oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

doxygen.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22340 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-12-26 17:22:07 +00:00
parent a1697e60dd
commit 3e6be6e745
1 changed files with 303 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

306
lib/hx509/ca.c
View File

@@ -62,11 +62,12 @@ struct hx509_ca_tbs {
};
/**
* Allocate an To Be Signed object that will be converted into an
* certificate.
* Allocate an to-be-signed certificate object that will be converted
* into an certificate.
*
* @param context A hx509 context.
* @param tbs returned to be signed object, free with hx509_ca_tbs_free().
* @param tbs returned to-be-signed certicate object, free with
* hx509_ca_tbs_free().
*
* @return An hx509 error code, see hx509_get_error_string().
*
@@ -119,6 +120,19 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs)
*tbs = NULL;
}
/**
* Set the absolute time when the certificate is valid from. If not
* set the current time will be used.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param t time the certificated will start to be valid
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_notBefore(hx509_context context,
hx509_ca_tbs tbs,
@@ -128,6 +142,18 @@ hx509_ca_tbs_set_notBefore(hx509_context context,
return 0;
}
/**
* Set the absolute time when the certificate is valid to.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param t time when the certificate will expire
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_notAfter(hx509_context context,
hx509_ca_tbs tbs,
@@ -137,6 +163,18 @@ hx509_ca_tbs_set_notAfter(hx509_context context,
return 0;
}
/**
* Set the relative time when the certificiate is going to expire.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param delta seconds to the certificate is going to expire.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_notAfter_lifetime(hx509_context context,
hx509_ca_tbs tbs,
@@ -156,12 +194,35 @@ static const struct units templatebits[] = {
{ NULL, 0 }
};
/**
* Make of template units, use to build flags argument to
* hx509_ca_tbs_set_template() with parse_units().
*
* @return an units structure.
*
* @ingroup hx509_ca
*/
const struct units *
hx509_ca_tbs_template_units(void)
{
return templatebits;
}
/**
* Initialize the to-be-signed certificate object from a template certifiate.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param flags bit field selecting what to copy from the template
* certifiate.
* @param cert template certificate.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_template(hx509_context context,
hx509_ca_tbs tbs,
@@ -228,6 +289,20 @@ hx509_ca_tbs_set_template(hx509_context context,
return 0;
}
/**
* Make the to-be-signed certificate object a CA certificate. If the
* pathLenConstraint is negative path length constraint is used.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param pathLenConstraint path length constraint, negative, no
* constraint.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_ca(hx509_context context,
hx509_ca_tbs tbs,
@@ -238,6 +313,20 @@ hx509_ca_tbs_set_ca(hx509_context context,
return 0;
}
/**
* Make the to-be-signed certificate object a proxy certificate. If the
* pathLenConstraint is negative path length constraint is used.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param pathLenConstraint path length constraint, negative, no
* constraint.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_proxy(hx509_context context,
hx509_ca_tbs tbs,
@@ -249,6 +338,17 @@ hx509_ca_tbs_set_proxy(hx509_context context,
}
/**
* Make the to-be-signed certificate object a windows domain controller certificate.
*
* @param context A hx509 context.
* @param tbs object to be signed.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_domaincontroller(hx509_context context,
hx509_ca_tbs tbs)
@@ -257,6 +357,20 @@ hx509_ca_tbs_set_domaincontroller(hx509_context context,
return 0;
}
/**
* Set the subject public key info (SPKI) in the to-be-signed certificate
* object. SPKI is the public key and key related parameters in the
* certificate.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param spki subject public key info to use for the to-be-signed certificate object.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_spki(hx509_context context,
hx509_ca_tbs tbs,
@@ -269,6 +383,19 @@ hx509_ca_tbs_set_spki(hx509_context context,
return ret;
}
/**
* Set the serial number to use for to-be-signed certificate object.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param serialNumber serial number to use for the to-be-signed
* certificate object.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_serialnumber(hx509_context context,
hx509_ca_tbs tbs,
@@ -281,6 +408,19 @@ hx509_ca_tbs_set_serialnumber(hx509_context context,
return ret;
}
/**
* An an extended key usage to the to-be-signed certificate object.
* Duplicates will detected and not added.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param oid extended key usage to add.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_eku(hx509_context context,
hx509_ca_tbs tbs,
@@ -311,6 +451,20 @@ hx509_ca_tbs_add_eku(hx509_context context,
return 0;
}
/**
* Add CRL distribution point URI to the to-be-signed certificate
* object.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param uri uri to the CRL.
* @param issuername name of the issuer.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
hx509_ca_tbs tbs,
@@ -351,6 +505,9 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
if (issuername) {
#if 1
/**
* issuername not supported
*/
hx509_set_error_string(context, 0, EINVAL,
"CRLDistributionPoints.name.issuername not yet supported");
return EINVAL;
@@ -398,6 +555,20 @@ out:
return ret;
}
/**
* Add Subject Alternative Name otherName to the to-be-signed
* certificate object.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param oid the oid of the OtherName.
* @param os data in the other name.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_san_otherName(hx509_context context,
hx509_ca_tbs tbs,
@@ -414,6 +585,18 @@ hx509_ca_tbs_add_san_otherName(hx509_context context,
return add_GeneralNames(&tbs->san, &gn);
}
/**
* Add Kerberos Subject Alternative Name to the to-be-signed
* certificate object. The principal string is a UTF8 string.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param principal Kerberos principal to add to the certificate.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_san_pkinit(hx509_context context,
@@ -537,6 +720,19 @@ out:
return ret;
}
/**
* Add Microsoft UPN Subject Alternative Name to the to-be-signed
* certificate object. The principal string is a UTF8 string.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param principal Microsoft UPN string.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_san_ms_upn(hx509_context context,
hx509_ca_tbs tbs,
@@ -545,6 +741,19 @@ hx509_ca_tbs_add_san_ms_upn(hx509_context context,
return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal);
}
/**
* Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
* certificate object. The jid is an UTF8 string.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param jid string of an a jabber id in UTF8.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_san_jid(hx509_context context,
hx509_ca_tbs tbs,
@@ -554,6 +763,22 @@ hx509_ca_tbs_add_san_jid(hx509_context context,
}
/**
* Add a Subject Alternative Name hostname to to-be-signed certificate
* object. A domain match starts with ., an exact match does not.
*
* Example of a an domain match: .domain.se matches the hostname
* host.domain.se.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param dnsname a hostame.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_san_hostname(hx509_context context,
hx509_ca_tbs tbs,
@@ -568,6 +793,19 @@ hx509_ca_tbs_add_san_hostname(hx509_context context,
return add_GeneralNames(&tbs->san, &gn);
}
/**
* Add a Subject Alternative Name rfc822 (email address) to
* to-be-signed certificate object.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param rfc822Name a string to a email address.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_add_san_rfc822name(hx509_context context,
hx509_ca_tbs tbs,
@@ -582,6 +820,17 @@ hx509_ca_tbs_add_san_rfc822name(hx509_context context,
return add_GeneralNames(&tbs->san, &gn);
}
/**
* Set the subject name of a to-be-signed certificate object.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param subject the name to set a subject.
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_set_subject(hx509_context context,
@@ -593,6 +842,20 @@ hx509_ca_tbs_set_subject(hx509_context context,
return hx509_name_copy(context, subject, &tbs->subject);
}
/**
* Expand the the subject name in the to-be-signed certificate object
* using hx509_name_expand().
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param env enviroment variable to expand variables in the subject
* name, see hx509_env_init().
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_tbs_subject_expand(hx509_context context,
hx509_ca_tbs tbs,
@@ -1174,6 +1437,30 @@ out:
}
/**
* Sign a to-be-signed certificate object with a issuer certificate.
*
* The caller needs to at least have called the following functions on the
* to-be-signed certificate object:
* - hx509_ca_tbs_init()
* - hx509_ca_tbs_set_subject()
* - hx509_ca_tbs_set_spki()
*
* When done the to-be-signed certificate object should be freed with
* hx509_ca_tbs_free().
*
* When creating self-signed certificate use hx509_ca_sign_self() instead.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param signer the CA certificate object to sign with (need private key).
* @param certificate return cerificate, free with hx509_cert_free().
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_sign(hx509_context context,
hx509_ca_tbs tbs,
@@ -1205,6 +1492,19 @@ out:
return ret;
}
/**
* Work just like hx509_ca_sign() but signs it-self.
*
* @param context A hx509 context.
* @param tbs object to be signed.
* @param signer private key to sign with.
* @param certificate return cerificate, free with hx509_cert_free().
*
* @return An hx509 error code, see hx509_get_error_string().
*
* @ingroup hx509_ca
*/
int
hx509_ca_sign_self(hx509_context context,
hx509_ca_tbs tbs,