| blob | 75c372ea440400fc472e1da5cfe9eec13adaa79b |
1 #ifndef __ISDS_ISDS_H__
2 #define __ISDS_ISDS_H__
4 /* Public interface for libisds.
5 * Private declarations in isds_priv.h. */
14 #endif
16 /* _deprecated macro marks library symbols as deprecated. Application should
17 * avoid using such function as soon as possible. */
18 #if defined(__GNUC__)
19 #define _deprecated __attribute__((deprecated))
20 #else
21 #define _deprecated
22 #endif
24 /* Service locators */
25 /* Base URL of production ISDS instance */
29 /* Base URL of testing ISDS instance */
40 IE_NOTSUP,
41 IE_INVAL,
42 IE_INVALID_CONTEXT,
43 IE_NOT_LOGGED_IN,
44 IE_CONNECTION_CLOSED,
45 IE_TIMED_OUT,
46 IE_NOEXIST,
47 IE_NOMEM,
48 IE_NETWORK,
49 IE_HTTP,
50 IE_SOAP,
51 IE_XML,
52 IE_ISDS,
53 IE_ENUM,
54 IE_DATE,
55 IE_2BIG,
56 IE_2SMALL,
57 IE_NOTUNIQ,
58 IE_NOTEQUAL,
59 IE_PARTIAL_SUCCESS,
60 IE_ABORTED
84 /* Return text description of ISDS error */
87 /* libisds options */
90 Default value is true. */
92 Default value depends on cryptographic
93 library. */
95 Default value depends on cryptographic
96 library. */
98 Default value depends on cryptographic
99 library. */
101 Default value is false. */
104 /* TLS libisds options */
109 ITLS_CRL_FILE /* char *: File name with CRL in PEM format */
112 /* Cryptographic material encoding */
116 PKI_FORMAT_ENG /* Stored in crypto engine */
119 /* Public key crypto material to authenticate client */
122 (where key is stored). Use NULL for no engine */
125 nickname in case of NSS as curl back-end,
126 or key slot identifier inside crypto engine.
127 Some crypto engines can pair certificate with
128 key automatically (NULL value) */
131 in case of used engine */
133 decrypting private key, or engine PIN.
134 Use NULL for no pass-phrase or question by
135 engine. */
136 };
138 /* One-time password authentication method */
141 OTP_TIME /* Time-based OTP method */
144 /* One-time passwed authentication resolution */
150 (brute force attack detected) */
152 ???: OTP or regular password
153 expired? */
155 at this rate (minimal delay
156 depends on TOTP window setting) */
158 access requested URI */
160 ISDS */
162 Retry later. */
165 /* One-time password to authenticate client */
167 /* Input members */
170 if you do not know it yet (e.g. in case
171 of first phase of time-based OTP to
172 request new code from ISDS.) */
173 /* Output members */
175 authentication attempt. */
176 };
178 /* Box type */
181 sent by ISDS. */
196 /* Box status from point of view of accessibility */
205 /* User permissions from point of view of ISDS.
206 * Instances can be bitmaps of any discrete values. */
209 dmPersonalDelivery == false */
211 dmPersonalDelivery == true */
213 can download outgoing (sent) messages */
215 post and delivery */
218 permitted users and theirs
219 permissions) */
221 storage (does not exists since
222 2012-05) */
224 storage */
227 /* Message status */
232 infected document has been removed */
234 (dmDeliveryTime stored) */
236 dmAcceptanceTime stored */
238 user explicit request),
239 dmAcceptanceTime stored */
242 (e.g. recipient box has been made
243 inaccessible meantime) */
248 values */
250 /* Hash algorithm types */
252 HASH_ALGORITHM_MD5,
253 HASH_ALGORITHM_SHA_1,
254 HASH_ALGORITHM_SHA_224,
255 HASH_ALGORITHM_SHA_256,
256 HASH_ALGORITHM_SHA_384,
257 HASH_ALGORITHM_SHA_512,
260 /* Buffer storage strategy.
261 * How function should embed application provided buffer into raw element of
262 * output structure. */
266 BUFFER_MOVE /* Just copy pointer.
267 But leave deallocation to isds_*_free(). */
270 /* Hash value storage */
275 };
277 /* Name of person */
283 };
285 /* Date and place of birth */
288 only tm_year, tm_mon and tm_mday carry sane
289 value */
293 };
295 /* Post address */
303 };
305 /* Data about box and his owner.
306 * NULL pointer means undefined value */
319 provider (OVM, PO, maybe PFO)
320 [Max. 20 chars] */
322 [Max. 5 chars] */
324 long int because xsd:integer
325 TODO: enum? */
328 messages from anybody */
329 };
331 /* User type */
338 USERTYPE_LIQUIDATOR /* Company liquidator */
341 /* Data about user.
342 * NULL pointer means undefined value */
350 only tm_year, tm_mon and tm_mday carry sane
351 value */
354 [Max. 100 chars] */
359 Implicit value is "CZ"; Optional. */
360 };
362 /* Message event type */
366 by recipient action */
368 timed out, considered as accepted */
370 thus message is undeliverable */
372 commercial message */
374 sent by sender */
378 has logged in */
379 EVENT_SYSCERT_LOGIN /* Application authenticated by `system'
380 certificate has logged in */
383 /* Message event
384 * All members are optional as specification states so. */
389 generated by ISDS (Czech) */
390 };
392 /* Message envelope
393 * Be ware that the string length constraints are forced only on output
394 * members transmitted to ISDS. The other direction (downloaded from ISDS)
395 * can break these rules. It should not happen, but nobody knows how much
396 * incompatible new version of ISDS protocol will be. This is the gold
397 * Internet rule: be strict on what you put, be tolerant on what you get. */
399 /* Following members apply to incoming messages only: */
401 Maximal length is 20 characters. */
403 Special value "aaaaaaa" means sent by
404 ISDS.
405 Maximal length is 7 characters. */
407 Maximal length is 100 characters. */
409 Maximal length is 100 characters. */
411 TODO: isds_DbType ? */
413 Maximal length is 100 characters. */
415 Maximal length is 100 characters. */
418 /* Following members are assigned by ISDS in different phases of message
419 * life cycle. */
421 incoming/outgoing messages */
424 kilobytes (rounded). */
426 NULL, if message has not been
427 delivered yet */
429 by an user. NULL if message has not
430 been accepted yet. */
432 This is hash of isds:dmDM subtree. */
436 List of isds_event's. */
439 /* Following members apply to both outgoing and incoming messages: */
441 Optional. */
443 Optional. */
445 Maximal length is 7 characters. */
447 string; Optional. */
449 number; Optional. */
451 Optional. */
453 Maximal length is 255 characters. */
455 Maximal length is 50 characters. */
457 Optional. Maximal length is 50 chars. */
459 Maximal length is 50 characters. */
461 Optional. Maximal length is 50 chars. */
463 /* Act addressing in Czech Republic:
464 * Point (Paragraph) § Section Law/Year Coll. */
468 Czech: paragraf */
470 Czech: odstavec */
472 Czech: písmeno */
475 privileges can read this message */
477 I.e. Even if recipient did not read this
478 message, message is considered as
479 delivered after (currently) 10 days.
480 This is delivery through fiction.
481 Applies only to OVM dbType sender. */
483 government message):
484 Input values (when sending a message):
485 "I" is commercial message offering
486 paying the response (initiatory
487 message);
488 it's necessary to define
489 dmSenderRefNumber
490 "K" is commercial message paid by sender
491 if this message
492 "O" is commercial response paid by
493 sender of initiatory message; it's
494 necessary to copy value from
495 dmSenderRefNumber of initiatory
496 message to dmRecipientRefNumber
497 of this message
498 "V" is noncommercial government message
499 Default value while sending is undefined
500 which has the same meaning as "V".
501 Output values (when retrieving
502 a message):
503 "A" is subsidized initiatory commercial
504 message which can pay a response
505 "B" is subsidized initiatory commercial
506 message which has already paid the
507 response
508 "C" is subsidized initiatory commercial
509 message where the response offer has
510 expired
511 "D" is externally subsidized commercial
512 messsage
513 "E" is commercial message prepaid by
514 a stamp
515 "G" is commerical message paid by
516 a sponsor
517 "I"
518 "K"
519 "O"
520 "V"
521 "X" is initiatory commercial message
522 where the response offer has expired
523 "Y" initiatory commercial message which
524 has already paid the response
525 "Z" is limitedly subsidized commercial
526 message
527 Length: Exactly 1 UTF-8 character if
528 defined; */
530 /* Following members apply to outgoing messages only: */
532 Non-OVM dbType boxes that has
533 dbEffectiveOVM == true MUST select
534 between true (OVM mode) and
535 false (non-OVM mode).
536 Optional; Implicit value is true. */
538 be available to recipient by
539 isds_get_message_sender(). Sender type
540 will be always available.
541 Optional; Default value is false. */
542 };
545 /* Document type from point of hierarchy */
550 FILEMETATYPE_META /* XML document for ESS (electronic
551 document information system) purposes */
554 /* Document */
557 False if document is ISDS binary
558 document. */
560 document content. This is pointer to
561 first node of the document in
562 isds_message.xml tree. Use `children'
563 and `next' members to iterate the
564 document.
565 It will be NULL if document is empty.
566 Valid only if is_xml is true. */
568 The encoding and interpretation depends
569 on dmMimeType.
570 Valid only if is_xml is false. */
572 Valid only if is_xml is false. */
577 Optional. */
579 (dmFileGuid); Optional. */
581 Mandatory. */
583 Defines how to interpret XML document;
584 Optional. */
585 };
587 /* Raw message representation content type.
588 * This is necessary to distinguish between different representations without
589 * expensive repeated detection.
590 * Infix explanation:
591 * PLAIN_SIGNED data are XML with namespace mangled to signed alternative
592 * CMS_SIGNED data are XML with signed namespace encapsulated in CMS */
594 RAWTYPE_INCOMING_MESSAGE,
595 RAWTYPE_PLAIN_SIGNED_INCOMING_MESSAGE,
596 RAWTYPE_CMS_SIGNED_INCOMING_MESSAGE,
597 RAWTYPE_PLAIN_SIGNED_OUTGOING_MESSAGE,
598 RAWTYPE_CMS_SIGNED_OUTGOING_MESSAGE,
599 RAWTYPE_DELIVERYINFO,
600 RAWTYPE_PLAIN_SIGNED_DELIVERYINFO,
601 RAWTYPE_CMS_SIGNED_DELIVERYINFO
604 /* Message */
607 from the ISDS. You can use it to store
608 local copy. This is binary buffer. */
611 Meaningful only with non-NULL raw
612 member */
614 message XML documents.
615 Can be NULL. May be freed AFTER deallocating
616 documents member structure. */
619 Valid message must contain exactly one
620 document of type FILEMETATYPE_MAIN and
621 can contain any number of other type
622 documents. Total size of documents
623 must not exceed 10 MB. */
624 };
626 /* Message copy recipient and assigned message ID */
628 /* Input members defined by application */
630 Maximal length is 7 characters. */
632 string; Optional. */
634 number; Optional. */
636 Optional. */
638 /* Output members returned from ISDS */
641 Optional. */
643 for error == IE_SUCCESS */
644 };
646 /* Message state change event */
651 };
653 /* How outgoing commercial message gets paid */
660 PAYMENT_SPONSOR_EXTERNAL /* Undocomented */
663 /* Permission to send commercial message */
667 NULL means to anybody. */
670 NULL means indefinitivly. */
672 on this permission;
673 NULL means unlimited. */
675 message. Meaningful only with type
676 PAYMENT_RESPONSE. */
677 };
679 /* General linked list */
682 or NULL if current is last */
685 Use NULL to have static data member. */
686 };
688 /* External box approval */
691 approved out of ISDS */
693 };
695 /* Message sender type.
696 * Similar but not equivalent to isds_UserType. */
703 information system) */
705 SENDERTYPE_LIQUIDATOR /* Liquidator of the company; Non-normative */
708 /* Digital delivery of credentials */
710 /* Input members */
712 notification with link to service where
713 user can get know his new credentials */
714 /* Output members */
716 the web server to view his new
717 credentials. */
719 changed up on a call. */
720 };
722 /* Initialize ISDS library.
723 * Global function, must be called before other functions.
724 * If it fails you can not use ISDS library and must call isds_cleanup() to
725 * free partially initialized global variables. */
728 /* Deinitialize ISDS library.
729 * Global function, must be called as last library function. */
732 /* Return version string of this library. Version of dependencies can be
733 * embedded. Do no try to parse it. You must free it. */
736 /* Create ISDS context.
737 * Each context can be used for different sessions to (possibly) different
738 * ISDS server with different credentials.
739 * Returns new context, or NULL */
742 /* Destroy ISDS context and free memory.
743 * @context will be NULLed on success. */
746 /* Return long message text produced by library function, e.g. detailed error
747 * message. Returned pointer is only valid until new library function is
748 * called for the same context. Could be NULL, especially if NULL context is
749 * supplied. Return string is locale encoded. */
752 /* Set logging up.
753 * @facilities is bit mask of isds_log_facility values,
754 * @level is verbosity level. */
758 /* Function provided by application libisds will call to pass log message.
759 * The message is usually locale encoded, but raw strings (UTF-8 usually) can
760 * occur when logging raw communication with ISDS servers. Infixed zero byte
761 * is not excluded, but should not present. Use @length argument to get real
762 * length of the message.
763 * TODO: We will try to fix the encoding issue
764 * @facility is log message class
765 * @level is log message severity
766 * @message is string with zero byte terminator. This can be any arbitrary
767 * chunk of a sentence with or without new line, a sentence can be splitted
768 * into more messages. However it should not happen. If you discover message
769 * without new line, report it as a bug.
770 * @length is size of @message string in bytes excluding trailing zero
771 * @data is pointer that will be passed unchanged to this function at run-time
772 * */
777 /* Register callback function libisds calls when new global log message is
778 * produced by library. Library logs to stderr by default.
779 * @callback is function provided by application libisds will call. See type
780 * definition for @callback argument explanation. Pass NULL to revert logging to
781 * default behaviour.
782 * @data is application specific data @callback gets as last argument */
785 /* Set timeout in milliseconds for each network job like connecting to server
786 * or sending message. Use 0 to disable timeout limits. */
790 /* Function provided by application libisds will call with
791 * following five arguments. Value zero of any argument means the value is
792 * unknown.
793 * @upload_total is expected total upload,
794 * @upload_current is cumulative current upload progress
795 * @dowload_total is expected total download
796 * @download_current is cumulative current download progress
797 * @data is pointer that will be passed unchanged to this function at run-time
798 * @return 0 to continue HTTP transfer, or non-zero to abort transfer */
804 /* Register callback function libisds calls periodically during HTTP data
805 * transfer.
806 * @context is session context
807 * @callback is function provided by application libisds will call. See type
808 * definition for @callback argument explanation.
809 * @data is application specific data @callback gets as last argument */
813 /* Change context settings.
814 * @context is context which setting will be applied to
815 * @option is name of option. It determines the type of last argument. See
816 * isds_option definition for more info.
817 * @... is value of new setting. Type is determined by @option
818 * */
820 ...);
822 /* Connect and log into ISDS server.
823 * All required arguments will be copied, you do not have to keep them after
824 * that.
825 * ISDS supports six different authentication methods. Exact method is
826 * selected on @username, @password, @pki_credentials, and @otp arguments:
827 * - If @pki_credentials == NULL, @username and @password must be supplied
828 * and then
829 * - If @otp == NULL, simple authentication by username and password will
830 * be proceeded.
831 * - If @otp != NULL, authentication by username and password and OTP
832 * will be used.
833 * - If @pki_credentials != NULL, then
834 * - If @username == NULL, only certificate will be used
835 * - If @username != NULL, then
836 * - If @password == NULL, then certificate will be used and
837 * @username shifts meaning to box ID. This is used for hosted
838 * services.
839 * - Otherwise all three arguments will be used.
840 * Please note, that different cases require different certificate type
841 * (system qualified one or commercial non qualified one). This library
842 * does not check such political issues. Please see ISDS Specification
843 * for more details.
844 * @url is base address of ISDS web service. Pass extern isds_locator
845 * variable to use production ISDS instance without client certificate
846 * authentication (or extern isds_cert_locator with client certificate
847 * authentication or extern isds_otp_locators with OTP authentication).
848 * Passing NULL has the same effect, autoselection between isds_locator,
849 * isds_cert_locator, and isds_otp_locator is performed in addition. You can
850 * pass extern isds_testing_locator (or isds_cert_testing_locator or
851 * isds_otp_testing_locator) variable to select testing instance.
852 * @username is user name of ISDS user or box ID
853 * @password is user's secret password
854 * @pki_credentials defines public key cryptographic material to use in client
855 * authentication.
856 * @otp selects one-time password authentication method to use, defines OTP
857 * code (if known) and returns fine grade resolution of OTP procedure.
858 * @return:
859 * IE_SUCCESS if authentication succeeds
860 * IE_NOT_LOGGED_IN if authentication fails. If OTP authentication has been
861 * requested, fine grade reason will be set into @otp->resolution. Error
862 * message from server can be obtained by isds_long_message() call.
863 * IE_PARTIAL_SUCCESS if time-based OTP authentication has been requested and
864 * server has sent OTP code through side channel. Application is expected to
865 * fill the code into @otp->otp_code, keep other arguments unchanged, and retry
866 * this call to complete second phase of TOTP authentication;
867 * or other appropriate error. */
873 /* Log out from ISDS server and close connection. */
876 /* Verify connection to ISDS is alive and server is responding.
877 * Send dummy request to ISDS and expect dummy response. */
880 /* Get data about logged in user and his box. */
884 /* Get data about logged in user. */
888 /* Get expiration time of current password
889 * @context is session context
890 * @expiration is automatically reallocated time when password expires. If
891 * password expiration is disables, NULL will be returned. In case of error
892 * it will be nulled too. */
896 /* Change user password in ISDS.
897 * User must supply old password, new password will takes effect after some
898 * time, current session can continue. Password must fulfill some constraints.
899 * @context is session context
900 * @old_password is current password.
901 * @new_password is requested new password
902 * @otp auxiliary data required if one-time password authentication is in use,
903 * defines OTP code (if known) and returns fine grade resolution of OTP
904 * procedure. Pass NULL, if one-time password authentication is not needed.
905 * Please note the @otp argument must match OTP method used at log-in time. See
906 * isds_login() function for more details.
907 * @refnumber is reallocated serial number of request assigned by ISDS. Use
908 * NULL, if you don't care.
909 * @return IE_SUCCESS, if password has been changed. Or returns appropriate
910 * error code. It can return IE_PARTIAL_SUCCESS if OTP is in use and server is
911 * awaiting OTP code that has been delivered by side channel to the user. */
916 /* Create new box.
917 * @context is session context
918 * @box is box description to create including single primary user (in case of
919 * FO box type). It outputs box ID assigned by ISDS in dbID element.
920 * @users is list of struct isds_DbUserInfo (primary users in case of non-FO
921 * box, or contact address of PFO box owner)
922 * @former_names is optional former name of box owner. Pass NULL if you don't care.
923 * @upper_box_id is optional ID of supper box if currently created box is
924 * subordinated.
925 * @ceo_label is optional title of OVM box owner (e.g. mayor)
926 * @credentials_delivery is NULL if new password should be delivered off-line
927 * to box owner. It is valid pointer if owner should obtain new password on-line
928 * on dedicated web server. Then input @credentials_delivery.email value is
929 * his e-mail address he must provide to dedicated web server together
930 * with output reallocated @credentials_delivery.token member. Output
931 * member @credentials_delivery.new_user_name is unused up on this call.
932 * @approval is optional external approval of box manipulation
933 * @refnumber is reallocated serial number of request assigned by ISDS. Use
934 * NULL, if you don't care.*/
942 /* Notify ISDS about new PFO entity.
943 * This function has no real effect.
944 * @context is session context
945 * @box is PFO description including single primary user.
946 * @users is list of struct isds_DbUserInfo (contact address of PFO box owner)
947 * @former_names is optional undocumented string. Pass NULL if you don't care.
948 * @upper_box_id is optional ID of supper box if currently created box is
949 * subordinated.
950 * @ceo_label is optional title of OVM box owner (e.g. mayor)
951 * @approval is optional external approval of box manipulation
952 * @refnumber is reallocated serial number of request assigned by ISDS. Use
953 * NULL, if you don't care.*/
960 /* Remove given box permanently.
961 * @context is session context
962 * @box is box description to delete
963 * @since is date of box owner cancellation. Only tm_year, tm_mon and tm_mday
964 * carry sane value.
965 * @approval is optional external approval of box manipulation
966 * @refnumber is reallocated serial number of request assigned by ISDS. Use
967 * NULL, if you don't care.*/
972 /* Undocumented function.
973 * @context is session context
974 * @box is box description to delete
975 * @approval is optional external approval of box manipulation
976 * @refnumber is reallocated serial number of request assigned by ISDS. Use
977 * NULL, if you don't care.*/
982 /* Update data about given box.
983 * @context is session context
984 * @old_box current box description
985 * @new_box are updated data about @old_box
986 * @approval is optional external approval of box manipulation
987 * @refnumber is reallocated serial number of request assigned by ISDS. Use
988 * NULL, if you don't care.*/
994 /* Get data about all users assigned to given box.
995 * @context is session context
996 * @box_id is box ID
997 * @users is automatically reallocated list of struct isds_DbUserInfo */
1001 /* Update data about user assigned to given box.
1002 * @context is session context
1003 * @box is box identification
1004 * @old_user identifies user to update
1005 * @new_user are updated data about @old_user
1006 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1007 * NULL, if you don't care.*/
1014 /* Undocumented function.
1015 * @context is session context
1016 * @box_id is UTF-8 encoded box identifier
1017 * @token is UTF-8 encoded temporary password
1018 * @user_id outputs UTF-8 encoded reallocated user identifier
1019 * @password outpus UTF-8 encoded reallocated user password
1020 * Output arguments will be nulled in case of error */
1025 /* Reset credentials of user assigned to given box.
1026 * @context is session context
1027 * @box is box identification
1028 * @user identifies user to reset password
1029 * @fee_paid is true if fee has been paid, false otherwise
1030 * @approval is optional external approval of box manipulation
1031 * @credentials_delivery is NULL if new password should be delivered off-line
1032 * to the user. It is valid pointer if user should obtain new password on-line
1033 * on dedicated web server. Then input @credentials_delivery.email value is
1034 * user's e-mail address user must provide to dedicated web server together
1035 * with @credentials_delivery.token. The output reallocated token user needs
1036 * to use to authorize on the web server to view his new password. Output
1037 * reallocated @credentials_delivery.new_user_name is user's log-in name that
1038 * ISDS changed up on this call. (No reason why server could change the name
1039 * is known now.)
1040 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1041 * NULL, if you don't care.*/
1049 /* Assign new user to given box.
1050 * @context is session context
1051 * @box is box identification
1052 * @user defines new user to add
1053 * @credentials_delivery is NULL if new user's password should be delivered
1054 * off-line to the user. It is valid pointer if user should obtain new
1055 * password on-line on dedicated web server. Then input
1056 * @credentials_delivery.email value is user's e-mail address user must
1057 * provide to dedicated web server together with @credentials_delivery.token.
1058 * The output reallocated token user needs to use to authorize on the web
1059 * server to view his new password. Output reallocated
1060 * @credentials_delivery.new_user_name is user's log-in name that ISDS
1061 * assingned up on this call.
1062 * @approval is optional external approval of box manipulation
1063 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1064 * NULL, if you don't care.*/
1070 /* Remove user assigned to given box.
1071 * @context is session context
1072 * @box is box identification
1073 * @user identifies user to remove
1074 * @approval is optional external approval of box manipulation
1075 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1076 * NULL, if you don't care.*/
1081 /* Get list of boxes in ZIP archive.
1082 * @context is session context
1083 * @list_identifier is UTF-8 encoded string identifying boxes of interrest.
1084 * System recognizes following values currently: ALL (all boxes), UPG
1085 * (effectively OVM boxes), OVM (OVM gross type boxes), OPN (boxes allowing
1086 * receiving commercial messages). This argument is a string because
1087 * specification states new values can appear in the future. Not all list
1088 * types are available to all users.
1089 * @buffer is automatically reallocated memory to store the list of boxes. The
1090 * list is zipped CSV file.
1091 * @buffer_length is size of @buffer data in bytes.
1092 * In case of error @buffer will be freed and @buffer_length will be
1093 * undefined.*/
1097 /* Find boxes suiting given criteria.
1098 * @context is ISDS session context.
1099 * @criteria is filter. You should fill in at least some members.
1100 * @boxes is automatically reallocated list of isds_DbOwnerInfo structures,
1101 * possibly empty. Input NULL or valid old structure.
1102 * @return:
1103 * IE_SUCCESS if search succeeded, @boxes contains useful data
1104 * IE_NOEXIST if no such box exists, @boxes will be NULL
1105 * IE_2BIG if too much boxes exist and server truncated the results, @boxes
1106 * contains still valid data
1107 * other code if something bad happens. @boxes will be NULL. */
1112 /* Get status of a box.
1113 * @context is ISDS session context.
1114 * @box_id is UTF-8 encoded box identifier as zero terminated string
1115 * @box_status is return value of box status.
1116 * @return:
1117 * IE_SUCCESS if box has been found and its status retrieved
1118 * IE_NOEXIST if box is not known to ISDS server
1119 * or other appropriate error.
1120 * You can use isds_DbState to enumerate box status. However out of enum
1121 * range value can be returned too. This is feature because ISDS
1122 * specification leaves the set of values open.
1123 * Be ware that status DBSTATE_REMOVED is signaled as IE_SUCCESS. That means
1124 * the box has been deleted, but ISDS still lists its former existence. */
1128 /* Get list of permissions to send commercial messages.
1129 * @context is ISDS session context.
1130 * @box_id is UTF-8 encoded sender box identifier as zero terminated string
1131 * @permissions is a reallocated list of permissions (struct
1132 * isds_commercial_permission*) to send commercial messages from @box_id. The
1133 * order of permissions is significant as the server applies the permissions
1134 * and associated pre-paid credits in the order. Empty list means no
1135 * permission.
1136 * @return:
1137 * IE_SUCCESS if the list has been obtained correctly,
1138 * or other appropriate error. */
1142 /* Switch box into state where box can receive commercial messages (off by
1143 * default)
1144 * @context is ISDS session context.
1145 * @box_id is UTF-8 encoded box identifier as zero terminated string
1146 * @allow is true for enable, false for disable commercial messages income
1147 * @approval is optional external approval of box manipulation
1148 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1149 * NULL, if you don't care. */
1154 /* Switch box into / out of state where non-OVM box can act as OVM (e.g. force
1155 * message acceptance). This is just a box permission. Sender must apply
1156 * such role by sending each message.
1157 * @context is ISDS session context.
1158 * @box_id is UTF-8 encoded box identifier as zero terminated string
1159 * @allow is true for enable, false for disable OVM role permission
1160 * @approval is optional external approval of box manipulation
1161 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1162 * NULL, if you don't care. */
1167 /* Switch box accessibility state on request of box owner.
1168 * Despite the name, owner must do the request off-line. This function is
1169 * designed for such off-line meeting points (e.g. Czech POINT).
1170 * @context is ISDS session context.
1171 * @box identifies box to switch accessibility state.
1172 * @allow is true for making accessible, false to disallow access.
1173 * @approval is optional external approval of box manipulation
1174 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1175 * NULL, if you don't care. */
1181 /* Disable box accessibility on law enforcement (e.g. by prison) since exact
1182 * date.
1183 * @context is ISDS session context.
1184 * @box identifies box to switch accessibility state.
1185 * @since is date since accessibility has been denied. This can be past too.
1186 * Only tm_year, tm_mon and tm_mday carry sane value.
1187 * @approval is optional external approval of box manipulation
1188 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1189 * NULL, if you don't care. */
1195 /* Send a message via ISDS to a recipient
1196 * @context is session context
1197 * @outgoing_message is message to send; Some members are mandatory (like
1198 * dbIDRecipient), some are optional and some are irrelevant (especially data
1199 * about sender). Included pointer to isds_list documents must contain at
1200 * least one document of FILEMETATYPE_MAIN. This is read-write structure, some
1201 * members will be filled with valid data from ISDS. Exact list of write
1202 * members is subject to change. Currently dmID is changed.
1203 * @return ISDS_SUCCESS, or other error code if something goes wrong. */
1207 /* Send a message via ISDS to a multiple recipients
1208 * @context is session context
1209 * @outgoing_message is message to send; Some members are mandatory,
1210 * some are optional and some are irrelevant (especially data
1211 * about sender). Data about recipient will be substituted by ISDS from
1212 * @copies. Included pointer to isds_list documents must
1213 * contain at least one document of FILEMETATYPE_MAIN.
1214 * @copies is list of isds_message_copy structures addressing all desired
1215 * recipients. This is read-write structure, some members will be filled with
1216 * valid data from ISDS (message IDs, error codes, error descriptions).
1217 * @return
1218 * ISDS_SUCCESS if all messages have been sent
1219 * ISDS_PARTIAL_SUCCESS if sending of some messages has failed (failed and
1220 * succeeded messages can be identified by copies->data->error),
1221 * or other error code if something other goes wrong. */
1226 /* Get list of outgoing (already sent) messages.
1227 * Any criterion argument can be NULL, if you don't care about it.
1228 * @context is session context. Must not be NULL.
1229 * @from_time is minimal time and date of message sending inclusive.
1230 * @to_time is maximal time and date of message sending inclusive
1231 * @dmSenderOrgUnitNum is the same as isds_envelope.dmSenderOrgUnitNum
1232 * @status_filter is bit field of isds_message_status values. Use special
1233 * value MESSAGESTATE_ANY to signal you don't care. (It's defined as union of
1234 * all values, you can use bit-wise arithmetic if you want.)
1235 * @offset is index of first message we are interested in. First message is 1.
1236 * Set to 0 (or 1) if you don't care.
1237 * @number is maximal length of list you want to get as input value, outputs
1238 * number of messages matching these criteria. Can be NULL if you don't care
1239 * (applies to output value either).
1240 * @messages is automatically reallocated list of isds_message's. Be ware that
1241 * it returns only brief overview (envelope and some other fields) about each
1242 * message, not the complete message. FIXME: Specify exact fields.
1243 * The list is sorted by delivery time in ascending order.
1244 * Use NULL if you don't care about the meta data (useful if you want to know
1245 * only the @number). If you provide &NULL, list will be allocated on heap,
1246 * if you provide pointer to non-NULL, list will be freed automatically at
1247 * first. Also in case of error the list will be NULLed.
1248 * @return IE_SUCCESS or appropriate error code. */
1255 /* Get list of incoming (addressed to you) messages.
1256 * Any criterion argument can be NULL, if you don't care about it.
1257 * @context is session context. Must not be NULL.
1258 * @from_time is minimal time and date of message sending inclusive.
1259 * @to_time is maximal time and date of message sending inclusive
1260 * @dmRecipientOrgUnitNum is the same as isds_envelope.dmRecipientOrgUnitNum
1261 * @status_filter is bit field of isds_message_status values. Use special
1262 * value MESSAGESTATE_ANY to signal you don't care. (It's defined as union of
1263 * all values, you can use bit-wise arithmetic if you want.)
1264 * @offset is index of first message we are interested in. First message is 1.
1265 * Set to 0 (or 1) if you don't care.
1266 * @number is maximal length of list you want to get as input value, outputs
1267 * number of messages matching these criteria. Can be NULL if you don't care
1268 * (applies to output value either).
1269 * @messages is automatically reallocated list of isds_message's. Be ware that
1270 * it returns only brief overview (envelope and some other fields) about each
1271 * message, not the complete message. FIXME: Specify exact fields.
1272 * Use NULL if you don't care about the meta data (useful if you want to know
1273 * only the @number). If you provide &NULL, list will be allocated on heap,
1274 * if you provide pointer to non-NULL, list will be freed automatically at
1275 * first. Also in case of error the list will be NULLed.
1276 * @return IE_SUCCESS or appropriate error code. */
1284 /* Get list of sent message state changes.
1285 * Any criterion argument can be NULL, if you don't care about it.
1286 * @context is session context. Must not be NULL.
1287 * @from_time is minimal time and date of status changes inclusive
1288 * @to_time is maximal time and date of status changes inclusive
1289 * @changed_states is automatically reallocated list of
1290 * isds_message_status_change's. If you provide &NULL, list will be allocated
1291 * on heap, if you provide pointer to non-NULL, list will be freed
1292 * automatically at first. Also in case of error the list will be NULLed.
1293 * XXX: The list item ordering is not specified.
1294 * XXX: Server provides only `recent' changes.
1295 * @return IE_SUCCESS or appropriate error code. */
1301 /* Download incoming message envelope identified by ID.
1302 * @context is session context
1303 * @message_id is message identifier (you can get them from
1304 * isds_get_list_of_received_messages())
1305 * @message is automatically reallocated message retrieved from ISDS.
1306 * It will miss documents per se. Use isds_get_received_message(), if you are
1307 * interested in documents (content) too.
1308 * Returned hash and timestamp require documents to be verifiable. */
1312 /* Download signed delivery info-sheet of given message identified by ID.
1313 * @context is session context
1314 * @message_id is message identifier (you can get them from
1315 * isds_get_list_of_{sent,received}_messages())
1316 * @message is automatically reallocated message retrieved from ISDS.
1317 * It will miss documents per se. Use isds_get_signed_received_message(),
1318 * if you are interested in documents (content). OTOH, only this function
1319 * can get list events message has gone through. */
1323 /* Load delivery info of any format from buffer.
1324 * @context is session context
1325 * @raw_type advertises format of @buffer content. Only delivery info types
1326 * are accepted.
1327 * @buffer is DER encoded PKCS#7 structure with signed delivery info. You can
1328 * retrieve such data from message->raw after calling
1329 * isds_get_signed_delivery_info().
1330 * @length is length of buffer in bytes.
1331 * @message is automatically reallocated message parsed from @buffer.
1332 * @strategy selects how buffer will be attached into raw isds_message member.
1333 * */
1339 /* Download delivery info-sheet of given message identified by ID.
1340 * @context is session context
1341 * @message_id is message identifier (you can get them from
1342 * isds_get_list_of_{sent,received}_messages())
1343 * @message is automatically reallocated message retrieved from ISDS.
1344 * It will miss documents per se. Use isds_get_received_message(), if you are
1345 * interested in documents (content). OTOH, only this function can get list
1346 * of events message has gone through. */
1350 /* Download incoming message identified by ID.
1351 * @context is session context
1352 * @message_id is message identifier (you can get them from
1353 * isds_get_list_of_received_messages())
1354 * @message is automatically reallocated message retrieved from ISDS */
1358 /* Load message of any type from buffer.
1359 * @context is session context
1360 * @raw_type defines content type of @buffer. Only message types are allowed.
1361 * @buffer is message raw representation. Format (CMS, plain signed,
1362 * message direction) is defined in @raw_type. You can retrieve such data
1363 * from message->raw after calling isds_get_[signed]{received,sent}_message().
1364 * @length is length of buffer in bytes.
1365 * @message is automatically reallocated message parsed from @buffer.
1366 * @strategy selects how buffer will be attached into raw isds_message member.
1367 * */
1372 /* Determine type of raw message or delivery info according some heuristics.
1373 * It does not validate the raw blob.
1374 * @context is session context
1375 * @raw_type returns content type of @buffer. Valid only if exit code of this
1376 * function is IE_SUCCESS. The pointer must be valid. This is no automatically
1377 * reallocated memory.
1378 * @buffer is message raw representation.
1379 * @length is length of buffer in bytes. */
1383 /* Download signed incoming message identified by ID.
1384 * @context is session context
1385 * @message_id is message identifier (you can get them from
1386 * isds_get_list_of_received_messages())
1387 * @message is automatically reallocated message retrieved from ISDS. The raw
1388 * member will be filled with PKCS#7 structure in DER format. */
1392 /* Download signed outgoing message identified by ID.
1393 * @context is session context
1394 * @message_id is message identifier (you can get them from
1395 * isds_get_list_of_sent_messages())
1396 * @message is automatically reallocated message retrieved from ISDS. The raw
1397 * member will be filled with PKCS#7 structure in DER format. */
1401 /* Get type and name of user who sent a message identified by ID.
1402 * @context is session context
1403 * @message_id is message identifier
1404 * @sender_type is pointer to automatically allocated type of sender detected
1405 * from @raw_sender_type string. If @raw_sender_type is unknown to this
1406 * library or to the server, NULL will be returned. Pass NULL if you don't
1407 * care about it.
1408 * @raw_sender_type is automatically reallocated UTF-8 string describing
1409 * sender type or NULL if not known to server. Pass NULL if you don't care.
1410 * @sender_name is automatically reallocated UTF-8 name of user who sent the
1411 * message, or NULL if not known to ISDS. Pass NULL if you don't care. */
1416 /* Retrieve hash of message identified by ID stored in ISDS.
1417 * @context is session context
1418 * @message_id is message identifier
1419 * @hash is automatically reallocated message hash downloaded from ISDS.
1420 * Message must exist in system and must not be deleted. */
1424 /* Compute hash of message from raw representation and store it into envelope.
1425 * Original hash structure will be destroyed in envelope.
1426 * @context is session context
1427 * @message is message carrying raw XML message blob
1428 * @algorithm is desired hash algorithm to use */
1432 /* Compare two hashes.
1433 * @h1 is first hash
1434 * @h2 is another hash
1435 * @return
1436 * IE_SUCCESS if hashes equal
1437 * IE_NOTUNIQ if hashes are comparable, but they don't equal
1438 * IE_ENUM if not comparable, but both structures defined
1439 * IE_INVAL if some of the structures are undefined (NULL)
1440 * IE_ERROR if internal error occurs */
1444 /* Check message has gone through ISDS by comparing message hash stored in
1445 * ISDS and locally computed hash. You must provide message with valid raw
1446 * member (do not use isds_load_message(..., BUFFER_DONT_STORE)).
1447 * This is convenient wrapper for isds_download_message_hash(),
1448 * isds_compute_message_hash(), and isds_hash_cmp() sequence.
1449 * @context is session context
1450 * @message is message with valid raw and envelope member; envelope->hash
1451 * member will be changed during function run. Use envelope on heap only.
1452 * @return
1453 * IE_SUCCESS if message originates in ISDS
1454 * IE_NOTEQUAL if message is unknown to ISDS
1455 * other code for other errors */
1459 /* Submit CMS signed message to ISDS to verify its originality. This is
1460 * stronger form of isds_verify_message_hash() because ISDS does more checks
1461 * than simple one (potentialy old weak) hash comparison.
1462 * @context is session context
1463 * @message is memory with raw CMS signed message bit stream
1464 * @length is @message size in bytes
1465 * @return
1466 * IE_SUCCESS if message originates in ISDS
1467 * IE_NOTEQUAL if message is unknown to ISDS
1468 * other code for other errors */
1472 /* Erase message specified by @message_id from long term storage. Other
1473 * message cannot be erased on user request.
1474 * @context is session context
1475 * @message_id is message identifier.
1476 * @incoming is true for incoming message, false for outgoing message.
1477 * @return
1478 * IE_SUCCESS if message has ben removed
1479 * IE_INVAL if message does not exist in long term storage or message
1480 * belongs to different box
1481 * TODO: IE_NOEPRM if user has no permission to erase a message */
1485 /* Mark message as read. This is a transactional commit function to acknowledge
1486 * to ISDS the message has been downloaded and processed by client properly.
1487 * @context is session context
1488 * @message_id is message identifier. */
1492 /* Mark message as received by recipient. This is applicable only to
1493 * commercial message. Use envelope->dmType message member to distinguish
1494 * commercial message from government message. Government message is
1495 * received automatically (by law), commercial message on recipient request.
1496 * @context is session context
1497 * @message_id is message identifier. */
1501 /* Send bogus request to ISDS.
1502 * Just for test purposes */
1505 /* Send document for authorized conversion into Czech POINT system.
1506 * This is public anonymous service, no log-in necessary. Special context is
1507 * used to reuse keep-a-live HTTPS connection.
1508 * @context is Czech POINT session context. DO NOT use context connected to
1509 * ISDS server. Use new context or context used by this function previously.
1510 * @document is document to convert. Only data, data_length, dmFileDescr and
1511 * is_xml members are significant. Be ware that not all document formats can be
1512 * converted (signed PDF 1.3 and higher only (2010-02 state)).
1513 * @id is reallocated identifier assigned by Czech POINT system to
1514 * your document on submit. Use is to tell it to Czech POINT officer.
1515 * @date is reallocated document submit date (submitted documents
1516 * expires after some period). Only tm_year, tm_mon and tm_mday carry sane
1517 * value. */
1522 /* Close possibly opened connection to Czech POINT document deposit.
1523 * @context is Czech POINT session context. */
1526 /* Send request for new box creation in testing ISDS instance.
1527 * It's not possible to request for a production box currently, as it
1528 * communicates via e-mail.
1529 * XXX: This function does not work either. Server complains about invalid
1530 * e-mail address.
1531 * XXX: Remove context->type hacks in isds.c and validator.c when removing
1532 * this function
1533 * @context is special session context for box creation request. DO NOT use
1534 * standard context as it could reveal your password. Use fresh new context or
1535 * context previously used by this function.
1536 * @box is box description to create including single primary user (in case of
1537 * FO box type). It outputs box ID assigned by ISDS in dbID element.
1538 * @users is list of struct isds_DbUserInfo (primary users in case of non-FO
1539 * box, or contact address of PFO box owner). The email member is mandatory as
1540 * it will be used to deliver credentials.
1541 * @former_names is optional undocumented string. Pass NULL if you don't care.
1542 * @approval is optional external approval of box manipulation
1543 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1544 * NULL, if you don't care.*/
1550 /* Search for document by document ID in list of documents. IDs are compared
1551 * as UTF-8 string.
1552 * @documents is list of isds_documents
1553 * @id is document identifier
1554 * @return first matching document or NULL. */
1558 /* Normalize @mime_type to be proper MIME type.
1559 * ISDS servers pass invalid MIME types (e.g. "pdf"). This function tries to
1560 * guess regular MIME type (e.g. "application/pdf").
1561 * @mime_type is UTF-8 encoded MIME type to fix
1562 * @return original @mime_type if no better interpretation exists, or
1563 * constant static UTF-8 encoded string with proper MIME type. */
1566 /* Deallocate structure isds_pki_credentials and NULL it.
1567 * Pass-phrase is discarded.
1568 * @pki credentials to to free */
1571 /* Free isds_list with all member data.
1572 * @list list to free, on return will be NULL */
1575 /* Deallocate structure isds_hash and NULL it.
1576 * @hash hash to to free */
1579 /* Deallocate structure isds_DbOwnerInfo recursively and NULL it */
1582 /* Deallocate structure isds_DbUserInfo recursively and NULL it */
1585 /* Deallocate struct isds_event recursively and NULL it */
1588 /* Deallocate struct isds_envelope recursively and NULL it */
1591 /* Deallocate struct isds_document recursively and NULL it */
1594 /* Deallocate struct isds_message recursively and NULL it */
1597 /* Deallocate struct isds_message_copy recursively and NULL it */
1600 /* Deallocate struct isds_message_status_change recursively and NULL it */
1604 /* Deallocate struct isds_approval recursively and NULL it */
1607 /* Deallocate struct isds_commercial_permission recursively and NULL it */
1611 /* Deallocate struct isds_credentials_delivery recursively and NULL it.
1612 * The email string is deallocated too. */
1616 /* Copy structure isds_PersonName recursively */
1620 /* Copy structure isds_Address recursively */
1624 /* Copy structure isds_DbOwnerInfo recursively */
1628 /* Copy structure isds_DbUserInfo recursively */
1633 }
1634 #endif
1636 #endif