|
Eneboo - Documentación para desarrolladores
|
src/libdigidoc/DigiDocCert.h
Ir a la documentación de este archivo.
00001 #ifndef __DIGI_DOC_CERT_H__ 00002 #define __DIGI_DOC_CERT_H__ 00003 //================================================== 00004 // FILE: DigiDocCert.h 00005 // PROJECT: Digi Doc 00006 // DESCRIPTION: Digi Doc functions for certificate handling 00007 // AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia 00008 //================================================== 00009 // Copyright (C) AS Sertifitseerimiskeskus 00010 // This library is free software; you can redistribute it and/or 00011 // modify it under the terms of the GNU Lesser General Public 00012 // License as published by the Free Software Foundation; either 00013 // version 2.1 of the License, or (at your option) any later version. 00014 // This library is distributed in the hope that it will be useful, 00015 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00016 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00017 // Lesser General Public License for more details.ode 00018 // GNU Lesser General Public Licence is available at 00019 // http://www.gnu.org/copyleft/lesser.html 00020 //==========< HISTORY >============================= 00021 //================================================== 00022 00023 00024 #ifdef __cplusplus 00025 extern "C" { 00026 #endif 00027 00028 #include <openssl/evp.h> 00029 #include <openssl/objects.h> 00030 #include <openssl/x509.h> 00031 #include <openssl/x509v3.h> 00032 00033 #include <libdigidoc/DigiDocDefs.h> 00034 #include <libdigidoc/DigiDocLib.h> 00035 00036 // structure for reading certificate policies 00037 typedef struct PolicyIdentifier_st { 00038 char* szOID; // stringified OID 00039 char* szCPS; // CPS URL 00040 char* szUserNotice; // user notice 00041 } PolicyIdentifier; 00042 00043 00044 EXP_OPTION int ReadPrivateKey(EVP_PKEY **privKey, const char *keyfile, const char* passwd, int format); 00045 EXP_OPTION int WritePrivateKey(EVP_PKEY *privKey, const char *keyfile, const char* passwd, int format); 00046 EXP_OPTION int ReadPublicKey(EVP_PKEY **pkey, const char *certfile); 00047 EXP_OPTION int GetPublicKey(EVP_PKEY **pubKey, const X509* x509); 00048 00049 //-------------------------------------------------- 00050 // Writes a private key and cert to a PEM file 00051 // privKey - private key 00052 // pCert - certificate 00053 // keyfile - name of the private key file 00054 // passwd - key password (problems with encrypted passwwords!) 00055 //-------------------------------------------------- 00056 EXP_OPTION int ddocWriteKeyAndCertPem(EVP_PKEY *privKey, X509* pCert, 00057 const char *keyfile, const char* passwd); 00058 00059 00060 EXP_OPTION int ReadCertificate(X509 **x509, const char *certfile); 00061 EXP_OPTION int ReadCertSerialNumber(char* szSerial, int nMaxLen, X509 *x509); 00062 EXP_OPTION int ReadCertificateByPKCS12(X509 **x509, const char *pkcs12file, const char *passwd, EVP_PKEY **pkey); 00063 00064 // Decodes binary (DER) cert data and returns a cert object 00065 EXP_OPTION int ddocDecodeX509Data(X509 **ppX509, const byte* certData, int certLen); 00066 00067 // Decodes base64 (PEM) cert data and returns a cert object 00068 EXP_OPTION int ddocDecodeX509PEMData(X509 **ppX509, const char* certData, int certLen); 00069 00070 // get certificate PEM form 00071 EXP_OPTION int getCertPEM(X509* cert, int bHeaders, char** buf); 00072 00073 00074 // retrieves this certificates serial number 00075 EXP_OPTION int GetCertSerialNumber(char* szSerial, int nMaxLen, const char *szCertfile); 00076 // Returns the certificates validity first date 00077 EXP_OPTION int getCertNotBefore(const SignedDoc* pSigDoc, X509* cert, char* timestamp, int len); 00078 00079 // Retrieves the certificates first validity time as tim_t in GMT zone 00080 EXP_OPTION time_t getCertNotBeforeTimeT(X509* pCert); 00081 // Retrieves the certificates last validity time as tim_t in GMT zone 00082 EXP_OPTION time_t getCertNotAfterTimeT(X509* pCert); 00083 00084 // Returns the certificates validity last date 00085 EXP_OPTION int getCertNotAfter(const SignedDoc* pSigDoc, X509* cert, char* timestamp, int len); 00086 // Saves the certificate in a file 00087 EXP_OPTION int saveCert(X509* cert, const char* szFileName, int nFormat); 00088 // decodes PEM cert data 00089 EXP_OPTION void* decodeCert(const char* pemData); 00090 // encodes certificate 00091 EXP_OPTION void encodeCert(const X509* x509, char * encodedCert, int* encodedCertLen); 00092 00093 // Reads certificates PolicyIdentifiers and returns 00094 // them in a newly allocated structure 00095 EXP_OPTION int readCertPolicies(X509* pX509, PolicyIdentifier** pPolicies, int* nPols); 00096 00097 // Frees policy identifiers array 00098 EXP_OPTION void PolicyIdentifiers_free(PolicyIdentifier* pPolicies, int nPols); 00099 00100 // Checks if this is a company CPS policy 00101 EXP_OPTION int isCompanyCPSPolicy(PolicyIdentifier* pPolicy); 00102 00103 EXP_OPTION int isCertValid(X509* cert, time_t tDate); 00104 EXP_OPTION int isCertSignedBy(X509* cert, const char* cafile); 00105 int writeCertToXMLFile(BIO* bout, X509* cert); 00106 00107 //-------------------------------------------------- 00108 // Verifys a certificate by sending an OCSP_REQUEST object 00109 // to the notary server and checking the response. 00110 // Uses servers timestamps hash code as nonce value. 00111 // pCert - certificate to test 00112 // caCerts - responder CA certs chain 00113 // notaryCert - notarys cert search 00114 // proxyHost - proxy servers name 00115 // proxyPort - proxy servers port 00116 // notaryURL - notarys URL 00117 // ppResp - address to return OCSP response. Use NULL if 00118 // you don't want OCSP response to be returned 00119 // return 0 for OK, or error code 00120 //-------------------------------------------------- 00121 EXP_OPTION int verifyCertificateByOCSP(X509* pCert, const X509** caCerts, 00122 const X509* notaryCert, char* notaryURL, 00123 char* proxyHost, char* proxyPort, 00124 const char* pkcs12file, const char* pkcs12paswd, 00125 OCSP_RESPONSE **ppResp); 00126 00127 //-------------------------------------------------- 00128 // Verifys a certificate by sending an OCSP_REQUEST object 00129 // to the notary server and checking the response. 00130 // Uses servers timestamps hash code as nonce value. 00131 // pCert - certificate to test 00132 // caCerts - responder CA certs chain 00133 // notaryCert - notarys cert search 00134 // proxyHost - proxy servers name 00135 // proxyPort - proxy servers port 00136 // notaryURL - notarys URL 00137 // ppResp - address to return OCSP response. Use NULL if 00138 // you don't want OCSP response to be returned 00139 // return 0 for OK, or error code 00140 //-------------------------------------------------- 00141 EXP_OPTION int verifyCertificateByOCSPWithIp(X509* pCert, const X509** caCerts, 00142 const X509* notaryCert, char* notaryURL, 00143 char* proxyHost, char* proxyPort, 00144 const char* pkcs12file, const char* pkcs12paswd, 00145 OCSP_RESPONSE **ppResp, unsigned long ip); 00146 00147 //-------------------------------------------------- 00148 // Returns the certificates sha1 hash. 00149 // pCert - certificate data 00150 // pMemBuf - memory buffer object for storing DN 00151 // returns error code or ERR_OK 00152 //-------------------------------------------------- 00153 int ddocCertGetDigest(X509* pCert, DigiDocMemBuf* pMemBuf); 00154 00155 //-------------------------------------------------- 00156 // Returns the certificates public key sha1 hash. 00157 // pCert - certificate data 00158 // pMemBuf - memory buffer object for storing DN 00159 // returns error code or ERR_OK 00160 //-------------------------------------------------- 00161 int ddocCertGetPubkeyDigest(X509* pCert, DigiDocMemBuf* pMemBuf); 00162 00163 //-------------------------------------------------- 00164 // Returns the certificates issuer name. 00165 // pCert - certificate data 00166 // pMemBuf - memory buffer object for storing DN 00167 // returns error code or ERR_OK 00168 //-------------------------------------------------- 00169 EXP_OPTION int ddocCertGetIssuerDN(X509* pCert, DigiDocMemBuf* pMemBuf); 00170 00171 //-------------------------------------------------- 00172 // Returns the certificates subject name. 00173 // pCert - certificate data 00174 // pMemBuf - memory buffer object for storing DN 00175 // returns error code or ERR_OK 00176 //-------------------------------------------------- 00177 EXP_OPTION int ddocCertGetSubjectDN(X509* pCert, DigiDocMemBuf* pMemBuf); 00178 00179 EXP_OPTION int ddocCertGetDNFromName(X509_NAME* pName, DigiDocMemBuf* pMemBuf); 00180 00181 //-------------------------------------------------- 00182 // Returns the certificates subject CN 00183 // pCert - certificate data 00184 // pMemBuf - memory buffer object for storing result 00185 // returns error code or ERR_OK 00186 //-------------------------------------------------- 00187 EXP_OPTION int ddocCertGetSubjectCN(X509* pCert, DigiDocMemBuf* pMemBuf); 00188 00189 //-------------------------------------------------- 00190 // Returns the certificates issuer CN 00191 // pCert - certificate data 00192 // pMemBuf - memory buffer object for storing result 00193 // returns error code or ERR_OK 00194 //-------------------------------------------------- 00195 EXP_OPTION int ddocCertGetIssuerCN(X509* pCert, DigiDocMemBuf* pMemBuf); 00196 00197 //-------------------------------------------------- 00198 // Returns the certificates subject first name 00199 // pCert - certificate data 00200 // pMemBuf - memory buffer object for storing result 00201 // returns error code or ERR_OK 00202 //-------------------------------------------------- 00203 EXP_OPTION int ddocCertGetSubjectFirstName(X509* pCert, DigiDocMemBuf* pMemBuf); 00204 00205 //-------------------------------------------------- 00206 // Returns the certificates subject last name 00207 // pCert - certificate data 00208 // pMemBuf - memory buffer object for storing result 00209 // returns error code or ERR_OK 00210 //-------------------------------------------------- 00211 EXP_OPTION int ddocCertGetSubjectLastName(X509* pCert, DigiDocMemBuf* pMemBuf); 00212 00213 //-------------------------------------------------- 00214 // Returns the certificates subject personal code 00215 // pCert - certificate data 00216 // pMemBuf - memory buffer object for storing result 00217 // returns error code or ERR_OK 00218 //-------------------------------------------------- 00219 EXP_OPTION int ddocCertGetSubjectPerCode(X509* pCert, DigiDocMemBuf* pMemBuf); 00220 00221 //-------------------------------------------------- 00222 // Returns the certificates subject country code 00223 // pCert - certificate data 00224 // pMemBuf - memory buffer object for storing result 00225 // returns error code or ERR_OK 00226 //-------------------------------------------------- 00227 EXP_OPTION int ddocCertGetSubjectCountryName(X509* pCert, DigiDocMemBuf* pMemBuf); 00228 00229 //-------------------------------------------------- 00230 // Returns the certificates subject organization 00231 // pCert - certificate data 00232 // pMemBuf - memory buffer object for storing result 00233 // returns error code or ERR_OK 00234 //-------------------------------------------------- 00235 EXP_OPTION int ddocCertGetSubjectOrganization(X509* pCert, DigiDocMemBuf* pMemBuf); 00236 00237 //-------------------------------------------------- 00238 // Returns the certificates subject organization unit 00239 // pCert - certificate data 00240 // pMemBuf - memory buffer object for storing result 00241 // returns error code or ERR_OK 00242 //-------------------------------------------------- 00243 EXP_OPTION int ddocCertGetSubjectOrganizationUnit(X509* pCert, DigiDocMemBuf* pMemBuf); 00244 00245 00246 //================< deprecated functions> ================================= 00247 // these functions are deprecated. Use the replacements in DigiDocCert.h 00248 // these functions will be removed in future releases! 00249 #ifdef WITH_DEPRECATED_FUNCTIONS 00250 00251 // decodes cert data - deprecated! 00252 // USE ddocDecodeX509PEMData() instead! 00253 EXP_OPTION int decodeCertificateData(X509 **newX509, const byte* certData, int certLen); 00254 00255 // Returns the certificates issuer name 00256 // USE: ddocCertGetIssuerDN() 00257 EXP_OPTION int getCertIssuerName(X509* cert, char* buf, int* buflen); 00258 00259 // Returns the certificates subject name 00260 // USE: ddocCertGetSubjectDN() 00261 EXP_OPTION int getCertSubjectName(X509* cert, char* buf, int* buflen); 00262 00263 00264 // reads cert issuers CN 00265 // USE: ddocCertGetIssuerCN() 00266 EXP_OPTION int getCertIssuerCN(X509* cert, char* buf, int* buflen, int bUTF8); 00267 00268 // Returns the certificates subjects DN 00269 // USE: ddocCertGetSubjectDN() 00270 EXP_OPTION int getCertSubjectDN(X509* cert, char* buf, int* buflen, int bUTF8); 00271 00272 // reads cert subjects CN 00273 // USE: ddocCertGetSubjectCN() 00274 EXP_OPTION int getCertSubjectCN(X509* cert, char* buf, int* buflen, int bUTF8); 00275 00276 // get certificate owners id-code 00277 // USE: ddocCertGetSubjectPerCode() 00278 EXP_OPTION int getCertOwnerCode(const X509* pCert, char* buf, int len); 00279 00280 #endif // WITH_DEPRECATED_FUNCTIONS 00281 00282 #ifdef __cplusplus 00283 } 00284 #endif 00285 00286 00287 #endif // __DIGI_DOC_CERT_H__ 00288
