1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * This file defines functions associated with the PKIX_CertStore type. 6 * 7 */ 8 9 #ifndef _PKIX_CERTSTORE_H 10 #define _PKIX_CERTSTORE_H 11 12 #include "pkixt.h" 13 #include "certt.h" 14 15 #ifdef __cplusplus 16 extern "C" { 17 #endif 18 19 /* General 20 * 21 * Please refer to the libpkix Programmer's Guide for detailed information 22 * about how to use the libpkix library. Certain key warnings and notices from 23 * that document are repeated here for emphasis. 24 * 25 * All identifiers in this file (and all public identifiers defined in 26 * libpkix) begin with "PKIX_". Private identifiers only intended for use 27 * within the library begin with "pkix_". 28 * 29 * A function returns NULL upon success, and a PKIX_Error pointer upon failure. 30 * 31 * Unless otherwise noted, for all accessor (gettor) functions that return a 32 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a 33 * shared object. Therefore, the caller should treat this shared object as 34 * read-only and should not modify this shared object. When done using the 35 * shared object, the caller should release the reference to the object by 36 * using the PKIX_PL_Object_DecRef function. 37 * 38 * While a function is executing, if its arguments (or anything referred to by 39 * its arguments) are modified, free'd, or destroyed, the function's behavior 40 * is undefined. 41 * 42 */ 43 44 /* PKIX_CertStore 45 * 46 * A PKIX_CertStore provides a standard way for the caller to retrieve 47 * certificates and CRLs from a particular repository (or "store") of 48 * certificates and CRLs, including LDAP directories, flat files, local 49 * databases, etc. The CertCallback allows custom certificate retrieval logic 50 * to be used while the CRLCallback allows custom CRL retrieval logic to be 51 * used. Additionally, a CertStore can be initialized with a certStoreContext, 52 * which is where the caller can specify configuration data such as the host 53 * name of an LDAP server. Note that this certStoreContext must be an 54 * Object (although any object type), allowing it to be reference-counted and 55 * allowing it to provide the standard Object functions (Equals, Hashcode, 56 * ToString, Compare, Duplicate). Please note that each certStoreContext must 57 * provide Equals and Hashcode functions in order for the caching (on Cert and 58 * CertChain) to work correctly. When providing those two functions, it is not 59 * required that all the components of the object be hashed or checked for 60 * equality, but merely that the functions distinguish between unique 61 * instances of the certStoreContext. 62 * 63 * Once the caller has created the CertStore object, the caller then specifies 64 * these CertStore objects in a ProcessingParams object and passes that object 65 * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the 66 * user's callback functions as needed during the validation or building 67 * process. 68 * 69 * The order of CertStores stored (as a list) at ProcessingParams determines 70 * the order in which certificates are retrieved. Trusted CertStores should 71 * precede non-trusted ones on the list of CertStores so their certificates 72 * are evaluated ahead of other certificates selected on the basis of the same 73 * selector criteria. 74 * 75 * The CheckTrustCallback function is used when the CertStore object 76 * supports trust status, which means a Cert's trust status can be altered 77 * dynamically. When a CertStore object is created, if the 78 * CheckTrustCallback is initialized to be non-NULL, this CertStore is 79 * defaulted as supporting trust. Then whenever a Cert needs to (re)check its 80 * trust status, this callback can be invoked. When a Cert is retrieved by 81 * a CertStore supports trust, at its GetCertCallback, the CertStore 82 * information should be updated in Cert's data structure so the link between 83 * the Cert and CertStore exists. 84 * 85 */ 86 87 /* 88 * FUNCTION: PKIX_CertStore_CertCallback 89 * DESCRIPTION: 90 * 91 * This callback function retrieves from the CertStore pointed to by "store" 92 * all the certificates that match the CertSelector pointed to by "selector". 93 * It places these certificates in a List and stores a pointer to the List at 94 * "pCerts". If no certificates are found which match the CertSelector's 95 * criteria, this function stores an empty List at "pCerts". In either case, if 96 * the operation is completed, NULL is stored at "pNBIOContext". 97 * 98 * A CertStore which uses non-blocking I/O may store platform-dependent 99 * information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is 100 * pending. A subsequent call to PKIX_CertStore_CertContinue is required to 101 * finish the operation and to obtain the List of Certs. 102 * 103 * Note that the List returned by this function is immutable. 104 * 105 * PARAMETERS: 106 * "store" 107 * Address of CertStore from which Certs are to be retrieved. 108 * Must be non-NULL. 109 * "selector" 110 * Address of CertSelector whose criteria must be satisfied. 111 * Must be non-NULL. 112 * "verifyNode" 113 * Parent log node for tracking of filtered out certs. 114 * "pNBIOContext" 115 * Address at which platform-dependent information is stored if the 116 * operation is suspended for non-blocking I/O. Must be non-NULL. 117 * "pCerts" 118 * Address where object pointer will be stored. Must be non-NULL. 119 * "plContext" 120 * Platform-specific context pointer. 121 * THREAD SAFETY: 122 * Thread Safe 123 * 124 * Multiple threads must be able to safely call this function without 125 * worrying about conflicts, even if they're operating on the same object. 126 * RETURNS: 127 * Returns NULL if the function succeeds. 128 * Returns a CertStore Error if the function fails in a non-fatal way. 129 * Returns a Fatal Error if the function fails in an unrecoverable way. 130 */ 131 typedef PKIX_Error * 132 (*PKIX_CertStore_CertCallback)( 133 PKIX_CertStore *store, 134 PKIX_CertSelector *selector, 135 PKIX_VerifyNode *verifyNode, 136 void **pNBIOContext, 137 PKIX_List **pCerts, /* list of PKIX_PL_Cert */ 138 void *plContext); 139 140 /* 141 * FUNCTION: PKIX_CertStore_CertContinue 142 * DESCRIPTION: 143 * 144 * This function continues the non-blocking operation initiated by an earlier 145 * call to the CertCallback function, for the CertStore pointed to by "store". 146 * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL 147 * value returned in "pNBIOContext") calling this function will return a fatal 148 * error. If the operation is completed the certificates found are placed in a 149 * List, a pointer to which is stored at "pCerts". If no certificates are found 150 * which match the CertSelector's criteria, this function stores an empty List 151 * at "pCerts". In either case, if the operation is completed, NULL is stored 152 * at "pNBIOContext". 153 * 154 * If non-blocking I/O is still pending this function stores platform-dependent 155 * information at "pNBIOContext" and NULL at "pCerts". A subsequent call to 156 * PKIX_CertStore_CertContinue is required to finish the operation and to 157 * obtain the List of Certs. 158 * 159 * Note that the List returned by this function is immutable. 160 * 161 * PARAMETERS: 162 * "store" 163 * Address of CertStore from which Certs are to be retrieved. 164 * Must be non-NULL. 165 * "selector" 166 * Address of CertSelector whose criteria must be satisfied. 167 * Must be non-NULL. 168 * "verifyNode" 169 * Parent log node for tracking of filtered out certs. 170 * "pNBIOContext" 171 * Address at which platform-dependent information is stored if the 172 * operation is suspended for non-blocking I/O. Must be non-NULL. 173 * "pCerts" 174 * Address where object pointer will be stored. Must be non-NULL. 175 * "plContext" 176 * Platform-specific context pointer. 177 * THREAD SAFETY: 178 * Thread Safe 179 * 180 * Multiple threads must be able to safely call this function without 181 * worrying about conflicts, even if they're operating on the same object. 182 * RETURNS: 183 * Returns NULL if the function succeeds. 184 * Returns a CertStore Error if the function fails in a non-fatal way. 185 * Returns a Fatal Error if the function fails in an unrecoverable way. 186 */ 187 PKIX_Error * 188 PKIX_CertStore_CertContinue( 189 PKIX_CertStore *store, 190 PKIX_CertSelector *selector, 191 PKIX_VerifyNode *verifyNode, 192 void **pNBIOContext, 193 PKIX_List **pCerts, /* list of PKIX_PL_Cert */ 194 void *plContext); 195 196 typedef PKIX_Error * 197 (*PKIX_CertStore_CertContinueFunction)( 198 PKIX_CertStore *store, 199 PKIX_CertSelector *selector, 200 PKIX_VerifyNode *verifyNode, 201 void **pNBIOContext, 202 PKIX_List **pCerts, /* list of PKIX_PL_Cert */ 203 void *plContext); 204 205 /* 206 * FUNCTION: PKIX_CertStore_CRLCallback 207 * DESCRIPTION: 208 * 209 * This callback function retrieves from the CertStore pointed to by "store" 210 * all the CRLs that match the CRLSelector pointed to by "selector". It 211 * places these CRLs in a List and stores a pointer to the List at "pCRLs". 212 * If no CRLs are found which match the CRLSelector's criteria, this function 213 * stores an empty List at "pCRLs". In either case, if the operation is 214 * completed, NULL is stored at "pNBIOContext". 215 * 216 * A CertStore which uses non-blocking I/O may store platform-dependent 217 * information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is 218 * pending. A subsequent call to PKIX_CertStore_CRLContinue is required to 219 * finish the operation and to obtain the List of Crls. 220 * 221 * Note that the List returned by this function is immutable. 222 * 223 * PARAMETERS: 224 * "store" 225 * Address of CertStore from which CRLs are to be retrieved. 226 * Must be non-NULL. 227 * "selector" 228 * Address of CRLSelector whose criteria must be satisfied. 229 * Must be non-NULL. 230 * "pCrls" 231 * Address where object pointer will be stored. Must be non-NULL. 232 * "plContext" 233 * Platform-specific context pointer. 234 * THREAD SAFETY: 235 * Thread Safe 236 * 237 * Multiple threads must be able to safely call this function without 238 * worrying about conflicts, even if they're operating on the same object. 239 * RETURNS: 240 * Returns NULL if the function succeeds. 241 * Returns a CertStore Error if the function fails in a non-fatal way. 242 * Returns a Fatal Error if the function fails in an unrecoverable way. 243 */ 244 typedef PKIX_Error * 245 (*PKIX_CertStore_CRLCallback)( 246 PKIX_CertStore *store, 247 PKIX_CRLSelector *selector, 248 void **pNBIOContext, 249 PKIX_List **pCrls, /* list of PKIX_PL_CRL */ 250 void *plContext); 251 252 /* 253 * FUNCTION: PKIX_CertStore_ImportCrlCallback 254 * DESCRIPTION: 255 * 256 * The function imports crl list into a cert store. Stores that 257 * have local cache may only have that function defined. 258 * 259 * PARAMETERS: 260 * "store" 261 * Address of CertStore from which CRLs are to be retrieved. 262 * Must be non-NULL. 263 * "issuerName" 264 * Name of the issuer that will be used to track bad der crls. 265 * "crlList" 266 * Address on the importing crl list. 267 * "plContext" 268 * Platform-specific context pointer. 269 * THREAD SAFETY: 270 * Thread Safe 271 * 272 * Multiple threads must be able to safely call this function without 273 * worrying about conflicts, even if they're operating on the same object. 274 * RETURNS: 275 * Returns NULL if the function succeeds. 276 * Returns a CertStore Error if the function fails in a non-fatal way. 277 * Returns a Fatal Error if the function fails in an unrecoverable way. 278 */ 279 typedef PKIX_Error * 280 (*PKIX_CertStore_ImportCrlCallback)( 281 PKIX_CertStore *store, 282 PKIX_PL_X500Name *issuerName, 283 PKIX_List *crlList, 284 void *plContext); 285 286 /* 287 * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback 288 * DESCRIPTION: 289 * 290 * The function checks revocation status of a cert with specified 291 * issuer, date. It returns revocation status of a cert and 292 * a reason code(if any) if a cert was revoked. 293 * 294 * PARAMETERS: 295 * "store" 296 * Address of CertStore from which CRLs are to be retrieved. 297 * Must be non-NULL. 298 * "cert" 299 * Certificate which revocation status will be checked. 300 * "issuer" 301 * Issuer certificate of the "crl". 302 * "date" 303 * Date of the revocation check. 304 * "crlDownloadDone" 305 * Indicates, that all needed crl downloads are done by the time of 306 * the revocation check. 307 * "reasonCode" 308 * If cert is revoked, returned reason code for which a cert was revoked. 309 * "revStatus" 310 * Returned revocation status of the cert. See PKIX_RevocationStatus 311 * for more details 312 * "plContext" 313 * Platform-specific context pointer. 314 * THREAD SAFETY: 315 * Thread Safe 316 * 317 * Multiple threads must be able to safely call this function without 318 * worrying about conflicts, even if they're operating on the same object. 319 * RETURNS: 320 * Returns NULL if the function succeeds. 321 * Returns a CertStore Error if the function fails in a non-fatal way. 322 * Returns a Fatal Error if the function fails in an unrecoverable way. 323 */ 324 typedef PKIX_Error * 325 (*PKIX_CertStore_CheckRevokationByCrlCallback)( 326 PKIX_CertStore *store, 327 PKIX_PL_Cert *cert, 328 PKIX_PL_Cert *issuer, 329 PKIX_PL_Date *date, 330 PKIX_Boolean crlDownloadDone, 331 CERTCRLEntryReasonCode *reasonCode, 332 PKIX_RevocationStatus *revStatus, 333 void *plContext); 334 335 /* 336 * FUNCTION: PKIX_CertStore_CrlContinue 337 * DESCRIPTION: 338 * 339 * This function continues the non-blocking operation initiated by an earlier 340 * call to the CRLCallback function, for the CertStore pointed to by "store". 341 * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL 342 * value returned in "pNBIOContext") calling this function will return a fatal 343 * error. If the operation is completed the crls found are placed in a List, a 344 * pointer to which is stored at "pCrls". If no crls are found which match the 345 * CRLSelector's criteria, this function stores an empty List at "pCrls". In 346 * either case, if the operation is completed, NULL is stored at "pNBIOContext". 347 * 348 * If non-blocking I/O is still pending this function stores platform-dependent 349 * information at "pNBIOContext" and NULL at "pCrls". A subsequent call to 350 * PKIX_CertStore_CrlContinue is required to finish the operation and to 351 * obtain the List of Crls. 352 * 353 * Note that the List returned by this function is immutable. 354 * 355 * PARAMETERS: 356 * "store" 357 * Address of CertStore from which Crls are to be retrieved. 358 * Must be non-NULL. 359 * "selector" 360 * Address of CRLSelector whose criteria must be satisfied. 361 * Must be non-NULL. 362 * "pNBIOContext" 363 * Address at which platform-dependent information is stored if the 364 * operation is suspended for non-blocking I/O. Must be non-NULL. 365 * "pCrls" 366 * Address where object pointer will be stored. Must be non-NULL. 367 * "plContext" 368 * Platform-specific context pointer. 369 * THREAD SAFETY: 370 * Thread Safe 371 * 372 * Multiple threads must be able to safely call this function without 373 * worrying about conflicts, even if they're operating on the same object. 374 * RETURNS: 375 * Returns NULL if the function succeeds. 376 * Returns a CertStore Error if the function fails in a non-fatal way. 377 * Returns a Fatal Error if the function fails in an unrecoverable way. 378 */ 379 PKIX_Error * 380 PKIX_CertStore_CrlContinue( 381 PKIX_CertStore *store, 382 PKIX_CRLSelector *selector, 383 void **pNBIOContext, 384 PKIX_List **pCrls, /* list of PKIX_PL_CRL */ 385 void *plContext); 386 387 typedef PKIX_Error * 388 (*PKIX_CertStore_CrlContinueFunction)( 389 PKIX_CertStore *store, 390 PKIX_CRLSelector *selector, 391 void **pNBIOContext, 392 PKIX_List **pCrls, /* list of PKIX_PL_CRL */ 393 void *plContext); 394 395 /* 396 * FUNCTION: PKIX_CertStore_CheckTrustCallback 397 * DESCRIPTION: 398 * 399 * This callback function rechecks "cert's" trust status from the CertStore 400 * pointed to by "store". 401 * 402 * PARAMETERS: 403 * "store" 404 * Address of CertStore from which Certs are to be checked. 405 * Must be non-NULL. 406 * "cert" 407 * Address of Cert whose trust status needs to be rechecked. 408 * Must be non-NULL. 409 * "pTrusted" 410 * Address of PKIX_Boolean where the trust status is returned. 411 * Must be non-NULL. 412 * "plContext" 413 * Platform-specific context pointer. 414 * THREAD SAFETY: 415 * Thread Safe 416 * 417 * Multiple threads must be able to safely call this function without 418 * worrying about conflicts, even if they're operating on the same object. 419 * RETURNS: 420 * Returns NULL if the function succeeds. 421 * Returns a CertStore Error if the function fails in a non-fatal way. 422 * Returns a Fatal Error if the function fails in an unrecoverable way. 423 */ 424 typedef PKIX_Error * 425 (*PKIX_CertStore_CheckTrustCallback)( 426 PKIX_CertStore *store, 427 PKIX_PL_Cert *cert, 428 PKIX_Boolean *pTrusted, 429 void *plContext); 430 431 /* 432 * FUNCTION: PKIX_CertStore_Create 433 * DESCRIPTION: 434 * 435 * Creates a new CertStore and stores it at "pStore". The new CertStore uses 436 * the CertCallback pointed to by "certCallback" and the CRLCallback pointed 437 * to by "crlCallback" as its callback functions and uses the Object pointed 438 * to by "certStoreContext" as its context . Note that this certStoreContext 439 * must be an Object (although any object type), allowing it to be 440 * reference-counted and allowing it to provide the standard Object functions 441 * (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a 442 * CertStore object is immutable, although the underlying repository can 443 * change. For example, a CertStore will often be a front-end for a database 444 * or directory. The contents of that directory can change after the 445 * CertStore object is created, but the CertStore object remains immutable. 446 * 447 * PARAMETERS: 448 * "certCallback" 449 * The CertCallback function to be used. Must be non-NULL. 450 * "crlCallback" 451 * The CRLCallback function to be used. Must be non-NULL. 452 * "certContinue" 453 * The function to be used to resume a certCallback that returned with a 454 * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking 455 * I/O. 456 * "crlContinue" 457 * The function to be used to resume a crlCallback that returned with a 458 * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking 459 * I/O. 460 * "trustCallback" 461 * Address of PKIX_CertStore_CheckTrustCallback which is called to 462 * verify the trust status of Certs in this CertStore. 463 * "certStoreContext" 464 * Address of Object representing the CertStore's context (if any). 465 * "cachedFlag" 466 * If TRUE indicates data retrieved from CertStore should be cached. 467 * "localFlag" 468 * Boolean value indicating whether this CertStore is local. 469 * "pStore" 470 * Address where object pointer will be stored. Must be non-NULL. 471 * "plContext" 472 * Platform-specific context pointer. 473 * THREAD SAFETY: 474 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 475 * RETURNS: 476 * Returns NULL if the function succeeds. 477 * Returns a CertStore Error if the function fails in a non-fatal way. 478 * Returns a Fatal Error if the function fails in an unrecoverable way. 479 */ 480 PKIX_Error * 481 PKIX_CertStore_Create( 482 PKIX_CertStore_CertCallback certCallback, 483 PKIX_CertStore_CRLCallback crlCallback, 484 PKIX_CertStore_CertContinueFunction certContinue, 485 PKIX_CertStore_CrlContinueFunction crlContinue, 486 PKIX_CertStore_CheckTrustCallback trustCallback, 487 PKIX_CertStore_ImportCrlCallback importCrlCallback, 488 PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback, 489 PKIX_PL_Object *certStoreContext, 490 PKIX_Boolean cachedFlag, 491 PKIX_Boolean localFlag, 492 PKIX_CertStore **pStore, 493 void *plContext); 494 495 /* 496 * FUNCTION: PKIX_CertStore_GetCertCallback 497 * DESCRIPTION: 498 * 499 * Retrieves a pointer to "store's" Cert callback function and put it in 500 * "pCallback". 501 * 502 * PARAMETERS: 503 * "store" 504 * The CertStore whose Cert callback is desired. Must be non-NULL. 505 * "pCallback" 506 * Address where Cert callback function pointer will be stored. 507 * Must be non-NULL. 508 * "plContext" 509 * Platform-specific context pointer. 510 * THREAD SAFETY: 511 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 512 * RETURNS: 513 * Returns NULL if the function succeeds. 514 * Returns a Fatal Error if the function fails in an unrecoverable way. 515 */ 516 PKIX_Error * 517 PKIX_CertStore_GetCertCallback( 518 PKIX_CertStore *store, 519 PKIX_CertStore_CertCallback *pCallback, 520 void *plContext); 521 522 /* 523 * FUNCTION: PKIX_CertStore_GetCRLCallback 524 * DESCRIPTION: 525 * 526 * Retrieves a pointer to "store's" CRL callback function and put it in 527 * "pCallback". 528 * 529 * PARAMETERS: 530 * "store" 531 * The CertStore whose CRL callback is desired. Must be non-NULL. 532 * "pCallback" 533 * Address where CRL callback function pointer will be stored. 534 * Must be non-NULL. 535 * "plContext" 536 * Platform-specific context pointer. 537 * THREAD SAFETY: 538 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 539 * RETURNS: 540 * Returns NULL if the function succeeds. 541 * Returns a Fatal Error if the function fails in an unrecoverable way. 542 */ 543 PKIX_Error * 544 PKIX_CertStore_GetCRLCallback( 545 PKIX_CertStore *store, 546 PKIX_CertStore_CRLCallback *pCallback, 547 void *plContext); 548 549 /* 550 * FUNCTION: PKIX_CertStore_GetImportCrlCallback 551 * DESCRIPTION: 552 * 553 * Retrieves a pointer to "store's" Import CRL callback function and put it in 554 * "pCallback". 555 * 556 * PARAMETERS: 557 * "store" 558 * The CertStore whose CRL callback is desired. Must be non-NULL. 559 * "pCallback" 560 * Address where CRL callback function pointer will be stored. 561 * Must be non-NULL. 562 * "plContext" 563 * Platform-specific context pointer. 564 * THREAD SAFETY: 565 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 566 * RETURNS: 567 * Returns NULL if the function succeeds. 568 * Returns a Fatal Error if the function fails in an unrecoverable way. 569 */ 570 PKIX_Error * 571 PKIX_CertStore_GetImportCrlCallback( 572 PKIX_CertStore *store, 573 PKIX_CertStore_ImportCrlCallback *pCallback, 574 void *plContext); 575 576 /* 577 * FUNCTION: PKIX_CertStore_GetCheckRevByCrl 578 * DESCRIPTION: 579 * 580 * Retrieves a pointer to "store's" CRL revocation checker callback function 581 * and put it in "pCallback". 582 * 583 * PARAMETERS: 584 * "store" 585 * The CertStore whose CRL callback is desired. Must be non-NULL. 586 * "pCallback" 587 * Address where CRL callback function pointer will be stored. 588 * Must be non-NULL. 589 * "plContext" 590 * Platform-specific context pointer. 591 * THREAD SAFETY: 592 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 593 * RETURNS: 594 * Returns NULL if the function succeeds. 595 * Returns a Fatal Error if the function fails in an unrecoverable way. 596 */ 597 PKIX_Error * 598 PKIX_CertStore_GetCrlCheckerFn( 599 PKIX_CertStore *store, 600 PKIX_CertStore_CheckRevokationByCrlCallback *pCallback, 601 void *plContext); 602 603 /* 604 * FUNCTION: PKIX_CertStore_GetTrustCallback 605 * DESCRIPTION: 606 * 607 * Retrieves the function pointer to the CheckTrust callback function of the 608 * CertStore pointed to by "store" and stores it at "pCallback". 609 * 610 * PARAMETERS: 611 * "store" 612 * The CertStore whose CheckTrust callback is desired. Must be non-NULL. 613 * "pCallback" 614 * Address where CheckTrust callback function pointer will be stored. 615 * Must be non-NULL. 616 * "plContext" 617 * Platform-specific context pointer. 618 * THREAD SAFETY: 619 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 620 * RETURNS: 621 * Returns NULL if the function succeeds. 622 * Returns a Fatal Error if the function fails in an unrecoverable way. 623 */ 624 PKIX_Error * 625 PKIX_CertStore_GetTrustCallback( 626 PKIX_CertStore *store, 627 PKIX_CertStore_CheckTrustCallback *pCallback, 628 void *plContext); 629 630 /* 631 * FUNCTION: PKIX_CertStore_GetCertStoreContext 632 * DESCRIPTION: 633 * 634 * Retrieves a pointer to the Object representing the context (if any) 635 * of the CertStore pointed to by "store" and stores it at 636 * "pCertStoreContext". 637 * 638 * PARAMETERS: 639 * "store" 640 * Address of CertStore whose context is to be stored. Must be non-NULL. 641 * "pCertStoreContext" 642 * Address where object pointer will be stored. Must be non-NULL. 643 * "plContext" 644 * Platform-specific context pointer. 645 * THREAD SAFETY: 646 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 647 * RETURNS: 648 * Returns NULL if the function succeeds. 649 * Returns a Fatal Error if the function fails in an unrecoverable way. 650 */ 651 PKIX_Error * 652 PKIX_CertStore_GetCertStoreContext( 653 PKIX_CertStore *store, 654 PKIX_PL_Object **pCertStoreContext, 655 void *plContext); 656 657 /* 658 * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag 659 * DESCRIPTION: 660 * 661 * Retrieves the Boolean cache flag of the CertStore pointed to by "store" and 662 * stores it at "pCachedFlag". 663 * 664 * PARAMETERS: 665 * "store" 666 * Address of CertStore whose cache flag is to be stored. Must be non-NULL. 667 * "pCacheFlag" 668 * Address where the result will be stored. Must be non-NULL. 669 * "plContext" 670 * Platform-specific context pointer. 671 * THREAD SAFETY: 672 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 673 * RETURNS: 674 * Returns NULL if the function succeeds. 675 * Returns a Fatal Error if the function fails in an unrecoverable way. 676 */ 677 PKIX_Error * 678 PKIX_CertStore_GetCertStoreCacheFlag( 679 PKIX_CertStore *store, 680 PKIX_Boolean *pCacheFlag, 681 void *plContext); 682 683 /* 684 * FUNCTION: PKIX_CertStore_GetLocalFlag 685 * DESCRIPTION: 686 * 687 * Retrieves the Boolean localFlag for the CertStore pointed to by "store" and 688 * stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can 689 * fulfill a request without performing network I/O. 690 * 691 * PARAMETERS: 692 * "store" 693 * The CertStore whose Local flag is desired. Must be non-NULL. 694 * "pCallback" 695 * Address where the Boolean LocalFlag will be stored. Must be non-NULL. 696 * "plContext" 697 * Platform-specific context pointer. 698 * THREAD SAFETY: 699 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) 700 * RETURNS: 701 * Returns NULL if the function succeeds. 702 * Returns a Fatal Error if the function fails in an unrecoverable way. 703 */ 704 PKIX_Error * 705 PKIX_CertStore_GetLocalFlag( 706 PKIX_CertStore *store, 707 PKIX_Boolean *pLocalFlag, 708 void *plContext); 709 710 #ifdef __cplusplus 711 } 712 #endif 713 714 #endif /* _PKIX_CERTSTORE_H */ 715