summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/libpkix/include/pkixt.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/lib/libpkix/include/pkixt.h
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/libpkix/include/pkixt.h')
-rw-r--r--security/nss/lib/libpkix/include/pkixt.h485
1 files changed, 485 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/include/pkixt.h b/security/nss/lib/libpkix/include/pkixt.h
new file mode 100644
index 0000000000..71997f700b
--- /dev/null
+++ b/security/nss/lib/libpkix/include/pkixt.h
@@ -0,0 +1,485 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines the types in the libpkix API.
+ * XXX Maybe we should specify the API version number in all API header files
+ *
+ */
+
+#ifndef _PKIXT_H
+#define _PKIXT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "secerr.h"
+
+/* Types
+ *
+ * This header file provides typedefs for the abstract types used by libpkix.
+ * It also provides several useful macros.
+ *
+ * Note that all these abstract types are typedef'd as opaque structures. This
+ * is intended to discourage the caller from looking at the contents directly,
+ * since the format of the contents may change from one version of the library
+ * to the next. Instead, callers should only access these types using the
+ * functions defined in the public header files.
+ *
+ * An instance of an abstract type defined in this file is called an "object"
+ * here, although C does not have real support for objects.
+ *
+ * Because C does not typically have automatic garbage collection, the caller
+ * is expected to release the reference to any object that they create or that
+ * is returned to them by a libpkix function. The caller should do this by
+ * using the PKIX_PL_Object_DecRef function. Note that the caller should not
+ * release the reference to an object if the object has been passed to a
+ * libpkix function and that function has not returned.
+ *
+ * Please refer to libpkix Programmer's Guide for more details.
+ */
+
+/* Version
+ *
+ * These macros specify the major and minor version of the libpkix API defined
+ * by this header file.
+ */
+
+#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0)
+#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3)
+
+/* Maximum minor version
+ *
+ * This macro is used to specify that the caller wants the largest minor
+ * version available.
+ */
+
+#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000)
+
+/* Define Cert Store type for database access */
+#define PKIX_STORE_TYPE_NONE 0
+#define PKIX_STORE_TYPE_PK11 1
+
+/* Portable Code (PC) data types
+ *
+ * These types are used to perform the primary operations of this library:
+ * building and validating chains of X.509 certificates.
+ */
+
+typedef struct PKIX_ErrorStruct PKIX_Error;
+typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
+typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
+typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
+typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
+typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
+typedef struct PKIX_CertStoreStruct PKIX_CertStore;
+typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
+typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
+typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
+typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
+typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
+typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
+typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
+typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
+typedef struct PKIX_LoggerStruct PKIX_Logger;
+typedef struct PKIX_ListStruct PKIX_List;
+typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
+typedef struct PKIX_DefaultRevocationCheckerStruct
+ PKIX_DefaultRevocationChecker;
+typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
+
+/* Portability Layer (PL) data types
+ *
+ * These types are used are used as portable data types that are defined
+ * consistently across platforms
+ */
+
+typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;
+typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
+typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
+typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
+typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
+typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
+typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
+typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
+typedef struct PKIX_PL_StringStruct PKIX_PL_String;
+typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
+typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
+typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
+typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
+typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
+typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
+typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
+typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
+typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
+typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
+typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
+typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
+typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
+typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
+typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
+typedef struct PKIX_PL_CollectionCertStoreContext
+ PKIX_PL_CollectionCertStoreContext;
+typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
+typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
+typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
+typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
+typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
+typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
+typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
+typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
+typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
+typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
+typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
+typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
+typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
+
+/* Primitive types
+ *
+ * In order to guarantee desired behavior as well as platform-independence, we
+ * typedef these types depending on the platform. XXX This needs more work!
+ */
+
+/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
+ * We don't know what type is at least 32 bits long. ISO C probably requires
+ * at least 32 bits for long. we could default to that and only list platforms
+ * where that's not true.
+ *
+ * #elif
+ * #error
+ * #endif
+ */
+
+/* currently, int is 32 bits on all our supported platforms */
+
+typedef unsigned int PKIX_UInt32;
+typedef int PKIX_Int32;
+
+typedef int PKIX_Boolean;
+
+/* Object Types
+ *
+ * Every reference-counted PKIX_PL_Object is associated with an integer type.
+ */
+#define PKIX_TYPES \
+ TYPEMACRO(AIAMGR), \
+ TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
+ TYPEMACRO(BIGINT), \
+ TYPEMACRO(BUILDRESULT), \
+ TYPEMACRO(BYTEARRAY), \
+ TYPEMACRO(CERT), \
+ TYPEMACRO(CERTBASICCONSTRAINTS), \
+ TYPEMACRO(CERTCHAINCHECKER), \
+ TYPEMACRO(CERTNAMECONSTRAINTS), \
+ TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
+ TYPEMACRO(CERTPOLICYCHECKERSTATE), \
+ TYPEMACRO(CERTPOLICYINFO), \
+ TYPEMACRO(CERTPOLICYMAP), \
+ TYPEMACRO(CERTPOLICYNODE), \
+ TYPEMACRO(CERTPOLICYQUALIFIER), \
+ TYPEMACRO(CERTSELECTOR), \
+ TYPEMACRO(CERTSTORE), \
+ TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
+ TYPEMACRO(COMCERTSELPARAMS), \
+ TYPEMACRO(COMCRLSELPARAMS), \
+ TYPEMACRO(CRL), \
+ TYPEMACRO(CRLDP), \
+ TYPEMACRO(CRLENTRY), \
+ TYPEMACRO(CRLSELECTOR), \
+ TYPEMACRO(DATE), \
+ TYPEMACRO(CRLCHECKER), \
+ TYPEMACRO(EKUCHECKER), \
+ TYPEMACRO(ERROR), \
+ TYPEMACRO(FORWARDBUILDERSTATE), \
+ TYPEMACRO(GENERALNAME), \
+ TYPEMACRO(HASHTABLE), \
+ TYPEMACRO(HTTPCERTSTORECONTEXT), \
+ TYPEMACRO(HTTPDEFAULTCLIENT), \
+ TYPEMACRO(INFOACCESS), \
+ TYPEMACRO(LDAPDEFAULTCLIENT), \
+ TYPEMACRO(LDAPREQUEST), \
+ TYPEMACRO(LDAPRESPONSE), \
+ TYPEMACRO(LIST), \
+ TYPEMACRO(LOGGER), \
+ TYPEMACRO(MONITORLOCK), \
+ TYPEMACRO(MUTEX), \
+ TYPEMACRO(OBJECT), \
+ TYPEMACRO(OCSPCERTID), \
+ TYPEMACRO(OCSPCHECKER), \
+ TYPEMACRO(OCSPREQUEST), \
+ TYPEMACRO(OCSPRESPONSE), \
+ TYPEMACRO(OID), \
+ TYPEMACRO(REVOCATIONCHECKER), \
+ TYPEMACRO(PROCESSINGPARAMS), \
+ TYPEMACRO(PUBLICKEY), \
+ TYPEMACRO(RESOURCELIMITS), \
+ TYPEMACRO(RWLOCK), \
+ TYPEMACRO(SIGNATURECHECKERSTATE), \
+ TYPEMACRO(SOCKET), \
+ TYPEMACRO(STRING), \
+ TYPEMACRO(TARGETCERTCHECKERSTATE), \
+ TYPEMACRO(TRUSTANCHOR), \
+ TYPEMACRO(VALIDATEPARAMS), \
+ TYPEMACRO(VALIDATERESULT), \
+ TYPEMACRO(VERIFYNODE), \
+ TYPEMACRO(X500NAME)
+
+#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
+
+typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */
+ PKIX_TYPES,
+ PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */
+} PKIX_TYPENUM;
+
+
+#ifdef PKIX_USER_OBJECT_TYPE
+
+/* User Define Object Types
+ *
+ * User may define their own object types offset from PKIX_USER_OBJECT_TYPE
+ */
+#define PKIX_USER_OBJECT_TYPEBASE 1000
+
+#endif /* PKIX_USER_OBJECT_TYPE */
+
+/* Error Codes
+ *
+ * This list is used to define a set of PKIX_Error exception class numbers.
+ * ERRMACRO is redefined to produce a corresponding set of
+ * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in
+ * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
+ * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is
+ * initialized in pkix_error.c with the value "MUTEX".
+ */
+#define PKIX_ERRORCLASSES \
+ ERRMACRO(AIAMGR), \
+ ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
+ ERRMACRO(BIGINT), \
+ ERRMACRO(BUILD), \
+ ERRMACRO(BUILDRESULT), \
+ ERRMACRO(BYTEARRAY), \
+ ERRMACRO(CERT), \
+ ERRMACRO(CERTBASICCONSTRAINTS), \
+ ERRMACRO(CERTCHAINCHECKER), \
+ ERRMACRO(CERTNAMECONSTRAINTS), \
+ ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
+ ERRMACRO(CERTPOLICYCHECKERSTATE), \
+ ERRMACRO(CERTPOLICYINFO), \
+ ERRMACRO(CERTPOLICYMAP), \
+ ERRMACRO(CERTPOLICYNODE), \
+ ERRMACRO(CERTPOLICYQUALIFIER), \
+ ERRMACRO(CERTSELECTOR), \
+ ERRMACRO(CERTSTORE), \
+ ERRMACRO(CERTVFYPKIX), \
+ ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
+ ERRMACRO(COMCERTSELPARAMS), \
+ ERRMACRO(COMCRLSELPARAMS), \
+ ERRMACRO(CONTEXT), \
+ ERRMACRO(CRL), \
+ ERRMACRO(CRLDP), \
+ ERRMACRO(CRLENTRY), \
+ ERRMACRO(CRLSELECTOR), \
+ ERRMACRO(CRLCHECKER), \
+ ERRMACRO(DATE), \
+ ERRMACRO(EKUCHECKER), \
+ ERRMACRO(ERROR), \
+ ERRMACRO(FATAL), \
+ ERRMACRO(FORWARDBUILDERSTATE), \
+ ERRMACRO(GENERALNAME), \
+ ERRMACRO(HASHTABLE), \
+ ERRMACRO(HTTPCERTSTORECONTEXT), \
+ ERRMACRO(HTTPDEFAULTCLIENT), \
+ ERRMACRO(INFOACCESS), \
+ ERRMACRO(LDAPCLIENT), \
+ ERRMACRO(LDAPDEFAULTCLIENT), \
+ ERRMACRO(LDAPREQUEST), \
+ ERRMACRO(LDAPRESPONSE), \
+ ERRMACRO(LIFECYCLE), \
+ ERRMACRO(LIST), \
+ ERRMACRO(LOGGER), \
+ ERRMACRO(MEM), \
+ ERRMACRO(MONITORLOCK), \
+ ERRMACRO(MUTEX), \
+ ERRMACRO(OBJECT), \
+ ERRMACRO(OCSPCERTID), \
+ ERRMACRO(OCSPCHECKER), \
+ ERRMACRO(OCSPREQUEST), \
+ ERRMACRO(OCSPRESPONSE), \
+ ERRMACRO(OID), \
+ ERRMACRO(PROCESSINGPARAMS), \
+ ERRMACRO(PUBLICKEY), \
+ ERRMACRO(RESOURCELIMITS), \
+ ERRMACRO(REVOCATIONMETHOD), \
+ ERRMACRO(REVOCATIONCHECKER), \
+ ERRMACRO(RWLOCK), \
+ ERRMACRO(SIGNATURECHECKERSTATE), \
+ ERRMACRO(SOCKET), \
+ ERRMACRO(STRING), \
+ ERRMACRO(TARGETCERTCHECKERSTATE), \
+ ERRMACRO(TRUSTANCHOR), \
+ ERRMACRO(USERDEFINEDMODULES), \
+ ERRMACRO(VALIDATE), \
+ ERRMACRO(VALIDATEPARAMS), \
+ ERRMACRO(VALIDATERESULT), \
+ ERRMACRO(VERIFYNODE), \
+ ERRMACRO(X500NAME)
+
+#define ERRMACRO(type) PKIX_ ## type ## _ERROR
+
+typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */
+ PKIX_ERRORCLASSES,
+ PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */
+} PKIX_ERRORCLASS;
+
+/* Now define error strings (for internationalization) */
+
+#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name
+
+/* Define all the error numbers */
+typedef enum {
+#include "pkix_errorstrings.h"
+, PKIX_NUMERRORCODES
+} PKIX_ERRORCODE;
+
+extern const char * const PKIX_ErrorText[];
+
+/* String Formats
+ *
+ * These formats specify supported encoding formats for Strings.
+ */
+
+#define PKIX_ESCASCII 0
+#define PKIX_UTF8 1
+#define PKIX_UTF16 2
+#define PKIX_UTF8_NULL_TERM 3
+#define PKIX_ESCASCII_DEBUG 4
+
+/* Name Types
+ *
+ * These types specify supported formats for GeneralNames.
+ */
+
+#define PKIX_OTHER_NAME 1
+#define PKIX_RFC822_NAME 2
+#define PKIX_DNS_NAME 3
+#define PKIX_X400_ADDRESS 4
+#define PKIX_DIRECTORY_NAME 5
+#define PKIX_EDIPARTY_NAME 6
+#define PKIX_URI_NAME 7
+#define PKIX_IP_NAME 8
+#define PKIX_OID_NAME 9
+
+/* Key Usages
+ *
+ * These types specify supported Key Usages
+ */
+
+#define PKIX_DIGITAL_SIGNATURE 0x001
+#define PKIX_NON_REPUDIATION 0x002
+#define PKIX_KEY_ENCIPHERMENT 0x004
+#define PKIX_DATA_ENCIPHERMENT 0x008
+#define PKIX_KEY_AGREEMENT 0x010
+#define PKIX_KEY_CERT_SIGN 0x020
+#define PKIX_CRL_SIGN 0x040
+#define PKIX_ENCIPHER_ONLY 0x080
+#define PKIX_DECIPHER_ONLY 0x100
+
+/* Reason Flags
+ *
+ * These macros specify supported Reason Flags
+ */
+
+#define PKIX_UNUSED 0x001
+#define PKIX_KEY_COMPROMISE 0x002
+#define PKIX_CA_COMPROMISE 0x004
+#define PKIX_AFFILIATION_CHANGED 0x008
+#define PKIX_SUPERSEDED 0x010
+#define PKIX_CESSATION_OF_OPERATION 0x020
+#define PKIX_CERTIFICATE_HOLD 0x040
+#define PKIX_PRIVILEGE_WITHDRAWN 0x080
+#define PKIX_AA_COMPROMISE 0x100
+
+/* Boolean values
+ *
+ * These macros specify the Boolean values of TRUE and FALSE
+ * XXX Is it the case that any non-zero value is actually considered TRUE
+ * and this is just a convenient mnemonic macro?
+ */
+
+#define PKIX_TRUE ((PKIX_Boolean) 1)
+#define PKIX_FALSE ((PKIX_Boolean) 0)
+
+/*
+ * Define constants for basic constraints selector
+ * (see comments in pkix_certsel.h)
+ */
+
+#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
+#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
+
+/*
+ * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
+ * object file. It is thrown if system memory cannot be allocated or may be
+ * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
+ * IncRef, DecRef and all Settor functions cannot be called.
+ * XXX Does anyone actually need to know about this?
+ * XXX Why no DecRef? Would be good to handle it the same.
+ */
+
+PKIX_Error* PKIX_ALLOC_ERROR(void);
+
+/*
+ * In a CertBasicConstraints extension, if the CA flag is set,
+ * indicating the certificate refers to a Certification
+ * Authority, then the pathLen field indicates how many intermediate
+ * certificates (not counting self-signed ones) can exist in a valid
+ * chain following this certificate. If the pathLen has the value
+ * of this constant, then the length of the chain is unlimited
+ */
+#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
+
+/*
+ * Define Certificate Extension hard-coded OID's
+ */
+#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN
+#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE
+#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME
+#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS
+#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE
+#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS
+#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES
+#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY
+#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS
+#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS
+#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE
+#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY
+#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE
+#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH
+#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH
+#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN
+#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT
+#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP
+#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER
+
+
+/* Available revocation method types. */
+typedef enum PKIX_RevocationMethodTypeEnum {
+ PKIX_RevocationMethod_CRL = 0,
+ PKIX_RevocationMethod_OCSP,
+ PKIX_RevocationMethod_MAX
+} PKIX_RevocationMethodType;
+
+/* A set of statuses revocation checker operates on */
+typedef enum PKIX_RevocationStatusEnum {
+ PKIX_RevStatus_NoInfo = 0,
+ PKIX_RevStatus_Revoked,
+ PKIX_RevStatus_Success
+} PKIX_RevocationStatus;
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIXT_H */