1 /* Support of X.509 certificates
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * RCSID $Id: x509.h,v 1.10 2005/12/06 22:52:44 as Exp $
26 /* Definition of generalNames kinds */
33 GN_DIRECTORY_NAME
= 4,
34 GN_EDI_PARTY_NAME
= 5,
40 /* access structure for a GeneralName */
42 typedef struct generalName generalName_t
;
50 /* access structure for an X.509v3 certificate */
52 typedef struct x509cert x509cert_t
;
59 u_char authority_flags
;
61 chunk_t tbsCertificate
;
71 /* subjectPublicKeyInfo */
72 enum pubkey_alg subjectPublicKeyAlgorithm
;
73 chunk_t subjectPublicKey
;
75 chunk_t publicExponent
;
85 bool isOcspSigner
; /* ocsp */
88 chunk_t authKeySerialNumber
;
89 chunk_t accessLocation
; /* ocsp */
90 generalName_t
*subjectAltName
;
91 generalName_t
*crlDistributionPoints
;
92 /* signatureAlgorithm */
97 /* used for initialization */
98 extern const x509cert_t empty_x509cert
;
100 extern bool same_serial(chunk_t a
, chunk_t b
);
101 extern bool same_keyid(chunk_t a
, chunk_t b
);
102 extern bool same_dn(chunk_t a
, chunk_t b
);
103 extern bool match_dn(chunk_t a
, chunk_t b
, int *wildcards
);
104 extern bool same_x509cert(const x509cert_t
*a
, const x509cert_t
*b
);
105 extern void hex_str(chunk_t bin
, chunk_t
*str
);
106 extern int dn_count_wildcards(chunk_t dn
);
107 extern int dntoa(char *dst
, size_t dstlen
, chunk_t dn
);
108 extern int dntoa_or_null(char *dst
, size_t dstlen
, chunk_t dn
109 , const char* null_dn
);
110 extern err_t
atodn(char *src
, chunk_t
*dn
);
111 extern void gntoid(struct id
*id
, const generalName_t
*gn
);
112 extern void compute_subjectKeyID(x509cert_t
*cert
, chunk_t subjectKeyID
);
113 extern void select_x509cert_id(x509cert_t
*cert
, struct id
*end_id
);
114 extern bool parse_x509cert(chunk_t blob
, u_int level0
, x509cert_t
*cert
);
115 extern time_t parse_time(chunk_t blob
, int level0
);
116 extern void parse_authorityKeyIdentifier(chunk_t blob
, int level0
117 , chunk_t
*authKeyID
, chunk_t
*authKeySerialNumber
);
118 extern chunk_t
get_directoryName(chunk_t blob
, int level
, bool implicit
);
119 extern err_t
check_validity(const x509cert_t
*cert
, time_t *until
);
120 extern bool check_signature(chunk_t tbs
, chunk_t sig
, int digest_alg
121 , int enc_alg
, const x509cert_t
*issuer_cert
);
122 extern bool verify_x509cert(const x509cert_t
*cert
, bool strict
, time_t *until
);
123 extern x509cert_t
* add_x509cert(x509cert_t
*cert
);
124 extern x509cert_t
* get_x509cert(chunk_t issuer
, chunk_t serial
, chunk_t keyid
125 , x509cert_t
* chain
);
126 extern void build_x509cert(x509cert_t
*cert
, const RSA_public_key_t
*cert_key
127 , const RSA_private_key_t
*signer_key
);
128 extern chunk_t
build_subjectAltNames(generalName_t
*subjectAltNames
);
129 extern void share_x509cert(x509cert_t
*cert
);
130 extern void release_x509cert(x509cert_t
*cert
);
131 extern void free_x509cert(x509cert_t
*cert
);
132 extern void store_x509certs(x509cert_t
**firstcert
, bool strict
);
133 extern void list_x509cert_chain(const char *caption
, x509cert_t
* cert
134 , u_char auth_flags
, bool utc
);
135 extern void list_x509_end_certs(bool utc
);
136 extern void free_generalNames(generalName_t
* gn
, bool free_name
);