1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
* GNUTLS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUTLS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <gnutls_int.h>
#include <auth_srp.h>
#include <auth_anon.h>
#include <auth_x509.h>
#include <gnutls_errors.h>
/* SRP */
/**
* gnutls_srp_server_get_username - This function returns the username of the peer
* @info: is a SRP_SERVER_AUTH_INFO structure
*
* This function will return the username of the peer. This should only be
* called in case of SRP authentication and in case of a server.
*
**/
const char* gnutls_srp_server_get_username( SRP_SERVER_AUTH_INFO info) {
if (info==NULL) return NULL;
return info->username;
}
/* ANON */
/**
* gnutls_anon_server_get_dh_bits - This function returns the bits used in DH authentication
* @info: is an ANON_SERVER_AUTH_INFO structure
*
* This function will return the bits used in the Diffie Hellman authentication
* with the peer. This should only be called in case of a server.
*
**/
int gnutls_anon_server_get_dh_bits( ANON_SERVER_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->dh_bits;
}
/**
* gnutls_anon_client_get_dh_bits - This function returns the bits used in DH authentication
* @info: is an ANON_CLIENT_AUTH_INFO structure
*
* This function will return the bits used in the Diffie Hellman authentication
* with the peer. This should only be called in case of a client.
*
**/
int gnutls_anon_client_get_dh_bits( ANON_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->dh_bits;
}
/* X509PKI */
/**
* gnutls_x509pki_get_peer_dn - This function returns the peer's distinguished name
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the name of the peer. The name is gnutls_DN structure and
* is a obtained by the peer's certificate. If the certificate send by the
* peer is invalid, or in any other failure this function returns NULL.
*
**/
const gnutls_DN* gnutls_x509pki_get_peer_dn( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return NULL;
return &info->peer_dn;
}
/**
* gnutls_x509pki_get_issuer_dn - This function returns the peer's certificate issuer distinguished name
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the name of the peer's certificate issuer. The name is gnutls_DN structure and
* is a obtained by the peer's certificate. If the certificate send by the
* peer is invalid, or in any other failure this function returns NULL.
*
**/
const gnutls_DN* gnutls_x509pki_get_issuer_dn( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return NULL;
return &info->issuer_dn;
}
/**
* gnutls_x509pki_get_peer_certificate_status - This function returns the peer's certificate status
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the peer's certificate status (TRUSTED, EXPIRED etc.). This is the output
* of the certificate verification function. However you must also check the peer's name in order
* to check if the verified certificate belongs to the actual peer.
*
**/
CertificateStatus gnutls_x509pki_get_peer_certificate_status( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->peer_certificate_status;
}
/**
* gnutls_x509pki_get_peer_certificate_version - This function returns the peer's certificate version
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the peer's certificate version (1, 2, 3). This is obtained by the X509 Certificate
* Version field. If the certificate is invalid then version will be zero.
*
**/
int gnutls_x509pki_get_peer_certificate_version( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->peer_certificate_version;
}
/**
* gnutls_x509pki_get_peer_certificate_activation_time - This function returns the peer's certificate activation time
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the peer's certificate activation time in UNIX time (ie seconds since
* 00:00:00 UTC January 1, 1970).
*
**/
time_t gnutls_x509pki_get_peer_certificate_activation_time( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->peer_certificate_activation_time;
}
/**
* gnutls_x509pki_get_peer_certificate_expiration_time - This function returns the peer's certificate expiration time
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the peer's certificate expiration time in UNIX time (ie seconds since
* 00:00:00 UTC January 1, 1970).
*
**/
time_t gnutls_x509pki_get_peer_certificate_expiration_time( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->peer_certificate_expiration_time;
}
/**
* gnutls_x509pki_get_key_usage - This function returns the peer's certificate key usage
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the peer's certificate key usage. This is specified in X509v3 Certificate
* Extensions and is an 8bit string.
*
**/
unsigned char gnutls_x509pki_get_key_usage( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->keyUsage;
}
/**
* gnutls_x509pki_get_certificate_request_status - This function returns the certificate request status
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return 0 if the peer (server) did not requested client
* authentication or 1 otherwise.
*
**/
unsigned char gnutls_x509pki_get_certificate_request_status( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
return info->certificate_requested;
}
/**
* gnutls_x509pki_get_subject_alt_name - This function returns the peer's alternative name
* @info: is an X509PKI_CLIENT_AUTH_INFO structure
*
* This function will return the peer's alternative namee. This is specified in X509v3 Certificate
* Extensions. GNUTLS will only return the dnsName of the Alternative name, or a null string.
*
**/
const char* gnutls_x509pki_get_subject_alt_name( X509PKI_CLIENT_AUTH_INFO info) {
if (info==NULL) return NULL;
return info->subjectAltName;
}
|