diff options
Diffstat (limited to 'security/nss/lib/libpkix/include')
17 files changed, 0 insertions, 14163 deletions
diff --git a/security/nss/lib/libpkix/include/Makefile b/security/nss/lib/libpkix/include/Makefile deleted file mode 100755 index a06b8bed4..000000000 --- a/security/nss/lib/libpkix/include/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -export:: private_export - diff --git a/security/nss/lib/libpkix/include/config.mk b/security/nss/lib/libpkix/include/config.mk deleted file mode 100755 index 6f3fb7b4b..000000000 --- a/security/nss/lib/libpkix/include/config.mk +++ /dev/null @@ -1,48 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - diff --git a/security/nss/lib/libpkix/include/manifest.mn b/security/nss/lib/libpkix/include/manifest.mn deleted file mode 100755 index 57163667c..000000000 --- a/security/nss/lib/libpkix/include/manifest.mn +++ /dev/null @@ -1,65 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -CORE_DEPTH = ../../../.. - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - pkix.h \ - pkix_crlsel.h \ - pkix_errorstrings.h \ - pkix_results.h \ - pkixt.h \ - pkix_certsel.h \ - pkix_params.h \ - pkix_revchecker.h \ - pkix_certstore.h \ - pkix_pl_pki.h \ - pkix_sample_modules.h \ - pkix_checker.h \ - pkix_pl_system.h \ - pkix_util.h \ - $(NULL) - -MODULE = nss - -CSRCS = \ - $(NULL) - -REQUIRES = dbm diff --git a/security/nss/lib/libpkix/include/pkix.h b/security/nss/lib/libpkix/include/pkix.h deleted file mode 100755 index 71acf2886..000000000 --- a/security/nss/lib/libpkix/include/pkix.h +++ /dev/null @@ -1,334 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines the public API for libpkix. These are the top-level - * functions in the library. They perform the primary operations of this - * library: building and validating chains of X.509 certificates. - * - */ - -#ifndef _PKIX_H -#define _PKIX_H - -#include "pkixt.h" -#include "pkix_util.h" -#include "pkix_results.h" -#include "pkix_certstore.h" -#include "pkix_certsel.h" -#include "pkix_crlsel.h" -#include "pkix_checker.h" -#include "pkix_revchecker.h" -#include "pkix_pl_system.h" -#include "pkix_pl_pki.h" -#include "pkix_params.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* - * FUNCTION: PKIX_Initialize - * DESCRIPTION: - * - * No PKIX_* types and functions should be used before this function is called - * and returns successfully. This function should only be called once. If it - * is called more than once, the behavior is undefined. - * - * NSS applications are expected to call NSS_Init, and need not know that - * NSS will call this function (with "platformInitNeeded" set to PKIX_FALSE). - * PKIX applications are expected instead to call this function with - * "platformInitNeeded" set to PKIX_TRUE. - * - * This function initializes data structures critical to the operation of - * libpkix. It also ensures that the API version (major.minor) desired by the - * caller (the "desiredMajorVersion", "minDesiredMinorVersion", and - * "maxDesiredMinorVersion") is compatible with the API version supported by - * the library. As such, the library must support the "desiredMajorVersion" - * of the API and must support a minor version that falls between - * "minDesiredMinorVersion" and "maxDesiredMinorVersion", inclusive. If - * compatibility exists, the function returns NULL and stores the library's - * actual minor version at "pActualMinorVersion" (which may be greater than - * "desiredMinorVersion"). If no compatibility exists, the function returns a - * PKIX_Error pointer. If the caller wishes to specify that the largest - * minor version available should be used, then maxDesiredMinorVersion should - * be set to the macro PKIX_MAX_MINOR_VERSION (defined in pkixt.h). - * - * PARAMETERS: - * "platformInitNeeded" - * Boolean indicating whether the platform layer initialization code - * has previously been run, or should be called from this function. - * "desiredMajorVersion" - * The major version of the libpkix API the application wishes to use. - * "minDesiredMinorVersion" - * The minimum minor version of the libpkix API the application wishes - * to use. - * "maxDesiredMinorVersion" - * The maximum minor version of the libpkix API the application wishes - * to use. - * "pActualMinorVersion" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "pPlContext" - * Address at which platform-specific context pointer is stored. Must - * be non-NULL. - * THREAD SAFETY: - * Not Thread Safe - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Initialize Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Initialize( - PKIX_Boolean platformInitNeeded, - PKIX_UInt32 desiredMajorVersion, - PKIX_UInt32 minDesiredMinorVersion, - PKIX_UInt32 maxDesiredMinorVersion, - PKIX_UInt32 *pActualMinorVersion, - void **pPlContext); - -/* - * FUNCTION: PKIX_Shutdown - * DESCRIPTION: - * - * This function deallocates any memory used by libpkix and shuts down any - * ongoing operations. This function should only be called once. If it is - * called more than once, the behavior is undefined. - * - * No PKIX_* types and functions should be used after this function is called - * and returns successfully. - * PARAMETERS: - * "plContext" - Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Shutdown(void *plContext); - -/* - * FUNCTION: PKIX_ValidateChain - * DESCRIPTION: - * - * This function attempts to validate the CertChain that has been set in the - * ValidateParams pointed to by "params" using an RFC 3280-compliant - * algorithm. If successful, this function returns NULL and stores the - * ValidateResult at "pResult", which holds additional information, such as - * the policy tree and the target's public key. If unsuccessful, an Error is - * returned. Note: This function does not currently support non-blocking I/O. - * - * If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which - * tracks the results of the validation. That is, either each node in the - * chain has a NULL Error component, or the last node contains an Error - * which indicates why the validation failed. - * - * PARAMETERS: - * "params" - * Address of ValidateParams used to validate CertChain. Must be non-NULL. - * "pResult" - * Address where object pointer will be stored. Must be non-NULL. - * "pVerifyTree" - * Address where a VerifyTree is stored, if non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (See Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Validate Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateChain( - PKIX_ValidateParams *params, - PKIX_ValidateResult **pResult, - PKIX_VerifyNode **pVerifyTree, - void *plContext); - -/* - * FUNCTION: PKIX_ValidateChain_NB - * DESCRIPTION: - * - * This function is the equivalent of PKIX_ValidateChain, except that it - * supports non-blocking I/O. When called with "pNBIOContext" pointing to NULL - * it initiates a new chain validation as in PKIX_ValidateChain, ignoring the - * value in all input variables except "params". If forced to suspend - * processing by a WOULDBLOCK return from some operation, such as a CertStore - * request, it stores the platform-dependent I/O context at "pNBIOContext" and - * stores other intermediate variables at "pCertIndex", "pAnchorIndex", - * "pCheckerIndex", "pRevChecking", and "pCheckers". - * - * When called subsequently with that non-NULL value at "pNBIOContext", it - * relies on those intermediate values to be untouched, and it resumes chain - * validation where it left off. Its behavior is undefined if any of the - * intermediate values was not preserved. - * - * PARAMETERS: - * "params" - * Address of ValidateParams used to validate CertChain. Must be non-NULL. - * "pCertIndex" - * The UInt32 value of the index to the Cert chain, indicating which Cert - * is currently being processed. - * "pAnchorIndex" - * The UInt32 value of the index to the Anchor chain, indicating which - * Trust Anchor is currently being processed. - * "pCheckerIndex" - * The UInt32 value of the index to the List of CertChainCheckers, - * indicating which Checker is currently processing. - * "pRevChecking" - * The Boolean flag indicating whether normal checking or revocation - * checking is occurring for the Cert indicated by "pCertIndex". - * "pCheckers" - * The address of the List of CertChainCheckers. Must be non-NULL. - * "pNBIOContext" - * The address of the platform-dependend I/O context. Must be a non-NULL - * pointer to a NULL value for the call to initiate chain validation. - * "pResult" - * Address where ValidateResult object pointer will be stored. Must be - * non-NULL. - * "pVerifyTree" - * Address where a VerifyTree is stored, if non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a VALIDATE Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */PKIX_Error * -PKIX_ValidateChain_NB( - PKIX_ValidateParams *params, - PKIX_UInt32 *pCertIndex, - PKIX_UInt32 *pAnchorIndex, - PKIX_UInt32 *pCheckerIndex, - PKIX_Boolean *pRevChecking, - PKIX_List **pCheckers, - void **pNBIOContext, - PKIX_ValidateResult **pResult, - PKIX_VerifyNode **pVerifyTree, - void *plContext); - -/* - * FUNCTION: PKIX_BuildChain - * DESCRIPTION: - * - * If called with a NULL "state", this function attempts to build and validate - * a CertChain according to the ProcessingParams pointed to by "params", using - * an RFC 3280-compliant validation algorithm. If successful, this function - * returns NULL and stores the BuildResult at "pResult", which holds the built - * CertChain, as well as additional information, such as the policy tree and - * the target's public key. If unsuccessful, an Error is returned. - * - * If the chain building is blocked by a CertStore using non-blocking I/O, this - * function stores platform-dependent non-blocking I/O context at - * "pNBIOContext", its state at "pState", and NULL at "pResult". The caller - * may be able to determine, in a platform-dependent way, when the I/O has - * completed. In any case, calling the function again with "pState" containing - * the returned value will allow the chain building to resume. - * - * If chain building is completed, either successfully or unsuccessfully, NULL - * is stored at "pNBIOContext". - * - * If "pVerifyTree" is non-NULL, a tree of VerifyNodes is created which - * tracks the results of the building. That is, each node of the tree either - * has a NULL Error component, or it is a leaf node and it contains an Error - * which indicates why the chain building could not proceed on this branch. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams used to build and validate CertChain. - * Must be non-NULL. - * "pNBIOContext" - * Address where platform-dependent information is store if the build - * is suspended waiting for non-blocking I/O. Must be non-NULL. - * "pState" - * Address of BuildChain state. Must be NULL on initial call, and the - * value previously returned on subsequent calls. - * "pResult" - * Address where object pointer will be stored. Must be non-NULL. - * "pVerifyTree" - * Address where a VerifyTree is stored, if non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (See Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Build Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_BuildChain( - PKIX_ProcessingParams *params, - void **pNBIOContext, - void **pState, - PKIX_BuildResult **pResult, - PKIX_VerifyNode **pVerifyNode, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_H */ diff --git a/security/nss/lib/libpkix/include/pkix_certsel.h b/security/nss/lib/libpkix/include/pkix_certsel.h deleted file mode 100755 index e4f886240..000000000 --- a/security/nss/lib/libpkix/include/pkix_certsel.h +++ /dev/null @@ -1,1859 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the PKIX_CertSelector and the - * PKIX_ComCertSelParams types. - * - */ - -#ifndef _PKIX_CERTSEL_H -#define _PKIX_CERTSEL_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_CertSelector - * - * PKIX_CertSelectors provide a standard way for the caller to select - * certificates based on particular criteria. A CertSelector is typically used - * by the caller to specify the constraints they wish to impose on the target - * certificate in a chain. (see pkix_params.h) A CertSelector is also often - * used to retrieve certificates from a CertStore that match the selector's - * criteria. (See pkix_certstore.h) For example, the caller may wish to only - * select those certificates that have a particular Subject Distinguished Name - * and a particular value for a private certificate extension. The - * MatchCallback allows the caller to specify the custom matching logic to be - * used by a CertSelector. - * - * By default, the MatchCallback is set to point to the default implementation - * provided by libpkix, which understands how to process the most common - * parameters. If the default implementation is used, the caller should set - * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams. - * Any common parameter that is not set is assumed to be disabled, which means - * the default MatchCallback implementation will select all certificates - * without regard to that particular disabled parameter. For example, if the - * SerialNumber parameter is not set, MatchCallback will not filter out any - * certificate based on its serial number. As such, if no parameters are set, - * all are disabled and any certificate will match. If a parameter is - * disabled, its associated PKIX_ComCertSelParams_Get* function returns a - * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints - * and PKIX_ComCertSelParams_GetVersion, or 0 for - * PKIX_ComCertSelParams_GetKeyUsage. - * - * If a custom implementation is desired, the default implementation can be - * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the - * CertSelector can be initialized with a certSelectorContext, which is where - * the caller can specify the desired parameters the caller wishes to match - * against. Note that this certSelectorContext must be an Object (although any - * object type), allowing it to be reference-counted and allowing it to - * provide the standard Object functions (Equals, Hashcode, ToString, Compare, - * Duplicate). - * - */ - -/* - * FUNCTION: PKIX_CertSelector_MatchCallback - * DESCRIPTION: - * - * This callback function determines whether the specified Cert pointed to by - * "cert" matches the criteria of the CertSelector pointed to by "selector". - * If the Cert does not matches the CertSelector's criteria, an exception will - * be thrown. - * - * PARAMETERS: - * "selector" - * Address of CertSelector whose MatchCallback logic and parameters are - * to be used. Must be non-NULL. - * "cert" - * Address of Cert that is to be matched using "selector". - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertSelector_MatchCallback)( - PKIX_CertSelector *selector, - PKIX_PL_Cert *cert, - void *plContext); - -/* - * FUNCTION: PKIX_CertSelector_Create - * DESCRIPTION: - * - * Creates a new CertSelector using the Object pointed to by - * "certSelectorContext" (if any) and stores it at "pSelector". As noted - * above, by default, the MatchCallback is set to point to the default - * implementation provided by libpkix, which understands how to process - * ComCertSelParams objects. This is overridden if the MatchCallback pointed - * to by "callback" is not NULL, in which case the parameters are specified - * using the certSelectorContext. - * - * PARAMETERS: - * "callback" - * The MatchCallback function to be used. - * "certSelectorContext" - * Address of Object representing the CertSelector's context (if any). - * "pSelector" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertSelector_Create( - PKIX_CertSelector_MatchCallback callback, - PKIX_PL_Object *certSelectorContext, - PKIX_CertSelector **pSelector, - void *plContext); - -/* - * FUNCTION: PKIX_CertSelector_GetMatchCallback - * DESCRIPTION: - * - * Retrieves a pointer to "selector's" Match callback function and puts it in - * "pCallback". - * - * PARAMETERS: - * "selector" - * The CertSelector whose Match callback is desired. Must be non-NULL. - * "pCallback" - * Address where Match callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertSelector_GetMatchCallback( - PKIX_CertSelector *selector, - PKIX_CertSelector_MatchCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertSelector_GetCertSelectorContext - * DESCRIPTION: - * - * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) - * of the CertSelector pointed to by "selector" and stores it at - * "pCertSelectorContext". - * - * PARAMETERS: - * "selector" - * Address of CertSelector whose context is to be stored. - * Must be non-NULL. - * "pCertSelectorContext" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertSelector_GetCertSelectorContext( - PKIX_CertSelector *selector, - PKIX_PL_Object **pCertSelectorContext, - void *plContext); - -/* - * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams - * DESCRIPTION: - * - * Retrieves a pointer to the ComCertSelParams object that represent the - * common parameters of the CertSelector pointed to by "selector" and stores - * it at "pCommonCertSelectorParams". If there are no common parameters - * stored with the CertSelector, this function stores NULL at - * "pCommonCertSelectorParams". - * - * PARAMETERS: - * "selector" - * Address of CertSelector whose ComCertSelParams object is to be stored. - * Must be non-NULL. - * "pCommonCertSelectorParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertSelector_GetCommonCertSelectorParams( - PKIX_CertSelector *selector, - PKIX_ComCertSelParams **pCommonCertSelectorParams, - void *plContext); - -/* - * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams - * DESCRIPTION: - * - * Sets the common parameters for the CertSelector pointed to by "selector" - * using the ComCertSelParams object pointed to by "commonCertSelectorParams". - * - * PARAMETERS: - * "selector" - * Address of CertSelector whose common parameters are to be set. - * Must be non-NULL. - * "commonCertSelectorParams" - * Address of ComCertSelParams object representing the common parameters. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "selector" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertSelector_SetCommonCertSelectorParams( - PKIX_CertSelector *selector, - PKIX_ComCertSelParams *commonCertSelectorParams, - void *plContext); - -/* PKIX_ComCertSelParams - * - * PKIX_ComCertSelParams objects are X.509 parameters commonly used with - * CertSelectors, especially when enforcing constraints on a target - * certificate or determining which certificates to retrieve from a CertStore. - * ComCertSelParams objects are typically used with those CertSelectors that - * use the default implementation of MatchCallback, which understands how to - * process ComCertSelParams objects. - */ - -/* - * FUNCTION: PKIX_ComCertSelParams_Create - * DESCRIPTION: - * - * Creates a new ComCertSelParams object and stores it at "pParams". - * - * PARAMETERS: - * "pParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_Create( - PKIX_ComCertSelParams **pParams, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames - * DESCRIPTION: - * - * Retrieves a pointer to the List of GeneralNames (if any) representing the - * subject alternative names criterion that is set in the ComCertSelParams - * object pointed to by "params" and stores it at "pNames". In order to match - * against this criterion, a certificate must contain all or at least one of - * the criterion's subject alternative names (depending on the result of - * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior - * requires a certificate to contain all of the criterion's subject - * alternative names in order to match. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pNames", in which case all certificates are considered to match this - * criterion. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject alternative names - * criterion (if any) is to be stored. Must be non-NULL. - * "pNames" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames - * DESCRIPTION: - * - * Sets the subject alternative names criterion of the ComCertSelParams object - * pointed to by "params" using a List of GeneralNames pointed to by "names". - * In order to match against this criterion, a certificate must contain all or - * at least one of the criterion's subject alternative names (depending on the - * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default - * behavior requires a certificate to contain all of the criterion's subject - * alternative names in order to match. - * - * If "names" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject alternative - * names criterion is to be set. Must be non-NULL. - * "names" - * Address of List of GeneralNames used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_List *names, /* list of PKIX_PL_GeneralName */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName - * DESCRIPTION: - * - * Adds to the subject alternative names criterion of the ComCertSelParams - * object pointed to by "params" using the GeneralName pointed to by "name". - * In order to match against this criterion, a certificate must contain all - * or at least one of the criterion's subject alternative names (depending on - * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default - * behavior requires a certificate to contain all of the criterion's subject - * alternative names in order to match. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject alternative names - * criterion is to be added to. Must be non-NULL. - * "name" - * Address of GeneralName to be added. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_AddSubjAltName( - PKIX_ComCertSelParams *params, - PKIX_PL_GeneralName *name, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetPathToNames - * DESCRIPTION: - * - * Retrieves a pointer to the List of GeneralNames (if any) representing the - * path to names criterion that is set in the ComCertSelParams object pointed - * to by "params" and stores it at "pNames". In order to match against this - * criterion, a certificate must not include name constraints that would - * prohibit building a path to the criterion's specified names. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pNames", in which case all certificates are considered to match this - * criterion. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose path to names criterion - * (if any) is to be stored. Must be non-NULL. - * "pNames" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetPathToNames( - PKIX_ComCertSelParams *params, - PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetPathToNames - * DESCRIPTION: - * - * Sets the path to names criterion of the ComCertSelParams object pointed to - * by "params" using a List of GeneralNames pointed to by "names". In order to - * match against this criterion, a certificate must not include name - * constraints that would prohibit building a path to the criterion's - * specified names. - * - * If "names" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose path to names criterion - * is to be set. Must be non-NULL. - * "names" - * Address of List of GeneralNames used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetPathToNames( - PKIX_ComCertSelParams *params, - PKIX_List *names, /* list of PKIX_PL_GeneralName */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_AddPathToName - * DESCRIPTION: - * - * Adds to the path to names criterion of the ComCertSelParams object pointed - * to by "params" using the GeneralName pointed to by "pathToName". In order - * to match against this criterion, a certificate must not include name - * constraints that would prohibit building a path to the criterion's - * specified names. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose path to names criterion is to - * be added to. Must be non-NULL. - * "pathToName" - * Address of GeneralName to be added. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_AddPathToName( - PKIX_ComCertSelParams *params, - PKIX_PL_GeneralName *pathToName, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier - * DESCRIPTION: - * - * Retrieves a pointer to the ByteArray (if any) representing the authority - * key identifier criterion that is set in the ComCertSelParams object - * pointed to by "params" and stores it at "pAuthKeyId". In order to match - * against this criterion, a certificate must contain an - * AuthorityKeyIdentifier extension whose value matches the criterion's - * authority key identifier value. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pAuthKeyId", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose authority key identifier - * criterion (if any) is to be stored. Must be non-NULL. - * "pAuthKeyId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetAuthorityKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray **pAuthKeyId, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier - * DESCRIPTION: - * - * Sets the authority key identifier criterion of the ComCertSelParams object - * pointed to by "params" to the ByteArray pointed to by "authKeyId". In - * order to match against this criterion, a certificate must contain an - * AuthorityKeyIdentifier extension whose value matches the criterion's - * authority key identifier value. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose authority key identifier - * criterion is to be set. Must be non-NULL. - * "authKeyId" - * Address of ByteArray used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetAuthorityKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray *authKeyId, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier - * DESCRIPTION: - * - * Retrieves a pointer to the ByteArray (if any) representing the subject key - * identifier criterion that is set in the ComCertSelParams object pointed to - * by "params" and stores it at "pSubjKeyId". In order to match against this - * criterion, a certificate must contain a SubjectKeyIdentifier extension - * whose value matches the criterion's subject key identifier value. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pSubjKeyId", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject key identifier - * criterion (if any) is to be stored. Must be non-NULL. - * "pSubjKeyId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray **pSubjKeyId, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier - * DESCRIPTION: - * - * Sets the subject key identifier criterion of the ComCertSelParams object - * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In - * order to match against this criterion, a certificate must contain an - * SubjectKeyIdentifier extension whose value matches the criterion's subject - * key identifier value. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject key identifier - * criterion is to be set. Must be non-NULL. - * "subjKeyId" - * Address of ByteArray used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray *subKeyId, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey - * DESCRIPTION: - * - * Retrieves a pointer to the PublicKey (if any) representing the subject - * public key criterion that is set in the ComCertSelParams object pointed to - * by "params" and stores it at "pPubKey". In order to match against this - * criterion, a certificate must contain a SubjectPublicKey that matches the - * criterion's public key. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pPubKey", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject public key criterion - * (if any) is to be stored. Must be non-NULL. - * "pPubKey" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjPubKey( - PKIX_ComCertSelParams *params, - PKIX_PL_PublicKey **pPubKey, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey - * DESCRIPTION: - * - * Sets the subject public key criterion of the ComCertSelParams object - * pointed to by "params" using a PublicKey pointed to by "pubKey". In order - * to match against this criterion, a certificate must contain a - * SubjectPublicKey that matches the criterion's public key. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject public key - * criterion is to be set. Must be non-NULL. - * "pubKey" - * Address of PublicKey used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjPubKey( - PKIX_ComCertSelParams *params, - PKIX_PL_PublicKey *pubKey, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId - * DESCRIPTION: - * - * Retrieves a pointer to the OID (if any) representing the subject public key - * algorithm identifier criterion that is set in the ComCertSelParams object - * pointed to by "params" and stores it at "pPubKey". In order to match - * against this criterion, a certificate must contain a SubjectPublicKey with - * an algorithm that matches the criterion's algorithm. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pAlgId", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject public key algorithm - * identifier (if any) is to be stored. Must be non-NULL. - * "pAlgId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjPKAlgId( - PKIX_ComCertSelParams *params, - PKIX_PL_OID **pAlgId, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId - * DESCRIPTION: - * - * Sets the subject public key algorithm identifier criterion of the - * ComCertSelParams object pointed to by "params" using an OID pointed to by - * "algId". In order to match against this criterion, a certificate must - * contain a SubjectPublicKey with an algorithm that matches the criterion's - * algorithm. - * - * If "algId" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject public key - * algorithm identifier criterion is to be set. Must be non-NULL. - * "algId" - * Address of OID used to set criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjPKAlgId( - PKIX_ComCertSelParams *params, - PKIX_PL_OID *algId, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints - * DESCRIPTION: - * - * Retrieves a pointer to the minimum path length (if any) representing the - * basic constraints criterion that is set in the ComCertSelParams object - * pointed to by "params" and stores it at "pMinPathLength". In order to - * match against this criterion, there are several possibilities. - * - * 1) If the criterion's minimum path length is greater than or equal to zero, - * a certificate must include a BasicConstraints extension with a pathLen of - * at least this value. - * - * 2) If the criterion's minimum path length is -2, a certificate must be an - * end-entity certificate. - * - * 3) If the criterion's minimum path length is -1, no basic constraints check - * is done and all certificates are considered to match this criterion. - * - * The semantics of other values of the criterion's minimum path length are - * undefined but may be defined in future versions of the API. - * - * If "params" does not have this criterion set, this function stores -1 at - * "pMinPathLength", in which case all certificates are considered to match - * this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose basic constraints criterion - * (if any) is to be stored. Must be non-NULL. - * "pMinPathLength" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetBasicConstraints( - PKIX_ComCertSelParams *params, - PKIX_Int32 *pMinPathLength, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints - * DESCRIPTION: - * - * Sets the basic constraints criterion of the ComCertSelParams object - * pointed to by "params" using the integer value of "minPathLength". In - * order to match against this criterion, there are several possibilities. - * - * 1) If the criterion's minimum path length is greater than or equal to zero, - * a certificate must include a BasicConstraints extension with a pathLen of - * at least this value. - * - * 2) If the criterion's minimum path length is -2, a certificate must be an - * end-entity certificate. - * - * 3) If the criterion's minimum path length is -1, no basic constraints check - * is done and all certificates are considered to match this criterion. - * - * The semantics of other values of the criterion's minimum path length are - * undefined but may be defined in future versions of the API. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose basic constraints - * criterion is to be set. Must be non-NULL. - * "minPathLength" - * Value of PKIX_Int32 used to set the criterion - * (or -1 to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetBasicConstraints( - PKIX_ComCertSelParams *params, - PKIX_Int32 minPathLength, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetCertificate - * DESCRIPTION: - * - * Retrieves a pointer to the Cert (if any) representing the certificate - * criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pCert". In order to match against this - * criterion, a certificate must be equal to the criterion's certificate. If - * this criterion is specified, it is usually not necessary to specify any - * other criteria, since this criterion requires an exact certificate match. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pCert", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose certificate criterion - * (if any) is to be stored. Must be non-NULL. - * "pCert" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetCertificate( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert **pCert, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetCertificate - * DESCRIPTION: - * - * Sets the certificate criterion of the ComCertSelParams object pointed to by - * "params" using a Cert pointed to by "cert". In order to match against this - * criterion, a certificate must be equal to the criterion's certificate. - * If this criterion is specified, it is usually not necessary to specify - * any other criteria, since this criterion requires an exact certificate - * match. - * - * If "cert" is NULL, all certificates are considered to match this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose certificate criterion is to be - * set. Must be non-NULL. - * "cert" - * Address of Cert used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetCertificate( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid - * DESCRIPTION: - * - * Retrieves a pointer to the Date (if any) representing the certificate - * validity criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pDate". In order to match against this - * criterion, a certificate's validity period must include the criterion's - * Date. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pDate", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose certificate validity criterion - * (if any) is to be stored. Must be non-NULL. - * "pDate" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetCertificateValid( - PKIX_ComCertSelParams *params, - PKIX_PL_Date **pDate, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid - * DESCRIPTION: - * - * Sets the certificate validity criterion of the ComCertSelParams object - * pointed to by "params" using a Date pointed to by "date". In order to - * match against this criterion, a certificate's validity period must include - * the criterion's Date. - * - * If "date" is NULL, all certificates are considered to match this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose certificate validity criterion - * is to be set. Must be non-NULL. - * "date" - * Address of Date used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetCertificateValid( - PKIX_ComCertSelParams *params, - PKIX_PL_Date *date, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber - * DESCRIPTION: - * - * Retrieves a pointer to the BigInt (if any) representing the serial number - * criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pSerialNumber". In order to match against this - * criterion, a certificate must have a serial number equal to the - * criterion's serial number. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pSerialNumber", in which case all certificates are considered to match - * this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose serial number criterion - * (if any) is to be stored. Must be non-NULL. - * "pSerialNumber" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSerialNumber( - PKIX_ComCertSelParams *params, - PKIX_PL_BigInt **pSerialNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber - * DESCRIPTION: - * - * Sets the serial number criterion of the ComCertSelParams object pointed to - * by "params" using a BigInt pointed to by "serialNumber". In order to match - * against this criterion, a certificate must have a serial number equal to - * the criterion's serial number. - * - * If "serialNumber" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose serial number criterion is to - * be set. Must be non-NULL. - * "serialNumber" - * Address of BigInt used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSerialNumber( - PKIX_ComCertSelParams *params, - PKIX_PL_BigInt *serialNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetVersion - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is - * set in the ComCertSelParams object pointed to by "params" and stores it at - * "pVersion". In order to match against this criterion, a certificate's - * version must be equal to the criterion's version. - * - * The version number will either be 0, 1, or 2 (corresponding to - * v1, v2, or v3, respectively). - * - * If "params" does not have this criterion set, this function stores - * 0xFFFFFFFF at "pVersion", in which case all certificates are considered - * to match this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose version criterion (if any) is - * to be stored. Must be non-NULL. - * "pVersion" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetVersion( - PKIX_ComCertSelParams *params, - PKIX_UInt32 *pVersion, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetVersion - * DESCRIPTION: - * - * Sets the version criterion of the ComCertSelParams object pointed to by - * "params" using the integer value of "version". In order to match against - * this criterion, a certificate's version must be equal to the criterion's - * version. If the criterion's version is -1, no version check is done and - * all certificates are considered to match this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose version criterion is to be - * set. Must be non-NULL. - * "version" - * Value of PKIX_Int32 used to set the criterion - * (or -1 to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetVersion( - PKIX_ComCertSelParams *params, - PKIX_Int32 version, - void *plContext); - - -/* - * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that - * is set in the ComCertSelParams object pointed to by "params" and stores it - * at "pKeyUsage". In order to match against this criterion, a certificate - * must allow the criterion's key usage values. Note that a certificate that - * has no KeyUsage extension implicity allows all key usages. Note also that - * this functions supports a maximum of 32 key usage bits. - * - * If "params" does not have this criterion set, this function stores zero at - * "pKeyUsage", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose key usage criterion (if any) - * is to be stored. Must be non-NULL. - * "pKeyUsage" - * Address where PKIX_UInt32 will be stored. Must not be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_UInt32 *pKeyUsage, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage - * DESCRIPTION: - * - * Sets the key usage criterion of the ComCertSelParams object pointed to by - * "params" using the integer value of "keyUsage". In order to match against - * this criterion, a certificate must allow the criterion's key usage values. - * Note that a certificate that has no KeyUsage extension implicity allows - * all key usages. Note also that this functions supports a maximum of 32 key - * usage bits. - * - * If the criterion's key usage value is zero, no key usage check is done and - * all certificates are considered to match this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose key usage criterion is to be - * set. Must be non-NULL. - * "keyUsage" - * Value of PKIX_Int32 used to set the criterion - * (or zero to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_UInt32 keyUsage, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage - * DESCRIPTION: - * - * Retrieves a pointer to the List of OIDs (if any) representing the extended - * key usage criterion that is set in the ComCertSelParams object pointed to - * by "params" and stores it at "pExtKeyUsage". In order to match against this - * criterion, a certificate's ExtendedKeyUsage extension must allow the - * criterion's extended key usages. Note that a certificate that has no - * ExtendedKeyUsage extension implicity allows all key purposes. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pExtKeyUsage", in which case all certificates are considered to match - * this criterion. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose extended key usage criterion - * (if any) is to be stored. Must be non-NULL. - * "pExtKeyUsage" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetExtendedKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage - * DESCRIPTION: - * - * Sets the extended key usage criterion of the ComCertSelParams object - * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage". - * In order to match against this criterion, a certificate's ExtendedKeyUsage - * extension must allow the criterion's extended key usages. Note that a - * certificate that has no ExtendedKeyUsage extension implicitly allows all - * key purposes. - * - * If "extKeyUsage" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose extended key usage criterion - * is to be set. Must be non-NULL. - * "extKeyUsage" - * Address of List of OIDs used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetExtendedKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetPolicy - * DESCRIPTION: - * - * Retrieves a pointer to the List of OIDs (if any) representing the policy - * criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pPolicy". In order to match against this - * criterion, a certificate's CertificatePolicies extension must include at - * least one of the criterion's policies. If "params" has this criterion set, - * but the List of OIDs is empty, then a certificate's CertificatePolicies - * extension must include at least some policy. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pPolicy", in which case all certificates are considered to match this - * criterion. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose policy criterion (if any) is - * to be stored. Must be non-NULL. - * "pPolicy" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetPolicy( - PKIX_ComCertSelParams *params, - PKIX_List **pPolicy, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetPolicy - * DESCRIPTION: - * - * Sets the policy criterion of the ComCertSelParams object pointed to by - * "params" using a List of OIDs pointed to by "policy". In order to match - * against this criterion, a certificate's CertificatePolicies extension must - * include at least one of the criterion's policies. If "params" has this - * criterion set, but the List of OIDs is empty, then a certificate's - * CertificatePolicies extension must include at least some policy. - * - * If "policy" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose policy criterion is to be set. - * Must be non-NULL. - * "policy" - * Address of List of OIDs used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetPolicy( - PKIX_ComCertSelParams *params, - PKIX_List *policy, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetIssuer - * DESCRIPTION: - * - * Retrieves a pointer to the X500Name (if any) representing the issuer - * criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pIssuer". In order to match against this - * criterion, a certificate's IssuerName must match the criterion's issuer - * name. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pIssuer", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose issuer criterion (if any) is - * to be stored. Must be non-NULL. - * "pIssuer" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetIssuer( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name **pIssuer, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetIssuer - * DESCRIPTION: - * - * Sets the issuer criterion of the ComCertSelParams object pointed to by - * "params" using an X500Name pointed to by "issuer". In order to match - * against this criterion, a certificate's IssuerName must match the - * criterion's issuer name. - * - * If "issuer" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose issuer criterion is to be set. - * Must be non-NULL. - * "issuer" - * Address of X500Name used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetIssuer( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name *issuer, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubject - * DESCRIPTION: - * - * Retrieves a pointer to the X500Name (if any) representing the subject - * criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pSubject". In order to match against this - * criterion, a certificate's SubjectName must match the criterion's subject - * name. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pSubject", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject criterion (if any) is - * to be stored. Must be non-NULL. - * "pSubject" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubject( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name **pSubject, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubject - * DESCRIPTION: - * - * Sets the subject criterion of the ComCertSelParams object pointed to by - * "params" using an X500Name pointed to by "subject". In order to match - * against this criterion, a certificate's SubjectName must match the - * criterion's subject name. - * - * If "subject" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject criterion is to be - * set. Must be non-NULL. - * "subject" - * Address of X500Name used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubject( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name *subject, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray - * DESCRIPTION: - * - * Retrieves a pointer to the ByteArray (if any) representing the subject - * criterion that is set in the ComCertSelParams object pointed to by - * "params" and stores it at "pSubject". In order to match against this - * criterion, a certificate's SubjectName must match the criterion's subject - * name. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pSubject", in which case all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject criterion (if any) is - * to be stored. Must be non-NULL. - * "pSubject" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjectAsByteArray( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray **pSubject, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray - * DESCRIPTION: - * - * Sets the subject criterion of the ComCertSelParams object pointed to by - * "params" using a ByteArray pointed to by "subject". In order to match - * against this criterion, a certificate's SubjectName must match the - * criterion's subject name. - * - * If "subject" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose subject criterion is to be - * set. Must be non-NULL. - * "subject" - * Address of ByteArray used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjectAsByteArray( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray *subject, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints - * DESCRIPTION: - * - * Retrieves a pointer to the X500Name (if any) representing the name - * constraints criterion that is set in the ComCertSelParams object pointed - * to by "params" and stores it at "pConstraints". In order to match against - * this criterion, a certificate's subject and subject alternative names must - * be allowed by the criterion's name constraints. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pConstraints", in which case all certificates are considered to match - * this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose name constraints criterion - * (if any) is to be stored. Must be non-NULL. - * "pConstraints" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetNameConstraints( - PKIX_ComCertSelParams *params, - PKIX_PL_CertNameConstraints **pConstraints, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints - * DESCRIPTION: - * - * Sets the name constraints criterion of the ComCertSelParams object pointed - * to by "params" using the CertNameConstraints pointed to by "constraints". - * In order to match against this criterion, a certificate's subject and - * subject alternative names must be allowed by the criterion's name - * constraints. - * - * If "constraints" is NULL, all certificates are considered to match this - * criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose name constraints criterion is - * to be set. Must be non-NULL. - * "constraints" - * Address of CertNameConstraints used to set the criterion - * (or NULL to disable the criterion). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetNameConstraints( - PKIX_ComCertSelParams *params, - PKIX_PL_CertNameConstraints *constraints, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames - * DESCRIPTION: - * - * Checks whether the ComCertSelParams object pointed to by "params" indicate - * that all subject alternative names are to be matched and stores the Boolean - * result at "pMatch". This Boolean value determines the behavior of the - * subject alternative names criterion. - * - * In order to match against the subject alternative names criterion, if the - * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of - * the criterion's subject alternative names. If the Boolean value at - * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the - * criterion's subject alternative names. The default behavior is as if the - * Boolean value at "pMatch" is PKIX_TRUE. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object used to determine whether all - * subject alternative names must be matched. Must be non-NULL. - * "pMatch" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_GetMatchAllSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_Boolean *pMatch, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames - * DESCRIPTION: - * - * Sets the match flag of the ComCertSelParams object pointed to by "params" - * using the Boolean value of "match". This Boolean value determines the - * behavior of the subject alternative names criterion. - * - * In order to match against the subject alternative names criterion, if the - * "match" is PKIX_TRUE, a certificate must contain all of the criterion's - * subject alternative names. If the "match" is PKIX_FALSE, a certificate - * must contain at least one of the criterion's subject alternative names. - * The default behavior is as if "match" is PKIX_TRUE. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose match flag is to be set. - * Must be non-NULL. - * "match" - * Boolean value used to set the match flag. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetMatchAllSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_Boolean match, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag - * DESCRIPTION: - * - * Return "leafCert" flag of the ComCertSelParams structure. If set to true, - * the flag indicates that a selector should filter out all cert that are not - * qualified to be a leaf cert according to the specified key/ekey usages. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object used to determine whether all - * subject alternative names must be matched. Must be non-NULL. - * "pLeafFlag" - * Address of returned value. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error* -PKIX_ComCertSelParams_GetLeafCertFlag( - PKIX_ComCertSelParams *params, - PKIX_Boolean *pLeafFlag, - void *plContext); - -/* - * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag - * DESCRIPTION: - * - * Sets a flag that if its value is true, indicates that the selector - * should only pick certs that qualifies to be leaf for this cert path - * validation. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams object whose match flag is to be set. - * Must be non-NULL. - * "leafFlag" - * Boolean value used to set the leaf flag. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCertSelParams_SetLeafCertFlag( - PKIX_ComCertSelParams *params, - PKIX_Boolean leafFlag, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_CERTSEL_H */ diff --git a/security/nss/lib/libpkix/include/pkix_certstore.h b/security/nss/lib/libpkix/include/pkix_certstore.h deleted file mode 100755 index f17845d7d..000000000 --- a/security/nss/lib/libpkix/include/pkix_certstore.h +++ /dev/null @@ -1,746 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the PKIX_CertStore type. - * - */ - -#ifndef _PKIX_CERTSTORE_H -#define _PKIX_CERTSTORE_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_CertStore - * - * A PKIX_CertStore provides a standard way for the caller to retrieve - * certificates and CRLs from a particular repository (or "store") of - * certificates and CRLs, including LDAP directories, flat files, local - * databases, etc. The CertCallback allows custom certificate retrieval logic - * to be used while the CRLCallback allows custom CRL retrieval logic to be - * used. Additionally, a CertStore can be initialized with a certStoreContext, - * which is where the caller can specify configuration data such as the host - * name of an LDAP server. Note that this certStoreContext must be an - * Object (although any object type), allowing it to be reference-counted and - * allowing it to provide the standard Object functions (Equals, Hashcode, - * ToString, Compare, Duplicate). Please note that each certStoreContext must - * provide Equals and Hashcode functions in order for the caching (on Cert and - * CertChain) to work correctly. When providing those two functions, it is not - * required that all the components of the object be hashed or checked for - * equality, but merely that the functions distinguish between unique - * instances of the certStoreContext. - * - * Once the caller has created the CertStore object, the caller then specifies - * these CertStore objects in a ProcessingParams object and passes that object - * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the - * user's callback functions as needed during the validation or building - * process. - * - * The order of CertStores stored (as a list) at ProcessingParams determines - * the order in which certificates are retrieved. Trusted CertStores should - * precede non-trusted ones on the list of CertStores so their certificates - * are evaluated ahead of other certificates selected on the basis of the same - * selector criteria. - * - * The CheckTrustCallback function is used when the CertStore object - * supports trust status, which means a Cert's trust status can be altered - * dynamically. When a CertStore object is created, if the - * CheckTrustCallback is initialized to be non-NULL, this CertStore is - * defaulted as supporting trust. Then whenever a Cert needs to (re)check its - * trust status, this callback can be invoked. When a Cert is retrieved by - * a CertStore supports trust, at its GetCertCallback, the CertStore - * information should be updated in Cert's data structure so the link between - * the Cert and CertStore exists. - * - */ - -/* - * FUNCTION: PKIX_CertStore_CertCallback - * DESCRIPTION: - * - * This callback function retrieves from the CertStore pointed to by "store" - * all the certificates that match the CertSelector pointed to by "selector". - * It places these certificates in a List and stores a pointer to the List at - * "pCerts". If no certificates are found which match the CertSelector's - * criteria, this function stores an empty List at "pCerts". In either case, if - * the operation is completed, NULL is stored at "pNBIOContext". - * - * A CertStore which uses non-blocking I/O may store platform-dependent - * information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is - * pending. A subsequent call to PKIX_CertStore_CertContinue is required to - * finish the operation and to obtain the List of Certs. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "store" - * Address of CertStore from which Certs are to be retrieved. - * Must be non-NULL. - * "selector" - * Address of CertSelector whose criteria must be satisfied. - * Must be non-NULL. - * "verifyNode" - * Parent log node for tracking of filtered out certs. - * "pNBIOContext" - * Address at which platform-dependent information is stored if the - * operation is suspended for non-blocking I/O. Must be non-NULL. - * "pCerts" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertStore_CertCallback)( - PKIX_CertStore *store, - PKIX_CertSelector *selector, - PKIX_VerifyNode *verifyNode, - void **pNBIOContext, - PKIX_List **pCerts, /* list of PKIX_PL_Cert */ - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_CertContinue - * DESCRIPTION: - * - * This function continues the non-blocking operation initiated by an earlier - * call to the CertCallback function, for the CertStore pointed to by "store". - * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL - * value returned in "pNBIOContext") calling this function will return a fatal - * error. If the operation is completed the certificates found are placed in a - * List, a pointer to which is stored at "pCerts". If no certificates are found - * which match the CertSelector's criteria, this function stores an empty List - * at "pCerts". In either case, if the operation is completed, NULL is stored - * at "pNBIOContext". - * - * If non-blocking I/O is still pending this function stores platform-dependent - * information at "pNBIOContext" and NULL at "pCerts". A subsequent call to - * PKIX_CertStore_CertContinue is required to finish the operation and to - * obtain the List of Certs. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "store" - * Address of CertStore from which Certs are to be retrieved. - * Must be non-NULL. - * "selector" - * Address of CertSelector whose criteria must be satisfied. - * Must be non-NULL. - * "verifyNode" - * Parent log node for tracking of filtered out certs. - * "pNBIOContext" - * Address at which platform-dependent information is stored if the - * operation is suspended for non-blocking I/O. Must be non-NULL. - * "pCerts" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_CertContinue( - PKIX_CertStore *store, - PKIX_CertSelector *selector, - PKIX_VerifyNode *verifyNode, - void **pNBIOContext, - PKIX_List **pCerts, /* list of PKIX_PL_Cert */ - void *plContext); - -typedef PKIX_Error * -(*PKIX_CertStore_CertContinueFunction)( - PKIX_CertStore *store, - PKIX_CertSelector *selector, - PKIX_VerifyNode *verifyNode, - void **pNBIOContext, - PKIX_List **pCerts, /* list of PKIX_PL_Cert */ - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_CRLCallback - * DESCRIPTION: - * - * This callback function retrieves from the CertStore pointed to by "store" - * all the CRLs that match the CRLSelector pointed to by "selector". It - * places these CRLs in a List and stores a pointer to the List at "pCRLs". - * If no CRLs are found which match the CRLSelector's criteria, this function - * stores an empty List at "pCRLs". In either case, if the operation is - * completed, NULL is stored at "pNBIOContext". - * - * A CertStore which uses non-blocking I/O may store platform-dependent - * information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is - * pending. A subsequent call to PKIX_CertStore_CRLContinue is required to - * finish the operation and to obtain the List of Crls. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "store" - * Address of CertStore from which CRLs are to be retrieved. - * Must be non-NULL. - * "selector" - * Address of CRLSelector whose criteria must be satisfied. - * Must be non-NULL. - * "pCrls" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertStore_CRLCallback)( - PKIX_CertStore *store, - PKIX_CRLSelector *selector, - void **pNBIOContext, - PKIX_List **pCrls, /* list of PKIX_PL_CRL */ - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_ImportCrlCallback - * DESCRIPTION: - * - * The function imports crl list into a cert store. Stores that - * have local cache may only have that function defined. - * - * PARAMETERS: - * "store" - * Address of CertStore from which CRLs are to be retrieved. - * Must be non-NULL. - * "issuerName" - * Name of the issuer that will be used to track bad der crls. - * "crlList" - * Address on the importing crl list. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertStore_ImportCrlCallback)( - PKIX_CertStore *store, - PKIX_PL_X500Name *issuerName, - PKIX_List *crlList, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback - * DESCRIPTION: - * - * The function checks revocation status of a cert with specified - * issuer, date. It returns revocation status of a cert and - * a reason code(if any) if a cert was revoked. - * - * PARAMETERS: - * "store" - * Address of CertStore from which CRLs are to be retrieved. - * Must be non-NULL. - * "cert" - * Certificate which revocation status will be checked. - * "issuer" - * Issuer certificate of the "crl". - * "date" - * Date of the revocation check. - * "crlDownloadDone" - * Indicates, that all needed crl downloads are done by the time of - * the revocation check. - * "reasonCode" - * If cert is revoked, returned reason code for which a cert was revoked. - * "revStatus" - * Returned revocation status of the cert. See PKIX_RevocationStatus - * for more details - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertStore_CheckRevokationByCrlCallback)( - PKIX_CertStore *store, - PKIX_PL_Cert *cert, - PKIX_PL_Cert *issuer, - PKIX_PL_Date *date, - PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *reasonCode, - PKIX_RevocationStatus *revStatus, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_CrlContinue - * DESCRIPTION: - * - * This function continues the non-blocking operation initiated by an earlier - * call to the CRLCallback function, for the CertStore pointed to by "store". - * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL - * value returned in "pNBIOContext") calling this function will return a fatal - * error. If the operation is completed the crls found are placed in a List, a - * pointer to which is stored at "pCrls". If no crls are found which match the - * CRLSelector's criteria, this function stores an empty List at "pCrls". In - * either case, if the operation is completed, NULL is stored at "pNBIOContext". - * - * If non-blocking I/O is still pending this function stores platform-dependent - * information at "pNBIOContext" and NULL at "pCrls". A subsequent call to - * PKIX_CertStore_CrlContinue is required to finish the operation and to - * obtain the List of Crls. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "store" - * Address of CertStore from which Crls are to be retrieved. - * Must be non-NULL. - * "selector" - * Address of CRLSelector whose criteria must be satisfied. - * Must be non-NULL. - * "pNBIOContext" - * Address at which platform-dependent information is stored if the - * operation is suspended for non-blocking I/O. Must be non-NULL. - * "pCrls" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_CrlContinue( - PKIX_CertStore *store, - PKIX_CRLSelector *selector, - void **pNBIOContext, - PKIX_List **pCrls, /* list of PKIX_PL_CRL */ - void *plContext); - -typedef PKIX_Error * -(*PKIX_CertStore_CrlContinueFunction)( - PKIX_CertStore *store, - PKIX_CRLSelector *selector, - void **pNBIOContext, - PKIX_List **pCrls, /* list of PKIX_PL_CRL */ - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_CheckTrustCallback - * DESCRIPTION: - * - * This callback function rechecks "cert's" trust status from the CertStore - * pointed to by "store". - * - * PARAMETERS: - * "store" - * Address of CertStore from which Certs are to be checked. - * Must be non-NULL. - * "cert" - * Address of Cert whose trust status needs to be rechecked. - * Must be non-NULL. - * "pTrusted" - * Address of PKIX_Boolean where the trust status is returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertStore_CheckTrustCallback)( - PKIX_CertStore *store, - PKIX_PL_Cert *cert, - PKIX_Boolean *pTrusted, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_Create - * DESCRIPTION: - * - * Creates a new CertStore and stores it at "pStore". The new CertStore uses - * the CertCallback pointed to by "certCallback" and the CRLCallback pointed - * to by "crlCallback" as its callback functions and uses the Object pointed - * to by "certStoreContext" as its context . Note that this certStoreContext - * must be an Object (although any object type), allowing it to be - * reference-counted and allowing it to provide the standard Object functions - * (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a - * CertStore object is immutable, although the underlying repository can - * change. For example, a CertStore will often be a front-end for a database - * or directory. The contents of that directory can change after the - * CertStore object is created, but the CertStore object remains immutable. - * - * PARAMETERS: - * "certCallback" - * The CertCallback function to be used. Must be non-NULL. - * "crlCallback" - * The CRLCallback function to be used. Must be non-NULL. - * "certContinue" - * The function to be used to resume a certCallback that returned with a - * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking - * I/O. - * "crlContinue" - * The function to be used to resume a crlCallback that returned with a - * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking - * I/O. - * "trustCallback" - * Address of PKIX_CertStore_CheckTrustCallback which is called to - * verify the trust status of Certs in this CertStore. - * "certStoreContext" - * Address of Object representing the CertStore's context (if any). - * "cachedFlag" - * If TRUE indicates data retrieved from CertStore should be cached. - * "localFlag" - * Boolean value indicating whether this CertStore is local. - * "pStore" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_Create( - PKIX_CertStore_CertCallback certCallback, - PKIX_CertStore_CRLCallback crlCallback, - PKIX_CertStore_CertContinueFunction certContinue, - PKIX_CertStore_CrlContinueFunction crlContinue, - PKIX_CertStore_CheckTrustCallback trustCallback, - PKIX_CertStore_ImportCrlCallback importCrlCallback, - PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback, - PKIX_PL_Object *certStoreContext, - PKIX_Boolean cachedFlag, - PKIX_Boolean localFlag, - PKIX_CertStore **pStore, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetCertCallback - * DESCRIPTION: - * - * Retrieves a pointer to "store's" Cert callback function and put it in - * "pCallback". - * - * PARAMETERS: - * "store" - * The CertStore whose Cert callback is desired. Must be non-NULL. - * "pCallback" - * Address where Cert callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetCertCallback( - PKIX_CertStore *store, - PKIX_CertStore_CertCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetCRLCallback - * DESCRIPTION: - * - * Retrieves a pointer to "store's" CRL callback function and put it in - * "pCallback". - * - * PARAMETERS: - * "store" - * The CertStore whose CRL callback is desired. Must be non-NULL. - * "pCallback" - * Address where CRL callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetCRLCallback( - PKIX_CertStore *store, - PKIX_CertStore_CRLCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetImportCrlCallback - * DESCRIPTION: - * - * Retrieves a pointer to "store's" Import CRL callback function and put it in - * "pCallback". - * - * PARAMETERS: - * "store" - * The CertStore whose CRL callback is desired. Must be non-NULL. - * "pCallback" - * Address where CRL callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetImportCrlCallback( - PKIX_CertStore *store, - PKIX_CertStore_ImportCrlCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetCheckRevByCrl - * DESCRIPTION: - * - * Retrieves a pointer to "store's" CRL revocation checker callback function - * and put it in "pCallback". - * - * PARAMETERS: - * "store" - * The CertStore whose CRL callback is desired. Must be non-NULL. - * "pCallback" - * Address where CRL callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetCrlCheckerFn( - PKIX_CertStore *store, - PKIX_CertStore_CheckRevokationByCrlCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetTrustCallback - * DESCRIPTION: - * - * Retrieves the function pointer to the CheckTrust callback function of the - * CertStore pointed to by "store" and stores it at "pCallback". - * - * PARAMETERS: - * "store" - * The CertStore whose CheckTrust callback is desired. Must be non-NULL. - * "pCallback" - * Address where CheckTrust callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetTrustCallback( - PKIX_CertStore *store, - PKIX_CertStore_CheckTrustCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetCertStoreContext - * DESCRIPTION: - * - * Retrieves a pointer to the Object representing the context (if any) - * of the CertStore pointed to by "store" and stores it at - * "pCertStoreContext". - * - * PARAMETERS: - * "store" - * Address of CertStore whose context is to be stored. Must be non-NULL. - * "pCertStoreContext" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetCertStoreContext( - PKIX_CertStore *store, - PKIX_PL_Object **pCertStoreContext, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag - * DESCRIPTION: - * - * Retrieves the Boolean cache flag of the CertStore pointed to by "store" and - * stores it at "pCachedFlag". - * - * PARAMETERS: - * "store" - * Address of CertStore whose cache flag is to be stored. Must be non-NULL. - * "pCacheFlag" - * Address where the result will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetCertStoreCacheFlag( - PKIX_CertStore *store, - PKIX_Boolean *pCacheFlag, - void *plContext); - -/* - * FUNCTION: PKIX_CertStore_GetLocalFlag - * DESCRIPTION: - * - * Retrieves the Boolean localFlag for the CertStore pointed to by "store" and - * stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can - * fulfill a request without performing network I/O. - * - * PARAMETERS: - * "store" - * The CertStore whose Local flag is desired. Must be non-NULL. - * "pCallback" - * Address where the Boolean LocalFlag will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertStore_GetLocalFlag( - PKIX_CertStore *store, - PKIX_Boolean *pLocalFlag, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_CERTSTORE_H */ diff --git a/security/nss/lib/libpkix/include/pkix_checker.h b/security/nss/lib/libpkix/include/pkix_checker.h deleted file mode 100755 index 236112e11..000000000 --- a/security/nss/lib/libpkix/include/pkix_checker.h +++ /dev/null @@ -1,427 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the PKIX_CertChainChecker type. - * - */ - -#ifndef _PKIX_CHECKER_H -#define _PKIX_CHECKER_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_CertChainChecker - * - * PKIX_CertChainCheckers provide a standard way for the caller to insert their - * own custom checks to validate certificates. This may be useful in many - * scenarios, including when the caller wishes to validate private certificate - * extensions. The CheckCallback allows custom certificate processing to take - * place. Additionally, a CertChainChecker can optionally maintain state - * between successive calls to the CheckCallback. This certChainCheckerState - * must be an Object (although any object type), allowing it to be - * reference-counted and allowing it to provide the standard Object functions - * (Equals, Hashcode, ToString, Compare, Duplicate). If the caller wishes - * their CertChainChecker to be used during chain building, their - * certChainCheckerState object must implement an appropriate Duplicate - * function. The builder uses this Duplicate function when backtracking. - * - * Once the caller has created a CertChainChecker object, the caller then - * specifies a CertChainChecker object in a ProcessingParams object - * and passes the ProcessingParams object to PKIX_ValidateChain or - * PKIX_BuildChain, which uses the objects to call the user's callback - * functions as needed during the validation or building process. - * - * A CertChainChecker may be presented certificates in the "reverse" direction - * (from trust anchor to target) or in the "forward" direction (from target to - * trust anchor). All CertChainCheckers must support "reverse checking", while - * support for "forward checking" is optional, but recommended. If "forward - * checking" is not supported, building chains may be much less efficient. The - * PKIX_CertChainChecker_IsForwardCheckingSupported function is used to - * determine whether forward checking is supported, and the - * PKIX_CertChainChecker_IsForwardDirectionExpected function is used to - * determine whether the CertChainChecker has been initialized to expect the - * certificates to be presented in the "forward" direction. - */ - -/* - * FUNCTION: PKIX_CertChainChecker_CheckCallback - * DESCRIPTION: - * - * This callback function checks whether the specified Cert pointed to by - * "cert" is valid using "checker's" internal certChainCheckerState (if any) - * and removes the critical extensions that it processes (if any) from the - * List of OIDs (possibly empty) pointed to by "unresolvedCriticalExtensions". - * If the checker finds that the certificate is not valid, an Error pointer is - * returned. - * - * If the checker uses non-blocking I/O, the address of a platform-dependent - * non-blocking I/O context ("nbioContext") will be stored at "pNBIOContext", - * which the caller may use, in a platform-dependent way, to wait, poll, or - * otherwise determine when to try again. If the checker does not use - * non-blocking I/O, NULL will always be stored at "pNBIOContext". If a non-NULL - * value was stored, on a subsequent call the checker will attempt to complete - * the pending I/O and, if successful, NULL will be stored at "pNBIOContext". - * - * PARAMETERS: - * "checker" - * Address of CertChainChecker whose certChainCheckerState and - * CheckCallback logic is to be used. Must be non-NULL. - * "cert" - * Address of Cert that is to be validated using "checker". - * Must be non-NULL. - * "unresolvedCriticalExtensions" - * Address of List of OIDs that represents the critical certificate - * extensions that have yet to be resolved. This parameter may be - * modified during the function call. Must be non-NULL. - * "pNBIOContext" - * Address at which is stored a platform-dependent structure indicating - * whether checking was suspended for non-blocking I/O. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CertChainChecker_CheckCallback)( - PKIX_CertChainChecker *checker, - PKIX_PL_Cert *cert, - PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */ - void **pNBIOContext, - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_Create - * DESCRIPTION: - * - * Creates a new CertChainChecker and stores it at "pChecker". The new - * CertChainChecker uses the CheckCallback pointed to by "callback" as its - * callback function. It uses the Object pointed to by "initialState" (if - * any) as its initial state. As noted above, the initial state Object must - * provide a custom implementation of PKIX_PL_Object_Duplicate if the - * CertChainChecker is to be used during certificate chain building. - * - * A CertChainChecker may be presented certificates in the "reverse" - * direction (from trust anchor to target) or in the "forward" direction - * (from target to trust anchor). All CertChainCheckers must support - * "reverse checking", while support for "forward checking" is optional. The - * CertChainChecker is initialized with two Boolean flags that deal with this - * distinction: "forwardCheckingSupported" and "forwardDirectionExpected". - * If the "forwardCheckingSupported" Boolean flag is TRUE, it indicates that - * this CertChainChecker is capable of checking certificates in the "forward" - * direction (as well as the "reverse" direction, which all CertChainCheckers - * MUST support). The "forwardDirectionExpected" Boolean flag indicates in - * which direction the CertChainChecker should expect the certificates to be - * presented. This is particularly useful for CertChainCheckers that are - * capable of checking in either the "forward" direction or the "reverse" - * direction, but have different processing steps depending on the direction. - * - * The CertChainChecker also uses the List of OIDs pointed to by "extensions" - * as the supported certificate extensions. All certificate extensions that - * the CertChainChecker might possibly recognize and be able to process - * should be included in the List of supported extensions. If "checker" does - * not recognize or process any certificate extensions, "extensions" should - * be set to NULL. - * - * PARAMETERS: - * "callback" - * The CheckCallback function to be used. Must be non-NULL. - * "forwardCheckingSupported" - * A Boolean value indicating whether or not this CertChainChecker is - * capable of checking certificates in the "forward" direction. - * "forwardDirectionExpected" - * A Boolean value indicating whether or not this CertChainChecker should - * be used to check in the "forward" direction. - * "extensions" - * Address of List of OIDs representing the supported extensions. - * "initialState" - * Address of Object representing the CertChainChecker's initial state - * (if any). - * "pChecker" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_Create( - PKIX_CertChainChecker_CheckCallback callback, - PKIX_Boolean forwardCheckingSupported, - PKIX_Boolean forwardDirectionExpected, - PKIX_List *extensions, /* list of PKIX_PL_OID */ - PKIX_PL_Object *initialState, - PKIX_CertChainChecker **pChecker, - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_GetCheckCallback - * DESCRIPTION: - * - * Retrieves a pointer to "checker's" Check callback function and puts it in - * "pCallback". - * - * PARAMETERS: - * "checker" - * The CertChainChecker whose Check callback is desired. Must be non-NULL. - * "pCallback" - * Address where Check callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_GetCheckCallback( - PKIX_CertChainChecker *checker, - PKIX_CertChainChecker_CheckCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported - * DESCRIPTION: - * - * Checks whether forward checking is supported by the CertChainChecker - * pointed to by "checker" and stores the Boolean result at - * "pForwardCheckingSupported". - * - * A CertChainChecker may be presented certificates in the "reverse" - * direction (from trust anchor to target) or in the "forward" direction - * (from target to trust anchor). All CertChainCheckers must support - * "reverse checking", while support for "forward checking" is optional. This - * function is used to determine whether forward checking is supported. - * - * PARAMETERS: - * "checker" - * The CertChainChecker whose ability to validate certificates in the - * "forward" direction is to be checked. Must be non-NULL. - * "pForwardCheckingSupported" - * Destination of the Boolean result. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_IsForwardCheckingSupported( - PKIX_CertChainChecker *checker, - PKIX_Boolean *pForwardCheckingSupported, - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected - * DESCRIPTION: - * - * Checks whether the CertChainChecker pointed to by "checker" has been - * initialized to expect the certificates to be presented in the "forward" - * direction and stores the Boolean result at "pForwardDirectionExpected". - * - * A CertChainChecker may be presented certificates in the "reverse" - * direction (from trust anchor to target) or in the "forward" direction - * (from target to trust anchor). All CertChainCheckers must support - * "reverse checking", while support for "forward checking" is optional. This - * function is used to determine in which direction the CertChainChecker - * expects the certificates to be presented. - * - * PARAMETERS: - * "checker" - * The CertChainChecker that has been initialized to expect certificates - * in either the "forward" or "reverse" directions. Must be non-NULL. - * "pForwardDirectionExpected" - * Destination of the Boolean result. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_IsForwardDirectionExpected( - PKIX_CertChainChecker *checker, - PKIX_Boolean *pForwardDirectionExpected, - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions - * DESCRIPTION: - * - * Retrieves a pointer to a List of OIDs (each OID corresponding to a - * certificate extension supported by the CertChainChecker pointed to by - * "checker") and stores it at "pExtensions". All certificate extensions that - * the CertChainChecker might possibly recognize and be able to process - * should be included in the List of supported extensions. If "checker" does - * not recognize or process any certificate extensions, this function stores - * NULL at "pExtensions". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "checker" - * Address of CertChainChecker whose supported extension OIDs are to be - * stored. Must be non-NULL. - * "pExtensions" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_GetSupportedExtensions( - PKIX_CertChainChecker *checker, - PKIX_List **pExtensions, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState - * DESCRIPTION: - * - * Retrieves a pointer to a PKIX_PL_Object representing the internal state - * (if any) of the CertChainChecker pointed to by "checker" and stores it at - * "pCertChainCheckerState". - * - * PARAMETERS: - * "checker" - * Address of CertChainChecker whose state is to be stored. - * Must be non-NULL. - * "pCertChainCheckerState" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_GetCertChainCheckerState( - PKIX_CertChainChecker *checker, - PKIX_PL_Object **pCertChainCheckerState, - void *plContext); - -/* - * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState - * DESCRIPTION: - * - * Sets the internal state of the CertChainChecker pointed to by "checker" - * using the Object pointed to by "certChainCheckerState". If "checker" needs - * a NULL internal state, "certChainCheckerState" should be set to NULL. - * - * PARAMETERS: - * "checker" - * Address of CertChainChecker whose state is to be set. Must be non-NULL. - * "certChainCheckerState" - * Address of Object representing internal state. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "checker" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertChainChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CertChainChecker_SetCertChainCheckerState( - PKIX_CertChainChecker *checker, - PKIX_PL_Object *certChainCheckerState, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_CHECKER_H */ diff --git a/security/nss/lib/libpkix/include/pkix_crlsel.h b/security/nss/lib/libpkix/include/pkix_crlsel.h deleted file mode 100755 index 0d00df4d0..000000000 --- a/security/nss/lib/libpkix/include/pkix_crlsel.h +++ /dev/null @@ -1,792 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the PKIX_CRLSelector and the - * PKIX_ComCRLSelParams types. - * - */ - - -#ifndef _PKIX_CRLSEL_H -#define _PKIX_CRLSEL_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_CRLSelector - * - * PKIX_CRLSelectors provide a standard way for the caller to select CRLs - * based on particular criteria. A CRLSelector is typically used by libpkix - * to retrieve CRLs from a CertStore during certificate chain validation or - * building. (see pkix_certstore.h) For example, the caller may wish to only - * select those CRLs that have a particular issuer or a particular value for a - * private CRL extension. The MatchCallback allows the caller to specify the - * custom matching logic to be used by a CRLSelector. - - * By default, the MatchCallback is set to point to the default implementation - * provided by libpkix, which understands how to process the most common - * parameters. If the default implementation is used, the caller should set - * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams. - * Any common parameter that is not set is assumed to be disabled, which means - * the default MatchCallback implementation will select all CRLs without - * regard to that particular disabled parameter. For example, if the - * MaxCRLNumber parameter is not set, MatchCallback will not filter out any - * CRL based on its CRL number. As such, if no parameters are set, all are - * disabled and any CRL will match. If a parameter is disabled, its associated - * PKIX_ComCRLSelParams_Get* function returns a default value of NULL. - * - * If a custom implementation is desired, the default implementation can be - * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the - * CRLSelector can be initialized with a crlSelectorContext, which is where - * the caller can specify the desired parameters the caller wishes to match - * against. Note that this crlSelectorContext must be a PKIX_PL_Object, - * allowing it to be reference-counted and allowing it to provide the standard - * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate). - * - */ - -/* - * FUNCTION: PKIX_CRLSelector_MatchCallback - * DESCRIPTION: - * - * This callback function determines whether the specified CRL pointed to by - * "crl" matches the criteria of the CRLSelector pointed to by "selector". - * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at - * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch". - * - * PARAMETERS: - * "selector" - * Address of CRLSelector whose MatchCallback logic and parameters are - * to be used. Must be non-NULL. - * "crl" - * Address of CRL that is to be matched using "selector". Must be non-NULL. - * "pMatch" - * Address at which Boolean result is stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_CRLSelector_MatchCallback)( - PKIX_CRLSelector *selector, - PKIX_PL_CRL *crl, - PKIX_Boolean *pMatch, - void *plContext); - -/* - * FUNCTION: PKIX_CRLSelector_Create - * DESCRIPTION: - * - * Creates a new CRLSelector using the Object pointed to by - * "crlSelectorContext" (if any) and stores it at "pSelector". As noted - * above, by default, the MatchCallback is set to point to the default - * implementation provided by libpkix, which understands how to process - * ComCRLSelParams. This is overridden if the MatchCallback pointed to by - * "callback" is not NULL, in which case the parameters are specified using - * the Object pointed to by "crlSelectorContext". - * - * PARAMETERS: - * "issue" - * crl issuer. - * "crlDpList" - * distribution points list - * "callback" - * The MatchCallback function to be used. - * "pSelector" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CRLSelector_Create( - PKIX_PL_Cert *issuer, - PKIX_List *crlDpList, - PKIX_PL_Date *date, - PKIX_CRLSelector **pSelector, - void *plContext); - -/* - * FUNCTION: PKIX_CRLSelector_GetMatchCallback - * DESCRIPTION: - * - * Retrieves a pointer to "selector's" Match callback function and puts it in - * "pCallback". - * - * PARAMETERS: - * "selector" - * The CRLSelector whose Match callback is desired. Must be non-NULL. - * "pCallback" - * Address where Match callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CRLSelector_GetMatchCallback( - PKIX_CRLSelector *selector, - PKIX_CRLSelector_MatchCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext - * DESCRIPTION: - * - * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) - * of the CRLSelector pointed to by "selector" and stores it at - * "pCRLSelectorContext". - * - * PARAMETERS: - * "selector" - * Address of CRLSelector whose context is to be stored. Must be non-NULL. - * "pCRLSelectorContext" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CRLSelector_GetCRLSelectorContext( - PKIX_CRLSelector *selector, - void **pCRLSelectorContext, - void *plContext); - -/* - * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams - * DESCRIPTION: - * - * Retrieves a pointer to the ComCRLSelParams object that represent the common - * parameters of the CRLSelector pointed to by "selector" and stores it at - * "pCommonCRLSelectorParams". If there are no common parameters stored with - * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams". - * - * PARAMETERS: - * "selector" - * Address of CRLSelector whose ComCRLSelParams are to be stored. - * Must be non-NULL. - * "pCommonCRLSelectorParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CRLSelector_GetCommonCRLSelectorParams( - PKIX_CRLSelector *selector, - PKIX_ComCRLSelParams **pCommonCRLSelectorParams, - void *plContext); - -/* - * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams - * DESCRIPTION: - * - * Sets the common parameters for the CRLSelector pointed to by "selector" - * using the ComCRLSelParams pointed to by "commonCRLSelectorParams". - * - * PARAMETERS: - * "selector" - * Address of CRLSelector whose common parameters are to be set. - * Must be non-NULL. - * "commonCRLSelectorParams" - * Address of ComCRLSelParams representing the common parameters. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "selector" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_CRLSelector_SetCommonCRLSelectorParams( - PKIX_CRLSelector *selector, - PKIX_ComCRLSelParams *commonCRLSelectorParams, - void *plContext); - -/* PKIX_ComCRLSelParams - * - * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors, - * especially determining which CRLs to retrieve from a CertStore. - * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use - * the default implementation of MatchCallback, which understands how to - * process ComCRLSelParams. - */ - -/* - * FUNCTION: PKIX_ComCRLSelParams_Create - * DESCRIPTION: - * - * Creates a new ComCRLSelParams object and stores it at "pParams". - * - * PARAMETERS: - * "pParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_Create( - PKIX_ComCRLSelParams **pParams, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames - * DESCRIPTION: - * - * Retrieves a pointer to the List of X500Names (if any) representing the - * issuer names criterion that is set in the ComCRLSelParams pointed to by - * "params" and stores it at "pNames". In order to match against this - * criterion, a CRL's IssuerName must match at least one of the criterion's - * issuer names. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pNames", in which case all CRLs are considered to match. - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose issuer names criterion (if any) is to - * be stored. Must be non-NULL. - * "pNames" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_GetIssuerNames( - PKIX_ComCRLSelParams *params, - PKIX_List **pNames, /* list of PKIX_PL_X500Name */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames - * DESCRIPTION: - * - * Sets the issuer names criterion of the ComCRLSelParams pointed to by - * "params" using a List of X500Names pointed to by "names". In order to match - * against this criterion, a CRL's IssuerName must match at least one of the - * criterion's issuer names. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParamsParams whose issuer names criterion is to be - * set. Must be non-NULL. - * "names" - * Address of List of X500Names used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_SetIssuerNames( - PKIX_ComCRLSelParams *params, - PKIX_List *names, /* list of PKIX_PL_X500Name */ - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName - * DESCRIPTION: - * - * Adds to the issuer names criterion of the ComCRLSelParams pointed to by - * "params" using the X500Name pointed to by "name". In order to match - * against this criterion, a CRL's IssuerName must match at least one of the - * criterion's issuer names. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose issuer names criterion is to be added - * to. Must be non-NULL. - * "name" - * Address of X500Name to be added. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_AddIssuerName( - PKIX_ComCRLSelParams *params, - PKIX_PL_X500Name *name, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking - * DESCRIPTION: - * - * Retrieves a pointer to the Cert (if any) representing the certificate whose - * revocation status is being checked. This is not a criterion. It is simply - * optional information that may help a CertStore find relevant CRLs. - * - * If "params" does not have a certificate set, this function stores NULL at - * "pCert", in which case there is no optional information to provide. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose certificate being checked (if any) is - * to be stored. Must be non-NULL. - * "pCert" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_GetCertificateChecking( - PKIX_ComCRLSelParams *params, - PKIX_PL_Cert **pCert, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking - * DESCRIPTION: - * - * Sets the ComCRLSelParams pointed to by "params" with the certificate - * (pointed to by "cert") whose revocation status is being checked. This is - * not a criterion. It is simply optional information that may help a - * CertStore find relevant CRLs. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose certificate being checked is to be - * set. Must be non-NULL. - * "cert" - * Address of Cert whose revocation status is being checked - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_SetCertificateChecking( - PKIX_ComCRLSelParams *params, - PKIX_PL_Cert *cert, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime - * DESCRIPTION: - * - * Retrieves a pointer to the Date (if any) representing the dateAndTime - * criterion that is set in the ComCRLSelParams pointed to by "params" and - * stores it at "pDate". In order to match against this criterion, a CRL's - * thisUpdate component must be less than or equal to the criterion's - * dateAndTime and the CRL's nextUpdate component must be later than the - * criterion's dateAndTime. There is no match if the CRL does not contain a - * nextUpdate component. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pDate", in which case all CRLs are considered to match. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to - * be stored. Must be non-NULL. - * "pDate" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_GetDateAndTime( - PKIX_ComCRLSelParams *params, - PKIX_PL_Date **pDate, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime - * DESCRIPTION: - * - * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by - * "params" using a Date pointed to by "date". In order to match against this - * criterion, a CRL's thisUpdate component must be less than or equal to the - * criterion's dateAndTime and the CRL's nextUpdate component must be later - * than the criterion's dateAndTime. There is no match if the CRL does not - * contain a nextUpdate component. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be - * set. Must be non-NULL. - * "date" - * Address of Date used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_SetDateAndTime( - PKIX_ComCRLSelParams *params, - PKIX_PL_Date *date, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled - * DESCRIPTION: - * - * Retrieves a pointer to the Boolean representing the NIST CRL policy - * activation flag that is set in the ComCRLSelParams pointed to by "params" - * and stores it at "enabled". If enabled, a CRL must have nextUpdate field. - * - * Default value for this flag is TRUE. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose NIST CRL policy criterion is to - * be stored. Must be non-NULL. - * "pEnabled" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_GetNISTPolicyEnabled( - PKIX_ComCRLSelParams *params, - PKIX_Boolean *pEnabled, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled - * DESCRIPTION: - * - * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by - * "params" using a "enabled" flag. In order to match against this - * criterion, a CRL's nextUpdate must be available and criterion's - * dataAndTime must be within thisUpdate and nextUpdate time period. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParamsParams whose NIST CRL policy criterion - * is to be set. Must be non-NULL. - * "enabled" - * Address of Bollean used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_SetNISTPolicyEnabled( - PKIX_ComCRLSelParams *params, - PKIX_Boolean enabled, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber - * DESCRIPTION: - * - * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber - * criterion that is set in the ComCRLSelParams pointed to by "params" and - * stores it at "pNumber". In order to match against this criterion, a CRL - * must have a CRL number extension whose value is less than or equal to the - * criterion's value. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pNumber", in which case all CRLs are considered to match. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to - * be stored. Must be non-NULL. - * "pNumber" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_GetMaxCRLNumber( - PKIX_ComCRLSelParams *params, - PKIX_PL_BigInt **pNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber - * DESCRIPTION: - * - * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by - * "params" using a BigInt pointed to by "number". In order to match against - * this criterion, a CRL must have a CRL number extension whose value is less - * than or equal to the criterion's value. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be - * set. Must be non-NULL. - * "number" - * Address of BigInt used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_SetMaxCRLNumber( - PKIX_ComCRLSelParams *params, - PKIX_PL_BigInt *number, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber - * DESCRIPTION: - * - * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber - * criterion that is set in the ComCRLSelParams pointed to by "params" and - * stores it at "pNumber". In order to match against this criterion, a CRL - * must have a CRL number extension whose value is greater than or equal to - * the criterion's value. - * - * If "params" does not have this criterion set, this function stores NULL at - * "pNumber", in which case all CRLs are considered to match. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to - * be stored. Must be non-NULL. - * "pNumber" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_GetMinCRLNumber( - PKIX_ComCRLSelParams *params, - PKIX_PL_BigInt **pNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber - * DESCRIPTION: - * - * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by - * "params" using a BigInt pointed to by "number". In order to match against - * this criterion, a CRL must have a CRL number extension whose value is - * greater than or equal to the criterion's value. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be - * set. Must be non-NULL. - * "number" - * Address of BigInt used to set the criterion - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ComCRLSelParams_SetMinCRLNumber( - PKIX_ComCRLSelParams *params, - PKIX_PL_BigInt *number, - void *plContext); - -/* - * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp - * DESCRIPTION: - * - * Sets crldp list that can be used to download a crls. - * - * PARAMETERS: - * "params" - * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be - * set. Must be non-NULL. - * "crldpList" - * A list of CRLDPs. Can be an emptry list. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRLSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error* -PKIX_ComCRLSelParams_SetCrlDp( - PKIX_ComCRLSelParams *params, - PKIX_List *crldpList, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_CRLSEL_H */ diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h deleted file mode 100755 index 324e22761..000000000 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ /dev/null @@ -1,1128 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* - * This file is intended to be included after different definitions of - * PKIX_ERRORENTRY. It is included in pkixt.h to define a number for each error - * by defining PKIX_ERRORENTRY(x,y) as PKIX_ ## x and then listing thim within - * an enum. It is included in pkix_error.c to define an array of error strings - * by defining PKIX_ERRORENTRY(x,y) #y and then listing thim within an array - * const char * const PKIX_ErrorText[] - */ -/* ALLOCERROR should always be the first */ -PKIX_ERRORENTRY(ALLOCERROR,Allocation Error,SEC_ERROR_NO_MEMORY), -PKIX_ERRORENTRY(ADDHEADERFUNCTIONNOTSUPPORTED,AddHeader function not supported,0), -PKIX_ERRORENTRY(ADDTOVERIFYLOGFAILED,pkix_AddToVerifyLog failed,0), -PKIX_ERRORENTRY(AIAMGRCREATEFAILED,PKIX_PL_AIAMgr_Create failed,0), -PKIX_ERRORENTRY(AIAMGRFINDLDAPCLIENTFAILED,pkix_pl_AiaMgr_FindLDAPClient failed,0), -PKIX_ERRORENTRY(AIAMGRGETAIACERTSFAILED,PKIX_PL_AIAMgr_GetAIACerts failed,SEC_ERROR_UNKNOWN_ISSUER), -PKIX_ERRORENTRY(AIAMGRGETHTTPCERTSFAILED,pkix_pl_AIAMgr_GetHTTPCerts failed,0), -PKIX_ERRORENTRY(AIAMGRGETLDAPCERTSFAILED,pkix_pl_AIAMgr_GetLDAPCerts failed,0), -PKIX_ERRORENTRY(ALGORITHMBYTESLENGTH0,Algorithm bytes length is 0,0), -PKIX_ERRORENTRY(ALLOCATENEWCERTGENERALNAMEFAILED,Allocate new CERTGeneralName failed,0), -PKIX_ERRORENTRY(AMBIGUOUSPARENTAGEOFVERIFYNODE,Ambiguous parentage of VerifyNode,0), -PKIX_ERRORENTRY(ANCHORDIDNOTCHAINTOCERT,Anchor did not chain to Cert,SEC_ERROR_UNKNOWN_ISSUER), -PKIX_ERRORENTRY(ANCHORDIDNOTPASSCERTSELECTORCRITERIA,Anchor did not pass CertSelector criteria,0), -PKIX_ERRORENTRY(APPENDLISTFAILED,pkix_pl_AppendList failed,0), -PKIX_ERRORENTRY(ARGUMENTNOTSTRING,Argument is not a String,0), -PKIX_ERRORENTRY(ARGUMENTSNOTBIGINTS,Arguments are not BigInts,0), -PKIX_ERRORENTRY(ARGUMENTSNOTBYTEARRAYS,Arguments are not Byte Arrays,0), -PKIX_ERRORENTRY(ARGUMENTSNOTDATES,Arguments are not Dates,0), -PKIX_ERRORENTRY(ARGUMENTSNOTOIDS,Arguments are not OIDs,0), -PKIX_ERRORENTRY(ATTEMPTTOADDDUPLICATEKEY,Attempt to add duplicate key,0), -PKIX_ERRORENTRY(ATTEMPTTODECODEANINCOMPLETERESPONSE,Attempt to decode an incomplete response,SEC_ERROR_BAD_DER), -PKIX_ERRORENTRY(ATTEMPTTODECREFALLOCERROR,Attempt to DecRef Alloc Error,0), -PKIX_ERRORENTRY(ATTEMPTTOINCREFALLOCERROR,Attempt to IncRef Alloc Error,0), -PKIX_ERRORENTRY(BADHTTPRESPONSE,Bad Http Response,SEC_ERROR_BAD_HTTP_RESPONSE), -PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERINITIALIZEFAILED,pkix_BasicConstraintsChecker_Initialize failed,0), -PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERSTATECREATEFAILED,PKIX_BasicConstraintsCheckerState_Create failed,0), -PKIX_ERRORENTRY(BASICCONSTRAINTSGETCAFLAGFAILED,PKIX_PL_BasicConstraints_GetCAFlag failed,0), -PKIX_ERRORENTRY(BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED,PKIX_PL_BasicConstraints_GetPathLenConstraint failed,0), -PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDCA,PKIX_BasicConstraints validation failed: CA Flag not set,SEC_ERROR_CA_CERT_INVALID), -PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDLN,PKIX_BasicConstraints validation failed: maximum length mismatch,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID), -PKIX_ERRORENTRY(BIGINTCOMPARATORFAILED,pkix_pl_BigInt_Comparator failed,0), -PKIX_ERRORENTRY(BIGINTCREATEWITHBYTESFAILED,pkix_pl_BigInt_CreateWithBytes failed,0), -PKIX_ERRORENTRY(BIGINTEQUALSFAILED,PKIX_PL_BigInt_Equals failed,0), -PKIX_ERRORENTRY(BIGINTLENGTH0INVALID,BigInt length 0 is invalid,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(BIGINTTOSTRINGFAILED,pkix_pl_BigInt_ToString failed,0), -PKIX_ERRORENTRY(BIGINTTOSTRINGHELPERFAILED,PKIX_PL_BigInt_ToString_Helper failed,0), -PKIX_ERRORENTRY(BINDREJECTEDBYSERVER,BIND rejected by server,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(BUILDANDVALIDATECHAINFAILED,Failed to build and validate a chain,0), -PKIX_ERRORENTRY(BUILDBUILDSELECTORANDPARAMSFAILED,pkix_Build_BuildSelectorAndParams failed,0), -PKIX_ERRORENTRY(BUILDCOMBINEWITHTRUSTFAILED,pkix_Build_CombineWithTrust failed,0), -PKIX_ERRORENTRY(BUILDFORWARDDEPTHFIRSTSEARCHFAILED,pkix_BuildForwardDepthFirstSearch failed,0), -PKIX_ERRORENTRY(BUILDGATHERCERTSFAILED,pkix_Build_GatherCerts failed,0), -PKIX_ERRORENTRY(BUILDGETRESOURCELIMITSFAILED,pkix_Build_GetResourceLimits failed,0), -PKIX_ERRORENTRY(BUILDINITIATEBUILDCHAINFAILED,pkix_Build_InitiateBuildChain failed,0), -PKIX_ERRORENTRY(BUILDRESULTCREATEFAILED,pkix_BuildResult_Create failed,0), -PKIX_ERRORENTRY(BUILDRESULTGETCERTCHAINFAILED,PKIX_BuildResult_GetCertChain failed,0), -PKIX_ERRORENTRY(BUILDRESULTGETVALIDATERESULTFAILED,PKIX_BuildResult_GetValidateResult failed,0), -PKIX_ERRORENTRY(BUILDREVCHECKPREPFAILED,pkix_Build_RevCheckPrep failed,0), -PKIX_ERRORENTRY(BUILDSORTCANDIDATECERTSFAILED,pkix_Build_SortCandidateCerts failed,0), -PKIX_ERRORENTRY(BUILDSTATECREATEFAILED,pkix_BuildState_Create failed,0), -PKIX_ERRORENTRY(BUILDTRYSHORTCUTFAILED,pkix_Build_TryShortcut failed,0), -PKIX_ERRORENTRY(BUILDUPDATEDATEFAILED,pkix_Build_UpdateDate failed,0), -PKIX_ERRORENTRY(BUILDVALIDATEENTIRECHAINFAILED,pkix_Build_ValidateEntireChain failed,0), -PKIX_ERRORENTRY(BUILDVALIDATIONCHECKERSFAILED,pkix_Build_ValidationCheckers failed,0), -PKIX_ERRORENTRY(BUILDVERIFYCERTIFICATEFAILED,pkix_Build_VerifyCertificate failed,0), -PKIX_ERRORENTRY(BYTEARRAYCOMPARATORFAILED,pkix_pl_ByteArray_Comparator failed,0), -PKIX_ERRORENTRY(BYTEARRAYCREATEFAILED,PKIX_PL_ByteArray_Create failed,0), -PKIX_ERRORENTRY(BYTEARRAYEQUALSFAILED,PKIX_PL_ByteArray_Equals failed,0), -PKIX_ERRORENTRY(BYTEARRAYGETLENGTHFAILED,PKIX_PL_ByteArray_GetLength failed,0), -PKIX_ERRORENTRY(BYTEARRAYGETPOINTERFAILED,PKIX_PL_ByteArray_GetPointer failed,0), -PKIX_ERRORENTRY(BYTEARRAYTOHEXSTRINGFAILED,pkix_pl_ByteArray_ToHexString failed,0), -PKIX_ERRORENTRY(BYTEARRAYTOSTRINGFAILED,PKIX_PL_ByteArray_ToString failed,0), -PKIX_ERRORENTRY(CACHECERTADDFAILED,pkix_CacheCert_Add failed,0), -PKIX_ERRORENTRY(CACHECERTCHAINADDFAILED,pkix_CacheCertChain_Add failed,0), -PKIX_ERRORENTRY(CACHECERTCHAINLOOKUPFAILED,pkix_CacheCertChain_Lookup failed,0), -PKIX_ERRORENTRY(CACHECERTCHAINREMOVEFAILED,pkix_CacheCertChain_Remove failed,0), -PKIX_ERRORENTRY(CACHECRLENTRYADDFAILED,pkix_CacheCrlEntry_Add failed,0), -PKIX_ERRORENTRY(CACHECRLENTRYLOOKUPFAILED,pkix_CacheCrlEntry_Lookup failed,0), -PKIX_ERRORENTRY(CALLOCFAILED,PKIX_PL_Calloc failed,0), -PKIX_ERRORENTRY(CANNOTAQUIRECRLDER,PKIX_PL_CRL_AquireDerCrl failed,0), -PKIX_ERRORENTRY(CANNOTCONVERTCERTUSAGETOPKIXKEYANDEKUSAGES, Fail to convert certificate usage to pkix KU and EKU,0), -PKIX_ERRORENTRY(CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY,Cannot open CollectionCertStoreContext directory,0), -PKIX_ERRORENTRY(CANTCREATESTRING,Cannot create PKIX_PL_String,0), -PKIX_ERRORENTRY(CANTDECODEBINDRESPONSEFROMSERVER,Cannot decode BIND response from server,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(CANTDECODESEARCHRESPONSEFROMSERVER,Cannot decode SEARCH response from server,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(CANTENABLEREVOCATIONWITHOUTCERTSTORE,Cannot enable Revocation without CertStore,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(CANTLOADLIBSMIME,Cannot load smime3 library,0), -PKIX_ERRORENTRY(CANTREREGISTERSYSTEMTYPE,Cannot reregister system type,0), -PKIX_ERRORENTRY(CERTARECERTPOLICIESCRITICALFAILED,PKIX_PL_Cert_AreCertPoliciesCritical failed,0), -PKIX_ERRORENTRY(CERTBASICCONSTRAINTSCREATEFAILED,pkix_pl_CertBasicConstraints_Create failed,0), -PKIX_ERRORENTRY(CERTBASICCONSTRAINTSTOSTRINGFAILED,PKIX_PL_CertBasicConstraints_ToString failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKCALLBACKFAILED,PKIX_CertChainChecker_CheckCallback failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKFAILED,PKIX_CertChainChecker_Check failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERCREATEFAILED,PKIX_CertChainChecker_Create failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_GetCertChainCheckerState failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERGETCHECKCALLBACKFAILED,PKIX_CertChainChecker_GetCheckCallback failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED,PKIX_CertChainChecker_GetSupportedExtensions failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED,PKIX_CertChainChecker_IsForwardCheckingSupported failed,0), -PKIX_ERRORENTRY(CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_SetCertChainCheckerState failed,0), -PKIX_ERRORENTRY(CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION,CertChain fails Certificate Policy validation,SEC_ERROR_POLICY_VALIDATION_FAILED), -PKIX_ERRORENTRY(CERTCHAINTONSSCHAINFAILED,Fail to convert pkix cert chain to nss cert chain,0), -PKIX_ERRORENTRY(CERTCHAINTOPKIXCERTLISTFAILED,Failed to convert nss cert chain to pkix cert chain,0), -PKIX_ERRORENTRY(CERTCHECKCERTTYPEFAILED,Check cert type failed,SEC_ERROR_INADEQUATE_CERT_TYPE), -PKIX_ERRORENTRY(CERTCHECKCERTVALIDTIMESFAILED,CERT_CheckCertValidTimes failed,SEC_ERROR_EXPIRED_CERTIFICATE), -PKIX_ERRORENTRY(CERTCHECKCRLFAILED,Fail to get crl cache issued by cert,0), -PKIX_ERRORENTRY(CERTCHECKEXTENDEDKEYUSAGEFAILED,pkix_pl_Cert_CheckExtendedKeyUsage failed,0), -PKIX_ERRORENTRY(CERTCHECKKEYUSAGEFAILED,CERT_CheckKeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE), -PKIX_ERRORENTRY(CERTCHECKNAMECONSTRAINTSFAILED,PKIX_PL_Cert_CheckNameConstraints failed,0), -PKIX_ERRORENTRY(CERTCHECKVALIDITYFAILED,PKIX_PL_Cert_CheckValidity failed,0), -PKIX_ERRORENTRY(CERTCOMPLETECRLDECODEDENTRIESFAILED,CERT_CompleteCRLDecodedEntries failed,0), -PKIX_ERRORENTRY(CERTCOPYNAMECONSTRAINTFAILED,CERT_CopyNameConstraint failed,0), -PKIX_ERRORENTRY(CERTCOPYNAMEFAILED,CERT_CopyName failed,0), -PKIX_ERRORENTRY(CERTCREATEFAILED,PKIX_PL_Cert_Create failed,0), -PKIX_ERRORENTRY(CERTCREATEGENERALNAMELISTFAILED,CERT_CreateGeneralNameList failed,0), -PKIX_ERRORENTRY(CERTCREATETOLISTFAILED,pkix_pl_Cert_CreateToList failed,0), -PKIX_ERRORENTRY(CERTCREATEWITHNSSCERTFAILED,pkix_pl_Cert_CreateWithNSSCert failed,0), -PKIX_ERRORENTRY(CERTDECODEALTNAMEEXTENSIONFAILED,CERT_DecodeAltNameExtension failed,0), -PKIX_ERRORENTRY(CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED,CERT_DecodeCertificatePoliciesExtension failed,0), -PKIX_ERRORENTRY(CERTDECODEDERCERTIFICATEFAILED,CERT_DecodeDERCertificate failed,0), -PKIX_ERRORENTRY(CERTDECODEDERCRLFAILED,CERT_DecodeDERCrl failed,0), -PKIX_ERRORENTRY(CERTDECODEINHIBITANYEXTENSIONFAILED,CERT_DecodeInhibitAnyExtension failed,0), -PKIX_ERRORENTRY(CERTDECODEINHIBITANYPOLICYFAILED,pkix_pl_Cert_DecodeInhibitAnyPolicy failed,0), -PKIX_ERRORENTRY(CERTDECODEOIDSEQUENCEFAILED,CERT_DecodeOidSequence failed,0), -PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED,CERT_DecodePolicyConstraintsExtension failed,0), -PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSFAILED,pkix_pl_Cert_DecodePolicyConstraints failed,0), -PKIX_ERRORENTRY(CERTDECODEPOLICYINFOFAILED,pkix_pl_Cert_DecodePolicyInfo failed,0), -PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGFAILED,pkix_pl_Cert_DecodePolicyMapping failed,0), -PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED,CERT_DecodePolicyMappingsExtension failed,0), -PKIX_ERRORENTRY(CERTEQUALSFAILED,pkix_pl_Cert_Equals failed,0), -PKIX_ERRORENTRY(CERTFAILEDNAMECONSTRAINTSCHECKING,Cert failed NameConstraints checking,SEC_ERROR_CERT_NOT_IN_NAME_SPACE), -PKIX_ERRORENTRY(CERTGETALLSUBJECTNAMESFAILED,PKIX_PL_Cert_GetAllSubjectNames failed,0), -PKIX_ERRORENTRY(CERTGETAUTHORITYINFOACCESSFAILED,PKIX_PL_Cert_GetAuthorityInfoAccess failed,0), -PKIX_ERRORENTRY(CERTGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetAuthorityKeyIdentifier failed,0), -PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTFAILED,PKIX_PL_Cert_GetBasicConstraint failed,0), -PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTSFAILED,PKIX_PL_Cert_GetBasicConstraints failed,0), -PKIX_ERRORENTRY(CERTGETCACHEFLAGFAILED,PKIX_Cert_GetCacheFlag failed,0), -PKIX_ERRORENTRY(CERTGETCERTCERTIFICATEFAILED,PKIX_PL_Cert_GetCERTCertificate failed,0), -PKIX_ERRORENTRY(CERTGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_Cert_GetCriticalExtensionOIDs failed,0), -PKIX_ERRORENTRY(CERTGETCRLDPFAILED,Failed to get cert crldp extension, 0), -PKIX_ERRORENTRY(CERTGETEXTENDEDKEYUSAGEFAILED,PKIX_PL_Cert_GetExtendedKeyUsage failed,0), -PKIX_ERRORENTRY(CERTGETINHIBITANYPOLICYFAILED,PKIX_PL_Cert_GetInhibitAnyPolicy failed,0), -PKIX_ERRORENTRY(CERTGETISSUERFAILED,PKIX_PL_Cert_GetIssuer failed,0), -PKIX_ERRORENTRY(CERTGETNAMECONSTRAINTSFAILED,PKIX_PL_CertGetNameConstraints failed,0), -PKIX_ERRORENTRY(CERTGETNSSSUBJECTALTNAMESFAILED,pkix_pl_Cert_GetNssSubjectAltNames failed,0), -PKIX_ERRORENTRY(CERTGETPOLICYINFORMATIONFAILED,PKIX_PL_Cert_GetPolicyInformation failed,0), -PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGINHIBITEDFAILED,PKIX_PL_Cert_GetPolicyMappingInhibited failed,0), -PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGSFAILED,PKIX_PL_Cert_GetPolicyMappings failed,0), -PKIX_ERRORENTRY(CERTGETREQUIREEXPLICITPOLICYFAILED,PKIX_PL_Cert_GetRequireExplicitPolicy failed,0), -PKIX_ERRORENTRY(CERTGETSERIALNUMBERFAILED,PKIX_PL_Cert_GetSerialNumber failed,0), -PKIX_ERRORENTRY(CERTGETSUBJALTNAMESFAILED,PKIX_PL_Cert_GetSubjAltNames failed,0), -PKIX_ERRORENTRY(CERTGETSUBJECTALTNAMESFAILED,PKIX_PL_Cert_GetSubjectAltNames failed,0), -PKIX_ERRORENTRY(CERTGETSUBJECTFAILED,PKIX_PL_Cert_GetSubject failed,0), -PKIX_ERRORENTRY(CERTGETSUBJECTINFOACCESSFAILED,PKIX_PL_Cert_GetSubjectInfoAccess failed,0), -PKIX_ERRORENTRY(CERTGETSUBJECTKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetSubjectKeyIdentifier failed,0), -PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYALGIDFAILED,PKIX_PL_Cert_GetSubjectPublicKeyAlgId failed,0), -PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYFAILED,PKIX_PL_Cert_GetSubjectPublicKey failed,0), -PKIX_ERRORENTRY(CERTGETVALIDITYNOTAFTERFAILED,PKIX_PL_Cert_GetValidityNotAfter failed,0), -PKIX_ERRORENTRY(CERTGETVERSIONFAILED,PKIX_PL_Cert_GetVersion failed,0), -PKIX_ERRORENTRY(CERTHASHCODEFAILED,PKIX_PL_Cert_Hashcode failed,0), -PKIX_ERRORENTRY(CERTIFICATEDOESNTHAVEVALIDCRL,Certificate does not have a valid CRL,SEC_ERROR_CRL_NOT_FOUND), -PKIX_ERRORENTRY(CERTIFICATEREVOKED,Certificate is revoked,SEC_ERROR_REVOKED_CERTIFICATE), -PKIX_ERRORENTRY(CERTIMPORTCERTIFICATEFUNCTIONFAILED,CERTImportCertificate function failed,0), -PKIX_ERRORENTRY(CERTISCERTTRUSTEDFAILED,PKIX_PL_Cert_IsCertTrusted failed,SEC_ERROR_UNTRUSTED_CERT), -PKIX_ERRORENTRY(CERTISEXTENSIONCRITICALFAILED,pkix_pl_Cert_IsExtensionCritical failed,0), -PKIX_ERRORENTRY(CERTMERGENAMECONSTRAINTSFAILED,PKIX_PL_Cert_MergeNameConstraints failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNameInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNamesInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED,pkix_pl_CertNameConstraints_CheckNameSpaceNssNames failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED,pkix_pl_CertNameConstraints_CopyNssNameConstraints failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEBYMERGEFAILED,pkix_pl_CertNameConstraints_CreateByMerge failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEFAILED,pkix_pl_CertNameConstraints_Create failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEHELPERFAILED,pkix_pl_CertNameConstraints_Create_Helper failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETEXCLUDEDFAILED,pkix_pl_CertNameConstraints_GetExcluded failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETPERMITTEDFAILED,pkix_pl_CertNameConstraints_GetPermitted failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSMERGEFAILED,pkix_pl_CertNameConstraints_Merge failed,0), -PKIX_ERRORENTRY(CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED,pkix_pl_CertNameConstraints_ToString_Helper failed,0), -PKIX_ERRORENTRY(CERTNAMETOASCIIFAILED,CERT_NameToAscii failed,0), -PKIX_ERRORENTRY(CERTNOTALLOWEDTOSIGNCERTIFICATES,Cert not allowed to sign certificates,SEC_ERROR_CA_CERT_INVALID), -PKIX_ERRORENTRY(CERTPOLICYINFOCREATEFAILED,pkix_pl_CertPolicyInfo_Create failed,0), -PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLICYIDFAILED,PKIX_PL_CertPolicyInfo_GetPolicyId failed,0), -PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLQUALIFIERSFAILED,PKIX_PL_CertPolicyInfo_GetPolQualifiers failed,0), -PKIX_ERRORENTRY(CERTPOLICYMAPCREATEFAILED,pkix_pl_CertPolicyMap_Create failed,0), -PKIX_ERRORENTRY(CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy failed,0), -PKIX_ERRORENTRY(CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy failed,0), -PKIX_ERRORENTRY(CERTPOLICYQUALIFIERCREATEFAILED,pkix_pl_CertPolicyQualifier_Create failed,0), -PKIX_ERRORENTRY(CERTREJECTEDBYREVOCATIONCHECKER,Cert rejected by revocation checker,0), -PKIX_ERRORENTRY(CERTSELECTORCHECKFAILED,Validation failed: CertSelector check failed,0), -PKIX_ERRORENTRY(CERTSELECTORCREATEFAILED,PKIX_CertSelector_Create failed,0), -PKIX_ERRORENTRY(CERTSELECTORFAILED,certSelector failed,0), -PKIX_ERRORENTRY(CERTSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CertSelector_GetComCertSelParams failed,0), -PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED,PKIX_CertSelector_GetCommonCertSelectorParam failed,0), -PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_GetCommonCertSelectorParams failed,0), -PKIX_ERRORENTRY(CERTSELECTORGETMATCHCALLBACKFAILED,PKIX_CertSelector_GetMatchCallback failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHAUTHKEYIDFAILED,pkix_CertSelector_Match_AuthKeyId failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHBASICCONSTRAINTFAILED,pkix_CertSelector_Match_BasicConstraint failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCALLBACKFAILED,PKIX_CertSelector_MatchCallback failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCERTIFICATEVALIDFAILED,pkix_CertSelector_Match_CertificateValid failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCERTISSUERFAILED,cert does not match issuer name,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCERTOBJECTFAILED,cert does not match cert object,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSERIALNUMFAILED,cert does not match serial number,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSUBJECTFAILED,cert does not match subject name,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHCERTVERSIONFAILED,cert does not match cert version,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED,pkix_CertSelector_Match_ExtendedKeyUsage failed,SEC_ERROR_INADEQUATE_CERT_TYPE), -PKIX_ERRORENTRY(CERTSELECTORMATCHFAILED,certSelectorMatch failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHKEYUSAGEFAILED,pkix_CertSelector_Match_KeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE), -PKIX_ERRORENTRY(CERTSELECTORMATCHNAMECONSTRAINTSFAILED,pkix_CertSelector_Match_NameConstraints failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHPATHTONAMESFAILED,pkix_CertSelector_Match_PathToNames failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHPOLICIESFAILED,pkix_CertSelector_Match_Policies failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJALTNAMESFAILED,pkix_CertSelector_Match_SubjAltNames failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJKEYIDFAILED,pkix_CertSelector_Match_SubjKeyId failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPKALGIDFAILED,pkix_CertSelector_Match_SubjPKAlgId failed,0), -PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPUBKEYFAILED,pkix_CertSelector_Match_SubjPubKey failed,0), -PKIX_ERRORENTRY(CERTSELECTORSELECTFAILED,pkix_CertSelector_Select failed,0), -PKIX_ERRORENTRY(CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_SetCommonCertSelectorParams failed,0), -PKIX_ERRORENTRY(CERTSETASTRUSTANCHORFAILED, PKIX_PL_Cert_SetAsTrustAnchor failed, 0), -PKIX_ERRORENTRY(CERTSETCACHEFLAGFAILED,PKIX_PL_Cert_SetCacheFlag failed,0), -PKIX_ERRORENTRY(CERTSETTRUSTCERTSTOREFAILED,PKIX_PL_Cert_SetTrustCertStore failed,0), -PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFAILED,PKIX_CertStore_CertContinue failed,0), -PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFUNCTIONFAILED,PKIX_CertStore_CertContinueFunction failed,0), -PKIX_ERRORENTRY(CERTSTORECREATEFAILED,PKIX_CertStore_Create failed,0), -PKIX_ERRORENTRY(CERTSTORECRLCONTINUEFAILED,PKIX_CertStore_CrlContinue failed,0), -PKIX_ERRORENTRY(CERTSTOREEQUALSFAILED,pkix_CertStore_Equals failed,0), -PKIX_ERRORENTRY(CERTSTORECRLCHECKFAILED,Fail to check cert crl revocation,0), -PKIX_ERRORENTRY(CERTSTOREGETCHECKREVBYCRLFAILED,Can not get revocation check function,0), -PKIX_ERRORENTRY(CERTSTOREFAILTOIMPORTCRLLIST,Fail to import crls,0), -PKIX_ERRORENTRY(CERTSTOREGETCERTCALLBACKFAILED,PKIX_CertStore_GetCertCallback failed,0), -PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECACHEFLAGFAILED,PKIX_CertStore_GetCertStoreCacheFlag failed,0), -PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECONTEXTFAILED,PKIX_CertStore_GetCertStoreContext failed,0), -PKIX_ERRORENTRY(CERTSTOREGETCRLCALLBACKFAILED,PKIX_CertStore_GetCRLCallback failed,0), -PKIX_ERRORENTRY(CERTSTOREGETLOCALFLAGFAILED,PKIX_CertStore_GetLocalFlag failed,0), -PKIX_ERRORENTRY(CERTSTOREGETTRUSTCALLBACKFAILED,PKIX_CertStore_GetTrustCallback failed,0), -PKIX_ERRORENTRY(CERTSTOREHASHCODEFAILED,pkix_CertStore_Hashcode failed,0), -PKIX_ERRORENTRY(CERTTOSTRINGFAILED,PKIX_PL_Cert_ToString failed,0), -PKIX_ERRORENTRY(CERTTOSTRINGHELPERFAILED,pkix_pl_Cert_ToString_Helper failed,0), -PKIX_ERRORENTRY(CERTVERIFYCERTTYPEFAILED,PKIX_PL_Cert_VerifyCertAndKeyType failed,0), -PKIX_ERRORENTRY(CERTVERIFYKEYUSAGEFAILED,PKIX_PL_Cert_VerifyKeyUsage failed,0), -PKIX_ERRORENTRY(CERTVERIFYSIGNATUREFAILED,PKIX_PL_Cert_VerifySignature failed,0), -PKIX_ERRORENTRY(CHAINREJECTEDBYREVOCATIONCHECKER,Chain rejected by Revocation Checker,0), -PKIX_ERRORENTRY(CHECKCERTAGAINSTANCHORFAILED,pkix_CheckCertAgainstAnchor failed,0), -PKIX_ERRORENTRY(CHECKCERTFAILED,pkix_CheckCert failed,0), -PKIX_ERRORENTRY(CHECKCHAINFAILED,pkix_CheckChain failed,0), -PKIX_ERRORENTRY(CHECKTRUSTCALLBACKFAILED,CheckTrustCallback failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCrl failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECERTFAILED,pkix_pl_CollectionCertStoreContext_CreateCert failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECRLFAILED,pkix_pl_CollectionCertStoreContext_CreateCRL failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCERTFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCert failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCRL failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0), -PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCRL failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSCREATEFAILED,PKIX_ComCertSelParams_Create failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetAuthorityKeyIdentifier failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_GetBasicConstraints failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEFAILED,PKIX_ComCertSelParams_GetCertificate failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_GetCertificateValid failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED,PKIX_ComCertSelParams_GetExtendedKeyUsage failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETISSUERFAILED,PKIX_ComCertSelParams_GetIssuer failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETKEYUSAGEFAILED,PKIX_ComCertSelParams_GetKeyUsage failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_GetLeafCertFlag failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetMatchAllSubjAltNames failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED,PKIX_ComCertSelParams_GetNameConstraints failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETPATHTONAMESFAILED,PKIX_ComCertSelParams_GetPathToNames failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETPOLICYFAILED,PKIX_ComCertSelParams_GetPolicy failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETSERIALNUMBERFAILED,PKIX_ComCertSelParams_GetSerialNumber failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetSubjAltNames failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJECTFAILED,PKIX_ComCertSelParams_GetSubject failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetSubjKeyIdentifier failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPKALGIDFAILED,PKIX_ComCertSelParams_GetSubjPKAlgId failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPUBKEYFAILED,PKIX_ComCertSelParams_GetSubjPubKey failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSGETVERSIONFAILED,PKIX_ComCertSelParams_GetVersion failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_SetBasicConstraints failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEFAILED,PKIX_ComCertSelParams_SetCertificate failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_SetCertificateValid failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETEXTKEYUSAGEFAILED,PKIX_ComCertSelParams_SetExtendedKeyUsage failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETKEYUSAGEFAILED,PKIX_ComCertSelParams_SetKeyUsage failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_SetLeafCertFlag failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETNISTPOLICYENABLEDFAILED,PKIX_ComCertSelParams_SetNISTPolicyEnabled failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETPATHTONAMESFAILED,PKIX_ComCertSelParams_SetPathToNames failed,0), -PKIX_ERRORENTRY(COMCERTSELPARAMSSETSUBJECTFAILED,PKIX_ComCertSelParams_SetSubject failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSADDISSUERNAMEFAILED,PKIX_ComCRLSelParams_AddIssuerName failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSCREATEFAILED,PKIX_ComCRLSelParams_Create failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSEQUALSFAILED,pkix_ComCRLSelParams_Equals failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSGETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_GetDateAndTime failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSGETISSUERNAMESFAILED,PKIX_ComCRLSelParams_GetIssuerNames failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSGETMAXCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMaxCRLNumber failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSGETMINCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMinCRLNumber failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED,PKIX_ComCRLSelParams_GetNISTPolicyEnabled failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSSETCERTFAILED,PKIX_ComCRLSelParams_SetCertificateChecking failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSSETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_SetDateAndTime failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGFAILED,pkix_ComCRLSelParams_ToString failed,0), -PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGHELPERFAILED,pkix_ComCRLSelParams_ToString_Helper failed,0), -PKIX_ERRORENTRY(COMPARATORCALLBACKFAILED,comparator callback failed,0), -PKIX_ERRORENTRY(CONTENTTYPENOTPKCS7MIME,Content type is not application/pkcs7-mime,0), -PKIX_ERRORENTRY(CONTENTTYPENOTPKIXCRL,Content type is not application/pkix-crl,SEC_ERROR_BAD_HTTP_RESPONSE), -PKIX_ERRORENTRY(COULDNOTALLOCATEMEMORY,Could not allocate memory,0), -PKIX_ERRORENTRY(COULDNOTALLOCATENEWSTRINGOBJECT,Could not allocate new string object,0), -PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST,Could not append child to parent PolicyNode list,0), -PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST,Could not append child to parent VerifyNode list,0), -PKIX_ERRORENTRY(COULDNOTCREATEAIAMGROBJECT,Could not create AiaMgr object,0), -PKIX_ERRORENTRY(COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT,Could not create basic constraints state object,0), -PKIX_ERRORENTRY(COULDNOTCREATEBUILDPARAMSOBJECT,Could not create build params object,0), -PKIX_ERRORENTRY(COULDNOTCREATEBUILDRESULTOBJECT,Could not create build result object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTBASICCONSTRAINTSOBJECT,Could not create a CertBasicConstraints object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTCHAINCHECKEROBJECT,Could not create cert chain checker object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTNAMECONSTRAINTSOBJECT,Could not create CertNameConstraints object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYINFOOBJECT,Could not create a CertPolicyInfo object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYMAPOBJECT,Could not create a CertPolicyMap object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYQUALIFIEROBJECT,Could not create a CertPolicyQualifier object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTSELECTOROBJECT,Could not create cert selector object,0), -PKIX_ERRORENTRY(COULDNOTCREATECERTSTOREOBJECT,Could not create CertStore object,0), -PKIX_ERRORENTRY(COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT,Could not create CollectionCertStoreContext object,0), -PKIX_ERRORENTRY(COULDNOTCREATECOMMONCERTSELPARAMSOBJECT,Could not create common certsel params object,0), -PKIX_ERRORENTRY(COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT,Could not create common crl selector params object,0), -PKIX_ERRORENTRY(COULDNOTCREATECRLENTRYOBJECT,Could not create CRLENTRY object,0), -PKIX_ERRORENTRY(COULDNOTCREATECRLOBJECT,Could not create CRL object,0), -PKIX_ERRORENTRY(COULDNOTCREATECRLSELECTOROBJECT,Could not create CRLSelector object,0), -PKIX_ERRORENTRY(COULDNOTCREATECRLCHECKEROBJECT,Could not create CRLChecker object,0), -PKIX_ERRORENTRY(COULDNOTCREATEOCSPCHECKEROBJECT,Could not create OcspChecker object,0), -PKIX_ERRORENTRY(COULDNOTCREATEREVOCATIONMETHODOBJECT,Could not create RevocationMethod object,0), -PKIX_ERRORENTRY(COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT,Could not create DefaultRevocationChecker object,0), -PKIX_ERRORENTRY(COULDNOTCREATEEKUCHECKERSTATEOBJECT,Could not create EkuCheckerState object,0), -PKIX_ERRORENTRY(COULDNOTCREATEFORWARDBUILDERSTATEOBJECT,Could not create forwardBuilder state object,0), -PKIX_ERRORENTRY(COULDNOTCREATEHASHTABLEOBJECT,Could not create HashTable object,0), -PKIX_ERRORENTRY(COULDNOTCREATEHTTPDEFAULTCLIENTOBJECT,Could not create HttpDefaultClient object,0), -PKIX_ERRORENTRY(COULDNOTCREATEINFOACCESSOBJECT,Could not create InfoAccess object,0), -PKIX_ERRORENTRY(COULDNOTCREATELDAPDEFAULTCLIENTOBJECT,Could not create LdapDefaultClient object,0), -PKIX_ERRORENTRY(COULDNOTCREATELOCKOBJECT,Could not create lock object,0), -PKIX_ERRORENTRY(COULDNOTCREATELOGGEROBJECT,Could not create Logger object,0), -PKIX_ERRORENTRY(COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT,Could not create NameConstraintsCheckerState object,0), -PKIX_ERRORENTRY(COULDNOTCREATENSSDN,Could not create NSS DN,0), -PKIX_ERRORENTRY(COULDNOTCREATEOBJECT,Could not create object,0), -PKIX_ERRORENTRY(COULDNOTCREATEOBJECTSTORAGE,Could not create object storage,0), -PKIX_ERRORENTRY(COULDNOTCREATEPOLICYCHECKERSTATEOBJECT,Could not create policyChecker state object,0), -PKIX_ERRORENTRY(COULDNOTCREATEPOLICYNODEOBJECT,Could not create a PolicyNode object,0), -PKIX_ERRORENTRY(COULDNOTCREATEPROCESSINGPARAMSOBJECT,Could not create processing params object,0), -PKIX_ERRORENTRY(COULDNOTCREATERESOURCELIMITOBJECT,Could not create ResourceLimit object,0), -PKIX_ERRORENTRY(COULDNOTCREATESIGNATURECHECKERSTATEOBJECT,Could not create SignatureCheckerState object,0), -PKIX_ERRORENTRY(COULDNOTCREATESOCKETOBJECT,Could not create Socket object,0), -PKIX_ERRORENTRY(COULDNOTCREATESTRING,Could not create string,0), -PKIX_ERRORENTRY(COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT,Could not create target cert checker state object,0), -PKIX_ERRORENTRY(COULDNOTCREATETRUSTANCHOROBJECT,Could not create trust anchor object,0), -PKIX_ERRORENTRY(COULDNOTCREATEVALIDATEPARAMSOBJECT,Could not create validate params object,0), -PKIX_ERRORENTRY(COULDNOTCREATEVALIDATERESULTOBJECT,Could not create validate result object,0), -PKIX_ERRORENTRY(COULDNOTCREATEVERIFYNODEOBJECT,Could not create a VerifyNode object,0), -PKIX_ERRORENTRY(COULDNOTCREATEX500NAMEOBJECT,Could not create X500Name object,0), -PKIX_ERRORENTRY(COULDNOTGETFIRSTOBJECTTYPE,Could not get first object type,0), -PKIX_ERRORENTRY(COULDNOTGETSECONDOBJECTTYPE,Could not get second object type,0), -PKIX_ERRORENTRY(COULDNOTGETTYPEOFSECONDARGUMENT,Could not get type of second argument,0), -PKIX_ERRORENTRY(COULDNOTLOOKUPINHASHTABLE,Could not lookup in hashtable,0), -PKIX_ERRORENTRY(COULDNOTMALLOCNEWKEY,Could not malloc new key,0), -PKIX_ERRORENTRY(COULDNOTTESTWHETHERKEYSEQUAL,Could not test whether keys are equal,0), -PKIX_ERRORENTRY(CREATECERTFAILED,CreateCert failed,0), -PKIX_ERRORENTRY(CREATECRLSELECTORDUPLICATEOBJECTFAILED,Create CRLSelector Duplicate Object failed,0), -PKIX_ERRORENTRY(CREATEPROCESSINGPARAMSFAILED,Failed to create processing parameters,0), -PKIX_ERRORENTRY(CRLCHECKERCREATEFAILED,pkix_CRLChecker_Create failed,0), -PKIX_ERRORENTRY(CRLCHECKERINITIALIZEFAILED,pkix_CRLChecker_Initialize failed,0), -PKIX_ERRORENTRY(CRLCHECKERNOLOCALCERTSTOREFOUND,No local cert store found, 0), -PKIX_ERRORENTRY(CRLCHECKERSETSELECTORFAILED,pkix_CRLChecker_SetSelector failed,0), -PKIX_ERRORENTRY(CRLCREATEFAILED,PKIX_PL_CRL_Create failed,0), -PKIX_ERRORENTRY(CRLCREATETOLISTFAILED,pkix_pl_CRL_CreateToList failed,0), -PKIX_ERRORENTRY(CRLCREATEWITHSIGNEDCRLFAILED,pkix_pl_CRL_CreateWithSignedCRL failed,0), -PKIX_ERRORENTRY(CRLCRITICALEXTENSIONOIDSNOTPROCESSED,CRL Critical Extension OIDs not processed,0), -PKIX_ERRORENTRY(CRLDPCREATEFAILED, Failed to create CRL DP,0), -PKIX_ERRORENTRY(CRLENTRYCREATEFAILED,pkix_pl_CRLEntry_Create failed,0), -PKIX_ERRORENTRY(CRLENTRYCRITICALEXTENSIONWASNOTPROCESSED,CRLEntry Critical Extension was not processed,0), -PKIX_ERRORENTRY(CRLENTRYEXTENSIONSEQUALSFAILED,PKIX_PL_CRLEntry_Extensions_Equals failed,0), -PKIX_ERRORENTRY(CRLENTRYEXTENSIONSHASHCODEFAILED,pkix_pl_CRLEntry_Extensions_Hashcode failed,0), -PKIX_ERRORENTRY(CRLENTRYGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRLEntry_GetCriticalExtensionOIDs failed,0), -PKIX_ERRORENTRY(CRLENTRYGETCRLENTRYREASONCODEFAILED,PKIX_PL_CRLEntry_GetCRLEntryReasonCode failed,0), -PKIX_ERRORENTRY(CRLENTRYTOSTRINGHELPERFAILED,pkix_pl_CRLEntry_ToString_Helper failed,0), -PKIX_ERRORENTRY(CRLGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRL_GetCriticalExtensionOIDs failed,0), -PKIX_ERRORENTRY(CRLGETCRLENTRIESFAILED,pkix_pl_CRL_GetCRLEntries failed,0), -PKIX_ERRORENTRY(CRLGETCRLENTRYFORSERIALNUMBERFAILED,PKIX_PL_CRL_GetCRLEntryForSerialNumber failed,0), -PKIX_ERRORENTRY(CRLGETCRLNUMBERFAILED,PKIX_PL_CRL_GetCRLNumber failed,0), -PKIX_ERRORENTRY(CRLGETISSUERFAILED,PKIX_PL_CRL_GetIssuer failed,0), -PKIX_ERRORENTRY(CRLGETPARTITIONEDFLAGFAILED,PKIX_PL_CRL_IsPartitioned failed,0), -PKIX_ERRORENTRY(CRLGETSIGNATUREALGIDFAILED,pkix_pl_CRL_GetSignatureAlgId failed,0), -PKIX_ERRORENTRY(CRLGETVERSIONFAILED,pkix_pl_CRL_GetVersion failed,0), -PKIX_ERRORENTRY(CRLISSUECERTEXPIRED,CRL issue cert has expired,0), -PKIX_ERRORENTRY(CRLMAXNUMBERRANGEMATCHFAILED,CRL MaxNumber Range Match Failed,0), -PKIX_ERRORENTRY(CRLSELECTORCREATEFAILED,PKIX_CRLSelector_Create failed,0), -PKIX_ERRORENTRY(CRLSELECTORFAILED,crlSelector failed,0), -PKIX_ERRORENTRY(CRLSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CRLSelector_GetComCertSelParams failed,0), -PKIX_ERRORENTRY(CRLSELECTORGETMATCHCALLBACKFAILED,PKIX_CRLSelector_GetMatchCallback failed,0), -PKIX_ERRORENTRY(CRLSELECTORMATCHCALLBACKFAILED,PKIX_CRLSelector_MatchCallback failed,0), -PKIX_ERRORENTRY(CRLSELECTORMATCHFAILED,crlSelectorMatch failed,0), -PKIX_ERRORENTRY(CRLSELECTORSELECTFAILED,pkix_CRLSelector_Select failed,0), -PKIX_ERRORENTRY(CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED,PKIX_CRLSelector_SetCommonCRLSelectorParams failed,0), -PKIX_ERRORENTRY(CRLSELECTORTOSTRINGHELPERFAILED,pkix_CRLSelector_ToString_Helper failed,0), -PKIX_ERRORENTRY(CRLTOSTRINGHELPERFAILED,pkix_pl_CRL_ToString_Helper failed,0), -PKIX_ERRORENTRY(CRLVERIFYUPDATETIMEFAILED,pkix_pl_CRL_VerifyUpdateTime failed,0), -PKIX_ERRORENTRY(DATECREATECURRENTOFFBYSECONDSFAILED,PKIX_PL_Date_Create_CurrentOffBySeconds failed,0), -PKIX_ERRORENTRY(DATECREATEFROMPRTIMEFAILED,pkix_pl_Date_CreateFromPRTime failed,0), -PKIX_ERRORENTRY(DATECREATEUTCTIMEFAILED,PKIX_PL_Date_Create_UTCTime failed,0), -PKIX_ERRORENTRY(DATEDERTIMETOPRTIMEFAILED,Fail to convert encoded time to PRTime,0), -PKIX_ERRORENTRY(DATEEQUALSFAILED,PKIX_PL_Date_Equals failed,0), -PKIX_ERRORENTRY(DATEGETPRTIMEFAILED,pkix_pl_Date_GetPRTime failed,0), -PKIX_ERRORENTRY(DATEHASHCODEFAILED,PKIX_PL_Date_Hashcode failed,0), -PKIX_ERRORENTRY(DATETOSTRINGFAILED,PKIX_Date_ToString failed,0), -PKIX_ERRORENTRY(DATETOSTRINGHELPERFAILED,pkix_pl_Date_ToString_Helper failed,0), -PKIX_ERRORENTRY(DECIPHERONLYKEYUSAGENOTSUPPORTED,decipherOnly key usage not supported,0), -PKIX_ERRORENTRY(DECODINGCERTNAMECONSTRAINTSFAILED,Decoding Cert NameConstraints failed,0), -PKIX_ERRORENTRY(DEFAULTREVCHECKERCREATEFAILED,pkix_DefaultRevChecker_Create failed,0), -PKIX_ERRORENTRY(DEFAULTREVCHECKERINITIALIZEFAILED,pkix_DefaultRevChecker_Initialize failed,0), -PKIX_ERRORENTRY(DEPTHWOULDEXCEEDRESOURCELIMITS,Depth would exceed Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS), -PKIX_ERRORENTRY(DERASCIITOTIMEFAILED,DER_AsciiToTime failed,0), -PKIX_ERRORENTRY(DERDECODETIMECHOICEFAILED,DER_DecodeTimeChoice failed,0), -PKIX_ERRORENTRY(DERDECODETIMECHOICEFORLASTUPDATEFAILED,DER_DecodeTimeChoice for lastUpdate failed,0), -PKIX_ERRORENTRY(DERDECODETIMECHOICEFORNEXTUPDATEFAILED,DER_DecodeTimeChoice for nextUpdate failed,0), -PKIX_ERRORENTRY(DERENCODETIMECHOICEFAILED,DER_EncodeTimeChoice failed,0), -PKIX_ERRORENTRY(DERGENERALIZEDDAYTOASCIIFAILED,DER_GeneralizedDayToAscii failed,0), -PKIX_ERRORENTRY(DERTIMETOUTCTIMEFAILED,DER_TimeToUTCTime failed,0), -PKIX_ERRORENTRY(DERUTCTIMETOASCIIFAILED,DER_UTCTimeToAscii failed,0), -PKIX_ERRORENTRY(DESTROYSPKIFAILED,pkix_pl_DestroySPKI failed,0), -PKIX_ERRORENTRY(DIRECTORYNAMECREATEFAILED,pkix_pl_DirectoryName_Create failed,0), -PKIX_ERRORENTRY(DUPLICATEIMMUTABLEFAILED,pkix_duplicateImmutable failed,0), -PKIX_ERRORENTRY(CANNOTSORTIMMUTABLELIST,pkix_List_BubbleSort can not sort immutable list,0), -PKIX_ERRORENTRY(EKUCHECKERGETREQUIREDEKUFAILED,pkix_pl_EkuChecker_GetRequiredEku failed,0), -PKIX_ERRORENTRY(EKUCHECKERINITIALIZEFAILED,PKIX_PL_EkuChecker_Initialize failed,0), -PKIX_ERRORENTRY(EKUCHECKERSTATECREATEFAILED,pkix_pl_EkuCheckerState_Create failed,0), -PKIX_ERRORENTRY(ENABLEREVOCATIONWITHOUTCERTSTORE,Enable Revocation without CertStore,0), -PKIX_ERRORENTRY(ERRORALLOCATINGMONITORLOCK,Error Allocating MonitorLock,0), -PKIX_ERRORENTRY(ERRORALLOCATINGRWLOCK,Error Allocating RWLock,0), -PKIX_ERRORENTRY(ERRORCREATINGCHILDSTRING,Error creating child string,0), -PKIX_ERRORENTRY(ERRORCREATINGFORMATSTRING,Error creating format string,0), -PKIX_ERRORENTRY(ERRORCREATINGINDENTSTRING,Error creating indent string,0), -PKIX_ERRORENTRY(ERRORCREATINGITEMSTRING,Error creating item string,0), -PKIX_ERRORENTRY(ERRORCREATINGLISTITEM,Error Creating List Item,0), -PKIX_ERRORENTRY(ERRORCREATINGSUBTREESTRING,Error creating subtree string,0), -PKIX_ERRORENTRY(ERRORCREATINGTABLELOCK,Error creating table lock,0), -PKIX_ERRORENTRY(ERRORFINDINGORPROCESSINGURI,Error finding or processing URI,0), -PKIX_ERRORENTRY(ERRORGETTINGCAUSESTRING,Error getting cause string,0), -PKIX_ERRORENTRY(ERRORGETTINGCLASSTABLEENTRY,Error getting class table entry,0), -PKIX_ERRORENTRY(ERRORGETTINGHASHCODE,Error getting hashcode,0), -PKIX_ERRORENTRY(ERRORGETTINGSECONDOBJECTTYPE,Error getting second object type,0), -PKIX_ERRORENTRY(ERRORINBYTEARRAYHASHCODE,Error in PKIX_PL_ByteArray_Hashcode,0), -PKIX_ERRORENTRY(ERRORINGETTINGDESTRUCTOR,Error in getting destructor,0), -PKIX_ERRORENTRY(ERRORINHASH,Error in pkix_hash,0), -PKIX_ERRORENTRY(ERRORINLISTHASHCODE,Error in PKIX_List_Hashcode,0), -PKIX_ERRORENTRY(ERRORINOBJECTDEFINEDESTROY,Error in object-defined destroy callback,0), -PKIX_ERRORENTRY(ERRORINOIDHASHCODE,Error in PKIX_PL_OID_Hashcode,0), -PKIX_ERRORENTRY(ERRORINRECURSIVEEQUALSCALL,Error in recursive equals call,0), -PKIX_ERRORENTRY(ERRORINSINGLEPOLICYNODETOSTRING,Error in pkix_SinglePolicyNode_ToString,0), -PKIX_ERRORENTRY(ERRORINSINGLEVERIFYNODETOSTRING,Error in pkix_SingleVerifyNode_ToString,0), -PKIX_ERRORENTRY(ERRORINSPRINTF,Error in PKIX_PL_Sprintf,0), -PKIX_ERRORENTRY(ERRORINSTRINGCREATE,Error in PKIX_PL_String_Create,0), -PKIX_ERRORENTRY(ERRORLOCKINGOBJECT,Error locking object,0), -PKIX_ERRORENTRY(ERRORTOSTRINGFAILED,PKIX_Error_ToString failed,0), -PKIX_ERRORENTRY(ERRORTRAVERSINGBUCKET,Error traversing bucket,0), -PKIX_ERRORENTRY(ERRORUNLOCKINGMUTEX,Error unlocking mutex,0), -PKIX_ERRORENTRY(ERRORUNLOCKINGOBJECT,Error unlocking object,0), -PKIX_ERRORENTRY(ESCASCIITOUTF16FAILED,pkix_EscASCII_to_UTF16 failed,0), -PKIX_ERRORENTRY(EXPIRATIONCHECKERINITIALIZEFAILED,pkix_ExpirationChecker_Initialize failed,0), -PKIX_ERRORENTRY(EXTENDEDKEYUSAGECHECKINGFAILED,Extended Key Usage Checking failed,SEC_ERROR_INADEQUATE_CERT_TYPE), -PKIX_ERRORENTRY(EXTENDEDKEYUSAGEUSEROBJECT,Extended Key Usage User Object,0), -PKIX_ERRORENTRY(EXTRACTPARAMETERSFAILED,pkix_ExtractParameters failed,0), -PKIX_ERRORENTRY(FAILEDINENCODINGSEARCHREQUEST,failed in encoding searchRequest,SEC_ERROR_FAILED_TO_ENCODE_DATA), -PKIX_ERRORENTRY(FAILEDTODECODECRL, failed to decode CRL,SEC_ERROR_BAD_DER), -PKIX_ERRORENTRY(FAILEDTOGETNSSTRUSTANCHORS,Failed to get nss trusted roots,0), -PKIX_ERRORENTRY(FAILEDTOGETTRUST, failed to get trust from the cert,0), -PKIX_ERRORENTRY(FAILTOREMOVEDPFROMLIST, failed to remove dp from the list,0), -PKIX_ERRORENTRY(FAILTOSELECTCERTSFROMANCHORS,failed to select certs from anchors,0), -PKIX_ERRORENTRY(FAILUREHASHINGCERT,Failure hashing Cert,0), -PKIX_ERRORENTRY(FAILUREHASHINGERROR,Failure hashing Error,0), -PKIX_ERRORENTRY(FAILUREHASHINGLISTEXPECTEDPOLICYSET,Failure hashing PKIX_List expectedPolicySet,0), -PKIX_ERRORENTRY(FAILUREHASHINGLISTQUALIFIERSET,Failure hashing PKIX_List qualifierSet,0), -PKIX_ERRORENTRY(FAILUREHASHINGOIDVALIDPOLICY,Failure hashing PKIX_PL_OID validPolicy,0), -PKIX_ERRORENTRY(FANOUTEXCEEDSRESOURCELIMITS,Fanout exceeds Resource Limits,0), -PKIX_ERRORENTRY(FETCHINGCACHEDCRLFAILED,Fetching Cached CRLfailed,0), -PKIX_ERRORENTRY(FILLINPROCESSINGPARAMSFAILED,Fail to fill in parameters,0), -PKIX_ERRORENTRY(FILLINRETURNRESULTSFAILED,Fail to fill in return results,0), -PKIX_ERRORENTRY(FIRSTARGUMENTNOTANOID,FirstObject is not an OID,0), -PKIX_ERRORENTRY(FIRSTARGUMENTNOTBYTEARRAY,FirstObject is not a ByteArray,0), -PKIX_ERRORENTRY(FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT,First argument is not a CertBasicConstraints Object,0), -PKIX_ERRORENTRY(FIRSTDOUBLEHEXMUSTNOTBE00,First DoubleHex MUST NOT be 00,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(FIRSTFIELDMUSTBEBETWEEN02,First field must be between 0-2,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTANOCSPRESPONSE,FirstObject is not an OcspResponse,0), -PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPREQUEST,FirstObject is not a LdapRequest,0), -PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPRESPONSE,FirstObject is not a LdapResponse,0), -PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTOCSPREQUEST,FirstObject is not a OcspRequest,0), -PKIX_ERRORENTRY(FIRSTOBJECTARGUMENTNOTANX500NAME,FirstObject is not an X500Name,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTANERROROBJECT,FirstObject is not an Error object,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTBIGINT,FirstObject not a BigInt,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDPARAMS,FirstObject is not a BuildParams,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDRESULT,FirstObject is not a BuildResult,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCERT,FirstObject is not a Cert,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTBASICCONSTRAINTS,FirstObject is not a CertBasicConstraints,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTNAMECONSTRAINTS,FirstObject is not a CertNameConstraints,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYINFO,FirstObject is not a CertPolicyInfo,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYMAP,FirstObject is not a CertPolicyMap,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYQUALIFIER,FirstObject is not a CertPolicyQualifier,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCOMCRLSELPARAMS,FirstObject is not a ComCRLSelParams,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCRL,FirstObject is not a CRL,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLENTRY,FirstObject is not a CRLEntry,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLSELECTOR,FirstObject is not a CRLSelector,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTDATE,FirstObject is not a Date,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTERROR,FirstObject is not an Error,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTGENERALNAME,FirstObject is not a GeneralName,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTINFOACCESS,FirstObject is not a InfoAccess,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTLIST,FirstObject is not a List,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTLOGGER,FirstObject is not a Logger,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTPOLICYNODE,FirstObject is not a PolicyNode,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTPROCESSINGPARAMS,FirstObject is not a ProcessingParams,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTPUBLICKEY,FirstObject is not a PublicKey,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTRESOURCELIMITS,FirstObject is not a ResourceLimits,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTSTRING,FirstObject is not a String,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTTRUSTANCHOR,FirstObject is not a TrustAnchor,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATEPARAMS,FirstObject is not a ValidateParams,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATERESULT,FirstObject is not a ValidateResult,0), -PKIX_ERRORENTRY(FIRSTOBJECTNOTVERIFYNODE,FirstObject is not a VerifyNode,0), -PKIX_ERRORENTRY(FIRSTPUBKEYTYPENULLKEY,firstPubKeyType is nullKey,0), -PKIX_ERRORENTRY(FUNCTIONMUSTNOTBEUSED,Function MUST not be used,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(FORWARDBUILDERSTATEDUMPSTATEFAILED,pkix_ForwardBuilderState_DumpState failed,0), -PKIX_ERRORENTRY(FORWARDBUILDERSTATEISIOPENDINGFAILED,pkix_ForwardBuilderState_IsIOPending failed,0), -PKIX_ERRORENTRY(FORWARDBUILDSTATECREATEFAILED,pkix_ForwardBuildState_Create failed,0), -PKIX_ERRORENTRY(FREEFAILED,PKIX_PL_Free failed,0), -PKIX_ERRORENTRY(GENERALNAMECREATEFAILED,pkix_pl_GeneralName_Create failed,0), -PKIX_ERRORENTRY(GENERALNAMEGETNSSGENERALNAMEFAILED,pkix_pl_GeneralName_GetNssGeneralName failed,0), -PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGDOUBLESLASH,GeneralName string missing double slash,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), -PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGLOCATIONTYPE,GeneralName string missing location type,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), -PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGSERVERSITE,GeneralName string missing server-site,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), -PKIX_ERRORENTRY(GENERALNAMETOSTRINGFAILED,pkix_pl_GeneralName_ToString failed,0), -PKIX_ERRORENTRY(GENERALNAMETOSTRINGHELPERFAILED,pkix_pl_GeneralName_ToString_Helper failed,0), -PKIX_ERRORENTRY(GENERICCLIENTNOTANLDAPDEFAULTCLIENT,genericClient is not an LdapDefaultClient,0), -PKIX_ERRORENTRY(GETATTRIBUTESCALLEDFORNONENTRYMESSAGE,GetAttributes called for non-Entry message,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(GETCERTSFAILED,getCerts failed,0), -PKIX_ERRORENTRY(GETCRITICALEXTENSIONOIDSFAILED,pkix_GetCriticalExtensionOIDs failed,0), -PKIX_ERRORENTRY(GETCRLSFAILED,getCrls failed,0), -PKIX_ERRORENTRY(GETOIDTOKENFAILED,pkix_pl_getOIDToken failed,0), -PKIX_ERRORENTRY(GETPKIXERRORCODEFAILED,Get PKIX error code failed,0), -PKIX_ERRORENTRY(GETREQCERTIFICATEUSAGESFAILED,Fail to get required certificate usages,0), -PKIX_ERRORENTRY(GETRESULTCODECALLEDFORNONRESULTMESSAGE,GetResultCode called for non-Result message,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(GETRETCERTIFICATEUSAGESFAILED,Fail to get returned certificate usages,0), -PKIX_ERRORENTRY(GETTRUSTEDCERTLISTFAILED,Fail to get trusted cert list,0), -PKIX_ERRORENTRY(HASHFAILED,pkix_hash failed,0), -PKIX_ERRORENTRY(HASHTABLEADDFAILED,PKIX_PL_HashTable_Add failed,0), -PKIX_ERRORENTRY(HASHTABLECREATEFAILED,PKIX_PL_HashTable_Create failed,0), -PKIX_ERRORENTRY(HASHTABLELOOKUPFAILED,PKIX_PL_HashTable_Lookup failed,0), -PKIX_ERRORENTRY(HASHTABLEREMOVEFAILED,PKIX_PL_HashTable_Remove failed,0), -PKIX_ERRORENTRY(HELPERBYTES2ASCIIFAILED,pkix_pl_helperBytes2Ascii failed,0), -PKIX_ERRORENTRY(HELPERBYTES2ASCIINUMTOKENSZERO,pkix_pl_helperBytes2Ascii: numTokens is zero,0), -PKIX_ERRORENTRY(HTTPCERTSTORECREATEREQUESTSESSIONFAILED,pkix_pl_HttpCertStore_CreateRequestSession failed,0), -PKIX_ERRORENTRY(HTTPCERTSTORECREATEWITHASCIINAMEFAILED,PKIX_PL_HttpCertStore_CreateWithAsciiName failed,0), -PKIX_ERRORENTRY(HTTPCERTSTOREDECODECERTPACKAGEFAILED,pkix_pl_HttpCertStore_DecodeCertPackage failed,0), -PKIX_ERRORENTRY(HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED,pkix_HttpCertStore_FindSocketConnection failed,0), -PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCERTRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCertResponse failed,0), -PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCRLRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCrlResponse failed,0), -PKIX_ERRORENTRY(HTTPCLIENTCREATESESSIONFAILED,HttpClient->CreateSession failed,0), -PKIX_ERRORENTRY(HTTPCLIENTININVALIDSTATE,HttpClient in invalid state,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_HttpDefaultClient_ConnectContinue failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCREATEFAILED,pkix_pl_HttpDefaultClient_Create failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_HttpDefaultClient_Dispatch failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED,pkix_pl_HttpDefaultClient_HdrCheckComplete failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTINILLEGALSTATE,HttpDefaultClient in illegal state,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvBodyContinue failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYFAILED,pkix_pl_HttpDefaultClient_RecvBody failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvHdrContinue failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRFAILED,pkix_pl_HttpDefaultClient_RecvHdr failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_HttpDefaultClient_SendContinue failed,0), -PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDFAILED,pkix_pl_HttpDefaultClient_Send failed,0), -PKIX_ERRORENTRY(HTTPSERVERERROR,HTTP Server Error,0), -PKIX_ERRORENTRY(ILLEGALCHARACTERINESCAPEDASCII,Illegal character in Escaped ASCII String,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(ILLEGALCHARACTERINOID,Illegal character in OID,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(ILLEGALDOTINOID,Illegal period in OID,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(ILLEGALSURROGATEPAIR,Illegal surrogate pair in EscapedASCII,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(ILLEGALUNICODECHARACTER,Illegal Unicode character in EscapedASCII,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(ILLEGALUSEOFAMP,Illegal use of ampersand character,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(IMPOSSIBLECRITERIONFORCRLQUERY,Impossible criterion for Crl Query,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(INDEXOUTOFBOUNDS,Index out of bounds,SEC_ERROR_LIBPKIX_INTERNAL), -PKIX_ERRORENTRY(INESCAPEDASCII,in EscapedASCII,0), -PKIX_ERRORENTRY(INFOACCESSCREATEFAILED,pkix_pl_InfoAccess_Create failed,0), -PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed,0), -PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0), -PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0), -PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0), -PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,0), -PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,0), -PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0), -PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0), -PKIX_ERRORENTRY(INPUTLISTMUSTBEHEADER,Input List must be header,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(INPUTLISTSMUSTBELISTHEADERS,Input Lists must be list headers,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCERTQUERY,Insufficient criteria for Cert query,0), -PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCRLQUERY,Insufficient criteria for Crl Query,0), -PKIX_ERRORENTRY(INTRUSTEDCERT,in Trusted Cert,0), -PKIX_ERRORENTRY(INVALIDCHARACTERINBIGINT,Invalid character in BigInt,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(INVALIDDERENCODINGFOROID,Invalid DER-encoding for OID,0), -PKIX_ERRORENTRY(INVALIDENCODINGOIDTOKENVALUETOOBIG,Invalid encoding: OID token value too big,0), -PKIX_ERRORENTRY(INVALIDPOLICYMAPPINGINCLUDESANYPOLICY,Invalid policyMapping includes anyPolicy,SEC_ERROR_INVALID_POLICY_MAPPING), -PKIX_ERRORENTRY(INVALIDREVOCATIONMETHOD,Invalid revocation method,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(INVALIDSIGNINGCERTINOCSPRESPONSE,Invalid signing Cert in OCSP response,SEC_ERROR_OCSP_INVALID_SIGNING_CERT), -PKIX_ERRORENTRY(INVALIDSTATUS,INVALID STATUS,0), -PKIX_ERRORENTRY(INVALIDSTORETYPEFORSETTINGCONFIGDIR,Invalid Store type for Setting ConfigDir,0), -PKIX_ERRORENTRY(IPADDRBYTES2ASCIIDATALENGTHZERO,pkix_pl_ipAddrBytes2Ascii: data length is zero,0), -PKIX_ERRORENTRY(IPADDRBYTES2ASCIIFAILED,pkix_pl_ipAddrBytes2Ascii failed,0), -PKIX_ERRORENTRY(ISCERTSELFISSUEDFAILED,pkix_IsCertSelfIssued failed,0), -PKIX_ERRORENTRY(ISCERTSELFISSUEFAILED,pkix_IsCertSelfIssue failed,0), -PKIX_ERRORENTRY(KEYUSAGEKEYCERTSIGNBITNOTON,Validation failed: KeyUsage KeyCertSign bit is not on,SEC_ERROR_CA_CERT_INVALID), -PKIX_ERRORENTRY(KEYUSAGEKEYCRLSIGNBITNOTON,Validation failed: KeyUsage CRLSign bit is not on,0), -PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCERTLISTFAILED,pkix_pl_LdapCertStore_BuildCertList failed,0), -PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCRLLISTFAILED,pkix_pl_LdapCertStore_BuildCrlList failed,0), -PKIX_ERRORENTRY(LDAPCERTSTOREDECODECROSSCERTPAIRFAILED,pkix_pl_LdapCertStore_DecodeCrossCertPair failed,0), -PKIX_ERRORENTRY(LDAPCERTSTOREDESTROYAVALISTFAILED,pkix_pl_LdapCertStore_DestroyAVAList failed,0), -PKIX_ERRORENTRY(LDAPCERTSTOREINILLEGALSTATE,LDAP CertStore in illegal state,0), -PKIX_ERRORENTRY(LDAPCERTSTOREMAKENAMEAVALISTFAILED,pkix_pl_LdapCertStore_MakeNameAVAList failed,0), -PKIX_ERRORENTRY(LDAPCLIENTINITIATEREQUESTFAILED,PKIX_PL_LdapClient_InitiateRequest failed,0), -PKIX_ERRORENTRY(LDAPCLIENTRESUMEREQUESTFAILED,PKIX_PL_LdapClient_ResumeRequest failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTABANDONCONTINUEFAILED,pkix_pl_LdapDefaultClient_AbandonContinue failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDCONTINUEFAILED,pkix_pl_LdapDefaultClient_BindContinue failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDFAILED,pkix_pl_LdapDefaultClient_Bind failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSECONTINUEFAILED,pkix_pl_LdapDefaultClient_BindResponseContinue failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_BindResponse failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_LdapDefaultClient_ConnectContinue failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEBYNAMEFAILED,PKIX_PL_LdapDefaultClient_CreateByName failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEHELPERFAILED,pkix_pl_LdapDefaultClient_CreateHelper failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_DecodeBindResponse failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_LdapDefaultClient_Dispatch failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTINILLEGALSTATE,LDAP DefaultClient in illegal state,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEABANDONFAILED,pkix_pl_LdapDefaultClient_MakeAbandon failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEANDFILTERFAILED,pkix_pl_LdapDefaultClient_MakeAndFilter failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEBINDFAILED,pkix_pl_LdapDefaultClient_MakeBind failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEUNBINDFAILED,pkix_pl_LdapDefaultClient_MakeUnbind failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED,pkix_pl_LdapDefaultClient_RecvCheckComplete failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCONTINUEFAILED,pkix_pl_LdapDefaultClient_RecvContinue failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVFAILED,pkix_pl_LdapDefaultClient_Recv failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVINITIALFAILED,pkix_pl_LdapDefaultClient_RecvInitial failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVNONINITIALFAILED,pkix_pl_LdapDefaultClient_RecvNonInitial failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_LdapDefaultClient_SendContinue failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDFAILED,pkix_pl_LdapDefaultClient_Send failed,0), -PKIX_ERRORENTRY(LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_VerifyBindResponse failed,0), -PKIX_ERRORENTRY(LDAPREQUESTATTRSTRINGTOBITFAILED,pkix_pl_LdapRequest_AttrStringToBit failed,0), -PKIX_ERRORENTRY(LDAPREQUESTATTRTYPETOBITFAILED,pkix_pl_LdapRequest_AttrTypeToBit failed,0), -PKIX_ERRORENTRY(LDAPREQUESTCREATEFAILED,pkix_pl_LdapRequest_Create failed,0), -PKIX_ERRORENTRY(LDAPREQUESTENCODEATTRSFAILED,pkix_pl_LdapRequest_EncodeAttrs failed,0), -PKIX_ERRORENTRY(LDAPREQUESTGETENCODEDFAILED,pkix_pl_LdapRequest_GetEncoded failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEAPPENDFAILED,pkix_pl_LdapResponse_Append failed,0), -PKIX_ERRORENTRY(LDAPRESPONSECREATEFAILED,pkix_pl_LdapResponseCreate failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEDECODEFAILED,pkix_pl_LDAPResponse_Decode failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEGETCAPACITYFAILED,pkix_pl_LdapResponse_GetCapacity failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGEFAILED,pkix_pl_LdapResponse_GetMessage failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGETYPEFAILED,pkix_pl_LdapResponse_GetMessageType failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEGETRESULTCODEFAILED,pkix_pl_LdapResponse_GetResultCode failed,0), -PKIX_ERRORENTRY(LDAPRESPONSEISCOMPLETEFAILED,pkix_pl_LdapResponse_IsComplete failed,0), -PKIX_ERRORENTRY(LISTAPPENDFAILED,PKIX_List_Append failed,0), -PKIX_ERRORENTRY(LISTAPPENDITEMFAILED,PKIX_List_AppendItem failed,0), -PKIX_ERRORENTRY(LISTAPPENDLISTFAILED,pkix_List_AppendList failed,0), -PKIX_ERRORENTRY(LISTAPPENDUNIQUEFAILED,pkix_List_AppendUnique failed,0), -PKIX_ERRORENTRY(LISTBUBBLESORTFAILED,pkix_List_BubbleSort failed,0), -PKIX_ERRORENTRY(LISTCONTAINSFAILED,pkix_List_Contains failed,0), -PKIX_ERRORENTRY(LISTCREATEFAILED,PKIX_List_Create failed,0), -PKIX_ERRORENTRY(LISTCREATEINTERNALFAILED,pkix_List_Create_Internal failed,0), -PKIX_ERRORENTRY(LISTDELETEITEMFAILED,PKIX_List_DeleteItem failed,0), -PKIX_ERRORENTRY(LISTDUPLICATEFAILED,pkix_List_Duplicate failed,0), -PKIX_ERRORENTRY(LISTEQUALSFAILED,PKIX_List_Equals failed,0), -PKIX_ERRORENTRY(LISTGETELEMENTFAILED,pkix_List_GetElement failed,0), -PKIX_ERRORENTRY(LISTGETITEMFAILED,PKIX_List_GetItem failed,0), -PKIX_ERRORENTRY(LISTGETLENGTHFAILED,PKIX_List_GetLength failed,0), -PKIX_ERRORENTRY(LISTHASHCODEFAILED,pkix_List_Hashcode failed,0), -PKIX_ERRORENTRY(LISTINSERTITEMFAILED,PKIX_List_InsertItem failed,0), -PKIX_ERRORENTRY(LISTISEMPTYFAILED,PKIX_List_IsEmpty failed,0), -PKIX_ERRORENTRY(LISTMERGEFAILED,pkix_List_MergeList failed,0), -PKIX_ERRORENTRY(LISTQUICKSORTFAILED,pkix_List_QuickSort failed,0), -PKIX_ERRORENTRY(LISTREMOVEFAILED,pkix_List_Remove failed,0), -PKIX_ERRORENTRY(LISTREMOVEITEMSFAILED,pkix_List_RemoveItems failed,0), -PKIX_ERRORENTRY(LISTREVERSELISTFAILED,PKIX_List_ReverseList failed,0), -PKIX_ERRORENTRY(LISTSETIMMUTABLEFAILED,PKIX_List_SetImmutable failed,0), -PKIX_ERRORENTRY(LISTSETITEMFAILED,PKIX_List_SetItem failed,0), -PKIX_ERRORENTRY(LISTTOSTRINGFAILED,pkix_List_ToString failed,0), -PKIX_ERRORENTRY(LISTTOSTRINGHELPERFAILED,pkix_List_ToString Helper failed,0), -PKIX_ERRORENTRY(LOCATIONSTRINGNOTPROPERLYTERMINATED,Location string not properly terminated,0), -PKIX_ERRORENTRY(LOCKHASNONZEROREADCOUNT,Lock has non-zero read count,0), -PKIX_ERRORENTRY(LOCKOBJECTFAILED,pkix_LockObject failed,0), -PKIX_ERRORENTRY(LOGGERDUPLICATEFAILED,pkix_Logger_Duplicate failed,0), -PKIX_ERRORENTRY(LOGGINGLEVELEXCEEDSMAXIMUM,Logging Level exceeds Maximum,0), -PKIX_ERRORENTRY(LOOPDISCOVEREDDUPCERTSNOTALLOWED,Loop discovered: duplicate certificates not allowed,SEC_ERROR_UNTRUSTED_ISSUER), -PKIX_ERRORENTRY(LOOPOFERRORCAUSEDETECTED,Loop of error causes detected,0), -PKIX_ERRORENTRY(MAJORVERSIONSDONTMATCH,Major versions do not match,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(MALLOCFAILED,PKIX_PL_Malloc failed,0), -PKIX_ERRORENTRY(MEMLEAKGENERATEDERROR,Error generated for memory leak testing,SEC_ERROR_NO_MEMORY), -PKIX_ERRORENTRY(MINORVERSIONNOTBETWEENDESIREDMINANDMAX,Minor version does not fall between desired minimum and maximum,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(MISSINGDSAPARAMETERS,Missing DSA parameters in Trusted Cert,SEC_ERROR_INVALID_KEY), -PKIX_ERRORENTRY(MONITORLOCKCREATEFAILED,PKIX_PL_MonitorLock_Create failed,0), -PKIX_ERRORENTRY(MONITORLOCKENTERFAILED,PKIX_PL_MonitorLock_Enter failed,0), -PKIX_ERRORENTRY(MONITORLOCKEXITFAILED,PKIX_PL_MonitorLock_Exit failed,0), -PKIX_ERRORENTRY(MUTEXLOCKFAILED,PKIX_PL_Mutex_Lock failed,0), -PKIX_ERRORENTRY(NAMECHAININGCHECKERINITIALIZEFAILED,pkix_NameChainingChecker_Initialize failed,0), -PKIX_ERRORENTRY(NAMECHAININGCHECKFAILED,Name Chaining Check failed,SEC_ERROR_UNKNOWN_ISSUER), -PKIX_ERRORENTRY(NAMECOMPONENTWITHNOEQ,Name Component with no equal sign,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), -PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERINITIALIZEFAILED,pkix_NameConstraintsChecker_Initialize failed,0), -PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERSTATECREATEFAILED,pkix_NameConstraintsCheckerState_Create failed,0), -PKIX_ERRORENTRY(NAMETYPENOTSUPPORTED,name type not supported,0), -PKIX_ERRORENTRY(NOCONTENTTYPEINHTTPRESPONSE,No content type in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE), -PKIX_ERRORENTRY(NODESMISSINGFROMCHAIN,Nodes missing from chain,0), -PKIX_ERRORENTRY(NOREGISTEREDHTTPCLIENT,No registered Http Client,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(NORESPONSEDATAINHTTPRESPONSE,No responseData in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE), -PKIX_ERRORENTRY(NOTARGETCERTSUPPLIED,No target cert supplied,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(NOTCONFORMINGCRLDP,Cert CRL DP does not conform to the rfc, 0), -PKIX_ERRORENTRY(NOTDERPACKAGE,Not a DER package,0), -PKIX_ERRORENTRY(NOTENOUGHNAMECOMPONENTSINGENERALNAME,Not enough name components in GeneralName,0), -PKIX_ERRORENTRY(NSSCERTIFICATEUSAGETOPKIXKUANDEKUFAILED,Failed to convert nss certificate usage to pkix ku and eku data structures,0), -PKIX_ERRORENTRY(NSSCONTEXTCREATEFAILED,PKIX_PL_NssContext_Create failed,0), -PKIX_ERRORENTRY(NSSCONTEXTDESTROYFAILED,PKIX_PL_NssContext_Destroy failed,0), -PKIX_ERRORENTRY(NSSCONTEXTGETCHECKALLUSAGESFAILED, pkix_pl_NssContext_GetCheckAllUsages failed,0), -PKIX_ERRORENTRY(NSSCONTEXTGETRETURNUSAGESFAILED, pkix_pl_NssContext_GetReturnUsages failed,0), -PKIX_ERRORENTRY(NSSCONTEXTGETWINCXFAILED,pkix_pl_NssContext_GetWincx failed,0), -PKIX_ERRORENTRY(NSSCONTEXTSETCERTSIGNCHECKFAILED, pkix_pl_NssContext_SetCertSignatureCheck,0), -PKIX_ERRORENTRY(NSSCONTEXTSETCERTUSAGEFAILED, pkix_pl_NssContext_SetCertUsage failed,0), -PKIX_ERRORENTRY(NSSCONTEXTSETCHECKALLUSAGESFAILED, pkix_pl_NssContext_SetCheckAllUsages failed,0), -PKIX_ERRORENTRY(NSSCONTEXTSETRETURNEDCERTUSAGEFAILED, pkix_pl_NssContext_SetReturnedCertUsage,0), -PKIX_ERRORENTRY(NSSCONTEXTSETRETURNUSAGESFAILED, pkix_pl_NssContext_SetReturnUsages failed,0), -PKIX_ERRORENTRY(NSSCONTEXTVALIDATINGRESPONDERCERTFAILED,pkix_pl_NssContext_ValidatingResponderCert failed,0), -PKIX_ERRORENTRY(NSSTRUSTEDLISTISEMPTY,nss trusted roots list is empty,0), -PKIX_ERRORENTRY(NULLARGUMENT,Null argument,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(NUMBUCKETSEQUALSZERO,NumBuckets equals zero,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(OBJECTALLOCFAILED,PKIX_PL_Object_Alloc failed,0), -PKIX_ERRORENTRY(OBJECTARGUMENTNOTPOLICYMAP,object argument is not a PolicyMap,0), -PKIX_ERRORENTRY(OBJECTCOMPARATORFAILED,PKIX_PL_Object_Comparator failed,0), -PKIX_ERRORENTRY(OBJECTDEFINED,object-defined ,0), -PKIX_ERRORENTRY(OBJECTDUPLICATECERTFAILED,PKIX_PL_Object_Duplicate Cert failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATECONTEXTFAILED,PKIX_PL_Object_Duplicate Context failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATEDATEFAILED,PKIX_PL_Object_Duplicate Date failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATEFAILED,PKIX_PL_Object_Duplicate failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATEISSUERNAMESFAILED,PKIX_PL_Object_Duplicate IssuerNames failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATELISTFAILED,PKIX_PL_Object_Duplicate List failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATEMAXCRLNUMBERFAILED,PKIX_PL_Object_Duplicate maxCRLNumber failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATEMINCRLNUMBERFAILED,PKIX_PL_Object_Duplicate minCRLNumber failed,0), -PKIX_ERRORENTRY(OBJECTDUPLICATEPARAMSFAILED,PKIX_PL_Object_Duplicate Params failed,0), -PKIX_ERRORENTRY(OBJECTEQUALSFAILED,PKIX_PL_Object_Equals failed,0), -PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONCHILDREN,PKIX_PL_Object_Equals failed on children,0), -PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS,PKIX_PL_Object_Equals failed on expectedPolicySets,0), -PKIX_ERRORENTRY(OBJECTGETTYPEFAILED,PKIX_PL_Object_GetType failed,0), -PKIX_ERRORENTRY(OBJECTHASHCODEFAILED,PKIX_PL_Object_Hashcode failed,0), -PKIX_ERRORENTRY(OBJECTINVALIDATECACHEFAILED,PKIX_PL_Object_InvalidateCache failed,0), -PKIX_ERRORENTRY(OBJECTISTYPEREGISTEREDFAILED,PKIX_PL_Object_IsTypeRegistered failed,0), -PKIX_ERRORENTRY(OBJECTLOCKFAILED,PKIX_PL_Object_Lock failed,0), -PKIX_ERRORENTRY(OBJECTNOTAIAMGR,Object is not a AIAMgr,0), -PKIX_ERRORENTRY(OBJECTNOTANEKUCHECKERSTATE,Object is not an EKU Checker State,0), -PKIX_ERRORENTRY(OBJECTNOTANERROR,Object is not an Error,0), -PKIX_ERRORENTRY(OBJECTNOTANHTTPCERTSTORECONTEXT,Object is not an HttpCertStoreContext,0), -PKIX_ERRORENTRY(OBJECTNOTANHTTPDEFAULTCLIENT,Object is not an HttpDefaultClient,0), -PKIX_ERRORENTRY(OBJECTNOTANINFOACCESS,Object is not an InfoAccess,0), -PKIX_ERRORENTRY(OBJECTNOTANLDAPDEFAULTCLIENT,Object is not an LdapDefaultClient,0), -PKIX_ERRORENTRY(OBJECTNOTANOCSPRESPONSE,Object is not an OcspResponse,0), -PKIX_ERRORENTRY(OBJECTNOTANOID,Object is not an OID,0), -PKIX_ERRORENTRY(OBJECTNOTANSOCKET,Object is not an Socket,0), -PKIX_ERRORENTRY(OBJECTNOTANX500NAME,Object is not an X500Name,0), -PKIX_ERRORENTRY(OBJECTNOTBASICCONSTRAINTSCHECKERSTATE,Object is not a basic constraints checker state,0), -PKIX_ERRORENTRY(OBJECTNOTBIGINT,Object is not a BigInt,0), -PKIX_ERRORENTRY(OBJECTNOTBUILDPARAMS,Object is not a BuildParams,0), -PKIX_ERRORENTRY(OBJECTNOTBUILDRESULT,Object is not a BuildResult,0), -PKIX_ERRORENTRY(OBJECTNOTBYTEARRAY,Object is not a bytearray,0), -PKIX_ERRORENTRY(OBJECTNOTCERT,Object is not a Cert,0), -PKIX_ERRORENTRY(OBJECTNOTCERTBASICCONSTRAINTS,Object is not a CertBasicConstraints,0), -PKIX_ERRORENTRY(OBJECTNOTCERTCHAINCHECKER,Object is not a cert chain checker,0), -PKIX_ERRORENTRY(OBJECTNOTCERTNAMECONSTRAINTS,Object is not a CertNameConstraints,0), -PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYINFO,Object is not a CertPolicyInfo,0), -PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYMAP,Object is not a CertPolicyMap,0), -PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYQUALIFIER,Object is not a CertPolicyQualifier,0), -PKIX_ERRORENTRY(OBJECTNOTCERTSELECTOR,Object is not a cert selector,0), -PKIX_ERRORENTRY(OBJECTNOTCERTSTORE,Object is not a CertStore,0), -PKIX_ERRORENTRY(OBJECTNOTCOLLECTIONCERTSTORECONTEXT,Object is not a CollectionCertStoreContext,0), -PKIX_ERRORENTRY(OBJECTNOTCOMCERTSELPARAMS,Object is not a comCertSelParams,0), -PKIX_ERRORENTRY(OBJECTNOTCOMCRLSELPARAMS,Object is not a ComCRLSelParams,0), -PKIX_ERRORENTRY(OBJECTNOTCRL,Object is not a CRL,0), -PKIX_ERRORENTRY(OBJECTNOTCRLENTRY,Object is not a CRLEntry,0), -PKIX_ERRORENTRY(OBJECTNOTCRLSELECTOR,Object is not a CRLSelector,0), -PKIX_ERRORENTRY(OBJECTNOTDATE,Object is not a Date,0), -PKIX_ERRORENTRY(OBJECTNOTCRLCHECKER,Object is not a CRLChecker,0), -PKIX_ERRORENTRY(OBJECTNOTDEFAULTREVOCATIONCHECKER,Object is not a DefaultRevocationChecker,0), -PKIX_ERRORENTRY(OBJECTNOTFORWARDBUILDERSTATE,Object is not a PKIX_ForwardBuilderState,0), -PKIX_ERRORENTRY(OBJECTNOTGENERALNAME,Object is not a GeneralName,0), -PKIX_ERRORENTRY(OBJECTNOTHASHTABLE,Object is not a hashtable,0), -PKIX_ERRORENTRY(OBJECTNOTINFOACCESS,Object is not a InfoAccess,0), -PKIX_ERRORENTRY(OBJECTNOTLDAPREQUEST,Object is not a LdapRequest,0), -PKIX_ERRORENTRY(OBJECTNOTLDAPRESPONSE,Object is not a LdapResponse,0), -PKIX_ERRORENTRY(OBJECTNOTLIST,Object is not a list,0), -PKIX_ERRORENTRY(OBJECTNOTLOGGER,Object is not a Logger,0), -PKIX_ERRORENTRY(OBJECTNOTMONITORLOCK,Object is not a MonitorLock,0), -PKIX_ERRORENTRY(OBJECTNOTMUTEX,Object is not a Mutex,0), -PKIX_ERRORENTRY(OBJECTNOTNAMECONSTRAINTSCHECKERSTATE,Object is not a name constraints checker state,0), -PKIX_ERRORENTRY(OBJECTNOTOCSPCERTID,Object is not an OcspCertID,0), -PKIX_ERRORENTRY(OBJECTNOTOCSPCHECKER,Object is not an OCSPChecker,0), -PKIX_ERRORENTRY(OBJECTNOTOCSPREQUEST,Object is not an OcspRequest,0), -PKIX_ERRORENTRY(OBJECTNOTPOLICYCHECKERSTATE,Object is not a PKIX_PolicyCheckerState,0), -PKIX_ERRORENTRY(OBJECTNOTPOLICYNODE,Object is not a PolicyNode,0), -PKIX_ERRORENTRY(OBJECTNOTPROCESSINGPARAMS,Object is not a ProcessingParams,0), -PKIX_ERRORENTRY(OBJECTNOTPUBLICKEY,Object is not a PublicKey,0), -PKIX_ERRORENTRY(OBJECTNOTRESOURCELIMITS,Object is not a ResourceLimits,0), -PKIX_ERRORENTRY(OBJECTNOTREVOCATIONCHECKER,Object is not a revocation checker,0), -PKIX_ERRORENTRY(OBJECTNOTRWLOCK,Object is not a RWLock,0), -PKIX_ERRORENTRY(OBJECTNOTSIGNATURECHECKERSTATE,Object is not a signature checker state,0), -PKIX_ERRORENTRY(OBJECTNOTSOCKET,Object is not a Socket,0), -PKIX_ERRORENTRY(OBJECTNOTSTRING,Object is not a string,0), -PKIX_ERRORENTRY(OBJECTNOTTARGETCERTCHECKERSTATE,Object is not a target cert checker state,0), -PKIX_ERRORENTRY(OBJECTNOTTRUSTANCHOR,Object is not a trustAnchor,0), -PKIX_ERRORENTRY(OBJECTNOTVALIDATEPARAMS,Object is not a ValidateParams,0), -PKIX_ERRORENTRY(OBJECTNOTVALIDATERESULT,Object is not a ValidateResult,0), -PKIX_ERRORENTRY(OBJECTNOTVERIFYNODE,Object is not a VerifyNode,0), -PKIX_ERRORENTRY(OBJECTREGISTERTYPEFAILED,PKIX_PL_Object_RegisterType failed,0), -PKIX_ERRORENTRY(OBJECTRETRIEVEEQUALSCALLBACKFAILED,pkix_pl_Object_RetrieveEqualsCallback failed,0), -PKIX_ERRORENTRY(OBJECTSPECIFICFUNCTIONFAILED,object-specific function failed,0), -PKIX_ERRORENTRY(OBJECTSTILLREFERENCED,Object is still referenced,0), -PKIX_ERRORENTRY(OBJECTTOSTRINGFAILED,PKIX_PL_Object_ToString failed,0), -PKIX_ERRORENTRY(OBJECTTYPESDONOTMATCH,Object types do not match,0), -PKIX_ERRORENTRY(OBJECTWITHNONPOSITIVEREFERENCES,Object with non-positive references,0), -PKIX_ERRORENTRY(OCSPCERTIDCREATEFAILED,PKIX_PL_OcspCertID_Create failed,0), -PKIX_ERRORENTRY(OCSPCERTIDGETFRESHCACHESTATUSFAILED,PKIX_PL_OcspCertID_GetFreshCacheStatus returned an error,0), -PKIX_ERRORENTRY(OCSPCERTIDREMEMBEROCSPFAILUREDFAILED,PKIX_PL_OcspCertID_RememberOCSPProcessingFailure,0), -PKIX_ERRORENTRY(OCSPCHECKERCREATEFAILED,PKIX_OcspChecker_Create failed,0), -PKIX_ERRORENTRY(OCSPBADHTTPRESPONSE,Bad Http Response,SEC_ERROR_OCSP_BAD_HTTP_RESPONSE), -PKIX_ERRORENTRY(OCSPREQUESTCREATEFAILED,PKIX_PL_OcspRequest_Create failed,0), -PKIX_ERRORENTRY(OCSPREQUESTGETCERTIDFAILED,pkix_pl_OcspRequest_GetCertID failed,0), -PKIX_ERRORENTRY(OCSPREQUESTGETENCODEDFAILED,pkix_pl_OcspRequest_GetEncoded failed,0), -PKIX_ERRORENTRY(OCSPREQUESTGETLOCATIONFAILED,pkix_pl_OcspRequest_GetLocation failed,0), -PKIX_ERRORENTRY(OCSPRESPONSECREATEFAILED,pkix_pl_OcspResponse_Create failed,0), -PKIX_ERRORENTRY(OCSPRESPONSEDECODEFAILED,pkix_pl_OcspResponse_Decode failed,0), -PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSFORCERTFAILED,pkix_pl_OcspResponse_GetStatusForCert failed,0), -PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSRETURNEDANERROR,pkix_pl_OcspResponse_GetStatus returned an error,0), -PKIX_ERRORENTRY(OCSPRESPONSESAYSCERTREVOKED,OCSP response says Cert revoked,SEC_ERROR_REVOKED_CERTIFICATE_OCSP), -PKIX_ERRORENTRY(OCSPRESPONSEVERIFYSIGNATUREFAILED,pkix_pl_OcspResponse_VerifySignature failed,0), -PKIX_ERRORENTRY(OCSPSERVERERROR,OCSP Server Error,SEC_ERROR_OCSP_SERVER_ERROR), -PKIX_ERRORENTRY(OIDBYTES2ASCIIDATALENGTHZERO,pkix_pl_oidBytes2Ascii: data length is zero,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(OIDBYTES2ASCIIFAILED,pkix_pl_oidBytes2Ascii failed,0), -PKIX_ERRORENTRY(OIDBYTESLENGTH0,Oid bytes length is 0,0), -PKIX_ERRORENTRY(OIDCOMPARATORFAILED,pkix_pl_OID_Comparator failed,0), -PKIX_ERRORENTRY(OIDCOMPONENTTOOBIG,Overflow error: OID component > 2^32,0), -PKIX_ERRORENTRY(OIDCREATEFAILED,PKIX_PL_OID_Create failed,0), -PKIX_ERRORENTRY(OIDEQUALFAILED,PKIX_PL_OID_Equal failed,0), -PKIX_ERRORENTRY(OIDEQUALSFAILED,PKIX_PL_OID_Equals failed,0), -PKIX_ERRORENTRY(OIDGETNEXTTOKENFAILED,pkix_pl_OID_GetNextToken failed,0), -PKIX_ERRORENTRY(OIDHASHCODEFAILED,PKIX_PL_OID_Hashcode failed,0), -PKIX_ERRORENTRY(OIDLENGTHTOOSHORT,OID length too short,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(OIDNEEDS2ORMOREFIELDS,OID needs 2 or more fields,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(OIDTOSTRINGFAILED,PKIX_PL_OID_ToString failed,0), -PKIX_ERRORENTRY(OPERATIONNOTPERMITTEDONIMMUTABLELIST,Operation not permitted on Immutable List,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(OTHERNAMECREATEFAILED,pkix_pl_OtherName_Create failed,0), -PKIX_ERRORENTRY(OUTOFMEMORY,Out of Memory,0), -PKIX_ERRORENTRY(PATHLENCONSTRAINTINVALID,Certificate path length constraint is invalid,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID), -PKIX_ERRORENTRY(PK11CERTSTORECERTQUERYFAILED,pkix_pl_Pk11CertStore_CertQuery failed,0), -PKIX_ERRORENTRY(PK11CERTSTORECREATEFAILED,PKIX_PL_Pk11CertStore_Create failed,0), -PKIX_ERRORENTRY(PK11CERTSTORECRLQUERYFAILED,pkix_pl_Pk11CertStore_CrlQuery failed,0), -PKIX_ERRORENTRY(PKIXUNKNOWNERROR,PKIX uninitialized error code,0), -PKIX_ERRORENTRY(POLICYCHECKERCALCULATEINTERSECTIONFAILED,pkix_PolicyChecker_CalculateIntersection failed,0), -PKIX_ERRORENTRY(POLICYCHECKERCHECKANYFAILED,pkix_PolicyChecker_CheckAny failed,0), -PKIX_ERRORENTRY(POLICYCHECKERCHECKPOLICYRECURSIVEFAILED,pkix_PolicyChecker_CheckPolicyRecursive failed,0), -PKIX_ERRORENTRY(POLICYCHECKERERROR,PolicyChecker Error,0), -PKIX_ERRORENTRY(POLICYCHECKERINITIALIZEFAILED,pkix_PolicyChecker_Initialize failed,0), -PKIX_ERRORENTRY(POLICYCHECKERMAKEMUTABLECOPYFAILED,pkix_PolicyChecker_MakeMutableCopy failed,0), -PKIX_ERRORENTRY(POLICYCHECKERMAKESINGLETONFAILED,pkix_PolicyChecker_MakeSingleton failed,0), -PKIX_ERRORENTRY(POLICYCHECKERMAPCONTAINSFAILED,pkix_PolicyChecker_MapContains failed,0), -PKIX_ERRORENTRY(POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED,pkix_PolicyChecker_MapGetMappedPolicies failed,0), -PKIX_ERRORENTRY(POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED,pkix_PolicyChecker_MapGetSubjectDomainPolicies failed,0), -PKIX_ERRORENTRY(POLICYCHECKERSPAWNFAILED,pkix_PolicyChecker_Spawn failed,0), -PKIX_ERRORENTRY(POLICYCHECKERSTATECREATEFAILED,PKIX_PolicyCheckerState_Create failed,0), -PKIX_ERRORENTRY(POLICYNODEADDTOPARENTFAILED,pkix_PolicyNode_AddToParent failed,0), -PKIX_ERRORENTRY(POLICYNODECREATEFAILED,pkix_PolicyNode_Create failed,0), -PKIX_ERRORENTRY(POLICYNODEDUPLICATEHELPERFAILED,pkix_PolicyNode_DuplicateHelper failed,0), -PKIX_ERRORENTRY(POLICYNODEGETCHILDRENMUTABLEFAILED,pkix_PolicyNode_GetChildrenMutable failed,0), -PKIX_ERRORENTRY(POLICYNODEGETDEPTHFAILED,PKIX_PolicyNode_GetDepth failed,0), -PKIX_ERRORENTRY(POLICYNODEGETEXPECTEDPOLICIESFAILED,PKIX_PolicyNode_GetExpectedPolicies failed,0), -PKIX_ERRORENTRY(POLICYNODEGETPARENTFAILED,PKIX_PolicyNode_GetParent failed,0), -PKIX_ERRORENTRY(POLICYNODEGETPOLICYQUALIFIERSFAILED,PKIX_PolicyNode_GetPolicyQualifiers failed,0), -PKIX_ERRORENTRY(POLICYNODEGETVALIDPOLICYFAILED,PKIX_PolicyNode_GetValidPolicy failed,0), -PKIX_ERRORENTRY(POLICYNODEISCRITICALFAILED,PKIX_PolicyNode_IsCritical failed,0), -PKIX_ERRORENTRY(POLICYNODEPRUNEFAILED,pkix_PolicyNode_Prune failed,0), -PKIX_ERRORENTRY(POLICYTREETOOIDSFAILED,Failed to convert policy tree to oid,0), -PKIX_ERRORENTRY(PORTARENAALLOCFAILED,PORT Arena Allocation failed, 0), -PKIX_ERRORENTRY(PORTUCS2UTF8CONVERSIONFAILED,PORT_UCS2_UTF8Conversion failed.,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(PRACCEPTFAILED,PR_Accept failed,0), -PKIX_ERRORENTRY(PRBINDFAILED,PR_Bind failed,0), -PKIX_ERRORENTRY(PRCONNECTCONTINUEFAILED,PR_ConnectContinue failed,0), -PKIX_ERRORENTRY(PRCONNECTFAILED,PR_Connect failed,0), -PKIX_ERRORENTRY(PRENUMERATEHOSTENTFAILED,PR_EnumerateHostEnt failed.,0), -PKIX_ERRORENTRY(PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT,PR_GetHostByName rejects hostname argument.,0), -PKIX_ERRORENTRY(PRIMHASHTABLEADDFAILED,pkix_pl_PrimHashTable_Add failed,0), -PKIX_ERRORENTRY(PRIMHASHTABLECREATEFAILED,pkix_pl_PrimHashTable_Create failed,0), -PKIX_ERRORENTRY(PRIMHASHTABLEDESTROYFAILED,pkix_pl_PrimHashTable_Destroy failed,0), -PKIX_ERRORENTRY(PRIMHASHTABLEGETBUCKETSIZEFAILED,pkix_pl_PrimHashTable_GetBucketSize failed,0), -PKIX_ERRORENTRY(PRIMHASHTABLELOOKUPFAILED,pkix_pl_PrimHashTable_Lookup failed,0), -PKIX_ERRORENTRY(PRIMHASHTABLEREMOVEFAILED,pkix_pl_PrimHashTable_Remove failed,0), -PKIX_ERRORENTRY(PRLISTENFAILED,PR_Listen failed,0), -PKIX_ERRORENTRY(PRNEWTCPSOCKETFAILED,PR_NewTCPSocket failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTCHAINCHECKERFAILED,PKIX_ProcessingParams_AddCertChainChecker failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTSTOREFAILED,PKIX_ProcessingParams_AddCertStore failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSADDREVMETHODFAILED,PKIX_ProcessingParams_AddRevocationMethod failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSCREATEFAILED,PKIX_ProcessingParams_Create failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED,PKIX_ProcessingParams_GetCertChainCheckers failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTSTORESFAILED,PKIX_ProcessingParams_GetCertStores failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETDATEFAILED,PKIX_ProcessingParams_GetDate failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETHINTCERTSFAILED,PKIX_ProcessingParams_GetHintCerts failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETINITIALPOLICIESFAILED,PKIX_ProcessingParams_GetInitialPolicies failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETNISTREVPOLICYENABLEDFAILED,pkix_ProcessingParams_GetNISTRevocationPolicyEnabled failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED,PKIX_ProcessingParams_GetPolicyQualifiersRejected failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETRESOURCELIMITSFAILED,PKIX_ProcessingParams_GetResourceLimits failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_GetRevocationChecker failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_GetRevocationEnabled failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_GetTargetCertConstraints failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSGETTRUSTANCHORSFAILED,PKIX_ProcessingParams_GetTrustAnchors failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED,PKIX_ProcessingParams_IsAnyPolicyInhibited failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED,PKIX_ProcessingParams_IsExplicitPolicyRequired failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED,PKIX_ProcessingParams_IsPolicyMappingInhibited failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETANYPOLICYINHIBITED,PKIX_ProcessingParams_SetAnyPolicyInhibited failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETCERTSTORESFAILED,PKIX_ProcessingParams_SetCertStores failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETDATEFAILED,PKIX_ProcessingParams_SetDate failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETEXPLICITPOLICYREQUIRED,PKIX_ProcessingParams_SetExplicitPolicyRequired failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETHINTCERTSFAILED,PKIX_ProcessingParams_SetHintCerts failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETINITIALPOLICIESFAILED,PKIX_ProcessingParams_SetInitialPolicies failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETNISTREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_SetNISTRevocationEnabled failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETPOLICYMAPPINGINHIBITED,PKIX_ProcessingParams_SetPolicyMappingInhibited failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_SetRevocationChecker failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_SetTargetCertConstraints failed,0), -PKIX_ERRORENTRY(PROCESSINGPARAMSSETQUALIFYTARGETCERTFLAGFAILED,ProcessingParams_SetQualifyTargetCertFlag failed,0), -PKIX_ERRORENTRY(PRPOLLFAILED,PR_Poll failed,0), -PKIX_ERRORENTRY(PRPOLLRETBADFILENUM,PR_Poll failed,0), -PKIX_ERRORENTRY(PRRECVFAILED,PR_Recv failed,0), -PKIX_ERRORENTRY(PRRECVREPORTSNETWORKCONNECTIONCLOSED,PR_Recv reports network connection is closed,0), -PKIX_ERRORENTRY(PRSENDFAILED,PR_Send failed,0), -PKIX_ERRORENTRY(PRSHUTDOWNFAILED,PR_Shutdown failed,0), -PKIX_ERRORENTRY(PRSMPRINTFFAILED,PR_smprintf failed,0), -PKIX_ERRORENTRY(PRSNPRINTFFAILED,PR_snprintf failed,0), -PKIX_ERRORENTRY(PUBKEYTYPENULLKEY,pubKeyType is nullKey,0), -PKIX_ERRORENTRY(PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED,PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed,0), -PKIX_ERRORENTRY(PUBLICKEYNEEDSDSAPARAMETERSFAILED,PKIX_PL_PublicKey_NeedsDSAParameters failed,0), -PKIX_ERRORENTRY(PUBLICKEYTOSTRINGFAILED,PKIX_PL_PublicKey_ToString failed,0), -PKIX_ERRORENTRY(PUBLICKEYTOSTRINGHELPERFAILED,pkix_pl_PublicKey_ToString_Helper failed,0), -PKIX_ERRORENTRY(QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION,Qualifiers in critical Certificate Policy extension,0), -PKIX_ERRORENTRY(REALLOCFAILED,PKIX_PL_Realloc failed,0), -PKIX_ERRORENTRY(RECEIVEDCORRUPTEDOBJECTARGUMENT,Received corrupted object argument,0), -PKIX_ERRORENTRY(REGISTERCERTSTOREFAILED,RegisterCertStores failed,0), -PKIX_ERRORENTRY(REMOVEDUPUNTRUSTEDCERTSFAILED, pkix_Build_RemoveDupUntrustedCerts failed,0), -PKIX_ERRORENTRY(REQUESTNOTANHTTPDEFAULTCLIENT,request is not an HttpDefaultClient,0), -PKIX_ERRORENTRY(RESOURCELIMITSGETMAXDEPTHFAILED,PKIX_ResourceLimits_GetMaxDepth failed,0), -PKIX_ERRORENTRY(RESOURCELIMITSGETMAXFANOUTFAILED,PKIX_ResourceLimits_GetMaxFanout failed,0), -PKIX_ERRORENTRY(RESOURCELIMITSGETMAXTIMEFAILED,PKIX_ResourceLimits_GetMaxTime failed,0), -PKIX_ERRORENTRY(RETRIEVEOUTPUTSFAILED,pkix_RetrieveOutputs failed,0), -PKIX_ERRORENTRY(REVCHECKCERTFAILED,pkix_RevCheckCert failed,0), -PKIX_ERRORENTRY(REVCHECKERCHECKFAILED,revCheckerCheck failed,0), -PKIX_ERRORENTRY(REVOCATIONCHECKERADDMETHODFAILED,Can not add revocation method,0), -PKIX_ERRORENTRY(REVOCATIONCHECKERCREATEFAILED,PKIX_RevocationChecker_Create failed,0), -PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCALLBACKFAILED,PKIX_RevocationChecker_GetRevCallback failed,0), -PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCHECKERCONTEXTFAILED,PKIX_RevocationChecker_GetRevCheckerContext failed,0), -PKIX_ERRORENTRY(REVOCATIONCHECKERWASNOTSET,Revocation chekcer was not set,0), -PKIX_ERRORENTRY(REVOKEDBYUNKNOWNCRLREASONCODE,Revoked by Unknown CRL ReasonCode,0), -PKIX_ERRORENTRY(SEARCHRESPONSEPACKETOFUNKNOWNTYPE,SearchResponse packet of unknown type,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(SECASN1ENCODEITEMFAILED,SEC_ASN1EncodeItem failed,SEC_ERROR_FAILED_TO_ENCODE_DATA), -PKIX_ERRORENTRY(SECERRORUNKNOWNISSUER,Nss legacy err code: build failed. Issuer is unknown.,SEC_ERROR_UNKNOWN_ISSUER), -PKIX_ERRORENTRY(SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED,SECKEY_CopySubjectPublicKeyInfo failed,0), -PKIX_ERRORENTRY(SECKEYEXTRACTPUBLICKEYFAILED,SECKEY_ExtractPublicKey failed,0), -PKIX_ERRORENTRY(SECOIDCOPYALGORITHMIDFAILED,SECOID_CopyAlgorithmID failed,0), -PKIX_ERRORENTRY(SECOIDFINDOIDTAGDESCRIPTIONFAILED,SECOID_FindOIDTag Description failed,0), -PKIX_ERRORENTRY(SECONDFIELDMUSTBEBETWEEN039,Second field must be between 0-39,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(SECONDKEYDSAPUBLICKEY,Second key is a DSA public key but has null parameters,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(SECONDKEYNOTDSAPUBLICKEY,Second key is not a DSA public key,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(SECONDPUBKEYTYPENULLKEY,secondPubKeyType is nullKey,0), -PKIX_ERRORENTRY(SECQUICKDERDECODERFAILED,SEC_QuickDERDecodeItem failed,0), -PKIX_ERRORENTRY(SECREADPKCS7CERTSFAILED,SEC_ReadPKCS7Certs failed,0), -PKIX_ERRORENTRY(SELECTORMATCHFAILED,selectorMatch failed,0), -PKIX_ERRORENTRY(SESSIONNOTANHTTPDEFAULTCLIENT,session is not an HttpDefaultClient,0), -PKIX_ERRORENTRY(SETPOLICIESFAILED,Fail to set cert validation policies,0), -PKIX_ERRORENTRY(SHUTDOWNFAILED,PKIX_PL_Shutdown failed,0), -PKIX_ERRORENTRY(SIGNATURECHECKERINITIALIZEFAILED,pkix_SignatureChecker_Initialize failed,0), -PKIX_ERRORENTRY(SIGNATURECHECKERSTATECREATEFAILED,pkix_SignatureCheckerState_Create failed,0), -PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,SEC_ERROR_BAD_SIGNATURE), -PKIX_ERRORENTRY(SINGLEPOLICYNODEEQUALSFAILED,PKIX_PL_SinglePolicyNode_Equals failed,0), -PKIX_ERRORENTRY(SINGLEPOLICYNODEHASHCODEFAILED,pkix_SinglePolicyNode_Hashcode failed,0), -PKIX_ERRORENTRY(SINGLEPOLICYNODETOSTRINGFAILED,pkix_SinglePolicyNode_ToString failed,0), -PKIX_ERRORENTRY(SINGLEVERIFYNODEEQUALSFAILED,PKIX_PL_SingleVerifyNode_Equals failed,0), -PKIX_ERRORENTRY(SINGLEVERIFYNODEHASHCODEFAILED,pkix_SingleVerifyNode_Hashcode failed,0), -PKIX_ERRORENTRY(SOCKETCONNECTCONTINUEFAILED,pkix_pl_Socket_ConnectContinue failed,0), -PKIX_ERRORENTRY(SOCKETCONNECTFAILED,pkix_pl_Socket_Connect failed,0), -PKIX_ERRORENTRY(SOCKETCREATEBYHOSTANDPORTFAILED,pkix_pl_Socket_CreateByHostAndPort failed,0), -PKIX_ERRORENTRY(SOCKETCREATEBYNAMEFAILED,pkix_pl_Socket_CreateByName failed,0), -PKIX_ERRORENTRY(SOCKETCREATECLIENTFAILED,pkix_pl_Socket_CreateClient failed,0), -PKIX_ERRORENTRY(SOCKETCREATEFAILED,pkix_pl_Socket_Create failed,0), -PKIX_ERRORENTRY(SOCKETCREATESERVERFAILED,pkix_pl_Socket_CreateServer failed,0), -PKIX_ERRORENTRY(SOCKETEQUALSFAILED,PKIX_PL_Socket_Equals failed,0), -PKIX_ERRORENTRY(SOCKETGETCALLBACKLISTFAILED,pkix_pl_Socket_GetCallbackList failed,0), -PKIX_ERRORENTRY(SOCKETGETPRFILEDESCFAILED,pkix_pl_Socket_GetPRFileDesc failed,0), -PKIX_ERRORENTRY(SOCKETHASHCODEFAILED,PKIX_PL_Socket_Hashcode failed,0), -PKIX_ERRORENTRY(SOCKETPOLLFAILED,pkix_pl_Socket_Poll failed,0), -PKIX_ERRORENTRY(SOCKETRECVFAILED,pkix_pl_Socket_Recv failed,0), -PKIX_ERRORENTRY(SOCKETSENDFAILED,pkix_pl_Socket_Send failed,0), -PKIX_ERRORENTRY(SOCKETSETNONBLOCKINGFAILED,pkix_pl_Socket_SetNonBlocking failed,0), -PKIX_ERRORENTRY(SOURCESTRINGHASINVALIDLENGTH,Source string has invalid length,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(SPRINTFFAILED,PKIX_PL_Sprintf failed,0), -PKIX_ERRORENTRY(STRINGCOMPARATORFAILED,pkix_pl_String_Comparator failed,0), -PKIX_ERRORENTRY(STRINGCREATEFAILED,PKIX_PL_String_Create failed,0), -PKIX_ERRORENTRY(STRINGEQUALSFAILED,pkix_pl_String_Equals failed,0), -PKIX_ERRORENTRY(STRINGGETENCODEDFAILED,PKIX_PL_String_GetEncoded failed,0), -PKIX_ERRORENTRY(STRINGHASHCODEFAILED,pkix_pl_String_Hashcode failed,0), -PKIX_ERRORENTRY(SUBJALTNAMECHECKFAILED,Validation failed: SubjAltNamecheck failed,0), -PKIX_ERRORENTRY(TARGETCERTCHECKERINITIALIZEFAILED,pkix_TargetCertChecker_Initialize failed,0), -PKIX_ERRORENTRY(TARGETCERTCHECKERSTATECREATEFAILED,pkix_TargetCertCheckerState_Create failed,0), -PKIX_ERRORENTRY(TESTANOTHERERRORMESSAGE, Another Error Message,0), -PKIX_ERRORENTRY(TESTERRORMESSAGE, Error Message,0), -PKIX_ERRORENTRY(TESTNOMATCHINGPOLICY, No Matching Policy,0), -PKIX_ERRORENTRY(TESTNOTANERRORCRLSELECTMISMATCH, Not an error CRL Select mismatch,0), -PKIX_ERRORENTRY(TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, Policies extension but no Policy Qualifiers,0), -PKIX_ERRORENTRY(TIMECONSUMEDEXCEEDSRESOURCELIMITS,Time consumed exceeds Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS), -PKIX_ERRORENTRY(TOOLITTLEDATAINDERSEQUENCE,Too little data in DER Sequence,0), -PKIX_ERRORENTRY(TOOMUCHDATAINDERSEQUENCE,Too much data in DER Sequence,0), -PKIX_ERRORENTRY(TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED,ToString for this GeneralName type not supported,0), -PKIX_ERRORENTRY(TRUNCATEDUNICODEINESCAPEDASCII,Truncated Unicode in EscapedASCII,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(TRUSTANCHORCREATEWITHCERTFAILED,PKIX_TrustAnchor_CreateWithCert failed,0), -PKIX_ERRORENTRY(TRUSTANCHORGETCANAMEFAILED,PKIX_TrustAnchor_GetCAName failed,0), -PKIX_ERRORENTRY(TRUSTANCHORGETCAPUBLICKEYFAILED,PKIX_TrustAnchor_GetCAPublicKey failed,0), -PKIX_ERRORENTRY(TRUSTANCHORGETNAMECONSTRAINTSFAILED,PKIX_TrustAnchor_GetNameConstraints failed,0), -PKIX_ERRORENTRY(TRUSTANCHORGETTRUSTEDCERTFAILED,PKIX_TrustAnchor_GetTrustedCert failed,0), -PKIX_ERRORENTRY(TRUSTANCHORTOCERTFAILED,Fail to convert trust anchor to cert,0), -PKIX_ERRORENTRY(TYPEALREADYREGISTERED,Type is already registered,0), -PKIX_ERRORENTRY(UNABLETOADDACCEPTABLERESPONSESTOREQUEST,Unable to add acceptableResponses to request,0), -PKIX_ERRORENTRY(UNABLETOADDCERTTOCERTLIST,Unable to add Cert to CertList,0), -PKIX_ERRORENTRY(UNABLETOBUILDCHAIN,Unable to build chain,0), -PKIX_ERRORENTRY(UNABLETOCREATECERTOCSPREQUEST,Unable to create a CertOCSPRequest,0), -PKIX_ERRORENTRY(UNABLETOCREATECRLSTRING,Unable to create crlString,0), -PKIX_ERRORENTRY(UNABLETOCREATEGENERALNAMEOFTHISTYPE,Unable to create GeneralName of this type,0), -PKIX_ERRORENTRY(UNABLETOCREATEISSUER,Unable to create Issuer,0), -PKIX_ERRORENTRY(UNABLETOCREATELIST,Unable to create list,0), -PKIX_ERRORENTRY(UNABLETOCREATENEWCERTLIST,Unable to create a new CertList,0), -PKIX_ERRORENTRY(UNABLETOCREATEPSTRING,Unable to create pString,0), -PKIX_ERRORENTRY(UNABLETOFINDSTATUSINOCSPRESPONSE,Unable to find status in OCSP response,SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS), -PKIX_ERRORENTRY(UNABLETOMAKELISTIMMUTABLE,Unable to make list immutable,0), -PKIX_ERRORENTRY(UNABLETOOPENCERTFILE,Unable to open cert file,0), -PKIX_ERRORENTRY(UNABLETOOPENCRLFILE,Unable to open crl file,0), -PKIX_ERRORENTRY(UNABLETOPARSEOCSPRESPONSE,Unable to parse OCSP response,SEC_ERROR_OCSP_MALFORMED_RESPONSE), -PKIX_ERRORENTRY(UNABLETOREADDERFROMCERTFILE,Unable to read DER from cert file,0), -PKIX_ERRORENTRY(UNABLETOREADDERFROMCRLFILE,Unable to read DER from crl file,0), -PKIX_ERRORENTRY(UNABLETOSETSOCKETTONONBLOCKING,Unable to set socket to non-blocking I/O,0), -PKIX_ERRORENTRY(UNDEFINEDCALLBACK,Undefined callback,0), -PKIX_ERRORENTRY(UNDEFINEDCLASSTABLEENTRY,Undefined class table entry,0), -PKIX_ERRORENTRY(UNDEFINEDCOMPARATOR,Undefined Comparator,0), -PKIX_ERRORENTRY(UNDEFINEDDUPLICATEFUNCTION,Undefined Duplicate function,0), -PKIX_ERRORENTRY(UNDEFINEDEQUALSCALLBACK,Undefined equals callback,0), -PKIX_ERRORENTRY(UNEXPECTEDERRORINESTABLISHINGCONNECTION,Unexpected error in establishing connection,0), -PKIX_ERRORENTRY(UNEXPECTEDRESULTCODEINRESPONSE,Unexpected result code in Response,SEC_ERROR_BAD_LDAP_RESPONSE), -PKIX_ERRORENTRY(UNKNOWNFORMAT,Unknown format,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(UNKNOWNINFOACCESSTYPE,Unknown InfoAccess type,SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE), -PKIX_ERRORENTRY(UNKNOWNINFOACCESSMETHOD,Unknown InfoAccess method,SEC_ERROR_BAD_INFO_ACCESS_METHOD), -PKIX_ERRORENTRY(UNKNOWNOBJECTOID,Unknown object OID,0), -PKIX_ERRORENTRY(UNKNOWNOBJECTTYPE,Unknown object type,0), -PKIX_ERRORENTRY(UNKNOWNTYPEARGUMENT,Unknown type argument,0), -PKIX_ERRORENTRY(UNLOCKOBJECTFAILED,pkix_UnlockObject failed,0), -PKIX_ERRORENTRY(UNRECOGNIZEDCRITICALEXTENSION,Unrecognized Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION), -PKIX_ERRORENTRY(UNRECOGNIZEDCRLENTRYCRITICALEXTENSION,Unrecognized CRLEntry Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION), -PKIX_ERRORENTRY(UNRECOGNIZEDPROTOCOLREQUESTED,Unrecognized protocol requested,0), -PKIX_ERRORENTRY(UNRECOGNIZEDREQUESTMETHOD,Unrecognized request method,0), -PKIX_ERRORENTRY(UNRECOGNIZEDTIMETYPE,Unrecognized time type,0), -PKIX_ERRORENTRY(UNSUPPORTEDCRLDPTYPE,CrlDp type is not supported,0), -PKIX_ERRORENTRY(UNSUPPORTEDVERSIONOFHTTPCLIENT,Unsupported version of Http Client,0), -PKIX_ERRORENTRY(UNSUPPORTEDCERTUSAGE,Specified certificate usage is unsupported,SEC_ERROR_CERT_USAGES_INVALID), -PKIX_ERRORENTRY(URLPARSINGFAILED,URL Parsing failed,0), -PKIX_ERRORENTRY(USERCHECKERCHECKFAILED,userCheckerCheck failed,0), -PKIX_ERRORENTRY(UTF16ALIGNMENTERROR,UTF16 Alignment Error,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(UTF16HIGHZONEALIGNMENTERROR,UTF16 High Zone Alignment Error,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(UTF16LOWZONEERROR,UTF16 Low Zone Error,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(UTF16TOESCASCIIFAILED,pkix_UTF16_to_EscASCII failed,0), -PKIX_ERRORENTRY(UTF16TOUTF8FAILED,pkix_UTF16_to_UTF8 failed,0), -PKIX_ERRORENTRY(UTF8TOUTF16FAILED,pkix_UTF8_to_UTF16 failed,0), -PKIX_ERRORENTRY(VALIDATEBUILDUSEROIDSFAILED,pkix_Validate_BuildUserOIDs failed,0), -PKIX_ERRORENTRY(VALIDATECERTCHAINFAILED,Failed to validate cert chain,0), -PKIX_ERRORENTRY(VALIDATECHAINFAILED,PKIX_ValidateChain failed,0), -PKIX_ERRORENTRY(VALIDATEPARAMSGETCERTCHAINFAILED,PKIX_ValidateParams_GetCertChain failed,0), -PKIX_ERRORENTRY(VALIDATEPARAMSGETPROCESSINGPARAMSFAILED,PKIX_ValidateParams_GetProcessingParams failed,0), -PKIX_ERRORENTRY(VALIDATERESULTCREATEFAILED,pkix_ValidateResult_Create failed,0), -PKIX_ERRORENTRY(VALIDATERESULTGETPOLICYTREEFAILED,PKIX_ValidateResult_GetPolicyTree failed,0), -PKIX_ERRORENTRY(VALIDATERESULTGETTRUSTANCHORFAILED,PKIX_ValidateResult_GetTrustAnchor failed,0), -PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,SEC_ERROR_BAD_SIGNATURE), -PKIX_ERRORENTRY(VALIDATIONFAILEDNULLCERTPOINTER,Validation failed: NULL Cert pointer,0), -PKIX_ERRORENTRY(VALIDATIONFAILEDPATHTONAMECHECKFAILED,Validation failed: PathToName check failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE), -PKIX_ERRORENTRY(VALUEINESCAPEDASCII,value in EscapedASCII,0), -PKIX_ERRORENTRY(VERIFYNODEADDTOCHAINFAILED,pkix_VerifyNode_AddToChain failed,0), -PKIX_ERRORENTRY(VERIFYNODEADDTOTREEFAILED,pkix_VerifyNode_AddToTree failed,0), -PKIX_ERRORENTRY(VERIFYNODECREATEFAILED,pkix_VerifyNode_Create failed,0), -PKIX_ERRORENTRY(VERIFYNODEDUPLICATEHELPERFAILED,pkix_VerifyNode_DuplicateHelper failed,0), -PKIX_ERRORENTRY(VERIFYNODEFINDERRORFAILED,pkix_VerifyNode_FindError failed,0), -PKIX_ERRORENTRY(VERIFYNODESETDEPTHFAILED,pkix_VerifyNode_SetDepth failed,0), -PKIX_ERRORENTRY(VERIFYNODESETERRORFAILED,pkix_VerifyNode_SetError failed,0), -PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1ORV2,Version value must be V1(0) or V2(1),SEC_ERROR_CRL_INVALID), -PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1V2ORV3,Version value must be v1(0) v2(1) or v3(2),SEC_ERROR_CERT_VALID), -PKIX_ERRORENTRY(X500NAMECOMPAREDERBYTESFAILED,pkix_pl_X500Name_CompareDERBytes failed,0), -PKIX_ERRORENTRY(X500NAMECREATEFAILED,PKIX_PL_X500Name_Create failed,0), -PKIX_ERRORENTRY(X500NAMECREATEFROMCERTNAMEFAILED,pkix_pl_X500Name_CreateFromCERTName failed,0), -PKIX_ERRORENTRY(X500NAMECREATEFROMUTF8FAILED,pkix_pl_X500Name_CreateFromUtf8 failed,0), -PKIX_ERRORENTRY(X500NAMEEQUALSFAILED,PKIX_PL_X500Name_Equals failed,0), -PKIX_ERRORENTRY(X500NAMEGETCOMMONNAMEFAILED,pkix_pl_X500Name_GetCommonName failed,0), -PKIX_ERRORENTRY(X500NAMEGETCOUNTRYNAMEFAILED,pkix_pl_X500Name_GetCountryName failed,0), -PKIX_ERRORENTRY(X500NAMEGETORGNAMEFAILED,pkix_pl_X500Name_GetOrgName failed,0), -PKIX_ERRORENTRY(X500NAMEGETSECNAMEFAILED,pkix_pl_X500Name_GetSECName failed,0), -PKIX_ERRORENTRY(X500NAMEHASHCODEFAILED,PKIX_PL_X500Name_Hashcode failed,0), -PKIX_ERRORENTRY(X500NAMEMATCHFAILED,PKIX_PL_X500Name_Match failed,0), -PKIX_ERRORENTRY(X500NAMETOSTRINGFAILED,PKIX_PL_X500Name_ToString failed,0), -PKIX_ERRORENTRY(X500NAMETOSTRINGHELPERFAILED,pkix_pl_X500Name_ToString_Helper failed,0), -PKIX_ERRORENTRY(ZEROLENGTHBYTEARRAYFORCRLENCODING,Zero-length ByteArray for CRL encoding,0) diff --git a/security/nss/lib/libpkix/include/pkix_params.h b/security/nss/lib/libpkix/include/pkix_params.h deleted file mode 100755 index f0aed9225..000000000 --- a/security/nss/lib/libpkix/include/pkix_params.h +++ /dev/null @@ -1,1759 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the various parameters used - * by the top-level functions. - * - */ - -#ifndef _PKIX_PARAMS_H -#define _PKIX_PARAMS_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_ProcessingParams - * - * PKIX_ProcessingParams are parameters used when validating or building a - * chain of certificates. Using the parameters, the caller can specify several - * things, including the various inputs to the PKIX chain validation - * algorithm (such as trust anchors, initial policies, etc), any customized - * functionality (such as CertChainCheckers, RevocationCheckers, CertStores), - * and whether revocation checking should be disabled. - * - * Once the caller has created the ProcessingParams object, the caller then - * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call - * the user's callback functions as needed during the validation or building - * process. - * - * If a parameter is not set (or is set to NULL), it will be set to the - * default value for that parameter. The default value for the Date parameter - * is NULL, which indicates the current time when the path is validated. The - * default for the remaining parameters is the least constrained. - */ - -/* - * FUNCTION: PKIX_ProcessingParams_Create - * DESCRIPTION: - * - * Creates a new ProcessingParams object. Trust anchor list is set to - * newly created empty list of trust. In this case trust anchors will - * be taken from provided cert store. Pointed to the created - * ProcessingParams object is stored in "pParams". - * - * PARAMETERS: - * "anchors" - * Address of List of (non-empty) TrustAnchors to be used. - * Must be non-NULL. - * "pParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_Create( - PKIX_ProcessingParams **pParams, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers - * DESCRIPTION: - * - * Retrieves a pointer to the List of CertChainCheckers (if any) that are set - * in the ProcessingParams pointed to by "params" and stores it at - * "pCheckers". Each CertChainChecker represents a custom certificate - * validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed - * during the validation or building process. If "params" does not have any - * CertChainCheckers, this function stores an empty List at "pCheckers". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of CertChainCheckers (if any) - * are to be stored. Must be non-NULL. - * "pCheckers" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetCertChainCheckers( - PKIX_ProcessingParams *params, - PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a List of - * CertChainCheckers pointed to by "checkers". Each CertChainChecker - * represents a custom certificate validation check used by - * PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or - * building process. If "checkers" is NULL, no CertChainCheckers will be used. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of CertChainCheckers is to be - * set. Must be non-NULL. - * "checkers" - * Address of List of CertChainCheckers to be set. If NULL, no - * CertChainCheckers will be used. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" and "checkers" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetCertChainCheckers( - PKIX_ProcessingParams *params, - PKIX_List *checkers, /* list of PKIX_CertChainChecker */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker - * DESCRIPTION: - * - * Adds the CertChainChecker pointed to by "checker" to the ProcessingParams - * pointed to by "params". The CertChainChecker represents a custom - * certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain - * as needed during the validation or building process. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams to be added to. Must be non-NULL. - * "checker" - * Address of CertChainChecker to be added. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_AddCertChainChecker( - PKIX_ProcessingParams *params, - PKIX_CertChainChecker *checker, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker - * DESCRIPTION: - * - * Retrieves a pointer to the RevocationChecker that are set - * in the ProcessingParams pointed to by "params" and stores it at - * "pRevChecker". Each RevocationChecker represents a revocation - * check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the - * validation or building process. If "params" does not have any - * RevocationCheckers, this function stores an empty List at "pRevChecker". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of RevocationCheckers - * is to be stored. Must be non-NULL. - * "pRevChecker" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetRevocationChecker( - PKIX_ProcessingParams *params, - PKIX_RevocationChecker **pChecker, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a - * RevocationChecker pointed to by "revChecker". Revocation - * checker object should be created and assigned to processing - * parameters before chain build or validation can begin. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of RevocationCheckers is to be - * set. Must be non-NULL. - * "revChecker" - * Address of RevocationChecker to be set. Must be set before chain - * building or validation. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetRevocationChecker( - PKIX_ProcessingParams *params, - PKIX_RevocationChecker *revChecker, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetCertStores - * DESCRIPTION: - * - * Retrieves a pointer to the List of CertStores (if any) that are set in the - * ProcessingParams pointed to by "params" and stores it at "pStores". Each - * CertStore represents a particular repository from which certificates and - * CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed - * during the validation or building process. If "params" does not have any - * CertStores, this function stores an empty List at "pStores". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of CertStores (if any) are to - * be stored. Must be non-NULL. - * "pStores" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetCertStores( - PKIX_ProcessingParams *params, - PKIX_List **pStores, /* list of PKIX_CertStore */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetCertStores - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a List of CertStores - * pointed to by "stores". Each CertStore represents a particular repository - * from which certificates and CRLs can be retrieved by PKIX_ValidateChain or - * PKIX_BuildChain as needed during the validation or building process. If - * "stores" is NULL, no CertStores will be used. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of CertStores is to be set. - * Must be non-NULL. - * "stores" - * Address of List of CertStores to be set. If NULL, no CertStores will - * be used. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetCertStores( - PKIX_ProcessingParams *params, - PKIX_List *stores, /* list of PKIX_CertStore */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_AddCertStore - * DESCRIPTION: - * - * Adds the CertStore pointed to by "store" to the ProcessingParams pointed - * to by "params". The CertStore represents a particular repository from - * which certificates and CRLs can be retrieved by PKIX_ValidateChain or - * PKIX_BuildChain as needed during the validation or building process. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams to be added to. Must be non-NULL. - * "store" - * Address of CertStore to be added. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_AddCertStore( - PKIX_ProcessingParams *params, - PKIX_CertStore *store, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetDate - * DESCRIPTION: - * - * Retrieves a pointer to the Date (if any) that is set in the - * ProcessingParams pointed to by "params" and stores it at "pDate". The - * Date represents the time for which the validation of the certificate chain - * should be determined. If "params" does not have any Date set, this function - * stores NULL at "pDate". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose Date (if any) is to be stored. - * Must be non-NULL. - * "pDate" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetDate( - PKIX_ProcessingParams *params, - PKIX_PL_Date **pDate, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetDate - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a Date pointed to by - * "date". The Date represents the time for which the validation of the - * certificate chain should be determined. If "date" is NULL, the current - * time is used during validation. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose Date is to be set. Must be non-NULL. - * "date" - * Address of Date to be set. If NULL, current time is used. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetDate( - PKIX_ProcessingParams *params, - PKIX_PL_Date *date, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies - * DESCRIPTION: - * - * Retrieves a pointer to the List of OIDs (if any) that are set in the - * ProcessingParams pointed to by "params" and stores it at "pInitPolicies". - * Each OID represents an initial policy identifier, indicating that any - * one of these policies would be acceptable to the certificate user for - * the purposes of certification path processing. If "params" does not have - * any initial policies, this function stores an empty List at - * "pInitPolicies". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of OIDs (if any) are to be - * stored. Must be non-NULL. - * "pInitPolicies" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetInitialPolicies( - PKIX_ProcessingParams *params, - PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a List of OIDs - * pointed to by "initPolicies". - * - * Each OID represents an initial policy identifier, indicating that any - * one of these policies would be acceptable to the certificate user for - * the purposes of certification path processing. By default, any policy - * is acceptable (i.e. all policies), so a user that wants to allow any - * policy as acceptable does not need to call this method. Similarly, if - * initPolicies is NULL or points to an empty List, all policies are - * acceptable. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of OIDs is to be set. - * Must be non-NULL. - * "initPolicies" - * Address of List of OIDs to be set. If NULL or if pointing to an empty - * List, all policies are acceptable. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetInitialPolicies( - PKIX_ProcessingParams *params, - PKIX_List *initPolicies, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected - * DESCRIPTION: - * - * Checks whether the ProcessingParams pointed to by "params" indicate that - * policy qualifiers should be rejected and stores the Boolean result at - * "pRejected". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams used to determine whether or not policy - * qualifiers should be rejected. Must be non-NULL. - * "pRejected" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetPolicyQualifiersRejected( - PKIX_ProcessingParams *params, - PKIX_Boolean *pRejected, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected - * DESCRIPTION: - * - * Specifies in the ProcessingParams pointed to by "params" whether policy - * qualifiers are rejected using the Boolean value of "rejected". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams to be set. Must be non-NULL. - * "rejected" - * Boolean value indicating whether policy qualifiers are to be rejected. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetPolicyQualifiersRejected( - PKIX_ProcessingParams *params, - PKIX_Boolean rejected, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints - * DESCRIPTION: - * - * Retrieves a pointer to the CertSelector (if any) that is set in the - * ProcessingParams pointed to by "params" and stores it at "pConstraints". - * The CertSelector represents the constraints to be placed on the target - * certificate. If "params" does not have any CertSelector set, this function - * stores NULL at "pConstraints". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose CertSelector (if any) is to be - * stored. Must be non-NULL. - * "pConstraints" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetTargetCertConstraints( - PKIX_ProcessingParams *params, - PKIX_CertSelector **pConstraints, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a CertSelector - * pointed to by "constraints". The CertSelector represents the constraints - * to be placed on the target certificate. If "constraints" is NULL, no - * constraints are defined. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose CertSelector is to be set. - * Must be non-NULL. - * "constraints" - * Address of CertSelector to be set. If NULL, no constraints are defined. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetTargetCertConstraints( - PKIX_ProcessingParams *params, - PKIX_CertSelector *constraints, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors - * DESCRIPTION: - * - * Retrieves a pointer to the List of TrustAnchors that are set in - * the ProcessingParams pointed to by "params" and stores it at "pAnchors". - * If the function succeeds, the pointer to the List is guaranteed to be - * non-NULL and the List is guaranteed to be non-empty. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of TrustAnchors are to - * be stored. Must be non-NULL. - * "pAnchors" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetTrustAnchors( - PKIX_ProcessingParams *params, - PKIX_List **pAnchors, /* list of TrustAnchor */ - void *plContext); -/* - * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors - * DESCRIPTION: - * - * Sets user defined set of trust anchors. A certificate will be considered - * invalid if it does not chain to a trusted anchor from this list. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of TrustAnchors are to - * be stored. Must be non-NULL. - * "anchors" - * Address of the trust anchors list object. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetTrustAnchors( - PKIX_ProcessingParams *params, - PKIX_List *pAnchors, /* list of TrustAnchor */ - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching - * DESCRIPTION: - * - * Retrieves a pointer to the Boolean. The boolean value represents - * the switch value that is used to identify if url in cert AIA extension - * may be used for cert fetching. - * If the function succeeds, the pointer to the Boolean is guaranteed to be - * non-NULL. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams. Must be non-NULL. - * "pUseAIA" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetUseAIAForCertFetching( - PKIX_ProcessingParams *params, - PKIX_Boolean *pUseAIA, /* list of TrustAnchor */ - void *plContext); -/* - * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors - * DESCRIPTION: - * - * Sets switch value that defines if url in cert AIA extension - * may be used for cert fetching. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams. - * "useAIA" - * Address of the trust anchors list object. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetUseAIAForCertFetching( - PKIX_ProcessingParams *params, - PKIX_Boolean useAIA, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert - * DESCRIPTION: - * - * Sets a boolean value that tells if libpkix needs to check that - * the target certificate satisfies the conditions set in processing - * parameters. Includes but not limited to date, ku and eku checks. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of TrustAnchors are to - * be stored. Must be non-NULL. - * "qualifyTargetCert" - * boolean value if set to true will trigger qualification of the - * target certificate. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetQualifyTargetCert( - PKIX_ProcessingParams *params, - PKIX_Boolean qualifyTargetCert, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetHintCerts - * DESCRIPTION: - * - * Retrieves a pointer to a List of Certs supplied by the user as a suggested - * partial CertChain (subject to verification), that are set in the - * ProcessingParams pointed to by "params", and stores it at "pHintCerts". - * The List returned may be empty or NULL. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of TrustAnchors are to - * be stored. Must be non-NULL. - * "pHintCerts" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetHintCerts( - PKIX_ProcessingParams *params, - PKIX_List **pHintCerts, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetHintCerts - * DESCRIPTION: - * - * Stores a pointer to a List of Certs supplied by the user as a suggested - * partial CertChain (subject to verification), as an element in the - * ProcessingParams pointed to by "params". The List may be empty or NULL. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose List of HintCerts is to be stored. - * Must be non-NULL. - * "hintCerts" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetHintCerts( - PKIX_ProcessingParams *params, - PKIX_List *hintCerts, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_GetResourceLimits - * DESCRIPTION: - * - * Retrieves a pointer to the ResourceLimits (if any) that is set in the - * ProcessingParams pointed to by "params" and stores it at "pResourceLimits". - * The ResourceLimits represent the maximum resource usage that the caller - * desires (such as MaxTime). The ValidateChain or BuildChain call will not - * exceed these maximum limits. If "params" does not have any ResourceLimits - * set, this function stores NULL at "pResourceLimits". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose ResourceLimits (if any) are to be - * stored. Must be non-NULL. - * "pResourceLimits" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_GetResourceLimits( - PKIX_ProcessingParams *params, - PKIX_ResourceLimits **pResourceLimits, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetResourceLimits - * DESCRIPTION: - * - * Sets the ProcessingParams pointed to by "params" with a ResourceLimits - * object pointed to by "resourceLimits". The ResourceLimits represent the - * maximum resource usage that the caller desires (such as MaxTime). The - * ValidateChain or BuildChain call will not exceed these maximum limits. - * If "resourceLimits" is NULL, no ResourceLimits are defined. - * - * PARAMETERS: - * "params" - * Address of ProcessingParams whose ResourceLimits are to be set. - * Must be non-NULL. - * "resourceLimits" - * Address of ResourceLimits to be set. If NULL, no limits are defined. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetResourceLimits( - PKIX_ProcessingParams *params, - PKIX_ResourceLimits *resourceLimits, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited - * DESCRIPTION: - * - * Checks whether the ProcessingParams pointed to by "params" indicate that - * anyPolicy is inhibited and stores the Boolean result at "pInhibited". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams used to determine whether or not anyPolicy - * inhibited. Must be non-NULL. - * "pInhibited" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_IsAnyPolicyInhibited( - PKIX_ProcessingParams *params, - PKIX_Boolean *pInhibited, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited - * DESCRIPTION: - * - * Specifies in the ProcessingParams pointed to by "params" whether anyPolicy - * is inhibited using the Boolean value of "inhibited". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams to be set. Must be non-NULL. - * "inhibited" - * Boolean value indicating whether anyPolicy is to be inhibited. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetAnyPolicyInhibited( - PKIX_ProcessingParams *params, - PKIX_Boolean inhibited, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired - * DESCRIPTION: - * - * Checks whether the ProcessingParams pointed to by "params" indicate that - * explicit policies are required and stores the Boolean result at - * "pRequired". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams used to determine whether or not explicit - * policies are required. Must be non-NULL. - * "pRequired" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_IsExplicitPolicyRequired( - PKIX_ProcessingParams *params, - PKIX_Boolean *pRequired, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired - * DESCRIPTION: - * - * Specifies in the ProcessingParams pointed to by "params" whether explicit - * policies are required using the Boolean value of "required". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams to be set. Must be non-NULL. - * "required" - * Boolean value indicating whether explicit policies are to be required. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetExplicitPolicyRequired( - PKIX_ProcessingParams *params, - PKIX_Boolean required, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited - * DESCRIPTION: - * - * Checks whether the ProcessingParams pointed to by "params" indicate that - * policyMapping is inhibited and stores the Boolean result at "pInhibited". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams used to determine whether or not policy - * mappings are inhibited. Must be non-NULL. - * "pInhibited" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_IsPolicyMappingInhibited( - PKIX_ProcessingParams *params, - PKIX_Boolean *pInhibited, - void *plContext); - -/* - * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited - * DESCRIPTION: - * - * Specifies in the ProcessingParams pointed to by "params" whether policy - * mapping is inhibited using the Boolean value of "inhibited". - * - * PARAMETERS: - * "params" - * Address of ProcessingParams to be set. Must be non-NULL. - * "inhibited" - * Boolean value indicating whether policy mapping is to be inhibited. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ProcessingParams_SetPolicyMappingInhibited( - PKIX_ProcessingParams *params, - PKIX_Boolean inhibited, - void *plContext); - - -/* PKIX_ValidateParams - * - * PKIX_ValidateParams consists of a ProcessingParams object as well as the - * List of Certs (certChain) that the caller is trying to validate. - */ - -/* - * FUNCTION: PKIX_ValidateParams_Create - * DESCRIPTION: - * - * Creates a new ValidateParams object and stores it at "pParams". - * - * PARAMETERS: - * "procParams" - * Address of ProcessingParams to be used. Must be non-NULL. - * "chain" - * Address of List of Certs (certChain) to be validated. Must be non-NULL. - * "pParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateParams_Create( - PKIX_ProcessingParams *procParams, - PKIX_List *chain, - PKIX_ValidateParams **pParams, - void *plContext); - -/* - * FUNCTION: PKIX_ValidateParams_GetProcessingParams - * DESCRIPTION: - * - * Retrieves a pointer to the ProcessingParams that represent the basic - * certificate processing parameters used during chain validation and chain - * building from the ValidateParams pointed to by "valParams" and stores it - * at "pProcParams". If the function succeeds, the pointer to the - * ProcessingParams is guaranteed to be non-NULL. - * - * PARAMETERS: - * "valParams" - * Address of ValidateParams whose ProcessingParams are to be stored. - * Must be non-NULL. - * "pProcParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateParams_GetProcessingParams( - PKIX_ValidateParams *valParams, - PKIX_ProcessingParams **pProcParams, - void *plContext); - -/* - * FUNCTION: PKIX_ValidateParams_GetCertChain - * DESCRIPTION: - * - * Retrieves a pointer to the List of Certs (certChain) that is set in the - * ValidateParams pointed to by "valParams" and stores it at "pChain". If the - * function succeeds, the pointer to the CertChain is guaranteed to be - * non-NULL. - * - * PARAMETERS: - * "valParams" - * Address of ValidateParams whose CertChain is to be stored. - * Must be non-NULL. - * "pChain" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateParams_GetCertChain( - PKIX_ValidateParams *valParams, - PKIX_List **pChain, - void *plContext); - -/* PKIX_TrustAnchor - * - * A PKIX_TrustAnchor represents a trusted entity and can be specified using a - * self-signed certificate or using the trusted CA's name and public key. In - * order to limit the trust in the trusted entity, name constraints can also - * be imposed on the trust anchor. - */ - -/* - * FUNCTION: PKIX_TrustAnchor_CreateWithCert - * DESCRIPTION: - * - * Creates a new TrustAnchor object using the Cert pointed to by "cert" as - * the trusted certificate and stores it at "pAnchor". Once created, a - * TrustAnchor is immutable. - * - * PARAMETERS: - * "cert" - * Address of Cert to use as trusted certificate. Must be non-NULL. - * "pAnchor" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_TrustAnchor_CreateWithCert( - PKIX_PL_Cert *cert, - PKIX_TrustAnchor **pAnchor, - void *plContext); - -/* - * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair - * DESCRIPTION: - * - * Creates a new TrustAnchor object using the X500Name pointed to by "name", - * and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The - * CertNameConstraints pointed to by "nameConstraints" (if any) are used to - * limit the trust placed in this trust anchor. To indicate that name - * constraints don't apply, set "nameConstraints" to NULL. Once created, a - * TrustAnchor is immutable. - * - * PARAMETERS: - * "name" - * Address of X500Name to use as name of trusted CA. Must be non-NULL. - * "pubKey" - * Address of PublicKey to use as trusted public key. Must be non-NULL. - * "nameConstraints" - * Address of CertNameConstraints to use as initial name constraints. - * If NULL, no name constraints are applied. - * "pAnchor" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_TrustAnchor_CreateWithNameKeyPair( - PKIX_PL_X500Name *name, - PKIX_PL_PublicKey *pubKey, - PKIX_PL_CertNameConstraints *nameConstraints, - PKIX_TrustAnchor **pAnchor, - void *plContext); - -/* - * FUNCTION: PKIX_TrustAnchor_GetTrustedCert - * DESCRIPTION: - * - * Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to - * by "anchor" and stores it at "pCert". If "anchor" does not have a Cert - * set, this function stores NULL at "pCert". - * - * PARAMETERS: - * "anchor" - * Address of TrustAnchor whose Cert is to be stored. Must be non-NULL. - * "pChain" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_TrustAnchor_GetTrustedCert( - PKIX_TrustAnchor *anchor, - PKIX_PL_Cert **pCert, - void *plContext); - -/* - * FUNCTION: PKIX_TrustAnchor_GetCAName - * DESCRIPTION: - * - * Retrieves a pointer to the CA's X500Name (if any) that is set in the - * TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor" - * does not have an X500Name set, this function stores NULL at "pCAName". - * - * PARAMETERS: - * "anchor" - * Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL. - * "pCAName" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_TrustAnchor_GetCAName( - PKIX_TrustAnchor *anchor, - PKIX_PL_X500Name **pCAName, - void *plContext); - -/* - * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey - * DESCRIPTION: - * - * Retrieves a pointer to the CA's PublicKey (if any) that is set in the - * TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor" - * does not have a PublicKey set, this function stores NULL at "pPubKey". - * - * PARAMETERS: - * "anchor" - * Address of TrustAnchor whose CA PublicKey is to be stored. - * Must be non-NULL. - * "pPubKey" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_TrustAnchor_GetCAPublicKey( - PKIX_TrustAnchor *anchor, - PKIX_PL_PublicKey **pPubKey, - void *plContext); - -/* - * FUNCTION: PKIX_TrustAnchor_GetNameConstraints - * DESCRIPTION: - * - * Retrieves a pointer to the CertNameConstraints (if any) set in the - * TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If - * "anchor" does not have any CertNameConstraints set, this function stores - * NULL at "pConstraints". - * - * PARAMETERS: - * "anchor" - * Address of TrustAnchor whose CertNameConstraints are to be stored. - * Must be non-NULL. - * "pConstraints" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Params Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_TrustAnchor_GetNameConstraints( - PKIX_TrustAnchor *anchor, - PKIX_PL_CertNameConstraints **pNameConstraints, - void *plContext); - -/* PKIX_ResourceLimits - * - * A PKIX_ResourceLimits object represents the maximum resource usage that - * the caller desires. The ValidateChain or BuildChain call - * will not exceed these maximum limits. For example, the caller may want - * a timeout value of 1 minute, meaning that if the ValidateChain or - * BuildChain function is unable to finish in 1 minute, it should abort - * with an Error. - */ - -/* - * FUNCTION: PKIX_ResourceLimits_Create - * DESCRIPTION: - * - * Creates a new ResourceLimits object and stores it at "pResourceLimits". - * - * PARAMETERS: - * "pResourceLimits" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_Create( - PKIX_ResourceLimits **pResourceLimits, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_GetMaxTime - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the maximum time that is - * set in the ResourceLimits object pointed to by "resourceLimits" and stores - * it at "pMaxTime". This maximum time (in seconds) should not be exceeded - * by the function whose ProcessingParams contain this ResourceLimits object - * (typically ValidateChain or BuildChain). It essentially functions as a - * time-out value and is only appropriate if blocking I/O is being used. - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum time (in seconds) is - * to be stored. Must be non-NULL. - * "pMaxTime" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_GetMaxTime( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 *pMaxTime, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_SetMaxTime - * DESCRIPTION: - * - * Sets the maximum time of the ResourceLimits object pointed to by - * "resourceLimits" using the PKIX_UInt32 value of "maxTime". This - * maximum time (in seconds) should not be exceeded by the function - * whose ProcessingParams contain this ResourceLimits object - * (typically ValidateChain or BuildChain). It essentially functions as a - * time-out value and is only appropriate if blocking I/O is being used. - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum time (in seconds) is - * to be set. Must be non-NULL. - * "maxTime" - * Value of PKIX_UInt32 representing the maximum time (in seconds) - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_SetMaxTime( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 maxTime, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_GetMaxFanout - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is - * set in the ResourceLimits object pointed to by "resourceLimits" and stores - * it at "pMaxFanout". This maximum fanout (number of certs) should not be - * exceeded by the function whose ProcessingParams contain this ResourceLimits - * object (typically ValidateChain or BuildChain). If the builder encounters - * more than this maximum number of certificates when searching for the next - * candidate certificate, it should abort and return an error. This - * parameter is only relevant for ValidateChain if it needs to internally call - * BuildChain (e.g. in order to build the chain to a CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum fanout (number of certs) - * is to be stored. Must be non-NULL. - * "pMaxFanout" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_GetMaxFanout( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 *pMaxFanout, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_SetMaxFanout - * DESCRIPTION: - * - * Sets the maximum fanout of the ResourceLimits object pointed to by - * "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum - * fanout (number of certs) should not be exceeded by the function whose - * ProcessingParams contain this ResourceLimits object (typically ValidateChain - * or BuildChain). If the builder encounters more than this maximum number of - * certificates when searching for the next candidate certificate, it should - * abort and return an Error. This parameter is only relevant for ValidateChain - * if it needs to internally call BuildChain (e.g. in order to build the - * chain to a CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum fanout (number of certs) - * is to be set. Must be non-NULL. - * "maxFanout" - * Value of PKIX_UInt32 representing the maximum fanout (number of certs) - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_SetMaxFanout( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 maxFanout, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_GetMaxDepth - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is - * set in the ResourceLimits object pointed to by "resourceLimits" and stores - * it at "pMaxDepth". This maximum depth (number of certs) should not be - * exceeded by the function whose ProcessingParams contain this ResourceLimits - * object (typically ValidateChain or BuildChain). If the builder encounters - * more than this maximum number of certificates when searching for the next - * candidate certificate, it should abort and return an error. This - * parameter is only relevant for ValidateChain if it needs to internally call - * BuildChain (e.g. in order to build the chain to a CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum depth (number of certs) - * is to be stored. Must be non-NULL. - * "pMaxDepth" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_GetMaxDepth( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 *pMaxDepth, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_SetMaxDepth - * DESCRIPTION: - * - * Sets the maximum depth of the ResourceLimits object pointed to by - * "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum - * depth (number of certs) should not be exceeded by the function whose - * ProcessingParams contain this ResourceLimits object (typically ValidateChain - * or BuildChain). If the builder encounters more than this maximum number of - * certificates when searching for the next candidate certificate, it should - * abort and return an Error. This parameter is only relevant for ValidateChain - * if it needs to internally call BuildChain (e.g. in order to build the - * chain to a CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum depth (number of certs) - * is to be set. Must be non-NULL. - * "maxDepth" - * Value of PKIX_UInt32 representing the maximum depth (number of certs) - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_SetMaxDepth( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 maxDepth, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed - * certs that is set in the ResourceLimits object pointed to by "resourceLimits" - * and stores it at "pMaxNumber". This maximum number of traversed certs should - * not be exceeded by the function whose ProcessingParams contain this ResourceLimits - * object (typically ValidateChain or BuildChain). If the builder traverses more - * than this number of certs during the build process, it should abort and - * return an Error. This parameter is only relevant for ValidateChain if it - * needs to internally call BuildChain (e.g. in order to build the chain to a - * CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum number of traversed certs - * is to be stored. Must be non-NULL. - * "pMaxNumber" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_GetMaxNumberOfCerts( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 *pMaxNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts - * DESCRIPTION: - * - * Sets the maximum number of traversed certs of the ResourceLimits object - * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber". - * This maximum number of traversed certs should not be exceeded by the function - * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain - * or BuildChain). If the builder traverses more than this number of certs - * during the build process, it should abort and return an Error. This parameter - * is only relevant for ValidateChain if it needs to internally call BuildChain - * (e.g. in order to build the chain to a CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum number of traversed certs - * is to be set. Must be non-NULL. - * "maxNumber" - * Value of PKIX_UInt32 representing the maximum number of traversed certs - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_SetMaxNumberOfCerts( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 maxNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs - * DESCRIPTION: - * - * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed - * CRLs that is set in the ResourceLimits object pointed to by "resourceLimits" - * and stores it at "pMaxNumber". This maximum number of traversed CRLs should - * not be exceeded by the function whose ProcessingParams contain this ResourceLimits - * object (typically ValidateChain or BuildChain). If the builder traverses more - * than this number of CRLs during the build process, it should abort and - * return an Error. This parameter is only relevant for ValidateChain if it - * needs to internally call BuildChain (e.g. in order to build the chain to a - * CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum number of traversed CRLs - * is to be stored. Must be non-NULL. - * "pMaxNumber" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_GetMaxNumberOfCRLs( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 *pMaxNumber, - void *plContext); - -/* - * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs - * DESCRIPTION: - * - * Sets the maximum number of traversed CRLs of the ResourceLimits object - * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber". - * This maximum number of traversed CRLs should not be exceeded by the function - * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain - * or BuildChain). If the builder traverses more than this number of CRLs - * during the build process, it should abort and return an Error. This parameter - * is only relevant for ValidateChain if it needs to internally call BuildChain - * (e.g. in order to build the chain to a CRL's issuer). - * - * PARAMETERS: - * "resourceLimits" - * Address of ResourceLimits object whose maximum number of traversed CRLs - * is to be set. Must be non-NULL. - * "maxNumber" - * Value of PKIX_UInt32 representing the maximum number of traversed CRLs - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "params" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a ResourceLimits Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ResourceLimits_SetMaxNumberOfCRLs( - PKIX_ResourceLimits *resourceLimits, - PKIX_UInt32 maxNumber, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_PARAMS_H */ diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h deleted file mode 100755 index 32d3a79a4..000000000 --- a/security/nss/lib/libpkix/include/pkix_pl_pki.h +++ /dev/null @@ -1,2695 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines several platform independent functions to - * manipulate certificates and CRLs in a portable manner. - * - */ - -#ifndef _PKIX_PL_PKI_H -#define _PKIX_PL_PKI_H - -#include "pkixt.h" -#include "seccomon.h" -#include "certt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* - * Cert - * - * A Cert represents an X.509 certificate. It can be created using the bytes - * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The - * following functions include accessors (gettors) for the various components - * of an X.509 certificate. Also included are functions to perform various - * checks on a certificate, including name constraints, key usage, validity - * (expiration), and signature verification. - */ - -/* - * FUNCTION: PKIX_PL_Cert_Create - * DESCRIPTION: - * - * Creates a new certificate using the bytes in the ByteArray pointed to by - * "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1 - * DER encoding of a certificate, a PKIX_Error pointer is returned. Once - * created, a Cert is immutable. - * - * Certificate ::= SEQUENCE { - * tbsCertificate TBSCertificate, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * - * TBSCertificate ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * serialNumber CertificateSerialNumber, - * signature AlgorithmIdentifier, - * issuer Name, - * validity Validity, - * subject Name, - * subjectPublicKeyInfo SubjectPublicKeyInfo, - * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - * -- If present, version MUST be v2 or v3 - * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - * -- If present, version MUST be v2 or v3 - * extensions [3] EXPLICIT Extensions OPTIONAL - * -- If present, version MUST be v3 - * } - * - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - * - * CertificateSerialNumber ::= INTEGER - * - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - * - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - * - * UniqueIdentifier ::= BIT STRING - * - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } - * - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - * - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - * - * PARAMETERS: - * "byteArray" - * Address of ByteArray representing the CERT's DER encoding. - * Must be non-NULL. - * "pCert" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_Create( - PKIX_PL_ByteArray *byteArray, - PKIX_PL_Cert **pCert, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate - * DESCRIPTION: - * - * Creates a new certificate using passed in CERTCertificate object. - * - * PARAMETERS: - * "nssCert" - * The object that will be used to create new PKIX_PL_Cert. - * "pCert" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_CreateFromCERTCertificate( - const CERTCertificate *nssCert, - PKIX_PL_Cert **pCert, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetCERTCertificate - * DESCRIPTION: - * - * Returns underlying CERTCertificate structure. Return CERTCertificate - * object is duplicated and should be destroyed by caller. - * - * PARAMETERS: - * "cert" - * Address of PKIX_PL_Cert. Must be non-NULL. - * "pCert" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetCERTCertificate( - PKIX_PL_Cert *cert, - CERTCertificate **pnssCert, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetVersion - * DESCRIPTION: - * - * Retrieves the version of the Cert pointed to by "cert" and stores it at - * "pVersion". The version number will either be 0, 1, or 2 (corresponding to - * v1, v2, or v3, respectively). - * - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - * - * PARAMETERS: - * "cert" - * Address of Cert whose version is to be stored. Must be non-NULL. - * "pVersion" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetVersion( - PKIX_PL_Cert *cert, - PKIX_UInt32 *pVersion, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetSerialNumber - * DESCRIPTION: - * - * Retrieves a pointer to the BigInt that represents the serial number of the - * Cert pointed to by "cert" and stores it at "pSerialNumber". - * - * CertificateSerialNumber ::= INTEGER - * - * PARAMETERS: - * "cert" - * Address of Cert whose serial number is to be stored. Must be non-NULL. - * "pSerial" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSerialNumber( - PKIX_PL_Cert *cert, - PKIX_PL_BigInt **pSerial, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetIssuer - * DESCRIPTION: - * - * Retrieves a pointer to the X500Name that represents the issuer DN of the - * Cert pointed to by "cert" and stores it at "pIssuer". - * - * PARAMETERS: - * "cert" - * Address of Cert whose issuer is to be stored. Must be non-NULL. - * "pIssuer" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetIssuer( - PKIX_PL_Cert *cert, - PKIX_PL_X500Name **pIssuer, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetSubject - * DESCRIPTION: - * - * Retrieves a pointer to the X500Name that represents the subject DN of the - * Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not - * have a subject DN, this function stores NULL at "pSubject". - * - * PARAMETERS: - * "cert" - * Address of Cert whose subject is to be stored. Must be non-NULL. - * "pSubject" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSubject( - PKIX_PL_Cert *cert, - PKIX_PL_X500Name **pSubject, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId - * DESCRIPTION: - * - * Retrieves a pointer to the OID that represents the subject public key - * algorithm of the Cert pointed to by "cert" and stores it at - * "pSubjKeyAlgId". - * - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * - * PARAMETERS: - * "cert" - * Address of Cert whose subject public key algorithm OID is to be stored. - * Must be non-NULL. - * "pSubjKeyAlgId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSubjectPublicKeyAlgId( - PKIX_PL_Cert *cert, - PKIX_PL_OID **pSubjKeyAlgId, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey - * DESCRIPTION: - * - * Retrieves a pointer to the PublicKey that represents the subject public key - * of the Cert pointed to by "cert" and stores it at "pPublicKey". - * - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } - * - * PARAMETERS: - * "cert" - * Address of Cert whose subject public key is to be stored. - * Must be non-NULL. - * "pPublicKey" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSubjectPublicKey( - PKIX_PL_Cert *cert, - PKIX_PL_PublicKey **pPublicKey, - void *plContext); - -/* - * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters - * DESCRIPTION: - * - * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null - * parameters and stores the result at "pNeedsParams". - * - * PARAMETERS: - * "pubKey" - * Address of the Public Key of interest. Must be non-NULL. - * "pNeedsParams" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a PublicKey Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_PublicKey_NeedsDSAParameters( - PKIX_PL_PublicKey *pubKey, - PKIX_Boolean *pNeedsParams, - void *plContext); - -/* - * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey - * DESCRIPTION: - * - * This function is used for DSA key parameter inheritance, which allows a - * first DSA key with omitted parameters (pointed to by "firstKey") to inherit - * the PQG parameters of a second DSA key that does have parameters. (pointed - * to by "secondKey"). Once created, a PublicKey is immutable. - * - * Specifically, the algorithm used by the function is: - * - * If the first PublicKey is not a DSA public key with omitted parameters, - * the function stores NULL at "pResultKey". (No Error is returned) - * Else if the second PublicKey is not a DSA public key with non-NULL, - * parameters, the function returns an Error. - * Else - * the function creates a third PublicKey with a "Y" value from the - * first PublicKey and the DSA parameters from the second PublicKey, - * and stores it at "pResultKey". - * - * PARAMETERS: - * "firstKey" - * Address of a Public Key that needs to inherit DSA parameters. - * Must be non-NULL. - * "secondKey" - * Address of a Public Key that has DSA parameters that will be inherited - * by "firstKey". Must be non-NULL. - * "pResultKey" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a PublicKey Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_PublicKey_MakeInheritedDSAPublicKey( - PKIX_PL_PublicKey *firstKey, - PKIX_PL_PublicKey *secondKey, - PKIX_PL_PublicKey **pResultKey, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs - * DESCRIPTION: - * - * Retrieves a pointer to the List of OIDs (each OID corresponding to a - * critical extension of the Cert pointed to by "cert") and stores it at - * "pExtensions". If "cert" does not have any critical extensions, this - * function stores an empty List at "pExtensions". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "cert" - * Address of Cert whose critical extension OIDs are to be stored. - * Must be non-NULL. - * "pExtensions" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetCriticalExtensionOIDs( - PKIX_PL_Cert *cert, - PKIX_List **pExtensions, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier - * DESCRIPTION: - * - * Retrieves a pointer to a ByteArray representing the authority key - * identifier extension of the Cert pointed to by "cert" and stores it at - * "pAuthKeyId". - * - * Note that this function only retrieves the keyIdentifier component - * (OCTET STRING) of the AuthorityKeyIdentifier extension, when present. - * - * If "cert" does not have an AuthorityKeyIdentifier extension or if the - * keyIdentifier component of the AuthorityKeyIdentifier extension is not - * present, this function stores NULL at "pAuthKeyId". - * - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - * - * PARAMETERS: - * "cert" - * Address of Cert whose authority key identifier is to be stored. - * Must be non-NULL. - * "pAuthKeyId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetAuthorityKeyIdentifier( - PKIX_PL_Cert *cert, - PKIX_PL_ByteArray **pAuthKeyId, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier - * DESCRIPTION: - * - * Retrieves a pointer to a ByteArray representing the subject key identifier - * extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId". - * If "cert" does not have a SubjectKeyIdentifier extension, this function - * stores NULL at "pSubjKeyId". - * - * SubjectKeyIdentifier ::= KeyIdentifier - * - * PARAMETERS: - * "cert" - * Address of Cert whose subject key identifier is to be stored. - * Must be non-NULL. - * "pSubjKeyId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSubjectKeyIdentifier( - PKIX_PL_Cert *cert, - PKIX_PL_ByteArray **pSubjKeyId, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames - * DESCRIPTION: - * - * Retrieves a pointer to the List of GeneralNames (each GeneralName - * representing a subject alternative name found in the subject alternative - * names extension of the Cert pointed to by "cert") and stores it at - * "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames - * extension, this function stores NULL at "pSubjectAltNames". - * - * Note that the List returned by this function is immutable. - * - * SubjectAltName ::= GeneralNames - * - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * PARAMETERS: - * "cert" - * Address of Cert whose subjectAltNames are to be stored. - * Must be non-NULL. - * "pSubjectAltNames" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSubjectAltNames( - PKIX_PL_Cert *cert, - PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames - * DESCRIPTION: - * - * Retrieves a pointer to the List of GeneralNames (each GeneralName - * representing a subject DN or a subject alternative name found in the - * subject alternative names extension of the Cert pointed to by "cert") and - * stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and - * it does not have a SubjectAlternativeNames extension, this function stores - * NULL at "pAllSubjectNames". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "cert" - * Address of Cert whose subject DN and subjectAltNames are to be stored. - * Must be non-NULL. - * "pAllSubjectNames" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetAllSubjectNames( - PKIX_PL_Cert *cert, - PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage - * DESCRIPTION: - * - * Retrieves a pointer to a List of OIDs (each OID corresponding to an - * extended key usage of the Cert pointed to by "cert") and stores it at - * "pKeyUsage". If "cert" does not have an extended key usage extension, this - * function stores a NULL at "pKeyUsage". - * - * Note that the List returned by this function is immutable. - * - * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - * - * KeyPurposeId ::= OBJECT IDENTIFIER - * - * PARAMETERS: - * "cert" - * Address of Cert whose extended key usage OIDs are to be stored. - * Must be non-NULL. - * "pKeyUsage" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetExtendedKeyUsage( - PKIX_PL_Cert *cert, - PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetNameConstraints - * DESCRIPTION: - * - * Retrieves a pointer to a CertNameConstraints object representing the name - * constraints extension of the Cert pointed to by "cert" and stores it at - * "pNameConstraints". - * - * If "cert" does not have a name constraints extension, this function stores - * NULL at "pNameConstraints". - * - * NameConstraints ::= SEQUENCE { - * permittedSubtrees [0] GeneralSubtrees OPTIONAL, - * excludedSubtrees [1] GeneralSubtrees OPTIONAL } - * - * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree - * - * GeneralSubtree ::= SEQUENCE { - * base GeneralName, - * minimum [0] BaseDistance DEFAULT 0, - * maximum [1] BaseDistance OPTIONAL } - * - * BaseDistance ::= INTEGER (0..MAX) - * - * PARAMETERS: - * "cert" - * Address of Cert whose name constraints extension is to be stored. - * Must be non-NULL. - * "pNameConstraints" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetNameConstraints( - PKIX_PL_Cert *cert, - PKIX_PL_CertNameConstraints **pNameConstraints, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetBasicConstraints - * DESCRIPTION: - * - * Retrieves a pointer to a CertBasicConstraints object representing the basic - * constraints extension of the Cert pointed to by "cert" and stores it at - * "pBasicConstraints". - * - * If "cert" does not have a basic constraints extension, this function stores - * NULL at "pBasicConstraints". Once created, a CertBasicConstraints object - * is immutable. - * - * BasicConstraints ::= SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL } - * - * PARAMETERS: - * "cert" - * Address of Cert whose basic constraints extension is to be stored. - * Must be non-NULL. - * "pBasicConstraints" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetBasicConstraints( - PKIX_PL_Cert *cert, - PKIX_PL_CertBasicConstraints **pBasicConstraints, - void *plContext); - -/* - * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag - * DESCRIPTION: - * - * Retrieves a pointer to a Boolean value representing the cA Flag component - * of the CertBasicConstraints object pointed to by "basicConstraints" and - * stores it at "pResult". - * - * BasicConstraints ::= SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL } - * - * PARAMETERS: - * "basicConstraints" - * Address of CertBasicConstraints whose cA Flag is to be stored. - * Must be non-NULL. - * "pResult" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_BasicConstraints_GetCAFlag( - PKIX_PL_CertBasicConstraints *basicConstraints, - PKIX_Boolean *pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint - * DESCRIPTION: - * - * Retrieves a pointer to an integer value representing the pathLenConstraint - * component of the CertBasicConstraints object pointed to by - * "basicConstraints" and stores it at "pPathLenConstraint". If the - * pathLenConstraint component is not present, this function stores -1 at - * "pPathLenConstraint". - * - * PARAMETERS: - * "basicConstraints" - * Address of CertBasicConstraints whose pathLen is to be stored. - * Must be non-NULL. - * "pPathLenConstraint" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_BasicConstraints_GetPathLenConstraint( - PKIX_PL_CertBasicConstraints *basicConstraints, - PKIX_Int32 *pPathLenConstraint, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetPolicyInformation - * DESCRIPTION: - * - * Retrieves a pointer to a List of CertPolicyInfos found in the certificate - * policies extension of the Cert pointed to by "cert" and stores it at - * "pPolicyInfo". If "cert" does not have a certificate policies extension, - * this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo - * object is immutable. - * - * Note that the List returned by this function is immutable. - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * PARAMETERS: - * "cert" - * Address of Cert whose CertPolicyInfos are to be stored. - * Must be non-NULL. - * "pPolicyInfo" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetPolicyInformation( - PKIX_PL_Cert *cert, - PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId - * DESCRIPTION: - * - * Retrieves a pointer to an OID representing the policyIdentifier of the - * CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId". - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * CertPolicyId ::= OBJECT IDENTIFIER - * - * PARAMETERS: - * "policyInfo" - * Address of CertPolicyInfo whose policy identifier is to be stored. - * Must be non-NULL. - * "pCertPolicyId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CertPolicyInfo_GetPolicyId( - PKIX_PL_CertPolicyInfo *policyInfo, - PKIX_PL_OID **pCertPolicyId, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers - * DESCRIPTION: - * - * Retrieves a pointer to a List of the CertPolicyQualifiers representing - * the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and - * stores it at "pPolicyQualifiers". If "policyInfo" does not have any - * policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once - * created, a CertPolicyQualifier is immutable. - * - * Note that the List returned by this function is immutable. - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * PARAMETERS: - * "policyInfo" - * Address of CertPolicyInfo whose policy qualifiers List is to be stored. - * Must be non-NULL. - * "pPolicyQualifiers" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CertPolicyInfo_GetPolQualifiers( - PKIX_PL_CertPolicyInfo *policyInfo, - PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId - * DESCRIPTION: - * - * Retrieves a pointer to an OID representing the policyQualifierId of the - * CertPolicyQualifier pointed to by "policyQualifier" and stores it at - * "pPolicyQualifierId". - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * PolicyQualifierId ::= - * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) - * - * PARAMETERS: - * "policyQualifier" - * Address of CertPolQualifier whose policyQualifierId is to be stored. - * Must be non-NULL. - * "pPolicyQualifierId" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_PolicyQualifier_GetPolicyQualifierId( - PKIX_PL_CertPolicyQualifier *policyQualifier, - PKIX_PL_OID **pPolicyQualifierId, - void *plContext); - -/* - * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier - * DESCRIPTION: - * - * Retrieves a pointer to a ByteArray representing the qualifier of the - * CertPolicyQualifier pointed to by "policyQualifier" and stores it at - * "pQualifier". - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * PARAMETERS: - * "policyQualifier" - * Address of CertPolicyQualifier whose qualifier is to be stored. - * Must be non-NULL. - * "pQualifier" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_PolicyQualifier_GetQualifier( - PKIX_PL_CertPolicyQualifier *policyQualifier, - PKIX_PL_ByteArray **pQualifier, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetPolicyMappings - * DESCRIPTION: - * - * Retrieves a pointer to a List of CertPolicyMaps found in the policy - * mappings extension of the Cert pointed to by "cert" and stores it at - * "pPolicyMappings". If "cert" does not have a policy mappings extension, - * this function stores NULL at "pPolicyMappings". Once created, a - * CertPolicyMap is immutable. - * - * Note that the List returned by this function is immutable. - * - * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { - * issuerDomainPolicy CertPolicyId, - * subjectDomainPolicy CertPolicyId } - * - * PARAMETERS: - * "cert" - * Address of Cert whose CertPolicyMaps are to be stored. - * Must be non-NULL. - * "pPolicyMappings" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetPolicyMappings( - PKIX_PL_Cert *cert, - PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy - * DESCRIPTION: - * - * Retrieves a pointer to an OID representing the issuerDomainPolicy of the - * CertPolicyMap pointed to by "policyMapping" and stores it at - * "pIssuerDomainPolicy". - * - * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { - * issuerDomainPolicy CertPolicyId, - * subjectDomainPolicy CertPolicyId } - * - * PARAMETERS: - * "policyMapping" - * Address of CertPolicyMap whose issuerDomainPolicy is to be stored. - * Must be non-NULL. - * "pIssuerDomainPolicy" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy( - PKIX_PL_CertPolicyMap *policyMapping, - PKIX_PL_OID **pIssuerDomainPolicy, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy - * DESCRIPTION: - * - * Retrieves a pointer to an OID representing the subjectDomainPolicy of the - * CertPolicyMap pointed to by "policyMapping" and stores it at - * "pSubjectDomainPolicy". - * - * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { - * issuerDomainPolicy CertPolicyId, - * subjectDomainPolicy CertPolicyId } - * - * PARAMETERS: - * "policyMapping" - * Address of CertPolicyMap whose subjectDomainPolicy is to be stored. - * Must be non-NULL. - * "pSubjectDomainPolicy" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy( - PKIX_PL_CertPolicyMap *policyMapping, - PKIX_PL_OID **pSubjectDomainPolicy, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy - * DESCRIPTION: - * - * Retrieves the requireExplicitPolicy value of the policy constraints - * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts". - * If "cert" does not have a policy constraints extension or the - * requireExplicitPolicy component is not populated, this function stores -1 - * at "pSkipCerts". - * - * PolicyConstraints ::= SEQUENCE { - * requireExplicitPolicy [0] SkipCerts OPTIONAL, - * inhibitPolicyMapping [1] SkipCerts OPTIONAL } - * - * SkipCerts ::= INTEGER (0..MAX) - * - * PARAMETERS: - * "cert" - * Address of Cert whose requireExplicitPolicy value is to be stored. - * Must be non-NULL. - * "pSkipCerts" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetRequireExplicitPolicy( - PKIX_PL_Cert *cert, - PKIX_Int32 *pSkipCerts, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited - * DESCRIPTION: - * - * Retrieves the inhibitPolicyMapping value of the policy constraints - * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts". - * If "cert" does not have a policy constraints extension or the - * inhibitPolicyMapping component is not populated, this function stores -1 - * at "pSkipCerts". - * - * PolicyConstraints ::= SEQUENCE { - * requireExplicitPolicy [0] SkipCerts OPTIONAL, - * inhibitPolicyMapping [1] SkipCerts OPTIONAL } - * - * SkipCerts ::= INTEGER (0..MAX) - * - * PARAMETERS: - * "cert" - * Address of Cert whose requireExplicitPolicy value is to be stored. - * Must be non-NULL. - * "pSkipCerts" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetPolicyMappingInhibited( - PKIX_PL_Cert *cert, - PKIX_Int32 *pSkipCerts, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy - * DESCRIPTION: - * - * Retrieves the value of the inhibit any-policy extension of the Cert - * pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have - * an inhibit any-policy extension, this function stores -1 at "pSkipCerts". - * - * InhibitAnyPolicy ::= SkipCerts - * - * SkipCerts ::= INTEGER (0..MAX) - * - * PARAMETERS: - * "cert" - * Address of Cert whose inhibit any-policy extensions value is to be - * stored. Must be non-NULL. - * "pSkipCerts" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetInhibitAnyPolicy( - PKIX_PL_Cert *cert, - PKIX_Int32 *pSkipCerts, - void *plContext); - -/* policy processing functions */ - -/* - * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical - * DESCRIPTION: - * - * Checks whether the certificate policies extension of the Cert pointed to - * by "cert" is critical and stores the Boolean result at "pCritical". If - * "cert" does not have a certificate policies extension, this function - * stores NULL at "pCritical". - * - * XXX what distinguishes NULL from PKIX_FALSE? - * - * PARAMETERS: - * "cert" - * Address of Cert whose certificate policies extension's criticality is - * to be determined. Must be non-NULL. - * "pCritical" - * Address where PKIX_Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_AreCertPoliciesCritical( - PKIX_PL_Cert *cert, - PKIX_Boolean *pCritical, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_CheckNameConstraints - * DESCRIPTION: - * - * Checks whether the subject distinguished name and subject alternative names - * of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed - * to by "nameConstraints". If the CertNameConstraints are not satisfied, a - * PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function - * does nothing. - * - * PARAMETERS: - * "cert" - * Address of Cert whose subject names are to be checked. - * Must be non-NULL. - * "nameConstraints" - * Address of CertNameConstraints that need to be satisfied. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_CheckNameConstraints( - PKIX_PL_Cert *cert, - PKIX_PL_CertNameConstraints *nameConstraints, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_MergeNameConstraints - * DESCRIPTION: - * - * Merges the CertNameConstraints pointed to by "firstNC" and the - * CertNameConstraints pointed to by "secondNC" and stores the merged - * CertNameConstraints at "pResultNC". If "secondNC" is NULL, the - * CertNameConstraints pointed to by "firstNC" is stored at "pResultNC". - * - * Once created, a CertNameConstraints object is immutable. - * - * PARAMETERS: - * "firstNC" - * Address of first CertNameConstraints to be merged. Must be non-NULL. - * "secondNC" - * Address of second CertNameConstraints to be merged - * "pResultNC" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_MergeNameConstraints( - PKIX_PL_CertNameConstraints *firstNC, - PKIX_PL_CertNameConstraints *secondNC, - PKIX_PL_CertNameConstraints **pResultNC, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage - * DESCRIPTION: - * - * Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the - * keyUsage extension of the Cert pointed to by "cert". The keyUsage bit - * values specified in pkixt.h are supported, and can be bitwise or'ed if - * multiple bit values are to be verified. If the keyUsages do not all appear - * in the keyUsage extension of "cert", a PKIX_Error pointer is returned. - * - * KeyUsage ::= BIT STRING { - * digitalSignature (0), - * nonRepudiation (1), - * keyEncipherment (2), - * dataEncipherment (3), - * keyAgreement (4), - * keyCertSign (5), - * cRLSign (6), - * encipherOnly (7), - * decipherOnly (8) } - * - * PARAMETERS: - * "cert" - * Address of Cert whose keyUsage bits are to be verified. - * Must be non-NULL. - * "keyUsage" - * Constant representing keyUsage bit(s) that all must appear in keyUsage - * extension of "cert". - * "plContext" - Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_VerifyKeyUsage( - PKIX_PL_Cert *cert, - PKIX_UInt32 keyUsage, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType - * DESCRIPTION: - * - * Verifies cert and key types against certificate usage that is - * a part of plContext(pkix_pl_nsscontext) structure. Throws an error - * if cert or key types does not match. - * - * PARAMETERS: - * "cert" - * Address of Cert whose keyUsage bits are to be verified. - * Must be non-NULL. - * "isLeafCert" - * What type of a cert has been verified. - * "plContext" - Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_VerifyCertAndKeyType( - PKIX_PL_Cert *cert, - PKIX_Boolean isChainCert, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_CheckValidity - * DESCRIPTION: - * - * Checks whether the Cert pointed to by "cert" would be valid at the time - * represented by the Date pointed to by "date". If "date" is NULL, then this - * function checks whether the Cert would be valid at the current time. If the - * Cert would not be valid at the specified Date, a PKIX_Error pointer is - * returned. - * - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - * - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - * - * PARAMETERS: - * "cert" - * Address of Cert whose validity is to be checked. Must be non-NULL. - * "date" - * Address of Date at which the Cert is being checked for validity. - * If NULL, the current time is used for the Date. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_CheckValidity( - PKIX_PL_Cert *cert, - PKIX_PL_Date *date, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter - * DESCRIPTION: - * - * Retrieves a pointer to the Date that represents the notAfter time of the - * Certificate pointed to by "cert" and stores it at "pDate". - * - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - * - * PARAMETERS: - * "cert" - * Address of Cert whose validity time is to be retrieved. Must be - * non-NULL. - * "date" - * Address of Date at which the Cert's notAfter time is being retrieved. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetValidityNotAfter( - PKIX_PL_Cert *cert, - PKIX_PL_Date **pDate, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_VerifySignature - * DESCRIPTION: - * - * Verifies the signature on the Cert pointed to by "cert" using the - * PublicKey pointed to by "pubKey". If the signature doesn't verify, an - * Error pointer is returned. - * - * PARAMETERS: - * "cert" - * Address of Cert whose signature is to be verified. Must be non-NULL. - * "pubKey" - * Address of a Public Key used to verify the signature. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_VerifySignature( - PKIX_PL_Cert *cert, - PKIX_PL_PublicKey *pubKey, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_IsCertTrusted - * DESCRIPTION: - * - * Checks the Cert specified by "cert" to determine, in a manner that depends - * on the underlying platform, whether it is trusted, and stores the result in - * "pTrusted". If a certificate is trusted it means that a chain built to that - * certificate, and satisfying all the usage, policy, validity, and other - * tests, is a valid chain and the End Entity certificate from which it was - * built can be trusted. - * - * If the Certificate is not intrinsically trustworthy, it still might end up a - * component in a successful chain. - * - * PARAMETERS - * "cert" - * Address of Cert whose trustworthiness is to be determined. Must be - * non-NULL. - * "trustOnlyUserAnchors" - * States that we can only trust explicitly defined user trust anchors. - * "pTrusted" - * Address where the Boolean value will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CERT Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_IsCertTrusted( - PKIX_PL_Cert *cert, - PKIX_Boolean trustOnlyUserAnchors, - PKIX_Boolean *pTrusted, - void *plContext); - -/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */ -PKIX_Error* -PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetCacheFlag - * DESCRIPTION: - * - * Retrieves the value of the cache flag in "cert" and return it at address - * pointed by "pCacheFlag". The initila cache flag is determined by the - * CertStore this "cert" is fetched from. When CertStore is created, user - * need to specify if the data should be cached. - * - * PARAMETERS: - * "cert" - * Address of Cert whose cache flag is fetched. Must be non-NULL. - * "pCacheFlag" - * Address where PKIX_Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetCacheFlag( - PKIX_PL_Cert *cert, - PKIX_Boolean *pCacheFlag, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_SetCacheFlag - * DESCRIPTION: - * - * Set the value of the cache flag in "cert" base on the boolean value stored - * at "cacheFlag". This function is meant to be used by CertStore after a - * Cert is created. - * - * PARAMETERS: - * "cert" - * Address of Cert where "cacheFlag" is stored. Must be non-NULL. - * "cacheFlag" - * PKIX_Boolean flag for cache flag. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_SetCacheFlag( - PKIX_PL_Cert *cert, - PKIX_Boolean cacheFlag, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_GetTrustCertStore - * DESCRIPTION: - * - * Retrieves the value of the CertStore in "cert" and return it at address - * pointed by "pCertStore". - * - * PARAMETERS: - * "cert" - * Address of Cert whose CertStore is fetched. Must be non-NULL. - * "pTrustCertStore" - * Address where CertStore will be stored and returned. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetTrustCertStore( - PKIX_PL_Cert *cert, - PKIX_CertStore **pTrustCertStore, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Cert_SetTrustCertStore - * DESCRIPTION: - * - * Set the value of the CertStore "certStore" in "cert". - * - * PARAMETERS: - * "cert" - * Address of Cert where "certStore" will be stored. Must be non-NULL. - * "trustCertStore" - * Address where the CertStore is. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_SetTrustCertStore( - PKIX_PL_Cert *cert, - PKIX_CertStore *trustCertStore, - void *plContext); - - -/* - * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess - * DESCRIPTION: - * - * Retrieves the value(s) of the Authority Information Access in "cert" and - * returns it in a list at address pointed by "pAuthorityInfoAccess". - * - * SubjectInfoAccess ::= - * SEQUENCE SIZE (1..MAX) of AccessDescription - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName - * } - * - * PARAMETERS: - * "cert" - * Address of Cert whose Authority Information Access is fetched. - * Must be non-NULL. - * "pAuthorityInfoAccess" - * Address where Authority InfoAccess will be stored and returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetAuthorityInfoAccess( - PKIX_PL_Cert *cert, - PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */ - void *plContext); - - -/* - * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess - * DESCRIPTION: - * - * Retrieves the value(s) of the Subject Information Access in "cert" and - * returns it in a list at address pointed by "pSubjectInfoAccess". - * - * SubjectInfoAccess ::= - * SEQUENCE SIZE (1..MAX) of AccessDescription - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName - * } - * - * PARAMETERS: - * "cert" - * Address of Cert whose Subject Information Access is fetched. - * Must be non-NULL. - * "pSubjectInfoAccess" - * Address where Subject InfoAccess will be stored and returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetSubjectInfoAccess( - PKIX_PL_Cert *cert, - PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */ - void *plContext); - - - -/* - * FUNCTION: PKIX_PL_Cert_GetCrlDp - * DESCRIPTION: - * - * Retrieves the value(s) of the CRL Distribution Point Extension and - * returns it in a list at address pointed by "pDpList". - * - * PARAMETERS: - * "cert" - * Address of Cert whose Subject Information Access is fetched. - * Must be non-NULL. - * "pDpList" - * Address where CRL DP will be stored and returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert, - PKIX_List **pDpList, - void *plContext); - - -/* - * InfoAccess - * - * To hold Authority Information Access or Subject Information Access - * retrieved from a Certificate. - */ - -#define PKIX_INFOACCESS_OCSP 1 -#define PKIX_INFOACCESS_CA_ISSUERS 2 -#define PKIX_INFOACCESS_TIMESTAMPING 3 -#define PKIX_INFOACCESS_CA_REPOSITORY 5 - -#define PKIX_INFOACCESS_LOCATION_UNKNOWN 0 -#define PKIX_INFOACCESS_LOCATION_HTTP 1 -#define PKIX_INFOACCESS_LOCATION_LDAP 2 - -/* - * FUNCTION: PKIX_PL_InfoAccess_GetMethod - * DESCRIPTION: - * - * Stores the method of the Information Access from "infoAccess" and - * returns in "pMethod". - * - * SubjectInfoAccess ::= - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName - * } - * - * PARAMETERS: - * "infoAccess" - * Address of PKIX_PL_InfoAccess that has the access data. - * Must be non-NULL. - * "pMethod" - * Address where access method will be stored and returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_InfoAccess_GetMethod( - PKIX_PL_InfoAccess *infoAccess, - PKIX_UInt32 *pMethod, - void *plContext); - -/* - * FUNCTION: PKIX_PL_InfoAccess_GetLocation - * DESCRIPTION: - * - * Stores the location of the Information Access from "infoAccess" and - * returns in "pLocation". - * - * SubjectInfoAccess ::= - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName - * } - * - * PARAMETERS: - * "infoAccess" - * Address of PKIX_PL_InfoAccess that has the access data. - * Must be non-NULL. - * "pLocation" - * Address where access location will be stored and returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_InfoAccess_GetLocation( - PKIX_PL_InfoAccess *infoAccess, - PKIX_PL_GeneralName **pLocation, - void *plContext); - -/* - * FUNCTION: PKIX_PL_InfoAccess_GetLocationType - * DESCRIPTION: - * - * Stores the type of location of the Information Access from "infoAccess" and - * returns in "pType". - * - * SubjectInfoAccess ::= - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName - * } - * - * PARAMETERS: - * "infoAccess" - * Address of PKIX_PL_InfoAccess that has the access data. - * Must be non-NULL. - * "pType" - * Address where access location type will be stored and returned. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Cert Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_InfoAccess_GetLocationType( - PKIX_PL_InfoAccess *infoAccess, - PKIX_UInt32 *pType, - void *plContext); - -PKIX_Error * -pkix_pl_InfoAccess_GetAIACerts( - PKIX_PL_InfoAccess *ia, - void **pNBIOContext, - void **pHandle, - PKIX_List **pCerts, - void *plContext); - -/* - * CRL - * - * A CRL represents an X.509 certificate revocation list. It can be created - * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is - * immutable. The following functions include accessors (gettors) for the - * various components of an X.509 CRL, as well as a function for signature - * verification. - */ - -/* - * FUNCTION: PKIX_PL_CRL_Create - * DESCRIPTION: - * - * Creates a new CRL using the bytes in the ByteArray pointed to by - * "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1 - * DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a - * CRL is immutable. - * - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - * - * TBSCertList ::= SEQUENCE { - * version Version OPTIONAL, - * -- if present, MUST be v2 - * signature AlgorithmIdentifier, - * issuer Name, - * thisUpdate Time, - * nextUpdate Time OPTIONAL, - * revokedCertificates SEQUENCE OF SEQUENCE { - * userCertificate CertificateSerialNumber, - * revocationDate Time, - * crlEntryExtensions Extensions OPTIONAL - * -- if present, MUST be v2 - * } OPTIONAL, - * crlExtensions [0] EXPLICIT Extensions OPTIONAL - * -- if present, MUST be v2 - * } - * - * PARAMETERS: - * "byteArray" - * Address of ByteArray representing the CRL's DER encoding. - * Must be non-NULL. - * "pCRL" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_Create( - PKIX_PL_ByteArray *byteArray, - PKIX_PL_CRL **pCRL, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_GetIssuer - * DESCRIPTION: - * - * Retrieves a pointer to the X500Name that represents the issuer of the CRL - * pointed to by "crl" and stores it at "pCRLIssuer". - * - * PARAMETERS: - * "crl" - * Address of CRL whose issuer is to be stored. Must be non-NULL. - * "pCRLIssuer" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_GetIssuer( - PKIX_PL_CRL *crl, - PKIX_PL_X500Name **pCRLIssuer, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs - * DESCRIPTION: - * - * Retrieves a pointer to the List of OIDs (each OID corresponding to a - * critical extension of the CRL pointed to by "crl") and stores it at - * "pExtensions". If "crl" does not have any critical extensions, this - * function stores an empty List at "pExtensions". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "crl" - * Address of CRL whose critical extension OIDs are to be stored. - * Must be non-NULL. - * "pExtensions" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_GetCriticalExtensionOIDs( - PKIX_PL_CRL *crl, - PKIX_List **pExtensions, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber - * DESCRIPTION: - * - * Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl") - * corresponding to the BigInt pointed to by "serialNumber" and stores it at - * "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at - * "pCRLEntry". Once created, a CRLEntry is immutable. - * - * PARAMETERS: - * "crl" - * Address of CRL whose CRL Entries are to be searched. Must be non-NULL. - * "serialNumber" - * Address of BigInt representing serial number of certificate whose - * CRLEntry is to be found. Must be non-NULL. - * "pCRLEntry" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_GetCRLEntryForSerialNumber( - PKIX_PL_CRL *crl, - PKIX_PL_BigInt *serialNumber, - PKIX_PL_CRLEntry **pCRLEntry, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_GetCRLNumber - * DESCRIPTION: - * Retrieves the CRL Number from extension. This is non-critical extension. - * - * PARAMETERS: - * "crl" - * Address of CRL whose version is to be stored. Must be non-NULL. - * "pCrlNumber" - * Address where a CRL Number will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_GetCRLNumber( - PKIX_PL_CRL *crl, - PKIX_PL_BigInt **pCrlNumber, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime - * DESCRIPTION: - * - * Checks whether the CRL pointed to by "crl" would be valid at the time - * represented by the Date pointed to by "date" and stores the Boolean result - * at "pResult". This check is done only when NIST policy is enforced. - * - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - * - * PARAMETERS: - * "crl" - * Address of CRL whose validity is to be checked. Must be non-NULL. - * "date" - * Address of Date at which the CRL is being checked for validity. - * Must be non-NULL. - * "pResult" - * Address of Boolean result. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_VerifyUpdateTime( - PKIX_PL_CRL *crl, - PKIX_PL_Date *date, - PKIX_Boolean *pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_VerifySignature - * DESCRIPTION: - * - * Verifies the signature on the CRL pointed to by "crl" using the PublicKey - * pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error - * pointer is returned. - * - * PARAMETERS: - * "crl" - * Address of CRL whose signature is to be verified. Must be non-NULL. - * "pubKey" - * Address of a Public Key used to verify the signature. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_VerifySignature( - PKIX_PL_CRL *crl, - PKIX_PL_PublicKey *pubKey, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRL_ReleaseDerCrl - * DESCRIPTION: - * - * Relinguish the ownership for the crl der. The operation will succeed if - * a crl owns the der. If the crl was created from existing crl and does not - * own the der, then the function will return null. - * - * PARAMETERS: - * "crl" - * Address of CRL whose signature is to be verified. Must be non-NULL. - * "derCrl" - * Pointer to a SECItem that has der crl. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl, - SECItem **derCrl, - void *plContext); -/* - * FUNCTION: PKIX_PL_CRL_AdoptDerCrl - * DESCRIPTION: - * - * Adopt memory of the der. The secItem that contains der will be - * freed with destruction of parent pkix crl structure. - * - * * PARAMETERS: - * "crl" - * Address of CRL whose signature is to be verified. Must be non-NULL. - * "derCrl" - * Pointer to a SECItem that has der crl. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl, - SECItem *derCrl, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode - * DESCRIPTION: - * - * Retrieves the value of the reason code extension of the CRLEntry pointed - * to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no - * reason code extension, this function stores -1 at "pReason". - * - * CRLReason ::= ENUMERATED { - * unspecified (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6), - * removeFromCRL (8), - * privilegeWithdrawn (9), - * aACompromise (10) } - * - * PARAMETERS: - * "crlEntry" - * Address of CRLEntry whose reason code bit values are to be returned - * at "pReason". Must be non-NULL. - * "pReason" - * Address of PKIX_Int32 where reason code is stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRLEntry_GetCRLEntryReasonCode( - PKIX_PL_CRLEntry *crlEntry, - PKIX_Int32 *pReason, - void *plContext); - -/* - * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs - * DESCRIPTION: - * - * Retrieves a pointer to the List of OIDs (each OID corresponding to a - * critical extension of the CRLEntry pointed to by "crlEntry") and stores it - * at "pExtensions". If "crlEntry" does not have any critical extensions, this - * function stores an empty List at "pExtensions". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "crlEntry" - * Address of CRLEntry whose critical extension OIDs are to be stored. - * Must be non-NULL. - * "pExtensions" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CRL Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CRLEntry_GetCriticalExtensionOIDs( - PKIX_PL_CRLEntry *crlEntry, - PKIX_List **pExtensions, /* list of PKIX_PL_OID */ - void *plContext); - -#ifdef BUILD_LIBPKIX_TESTS -/* - * FUNCTION: PKIX_PL_X500Name_Create - * DESCRIPTION: - * - * Creates a new X500Name using the UTF8 string representation pointed to by - * "stringRep" and stores it at "pName". Once created, an X500Name is - * immutable. - * - * Name ::= CHOICE { - * RDNSequence } - * - * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - * - * RelativeDistinguishedName ::= - * SET OF AttributeTypeAndValue - * - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - * - * DirectoryString ::= CHOICE { - * teletexString TeletexString (SIZE (1..MAX)), - * printableString PrintableString (SIZE (1..MAX)), - * universalString UniversalString (SIZE (1..MAX)), - * utf8String UTF8String (SIZE (1..MAX)), - * bmpString BMPString (SIZE (1..MAX)) } - * - * PARAMETERS: - * "stringRep" - * Address of UTF8 String representation of X500Name. Must be non-NULL. - * "pName" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an X500Name Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_X500Name_Create ( - PKIX_PL_String *stringRep, - PKIX_PL_X500Name **pName, - void *plContext); - -#endif /* BUILD_LIBPKIX_TESTS */ - -/* - * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName - * DESCRIPTION: - * - * The function creates x500Name using der encoded DN and/or pointer to - * CERTName. If arument "name" is NULL, but derName is supplied when - * the function generates nssDN(CERTName type) from der data. If derName - * is not supplied, CERTName *name will not be used to generate DN DER - * encoding. - * - * PARAMETERS: - * "derName" - * Address of DER representation of X500Name. Can be NULL - * "name" - * Address of CERTName representation of X500Name. Can be NULL - * "pName" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an X500Name Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_X500Name_CreateFromCERTName( - SECItem *derName, - CERTName *name, - PKIX_PL_X500Name **pName, - void *plContext); - - -/* - * TYPE: PKIX_PL_X500Name_Match - * DESCRIPTION: - * Checks whether the X500Name pointed to by "firstX500Name" MATCHES the - * X500Name pointed to by "secondX500Name" and stores the boolean result at - * "pResult". Two X500Names MATCH if they meet the conditions specified by - * RFC 3280 (section 4.1.2.4). Namely: - * - * "This specification requires only a subset of the name comparison - * functionality specified in the X.500 series of specifications. - * Conforming implementations are REQUIRED to implement the following - * name comparison rules: - * - * (a) attribute values encoded in different types (e.g., PrintableString - * and BMPString) MAY be assumed to represent different strings; - * - * (b) attribute values in types other than PrintableString are case - * sensitive (this permits matching of attribute values as binary objects) - * - * (c) attribute values in PrintableString are not case sensitive - * (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and - * - * (d) attribute values in PrintableString are compared after removing - * leading and trailing white space and converting internal substrings of - * one or more consecutive white space characters to a single space." - * - * PARAMETERS: - * "firstX500Name" - * Address of first X500Name to compare. Must be non-NULL. - * "secondX500Name" - * Address of second X500Name to compare. Must be non-NULL. - * "pResult" - * Address of Boolean result. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an X500Name Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_X500Name_Match( - PKIX_PL_X500Name *firstX500Name, - PKIX_PL_X500Name *secondX500Name, - PKIX_Boolean *pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Date_Create_UTCTime - * DESCRIPTION: - * Creates a new Date of type UTCTime using the string representation pointed - * to by "stringRep" and stores it at "pDate". The UTCTime restriction means - * that the year can only be specified by the least significant two digits - * (YY). As such, Only the years 1950-2049 can be represented. If "stringRep" - * is NULL, this function creates a new Date representing the current time - * and stores it at "pDate". Once created, a Date is immutable. - * - * If YY is greater than or equal to 50, the year is interpreted as 19YY. - * If YY is less than 50, the year is interpreted as 20YY. - * - * The string representation of the date must be in the following form: - * "YYMMDDhhmmssZ" where: - * - * YY is the least significant two digits of the year - * MM is the month (01 to 12) - * DD is the day (01 to 31) - * hh is the hour (00 to 23) - * mm are the minutes (00 to 59) - * ss are the seconds (00 to 59) - * Z indicates that local time is GMT - * - * PARAMETERS: - * "stringRep" - * Address of String representation of Date. - * If NULL, current time is used. - * "pDate" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Date Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Date_Create_UTCTime ( - PKIX_PL_String *stringRep, - PKIX_PL_Date **pDate, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Date_Create_UTCTime - * DESCRIPTION: - * Creates a new Date from PRTime data. - * - * PARAMETERS: - * "time" - * Represented time in PRTime type. - * "pDate" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Date Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Date_CreateFromPRTime( - PRTime time, - PKIX_PL_Date **pDate, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds - * DESCRIPTION: - * Creates a new Date of type UTCTime for current time with seconds off by - * "secondsOffset" and returns it at "pDate". - * - * PARAMETERS: - * "secondsOffset" - * A PKIX_Int32 indicates the time offset from current. If "secondsOffset" - * is negative, the time is in past. - * "pDate" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Date Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Date_Create_CurrentOffBySeconds( - PKIX_Int32 secondsOffset, - PKIX_PL_Date **pDate, - void *plContext); - -#ifdef BUILD_LIBPKIX_TESTS -/* - * FUNCTION: PKIX_PL_GeneralName_Create - * DESCRIPTION: - * - * Creates a new GeneralName of type "nameType" using the string - * representation pointed to by "stringRep" and stores it at "pGName". - * All of the GeneralName type format values specified in pkixt.h are - * supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME, - * PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation - * should be used for all supported nameTypes, with the exception of - * registeredID and directoryName. For registeredID, the string representation - * should be the same as that used by PKIX_PL_OID_Create. For directoryName, - * the string representation should be the same as that used by - * PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is - * returned. Once created, a GeneralName is immutable. - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * - * NOTE: This function is allowed to be called only by pkix tests programs. - * - * PARAMETERS: - * "nameType" - * Type of GeneralName to be created. This must be one of the GeneralName - * type format values specified in pkixt.h - * "stringRep" - * Address of String representation of GeneralName. Must be non-NULL. - * "pGName" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a GeneralName Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_GeneralName_Create ( - PKIX_UInt32 nameType, - PKIX_PL_String *stringRep, - PKIX_PL_GeneralName **pGName, - void *plContext); -#endif /* BUILD_LIBPKIX_TESTS */ - -/* - * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace - * DESCRIPTION: - * - * This function checks whether names in "nameList" comply with - * "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the - * requirement of the NameConstraints, PKIX_FALSE otherwise. - * - * PARAMETERS - * "nameList" - * List of GeneralNames that are checked for compliance. May be empty - * or NULL. - * "nameConstraints" - * Address of CertNameConstraints that provides lists of permitted - * and excluded names. Must be non-NULL. - * "pCheckPass" - * Address where PKIX_TRUE is returned if the all names in "nameList" are - * valid. Must be non-NULL. - * "plContext" - Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a NameConstraints Error if the function fails in a - * non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CertNameConstraints_CheckNamesInNameSpace( - PKIX_List *nameList, /* List of PKIX_PL_GeneralName */ - PKIX_PL_CertNameConstraints *nameConstraints, - PKIX_Boolean *pCheckPass, - void *plContext); - -/* - * FUNCTION: PKIX_PL_AIAMgr_Create - * DESCRIPTION: - * - * This function creates an AIAMgr to handle retrieval of Certs and CRLs - * from servers given by AIA Certificate extensions. It manages connections - * and caches. The manager created is stored at "pAIAMgr". - * - * PARAMETERS: - * "pAIAMgr" - * The address at which the result is stored. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an AIAMgr Error if the function fails in a non-fatal way - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_AIAMgr_Create( - PKIX_PL_AIAMgr **pAIAMgr, - void *plContext); - -/* - * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts - * DESCRIPTION: - * - * This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs - * specified by an AIA certificate extension, if any, in the Cert pointed to by - * "prevCert", storing the results at "pCerts". If the certificate has no such - * extension, this function stores NULL at "pCerts". - * - * If the request is suspended for non-blocking I/O, a platform-dependent - * context is stored at "pNBIOContext" and NULL is stored at "pCerts". This - * return is referred to as the WOULDBLOCK state. Note that the caller must - * check for a non-NULL value at "pNBIOContext", to distinguish this state from - * the "no such extension" return described in the first paragraph. (The - * alternative would be to return an empty List, but it seemed wrong to incur - * the overhead of creating and destroying an empty List for the most common - * situation.) - * - * After a WOULDBLOCK return, the user may continue the operation by calling - * pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again - * returns in the WOULDBLOCK state) with the previously-returned non-NULL - * value of "pNBIOContext". When results are complete, NULL is stored at - * "pNBIOContext", and the results (which may be NULL) are stored at "pCerts". - * - * PARAMETERS: - * "aiaMgr" - * The AIAMgr which controls the retrieval of certificates. Must be - * non-NULL. - * "prevCert" - * Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must - * be non-NULL. - * "pNBIOContext" - * Address at which platform-dependent information is returned if request - * is suspended for non-blocking I/O. Must be non-NULL. - * "pCerts" - * Address at which the returned List is stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an AIAMgr Error if the function fails in a non-fatal way - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_AIAMgr_GetAIACerts( - PKIX_PL_AIAMgr *aiaMgr, - PKIX_PL_Cert *prevCert, - void **pNBIOContext, - PKIX_List **pCerts, - void *plContext); - -typedef PKIX_Error * -(*PKIX_PL_VerifyCallback)( - PKIX_PL_Object *signedObject, - PKIX_PL_Cert *signerCert, /* can be unknown */ - PKIX_PL_Date *producedAt, - PKIX_ProcessingParams *procParams, - void **pNBIOContext, - void **pState, - PKIX_BuildResult **pBuildResult, - PKIX_VerifyNode **pVerifyTree, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_PL_PKI_H */ diff --git a/security/nss/lib/libpkix/include/pkix_pl_system.h b/security/nss/lib/libpkix/include/pkix_pl_system.h deleted file mode 100755 index 053942a22..000000000 --- a/security/nss/lib/libpkix/include/pkix_pl_system.h +++ /dev/null @@ -1,1578 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines several platform independent functions to make system - * calls in a portable manner. - * - */ - -#ifndef _PKIX_PL_SYSTEM_H -#define _PKIX_PL_SYSTEM_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* - * FUNCTION: PKIX_PL_Initialize - * DESCRIPTION: - * - * XXX If this function is really only meant to be used by PKIX_Initialize, - * why don't we just put it in a private header file rather than the public - * API. I think it may confuse users. - * - * This function should NOT be called by applications. It is only meant to - * be used internally. The application needs only to call PKIX_Initialize, - * which in turn will call this function. - * - * This function initializes data structures critical to the operation of - * libpkix. If initialization is not successful, an Error pointer is - * returned. This function should only be called once. If it is called more - * than once, the behavior is undefined. - * - * No PKIX_* types and functions should be used before this function is - * called and returns successfully. - * - * PARAMETERS: - * "platformInitNeeded" - * Boolean indicating whether platform initialization is to be called - * "useArenas" - * Boolean indicating whether allocation is to be done using arenas or - * individual allocation (malloc). - * "pPlContext" - * Address at which platform-specific context pointer is stored. Must be - * non-NULL. - * THREAD SAFETY: - * Not Thread Safe - * - * This function assumes that no other thread is calling this function while - * it is executing. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Initialize( - PKIX_Boolean platformInitNeeded, - PKIX_Boolean useArenas, - void **pPlContext); - -/* - * FUNCTION: PKIX_PL_Shutdown - * DESCRIPTION: - * - * XXX If this function is really only meant to be used by PKIX_Shutdown, - * why don't we just put it in a private header file rather than the public - * API. I think it may confuse users. - * - * This function should NOT be called by applications. It is only meant to - * be used internally. The application needs only to call PKIX_Shutdown, - * which in turn will call this function. - * - * This function deallocates any memory used by the Portability Layer (PL) - * component of the libpkix library and shuts down any ongoing operations. - * This function should only be called once. If it is called more than once, - * the behavior is undefined. - * - * No PKIX_* types and functions should be used after this function is called - * and returns successfully. - * - * PARAMETERS: - * "platformInitNeeded" - * Boolean value of whether PKIX initialized NSS: PKIX_TRUE if we - * called nssInit, PKIX_FALSE otherwise - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - * - * This function makes use of global variables and should only be called once. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Shutdown(void *plContext); - -/* standard memory management operations (not reference-counted) */ - -/* - * FUNCTION: PKIX_PL_Malloc - * DESCRIPTION: - * - * Allocates a block of "size" bytes. The bytes are not initialized. A - * pointer to the newly allocated memory will be stored at "pMemory". The - * memory allocated by PKIX_PL_Malloc() may only be freed by PKIX_PL_Free(). - * If "size" equals zero, this function stores NULL at "pMemory". - * - * PARAMETERS: - * "size" - * Number of bytes to allocate. - * "pMemory" - * Address where newly allocated pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on underlying thread safety of platform used by PL. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Malloc( - PKIX_UInt32 size, - void **pMemory, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Calloc - * DESCRIPTION: - * - * Allocates memory for an array of "nElem" elements, with each element - * requiring "elSize" bytes, and with all the bits initialized to zero. A - * pointer to the newly allocated memory will be stored at "pMemory". The - * memory allocated by PKIX_PL_Calloc() may only be freed by PKIX_PL_Free(). - * If "nElem" equals zero or "elSize" equals zero, this function stores NULL - * at "pMemory". - * - * PARAMETERS: - * "nElem" - * Number of elements needed. - * "elSize" - * Number of bytes needed per element. - * "pMemory" - * Address where newly allocated pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on underlying thread safety of platform used by PL. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Calloc( - PKIX_UInt32 nElem, - PKIX_UInt32 elSize, - void **pMemory, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Realloc - * DESCRIPTION: - * - * Resizes an existing block of memory (pointed to by "ptr") to "size" bytes. - * Stores a pointer to the resized memory at "pNewPtr". The "ptr" must - * originate from either PKIX_PL_Malloc(), PKIX_PL_Realloc(), or - * PKIX_PL_Calloc(). If "ptr" is NULL, this function behaves as if - * PKIX_PL_Malloc were called. If "ptr" is not NULL and "size" equals zero, - * the memory pointed to by "ptr" is deallocated and this function stores - * NULL at "pPtr". - * - * PARAMETERS: - * "ptr" - * A pointer to an existing block of memory. - * "size" - * New size in bytes. - * "pPtr" - * Address where newly allocated pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on underlying thread safety of platform used by PL. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Realloc( - void *ptr, - PKIX_UInt32 size, - void **pNewPtr, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Free - * DESCRIPTION: - * - * Frees a block of memory pointed to by "ptr". This value must originate with - * either PKIX_PL_Malloc(), PKIX_PL_Calloc, or PKIX_PL_Realloc(). If "ptr" is - * NULL, the function has no effect. - * - * PARAMETERS: - * "ptr" - * A pointer to an existing block of memory. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on underlying thread safety of platform used by PL. - * RETURNS: - * Returns NULL always. - */ -PKIX_Error * -PKIX_PL_Free( - void *ptr, - void *plContext); - -/* Callback Types - * - * The next few typedefs define function pointer types for the standard - * functions associated with every object type. See the Implementation - * Guidelines or the comments below for more information. - */ - -/* - * TYPE: PKIX_PL_DestructorCallback - * DESCRIPTION: - * - * This callback function destroys (or DecRef's) any pointers contained in - * the user data for the Object pointed to by "object" before the Object is - * destroyed. - * - * PARAMETERS: - * "object" - * Address of Object to destroy. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts (as long as they're not operating on the same - * object and nobody else is performing an operation on the object at the - * same time). Both of these conditions should be guaranteed by the fact that - * the object's ref count was reduced to 0 in a lock that's still held when - * this callback is called. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_PL_DestructorCallback)( - PKIX_PL_Object *object, - void *plContext); - -/* - * TYPE: PKIX_PL_EqualsCallback - * DESCRIPTION: - * - * This callback function compares the Object pointed to by "firstObject" with - * the Object pointed to by "secondObject" for equality and stores the result - * at "pResult" (PKIX_TRUE if equal; PKIX_FALSE if not). - * - * PARAMETERS: - * "firstObject" - * Address of first object to compare. Must be non-NULL. - * "secondObject" - * Address of second object to compare. Must be non-NULL. - * "pResult" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_PL_EqualsCallback)( - PKIX_PL_Object *firstObject, - PKIX_PL_Object *secondObject, - PKIX_Boolean *pResult, - void *plContext); - -/* - * TYPE: PKIX_PL_HashcodeCallback - * DESCRIPTION: - * - * This callback function computes the hashcode of the Object pointed to by - * "object" and stores the result at "pValue". - * - * PARAMETERS: - * "object" - * Address of Object whose hashcode is desired. Must be non-NULL. - * "pValue" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_PL_HashcodeCallback)( - PKIX_PL_Object *object, - PKIX_UInt32 *pValue, - void *plContext); - -/* - * TYPE: PKIX_PL_ToStringCallback - * DESCRIPTION: - * - * This callback function converts the Object pointed to by "object" to a - * string representation and stores the result at "pString". - * - * PARAMETERS: - * "object" - * Object to get a string representation from. Must be non-NULL. - * "pString" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_PL_ToStringCallback)( - PKIX_PL_Object *object, - PKIX_PL_String **pString, - void *plContext); - -/* - * TYPE: PKIX_PL_ComparatorCallback - * DESCRIPTION: - * - * This callback function determines how the Object pointed to by - * "firstObject" compares to the Object pointed to by "secondObject" and - * stores the result at "pResult". - * - * Result is less than 0 if firstObject < secondObject - * Result equals 0 if firstObject = secondObject - * Result is greater than 0 if firstObject > secondObject - * - * PARAMETERS: - * "firstObject" - * Address of the first Object to compare. Must be non-NULL. - * "secondObject" - * Address of the second Object to compare. Must be non-NULL. - * "pResult" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_PL_ComparatorCallback)( - PKIX_PL_Object *firstObject, - PKIX_PL_Object *secondObject, - PKIX_Int32 *pResult, - void *plContext); - -/* - * TYPE: PKIX_PL_DuplicateCallback - * DESCRIPTION: - * - * This callback function creates a copy of the Object pointed to by "object" - * and stores it at "pNewObject". Changes to the copy will not affect the - * original and vice versa. - * - * Note that if "object" is immutable, the Duplicate callback function simply - * needs to increment the reference count on "object" and return a reference - * to "object". - * - * PARAMETERS: - * "object" - * Address of the object to be copied. Must be non-NULL. - * "pNewObject" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_PL_DuplicateCallback)( - PKIX_PL_Object *object, - PKIX_PL_Object **pNewObject, - void *plContext); - -/* reference-counted objects */ - -/* - * FUNCTION: PKIX_PL_Object_Alloc - * DESCRIPTION: - * - * Allocates a new Object of type "type" with "size" bytes and stores the - * resulting pointer at "pObject". The reference count of the newly - * allocated object will be initialized to 1. To improve performance, each - * object maintains a small cache for the results of Hashcode and ToString. - * Mutable objects should call InvalidateCache whenever changes are made to - * the object's state (after creation). If an error occurs during allocation, - * "pObject" will be set to NULL. If "size" equals zero, this function creates - * an Object with a reference count of 1, and places a pointer to unallocated - * memory at "pMemory". - * - * PARAMETERS: - * "type" - * The type code of this object. See pkixt.h for codes. The type code - * must be previously registered with PKIX_PL_Object_RegisterType(). - * "size" - * The number of bytes needed for this object. - * "pMemory" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Alloc( - PKIX_TYPENUM type, - PKIX_UInt32 size, - PKIX_PL_Object **pObject, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_IsTypeRegistered - * DESCRIPTION: - * - * Checks whether "type" has been registered by a previous call to - * PKIX_PL_Object_RegisterType() and stores the Boolean result at "pBool". - * This function will typically only be called by constructors for specific - * types. - * - * PARAMETERS: - * "type" - * The type code to check if valid. - * "pBool" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_IsTypeRegistered( - PKIX_UInt32 type, - PKIX_Boolean *pBool, - void *plContext); - -#ifdef PKIX_USER_OBJECT_TYPE -/* - * FUNCTION: PKIX_PL_Object_RegisterType - * DESCRIPTION: - * - * Registers a new Object with type value "type" and associates it with a set - * of functions ("destructor", "equalsFunction", "hashcodeFunction", - * "toStringFunction", "comparator", "duplicateFunction"). The new type value - * is also associated with a string pointed to by "description", which is used - * by the default ToStringCallback. This function may only be called with a - * particular "type" value once. If "destructor", "equalsFunction", - * "hashcodeFunction", or "toStringFunction" are NULL, default functions will - * be registered. However, if "comparator" and "duplicateFunction" are NULL, - * no functions will be registered and calls to PKIX_PL_Object_Compare and - * PKIX_PL_Object_Duplicate will result in an error. - * - * PARAMETERS: - * "type" - * The type code. - * "description" - * The string used by the default ToStringCallback. Default used if NULL. - * "destructor" - * The DestructorCallback function to be set. Default used if NULL. - * "equalsFunction" - * The EqualsCallback function to be set. Default used if NULL. - * "hashcodeFunction" - * The HashcodeCallback function to be set. Default used if NULL. - * "toStringFunction" - * The ToStringCallback function to be set. Default used if NULL. - * "comparator" - * The ComparatorCallback function to be set. None set if NULL. If no - * callback function is set in this field, calls to - * PKIX_PL_Object_Compare() will result in an error. - * "duplicateFunction" - * The DuplicateCallback function to be set. None set if NULL. If no - * callback function is set in this field, calls to - * PKIX_PL_Object_Duplicate() will result in an error. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Object Error if "type" is already registered. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_RegisterType( - PKIX_UInt32 type, - char *description, - PKIX_PL_DestructorCallback destructor, - PKIX_PL_EqualsCallback equalsFunction, - PKIX_PL_HashcodeCallback hashcodeFunction, - PKIX_PL_ToStringCallback toStringFunction, - PKIX_PL_ComparatorCallback comparator, - PKIX_PL_DuplicateCallback duplicateFunction, - void *plContext); - -#endif -/* - * FUNCTION: PKIX_PL_Object_InvalidateCache - * DESCRIPTION: - * - * Invalidates the cache of the Object pointed to by "object". The cache - * contains results of Hashcode and ToString. This function should be used by - * mutable objects whenever changes are made to the Object's state (after - * creation). - * - * For example, if ToString is called on a mutable Object, the result will be - * computed, cached, and returned. If the Object's state does not change, a - * subsequent call to ToString will recognize that the relevant result is - * cached and will simply return the result (without calling the Object's - * ToStringCallback to recompute it). However, when the Object's state - * changes, the cache needs to be invalidated in order to force a subsequent - * call to ToString to recompute the result. - * - * PARAMETERS: - * "object" - * Address of Object whose cache is to be invalidated. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * - * THREAD SAFETY - * Thread Safe - Object Type Table is locked during modification. - * - * Multiple threads can safely call this function without worrying about - * conflicts, even if they're operating on the same object. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_InvalidateCache( - PKIX_PL_Object *object, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_IncRef - * DESCRIPTION: - * - * Increments the reference count of the Object pointed to by "object". - * - * PARAMETERS: - * "object" - * Address of Object whose reference count is to be incremented. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_IncRef( - PKIX_PL_Object *object, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_DecRef - * DESCRIPTION: - * - * Decrements the reference count of the Object pointed to by "object". If the - * resulting reference count is zero, the destructor (if any) registered for - * the Object's type (by PKIX_PL_RegisterType) will be called and then the - * Object will be destroyed. - * - * PARAMETERS: - * "object" - * Address of Object whose reference count is to be decremented. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * If destructor is not called, multiple threads can safely call this function - * without worrying about conflicts, even if they're operating on the same - * object. If destructor is called, thread safety depends on the callback - * defined by PKIX_PL_RegisterType(). - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_DecRef( - PKIX_PL_Object *object, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_Equals - * DESCRIPTION: - * - * Compares the Object pointed to by "firstObject" with the Object pointed to - * by "secondObject" for equality using the callback function registered for - * "firstObject"'s type, and stores the Boolean result at "pResult". While - * typical callbacks will return PKIX_FALSE if the objects are of different - * types, other callbacks may be capable of comparing objects of different - * types [which may correctly result in cases where Equals(first, second) - * differs from Equals(second, first)]. - * - * PARAMETERS: - * "firstObject" - * Address of the first Object to compare. Must be non-NULL. - * The EqualsCallback for this Object will be called. - * "secondObject" - * Address of the second Object to compare. Must be non-NULL. - * "pResult" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on the callback defined by PKIX_PL_RegisterType(). - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Object Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Equals( - PKIX_PL_Object *firstObject, - PKIX_PL_Object *secondObject, - PKIX_Boolean *pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_Hashcode - * DESCRIPTION: - * - * Computes a hashcode of the Object pointed to by "object" using the - * callback registered for "object"'s type and stores it at "pValue". Two - * objects which are equal should have the same hashcode. Once a call to - * Hashcode has been made, the results are cached and subsequent calls to - * Hashcode will return the cached value. For mutable objects, an - * InvalidateCache function is provided, which should be called whenever - * changes are made to the object's state (after creation). - * - * PARAMETERS: - * "object" - * Address of the Object whose hashcode is desired. Must be non-NULL. - * The HashcodeCallback for this object will be called. - * "pValue" - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * - * THREAD SAFETY: - * Thread safety depends on the callback defined by PKIX_PL_RegisterType(). - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Object Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Hashcode( - PKIX_PL_Object *object, - PKIX_UInt32 *pValue, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_ToString - * DESCRIPTION: - * - * Creates a string representation of the Object pointed to by "object" using - * the callback registered for "object"'s type and stores it at "pString". - * Once a call to ToString has been made, the results are cached and - * subsequent calls to ToString will return the cached value. For mutable - * objects, an InvalidateCache function is provided, which should be called - * whenever changes are made to the object's state (after creation). - * - * PARAMETERS: - * "object" - * Address of Object whose string representation is desired. - * Must be non-NULL. The ToStringCallback for this object will be called. - * "pString" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on the callback defined by PKIX_PL_RegisterType(). - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Object Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_ToString( - PKIX_PL_Object *object, - PKIX_PL_String **pString, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_Compare - * DESCRIPTION: - * - * Compares the Object pointed to by "firstObject" and the Object pointed to - * by "secondObject" using the comparator registered for "firstObject"'s type - * and stores the result at "pResult". Different types may be compared. This - * may correctly result in cases where Compare(first, second) is not the - * opposite of Compare(second, first). The PKIX_Int32 value stored at - * "pResult" will be: - * Less than 0 if "firstObject" < "secondObject" - * Equals to 0 if "firstObject" = "secondObject" - * Greater than 0 if "firstObject" > "secondObject" - * - * PARAMETERS: - * "firstObject" - * Address of first Object to compare. Must be non-NULL. - * The ComparatorCallback for this object will be called. - * "secondObject" - * Address of second object to compare. Must be non-NULL. - * "pResult - * Address where PKIX_Int32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on the comparator defined by PKIX_PL_RegisterType(). - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Object Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Compare( - PKIX_PL_Object *firstObject, - PKIX_PL_Object *secondObject, - PKIX_Int32 *pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_Duplicate - * DESCRIPTION: - * - * Creates a duplicate copy of the Object pointed to by "object" using the - * callback registered for "object"'s type and stores the copy at - * "pNewObject". Changes to the new object will not affect the original and - * vice versa. - * - * Note that if "object" is immutable, the Duplicate callback function simply - * needs to increment the reference count on "object" and return a reference - * to "object". - * - * PARAMETERS: - * "object" - * Address of Object to be duplicated. Must be non-NULL. - * The DuplicateCallback for this Object will be called. - * "pNewObject" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread safety depends on the callback defined by PKIX_PL_RegisterType(). - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Object Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Duplicate( - PKIX_PL_Object *object, - PKIX_PL_Object **pNewObject, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_GetType - * DESCRIPTION: - * - * Retrieves the type code of the Object pointed to by "object" and stores it - * at "pType". See pkixt.h for type codes. - * - * PARAMETERS: - * "object" - * Address of Object whose type is desired. Must be non-NULL. - * "pType" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_GetType( - PKIX_PL_Object *object, - PKIX_UInt32 *pType, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_Lock - * DESCRIPTION: - * - * Locks the Mutex associated with the Object pointed to by "object". When an - * object is created, it is associated with an object-specific Mutex to allow - * for synchronization when the fields of the object are modified. - * - * PARAMETERS: - * "object" - * Address of Object whose Mutex is to be locked. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Lock( - PKIX_PL_Object *object, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Object_Unlock - * DESCRIPTION: - * - * Unlocks the Mutex associated with the Object pointed to by "object". When - * an object is created, it is associated with an object-specific Mutex to - * allow for synchronization when the fields of the object are modified. - * - * PARAMETERS: - * "object" - * Address of Object whose Mutex is to be unlocked. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Object_Unlock( - PKIX_PL_Object *object, - void *plContext); - -/* mutexes (locks) */ - -/* - * FUNCTION: PKIX_PL_Mutex_Create - * DESCRIPTION: - * - * Creates a new Mutex and stores it at "pNewLock". - * - * PARAMETERS: - * "pNewLock" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Mutex_Create( - PKIX_PL_Mutex **pNewLock, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Mutex_Lock - * DESCRIPTION: - * - * Locks the Mutex pointed to by "lock". If the Mutex is already locked, this - * function will block the current thread until the mutex can be locked by - * this thread. - * - * PARAMETERS: - * "lock" - * Address of Mutex to lock. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Mutex_Lock( - PKIX_PL_Mutex *lock, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Mutex_Unlock - * DESCRIPTION: - * - * Unlocks the Mutex pointed to by "lock" if the current thread holds the - * Mutex. - * - * PARAMETERS: - * "lock" - * Address of Mutex to unlock. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Mutex_Unlock( - PKIX_PL_Mutex *lock, - void *plContext); - -/* monitor (locks) */ - -/* - * FUNCTION: PKIX_PL_MonitorLock_Create - * DESCRIPTION: - * - * Creates a new PKIX_PL_MonitorLock and stores it at "pNewLock". - * - * PARAMETERS: - * "pNewLock" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_MonitorLock_Create( - PKIX_PL_MonitorLock **pNewLock, - void *plContext); - -/* - * FUNCTION: PKIX_PL_MonitorLock_Enter - * DESCRIPTION: - * - * Locks the MonitorLock pointed to by "lock". If the MonitorLock is already - * locked by other thread, this function will block the current thread. If - * the "lock" had been locked by current thread, this function will NOT block. - * - * PARAMETERS: - * "lock" - * Address of MonitorLock to lock. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_MonitorLock_Enter( - PKIX_PL_MonitorLock *lock, - void *plContext); - -/* - * FUNCTION: PKIX_PL_MonitorLock_Exit - * DESCRIPTION: - * - * Unlocks the MonitorLock pointed to by "lock" if the lock counter of - * current thread holds the MonitorLock reach 0, the lock is released. - * - * PARAMETERS: - * "lock" - * Address of MonitorLock to unlock. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_MonitorLock_Exit( - PKIX_PL_MonitorLock *lock, - void *plContext); - -/* strings and formatted printing */ - -/* - * FUNCTION: PKIX_PL_String_Create - * DESCRIPTION: - * - * Creates a new String using the data pointed to by "pString", the - * PKIX_UInt32 pointed to by "stringLen", and the PKIX_UInt32 pointed to by - * "fmtIndicator" and stores it at "pString". If the format is PKIX_ESCASCII - * the "stringLen" parameter is ignored and the string extends until a zero - * byte is found. Once created, a String object is immutable. - * - * Valid formats are: - * PKIX_ESCASCII - * PKIX_ESCASCII_DEBUG - * PKIX_UTF8 - * PKIX_UTF8_NULL_TERM - * PKIX_UTF16 - * - * PARAMETERS: - * "fmtIndicator" - * Format that "stringRep" is encoded with. Must be non-NULL. - * "stringRep" - * Address of encoded string representation. Must be non-NULL. - * "stringLen" - * Length of data stored at stringRep. - * "pString" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a String Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_String_Create( - PKIX_UInt32 fmtIndicator, - const void *stringRep, - PKIX_UInt32 stringLen, - PKIX_PL_String **pString, - void *plContext); - -/* - * FUNCTION: PKIX_PL_Sprintf - * DESCRIPTION: - * - * Creates a formatted string at "pOut" using the given format "fmt" and a - * variable length list of arguments. The format flags are identical to - * standard C with the exception that %s expects a PKIX_PL_String*, rather - * than a char *, and that {%d, %i, %o, %u, %x, %X} expect PKIX_UInt32 or - * PKIX_Int32 instead of int or unsigned int. - * - * PARAMETERS: - * "pOut" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * "fmt" - * Address of format string. Must be non-NULL. - * THREAD SAFETY: - * Not Thread Safe - Caller must have exclusive access to all arguments. - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a String Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Sprintf( - PKIX_PL_String **pOut, - void *plContext, - const PKIX_PL_String *fmt, ...); - -/* - * FUNCTION: PKIX_PL_GetString - * DESCRIPTION: - * - * Retrieves the String associated with the value of "stringID" (if any) and - * stores it at "pString". If no such string is associated with "stringID", - * this function uses "defaultString" to create a String and stores it at - * "pString". - * - * PARAMETERS: - * "stringID" - * PKIX_UInt32 valud of string identifier. - * "defaultString" - * Address of a PKIX_ESCASCII encoded string representation. - * Must be non-NULL. - * "pString" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a String Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_GetString( - PKIX_UInt32 stringID, - char *defaultString, - PKIX_PL_String **pString, - void *plContext); - -/* - * FUNCTION: PKIX_PL_String_GetEncoded - * DESCRIPTION: - * - * Retrieves the value of the String pointed to by "string" in the encoding - * specified by "fmtIndicator" and stores the result in "pStringRep" and - * "pLength", respectively. Note that "pStringRep" is not reference counted - * and will need to be freed with PKIX_PL_Free(). - * - * PARAMETERS: - * "string" - * Address of String whose encoded value is desired. Must be non-NULL. - * "fmtIndicator" - * Format of encoding. Supported formats are: - * PKIX_ESCASCII, PKIX_ESCASII_DEBUG, PKIX_UTF8, PKIX_UTF8_NULL_TERM, and - * PKIX_UTF16. XXX Where are these documented? - * "pStringRep" - * Address where pointer to encoded value will be stored. - * Must be non-NULL. - * "pLength" - * Address where byte length of encoded value will be stored. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a String Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_String_GetEncoded( - PKIX_PL_String *string, - PKIX_UInt32 fmtIndicator, - void **pStringRep, - PKIX_UInt32 *pLength, - void *plContext); - -/* - * Hashtable - * - * A hashtable is a very efficient data structure used for mapping keys to - * values. Any non-null PKIX_PL_Object can be used as a key or as a value, - * provided that it correctly implements the PKIX_PL_EqualsCallback and the - * PKIX_PL_HashcodeCallback. A hashtable consists of several buckets, with - * each bucket capable of holding a linked list of key/value mappings. When - * adding, retrieving, or deleting a value, the hashcode of the key is used to - * determine which bucket's linked list is relevant. The corresponding - * key/value pair is then appended, retrieved, or deleted. - */ - -/* - * FUNCTION: PKIX_PL_HashTable_Create - * DESCRIPTION: - * - * Creates a new Hashtable with an initial capacity of "numBuckets" buckets - * and "maxEntriesPerBucket" of entries limit for each bucket and stores it - * at "pResult". - * - * PARAMETERS: - * "numBuckets" - * The initial number of hash table buckets. Must be non-zero. - * "maxEntriesPerBucket" - * The limit of entries per bucket. Zero means no limit. - * "pResult" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_HashTable_Create( - PKIX_UInt32 numBuckets, - PKIX_UInt32 maxEntriesPerBucket, - PKIX_PL_HashTable **pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_HashTable_Add - * DESCRIPTION: - * - * Adds a key/value mapping using the Objects pointed to by "key" and "value" - * to the Hashtable pointed to by "ht". - * - * Function increments key/value reference counts. Caller is responsible to - * to decrement(destroy) key/value ref counts(objects). - * - * PARAMETERS: - * "ht" - * Address of Hashtable to be added to. Must be non-NULL. - * "key" - * Address of Object to be associated with "value". Must be non-NULL. - * "value" - * Address of Object to be added to Hashtable. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "ht" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Hashtable Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_HashTable_Add( - PKIX_PL_HashTable *ht, - PKIX_PL_Object *key, - PKIX_PL_Object *value, - void *plContext); - -/* - * FUNCTION: PKIX_PL_HashTable_Remove - * DESCRIPTION: - * - * Removes the Object value whose key is equal to the Object pointed to by - * "key" from the Hashtable pointed to by "ht". If no such object exists, - * this function throws an Error. - * - * Function frees "value" object. Caller is responsible to free "key" - * object. - * - * PARAMETERS: - * "ht" - * Address of Hashtable to remove object from. Must be non-NULL. - * "key" - * Address of Object used for lookup. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "ht" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Hashtable Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_HashTable_Remove( - PKIX_PL_HashTable *ht, - PKIX_PL_Object *key, - void *plContext); - -/* - * FUNCTION: PKIX_PL_HashTable_Lookup - * DESCRIPTION: - * - * Retrieves the Object whose key equals the Object pointed to by "key" from - * the Hashtable associated with "ht" and stores it at "pResult". If no - * Object is found, this function stores NULL at "pResult". - * - * PARAMETERS: - * "ht" - * Address of Hashtable to lookup Object from. Must be non-NULL. - * "key" - * Address of key Object used for lookup. Must be non-NULL. - * "pResult" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Hashtable Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_HashTable_Lookup( - PKIX_PL_HashTable *ht, - PKIX_PL_Object *key, - PKIX_PL_Object **pResult, - void *plContext); - -/* - * FUNCTION: PKIX_PL_ByteArray_Create - * DESCRIPTION: - * - * Creates a new ByteArray using "length" bytes of data pointed to by "array" - * and stores it at "pByteArray". Once created, a ByteArray is immutable. - * - * PARAMETERS: - * "array" - * Address of source data. - * "length" - * Number of bytes to copy. - * "pByteArray" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_ByteArray_Create( - void *array, - PKIX_UInt32 length, - PKIX_PL_ByteArray **pByteArray, - void *plContext); - -/* - * FUNCTION: PKIX_PL_ByteArray_GetPointer - * DESCRIPTION: - * - * Allocates enough memory to hold the contents of the ByteArray pointed to - * by "byteArray", copies the data from the ByteArray pointed to by - * "byteArray" into the newly allocated memory, and stores a pointer to the - * memory at "pArray". Note that "pArray" is not reference counted. It will - * need to be freed with PKIX_PL_Free(). - * - * PARAMETERS: - * "byteArray" - * Address of ByteArray whose data is desired. Must be non-NULL. - * "pArray" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_ByteArray_GetPointer( - PKIX_PL_ByteArray *byteArray, - void **pArray, - void *plContext); - -/* - * FUNCTION: PKIX_PL_ByteArray_GetLength - * DESCRIPTION: - * - * Retrieves the length of the ByteArray pointed to by "byteArray" and stores - * the length at "pLength". - * - * PARAMETERS: - * "byteArray" - * Address of ByteArray whose length is desired. Must be non-NULL. - * "pLength" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_ByteArray_GetLength( - PKIX_PL_ByteArray *byteArray, - PKIX_UInt32 *pLength, - void *plContext); - -/* - * FUNCTION: PKIX_PL_OID_Create - * DESCRIPTION: - * - * Creates a new OID using NSS oid tag. - * - * PARAMETERS: - * "idtag" - * nss oid id tag. - * "pOID" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an OID Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_OID_Create( - SECOidTag idtag, - PKIX_PL_OID **pOID, - void *plContext); - -/* - * FUNCTION: PKIX_PL_OID_CreateBySECItem - * DESCRIPTION: - * - * Creates a new OID using a DER encoded OID stored as SECItem. - * - * PARAMETERS: - * "derOid" - * Address of SECItem that holds DER encoded OID. - * "pOID" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an OID Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_OID_CreateBySECItem( - SECItem *derOid, - PKIX_PL_OID **pOID, - void *plContext); - -/* - * FUNCTION: PKIX_PL_BigInt_Create - * DESCRIPTION: - * - * Creates a new BigInt using the source String pointed to by "stringRep" and - * stores it at "pBigInt". Valid source Strings consist of an even number of - * hexadecimal digits, which are always interpreted as a positive number. - * Once created, a BigInt is immutable. - * - * The regexp format is: - * HexDigit ::= [0-9] | [A-F] | [a-f] - * DoubleHex ::= HexDigit HexDigit - * BigIntSrc ::= (DoubleHex)+ - * - * Note that since we are using DoubleHex, the number of characters in the - * source MUST be even. Additionally, the first DoubleHex MUST NOT be "00" - * unless it is the only DoubleHex. - * - * Valid : "09" - * Valid : "00" (special case where first and only DoubleHex is "00") - * Invalid: "9" (not DoubleHex: odd number of characters) - * Invalid: "0009" (first DoubleHex is "00") - * - * XXX Why does this take a String object while OID_Create takes a char* ? - * Perhaps because OID_Create is often used with constant strings and - * this function isn't. That's a good reason, but we should explain it - * (if it's right) - * PARAMETERS: - * "stringRep" - * Address of String representing a BigInt. Must be non-NULL. - * "pBigInt" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a BigInt Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_BigInt_Create( - PKIX_PL_String *stringRep, - PKIX_PL_BigInt **pBigInt, - void *plContext); - -#ifdef __cplusplus -} -#endif - -/* - * FUNCTION: PKIX_PL_GetPLErrorCode - * DESCRIPTION: - * - * Returns error code from PL layer. - * - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * PL layer error code. - */ -int -PKIX_PL_GetPLErrorCode(); - -#endif /* _LIBPKIX_SYSTEM_H */ diff --git a/security/nss/lib/libpkix/include/pkix_results.h b/security/nss/lib/libpkix/include/pkix_results.h deleted file mode 100755 index ea9e77883..000000000 --- a/security/nss/lib/libpkix/include/pkix_results.h +++ /dev/null @@ -1,458 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the results used - * by the top-level functions. - * - */ - -#ifndef _PKIX_RESULTS_H -#define _PKIX_RESULTS_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ -/* PKIX_ValidateResult - * - * PKIX_ValidateResult represents the result of a PKIX_ValidateChain call. It - * consists of the valid policy tree and public key resulting from validation, - * as well as the trust anchor used for this chain. Once created, a - * ValidateResult object is immutable. - */ - -/* - * FUNCTION: PKIX_ValidateResult_GetPolicyTree - * DESCRIPTION: - * - * Retrieves the PolicyNode component (representing the valid_policy_tree) - * from the ValidateResult object pointed to by "result" and stores it at - * "pPolicyTree". - * - * PARAMETERS: - * "result" - * Address of ValidateResult whose policy tree is to be stored. Must be - * non-NULL. - * "pPolicyTree" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateResult_GetPolicyTree( - PKIX_ValidateResult *result, - PKIX_PolicyNode **pPolicyTree, - void *plContext); - -/* - * FUNCTION: PKIX_ValidateResult_GetPublicKey - * DESCRIPTION: - * - * Retrieves the PublicKey component (representing the valid public_key) of - * the ValidateResult object pointed to by "result" and stores it at - * "pPublicKey". - * - * PARAMETERS: - * "result" - * Address of ValidateResult whose public key is to be stored. - * Must be non-NULL. - * "pPublicKey" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateResult_GetPublicKey( - PKIX_ValidateResult *result, - PKIX_PL_PublicKey **pPublicKey, - void *plContext); - -/* - * FUNCTION: PKIX_ValidateResult_GetTrustAnchor - * DESCRIPTION: - * - * Retrieves the TrustAnchor component (representing the trust anchor used - * during chain validation) of the ValidateResult object pointed to by - * "result" and stores it at "pTrustAnchor". - * - * PARAMETERS: - * "result" - * Address of ValidateResult whose trust anchor is to be stored. - * Must be non-NULL. - * "pTrustAnchor" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_ValidateResult_GetTrustAnchor( - PKIX_ValidateResult *result, - PKIX_TrustAnchor **pTrustAnchor, - void *plContext); - -/* PKIX_BuildResult - * - * PKIX_BuildResult represents the result of a PKIX_BuildChain call. It - * consists of a ValidateResult object, as well as the built and validated - * CertChain. Once created, a BuildResult object is immutable. - */ - -/* - * FUNCTION: PKIX_BuildResult_GetValidateResult - * DESCRIPTION: - * - * Retrieves the ValidateResult component (representing the build's validate - * result) of the BuildResult object pointed to by "result" and stores it at - * "pResult". - * - * PARAMETERS: - * "result" - * Address of BuildResult whose ValidateResult component is to be stored. - * Must be non-NULL. - * "pResult" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_BuildResult_GetValidateResult( - PKIX_BuildResult *result, - PKIX_ValidateResult **pResult, - void *plContext); - -/* - * FUNCTION: PKIX_BuildResult_GetCertChain - * DESCRIPTION: - * - * Retrieves the List of Certs (certChain) component (representing the built - * and validated CertChain) of the BuildResult object pointed to by "result" - * and stores it at "pChain". - * - * PARAMETERS: - * "result" - * Address of BuildResult whose CertChain component is to be stored. - * Must be non-NULL. - * "pChain" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_BuildResult_GetCertChain( - PKIX_BuildResult *result, - PKIX_List **pChain, - void *plContext); - -/* PKIX_PolicyNode - * - * PKIX_PolicyNode represents a node in the policy tree returned in - * ValidateResult. The policy tree is the same length as the validated - * certificate chain and the nodes are associated with a particular depth - * (corresponding to a particular certificate in the chain). - * PKIX_ValidateResult_GetPolicyTree returns the root node of the valid policy - * tree. Other nodes can be accessed using the getChildren and getParents - * functions, and individual elements of a node can be accessed with the - * appropriate gettors. Once created, a PolicyNode is immutable. - */ - -/* - * FUNCTION: PKIX_PolicyNode_GetChildren - * DESCRIPTION: - * - * Retrieves the List of PolicyNodes representing the child nodes of the - * Policy Node pointed to by "node" and stores it at "pChildren". If "node" - * has no child nodes, this function stores an empty List at "pChildren". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose child nodes are to be stored. - * Must be non-NULL. - * "pChildren" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_GetChildren( - PKIX_PolicyNode *node, - PKIX_List **pChildren, /* list of PKIX_PolicyNode */ - void *plContext); - -/* - * FUNCTION: PKIX_PolicyNode_GetParent - * DESCRIPTION: - * - * Retrieves the PolicyNode representing the parent node of the PolicyNode - * pointed to by "node" and stores it at "pParent". If "node" has no parent - * node, this function stores NULL at "pParent". - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose parent node is to be stored. - * Must be non-NULL. - * "pParent" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_GetParent( - PKIX_PolicyNode *node, - PKIX_PolicyNode **pParent, - void *plContext); - -/* - * FUNCTION: PKIX_PolicyNode_GetValidPolicy - * DESCRIPTION: - * - * Retrieves the OID representing the valid policy of the PolicyNode pointed - * to by "node" and stores it at "pValidPolicy". - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose valid policy is to be stored. - * Must be non-NULL. - * "pValidPolicy" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_GetValidPolicy( - PKIX_PolicyNode *node, - PKIX_PL_OID **pValidPolicy, - void *plContext); - -/* - * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers - * DESCRIPTION: - * - * Retrieves the List of CertPolicyQualifiers representing the policy - * qualifiers associated with the PolicyNode pointed to by "node" and stores - * it at "pQualifiers". If "node" has no policy qualifiers, this function - * stores an empty List at "pQualifiers". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose policy qualifiers are to be stored. - * Must be non-NULL. - * "pQualifiers" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_GetPolicyQualifiers( - PKIX_PolicyNode *node, - PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */ - void *plContext); - -/* - * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies - * DESCRIPTION: - * - * Retrieves the List of OIDs representing the expected policies associated - * with the PolicyNode pointed to by "node" and stores it at "pExpPolicies". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose expected policies are to be stored. - * Must be non-NULL. - * "pExpPolicies" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_GetExpectedPolicies( - PKIX_PolicyNode *node, - PKIX_List **pExpPolicies, /* list of PKIX_PL_OID */ - void *plContext); - -/* - * FUNCTION: PKIX_PolicyNode_IsCritical - * DESCRIPTION: - * - * Checks the criticality field of the PolicyNode pointed to by "node" and - * stores the Boolean result at "pCritical". - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose criticality field is examined. - * Must be non-NULL. - * "pCritical" - * Address where Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_IsCritical( - PKIX_PolicyNode *node, - PKIX_Boolean *pCritical, - void *plContext); - -/* - * FUNCTION: PKIX_PolicyNode_GetDepth - * DESCRIPTION: - * - * Retrieves the depth component of the PolicyNode pointed to by "node" and - * stores it at "pDepth". - * - * PARAMETERS: - * "node" - * Address of PolicyNode whose depth component is to be stored. - * Must be non-NULL. - * "pDepth" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Result Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PolicyNode_GetDepth( - PKIX_PolicyNode *node, - PKIX_UInt32 *pDepth, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_RESULTS_H */ diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h deleted file mode 100755 index 261f7859e..000000000 --- a/security/nss/lib/libpkix/include/pkix_revchecker.h +++ /dev/null @@ -1,250 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with the PKIX_RevocationChecker - * type. - * - */ - -#ifndef _PKIX_REVCHECKER_H -#define _PKIX_REVCHECKER_H - -#include "pkixt.h" -#include "pkix_pl_pki.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_RevocationChecker - * - * PKIX_RevocationChecker provides a standard way of revocation checking. - * Caller should configure two set of tests(represented at lists of - * RevocationMethod objects) to be performed on the leaf and on the rest of - * the chain certificates. - * - * PKIX_RevocationMethods provide a standard way for the caller to insert - * their own custom revocation checks to verify the revocation status of - * certificates. This may be useful in many scenarios, including when the - * caller wishes to use their own revocation checking mechanism instead of (or - * in addition to) the default revocation checking mechanism provided by - * libpkix, which uses CRLs and OCSP. - * - * Once the caller has created the RevocationMethod object(s), the caller - * then specifies the RevocationMethod object(s) in a RevocationCheck object - * and sets it into a ProcessingParams. - */ - -/* - * FUNCTION: PKIX_RevocationChecker_Create - * DESCRIPTION: - * - * Creates revocation checker object with a given flags. - * - * PARAMETERS: - * "revDate" - * Revocation will be checked at this date. Current date is taken if the - * parameter is not specified. - * "leafMethodListFlags" - * Defines a set of method independent flags that will be used to check - * revocation of the leaf cert in the chain. - * "chainMethodListFlags" - * Defines a set of method independent flags that will be used to check - * revocation of the remaining certs in the chain. - * "pChecker" - * The return address of created checker. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a RevocationChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_RevocationChecker_Create( - PKIX_UInt32 leafMethodListFlags, - PKIX_UInt32 chainMethodListFlags, - PKIX_RevocationChecker **pChecker, - void *plContext); - -/* - * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod - * DESCRIPTION: - * - * Creates revocation method object with given parameters and adds it - * to revocation checker method list. - * - * PARAMETERS: - * "revChecker" - * Address of revocation checker structure. - * "procParams" - * Address of ProcessingParams used to initialize the checker. - * Must be non-NULL. - * "methodType" - * Type of the method. Currently only two types are - * supported: crl and ocsp. (See PKIX_RevocationMethodType enum). - * "methodFlags" - * Set of flags for the method. - * "methodPriority" - * Method priority. (0 corresponds to a highest priority) - * "verificationFn" - * User call back function that will perform validation of fetched - * revocation information(new crl or ocsp response) - * "isLeafMethod" - * Boolean flag that if set to true indicates that the method should - * should be used for leaf cert revocation test(false for chain set - * methods). - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a RevocationChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_RevocationChecker_CreateAndAddMethod( - PKIX_RevocationChecker *revChecker, - PKIX_ProcessingParams *params, - PKIX_RevocationMethodType methodType, - PKIX_UInt32 methodFlags, - PKIX_UInt32 mathodPriority, - PKIX_PL_VerifyCallback verificationFn, - PKIX_Boolean isLeafMethod, - void *plContext); - -/* - * FUNCTION: PKIX_RevocationChecker_Check - * DESCRIPTION: - * - * Verifies revocation status of the certificate. Issuer cert is given to - * be used in verification of revocation information. Performed verification - * check depends on configured revocation methods(ocsp, crl. See - * PKIX_RevocationChecker_CreateAndAddMethod function) and a point of chain - * building process at which PKIX_RevocationChecker_Check was invoked. - * For security reasons, the cert status is checked only against cached - * revocation information during chain building stage(no trust anchor yes has - * been found). The fresh revocation information fetching is done only at chain - * verification stage after trust anchor was identified. - * - * PARAMETERS: - * "cert" - * Address of Cert whose revocation status is to be determined. - * Must be non-NULL. - * "issuer" - * Issuer cert that potentially holds public key that will be used - * to verify revocation info. - * "revChecker" - * Address of revocation checker structure. - * "procParams" - * Address of ProcessingParams used to initialize the checker. - * Must be non-NULL. - * "chainVerificationState" - * Need to be set to true, if the check was called during chain verification - * as an opposite to chain building. - * "testingLeafCert" - * Set to true if verifying revocation status of a leaf cert. - * "revStatus" - * Address of the returned revocation status of the cert. - * "pResultCode" - * Address where revocation status will be stored. Must be non-NULL. - * "pNBIOContext" - * Address at which platform-dependent non-blocking I/O context is stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a RevocationChecker Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_RevocationChecker_Check(PKIX_PL_Cert *cert, - PKIX_PL_Cert *issuer, - PKIX_RevocationChecker *revChecker, - PKIX_ProcessingParams *procParams, - PKIX_Boolean chainVerificationState, - PKIX_Boolean testingLeafCert, - PKIX_RevocationStatus *revStatus, - PKIX_UInt32 *pReasonCode, - void **pNbioContext, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_REVCHECKER_H */ diff --git a/security/nss/lib/libpkix/include/pkix_sample_modules.h b/security/nss/lib/libpkix/include/pkix_sample_modules.h deleted file mode 100755 index c0c6098ce..000000000 --- a/security/nss/lib/libpkix/include/pkix_sample_modules.h +++ /dev/null @@ -1,451 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines functions associated with CertStore types. - * - */ - - -#ifndef _PKIX_SAMPLEMODULES_H -#define _PKIX_SAMPLEMODULES_H - -#include "pkix_pl_common.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_PL_CollectionCertStore - * - * A PKIX_CollectionCertStore provides an example for showing how to retrieve - * certificates and CRLs from a repository, such as a directory in the system. - * It is expected the directory is an absolute directory which contains CRL - * and Cert data files. CRL files are expected to have the suffix of .crl - * and Cert files are expected to have the suffix of .crt . - * - * Once the caller has created the CollectionCertStoreContext object, the caller - * then can call pkix_pl_CollectionCertStore_GetCert or - * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or - * PKIX_PL_CRL objects, respectively. - */ - -/* - * FUNCTION: PKIX_PL_CollectionCertStore_Create - * DESCRIPTION: - * - * Creates a new CollectionCertStore and returns it at - * "pColCertStore". - * - * PARAMETERS: - * "storeDir" - * The absolute path where *.crl files are located. - * "pColCertStoreContext" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CollectionCertStoreContext Error if the function fails in - * a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_CollectionCertStore_Create( - PKIX_PL_String *storeDir, - PKIX_CertStore **pCertStore, - void *plContext); - -/* PKIX_PL_PK11CertStore - * - * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11 - * database. The directory that contains the cert8.db, key3.db, and secmod.db - * files that comprise a PKCS11 database are specified in NSS initialization. - * - * Once the caller has created the Pk11CertStore object, the caller can call - * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain - * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively. - */ - -/* - * FUNCTION: PKIX_PL_Pk11CertStore_Create - * DESCRIPTION: - * - * Creates a new Pk11CertStore and returns it at "pPk11CertStore". - * - * PARAMETERS: - * "pPk11CertStore" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_Pk11CertStore_Create( - PKIX_CertStore **pPk11CertStore, - void *plContext); - -/* PKIX_PL_LdapCertStore - * - * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server - * over a socket connection. It used the LDAP protocol as described in RFC1777. - * - * Once the caller has created the LdapCertStore object, the caller can call - * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain - * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively. - */ - -/* - * FUNCTION: PKIX_PL_LdapDefaultClient_Create - * DESCRIPTION: - * - * Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr", - * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI"; - * and stores the address of the default LdapClient at "pClient". - * - * At the time of this version, there are unresolved questions about the LDAP - * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not - * clear whether they are appropriate to this application. We have tested only - * using servers that do not expect authentication, and that reject BIND - * messages. It is not clear what values might be appropriate for the bindname - * and authentication fields, which are currently implemented as char strings - * supplied by the caller. (If this changes, the API and possibly the templates - * will have to change.) Therefore the Client_Create API contains a BindAPI - * structure, a union, which will have to be revised and extended when this - * area of the protocol is better understood. - * - * PARAMETERS: - * "sockaddr" - * Address of the PRNetAddr to be used for the socket connection. Must be - * non-NULL. - * "timeout" - * The PRIntervalTime value to be used as a timeout value in socket calls; - * a zero value indicates non-blocking I/O is to be used. - * "bindAPI" - * The address of a BindAPI to be used if a BIND message is required. If - * this argument is NULL, no Bind (or Unbind) will be sent. - * "pClient" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_LdapDefaultClient_Create( - PRNetAddr *sockaddr, - PRIntervalTime timeout, - LDAPBindAPI *bindAPI, - PKIX_PL_LdapDefaultClient **pClient, - void *plContext); - -/* - * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName - * DESCRIPTION: - * - * Creates an LdapDefaultClient using the hostname poined to by "hostname", - * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI"; - * and stores the address of the default LdapClient at "pClient". - * - * At the time of this version, there are unresolved questions about the LDAP - * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not - * clear whether they are appropriate to this application. We have tested only - * using servers that do not expect authentication, and that reject BIND - * messages. It is not clear what values might be appropriate for the bindname - * and authentication fields, which are currently implemented as char strings - * supplied by the caller. (If this changes, the API and possibly the templates - * will have to change.) Therefore the Client_Create API contains a BindAPI - * structure, a union, which will have to be revised and extended when this - * area of the protocol is better understood. - * - * PARAMETERS: - * "hostname" - * Address of the hostname to be used for the socket connection. Must be - * non-NULL. - * "timeout" - * The PRIntervalTime value to be used as a timeout value in socket calls; - * a zero value indicates non-blocking I/O is to be used. - * "bindAPI" - * The address of a BindAPI to be used if a BIND message is required. If - * this argument is NULL, no Bind (or Unbind) will be sent. - * "pClient" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_LdapDefaultClient_CreateByName( - char *hostname, - PRIntervalTime timeout, - LDAPBindAPI *bindAPI, - PKIX_PL_LdapDefaultClient **pClient, - void *plContext); - -/* - * FUNCTION: PKIX_PL_LdapCertStore_Create - * DESCRIPTION: - * - * Creates a new LdapCertStore using the LdapClient pointed to by "client", - * and stores the address of the CertStore at "pCertStore". - * - * PARAMETERS: - * "client" - * Address of the LdapClient to be used. Must be non-NULL. - * "pCertStore" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertStore Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_LdapCertStore_Create( - PKIX_PL_LdapClient *client, - PKIX_CertStore **pCertStore, - void *plContext); - -/* PKIX_PL_NssContext - * - * A PKIX_PL_NssContext provides an example showing how the "plContext" - * argument, that is part of every libpkix function call, can be used. - * The "plContext" is the Portability Layer Context, which can be used - * to communicate layer-specific information from the application to the - * underlying Portability Layer (while bypassing the Portable Code, which - * blindly passes the plContext on to every function call). - * - * In this case, NSS serves as both the application and the Portability Layer. - * We define an NSS-specific structure, which includes an arena and a number - * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument, - * wincx, is used on Windows platforms for PKCS11 access, and should be set to - * NULL for other platforms. - * Before calling any of the libpkix functions, the caller should create the NSS - * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context - * as the "plContext" argument in every libpkix function call the caller makes. - * When the caller is finished using the NSS context (usually just after he - * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to - * free the NSS context structure. - */ - -/* - * FUNCTION: PKIX_PL_NssContext_Create - * DESCRIPTION: - * - * Creates a new NssContext using the certificate usage(s) specified by - * "certUsage" and stores it at "pNssContext". This function also internally - * creates an arena and stores it as part of the NssContext structure. Unlike - * most other libpkix API functions, this function does not take a "plContext" - * parameter. - * - * PARAMETERS: - * "certUsage" - * The desired SECCertificateUsage(s). - * "useNssArena" - * Boolean flag indicates NSS Arena is used for memory allocation. - * "wincx" - * A Windows-dependent pointer for PKCS11 token handling. - * "pNssContext" - * Address where object pointer will be stored. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Context Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_NssContext_Create( - PKIX_UInt32 certificateUsage, - PKIX_Boolean useNssArena, - void *wincx, - void **pNssContext); - -/* - * FUNCTION: PKIX_PL_NssContext_Destroy - * DESCRIPTION: - * - * Frees the structure pointed to by "nssContext" along with any of its - * associated memory. Unlike most other libpkix API functions, this function - * does not take a "plContext" parameter. - * - * PARAMETERS: - * "nssContext" - * Address of NssContext to be destroyed. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Context Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_NssContext_Destroy( - void *nssContext); - -/* - * FUNCTION: PKIX_PL_NssContext_SetTimeout - * DESCRIPTION: - * - * Sets IO timeout for network operations like OCSP response and cert - * fetching. - * - * PARAMETERS: - * "nssContext" - * Address of NssContext to be destroyed. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Context Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext); - -/* - * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen - * DESCRIPTION: - * - * Sets maximum responce length allowed during network IO operations. - * - * PARAMETERS: - * "nssContext" - * Address of NssContext to be destroyed. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Context Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext); - -/* - * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay - * DESCRIPTION: - * - * Sets user defined timeout between attempts to load crl using - * CRLDP. - * - * PARAMETERS: - * "delaySeconds" - * Reload delay in seconds. - * "nssContext" - * Address of NssContext to be destroyed. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Context Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds, - PKIX_PL_NssContext *nssContext); - -/* - * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay - * DESCRIPTION: - * - * Sets user defined timeout between attempts to load crls - * that failed to decode. - * - * PARAMETERS: - * "delaySeconds" - * Reload delay in seconds. - * "nssContext" - * Address of NssContext to be destroyed. Must be non-NULL. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Context Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds, - PKIX_PL_NssContext *nssContext); -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_SAMPLEMODULES_H */ diff --git a/security/nss/lib/libpkix/include/pkix_util.h b/security/nss/lib/libpkix/include/pkix_util.h deleted file mode 100755 index 619c9c05d..000000000 --- a/security/nss/lib/libpkix/include/pkix_util.h +++ /dev/null @@ -1,974 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * These functions provide support for a number of other functions - * by creating and manipulating data structures used by those functions. - * - */ - -#ifndef _PKIX_UTIL_H -#define _PKIX_UTIL_H - -#include "pkixt.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* General - * - * Please refer to the libpkix Programmer's Guide for detailed information - * about how to use the libpkix library. Certain key warnings and notices from - * that document are repeated here for emphasis. - * - * All identifiers in this file (and all public identifiers defined in - * libpkix) begin with "PKIX_". Private identifiers only intended for use - * within the library begin with "pkix_". - * - * A function returns NULL upon success, and a PKIX_Error pointer upon failure. - * - * Unless otherwise noted, for all accessor (gettor) functions that return a - * PKIX_PL_Object pointer, callers should assume that this pointer refers to a - * shared object. Therefore, the caller should treat this shared object as - * read-only and should not modify this shared object. When done using the - * shared object, the caller should release the reference to the object by - * using the PKIX_PL_Object_DecRef function. - * - * While a function is executing, if its arguments (or anything referred to by - * its arguments) are modified, free'd, or destroyed, the function's behavior - * is undefined. - * - */ - -/* PKIX_Logger - * - * PKIX_Loggers provide a standard way for the caller to insert custom logging - * facilities. These are used by libpkix to log errors, debug information, - * status, etc. The LogCallback allows custom logging to take place. - * Additionally, a Logger can be initialized with a loggerContext, which is - * where the caller can specify configuration data such as the name of a - * logfile or database. Note that this loggerContext must be a PKIX_PL_Object, - * allowing it to be reference-counted and allowing it to provide the standard - * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate). - * - * Once the caller has created the Logger object(s) (and set the loggerContext - * (if any) and the Log callback), the caller then registers these Loggers - * with the system by calling PKIX_SetLoggers or PKIX_AddLogger. All log - * entries will then be logged using the specified Loggers. If multiple - * Loggers are specified, every log entry will be logged with each of them. - * - * XXX Maybe give some guidance somewhere on how much detail each logging - * level should have and where component boundaries should be. Maybe in - * Implementor's Guide or Programmer's Guide. - */ - -#define PKIX_LOGGER_LEVEL_TRACE 5 -#define PKIX_LOGGER_LEVEL_DEBUG 4 -#define PKIX_LOGGER_LEVEL_WARNING 3 -#define PKIX_LOGGER_LEVEL_ERROR 2 -#define PKIX_LOGGER_LEVEL_FATALERROR 1 - -#define PKIX_LOGGER_LEVEL_MAX 5 - -/* - * FUNCTION: PKIX_Logger_LogCallback - * DESCRIPTION: - * - * This callback function logs a log entry containing the String pointed to - * by "message", the integer value of logLevel, and the String pointed to by - * "logComponent". A log entry can be associated with a particular log - * level (i.e. level 3) and a particular log component (i.e. "CertStore"). - * For example, someone reading the log may only be interested in very general - * log entries so they look only for log level 1. Similarly, they may only be - * interested in log entries pertaining to the CertStore component so they - * look only for that log component. This function can be used before calling - * PKIX_Initialize. - * - * PARAMETERS: - * "logger" - * Address of logger whose LogCallback is to be used. Must be non-NULL. - * "message" - * Address of String that is to be logged used "logger". Must be non-NULL. - * "logLevel" - * Integer value representing the log level for this entry. The higher the - * level, the more detail. Must be non-NULL. - * "logComponent" - * PKIXERRORNUM value (defined in pkixt.h) designating the log component - * for this entry. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe - * - * Multiple threads must be able to safely call this function without - * worrying about conflicts, even if they're operating on the same objects. - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -typedef PKIX_Error * -(*PKIX_Logger_LogCallback)( - PKIX_Logger *logger, - PKIX_PL_String *message, - PKIX_UInt32 logLevel, - PKIX_ERRORCLASS logComponent, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_Create - * DESCRIPTION: - * - * Creates a new Logger using the Object pointed to by "loggerContext" - * (if any) and stores it at "pLogger". The new Logger uses the LogCallback - * pointed to by "callback". The Logger's maximum logging level is initially - * set to a very high level and its logging component is set to NULL (all - * components). - * - * PARAMETERS: - * "callback" - * The LogCallback function to be used. Must be non-NULL. - * "loggerContext" - * Address of Object representing the Logger's context (if any). - * "pLogger" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_Create( - PKIX_Logger_LogCallback callback, - PKIX_PL_Object *loggerContext, - PKIX_Logger **pLogger, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_GetLogCallback - * DESCRIPTION: - * - * Retrieves a pointer to "logger's" Log callback function and puts it in - * "pCallback". - * - * PARAMETERS: - * "logger" - * Address of Logger whose Log callback is desired. Must be non-NULL. - * "pCallback" - * Address where Log callback function pointer will be stored. - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_GetLogCallback( - PKIX_Logger *logger, - PKIX_Logger_LogCallback *pCallback, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_GetLoggerContext - * DESCRIPTION: - * - * Retrieves a pointer to a PKIX_PL_Object representing the context (if any) - * of the Logger pointed to by "logger" and stores it at "pLoggerContext". - * - * PARAMETERS: - * "logger" - * Address of Logger whose context is to be stored. Must be non-NULL. - * "pLoggerContext" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_GetLoggerContext( - PKIX_Logger *logger, - PKIX_PL_Object **pLoggerContext, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_GetMaxLoggingLevel - * DESCRIPTION: - * - * Retrieves a pointer to a PKIX_UInt32 representing the maximum logging - * level of the Logger pointed to by "logger" and stores it at "pLevel". Only - * log entries whose log level is less than or equal to this maximum logging - * level will be logged. - * - * PARAMETERS: - * "logger" - * Address of Logger whose maximum logging level is to be stored. - * Must be non-NULL. - * "pLevel" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_GetMaxLoggingLevel( - PKIX_Logger *logger, - PKIX_UInt32 *pLevel, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_SetMaxLoggingLevel - * DESCRIPTION: - * - * Sets the maximum logging level of the Logger pointed to by "logger" with - * the integer value of "level". - * - * PARAMETERS: - * "logger" - * Address of Logger whose maximum logging level is to be set. - * Must be non-NULL. - * "level" - * Maximum logging level to be set - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "logger" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_SetMaxLoggingLevel( - PKIX_Logger *logger, - PKIX_UInt32 level, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_GetLoggingComponent - * DESCRIPTION: - * - * Retrieves a pointer to a String representing the logging component of the - * Logger pointed to by "logger" and stores it at "pComponent". Only log - * entries whose log component matches the specified logging component will - * be logged. - * - * PARAMETERS: - * "logger" - * Address of Logger whose logging component is to be stored. - * Must be non-NULL. - * "pComponent" - * Address where PKIXERRORNUM will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_GetLoggingComponent( - PKIX_Logger *logger, - PKIX_ERRORCLASS *pComponent, - void *plContext); - -/* - * FUNCTION: PKIX_Logger_SetLoggingComponent - * DESCRIPTION: - * - * Sets the logging component of the Logger pointed to by "logger" with the - * PKIXERRORNUM pointed to by "component". To match a small set of components, - * create a Logger for each. - * - * PARAMETERS: - * "logger" - * Address of Logger whose logging component is to be set. - * Must be non-NULL. - * "component" - * PKIXERRORNUM value representing logging component to be set. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "logger" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Logger_SetLoggingComponent( - PKIX_Logger *logger, - PKIX_ERRORCLASS component, - void *plContext); - -/* - * FUNCTION: PKIX_GetLoggers - * DESCRIPTION: - * - * Retrieves a pointer to the List of Loggers (if any) being used for logging - * by libpkix and stores it at "pLoggers". If no loggers are being used, this - * function stores an empty List at "pLoggers". - * - * Note that the List returned by this function is immutable. - * - * PARAMETERS: - * "pLoggers" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_GetLoggers( - PKIX_List **pLoggers, /* list of PKIX_Logger */ - void *plContext); - -/* - * FUNCTION: PKIX_SetLoggers - * DESCRIPTION: - * - * Sets the Loggers to be used by libpkix to the List of Loggers pointed to - * by "loggers". If "loggers" is NULL, no Loggers will be used. - * - * PARAMETERS: - * "loggers" - * Address of List of Loggers to be set. NULL for no Loggers. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_SetLoggers( - PKIX_List *loggers, /* list of PKIX_Logger */ - void *plContext); - -/* - * FUNCTION: PKIX_AddLogger - * DESCRIPTION: - * - * Adds the Logger pointed to by "logger" to the List of Loggers used by - * libpkix. - * - * PARAMETERS: - * "logger" - * Address of Logger to be added. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Logger Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_AddLogger( - PKIX_Logger *logger, - void *plContext); - -/* Functions pertaining to the PKIX_Error type */ - -/* Error - * - * An Error object is returned by a function upon encountering some error - * condition. Each Error is associated with an errorCode specified in pkixt.h. - * The remaining components of an Error are optional. An Error's description - * specifies a text message describing the Error. An Error's supplementary info - * specifies additional information that might be useful. Finally, an Error's - * cause specifies the underlying Error (if any) that resulted in this Error - * being returned, thereby allowing Errors to be chained so that an entire - * "error stack trace" can be represented. Once created, an Error is immutable. - * - * Note that the Error's supplementary info must be an Object (although any - * object type), allowing it to be reference-counted and allowing it to - * provide the standard Object functions (Equals, Hashcode, ToString, Compare, - * Duplicate). - * - * Errors are classified as either being fatal or non-fatal. If a function - * fails in an unrecoverable way, it returns an Error whose errorCode is - * PKIX_FATAL_ERROR. If such an error is encountered, the caller should - * not attempt to recover since something seriously wrong has happened - * (e.g. corrupted memory, memory finished, etc.). All other errorCodes - * are considered non-fatal errors and can be handled by the caller as they - * see fit. - */ - -/* - * FUNCTION: PKIX_Error_Create - * DESCRIPTION: - * - * Creates a new Error using the value of "errorCode", the Error pointed to by - * "cause" (if any), the Object pointed to by "info" (if any), and the String - * pointed to by "desc" and stores it at "pError". If any error occurs during - * error allocation, it will be returned without chaining, since new errors - * cannot be created. Once created, an Error is immutable. - * - * PARAMETERS: - * "errorCode" - * Value of error code. - * "cause" - * Address of Error representing error's cause. - * NULL if none or unspecified. - * "info" - * Address of Object representing error's supplementary information. - * NULL if none. - * "desc" - * Address of String representing error's description. NULL if none. - * "pError" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Error Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Error_Create( - PKIX_ERRORCLASS errClass, - PKIX_Error *cause, - PKIX_PL_Object *info, - PKIX_ERRORCODE errCode, - PKIX_Error **pError, - void *plContext); - -/* - * FUNCTION: PKIX_Error_GetErrorClass - * DESCRIPTION: - * - * Retrieves the error class of the Error pointed to by "error" and - * stores it at "pClass". Supported error codes are defined in pkixt.h. - * - * PARAMETERS: - * "error" - * Address of Error whose error code is desired. Must be non-NULL. - * "pClass" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Error Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Error_GetErrorClass( - PKIX_Error *error, - PKIX_ERRORCLASS *pClass, - void *plContext); - -/* - * FUNCTION: PKIX_Error_GetErrorCode - * DESCRIPTION: - * - * Retrieves the error code of the Error pointed to by "error" and - * stores it at "pCode". Supported error codes are defined in pkixt.h. - * - * PARAMETERS: - * "error" - * Address of Error whose error code is desired. Must be non-NULL. - * "pCode" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Error Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Error_GetErrorCode( - PKIX_Error *error, - PKIX_ERRORCODE *pCode, - void *plContext); - -/* - * FUNCTION: PKIX_Error_GetCause - * DESCRIPTION: - * - * Retrieves the cause of the Error pointed to by "error" and stores it at - * "pCause". If no cause was specified, NULL will be stored at "pCause". - * - * PARAMETERS: - * "error" - * Address of Error whose cause is desired. Must be non-NULL. - * "pCause" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Error Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Error_GetCause( - PKIX_Error *error, - PKIX_Error **pCause, - void *plContext); - -/* - * FUNCTION: PKIX_Error_GetSupplementaryInfo - * DESCRIPTION: - * - * Retrieves the supplementary info of the Error pointed to by "error" and - * stores it at "pInfo". - * - * PARAMETERS: - * "error" - * Address of Error whose info is desired. Must be non-NULL. - * "pInfo" - * Address where info pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Error Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Error_GetSupplementaryInfo( - PKIX_Error *error, - PKIX_PL_Object **pInfo, - void *plContext); - -/* - * FUNCTION: PKIX_Error_GetDescription - * DESCRIPTION: - * - * Retrieves the description of the Error pointed to by "error" and stores it - * at "pDesc". If no description was specified, NULL will be stored at - * "pDesc". - * - * PARAMETERS: - * "error" - * Address of Error whose description is desired. Must be non-NULL. - * "pDesc" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns an Error Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_Error_GetDescription( - PKIX_Error *error, - PKIX_PL_String **pDesc, - void *plContext); - -/* PKIX_List - * - * Represents a collection of items. NULL is considered a valid item. - */ - -/* - * FUNCTION: PKIX_List_Create - * DESCRIPTION: - * - * Creates a new List and stores it at "pList". The List is initially empty - * and holds no items. To initially add items to the List, use - * PKIX_List_AppendItem - * - * PARAMETERS: - * "pList" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_Create( - PKIX_List **pList, - void *plContext); - -/* - * FUNCTION: PKIX_List_SetImmutable - * DESCRIPTION: - * - * Sets the List pointed to by "list" to be immutable. If a caller tries to - * change a List after it has been marked immutable (i.e. by calling - * PKIX_List_AppendItem, PKIX_List_InsertItem, PKIX_List_SetItem, or - * PKIX_List_DeleteItem), an Error is returned. - * - * PARAMETERS: - * "list" - * Address of List to be marked immutable. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "list" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_SetImmutable( - PKIX_List *list, - void *plContext); - -/* - * FUNCTION: PKIX_List_IsImmutable - * DESCRIPTION: - * - * Checks whether the List pointed to by "list" is immutable and stores - * the Boolean result at "pImmutable". If a caller tries to change a List - * after it has been marked immutable (i.e. by calling PKIX_List_AppendItem, - * PKIX_List_InsertItem, PKIX_List_SetItem, or PKIX_List_DeleteItem), an - * Error is returned. - * - * PARAMETERS: - * "list" - * Address of List whose immutability is to be determined. - * Must be non-NULL. - * "pImmutable" - * Address where PKIX_Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_IsImmutable( - PKIX_List *list, - PKIX_Boolean *pImmutable, - void *plContext); - -/* - * FUNCTION: PKIX_List_GetLength - * DESCRIPTION: - * - * Retrieves the length of the List pointed to by "list" and stores it at - * "pLength". - * - * PARAMETERS: - * "list" - * Address of List whose length is desired. Must be non-NULL. - * "pLength" - * Address where PKIX_UInt32 will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_GetLength( - PKIX_List *list, - PKIX_UInt32 *pLength, - void *plContext); - -/* - * FUNCTION: PKIX_List_IsEmpty - * DESCRIPTION: - * - * Checks whether the List pointed to by "list" is empty and stores - * the Boolean result at "pEmpty". - * - * PARAMETERS: - * "list" - * Address of List whose emptiness is to be determined. Must be non-NULL. - * "pEmpty" - * Address where PKIX_Boolean will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_IsEmpty( - PKIX_List *list, - PKIX_Boolean *pEmpty, - void *plContext); - -/* - * FUNCTION: PKIX_List_AppendItem - * DESCRIPTION: - * - * Appends the Object pointed to by "item" after the last non-NULL item in - * List pointed to by "list", if any. Note that a List may validly contain - * NULL items. Appending "c" into the List ("a", NULL, "b", NULL) will result - * in ("a", NULL, "b", "c"). - * - * PARAMETERS: - * "list" - * Address of List to append to. Must be non-NULL. - * "item" - * Address of new item to append. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "list" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_AppendItem( - PKIX_List *list, - PKIX_PL_Object *item, - void *plContext); - -/* - * FUNCTION: PKIX_List_InsertItem - * DESCRIPTION: - * - * Inserts the Object pointed to by "item" into the List pointed to by "list" - * at the given "index". The index counts from zero and must be less than the - * List's length. Existing list entries at or after this index will be moved - * to the next highest index. - * - * XXX why not allow equal to length which would be equivalent to AppendItem? - * - * PARAMETERS: - * "list" - * Address of List to insert into. Must be non-NULL. - * "index" - * Position to insert into. Must be less than List's length. - * "item" - * Address of new item to append. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "list" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_InsertItem( - PKIX_List *list, - PKIX_UInt32 index, - PKIX_PL_Object *item, - void *plContext); - -/* - * FUNCTION: PKIX_List_GetItem - * DESCRIPTION: - * - * Copies the "list"'s item at "index" into "pItem". The index counts from - * zero and must be less than the list's length. Increments the reference - * count on the returned object, if non-NULL. - * - * PARAMETERS: - * "list" - * Address of List to get item from. Must be non-NULL. - * "index" - * Index of list to get item from. Must be less than List's length. - * "pItem" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_GetItem( - PKIX_List *list, - PKIX_UInt32 index, - PKIX_PL_Object **pItem, - void *plContext); - -/* - * FUNCTION: PKIX_List_SetItem - * DESCRIPTION: - * - * Sets the item at "index" of the List pointed to by "list" with the Object - * pointed to by "item". The index counts from zero and must be less than the - * List's length. The previous entry at this index will have its reference - * count decremented and the new entry will have its reference count - * incremented. - * - * PARAMETERS: - * "list" - * Address of List to modify. Must be non-NULL. - * "index" - * Position in List to set. Must be less than List's length. - * "item" - * Address of Object to set at "index". - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "list" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_SetItem( - PKIX_List *list, - PKIX_UInt32 index, - PKIX_PL_Object *item, - void *plContext); - -/* - * FUNCTION: PKIX_List_DeleteItem - * - * Deletes the item at "index" from the List pointed to by "list". The index - * counts from zero and must be less than the List's length. Note that this - * function does not destroy the List. It simply decrements the reference - * count of the item at "index" in the List, deletes that item from the list - * and moves all subsequent entries to a lower index in the list. If there is - * only a single element in the List and that element is deleted, then the - * List will be empty. - * - * PARAMETERS: - * "list" - * Address of List to delete from. Must be non-NULL. - * "index" - * Position in List to delete. Must be less than List's length. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Not Thread Safe - assumes exclusive access to "list" - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_DeleteItem( - PKIX_List *list, - PKIX_UInt32 index, - void *plContext); - -/* - * FUNCTION: PKIX_List_ReverseList - * DESCRIPTION: - * - * Creates a new List whose elements are in the reverse order as the elements - * of the Object pointed to by "list" and stores the copy at "pReversedList". - * If "list" is empty, the new reversed List will be a copy of "list". - * Changes to the new object will not affect the original and vice versa. - * - * PARAMETERS: - * "list" - * Address of List whose elements are to be reversed. Must be non-NULL. - * "pReversedList" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -PKIX_List_ReverseList( - PKIX_List *list, - PKIX_List **pReversedList, - void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_UTIL_H */ diff --git a/security/nss/lib/libpkix/include/pkixt.h b/security/nss/lib/libpkix/include/pkixt.h deleted file mode 100755 index 2caa0d3a8..000000000 --- a/security/nss/lib/libpkix/include/pkixt.h +++ /dev/null @@ -1,518 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * Red Hat, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * This file defines the types in the libpkix API. - * XXX Maybe we should specify the API version number in all API header files - * - */ - -#ifndef _PKIXT_H -#define _PKIXT_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "secerr.h" - -/* Types - * - * This header file provides typedefs for the abstract types used by libpkix. - * It also provides several useful macros. - * - * Note that all these abstract types are typedef'd as opaque structures. This - * is intended to discourage the caller from looking at the contents directly, - * since the format of the contents may change from one version of the library - * to the next. Instead, callers should only access these types using the - * functions defined in the public header files. - * - * An instance of an abstract type defined in this file is called an "object" - * here, although C does not have real support for objects. - * - * Because C does not typically have automatic garbage collection, the caller - * is expected to release the reference to any object that they create or that - * is returned to them by a libpkix function. The caller should do this by - * using the PKIX_PL_Object_DecRef function. Note that the caller should not - * release the reference to an object if the object has been passed to a - * libpkix function and that function has not returned. - * - * Please refer to libpkix Programmer's Guide for more details. - */ - -/* Version - * - * These macros specify the major and minor version of the libpkix API defined - * by this header file. - */ - -#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0) -#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3) - -/* Maximum minor version - * - * This macro is used to specify that the caller wants the largest minor - * version available. - */ - -#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000) - -/* Define Cert Store type for database access */ -#define PKIX_STORE_TYPE_NONE 0 -#define PKIX_STORE_TYPE_PK11 1 - -/* Portable Code (PC) data types - * - * These types are used to perform the primary operations of this library: - * building and validating chains of X.509 certificates. - */ - -typedef struct PKIX_ErrorStruct PKIX_Error; -typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams; -typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams; -typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult; -typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits; -typedef struct PKIX_BuildResultStruct PKIX_BuildResult; -typedef struct PKIX_CertStoreStruct PKIX_CertStore; -typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker; -typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker; -typedef struct PKIX_CertSelectorStruct PKIX_CertSelector; -typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector; -typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams; -typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams; -typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor; -typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode; -typedef struct PKIX_LoggerStruct PKIX_Logger; -typedef struct PKIX_ListStruct PKIX_List; -typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState; -typedef struct PKIX_DefaultRevocationCheckerStruct - PKIX_DefaultRevocationChecker; -typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode; - -/* Portability Layer (PL) data types - * - * These types are used are used as portable data types that are defined - * consistently across platforms - */ - -typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext; -typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object; -typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray; -typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable; -typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex; -typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock; -typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock; -typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt; -typedef struct PKIX_PL_StringStruct PKIX_PL_String; -typedef struct PKIX_PL_OIDStruct PKIX_PL_OID; -typedef struct PKIX_PL_CertStruct PKIX_PL_Cert; -typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName; -typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name; -typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey; -typedef struct PKIX_PL_DateStruct PKIX_PL_Date; -typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints; -typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints; -typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies; -typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo; -typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier; -typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap; -typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL; -typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry; -typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore; -typedef struct PKIX_PL_CollectionCertStoreContext - PKIX_PL_CollectionCertStoreContext; -typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext; -typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest; -typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse; -typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient; -typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket; -typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess; -typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr; -typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID; -typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest; -typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse; -typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient; -typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient; -typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext; - -/* Primitive types - * - * In order to guarantee desired behavior as well as platform-independence, we - * typedef these types depending on the platform. XXX This needs more work! - */ - -/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32. - * We don't know what type is at least 32 bits long. ISO C probably requires - * at least 32 bits for long. we could default to that and only list platforms - * where that's not true. - * - * #elif - * #error - * #endif - */ - -/* currently, int is 32 bits on all our supported platforms */ - -typedef unsigned int PKIX_UInt32; -typedef int PKIX_Int32; - -typedef int PKIX_Boolean; - -/* Object Types - * - * Every reference-counted PKIX_PL_Object is associated with an integer type. - */ -#define PKIX_TYPES \ - TYPEMACRO(AIAMGR), \ - TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \ - TYPEMACRO(BIGINT), \ - TYPEMACRO(BUILDRESULT), \ - TYPEMACRO(BYTEARRAY), \ - TYPEMACRO(CERT), \ - TYPEMACRO(CERTBASICCONSTRAINTS), \ - TYPEMACRO(CERTCHAINCHECKER), \ - TYPEMACRO(CERTNAMECONSTRAINTS), \ - TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \ - TYPEMACRO(CERTPOLICYCHECKERSTATE), \ - TYPEMACRO(CERTPOLICYINFO), \ - TYPEMACRO(CERTPOLICYMAP), \ - TYPEMACRO(CERTPOLICYNODE), \ - TYPEMACRO(CERTPOLICYQUALIFIER), \ - TYPEMACRO(CERTSELECTOR), \ - TYPEMACRO(CERTSTORE), \ - TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \ - TYPEMACRO(COMCERTSELPARAMS), \ - TYPEMACRO(COMCRLSELPARAMS), \ - TYPEMACRO(CRL), \ - TYPEMACRO(CRLDP), \ - TYPEMACRO(CRLENTRY), \ - TYPEMACRO(CRLSELECTOR), \ - TYPEMACRO(DATE), \ - TYPEMACRO(CRLCHECKER), \ - TYPEMACRO(EKUCHECKER), \ - TYPEMACRO(ERROR), \ - TYPEMACRO(FORWARDBUILDERSTATE), \ - TYPEMACRO(GENERALNAME), \ - TYPEMACRO(HASHTABLE), \ - TYPEMACRO(HTTPCERTSTORECONTEXT), \ - TYPEMACRO(HTTPDEFAULTCLIENT), \ - TYPEMACRO(INFOACCESS), \ - TYPEMACRO(LDAPDEFAULTCLIENT), \ - TYPEMACRO(LDAPREQUEST), \ - TYPEMACRO(LDAPRESPONSE), \ - TYPEMACRO(LIST), \ - TYPEMACRO(LOGGER), \ - TYPEMACRO(MONITORLOCK), \ - TYPEMACRO(MUTEX), \ - TYPEMACRO(OBJECT), \ - TYPEMACRO(OCSPCERTID), \ - TYPEMACRO(OCSPCHECKER), \ - TYPEMACRO(OCSPREQUEST), \ - TYPEMACRO(OCSPRESPONSE), \ - TYPEMACRO(OID), \ - TYPEMACRO(REVOCATIONCHECKER), \ - TYPEMACRO(PROCESSINGPARAMS), \ - TYPEMACRO(PUBLICKEY), \ - TYPEMACRO(RESOURCELIMITS), \ - TYPEMACRO(RWLOCK), \ - TYPEMACRO(SIGNATURECHECKERSTATE), \ - TYPEMACRO(SOCKET), \ - TYPEMACRO(STRING), \ - TYPEMACRO(TARGETCERTCHECKERSTATE), \ - TYPEMACRO(TRUSTANCHOR), \ - TYPEMACRO(VALIDATEPARAMS), \ - TYPEMACRO(VALIDATERESULT), \ - TYPEMACRO(VERIFYNODE), \ - TYPEMACRO(X500NAME) - -#define TYPEMACRO(type) PKIX_ ## type ## _TYPE - -typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */ - PKIX_TYPES, - PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */ -} PKIX_TYPENUM; - - -#ifdef PKIX_USER_OBJECT_TYPE - -/* User Define Object Types - * - * User may define their own object types offset from PKIX_USER_OBJECT_TYPE - */ -#define PKIX_USER_OBJECT_TYPEBASE 1000 - -#endif /* PKIX_USER_OBJECT_TYPE */ - -/* Error Codes - * - * This list is used to define a set of PKIX_Error exception class numbers. - * ERRMACRO is redefined to produce a corresponding set of - * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in - * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then - * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is - * initialized in pkix_error.c with the value "MUTEX". - */ -#define PKIX_ERRORCLASSES \ - ERRMACRO(AIAMGR), \ - ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \ - ERRMACRO(BIGINT), \ - ERRMACRO(BUILD), \ - ERRMACRO(BUILDRESULT), \ - ERRMACRO(BYTEARRAY), \ - ERRMACRO(CERT), \ - ERRMACRO(CERTBASICCONSTRAINTS), \ - ERRMACRO(CERTCHAINCHECKER), \ - ERRMACRO(CERTNAMECONSTRAINTS), \ - ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \ - ERRMACRO(CERTPOLICYCHECKERSTATE), \ - ERRMACRO(CERTPOLICYINFO), \ - ERRMACRO(CERTPOLICYMAP), \ - ERRMACRO(CERTPOLICYNODE), \ - ERRMACRO(CERTPOLICYQUALIFIER), \ - ERRMACRO(CERTSELECTOR), \ - ERRMACRO(CERTSTORE), \ - ERRMACRO(CERTVFYPKIX), \ - ERRMACRO(COLLECTIONCERTSTORECONTEXT), \ - ERRMACRO(COMCERTSELPARAMS), \ - ERRMACRO(COMCRLSELPARAMS), \ - ERRMACRO(CONTEXT), \ - ERRMACRO(CRL), \ - ERRMACRO(CRLDP), \ - ERRMACRO(CRLENTRY), \ - ERRMACRO(CRLSELECTOR), \ - ERRMACRO(CRLCHECKER), \ - ERRMACRO(DATE), \ - ERRMACRO(EKUCHECKER), \ - ERRMACRO(ERROR), \ - ERRMACRO(FATAL), \ - ERRMACRO(FORWARDBUILDERSTATE), \ - ERRMACRO(GENERALNAME), \ - ERRMACRO(HASHTABLE), \ - ERRMACRO(HTTPCERTSTORECONTEXT), \ - ERRMACRO(HTTPDEFAULTCLIENT), \ - ERRMACRO(INFOACCESS), \ - ERRMACRO(LDAPCLIENT), \ - ERRMACRO(LDAPDEFAULTCLIENT), \ - ERRMACRO(LDAPREQUEST), \ - ERRMACRO(LDAPRESPONSE), \ - ERRMACRO(LIFECYCLE), \ - ERRMACRO(LIST), \ - ERRMACRO(LOGGER), \ - ERRMACRO(MEM), \ - ERRMACRO(MONITORLOCK), \ - ERRMACRO(MUTEX), \ - ERRMACRO(OBJECT), \ - ERRMACRO(OCSPCERTID), \ - ERRMACRO(OCSPCHECKER), \ - ERRMACRO(OCSPREQUEST), \ - ERRMACRO(OCSPRESPONSE), \ - ERRMACRO(OID), \ - ERRMACRO(PROCESSINGPARAMS), \ - ERRMACRO(PUBLICKEY), \ - ERRMACRO(RESOURCELIMITS), \ - ERRMACRO(REVOCATIONMETHOD), \ - ERRMACRO(REVOCATIONCHECKER), \ - ERRMACRO(RWLOCK), \ - ERRMACRO(SIGNATURECHECKERSTATE), \ - ERRMACRO(SOCKET), \ - ERRMACRO(STRING), \ - ERRMACRO(TARGETCERTCHECKERSTATE), \ - ERRMACRO(TRUSTANCHOR), \ - ERRMACRO(USERDEFINEDMODULES), \ - ERRMACRO(VALIDATE), \ - ERRMACRO(VALIDATEPARAMS), \ - ERRMACRO(VALIDATERESULT), \ - ERRMACRO(VERIFYNODE), \ - ERRMACRO(X500NAME) - -#define ERRMACRO(type) PKIX_ ## type ## _ERROR - -typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */ - PKIX_ERRORCLASSES, - PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */ -} PKIX_ERRORCLASS; - -/* Now define error strings (for internationalization) */ - -#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name - -/* Define all the error numbers */ -typedef enum { -#include "pkix_errorstrings.h" -} PKIX_ERRORCODE; - -extern const char * const PKIX_ErrorText[]; - -/* String Formats - * - * These formats specify supported encoding formats for Strings. - */ - -#define PKIX_ESCASCII 0 -#define PKIX_UTF8 1 -#define PKIX_UTF16 2 -#define PKIX_UTF8_NULL_TERM 3 -#define PKIX_ESCASCII_DEBUG 4 - -/* Name Types - * - * These types specify supported formats for GeneralNames. - */ - -#define PKIX_OTHER_NAME 1 -#define PKIX_RFC822_NAME 2 -#define PKIX_DNS_NAME 3 -#define PKIX_X400_ADDRESS 4 -#define PKIX_DIRECTORY_NAME 5 -#define PKIX_EDIPARTY_NAME 6 -#define PKIX_URI_NAME 7 -#define PKIX_IP_NAME 8 -#define PKIX_OID_NAME 9 - -/* Key Usages - * - * These types specify supported Key Usages - */ - -#define PKIX_DIGITAL_SIGNATURE 0x001 -#define PKIX_NON_REPUDIATION 0x002 -#define PKIX_KEY_ENCIPHERMENT 0x004 -#define PKIX_DATA_ENCIPHERMENT 0x008 -#define PKIX_KEY_AGREEMENT 0x010 -#define PKIX_KEY_CERT_SIGN 0x020 -#define PKIX_CRL_SIGN 0x040 -#define PKIX_ENCIPHER_ONLY 0x080 -#define PKIX_DECIPHER_ONLY 0x100 - -/* Reason Flags - * - * These macros specify supported Reason Flags - */ - -#define PKIX_UNUSED 0x001 -#define PKIX_KEY_COMPROMISE 0x002 -#define PKIX_CA_COMPROMISE 0x004 -#define PKIX_AFFILIATION_CHANGED 0x008 -#define PKIX_SUPERSEDED 0x010 -#define PKIX_CESSATION_OF_OPERATION 0x020 -#define PKIX_CERTIFICATE_HOLD 0x040 -#define PKIX_PRIVILEGE_WITHDRAWN 0x080 -#define PKIX_AA_COMPROMISE 0x100 - -/* Boolean values - * - * These macros specify the Boolean values of TRUE and FALSE - * XXX Is it the case that any non-zero value is actually considered TRUE - * and this is just a convenient mnemonic macro? - */ - -#define PKIX_TRUE ((PKIX_Boolean) 1) -#define PKIX_FALSE ((PKIX_Boolean) 0) - -/* - * Define constants for basic constraints selector - * (see comments in pkix_certsel.h) - */ - -#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2) -#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1) - -/* - * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o - * object file. It is thrown if system memory cannot be allocated or may be - * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable. - * IncRef, DecRef and all Settor functions cannot be called. - * XXX Does anyone actually need to know about this? - * XXX Why no DecRef? Would be good to handle it the same. - */ - -PKIX_Error* PKIX_ALLOC_ERROR(void); - -/* - * In a CertBasicConstraints extension, if the CA flag is set, - * indicating the certificate refers to a Certification - * Authority, then the pathLen field indicates how many intermediate - * certificates (not counting self-signed ones) can exist in a valid - * chain following this certificate. If the pathLen has the value - * of this constant, then the length of the chain is unlimited - */ -#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1) - -/* - * Define Certificate Extension hard-coded OID's - */ -#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN -#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE -#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME -#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS -#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE -#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS -#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES -#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY -#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS -#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS -#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE -#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY -#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE -#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH -#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH -#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN -#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT -#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP -#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER - - -/* Available revocation method types. */ -typedef enum PKIX_RevocationMethodTypeEnum { - PKIX_RevocationMethod_CRL = 0, - PKIX_RevocationMethod_OCSP, - PKIX_RevocationMethod_MAX -} PKIX_RevocationMethodType; - -/* A set of statuses revocation checker operates on */ -typedef enum PKIX_RevocationStatusEnum { - PKIX_RevStatus_NoInfo = 0, - PKIX_RevStatus_Revoked, - PKIX_RevStatus_Success -} PKIX_RevocationStatus; - - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIXT_H */ |