security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 * pkix_policychecker.h
 *
 * Header file for policy checker.
 *
 */

#ifndef _PKIX_POLICYCHECKER_H
#define _PKIX_POLICYCHECKER_H

#include "pkix_tools.h"

#ifdef __cplusplus
extern "C" {
#endif

typedef struct PKIX_PolicyCheckerStateStruct PKIX_PolicyCheckerState;

struct PKIX_PolicyCheckerStateStruct{
        PKIX_PL_OID *certPoliciesExtension;             /* const */
        PKIX_PL_OID *policyMappingsExtension;           /* const */
        PKIX_PL_OID *policyConstraintsExtension;        /* const */
        PKIX_PL_OID *inhibitAnyPolicyExtension;         /* const */
        PKIX_PL_OID *anyPolicyOID;                      /* const */
        PKIX_Boolean initialIsAnyPolicy;                /* const */
        PKIX_PolicyNode *validPolicyTree;
        PKIX_List *userInitialPolicySet;                /* immutable */
        PKIX_List *mappedUserInitialPolicySet;
        PKIX_Boolean policyQualifiersRejected;
        PKIX_Boolean initialPolicyMappingInhibit;
        PKIX_Boolean initialExplicitPolicy;
        PKIX_Boolean initialAnyPolicyInhibit;
        PKIX_UInt32 explicitPolicy;
        PKIX_UInt32 inhibitAnyPolicy;
        PKIX_UInt32 policyMapping;
        PKIX_UInt32 numCerts;
        PKIX_UInt32 certsProcessed;
        PKIX_PolicyNode *anyPolicyNodeAtBottom;
        PKIX_PolicyNode *newAnyPolicyNode;
        /*
         * The following variables do not survive from one
         * certificate to the next. They are needed at each
         * level of recursive routines, any by placing them
         * in the state object we can pass fewer arguments.
         */
        PKIX_Boolean certPoliciesCritical;
        PKIX_List *mappedPolicyOIDs;
};

PKIX_Error *
pkix_PolicyChecker_Initialize(
        PKIX_List *initialPolicies,
        PKIX_Boolean policyQualifiersRejected,
        PKIX_Boolean initialPolicyMappingInhibit,
        PKIX_Boolean initialExplicitPolicy,
        PKIX_Boolean initialAnyPolicyInhibit,
        PKIX_UInt32 numCerts,
        PKIX_CertChainChecker **pChecker,
        void *plContext);

/* --Private-Functions-------------------------------------------- */

PKIX_Error *
pkix_PolicyCheckerState_RegisterSelf(void *plContext);

#ifdef __cplusplus
}
#endif

#endif /* _PKIX_POLICYCHECKER_H */