RSA BSAFE Cert-C API Reference

certext.h

Go to the documentation of this file.

/*
* Copyright (c) RSA Security Inc., 1999-2003.  All rights reserved.
* This work contains proprietary, confidential, and trade secret
* information of RSA Security Inc.  Use, disclosure or reproduction
* without the express written authorization of RSA Security Inc. is
* prohibited.
*/

#ifndef HEADER_BSAFE_CERTC_CERTEXT
#define HEADER_BSAFE_CERTC_CERTEXT 1

#include "basetype.h"
#include "certlist.h"
#include "certattr.h"
#include "certname.h"

#ifdef __cplusplus
extern "C" {
#endif

typedef struct TYPED_STRING {
  unsigned int  type;           /* the character type for the string */
  ITEM          value;          /* string length and value in bytes */
} TYPED_STRING;


/* Extension type handler call-backs */

typedef struct EXTENSION_HANDLER {
  /* Allocate and add new value to the value list */
  int (*AllocAndCopy) (
    POINTER *newValue,          /* (out) new copy of value */
    POINTER  value);            /* value to be copied */

  /* Delete value allocated by AllocAndCopy by freeing its storage */
  VALUE_DESTRUCTOR Destructor;

  /* Get value in encoded format */
  int (*GetEncodedValue) (
    LIST_OBJ        valueList,  /* values to be encoded */
    unsigned char **der,        /* (out) encoded values */
    unsigned int   *derLen);    /* (out) length of encoded values */

  /* Decode the encoded value into components and save */
  int (*SetEncodedValue) (
    LIST_OBJ       valueList,         /* decoded value(s) */
    unsigned char *ber,               /* value(s) to be decoded */
    unsigned int   berLen,            /* length of value(s) to be decoded */
    LIST_OBJ_ENTRY_HANDLER
                  *listEntryHandler); /* list entry handler */
} EXTENSION_HANDLER;

#define ALLOW_OVERRIDE_CRITICALITY 1

/* Type(s) of extensionsObject to which an extension may belong */
#define CERT_EXTENSIONS_OBJ         0x01
#define CRL_EXTENSIONS_OBJ          0x02
#define CRL_ENTRY_EXTENSIONS_OBJ    0x04
#define OCSP_REQUEST_EXTENSIONS_OBJ 0x08
#define OCSP_SINGLE_EXTENSIONS_OBJ  0x10
#define _EXTENSIONS_OBJ_TYPE_MASK   0x1f /* the union of all bits above (not
                                            needed for application use) */

typedef struct EXTENSION_TYPE_INFO {
  ITEM              type;                /* extension's OID */
  unsigned int      criticality;         /* extension's criticality */
  unsigned int      overrideCriticality; /* allow override criticality */
  unsigned int      overrideHandler;     /* allow override handler */
  UINT2             authenObjects;       /* object which can include this extension */
  unsigned int      uniqueValue;         /* if it is set to 0, the extension can have
                                                                                              multiple values; otherwise it can have at
                                            most one */
  EXTENSION_HANDLER handler;             /* extension's handler */
} EXTENSION_TYPE_INFO;

typedef struct EXTENSION_INFO {
  unsigned char *type;         /* extension's OID */
  unsigned int   typeLen;      /* extension's OID length */
  unsigned int   criticalFlag; /* extension criticality */
  unsigned int   valueCount;   /* extension value entries count */
  POINTER reserved;            /* reserved for future use */
} EXTENSION_INFO;

/* Supported X.509 v3 CRL Extension types */
extern unsigned char ET_CRL_NUMBER[];
extern unsigned char ET_DELTA_CRL_INDICATOR[];
extern unsigned char ET_ISSUING_DISTRIBUTION_POINTS[];

/* Supported x.509 v3 CRL Entry Extension types */
extern unsigned char ET_REASON_CODE[];
extern unsigned char ET_INSTRUCTION_CODE[];
extern unsigned char ET_INVALID_DATE[];
extern unsigned char ET_CERT_ISSUER[];

/* Supported X.509 v3 Certificate Extension types */
extern unsigned char ET_AUTHORITY_KEY_ID[];
extern unsigned char ET_CERT_POLICIES[];
extern unsigned char ET_ISSUER_ALTNAME[];
extern unsigned char ET_SUBJECT_ALTNAME[];
extern unsigned char ET_BASIC_CONSTRAINTS[];
extern unsigned char ET_POLICY_CONSTRAINTS_36[];
extern unsigned char ET_SUBJECT_DIR_ATTRIB[];
extern unsigned char ET_SUBJECT_KEY_ID[];
extern unsigned char ET_KEY_USAGE[];
extern unsigned char ET_INHIBIT_ANYPOLICY[];
extern unsigned char ET_POLICY_MAPPINGS[];
extern unsigned char ET_PRIVATE_KEY_USAGE_PERIOD[];
extern unsigned char ET_NAME_CONSTRAINTS[];
extern unsigned char ET_EXTENDED_KEY_USAGE[];
extern unsigned char ET_CRL_DISTRIBUTION_POINTS[];
extern unsigned char ET_AUTHORITY_INFO_ACCESS[];

/* Supported OCSP Request Extension types
 * (requestExtensions only) */
extern unsigned char ET_OCSP_NONCE[];
extern unsigned char ET_OCSP_RESPONSE[];

/* OCSP Response Extension types */
extern unsigned char ET_OCSP_CRL_REFERENCES[];
extern unsigned char ET_OCSP_ARCHIVE_CUTOFF[];
extern unsigned char ET_OCSP_NOCHECK[];

/* Supported X.509 v3 Extension type lengths
 */
#define ET_AUTHORITY_KEY_ID_LEN    3
#define ET_BASIC_CONSTRAINTS_LEN   3
#define ET_CERT_POLICIES_LEN       3
#define ET_CRL_NUMBER_LEN          3
#define ET_DELTA_CRL_INDICATOR_LEN 3
#define ET_INSTRUCTION_CODE_LEN    3
#define ET_INVALID_DATE_LEN        3
#define ET_ISSUER_ALTNAME_LEN      3
#define ET_REASON_CODE_LEN         3
#define ET_SUBJECT_ALTNAME_LEN     3
#define ET_POLICY_CONSTRAINTS_36_LEN 3
#define ET_SUBJECT_DIR_ATTRIB_LEN  3
#define ET_SUBJECT_KEY_ID_LEN      3
#define ET_KEY_USAGE_LEN           3
#define ET_INHIBIT_ANYPOLICY_LEN   3
#define ET_PRIVATE_KEY_USAGE_PERIOD_LEN 3
#define ET_POLICY_MAPPINGS_LEN     3
#define ET_NAME_CONSTRAINTS_LEN    3
#define ET_EXTENDED_KEY_USAGE_LEN  3
#define ET_ISSUING_DISTRIBUTION_POINTS_LEN 3
#define ET_CERT_ISSUER_LEN         3
#define ET_CRL_DISTRIBUTION_POINTS_LEN 3
#define ET_AUTHORITY_INFO_ACCESS_LEN 8

#define ET_OCSP_NONCE_LEN          9
#define ET_OCSP_RESPONSE_LEN       9
#define ET_OCSP_CRL_REFERENCES_LEN 9
#define ET_OCSP_ARCHIVE_CUTOFF_LEN 9
#define ET_OCSP_NOCHECK_LEN        9

/* Default Unknown Extension Type */
extern unsigned char ET_UNKNOWN_TYPE[];

/* Default Unknown Extension Type Length */
#define ET_UNKNOWN_TYPE_LEN 12


/* Extension Criticality flags */
#define NON_CRITICAL  0             /* extension is not critical */
#define CRITICAL      1             /* extension is critical */

#define ALLOW_OVERRIDE_HANDLER 1    /* allow overriding of the extension */

typedef UINT4  KEY_USAGE;


/* Subject Key Identifier extension value type.
   The subjectKeyIdentifier extension is an object identifier.
 */

typedef ITEM  SUBJECT_KEY_ID;


/* Subject Directory Attributes extension value type.
   The subjectDirectoryAttributes extension is an ATTRIBUTES_OBJ.
 */

typedef ATTRIBUTES_OBJ  SUBJECT_DIR_ATTRIB;


/* Supported standard extension value data types */

/* Certificate Extension value data type */

/* Alternate name for the certficate and crl extensions */
#define CN_OTHER_NAME        0
#define CN_RFC822_NAME       1
#define CN_DNS_NAME          2
#define CN_X400_ADDRESS      3
#define CN_DIRECTORY_NAME    4
#define CN_EDI_PARTY_NAME    5
#define CN_RESOURCE_LOCATOR  6
#define CN_IP_ADDRESS        7
#define CN_REGISTERED_ID     8

/* alternateName data structures.  Used as extension value for
   issuerAlternateName and subjectAlternateName extensions. */

typedef struct OTHER_NAME {
  ITEM typeId;      /* OID for value type */
  ITEM value;       /* value */
} OTHER_NAME;

typedef struct EDI_PARTY_NAME {
  TYPED_STRING  nameAssigner;  /* PKIX / X.520 Directory String */
  TYPED_STRING  partyName;     /* PKIX / X.520 Directory String */
} EDI_PARTY_NAME;

/* X.400 OR_ADDRESS data structures for use in ALTERNATE_NAME */

/* Upper bound buffer size limitation */
#define UB_CommonNameLength             64
#define UB_CountryNameNumericLength      3
#define UB_CountryNameAlphaLength        2
#define UB_DomainNameLength             16
#define UB_x121AddressLength            16
#define UB_TerminalIdLength             24
#define UB_OrganizationNameLength       64
#define UB_NumericUserIdLength          32
#define UB_SurNameLength                40
#define UB_GivenNameLength              16
#define UB_InitialsLength                5
#define UB_GenerationQualifierLength     3
#define UB_OrganizationalUnits           4
#define UB_OrganizationalUnitNameLength 32
#define UB_DefinedAttributes             4
#define UB_DefinedAttributeTypeLength    8
#define UB_DefinedAttributeValueLength 128
#define UB_ExtensionAttributes         256
#define UB_pdsNameLength                16
#define UB_postalCodeLength             16
#define UB_pdsParameterLength           30
#define UB_pdsPhysicalAddressLines       6
#define UB_unformattedAddressLength    180
#define UB_e1634NumberLength            15
#define UB_e1634SubAddressLength        40

typedef struct PERSONAL_NAME {
  ITEM surname;             /* Type is Printable String. Max length is UB_SurNameLength */
  ITEM givenName;           /* Type is Printable String. Max length is UB_GivenNameLength */
  ITEM initials;            /* Type is Printable String. Max length is UB_InitialsLength */
  ITEM generationQualifier; /* Type is Printable String. Max length is UB_GenerationQualifierLength */
} PERSONAL_NAME;

typedef struct ORG_UNIT_NAMES {
  unsigned int  orgUnitNamesCount; /* number of orgUnitName items */
  ITEM         *orgUnitName;       /* points to printable string */
} ORG_UNIT_NAMES;

#define SA_COUNTRY_NAME_VALID       0x00000001
#define SA_ADMIN_DOMAIN_NAME_VALID  0x00000002
#define SA_NETWORK_ADDRESS_VALID    0x00000004
#define SA_TERMINAL_ID_VALID        0x00000008
#define SA_PRIVATE_DOMAIN_VALID     0x00000010
#define SA_ORGANIZATION_NAME_VALID  0x00000020
#define SA_NUMERIC_USER_ID_VALID    0x00000040
#define SA_PERSON_NAME_VALID        0x00000080
#define SA_ORG_UNIT_NAMES_VALID     0x00000100

typedef struct STANDARD_ATTRIBUTES {
  UINT4         validFields;
  TYPED_STRING  countryName;  /* valid only if SA_COUNTRY_NAME_VALID is set in validFields */
                              /* points to numeric string or printable string */
                              /* Max length of the Data member is UB_CountryNameNumericLength
                                 for numeric string and UB_CountryNameAlphaLength for printable string */
  TYPED_STRING  administrationDomainName; /* valid only if SA_ADMIN_DOMAIN_NAME_VALID is set in validFields */
                              /* points to numeric string or printable string */
                              /* Max length of the Data member is UB_DomainNameLength */
  ITEM          networkAddress; /* valid only if SA_NETWORK_ADDRESS_VALID is set in validFields */
                              /* points to numeric string */
                              /* Max length of the Data member is UB_x121AddressLength */
  ITEM          terminalId;   /* valid only if SA_TERMINAL_ID_VALID is set in validFields */
                              /* points to printable string */
                              /* Max length of the Data member is UB_TerminalIdLength */
  TYPED_STRING  privateDomainName; /* valid only if SA_PRIVATE_DOMAIN_VALID is set in validFields */
                              /* points to numeric string or printable string */
                              /* Max length of the Data member is UB_DomainNameLength */
  ITEM          organizationName; /* valid only if SA_ORGANIZATION_NAME_VALID is set in validFields */
                              /* points to printable string */
                              /* Max length of the Data member is UB_OrganizationNameLength */
  ITEM          numericUserId;/* valid only if SA_NUMERIC_USER_ID_VALID is set in validFields */
                              /* points to numeric string */
                              /* Max length of the Data member is UB_NumericUserIdLength */
  PERSONAL_NAME personalName; /* valid only if SA_PERSON_NAME_VALID is set in validFields */
                              /* points to printable string */
  ORG_UNIT_NAMES orgUnitNames;/* valid only if SA_ORG_UNIT_NAMES_VALID is set in validFields */
                              /* points to printable string */
} STANDARD_ATTRIBUTES;

typedef struct DEFINED_ATTRIBUTE {
  ITEM type;     /* points to printable string */
  ITEM value;    /* points to printable string */
} DEFINED_ATTRIBUTE;

typedef struct DEFINED_ATTRIBUTES {
  unsigned int       definedAttributesCount;
  DEFINED_ATTRIBUTE *definedAttribute;
} DEFINED_ATTRIBUTES;

/* Extension value structures for ENTENSION_ATTRIBUTE value */

#define TELETEX_PERSONAL_NAME  PERSONAL_NAME

#define TELETEX_DOMAIN_DEFINED_ATTRS  DEFINED_ATTRIBUTES

typedef struct PDS_PARAMETER {
  ITEM printableString;  /* points to printable string */
  ITEM teletexString;    /* points to teletex string */
} PDS_PARAMETER;

typedef struct UNFORMATTED_POSTAL_ADDR {
  unsigned int  printableAddrCount; /* number of printableAddr items */
  ITEM         *printableAddr;      /* points to printable string */
  ITEM          teletexString;      /* points to teletex string */
} UNFORMATTED_POSTAL_ADDR;


#define ENA_PRESENTATION 1
#define ENA_E163_4       2

typedef struct E163_4_ADDR {
  ITEM  number;     /* points to numeric string */
  ITEM  subAddress; /* points to numeric string */
} E163_4_ADDR;

typedef struct PRESENTATION_ADDR {
  ITEM          pSelector;     /* points to octet string */
  ITEM          sSelector;     /* points to octet string */
  ITEM          tSelector;     /* points to octet string */
  unsigned int  nAddressCount; /* Number of nAddress */
  ITEM        * nAddress;      /* points to octet string */
} PRESENTATION_ADDR;

typedef struct EXTENDED_NETWORK_ADDR {
  unsigned int type;
  union {
    E163_4_ADDR       e1634Addr;
    PRESENTATION_ADDR presentationAddr;
  } addr;
} EXTENDED_NETWORK_ADDR;

/* defined integer values for EA_TERMINAL_TYPE */
#define EA_TT_TELEX         3
#define EA_TT_TELETEX       4
#define EA_TT_G3_FACSIMILE  5
#define EA_TT_G4_FACSIMILE  6
#define EA_TT_IA5_TERMINAL  7
#define EA_TT_VIDEOTEX      8

/* ENTENSION_ATTRIBUTE type values */
#define EA_COMMON_NAME                        1   /* ITEM - Printable string */
#define EA_TELETEX_COMMON_NAME                2   /* ITEM - Teletex/T61 string */
#define EA_TELETEX_ORG_NAME                   3   /* ITEM - Teletex/T61 string */
#define EA_TELETEX_PERSONAL_NAME              4   /* TELETEX_PERSONAL_NAME */
#define EA_TELETEX_ORG_UNIT_NAME              5   /* ORG_UNIT_NAMES */
#define EA_TELETEX_DOMAIN_DEFINED_ATTRS       6   /* TELETEX_DOMAIN_DEFINED_ATTRS */
#define EA_PDS_NAME                           7   /* ITEM - Printable string */
#define EA_PHYSICAL_DELIVERY_COUNTRY_NAME     8   /* TYPED_STRING - either printable
                                                     string or numeric string */
#define EA_POSTAL_CODE                        9   /* TYPED_STRING - either printable
                                                     string or numeric string */
#define EA_PHYSICAL_DELIVERY_OFFICE_NAME      10  /* PDS_PARAMETER */
#define EA_PHYSICAL_DELIVERY_OFFICE_NUMBER    11  /* PDS_PARAMETER */
#define EA_EXTENSION_OR_ADDR_COMPONENTS       12  /* PDS_PARAMETER */
#define EA_PHYSICAL_DELIVERY_PERSONAL_NAME    13  /* PDS_PARAMETER */
#define EA_PHYSICAL_DELIVERY_ORG_NAME         14  /* PDS_PARAMETER */
#define EA_PHYSICAL_DELIVERY_ADDR_COMPONENTS  15  /* PDS_PARAMETER */
#define EA_UNFORMATTED_POSTAL_ADDR            16  /* UNFORMATTED_POSTAL_ADDR */
#define EA_STREET_ADDR                        17  /* PDS_PARAMETER */
#define EA_PO_BOX                             18  /* PDS_PARAMETER */
#define EA_POSTE_RESTANTE_ADDR                19  /* PDS_PARAMETER */
#define EA_UNIQUE_POSTAL_NAME                 20  /* PDS_PARAMETER */
#define EA_LOCAL_POSTAL_ATTRS                 21  /* PDS_PARAMETER */
#define EA_EXTENDED_NETWORK_ADDR              22  /* EXTENDED_NETWORK_ADDR */
#define EA_TERMINAL_TYPE                      23  /* Integer */

typedef struct EXTENSION_ATTRIBUTE {
  unsigned int type;
  POINTER      value;    /* Pointer to value defined by "type" */
} EXTENSION_ATTRIBUTE;

typedef struct EXTENSION_ATTRIBUTES {
  unsigned int         extensionAttributesCount;
  EXTENSION_ATTRIBUTE *extensionAttribute;
} EXTENSION_ATTRIBUTES;

typedef struct OR_ADDRESS {
  STANDARD_ATTRIBUTES  standardAttributes;
  DEFINED_ATTRIBUTES   definedAttributes;
  EXTENSION_ATTRIBUTES extensionAttributes;
} OR_ADDRESS;

typedef struct ALTERNATE_NAME {
  unsigned int altNameType;
  union {
    OTHER_NAME     otherName;       /* OTHER_NAME structure */
    ITEM           rfc822Name;      /* IA5String type */
    ITEM           dNSName;         /* IA5String type */
    OR_ADDRESS     x400Address;     /* OR_ADDRESS structure */
    NAME_OBJ       directoryName;   /* Distinguished NameObject type */
    EDI_PARTY_NAME ediPartyName;    /* EDI_PARTY_MAME structure */
    ITEM           resourceLocator; /* IA5String type */
    ITEM           ipAddress;       /* Octet string type */
    ITEM           registeredID;    /* Object identifier type */
  } altName;
} ALTERNATE_NAME;

typedef ALTERNATE_NAME GENERAL_NAME;

typedef ALTERNATE_NAME ISSUER_ALTNAME;

/* Subject Alt Name extension value type
*/

typedef ALTERNATE_NAME SUBJECT_ALTNAME;

typedef struct AUTHORITY_KEY_ID {
  ITEM            keyIdentifier;    /* Optional unique key identifier  OR */
  ITEM            serialNumber;     /* issuer's certificate serial number */
  unsigned int    issuerNameCount;  /* issuer name count */
  ALTERNATE_NAME *issuerNames;      /* list of issuerNames */
} AUTHORITY_KEY_ID;

/* basicConstraint extension flags */
#define SUBJECT_TYPE_END_ENTITY  0   /* subject is an end user */
#define SUBJECT_TYPE_CA          1   /* subject may act as a CA */
#define UNLIMITED_PATH_LEN      -1   /* certificate path length is unlimited */
#define NOT_IN_USE              -2   /* field is not used and should be ignored */


typedef struct BASIC_CONSTRAINTS {
  unsigned int subjectType;       /* either SUBJECT_TYPE_CA or SUBJECT_TYPE_END_ENTITY */
  int          pathLenConstraint; /* this field is ignored if value of subjectType
                                     is not SUBJECT_TYPE_CA.  If the value is
                                     UNLIMITED_PATH_LEN, then there is no limit to
                                     the length of the certificate path. Otherwise,
                                     it specifies the length of the certificate path */
} BASIC_CONSTRAINTS;


typedef struct PRIVATE_KEY_USAGE_PERIOD {
  GENERALIZED_TIME start;       /* key validity starts */
  GENERALIZED_TIME end;         /* key validity end */
} PRIVATE_KEY_USAGE_PERIOD;


/* Well known policy identifier values
 */
extern unsigned char CERT_POLICY_ANYPOLICY[];

#define CERT_POLICY_ANYPOLICY_LEN       4


typedef  struct QualifierInfo{
  ITEM qualifierID;             /* policy element id */
  ITEM qualifier;               /* policy qualifier, if omitted set the */
                                /* data field to NULL_PTR, and length to 0 */
}QualifierInfo;

typedef struct POLICY_INFO {
  ITEM policyID;                     /* certificate policy identifier */
  unsigned int   qualifierInfoCount; /* qualifier count. To omit, set to 0 */
  QualifierInfo *qualifierInfo;      /* list of qualifierInfo with 'count' elements
                                        To omit, set to (QualifierInfo *)0 */
} POLICY_INFO;


/* policyConstraints extension.  This extension uses OID {id-ce 36}
   and replaces the deprecated Policy Constraints extension which used
   the OID {id-ce 34}.*/
typedef struct POLICY_CONSTRAINTS_36 {
  int requireExplicitPolicy;    /* number of certs to skip before required
                                   constraints apply.  To omit, set to NOT_IN_USE */
  int inhibitPolicyMapping;     /* number of certs to skip before policy mapping
                                   is not permitted; To omit, set to NOT_IN_USE */
} POLICY_CONSTRAINTS_36;

/* extended Key purpose OID*/
extern unsigned char KP_SERVERAUTH[];
extern unsigned char KP_CLIENTAUTH[];
extern unsigned char KP_CODESIGNING[];
extern unsigned char KP_EMAILPROTECTION[];
extern unsigned char KP_IPSECENDSYSTEM[];
extern unsigned char KP_IPSECTUNNEL[];
extern unsigned char KP_IPSECUSER[];
extern unsigned char KP_TIMESTAMPING[];
extern unsigned char KP_OCSPSIGNING[];

/* extended Key purpose OID lengths */
#define KP_SERVERAUTH_LEN      8
#define KP_CLIENTAUTH_LEN      8
#define KP_CODESIGNING_LEN     8
#define KP_EMAILPROTECTION_LEN 8
#define KP_IPSECENDSYSTEM_LEN  8
#define KP_IPSECTUNNEL_LEN     8
#define KP_IPSECUSER_LEN       8
#define KP_TIMESTAMPING_LEN    8
#define KP_OCSPSIGNING_LEN     8

typedef struct EXTENDED_KEY_USAGE {
  ITEM keyUsagePurpose;             /* The OID for extended Key usage purposes */
} EXTENDED_KEY_USAGE;

typedef struct GENERAL_SUBTREE {
  ALTERNATE_NAME base;
  int            minimum;
  int            maximum;
} GENERAL_SUBTREE;

typedef struct NAME_CONSTRAINTS {
  unsigned int     permittedSubtreeCount;
  GENERAL_SUBTREE *permittedSubtrees;
  unsigned int     excludedSubtreeCount;
  GENERAL_SUBTREE *excludedSubtrees;
} NAME_CONSTRAINTS;

typedef struct POLICY_MAPPING {
  ITEM issuerDomainPolicy;
  ITEM subjectDomainPolicy;
} POLICY_MAPPING;

/* CRL Distribution Points - Certificate Extension
   The CRL distribution points extension identifies how CRL
   information is obtained.  This certificate extension
   can have multiple values at any instance.
*/
#define DPN_FULL_NAME     0
#define DPN_RELATIVE_NAME 1

typedef struct GENERAL_NAMES {
  unsigned int     nameCount;
  GENERAL_NAME     *names;
} GENERAL_NAMES;

typedef struct DIST_POINT_NAME {
  unsigned int nameType;
  union {
    GENERAL_NAMES   fullNames;
    NAME_OBJ        nameRelativeToCRLIssuer;
  } name;
} DIST_POINT_NAME;

typedef struct DISTRIBUTION_POINT {
  DIST_POINT_NAME  *distPointName;
  UINT4            reasons;
  GENERAL_NAMES    *cRLIssuers;
} DISTRIBUTION_POINT;

/* DistributionPoint and IssuingDistributionPoint reasons values */
#define DPR_NO_REASONS             0x00000000
#define DPR_UNUSED                 0x00000040
#define DPR_KEY_COMPROMISE         0x00000020
#define DPR_CA_COMPROMISE          0x00000010
#define DPR_AFFILIATION_CHANGED    0x00000008
#define DPR_SUPERSEDED             0x00000004
#define DPR_CESSATION_OF_OPERATION 0x00000002
#define DPR_CERTIFICATE_HOLD       0x00000001

/* Issuing Distribute Point - CRL extension */
#define IDP_VALUE_FALSE           0
#define IDP_VALUE_TRUE            1

typedef struct ISSUING_DISTRIBUTION_POINT {
  DIST_POINT_NAME *distributionPoint;
  int             userCerts;
  int             CACerts;
  UINT4           reasons;
  int             indirectCRL;
} ISSUING_DISTRIBUTION_POINT;

typedef GENERAL_NAME CERT_ISSUER ;

/* AIA access method OIDs and lengths */
extern unsigned char AIA_CAISSUERS[];
extern unsigned char AIA_OCSP[];
#define AIA_CAISSUERS_LEN 8
#define AIA_OCSP_LEN      8

typedef struct AIA_DESCRIPTION {
  ITEM         accessMethod;
  GENERAL_NAME accessLocation;
} AIA_DESCRIPTION;

typedef UINT2 CRL_NUMBER;

typedef UINT2 DELTA_CRL_INDICATOR;

typedef unsigned int REASON_CODE;

/* CRL Reason Extensions values */
#define CR_UNSPECIFIED            0
#define CR_KEY_COMPROMISE         1
#define CR_CA_COMPROMISE          2
#define CR_AFFILIATION_CHANGED    3
#define CR_SUPERSEDED             4
#define CR_CESSATION_OF_OPERATION 5
#define CR_CERTIFICATE_HOLD       6
#define CR_REMOVE_FROM_CRL        8
#define CR_PRIVILEGE_WITHDRAWN    9
#define CR_AA_COMPROMISE          10

typedef struct OCSP_ACCEPTABLE_RESPONSES {
  unsigned int numTypes;
  ITEM         *type;        /* OID of the acceptable response W/O the leading type (0x06) and length octet(s) */
} OCSP_ACCEPTABLE_RESPONSES;

/* Supported OCSP response types are NOT defined here */

typedef enum {
  OCSP_CRLREF_TYPE_UNSPECIFIED=0, 
  OCSP_CRLREF_TYPE_URL        =1, 
  OCSP_CRLREF_TYPE_NUMBER     =2, 
  OCSP_CRLREF_TYPE_TIME       =3  
} OCSP_CRLREF_TYPE;

typedef struct {
  OCSP_CRLREF_TYPE   type; /* specifies use of "url", "number", or "time" */
  union {
    ITEM             url;
    ITEM             number;
    GENERALIZED_TIME time;
  } info;
} OCSP_CRL_REFERENCE;

typedef GENERALIZED_TIME ARCHIVE_CUTOFF;

typedef ITEM  INSTRUCTION_CODE;

typedef GENERALIZED_TIME  INVALID_DATE;

int C_GetExtensionTypeInfo (
  CERTC_CTX            ctx,     /* Cert-C context */
  unsigned char       *type,    /* extension OID */
  unsigned int         typeLen, /* extension OID length */
  EXTENSION_TYPE_INFO *info);   /* extension definition */

int C_RegisterExtensionType (
  CERTC_CTX            ctx,     /* Cert-C context */
  EXTENSION_TYPE_INFO *info);   /* extension definition */

int C_UnregisterExtensionType (
  CERTC_CTX      ctx,           /* Cert-C context */
  unsigned char *type,          /* extension OID */
  unsigned int   typeLen);      /* extension OID length */

int C_CreateExtensionsObject (
  EXTENSIONS_OBJ *extensionsObject,     /* extensions object */
  unsigned int    extensionsObjectType, /* extensions object type */
  CERTC_CTX       ctx);                 /* Cert-C context */

void C_DestroyExtensionsObject (
  EXTENSIONS_OBJ *extensionsObject); /* extensions object */

int C_FindExtensionByType (
  EXTENSIONS_OBJ extensionsObject,  /* extensions object */
  unsigned char *type,              /* extension OID */
  unsigned int   typeLen,           /* extension OID length */
  unsigned int  *index);            /* index of extension entry */

int C_GetExtensionTypeByIndex (
  EXTENSIONS_OBJ   extensionsObject, /* extensions object */
  unsigned char  **type,             /* extension OID */
  unsigned int    *typeLen,          /* extension OID length */
  unsigned int     index);           /* index of extension entry */

int C_GetExtensionCount (
  EXTENSIONS_OBJ extensionsObject,  /* extensions object */
  unsigned int  *count);            /* extension entry count */

void C_ResetExtensionsObject (
  EXTENSIONS_OBJ extensionsObject);  /* extensions object */

int C_GetExtensionsObjectDER (
  EXTENSIONS_OBJ   extensionsObject,  /* extensions object */
  unsigned char  **der,               /* DER encoded extension */
  unsigned int    *derLen);           /* length of DER encoding */

int C_SetExtensionsObjectBER (
  EXTENSIONS_OBJ  extensionsObject,  /* extensions object */
  unsigned char  *ber,               /* BER encoded extension */
  unsigned int    berLen);           /* length of BER encoding */

int C_GetExtensionsInAttributesObj (
  EXTENSIONS_OBJ extensionsObject,   /* extensions object */
  ATTRIBUTES_OBJ attributesObject);  /* attributes object */

int C_GetAttributeInExtensionsObj (
  EXTENSIONS_OBJ extensionsObject,   /* extensions object */
  ATTRIBUTES_OBJ attributesObject);  /* attributes object */

/* Extension entry routines */

int C_CreateExtension (
  EXTENSIONS_OBJ     extensionsObject, /* extensions object */
  unsigned char     *type,             /* extension OID */
  unsigned int       typeLen,          /* extension OID Length */
  unsigned int      *index,            /* new extension index */
  int                criticality,      /* new extension criticality */
  EXTENSION_HANDLER *newHandler);      /* extension handler */

int C_SetExtensionBER (
  EXTENSIONS_OBJ  extensionsObject,  /* extensions object */
  unsigned int   *index,             /* index of extension entry */
  unsigned char  *ber,               /* BER encoded extension */
  unsigned int    berLen);           /* length of BER encoding */

int C_GetExtensionValue (
  EXTENSIONS_OBJ  extensionsObject,  /* extensions object */
  unsigned int    extenIndex,        /* index of extension entry */
  unsigned int    valueIndex,        /* index of extension's value */
  POINTER        *value);            /* extension's value */

/* Extension value routines */

int C_DestroyExtension (
  EXTENSIONS_OBJ extensionsObject,  /* extensions object */
  unsigned int   index);            /* index of extension entry */

int C_GetExtensionInfo (
  EXTENSIONS_OBJ  extensionsObject,  /* extensions object */
  unsigned int    index,             /* index of extension */
  EXTENSION_INFO *extensionInfo);    /* extension information */

int C_AddExtensionValue (
  EXTENSIONS_OBJ extensionsObject,  /* extensions object */
  unsigned int   index,             /* extension's index */
  POINTER        value,             /* extension's value */
  unsigned int  *valueIndex);       /* new extension value's index */

int C_DeleteExtensionValue (
  EXTENSIONS_OBJ extensionsObject,  /* extensions object */
  unsigned int   index,             /* index of extension entry */
  unsigned int   valueIndex);       /* indext of extension's value */

int C_GetExtensionDER (
  EXTENSIONS_OBJ   extensionsObject, /* extensions object */
  unsigned int     index,            /* index of extension entry */
  unsigned char  **valueDER,         /* DER encoded extension entry */
  unsigned int    *valueDERLen);     /* length of DER encoding */

int C_GetEncodedExtensionValue (
  EXTENSIONS_OBJ   extensionsObject, /* extensions object */
  unsigned int     index,            /* index of extension entry */
  unsigned char  **encodedValue,     /* encoded enxtension value */
  unsigned int    *encodedValueLen); /* encoded enxtension value length */

int C_SetEncodedExtensionValue (
  EXTENSIONS_OBJ  extensionsObject, /* extensions object */
  unsigned int    index,            /* index of extension entry */
  unsigned char  *encodedValue,     /* encoded enxtension value */
  unsigned int    encodedValueLen); /* encoded enxtension value length */

int C_CompareExtension (
  EXTENSIONS_OBJ extensionsObject1,  /* 1st extensions object */
  unsigned int   extensionIndex1,    /* index of 1st extension entry */
  EXTENSIONS_OBJ extensionsObject2,  /* 2nd extensions object */
  unsigned int   extensionIndex2);   /* index of 2nd extension entry */

int C_CompareExtensions (
  EXTENSIONS_OBJ extensionsObject1,  /* 1st extensions object */
  EXTENSIONS_OBJ extensionsObject2); /* 2nd extensions object */

#ifdef __cplusplus
}
#endif

#endif /* HEADER_BSAFE_CERTC_CERTEXT */

---

RSA BSAFE^® Cert-C 2.7 API Reference