number
- * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument,
- * wincx, is used on Windows platforms for PKCS11 access, and should be set to
- * NULL for other platforms.
- * Before calling any of the libpkix functions, the caller should create the NSS
- * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context
- * as the "plContext" argument in every libpkix function call the caller makes.
- * When the caller is finished using the NSS context (usually just after he
- * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to
- * free the NSS context structure.
- */
-
-/*
- * FUNCTION: PKIX_PL_NssContext_Create
- * DESCRIPTION:
- *
- * Creates a new NssContext using the certificate usage(s) specified by
- * "certUsage" and stores it at "pNssContext". This function also internally
- * creates an arena and stores it as part of the NssContext structure. Unlike
- * most other libpkix API functions, this function does not take a "plContext"
- * parameter.
- *
- * PARAMETERS:
- * "certUsage"
- * The desired SECCertificateUsage(s).
- * "useNssArena"
- * Boolean flag indicates NSS Arena is used for memory allocation.
- * "wincx"
- * A Windows-dependent pointer for PKCS11 token handling.
- * "pNssContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_Create(
- PKIX_UInt32 certificateUsage,
- PKIX_Boolean useNssArena,
- void *wincx,
- void **pNssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_Destroy
- * DESCRIPTION:
- *
- * Frees the structure pointed to by "nssContext" along with any of its
- * associated memory. Unlike most other libpkix API functions, this function
- * does not take a "plContext" parameter.
- *
- * PARAMETERS:
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_Destroy(
- void *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetTimeout
- * DESCRIPTION:
- *
- * Sets IO timeout for network operations like OCSP response and cert
- * fetching.
- *
- * PARAMETERS:
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
- * DESCRIPTION:
- *
- * Sets maximum responce length allowed during network IO operations.
- *
- * PARAMETERS:
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
- * DESCRIPTION:
- *
- * Sets user defined timeout between attempts to load crl using
- * CRLDP.
- *
- * PARAMETERS:
- * "delaySeconds"
- * Reload delay in seconds.
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds,
- PKIX_PL_NssContext *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
- * DESCRIPTION:
- *
- * Sets user defined timeout between attempts to load crls
- * that failed to decode.
- *
- * PARAMETERS:
- * "delaySeconds"
- * Reload delay in seconds.
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds,
- PKIX_PL_NssContext *nssContext);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_SAMPLEMODULES_H */
diff --git a/security/nss/lib/libpkix/include/pkix_util.h b/security/nss/lib/libpkix/include/pkix_util.h
deleted file mode 100755
index 619c9c05d..000000000
--- a/security/nss/lib/libpkix/include/pkix_util.h
+++ /dev/null
@@ -1,974 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * These functions provide support for a number of other functions
- * by creating and manipulating data structures used by those functions.
- *
- */
-
-#ifndef _PKIX_UTIL_H
-#define _PKIX_UTIL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_Logger
- *
- * PKIX_Loggers provide a standard way for the caller to insert custom logging
- * facilities. These are used by libpkix to log errors, debug information,
- * status, etc. The LogCallback allows custom logging to take place.
- * Additionally, a Logger can be initialized with a loggerContext, which is
- * where the caller can specify configuration data such as the name of a
- * logfile or database. Note that this loggerContext must be a PKIX_PL_Object,
- * allowing it to be reference-counted and allowing it to provide the standard
- * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
- *
- * Once the caller has created the Logger object(s) (and set the loggerContext
- * (if any) and the Log callback), the caller then registers these Loggers
- * with the system by calling PKIX_SetLoggers or PKIX_AddLogger. All log
- * entries will then be logged using the specified Loggers. If multiple
- * Loggers are specified, every log entry will be logged with each of them.
- *
- * XXX Maybe give some guidance somewhere on how much detail each logging
- * level should have and where component boundaries should be. Maybe in
- * Implementor's Guide or Programmer's Guide.
- */
-
-#define PKIX_LOGGER_LEVEL_TRACE 5
-#define PKIX_LOGGER_LEVEL_DEBUG 4
-#define PKIX_LOGGER_LEVEL_WARNING 3
-#define PKIX_LOGGER_LEVEL_ERROR 2
-#define PKIX_LOGGER_LEVEL_FATALERROR 1
-
-#define PKIX_LOGGER_LEVEL_MAX 5
-
-/*
- * FUNCTION: PKIX_Logger_LogCallback
- * DESCRIPTION:
- *
- * This callback function logs a log entry containing the String pointed to
- * by "message", the integer value of logLevel, and the String pointed to by
- * "logComponent". A log entry can be associated with a particular log
- * level (i.e. level 3) and a particular log component (i.e. "CertStore").
- * For example, someone reading the log may only be interested in very general
- * log entries so they look only for log level 1. Similarly, they may only be
- * interested in log entries pertaining to the CertStore component so they
- * look only for that log component. This function can be used before calling
- * PKIX_Initialize.
- *
- * PARAMETERS:
- * "logger"
- * Address of logger whose LogCallback is to be used. Must be non-NULL.
- * "message"
- * Address of String that is to be logged used "logger". Must be non-NULL.
- * "logLevel"
- * Integer value representing the log level for this entry. The higher the
- * level, the more detail. Must be non-NULL.
- * "logComponent"
- * PKIXERRORNUM value (defined in pkixt.h) designating the log component
- * for this entry.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_Logger_LogCallback)(
- PKIX_Logger *logger,
- PKIX_PL_String *message,
- PKIX_UInt32 logLevel,
- PKIX_ERRORCLASS logComponent,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_Create
- * DESCRIPTION:
- *
- * Creates a new Logger using the Object pointed to by "loggerContext"
- * (if any) and stores it at "pLogger". The new Logger uses the LogCallback
- * pointed to by "callback". The Logger's maximum logging level is initially
- * set to a very high level and its logging component is set to NULL (all
- * components).
- *
- * PARAMETERS:
- * "callback"
- * The LogCallback function to be used. Must be non-NULL.
- * "loggerContext"
- * Address of Object representing the Logger's context (if any).
- * "pLogger"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_Create(
- PKIX_Logger_LogCallback callback,
- PKIX_PL_Object *loggerContext,
- PKIX_Logger **pLogger,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetLogCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "logger's" Log callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose Log callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Log callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetLogCallback(
- PKIX_Logger *logger,
- PKIX_Logger_LogCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggerContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the Logger pointed to by "logger" and stores it at "pLoggerContext".
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose context is to be stored. Must be non-NULL.
- * "pLoggerContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetLoggerContext(
- PKIX_Logger *logger,
- PKIX_PL_Object **pLoggerContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetMaxLoggingLevel
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_UInt32 representing the maximum logging
- * level of the Logger pointed to by "logger" and stores it at "pLevel". Only
- * log entries whose log level is less than or equal to this maximum logging
- * level will be logged.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose maximum logging level is to be stored.
- * Must be non-NULL.
- * "pLevel"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetMaxLoggingLevel(
- PKIX_Logger *logger,
- PKIX_UInt32 *pLevel,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_SetMaxLoggingLevel
- * DESCRIPTION:
- *
- * Sets the maximum logging level of the Logger pointed to by "logger" with
- * the integer value of "level".
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose maximum logging level is to be set.
- * Must be non-NULL.
- * "level"
- * Maximum logging level to be set
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "logger"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_SetMaxLoggingLevel(
- PKIX_Logger *logger,
- PKIX_UInt32 level,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggingComponent
- * DESCRIPTION:
- *
- * Retrieves a pointer to a String representing the logging component of the
- * Logger pointed to by "logger" and stores it at "pComponent". Only log
- * entries whose log component matches the specified logging component will
- * be logged.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose logging component is to be stored.
- * Must be non-NULL.
- * "pComponent"
- * Address where PKIXERRORNUM will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetLoggingComponent(
- PKIX_Logger *logger,
- PKIX_ERRORCLASS *pComponent,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_SetLoggingComponent
- * DESCRIPTION:
- *
- * Sets the logging component of the Logger pointed to by "logger" with the
- * PKIXERRORNUM pointed to by "component". To match a small set of components,
- * create a Logger for each.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose logging component is to be set.
- * Must be non-NULL.
- * "component"
- * PKIXERRORNUM value representing logging component to be set.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "logger"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_SetLoggingComponent(
- PKIX_Logger *logger,
- PKIX_ERRORCLASS component,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_GetLoggers
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of Loggers (if any) being used for logging
- * by libpkix and stores it at "pLoggers". If no loggers are being used, this
- * function stores an empty List at "pLoggers".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "pLoggers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_GetLoggers(
- PKIX_List **pLoggers, /* list of PKIX_Logger */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_SetLoggers
- * DESCRIPTION:
- *
- * Sets the Loggers to be used by libpkix to the List of Loggers pointed to
- * by "loggers". If "loggers" is NULL, no Loggers will be used.
- *
- * PARAMETERS:
- * "loggers"
- * Address of List of Loggers to be set. NULL for no Loggers.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_SetLoggers(
- PKIX_List *loggers, /* list of PKIX_Logger */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_AddLogger
- * DESCRIPTION:
- *
- * Adds the Logger pointed to by "logger" to the List of Loggers used by
- * libpkix.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger to be added. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_AddLogger(
- PKIX_Logger *logger,
- void *plContext);
-
-/* Functions pertaining to the PKIX_Error type */
-
-/* Error
- *
- * An Error object is returned by a function upon encountering some error
- * condition. Each Error is associated with an errorCode specified in pkixt.h.
- * The remaining components of an Error are optional. An Error's description
- * specifies a text message describing the Error. An Error's supplementary info
- * specifies additional information that might be useful. Finally, an Error's
- * cause specifies the underlying Error (if any) that resulted in this Error
- * being returned, thereby allowing Errors to be chained so that an entire
- * "error stack trace" can be represented. Once created, an Error is immutable.
- *
- * Note that the Error's supplementary info must be an Object (although any
- * object type), allowing it to be reference-counted and allowing it to
- * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
- * Duplicate).
- *
- * Errors are classified as either being fatal or non-fatal. If a function
- * fails in an unrecoverable way, it returns an Error whose errorCode is
- * PKIX_FATAL_ERROR. If such an error is encountered, the caller should
- * not attempt to recover since something seriously wrong has happened
- * (e.g. corrupted memory, memory finished, etc.). All other errorCodes
- * are considered non-fatal errors and can be handled by the caller as they
- * see fit.
- */
-
-/*
- * FUNCTION: PKIX_Error_Create
- * DESCRIPTION:
- *
- * Creates a new Error using the value of "errorCode", the Error pointed to by
- * "cause" (if any), the Object pointed to by "info" (if any), and the String
- * pointed to by "desc" and stores it at "pError". If any error occurs during
- * error allocation, it will be returned without chaining, since new errors
- * cannot be created. Once created, an Error is immutable.
- *
- * PARAMETERS:
- * "errorCode"
- * Value of error code.
- * "cause"
- * Address of Error representing error's cause.
- * NULL if none or unspecified.
- * "info"
- * Address of Object representing error's supplementary information.
- * NULL if none.
- * "desc"
- * Address of String representing error's description. NULL if none.
- * "pError"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_Create(
- PKIX_ERRORCLASS errClass,
- PKIX_Error *cause,
- PKIX_PL_Object *info,
- PKIX_ERRORCODE errCode,
- PKIX_Error **pError,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetErrorClass
- * DESCRIPTION:
- *
- * Retrieves the error class of the Error pointed to by "error" and
- * stores it at "pClass". Supported error codes are defined in pkixt.h.
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose error code is desired. Must be non-NULL.
- * "pClass"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetErrorClass(
- PKIX_Error *error,
- PKIX_ERRORCLASS *pClass,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetErrorCode
- * DESCRIPTION:
- *
- * Retrieves the error code of the Error pointed to by "error" and
- * stores it at "pCode". Supported error codes are defined in pkixt.h.
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose error code is desired. Must be non-NULL.
- * "pCode"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetErrorCode(
- PKIX_Error *error,
- PKIX_ERRORCODE *pCode,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetCause
- * DESCRIPTION:
- *
- * Retrieves the cause of the Error pointed to by "error" and stores it at
- * "pCause". If no cause was specified, NULL will be stored at "pCause".
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose cause is desired. Must be non-NULL.
- * "pCause"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetCause(
- PKIX_Error *error,
- PKIX_Error **pCause,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetSupplementaryInfo
- * DESCRIPTION:
- *
- * Retrieves the supplementary info of the Error pointed to by "error" and
- * stores it at "pInfo".
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose info is desired. Must be non-NULL.
- * "pInfo"
- * Address where info pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetSupplementaryInfo(
- PKIX_Error *error,
- PKIX_PL_Object **pInfo,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetDescription
- * DESCRIPTION:
- *
- * Retrieves the description of the Error pointed to by "error" and stores it
- * at "pDesc". If no description was specified, NULL will be stored at
- * "pDesc".
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose description is desired. Must be non-NULL.
- * "pDesc"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetDescription(
- PKIX_Error *error,
- PKIX_PL_String **pDesc,
- void *plContext);
-
-/* PKIX_List
- *
- * Represents a collection of items. NULL is considered a valid item.
- */
-
-/*
- * FUNCTION: PKIX_List_Create
- * DESCRIPTION:
- *
- * Creates a new List and stores it at "pList". The List is initially empty
- * and holds no items. To initially add items to the List, use
- * PKIX_List_AppendItem
- *
- * PARAMETERS:
- * "pList"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_Create(
- PKIX_List **pList,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_SetImmutable
- * DESCRIPTION:
- *
- * Sets the List pointed to by "list" to be immutable. If a caller tries to
- * change a List after it has been marked immutable (i.e. by calling
- * PKIX_List_AppendItem, PKIX_List_InsertItem, PKIX_List_SetItem, or
- * PKIX_List_DeleteItem), an Error is returned.
- *
- * PARAMETERS:
- * "list"
- * Address of List to be marked immutable. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_SetImmutable(
- PKIX_List *list,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_IsImmutable
- * DESCRIPTION:
- *
- * Checks whether the List pointed to by "list" is immutable and stores
- * the Boolean result at "pImmutable". If a caller tries to change a List
- * after it has been marked immutable (i.e. by calling PKIX_List_AppendItem,
- * PKIX_List_InsertItem, PKIX_List_SetItem, or PKIX_List_DeleteItem), an
- * Error is returned.
- *
- * PARAMETERS:
- * "list"
- * Address of List whose immutability is to be determined.
- * Must be non-NULL.
- * "pImmutable"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_IsImmutable(
- PKIX_List *list,
- PKIX_Boolean *pImmutable,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_GetLength
- * DESCRIPTION:
- *
- * Retrieves the length of the List pointed to by "list" and stores it at
- * "pLength".
- *
- * PARAMETERS:
- * "list"
- * Address of List whose length is desired. Must be non-NULL.
- * "pLength"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_GetLength(
- PKIX_List *list,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_IsEmpty
- * DESCRIPTION:
- *
- * Checks whether the List pointed to by "list" is empty and stores
- * the Boolean result at "pEmpty".
- *
- * PARAMETERS:
- * "list"
- * Address of List whose emptiness is to be determined. Must be non-NULL.
- * "pEmpty"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_IsEmpty(
- PKIX_List *list,
- PKIX_Boolean *pEmpty,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_AppendItem
- * DESCRIPTION:
- *
- * Appends the Object pointed to by "item" after the last non-NULL item in
- * List pointed to by "list", if any. Note that a List may validly contain
- * NULL items. Appending "c" into the List ("a", NULL, "b", NULL) will result
- * in ("a", NULL, "b", "c").
- *
- * PARAMETERS:
- * "list"
- * Address of List to append to. Must be non-NULL.
- * "item"
- * Address of new item to append.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_AppendItem(
- PKIX_List *list,
- PKIX_PL_Object *item,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_InsertItem
- * DESCRIPTION:
- *
- * Inserts the Object pointed to by "item" into the List pointed to by "list"
- * at the given "index". The index counts from zero and must be less than the
- * List's length. Existing list entries at or after this index will be moved
- * to the next highest index.
- *
- * XXX why not allow equal to length which would be equivalent to AppendItem?
- *
- * PARAMETERS:
- * "list"
- * Address of List to insert into. Must be non-NULL.
- * "index"
- * Position to insert into. Must be less than List's length.
- * "item"
- * Address of new item to append.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_InsertItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object *item,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_GetItem
- * DESCRIPTION:
- *
- * Copies the "list"'s item at "index" into "pItem". The index counts from
- * zero and must be less than the list's length. Increments the reference
- * count on the returned object, if non-NULL.
- *
- * PARAMETERS:
- * "list"
- * Address of List to get item from. Must be non-NULL.
- * "index"
- * Index of list to get item from. Must be less than List's length.
- * "pItem"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_GetItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object **pItem,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_SetItem
- * DESCRIPTION:
- *
- * Sets the item at "index" of the List pointed to by "list" with the Object
- * pointed to by "item". The index counts from zero and must be less than the
- * List's length. The previous entry at this index will have its reference
- * count decremented and the new entry will have its reference count
- * incremented.
- *
- * PARAMETERS:
- * "list"
- * Address of List to modify. Must be non-NULL.
- * "index"
- * Position in List to set. Must be less than List's length.
- * "item"
- * Address of Object to set at "index".
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_SetItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object *item,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_DeleteItem
- *
- * Deletes the item at "index" from the List pointed to by "list". The index
- * counts from zero and must be less than the List's length. Note that this
- * function does not destroy the List. It simply decrements the reference
- * count of the item at "index" in the List, deletes that item from the list
- * and moves all subsequent entries to a lower index in the list. If there is
- * only a single element in the List and that element is deleted, then the
- * List will be empty.
- *
- * PARAMETERS:
- * "list"
- * Address of List to delete from. Must be non-NULL.
- * "index"
- * Position in List to delete. Must be less than List's length.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_DeleteItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_ReverseList
- * DESCRIPTION:
- *
- * Creates a new List whose elements are in the reverse order as the elements
- * of the Object pointed to by "list" and stores the copy at "pReversedList".
- * If "list" is empty, the new reversed List will be a copy of "list".
- * Changes to the new object will not affect the original and vice versa.
- *
- * PARAMETERS:
- * "list"
- * Address of List whose elements are to be reversed. Must be non-NULL.
- * "pReversedList"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_ReverseList(
- PKIX_List *list,
- PKIX_List **pReversedList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_UTIL_H */
diff --git a/security/nss/lib/libpkix/include/pkixt.h b/security/nss/lib/libpkix/include/pkixt.h
deleted file mode 100755
index 2caa0d3a8..000000000
--- a/security/nss/lib/libpkix/include/pkixt.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- * Red Hat, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines the types in the libpkix API.
- * XXX Maybe we should specify the API version number in all API header files
- *
- */
-
-#ifndef _PKIXT_H
-#define _PKIXT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "secerr.h"
-
-/* Types
- *
- * This header file provides typedefs for the abstract types used by libpkix.
- * It also provides several useful macros.
- *
- * Note that all these abstract types are typedef'd as opaque structures. This
- * is intended to discourage the caller from looking at the contents directly,
- * since the format of the contents may change from one version of the library
- * to the next. Instead, callers should only access these types using the
- * functions defined in the public header files.
- *
- * An instance of an abstract type defined in this file is called an "object"
- * here, although C does not have real support for objects.
- *
- * Because C does not typically have automatic garbage collection, the caller
- * is expected to release the reference to any object that they create or that
- * is returned to them by a libpkix function. The caller should do this by
- * using the PKIX_PL_Object_DecRef function. Note that the caller should not
- * release the reference to an object if the object has been passed to a
- * libpkix function and that function has not returned.
- *
- * Please refer to libpkix Programmer's Guide for more details.
- */
-
-/* Version
- *
- * These macros specify the major and minor version of the libpkix API defined
- * by this header file.
- */
-
-#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0)
-#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3)
-
-/* Maximum minor version
- *
- * This macro is used to specify that the caller wants the largest minor
- * version available.
- */
-
-#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000)
-
-/* Define Cert Store type for database access */
-#define PKIX_STORE_TYPE_NONE 0
-#define PKIX_STORE_TYPE_PK11 1
-
-/* Portable Code (PC) data types
- *
- * These types are used to perform the primary operations of this library:
- * building and validating chains of X.509 certificates.
- */
-
-typedef struct PKIX_ErrorStruct PKIX_Error;
-typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
-typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
-typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
-typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
-typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
-typedef struct PKIX_CertStoreStruct PKIX_CertStore;
-typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
-typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
-typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
-typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
-typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
-typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
-typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
-typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
-typedef struct PKIX_LoggerStruct PKIX_Logger;
-typedef struct PKIX_ListStruct PKIX_List;
-typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
-typedef struct PKIX_DefaultRevocationCheckerStruct
- PKIX_DefaultRevocationChecker;
-typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
-
-/* Portability Layer (PL) data types
- *
- * These types are used are used as portable data types that are defined
- * consistently across platforms
- */
-
-typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;
-typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
-typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
-typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
-typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
-typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
-typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
-typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
-typedef struct PKIX_PL_StringStruct PKIX_PL_String;
-typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
-typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
-typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
-typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
-typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
-typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
-typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
-typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
-typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
-typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
-typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
-typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
-typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
-typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
-typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
-typedef struct PKIX_PL_CollectionCertStoreContext
- PKIX_PL_CollectionCertStoreContext;
-typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
-typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
-typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
-typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
-typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
-typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
-typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
-typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
-typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
-typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
-typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
-typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
-typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
-
-/* Primitive types
- *
- * In order to guarantee desired behavior as well as platform-independence, we
- * typedef these types depending on the platform. XXX This needs more work!
- */
-
-/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
- * We don't know what type is at least 32 bits long. ISO C probably requires
- * at least 32 bits for long. we could default to that and only list platforms
- * where that's not true.
- *
- * #elif
- * #error
- * #endif
- */
-
-/* currently, int is 32 bits on all our supported platforms */
-
-typedef unsigned int PKIX_UInt32;
-typedef int PKIX_Int32;
-
-typedef int PKIX_Boolean;
-
-/* Object Types
- *
- * Every reference-counted PKIX_PL_Object is associated with an integer type.
- */
-#define PKIX_TYPES \
- TYPEMACRO(AIAMGR), \
- TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
- TYPEMACRO(BIGINT), \
- TYPEMACRO(BUILDRESULT), \
- TYPEMACRO(BYTEARRAY), \
- TYPEMACRO(CERT), \
- TYPEMACRO(CERTBASICCONSTRAINTS), \
- TYPEMACRO(CERTCHAINCHECKER), \
- TYPEMACRO(CERTNAMECONSTRAINTS), \
- TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
- TYPEMACRO(CERTPOLICYCHECKERSTATE), \
- TYPEMACRO(CERTPOLICYINFO), \
- TYPEMACRO(CERTPOLICYMAP), \
- TYPEMACRO(CERTPOLICYNODE), \
- TYPEMACRO(CERTPOLICYQUALIFIER), \
- TYPEMACRO(CERTSELECTOR), \
- TYPEMACRO(CERTSTORE), \
- TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
- TYPEMACRO(COMCERTSELPARAMS), \
- TYPEMACRO(COMCRLSELPARAMS), \
- TYPEMACRO(CRL), \
- TYPEMACRO(CRLDP), \
- TYPEMACRO(CRLENTRY), \
- TYPEMACRO(CRLSELECTOR), \
- TYPEMACRO(DATE), \
- TYPEMACRO(CRLCHECKER), \
- TYPEMACRO(EKUCHECKER), \
- TYPEMACRO(ERROR), \
- TYPEMACRO(FORWARDBUILDERSTATE), \
- TYPEMACRO(GENERALNAME), \
- TYPEMACRO(HASHTABLE), \
- TYPEMACRO(HTTPCERTSTORECONTEXT), \
- TYPEMACRO(HTTPDEFAULTCLIENT), \
- TYPEMACRO(INFOACCESS), \
- TYPEMACRO(LDAPDEFAULTCLIENT), \
- TYPEMACRO(LDAPREQUEST), \
- TYPEMACRO(LDAPRESPONSE), \
- TYPEMACRO(LIST), \
- TYPEMACRO(LOGGER), \
- TYPEMACRO(MONITORLOCK), \
- TYPEMACRO(MUTEX), \
- TYPEMACRO(OBJECT), \
- TYPEMACRO(OCSPCERTID), \
- TYPEMACRO(OCSPCHECKER), \
- TYPEMACRO(OCSPREQUEST), \
- TYPEMACRO(OCSPRESPONSE), \
- TYPEMACRO(OID), \
- TYPEMACRO(REVOCATIONCHECKER), \
- TYPEMACRO(PROCESSINGPARAMS), \
- TYPEMACRO(PUBLICKEY), \
- TYPEMACRO(RESOURCELIMITS), \
- TYPEMACRO(RWLOCK), \
- TYPEMACRO(SIGNATURECHECKERSTATE), \
- TYPEMACRO(SOCKET), \
- TYPEMACRO(STRING), \
- TYPEMACRO(TARGETCERTCHECKERSTATE), \
- TYPEMACRO(TRUSTANCHOR), \
- TYPEMACRO(VALIDATEPARAMS), \
- TYPEMACRO(VALIDATERESULT), \
- TYPEMACRO(VERIFYNODE), \
- TYPEMACRO(X500NAME)
-
-#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
-
-typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */
- PKIX_TYPES,
- PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */
-} PKIX_TYPENUM;
-
-
-#ifdef PKIX_USER_OBJECT_TYPE
-
-/* User Define Object Types
- *
- * User may define their own object types offset from PKIX_USER_OBJECT_TYPE
- */
-#define PKIX_USER_OBJECT_TYPEBASE 1000
-
-#endif /* PKIX_USER_OBJECT_TYPE */
-
-/* Error Codes
- *
- * This list is used to define a set of PKIX_Error exception class numbers.
- * ERRMACRO is redefined to produce a corresponding set of
- * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in
- * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
- * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is
- * initialized in pkix_error.c with the value "MUTEX".
- */
-#define PKIX_ERRORCLASSES \
- ERRMACRO(AIAMGR), \
- ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
- ERRMACRO(BIGINT), \
- ERRMACRO(BUILD), \
- ERRMACRO(BUILDRESULT), \
- ERRMACRO(BYTEARRAY), \
- ERRMACRO(CERT), \
- ERRMACRO(CERTBASICCONSTRAINTS), \
- ERRMACRO(CERTCHAINCHECKER), \
- ERRMACRO(CERTNAMECONSTRAINTS), \
- ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
- ERRMACRO(CERTPOLICYCHECKERSTATE), \
- ERRMACRO(CERTPOLICYINFO), \
- ERRMACRO(CERTPOLICYMAP), \
- ERRMACRO(CERTPOLICYNODE), \
- ERRMACRO(CERTPOLICYQUALIFIER), \
- ERRMACRO(CERTSELECTOR), \
- ERRMACRO(CERTSTORE), \
- ERRMACRO(CERTVFYPKIX), \
- ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
- ERRMACRO(COMCERTSELPARAMS), \
- ERRMACRO(COMCRLSELPARAMS), \
- ERRMACRO(CONTEXT), \
- ERRMACRO(CRL), \
- ERRMACRO(CRLDP), \
- ERRMACRO(CRLENTRY), \
- ERRMACRO(CRLSELECTOR), \
- ERRMACRO(CRLCHECKER), \
- ERRMACRO(DATE), \
- ERRMACRO(EKUCHECKER), \
- ERRMACRO(ERROR), \
- ERRMACRO(FATAL), \
- ERRMACRO(FORWARDBUILDERSTATE), \
- ERRMACRO(GENERALNAME), \
- ERRMACRO(HASHTABLE), \
- ERRMACRO(HTTPCERTSTORECONTEXT), \
- ERRMACRO(HTTPDEFAULTCLIENT), \
- ERRMACRO(INFOACCESS), \
- ERRMACRO(LDAPCLIENT), \
- ERRMACRO(LDAPDEFAULTCLIENT), \
- ERRMACRO(LDAPREQUEST), \
- ERRMACRO(LDAPRESPONSE), \
- ERRMACRO(LIFECYCLE), \
- ERRMACRO(LIST), \
- ERRMACRO(LOGGER), \
- ERRMACRO(MEM), \
- ERRMACRO(MONITORLOCK), \
- ERRMACRO(MUTEX), \
- ERRMACRO(OBJECT), \
- ERRMACRO(OCSPCERTID), \
- ERRMACRO(OCSPCHECKER), \
- ERRMACRO(OCSPREQUEST), \
- ERRMACRO(OCSPRESPONSE), \
- ERRMACRO(OID), \
- ERRMACRO(PROCESSINGPARAMS), \
- ERRMACRO(PUBLICKEY), \
- ERRMACRO(RESOURCELIMITS), \
- ERRMACRO(REVOCATIONMETHOD), \
- ERRMACRO(REVOCATIONCHECKER), \
- ERRMACRO(RWLOCK), \
- ERRMACRO(SIGNATURECHECKERSTATE), \
- ERRMACRO(SOCKET), \
- ERRMACRO(STRING), \
- ERRMACRO(TARGETCERTCHECKERSTATE), \
- ERRMACRO(TRUSTANCHOR), \
- ERRMACRO(USERDEFINEDMODULES), \
- ERRMACRO(VALIDATE), \
- ERRMACRO(VALIDATEPARAMS), \
- ERRMACRO(VALIDATERESULT), \
- ERRMACRO(VERIFYNODE), \
- ERRMACRO(X500NAME)
-
-#define ERRMACRO(type) PKIX_ ## type ## _ERROR
-
-typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */
- PKIX_ERRORCLASSES,
- PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */
-} PKIX_ERRORCLASS;
-
-/* Now define error strings (for internationalization) */
-
-#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name
-
-/* Define all the error numbers */
-typedef enum {
-#include "pkix_errorstrings.h"
-} PKIX_ERRORCODE;
-
-extern const char * const PKIX_ErrorText[];
-
-/* String Formats
- *
- * These formats specify supported encoding formats for Strings.
- */
-
-#define PKIX_ESCASCII 0
-#define PKIX_UTF8 1
-#define PKIX_UTF16 2
-#define PKIX_UTF8_NULL_TERM 3
-#define PKIX_ESCASCII_DEBUG 4
-
-/* Name Types
- *
- * These types specify supported formats for GeneralNames.
- */
-
-#define PKIX_OTHER_NAME 1
-#define PKIX_RFC822_NAME 2
-#define PKIX_DNS_NAME 3
-#define PKIX_X400_ADDRESS 4
-#define PKIX_DIRECTORY_NAME 5
-#define PKIX_EDIPARTY_NAME 6
-#define PKIX_URI_NAME 7
-#define PKIX_IP_NAME 8
-#define PKIX_OID_NAME 9
-
-/* Key Usages
- *
- * These types specify supported Key Usages
- */
-
-#define PKIX_DIGITAL_SIGNATURE 0x001
-#define PKIX_NON_REPUDIATION 0x002
-#define PKIX_KEY_ENCIPHERMENT 0x004
-#define PKIX_DATA_ENCIPHERMENT 0x008
-#define PKIX_KEY_AGREEMENT 0x010
-#define PKIX_KEY_CERT_SIGN 0x020
-#define PKIX_CRL_SIGN 0x040
-#define PKIX_ENCIPHER_ONLY 0x080
-#define PKIX_DECIPHER_ONLY 0x100
-
-/* Reason Flags
- *
- * These macros specify supported Reason Flags
- */
-
-#define PKIX_UNUSED 0x001
-#define PKIX_KEY_COMPROMISE 0x002
-#define PKIX_CA_COMPROMISE 0x004
-#define PKIX_AFFILIATION_CHANGED 0x008
-#define PKIX_SUPERSEDED 0x010
-#define PKIX_CESSATION_OF_OPERATION 0x020
-#define PKIX_CERTIFICATE_HOLD 0x040
-#define PKIX_PRIVILEGE_WITHDRAWN 0x080
-#define PKIX_AA_COMPROMISE 0x100
-
-/* Boolean values
- *
- * These macros specify the Boolean values of TRUE and FALSE
- * XXX Is it the case that any non-zero value is actually considered TRUE
- * and this is just a convenient mnemonic macro?
- */
-
-#define PKIX_TRUE ((PKIX_Boolean) 1)
-#define PKIX_FALSE ((PKIX_Boolean) 0)
-
-/*
- * Define constants for basic constraints selector
- * (see comments in pkix_certsel.h)
- */
-
-#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
-#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
-
-/*
- * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
- * object file. It is thrown if system memory cannot be allocated or may be
- * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
- * IncRef, DecRef and all Settor functions cannot be called.
- * XXX Does anyone actually need to know about this?
- * XXX Why no DecRef? Would be good to handle it the same.
- */
-
-PKIX_Error* PKIX_ALLOC_ERROR(void);
-
-/*
- * In a CertBasicConstraints extension, if the CA flag is set,
- * indicating the certificate refers to a Certification
- * Authority, then the pathLen field indicates how many intermediate
- * certificates (not counting self-signed ones) can exist in a valid
- * chain following this certificate. If the pathLen has the value
- * of this constant, then the length of the chain is unlimited
- */
-#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
-
-/*
- * Define Certificate Extension hard-coded OID's
- */
-#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN
-#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE
-#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME
-#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS
-#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE
-#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS
-#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES
-#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY
-#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS
-#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS
-#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE
-#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY
-#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE
-#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH
-#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH
-#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN
-#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT
-#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP
-#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER
-
-
-/* Available revocation method types. */
-typedef enum PKIX_RevocationMethodTypeEnum {
- PKIX_RevocationMethod_CRL = 0,
- PKIX_RevocationMethod_OCSP,
- PKIX_RevocationMethod_MAX
-} PKIX_RevocationMethodType;
-
-/* A set of statuses revocation checker operates on */
-typedef enum PKIX_RevocationStatusEnum {
- PKIX_RevStatus_NoInfo = 0,
- PKIX_RevStatus_Revoked,
- PKIX_RevStatus_Success
-} PKIX_RevocationStatus;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIXT_H */
View Lorry Controller Status