cst.h

Go to the documentation of this file.
00001 /* Certificate Management library
00002  * 
00003  * Copyright (C) 2005 Nokia. All rights reserved.
00004  * Author: Ed Bartosh <Eduard.Bartosh@nokia.com>
00005  *
00006  * This library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public
00008  * License version 2.1 as published by the Free Software Foundation
00009  *
00010  * This library is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Lesser General Public License for more details.
00014  *
00015  * You should have received a copy of the GNU Lesser General Public
00016  * License along with this library; if not, write to the
00017  * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
00018  * Boston, MA 02111-1307, USA.
00019  */
00020 
00036 #ifndef CST_H_
00037 #define CST_H_
00038 
00039 
00040 #include <openssl/x509.h>
00041 #include <openssl/evp.h>
00042 #include <stdio.h>
00043 #include <time.h>
00044 #include <glib.h>
00045 #include <db/db.h>
00046 
00047 #ifdef __cplusplus
00048 extern "C" {
00049 #endif
00050 
00051 
00054 #define CST_ERROR_OK                    0 
00055 #define CST_ERROR_NOT_FOUND             1
00056 #define CST_ERROR_STRUCTURE_CORRUPT     2
00057 #define CST_ERROR_CREATE_FILE           3
00058 #define CST_ERROR_CERT_EXIST            4
00059 #define CST_ERROR_CRL_EXIST             6
00060 #define CST_ERROR_STORAGE_IS_READONLY   7
00061 #define CST_ERROR_KEY_NOTFOUND          8
00062 #define CST_ERROR_CERT_NOTFOUND         9
00063 #define CST_ERROR_NOT_IMPLEMENTED      10
00064 #define CST_ERROR_NOT_INIT             11
00065 #define CST_ERROR_UNDEF                12
00066 #define CST_ERROR_PARAM_INCORRECT      13
00067 #define CST_ERROR_NOT_OPEN             14
00068 #define CST_ERROR_ASSIGN_INCORRECT     15
00069 #define CST_ERROR_CRL_NOT_VALID        16
00070 #define CST_ERROR_CHAIN_INCOMPLETE     17
00071 #define CST_ERROR_CAPABILITY_NOTFOUND  18    
00072 #define CST_ERROR_INCORRECT_PURPOSE    19
00073 
00074 #define CST_ERROR_IO                   20
00075 #define CST_ERROR_NOSPC                21
00076 #define CST_ERROR_DBSTRUCTURE_CORRUPT  22
00077 
00078 #define CST_ERROR_LOCK                 23
00079 
00080 #define CST_ERROR_PASSWORD_WRONG       24    
00081 #define CST_ERROR_BAD_INTERNAL_FORMAT  25
00082 #define CST_ERROR_EXPORT               CST_ERROR_UNDEF    
00083 #define CST_ERROR_UNDEF_FILE_ERROR     CST_ERROR_UNDEF
00084 #define CST_ERROR_CANCEL               30
00085     
00088 #if 1    
00089     #define CST_DEBUG_LOCK    
00090 #endif
00091     
00092 /* Structures */
00093 
00099 typedef guint cst_t_seqnum;         
00100 
00106 typedef guint64 cst_t_mcount;
00107 
00109     typedef struct CST_st {
00110         int readonly;               
00111         char *filename;             
00112         unsigned char *password;    
00113         int stub;                   
00119         GTree *certs;         
00120 
00125         GTree *keys;
00126 
00127         /* @brief CRL list */
00128         /* GTree *crls; */
00129 
00131         GSList *simple_crls;
00132 
00133         /* Index structures */
00134         GTree *idx_cert_name;   
00135         GTree *idx_cert_dns;    
00136         GTree *idx_cert_email;  
00137         GHashTable *idx_cert_serial; 
00138         GHashTable *idx_cert_fingerprint; 
00140         /* New indexes by integer uid */
00141         GHashTable *idx_cert_uid; 
00142         GHashTable *idx_key_uid;  
00144         DB * db; 
00146         cst_t_mcount modification_count; 
00149         GStaticRWLock rwlock; 
00150     } CST;
00151 
00157     typedef guint8 cst_t_cert_folder;  
00158     
00162 #define CST_FOLDER_CA       1  
00163 
00164 #define CST_FOLDER_PERSONAL 2  
00165 
00166 #define CST_FOLDER_OTHER    3    
00167 
00168 #define CST_FOLDER_SITE     4  
00169 
00170 #define CST_FOLDER_UNKNOWN  0  
00171 
00178     typedef guint32 cst_t_cert_purpose;
00181 #define CST_PURPOSE_NONE        0x0000 
00182 #define CST_PURPOSE_CA          0x0001 
00183 #define CST_PURPOSE_SMIME_SGN   0x0002
00184 #define CST_PURPOSE_SMIME_ENC   0x0004
00185 #define CST_PURPOSE_SSL_SERVER  0x0008
00186 #define CST_PURPOSE_SSL_CLIENT  0x0010
00187 #define CST_PURPOSE_SSL_WLAN    0x0020    
00188 #define CST_PURPOSE_CRL_SIGN    0x0040
00189 #define CST_PURPOSE_ALL         0xFFFFFFFF
00190 
00196 #define CST_STATE_VALID         0x0001
00197 #define CST_STATE_NOTVALID      0x0002
00198 #define CST_STATE_EXPIRED       0x0004
00199 #define CST_STATE_REVOKED       0x0008
00200 
00204 #define CST_STACK_OF_X509 STACK_OF(X509)
00205 #define CST_STACK_OF_CRL STACK_OF(X509_CRL)    
00206 #define CST_STACK_OF_ASN1_OBJECT STACK_OF(ASN1_OBJECT)    
00207 
00209 /* Storage config and etc. functions */
00210 
00237     extern CST *CST_open(const int readonly, unsigned char *password);
00238 
00253     extern CST *CST_open_file(const char *filename, const int readonly,
00254                               unsigned char *password);
00255 
00270     extern int CST_create_file(const char *filename, unsigned char *password);
00271 
00285     extern int CST_save(CST * st);
00286 
00287 
00296     extern void CST_free(CST * st);
00297 
00298 
00305     extern int CST_last_error();
00306 
00307 
00308 /* Import/export/backup */
00309 
00321     extern int CST_backup(CST * st, const char *filename, unsigned char *password);
00322 
00323 
00324 /* Certificate */
00325 
00326     typedef int (*cst_pkcs12_confirm_cb) (X509 * xcert,
00327                             cst_t_cert_folder * folder,
00328                             cst_t_cert_purpose * purpose,
00329                             unsigned char ** out_password,
00330                             int is_pair, 
00331                             int *cancel,
00332                             void *data);
00333     
00334     typedef int (*cst_pkcs12_error_cb) (X509 * xcert, int error, void *data);
00335     
00372     extern void CST_import_PKCS12(CST * st, 
00373             FILE * file, 
00374             cst_pkcs12_confirm_cb confirm_cb,
00375             cst_pkcs12_error_cb error_cb,
00376             unsigned char *password,
00377             void * user_data,
00378             GError **error);   
00379     
00399     extern int CST_import_cert(CST * st, FILE * file, unsigned char *password);
00400     
00411     extern int CST_import_cert_DER(CST * st, FILE * file);
00412 
00427     extern int CST_import_cert_f(CST * st, FILE * file, unsigned char *password, const cst_t_cert_folder folder);
00428     
00442     extern int CST_import_cert_f_DER(CST * st, FILE * file, const cst_t_cert_folder folder);
00443    
00458     extern cst_t_seqnum CST_import_cert_adv(CST * st, FILE * file, 
00459                                      const cst_t_cert_folder folder, 
00460                                      GError **error);
00461     
00476     extern cst_t_seqnum CST_import_cert_adv_DER(CST * st, FILE * file, 
00477                                          const cst_t_cert_folder folder, 
00478                                          GError **error);
00479     
00491     extern int CST_export_all(CST * st, FILE * file,
00492                               const cst_t_cert_folder folder);
00504     extern int CST_export_all_DER(CST * st, FILE * file,
00505                               const cst_t_cert_folder folder);
00506     
00518     extern int CST_export_cert(CST * st, X509 * cert, FILE * file);
00519     
00531     extern int CST_export_cert_DER(CST * st, X509 * cert, FILE * file);   
00532     
00544     extern int CST_export_cert_by_id(CST * st, const cst_t_seqnum certID, FILE * file);
00545 
00557     extern int CST_export_cert_by_id_DER(CST * st, const cst_t_seqnum certID, FILE * file);
00558     
00569     extern int CST_delete_cert(CST * st, const cst_t_seqnum certID);
00570 
00582     extern int CST_append_X509(CST * st, X509 * cert);
00583    
00606     extern GSList * CST_append_sk_X509(CST * st, CST_STACK_OF_X509 * list);
00607 
00618     extern int CST_import_CRL(CST * st, FILE * file);
00619     
00630     extern int CST_import_CRL_DER(CST * st, FILE * file);
00631 
00639     extern GSList * CST_get_all_crl(CST * st);
00640 
00651     extern int CST_delete_crl(CST * st, const cst_t_seqnum crlID);
00652 
00661     extern X509_CRL * CST_get_CRL(CST * st, const cst_t_seqnum crlID);
00662     
00663 
00664 
00665 /* Private key */
00666 
00681     extern int CST_import_priv_key(CST * st, X509_NAME * account,
00682                                    FILE * file, unsigned char *inpass,
00683                                    unsigned char *outpass);
00697     extern int CST_import_priv_key_DER(CST * st, X509_NAME * account,
00698                                    FILE * file, unsigned char *outpass);
00699 
00715     extern cst_t_seqnum CST_import_priv_key_adv(CST * st, X509_NAME * account,
00716                                    FILE * file, unsigned char *inpass,
00717                                    unsigned char *outpass,
00718                                    GError **error);
00733     extern cst_t_seqnum CST_import_priv_key_adv_DER(CST * st, X509_NAME * account,
00734                                    FILE * file, unsigned char *outpass, 
00735                                    GError **error);   
00748     extern int CST_export_priv_key(CST * st, EVP_PKEY * key, FILE * file,
00749                                    unsigned char *password);
00750     
00763     extern int CST_export_priv_key_DER(CST * st, EVP_PKEY * key, FILE * file,
00764                                    unsigned char *password);
00765     
00779     extern int CST_append_priv_key(CST * st, X509_NAME * account,
00780                                    EVP_PKEY * key, unsigned char *password);
00781 
00782 
00783 /* Public key */
00784 
00797     extern int CST_import_pub_key(CST * st, X509_NAME * account,
00798                                   FILE * file);
00811     extern int CST_import_pub_key_DER(CST * st, X509_NAME * account,
00812                                   FILE * file);
00813 
00827     extern cst_t_seqnum CST_import_pub_key_adv(CST * st, X509_NAME * account,
00828                                   FILE * file, GError **error);
00842     extern cst_t_seqnum CST_import_pub_key_adv_DER(CST * st, X509_NAME * account,
00843                                   FILE * file, GError **error);   
00855     extern int CST_export_all_pub_key(CST * st, X509_NAME * account,
00856                                       FILE * file);
00857     
00869     extern int CST_export_all_pub_key_DER(CST * st, X509_NAME * account,
00870                                       FILE * file);
00871 
00883     extern int CST_export_pub_key(CST * st, EVP_PKEY * key, FILE * file);
00884     
00896     extern int CST_export_pub_key_DER(CST * st, EVP_PKEY * key, FILE * file);
00897     
00910     extern int CST_append_pub_key(CST * st, X509_NAME * account,
00911                                   EVP_PKEY * key);
00912 
00921     extern X509_NAME * CST_get_key_account(CST * st, cst_t_seqnum keyID);
00922     
00923 /* Delete */
00924 
00935     extern int CST_delete_all_pub_key(CST * st, X509_NAME * account);
00936 
00947     extern int CST_delete_all_priv_key(CST * st, X509_NAME * account);
00948 
00959     extern int CST_delete_pub_key(CST * st, 
00960                                  const cst_t_seqnum keyID);
00961 
00972     extern int CST_delete_priv_key(CST * st, 
00973                                    const cst_t_seqnum keyID);
00974 
00975 /* Search */
00976 
00989     extern GSList * CST_search_by_subj_name(CST * st,
00990                                             X509_NAME *
00991                                             subject_name);
00992 
01005     extern GSList * CST_search_by_email(CST * st,
01006                                         const char *email);
01007 
01021     extern GSList * CST_search_by_domain_name(CST * st,
01022                                               const char
01023                                               *domain_name);
01024 
01037     extern GSList * CST_search_by_serial(CST * st, const char *serial);   
01038 
01051     extern GSList * CST_search_by_fingerprint(CST * st, const char *fingerprint);
01052     
01062     extern cst_t_seqnum CST_search_issuer(CST * st, X509 * cert);    
01063     
01074     extern CST_STACK_OF_X509 * CST_get_chain(CST * st, X509 * cert);
01075 
01086     extern GSList * CST_get_chain_id_by_id(CST * st, const cst_t_seqnum certID);
01087 
01098     extern GSList * CST_get_chain_id(CST * st, X509 * x);
01099     
01113     extern GSList * CST_search_by_folder_and_purpose(CST * st,
01114                                           const cst_t_cert_folder folder,
01115                                           const cst_t_cert_purpose purpose);
01128     extern GSList * CST_search_by_folder(CST * st,
01129                                          const cst_t_cert_folder
01130                                          folder);
01131 
01144     extern GSList * CST_priv_key_search_by_name(CST * st,
01145                                X509_NAME * account);
01146     
01159     extern GSList * CST_pub_key_search_by_name(CST * st,
01160                                                X509_NAME * account);
01161    
01174     extern GSList * CST_all_expired(CST * st);
01175 
01186     extern GSList * CST_all_revoked(CST * st);
01187 
01199     extern GSList * CST_search_by_purpose(CST * st,
01200                                           const cst_t_cert_purpose
01201                                           purpose);
01202 
01203 
01204 /* Cert */
01205 
01206 
01211     extern X509_NAME *CST_get_issued_by_dn(X509 * cert);
01212 
01217     extern X509_NAME *CST_get_subject_dn(X509 * cert);
01218 
01223     extern time_t CST_get_valid_from(X509 * cert);
01224 
01229     extern time_t CST_get_valid_to(X509 * cert);
01230 
01235     extern int CST_is_expired(X509 * cert);
01236     
01241     extern ASN1_INTEGER *CST_get_serial_number(X509 * cert);
01242     
01247     extern char *CST_get_serial_number_t(X509 * cert);
01248 
01253     extern char *CST_get_fingerprint(X509 * cert);
01254     
01259     extern char *CST_get_fingerprint_MD5(X509 * cert);
01260     
01265     extern char *CST_get_fingerprint_SHA1(X509 * cert);
01266 
01271     extern char *CST_get_email(X509 * cert);
01272     
01277     extern char *CST_get_domain_name(X509 * cert);   
01278 
01283     extern char *CST_get_public_key_alg(X509 * cert);
01284     
01294     extern int CST_check_purpose_x(X509 * x, const cst_t_cert_purpose purposes);
01295     
01306     extern int CST_check_purpose(CST * st, const cst_t_seqnum certID, 
01307                                  const cst_t_cert_purpose purpose);
01308     
01316     extern int CST_is_root(X509 * cert);
01317   
01326     extern int CST_is_root_id(CST * st, const cst_t_seqnum certID);
01327 
01335     extern int CST_is_CA(X509 * cert);    
01336     
01341     extern char *CST_EVP_PKEY_to_text(EVP_PKEY * key);    
01342     
01347     extern int CST_is_revoked(CST * st, X509 * cert);
01348 
01354     extern int CST_is_network(CST * st, X509 * cert);
01355 
01361     extern char *CST_get_network_URL(CST * st, X509 * cert);
01362 
01363     
01375     extern int CST_set_default(CST * st, const cst_t_seqnum certID); 
01376     
01385     extern X509 *CST_default_cert(CST * st, const char *email);
01386 
01395     extern cst_t_seqnum CST_default_cert_id(CST * st, const char *email);
01396     
01405     extern int CST_is_default(CST * st, const cst_t_seqnum certID);
01406 
01416     extern cst_t_seqnum CST_search_by_UID(CST * st, X509_NAME * issuer,
01417                                    ASN1_INTEGER * serial);
01418 
01428     extern cst_t_seqnum CST_search_by_X509(CST * st, X509 * xcert);
01429     
01442     extern int CST_assign(CST * st, 
01443                           const cst_t_seqnum certID, 
01444                           const cst_t_seqnum keyID, 
01445                           unsigned char *password);
01446 
01457     extern EVP_PKEY *CST_get_priv_key_by_UID(CST * st,
01458                                              X509_NAME * issuer,
01459                                              ASN1_INTEGER * serial,
01460                                              unsigned char *password);
01461 
01471     extern EVP_PKEY *CST_get_priv_key(CST * st, X509 * cert, 
01472                                       unsigned char *password);
01473 
01482     extern cst_t_seqnum CST_get_assigned_key(CST * st, const cst_t_seqnum certID);   
01483     
01493     extern EVP_PKEY * CST_get_priv_key_default(CST * st,
01494                                     char *email,
01495                                     unsigned char *password);
01496     
01501     extern int CST_set_folder(CST * st, const cst_t_seqnum certID, 
01502                               const cst_t_cert_folder f);
01503 
01508     extern cst_t_cert_folder CST_get_folder(CST * st, 
01509                                             const cst_t_seqnum certID);
01510 
01515     extern int CST_set_purpose(CST * st, 
01516                                const cst_t_seqnum certID,
01517                                const cst_t_cert_purpose p,
01518                                const int value);
01519 
01525     extern int CST_is_purpose(CST * st, 
01526                               const cst_t_seqnum certID,
01527                               const cst_t_cert_purpose p);
01528 
01533     extern int CST_is_valid(CST * st, X509 * cert);
01534 
01539     extern int CST_is_valid_f(CST * st, FILE * file, GError **error);
01540     
01545     extern int CST_is_valid_f_DER(CST * st, FILE * file, GError **error);
01546     
01551     extern int CST_is_valid_for(CST * st, 
01552             X509 * cert, const cst_t_cert_purpose purpose);
01553     
01554 /* S/MIME Capabilities */
01555     
01560     extern int CST_set_capability(CST * st, 
01561             const cst_t_seqnum certID,
01562             ASN1_OBJECT * oid, 
01563             unsigned char *data, int data_length);
01564 
01565 
01570     extern unsigned char * CST_get_capability_data(CST * st, 
01571             const cst_t_seqnum certID, 
01572             ASN1_OBJECT * oid, int *data_length);
01573 
01578     extern CST_STACK_OF_ASN1_OBJECT * CST_get_capabilities(CST * st, 
01579             const cst_t_seqnum certID);
01580 
01585     extern int CST_is_capability(CST * st,
01586             const cst_t_seqnum certID, ASN1_OBJECT * oid);
01587 
01592     extern int CST_delete_capability(CST * st, 
01593             const cst_t_seqnum certID, 
01594             ASN1_OBJECT * oid);
01595 
01602     extern int CST_get_state(CST * st, X509 * cert);
01603 
01608     extern X509 * CST_get_cert(CST * st, const cst_t_seqnum certID);
01609 
01614     extern EVP_PKEY * CST_get_key(CST * st, const cst_t_seqnum keyID, 
01615             unsigned char *password);
01616 
01621     extern EVP_PKEY * CST_get_pub_key(CST * st, const cst_t_seqnum keyID);
01622 
01623 
01627     extern CST_STACK_OF_X509 * CST_all_CA();
01628     
01689 #ifdef __cplusplus
01690 }
01691 #endif
01692 #endif                          /* CST_H_ */
Generated on Fri Sep 28 12:57:35 2007 for Certman by  doxygen 1.5.1