aboutsummaryrefslogtreecommitdiff
path: root/lib/hx509/hx509-protos.h
diff options
context:
space:
mode:
Diffstat (limited to 'lib/hx509/hx509-protos.h')
-rw-r--r--lib/hx509/hx509-protos.h3154
1 files changed, 0 insertions, 3154 deletions
diff --git a/lib/hx509/hx509-protos.h b/lib/hx509/hx509-protos.h
deleted file mode 100644
index ed9bfb552db3..000000000000
--- a/lib/hx509/hx509-protos.h
+++ /dev/null
@@ -1,3154 +0,0 @@
-/* This is a generated file */
-#ifndef __hx509_protos_h__
-#define __hx509_protos_h__
-#ifndef DOXY
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HX509_LIB
-#ifndef HX509_LIB_FUNCTION
-#if defined(_WIN32)
-#define HX509_LIB_FUNCTION __declspec(dllimport)
-#define HX509_LIB_CALL __stdcall
-#define HX509_LIB_VARIABLE __declspec(dllimport)
-#else
-#define HX509_LIB_FUNCTION
-#define HX509_LIB_CALL
-#define HX509_LIB_VARIABLE
-#endif
-#endif
-#endif
-/**
- * Print a bitstring using a hx509_vprint_func function. To print to
- * stdout use hx509_print_stdout().
- *
- * @param b bit string to print.
- * @param func hx509_vprint_func to print with.
- * @param ctx context variable to hx509_vprint_func function.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_bitstring_print (
- const heim_bit_string */*b*/,
- hx509_vprint_func /*func*/,
- void */*ctx*/);
-
-/**
- * Sign a to-be-signed certificate object with a issuer certificate.
- *
- * The caller needs to at least have called the following functions on the
- * to-be-signed certificate object:
- * - hx509_ca_tbs_init()
- * - hx509_ca_tbs_set_subject()
- * - hx509_ca_tbs_set_spki()
- *
- * When done the to-be-signed certificate object should be freed with
- * hx509_ca_tbs_free().
- *
- * When creating self-signed certificate use hx509_ca_sign_self() instead.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param signer the CA certificate object to sign with (need private key).
- * @param certificate return cerificate, free with hx509_cert_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_sign (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- hx509_cert /*signer*/,
- hx509_cert */*certificate*/);
-
-/**
- * Work just like hx509_ca_sign() but signs it-self.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param signer private key to sign with.
- * @param certificate return cerificate, free with hx509_cert_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_sign_self (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- hx509_private_key /*signer*/,
- hx509_cert */*certificate*/);
-
-/**
- * Add CRL distribution point URI to the to-be-signed certificate
- * object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param uri uri to the CRL.
- * @param issuername name of the issuer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_crl_dp_uri (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const char */*uri*/,
- hx509_name /*issuername*/);
-
-/**
- * An an extended key usage to the to-be-signed certificate object.
- * Duplicates will detected and not added.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param oid extended key usage to add.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_eku (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const heim_oid */*oid*/);
-
-/**
- * Add a Subject Alternative Name hostname to to-be-signed certificate
- * object. A domain match starts with ., an exact match does not.
- *
- * Example of a an domain match: .domain.se matches the hostname
- * host.domain.se.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param dnsname a hostame.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_hostname (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const char */*dnsname*/);
-
-/**
- * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
- * certificate object. The jid is an UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param jid string of an a jabber id in UTF8.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_jid (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const char */*jid*/);
-
-/**
- * Add Microsoft UPN Subject Alternative Name to the to-be-signed
- * certificate object. The principal string is a UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param principal Microsoft UPN string.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_ms_upn (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const char */*principal*/);
-
-/**
- * Add Subject Alternative Name otherName to the to-be-signed
- * certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param oid the oid of the OtherName.
- * @param os data in the other name.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_otherName (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const heim_oid */*oid*/,
- const heim_octet_string */*os*/);
-
-/**
- * Add Kerberos Subject Alternative Name to the to-be-signed
- * certificate object. The principal string is a UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param principal Kerberos principal to add to the certificate.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_pkinit (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const char */*principal*/);
-
-/**
- * Add a Subject Alternative Name rfc822 (email address) to
- * to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param rfc822Name a string to a email address.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_rfc822name (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const char */*rfc822Name*/);
-
-/**
- * Free an To Be Signed object.
- *
- * @param tbs object to free.
- *
- * @ingroup hx509_ca
- */
-
-void
-hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/);
-
-/**
- * Allocate an to-be-signed certificate object that will be converted
- * into an certificate.
- *
- * @param context A hx509 context.
- * @param tbs returned to-be-signed certicate object, free with
- * hx509_ca_tbs_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_init (
- hx509_context /*context*/,
- hx509_ca_tbs */*tbs*/);
-
-/**
- * Make the to-be-signed certificate object a CA certificate. If the
- * pathLenConstraint is negative path length constraint is used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param pathLenConstraint path length constraint, negative, no
- * constraint.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_ca (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- int /*pathLenConstraint*/);
-
-/**
- * Make the to-be-signed certificate object a windows domain controller certificate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_domaincontroller (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/);
-
-/**
- * Set the absolute time when the certificate is valid to.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param t time when the certificate will expire
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notAfter (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- time_t /*t*/);
-
-/**
- * Set the relative time when the certificiate is going to expire.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param delta seconds to the certificate is going to expire.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notAfter_lifetime (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- time_t /*delta*/);
-
-/**
- * Set the absolute time when the certificate is valid from. If not
- * set the current time will be used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param t time the certificated will start to be valid
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notBefore (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- time_t /*t*/);
-
-/**
- * Make the to-be-signed certificate object a proxy certificate. If the
- * pathLenConstraint is negative path length constraint is used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param pathLenConstraint path length constraint, negative, no
- * constraint.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_proxy (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- int /*pathLenConstraint*/);
-
-/**
- * Set the serial number to use for to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param serialNumber serial number to use for the to-be-signed
- * certificate object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_serialnumber (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const heim_integer */*serialNumber*/);
-
-/**
- * Set signature algorithm on the to be signed certificate
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param sigalg signature algorithm to use
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_signature_algorithm (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const AlgorithmIdentifier */*sigalg*/);
-
-/**
- * Set the subject public key info (SPKI) in the to-be-signed certificate
- * object. SPKI is the public key and key related parameters in the
- * certificate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param spki subject public key info to use for the to-be-signed certificate object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_spki (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const SubjectPublicKeyInfo */*spki*/);
-
-/**
- * Set the subject name of a to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param subject the name to set a subject.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_subject (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- hx509_name /*subject*/);
-
-/**
- * Initialize the to-be-signed certificate object from a template certifiate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param flags bit field selecting what to copy from the template
- * certifiate.
- * @param cert template certificate.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_template (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- int /*flags*/,
- hx509_cert /*cert*/);
-
-/**
- * Set the issuerUniqueID and subjectUniqueID
- *
- * These are only supposed to be used considered with version 2
- * certificates, replaced by the two extensions SubjectKeyIdentifier
- * and IssuerKeyIdentifier. This function is to allow application
- * using legacy protocol to issue them.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param issuerUniqueID to be set
- * @param subjectUniqueID to be set
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_unique (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- const heim_bit_string */*subjectUniqueID*/,
- const heim_bit_string */*issuerUniqueID*/);
-
-/**
- * Expand the the subject name in the to-be-signed certificate object
- * using hx509_name_expand().
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param env environment variable to expand variables in the subject
- * name, see hx509_env_init().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_subject_expand (
- hx509_context /*context*/,
- hx509_ca_tbs /*tbs*/,
- hx509_env /*env*/);
-
-/**
- * Make of template units, use to build flags argument to
- * hx509_ca_tbs_set_template() with parse_units().
- *
- * @return an units structure.
- *
- * @ingroup hx509_ca
- */
-
-const struct units *
-hx509_ca_tbs_template_units (void);
-
-/**
- * Encodes the hx509 certificate as a DER encode binary.
- *
- * @param context A hx509 context.
- * @param c the certificate to encode.
- * @param os the encode certificate, set to NULL, 0 on case of
- * error. Free the os->data with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_binary (
- hx509_context /*context*/,
- hx509_cert /*c*/,
- heim_octet_string */*os*/);
-
-/**
- * Check the extended key usage on the hx509 certificate.
- *
- * @param context A hx509 context.
- * @param cert A hx509 context.
- * @param eku the EKU to check for
- * @param allow_any_eku if the any EKU is set, allow that to be a
- * substitute.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_check_eku (
- hx509_context /*context*/,
- hx509_cert /*cert*/,
- const heim_oid */*eku*/,
- int /*allow_any_eku*/);
-
-/**
- * Compare to hx509 certificate object, useful for sorting.
- *
- * @param p a hx509 certificate object.
- * @param q a hx509 certificate object.
- *
- * @return 0 the objects are the same, returns > 0 is p is "larger"
- * then q, < 0 if p is "smaller" then q.
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_cmp (
- hx509_cert /*p*/,
- hx509_cert /*q*/);
-
-/**
- * Return a list of subjectAltNames specified by oid in the
- * certificate. On error the
- *
- * The returned list of octet string should be freed with
- * hx509_free_octet_string_list().
- *
- * @param context A hx509 context.
- * @param cert a hx509 certificate object.
- * @param oid an oid to for SubjectAltName.
- * @param list list of matching SubjectAltName.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_find_subjectAltName_otherName (
- hx509_context /*context*/,
- hx509_cert /*cert*/,
- const heim_oid */*oid*/,
- hx509_octet_string_list */*list*/);
-
-/**
- * Free reference to the hx509 certificate object, if the refcounter
- * reaches 0, the object if freed. Its allowed to pass in NULL.
- *
- * @param cert the cert to free.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_cert_free (hx509_cert /*cert*/);
-
-/**
- * Get the SubjectPublicKeyInfo structure from the hx509 certificate.
- *
- * @param context a hx509 context.
- * @param p a hx509 certificate object.
- * @param spki SubjectPublicKeyInfo, should be freed with
- * free_SubjectPublicKeyInfo().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_SPKI (
- hx509_context /*context*/,
- hx509_cert /*p*/,
- SubjectPublicKeyInfo */*spki*/);
-
-/**
- * Get the AlgorithmIdentifier from the hx509 certificate.
- *
- * @param context a hx509 context.
- * @param p a hx509 certificate object.
- * @param alg AlgorithmIdentifier, should be freed with
- * free_AlgorithmIdentifier(). The algorithmidentifier is
- * typicly rsaEncryption, or id-ecPublicKey, or some other
- * public key mechanism.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_SPKI_AlgorithmIdentifier (
- hx509_context /*context*/,
- hx509_cert /*p*/,
- AlgorithmIdentifier */*alg*/);
-
-/**
- * Get an external attribute for the certificate, examples are
- * friendly name and id.
- *
- * @param cert hx509 certificate object to search
- * @param oid an oid to search for.
- *
- * @return an hx509_cert_attribute, only valid as long as the
- * certificate is referenced.
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert_attribute
-hx509_cert_get_attribute (
- hx509_cert /*cert*/,
- const heim_oid */*oid*/);
-
-/**
- * Return the name of the base subject of the hx509 certificate. If
- * the certiicate is a verified proxy certificate, the this function
- * return the base certificate (root of the proxy chain). If the proxy
- * certificate is not verified with the base certificate
- * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.
- *
- * @param context a hx509 context.
- * @param c a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free(). See also hx509_cert_get_subject().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_base_subject (
- hx509_context /*context*/,
- hx509_cert /*c*/,
- hx509_name */*name*/);
-
-/**
- * Get friendly name of the certificate.
- *
- * @param cert cert to get the friendly name from.
- *
- * @return an friendly name or NULL if there is. The friendly name is
- * only valid as long as the certificate is referenced.
- *
- * @ingroup hx509_cert
- */
-
-const char *
-hx509_cert_get_friendly_name (hx509_cert /*cert*/);
-
-/**
- * Return the name of the issuer of the hx509 certificate.
- *
- * @param p a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_issuer (
- hx509_cert /*p*/,
- hx509_name */*name*/);
-
-/**
- * Get a copy of the Issuer Unique ID
- *
- * @param context a hx509_context
- * @param p a hx509 certificate
- * @param issuer the issuer id returned, free with der_free_bit_string()
- *
- * @return An hx509 error code, see hx509_get_error_string(). The
- * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate
- * doesn't have a issuerUniqueID
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_issuer_unique_id (
- hx509_context /*context*/,
- hx509_cert /*p*/,
- heim_bit_string */*issuer*/);
-
-/**
- * Get notAfter time of the certificate.
- *
- * @param p a hx509 certificate object.
- *
- * @return return not after time.
- *
- * @ingroup hx509_cert
- */
-
-time_t
-hx509_cert_get_notAfter (hx509_cert /*p*/);
-
-/**
- * Get notBefore time of the certificate.
- *
- * @param p a hx509 certificate object.
- *
- * @return return not before time
- *
- * @ingroup hx509_cert
- */
-
-time_t
-hx509_cert_get_notBefore (hx509_cert /*p*/);
-
-/**
- * Get serial number of the certificate.
- *
- * @param p a hx509 certificate object.
- * @param i serial number, should be freed ith der_free_heim_integer().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_serialnumber (
- hx509_cert /*p*/,
- heim_integer */*i*/);
-
-/**
- * Return the name of the subject of the hx509 certificate.
- *
- * @param p a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free(). See also hx509_cert_get_base_subject().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_subject (
- hx509_cert /*p*/,
- hx509_name */*name*/);
-
-/**
- * Get a copy of the Subect Unique ID
- *
- * @param context a hx509_context
- * @param p a hx509 certificate
- * @param subject the subject id returned, free with der_free_bit_string()
- *
- * @return An hx509 error code, see hx509_get_error_string(). The
- * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate
- * doesn't have a subjectUniqueID
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_subject_unique_id (
- hx509_context /*context*/,
- hx509_cert /*p*/,
- heim_bit_string */*subject*/);
-
-int
-hx509_cert_have_private_key (hx509_cert /*p*/);
-
-/**
- * Allocate and init an hx509 certificate object from the decoded
- * certificate `c´.
- *
- * @param context A hx509 context.
- * @param c
- * @param error
- *
- * @return Returns an hx509 certificate
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert
-hx509_cert_init (
- hx509_context /*context*/,
- const Certificate */*c*/,
- heim_error_t */*error*/);
-
-/**
- * Just like hx509_cert_init(), but instead of a decode certificate
- * takes an pointer and length to a memory region that contains a
- * DER/BER encoded certificate.
- *
- * If the memory region doesn't contain just the certificate and
- * nothing more the function will fail with
- * HX509_EXTRA_DATA_AFTER_STRUCTURE.
- *
- * @param context A hx509 context.
- * @param ptr pointer to memory region containing encoded certificate.
- * @param len length of memory region.
- * @param error possibly returns an error
- *
- * @return An hx509 certificate
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert
-hx509_cert_init_data (
- hx509_context /*context*/,
- const void */*ptr*/,
- size_t /*len*/,
- heim_error_t */*error*/);
-
-/**
- * Print certificate usage for a certificate to a string.
- *
- * @param context A hx509 context.
- * @param c a certificate print the keyusage for.
- * @param s the return string with the keysage printed in to, free
- * with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_cert_keyusage_print (
- hx509_context /*context*/,
- hx509_cert /*c*/,
- char **/*s*/);
-
-int
-hx509_cert_public_encrypt (
- hx509_context /*context*/,
- const heim_octet_string */*cleartext*/,
- const hx509_cert /*p*/,
- heim_oid */*encryption_oid*/,
- heim_octet_string */*ciphertext*/);
-
-/**
- * Add a reference to a hx509 certificate object.
- *
- * @param cert a pointer to an hx509 certificate object.
- *
- * @return the same object as is passed in.
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert
-hx509_cert_ref (hx509_cert /*cert*/);
-
-/**
- * Set the friendly name on the certificate.
- *
- * @param cert The certificate to set the friendly name on
- * @param name Friendly name.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_set_friendly_name (
- hx509_cert /*cert*/,
- const char */*name*/);
-
-/**
- * Add a certificate to the certificiate store.
- *
- * The receiving keyset certs will either increase reference counter
- * of the cert or make a deep copy, either way, the caller needs to
- * free the cert itself.
- *
- * @param context a hx509 context.
- * @param certs certificate store to add the certificate to.
- * @param cert certificate to add.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_add (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- hx509_cert /*cert*/);
-
-/**
- * Same a hx509_certs_merge() but use a lock and name to describe the
- * from source.
- *
- * @param context a hx509 context.
- * @param to the store to merge into.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- * @param name name of the source store
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_append (
- hx509_context /*context*/,
- hx509_certs /*to*/,
- hx509_lock /*lock*/,
- const char */*name*/);
-
-/**
- * End the iteration over certificates.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param cursor cursor that will keep track of progress, freed.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_end_seq (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- hx509_cursor /*cursor*/);
-
-/**
- * Filter certificate matching the query.
- *
- * @param context a hx509 context.
- * @param certs certificate store to search.
- * @param q query allocated with @ref hx509_query functions.
- * @param result the filtered certificate store, caller must free with
- * hx509_certs_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_filter (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- const hx509_query */*q*/,
- hx509_certs */*result*/);
-
-/**
- * Find a certificate matching the query.
- *
- * @param context a hx509 context.
- * @param certs certificate store to search.
- * @param q query allocated with @ref hx509_query functions.
- * @param r return certificate (or NULL on error), should be freed
- * with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_find (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- const hx509_query */*q*/,
- hx509_cert */*r*/);
-
-/**
- * Free a certificate store.
- *
- * @param certs certificate store to free.
- *
- * @ingroup hx509_keyset
- */
-
-void
-hx509_certs_free (hx509_certs */*certs*/);
-
-/**
- * Print some info about the certificate store.
- *
- * @param context a hx509 context.
- * @param certs certificate store to print information about.
- * @param func function that will get each line of the information, if
- * NULL is used the data is printed on a FILE descriptor that should
- * be passed in ctx, if ctx also is NULL, stdout is used.
- * @param ctx parameter to func.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_info (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- int (*/*func*/)(void *, const char *),
- void */*ctx*/);
-
-/**
- * Open or creates a new hx509 certificate store.
- *
- * @param context A hx509 context
- * @param name name of the store, format is TYPE:type-specific-string,
- * if NULL is used the MEMORY store is used.
- * @param flags list of flags:
- * - HX509_CERTS_CREATE create a new keystore of the specific TYPE.
- * - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- * @param certs return pointer, free with hx509_certs_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_init (
- hx509_context /*context*/,
- const char */*name*/,
- int /*flags*/,
- hx509_lock /*lock*/,
- hx509_certs */*certs*/);
-
-/**
- * Iterate over all certificates in a keystore and call a block
- * for each of them.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param func block to call for each certificate. The function
- * should return non-zero to abort the iteration, that value is passed
- * back to the caller of hx509_certs_iter().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-#ifdef __BLOCKS__
-int
-hx509_certs_iter (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- int (^func)(hx509_cert));
-#endif /* __BLOCKS__ */
-
-/**
- * Iterate over all certificates in a keystore and call a function
- * for each of them.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param func function to call for each certificate. The function
- * should return non-zero to abort the iteration, that value is passed
- * back to the caller of hx509_certs_iter_f().
- * @param ctx context variable that will passed to the function.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_iter_f (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- int (*/*func*/)(hx509_context, void *, hx509_cert),
- void */*ctx*/);
-
-/**
- * Merge a certificate store into another. The from store is keep
- * intact.
- *
- * @param context a hx509 context.
- * @param to the store to merge into.
- * @param from the store to copy the object from.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_merge (
- hx509_context /*context*/,
- hx509_certs /*to*/,
- hx509_certs /*from*/);
-
-/**
- * Get next ceritificate from the certificate keystore pointed out by
- * cursor.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param cursor cursor that keeps track of progress.
- * @param cert return certificate next in store, NULL if the store
- * contains no more certificates. Free with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_next_cert (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- hx509_cursor /*cursor*/,
- hx509_cert */*cert*/);
-
-hx509_certs
-hx509_certs_ref (hx509_certs /*certs*/);
-
-/**
- * Start the integration
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over
- * @param cursor cursor that will keep track of progress, free with
- * hx509_certs_end_seq().
- *
- * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is
- * returned if the certificate store doesn't support the iteration
- * operation.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_start_seq (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- hx509_cursor */*cursor*/);
-
-/**
- * Write the certificate store to stable storage.
- *
- * @param context A hx509 context.
- * @param certs a certificate store to store.
- * @param flags currently unused, use 0.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- *
- * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if
- * the certificate store doesn't support the store operation.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_store (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- int /*flags*/,
- hx509_lock /*lock*/);
-
-/**
- * Function to use to hx509_certs_iter_f() as a function argument, the
- * ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
- *
- * @param context a hx509 context.
- * @param ctx used by hx509_certs_iter_f().
- * @param c a certificate
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_ci_print_names (
- hx509_context /*context*/,
- void */*ctx*/,
- hx509_cert /*c*/);
-
-/**
- * Resets the error strings the hx509 context.
- *
- * @param context A hx509 context.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_clear_error_string (hx509_context /*context*/);
-
-int
-hx509_cms_create_signed (
- hx509_context /*context*/,
- int /*flags*/,
- const heim_oid */*eContentType*/,
- const void */*data*/,
- size_t /*length*/,
- const AlgorithmIdentifier */*digest_alg*/,
- hx509_certs /*certs*/,
- hx509_peer_info /*peer*/,
- hx509_certs /*anchors*/,
- hx509_certs /*pool*/,
- heim_octet_string */*signed_data*/);
-
-/**
- * Decode SignedData and verify that the signature is correct.
- *
- * @param context A hx509 context.
- * @param flags
- * @param eContentType the type of the data.
- * @param data data to sign
- * @param length length of the data that data point to.
- * @param digest_alg digest algorithm to use, use NULL to get the
- * default or the peer determined algorithm.
- * @param cert certificate to use for sign the data.
- * @param peer info about the peer the message to send the message to,
- * like what digest algorithm to use.
- * @param anchors trust anchors that the client will use, used to
- * polulate the certificates included in the message
- * @param pool certificates to use in try to build the path to the
- * trust anchors.
- * @param signed_data the output of the function, free with
- * der_free_octet_string().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_create_signed_1 (
- hx509_context /*context*/,
- int /*flags*/,
- const heim_oid */*eContentType*/,
- const void */*data*/,
- size_t /*length*/,
- const AlgorithmIdentifier */*digest_alg*/,
- hx509_cert /*cert*/,
- hx509_peer_info /*peer*/,
- hx509_certs /*anchors*/,
- hx509_certs /*pool*/,
- heim_octet_string */*signed_data*/);
-
-/**
- * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
- * signatures).
- */
-
-int
-hx509_cms_decrypt_encrypted (
- hx509_context /*context*/,
- hx509_lock /*lock*/,
- const void */*data*/,
- size_t /*length*/,
- heim_oid */*contentType*/,
- heim_octet_string */*content*/);
-
-/**
- * Encrypt end encode EnvelopedData.
- *
- * Encrypt and encode EnvelopedData. The data is encrypted with a
- * random key and the the random key is encrypted with the
- * certificates private key. This limits what private key type can be
- * used to RSA.
- *
- * @param context A hx509 context.
- * @param flags flags to control the behavior.
- * - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate
- * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
- * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
- * @param cert Certificate to encrypt the EnvelopedData encryption key
- * with.
- * @param data pointer the data to encrypt.
- * @param length length of the data that data point to.
- * @param encryption_type Encryption cipher to use for the bulk data,
- * use NULL to get default.
- * @param contentType type of the data that is encrypted
- * @param content the output of the function,
- * free with der_free_octet_string().
- *
- * @return an hx509 error code.
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_envelope_1 (
- hx509_context /*context*/,
- int /*flags*/,
- hx509_cert /*cert*/,
- const void */*data*/,
- size_t /*length*/,
- const heim_oid */*encryption_type*/,
- const heim_oid */*contentType*/,
- heim_octet_string */*content*/);
-
-/**
- * Decode and unencrypt EnvelopedData.
- *
- * Extract data and parameteres from from the EnvelopedData. Also
- * supports using detached EnvelopedData.
- *
- * @param context A hx509 context.
- * @param certs Certificate that can decrypt the EnvelopedData
- * encryption key.
- * @param flags HX509_CMS_UE flags to control the behavior.
- * @param data pointer the structure the contains the DER/BER encoded
- * EnvelopedData stucture.
- * @param length length of the data that data point to.
- * @param encryptedContent in case of detached signature, this
- * contains the actual encrypted data, othersize its should be NULL.
- * @param time_now set the current time, if zero the library uses now as the date.
- * @param contentType output type oid, should be freed with der_free_oid().
- * @param content the data, free with der_free_octet_string().
- *
- * @return an hx509 error code.
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_unenvelope (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- int /*flags*/,
- const void */*data*/,
- size_t /*length*/,
- const heim_octet_string */*encryptedContent*/,
- time_t /*time_now*/,
- heim_oid */*contentType*/,
- heim_octet_string */*content*/);
-
-/**
- * Decode an ContentInfo and unwrap data and oid it.
- *
- * @param in the encoded buffer.
- * @param oid type of the content.
- * @param out data to be wrapped.
- * @param have_data since the data is optional, this flags show dthe
- * diffrence between no data and the zero length data.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_unwrap_ContentInfo (
- const heim_octet_string */*in*/,
- heim_oid */*oid*/,
- heim_octet_string */*out*/,
- int */*have_data*/);
-
-/**
- * Decode SignedData and verify that the signature is correct.
- *
- * @param context A hx509 context.
- * @param ctx a hx509 verify context.
- * @param flags to control the behaivor of the function.
- * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
- * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
- * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
- * @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
- * @param signedContent external data used for signature.
- * @param pool certificate pool to build certificates paths.
- * @param contentType free with der_free_oid().
- * @param content the output of the function, free with
- * der_free_octet_string().
- * @param signer_certs list of the cerficates used to sign this
- * request, free with hx509_certs_free().
- *
- * @return an hx509 error code.
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_verify_signed (
- hx509_context /*context*/,
- hx509_verify_ctx /*ctx*/,
- unsigned int /*flags*/,
- const void */*data*/,
- size_t /*length*/,
- const heim_octet_string */*signedContent*/,
- hx509_certs /*pool*/,
- heim_oid */*contentType*/,
- heim_octet_string */*content*/,
- hx509_certs */*signer_certs*/);
-
-/**
- * Wrap data and oid in a ContentInfo and encode it.
- *
- * @param oid type of the content.
- * @param buf data to be wrapped. If a NULL pointer is passed in, the
- * optional content field in the ContentInfo is not going be filled
- * in.
- * @param res the encoded buffer, the result should be freed with
- * der_free_octet_string().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_wrap_ContentInfo (
- const heim_oid */*oid*/,
- const heim_octet_string */*buf*/,
- heim_octet_string */*res*/);
-
-/**
- * Free the context allocated by hx509_context_init().
- *
- * @param context context to be freed.
- *
- * @ingroup hx509
- */
-
-void
-hx509_context_free (hx509_context */*context*/);
-
-/**
- * Creates a hx509 context that most functions in the library
- * uses. The context is only allowed to be used by one thread at each
- * moment. Free the context with hx509_context_free().
- *
- * @param context Returns a pointer to new hx509 context.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509
- */
-
-int
-hx509_context_init (hx509_context */*context*/);
-
-/**
- * Selects if the hx509_revoke_verify() function is going to require
- * the existans of a revokation method (OCSP, CRL) or not. Note that
- * hx509_verify_path(), hx509_cms_verify_signed(), and other function
- * call hx509_revoke_verify().
- *
- * @param context hx509 context to change the flag for.
- * @param flag zero, revokation method required, non zero missing
- * revokation method ok
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_context_set_missing_revoke (
- hx509_context /*context*/,
- int /*flag*/);
-
-/**
- * Add revoked certificate to an CRL context.
- *
- * @param context a hx509 context.
- * @param crl the CRL to add the revoked certificate to.
- * @param certs keyset of certificate to revoke.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_add_revoked_certs (
- hx509_context /*context*/,
- hx509_crl /*crl*/,
- hx509_certs /*certs*/);
-
-/**
- * Create a CRL context. Use hx509_crl_free() to free the CRL context.
- *
- * @param context a hx509 context.
- * @param crl return pointer to a newly allocated CRL context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_alloc (
- hx509_context /*context*/,
- hx509_crl */*crl*/);
-
-/**
- * Free a CRL context.
- *
- * @param context a hx509 context.
- * @param crl a CRL context to free.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_crl_free (
- hx509_context /*context*/,
- hx509_crl */*crl*/);
-
-/**
- * Set the lifetime of a CRL context.
- *
- * @param context a hx509 context.
- * @param crl a CRL context
- * @param delta delta time the certificate is valid, library adds the
- * current time to this.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_lifetime (
- hx509_context /*context*/,
- hx509_crl /*crl*/,
- int /*delta*/);
-
-/**
- * Sign a CRL and return an encode certificate.
- *
- * @param context a hx509 context.
- * @param signer certificate to sign the CRL with
- * @param crl the CRL to sign
- * @param os return the signed and encoded CRL, free with
- * free_heim_octet_string()
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_sign (
- hx509_context /*context*/,
- hx509_cert /*signer*/,
- hx509_crl /*crl*/,
- heim_octet_string */*os*/);
-
-const AlgorithmIdentifier *
-hx509_crypto_aes128_cbc (void);
-
-const AlgorithmIdentifier *
-hx509_crypto_aes256_cbc (void);
-
-void
-hx509_crypto_allow_weak (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_available (
- hx509_context /*context*/,
- int /*type*/,
- hx509_cert /*source*/,
- AlgorithmIdentifier **/*val*/,
- unsigned int */*plen*/);
-
-int
-hx509_crypto_decrypt (
- hx509_crypto /*crypto*/,
- const void */*data*/,
- const size_t /*length*/,
- heim_octet_string */*ivec*/,
- heim_octet_string */*clear*/);
-
-const AlgorithmIdentifier *
-hx509_crypto_des_rsdi_ede3_cbc (void);
-
-void
-hx509_crypto_destroy (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_encrypt (
- hx509_crypto /*crypto*/,
- const void */*data*/,
- const size_t /*length*/,
- const heim_octet_string */*ivec*/,
- heim_octet_string **/*ciphertext*/);
-
-const heim_oid *
-hx509_crypto_enctype_by_name (const char */*name*/);
-
-void
-hx509_crypto_free_algs (
- AlgorithmIdentifier */*val*/,
- unsigned int /*len*/);
-
-int
-hx509_crypto_get_params (
- hx509_context /*context*/,
- hx509_crypto /*crypto*/,
- const heim_octet_string */*ivec*/,
- heim_octet_string */*param*/);
-
-int
-hx509_crypto_init (
- hx509_context /*context*/,
- const char */*provider*/,
- const heim_oid */*enctype*/,
- hx509_crypto */*crypto*/);
-
-const char *
-hx509_crypto_provider (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_random_iv (
- hx509_crypto /*crypto*/,
- heim_octet_string */*ivec*/);
-
-int
-hx509_crypto_select (
- const hx509_context /*context*/,
- int /*type*/,
- const hx509_private_key /*source*/,
- hx509_peer_info /*peer*/,
- AlgorithmIdentifier */*selected*/);
-
-int
-hx509_crypto_set_key_data (
- hx509_crypto /*crypto*/,
- const void */*data*/,
- size_t /*length*/);
-
-int
-hx509_crypto_set_key_name (
- hx509_crypto /*crypto*/,
- const char */*name*/);
-
-void
-hx509_crypto_set_padding (
- hx509_crypto /*crypto*/,
- int /*padding_type*/);
-
-int
-hx509_crypto_set_params (
- hx509_context /*context*/,
- hx509_crypto /*crypto*/,
- const heim_octet_string */*param*/,
- heim_octet_string */*ivec*/);
-
-int
-hx509_crypto_set_random_key (
- hx509_crypto /*crypto*/,
- heim_octet_string */*key*/);
-
-/**
- * Add a new key/value pair to the hx509_env.
- *
- * @param context A hx509 context.
- * @param env environment to add the environment variable too.
- * @param key key to add
- * @param value value to add
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_env
- */
-
-int
-hx509_env_add (
- hx509_context /*context*/,
- hx509_env */*env*/,
- const char */*key*/,
- const char */*value*/);
-
-/**
- * Add a new key/binding pair to the hx509_env.
- *
- * @param context A hx509 context.
- * @param env environment to add the environment variable too.
- * @param key key to add
- * @param list binding list to add
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_env
- */
-
-int
-hx509_env_add_binding (
- hx509_context /*context*/,
- hx509_env */*env*/,
- const char */*key*/,
- hx509_env /*list*/);
-
-/**
- * Search the hx509_env for a key.
- *
- * @param context A hx509 context.
- * @param env environment to add the environment variable too.
- * @param key key to search for.
- *
- * @return the value if the key is found, NULL otherwise.
- *
- * @ingroup hx509_env
- */
-
-const char *
-hx509_env_find (
- hx509_context /*context*/,
- hx509_env /*env*/,
- const char */*key*/);
-
-/**
- * Search the hx509_env for a binding.
- *
- * @param context A hx509 context.
- * @param env environment to add the environment variable too.
- * @param key key to search for.
- *
- * @return the binding if the key is found, NULL if not found.
- *
- * @ingroup hx509_env
- */
-
-hx509_env
-hx509_env_find_binding (
- hx509_context /*context*/,
- hx509_env /*env*/,
- const char */*key*/);
-
-/**
- * Free an hx509_env environment context.
- *
- * @param env the environment to free.
- *
- * @ingroup hx509_env
- */
-
-void
-hx509_env_free (hx509_env */*env*/);
-
-/**
- * Search the hx509_env for a length based key.
- *
- * @param context A hx509 context.
- * @param env environment to add the environment variable too.
- * @param key key to search for.
- * @param len length of key.
- *
- * @return the value if the key is found, NULL otherwise.
- *
- * @ingroup hx509_env
- */
-
-const char *
-hx509_env_lfind (
- hx509_context /*context*/,
- hx509_env /*env*/,
- const char */*key*/,
- size_t /*len*/);
-
-/**
- * Print error message and fatally exit from error code
- *
- * @param context A hx509 context.
- * @param exit_code exit() code from process.
- * @param error_code Error code for the reason to exit.
- * @param fmt format string with the exit message.
- * @param ... argument to format string.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_err (
- hx509_context /*context*/,
- int /*exit_code*/,
- int /*error_code*/,
- const char */*fmt*/,
- ...);
-
-hx509_private_key_ops *
-hx509_find_private_alg (const heim_oid */*oid*/);
-
-/**
- * Free error string returned by hx509_get_error_string().
- *
- * @param str error string to free.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_free_error_string (char */*str*/);
-
-/**
- * Free a list of octet strings returned by another hx509 library
- * function.
- *
- * @param list list to be freed.
- *
- * @ingroup hx509_misc
- */
-
-void
-hx509_free_octet_string_list (hx509_octet_string_list */*list*/);
-
-/**
- * Unparse the hx509 name in name into a string.
- *
- * @param name the name to print
- * @param str an allocated string returns the name in string form
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_general_name_unparse (
- GeneralName */*name*/,
- char **/*str*/);
-
-/**
- * Get an error string from context associated with error_code.
- *
- * @param context A hx509 context.
- * @param error_code Get error message for this error code.
- *
- * @return error string, free with hx509_free_error_string().
- *
- * @ingroup hx509_error
- */
-
-char *
-hx509_get_error_string (
- hx509_context /*context*/,
- int /*error_code*/);
-
-/**
- * Get one random certificate from the certificate store.
- *
- * @param context a hx509 context.
- * @param certs a certificate store to get the certificate from.
- * @param c return certificate, should be freed with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_get_one_cert (
- hx509_context /*context*/,
- hx509_certs /*certs*/,
- hx509_cert */*c*/);
-
-int
-hx509_lock_add_cert (
- hx509_context /*context*/,
- hx509_lock /*lock*/,
- hx509_cert /*cert*/);
-
-int
-hx509_lock_add_certs (
- hx509_context /*context*/,
- hx509_lock /*lock*/,
- hx509_certs /*certs*/);
-
-int
-hx509_lock_add_password (
- hx509_lock /*lock*/,
- const char */*password*/);
-
-int
-hx509_lock_command_string (
- hx509_lock /*lock*/,
- const char */*string*/);
-
-void
-hx509_lock_free (hx509_lock /*lock*/);
-
-/**
- * @page page_lock Locking and unlocking certificates and encrypted data.
- *
- * See the library functions here: @ref hx509_lock
- */
-
-int
-hx509_lock_init (
- hx509_context /*context*/,
- hx509_lock */*lock*/);
-
-int
-hx509_lock_prompt (
- hx509_lock /*lock*/,
- hx509_prompt */*prompt*/);
-
-void
-hx509_lock_reset_certs (
- hx509_context /*context*/,
- hx509_lock /*lock*/);
-
-void
-hx509_lock_reset_passwords (hx509_lock /*lock*/);
-
-void
-hx509_lock_reset_promper (hx509_lock /*lock*/);
-
-int
-hx509_lock_set_prompter (
- hx509_lock /*lock*/,
- hx509_prompter_fct /*prompt*/,
- void */*data*/);
-
-/**
- * Convert a hx509_name object to DER encoded name.
- *
- * @param name name to concert
- * @param os data to a DER encoded name, free the resulting octet
- * string with hx509_xfree(os->data).
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_binary (
- const hx509_name /*name*/,
- heim_octet_string */*os*/);
-
-/**
- * Compare to hx509 name object, useful for sorting.
- *
- * @param n1 a hx509 name object.
- * @param n2 a hx509 name object.
- *
- * @return 0 the objects are the same, returns > 0 is n2 is "larger"
- * then n2, < 0 if n1 is "smaller" then n2.
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_cmp (
- hx509_name /*n1*/,
- hx509_name /*n2*/);
-
-/**
- * Copy a hx509 name object.
- *
- * @param context A hx509 cotext.
- * @param from the name to copy from
- * @param to the name to copy to
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_copy (
- hx509_context /*context*/,
- const hx509_name /*from*/,
- hx509_name */*to*/);
-
-/**
- * Expands variables in the name using env. Variables are on the form
- * ${name}. Useful when dealing with certificate templates.
- *
- * @param context A hx509 cotext.
- * @param name the name to expand.
- * @param env environment variable to expand.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_expand (
- hx509_context /*context*/,
- hx509_name /*name*/,
- hx509_env /*env*/);
-
-/**
- * Free a hx509 name object, upond return *name will be NULL.
- *
- * @param name a hx509 name object to be freed.
- *
- * @ingroup hx509_name
- */
-
-void
-hx509_name_free (hx509_name */*name*/);
-
-/**
- * Unparse the hx509 name in name into a string.
- *
- * @param name the name to check if its empty/null.
- *
- * @return non zero if the name is empty/null.
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_is_null_p (const hx509_name /*name*/);
-
-int
-hx509_name_normalize (
- hx509_context /*context*/,
- hx509_name /*name*/);
-
-/**
- * Convert a hx509_name into a Name.
- *
- * @param from the name to copy from
- * @param to the name to copy to
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_to_Name (
- const hx509_name /*from*/,
- Name */*to*/);
-
-/**
- * Convert the hx509 name object into a printable string.
- * The resulting string should be freed with free().
- *
- * @param name name to print
- * @param str the string to return
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_to_string (
- const hx509_name /*name*/,
- char **/*str*/);
-
-/**
- * Create an OCSP request for a set of certificates.
- *
- * @param context a hx509 context
- * @param reqcerts list of certificates to request ocsp data for
- * @param pool certificate pool to use when signing
- * @param signer certificate to use to sign the request
- * @param digest the signing algorithm in the request, if NULL use the
- * default signature algorithm,
- * @param request the encoded request, free with free_heim_octet_string().
- * @param nonce nonce in the request, free with free_heim_octet_string().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_ocsp_request (
- hx509_context /*context*/,
- hx509_certs /*reqcerts*/,
- hx509_certs /*pool*/,
- hx509_cert /*signer*/,
- const AlgorithmIdentifier */*digest*/,
- heim_octet_string */*request*/,
- heim_octet_string */*nonce*/);
-
-/**
- * Verify that the certificate is part of the OCSP reply and it's not
- * expired. Doesn't verify signature the OCSP reply or it's done by a
- * authorized sender, that is assumed to be already done.
- *
- * @param context a hx509 context
- * @param now the time right now, if 0, use the current time.
- * @param cert the certificate to verify
- * @param flags flags control the behavior
- * @param data pointer to the encode ocsp reply
- * @param length the length of the encode ocsp reply
- * @param expiration return the time the OCSP will expire and need to
- * be rechecked.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_ocsp_verify (
- hx509_context /*context*/,
- time_t /*now*/,
- hx509_cert /*cert*/,
- int /*flags*/,
- const void */*data*/,
- size_t /*length*/,
- time_t */*expiration*/);
-
-/**
- * Print a oid using a hx509_vprint_func function. To print to stdout
- * use hx509_print_stdout().
- *
- * @param oid oid to print
- * @param func hx509_vprint_func to print with.
- * @param ctx context variable to hx509_vprint_func function.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_oid_print (
- const heim_oid */*oid*/,
- hx509_vprint_func /*func*/,
- void */*ctx*/);
-
-/**
- * Print a oid to a string.
- *
- * @param oid oid to print
- * @param str allocated string, free with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_oid_sprint (
- const heim_oid */*oid*/,
- char **/*str*/);
-
-/**
- * Parse a string into a hx509 name object.
- *
- * @param context A hx509 context.
- * @param str a string to parse.
- * @param name the resulting object, NULL in case of error.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_parse_name (
- hx509_context /*context*/,
- const char */*str*/,
- hx509_name */*name*/);
-
-int
-hx509_parse_private_key (
- hx509_context /*context*/,
- const AlgorithmIdentifier */*keyai*/,
- const void */*data*/,
- size_t /*len*/,
- hx509_key_format_t /*format*/,
- hx509_private_key */*private_key*/);
-
-/**
- * Add an additional algorithm that the peer supports.
- *
- * @param context A hx509 context.
- * @param peer the peer to set the new algorithms for
- * @param val an AlgorithmsIdentier to add
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_add_cms_alg (
- hx509_context /*context*/,
- hx509_peer_info /*peer*/,
- const AlgorithmIdentifier */*val*/);
-
-/**
- * Allocate a new peer info structure an init it to default values.
- *
- * @param context A hx509 context.
- * @param peer return an allocated peer, free with hx509_peer_info_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_alloc (
- hx509_context /*context*/,
- hx509_peer_info */*peer*/);
-
-/**
- * Free a peer info structure.
- *
- * @param peer peer info to be freed.
- *
- * @ingroup hx509_peer
- */
-
-void
-hx509_peer_info_free (hx509_peer_info /*peer*/);
-
-/**
- * Set the certificate that remote peer is using.
- *
- * @param peer peer info to update
- * @param cert cerificate of the remote peer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_set_cert (
- hx509_peer_info /*peer*/,
- hx509_cert /*cert*/);
-
-/**
- * Set the algorithms that the peer supports.
- *
- * @param context A hx509 context.
- * @param peer the peer to set the new algorithms for
- * @param val array of supported AlgorithmsIdentiers
- * @param len length of array val.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_set_cms_algs (
- hx509_context /*context*/,
- hx509_peer_info /*peer*/,
- const AlgorithmIdentifier */*val*/,
- size_t /*len*/);
-
-int
-hx509_pem_add_header (
- hx509_pem_header **/*headers*/,
- const char */*header*/,
- const char */*value*/);
-
-const char *
-hx509_pem_find_header (
- const hx509_pem_header */*h*/,
- const char */*header*/);
-
-void
-hx509_pem_free_header (hx509_pem_header */*headers*/);
-
-int
-hx509_pem_read (
- hx509_context /*context*/,
- FILE */*f*/,
- hx509_pem_read_func /*func*/,
- void */*ctx*/);
-
-int
-hx509_pem_write (
- hx509_context /*context*/,
- const char */*type*/,
- hx509_pem_header */*headers*/,
- FILE */*f*/,
- const void */*data*/,
- size_t /*size*/);
-
-/**
- * Print a simple representation of a certificate
- *
- * @param context A hx509 context, can be NULL
- * @param cert certificate to print
- * @param out the stdio output stream, if NULL, stdout is used
- *
- * @return An hx509 error code
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_print_cert (
- hx509_context /*context*/,
- hx509_cert /*cert*/,
- FILE */*out*/);
-
-/**
- * Helper function to print on stdout for:
- * - hx509_oid_print(),
- * - hx509_bitstring_print(),
- * - hx509_validate_ctx_set_print().
- *
- * @param ctx the context to the print function. If the ctx is NULL,
- * stdout is used.
- * @param fmt the printing format.
- * @param va the argumet list.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_print_stdout (
- void */*ctx*/,
- const char */*fmt*/,
- va_list /*va*/);
-
-int
-hx509_private_key2SPKI (
- hx509_context /*context*/,
- hx509_private_key /*private_key*/,
- SubjectPublicKeyInfo */*spki*/);
-
-void
-hx509_private_key_assign_rsa (
- hx509_private_key /*key*/,
- void */*ptr*/);
-
-int
-hx509_private_key_free (hx509_private_key */*key*/);
-
-int
-hx509_private_key_init (
- hx509_private_key */*key*/,
- hx509_private_key_ops */*ops*/,
- void */*keydata*/);
-
-int
-hx509_private_key_private_decrypt (
- hx509_context /*context*/,
- const heim_octet_string */*ciphertext*/,
- const heim_oid */*encryption_oid*/,
- hx509_private_key /*p*/,
- heim_octet_string */*cleartext*/);
-
-int
-hx509_prompt_hidden (hx509_prompt_type /*type*/);
-
-/**
- * Allocate an query controller. Free using hx509_query_free().
- *
- * @param context A hx509 context.
- * @param q return pointer to a hx509_query.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_alloc (
- hx509_context /*context*/,
- hx509_query **/*q*/);
-
-/**
- * Free the query controller.
- *
- * @param context A hx509 context.
- * @param q a pointer to the query controller.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_free (
- hx509_context /*context*/,
- hx509_query */*q*/);
-
-/**
- * Set the query controller to match using a specific match function.
- *
- * @param q a hx509 query controller.
- * @param func function to use for matching, if the argument is NULL,
- * the match function is removed.
- * @param ctx context passed to the function.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_cmp_func (
- hx509_query */*q*/,
- int (*/*func*/)(hx509_context, hx509_cert, void *),
- void */*ctx*/);
-
-/**
- * Set the query controller to require an one specific EKU (extended
- * key usage). Any previous EKU matching is overwitten. If NULL is
- * passed in as the eku, the EKU requirement is reset.
- *
- * @param q a hx509 query controller.
- * @param eku an EKU to match on.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_eku (
- hx509_query */*q*/,
- const heim_oid */*eku*/);
-
-int
-hx509_query_match_expr (
- hx509_context /*context*/,
- hx509_query */*q*/,
- const char */*expr*/);
-
-/**
- * Set the query controller to match on a friendly name
- *
- * @param q a hx509 query controller.
- * @param name a friendly name to match on
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_friendly_name (
- hx509_query */*q*/,
- const char */*name*/);
-
-/**
- * Set the issuer and serial number of match in the query
- * controller. The function make copies of the isser and serial number.
- *
- * @param q a hx509 query controller
- * @param issuer issuer to search for
- * @param serialNumber the serialNumber of the issuer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_issuer_serial (
- hx509_query */*q*/,
- const Name */*issuer*/,
- const heim_integer */*serialNumber*/);
-
-/**
- * Set match options for the hx509 query controller.
- *
- * @param q query controller.
- * @param option options to control the query controller.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_match_option (
- hx509_query */*q*/,
- hx509_query_option /*option*/);
-
-/**
- * Set a statistic file for the query statistics.
- *
- * @param context A hx509 context.
- * @param fn statistics file name
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_statistic_file (
- hx509_context /*context*/,
- const char */*fn*/);
-
-/**
- * Unparse the statistics file and print the result on a FILE descriptor.
- *
- * @param context A hx509 context.
- * @param printtype tyep to print
- * @param out the FILE to write the data on.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_unparse_stats (
- hx509_context /*context*/,
- int /*printtype*/,
- FILE */*out*/);
-
-void
-hx509_request_free (hx509_request */*req*/);
-
-int
-hx509_request_get_SubjectPublicKeyInfo (
- hx509_context /*context*/,
- hx509_request /*req*/,
- SubjectPublicKeyInfo */*key*/);
-
-int
-hx509_request_get_name (
- hx509_context /*context*/,
- hx509_request /*req*/,
- hx509_name */*name*/);
-
-int
-hx509_request_init (
- hx509_context /*context*/,
- hx509_request */*req*/);
-
-int
-hx509_request_set_SubjectPublicKeyInfo (
- hx509_context /*context*/,
- hx509_request /*req*/,
- const SubjectPublicKeyInfo */*key*/);
-
-int
-hx509_request_set_name (
- hx509_context /*context*/,
- hx509_request /*req*/,
- hx509_name /*name*/);
-
-/**
- * Add a CRL file to the revokation context.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param path path to file that is going to be added to the context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_add_crl (
- hx509_context /*context*/,
- hx509_revoke_ctx /*ctx*/,
- const char */*path*/);
-
-/**
- * Add a OCSP file to the revokation context.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param path path to file that is going to be added to the context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_add_ocsp (
- hx509_context /*context*/,
- hx509_revoke_ctx /*ctx*/,
- const char */*path*/);
-
-/**
- * Free a hx509 revokation context.
- *
- * @param ctx context to be freed
- *
- * @ingroup hx509_revoke
- */
-
-void
-hx509_revoke_free (hx509_revoke_ctx */*ctx*/);
-
-/**
- * Allocate a revokation context. Free with hx509_revoke_free().
- *
- * @param context A hx509 context.
- * @param ctx returns a newly allocated revokation context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_init (
- hx509_context /*context*/,
- hx509_revoke_ctx */*ctx*/);
-
-/**
- * Print the OCSP reply stored in a file.
- *
- * @param context a hx509 context
- * @param path path to a file with a OCSP reply
- * @param out the out FILE descriptor to print the reply on
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_ocsp_print (
- hx509_context /*context*/,
- const char */*path*/,
- FILE */*out*/);
-
-int
-hx509_revoke_print (
- hx509_context /*context*/,
- hx509_revoke_ctx /*ctx*/,
- FILE */*out*/);
-
-/**
- * Check that a certificate is not expired according to a revokation
- * context. Also need the parent certificte to the check OCSP
- * parent identifier.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param certs
- * @param now
- * @param cert
- * @param parent_cert
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_verify (
- hx509_context /*context*/,
- hx509_revoke_ctx /*ctx*/,
- hx509_certs /*certs*/,
- time_t /*now*/,
- hx509_cert /*cert*/,
- hx509_cert /*parent_cert*/);
-
-/**
- * See hx509_set_error_stringv().
- *
- * @param context A hx509 context.
- * @param flags
- * - HX509_ERROR_APPEND appends the error string to the old messages
- (code is updated).
- * @param code error code related to error message
- * @param fmt error message format
- * @param ... arguments to error message format
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_set_error_string (
- hx509_context /*context*/,
- int /*flags*/,
- int /*code*/,
- const char */*fmt*/,
- ...);
-
-/**
- * Add an error message to the hx509 context.
- *
- * @param context A hx509 context.
- * @param flags
- * - HX509_ERROR_APPEND appends the error string to the old messages
- (code is updated).
- * @param code error code related to error message
- * @param fmt error message format
- * @param ap arguments to error message format
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_set_error_stringv (
- hx509_context /*context*/,
- int /*flags*/,
- int /*code*/,
- const char */*fmt*/,
- va_list /*ap*/);
-
-const AlgorithmIdentifier *
-hx509_signature_ecPublicKey (void);
-
-const AlgorithmIdentifier *
-hx509_signature_ecdsa_with_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_md5 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_pkcs1_x509 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md5 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha1 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha384 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha512 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha1 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha384 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha512 (void);
-
-/**
- * Convert a DER encoded name info a string.
- *
- * @param data data to a DER/BER encoded name
- * @param length length of data
- * @param str the resulting string, is NULL on failure.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_unparse_der_name (
- const void */*data*/,
- size_t /*length*/,
- char **/*str*/);
-
-/**
- * Validate/Print the status of the certificate.
- *
- * @param context A hx509 context.
- * @param ctx A hx509 validation context.
- * @param cert the cerificate to validate/print.
-
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_validate_cert (
- hx509_context /*context*/,
- hx509_validate_ctx /*ctx*/,
- hx509_cert /*cert*/);
-
-/**
- * Add flags to control the behaivor of the hx509_validate_cert()
- * function.
- *
- * @param ctx A hx509 validation context.
- * @param flags flags to add to the validation context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_add_flags (
- hx509_validate_ctx /*ctx*/,
- int /*flags*/);
-
-/**
- * Free an hx509 validate context.
- *
- * @param ctx the hx509 validate context to free.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/);
-
-/**
- * Allocate a hx509 validation/printing context.
- *
- * @param context A hx509 context.
- * @param ctx a new allocated hx509 validation context, free with
- * hx509_validate_ctx_free().
-
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_validate_ctx_init (
- hx509_context /*context*/,
- hx509_validate_ctx */*ctx*/);
-
-/**
- * Set the printing functions for the validation context.
- *
- * @param ctx a hx509 valication context.
- * @param func the printing function to usea.
- * @param c the context variable to the printing function.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_set_print (
- hx509_validate_ctx /*ctx*/,
- hx509_vprint_func /*func*/,
- void */*c*/);
-
-/**
- * Set the trust anchors in the verification context, makes an
- * reference to the keyset, so the consumer can free the keyset
- * independent of the destruction of the verification context (ctx).
- * If there already is a keyset attached, it's released.
- *
- * @param ctx a verification context
- * @param set a keyset containing the trust anchors.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_attach_anchors (
- hx509_verify_ctx /*ctx*/,
- hx509_certs /*set*/);
-
-/**
- * Attach an revocation context to the verfication context, , makes an
- * reference to the revoke context, so the consumer can free the
- * revoke context independent of the destruction of the verification
- * context. If there is no revoke context, the verification process is
- * NOT going to check any verification status.
- *
- * @param ctx a verification context.
- * @param revoke_ctx a revoke context.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_attach_revoke (
- hx509_verify_ctx /*ctx*/,
- hx509_revoke_ctx /*revoke_ctx*/);
-
-void
-hx509_verify_ctx_f_allow_best_before_signature_algs (
- hx509_context /*ctx*/,
- int /*boolean*/);
-
-/**
- * Allow using the operating system builtin trust anchors if no other
- * trust anchors are configured.
- *
- * @param ctx a verification context
- * @param boolean if non zero, useing the operating systems builtin
- * trust anchors.
- *
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_verify_ctx_f_allow_default_trustanchors (
- hx509_verify_ctx /*ctx*/,
- int /*boolean*/);
-
-/**
- * Free an hx509 verification context.
- *
- * @param ctx the context to be freed.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/);
-
-/**
- * Verify that the certificate is allowed to be used for the hostname
- * and address.
- *
- * @param context A hx509 context.
- * @param cert the certificate to match with
- * @param flags Flags to modify the behavior:
- * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok
- * @param type type of hostname:
- * - HX509_HN_HOSTNAME for plain hostname.
- * - HX509_HN_DNSSRV for DNS SRV names.
- * @param hostname the hostname to check
- * @param sa address of the host
- * @param sa_size length of address
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_verify_hostname (
- hx509_context /*context*/,
- const hx509_cert /*cert*/,
- int /*flags*/,
- hx509_hostname_type /*type*/,
- const char */*hostname*/,
- const struct sockaddr */*sa*/,
- int /*sa_size*/);
-
-/**
- * Allocate an verification context that is used fo control the
- * verification process.
- *
- * @param context A hx509 context.
- * @param ctx returns a pointer to a hx509_verify_ctx object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_verify_init_ctx (
- hx509_context /*context*/,
- hx509_verify_ctx */*ctx*/);
-
-/**
- * Build and verify the path for the certificate to the trust anchor
- * specified in the verify context. The path is constructed from the
- * certificate, the pool and the trust anchors.
- *
- * @param context A hx509 context.
- * @param ctx A hx509 verification context.
- * @param cert the certificate to build the path from.
- * @param pool A keyset of certificates to build the chain from.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_verify_path (
- hx509_context /*context*/,
- hx509_verify_ctx /*ctx*/,
- hx509_cert /*cert*/,
- hx509_certs /*pool*/);
-
-/**
- * Set the maximum depth of the certificate chain that the path
- * builder is going to try.
- *
- * @param ctx a verification context
- * @param max_depth maxium depth of the certificate chain, include
- * trust anchor.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_max_depth (
- hx509_verify_ctx /*ctx*/,
- unsigned int /*max_depth*/);
-
-/**
- * Allow or deny the use of proxy certificates
- *
- * @param ctx a verification context
- * @param boolean if non zero, allow proxy certificates.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_proxy_certificate (
- hx509_verify_ctx /*ctx*/,
- int /*boolean*/);
-
-/**
- * Select strict RFC3280 verification of certificiates. This means
- * checking key usage on CA certificates, this will make version 1
- * certificiates unuseable.
- *
- * @param ctx a verification context
- * @param boolean if non zero, use strict verification.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_strict_rfc3280_verification (
- hx509_verify_ctx /*ctx*/,
- int /*boolean*/);
-
-/**
- * Set the clock time the the verification process is going to
- * use. Used to check certificate in the past and future time. If not
- * set the current time will be used.
- *
- * @param ctx a verification context.
- * @param t the time the verifiation is using.
- *
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_time (
- hx509_verify_ctx /*ctx*/,
- time_t /*t*/);
-
-/**
- * Verify a signature made using the private key of an certificate.
- *
- * @param context A hx509 context.
- * @param signer the certificate that made the signature.
- * @param alg algorthm that was used to sign the data.
- * @param data the data that was signed.
- * @param sig the sigature to verify.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_crypto
- */
-
-int
-hx509_verify_signature (
- hx509_context /*context*/,
- const hx509_cert /*signer*/,
- const AlgorithmIdentifier */*alg*/,
- const heim_octet_string */*data*/,
- const heim_octet_string */*sig*/);
-
-/**
- * Free a data element allocated in the library.
- *
- * @param ptr data to be freed.
- *
- * @ingroup hx509_misc
- */
-
-void
-hx509_xfree (void */*ptr*/);
-
-int
-yywrap (void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* DOXY */
-#endif /* __hx509_protos_h__ */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 04:01:41 +0000