|
Eneboo - Documentación para desarrolladores
|
src/libdigidoc/DigiDocOCSP.h
Ir a la documentación de este archivo.
00001 #ifndef __DIGIDOC_OCSP_H__ 00002 #define __DIGIDOC_OCSP_H__ 00003 //================================================== 00004 // FILE: DigiDocOCSP.h 00005 // PROJECT: Digi Doc 00006 // DESCRIPTION: DigiDoc OCSP handling routines 00007 // AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia 00008 //================================================== 00009 // Copyright (C) AS Sertifitseerimiskeskus 00010 // This library is free software; you can redistribute it and/or 00011 // modify it under the terms of the GNU Lesser General Public 00012 // License as published by the Free Software Foundation; either 00013 // version 2.1 of the License, or (at your option) any later version. 00014 // This library is distributed in the hope that it will be useful, 00015 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00016 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00017 // Lesser General Public License for more details. 00018 // GNU Lesser General Public Licence is available at 00019 // http://www.gnu.org/copyleft/lesser.html 00020 //==========< HISTORY >============================= 00021 // 26.04.2006 Veiko Sinivee 00022 // Creation 00023 //================================================== 00024 00025 #include <libdigidoc/DigiDocDefs.h> 00026 #include <libdigidoc/DigiDocObj.h> 00027 #include <libdigidoc/DigiDocMem.h> 00028 00029 #include <openssl/ocsp.h> 00030 00031 //==========< XML generation routines >======================== 00032 00033 #ifdef __cplusplus 00034 extern "C" { 00035 #endif 00036 00037 //-------------------------------------------------- 00038 // sends an OCSP_REQUES object to remore server and 00039 // retrieves the OCSP_RESPONSE object 00040 // resp - buffer to store the new responses pointer 00041 // req - request objects pointer 00042 // url - OCSP responder URL 00043 // ip_addr - senders ip address if known or 0 00044 //-------------------------------------------------- 00045 int sendOCSPRequest(OCSP_RESPONSE** resp, OCSP_REQUEST *req, 00046 char* url, char* proxyHost, char* proxyPort, 00047 unsigned long ip_addr); 00048 00049 // Decodes binary (DER) OCSP_RESPONSE data and returns a OCSP_RESPONSE object 00050 EXP_OPTION int ddocDecodeOCSPResponseData(OCSP_RESPONSE **ppResp, const byte* data, int len); 00051 00052 // Decodes base64 (PEM) OCSP_RESPONSE data and returns a OCSP_RESPONSE object 00053 EXP_OPTION int ddocDecodeOCSPResponsePEMData(OCSP_RESPONSE **ppResp, const byte* data, int len); 00054 00055 EXP_OPTION int writeOCSPRequest(SignedDoc* pSigDoc, const char* signerCertFile, 00056 const char* issuertCertFile, 00057 byte* nonce, int nlen, const char* szOutputFile); 00058 00059 // Creates and sends an OCSP_REQUEST object 00060 // to the notary server, receives the response 00061 // and uses it to create a confirmation object. 00062 EXP_OPTION int getConfirmation(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, 00063 const X509** caCerts, const X509* pNotCert, 00064 char* pkcs12FileName, char* pkcs12Password, 00065 char* notaryURL, char* proxyHost, char* proxyPort); 00066 00067 // another way to get OCSP confirmation by sending also callers ip address 00068 EXP_OPTION int getConfirmationWithIp(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, 00069 const X509** caCerts, const X509* pNotCert, 00070 char* pkcs12FileName, char* pkcs12Password, 00071 char* notaryURL, char* proxyHost, char* proxyPort, 00072 unsigned long ip); 00073 00074 // use this if you passed NULL-s to getConfirmation() param notaryCert 00075 EXP_OPTION int finalizeAndVerifyNotary(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, 00076 NotaryInfo* pNotInf, 00077 const X509** caCerts, const X509* pNotCert); 00078 00079 int ReadOCSPResponse(OCSP_RESPONSE **newOCSP_RESPONSE, const char* szFileName); 00080 int initializeNotaryInfoWithOCSP(SignedDoc *pSigDoc, NotaryInfo *pNotary, 00081 OCSP_RESPONSE *resp, X509 *notCert, int initDigest); 00082 00083 //-------------------------------------------------- 00084 // Verfies OCSP_RESPONSE signature 00085 // pResp - signed OCSP response 00086 // caCerts - CA certificate pointer array terminated with NULL 00087 // CApath - path to (directory) all certs 00088 // notCertFile - Notary (e.g. OCSP responder) cert file 00089 //-------------------------------------------------- 00090 int verifyOCSPResponse(OCSP_RESPONSE* pResp, 00091 const X509** caCerts, const char *CApath, 00092 const X509* notCert); 00093 00094 //-------------------------------------------------- 00095 // Helper function to read OCSP_RESPONSE from binary input data 00096 // ppResp - address of newly allocated OCSP_RESPONSE object 00097 // pMBufInData - input data 00098 // returns error code or ERR_OK 00099 //-------------------------------------------------- 00100 int ddocOcspReadOcspResp(OCSP_RESPONSE** ppResp, DigiDocMemBuf* pMBufInData); 00101 00102 //-------------------------------------------------- 00103 // Helper function to write OCSP_RESPONSE to binary output data 00104 // pResp - address of OCSP_RESPONSE object 00105 // pMBufOutData - output data 00106 // returns error code or ERR_OK 00107 //-------------------------------------------------- 00108 int ddocOcspWriteOcspResp(OCSP_RESPONSE* pResp, DigiDocMemBuf* pMBufOutData); 00109 00110 // get OCSP in PEM form 00111 EXP_OPTION int getOcspPEM(OCSP_RESPONSE* pResp, int bHeaders, char** buf); 00112 00113 //-------------------------------------------------- 00114 // Helper function to return OCSP_RESPONSE in base64 form. 00115 // Memory buffer will be resized as necessary. 00116 // Caller must release output buffer. 00117 // pNotary - Notary object 00118 // bHeaders - 1= with headers, 0=no headers 00119 // pMBufOutData - output data 00120 // returns error code or ERR_OK 00121 //-------------------------------------------------- 00122 EXP_OPTION int ddocGetOcspBase64(NotaryInfo *pNotary, int bHeaders, DigiDocMemBuf* pMBufOutData); 00123 00124 #ifdef __cplusplus 00125 } 00126 #endif 00127 00128 #endif // __DIGIDOC_OCSP_H__ 00129 00130
