VirtualBox

source: vbox/trunk/include/iprt/crypto/x509.h@ 62474

Last change on this file since 62474 was 62474, checked in by vboxsync, 8 years ago

(C) 2016

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 54.3 KB
Line 
1/** @file
2 * IPRT - Crypto - X.509, Public Key and Privilege Management Infrastructure.
3 */
4
5/*
6 * Copyright (C) 2014-2016 Oracle Corporation
7 *
8 * This file is part of VirtualBox Open Source Edition (OSE), as
9 * available from http://www.virtualbox.org. This file is free software;
10 * you can redistribute it and/or modify it under the terms of the GNU
11 * General Public License (GPL) as published by the Free Software
12 * Foundation, in version 2 as it comes in the "COPYING" file of the
13 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15 *
16 * The contents of this file may alternatively be used under the terms
17 * of the Common Development and Distribution License Version 1.0
18 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
19 * VirtualBox OSE distribution, in which case the provisions of the
20 * CDDL are applicable instead of those of the GPL.
21 *
22 * You may elect to license modified versions of this file under the
23 * terms and conditions of either the GPL or the CDDL or both.
24 */
25
26#ifndef ___iprt_crypto_x509_h
27#define ___iprt_crypto_x509_h
28
29#include <iprt/asn1.h>
30#include <iprt/crypto/pem.h>
31
32
33RT_C_DECLS_BEGIN
34
35
36/** @defgroup grp_rt_crypto Crypto
37 * @ingroup grp_rt
38 * @{
39 */
40
41/** @defgroup grp_rt_crx509 RTCrX509 - Public Key and Privilege Management Infrastructure.
42 * @{
43 */
44
45/**
46 * X.509 algorithm identifier (IPRT representation).
47 */
48typedef struct RTCRX509ALGORITHMIDENTIFIER
49{
50 /** The sequence making up this algorithm identifier. */
51 RTASN1SEQUENCECORE SeqCore;
52 /** The algorithm object ID. */
53 RTASN1OBJID Algorithm;
54 /** Optional parameters specified by the algorithm. */
55 RTASN1DYNTYPE Parameters;
56} RTCRX509ALGORITHMIDENTIFIER;
57/** Poitner to the IPRT representation of a X.509 algorithm identifier. */
58typedef RTCRX509ALGORITHMIDENTIFIER *PRTCRX509ALGORITHMIDENTIFIER;
59/** Poitner to the const IPRT representation of a X.509 algorithm identifier. */
60typedef RTCRX509ALGORITHMIDENTIFIER const *PCRTCRX509ALGORITHMIDENTIFIER;
61RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509ALGORITHMIDENTIFIER, RTDECL, RTCrX509AlgorithmIdentifier, SeqCore.Asn1Core);
62RTASN1_IMPL_GEN_SET_OF_TYPEDEFS_AND_PROTOS(RTCRX509ALGORITHMIDENTIFIERS, RTCRX509ALGORITHMIDENTIFIER, RTDECL, RTCrX509AlgorithmIdentifiers);
63
64/**
65 * Tries to convert an X.509 digest algorithm ID into a RTDIGESTTYPE value.
66 *
67 * @returns Valid RTDIGESTTYPE on success, RTDIGESTTYPE_INVALID on failure.
68 * @param pThis The IPRT representation of a X.509 algorithm
69 * identifier object.
70 */
71RTDECL(RTDIGESTTYPE) RTCrX509AlgorithmIdentifier_QueryDigestType(PCRTCRX509ALGORITHMIDENTIFIER pThis);
72
73/**
74 * Tries to figure the digest size of an X.509 digest algorithm ID.
75 *
76 * @returns The digest size in bytes, UINT32_MAX if unknown digest.
77 * @param pThis The IPRT representation of a X.509 algorithm
78 * identifier object.
79 */
80RTDECL(uint32_t) RTCrX509AlgorithmIdentifier_QueryDigestSize(PCRTCRX509ALGORITHMIDENTIFIER pThis);
81
82RTDECL(int) RTCrX509AlgorithmIdentifier_CompareWithString(PCRTCRX509ALGORITHMIDENTIFIER pThis, const char *pszObjId);
83
84/**
85 * Compares a digest with an encrypted digest algorithm, checking if they
86 * specify the same digest.
87 *
88 * @returns 0 if same digest, -1 if the digest is unknown, 1 if the encrypted
89 * digest does not match.
90 * @param pDigest The digest algorithm.
91 * @param pEncryptedDigest The encrypted digest algorithm.
92 */
93RTDECL(int) RTCrX509AlgorithmIdentifier_CompareDigestAndEncryptedDigest(PCRTCRX509ALGORITHMIDENTIFIER pDigest,
94 PCRTCRX509ALGORITHMIDENTIFIER pEncryptedDigest);
95/**
96 * Compares a digest OID with an encrypted digest algorithm OID, checking if
97 * they specify the same digest.
98 *
99 * @returns 0 if same digest, -1 if the digest is unknown, 1 if the encrypted
100 * digest does not match.
101 * @param pszDigestOid The digest algorithm OID.
102 * @param pszEncryptedDigestOid The encrypted digest algorithm OID.
103 */
104RTDECL(int) RTCrX509AlgorithmIdentifier_CompareDigestOidAndEncryptedDigestOid(const char *pszDigestOid,
105 const char *pszEncryptedDigestOid);
106
107
108/**
109 * Combine the encryption algorithm with the digest algorithm.
110 *
111 * @returns OID of encrypted digest algorithm.
112 * @param pEncryption The encryption algorithm. Will work if this is
113 * the OID of an encrypted digest algorithm too, as
114 * long as it matches @a pDigest.
115 * @param pDigest The digest algorithm. Will work if this is the
116 * OID of an encrypted digest algorithm too, as
117 * long as it matches @a pEncryption.
118 */
119RTDECL(const char *) RTCrX509AlgorithmIdentifier_CombineEncryptionAndDigest(PCRTCRX509ALGORITHMIDENTIFIER pEncryption,
120 PCRTCRX509ALGORITHMIDENTIFIER pDigest);
121
122/**
123 * Combine the encryption algorithm OID with the digest algorithm OID.
124 *
125 * @returns OID of encrypted digest algorithm.
126 * @param pszEncryptionOid The encryption algorithm. Will work if this is
127 * the OID of an encrypted digest algorithm too, as
128 * long as it matches @a pszDigestOid.
129 * @param pszDigestOid The digest algorithm. Will work if this is the
130 * OID of an encrypted digest algorithm too, as
131 * long as it matches @a pszEncryptionOid.
132 */
133RTDECL(const char *) RTCrX509AlgorithmIdentifier_CombineEncryptionOidAndDigestOid(const char *pszEncryptionOid,
134 const char *pszDigestOid);
135
136
137/** @name Typical Digest Algorithm OIDs.
138 * @{ */
139#define RTCRX509ALGORITHMIDENTIFIERID_MD2 "1.2.840.113549.2.2"
140#define RTCRX509ALGORITHMIDENTIFIERID_MD4 "1.2.840.113549.2.4"
141#define RTCRX509ALGORITHMIDENTIFIERID_MD5 "1.2.840.113549.2.5"
142#define RTCRX509ALGORITHMIDENTIFIERID_SHA1 "1.3.14.3.2.26"
143#define RTCRX509ALGORITHMIDENTIFIERID_SHA256 "2.16.840.1.101.3.4.2.1"
144#define RTCRX509ALGORITHMIDENTIFIERID_SHA384 "2.16.840.1.101.3.4.2.2"
145#define RTCRX509ALGORITHMIDENTIFIERID_SHA512 "2.16.840.1.101.3.4.2.3"
146#define RTCRX509ALGORITHMIDENTIFIERID_SHA224 "2.16.840.1.101.3.4.2.4"
147#define RTCRX509ALGORITHMIDENTIFIERID_SHA512T224 "2.16.840.1.101.3.4.2.5"
148#define RTCRX509ALGORITHMIDENTIFIERID_SHA512T256 "2.16.840.1.101.3.4.2.6"
149#define RTCRX509ALGORITHMIDENTIFIERID_WHIRLPOOL "1.0.10118.3.0.55"
150/** @} */
151
152/** @name Encrypted Digest Algorithm OIDs.
153 * @remarks The PKCS variants are the default ones, alternative OID are marked
154 * as such.
155 * @{ */
156#define RTCRX509ALGORITHMIDENTIFIERID_RSA "1.2.840.113549.1.1.1"
157#define RTCRX509ALGORITHMIDENTIFIERID_MD2_WITH_RSA "1.2.840.113549.1.1.2"
158#define RTCRX509ALGORITHMIDENTIFIERID_MD4_WITH_RSA "1.2.840.113549.1.1.3"
159#define RTCRX509ALGORITHMIDENTIFIERID_MD5_WITH_RSA "1.2.840.113549.1.1.4"
160#define RTCRX509ALGORITHMIDENTIFIERID_SHA1_WITH_RSA "1.2.840.113549.1.1.5"
161#define RTCRX509ALGORITHMIDENTIFIERID_SHA256_WITH_RSA "1.2.840.113549.1.1.11"
162#define RTCRX509ALGORITHMIDENTIFIERID_SHA384_WITH_RSA "1.2.840.113549.1.1.12"
163#define RTCRX509ALGORITHMIDENTIFIERID_SHA512_WITH_RSA "1.2.840.113549.1.1.13"
164#define RTCRX509ALGORITHMIDENTIFIERID_SHA224_WITH_RSA "1.2.840.113549.1.1.14"
165/** @} */
166
167
168
169
170/**
171 * One X.509 AttributeTypeAndValue (IPRT representation).
172 */
173typedef struct RTCRX509ATTRIBUTETYPEANDVALUE
174{
175 /** Sequence core. */
176 RTASN1SEQUENCECORE SeqCore;
177 /** The attribute type (object ID). */
178 RTASN1OBJID Type;
179 /** The attribute value (what it is is defined by Type). */
180 RTASN1DYNTYPE Value;
181} RTCRX509ATTRIBUTETYPEANDVALUE;
182/** Pointer to a X.509 AttributeTypeAndValue (IPRT representation). */
183typedef RTCRX509ATTRIBUTETYPEANDVALUE *PRTCRX509ATTRIBUTETYPEANDVALUE;
184/** Pointer to a const X.509 AttributeTypeAndValue (IPRT representation). */
185typedef RTCRX509ATTRIBUTETYPEANDVALUE const *PCRTCRX509ATTRIBUTETYPEANDVALUE;
186RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509ATTRIBUTETYPEANDVALUE, RTDECL, RTCrX509AttributeTypeAndValue, SeqCore.Asn1Core);
187RTASN1_IMPL_GEN_SET_OF_TYPEDEFS_AND_PROTOS(RTCRX509ATTRIBUTETYPEANDVALUES, RTCRX509ATTRIBUTETYPEANDVALUE, RTDECL, RTCrX509AttributeTypeAndValues);
188
189RTASN1TYPE_ALIAS(RTCRX509RELATIVEDISTINGUISHEDNAME, RTCRX509ATTRIBUTETYPEANDVALUES, RTCrX509RelativeDistinguishedName, RTCrX509AttributeTypeAndValues);
190
191
192RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509NAME, RTCRX509RELATIVEDISTINGUISHEDNAME, RTDECL, RTCrX509Name);
193RTDECL(int) RTCrX509Name_CheckSanity(PCRTCRX509NAME pName, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag);
194RTDECL(bool) RTCrX509Name_MatchByRfc5280(PCRTCRX509NAME pLeft, PCRTCRX509NAME pRight);
195
196/**
197 * Name constraint matching (RFC-5280).
198 *
199 * @returns true on match, false on mismatch.
200 * @param pConstraint The constraint name.
201 * @param pName The name to match against the constraint.
202 * @sa RTCrX509GeneralName_ConstraintMatch,
203 * RTCrX509RelativeDistinguishedName_ConstraintMatch
204 */
205RTDECL(bool) RTCrX509Name_ConstraintMatch(PCRTCRX509NAME pConstraint, PCRTCRX509NAME pName);
206RTDECL(int) RTCrX509Name_RecodeAsUtf8(PRTCRX509NAME pThis, PCRTASN1ALLOCATORVTABLE pAllocator);
207
208/**
209 * Matches the directory name against a comma separated list of the component
210 * strings (case sensitive).
211 *
212 * @returns true if match, false if mismatch.
213 * @param pThis The name object.
214 * @param pszString The string to match against. For example:
215 * "C=US, ST=California, L=Redwood Shores, O=Oracle Corporation"
216 *
217 * @remarks This is doing a straight compare, no extra effort is expended in
218 * dealing with different component order. If the component order
219 * differs, there won't be any match.
220 */
221RTDECL(bool) RTCrX509Name_MatchWithString(PCRTCRX509NAME pThis, const char *pszString);
222
223/**
224 * Formats the name as a command separated list of components with type
225 * prefixes.
226 *
227 * The output of this function is suitable for use with
228 * RTCrX509Name_MatchWithString.
229 *
230 * @returns IPRT status code.
231 * @param pThis The name object.
232 * @param pszBuf The output buffer.
233 * @param cbBuf The size of the output buffer.
234 * @param pcbActual Where to return the number of bytes required for the
235 * output, including the null terminator character.
236 * Optional.
237 */
238RTDECL(int) RTCrX509Name_FormatAsString(PCRTCRX509NAME pThis, char *pszBuf, size_t cbBuf, size_t *pcbActual);
239
240
241/**
242 * Looks up the RDN ID and returns the short name for it, if found.
243 *
244 * @returns Short name (e.g. 'CN') or NULL.
245 * @param pRdnId The RDN ID to look up.
246 */
247RTDECL(const char *) RTCrX509Name_GetShortRdn(PCRTASN1OBJID pRdnId);
248
249/**
250 * One X.509 OtherName (IPRT representation).
251 */
252typedef struct RTCRX509OTHERNAME
253{
254 /** The sequence core. */
255 RTASN1SEQUENCECORE SeqCore;
256 /** The name type identifier. */
257 RTASN1OBJID TypeId;
258 /** The name value (explicit tag 0). */
259 RTASN1DYNTYPE Value;
260} RTCRX509OTHERNAME;
261/** Pointer to a X.509 OtherName (IPRT representation). */
262typedef RTCRX509OTHERNAME *PRTCRX509OTHERNAME;
263/** Pointer to a const X.509 OtherName (IPRT representation). */
264typedef RTCRX509OTHERNAME const *PCRTCRX509OTHERNAME;
265RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509OTHERNAME, RTDECL, RTCrX509OtherName, SeqCore.Asn1Core);
266
267
268typedef enum RTCRX509GENERALNAMECHOICE
269{
270 RTCRX509GENERALNAMECHOICE_INVALID = 0,
271 RTCRX509GENERALNAMECHOICE_OTHER_NAME,
272 RTCRX509GENERALNAMECHOICE_RFC822_NAME,
273 RTCRX509GENERALNAMECHOICE_DNS_NAME,
274 RTCRX509GENERALNAMECHOICE_X400_ADDRESS,
275 RTCRX509GENERALNAMECHOICE_DIRECTORY_NAME,
276 RTCRX509GENERALNAMECHOICE_EDI_PARTY_NAME,
277 RTCRX509GENERALNAMECHOICE_URI,
278 RTCRX509GENERALNAMECHOICE_IP_ADDRESS,
279 RTCRX509GENERALNAMECHOICE_REGISTERED_ID,
280 RTCRX509GENERALNAMECHOICE_END,
281 RTCRX509GENERALNAMECHOICE_32BIT_HACK = 0x7fffffff
282} RTCRX509GENERALNAMECHOICE;
283
284/**
285 * One X.509 GeneralName (IPRT representation).
286 *
287 * This is represented as a union. Use the RTCRX509GENERALNAME_IS_XXX predicate
288 * macros to figure out which member is valid (Asn1Core is always valid).
289 */
290typedef struct RTCRX509GENERALNAME
291{
292 /** Dummy ASN.1 record, not encoded. */
293 RTASN1DUMMY Dummy;
294 /** The value allocation. */
295 RTASN1ALLOCATION Allocation;
296 /** The choice of value. */
297 RTCRX509GENERALNAMECHOICE enmChoice;
298 /** The value union. */
299 union
300 {
301 /** Tag 0: Other Name. */
302 PRTCRX509OTHERNAME pT0_OtherName;
303 /** Tag 1: RFC-822 Name. */
304 PRTASN1STRING pT1_Rfc822;
305 /** Tag 2: DNS name. */
306 PRTASN1STRING pT2_DnsName;
307 /** Tag 3: X.400 Address. */
308 struct
309 {
310 /** Context tag 3. */
311 RTASN1CONTEXTTAG3 CtxTag3;
312 /** Later. */
313 RTASN1DYNTYPE X400Address;
314 } *pT3;
315 /** Tag 4: Directory Name. */
316 struct
317 {
318 /** Context tag 4. */
319 RTASN1CONTEXTTAG4 CtxTag4;
320 /** Directory name. */
321 RTCRX509NAME DirectoryName;
322 } *pT4;
323 /** Tag 5: EDI Party Name. */
324 struct
325 {
326 /** Context tag 5. */
327 RTASN1CONTEXTTAG5 CtxTag5;
328 /** Later. */
329 RTASN1DYNTYPE EdiPartyName;
330 } *pT5;
331 /** Tag 6: URI. */
332 PRTASN1STRING pT6_Uri;
333 /** Tag 7: IP address. Either 4/8 (IPv4) or 16/32 (IPv16) octets long. */
334 PRTASN1OCTETSTRING pT7_IpAddress;
335 /** Tag 8: Registered ID. */
336 PRTASN1OBJID pT8_RegisteredId;
337 } u;
338} RTCRX509GENERALNAME;
339/** Pointer to the IPRT representation of an X.509 general name. */
340typedef RTCRX509GENERALNAME *PRTCRX509GENERALNAME;
341/** Pointer to the const IPRT representation of an X.509 general name. */
342typedef RTCRX509GENERALNAME const *PCRTCRX509GENERALNAME;
343RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509GENERALNAME, RTDECL, RTCrX509GeneralName, Dummy.Asn1Core);
344
345/** @name RTCRX509GENERALNAME tag predicates.
346 * @{ */
347#define RTCRX509GENERALNAME_IS_OTHER_NAME(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_OTHER_NAME)
348#define RTCRX509GENERALNAME_IS_RFC822_NAME(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_RFC822_NAME)
349#define RTCRX509GENERALNAME_IS_DNS_NAME(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_DNS_NAME)
350#define RTCRX509GENERALNAME_IS_X400_ADDRESS(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_X400_ADDRESS)
351#define RTCRX509GENERALNAME_IS_DIRECTORY_NAME(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_DIRECTORY_NAME)
352#define RTCRX509GENERALNAME_IS_EDI_PARTY_NAME(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_EDI_PARTY_NAME)
353#define RTCRX509GENERALNAME_IS_URI(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_URI)
354#define RTCRX509GENERALNAME_IS_IP_ADDRESS(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_IP_ADDRESS)
355#define RTCRX509GENERALNAME_IS_REGISTERED_ID(a_GenName) ((a_GenName)->enmChoice == RTCRX509GENERALNAMECHOICE_REGISTERED_ID)
356/** @} */
357
358
359RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509GENERALNAMES, RTCRX509GENERALNAME, RTDECL, RTCrX509GeneralNames);
360RTDECL(bool) RTCrX509GeneralName_ConstraintMatch(PCRTCRX509GENERALNAME pConstraint, PCRTCRX509GENERALNAME pName);
361
362
363/**
364 * X.509 Validity (IPRT representation).
365 */
366typedef struct RTCRX509VALIDITY
367{
368 /** Core sequence bits. */
369 RTASN1SEQUENCECORE SeqCore;
370 /** Effective starting. */
371 RTASN1TIME NotBefore;
372 /** Expires after. */
373 RTASN1TIME NotAfter;
374} RTCRX509VALIDITY;
375/** Pointer to the IPRT representation of an X.509 validity sequence. */
376typedef RTCRX509VALIDITY *PRTCRX509VALIDITY;
377/** Pointer ot the const IPRT representation of an X.509 validity sequence. */
378typedef RTCRX509VALIDITY const *PCRTCRX509VALIDITY;
379RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509VALIDITY, RTDECL, RTCrX509Validity, SeqCore.Asn1Core);
380
381RTDECL(bool) RTCrX509Validity_IsValidAtTimeSpec(PCRTCRX509VALIDITY pThis, PCRTTIMESPEC pTimeSpec);
382
383
384#if 0
385/**
386 * X.509 UniqueIdentifier (IPRT representation).
387 */
388typedef struct RTCRX509UNIQUEIDENTIFIER
389{
390 /** Representation is a bit string. */
391 RTASN1BITSTRING BitString;
392} RTCRX509UNIQUEIDENTIFIER;
393/** Pointer to the IPRT representation of an X.509 unique identifier. */
394typedef RTCRX509UNIQUEIDENTIFIER *PRTCRX509UNIQUEIDENTIFIER;
395/** Pointer to the const IPRT representation of an X.509 unique identifier. */
396typedef RTCRX509UNIQUEIDENTIFIER const *PCRTCRX509UNIQUEIDENTIFIER;
397RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(RTCRX509UNIQUEIDENTIFIER, RTDECL, RTCrX509UniqueIdentifier);
398#endif
399RTASN1TYPE_ALIAS(RTCRX509UNIQUEIDENTIFIER, RTASN1BITSTRING, RTCrX509UniqueIdentifier, RTAsn1BitString);
400
401
402/**
403 * X.509 SubjectPublicKeyInfo (IPRT representation).
404 */
405typedef struct RTCRX509SUBJECTPUBLICKEYINFO
406{
407 /** Core sequence bits. */
408 RTASN1SEQUENCECORE SeqCore;
409 /** The algorithm used with the public key. */
410 RTCRX509ALGORITHMIDENTIFIER Algorithm;
411 /** A bit string containing the public key.
412 *
413 * For algorithms like rsaEncryption this is generally a sequence of two
414 * integers, where the first one has lots of bits, and the second one being a
415 * modulous value. These are details specific to the algorithm and not relevant
416 * when validating the certificate chain. */
417 RTASN1BITSTRING SubjectPublicKey;
418} RTCRX509SUBJECTPUBLICKEYINFO;
419/** Pointer to the IPRT representation of an X.509 subject public key info
420 * sequence. */
421typedef RTCRX509SUBJECTPUBLICKEYINFO *PRTCRX509SUBJECTPUBLICKEYINFO;
422/** Pointer to the const IPRT representation of an X.509 subject public key info
423 * sequence. */
424typedef RTCRX509SUBJECTPUBLICKEYINFO const *PCRTCRX509SUBJECTPUBLICKEYINFO;
425RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509SUBJECTPUBLICKEYINFO, RTDECL, RTCrX509SubjectPublicKeyInfo, SeqCore.Asn1Core);
426
427
428/**
429 * One X.509 AuthorityKeyIdentifier (IPRT representation).
430 */
431typedef struct RTCRX509AUTHORITYKEYIDENTIFIER
432{
433 /** Sequence core. */
434 RTASN1SEQUENCECORE SeqCore;
435 /** Tag 0, optional, implicit: Key identifier. */
436 RTASN1OCTETSTRING KeyIdentifier;
437 /** Tag 1, optional, implicit: Issuer name. */
438 RTCRX509GENERALNAMES AuthorityCertIssuer;
439 /** Tag 2, optional, implicit: Serial number of issuer. */
440 RTASN1INTEGER AuthorityCertSerialNumber;
441} RTCRX509AUTHORITYKEYIDENTIFIER;
442/** Pointer to the IPRT representation of an X.509 AuthorityKeyIdentifier
443 * sequence. */
444typedef RTCRX509AUTHORITYKEYIDENTIFIER *PRTCRX509AUTHORITYKEYIDENTIFIER;
445/** Pointer to the const IPRT representation of an X.509 AuthorityKeyIdentifier
446 * sequence. */
447typedef RTCRX509AUTHORITYKEYIDENTIFIER const *PCRTCRX509AUTHORITYKEYIDENTIFIER;
448RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509AUTHORITYKEYIDENTIFIER, RTDECL, RTCrX509AuthorityKeyIdentifier, SeqCore.Asn1Core);
449
450
451/**
452 * One X.509 OldAuthorityKeyIdentifier (IPRT representation).
453 */
454typedef struct RTCRX509OLDAUTHORITYKEYIDENTIFIER
455{
456 /** Sequence core. */
457 RTASN1SEQUENCECORE SeqCore;
458 /** Tag 0, optional, implicit: Key identifier. */
459 RTASN1OCTETSTRING KeyIdentifier;
460 struct
461 {
462 RTASN1CONTEXTTAG1 CtxTag1;
463 /** Tag 1, optional, implicit: Issuer name. */
464 RTCRX509NAME AuthorityCertIssuer;
465 } T1;
466 /** Tag 2, optional, implicit: Serial number of issuer. */
467 RTASN1INTEGER AuthorityCertSerialNumber;
468} RTCRX509OLDAUTHORITYKEYIDENTIFIER;
469/** Pointer to the IPRT representation of an X.509 AuthorityKeyIdentifier
470 * sequence. */
471typedef RTCRX509OLDAUTHORITYKEYIDENTIFIER *PRTCRX509OLDAUTHORITYKEYIDENTIFIER;
472/** Pointer to the const IPRT representation of an X.509 AuthorityKeyIdentifier
473 * sequence. */
474typedef RTCRX509OLDAUTHORITYKEYIDENTIFIER const *PCRTCRX509OLDAUTHORITYKEYIDENTIFIER;
475RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509OLDAUTHORITYKEYIDENTIFIER, RTDECL, RTCrX509OldAuthorityKeyIdentifier, SeqCore.Asn1Core);
476
477
478/**
479 * One X.509 PolicyQualifierInfo (IPRT representation).
480 */
481typedef struct RTCRX509POLICYQUALIFIERINFO
482{
483 /** Core sequence bits. */
484 RTASN1SEQUENCECORE SeqCore;
485 /** The policy object ID. */
486 RTASN1OBJID PolicyQualifierId;
487 /** Anything defined by the policy qualifier id. */
488 RTASN1DYNTYPE Qualifier;
489} RTCRX509POLICYQUALIFIERINFO;
490/** Pointer to the IPRT representation of an X.509 PolicyQualifierInfo
491 * sequence. */
492typedef RTCRX509POLICYQUALIFIERINFO *PRTCRX509POLICYQUALIFIERINFO;
493/** Pointer to the const IPRT representation of an X.509 PolicyQualifierInfo
494 * sequence. */
495typedef RTCRX509POLICYQUALIFIERINFO const *PCRTCRX509POLICYQUALIFIERINFO;
496RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509POLICYQUALIFIERINFO, RTDECL, RTCrX509PolicyQualifierInfo, SeqCore.Asn1Core);
497RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509POLICYQUALIFIERINFOS, RTCRX509POLICYQUALIFIERINFO, RTDECL, RTCrX509PolicyQualifierInfos);
498
499
500/**
501 * One X.509 PolicyInformation (IPRT representation).
502 */
503typedef struct RTCRX509POLICYINFORMATION
504{
505 /** Core sequence bits. */
506 RTASN1SEQUENCECORE SeqCore;
507 /** The policy object ID. */
508 RTASN1OBJID PolicyIdentifier;
509 /** Optional sequence of policy qualifiers. */
510 RTCRX509POLICYQUALIFIERINFOS PolicyQualifiers;
511} RTCRX509POLICYINFORMATION;
512/** Pointer to the IPRT representation of an X.509 PolicyInformation
513 * sequence. */
514typedef RTCRX509POLICYINFORMATION *PRTCRX509POLICYINFORMATION;
515/** Pointer to the const IPRT representation of an X.509 PolicyInformation
516 * sequence. */
517typedef RTCRX509POLICYINFORMATION const *PCRTCRX509POLICYINFORMATION;
518RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509POLICYINFORMATION, RTDECL, RTCrX509PolicyInformation, SeqCore.Asn1Core);
519RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509CERTIFICATEPOLICIES, RTCRX509POLICYINFORMATION, RTDECL, RTCrX509CertificatePolicies);
520
521/** Sepcial policy object ID that matches any policy. */
522#define RTCRX509_ID_CE_CP_ANY_POLICY_OID "2.5.29.32.0"
523
524
525/**
526 * One X.509 PolicyMapping (IPRT representation).
527 */
528typedef struct RTCRX509POLICYMAPPING
529{
530 /** Core sequence bits. */
531 RTASN1SEQUENCECORE SeqCore;
532 /** Issuer policy ID. */
533 RTASN1OBJID IssuerDomainPolicy;
534 /** Subject policy ID. */
535 RTASN1OBJID SubjectDomainPolicy;
536} RTCRX509POLICYMAPPING;
537/** Pointer to the IPRT representation of a sequence of X.509 PolicyMapping. */
538typedef RTCRX509POLICYMAPPING *PRTCRX509POLICYMAPPING;
539/** Pointer to the const IPRT representation of a sequence of X.509
540 * PolicyMapping. */
541typedef RTCRX509POLICYMAPPING const *PCRTCRX509POLICYMAPPING;
542RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509POLICYMAPPING, RTDECL, RTCrX509PolicyMapping, SeqCore.Asn1Core);
543RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509POLICYMAPPINGS, RTCRX509POLICYMAPPING, RTDECL, RTCrX509PolicyMappings);
544
545
546/**
547 * X.509 BasicConstraints (IPRT representation).
548 */
549typedef struct RTCRX509BASICCONSTRAINTS
550{
551 /** Core sequence bits. */
552 RTASN1SEQUENCECORE SeqCore;
553 /** Is this ia certficiate authority? Default to false. */
554 RTASN1BOOLEAN CA;
555 /** Path length constraint. */
556 RTASN1INTEGER PathLenConstraint;
557} RTCRX509BASICCONSTRAINTS;
558/** Pointer to the IPRT representation of a sequence of X.509
559 * BasicConstraints. */
560typedef RTCRX509BASICCONSTRAINTS *PRTCRX509BASICCONSTRAINTS;
561/** Pointer to the const IPRT representation of a sequence of X.509
562 * BasicConstraints. */
563typedef RTCRX509BASICCONSTRAINTS const *PCRTCRX509BASICCONSTRAINTS;
564RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509BASICCONSTRAINTS, RTDECL, RTCrX509BasicConstraints, SeqCore.Asn1Core);
565
566
567/**
568 * X.509 GeneralSubtree (IPRT representation).
569 */
570typedef struct RTCRX509GENERALSUBTREE
571{
572 /** Core sequence bits. */
573 RTASN1SEQUENCECORE SeqCore;
574 /** Base name. */
575 RTCRX509GENERALNAME Base;
576 /** Tag 0, optional: Minimum, default 0. Fixed at 0 by RFC-5280. */
577 RTASN1INTEGER Minimum;
578 /** Tag 1, optional: Maximum. Fixed as not-present by RFC-5280. */
579 RTASN1INTEGER Maximum;
580} RTCRX509GENERALSUBTREE;
581/** Pointer to the IPRT representation of a sequence of X.509 GeneralSubtree. */
582typedef RTCRX509GENERALSUBTREE *PRTCRX509GENERALSUBTREE;
583/** Pointer to the const IPRT representation of a sequence of X.509
584 * GeneralSubtree. */
585typedef RTCRX509GENERALSUBTREE const *PCRTCRX509GENERALSUBTREE;
586RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509GENERALSUBTREE, RTDECL, RTCrX509GeneralSubtree, SeqCore.Asn1Core);
587
588RTDECL(bool) RTCrX509GeneralSubtree_ConstraintMatch(PCRTCRX509GENERALSUBTREE pConstraint, PCRTCRX509GENERALSUBTREE pName);
589
590RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509GENERALSUBTREES, RTCRX509GENERALSUBTREE, RTDECL, RTCrX509GeneralSubtrees);
591
592
593/**
594 * X.509 NameConstraints (IPRT representation).
595 */
596typedef struct RTCRX509NAMECONSTRAINTS
597{
598 /** Core sequence bits. */
599 RTASN1SEQUENCECORE SeqCore;
600 /** Tag 0, optional: Permitted subtrees. */
601 struct
602 {
603 /** Context tag. */
604 RTASN1CONTEXTTAG0 CtxTag0;
605 /** The permitted subtrees. */
606 RTCRX509GENERALSUBTREES PermittedSubtrees;
607 } T0;
608 /** Tag 1, optional: Excluded subtrees. */
609 struct
610 {
611 /** Context tag. */
612 RTASN1CONTEXTTAG1 CtxTag1;
613 /** The excluded subtrees. */
614 RTCRX509GENERALSUBTREES ExcludedSubtrees;
615 } T1;
616} RTCRX509NAMECONSTRAINTS;
617/** Pointer to the IPRT representation of a sequence of X.509
618 * NameConstraints. */
619typedef RTCRX509NAMECONSTRAINTS *PRTCRX509NAMECONSTRAINTS;
620/** Pointer to the const IPRT representation of a sequence of X.509
621 * NameConstraints. */
622typedef RTCRX509NAMECONSTRAINTS const *PCRTCRX509NAMECONSTRAINTS;
623RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509NAMECONSTRAINTS, RTDECL, RTCrX509NameConstraints, SeqCore.Asn1Core);
624
625
626/**
627 * X.509 PolicyConstraints (IPRT representation).
628 */
629typedef struct RTCRX509POLICYCONSTRAINTS
630{
631 /** Core sequence bits. */
632 RTASN1SEQUENCECORE SeqCore;
633 /** Tag 0, optional: Certificates before an explicit policy is required. */
634 RTASN1INTEGER RequireExplicitPolicy;
635 /** Tag 1, optional: Certificates before policy mapping is inhibited. */
636 RTASN1INTEGER InhibitPolicyMapping;
637} RTCRX509POLICYCONSTRAINTS;
638/** Pointer to the IPRT representation of a sequence of X.509
639 * PolicyConstraints. */
640typedef RTCRX509POLICYCONSTRAINTS *PRTCRX509POLICYCONSTRAINTS;
641/** Pointer to the const IPRT representation of a sequence of X.509
642 * PolicyConstraints. */
643typedef RTCRX509POLICYCONSTRAINTS const *PCRTCRX509POLICYCONSTRAINTS;
644RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509POLICYCONSTRAINTS, RTDECL, RTCrX509PolicyConstraints, SeqCore.Asn1Core);
645
646
647/**
648 * Indicates what an X.509 extension value encapsulates.
649 */
650typedef enum RTCRX509EXTENSIONVALUE
651{
652 RTCRX509EXTENSIONVALUE_INVALID = 0,
653 /** Unknown, no decoding available just the octet string. */
654 RTCRX509EXTENSIONVALUE_UNKNOWN,
655 /** Unencapsulated (i.e. octet string). */
656 RTCRX509EXTENSIONVALUE_NOT_ENCAPSULATED,
657
658 /** Bit string (RTASN1BITSTRING). */
659 RTCRX509EXTENSIONVALUE_BIT_STRING,
660 /** Octet string (RTASN1OCTETSTRING). */
661 RTCRX509EXTENSIONVALUE_OCTET_STRING,
662 /** Integer string (RTASN1INTEGER). */
663 RTCRX509EXTENSIONVALUE_INTEGER,
664 /** Sequence of object identifiers (RTASN1SEQOFOBJIDS). */
665 RTCRX509EXTENSIONVALUE_SEQ_OF_OBJ_IDS,
666
667 /** Authority key identifier (RTCRX509AUTHORITYKEYIDENTIFIER). */
668 RTCRX509EXTENSIONVALUE_AUTHORITY_KEY_IDENTIFIER,
669 /** Old Authority key identifier (RTCRX509OLDAUTHORITYKEYIDENTIFIER). */
670 RTCRX509EXTENSIONVALUE_OLD_AUTHORITY_KEY_IDENTIFIER,
671 /** Certificate policies (RTCRX509CERTIFICATEPOLICIES). */
672 RTCRX509EXTENSIONVALUE_CERTIFICATE_POLICIES,
673 /** Sequence of policy mappings (RTCRX509POLICYMAPPINGS). */
674 RTCRX509EXTENSIONVALUE_POLICY_MAPPINGS,
675 /** Basic constraints (RTCRX509BASICCONSTRAINTS). */
676 RTCRX509EXTENSIONVALUE_BASIC_CONSTRAINTS,
677 /** Name constraints (RTCRX509NAMECONSTRAINTS). */
678 RTCRX509EXTENSIONVALUE_NAME_CONSTRAINTS,
679 /** Policy constraints (RTCRX509POLICYCONSTRAINTS). */
680 RTCRX509EXTENSIONVALUE_POLICY_CONSTRAINTS,
681 /** Sequence of general names (RTCRX509GENERALNAMES). */
682 RTCRX509EXTENSIONVALUE_GENERAL_NAMES,
683
684 /** Blow the type up to 32-bits. */
685 RTCRX509EXTENSIONVALUE_32BIT_HACK = 0x7fffffff
686} RTCRX509EXTENSIONVALUE;
687
688/**
689 * One X.509 Extension (IPRT representation).
690 */
691typedef struct RTCRX509EXTENSION
692{
693 /** Core sequence bits. */
694 RTASN1SEQUENCECORE SeqCore;
695 /** Extension ID. */
696 RTASN1OBJID ExtnId;
697 /** Whether this is critical (default @c false). */
698 RTASN1BOOLEAN Critical;
699 /** Indicates what ExtnValue.pEncapsulated points at. */
700 RTCRX509EXTENSIONVALUE enmValue;
701 /** The value.
702 * Contains extension specific data that we don't yet parse. */
703 RTASN1OCTETSTRING ExtnValue;
704} RTCRX509EXTENSION;
705/** Pointer to the IPRT representation of one X.509 extensions. */
706typedef RTCRX509EXTENSION *PRTCRX509EXTENSION;
707/** Pointer to the const IPRT representation of one X.509 extension. */
708typedef RTCRX509EXTENSION const *PCRTCRX509EXTENSION;
709RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509EXTENSION, RTDECL, RTCrX509Extension, SeqCore.Asn1Core);
710RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRX509EXTENSIONS, RTCRX509EXTENSION, RTDECL, RTCrX509Extensions);
711
712RTDECL(int) RTCrX509Extension_ExtnValue_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags,
713 PRTCRX509EXTENSION pThis, const char *pszErrorTag);
714
715
716/**
717 * X.509 To-be-signed certificate information (IPRT representation).
718 */
719typedef struct RTCRX509TBSCERTIFICATE
720{
721 /** Sequence core. */
722 RTASN1SEQUENCECORE SeqCore;
723 /** Structure version. */
724 struct
725 {
726 /** Context tag with value 0. */
727 RTASN1CONTEXTTAG0 CtxTag0;
728 /** The actual value (RTCRX509TBSCERTIFICATE_V1, ...). */
729 RTASN1INTEGER Version;
730 } T0;
731 /** The serial number of the certificate. */
732 RTASN1INTEGER SerialNumber;
733 /** The signature algorithm. */
734 RTCRX509ALGORITHMIDENTIFIER Signature;
735 /** The issuer name. */
736 RTCRX509NAME Issuer;
737 /** The certificate validity period. */
738 RTCRX509VALIDITY Validity;
739 /** The subject name. */
740 RTCRX509NAME Subject;
741 /** The public key for this certificate. */
742 RTCRX509SUBJECTPUBLICKEYINFO SubjectPublicKeyInfo;
743 /** Issuer unique identifier (optional, version >= v2). */
744 struct
745 {
746 /** Context tag with value 1. */
747 RTASN1CONTEXTTAG1 CtxTag1;
748 /** The unique identifier value. */
749 RTCRX509UNIQUEIDENTIFIER IssuerUniqueId;
750 } T1;
751 /** Subject unique identifier (optional, version >= v2). */
752 struct
753 {
754 /** Context tag with value 2. */
755 RTASN1CONTEXTTAG2 CtxTag2;
756 /** The unique identifier value. */
757 RTCRX509UNIQUEIDENTIFIER SubjectUniqueId;
758 } T2;
759 /** Extensions (optional, version >= v3). */
760 struct
761 {
762 /** Context tag with value 3. */
763 RTASN1CONTEXTTAG3 CtxTag3;
764 /** The unique identifier value. */
765 RTCRX509EXTENSIONS Extensions;
766 /** Extensions summary flags. */
767 uint32_t fFlags;
768 /** Key usage flags. */
769 uint32_t fKeyUsage;
770 /** Extended key usage flags. */
771 uint32_t fExtKeyUsage;
772
773 /** Pointer to the authority key ID extension if present. */
774 PCRTCRX509AUTHORITYKEYIDENTIFIER pAuthorityKeyIdentifier;
775 /** Pointer to the OLD authority key ID extension if present. */
776 PCRTCRX509OLDAUTHORITYKEYIDENTIFIER pOldAuthorityKeyIdentifier;
777 /** Pointer to the subject key ID extension if present. */
778 PCRTASN1OCTETSTRING pSubjectKeyIdentifier;
779 /** Pointer to the alternative subject name extension if present. */
780 PCRTCRX509GENERALNAMES pAltSubjectName;
781 /** Pointer to the alternative issuer name extension if present. */
782 PCRTCRX509GENERALNAMES pAltIssuerName;
783 /** Pointer to the certificate policies extension if present. */
784 PCRTCRX509CERTIFICATEPOLICIES pCertificatePolicies;
785 /** Pointer to the policy mappings extension if present. */
786 PCRTCRX509POLICYMAPPINGS pPolicyMappings;
787 /** Pointer to the basic constraints extension if present. */
788 PCRTCRX509BASICCONSTRAINTS pBasicConstraints;
789 /** Pointer to the name constraints extension if present. */
790 PCRTCRX509NAMECONSTRAINTS pNameConstraints;
791 /** Pointer to the policy constraints extension if present. */
792 PCRTCRX509POLICYCONSTRAINTS pPolicyConstraints;
793 /** Pointer to the inhibit anyPolicy extension if present. */
794 PCRTASN1INTEGER pInhibitAnyPolicy;
795 } T3;
796} RTCRX509TBSCERTIFICATE;
797/** Pointer to the IPRT representation of a X.509 TBSCertificate. */
798typedef RTCRX509TBSCERTIFICATE *PRTCRX509TBSCERTIFICATE;
799/** Pointer to the const IPRT representation of a X.509 TBSCertificate. */
800typedef RTCRX509TBSCERTIFICATE const *PCRTCRX509TBSCERTIFICATE;
801RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509TBSCERTIFICATE, RTDECL, RTCrX509TbsCertificate, SeqCore.Asn1Core);
802
803/** @name RTCRX509TBSCERTIFICATE::T0.Version values.
804 * @{ */
805#define RTCRX509TBSCERTIFICATE_V1 0
806#define RTCRX509TBSCERTIFICATE_V2 1
807#define RTCRX509TBSCERTIFICATE_V3 2
808/** @} */
809
810/** @name RTCRX509TBSCERTIFICATE::T3.fFlags values.
811 * @{ */
812#define RTCRX509TBSCERTIFICATE_F_PRESENT_KEY_USAGE RT_BIT_32(0)
813#define RTCRX509TBSCERTIFICATE_F_PRESENT_EXT_KEY_USAGE RT_BIT_32(1)
814#define RTCRX509TBSCERTIFICATE_F_PRESENT_SUBJECT_KEY_IDENTIFIER RT_BIT_32(2)
815#define RTCRX509TBSCERTIFICATE_F_PRESENT_SUBJECT_ALT_NAME RT_BIT_32(3)
816#define RTCRX509TBSCERTIFICATE_F_PRESENT_ISSUER_ALT_NAME RT_BIT_32(4)
817#define RTCRX509TBSCERTIFICATE_F_PRESENT_CERTIFICATE_POLICIES RT_BIT_32(5)
818#define RTCRX509TBSCERTIFICATE_F_PRESENT_POLICY_MAPPINGS RT_BIT_32(6)
819#define RTCRX509TBSCERTIFICATE_F_PRESENT_BASIC_CONSTRAINTS RT_BIT_32(7)
820#define RTCRX509TBSCERTIFICATE_F_PRESENT_NAME_CONSTRAINTS RT_BIT_32(8)
821#define RTCRX509TBSCERTIFICATE_F_PRESENT_POLICY_CONSTRAINTS RT_BIT_32(9)
822#define RTCRX509TBSCERTIFICATE_F_PRESENT_AUTHORITY_KEY_IDENTIFIER RT_BIT_32(10)
823#define RTCRX509TBSCERTIFICATE_F_PRESENT_OLD_AUTHORITY_KEY_IDENTIFIER RT_BIT_32(11)
824#define RTCRX509TBSCERTIFICATE_F_PRESENT_ACCEPTABLE_CERT_POLICIES RT_BIT_32(12)
825#define RTCRX509TBSCERTIFICATE_F_PRESENT_INHIBIT_ANY_POLICY RT_BIT_32(13)
826#define RTCRX509TBSCERTIFICATE_F_PRESENT_OTHER RT_BIT_32(22) /**< Other unknown extension present. */
827#define RTCRX509TBSCERTIFICATE_F_PRESENT_NONE RT_BIT_32(23) /**< No extensions present. */
828/** @} */
829
830/** @name X.509 Key Usage flags. (RFC-5280 section 4.2.1.3.)
831 * @{ */
832#define RTCRX509CERT_KEY_USAGE_F_DIGITAL_SIGNATURE_BIT 0
833#define RTCRX509CERT_KEY_USAGE_F_DIGITAL_SIGNATURE RT_BIT_32(0)
834#define RTCRX509CERT_KEY_USAGE_F_CONTENT_COMMITTMENT_BIT 1
835#define RTCRX509CERT_KEY_USAGE_F_CONTENT_COMMITTMENT RT_BIT_32(1)
836#define RTCRX509CERT_KEY_USAGE_F_KEY_ENCIPHERMENT_BIT 2
837#define RTCRX509CERT_KEY_USAGE_F_KEY_ENCIPHERMENT RT_BIT_32(2)
838#define RTCRX509CERT_KEY_USAGE_F_DATA_ENCIPHERMENT_BIT 3
839#define RTCRX509CERT_KEY_USAGE_F_DATA_ENCIPHERMENT RT_BIT_32(3)
840#define RTCRX509CERT_KEY_USAGE_F_KEY_AGREEMENT_BIT 4
841#define RTCRX509CERT_KEY_USAGE_F_KEY_AGREEMENT RT_BIT_32(4)
842#define RTCRX509CERT_KEY_USAGE_F_KEY_CERT_SIGN_BIT 5
843#define RTCRX509CERT_KEY_USAGE_F_KEY_CERT_SIGN RT_BIT_32(5)
844#define RTCRX509CERT_KEY_USAGE_F_CRL_SIGN_BIT 6
845#define RTCRX509CERT_KEY_USAGE_F_CRL_SIGN RT_BIT_32(6)
846#define RTCRX509CERT_KEY_USAGE_F_ENCIPHERMENT_ONLY_BIT 7
847#define RTCRX509CERT_KEY_USAGE_F_ENCIPHERMENT_ONLY RT_BIT_32(7)
848#define RTCRX509CERT_KEY_USAGE_F_DECIPHERMENT_ONLY_BIT 8
849#define RTCRX509CERT_KEY_USAGE_F_DECIPHERMENT_ONLY RT_BIT_32(8)
850/** @} */
851
852/** @name X.509 Extended Key Usage flags. (RFC-5280 section 4.2.1.12, ++.)
853 * @remarks Needless to say, these flags doesn't cover all possible extended key
854 * usages, because there is a potential unlimited number of them. Only
855 * ones relevant to IPRT and it's users are covered.
856 * @{ */
857#define RTCRX509CERT_EKU_F_ANY RT_BIT_64(0)
858#define RTCRX509CERT_EKU_F_SERVER_AUTH RT_BIT_64(1)
859#define RTCRX509CERT_EKU_F_CLIENT_AUTH RT_BIT_64(2)
860#define RTCRX509CERT_EKU_F_CODE_SIGNING RT_BIT_64(3)
861#define RTCRX509CERT_EKU_F_EMAIL_PROTECTION RT_BIT_64(4)
862#define RTCRX509CERT_EKU_F_IPSEC_END_SYSTEM RT_BIT_64(5)
863#define RTCRX509CERT_EKU_F_IPSEC_TUNNEL RT_BIT_64(6)
864#define RTCRX509CERT_EKU_F_IPSEC_USER RT_BIT_64(7)
865#define RTCRX509CERT_EKU_F_TIMESTAMPING RT_BIT_64(8)
866#define RTCRX509CERT_EKU_F_OCSP_SIGNING RT_BIT_64(9)
867#define RTCRX509CERT_EKU_F_DVCS RT_BIT_64(10)
868#define RTCRX509CERT_EKU_F_SBGP_CERT_AA_SERVICE_AUTH RT_BIT_64(11)
869#define RTCRX509CERT_EKU_F_EAP_OVER_PPP RT_BIT_64(12)
870#define RTCRX509CERT_EKU_F_EAP_OVER_LAN RT_BIT_64(13)
871#define RTCRX509CERT_EKU_F_OTHER RT_BIT_64(16) /**< Other unknown extended key usage present. */
872#define RTCRX509CERT_EKU_F_APPLE_CODE_SIGNING RT_BIT_64(24)
873#define RTCRX509CERT_EKU_F_APPLE_CODE_SIGNING_DEVELOPMENT RT_BIT_64(25)
874#define RTCRX509CERT_EKU_F_APPLE_SOFTWARE_UPDATE_SIGNING RT_BIT_64(26)
875#define RTCRX509CERT_EKU_F_APPLE_CODE_SIGNING_THIRD_PARTY RT_BIT_64(27)
876#define RTCRX509CERT_EKU_F_APPLE_RESOURCE_SIGNING RT_BIT_64(28)
877#define RTCRX509CERT_EKU_F_APPLE_SYSTEM_IDENTITY RT_BIT_64(29)
878#define RTCRX509CERT_EKU_F_MS_TIMESTAMP_SIGNING RT_BIT_64(32)
879#define RTCRX509CERT_EKU_F_MS_NT5_CRYPTO RT_BIT_64(33)
880#define RTCRX509CERT_EKU_F_MS_OEM_WHQL_CRYPTO RT_BIT_64(34)
881#define RTCRX509CERT_EKU_F_MS_EMBEDDED_NT_CRYPTO RT_BIT_64(35)
882#define RTCRX509CERT_EKU_F_MS_KERNEL_MODE_CODE_SIGNING RT_BIT_64(36)
883#define RTCRX509CERT_EKU_F_MS_LIFETIME_SIGNING RT_BIT_64(37)
884#define RTCRX509CERT_EKU_F_MS_DRM RT_BIT_64(38)
885#define RTCRX509CERT_EKU_F_MS_DRM_INDIVIDUALIZATION RT_BIT_64(39)
886/** @} */
887
888/** @name Key purpose OIDs (extKeyUsage)
889 * @{ */
890#define RTCRX509_ANY_EXTENDED_KEY_USAGE_OID "2.5.29.37.0"
891#define RTCRX509_ID_KP_OID "1.3.6.1.5.5.7.3"
892#define RTCRX509_ID_KP_SERVER_AUTH_OID "1.3.6.1.5.5.7.3.1"
893#define RTCRX509_ID_KP_CLIENT_AUTH_OID "1.3.6.1.5.5.7.3.2"
894#define RTCRX509_ID_KP_CODE_SIGNING_OID "1.3.6.1.5.5.7.3.3"
895#define RTCRX509_ID_KP_EMAIL_PROTECTION_OID "1.3.6.1.5.5.7.3.4"
896#define RTCRX509_ID_KP_IPSEC_END_SYSTEM_OID "1.3.6.1.5.5.7.3.5"
897#define RTCRX509_ID_KP_IPSEC_TUNNEL_OID "1.3.6.1.5.5.7.3.6"
898#define RTCRX509_ID_KP_IPSEC_USER_OID "1.3.6.1.5.5.7.3.7"
899#define RTCRX509_ID_KP_TIMESTAMPING_OID "1.3.6.1.5.5.7.3.8"
900#define RTCRX509_ID_KP_OCSP_SIGNING_OID "1.3.6.1.5.5.7.3.9"
901#define RTCRX509_ID_KP_DVCS_OID "1.3.6.1.5.5.7.3.10"
902#define RTCRX509_ID_KP_SBGP_CERT_AA_SERVICE_AUTH_OID "1.3.6.1.5.5.7.3.11"
903#define RTCRX509_ID_KP_EAP_OVER_PPP_OID "1.3.6.1.5.5.7.3.13"
904#define RTCRX509_ID_KP_EAP_OVER_LAN_OID "1.3.6.1.5.5.7.3.14"
905/** @} */
906
907/** @name Microsoft extended key usage OIDs
908 * @{ */
909#define RTCRX509_MS_EKU_CERT_TRUST_LIST_SIGNING_OID "1.3.6.1.4.1.311.10.3.1"
910#define RTCRX509_MS_EKU_TIMESTAMP_SIGNING_OID "1.3.6.1.4.1.311.10.3.2"
911#define RTCRX509_MS_EKU_SERVER_GATED_CRYPTO_OID "1.3.6.1.4.1.311.10.3.3"
912#define RTCRX509_MS_EKU_SGC_SERIALIZED_OID "1.3.6.1.4.1.311.10.3.3.1"
913#define RTCRX509_MS_EKU_ENCRYPTED_FILE_SYSTEM_OID "1.3.6.1.4.1.311.10.3.4"
914#define RTCRX509_MS_EKU_WHQL_CRYPTO_OID "1.3.6.1.4.1.311.10.3.5"
915#define RTCRX509_MS_EKU_NT5_CRYPTO_OID "1.3.6.1.4.1.311.10.3.6"
916#define RTCRX509_MS_EKU_OEM_WHQL_CRYPTO_OID "1.3.6.1.4.1.311.10.3.7"
917#define RTCRX509_MS_EKU_EMBEDDED_NT_CRYPTO_OID "1.3.6.1.4.1.311.10.3.8"
918#define RTCRX509_MS_EKU_ROOT_LIST_SIGNER_OID "1.3.6.1.4.1.311.10.3.9"
919#define RTCRX509_MS_EKU_QUALIFIED_SUBORDINATE_OID "1.3.6.1.4.1.311.10.3.10"
920#define RTCRX509_MS_EKU_KEY_RECOVERY_3_OID "1.3.6.1.4.1.311.10.3.11"
921#define RTCRX509_MS_EKU_DOCUMENT_SIGNING_OID "1.3.6.1.4.1.311.10.3.12"
922#define RTCRX509_MS_EKU_LIFETIME_SIGNING_OID "1.3.6.1.4.1.311.10.3.13"
923#define RTCRX509_MS_EKU_MOBILE_DEVICE_SOFTWARE_OID "1.3.6.1.4.1.311.10.3.14"
924#define RTCRX509_MS_EKU_SMART_DISPLAY_OID "1.3.6.1.4.1.311.10.3.15"
925#define RTCRX509_MS_EKU_CSP_SIGNATURE_OID "1.3.6.1.4.1.311.10.3.16"
926#define RTCRX509_MS_EKU_EFS_RECOVERY_OID "1.3.6.1.4.1.311.10.3.4.1"
927#define RTCRX509_MS_EKU_DRM_OID "1.3.6.1.4.1.311.10.5.1"
928#define RTCRX509_MS_EKU_DRM_INDIVIDUALIZATION_OID "1.3.6.1.4.1.311.10.5.2"
929#define RTCRX509_MS_EKU_LICENSES_OID "1.3.6.1.4.1.311.10.5.3"
930#define RTCRX509_MS_EKU_LICENSE_SERVER_OID "1.3.6.1.4.1.311.10.5.4"
931#define RTCRX509_MS_EKU_ENROLLMENT_AGENT_OID "1.3.6.1.4.1.311.20.2.1"
932#define RTCRX509_MS_EKU_SMARTCARD_LOGON_OID "1.3.6.1.4.1.311.20.2.2"
933#define RTCRX509_MS_EKU_CA_EXCHANGE_OID "1.3.6.1.4.1.311.21.5"
934#define RTCRX509_MS_EKU_KEY_RECOVERY_21_OID "1.3.6.1.4.1.311.21.6"
935#define RTCRX509_MS_EKU_SYSTEM_HEALTH_OID "1.3.6.1.4.1.311.47.1.1"
936#define RTCRX509_MS_EKU_SYSTEM_HEALTH_LOOPHOLE_OID "1.3.6.1.4.1.311.47.1.3"
937#define RTCRX509_MS_EKU_KERNEL_MODE_CODE_SIGNING_OID "1.3.6.1.4.1.311.61.1.1"
938/** @} */
939
940/** @name Apple extended key usage OIDs
941 * @{ */
942#define RTCRX509_APPLE_EKU_APPLE_EXTENDED_KEY_USAGE_OID "1.2.840.113635.100.4"
943#define RTCRX509_APPLE_EKU_CODE_SIGNING_OID "1.2.840.113635.100.4.1"
944#define RTCRX509_APPLE_EKU_CODE_SIGNING_DEVELOPMENT_OID "1.2.840.113635.100.4.1.1"
945#define RTCRX509_APPLE_EKU_SOFTWARE_UPDATE_SIGNING_OID "1.2.840.113635.100.4.1.2"
946#define RTCRX509_APPLE_EKU_CODE_SIGNING_THRID_PARTY_OID "1.2.840.113635.100.4.1.3"
947#define RTCRX509_APPLE_EKU_RESOURCE_SIGNING_OID "1.2.840.113635.100.4.1.4"
948#define RTCRX509_APPLE_EKU_ICHAT_SIGNING_OID "1.2.840.113635.100.4.2"
949#define RTCRX509_APPLE_EKU_ICHAT_ENCRYPTION_OID "1.2.840.113635.100.4.3"
950#define RTCRX509_APPLE_EKU_SYSTEM_IDENTITY_OID "1.2.840.113635.100.4.4"
951#define RTCRX509_APPLE_EKU_CRYPTO_ENV_OID "1.2.840.113635.100.4.5"
952#define RTCRX509_APPLE_EKU_CRYPTO_PRODUCTION_ENV_OID "1.2.840.113635.100.4.5.1"
953#define RTCRX509_APPLE_EKU_CRYPTO_MAINTENANCE_ENV_OID "1.2.840.113635.100.4.5.2"
954#define RTCRX509_APPLE_EKU_CRYPTO_TEST_ENV_OID "1.2.840.113635.100.4.5.3"
955#define RTCRX509_APPLE_EKU_CRYPTO_DEVELOPMENT_ENV_OID "1.2.840.113635.100.4.5.4"
956#define RTCRX509_APPLE_EKU_CRYPTO_QOS_OID "1.2.840.113635.100.4.6"
957#define RTCRX509_APPLE_EKU_CRYPTO_TIER0_QOS_OID "1.2.840.113635.100.4.6.1"
958#define RTCRX509_APPLE_EKU_CRYPTO_TIER1_QOS_OID "1.2.840.113635.100.4.6.2"
959#define RTCRX509_APPLE_EKU_CRYPTO_TIER2_QOS_OID "1.2.840.113635.100.4.6.3"
960#define RTCRX509_APPLE_EKU_CRYPTO_TIER3_QOS_OID "1.2.840.113635.100.4.6.4"
961/** @} */
962
963/**
964 * Use this to update derived values after changing the certificate
965 * extensions.
966 *
967 * @returns IPRT status code
968 * @param pThis The certificate.
969 * @param pErrInfo Where to return additional error information. Optional.
970 */
971RTDECL(int) RTCrX509TbsCertificate_ReprocessExtensions(PRTCRX509TBSCERTIFICATE pThis, PRTERRINFO pErrInfo);
972
973
974/**
975 * One X.509 Certificate (IPRT representation).
976 */
977typedef struct RTCRX509CERTIFICATE
978{
979 /** Sequence core. */
980 RTASN1SEQUENCECORE SeqCore;
981 /** The to-be-signed certificate information. */
982 RTCRX509TBSCERTIFICATE TbsCertificate;
983 /** The signature algorithm (must match TbsCertificate.Signature). */
984 RTCRX509ALGORITHMIDENTIFIER SignatureAlgorithm;
985 /** The signature value. */
986 RTASN1BITSTRING SignatureValue;
987} RTCRX509CERTIFICATE;
988/** Pointer to the IPRT representation of one X.509 certificate. */
989typedef RTCRX509CERTIFICATE *PRTCRX509CERTIFICATE;
990/** Pointer to the const IPRT representation of one X.509 certificate. */
991typedef RTCRX509CERTIFICATE const *PCRTCRX509CERTIFICATE;
992RTASN1TYPE_STANDARD_PROTOTYPES(RTCRX509CERTIFICATE, RTDECL, RTCrX509Certificate, SeqCore.Asn1Core);
993
994/**
995 * Checks if a certificate matches a given issuer name and serial number.
996 *
997 * @returns True / false.
998 * @param pCertificate The X.509 certificat.
999 * @param pIssuer The issuer name to match against.
1000 * @param pSerialNumber The serial number to match against.
1001 */
1002RTDECL(bool) RTCrX509Certificate_MatchIssuerAndSerialNumber(PCRTCRX509CERTIFICATE pCertificate,
1003 PCRTCRX509NAME pIssuer, PCRTASN1INTEGER pSerialNumber);
1004
1005RTDECL(bool) RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280(PCRTCRX509CERTIFICATE pThis, PCRTCRX509NAME pName);
1006RTDECL(bool) RTCrX509Certificate_IsSelfSigned(PCRTCRX509CERTIFICATE pCertificate);
1007
1008RTDECL(int) RTCrX509Certificate_VerifySignature(PCRTCRX509CERTIFICATE pThis, PCRTASN1OBJID pAlgorithm,
1009 PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey,
1010 PRTERRINFO pErrInfo);
1011RTDECL(int) RTCrX509Certificate_VerifySignatureSelfSigned(PCRTCRX509CERTIFICATE pThis, PRTERRINFO pErrInfo);
1012RTDECL(int) RTCrX509Certificate_ReadFromFile(PRTCRX509CERTIFICATE pCertificate, const char *pszFilename, uint32_t fFlags,
1013 PCRTASN1ALLOCATORVTABLE pAllocator, PRTERRINFO pErrInfo);
1014RTDECL(int) RTCrX509Certificate_ReadFromBuffer(PRTCRX509CERTIFICATE pCertificate, const void *pvBuf, size_t cbBuf,
1015 uint32_t fFlags, PCRTASN1ALLOCATORVTABLE pAllocator,
1016 PRTERRINFO pErrInfo, const char *pszErrorTag);
1017/** @name Flags for RTCrX509Certificate_ReadFromFile and
1018 * RTCrX509Certificate_ReadFromBuffer
1019 * @{ */
1020/** Only allow PEM certificates, not binary ones.
1021 * @sa RTCRPEMREADFILE_F_ONLY_PEM */
1022#define RTCRX509CERT_READ_F_PEM_ONLY RT_BIT(1)
1023/** @} */
1024
1025/** X509 Certificate markers for RTCrPemFindFirstSectionInContent et al. */
1026extern RTDATADECL(RTCRPEMMARKER const) g_aRTCrX509CertificateMarkers[];
1027/** Number of entries in g_aRTCrX509CertificateMarkers. */
1028extern RTDATADECL(uint32_t const) g_cRTCrX509CertificateMarkers;
1029
1030
1031
1032/** @name X.509 Certificate Extensions
1033 * @{ */
1034/** Old AuthorityKeyIdentifier OID. */
1035#define RTCRX509_ID_CE_OLD_AUTHORITY_KEY_IDENTIFIER_OID "2.5.29.1"
1036/** Old CertificatePolicies extension OID. */
1037#define RTCRX509_ID_CE_OLD_CERTIFICATE_POLICIES_OID "2.5.29.3"
1038/** Old SubjectAltName extension OID. */
1039#define RTCRX509_ID_CE_OLD_SUBJECT_ALT_NAME_OID "2.5.29.7"
1040/** Old IssuerAltName extension OID. */
1041#define RTCRX509_ID_CE_OLD_ISSUER_ALT_NAME_OID "2.5.29.8"
1042/** Old BasicContraints extension OID. */
1043#define RTCRX509_ID_CE_OLD_BASIC_CONSTRAINTS_OID "2.5.29.10"
1044/** SubjectKeyIdentifier OID. */
1045#define RTCRX509_ID_CE_SUBJECT_KEY_IDENTIFIER_OID "2.5.29.14"
1046/** KeyUsage OID. */
1047#define RTCRX509_ID_CE_KEY_USAGE_OID "2.5.29.15"
1048/** PrivateKeyUsagePeriod OID. */
1049#define RTCRX509_ID_CE_PRIVATE_KEY_USAGE_PERIOD_OID "2.5.29.16"
1050/** SubjectAltName extension OID. */
1051#define RTCRX509_ID_CE_SUBJECT_ALT_NAME_OID "2.5.29.17"
1052/** IssuerAltName extension OID. */
1053#define RTCRX509_ID_CE_ISSUER_ALT_NAME_OID "2.5.29.18"
1054/** BasicContraints extension OID. */
1055#define RTCRX509_ID_CE_BASIC_CONSTRAINTS_OID "2.5.29.19"
1056/** NameContraints extension OID. */
1057#define RTCRX509_ID_CE_NAME_CONSTRAINTS_OID "2.5.29.30"
1058/** CertificatePolicies extension OID. */
1059#define RTCRX509_ID_CE_CERTIFICATE_POLICIES_OID "2.5.29.32"
1060/** PolicyMappings extension OID. */
1061#define RTCRX509_ID_CE_POLICY_MAPPINGS_OID "2.5.29.33"
1062/** AuthorityKeyIdentifier OID. */
1063#define RTCRX509_ID_CE_AUTHORITY_KEY_IDENTIFIER_OID "2.5.29.35"
1064/** PolicyContraints extension OID. */
1065#define RTCRX509_ID_CE_POLICY_CONSTRAINTS_OID "2.5.29.36"
1066/** ExtKeyUsage (extended key usage) extension OID. */
1067#define RTCRX509_ID_CE_EXT_KEY_USAGE_OID "2.5.29.37"
1068/** ExtKeyUsage: OID for permitting any unspecified key usage. */
1069#define RTCRX509_ID_CE_ANY_EXTENDED_KEY_USAGE_OID "2.5.29.37.0"
1070/** AuthorityAttributeIdentifier OID. */
1071#define RTCRX509_ID_CE_AUTHORITY_ATTRIBUTE_IDENTIFIER_OID "2.5.29.38"
1072/** AcceptableCertPolicies OID. */
1073#define RTCRX509_ID_CE_ACCEPTABLE_CERT_POLICIES_OID "2.5.29.52"
1074/** InhibitAnyPolicy OID. */
1075#define RTCRX509_ID_CE_INHIBIT_ANY_POLICY_OID "2.5.29.54"
1076/** @} */
1077
1078
1079/*
1080 * Sequence of X.509 Certifcates (IPRT representation).
1081 */
1082RTASN1_IMPL_GEN_SET_OF_TYPEDEFS_AND_PROTOS(RTCRX509CERTIFICATES, RTCRX509CERTIFICATE, RTDECL, RTCrX509Certificates);
1083
1084/**
1085 * Looks up a certificate by issuer name and serial number.
1086 *
1087 * @returns Pointer to the given certificate if found, NULL if not.
1088 * @param pCertificates The X.509 certificate set to search.
1089 * @param pIssuer The issuer name of the wanted certificate.
1090 * @param pSerialNumber The serial number of the wanted certificate.
1091 */
1092RTDECL(PCRTCRX509CERTIFICATE) RTCrX509Certificates_FindByIssuerAndSerialNumber(PCRTCRX509CERTIFICATES pCertificates,
1093 PCRTCRX509NAME pIssuer,
1094 PCRTASN1INTEGER pSerialNumber);
1095
1096
1097
1098RTDECL(int) RTCrX509CertPathsCreate(PRTCRX509CERTPATHS phCertPaths, PCRTCRX509CERTIFICATE pTarget);
1099RTDECL(uint32_t) RTCrX509CertPathsRetain(RTCRX509CERTPATHS hCertPaths);
1100RTDECL(uint32_t) RTCrX509CertPathsRelease(RTCRX509CERTPATHS hCertPaths);
1101RTDECL(int) RTCrX509CertPathsSetTrustedStore(RTCRX509CERTPATHS hCertPaths, RTCRSTORE hTrustedStore);
1102RTDECL(int) RTCrX509CertPathsSetUntrustedStore(RTCRX509CERTPATHS hCertPaths, RTCRSTORE hUntrustedStore);
1103RTDECL(int) RTCrX509CertPathsSetUntrustedArray(RTCRX509CERTPATHS hCertPaths, PCRTCRX509CERTIFICATE paCerts, uint32_t cCerts);
1104RTDECL(int) RTCrX509CertPathsSetUntrustedSet(RTCRX509CERTPATHS hCertPaths, struct RTCRPKCS7SETOFCERTS const *pSetOfCerts);
1105RTDECL(int) RTCrX509CertPathsSetValidTime(RTCRX509CERTPATHS hCertPaths, PCRTTIME pTime);
1106RTDECL(int) RTCrX509CertPathsSetValidTimeSpec(RTCRX509CERTPATHS hCertPaths, PCRTTIMESPEC pTimeSpec);
1107RTDECL(int) RTCrX509CertPathsCreateEx(PRTCRX509CERTPATHS phCertPaths, PCRTCRX509CERTIFICATE pTarget, RTCRSTORE hTrustedStore,
1108 RTCRSTORE hUntrustedStore, PCRTCRX509CERTIFICATE paUntrustedCerts, uint32_t cUntrustedCerts,
1109 PCRTTIMESPEC pValidTime);
1110RTDECL(int) RTCrX509CertPathsBuild(RTCRX509CERTPATHS hCertPaths, PRTERRINFO pErrInfo);
1111RTDECL(int) RTCrX509CertPathsDumpOne(RTCRX509CERTPATHS hCertPaths, uint32_t iPath, uint32_t uVerbosity,
1112 PFNRTDUMPPRINTFV pfnPrintfV, void *pvUser);
1113RTDECL(int) RTCrX509CertPathsDumpAll(RTCRX509CERTPATHS hCertPaths, uint32_t uVerbosity,
1114 PFNRTDUMPPRINTFV pfnPrintfV, void *pvUser);
1115
1116RTDECL(int) RTCrX509CertPathsValidateOne(RTCRX509CERTPATHS hCertPaths, uint32_t iPath, PRTERRINFO pErrInfo);
1117RTDECL(int) RTCrX509CertPathsValidateAll(RTCRX509CERTPATHS hCertPaths, uint32_t *pcValidPaths, PRTERRINFO pErrInfo);
1118
1119RTDECL(uint32_t) RTCrX509CertPathsGetPathCount(RTCRX509CERTPATHS hCertPaths);
1120RTDECL(int) RTCrX509CertPathsQueryPathInfo(RTCRX509CERTPATHS hCertPaths, uint32_t iPath,
1121 bool *pfTrusted, uint32_t *pcNodes, PCRTCRX509NAME *ppSubject,
1122 PCRTCRX509SUBJECTPUBLICKEYINFO *ppPublicKeyInfo,
1123 PCRTCRX509CERTIFICATE *ppCert, PCRTCRCERTCTX *ppCertCtx, int *prcVerify);
1124RTDECL(uint32_t) RTCrX509CertPathsGetPathLength(RTCRX509CERTPATHS hCertPaths, uint32_t iPath);
1125RTDECL(int) RTCrX509CertPathsGetPathVerifyResult(RTCRX509CERTPATHS hCertPaths, uint32_t iPath);
1126RTDECL(PCRTCRX509CERTIFICATE) RTCrX509CertPathsGetPathNodeCert(RTCRX509CERTPATHS hCertPaths, uint32_t iPath, uint32_t iNode);
1127
1128
1129RT_C_DECLS_END
1130
1131/** @} */
1132
1133/** @} */
1134
1135#endif
1136
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette