1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef CF_CERTIFICATE_OPENSSL_COMMON_H 17 #define CF_CERTIFICATE_OPENSSL_COMMON_H 18 19 #include <openssl/x509.h> 20 #include <openssl/x509v3.h> 21 #include <stdint.h> 22 23 #include "cf_blob.h" 24 #include "cf_result.h" 25 #include "x509_cert_match_parameters.h" 26 #include "x509_distinguished_name_spi.h" 27 28 #define CF_OPENSSL_SUCCESS 1 /* openssl return 1: success */ 29 #define OID_STR_MAX_LEN 128 30 #define CHAR_TO_BIT_LEN 8 31 #define MAX_DATE_STR_LEN 128 32 #define FLAG_BIT_LEFT_NUM 0x07 33 #define DATETIME_LEN 15 34 #define MIN_PATH_LEN_CONSTRAINT (-2) 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 typedef struct HcfX509DistinguishedNameOpensslImpl HcfX509DistinguishedNameOpensslImpl; 41 struct HcfX509DistinguishedNameOpensslImpl { 42 HcfX509DistinguishedNameSpi base; 43 X509_NAME *name; 44 }; 45 46 typedef enum { 47 NAME_TYPE_SUBJECT, 48 NAME_TYPE_ISSUER, 49 NAME_TYPE_AUKEYID, 50 NAME_TYPE_SUBKEYID 51 } X509NameType; 52 53 const char *GetAlgorithmName(const char *oid); 54 void CfPrintOpensslError(void); 55 CfResult DeepCopyDataToBlob(const unsigned char *data, uint32_t len, CfBlob *outBlob); 56 CfResult DeepCopyBlobToBlob(const CfBlob *inBlob, CfBlob **outBlob); 57 CfResult CopyExtensionsToBlob(const X509_EXTENSIONS *exts, CfBlob *outBlob); 58 CfResult CompareDateWithCertTime(const X509 *x509, const ASN1_TIME *inputDate); 59 CfResult ConvertNameDerDataToString(const unsigned char *data, uint32_t derLen, CfBlob *out); 60 CfResult CompareNameObject(const X509 *cert, const CfBlob *derBlob, X509NameType type, bool *compareRes); 61 CfResult CompareBigNum(const CfBlob *lhs, const CfBlob *rhs, int *out); 62 uint8_t *GetX509EncodedDataStream(const X509 *certificate, int *dataLength); 63 char *Asn1TimeToStr(const ASN1_GENERALIZEDTIME *time); 64 bool CfArrayContains(const CfArray *self, const CfArray *sub); 65 CfResult DeepCopyDataToOut(const char *data, uint32_t len, CfBlob *out); 66 void SubAltNameArrayDataClearAndFree(SubAltNameArray *array); 67 bool CheckIsSelfSigned(const X509 *cert); 68 bool CheckIsLeafCert(X509 *cert); 69 CfResult IsOrderCertChain(STACK_OF(X509) * certsChain, bool *isOrder); 70 CfResult CheckSelfPubkey(X509 *cert, const EVP_PKEY *pubKey); 71 X509 *FindCertificateBySubject(STACK_OF(X509) * certs, X509_NAME *subjectName); 72 CfResult GetPubKeyDataFromX509(X509 *x509, CfBlob **pub); 73 CfResult GetSubjectNameFromX509(X509 *cert, CfBlob **sub); 74 CfResult GetNameConstraintsFromX509(X509 *cert, CfBlob **name); 75 CfResult CopyMemFromBIO(BIO *bio, CfBlob *outBlob); 76 CfResult CfDeepCopyExtendedKeyUsage(const STACK_OF(ASN1_OBJECT) *extUsage, 77 int32_t index, CfArray *keyUsageOut); 78 CfResult CfDeepCopyAlternativeNames(const STACK_OF(GENERAL_NAME) *altNames, int32_t index, CfArray *outName); 79 CfResult CfDeepCopySubAltName( 80 const STACK_OF(GENERAL_NAME) *altname, int32_t index, const SubAltNameArray *subAltNameArrayOut); 81 CfResult CfDeepCopyCertPolices(const CERTIFICATEPOLICIES *certPolicesIn, int32_t index, CfArray *certPolices); 82 CfResult CfConvertAsn1String2BoolArray(const ASN1_BIT_STRING *string, CfBlob *boolArr); 83 bool CfCompareGN2Blob(const GENERAL_NAME *gen, CfBlob *nc); 84 CfResult CfGetCRLDpURI(STACK_OF(DIST_POINT) *crlDp, CfArray *outURI); 85 #ifdef __cplusplus 86 } 87 #endif 88 89 #endif 90