root/source4/heimdal/lib/hx509/hx_locl.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


   1 /*
   2  * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33 
  34 /* $Id$ */
  35 
  36 #ifdef HAVE_CONFIG_H
  37 #include <config.h>
  38 #endif
  39 
  40 #include <stdio.h>
  41 #include <stdlib.h>
  42 #include <ctype.h>
  43 #include <errno.h>
  44 #include <strings.h>
  45 #include <assert.h>
  46 #include <stdarg.h>
  47 #include <err.h>
  48 #include <limits.h>
  49 
  50 #include <getarg.h>
  51 #include <base64.h>
  52 #include <hex.h>
  53 #include <roken.h>
  54 #include <com_err.h>
  55 #include <parse_units.h>
  56 #include <parse_bytes.h>
  57 
  58 #include <krb5-types.h>
  59 
  60 #include <rfc2459_asn1.h>
  61 #include <cms_asn1.h>
  62 #include <pkcs8_asn1.h>
  63 #include <pkcs9_asn1.h>
  64 #include <pkcs12_asn1.h>
  65 #include <ocsp_asn1.h>
  66 #include <pkcs10_asn1.h>
  67 #include <asn1_err.h>
  68 #include <pkinit_asn1.h>
  69 
  70 #include <der.h>
  71 
  72 #define HC_DEPRECATED_CRYPTO
  73 #include "crypto-headers.h"
  74 
  75 struct hx509_keyset_ops;
  76 struct hx509_collector;
  77 struct hx509_generate_private_context;
  78 typedef struct hx509_path hx509_path;
  79 
  80 #include <hx509.h>
  81 
  82 typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *);
  83 
  84 typedef struct hx509_private_key_ops hx509_private_key_ops;
  85 
  86 #include "sel.h"
  87 
  88 #include <hx509-private.h>
  89 #include <hx509_err.h>
  90 
  91 struct hx509_peer_info {
  92     hx509_cert cert;
  93     AlgorithmIdentifier *val;
  94     size_t len;
  95 };
  96 
  97 #define HX509_CERTS_FIND_SERIALNUMBER           1
  98 #define HX509_CERTS_FIND_ISSUER                 2
  99 #define HX509_CERTS_FIND_SUBJECT                4
 100 #define HX509_CERTS_FIND_ISSUER_KEY_ID          8
 101 #define HX509_CERTS_FIND_SUBJECT_KEY_ID         16
 102 
 103 struct hx509_name_data {
 104     Name der_name;
 105 };
 106 
 107 struct hx509_path {
 108     size_t len;
 109     hx509_cert *val;
 110 };
 111 
 112 struct hx509_query_data {
 113     int match;
 114 #define HX509_QUERY_FIND_ISSUER_CERT            0x000001
 115 #define HX509_QUERY_MATCH_SERIALNUMBER          0x000002
 116 #define HX509_QUERY_MATCH_ISSUER_NAME           0x000004
 117 #define HX509_QUERY_MATCH_SUBJECT_NAME          0x000008
 118 #define HX509_QUERY_MATCH_SUBJECT_KEY_ID        0x000010
 119 #define HX509_QUERY_MATCH_ISSUER_ID             0x000020
 120 #define HX509_QUERY_PRIVATE_KEY                 0x000040
 121 #define HX509_QUERY_KU_ENCIPHERMENT             0x000080
 122 #define HX509_QUERY_KU_DIGITALSIGNATURE         0x000100
 123 #define HX509_QUERY_KU_KEYCERTSIGN              0x000200
 124 #define HX509_QUERY_KU_CRLSIGN                  0x000400
 125 #define HX509_QUERY_KU_NONREPUDIATION           0x000800
 126 #define HX509_QUERY_KU_KEYAGREEMENT             0x001000
 127 #define HX509_QUERY_KU_DATAENCIPHERMENT         0x002000
 128 #define HX509_QUERY_ANCHOR                      0x004000
 129 #define HX509_QUERY_MATCH_CERTIFICATE           0x008000
 130 #define HX509_QUERY_MATCH_LOCAL_KEY_ID          0x010000
 131 #define HX509_QUERY_NO_MATCH_PATH               0x020000
 132 #define HX509_QUERY_MATCH_FRIENDLY_NAME         0x040000
 133 #define HX509_QUERY_MATCH_FUNCTION              0x080000
 134 #define HX509_QUERY_MATCH_KEY_HASH_SHA1         0x100000
 135 #define HX509_QUERY_MATCH_TIME                  0x200000
 136 #define HX509_QUERY_MATCH_EKU                   0x400000
 137 #define HX509_QUERY_MATCH_EXPR                  0x800000
 138 #define HX509_QUERY_MASK                        0xffffff
 139     Certificate *subject;
 140     Certificate *certificate;
 141     heim_integer *serial;
 142     heim_octet_string *subject_id;
 143     heim_octet_string *local_key_id;
 144     Name *issuer_name;
 145     Name *subject_name;
 146     hx509_path *path;
 147     char *friendlyname;
 148     int (*cmp_func)(void *, hx509_cert);
 149     void *cmp_func_ctx;
 150     heim_octet_string *keyhash_sha1;
 151     time_t timenow;
 152     heim_oid *eku;
 153     struct hx_expr *expr;
 154 };
 155 
 156 struct hx509_keyset_ops {
 157     const char *name;
 158     int flags;
 159     int (*init)(hx509_context, hx509_certs, void **,
 160                 int, const char *, hx509_lock);
 161     int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock);
 162     int (*free)(hx509_certs, void *);
 163     int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
 164     int (*query)(hx509_context, hx509_certs, void *,
 165                  const hx509_query *, hx509_cert *);
 166     int (*iter_start)(hx509_context, hx509_certs, void *, void **);
 167     int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
 168     int (*iter_end)(hx509_context, hx509_certs, void *, void *);
 169     int (*printinfo)(hx509_context, hx509_certs,
 170                      void *, int (*)(void *, const char *), void *);
 171     int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **);
 172     int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key);
 173 };
 174 
 175 struct _hx509_password {
 176     size_t len;
 177     char **val;
 178 };
 179 
 180 extern hx509_lock _hx509_empty_lock;
 181 
 182 struct hx509_context_data {
 183     struct hx509_keyset_ops **ks_ops;
 184     int ks_num_ops;
 185     int flags;
 186 #define HX509_CTX_VERIFY_MISSING_OK     1
 187     int ocsp_time_diff;
 188 #define HX509_DEFAULT_OCSP_TIME_DIFF    (5*60)
 189     hx509_error error;
 190     struct et_list *et_list;
 191     char *querystat;
 192     hx509_certs default_trust_anchors;
 193 };
 194 
 195 /* _hx509_calculate_path flag field */
 196 #define HX509_CALCULATE_PATH_NO_ANCHOR 1
 197 
 198 /* environment */
 199 struct hx509_env_data {
 200     enum { env_string, env_list } type;
 201     char *name;
 202     struct hx509_env_data *next;
 203     union {
 204         char *string;
 205         struct hx509_env_data *list;
 206     } u;
 207 };
 208 
 209 
 210 extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg;
 211 extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg;
 212 extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg;
 213 
 214 /*
 215  * Configurable options
 216  */
 217 
 218 #ifdef __APPLE__
 219 #define HX509_DEFAULT_ANCHORS "KEYCHAIN:system-anchors"
 220 #endif

/* [<][>][^][v][top][bottom][index][help] */