• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef CF_X509_CERTIFICATE_H
17 #define CF_X509_CERTIFICATE_H
18 
19 #include "certificate.h"
20 #include "cf_blob.h"
21 #include "cf_result.h"
22 #include "x509_cert_match_parameters.h"
23 #include "x509_distinguished_name.h"
24 #include "x509_csr.h"
25 
26 typedef struct PrivateKeyInfo PrivateKeyInfo;
27 struct PrivateKeyInfo {
28     CfEncodingBlob *privateKey;
29     char *privateKeyPassword;
30 };
31 
32 typedef struct HcfX509Certificate HcfX509Certificate;
33 
34 struct HcfX509Certificate {
35     /** HcfCX509Certificate inherit HcfCertificate. */
36     HcfCertificate base;
37 
38     /** Check whether the certificate is valid at the given time.
39      * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
40     */
41     CfResult (*checkValidityWithDate)(HcfX509Certificate *self, const char *date);
42 
43     /** Get version number from certificate. */
44     long (*getVersion)(HcfX509Certificate *self);
45 
46     /** Get serial number from certificate. */
47     CfResult (*getSerialNumber)(HcfX509Certificate *self, CfBlob *out);
48 
49     /** Get issuer distinguished name from certificate. */
50     CfResult (*getIssuerName)(HcfX509Certificate *self, CfBlob *out);
51 
52     /** Get subject distinguished name from certificate. */
53     CfResult (*getSubjectName)(HcfX509Certificate *self, CfBlob *out);
54 
55     /** Get the not before time within the validity period of the certificate.
56      * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
57      */
58     CfResult (*getNotBeforeTime)(HcfX509Certificate *self, CfBlob *outDate);
59 
60     /** Get the not after time within the validity period of the certificate.
61      *  time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
62      */
63     CfResult (*getNotAfterTime)(HcfX509Certificate *self, CfBlob *outDate);
64 
65     /** Get signature value from certificate. */
66     CfResult (*getSignature)(HcfX509Certificate *self, CfBlob *sigOut);
67 
68     /** Get signature algorithm name from certificate. */
69     CfResult (*getSignatureAlgName)(HcfX509Certificate *self, CfBlob *outName);
70 
71     /** Get signature algorithm oid from certificate. */
72     CfResult (*getSignatureAlgOid)(HcfX509Certificate *self, CfBlob *out);
73 
74     /** Get the DER encoded signature algorithm parameters from the signature algorithm of the certificate. */
75     CfResult (*getSignatureAlgParams)(HcfX509Certificate *self, CfBlob *sigAlgParamsOut);
76 
77     /** Get a Boolean array representing the bits of keyuse extension.
78      * The key usage extension defines the purpose of the key. */
79     CfResult (*getKeyUsage)(HcfX509Certificate *self, CfBlob *boolArr);
80 
81     /** Get a const string list that represents the object identifier of the extkeyusage. */
82     CfResult (*getExtKeyUsage)(HcfX509Certificate *self, CfArray *keyUsageOut);
83 
84     /** Get the path length of the certificate constraint from the key extensions(BasicConstraints).
85      * The BasicConstraints identify whether the issuer of the certificate is CA and the depth of the cert chain.
86      * Only when CA is set to true, pathLenConstraint is meaningful.
87      */
88     int32_t (*getBasicConstraints)(HcfX509Certificate *self);
89 
90     /** Get subject alternative name from certificate. */
91     CfResult (*getSubjectAltNames)(HcfX509Certificate *self, CfArray *outName);
92 
93     /** Get issuer alternative name from certificate. */
94     CfResult (*getIssuerAltNames)(HcfX509Certificate *self, CfArray *outName);
95 
96     /** Match the ceritificate with X509CertMatchParameters. */
97     CfResult (*match)(HcfX509Certificate *self, const HcfX509CertMatchParams *matchParams, bool *out);
98 
99     /** Get CRL distribution points URI from certificate. */
100     CfResult (*getCRLDistributionPointsURI)(HcfX509Certificate *self, CfArray *outURI);
101 
102     /** Get the string of ceritificate. */
103     CfResult (*toString)(HcfX509Certificate *self, CfBlob *out);
104 
105     /** Get the hashCode of ceritificate. */
106     CfResult (*hashCode)(HcfX509Certificate *self, CfBlob *out);
107 
108     /** Get the Entension Object of ceritificate. */
109     CfResult (*getExtensionsObject)(HcfX509Certificate *self, CfBlob *out);
110 
111     /** Get subject distinguished name utf8 type from certificate. */
112     CfResult (*getSubjectNameEx)(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out);
113 };
114 
115 typedef struct HcfX509CertificateArray HcfX509CertificateArray;
116 struct HcfX509CertificateArray {
117     HcfX509Certificate **data;
118     uint32_t count;
119 };
120 
121 #ifdef __cplusplus
122 extern "C" {
123 #endif
124 
125 CfResult HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj);
126 CfResult HcfX509CertificateGenCsr(PrivateKeyInfo *privateKey, const HcfGenCsrConf *conf, CfBlob *csrBlob);
127 
128 #ifdef __cplusplus
129 }
130 #endif
131 
132 #endif // CF_X509_CERTIFICATE_H
133 
134