]>
Commit | Line | Data |
---|---|---|
4a93d6ba MW |
1 | /* Support of X.509 certificates |
2 | * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann | |
3 | * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss | |
4 | * Copyright (C) 2002 Mario Strasser | |
5 | * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | * | |
17 | * RCSID $Id: x509.h,v 1.10 2005/12/06 22:52:44 as Exp $ | |
18 | */ | |
19 | ||
20 | #ifndef _X509_H | |
21 | #define _X509_H | |
22 | ||
23 | #include "pkcs1.h" | |
24 | #include "id.h" | |
25 | ||
26 | /* Definition of generalNames kinds */ | |
27 | ||
28 | typedef enum { | |
29 | GN_OTHER_NAME = 0, | |
30 | GN_RFC822_NAME = 1, | |
31 | GN_DNS_NAME = 2, | |
32 | GN_X400_ADDRESS = 3, | |
33 | GN_DIRECTORY_NAME = 4, | |
34 | GN_EDI_PARTY_NAME = 5, | |
35 | GN_URI = 6, | |
36 | GN_IP_ADDRESS = 7, | |
37 | GN_REGISTERED_ID = 8 | |
38 | } generalNames_t; | |
39 | ||
40 | /* access structure for a GeneralName */ | |
41 | ||
42 | typedef struct generalName generalName_t; | |
43 | ||
44 | struct generalName { | |
45 | generalName_t *next; | |
46 | generalNames_t kind; | |
47 | chunk_t name; | |
48 | }; | |
49 | ||
50 | /* access structure for an X.509v3 certificate */ | |
51 | ||
52 | typedef struct x509cert x509cert_t; | |
53 | ||
54 | struct x509cert { | |
55 | x509cert_t *next; | |
56 | time_t installed; | |
57 | int count; | |
58 | bool smartcard; | |
59 | u_char authority_flags; | |
60 | chunk_t certificate; | |
61 | chunk_t tbsCertificate; | |
62 | u_int version; | |
63 | chunk_t serialNumber; | |
64 | /* signature */ | |
65 | int sigAlg; | |
66 | chunk_t issuer; | |
67 | /* validity */ | |
68 | time_t notBefore; | |
69 | time_t notAfter; | |
70 | chunk_t subject; | |
71 | /* subjectPublicKeyInfo */ | |
72 | enum pubkey_alg subjectPublicKeyAlgorithm; | |
73 | chunk_t subjectPublicKey; | |
74 | chunk_t modulus; | |
75 | chunk_t publicExponent; | |
76 | /* issuerUniqueID */ | |
77 | /* subjectUniqueID */ | |
78 | /* v3 extensions */ | |
79 | /* extension */ | |
80 | /* extension */ | |
81 | /* extnID */ | |
82 | /* critical */ | |
83 | /* extnValue */ | |
84 | bool isCA; | |
85 | bool isOcspSigner; /* ocsp */ | |
86 | chunk_t subjectKeyID; | |
87 | chunk_t authKeyID; | |
88 | chunk_t authKeySerialNumber; | |
89 | chunk_t accessLocation; /* ocsp */ | |
90 | generalName_t *subjectAltName; | |
91 | generalName_t *crlDistributionPoints; | |
92 | /* signatureAlgorithm */ | |
93 | int algorithm; | |
94 | chunk_t signature; | |
95 | }; | |
96 | ||
97 | /* used for initialization */ | |
98 | extern const x509cert_t empty_x509cert; | |
99 | ||
100 | extern bool same_serial(chunk_t a, chunk_t b); | |
101 | extern bool same_keyid(chunk_t a, chunk_t b); | |
102 | extern bool same_dn(chunk_t a, chunk_t b); | |
103 | extern bool match_dn(chunk_t a, chunk_t b, int *wildcards); | |
104 | extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b); | |
105 | extern void hex_str(chunk_t bin, chunk_t *str); | |
106 | extern int dn_count_wildcards(chunk_t dn); | |
107 | extern int dntoa(char *dst, size_t dstlen, chunk_t dn); | |
108 | extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn | |
109 | , const char* null_dn); | |
110 | extern err_t atodn(char *src, chunk_t *dn); | |
111 | extern void gntoid(struct id *id, const generalName_t *gn); | |
112 | extern void compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID); | |
113 | extern void select_x509cert_id(x509cert_t *cert, struct id *end_id); | |
114 | extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert); | |
115 | extern time_t parse_time(chunk_t blob, int level0); | |
116 | extern void parse_authorityKeyIdentifier(chunk_t blob, int level0 | |
117 | , chunk_t *authKeyID, chunk_t *authKeySerialNumber); | |
118 | extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit); | |
119 | extern err_t check_validity(const x509cert_t *cert, time_t *until); | |
120 | extern bool check_signature(chunk_t tbs, chunk_t sig, int digest_alg | |
121 | , int enc_alg, const x509cert_t *issuer_cert); | |
122 | extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until); | |
123 | extern x509cert_t* add_x509cert(x509cert_t *cert); | |
124 | extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid | |
125 | , x509cert_t* chain); | |
126 | extern void build_x509cert(x509cert_t *cert, const RSA_public_key_t *cert_key | |
127 | , const RSA_private_key_t *signer_key); | |
128 | extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames); | |
129 | extern void share_x509cert(x509cert_t *cert); | |
130 | extern void release_x509cert(x509cert_t *cert); | |
131 | extern void free_x509cert(x509cert_t *cert); | |
132 | extern void store_x509certs(x509cert_t **firstcert, bool strict); | |
133 | extern void list_x509cert_chain(const char *caption, x509cert_t* cert | |
134 | , u_char auth_flags, bool utc); | |
135 | extern void list_x509_end_certs(bool utc); | |
136 | extern void free_generalNames(generalName_t* gn, bool free_name); | |
137 | ||
138 | #endif /* _X509_H */ |