1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef CF_X509_CERTIFICATE_H 17 #define CF_X509_CERTIFICATE_H 18 19 #include "certificate.h" 20 #include "cf_blob.h" 21 #include "cf_result.h" 22 #include "x509_cert_match_parameters.h" 23 #include "x509_distinguished_name.h" 24 #include "x509_csr.h" 25 26 typedef struct PrivateKeyInfo PrivateKeyInfo; 27 struct PrivateKeyInfo { 28 CfEncodingBlob *privateKey; 29 char *privateKeyPassword; 30 }; 31 32 typedef struct HcfX509Certificate HcfX509Certificate; 33 34 struct HcfX509Certificate { 35 /** HcfCX509Certificate inherit HcfCertificate. */ 36 HcfCertificate base; 37 38 /** Check whether the certificate is valid at the given time. 39 * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ 40 */ 41 CfResult (*checkValidityWithDate)(HcfX509Certificate *self, const char *date); 42 43 /** Get version number from certificate. */ 44 long (*getVersion)(HcfX509Certificate *self); 45 46 /** Get serial number from certificate. */ 47 CfResult (*getSerialNumber)(HcfX509Certificate *self, CfBlob *out); 48 49 /** Get issuer distinguished name from certificate. */ 50 CfResult (*getIssuerName)(HcfX509Certificate *self, CfBlob *out); 51 52 /** Get issuer distinguished name Der Format from certificate. */ 53 CfResult (*getIssuerNameDer)(HcfX509Certificate *self, CfBlob *out); 54 55 /** Get subject distinguished name from certificate. */ 56 CfResult (*getSubjectName)(HcfX509Certificate *self, CfBlob *out); 57 58 /** Get subject distinguished name from certificate. */ 59 CfResult (*getSubjectNameDer)(HcfX509Certificate *self, CfBlob *out); 60 61 /** Get the not before time within the validity period of the certificate. 62 * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ 63 */ 64 CfResult (*getNotBeforeTime)(HcfX509Certificate *self, CfBlob *outDate); 65 66 /** Get the not after time within the validity period of the certificate. 67 * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ 68 */ 69 CfResult (*getNotAfterTime)(HcfX509Certificate *self, CfBlob *outDate); 70 71 /** Get signature value from certificate. */ 72 CfResult (*getSignature)(HcfX509Certificate *self, CfBlob *sigOut); 73 74 /** Get signature algorithm name from certificate. */ 75 CfResult (*getSignatureAlgName)(HcfX509Certificate *self, CfBlob *outName); 76 77 /** Get signature algorithm oid from certificate. */ 78 CfResult (*getSignatureAlgOid)(HcfX509Certificate *self, CfBlob *out); 79 80 /** Get the DER encoded signature algorithm parameters from the signature algorithm of the certificate. */ 81 CfResult (*getSignatureAlgParams)(HcfX509Certificate *self, CfBlob *sigAlgParamsOut); 82 83 /** Get a Boolean array representing the bits of keyuse extension. 84 * The key usage extension defines the purpose of the key. */ 85 CfResult (*getKeyUsage)(HcfX509Certificate *self, CfBlob *boolArr); 86 87 /** Get a const string list that represents the object identifier of the extkeyusage. */ 88 CfResult (*getExtKeyUsage)(HcfX509Certificate *self, CfArray *keyUsageOut); 89 90 /** Get the path length of the certificate constraint from the key extensions(BasicConstraints). 91 * The BasicConstraints identify whether the issuer of the certificate is CA and the depth of the cert chain. 92 * Only when CA is set to true, pathLenConstraint is meaningful. 93 */ 94 int32_t (*getBasicConstraints)(HcfX509Certificate *self); 95 96 /** Get subject alternative name from certificate. */ 97 CfResult (*getSubjectAltNames)(HcfX509Certificate *self, CfArray *outName); 98 99 /** Get issuer alternative name from certificate. */ 100 CfResult (*getIssuerAltNames)(HcfX509Certificate *self, CfArray *outName); 101 102 /** Match the ceritificate with X509CertMatchParameters. */ 103 CfResult (*match)(HcfX509Certificate *self, const HcfX509CertMatchParams *matchParams, bool *out); 104 105 /** Get CRL distribution points URI from certificate. */ 106 CfResult (*getCRLDistributionPointsURI)(HcfX509Certificate *self, CfArray *outURI); 107 108 /** Get the string of ceritificate. */ 109 CfResult (*toString)(HcfX509Certificate *self, CfBlob *out); 110 111 /** Get the hashCode of ceritificate. */ 112 CfResult (*hashCode)(HcfX509Certificate *self, CfBlob *out); 113 114 /** Get the Entension Object of ceritificate. */ 115 CfResult (*getExtensionsObject)(HcfX509Certificate *self, CfBlob *out); 116 117 /** Get subject distinguished name utf8 type from certificate. */ 118 CfResult (*getSubjectNameEx)(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out); 119 120 /** Get issuer distinguished name utf8 type from certificate. */ 121 CfResult (*getIssuerNameEx)(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out); 122 123 /** Get the string utf8 type of ceritificate. */ 124 CfResult (*toStringEx)(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out); 125 }; 126 127 typedef struct HcfX509CertificateArray HcfX509CertificateArray; 128 struct HcfX509CertificateArray { 129 HcfX509Certificate **data; 130 uint32_t count; 131 }; 132 133 #ifdef __cplusplus 134 extern "C" { 135 #endif 136 137 CfResult HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj); 138 CfResult HcfX509CertificateGenCsr(PrivateKeyInfo *privateKey, const HcfGenCsrConf *conf, CfBlob *csrBlob); 139 140 #ifdef __cplusplus 141 } 142 #endif 143 144 #endif // CF_X509_CERTIFICATE_H 145 146