| blob | b0bc89cc57c62a73bd4162b127e5e284dc7dad78 |
1 #ifndef __ISDS_ISDS_H__
2 #define __ISDS_ISDS_H__
4 /* Public interface for libisds.
5 * Private declarations in isds_priv.h. */
14 #endif
16 /* _deprecated macro marks library symbols as deprecated. Application should
17 * avoid using such function as soon as possible. */
18 #if defined(__GNUC__)
19 #define _deprecated __attribute__((deprecated))
20 #else
21 #define _deprecated
22 #endif
24 /* Service locators */
25 /* Base URL of production ISDS instance */
29 /* Base URL of testing ISDS instance */
40 IE_NOTSUP,
41 IE_INVAL,
42 IE_INVALID_CONTEXT,
43 IE_NOT_LOGGED_IN,
44 IE_CONNECTION_CLOSED,
45 IE_TIMED_OUT,
46 IE_NOEXIST,
47 IE_NOMEM,
48 IE_NETWORK,
49 IE_HTTP,
50 IE_SOAP,
51 IE_XML,
52 IE_ISDS,
53 IE_ENUM,
54 IE_DATE,
55 IE_2BIG,
56 IE_2SMALL,
57 IE_NOTUNIQ,
58 IE_NOTEQUAL,
59 IE_PARTIAL_SUCCESS,
60 IE_ABORTED
84 /* Return text description of ISDS error */
87 /* libisds options */
90 Default value is true. */
92 Default value depends on cryptographic
93 library. */
95 Default value depends on cryptographic
96 library. */
98 Default value depends on cryptographic
99 library. */
101 Default value is false. */
104 /* TLS libisds options */
109 ITLS_CRL_FILE /* char *: File name with CRL in PEM format */
112 /* Cryptographic material encoding */
116 PKI_FORMAT_ENG /* Stored in crypto engine */
119 /* Public key crypto material to authenticate client */
122 (where key is stored). Use NULL for no engine */
125 nickname in case of NSS as curl back-end,
126 or key slot identifier inside crypto engine.
127 Some crypto engines can pair certificate with
128 key automatically (NULL value) */
131 in case of used engine */
133 decrypting private key, or engine PIN.
134 Use NULL for no pass-phrase or question by
135 engine. */
136 };
138 /* One-time password authentication method */
141 OTP_TIME /* Time-based OTP method */
144 /* One-time passwed authentication resolution */
150 (brute force attack detected) */
152 ???: OTP or regular password
153 expired? */
155 at this rate (minimal delay
156 depends on TOTP window setting) */
158 access requested URI */
160 ISDS */
162 Retry later. */
165 /* One-time password to authenticate client */
167 /* Input members */
170 if you do not know it yet (e.g. in case
171 of first phase of time-based OTP to
172 request new code from ISDS.) */
173 /* Output members */
175 authentication attempt. */
176 };
178 /* Box type */
181 sent by ISDS. */
196 /* Box status from point of view of accessibility */
205 /* User permissions from point of view of ISDS.
206 * Instances can be bitmaps of any discrete values. */
209 dmPersonalDelivery == false */
211 dmPersonalDelivery == true */
213 can download outgoing (sent) messages */
215 post and delivery */
218 permitted users and theirs
219 permissions) */
224 /* Message status */
229 infected document has been removed */
231 (dmDeliveryTime stored) */
233 dmAcceptanceTime stored */
235 user explicit request),
236 dmAcceptanceTime stored */
239 (e.g. recipient box has been made
240 inaccessible meantime) */
246 values */
248 /* Hash algorithm types */
250 HASH_ALGORITHM_MD5,
251 HASH_ALGORITHM_SHA_1,
252 HASH_ALGORITHM_SHA_224,
253 HASH_ALGORITHM_SHA_256,
254 HASH_ALGORITHM_SHA_384,
255 HASH_ALGORITHM_SHA_512,
258 /* Buffer storage strategy.
259 * How function should embed application provided buffer into raw element of
260 * output structure. */
264 BUFFER_MOVE /* Just copy pointer.
265 But leave deallocation to isds_*_free(). */
268 /* Hash value storage */
273 };
275 /* Name of person */
281 };
283 /* Date and place of birth */
286 only tm_year, tm_mon and tm_mday carry sane
287 value */
291 };
293 /* Post address */
301 };
303 /* Data about box and his owner.
304 * NULL pointer means undefined value */
317 provider (OVM, PO, maybe PFO)
318 [Max. 20 chars] */
320 [Max. 5 chars] */
322 long int because xsd:integer
323 TODO: enum? */
326 messages from anybody */
327 };
329 /* User type */
336 USERTYPE_LIQUIDATOR /* Company liquidator */
339 /* Data about user.
340 * NULL pointer means undefined value */
348 only tm_year, tm_mon and tm_mday carry sane
349 value */
352 [Max. 100 chars] */
357 Implicit value is "CZ"; Optional. */
358 };
360 /* Message event type */
364 by recipient action */
366 timed out, considered as accepted */
368 thus message is undeliverable */
370 commercial message */
372 sent by sender */
376 has logged in */
377 EVENT_SYSCERT_LOGIN /* Application authenticated by `system'
378 certificate has logged in */
381 /* Message event
382 * All members are optional as specification states so. */
387 generated by ISDS (Czech) */
388 };
390 /* Message envelope
391 * Be ware that the string length constraints are forced only on output
392 * members transmitted to ISDS. The other direction (downloaded from ISDS)
393 * can break these rules. It should not happen, but nobody knows how much
394 * incompatible new version of ISDS protocol will be. This is the gold
395 * Internet rule: be strict on what you put, be tolerant on what you get. */
397 /* Following members apply to incoming messages only: */
399 Maximal length is 20 characters. */
401 Special value "aaaaaaa" means sent by
402 ISDS.
403 Maximal length is 7 characters. */
405 Maximal length is 100 characters. */
407 Maximal length is 100 characters. */
409 TODO: isds_DbType ? */
411 Maximal length is 100 characters. */
413 Maximal length is 100 characters. */
416 /* Following members are assigned by ISDS in different phases of message
417 * life cycle. */
419 incoming/outgoing messages */
422 kilobytes (rounded). */
424 NULL, if message has not been
425 delivered yet */
427 by an user. NULL if message has not
428 been accepted yet. */
430 This is hash of isds:dmDM subtree. */
434 List of isds_event's. */
437 /* Following members apply to both outgoing and incoming messages: */
439 Optional. */
441 Optional. */
443 Maximal length is 7 characters. */
445 string; Optional. */
447 number; Optional. */
449 Optional. */
451 Maximal length is 255 characters. */
453 Maximal length is 50 characters. */
455 Optional. Maximal length is 50 chars. */
457 Maximal length is 50 characters. */
459 Optional. Maximal length is 50 chars. */
461 /* Act addressing in Czech Republic:
462 * Point (Paragraph) § Section Law/Year Coll. */
466 Czech: paragraf */
468 Czech: odstavec */
470 Czech: písmeno */
473 privileges can read this message */
475 I.e. Even if recipient did not read this
476 message, message is considered as
477 delivered after (currently) 10 days.
478 This is delivery through fiction.
479 Applies only to OVM dbType sender. */
481 "V" is public message
482 "K" is commercial message
483 Default value for outgoing message is "V"
484 Length: Exact 1 UTF-8 character if
485 defined;
486 As 2010-05-20, used as output only. */
488 /* Following members apply to outgoing messages only: */
490 Non-OVM dbType boxes that has
491 dbEffectiveOVM == true MUST select
492 between true (OVM mode) and
493 false (non-OVM mode).
494 Optional; Implicit value is true. */
496 be available to recipient by
497 isds_get_message_sender(). Sender type
498 will be always available.
499 Optional; Default value is false. */
500 };
503 /* Document type from point of hierarchy */
508 FILEMETATYPE_META /* XML document for ESS (electronic
509 document information system) purposes */
512 /* Document */
515 False if document is ISDS binary
516 document. */
518 document content. This is pointer to
519 first node of the document in
520 isds_message.xml tree. Use `children'
521 and `next' members to iterate the
522 document.
523 It will be NULL if document is empty.
524 Valid only if is_xml is true. */
526 The encoding and interpretation depends
527 on dmMimeType.
528 Valid only if is_xml is false. */
530 Valid only if is_xml is false. */
535 Optional. */
537 (dmFileGuid); Optional. */
539 Mandatory. */
541 Defines how to interpret XML document;
542 Optional. */
543 };
545 /* Raw message representation content type.
546 * This is necessary to distinguish between different representations without
547 * expensive repeated detection.
548 * Infix explanation:
549 * PLAIN_SIGNED data are XML with namespace mangled to signed alternative
550 * CMS_SIGNED data are XML with signed namespace encapsulated in CMS */
552 RAWTYPE_INCOMING_MESSAGE,
553 RAWTYPE_PLAIN_SIGNED_INCOMING_MESSAGE,
554 RAWTYPE_CMS_SIGNED_INCOMING_MESSAGE,
555 RAWTYPE_PLAIN_SIGNED_OUTGOING_MESSAGE,
556 RAWTYPE_CMS_SIGNED_OUTGOING_MESSAGE,
557 RAWTYPE_DELIVERYINFO,
558 RAWTYPE_PLAIN_SIGNED_DELIVERYINFO,
559 RAWTYPE_CMS_SIGNED_DELIVERYINFO
562 /* Message */
565 from the ISDS. You can use it to store
566 local copy. This is binary buffer. */
569 Meaningful only with non-NULL raw
570 member */
572 message XML documents.
573 Can be NULL. May be freed AFTER deallocating
574 documents member structure. */
577 Valid message must contain exactly one
578 document of type FILEMETATYPE_MAIN and
579 can contain any number of other type
580 documents. Total size of documents
581 must not exceed 10 MB. */
582 };
584 /* Message copy recipient and assigned message ID */
586 /* Input members defined by application */
588 Maximal length is 7 characters. */
590 string; Optional. */
592 number; Optional. */
594 Optional. */
596 /* Output members returned from ISDS */
599 Optional. */
601 for error == IE_SUCCESS */
602 };
604 /* Message state change event */
609 };
611 /* How outgoing commercial message gets paid */
616 PAYMENT_RESPONSE /* Recipient pays a response */
619 /* Permission to send commercial message */
623 NULL means to anybody. */
626 NULL means indefinitivly. */
628 on this permission;
629 NULL means unlimited. */
631 message. Meaningful only with type
632 PAYMENT_RESPONSE. */
633 };
635 /* General linked list */
638 or NULL if current is last */
641 Use NULL to have static data member. */
642 };
644 /* External box approval */
647 approved out of ISDS */
649 };
651 /* Message sender type.
652 * Similar but not equivalent to isds_UserType. */
659 information system) */
661 SENDERTYPE_LIQUIDATOR /* Liquidator of the company; Non-normative */
664 /* Digital delivery of credentials */
666 /* Input members */
668 notification with link to service where
669 user can get know his new credentials */
670 /* Output members */
672 the web server to view his new
673 credentials. */
675 changed up on a call. */
676 };
678 /* Initialize ISDS library.
679 * Global function, must be called before other functions.
680 * If it fails you can not use ISDS library and must call isds_cleanup() to
681 * free partially initialized global variables. */
684 /* Deinitialize ISDS library.
685 * Global function, must be called as last library function. */
688 /* Return version string of this library. Version of dependencies can be
689 * embedded. Do no try to parse it. You must free it. */
692 /* Create ISDS context.
693 * Each context can be used for different sessions to (possibly) different
694 * ISDS server with different credentials.
695 * Returns new context, or NULL */
698 /* Destroy ISDS context and free memory.
699 * @context will be NULLed on success. */
702 /* Return long message text produced by library function, e.g. detailed error
703 * message. Returned pointer is only valid until new library function is
704 * called for the same context. Could be NULL, especially if NULL context is
705 * supplied. Return string is locale encoded. */
708 /* Set logging up.
709 * @facilities is bit mask of isds_log_facility values,
710 * @level is verbosity level. */
714 /* Function provided by application libisds will call to pass log message.
715 * The message is usually locale encoded, but raw strings (UTF-8 usually) can
716 * occur when logging raw communication with ISDS servers. Infixed zero byte
717 * is not excluded, but should not present. Use @length argument to get real
718 * length of the message.
719 * TODO: We will try to fix the encoding issue
720 * @facility is log message class
721 * @level is log message severity
722 * @message is string with zero byte terminator. This can be any arbitrary
723 * chunk of a sentence with or without new line, a sentence can be splitted
724 * into more messages. However it should not happen. If you discover message
725 * without new line, report it as a bug.
726 * @length is size of @message string in bytes excluding trailing zero
727 * @data is pointer that will be passed unchanged to this function at run-time
728 * */
733 /* Register callback function libisds calls when new global log message is
734 * produced by library. Library logs to stderr by default.
735 * @callback is function provided by application libisds will call. See type
736 * definition for @callback argument explanation. Pass NULL to revert logging to
737 * default behaviour.
738 * @data is application specific data @callback gets as last argument */
741 /* Set timeout in milliseconds for each network job like connecting to server
742 * or sending message. Use 0 to disable timeout limits. */
746 /* Function provided by application libisds will call with
747 * following five arguments. Value zero of any argument means the value is
748 * unknown.
749 * @upload_total is expected total upload,
750 * @upload_current is cumulative current upload progress
751 * @dowload_total is expected total download
752 * @download_current is cumulative current download progress
753 * @data is pointer that will be passed unchanged to this function at run-time
754 * @return 0 to continue HTTP transfer, or non-zero to abort transfer */
760 /* Register callback function libisds calls periodically during HTTP data
761 * transfer.
762 * @context is session context
763 * @callback is function provided by application libisds will call. See type
764 * definition for @callback argument explanation.
765 * @data is application specific data @callback gets as last argument */
769 /* Change context settings.
770 * @context is context which setting will be applied to
771 * @option is name of option. It determines the type of last argument. See
772 * isds_option definition for more info.
773 * @... is value of new setting. Type is determined by @option
774 * */
776 ...);
778 /* Connect and log into ISDS server.
779 * All required arguments will be copied, you do not have to keep them after
780 * that.
781 * ISDS supports six different authentication methods. Exact method is
782 * selected on @username, @password, @pki_credentials, and @otp arguments:
783 * - If @pki_credentials == NULL, @username and @password must be supplied
784 * and then
785 * - If @otp == NULL, simple authentication by username and password will
786 * be proceeded.
787 * - If @otp != NULL, authentication by username and password and OTP
788 * will be used.
789 * - If @pki_credentials != NULL, then
790 * - If @username == NULL, only certificate will be used
791 * - If @username != NULL, then
792 * - If @password == NULL, then certificate will be used and
793 * @username shifts meaning to box ID. This is used for hosted
794 * services.
795 * - Otherwise all three arguments will be used.
796 * Please note, that different cases require different certificate type
797 * (system qualified one or commercial non qualified one). This library
798 * does not check such political issues. Please see ISDS Specification
799 * for more details.
800 * @url is base address of ISDS web service. Pass extern isds_locator
801 * variable to use production ISDS instance without client certificate
802 * authentication (or extern isds_cert_locator with client certificate
803 * authentication or extern isds_otp_locators with OTP authentication).
804 * Passing NULL has the same effect, autoselection between isds_locator,
805 * isds_cert_locator, and isds_otp_locator is performed in addition. You can
806 * pass extern isds_testing_locator (or isds_cert_testing_locator or
807 * isds_otp_testing_locator) variable to select testing instance.
808 * @username is user name of ISDS user or box ID
809 * @password is user's secret password
810 * @pki_credentials defines public key cryptographic material to use in client
811 * authentication.
812 * @otp selects one-time password authentication method to use, defines OTP
813 * code (if known) and returns fine grade resolution of OTP procedure.
814 * @return:
815 * IE_SUCCESS if authentication succeeds
816 * IE_NOT_LOGGED_IN if authentication fails. If OTP authentication has been
817 * requested, fine grade reason will be set into @otp->resolution. Error
818 * message from server can be obtained by isds_long_message() call.
819 * IE_PARTIAL_SUCCESS if time-based OTP authentication has been requested and
820 * server has sent OTP code through side channel. Application is expected to
821 * fill the code into @otp->otp_code, keep other arguments unchanged, and retry
822 * this call to complete second phase of TOTP authentication;
823 * or other appropriate error. */
829 /* Log out from ISDS server and close connection. */
832 /* Verify connection to ISDS is alive and server is responding.
833 * Sent dummy request to ISDS and expect dummy response. */
836 /* Get data about logged in user and his box. */
840 /* Get data about logged in user. */
844 /* Get expiration time of current password
845 * @context is session context
846 * @expiration is automatically reallocated time when password expires. If
847 * password expiration is disables, NULL will be returned. In case of error
848 * it will be nulled too. */
852 /* Change user password in ISDS.
853 * User must supply old password, new password will takes effect after some
854 * time, current session can continue. Password must fulfill some constraints.
855 * @context is session context
856 * @old_password is current password.
857 * @new_password is requested new password
858 * @otp auxiliary data required if one-time password authentication is in use,
859 * defines OTP code (if known) and returns fine grade resolution of OTP
860 * procedure. Pass NULL, if one-time password authentication is not needed.
861 * Please note the @otp argument must much OTP method used at log-in time. See
862 * isds_login() function for more details.
863 * @return IE_SUCCESS, if password has been changed. Or returns appropriate
864 * error code. It can return IE_PARTIAL_SUCCESS if OTP is in use and server is
865 * awaiting OTP code that has been delivered by side channel to the user. */
870 /* Create new box.
871 * @context is session context
872 * @box is box description to create including single primary user (in case of
873 * FO box type). It outputs box ID assigned by ISDS in dbID element.
874 * @users is list of struct isds_DbUserInfo (primary users in case of non-FO
875 * box, or contact address of PFO box owner)
876 * @former_names is optional former name of box owner. Pass NULL if you don't care.
877 * @upper_box_id is optional ID of supper box if currently created box is
878 * subordinated.
879 * @ceo_label is optional title of OVM box owner (e.g. mayor)
880 * @credentials_delivery is NULL if new password should be delivered off-line
881 * to box owner. It is valid pointer if owner should obtain new password on-line
882 * on dedicated web server. Then input @credentials_delivery.email value is
883 * his e-mail address he must provide to dedicated web server together
884 * with output reallocated @credentials_delivery.token member. Output
885 * member @credentials_delivery.new_user_name is unused up on this call.
886 * @approval is optional external approval of box manipulation
887 * @refnumber is reallocated serial number of request assigned by ISDS. Use
888 * NULL, if you don't care.*/
896 /* Notify ISDS about new PFO entity.
897 * This function has no real effect.
898 * @context is session context
899 * @box is PFO description including single primary user.
900 * @users is list of struct isds_DbUserInfo (contact address of PFO box owner)
901 * @former_names is optional undocumented string. Pass NULL if you don't care.
902 * @upper_box_id is optional ID of supper box if currently created box is
903 * subordinated.
904 * @ceo_label is optional title of OVM box owner (e.g. mayor)
905 * @approval is optional external approval of box manipulation
906 * @refnumber is reallocated serial number of request assigned by ISDS. Use
907 * NULL, if you don't care.*/
914 /* Remove given box permanently.
915 * @context is session context
916 * @box is box description to delete
917 * @since is date of box owner cancellation. Only tm_year, tm_mon and tm_mday
918 * carry sane value.
919 * @approval is optional external approval of box manipulation
920 * @refnumber is reallocated serial number of request assigned by ISDS. Use
921 * NULL, if you don't care.*/
926 /* Undocumented function.
927 * @context is session context
928 * @box is box description to delete
929 * @approval is optional external approval of box manipulation
930 * @refnumber is reallocated serial number of request assigned by ISDS. Use
931 * NULL, if you don't care.*/
936 /* Update data about given box.
937 * @context is session context
938 * @old_box current box description
939 * @new_box are updated data about @old_box
940 * @approval is optional external approval of box manipulation
941 * @refnumber is reallocated serial number of request assigned by ISDS. Use
942 * NULL, if you don't care.*/
948 /* Get data about all users assigned to given box.
949 * @context is session context
950 * @box_id is box ID
951 * @users is automatically reallocated list of struct isds_DbUserInfo */
955 /* Update data about user assigned to given box.
956 * @context is session context
957 * @box is box identification
958 * @old_user identifies user to update
959 * @new_user are updated data about @old_user
960 * @refnumber is reallocated serial number of request assigned by ISDS. Use
961 * NULL, if you don't care.*/
968 /* Undocumented function.
969 * @context is session context
970 * @box_id is UTF-8 encoded box identifier
971 * @token is UTF-8 encoded temporary password
972 * @user_id outputs UTF-8 encoded reallocated user identifier
973 * @password outpus UTF-8 encoded reallocated user password
974 * Output arguments will be nulled in case of error */
979 /* Reset credentials of user assigned to given box.
980 * @context is session context
981 * @box is box identification
982 * @user identifies user to reset password
983 * @fee_paid is true if fee has been paid, false otherwise
984 * @approval is optional external approval of box manipulation
985 * @credentials_delivery is NULL if new password should be delivered off-line
986 * to the user. It is valid pointer if user should obtain new password on-line
987 * on dedicated web server. Then input @credentials_delivery.email value is
988 * user's e-mail address user must provide to dedicated web server together
989 * with @credentials_delivery.token. The output reallocated token user needs
990 * to use to authorize on the web server to view his new password. Output
991 * reallocated @credentials_delivery.new_user_name is user's log-in name that
992 * ISDS changed up on this call. (No reason why server could change the name
993 * is known now.)
994 * @refnumber is reallocated serial number of request assigned by ISDS. Use
995 * NULL, if you don't care.*/
1003 /* Assign new user to given box.
1004 * @context is session context
1005 * @box is box identification
1006 * @user defines new user to add
1007 * @credentials_delivery is NULL if new user's password should be delivered
1008 * off-line to the user. It is valid pointer if user should obtain new
1009 * password on-line on dedicated web server. Then input
1010 * @credentials_delivery.email value is user's e-mail address user must
1011 * provide to dedicated web server together with @credentials_delivery.token.
1012 * The output reallocated token user needs to use to authorize on the web
1013 * server to view his new password. Output reallocated
1014 * @credentials_delivery.new_user_name is user's log-in name that ISDS
1015 * assingned up on this call.
1016 * @approval is optional external approval of box manipulation
1017 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1018 * NULL, if you don't care.*/
1024 /* Remove user assigned to given box.
1025 * @context is session context
1026 * @box is box identification
1027 * @user identifies user to remove
1028 * @approval is optional external approval of box manipulation
1029 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1030 * NULL, if you don't care.*/
1035 /* Get list of boxes in ZIP archive.
1036 * @context is session context
1037 * @list_identifier is UTF-8 encoded string identifying boxes of interrest.
1038 * System recognizes following values currently: ALL (all boxes), UPG
1039 * (effectively OVM boxes), OVM (OVM gross type boxes), OPN (boxes allowing
1040 * receiving commercial messages). This argument is a string because
1041 * specification states new values can appear in the future. Not all list
1042 * types are available to all users.
1043 * @buffer is automatically reallocated memory to store the list of boxes. The
1044 * list is zipped CSV file.
1045 * @buffer_length is size of @buffer data in bytes.
1046 * In case of error @buffer will be freed and @buffer_length will be
1047 * undefined.*/
1051 /* Find boxes suiting given criteria.
1052 * @context is ISDS session context.
1053 * @criteria is filter. You should fill in at least some members.
1054 * @boxes is automatically reallocated list of isds_DbOwnerInfo structures,
1055 * possibly empty. Input NULL or valid old structure.
1056 * @return:
1057 * IE_SUCCESS if search succeeded, @boxes contains useful data
1058 * IE_NOEXIST if no such box exists, @boxes will be NULL
1059 * IE_2BIG if too much boxes exist and server truncated the results, @boxes
1060 * contains still valid data
1061 * other code if something bad happens. @boxes will be NULL. */
1066 /* Get status of a box.
1067 * @context is ISDS session context.
1068 * @box_id is UTF-8 encoded box identifier as zero terminated string
1069 * @box_status is return value of box status.
1070 * @return:
1071 * IE_SUCCESS if box has been found and its status retrieved
1072 * IE_NOEXIST if box is not known to ISDS server
1073 * or other appropriate error.
1074 * You can use isds_DbState to enumerate box status. However out of enum
1075 * range value can be returned too. This is feature because ISDS
1076 * specification leaves the set of values open.
1077 * Be ware that status DBSTATE_REMOVED is signaled as IE_SUCCESS. That means
1078 * the box has been deleted, but ISDS still lists its former existence. */
1082 /* Switch box into state where box can receive commercial messages (off by
1083 * default)
1084 * @context is ISDS session context.
1085 * @box_id is UTF-8 encoded box identifier as zero terminated string
1086 * @allow is true for enable, false for disable commercial messages income
1087 * @approval is optional external approval of box manipulation
1088 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1089 * NULL, if you don't care. */
1094 /* Switch box into / out of state where non-OVM box can act as OVM (e.g. force
1095 * message acceptance). This is just a box permission. Sender must apply
1096 * such role by sending each message.
1097 * @context is ISDS session context.
1098 * @box_id is UTF-8 encoded box identifier as zero terminated string
1099 * @allow is true for enable, false for disable OVM role permission
1100 * @approval is optional external approval of box manipulation
1101 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1102 * NULL, if you don't care. */
1107 /* Switch box accessibility state on request of box owner.
1108 * Despite the name, owner must do the request off-line. This function is
1109 * designed for such off-line meeting points (e.g. Czech POINT).
1110 * @context is ISDS session context.
1111 * @box identifies box to switch accessibility state.
1112 * @allow is true for making accessible, false to disallow access.
1113 * @approval is optional external approval of box manipulation
1114 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1115 * NULL, if you don't care. */
1121 /* Disable box accessibility on law enforcement (e.g. by prison) since exact
1122 * date.
1123 * @context is ISDS session context.
1124 * @box identifies box to switch accessibility state.
1125 * @since is date since accessibility has been denied. This can be past too.
1126 * Only tm_year, tm_mon and tm_mday carry sane value.
1127 * @approval is optional external approval of box manipulation
1128 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1129 * NULL, if you don't care. */
1135 /* Send a message via ISDS to a recipient
1136 * @context is session context
1137 * @outgoing_message is message to send; Some members are mandatory (like
1138 * dbIDRecipient), some are optional and some are irrelevant (especially data
1139 * about sender). Included pointer to isds_list documents must contain at
1140 * least one document of FILEMETATYPE_MAIN. This is read-write structure, some
1141 * members will be filled with valid data from ISDS. Exact list of write
1142 * members is subject to change. Currently dmID is changed.
1143 * @return ISDS_SUCCESS, or other error code if something goes wrong. */
1147 /* Send a message via ISDS to a multiple recipients
1148 * @context is session context
1149 * @outgoing_message is message to send; Some members are mandatory,
1150 * some are optional and some are irrelevant (especially data
1151 * about sender). Data about recipient will be substituted by ISDS from
1152 * @copies. Included pointer to isds_list documents must
1153 * contain at least one document of FILEMETATYPE_MAIN.
1154 * @copies is list of isds_message_copy structures addressing all desired
1155 * recipients. This is read-write structure, some members will be filled with
1156 * valid data from ISDS (message IDs, error codes, error descriptions).
1157 * @return
1158 * ISDS_SUCCESS if all messages have been sent
1159 * ISDS_PARTIAL_SUCCESS if sending of some messages has failed (failed and
1160 * succeeded messages can be identified by copies->data->error),
1161 * or other error code if something other goes wrong. */
1166 /* Get list of outgoing (already sent) messages.
1167 * Any criterion argument can be NULL, if you don't care about it.
1168 * @context is session context. Must not be NULL.
1169 * @from_time is minimal time and date of message sending inclusive.
1170 * @to_time is maximal time and date of message sending inclusive
1171 * @dmSenderOrgUnitNum is the same as isds_envelope.dmSenderOrgUnitNum
1172 * @status_filter is bit field of isds_message_status values. Use special
1173 * value MESSAGESTATE_ANY to signal you don't care. (It's defined as union of
1174 * all values, you can use bit-wise arithmetic if you want.)
1175 * @offset is index of first message we are interested in. First message is 1.
1176 * Set to 0 (or 1) if you don't care.
1177 * @number is maximal length of list you want to get as input value, outputs
1178 * number of messages matching these criteria. Can be NULL if you don't care
1179 * (applies to output value either).
1180 * @messages is automatically reallocated list of isds_message's. Be ware that
1181 * it returns only brief overview (envelope and some other fields) about each
1182 * message, not the complete message. FIXME: Specify exact fields.
1183 * The list is sorted by delivery time in ascending order.
1184 * Use NULL if you don't care about the meta data (useful if you want to know
1185 * only the @number). If you provide &NULL, list will be allocated on heap,
1186 * if you provide pointer to non-NULL, list will be freed automatically at
1187 * first. Also in case of error the list will be NULLed.
1188 * @return IE_SUCCESS or appropriate error code. */
1195 /* Get list of incoming (addressed to you) messages.
1196 * Any criterion argument can be NULL, if you don't care about it.
1197 * @context is session context. Must not be NULL.
1198 * @from_time is minimal time and date of message sending inclusive.
1199 * @to_time is maximal time and date of message sending inclusive
1200 * @dmRecipientOrgUnitNum is the same as isds_envelope.dmRecipientOrgUnitNum
1201 * @status_filter is bit field of isds_message_status values. Use special
1202 * value MESSAGESTATE_ANY to signal you don't care. (It's defined as union of
1203 * all values, you can use bit-wise arithmetic if you want.)
1204 * @offset is index of first message we are interested in. First message is 1.
1205 * Set to 0 (or 1) if you don't care.
1206 * @number is maximal length of list you want to get as input value, outputs
1207 * number of messages matching these criteria. Can be NULL if you don't care
1208 * (applies to output value either).
1209 * @messages is automatically reallocated list of isds_message's. Be ware that
1210 * it returns only brief overview (envelope and some other fields) about each
1211 * message, not the complete message. FIXME: Specify exact fields.
1212 * Use NULL if you don't care about the meta data (useful if you want to know
1213 * only the @number). If you provide &NULL, list will be allocated on heap,
1214 * if you provide pointer to non-NULL, list will be freed automatically at
1215 * first. Also in case of error the list will be NULLed.
1216 * @return IE_SUCCESS or appropriate error code. */
1224 /* Get list of sent message state changes.
1225 * Any criterion argument can be NULL, if you don't care about it.
1226 * @context is session context. Must not be NULL.
1227 * @from_time is minimal time and date of status changes inclusive
1228 * @to_time is maximal time and date of status changes inclusive
1229 * @changed_states is automatically reallocated list of
1230 * isds_message_status_change's. If you provide &NULL, list will be allocated
1231 * on heap, if you provide pointer to non-NULL, list will be freed
1232 * automatically at first. Also in case of error the list will be NULLed.
1233 * XXX: The list item ordering is not specified.
1234 * XXX: Server provides only `recent' changes.
1235 * @return IE_SUCCESS or appropriate error code. */
1241 /* Download incoming message envelope identified by ID.
1242 * @context is session context
1243 * @message_id is message identifier (you can get them from
1244 * isds_get_list_of_received_messages())
1245 * @message is automatically reallocated message retrieved from ISDS.
1246 * It will miss documents per se. Use isds_get_received_message(), if you are
1247 * interested in documents (content) too.
1248 * Returned hash and timestamp require documents to be verifiable. */
1252 /* Download signed delivery info-sheet of given message identified by ID.
1253 * @context is session context
1254 * @message_id is message identifier (you can get them from
1255 * isds_get_list_of_{sent,received}_messages())
1256 * @message is automatically reallocated message retrieved from ISDS.
1257 * It will miss documents per se. Use isds_get_signed_received_message(),
1258 * if you are interested in documents (content). OTOH, only this function
1259 * can get list events message has gone through. */
1263 /* Load delivery info of any format from buffer.
1264 * @context is session context
1265 * @raw_type advertises format of @buffer content. Only delivery info types
1266 * are accepted.
1267 * @buffer is DER encoded PKCS#7 structure with signed delivery info. You can
1268 * retrieve such data from message->raw after calling
1269 * isds_get_signed_delivery_info().
1270 * @length is length of buffer in bytes.
1271 * @message is automatically reallocated message parsed from @buffer.
1272 * @strategy selects how buffer will be attached into raw isds_message member.
1273 * */
1279 /* Download delivery info-sheet of given message identified by ID.
1280 * @context is session context
1281 * @message_id is message identifier (you can get them from
1282 * isds_get_list_of_{sent,received}_messages())
1283 * @message is automatically reallocated message retrieved from ISDS.
1284 * It will miss documents per se. Use isds_get_received_message(), if you are
1285 * interested in documents (content). OTOH, only this function can get list
1286 * of events message has gone through. */
1290 /* Download incoming message identified by ID.
1291 * @context is session context
1292 * @message_id is message identifier (you can get them from
1293 * isds_get_list_of_received_messages())
1294 * @message is automatically reallocated message retrieved from ISDS */
1298 /* Load message of any type from buffer.
1299 * @context is session context
1300 * @raw_type defines content type of @buffer. Only message types are allowed.
1301 * @buffer is message raw representation. Format (CMS, plain signed,
1302 * message direction) is defined in @raw_type. You can retrieve such data
1303 * from message->raw after calling isds_get_[signed]{received,sent}_message().
1304 * @length is length of buffer in bytes.
1305 * @message is automatically reallocated message parsed from @buffer.
1306 * @strategy selects how buffer will be attached into raw isds_message member.
1307 * */
1312 /* Determine type of raw message or delivery info according some heuristics.
1313 * It does not validate the raw blob.
1314 * @context is session context
1315 * @raw_type returns content type of @buffer. Valid only if exit code of this
1316 * function is IE_SUCCESS. The pointer must be valid. This is no automatically
1317 * reallocated memory.
1318 * @buffer is message raw representation.
1319 * @length is length of buffer in bytes. */
1323 /* Download signed incoming message identified by ID.
1324 * @context is session context
1325 * @message_id is message identifier (you can get them from
1326 * isds_get_list_of_received_messages())
1327 * @message is automatically reallocated message retrieved from ISDS. The raw
1328 * member will be filled with PKCS#7 structure in DER format. */
1332 /* Download signed outgoing message identified by ID.
1333 * @context is session context
1334 * @message_id is message identifier (you can get them from
1335 * isds_get_list_of_sent_messages())
1336 * @message is automatically reallocated message retrieved from ISDS. The raw
1337 * member will be filled with PKCS#7 structure in DER format. */
1341 /* Get type and name of user who sent a message identified by ID.
1342 * @context is session context
1343 * @message_id is message identifier
1344 * @sender_type is pointer to automatically allocated type of sender detected
1345 * from @raw_sender_type string. If @raw_sender_type is unknown to this
1346 * library or to the server, NULL will be returned. Pass NULL if you don't
1347 * care about it.
1348 * @raw_sender_type is automatically reallocated UTF-8 string describing
1349 * sender type or NULL if not known to server. Pass NULL if you don't care.
1350 * @sender_name is automatically reallocated UTF-8 name of user who sent the
1351 * message, or NULL if not known to ISDS. Pass NULL if you don't care. */
1356 /* Retrieve hash of message identified by ID stored in ISDS.
1357 * @context is session context
1358 * @message_id is message identifier
1359 * @hash is automatically reallocated message hash downloaded from ISDS.
1360 * Message must exist in system and must not be deleted. */
1364 /* Compute hash of message from raw representation and store it into envelope.
1365 * Original hash structure will be destroyed in envelope.
1366 * @context is session context
1367 * @message is message carrying raw XML message blob
1368 * @algorithm is desired hash algorithm to use */
1372 /* Compare two hashes.
1373 * @h1 is first hash
1374 * @h2 is another hash
1375 * @return
1376 * IE_SUCCESS if hashes equal
1377 * IE_NOTUNIQ if hashes are comparable, but they don't equal
1378 * IE_ENUM if not comparable, but both structures defined
1379 * IE_INVAL if some of the structures are undefined (NULL)
1380 * IE_ERROR if internal error occurs */
1384 /* Check message has gone through ISDS by comparing message hash stored in
1385 * ISDS and locally computed hash. You must provide message with valid raw
1386 * member (do not use isds_load_message(..., BUFFER_DONT_STORE)).
1387 * This is convenient wrapper for isds_download_message_hash(),
1388 * isds_compute_message_hash(), and isds_hash_cmp() sequence.
1389 * @context is session context
1390 * @message is message with valid raw and envelope member; envelope->hash
1391 * member will be changed during function run. Use envelope on heap only.
1392 * @return
1393 * IE_SUCCESS if message originates in ISDS
1394 * IE_NOTEQUAL if message is unknown to ISDS
1395 * other code for other errors */
1399 /* Submit CMS signed message to ISDS to verify its originality. This is
1400 * stronger form of isds_verify_message_hash() because ISDS does more checks
1401 * than simple one (potentialy old weak) hash comparison.
1402 * @context is session context
1403 * @message is memory with raw CMS signed message bit stream
1404 * @length is @message size in bytes
1405 * @return
1406 * IE_SUCCESS if message originates in ISDS
1407 * IE_NOTEQUAL if message is unknown to ISDS
1408 * other code for other errors */
1412 /* Mark message as read. This is a transactional commit function to acknowledge
1413 * to ISDS the message has been downloaded and processed by client properly.
1414 * @context is session context
1415 * @message_id is message identifier. */
1419 /* Mark message as received by recipient. This is applicable only to
1420 * commercial message. Use envelope->dmType message member to distinguish
1421 * commercial message from government message. Government message is
1422 * received automatically (by law), commercial message on recipient request.
1423 * @context is session context
1424 * @message_id is message identifier. */
1428 /* Send bogus request to ISDS.
1429 * Just for test purposes */
1432 /* Send document for authorized conversion into Czech POINT system.
1433 * This is public anonymous service, no log-in necessary. Special context is
1434 * used to reuse keep-a-live HTTPS connection.
1435 * @context is Czech POINT session context. DO NOT use context connected to
1436 * ISDS server. Use new context or context used by this function previously.
1437 * @document is document to convert. Only data, data_length, dmFileDescr and
1438 * is_xml members are significant. Be ware that not all document formats can be
1439 * converted (signed PDF 1.3 and higher only (2010-02 state)).
1440 * @id is reallocated identifier assigned by Czech POINT system to
1441 * your document on submit. Use is to tell it to Czech POINT officer.
1442 * @date is reallocated document submit date (submitted documents
1443 * expires after some period). Only tm_year, tm_mon and tm_mday carry sane
1444 * value. */
1449 /* Close possibly opened connection to Czech POINT document deposit.
1450 * @context is Czech POINT session context. */
1453 /* Send request for new box creation in testing ISDS instance.
1454 * It's not possible to request for a production box currently, as it
1455 * communicates via e-mail.
1456 * XXX: This function does not work either. Server complains about invalid
1457 * e-mail address.
1458 * XXX: Remove context->type hacks in isds.c and validator.c when removing
1459 * this function
1460 * @context is special session context for box creation request. DO NOT use
1461 * standard context as it could reveal your password. Use fresh new context or
1462 * context previously used by this function.
1463 * @box is box description to create including single primary user (in case of
1464 * FO box type). It outputs box ID assigned by ISDS in dbID element.
1465 * @users is list of struct isds_DbUserInfo (primary users in case of non-FO
1466 * box, or contact address of PFO box owner). The email member is mandatory as
1467 * it will be used to deliver credentials.
1468 * @former_names is optional undocumented string. Pass NULL if you don't care.
1469 * @approval is optional external approval of box manipulation
1470 * @refnumber is reallocated serial number of request assigned by ISDS. Use
1471 * NULL, if you don't care.*/
1477 /* Search for document by document ID in list of documents. IDs are compared
1478 * as UTF-8 string.
1479 * @documents is list of isds_documents
1480 * @id is document identifier
1481 * @return first matching document or NULL. */
1485 /* Normalize @mime_type to be proper MIME type.
1486 * ISDS servers pass invalid MIME types (e.g. "pdf"). This function tries to
1487 * guess regular MIME type (e.g. "application/pdf").
1488 * @mime_type is UTF-8 encoded MIME type to fix
1489 * @return original @mime_type if no better interpretation exists, or array to
1490 * constant static UTF-8 encoded string with proper MIME type. */
1493 /* Deallocate structure isds_pki_credentials and NULL it.
1494 * Pass-phrase is discarded.
1495 * @pki credentials to to free */
1498 /* Free isds_list with all member data.
1499 * @list list to free, on return will be NULL */
1502 /* Deallocate structure isds_hash and NULL it.
1503 * @hash hash to to free */
1506 /* Deallocate structure isds_DbOwnerInfo recursively and NULL it */
1509 /* Deallocate structure isds_DbUserInfo recursively and NULL it */
1512 /* Deallocate struct isds_event recursively and NULL it */
1515 /* Deallocate struct isds_envelope recursively and NULL it */
1518 /* Deallocate struct isds_document recursively and NULL it */
1521 /* Deallocate struct isds_message recursively and NULL it */
1524 /* Deallocate struct isds_message_copy recursively and NULL it */
1527 /* Deallocate struct isds_message_status_change recursively and NULL it */
1531 /* Deallocate struct isds_approval recursively and NULL it */
1534 /* Deallocate struct isds_commercial_permission recursively and NULL it */
1538 /* Deallocate struct isds_credentials_delivery recursively and NULL it.
1539 * The email string is deallocated too. */
1543 /* Copy structure isds_PersonName recursively */
1547 /* Copy structure isds_Address recursively */
1551 /* Copy structure isds_DbOwnerInfo recursively */
1555 /* Copy structure isds_DbUserInfo recursively */
1560 }
1561 #endif
1563 #endif