summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/libpkix/include/pkix_crlsel.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/libpkix/include/pkix_crlsel.h')
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_crlsel.h759
1 files changed, 759 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/include/pkix_crlsel.h b/security/nss/lib/libpkix/include/pkix_crlsel.h
new file mode 100755
index 000000000..491e72f43
--- /dev/null
+++ b/security/nss/lib/libpkix/include/pkix_crlsel.h
@@ -0,0 +1,759 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the PKIX_CRLSelector and the
+ * PKIX_ComCRLSelParams types.
+ *
+ */
+
+
+#ifndef _PKIX_CRLSEL_H
+#define _PKIX_CRLSEL_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_CRLSelector
+ *
+ * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
+ * based on particular criteria. A CRLSelector is typically used by libpkix
+ * to retrieve CRLs from a CertStore during certificate chain validation or
+ * building. (see pkix_certstore.h) For example, the caller may wish to only
+ * select those CRLs that have a particular issuer or a particular value for a
+ * private CRL extension. The MatchCallback allows the caller to specify the
+ * custom matching logic to be used by a CRLSelector.
+
+ * By default, the MatchCallback is set to point to the default implementation
+ * provided by libpkix, which understands how to process the most common
+ * parameters. If the default implementation is used, the caller should set
+ * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
+ * Any common parameter that is not set is assumed to be disabled, which means
+ * the default MatchCallback implementation will select all CRLs without
+ * regard to that particular disabled parameter. For example, if the
+ * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
+ * CRL based on its CRL number. As such, if no parameters are set, all are
+ * disabled and any CRL will match. If a parameter is disabled, its associated
+ * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
+ *
+ * If a custom implementation is desired, the default implementation can be
+ * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
+ * CRLSelector can be initialized with a crlSelectorContext, which is where
+ * the caller can specify the desired parameters the caller wishes to match
+ * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
+ * allowing it to be reference-counted and allowing it to provide the standard
+ * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
+ *
+ */
+
+/*
+ * FUNCTION: PKIX_CRLSelector_MatchCallback
+ * DESCRIPTION:
+ *
+ * This callback function determines whether the specified CRL pointed to by
+ * "crl" matches the criteria of the CRLSelector pointed to by "selector".
+ * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
+ * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
+ *
+ * PARAMETERS:
+ * "selector"
+ * Address of CRLSelector whose MatchCallback logic and parameters are
+ * to be used. Must be non-NULL.
+ * "crl"
+ * Address of CRL that is to be matched using "selector". Must be non-NULL.
+ * "pMatch"
+ * Address at which Boolean result is stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe
+ *
+ * Multiple threads must be able to safely call this function without
+ * worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CRLSelector_MatchCallback)(
+ PKIX_CRLSelector *selector,
+ PKIX_PL_CRL *crl,
+ PKIX_Boolean *pMatch,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_Create
+ * DESCRIPTION:
+ *
+ * Creates a new CRLSelector using the Object pointed to by
+ * "crlSelectorContext" (if any) and stores it at "pSelector". As noted
+ * above, by default, the MatchCallback is set to point to the default
+ * implementation provided by libpkix, which understands how to process
+ * ComCRLSelParams. This is overridden if the MatchCallback pointed to by
+ * "callback" is not NULL, in which case the parameters are specified using
+ * the Object pointed to by "crlSelectorContext".
+ *
+ * PARAMETERS:
+ * "issue"
+ * crl issuer.
+ * "crlDpList"
+ * distribution points list
+ * "callback"
+ * The MatchCallback function to be used.
+ * "pSelector"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_Create(
+ PKIX_PL_Cert *issuer,
+ PKIX_List *crlDpList,
+ PKIX_PL_Date *date,
+ PKIX_CRLSelector **pSelector,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetMatchCallback
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to "selector's" Match callback function and puts it in
+ * "pCallback".
+ *
+ * PARAMETERS:
+ * "selector"
+ * The CRLSelector whose Match callback is desired. Must be non-NULL.
+ * "pCallback"
+ * Address where Match callback function pointer will be stored.
+ * Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetMatchCallback(
+ PKIX_CRLSelector *selector,
+ PKIX_CRLSelector_MatchCallback *pCallback,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
+ * of the CRLSelector pointed to by "selector" and stores it at
+ * "pCRLSelectorContext".
+ *
+ * PARAMETERS:
+ * "selector"
+ * Address of CRLSelector whose context is to be stored. Must be non-NULL.
+ * "pCRLSelectorContext"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCRLSelectorContext(
+ PKIX_CRLSelector *selector,
+ void **pCRLSelectorContext,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the ComCRLSelParams object that represent the common
+ * parameters of the CRLSelector pointed to by "selector" and stores it at
+ * "pCommonCRLSelectorParams". If there are no common parameters stored with
+ * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
+ *
+ * PARAMETERS:
+ * "selector"
+ * Address of CRLSelector whose ComCRLSelParams are to be stored.
+ * Must be non-NULL.
+ * "pCommonCRLSelectorParams"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCommonCRLSelectorParams(
+ PKIX_CRLSelector *selector,
+ PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
+ * DESCRIPTION:
+ *
+ * Sets the common parameters for the CRLSelector pointed to by "selector"
+ * using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
+ *
+ * PARAMETERS:
+ * "selector"
+ * Address of CRLSelector whose common parameters are to be set.
+ * Must be non-NULL.
+ * "commonCRLSelectorParams"
+ * Address of ComCRLSelParams representing the common parameters.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "selector"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_SetCommonCRLSelectorParams(
+ PKIX_CRLSelector *selector,
+ PKIX_ComCRLSelParams *commonCRLSelectorParams,
+ void *plContext);
+
+/* PKIX_ComCRLSelParams
+ *
+ * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
+ * especially determining which CRLs to retrieve from a CertStore.
+ * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
+ * the default implementation of MatchCallback, which understands how to
+ * process ComCRLSelParams.
+ */
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_Create
+ * DESCRIPTION:
+ *
+ * Creates a new ComCRLSelParams object and stores it at "pParams".
+ *
+ * PARAMETERS:
+ * "pParams"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_Create(
+ PKIX_ComCRLSelParams **pParams,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the List of X500Names (if any) representing the
+ * issuer names criterion that is set in the ComCRLSelParams pointed to by
+ * "params" and stores it at "pNames". In order to match against this
+ * criterion, a CRL's IssuerName must match at least one of the criterion's
+ * issuer names.
+ *
+ * If "params" does not have this criterion set, this function stores NULL at
+ * "pNames", in which case all CRLs are considered to match.
+ *
+ * Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose issuer names criterion (if any) is to
+ * be stored. Must be non-NULL.
+ * "pNames"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetIssuerNames(
+ PKIX_ComCRLSelParams *params,
+ PKIX_List **pNames, /* list of PKIX_PL_X500Name */
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
+ * DESCRIPTION:
+ *
+ * Sets the issuer names criterion of the ComCRLSelParams pointed to by
+ * "params" using a List of X500Names pointed to by "names". In order to match
+ * against this criterion, a CRL's IssuerName must match at least one of the
+ * criterion's issuer names.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParamsParams whose issuer names criterion is to be
+ * set. Must be non-NULL.
+ * "names"
+ * Address of List of X500Names used to set the criterion
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetIssuerNames(
+ PKIX_ComCRLSelParams *params,
+ PKIX_List *names, /* list of PKIX_PL_X500Name */
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
+ * DESCRIPTION:
+ *
+ * Adds to the issuer names criterion of the ComCRLSelParams pointed to by
+ * "params" using the X500Name pointed to by "name". In order to match
+ * against this criterion, a CRL's IssuerName must match at least one of the
+ * criterion's issuer names.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose issuer names criterion is to be added
+ * to. Must be non-NULL.
+ * "name"
+ * Address of X500Name to be added.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_AddIssuerName(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_X500Name *name,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the Cert (if any) representing the certificate whose
+ * revocation status is being checked. This is not a criterion. It is simply
+ * optional information that may help a CertStore find relevant CRLs.
+ *
+ * If "params" does not have a certificate set, this function stores NULL at
+ * "pCert", in which case there is no optional information to provide.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose certificate being checked (if any) is
+ * to be stored. Must be non-NULL.
+ * "pCert"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetCertificateChecking(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Cert **pCert,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
+ * DESCRIPTION:
+ *
+ * Sets the ComCRLSelParams pointed to by "params" with the certificate
+ * (pointed to by "cert") whose revocation status is being checked. This is
+ * not a criterion. It is simply optional information that may help a
+ * CertStore find relevant CRLs.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose certificate being checked is to be
+ * set. Must be non-NULL.
+ * "cert"
+ * Address of Cert whose revocation status is being checked
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetCertificateChecking(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Cert *cert,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the Date (if any) representing the dateAndTime
+ * criterion that is set in the ComCRLSelParams pointed to by "params" and
+ * stores it at "pDate". In order to match against this criterion, a CRL's
+ * thisUpdate component must be less than or equal to the criterion's
+ * dateAndTime and the CRL's nextUpdate component must be later than the
+ * criterion's dateAndTime. There is no match if the CRL does not contain a
+ * nextUpdate component.
+ *
+ * If "params" does not have this criterion set, this function stores NULL at
+ * "pDate", in which case all CRLs are considered to match.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
+ * be stored. Must be non-NULL.
+ * "pDate"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetDateAndTime(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Date **pDate,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
+ * DESCRIPTION:
+ *
+ * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
+ * "params" using a Date pointed to by "date". In order to match against this
+ * criterion, a CRL's thisUpdate component must be less than or equal to the
+ * criterion's dateAndTime and the CRL's nextUpdate component must be later
+ * than the criterion's dateAndTime. There is no match if the CRL does not
+ * contain a nextUpdate component.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
+ * set. Must be non-NULL.
+ * "date"
+ * Address of Date used to set the criterion
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetDateAndTime(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Date *date,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the Boolean representing the NIST CRL policy
+ * activation flag that is set in the ComCRLSelParams pointed to by "params"
+ * and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
+ *
+ * Default value for this flag is TRUE.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose NIST CRL policy criterion is to
+ * be stored. Must be non-NULL.
+ * "pEnabled"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
+ PKIX_ComCRLSelParams *params,
+ PKIX_Boolean *pEnabled,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
+ * DESCRIPTION:
+ *
+ * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
+ * "params" using a "enabled" flag. In order to match against this
+ * criterion, a CRL's nextUpdate must be available and criterion's
+ * dataAndTime must be within thisUpdate and nextUpdate time period.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParamsParams whose NIST CRL policy criterion
+ * is to be set. Must be non-NULL.
+ * "enabled"
+ * Address of Bollean used to set the criterion
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
+ PKIX_ComCRLSelParams *params,
+ PKIX_Boolean enabled,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
+ * criterion that is set in the ComCRLSelParams pointed to by "params" and
+ * stores it at "pNumber". In order to match against this criterion, a CRL
+ * must have a CRL number extension whose value is less than or equal to the
+ * criterion's value.
+ *
+ * If "params" does not have this criterion set, this function stores NULL at
+ * "pNumber", in which case all CRLs are considered to match.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
+ * be stored. Must be non-NULL.
+ * "pNumber"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMaxCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt **pNumber,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
+ * DESCRIPTION:
+ *
+ * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
+ * "params" using a BigInt pointed to by "number". In order to match against
+ * this criterion, a CRL must have a CRL number extension whose value is less
+ * than or equal to the criterion's value.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
+ * set. Must be non-NULL.
+ * "number"
+ * Address of BigInt used to set the criterion
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMaxCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt *number,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
+ * criterion that is set in the ComCRLSelParams pointed to by "params" and
+ * stores it at "pNumber". In order to match against this criterion, a CRL
+ * must have a CRL number extension whose value is greater than or equal to
+ * the criterion's value.
+ *
+ * If "params" does not have this criterion set, this function stores NULL at
+ * "pNumber", in which case all CRLs are considered to match.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
+ * be stored. Must be non-NULL.
+ * "pNumber"
+ * Address where object pointer will be stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMinCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt **pNumber,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
+ * DESCRIPTION:
+ *
+ * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
+ * "params" using a BigInt pointed to by "number". In order to match against
+ * this criterion, a CRL must have a CRL number extension whose value is
+ * greater than or equal to the criterion's value.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
+ * set. Must be non-NULL.
+ * "number"
+ * Address of BigInt used to set the criterion
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMinCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt *number,
+ void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
+ * DESCRIPTION:
+ *
+ * Sets crldp list that can be used to download a crls.
+ *
+ * PARAMETERS:
+ * "params"
+ * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
+ * set. Must be non-NULL.
+ * "crldpList"
+ * A list of CRLDPs. Can be an emptry list.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "params"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error*
+PKIX_ComCRLSelParams_SetCrlDp(
+ PKIX_ComCRLSelParams *params,
+ PKIX_List *crldpList,
+ void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CRLSEL_H */