/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*

 * This file defines functions associated with the PKIX_CertStore type.

 *

 */

#ifndef _PKIX_CERTSTORE_H

#define _PKIX_CERTSTORE_H

#include "pkixt.h"

#ifdef __cplusplus

extern "C" {

#endif

/* General

 *

 * Please refer to the libpkix Programmer's Guide for detailed information

 * about how to use the libpkix library. Certain key warnings and notices from

 * that document are repeated here for emphasis.

 *

 * All identifiers in this file (and all public identifiers defined in

 * libpkix) begin with "PKIX_". Private identifiers only intended for use

 * within the library begin with "pkix_".

 *

 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.

 *

 * Unless otherwise noted, for all accessor (gettor) functions that return a

 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a

 * shared object. Therefore, the caller should treat this shared object as

 * read-only and should not modify this shared object. When done using the

 * shared object, the caller should release the reference to the object by

 * using the PKIX_PL_Object_DecRef function.

 *

 * While a function is executing, if its arguments (or anything referred to by

 * its arguments) are modified, free'd, or destroyed, the function's behavior

 * is undefined.

 *

 */

/* PKIX_CertStore

 *

 * A PKIX_CertStore provides a standard way for the caller to retrieve

 * certificates and CRLs from a particular repository (or "store") of

 * certificates and CRLs, including LDAP directories, flat files, local

 * databases, etc. The CertCallback allows custom certificate retrieval logic

 * to be used while the CRLCallback allows custom CRL retrieval logic to be

 * used. Additionally, a CertStore can be initialized with a certStoreContext,

 * which is where the caller can specify configuration data such as the host

 * name of an LDAP server. Note that this certStoreContext must be an

 * Object (although any object type), allowing it to be reference-counted and

 * allowing it to provide the standard Object functions (Equals, Hashcode,

 * ToString, Compare, Duplicate). Please note that each certStoreContext must

 * provide Equals and Hashcode functions in order for the caching (on Cert and

 * CertChain) to work correctly. When providing those two functions, it is not

 * required that all the components of the object be hashed or checked for 

 * equality, but merely that the functions distinguish between unique

 * instances of the certStoreContext.

 *

 * Once the caller has created the CertStore object, the caller then specifies

 * these CertStore objects in a ProcessingParams object and passes that object

 * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the

 * user's callback functions as needed during the validation or building

 * process.

 *

 * The order of CertStores stored (as a list) at ProcessingParams determines

 * the order in which certificates are retrieved. Trusted CertStores should

 * precede non-trusted ones on the list of CertStores so their certificates

 * are evaluated ahead of other certificates selected on the basis of the same

 * selector criteria.

 *

 * The CheckTrustCallback function is used when the CertStore object

 * supports trust status, which means a Cert's trust status can be altered

 * dynamically. When a CertStore object is created, if the

 * CheckTrustCallback is initialized to be non-NULL, this CertStore is

 * defaulted as supporting trust. Then whenever a Cert needs to (re)check its

 * trust status, this callback can be invoked. When a Cert is retrieved by

 * a CertStore supports trust, at its GetCertCallback, the CertStore

 * information should be updated in Cert's data structure so the link between

 * the Cert and CertStore exists.

 *

 */

/*

 * FUNCTION: PKIX_CertStore_CertCallback

 * DESCRIPTION:

 *

 *  This callback function retrieves from the CertStore pointed to by "store"

 *  all the certificates that match the CertSelector pointed to by "selector".

 *  It places these certificates in a List and stores a pointer to the List at

 *  "pCerts". If no certificates are found which match the CertSelector's

 *  criteria, this function stores an empty List at "pCerts". In either case, if

 *  the operation is completed, NULL is stored at "pNBIOContext".

 *

 *  A CertStore which uses non-blocking I/O may store platform-dependent

 *  information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is

 *  pending. A subsequent call to PKIX_CertStore_CertContinue is required to

 *  finish the operation and to obtain the List of Certs.

 *

 *  Note that the List returned by this function is immutable.

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which Certs are to be retrieved.

 *      Must be non-NULL.

 *  "selector"

 *      Address of CertSelector whose criteria must be satisfied.

 *      Must be non-NULL.

 *  "verifyNode"

 *      Parent log node for tracking of filtered out certs.

 *  "pNBIOContext"

 *      Address at which platform-dependent information is stored if the

 *      operation is suspended for non-blocking I/O. Must be non-NULL.

 *  "pCerts"

 *      Address where object pointer will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

typedef PKIX_Error *

(*PKIX_CertStore_CertCallback)(

        PKIX_CertStore *store,

        PKIX_CertSelector *selector,

        PKIX_VerifyNode *verifyNode,

        void **pNBIOContext,

        PKIX_List **pCerts,  /* list of PKIX_PL_Cert */

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_CertContinue

 * DESCRIPTION:

 *

 *  This function continues the non-blocking operation initiated by an earlier

 *  call to the CertCallback function, for the CertStore pointed to by "store". 

 *  If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL

 *  value returned in "pNBIOContext") calling this function will return a fatal

 *  error. If the operation is completed the certificates found are placed in a

 *  List, a pointer to which is stored at "pCerts". If no certificates are found

 *  which match the CertSelector's criteria, this function stores an empty List

 *  at "pCerts". In either case, if the operation is completed, NULL is stored

 *  at "pNBIOContext".

 *

 *  If non-blocking I/O is still pending this function stores platform-dependent

 *  information at "pNBIOContext" and NULL at "pCerts". A subsequent call to

 *  PKIX_CertStore_CertContinue is required to finish the operation and to

 *  obtain the List of Certs.

 *

 *  Note that the List returned by this function is immutable.

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which Certs are to be retrieved.

 *      Must be non-NULL.

 *  "selector"

 *      Address of CertSelector whose criteria must be satisfied.

 *      Must be non-NULL.

 *  "verifyNode"

 *      Parent log node for tracking of filtered out certs.

 *  "pNBIOContext"

 *      Address at which platform-dependent information is stored if the

 *      operation is suspended for non-blocking I/O. Must be non-NULL.

 *  "pCerts"

 *      Address where object pointer will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_CertContinue(

        PKIX_CertStore *store,

        PKIX_CertSelector *selector,

        PKIX_VerifyNode *verifyNode,

        void **pNBIOContext,

        PKIX_List **pCerts,  /* list of PKIX_PL_Cert */

        void *plContext);

typedef PKIX_Error *

(*PKIX_CertStore_CertContinueFunction)(

        PKIX_CertStore *store,

        PKIX_CertSelector *selector,

        PKIX_VerifyNode *verifyNode,

        void **pNBIOContext,

        PKIX_List **pCerts,  /* list of PKIX_PL_Cert */

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_CRLCallback

 * DESCRIPTION:

 *

 *  This callback function retrieves from the CertStore pointed to by "store"

 *  all the CRLs that match the CRLSelector pointed to by "selector". It

 *  places these CRLs in a List and stores a pointer to the List at "pCRLs".

 *  If no CRLs are found which match the CRLSelector's criteria, this function

 *  stores an empty List at "pCRLs". In either case, if the operation is

 *  completed, NULL is stored at "pNBIOContext".

 *

 *  A CertStore which uses non-blocking I/O may store platform-dependent

 *  information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is

 *  pending. A subsequent call to PKIX_CertStore_CRLContinue is required to

 *  finish the operation and to obtain the List of Crls.

 *

 *  Note that the List returned by this function is immutable.

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which CRLs are to be retrieved.

 *      Must be non-NULL.

 *  "selector"

 *      Address of CRLSelector whose criteria must be satisfied.

 *      Must be non-NULL.

 *  "pCrls"

 *      Address where object pointer will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

typedef PKIX_Error *

(*PKIX_CertStore_CRLCallback)(

        PKIX_CertStore *store,

        PKIX_CRLSelector *selector,

        void **pNBIOContext,

        PKIX_List **pCrls,  /* list of PKIX_PL_CRL */

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_ImportCrlCallback

 * DESCRIPTION:

 *

 * The function imports crl list into a cert store. Stores that

 * have local cache may only have that function defined.

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which CRLs are to be retrieved.

 *      Must be non-NULL.

 *  "issuerName"

 *      Name of the issuer that will be used to track bad der crls.

 *  "crlList"

 *      Address on the importing crl list.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

typedef PKIX_Error *

(*PKIX_CertStore_ImportCrlCallback)(

        PKIX_CertStore *store,

        PKIX_PL_X500Name *issuerName,

        PKIX_List *crlList,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback

 * DESCRIPTION:

 *

 * The function checks revocation status of a cert with specified

 * issuer, date. It returns revocation status of a cert and

 * a reason code(if any) if a cert was revoked.

 * 

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which CRLs are to be retrieved.

 *      Must be non-NULL.

 *  "cert"

 *      Certificate which revocation status will be checked.

 *  "issuer"

 *      Issuer certificate of the "crl".

 *  "date"

 *      Date of the revocation check.

 *  "crlDownloadDone"

 *      Indicates, that all needed crl downloads are done by the time of

 *      the revocation check.

 *  "reasonCode"

 *      If cert is revoked, returned reason code for  which a cert was revoked.

 *  "revStatus"

 *      Returned revocation status of the cert. See PKIX_RevocationStatus

 *      for more details

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

typedef PKIX_Error *

(*PKIX_CertStore_CheckRevokationByCrlCallback)(

        PKIX_CertStore *store,

        PKIX_PL_Cert *cert,

        PKIX_PL_Cert *issuer,

        PKIX_PL_Date *date,

        PKIX_Boolean  crlDownloadDone,

        PKIX_UInt32 *reasonCode,

        PKIX_RevocationStatus *revStatus,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_CrlContinue

 * DESCRIPTION:

 *

 *  This function continues the non-blocking operation initiated by an earlier

 *  call to the CRLCallback function, for the CertStore pointed to by "store". 

 *  If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL

 *  value returned in "pNBIOContext") calling this function will return a fatal

 *  error. If the operation is completed the crls found are placed in a List, a

 *  pointer to which is stored at "pCrls". If no crls are found which match the

 *  CRLSelector's criteria, this function stores an empty List at "pCrls". In

 *  either case, if the operation is completed, NULL is stored at "pNBIOContext".

 *

 *  If non-blocking I/O is still pending this function stores platform-dependent

 *  information at "pNBIOContext" and NULL at "pCrls". A subsequent call to

 *  PKIX_CertStore_CrlContinue is required to finish the operation and to

 *  obtain the List of Crls.

 *

 *  Note that the List returned by this function is immutable.

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which Crls are to be retrieved.

 *      Must be non-NULL.

 *  "selector"

 *      Address of CRLSelector whose criteria must be satisfied.

 *      Must be non-NULL.

 *  "pNBIOContext"

 *      Address at which platform-dependent information is stored if the

 *      operation is suspended for non-blocking I/O. Must be non-NULL.

 *  "pCrls"

 *      Address where object pointer will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_CrlContinue(

        PKIX_CertStore *store,

        PKIX_CRLSelector *selector,

        void **pNBIOContext,

        PKIX_List **pCrls,  /* list of PKIX_PL_CRL */

        void *plContext);

typedef PKIX_Error *

(*PKIX_CertStore_CrlContinueFunction)(

        PKIX_CertStore *store,

        PKIX_CRLSelector *selector,

        void **pNBIOContext,

        PKIX_List **pCrls,  /* list of PKIX_PL_CRL */

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_CheckTrustCallback

 * DESCRIPTION:

 *

 *  This callback function rechecks "cert's" trust status from the CertStore

 *  pointed to by "store".

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore from which Certs are to be checked.

 *      Must be non-NULL.

 *  "cert"

 *      Address of Cert whose trust status needs to be rechecked.

 *      Must be non-NULL.

 *  "pTrusted"

 *      Address of PKIX_Boolean where the trust status is returned.

 *      Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe

 *

 *  Multiple threads must be able to safely call this function without

 *  worrying about conflicts, even if they're operating on the same object.

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

typedef PKIX_Error *

(*PKIX_CertStore_CheckTrustCallback)(

        PKIX_CertStore *store,

        PKIX_PL_Cert *cert,

        PKIX_Boolean *pTrusted,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_Create

 * DESCRIPTION:

 *

 *  Creates a new CertStore and stores it at "pStore". The new CertStore uses

 *  the CertCallback pointed to by "certCallback" and the CRLCallback pointed

 *  to by "crlCallback" as its callback functions and uses the Object pointed

 *  to by "certStoreContext" as its context . Note that this certStoreContext

 *  must be an Object (although any object type), allowing it to be

 *  reference-counted and allowing it to provide the standard Object functions

 *  (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a

 *  CertStore object is immutable, although the underlying repository can

 *  change. For example, a CertStore will often be a front-end for a database

 *  or directory. The contents of that directory can change after the

 *  CertStore object is created, but the CertStore object remains immutable.

 *

 * PARAMETERS:

 *  "certCallback"

 *      The CertCallback function to be used. Must be non-NULL.

 *  "crlCallback"

 *      The CRLCallback function to be used. Must be non-NULL.

 *  "certContinue"

 *      The function to be used to resume a certCallback that returned with a

 *      WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking

 *      I/O.

 *  "crlContinue"

 *      The function to be used to resume a crlCallback that returned with a

 *      WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking

 *      I/O.

 *  "trustCallback"

 *      Address of PKIX_CertStore_CheckTrustCallback which is called to

 *      verify the trust status of Certs in this CertStore.

 *  "certStoreContext"

 *      Address of Object representing the CertStore's context (if any).

 *  "cachedFlag"

 *      If TRUE indicates data retrieved from CertStore should be cached.

 *  "localFlag"

 *      Boolean value indicating whether this CertStore is local.

 *  "pStore"

 *      Address where object pointer will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a CertStore Error if the function fails in a non-fatal way.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_Create(

        PKIX_CertStore_CertCallback certCallback,

        PKIX_CertStore_CRLCallback crlCallback,

        PKIX_CertStore_CertContinueFunction certContinue,

        PKIX_CertStore_CrlContinueFunction crlContinue,

        PKIX_CertStore_CheckTrustCallback trustCallback,

        PKIX_CertStore_ImportCrlCallback importCrlCallback,

        PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,

        PKIX_PL_Object *certStoreContext,

        PKIX_Boolean cachedFlag,

        PKIX_Boolean localFlag,

        PKIX_CertStore **pStore,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetCertCallback

 * DESCRIPTION:

 *

 *  Retrieves a pointer to "store's" Cert callback function and put it in

 *  "pCallback".

 *

 * PARAMETERS:

 *  "store"

 *      The CertStore whose Cert callback is desired. Must be non-NULL.

 *  "pCallback"

 *      Address where Cert callback function pointer will be stored.

 *      Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetCertCallback(

        PKIX_CertStore *store,

        PKIX_CertStore_CertCallback *pCallback,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetCRLCallback

 * DESCRIPTION:

 *

 *  Retrieves a pointer to "store's" CRL callback function and put it in

 *  "pCallback".

 *

 * PARAMETERS:

 *  "store"

 *      The CertStore whose CRL callback is desired. Must be non-NULL.

 *  "pCallback"

 *      Address where CRL callback function pointer will be stored.

 *      Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetCRLCallback(

        PKIX_CertStore *store,

        PKIX_CertStore_CRLCallback *pCallback,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetImportCrlCallback

 * DESCRIPTION:

 *

 *  Retrieves a pointer to "store's" Import CRL callback function and put it in

 *  "pCallback".

 *

 * PARAMETERS:

 *  "store"

 *      The CertStore whose CRL callback is desired. Must be non-NULL.

 *  "pCallback"

 *      Address where CRL callback function pointer will be stored.

 *      Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetImportCrlCallback(

        PKIX_CertStore *store,

        PKIX_CertStore_ImportCrlCallback *pCallback,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetCheckRevByCrl

 * DESCRIPTION:

 *

 *  Retrieves a pointer to "store's" CRL revocation checker callback function

 *  and put it in "pCallback".

 *

 * PARAMETERS:

 *  "store"

 *      The CertStore whose CRL callback is desired. Must be non-NULL.

 *  "pCallback"

 *      Address where CRL callback function pointer will be stored.

 *      Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetCrlCheckerFn(

        PKIX_CertStore *store,

        PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetTrustCallback

 * DESCRIPTION:

 *

 *  Retrieves the function pointer to the CheckTrust callback function of the

 *  CertStore pointed to by "store" and stores it at "pCallback".

 *

 * PARAMETERS:

 *  "store"

 *      The CertStore whose CheckTrust callback is desired. Must be non-NULL.

 *  "pCallback"

 *      Address where CheckTrust callback function pointer will be stored.

 *      Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetTrustCallback(

        PKIX_CertStore *store,

        PKIX_CertStore_CheckTrustCallback *pCallback,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetCertStoreContext

 * DESCRIPTION:

 *

 *  Retrieves a pointer to the Object representing the context (if any)

 *  of the CertStore pointed to by "store" and stores it at

 *  "pCertStoreContext".

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore whose context is to be stored. Must be non-NULL.

 *  "pCertStoreContext"

 *      Address where object pointer will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetCertStoreContext(

        PKIX_CertStore *store,

        PKIX_PL_Object **pCertStoreContext,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag

 * DESCRIPTION:

 *

 *  Retrieves the Boolean cache flag of the CertStore pointed to by "store" and

 *  stores it at "pCachedFlag".

 *

 * PARAMETERS:

 *  "store"

 *      Address of CertStore whose cache flag is to be stored. Must be non-NULL.

 *  "pCacheFlag"

 *      Address where the result will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetCertStoreCacheFlag(

        PKIX_CertStore *store,

        PKIX_Boolean *pCacheFlag,

        void *plContext);

/*

 * FUNCTION: PKIX_CertStore_GetLocalFlag

 * DESCRIPTION:

 *

 *  Retrieves the Boolean localFlag for the CertStore pointed to by "store" and

 *  stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can

 *  fulfill a request without performing network I/O.

 *

 * PARAMETERS:

 *  "store"

 *      The CertStore whose Local flag is desired. Must be non-NULL.

 *  "pCallback"

 *      Address where the Boolean LocalFlag will be stored. Must be non-NULL.

 *  "plContext"

 *      Platform-specific context pointer.

 * THREAD SAFETY:

 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)

 * RETURNS:

 *  Returns NULL if the function succeeds.

 *  Returns a Fatal Error if the function fails in an unrecoverable way.

 */

PKIX_Error *

PKIX_CertStore_GetLocalFlag(

        PKIX_CertStore *store,

        PKIX_Boolean *pLocalFlag,

        void *plContext);

#ifdef __cplusplus

}

#endif

#endif /* _PKIX_CERTSTORE_H */