1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef CF_X509_CERTIFICATE_H 17 #define CF_X509_CERTIFICATE_H 18 19 #include "certificate.h" 20 #include "cf_blob.h" 21 #include "cf_result.h" 22 #include "x509_cert_match_parameters.h" 23 24 typedef struct HcfX509Certificate HcfX509Certificate; 25 26 struct HcfX509Certificate { 27 /** HcfCX509Certificate inherit HcfCertificate. */ 28 HcfCertificate base; 29 30 /** Check whether the certificate is valid at the given time. 31 * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ 32 */ 33 CfResult (*checkValidityWithDate)(HcfX509Certificate *self, const char *date); 34 35 /** Get version number from certificate. */ 36 long (*getVersion)(HcfX509Certificate *self); 37 38 /** Get serial number from certificate. */ 39 CfResult (*getSerialNumber)(HcfX509Certificate *self, CfBlob *out); 40 41 /** Get issuer distinguished name from certificate. */ 42 CfResult (*getIssuerName)(HcfX509Certificate *self, CfBlob *out); 43 44 /** Get subject distinguished name from certificate. */ 45 CfResult (*getSubjectName)(HcfX509Certificate *self, CfBlob *out); 46 47 /** Get the not before time within the validity period of the certificate. 48 * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ 49 */ 50 CfResult (*getNotBeforeTime)(HcfX509Certificate *self, CfBlob *outDate); 51 52 /** Get the not after time within the validity period of the certificate. 53 * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ 54 */ 55 CfResult (*getNotAfterTime)(HcfX509Certificate *self, CfBlob *outDate); 56 57 /** Get signature value from certificate. */ 58 CfResult (*getSignature)(HcfX509Certificate *self, CfBlob *sigOut); 59 60 /** Get signature algorithm name from certificate. */ 61 CfResult (*getSignatureAlgName)(HcfX509Certificate *self, CfBlob *outName); 62 63 /** Get signature algorithm oid from certificate. */ 64 CfResult (*getSignatureAlgOid)(HcfX509Certificate *self, CfBlob *out); 65 66 /** Get the DER encoded signature algorithm parameters from the signature algorithm of the certificate. */ 67 CfResult (*getSignatureAlgParams)(HcfX509Certificate *self, CfBlob *sigAlgParamsOut); 68 69 /** Get a Boolean array representing the bits of keyuse extension. 70 * The key usage extension defines the purpose of the key. */ 71 CfResult (*getKeyUsage)(HcfX509Certificate *self, CfBlob *boolArr); 72 73 /** Get a const string list that represents the object identifier of the extkeyusage. */ 74 CfResult (*getExtKeyUsage)(HcfX509Certificate *self, CfArray *keyUsageOut); 75 76 /** Get the path length of the certificate constraint from the key extensions(BasicConstraints). 77 * The BasicConstraints identify whether the issuer of the certificate is CA and the depth of the cert chain. 78 * Only when CA is set to true, pathLenConstraint is meaningful. 79 */ 80 int32_t (*getBasicConstraints)(HcfX509Certificate *self); 81 82 /** Get subject alternative name from certificate. */ 83 CfResult (*getSubjectAltNames)(HcfX509Certificate *self, CfArray *outName); 84 85 /** Get issuer alternative name from certificate. */ 86 CfResult (*getIssuerAltNames)(HcfX509Certificate *self, CfArray *outName); 87 88 /** Match the ceritificate with X509CertMatchParameters. */ 89 CfResult (*match)(HcfX509Certificate *self, const HcfX509CertMatchParams *matchParams, bool *out); 90 91 /** Get CRL distribution points URI from certificate. */ 92 CfResult (*getCRLDistributionPointsURI)(HcfX509Certificate *self, CfArray *outURI); 93 }; 94 95 typedef struct HcfX509CertificateArray HcfX509CertificateArray; 96 struct HcfX509CertificateArray { 97 HcfX509Certificate **data; 98 uint32_t count; 99 }; 100 101 #ifdef __cplusplus 102 extern "C" { 103 #endif 104 105 CfResult HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj); 106 107 #ifdef __cplusplus 108 } 109 #endif 110 111 #endif // CF_X509_CERTIFICATE_H 112 113