svn_x509.h revision 299742
1/** 2 * @copyright 3 * ==================================================================== 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 * ==================================================================== 21 * @endcopyright 22 * 23 * @file svn_x509.h 24 * @brief Subversion's X509 parser 25 */ 26 27#ifndef SVN_X509_H 28#define SVN_X509_H 29 30#include <apr_pools.h> 31#include <apr_tables.h> 32#include <apr_time.h> 33 34#include "svn_error.h" 35#include "svn_checksum.h" 36 37#ifdef __cplusplus 38extern "C" { 39#endif 40 41#define SVN_X509_OID_COMMON_NAME "\x55\x04\x03" 42#define SVN_X509_OID_COUNTRY "\x55\x04\x06" 43#define SVN_X509_OID_LOCALITY "\x55\x04\x07" 44#define SVN_X509_OID_STATE "\x55\x04\x08" 45#define SVN_X509_OID_ORGANIZATION "\x55\x04\x0A" 46#define SVN_X509_OID_ORG_UNIT "\x55\x04\x0B" 47#define SVN_X509_OID_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" 48 49/** 50 * Representation of parsed certificate info. 51 * 52 * @since New in 1.9. 53 */ 54typedef struct svn_x509_certinfo_t svn_x509_certinfo_t; 55 56/** 57 * Representation of an atttribute in an X.509 name (e.g. Subject or Issuer) 58 * 59 * @since New in 1.9. 60 */ 61typedef struct svn_x509_name_attr_t svn_x509_name_attr_t; 62 63/** 64 * Parse x509 @a der certificate data from @a buf with length @a 65 * buflen and return certificate information in @a *certinfo, 66 * allocated in @a result_pool. 67 * 68 * @note This function has been written with the intent of display data in a 69 * certificate for a user to see. As a result, it does not do much 70 * validation on the data it parses from the certificate. It does not 71 * for instance verify that the certificate is signed by the issuer. It 72 * does not verify a trust chain. It does not error on critical 73 * extensions it does not know how to parse. So while it can be used as 74 * part of a certificate validation scheme, it can't be used alone for 75 * that purpose. 76 * 77 * @since New in 1.9. 78 */ 79svn_error_t * 80svn_x509_parse_cert(svn_x509_certinfo_t **certinfo, 81 const char *buf, 82 apr_size_t buflen, 83 apr_pool_t *result_pool, 84 apr_pool_t *scratch_pool); 85 86/** 87 * Returns a deep copy of the @a attr, allocated in @a result_pool. 88 * May use @a scratch_pool for temporary allocations. 89 * @since New in 1.9. 90 */ 91svn_x509_name_attr_t * 92svn_x509_name_attr_dup(const svn_x509_name_attr_t *attr, 93 apr_pool_t *result_pool, 94 apr_pool_t *scratch_pool); 95 96/** 97 * Returns the OID of @a attr as encoded in the certificate. The 98 * length of the OID will be set in @a len. 99 * @since New in 1.9. 100 */ 101const unsigned char * 102svn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len); 103 104/** 105 * Returns the value of @a attr as a UTF-8 C string. 106 * @since New in 1.9. 107 */ 108const char * 109svn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr); 110 111 112/** 113 * Returns a deep copy of @a certinfo, allocated in @a result_pool. 114 * May use @a scratch_pool for temporary allocations. 115 * @since New in 1.9. 116 */ 117svn_x509_certinfo_t * 118svn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo, 119 apr_pool_t *result_pool, 120 apr_pool_t *scratch_pool); 121 122/** 123 * Returns the subject DN from @a certinfo. 124 * @since New in 1.9. 125 */ 126const char * 127svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo, 128 apr_pool_t *result_pool); 129 130/** 131 * Returns a list of the attributes for the subject in the @a certinfo. 132 * Each member of the list is of type svn_x509_name_attr_t. 133 * 134 * @since New in 1.9. 135 */ 136const apr_array_header_t * 137svn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo); 138 139/** 140 * Returns the cerficiate issuer DN from @a certinfo. 141 * @since New in 1.9. 142 */ 143const char * 144svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo, 145 apr_pool_t *result_pool); 146 147/** 148 * Returns a list of the attributes for the issuer in the @a certinfo. 149 * Each member of the list is of type svn_x509_name_attr_t. 150 * 151 * @since New in 1.9. 152 */ 153const apr_array_header_t * 154svn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo); 155 156/** 157 * Returns the start of the certificate validity period from @a certinfo. 158 * 159 * @since New in 1.9. 160 */ 161apr_time_t 162svn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo); 163 164/** 165 * Returns the end of the certificate validity period from @a certinfo. 166 * 167 * @since New in 1.9. 168 */ 169const apr_time_t 170svn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo); 171 172/** 173 * Returns the digest (fingerprint) from @a certinfo 174 * @since New in 1.9. 175 */ 176const svn_checksum_t * 177svn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo); 178 179/** 180 * Returns an array of (const char*) host names from @a certinfo. 181 * 182 * @since New in 1.9. 183 */ 184const apr_array_header_t * 185svn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo); 186 187/** 188 * Given an @a oid return a null-terminated C string representation. 189 * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" 190 * would be converted to the string "1.2.840.113549.1.9.1". Returns 191 * NULL if the @oid can't be represented as a string. 192 * 193 * @since New in 1.9. */ 194const char * 195svn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len, 196 apr_pool_t *scratch_pool, apr_pool_t *result_pool); 197 198#ifdef __cplusplus 199} 200#endif 201#endif /* SVN_X509_H */ 202