Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
/*
* This file defines the types in the libpkix API.
* XXX Maybe we should specify the API version number in all API header files
*
*/
#ifndef _PKIXT_H
#define _PKIXT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "secerr.h"
/* Types
*
* This header file provides typedefs for the abstract types used by libpkix.
* It also provides several useful macros.
*
* Note that all these abstract types are typedef'd as opaque structures. This
* is intended to discourage the caller from looking at the contents directly,
* since the format of the contents may change from one version of the library
* to the next. Instead, callers should only access these types using the
* functions defined in the public header files.
*
* An instance of an abstract type defined in this file is called an "object"
* here, although C does not have real support for objects.
*
* Because C does not typically have automatic garbage collection, the caller
* is expected to release the reference to any object that they create or that
* is returned to them by a libpkix function. The caller should do this by
* using the PKIX_PL_Object_DecRef function. Note that the caller should not
* release the reference to an object if the object has been passed to a
* libpkix function and that function has not returned.
*
* Please refer to libpkix Programmer's Guide for more details.
*/
/* Version
*
* These macros specify the major and minor version of the libpkix API defined
* by this header file.
*/
#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0)
#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3)
/* Maximum minor version
*
* This macro is used to specify that the caller wants the largest minor
* version available.
*/
#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000)
/* Define Cert Store type for database access */
#define PKIX_STORE_TYPE_NONE 0
#define PKIX_STORE_TYPE_PK11 1
/* Portable Code (PC) data types
*
* These types are used to perform the primary operations of this library:
* building and validating chains of X.509 certificates.
*/
typedef struct PKIX_ErrorStruct PKIX_Error;
typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
typedef struct PKIX_CertStoreStruct PKIX_CertStore;
typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
typedef struct PKIX_LoggerStruct PKIX_Logger;
typedef struct PKIX_ListStruct PKIX_List;
typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
typedef struct PKIX_DefaultRevocationCheckerStruct
PKIX_DefaultRevocationChecker;
typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
/* Portability Layer (PL) data types
*
* These types are used are used as portable data types that are defined
* consistently across platforms
*/
typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;
typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
typedef struct PKIX_PL_StringStruct PKIX_PL_String;
typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
typedef struct PKIX_PL_CollectionCertStoreContext
PKIX_PL_CollectionCertStoreContext;
typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
/* Primitive types
*
* In order to guarantee desired behavior as well as platform-independence, we
* typedef these types depending on the platform. XXX This needs more work!
*/
/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
* We don't know what type is at least 32 bits long. ISO C probably requires
* at least 32 bits for long. we could default to that and only list platforms
* where that's not true.
*
* #elif
* #error
* #endif
*/
/* currently, int is 32 bits on all our supported platforms */
typedef unsigned int PKIX_UInt32;
typedef int PKIX_Int32;
typedef int PKIX_Boolean;
/* Object Types
*
* Every reference-counted PKIX_PL_Object is associated with an integer type.
*/
#define PKIX_TYPES \
TYPEMACRO(AIAMGR), \
TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
TYPEMACRO(BIGINT), \
TYPEMACRO(BUILDRESULT), \
TYPEMACRO(BYTEARRAY), \
TYPEMACRO(CERT), \
TYPEMACRO(CERTBASICCONSTRAINTS), \
TYPEMACRO(CERTCHAINCHECKER), \
TYPEMACRO(CERTNAMECONSTRAINTS), \
TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
TYPEMACRO(CERTPOLICYCHECKERSTATE), \
TYPEMACRO(CERTPOLICYINFO), \
TYPEMACRO(CERTPOLICYMAP), \
TYPEMACRO(CERTPOLICYNODE), \
TYPEMACRO(CERTPOLICYQUALIFIER), \
TYPEMACRO(CERTSELECTOR), \
TYPEMACRO(CERTSTORE), \
TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
TYPEMACRO(COMCERTSELPARAMS), \
TYPEMACRO(COMCRLSELPARAMS), \
TYPEMACRO(CRL), \
TYPEMACRO(CRLDP), \
TYPEMACRO(CRLENTRY), \
TYPEMACRO(CRLSELECTOR), \
TYPEMACRO(DATE), \
TYPEMACRO(CRLCHECKER), \
TYPEMACRO(EKUCHECKER), \
TYPEMACRO(ERROR), \
TYPEMACRO(FORWARDBUILDERSTATE), \
TYPEMACRO(GENERALNAME), \
TYPEMACRO(HASHTABLE), \
TYPEMACRO(HTTPCERTSTORECONTEXT), \
TYPEMACRO(HTTPDEFAULTCLIENT), \
TYPEMACRO(INFOACCESS), \
TYPEMACRO(LDAPDEFAULTCLIENT), \
TYPEMACRO(LDAPREQUEST), \
TYPEMACRO(LDAPRESPONSE), \
TYPEMACRO(LIST), \
TYPEMACRO(LOGGER), \
TYPEMACRO(MONITORLOCK), \
TYPEMACRO(MUTEX), \
TYPEMACRO(OBJECT), \
TYPEMACRO(OCSPCERTID), \
TYPEMACRO(OCSPCHECKER), \
TYPEMACRO(OCSPREQUEST), \
TYPEMACRO(OCSPRESPONSE), \
TYPEMACRO(OID), \
TYPEMACRO(REVOCATIONCHECKER), \
TYPEMACRO(PROCESSINGPARAMS), \
TYPEMACRO(PUBLICKEY), \
TYPEMACRO(RESOURCELIMITS), \
TYPEMACRO(RWLOCK), \
TYPEMACRO(SIGNATURECHECKERSTATE), \
TYPEMACRO(SOCKET), \
TYPEMACRO(STRING), \
TYPEMACRO(TARGETCERTCHECKERSTATE), \
TYPEMACRO(TRUSTANCHOR), \
TYPEMACRO(VALIDATEPARAMS), \
TYPEMACRO(VALIDATERESULT), \
TYPEMACRO(VERIFYNODE), \
TYPEMACRO(X500NAME)
#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */
PKIX_TYPES,
PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */
} PKIX_TYPENUM;
#ifdef PKIX_USER_OBJECT_TYPE
/* User Define Object Types
*
* User may define their own object types offset from PKIX_USER_OBJECT_TYPE
*/
#define PKIX_USER_OBJECT_TYPEBASE 1000
#endif /* PKIX_USER_OBJECT_TYPE */
/* Error Codes
*
* This list is used to define a set of PKIX_Error exception class numbers.
* ERRMACRO is redefined to produce a corresponding set of
* strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in
* pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
* PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is
* initialized in pkix_error.c with the value "MUTEX".
*/
#define PKIX_ERRORCLASSES \
ERRMACRO(AIAMGR), \
ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
ERRMACRO(BIGINT), \
ERRMACRO(BUILD), \
ERRMACRO(BUILDRESULT), \
ERRMACRO(BYTEARRAY), \
ERRMACRO(CERT), \
ERRMACRO(CERTBASICCONSTRAINTS), \
ERRMACRO(CERTCHAINCHECKER), \
ERRMACRO(CERTNAMECONSTRAINTS), \
ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
ERRMACRO(CERTPOLICYCHECKERSTATE), \
ERRMACRO(CERTPOLICYINFO), \
ERRMACRO(CERTPOLICYMAP), \
ERRMACRO(CERTPOLICYNODE), \
ERRMACRO(CERTPOLICYQUALIFIER), \
ERRMACRO(CERTSELECTOR), \
ERRMACRO(CERTSTORE), \
ERRMACRO(CERTVFYPKIX), \
ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
ERRMACRO(COMCERTSELPARAMS), \
ERRMACRO(COMCRLSELPARAMS), \
ERRMACRO(CONTEXT), \
ERRMACRO(CRL), \
ERRMACRO(CRLDP), \
ERRMACRO(CRLENTRY), \
ERRMACRO(CRLSELECTOR), \
ERRMACRO(CRLCHECKER), \
ERRMACRO(DATE), \
ERRMACRO(EKUCHECKER), \
ERRMACRO(ERROR), \
ERRMACRO(FATAL), \
ERRMACRO(FORWARDBUILDERSTATE), \
ERRMACRO(GENERALNAME), \
ERRMACRO(HASHTABLE), \
ERRMACRO(HTTPCERTSTORECONTEXT), \
ERRMACRO(HTTPDEFAULTCLIENT), \
ERRMACRO(INFOACCESS), \
ERRMACRO(LDAPCLIENT), \
ERRMACRO(LDAPDEFAULTCLIENT), \
ERRMACRO(LDAPREQUEST), \
ERRMACRO(LDAPRESPONSE), \
ERRMACRO(LIFECYCLE), \
ERRMACRO(LIST), \
ERRMACRO(LOGGER), \
ERRMACRO(MEM), \
ERRMACRO(MONITORLOCK), \
ERRMACRO(MUTEX), \
ERRMACRO(OBJECT), \
ERRMACRO(OCSPCERTID), \
ERRMACRO(OCSPCHECKER), \
ERRMACRO(OCSPREQUEST), \
ERRMACRO(OCSPRESPONSE), \
ERRMACRO(OID), \
ERRMACRO(PROCESSINGPARAMS), \
ERRMACRO(PUBLICKEY), \
ERRMACRO(RESOURCELIMITS), \
ERRMACRO(REVOCATIONMETHOD), \
ERRMACRO(REVOCATIONCHECKER), \
ERRMACRO(RWLOCK), \
ERRMACRO(SIGNATURECHECKERSTATE), \
ERRMACRO(SOCKET), \
ERRMACRO(STRING), \
ERRMACRO(TARGETCERTCHECKERSTATE), \
ERRMACRO(TRUSTANCHOR), \
ERRMACRO(USERDEFINEDMODULES), \
ERRMACRO(VALIDATE), \
ERRMACRO(VALIDATEPARAMS), \
ERRMACRO(VALIDATERESULT), \
ERRMACRO(VERIFYNODE), \
ERRMACRO(X500NAME)
#define ERRMACRO(type) PKIX_ ## type ## _ERROR
typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */
PKIX_ERRORCLASSES,
PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */
} PKIX_ERRORCLASS;
/* Now define error strings (for internationalization) */
#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name
/* Define all the error numbers */
typedef enum {
#include "pkix_errorstrings.h"
, PKIX_NUMERRORCODES
} PKIX_ERRORCODE;
extern const char * const PKIX_ErrorText[];
/* String Formats
*
* These formats specify supported encoding formats for Strings.
*/
#define PKIX_ESCASCII 0
#define PKIX_UTF8 1
#define PKIX_UTF16 2
#define PKIX_UTF8_NULL_TERM 3
#define PKIX_ESCASCII_DEBUG 4
/* Name Types
*
* These types specify supported formats for GeneralNames.
*/
#define PKIX_OTHER_NAME 1
#define PKIX_RFC822_NAME 2
#define PKIX_DNS_NAME 3
#define PKIX_X400_ADDRESS 4
#define PKIX_DIRECTORY_NAME 5
#define PKIX_EDIPARTY_NAME 6
#define PKIX_URI_NAME 7
#define PKIX_IP_NAME 8
#define PKIX_OID_NAME 9
/* Key Usages
*
* These types specify supported Key Usages
*/
#define PKIX_DIGITAL_SIGNATURE 0x001
#define PKIX_NON_REPUDIATION 0x002
#define PKIX_KEY_ENCIPHERMENT 0x004
#define PKIX_DATA_ENCIPHERMENT 0x008
#define PKIX_KEY_AGREEMENT 0x010
#define PKIX_KEY_CERT_SIGN 0x020
#define PKIX_CRL_SIGN 0x040
#define PKIX_ENCIPHER_ONLY 0x080
#define PKIX_DECIPHER_ONLY 0x100
/* Reason Flags
*
* These macros specify supported Reason Flags
*/
#define PKIX_UNUSED 0x001
#define PKIX_KEY_COMPROMISE 0x002
#define PKIX_CA_COMPROMISE 0x004
#define PKIX_AFFILIATION_CHANGED 0x008
#define PKIX_SUPERSEDED 0x010
#define PKIX_CESSATION_OF_OPERATION 0x020
#define PKIX_CERTIFICATE_HOLD 0x040
#define PKIX_PRIVILEGE_WITHDRAWN 0x080
#define PKIX_AA_COMPROMISE 0x100
/* Boolean values
*
* These macros specify the Boolean values of TRUE and FALSE
* XXX Is it the case that any non-zero value is actually considered TRUE
* and this is just a convenient mnemonic macro?
*/
#define PKIX_TRUE ((PKIX_Boolean) 1)
#define PKIX_FALSE ((PKIX_Boolean) 0)
/*
* Define constants for basic constraints selector
* (see comments in pkix_certsel.h)
*/
#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
/*
* PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
* object file. It is thrown if system memory cannot be allocated or may be
* thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
* IncRef, DecRef and all Settor functions cannot be called.
* XXX Does anyone actually need to know about this?
* XXX Why no DecRef? Would be good to handle it the same.
*/
PKIX_Error* PKIX_ALLOC_ERROR(void);
/*
* In a CertBasicConstraints extension, if the CA flag is set,
* indicating the certificate refers to a Certification
* Authority, then the pathLen field indicates how many intermediate
* certificates (not counting self-signed ones) can exist in a valid
* chain following this certificate. If the pathLen has the value
* of this constant, then the length of the chain is unlimited
*/
#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
/*
* Define Certificate Extension hard-coded OID's
*/
#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN
#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE
#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME
#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS
#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE
#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS
#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES
#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY
#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS
#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS
#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE
#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY
#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE
#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH
#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH
#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN
#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT
#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP
#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER
/* Available revocation method types. */
typedef enum PKIX_RevocationMethodTypeEnum {
PKIX_RevocationMethod_CRL = 0,
PKIX_RevocationMethod_OCSP,
PKIX_RevocationMethod_MAX
} PKIX_RevocationMethodType;
/* A set of statuses revocation checker operates on */
typedef enum PKIX_RevocationStatusEnum {
PKIX_RevStatus_NoInfo = 0,
PKIX_RevStatus_Revoked,
PKIX_RevStatus_Success
} PKIX_RevocationStatus;
#ifdef __cplusplus
}
#endif
#endif /* _PKIXT_H */