/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 * pkix_pl_cert.h
 *
 * Certificate Object Definitions
 *
 */

#ifndef _PKIX_PL_CERT_H
#define _PKIX_PL_CERT_H

#include "pkix_pl_common.h"

#ifdef __cplusplus
extern "C" {
#endif

struct PKIX_PL_CertStruct {
        CERTCertificate *nssCert;  /* Must be the first field.  The
                                    * cert_NSSCertFromPKIXCert function in
                                    * lib/certhigh/certvfypkix.c depends on
                                    * this. */
        CERTGeneralName *nssSubjAltNames;
        PLArenaPool *arenaNameConstraints;
        PKIX_PL_X500Name *issuer;
        PKIX_PL_X500Name *subject;
        PKIX_List *subjAltNames;
        PKIX_Boolean subjAltNamesAbsent;
        PKIX_PL_OID *publicKeyAlgId;
        PKIX_PL_PublicKey *publicKey;
        PKIX_PL_BigInt *serialNumber;
        PKIX_List *critExtOids;
        PKIX_PL_ByteArray *subjKeyId;
        PKIX_Boolean subjKeyIdAbsent;
        PKIX_PL_ByteArray *authKeyId;
        PKIX_Boolean authKeyIdAbsent;
        PKIX_List *extKeyUsages;
        PKIX_Boolean extKeyUsagesAbsent;
        PKIX_PL_CertBasicConstraints *certBasicConstraints;
        PKIX_Boolean basicConstraintsAbsent;
        PKIX_List *certPolicyInfos;
        PKIX_Boolean policyInfoAbsent;
        PKIX_Boolean policyMappingsAbsent;
        PKIX_List *certPolicyMappings; /* List of PKIX_PL_CertPolicyMap */
        PKIX_Boolean policyConstraintsProcessed;
        PKIX_Int32 policyConstraintsExplicitPolicySkipCerts;
        PKIX_Int32 policyConstraintsInhibitMappingSkipCerts;
        PKIX_Boolean inhibitAnyPolicyProcessed;
        PKIX_Int32 inhibitAnySkipCerts;
        PKIX_PL_CertNameConstraints *nameConstraints;
        PKIX_Boolean nameConstraintsAbsent;
        PKIX_Boolean cacheFlag;
        PKIX_CertStore *store;
        PKIX_List *authorityInfoAccess; /* list of PKIX_PL_InfoAccess */
        PKIX_List *subjectInfoAccess; /* list of PKIX_PL_InfoAccess */
        PKIX_Boolean isUserTrustAnchor;
        PKIX_List *crldpList; /* list of CRL DPs based on der in nssCert arena.
                               * Destruction is needed for pkix object and
                               * not for undelying der as it is a part
                               * nssCert arena. */ 
};

/* see source file for function documentation */

PKIX_Error *
pkix_pl_Cert_RegisterSelf(void *plContext);

PKIX_Error *
pkix_pl_Cert_CreateWithNSSCert(
        CERTCertificate *nssCert,
        PKIX_PL_Cert **pCert,
        void *plContext);

PKIX_Error *
pkix_pl_Cert_CreateToList(
        SECItem *derCertItem,
        PKIX_List *certList,
        void *plContext);

PKIX_Error *
pkix_pl_Cert_CheckSubjectAltNameConstraints(
        PKIX_PL_Cert *cert,
        PKIX_PL_CertNameConstraints *nameConstraints,
        PKIX_Boolean matchAll,
        void *plContext);

PKIX_Error *
pkix_pl_Cert_ToString_Helper(
        PKIX_PL_Cert *cert,
        PKIX_Boolean partialString,
        PKIX_PL_String **pString,
        void *plContext);

PKIX_Error *
pkix_pl_Cert_CheckExtendedKeyUsage(
        PKIX_PL_Cert *cert,
        PKIX_UInt32 requiredExtendedKeyUsages,
        PKIX_Boolean *pPass,
        void *plContext);

#ifdef __cplusplus
}
#endif

#endif /* _PKIX_PL_CERT_H */