1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef CJX509CERTCHAIN_H 17 #define CJX509CERTCHAIN_H 18 19 #include "x509_cert_chain.h" 20 21 #include "cj_cert_common.h" 22 #include "cj_declare_macro.h" 23 24 #define FFI_DECLARE_HcfCertChain(FUNC, RETURN_TYPE, ...) \ 25 FFI_DECLARE_API(CjX509CertChain, FUNC, RETURN_TYPE, ##__VA_ARGS__) 26 27 extern "C" { 28 typedef struct CjX509CertChain CjX509CertChain; 29 30 struct CjX509CertChain { 31 HcfCertChain *chain; 32 }; 33 34 typedef struct CjX509CertChainValidateParams CjX509CertChainValidateParams; 35 36 typedef struct CjX509TrustAnchor CjX509TrustAnchor; 37 38 typedef struct CjRevocationCheckParam CjRevocationCheckParam; 39 40 struct CjX509TrustAnchor { 41 CfBlob *CAPubKey; 42 HcfX509Certificate *CACert; 43 CfBlob *CASubject; 44 CfBlob *nameConstraints; 45 }; 46 47 48 struct CjRevocationCheckParam { 49 CfBlobArray *ocspRequestExtension; 50 CfBlob *ocspResponderURI; 51 HcfX509Certificate *ocspResponderCert; 52 CfBlob *ocspResponses; 53 CfBlob *crlDownloadURI; 54 HcfRevChkOption *options; 55 uint32_t optionCnt; 56 CfBlob *ocspDigest; 57 }; 58 59 struct CjX509CertChainValidateParams { 60 CjX509TrustAnchor *trustAnchors; 61 uint32_t trustAnchorCnt; 62 CfBlob *date; 63 HcfCertCrlCollection **certCRLCollections; 64 uint32_t certCRLCollectionCnt; 65 CjRevocationCheckParam *revocationCheckParam; 66 HcfValPolicyType policy; 67 CfBlob *sslHostname; 68 HcfKeyUsageType *keyUsage; 69 uint32_t keyUsageCnt; 70 }; 71 72 typedef struct CjX509CertChainValidateResult CjX509CertChainValidateResult; 73 74 struct CjX509CertChainValidateResult { 75 CjX509TrustAnchor trustAnchor; 76 HcfX509Certificate *entityCert; 77 }; 78 79 int32_t FfiCertCjX509CertChainNewInstanceBlob(const CfEncodingBlob *blob, CjX509CertChain *returnObj); 80 int32_t FfiCertCjX509CertChainNewInstanceArray(const HcfX509CertificateArray *inCerts, CjX509CertChain *returnObj); 81 void FfiCertCjX509CertChainDeleteInstance(CjX509CertChain self); 82 FFI_DECLARE_HcfCertChain(GetCertList, CfResult, HcfX509CertificateArray *out); 83 FFI_DECLARE_HcfCertChain(Validate, CfResult, const CjX509CertChainValidateParams *params, 84 CjX509CertChainValidateResult *result); 85 FFI_DECLARE_HcfCertChain(ToString, CfResult, CfBlob *out); 86 FFI_DECLARE_HcfCertChain(HashCode, CfResult, CfBlob *out); 87 88 89 CfResult FfiCertBuildX509CertChain(const CjX509CertMatchParams &matchParams, 90 const CjX509CertChainValidateParams &validParams, 91 int32_t maxLength, CjX509CertChain *returnObj); 92 93 typedef struct { 94 CjX509TrustAnchor **data; 95 uint32_t count; 96 } CjX509TrustAnchorArray; 97 98 CfResult FfiCertCreateTrustAnchorWithKeyStore(const CfBlob *keyStore, const CfBlob *pwd, 99 CjX509TrustAnchorArray *returnObj); 100 } 101 102 #endif //CJX509CERTCHAIN_H 103