Streamlined security for mobile and embedded devices
|
| RSA BSAFE Micro Edition Suite |
Streamlined security for mobile and embedded devices |
|
|
00001 /* $Id: r_cert.h,v 1.247.4.5 2005/10/27 04:49:42 sparki Exp $ */
00002 /*
00003 * Copyright (C) 1998-2003 RSA Security Inc. All rights reserved.
00004 *
00005 * This work contains proprietary information of RSA Security.
00006 * Distribution is limited to authorized licensees of RSA
00007 * Security. Any unauthorized reproduction, distribution or
00008 * modification of this work is strictly prohibited.
00009 */
00010
00016 #ifndef HEADER_COMMON_R_CERT_H
00017 #define HEADER_COMMON_R_CERT_H
00018
00019 #ifdef __cplusplus
00020 extern "C" {
00021 #endif
00022
00023 /* If Rm_ALL_DIRECT is defined then make sure that this module is configured
00024 * to operate in DIRECT mode.
00025 */
00026 #if (defined(Rm_ALL_DIRECT) && !defined(Rm_CERT_DIRECT))
00027 #define Rm_CERT_DIRECT
00028 #endif /* defined(Rm_ALL_DIRECT) && !defined(Rm_CERT_DIRECT) */
00029
00030 /* Can't have both TABLE and DIRECT active at the same time. DIRECT is
00031 * considered to take precedence.
00032 */
00033 #if (defined(Rm_CERT_TABLE) && defined(Rm_CERT_DIRECT))
00034 #undef Rm_CERT_TABLE
00035 #endif /* defined(Rm_CERT_TABLE) && defined(Rm_CERT_DIRECT) */
00036
00037 /* If FULL is defined then the configurable public API needs access to a
00038 * 'clean' set of function prototypes. This in an internal switch! It needs
00039 * to be here because this is the last point in time, after this point no
00040 * more configuration can be applied.
00041 */
00042 #ifdef Rm_CERT_FULL
00043
00044 #ifdef Rm_CERT_TABLE
00045 #undef Rm_CERT_TABLE
00046 #endif /* Rm_CERT_TABLE */
00047
00048 #ifdef Rm_CERT_DIRECT
00049 #undef Rm_CERT_DIRECT
00050 #endif /* Rm_CERT_DIRECT */
00051
00052 #endif /* Rm_CERT_FULL */
00053
00054 /* Include all header files needed to make this header file compile, do not
00055 * worry about TABLE or DIRECT as these headers are only here to make things
00056 * compile. If TABLE or DIRECT were defined for other modules then this would
00057 * make it hard for an application to configure according to it's wishes. The
00058 * internal header file is responsible for making sure the implementation gets
00059 * correctly configured external headers.
00060 */
00061 #include "r_lib.h"
00062 #ifndef NO_BIO
00063 #include "bio.h"
00064 #endif /* NO_BIO */
00065 #include "time_mod.h"
00066 #include "r_nid.h"
00067 #include "cryp_mod.h"
00068 #include "r_oid_str.h"
00069 #include "r_format.h"
00070 #ifndef NO_EXT
00071 #include "r_ext.h"
00072 #endif
00073
00104 /*
00105 * Exported macro constants
00106 */
00107
00116 /* Defines for implementation identification */
00121 #define R_RES_IMPL_ID_OP R_RES_IMPL_ID_DEF
00122
00134 /* Defines for Certificate Types known to R_CERT */
00139 #define R_CERT_TYPE_X509 1
00140
00145 #define R_CERT_TYPE_NULL 0
00146
00151 #define R_CERT_TYPE_WTLS 2
00152
00153 /*
00154 * Indicates a URL certificate type.
00155 * The string equivalent is <tt>"URL"/"url"</tt>.
00156 */
00157 #define R_CERT_TYPE_URL 3
00158
00163 /* Note: R_PKEY_TYPE values are also part of this list */
00164
00229 #define R_CERT_CTX_INFO_R_LIB_CTX 0
00230
00246 #define R_CERT_CTX_INFO_CERT_TYPE 1
00247
00269 #define R_CERT_CTX_INFO_R_CR_CTX 2
00270
00291 #define R_CERT_CTX_INFO_R_PKEY_CTX 3
00292
00545 #define R_CERT_INFO_BASE PK_OBJECT_ID_BASE
00546
00565 #define R_CERT_INFO_VERSION PK_CERT_VER
00566
00586 #define R_CERT_INFO_SERIAL_NUMBER PK_CERT_SERIAL
00587
00607 #define R_CERT_INFO_ISSUER PK_CERT_ISSUER
00608
00628 #define R_CERT_INFO_NOT_BEFORE PK_CERT_NOT_BEFORE
00629
00649 #define R_CERT_INFO_NOT_AFTER PK_CERT_NOT_AFTER
00650
00670 #define R_CERT_INFO_SUBJECT PK_CERT_SUBJECT
00671
00691 #define R_CERT_INFO_PUBLIC_KEY PK_CERT_PUBKEY
00692
00712 #define R_CERT_INFO_ISSUER_UNIQUE_ID PK_CERT_ISSUER_ATTRS
00713
00735 #define R_CERT_INFO_SUBJECT_UNIQUE_ID PK_CERT_SUBJECT_ATTRS
00736
00758 #define R_CERT_INFO_EXTENSIONS PK_CERT_EXTENSIONS
00759
00778 #define R_CERT_INFO_KEY_USAGE R_EXT_ID_KEY_USAGE
00779
00780
00785 #define R_CERT_INFO_KEY_USAGE_INT (R_CERT_INFO_BASE + 16)
00786
00803 #define R_CERT_INFO_EXTENDED_KEY_USAGE R_EXT_ID_EXT_KEY_USAGE
00804
00822 #define R_CERT_INFO_AUTH_INFO_ACCESS R_EXT_ID_AUTH_INFO_ACCESS
00823
00840 #define R_CERT_INFO_BASIC_CONSTRAINTS R_EXT_ID_BASIC_CONSTRAINTS
00841
00858 #define R_CERT_INFO_AUTHORITY_KEY_ID R_EXT_ID_AUTHORITY_KEY_ID
00859
00876 #define R_CERT_INFO_SUBJECT_KEY_ID R_EXT_ID_SUBJECT_KEY_ID
00877
00894 #define R_CERT_INFO_SUBJECT_ALT_NAME R_EXT_ID_SUBJECT_ALT_NAME
00895
00911 #define R_CERT_INFO_SUBJECT_DNS_NAME R_EXT_INFO_SAN_DNS_NAME
00912
00928 #define R_CERT_INFO_SUBJECT_IP_ADDRESS R_EXT_INFO_SAN_IP_ADDRESS
00929
00945 #define R_CERT_INFO_SUBJECT_RFC822_NAME R_EXT_INFO_SAN_RFC822_NAME
00946
00963 #define R_CERT_INFO_ISSUER_ALT_NAME R_EXT_ID_ISSUER_ALT_NAME
00964
00980 #define R_CERT_INFO_ISSUER_DNS_NAME R_EXT_INFO_IAN_DNS_NAME
00981
00997 #define R_CERT_INFO_ISSUER_IP_ADDRESS R_EXT_INFO_IAN_IP_ADDRESS
00998
01014 #define R_CERT_INFO_ISSUER_RFC822_NAME R_EXT_INFO_IAN_RFC822_NAME
01015
01016
01031 #define R_CERT_INFO_EXTENSION_COUNT R_CERT_INFO_BASE
01032
01049 #define R_CERT_INFO_EXTENSION (R_CERT_INFO_BASE + 1)
01050
01067 #define R_CERT_INFO_EXTENSION_BY_OID (R_CERT_INFO_BASE + 2)
01068
01090 #define R_CERT_INFO_TO_BE_SIGNED PK_CERT_BODY
01091
01113 #define R_CERT_INFO_BINARY PK_CERT_ALL
01114
01136 #define R_CERT_INFO_SIGNATURE PK_CERT_SIGNATURE
01137
01142 #define R_CERT_INFO_INTERNAL_SIG_INFO PK_CERT_SIG_INFO
01143
01147 #define R_CERT_INFO_ALL (R_CERT_INFO_BASE + 3)
01148
01163 #define R_CERT_INFO_TYPE (R_CERT_INFO_BASE + 4)
01164
01179 #define R_CERT_INFO_R_CERT_CTX (R_CERT_INFO_BASE + 5)
01180
01214 #define R_CERT_INFO_VERSION_STRING (R_CERT_INFO_BASE + 6)
01215
01230 #define R_CERT_INFO_SIGNATURE_TYPE (R_CERT_INFO_BASE + 7)
01231
01246 #define R_CERT_INFO_SIGNATURE_DIGEST_TYPE (R_CERT_INFO_BASE + 8)
01247
01266 #define R_CERT_INFO_R_PKEY (R_CERT_INFO_BASE + 9)
01267
01288 #define R_CERT_INFO_ISSUER_R_CERT_NAME (R_CERT_INFO_BASE + 10)
01289
01311 #define R_CERT_INFO_SUBJECT_R_CERT_NAME (R_CERT_INFO_BASE + 11)
01312
01316 #define R_CERT_INFO_PARAMETERS (R_CERT_INFO_BASE + 12)
01317
01321 #define R_CERT_INFO_END_PARAMETERS 0x0000
01322
01326 #define R_CERT_INFO_METHOD (R_CERT_INFO_BASE + 13)
01327
01328 /* TYPE in an R_TITEM rather than as a raw int pointer */
01329 #define R_CERT_INFO_CERT_TYPE (R_CERT_INFO_BASE + 14)
01330
01334 #define R_CERT_KEY_USAGE (R_CERT_INFO_BASE + 15)
01335
01336
01342 #define R_CERT_INFO_DELETE PK_SHARED_ID_DELETE_ITEM
01343
01347 #define R_CERT_INFO_HW_LABEL PK_SHARED_ID_LABEL
01348
01353 #define R_CERT_INFO_HW_ID PK_SHARED_ID_HW_ID
01354
01366 #define R_CERT_INFO_HW_MODIFIABLE PK_SHARED_ID_MODIFIABLE
01367
01379 #define R_CERT_INFO_HW_PRIVATE PK_SHARED_ID_PRIVATE
01380
01385 #define R_CERT_INFO_PURPOSE PK_SHARED_ID_PURPOSE
01386
01390 #define R_CERT_INFO_R_HW_OBJ PK_SHARED_ID_R_HW_OBJ_CERT
01391
01401 #define R_CERT_INFO_HW_CERT_CATEGORY PK_SHARED_ID_CERT_CATEGORY
01402
01407 #define R_CERT_INFO_HW_HASH_SUB_PUBKEY PK_SHARED_ID_HASH_SUB_PUBKEY
01408
01413 #define R_CERT_INFO_HW_HASH_ISS_PUBKEY PK_SHARED_ID_HASH_ISS_PUBKEY
01414
01423 #define R_CERT_INFO_HW_URL PK_SHARED_ID_URL
01424
01436 #define R_CERT_INFO_HW_JAVA_MIDP_SEC_DOM PK_SHARED_ID_JAVA_MIDP_SEC_DOM
01437
01449 #define R_CERT_INFO_HW_TRUSTED PK_SHARED_ID_TRUSTED
01450
01454 #define R_CERT_INFO_LOCATION PK_SHARED_ID_LOCATION
01455
01460 /* Indicates that the certificate is binary encoded. */
01461 #define R_CERT_FORMAT_BINARY R_FORMAT_BINARY
01462
01463 /* Indicates that the certificate is text format encoded. */
01464 #define R_CERT_FORMAT_TEXT R_FORMAT_TEXT
01465
01466 /* Indicates that the certificate is Privacy Enhanced Mail (PEM) encoded. */
01467 #define R_CERT_FORMAT_PEM R_FORMAT_PEM
01468
01469 /* Indicates that the certificate is in a C code function format. */
01470 #define R_CERT_FORMAT_CODE_BINARY R_FORMAT_CODE_BINARY
01471
01472 /* Indicates that the certificate is in a C code fields format. */
01473 #define R_CERT_FORMAT_CODE_FIELDS R_FORMAT_CODE_FIELDS
01474
01475 /* Indicates that the certificate is in a C code data format. */
01476 #define R_CERT_FORMAT_CODE_HEX R_FORMAT_CODE_HEX
01477
01478 /* Indicates that the certificate is in a plain hexadecimal Bytes format. */
01479 #define R_CERT_FORMAT_HEX R_FORMAT_HEX
01480
01481 /* Backwards compatibility macro for R_CERT_FORMAT_from_string */
01482 #define R_CERT_FORMAT_from_string(str, fmt) \
01483 R_FORMAT_from_string((str), (fmt))
01484
01485 /* Backwards compatibility macro for R_CERT_FORMAT_to_string */
01486 #define R_CERT_FORMAT_to_string(fmt, max, str) \
01487 R_FORMAT_to_string((fmt), (max), (str))
01488
01544 #define R_CERT_NAME_INFO_TYPE 1
01545
01550 #define R_CERT_NAME_INFO_R_CERT_CTX 2
01551
01566 #define R_CERT_NAME_INFO_ENTRY_COUNT 10
01567
01611 #define R_CERT_NAME_INFO_ENTRY 11
01612
01627 #define R_CERT_NAME_INFO_HASH 80
01628
01629 #define R_CERT_NAME_INFO_STRING_LENGTH 81
01630
01694 #define R_CERT_NAME_ENTRY_INFO_TYPE 1
01695
01714 #define R_CERT_NAME_ENTRY_INFO_DATA 2
01715
01716 #define R_CERT_NAME_ENTRY_INFO_DEPTH 10
01717
01733 #define R_CERT_NAME_ENTRY_TYPE_COMMON_NAME NID_commonName
01734
01738 #define R_CERT_NAME_ENTRY_TYPE_COUNTRY NID_countryName
01739
01743 #define R_CERT_NAME_ENTRY_TYPE_LOCALITY NID_localityName
01744
01748 #define R_CERT_NAME_ENTRY_TYPE_STREET NID_street
01749
01753 #define R_CERT_NAME_ENTRY_TYPE_STATE_PROVINCE NID_stateOrProvinceName
01754
01758 #define R_CERT_NAME_ENTRY_TYPE_ORGANIZATION NID_organizationName
01759
01764 #define R_CERT_NAME_ENTRY_TYPE_ORGANIZATIONAL_UNIT NID_organizationalUnitName
01765
01769 #define R_CERT_NAME_ENTRY_TYPE_GIVEN_NAME NID_givenName
01770
01774 #define R_CERT_NAME_ENTRY_TYPE_SURNAME NID_surname
01775
01779 #define R_CERT_NAME_ENTRY_TYPE_INITIALS NID_initials
01780
01784 #define R_CERT_NAME_ENTRY_TYPE_UNIQUE_ID NID_uniqueIdentifier
01785
01789 #define R_CERT_NAME_ENTRY_TYPE_SERIAL_NUMBER NID_serialNumber
01790
01794 #define R_CERT_NAME_ENTRY_TYPE_TITLE NID_title
01795
01799 #define R_CERT_NAME_ENTRY_TYPE_DESCRIPTION NID_description
01800
01804 #define R_CERT_NAME_ENTRY_TYPE_EMAIL_ADDRESS NID_pkcs9_emailAddress
01805
01809 #define R_CERT_NAME_ENTRY_TYPE_DOMAIN_COMPONENT NID_domainComponent
01810
01814 #define R_CERT_NAME_ENTRY_TYPE_GENERATION_QUALIFIER NID_generationQualifier
01815
01819 #define R_CERT_NAME_ENTRY_TYPE_DN_QUALIFIER NID_dnQualifier
01820
01824 #define R_CERT_NAME_ENTRY_TYPE_USER_ID NID_userID
01825
01830 /*
01831 * @defgroup CERT_SECTION Certificate Sections
01832 * This section outlines the sections of the method table that group
01833 * certificate handling functionality. R_CERT_METHOD_merge() can be
01834 * used to combine sections.
01835 * @ingroup CERT_IDENTIFIER
01836 * @{
01837 */
01838
01839 /* Sections are parts of an R_CERT implementation which are optional to
01840 * provide - R_CERT_METHOD_merge can be used to combine sections of two
01841 * implementation
01842 */
01846 #define R_CERT_SECTION_CRYPTO 0x0001
01847
01851 #define R_CERT_SECTION_STORE 0x0002
01852
01856 #define R_CERT_SECTION_NAME 0x0004
01857
01861 #define R_CERT_SECTION_BIO 0x0008
01862
01863 /*
01864 * @}
01865 */
01866
01875 /* Time related definitions */
01879 #define R_CERT_TIME_STRING_LENGTH 20
01880
01881 /* Certificate Currency states */
01885 #define R_CERT_TIME_NOT_YET_CURRENT 1
01886
01890 #define R_CERT_TIME_CURRENT 2
01891
01895 #define R_CERT_TIME_EXPIRED 3
01896
01909 /* Defines to check if a keyUsage extension is set */
01911 #define R_CERT_KEY_USAGE_DIGITAL_SIGNATURE 0x0080
01912
01914 #define R_CERT_KEY_USAGE_NON_REPUDIATION 0x0040
01915
01917 #define R_CERT_KEY_USAGE_KEY_ENCIPHERMENT 0x0020
01918
01920 #define R_CERT_KEY_USAGE_DATA_ENCIPHERMENT 0x0010
01921
01923 #define R_CERT_KEY_USAGE_KEY_AGREEMENT 0x0008
01924
01926 #define R_CERT_KEY_USAGE_KEY_CERT_SIGN 0x0004
01927
01929 #define R_CERT_KEY_USAGE_CRL_SIGN 0x0002
01930
01932 #define R_CERT_KEY_USAGE_ENCIPHER_ONLY 0x0001
01933
01935 #define R_CERT_KEY_USAGE_DECIPHER_ONLY 0x8000
01936
01954 #define R_CERT_AIA_LOCATION_TYPE_DIR_NAME 0x00
01955
01961 #define R_CERT_AIA_LOCATION_TYPE_RFC822NAME 0x01
01962
01968 #define R_CERT_AIA_LOCATION_TYPE_URI 0x02
01969
01989 #define R_CERT_CHECK_FLAG_VERSION 0x1000
01990
01996 #define R_CERT_CHECK_FLAG_EXTENSIONS 0x2000
01997
02001 #define R_CERT_CHECK_FLAG_ALL 0xF000
02002
02007 /*
02008 * @defgroup CERT_NAME_STRING_FORMAT Certificate Name String Formats
02009 * This section details the different string formats that a certificate name
02010 * can be encoded in.
02011 * @{
02012 */
02013
02014 /* The default string format for the certificate type. */
02015 #define R_CERT_NAME_STRING_FORMAT_DEFAULT 1
02016
02017 /*
02018 * The MIDLET string format as defined in the Java Specification Request (JSR)
02019 * 118 for a Mobile Information Device (MID).
02020 */
02021 #define R_CERT_NAME_STRING_FORMAT_MIDLET 2
02022
02023 /*
02024 * @}
02025 */
02026
02027 typedef unsigned int R_CERT_CTRL;
02028
02029 #define R_CERT_CTRL_INC_REFERENCE 1
02030
02031 /*
02032 * Exported types
02033 */
02034
02043 /*
02044 * there are opaque data types for those things for which can
02045 * switch the implementation routines - hence they don't really have
02046 * a known type as this is able to be changed at runtime
02047 *
02048 */
02049 #ifndef HEADER_COMMON_R_CERT_TYPEDEF_DEF
02050 #define HEADER_COMMON_R_CERT_TYPEDEF_DEF
02051
02066 typedef struct r_cert_st R_CERT;
02067 #endif /* HEADER_COMMON_R_CERT_TYPEDEF_DEF */
02068
02072 typedef struct r_cert_items_st R_CERT_ITEMS;
02073
02087 typedef struct r_cert_name_st R_CERT_NAME;
02088
02101 typedef struct r_cert_name_entry_st R_CERT_NAME_ENTRY;
02102
02103 /* there is a context which holds a method and other things that are needed
02104 * for the runtime glue between routines
02105 */
02106 #ifndef HEADER_COMMON_R_CERT_CTX_TYPEDEF_DEF
02107 #define HEADER_COMMON_R_CERT_CTX_TYPEDEF_DEF
02108
02125 typedef struct r_cert_ctx_st R_CERT_CTX;
02126 #endif /* HEADER_COMMON_R_CERT_CTX_TYPEDEF_DEF */
02127
02131 typedef int R_CERT_TYPE;
02132
02136 typedef int R_CERT_CTX_INFO;
02137
02141 typedef int R_CERT_INFO;
02142
02146 typedef int R_CERT_NAME_INFO;
02147
02151 typedef int R_CERT_NAME_TYPE;
02152
02156 typedef int R_CERT_NAME_ENTRY_INFO;
02157
02158 #ifndef HEADER_COMMON_R_CERT_NAME_ENTRY_TYPEDEF_DEF
02159 #define HEADER_COMMON_R_CERT_NAME_ENTRY_TYPEDEF_DEF
02160
02163 typedef int R_CERT_NAME_ENTRY_TYPE;
02164 #endif /* HEADER_COMMON_R_CERT_NAME_ENTRY_TYPEDEF_DEF */
02165
02169 typedef int R_CERT_TIME_VALIDITY;
02170
02175 #ifndef HEADER_COMMON_R_PKEY_TYPEDEF_DEF
02176 #define HEADER_COMMON_R_PKEY_TYPEDEF_DEF
02177
02180 typedef void R_PKEY;
02181 #endif /* HEADER_COMMON_R_PKEY_TYPEDEF_DEF */
02182
02183 #ifndef HEADER_COMMON_R_PKEY_CTX_TYPEDEF_DEF
02184 #define HEADER_COMMON_R_PKEY_CTX_TYPEDEF_DEF
02185
02188 typedef struct r_cert_ctx_st R_PKEY_CTX;
02189 #endif /* HEADER_COMMON_R_PKEY_CTX_TYPEDEF_DEF */
02190
02191 /* there is a method table (which encapsulates the functions that implement
02192 * the handling of all certificate related functions for a particular type
02193 * of certificate)
02194 */
02195 #ifndef HEADER_COMMON_R_CERT_METHOD_TYPEDEF_DEF
02196 #define HEADER_COMMON_R_CERT_METHOD_TYPEDEF_DEF
02197
02200 typedef struct r_cert_method_st R_CERT_METHOD;
02204 typedef struct r_cert_name_funcs_st R_NAME_METHOD;
02205 #endif /* HEADER_COMMON_R_CERT_METHOD_TYPEDEF_DEF */
02206
02207
02208 /*
02209 * Prints certificate details.
02210 *
02211 * @param bio [In] The #BIO to which the output is printed.
02212 * @param cert [In] The certificate to print.
02213 * @param format [In] The format of the output data.
02214 * @param format_arg [In] The format argument.
02215 *
02216 * @see R_CERT_get_print_func().
02217 */
02218 #ifndef NO_BIO
02219 typedef int R_CDECL R_CERT_PRINT_FUNC_T(BIO *bio, R_CERT *cert,
02220 int format, char *format_arg);
02221 #else /* !NO_BIO */
02222 typedef int R_CDECL R_CERT_PRINT_FUNC_T(void *bio, R_CERT *cert,
02223 int format, char *format_arg);
02224 #endif /* NO_BIO */
02225
02226 /*
02227 * Exported functions
02228 */
02229
02230
02231 #if defined(Rm_CERT_TABLE) || defined (Rm_CERT_DIRECT)
02232
02233 /* Include the extension header when building a small application */
02234 #include "rx_cert.h"
02235
02236 #endif /* defined(Rm_CERT_TABLE) && defined(Rm_CERT_DIRECT) */
02237
02259 #ifndef Rm_CERT_DIRECT
02260
02261 int R_CDECL R_CERT_CTX_new(R_LIB_CTX *lib_ctx, R_RES_FLAG flag, R_CERT_TYPE certtype,
02262 R_CERT_CTX **cert_ctx);
02263
02264 #endif /* !Rm_CERT_DIRECT */
02265
02266 #if !defined(Rm_CERT_TABLE) && !defined(Rm_CERT_DIRECT)
02267
02268 int R_CDECL R_CERT_CTX_free(R_CERT_CTX *cert_ctx);
02269
02270 int R_CDECL R_CERT_CTX_get_info(R_CERT_CTX *cert_ctx, int info_id, void *value);
02271 int R_CDECL R_CERT_CTX_set_info(R_CERT_CTX *cert_ctx, int info_id, void *value);
02272
02288 int R_CDECL R_CERT_new(R_CERT_CTX *cert_ctx, R_CERT_TYPE type, R_CERT **cert);
02289 int R_CDECL R_CERT_free(R_CERT *cert);
02290
02291 int R_CDECL R_CERT_from_binary(R_CERT_CTX *cert_ctx, R_FLAG_SHARE flag,
02292 R_CERT_TYPE type, unsigned int max_buf_len, const unsigned char *buf,
02293 unsigned int *consumed_len, R_CERT **cert);
02294
02295 int R_CDECL R_CERT_to_binary(R_CERT *cert, unsigned int max_buf_len, unsigned char *buf,
02296 unsigned int *outlen);
02297
02298 #define R_CERT_reference_inc(cert) R_CERT_inc_reference(cert)
02299
02300 int R_CDECL R_CERT_inc_reference(R_CERT *cert);
02301 int R_CDECL R_CERT_dup(R_CERT *cert, R_FLAG_SHARE flag, R_CERT **dup);
02302 int R_CDECL R_CERT_time_to_R_TIME(R_CERT *cert, R_TITEM *time_data, R_TIME *r_time);
02303
02304 /*
02305 * the get_*_info functions return references to the underlying binary
02306 * data for use by those routines that do not need to pull apart the
02307 * certificates in order to work with them and can simply extract the
02308 * mandatory pieces to work with
02309 */
02310 int R_CDECL R_CERT_get_info(R_CERT *cert, R_CERT_INFO info_id, void *value);
02311 int R_CDECL R_CERT_set_info(R_CERT *cert, R_CERT_INFO info_id, void *value);
02312
02313 /* Public key functions */
02314 int R_CDECL R_CERT_public_key_to_R_PKEY(R_CERT *cert, R_FLAG_SHARE flag,
02315 R_PKEY **pkey);
02316
02317 /* Crypto-related functions */
02318 int R_CDECL R_CERT_sign(R_CERT *cert, R_PKEY *pkey, int sig_type);
02319 int R_CDECL R_CERT_verify(R_CERT *cert, R_PKEY *pkey, int *verified);
02320 #endif /* !defined(Rm_CERT_TABLE) && !defined(Rm_CERT_DIRECT) */
02321
02322 #ifndef Rm_CERT_DIRECT
02323
02324 #ifndef NO_BIO
02325 int R_CDECL R_CERT_print(R_CERT *cert, R_FORMAT format, char *format_arg, BIO *bio);
02326 #endif
02327
02328 #endif /* !Rm_CERT_DIRECT */
02329
02330 int R_CDECL R_CERT_compare_cb(R_CERT *cert1, R_CERT *cert2);
02331 int R_CDECL R_CERT_is_equal(R_CERT *cert1, R_CERT *cert2);
02332
02333 int R_CDECL R_CERT_is_info_present(R_CERT *cert, R_CERT_INFO info_id);
02334 int R_CDECL R_CERT_is_info_critical(R_CERT *cert, R_CERT_INFO info_id);
02335
02336 int R_CDECL R_CERT_subject_name_compare_cb(R_CERT *cert1, R_CERT *cert2);
02337 int R_CDECL R_CERT_subject_name_is_equal(R_CERT *cert1, R_CERT *cert2);
02338
02339 int R_CDECL R_CERT_subject_name_to_string(R_CERT *cert, unsigned int max_str_len,
02340 char *str);
02341
02342 int R_CDECL R_CERT_issuer_name_to_string(R_CERT *cert, unsigned int max_str_len,
02343 char *str);
02344
02345 int R_CDECL R_CERT_not_after_to_R_TIME(R_CERT *cert, R_TIME *not_after_time);
02346 int R_CDECL R_CERT_not_after_from_R_TIME(R_CERT *cert, R_TIME *not_after_time);
02347
02348 int R_CDECL R_CERT_not_before_to_R_TIME(R_CERT *cert, R_TIME *not_before_time);
02349 int R_CDECL R_CERT_not_before_from_R_TIME(R_CERT *cert, R_TIME *not_before_time);
02350
02351 int R_CDECL R_CERT_not_after_to_binary(R_CERT *cert, unsigned int max_buf_len,
02352 unsigned char *buf, unsigned int *out_len);
02353
02354 int R_CDECL R_CERT_not_before_to_binary(R_CERT *cert, unsigned int max_buf_len,
02355 unsigned char *buf, unsigned int *out_len);
02356
02357 int R_CDECL R_CERT_not_after_to_string(R_CERT *cert, unsigned int max_buf_len,
02358 char *str);
02359 int R_CDECL R_CERT_not_before_to_string(R_CERT *cert, unsigned int max_buf_len,
02360 char *str);
02361
02362 #ifndef NO_BIO
02363 int R_CDECL R_CERT_read(R_CERT_CTX *cert_ctx, BIO *bio, R_CERT_TYPE type,
02364 R_FORMAT format, R_CERT **cert);
02365 #endif /* !NO_BIO */
02366
02367 int R_CDECL R_CERT_read_file(R_CERT_CTX *cert_ctx, char *filename, R_CERT_TYPE type,
02368 R_FORMAT format, R_CERT **cert);
02369
02370 #ifndef NO_BIO
02371 int R_CDECL R_CERT_write(R_CERT *cert, BIO *bio, R_FORMAT format, void *format_arg);
02372 #endif /* NO_BIO */
02373
02374 int R_CDECL R_CERT_write_file(R_CERT *cert, char *filename, R_FORMAT format,
02375 void *format_arg);
02376
02377 int R_CDECL R_CERT_TYPE_from_string(char *str, R_CERT_TYPE *type);
02378 int R_CDECL R_CERT_TYPE_to_string(R_CERT_TYPE type, unsigned int max_str_len,
02379 char *str);
02380 int R_CDECL R_CERT_TYPE_to_PEM_header(R_CERT_TYPE type, unsigned int max_str_len,
02381 char *str);
02382
02383 int R_CDECL R_CERT_fingerprint(R_CERT *cert, int md_type, unsigned int max_buf_len,
02384 unsigned char *buf, unsigned int *out_len);
02385 int R_CDECL R_CERT_is_matching_private_key(R_CERT *cert, R_PKEY *pkey);
02386
02387 int R_CDECL R_CERT_digest(R_CERT *cert, R_CERT_INFO part, int md_type,
02388 unsigned int max_buf_len, unsigned char *out_buf, unsigned int *out_len);
02389 int R_CDECL R_CERT_time_validity(R_CERT *cert, int *validity);
02390
02391 int R_CDECL R_CERT_issuer_name_to_R_CERT_NAME(R_CERT *cert, R_FLAG_SHARE flag,
02392 R_CERT_NAME **issuer);
02393 int R_CDECL R_CERT_subject_name_to_R_CERT_NAME(R_CERT *cert, R_FLAG_SHARE flag,
02394 R_CERT_NAME **subject);
02395
02396 int R_CDECL R_CERT_check(R_CERT *cert, unsigned int check_flag);
02397
02409 #if !defined(Rm_CERT_TABLE) && !defined(Rm_CERT_DIRECT)
02410
02411 int R_CDECL R_CERT_NAME_new(R_CERT_CTX *cert_ctx, R_CERT_NAME **name);
02412 int R_CDECL R_CERT_NAME_free(R_CERT_NAME *name);
02413 int R_CDECL R_CERT_NAME_dup(R_CERT_NAME *name, R_FLAG_SHARE flag,
02414 R_CERT_NAME **dup_name);
02415
02416 int R_CDECL R_CERT_NAME_from_binary(R_CERT_CTX *cert_ctx, R_FLAG_SHARE flag,
02417 unsigned int max_buf_len, const unsigned char *buf,
02418 unsigned int *consumed_len, R_CERT_NAME **name);
02419 int R_CDECL R_CERT_NAME_to_binary(R_CERT_NAME *name, unsigned int max_buf_len,
02420 unsigned char *buf, unsigned int *out_len);
02421
02422 int R_CDECL R_CERT_NAME_to_string(R_CERT_NAME *name, unsigned int max_str_len,
02423 char *str);
02424 int R_CDECL R_CERT_NAME_to_MID_string(R_CERT_NAME *name, unsigned int max_str_len,
02425 R_UTF8 str);
02426 int R_CDECL R_CERT_NAME_from_string(R_CERT_CTX *cert_ctx, char *str,
02427 R_CERT_NAME **name);
02428
02429 int R_CDECL R_CERT_NAME_get_info(R_CERT_NAME *name, R_CERT_NAME_INFO info_id,
02430 void *value);
02431 int R_CDECL R_CERT_NAME_set_info(R_CERT_NAME *name, R_CERT_NAME_INFO info_id,
02432 void *value);
02433
02434 #endif /* !defined(Rm_CERT_TABLE) && !defined(Rm_CERT_DIRECT) */
02435
02436
02437 int R_CDECL R_OID_from_R_CERT_NAME_ENTRY_TYPE(R_LIB_CTX *lib_ctx,
02438 R_CERT_NAME_ENTRY_TYPE type,
02439 R_OID **oid);
02440 int R_CDECL R_CERT_NAME_entry_to_R_CERT_NAME_ENTRY(R_CERT_NAME *name,
02441 R_FLAG_SHARE flag, R_CERT_NAME_ENTRY_TYPE type, int index,
02442 R_CERT_NAME_ENTRY **entry);
02443
02444 int R_CDECL R_OID_to_R_CERT_NAME_ENTRY_TYPE(R_OID *oid, R_CERT_NAME_ENTRY_TYPE *type);
02445
02446 int R_CDECL R_CERT_NAME_compare_cb(R_CERT_NAME *name1, R_CERT_NAME *name2);
02447 int R_CDECL R_CERT_NAME_is_equal(R_CERT_NAME *name1, R_CERT_NAME *name2);
02448
02449 #if !defined(Rm_CERT_TABLE) && !defined(Rm_CERT_DIRECT)
02450
02451 int R_CDECL R_CERT_NAME_ENTRY_new(R_CERT_NAME *name, R_CERT_NAME_ENTRY **entry);
02452 int R_CDECL R_CERT_NAME_ENTRY_free(R_CERT_NAME_ENTRY *entry);
02453 int R_CDECL R_CERT_NAME_ENTRY_get_info(R_CERT_NAME_ENTRY *entry,
02454 R_CERT_NAME_ENTRY_INFO info_id, void *value);
02455 int R_CDECL R_CERT_NAME_ENTRY_set_info(R_CERT_NAME_ENTRY *entry,
02456 R_CERT_NAME_ENTRY_INFO info_id, void *value);
02457
02458 #endif /* !defined(Rm_CERT_TABLE) && !defined(Rm_CERT_DIRECT) */
02459
02460
02472 #ifndef NO_EXT
02473 int R_CDECL R_CERT_test_key_usage(R_CERT *cert, int bits);
02474 int R_CDECL R_CERT_test_extended_key_usage(R_CERT *cert, R_OID **oid,
02475 unsigned int count);
02476 int R_CDECL R_CERT_key_usage_to_string(R_CERT *cert, char *separator,
02477 unsigned int max_str_len, char *str);
02478 int R_CDECL R_CERT_extended_key_usage_to_string(R_CERT *cert, char *separator,
02479 unsigned int max_str_len, char *str);
02480 #endif /* !NO_EXT */
02481
02492 #ifndef NO_EXT
02493 int R_CDECL R_CERT_get_authority_info_access(R_CERT *cert,
02494 unsigned char *method, unsigned int method_len, R_TITEM *titem);
02495 int R_CDECL R_CERT_authority_info_access_to_string(R_CERT *cert,
02496 char *separator, unsigned int max_str_len, char *str);
02497 #endif /* !NO_EXT */
02498
02509 #ifndef NO_EXT
02510 int R_CDECL R_CERT_crl_point_get_count(R_CERT *cert, int *count);
02511 int R_CDECL R_CERT_crl_point_get_types(R_CERT *cert, int index,
02512 int *name_types);
02513 int R_CDECL R_CERT_crl_point_get_info(R_CERT *cert, int index, int name_type,
02514 void *point, int reasons, void *issuer);
02515 #endif /* !NO_EXT */
02516
02520 #ifdef __cplusplus
02521 }
02522 #endif
02523 #endif /* HEADER_COMMON_R_CERT_H */
02524