📄 cert.h
字号:
MUST_BE_PRESENT, /* Component must be present */
CREATE_IF_ABSENT /* Create component if absent */
} SELECTION_OPTION;
/* The are several types of attributes that can be used depending on the
object they're associated with. The following values are used to select
the type of attribute we want to work with */
typedef enum { ATTRIBUTE_CERTIFICATE, ATTRIBUTE_CMS } ATTRIBUTE_TYPE;
/****************************************************************************
* *
* String-Handling Functions *
* *
****************************************************************************/
/* Copy a string to/from an ASN.1 string type */
int copyToAsn1String( void *dest, int *destLen, const int maxLen,
const void *source, const int sourceLen );
int copyFromAsn1String( void *dest, int *destLen, const int maxLen,
const void *source, const int sourceLen,
const int stringTag );
/* Check that a text string contains valid characters for its string type.
This is used in non-DN strings where we can't vary the string type based
on the characters being used */
BOOLEAN checkTextStringData( const char *string, const int stringLength,
const BOOLEAN isPrintableString );
/****************************************************************************
* *
* DN Manipulation Functions *
* *
****************************************************************************/
/* DN manipulation routines */
int insertDNComponent( void **dnListHead,
const CRYPT_ATTRIBUTE_TYPE componentType,
const void *value, const int valueLength,
CRYPT_ERRTYPE_TYPE *errorType );
int deleteDNComponent( void **dnListHead, const CRYPT_ATTRIBUTE_TYPE type,
const void *value, const int valueLength );
int getDNComponentValue( const void *dnListHead,
const CRYPT_ATTRIBUTE_TYPE type,
void *value, int *length, const int maxLength );
void deleteDN( void **dnListHead );
/* Copy and compare a DN */
int copyDN( void **dnDest, const void *dnSrc );
BOOLEAN compareDN( const void *dnComponentListHead1,
const void *dnComponentListHead2,
const BOOLEAN dn1substring );
/* Read/write a DN */
int checkDN( const void *dnComponentListHead,
const BOOLEAN checkCN, const BOOLEAN checkC,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int sizeofDN( void *dnComponentListHead );
int readDN( STREAM *stream, void **dnComponentListHead );
int writeDN( STREAM *stream, const void *dnComponentListHead,
const int tag );
int readDNstring( const char *string, const int stringLength,
void **dnComponentListHead );
int writeDNstring( STREAM *stream, const void *dnComponentListHead );
/****************************************************************************
* *
* Attribute Manipulation Functions *
* *
****************************************************************************/
/* Find information on an attribute */
ATTRIBUTE_LIST *findAttributeByOID( const ATTRIBUTE_LIST *attributeListPtr,
const BYTE *oid );
ATTRIBUTE_LIST *findAttribute( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE attributeID,
const BOOLEAN isFieldID );
ATTRIBUTE_LIST *findAttributeField( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID,
const CRYPT_ATTRIBUTE_TYPE subFieldID );
ATTRIBUTE_LIST *findAttributeFieldEx( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID );
int getDefaultFieldValue( const CRYPT_ATTRIBUTE_TYPE fieldID );
BOOLEAN checkAttributePresent( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID );
/* Move the current attribute cursor */
int moveAttributeCursor( ATTRIBUTE_LIST **currentCursor,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
const int position );
/* Add/delete attributes/attribute fields */
int addAttribute( const ATTRIBUTE_TYPE attributeType,
ATTRIBUTE_LIST **listHeadPtr, const BYTE *oid,
const BOOLEAN critical, const void *data,
const int dataLength, const int flags );
int addAttributeField( ATTRIBUTE_LIST **attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID,
const CRYPT_ATTRIBUTE_TYPE subFieldID,
const void *data, const int dataLength,
const int flags, CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int deleteAttributeField( ATTRIBUTE_LIST **attributeListPtr,
ATTRIBUTE_LIST **listCursorPtr,
ATTRIBUTE_LIST *listItem,
const void *dnDataPtr );
int deleteAttribute( ATTRIBUTE_LIST **attributeListPtr,
ATTRIBUTE_LIST **listCursorPtr,
ATTRIBUTE_LIST *listItem,
const void *dnDataPtr );
void deleteAttributes( ATTRIBUTE_LIST **attributeListPtr );
int copyAttributes( ATTRIBUTE_LIST **destListHeadPtr,
ATTRIBUTE_LIST *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int copyIssuerAttributes( ATTRIBUTE_LIST **destListHeadPtr,
const ATTRIBUTE_LIST *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType,
const CRYPT_CERTTYPE_TYPE type );
int copyRequestAttributes( ATTRIBUTE_LIST **destListHeadPtr,
const ATTRIBUTE_LIST *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int copyRevocationAttributes( ATTRIBUTE_LIST **destListHeadPtr,
const ATTRIBUTE_LIST *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/* Read/write a collection of attributes */
int checkAttributes( const ATTRIBUTE_TYPE attributeType,
const ATTRIBUTE_LIST *listHeadPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int sizeofAttributes( const ATTRIBUTE_LIST *attributeListPtr );
int writeAttributes( STREAM *stream, ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_CERTTYPE_TYPE type,
const int attributeSize );
int readAttributes( STREAM *stream, ATTRIBUTE_LIST **attributeListPtrPtr,
const CRYPT_CERTTYPE_TYPE type, const int attributeSize,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/****************************************************************************
* *
* Validity/Revocation Information Manipulation Functions *
* *
****************************************************************************/
/* Read/write revocation information */
int sizeofCRLentry( REVOCATION_INFO *crlEntry );
int readCRLentry( STREAM *stream, REVOCATION_INFO **listHeadPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int writeCRLentry( STREAM *stream, const REVOCATION_INFO *crlEntry );
int sizeofOcspRequestEntry( REVOCATION_INFO *ocspEntry );
int readOcspRequestEntry( STREAM *stream, REVOCATION_INFO **listHeadPtr,
CERT_INFO *certInfoPtr );
int writeOcspRequestEntry( STREAM *stream, const REVOCATION_INFO *ocspEntry );
int sizeofOcspResponseEntry( REVOCATION_INFO *ocspEntry );
int readOcspResponseEntry( STREAM *stream, REVOCATION_INFO **listHeadPtr,
CERT_INFO *certInfoPtr );
int writeOcspResponseEntry( STREAM *stream, const REVOCATION_INFO *ocspEntry,
const time_t entryTime );
int sizeofRtcsRequestEntry( VALIDITY_INFO *rtcsEntry );
int readRtcsRequestEntry( STREAM *stream, VALIDITY_INFO **listHeadPtr,
CERT_INFO *certInfoPtr );
int writeRtcsRequestEntry( STREAM *stream, const VALIDITY_INFO *rtcsEntry );
int sizeofRtcsResponseEntry( VALIDITY_INFO *rtcsEntry,
const BOOLEAN isFullResponse );
int readRtcsResponseEntry( STREAM *stream, VALIDITY_INFO **listHeadPtr,
CERT_INFO *certInfoPtr,
const BOOLEAN isFullResponse );
int writeRtcsResponseEntry( STREAM *stream, const VALIDITY_INFO *rtcsEntry,
const BOOLEAN isFullResponse );
/* Add/delete a validity/revocation entry */
int addValidityEntry( VALIDITY_INFO **listHeadPtr,
VALIDITY_INFO **newEntryPosition,
const void *value, const int valueLength );
int addRevocationEntry( REVOCATION_INFO **listHeadPtr,
REVOCATION_INFO **newEntryPosition,
const CRYPT_KEYID_TYPE valueType,
const void *value, const int valueLength,
const BOOLEAN noCheck );
void deleteValidityEntries( VALIDITY_INFO **listHeadPtr );
void deleteRevocationEntries( REVOCATION_INFO **listHeadPtr );
/* Copy a set of revocation entries */
int copyValidityEntries( VALIDITY_INFO **destListHeadPtr,
const VALIDITY_INFO *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int copyRevocationEntries( REVOCATION_INFO **destListHeadPtr,
const REVOCATION_INFO *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/* Determine whether a cert has been revoked by this CRL/OCSP response */
int checkRevocation( const CERT_INFO *certInfoPtr, CERT_INFO *revocationInfoPtr );
/****************************************************************************
* *
* Certificate Functions *
* *
****************************************************************************/
/* Create a locked certificate information object ready for further
initialisation */
int createCertificateInfo( CERT_INFO **certInfoPtrPtr,
const CRYPT_USER cryptOwner,
const CRYPT_CERTTYPE_TYPE certType );
/* Read and write complex certificate objects */
int readCertChain( STREAM *stream, CRYPT_CERTIFICATE *iCryptCert,
const CRYPT_USER cryptOwner,
const CRYPT_CERTTYPE_TYPE type,
const CRYPT_KEYID_TYPE keyIDtype,
const void *keyID, const int keyIDlength,
const BOOLEAN dataOnlyCert );
int writeCertChain( STREAM *stream, const CERT_INFO *certInfoPtr );
/* Check a certificate object */
int checkCert( CERT_INFO *subjectCertInfoPtr,
const CERT_INFO *issuerCertInfoPtr,
const BOOLEAN shortCircuitCheck,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkCertChain( CERT_INFO *certInfoPtr );
/* Check that a key cert is valid for a particular purpose */
int getKeyUsageFromExtKeyUsage( const CERT_INFO *certInfoPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkCertUsage( const CERT_INFO *certInfoPtr, const int keyUsage,
const MESSAGE_CHECK_TYPE exactUsage,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/* Check cert constraints */
int checkNameConstraints( const CERT_INFO *subjectCertInfoPtr,
const ATTRIBUTE_LIST *issuerAttributes,
const BOOLEAN matchValue,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkPolicyConstraints( const CERT_INFO *subjectCertInfoPtr,
const ATTRIBUTE_LIST *issuerAttributes,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/* Add/get/delete a certificate component */
int addCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
const void *certInfo, const int certInfoLength );
int getCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
void *certInfo, int *certInfoLength );
int deleteCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType );
/* Import/export a certificate */
int importCert( const void *certObject, const int certObjectLength,
CRYPT_CERTIFICATE *certificate,
const CRYPT_USER cryptOwner,
const CRYPT_KEYID_TYPE keyIDtype,
const void *keyID, const int keyIDlength,
const CERTFORMAT_TYPE formatType );
int exportCert( void *certObject, int *certObjectLength,
const CRYPT_CERTFORMAT_TYPE certFormatType,
const CERT_INFO *certInfoPtr, const int maxLength );
/* Sign/sig check a certificate */
int signCert( CERT_INFO *certInfoPtr, const CRYPT_CONTEXT signContext );
int checkCertValidity( CERT_INFO *certInfoPtr, const CRYPT_HANDLE sigCheckKey );
/* Read/write a SET OF/SEQUENCE OF Certificate */
int sizeofCertSet( const CERT_INFO *certInfoPtr );
int writeCertSet( STREAM *stream, const CERT_INFO *certInfoPtr );
int writeCertSequence( STREAM *stream, const CERT_INFO *certInfoPtr );
/* Oddball routines: set a certificate's serial number, copy a cert chain,
assemble a cert chain from certs read from an object */
int setSerialNumber( CERT_INFO *certInfoPtr, const void *serialNumber,
const int serialNumberLength );
int copyCertChain( CERT_INFO *certInfoPtr, const CRYPT_HANDLE certChain,
const BOOLEAN isCertCollection );
int assembleCertChain( CRYPT_CERTIFICATE *iCertificate,
const CRYPT_HANDLE iCertSource,
const CRYPT_KEYID_TYPE keyIDtype,
const void *keyID, const int keyIDlength,
const int options );
#endif /* _CERT_DEFINED */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -