summaryrefslogtreecommitdiff
path: root/includes/gnutls/x509.h
blob: dfc4fd775f0fc0ad658cda2781bfa9b1547c68a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
/*
 *  Copyright (C) 2003 Nikos Mavroyanopoulos
 *
 *  This file is part of GNUTLS.
 *
 *  The GNUTLS library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public   
 *  License as published by the Free Software Foundation; either 
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of 
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
 *
 */

/* This file contains the types and prototypes for the X.509
 * certificate and CRL parsing functions.
 */

#ifndef GNUTLS_X509_H
# define GNUTLS_X509_H

#ifdef __cplusplus
extern "C" {
#endif

#include <gnutls/gnutls.h>

/* Some OIDs usually found in Distinguished names
 */
#define GNUTLS_OID_X520_COUNTRY_NAME		"2 5 4 6"
#define GNUTLS_OID_X520_ORGANIZATION_NAME 	"2 5 4 10"
#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2 5 4 11"
#define GNUTLS_OID_X520_COMMON_NAME 		"2 5 4 3"
#define GNUTLS_OID_X520_LOCALITY_NAME 		"2 5 4 7"
#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME 	"2 5 4 8"
#define GNUTLS_OID_LDAP_DC			"0 9 2342 19200300 100 1 25"
#define GNUTLS_OID_LDAP_UID			"0 9 2342 19200300 100 1 1"
#define GNUTLS_OID_PKCS9_EMAIL 			"1 2 840 113549 1 9 1"

/* Certificate handling functions */
                      
struct gnutls_x509_certificate_int;
typedef struct gnutls_x509_certificate_int* gnutls_x509_certificate;

int gnutls_x509_certificate_init(gnutls_x509_certificate * cert);
void gnutls_x509_certificate_deinit(gnutls_x509_certificate cert);
int gnutls_x509_certificate_import(gnutls_x509_certificate cert, const gnutls_datum * data,
	gnutls_x509_certificate_format format);
int gnutls_x509_certificate_get_issuer_dn(gnutls_x509_certificate cert, char *buf,
	 int *sizeof_buf);
int gnutls_x509_certificate_get_issuer_dn_by_oid(gnutls_x509_certificate cert, 
	const char* oid, char *buf, int *sizeof_buf);
int gnutls_x509_certificate_get_dn(gnutls_x509_certificate cert, char *buf,
	 int *sizeof_buf);
int gnutls_x509_certificate_get_dn_by_oid(gnutls_x509_certificate cert, 
	const char* oid, char *buf, int *sizeof_buf);

int gnutls_x509_certificate_get_signed_data(gnutls_x509_certificate cert, gnutls_datum *data);
int gnutls_x509_certificate_get_signature(gnutls_x509_certificate cert, gnutls_datum *data);
int gnutls_x509_certificate_get_signature_algorithm(gnutls_x509_certificate cert);
int gnutls_x509_certificate_get_version(gnutls_x509_certificate cert);

time_t gnutls_x509_certificate_get_activation_time(gnutls_x509_certificate cert);
time_t gnutls_x509_certificate_get_expiration_time(gnutls_x509_certificate cert);
int gnutls_x509_certificate_get_serial(gnutls_x509_certificate cert, char* result, int* result_size);

int gnutls_x509_certificate_get_pk_algorithm( gnutls_x509_certificate cert, int* bits);
int gnutls_x509_certificate_get_subject_alt_name(gnutls_x509_certificate cert, 
	int seq, char *ret, int *ret_size, int* critical);
int gnutls_x509_certificate_get_ca_status(gnutls_x509_certificate cert, int* critical);

int gnutls_x509_certificate_get_key_usage( gnutls_x509_certificate cert, unsigned int* key_usage,
	int* critical);

/* key_usage will be an OR of the following values:
 */
#define GNUTLS_KEY_DIGITAL_SIGNATURE 		256
#define GNUTLS_KEY_NON_REPUDIATION		128
#define GNUTLS_KEY_GNUTLS_KEY_ENCIPHERMENT	64
#define GNUTLS_KEY_DATA_ENCIPHERMENT		32
#define GNUTLS_KEY_GNUTLS_KEY_AGREEMENT		16
#define GNUTLS_KEY_GNUTLS_KEY_CERT_SIGN		8
#define GNUTLS_KEY_CRL_SIGN			4
#define GNUTLS_KEY_ENCIPHER_ONLY		2
#define GNUTLS_KEY_DECIPHER_ONLY		1

int gnutls_x509_certificate_get_extension_by_oid(gnutls_x509_certificate cert, const char* oid,
	unsigned char* buf, int * sizeof_buf, int * critical);

int gnutls_x509_certificate_to_xml(gnutls_x509_certificate cert, gnutls_datum* res, int detail);

/* RDN handling */
int gnutls_x509_rdn_get(const gnutls_datum * idn,
				  char *buf, unsigned int *sizeof_buf);

int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char* oid,
				  char *buf, unsigned int *sizeof_buf);


/* CRL handling functions */

struct gnutls_x509_crl_int;
typedef struct gnutls_x509_crl_int* gnutls_x509_crl;

int gnutls_x509_crl_init(gnutls_x509_crl * crl);
void gnutls_x509_crl_deinit(gnutls_x509_crl crl);

int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, 
	gnutls_x509_certificate_format format);

int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl crl, 
	char *buf, int *sizeof_buf);
int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl crl, const char* oid, 
	char *buf, int *sizeof_buf);


int gnutls_x509_crl_get_signed_data(gnutls_x509_crl crl, gnutls_datum *data);

int gnutls_x509_crl_get_signature(gnutls_x509_crl crl, gnutls_datum *data);
int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl crl);
int gnutls_x509_crl_get_version(gnutls_x509_crl crl);

time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl);
time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl crl);

int gnutls_x509_crl_get_certificate_count(gnutls_x509_crl crl);
int gnutls_x509_crl_get_certificate(gnutls_x509_crl crl, int index, unsigned char* serial,
        int* serial_size, time_t* time);


/* PKCS7 structures handling 
 */

struct gnutls_pkcs7_int;
typedef struct gnutls_pkcs7_int* gnutls_pkcs7;


int gnutls_pkcs7_init(gnutls_pkcs7 * pkcs7);

void gnutls_pkcs7_deinit(gnutls_pkcs7 pkcs7);

int gnutls_pkcs7_get_certificate_count( gnutls_pkcs7 pkcs7);

int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data,
	gnutls_x509_certificate_format format);

int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, int indx, 
	char* certificate, int* certificate_size);


#ifdef __cplusplus
}
#endif
#endif /* GNUTLS_X509_H */