hx509-protos.h source code [netbsd/objdir.amd64/destdir.amd64/usr/include/krb5/hx509-protos.h]

1	/ This is a generated file /
2	#ifndef __hx509_protos_h__
3	#define __hx509_protos_h__
4	#ifndef DOXY
5
6	#include <stdarg.h>
7
8	#ifdef __cplusplus
9	extern "C" {
10	#endif
11
12	#ifndef HX509_LIB
13	#ifndef HX509_LIB_FUNCTION
14	#if defined(_WIN32)
15	#define HX509_LIB_FUNCTION __declspec(dllimport)
16	#define HX509_LIB_CALL __stdcall
17	#define HX509_LIB_VARIABLE __declspec(dllimport)
18	#else
19	#define HX509_LIB_FUNCTION
20	#define HX509_LIB_CALL
21	#define HX509_LIB_VARIABLE
22	#endif
23	#endif
24	#endif
25	/**
26	* Print a bitstring using a hx509_vprint_func function. To print to
27	* stdout use hx509_print_stdout().
28	*
29	* @param b bit string to print.
30	* @param func hx509_vprint_func to print with.
31	* @param ctx context variable to hx509_vprint_func function.
32	*
33	* @ingroup hx509_print
34	*/
35
36	void
37	hx509_bitstring_print (
38	const heim_bit_string */b/,
39	hx509_vprint_func /func/,
40	void */ctx/);
41
42	/**
43	* Sign a to-be-signed certificate object with a issuer certificate.
44	*
45	* The caller needs to at least have called the following functions on the
46	* to-be-signed certificate object:
47	* - hx509_ca_tbs_init()
48	* - hx509_ca_tbs_set_subject()
49	* - hx509_ca_tbs_set_spki()
50	*
51	* When done the to-be-signed certificate object should be freed with
52	* hx509_ca_tbs_free().
53	*
54	* When creating self-signed certificate use hx509_ca_sign_self() instead.
55	*
56	* @param context A hx509 context.
57	* @param tbs object to be signed.
58	* @param signer the CA certificate object to sign with (need private key).
59	* @param certificate return cerificate, free with hx509_cert_free().
60	*
61	* @return An hx509 error code, see hx509_get_error_string().
62	*
63	* @ingroup hx509_ca
64	*/
65
66	int
67	hx509_ca_sign (
68	hx509_context /context/,
69	hx509_ca_tbs /tbs/,
70	hx509_cert /signer/,
71	hx509_cert */certificate/);
72
73	/**
74	* Work just like hx509_ca_sign() but signs it-self.
75	*
76	* @param context A hx509 context.
77	* @param tbs object to be signed.
78	* @param signer private key to sign with.
79	* @param certificate return cerificate, free with hx509_cert_free().
80	*
81	* @return An hx509 error code, see hx509_get_error_string().
82	*
83	* @ingroup hx509_ca
84	*/
85
86	int
87	hx509_ca_sign_self (
88	hx509_context /context/,
89	hx509_ca_tbs /tbs/,
90	hx509_private_key /signer/,
91	hx509_cert */certificate/);
92
93	/**
94	* Add CRL distribution point URI to the to-be-signed certificate
95	* object.
96	*
97	* @param context A hx509 context.
98	* @param tbs object to be signed.
99	* @param uri uri to the CRL.
100	* @param issuername name of the issuer.
101	*
102	* @return An hx509 error code, see hx509_get_error_string().
103	*
104	* @ingroup hx509_ca
105	*/
106
107	int
108	hx509_ca_tbs_add_crl_dp_uri (
109	hx509_context /context/,
110	hx509_ca_tbs /tbs/,
111	const char */uri/,
112	hx509_name /issuername/);
113
114	/**
115	* An an extended key usage to the to-be-signed certificate object.
116	* Duplicates will detected and not added.
117	*
118	* @param context A hx509 context.
119	* @param tbs object to be signed.
120	* @param oid extended key usage to add.
121	*
122	* @return An hx509 error code, see hx509_get_error_string().
123	*
124	* @ingroup hx509_ca
125	*/
126
127	int
128	hx509_ca_tbs_add_eku (
129	hx509_context /context/,
130	hx509_ca_tbs /tbs/,
131	const heim_oid */oid/);
132
133	/**
134	* Add a Subject Alternative Name hostname to to-be-signed certificate
135	* object. A domain match starts with ., an exact match does not.
136	*
137	* Example of a an domain match: .domain.se matches the hostname
138	* host.domain.se.
139	*
140	* @param context A hx509 context.
141	* @param tbs object to be signed.
142	* @param dnsname a hostame.
143	*
144	* @return An hx509 error code, see hx509_get_error_string().
145	*
146	* @ingroup hx509_ca
147	*/
148
149	int
150	hx509_ca_tbs_add_san_hostname (
151	hx509_context /context/,
152	hx509_ca_tbs /tbs/,
153	const char */dnsname/);
154
155	/**
156	* Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
157	* certificate object. The jid is an UTF8 string.
158	*
159	* @param context A hx509 context.
160	* @param tbs object to be signed.
161	* @param jid string of an a jabber id in UTF8.
162	*
163	* @return An hx509 error code, see hx509_get_error_string().
164	*
165	* @ingroup hx509_ca
166	*/
167
168	int
169	hx509_ca_tbs_add_san_jid (
170	hx509_context /context/,
171	hx509_ca_tbs /tbs/,
172	const char */jid/);
173
174	/**
175	* Add Microsoft UPN Subject Alternative Name to the to-be-signed
176	* certificate object. The principal string is a UTF8 string.
177	*
178	* @param context A hx509 context.
179	* @param tbs object to be signed.
180	* @param principal Microsoft UPN string.
181	*
182	* @return An hx509 error code, see hx509_get_error_string().
183	*
184	* @ingroup hx509_ca
185	*/
186
187	int
188	hx509_ca_tbs_add_san_ms_upn (
189	hx509_context /context/,
190	hx509_ca_tbs /tbs/,
191	const char */principal/);
192
193	/**
194	* Add Subject Alternative Name otherName to the to-be-signed
195	* certificate object.
196	*
197	* @param context A hx509 context.
198	* @param tbs object to be signed.
199	* @param oid the oid of the OtherName.
200	* @param os data in the other name.
201	*
202	* @return An hx509 error code, see hx509_get_error_string().
203	*
204	* @ingroup hx509_ca
205	*/
206
207	int
208	hx509_ca_tbs_add_san_otherName (
209	hx509_context /context/,
210	hx509_ca_tbs /tbs/,
211	const heim_oid */oid/,
212	const heim_octet_string */os/);
213
214	/**
215	* Add Kerberos Subject Alternative Name to the to-be-signed
216	* certificate object. The principal string is a UTF8 string.
217	*
218	* @param context A hx509 context.
219	* @param tbs object to be signed.
220	* @param principal Kerberos principal to add to the certificate.
221	*
222	* @return An hx509 error code, see hx509_get_error_string().
223	*
224	* @ingroup hx509_ca
225	*/
226
227	int
228	hx509_ca_tbs_add_san_pkinit (
229	hx509_context /context/,
230	hx509_ca_tbs /tbs/,
231	const char */principal/);
232
233	/**
234	* Add a Subject Alternative Name rfc822 (email address) to
235	* to-be-signed certificate object.
236	*
237	* @param context A hx509 context.
238	* @param tbs object to be signed.
239	* @param rfc822Name a string to a email address.
240	*
241	* @return An hx509 error code, see hx509_get_error_string().
242	*
243	* @ingroup hx509_ca
244	*/
245
246	int
247	hx509_ca_tbs_add_san_rfc822name (
248	hx509_context /context/,
249	hx509_ca_tbs /tbs/,
250	const char */rfc822Name/);
251
252	/**
253	* Free an To Be Signed object.
254	*
255	* @param tbs object to free.
256	*
257	* @ingroup hx509_ca
258	*/
259
260	void
261	hx509_ca_tbs_free (hx509_ca_tbs */tbs/);
262
263	/**
264	* Allocate an to-be-signed certificate object that will be converted
265	* into an certificate.
266	*
267	* @param context A hx509 context.
268	* @param tbs returned to-be-signed certicate object, free with
269	* hx509_ca_tbs_free().
270	*
271	* @return An hx509 error code, see hx509_get_error_string().
272	*
273	* @ingroup hx509_ca
274	*/
275
276	int
277	hx509_ca_tbs_init (
278	hx509_context /context/,
279	hx509_ca_tbs */tbs/);
280
281	/**
282	* Make the to-be-signed certificate object a CA certificate. If the
283	* pathLenConstraint is negative path length constraint is used.
284	*
285	* @param context A hx509 context.
286	* @param tbs object to be signed.
287	* @param pathLenConstraint path length constraint, negative, no
288	* constraint.
289	*
290	* @return An hx509 error code, see hx509_get_error_string().
291	*
292	* @ingroup hx509_ca
293	*/
294
295	int
296	hx509_ca_tbs_set_ca (
297	hx509_context /context/,
298	hx509_ca_tbs /tbs/,
299	int /pathLenConstraint/);
300
301	/**
302	* Make the to-be-signed certificate object a windows domain controller certificate.
303	*
304	* @param context A hx509 context.
305	* @param tbs object to be signed.
306	*
307	* @return An hx509 error code, see hx509_get_error_string().
308	*
309	* @ingroup hx509_ca
310	*/
311
312	int
313	hx509_ca_tbs_set_domaincontroller (
314	hx509_context /context/,
315	hx509_ca_tbs /tbs/);
316
317	/**
318	* Set the absolute time when the certificate is valid to.
319	*
320	* @param context A hx509 context.
321	* @param tbs object to be signed.
322	* @param t time when the certificate will expire
323	*
324	* @return An hx509 error code, see hx509_get_error_string().
325	*
326	* @ingroup hx509_ca
327	*/
328
329	int
330	hx509_ca_tbs_set_notAfter (
331	hx509_context /context/,
332	hx509_ca_tbs /tbs/,
333	time_t /t/);
334
335	/**
336	* Set the relative time when the certificiate is going to expire.
337	*
338	* @param context A hx509 context.
339	* @param tbs object to be signed.
340	* @param delta seconds to the certificate is going to expire.
341	*
342	* @return An hx509 error code, see hx509_get_error_string().
343	*
344	* @ingroup hx509_ca
345	*/
346
347	int
348	hx509_ca_tbs_set_notAfter_lifetime (
349	hx509_context /context/,
350	hx509_ca_tbs /tbs/,
351	time_t /delta/);
352
353	/**
354	* Set the absolute time when the certificate is valid from. If not
355	* set the current time will be used.
356	*
357	* @param context A hx509 context.
358	* @param tbs object to be signed.
359	* @param t time the certificated will start to be valid
360	*
361	* @return An hx509 error code, see hx509_get_error_string().
362	*
363	* @ingroup hx509_ca
364	*/
365
366	int
367	hx509_ca_tbs_set_notBefore (
368	hx509_context /context/,
369	hx509_ca_tbs /tbs/,
370	time_t /t/);
371
372	/**
373	* Make the to-be-signed certificate object a proxy certificate. If the
374	* pathLenConstraint is negative path length constraint is used.
375	*
376	* @param context A hx509 context.
377	* @param tbs object to be signed.
378	* @param pathLenConstraint path length constraint, negative, no
379	* constraint.
380	*
381	* @return An hx509 error code, see hx509_get_error_string().
382	*
383	* @ingroup hx509_ca
384	*/
385
386	int
387	hx509_ca_tbs_set_proxy (
388	hx509_context /context/,
389	hx509_ca_tbs /tbs/,
390	int /pathLenConstraint/);
391
392	/**
393	* Set the serial number to use for to-be-signed certificate object.
394	*
395	* @param context A hx509 context.
396	* @param tbs object to be signed.
397	* @param serialNumber serial number to use for the to-be-signed
398	* certificate object.
399	*
400	* @return An hx509 error code, see hx509_get_error_string().
401	*
402	* @ingroup hx509_ca
403	*/
404
405	int
406	hx509_ca_tbs_set_serialnumber (
407	hx509_context /context/,
408	hx509_ca_tbs /tbs/,
409	const heim_integer */serialNumber/);
410
411	/**
412	* Set signature algorithm on the to be signed certificate
413	*
414	* @param context A hx509 context.
415	* @param tbs object to be signed.
416	* @param sigalg signature algorithm to use
417	*
418	* @return An hx509 error code, see hx509_get_error_string().
419	*
420	* @ingroup hx509_ca
421	*/
422
423	int
424	hx509_ca_tbs_set_signature_algorithm (
425	hx509_context /context/,
426	hx509_ca_tbs /tbs/,
427	const AlgorithmIdentifier */sigalg/);
428
429	/**
430	* Set the subject public key info (SPKI) in the to-be-signed certificate
431	* object. SPKI is the public key and key related parameters in the
432	* certificate.
433	*
434	* @param context A hx509 context.
435	* @param tbs object to be signed.
436	* @param spki subject public key info to use for the to-be-signed certificate object.
437	*
438	* @return An hx509 error code, see hx509_get_error_string().
439	*
440	* @ingroup hx509_ca
441	*/
442
443	int
444	hx509_ca_tbs_set_spki (
445	hx509_context /context/,
446	hx509_ca_tbs /tbs/,
447	const SubjectPublicKeyInfo */spki/);
448
449	/**
450	* Set the subject name of a to-be-signed certificate object.
451	*
452	* @param context A hx509 context.
453	* @param tbs object to be signed.
454	* @param subject the name to set a subject.
455	*
456	* @return An hx509 error code, see hx509_get_error_string().
457	*
458	* @ingroup hx509_ca
459	*/
460
461	int
462	hx509_ca_tbs_set_subject (
463	hx509_context /context/,
464	hx509_ca_tbs /tbs/,
465	hx509_name /subject/);
466
467	/**
468	* Initialize the to-be-signed certificate object from a template certifiate.
469	*
470	* @param context A hx509 context.
471	* @param tbs object to be signed.
472	* @param flags bit field selecting what to copy from the template
473	* certifiate.
474	* @param cert template certificate.
475	*
476	* @return An hx509 error code, see hx509_get_error_string().
477	*
478	* @ingroup hx509_ca
479	*/
480
481	int
482	hx509_ca_tbs_set_template (
483	hx509_context /context/,
484	hx509_ca_tbs /tbs/,
485	int /flags/,
486	hx509_cert /cert/);
487
488	/**
489	* Set the issuerUniqueID and subjectUniqueID
490	*
491	* These are only supposed to be used considered with version 2
492	* certificates, replaced by the two extensions SubjectKeyIdentifier
493	* and IssuerKeyIdentifier. This function is to allow application
494	* using legacy protocol to issue them.
495	*
496	* @param context A hx509 context.
497	* @param tbs object to be signed.
498	* @param issuerUniqueID to be set
499	* @param subjectUniqueID to be set
500	*
501	* @return An hx509 error code, see hx509_get_error_string().
502	*
503	* @ingroup hx509_ca
504	*/
505
506	int
507	hx509_ca_tbs_set_unique (
508	hx509_context /context/,
509	hx509_ca_tbs /tbs/,
510	const heim_bit_string */subjectUniqueID/,
511	const heim_bit_string */issuerUniqueID/);
512
513	/**
514	* Expand the the subject name in the to-be-signed certificate object
515	* using hx509_name_expand().
516	*
517	* @param context A hx509 context.
518	* @param tbs object to be signed.
519	* @param env environment variable to expand variables in the subject
520	* name, see hx509_env_init().
521	*
522	* @return An hx509 error code, see hx509_get_error_string().
523	*
524	* @ingroup hx509_ca
525	*/
526
527	int
528	hx509_ca_tbs_subject_expand (
529	hx509_context /context/,
530	hx509_ca_tbs /tbs/,
531	hx509_env /env/);
532
533	/**
534	* Make of template units, use to build flags argument to
535	* hx509_ca_tbs_set_template() with parse_units().
536	*
537	* @return an units structure.
538	*
539	* @ingroup hx509_ca
540	*/
541
542	const struct units *
543	hx509_ca_tbs_template_units (void);
544
545	/**
546	* Encodes the hx509 certificate as a DER encode binary.
547	*
548	* @param context A hx509 context.
549	* @param c the certificate to encode.
550	* @param os the encode certificate, set to NULL, 0 on case of
551	* error. Free the os->data with hx509_xfree().
552	*
553	* @return An hx509 error code, see hx509_get_error_string().
554	*
555	* @ingroup hx509_cert
556	*/
557
558	int
559	hx509_cert_binary (
560	hx509_context /context/,
561	hx509_cert /c/,
562	heim_octet_string */os/);
563
564	/**
565	* Check the extended key usage on the hx509 certificate.
566	*
567	* @param context A hx509 context.
568	* @param cert A hx509 context.
569	* @param eku the EKU to check for
570	* @param allow_any_eku if the any EKU is set, allow that to be a
571	* substitute.
572	*
573	* @return An hx509 error code, see hx509_get_error_string().
574	*
575	* @ingroup hx509_cert
576	*/
577
578	int
579	hx509_cert_check_eku (
580	hx509_context /context/,
581	hx509_cert /cert/,
582	const heim_oid */eku/,
583	int /allow_any_eku/);
584
585	/**
586	* Compare to hx509 certificate object, useful for sorting.
587	*
588	* @param p a hx509 certificate object.
589	* @param q a hx509 certificate object.
590	*
591	* @return 0 the objects are the same, returns > 0 is p is "larger"
592	* then q, < 0 if p is "smaller" then q.
593	*
594	* @ingroup hx509_cert
595	*/
596
597	int
598	hx509_cert_cmp (
599	hx509_cert /p/,
600	hx509_cert /q/);
601
602	/**
603	* Return a list of subjectAltNames specified by oid in the
604	* certificate. On error the
605	*
606	* The returned list of octet string should be freed with
607	* hx509_free_octet_string_list().
608	*
609	* @param context A hx509 context.
610	* @param cert a hx509 certificate object.
611	* @param oid an oid to for SubjectAltName.
612	* @param list list of matching SubjectAltName.
613	*
614	* @return An hx509 error code, see hx509_get_error_string().
615	*
616	* @ingroup hx509_cert
617	*/
618
619	int
620	hx509_cert_find_subjectAltName_otherName (
621	hx509_context /context/,
622	hx509_cert /cert/,
623	const heim_oid */oid/,
624	hx509_octet_string_list */list/);
625
626	/**
627	* Free reference to the hx509 certificate object, if the refcounter
628	* reaches 0, the object if freed. Its allowed to pass in NULL.
629	*
630	* @param cert the cert to free.
631	*
632	* @ingroup hx509_cert
633	*/
634
635	void
636	hx509_cert_free (hx509_cert /cert/);
637
638	/**
639	* Get the SubjectPublicKeyInfo structure from the hx509 certificate.
640	*
641	* @param context a hx509 context.
642	* @param p a hx509 certificate object.
643	* @param spki SubjectPublicKeyInfo, should be freed with
644	* free_SubjectPublicKeyInfo().
645	*
646	* @return An hx509 error code, see hx509_get_error_string().
647	*
648	* @ingroup hx509_cert
649	*/
650
651	int
652	hx509_cert_get_SPKI (
653	hx509_context /context/,
654	hx509_cert /p/,
655	SubjectPublicKeyInfo */spki/);
656
657	/**
658	* Get the AlgorithmIdentifier from the hx509 certificate.
659	*
660	* @param context a hx509 context.
661	* @param p a hx509 certificate object.
662	* @param alg AlgorithmIdentifier, should be freed with
663	* free_AlgorithmIdentifier(). The algorithmidentifier is
664	* typicly rsaEncryption, or id-ecPublicKey, or some other
665	* public key mechanism.
666	*
667	* @return An hx509 error code, see hx509_get_error_string().
668	*
669	* @ingroup hx509_cert
670	*/
671
672	int
673	hx509_cert_get_SPKI_AlgorithmIdentifier (
674	hx509_context /context/,
675	hx509_cert /p/,
676	AlgorithmIdentifier */alg/);
677
678	/**
679	* Get an external attribute for the certificate, examples are
680	* friendly name and id.
681	*
682	* @param cert hx509 certificate object to search
683	* @param oid an oid to search for.
684	*
685	* @return an hx509_cert_attribute, only valid as long as the
686	* certificate is referenced.
687	*
688	* @ingroup hx509_cert
689	*/
690
691	hx509_cert_attribute
692	hx509_cert_get_attribute (
693	hx509_cert /cert/,
694	const heim_oid */oid/);
695
696	/**
697	* Return the name of the base subject of the hx509 certificate. If
698	* the certiicate is a verified proxy certificate, the this function
699	* return the base certificate (root of the proxy chain). If the proxy
700	* certificate is not verified with the base certificate
701	* HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.
702	*
703	* @param context a hx509 context.
704	* @param c a hx509 certificate object.
705	* @param name a pointer to a hx509 name, should be freed by
706	* hx509_name_free(). See also hx509_cert_get_subject().
707	*
708	* @return An hx509 error code, see hx509_get_error_string().
709	*
710	* @ingroup hx509_cert
711	*/
712
713	int
714	hx509_cert_get_base_subject (
715	hx509_context /context/,
716	hx509_cert /c/,
717	hx509_name */name/);
718
719	/**
720	* Get friendly name of the certificate.
721	*
722	* @param cert cert to get the friendly name from.
723	*
724	* @return an friendly name or NULL if there is. The friendly name is
725	* only valid as long as the certificate is referenced.
726	*
727	* @ingroup hx509_cert
728	*/
729
730	const char *
731	hx509_cert_get_friendly_name (hx509_cert /cert/);
732
733	/**
734	* Return the name of the issuer of the hx509 certificate.
735	*
736	* @param p a hx509 certificate object.
737	* @param name a pointer to a hx509 name, should be freed by
738	* hx509_name_free().
739	*
740	* @return An hx509 error code, see hx509_get_error_string().
741	*
742	* @ingroup hx509_cert
743	*/
744
745	int
746	hx509_cert_get_issuer (
747	hx509_cert /p/,
748	hx509_name */name/);
749
750	/**
751	* Get a copy of the Issuer Unique ID
752	*
753	* @param context a hx509_context
754	* @param p a hx509 certificate
755	* @param issuer the issuer id returned, free with der_free_bit_string()
756	*
757	* @return An hx509 error code, see hx509_get_error_string(). The
758	* error code HX509_EXTENSION_NOT_FOUND is returned if the certificate
759	* doesn't have a issuerUniqueID
760	*
761	* @ingroup hx509_cert
762	*/
763
764	int
765	hx509_cert_get_issuer_unique_id (
766	hx509_context /context/,
767	hx509_cert /p/,
768	heim_bit_string */issuer/);
769
770	/**
771	* Get notAfter time of the certificate.
772	*
773	* @param p a hx509 certificate object.
774	*
775	* @return return not after time.
776	*
777	* @ingroup hx509_cert
778	*/
779
780	time_t
781	hx509_cert_get_notAfter (hx509_cert /p/);
782
783	/**
784	* Get notBefore time of the certificate.
785	*
786	* @param p a hx509 certificate object.
787	*
788	* @return return not before time
789	*
790	* @ingroup hx509_cert
791	*/
792
793	time_t
794	hx509_cert_get_notBefore (hx509_cert /p/);
795
796	/**
797	* Get serial number of the certificate.
798	*
799	* @param p a hx509 certificate object.
800	* @param i serial number, should be freed ith der_free_heim_integer().
801	*
802	* @return An hx509 error code, see hx509_get_error_string().
803	*
804	* @ingroup hx509_cert
805	*/
806
807	int
808	hx509_cert_get_serialnumber (
809	hx509_cert /p/,
810	heim_integer */i/);
811
812	/**
813	* Return the name of the subject of the hx509 certificate.
814	*
815	* @param p a hx509 certificate object.
816	* @param name a pointer to a hx509 name, should be freed by
817	* hx509_name_free(). See also hx509_cert_get_base_subject().
818	*
819	* @return An hx509 error code, see hx509_get_error_string().
820	*
821	* @ingroup hx509_cert
822	*/
823
824	int
825	hx509_cert_get_subject (
826	hx509_cert /p/,
827	hx509_name */name/);
828
829	/**
830	* Get a copy of the Subect Unique ID
831	*
832	* @param context a hx509_context
833	* @param p a hx509 certificate
834	* @param subject the subject id returned, free with der_free_bit_string()
835	*
836	* @return An hx509 error code, see hx509_get_error_string(). The
837	* error code HX509_EXTENSION_NOT_FOUND is returned if the certificate
838	* doesn't have a subjectUniqueID
839	*
840	* @ingroup hx509_cert
841	*/
842
843	int
844	hx509_cert_get_subject_unique_id (
845	hx509_context /context/,
846	hx509_cert /p/,
847	heim_bit_string */subject/);
848
849	int
850	hx509_cert_have_private_key (hx509_cert /p/);
851
852	/**
853	* Allocate and init an hx509 certificate object from the decoded
854	* certificate `c´.
855	*
856	* @param context A hx509 context.
857	* @param c
858	* @param error
859	*
860	* @return Returns an hx509 certificate
861	*
862	* @ingroup hx509_cert
863	*/
864
865	hx509_cert
866	hx509_cert_init (
867	hx509_context /context/,
868	const Certificate */c/,
869	heim_error_t */error/);
870
871	/**
872	* Just like hx509_cert_init(), but instead of a decode certificate
873	* takes an pointer and length to a memory region that contains a
874	* DER/BER encoded certificate.
875	*
876	* If the memory region doesn't contain just the certificate and
877	* nothing more the function will fail with
878	* HX509_EXTRA_DATA_AFTER_STRUCTURE.
879	*
880	* @param context A hx509 context.
881	* @param ptr pointer to memory region containing encoded certificate.
882	* @param len length of memory region.
883	* @param error possibly returns an error
884	*
885	* @return An hx509 certificate
886	*
887	* @ingroup hx509_cert
888	*/
889
890	hx509_cert
891	hx509_cert_init_data (
892	hx509_context /context/,
893	const void */ptr/,
894	size_t /len/,
895	heim_error_t */error/);
896
897	/**
898	* Print certificate usage for a certificate to a string.
899	*
900	* @param context A hx509 context.
901	* @param c a certificate print the keyusage for.
902	* @param s the return string with the keysage printed in to, free
903	* with hx509_xfree().
904	*
905	* @return An hx509 error code, see hx509_get_error_string().
906	*
907	* @ingroup hx509_print
908	*/
909
910	int
911	hx509_cert_keyusage_print (
912	hx509_context /context/,
913	hx509_cert /c/,
914	char **/s/);
915
916	int
917	hx509_cert_public_encrypt (
918	hx509_context /context/,
919	const heim_octet_string */cleartext/,
920	const hx509_cert /p/,
921	heim_oid */encryption_oid/,
922	heim_octet_string */ciphertext/);
923
924	/**
925	* Add a reference to a hx509 certificate object.
926	*
927	* @param cert a pointer to an hx509 certificate object.
928	*
929	* @return the same object as is passed in.
930	*
931	* @ingroup hx509_cert
932	*/
933
934	hx509_cert
935	hx509_cert_ref (hx509_cert /cert/);
936
937	/**
938	* Set the friendly name on the certificate.
939	*
940	* @param cert The certificate to set the friendly name on
941	* @param name Friendly name.
942	*
943	* @return An hx509 error code, see hx509_get_error_string().
944	*
945	* @ingroup hx509_cert
946	*/
947
948	int
949	hx509_cert_set_friendly_name (
950	hx509_cert /cert/,
951	const char */name/);
952
953	/**
954	* Add a certificate to the certificiate store.
955	*
956	* The receiving keyset certs will either increase reference counter
957	* of the cert or make a deep copy, either way, the caller needs to
958	* free the cert itself.
959	*
960	* @param context a hx509 context.
961	* @param certs certificate store to add the certificate to.
962	* @param cert certificate to add.
963	*
964	* @return Returns an hx509 error code.
965	*
966	* @ingroup hx509_keyset
967	*/
968
969	int
970	hx509_certs_add (
971	hx509_context /context/,
972	hx509_certs /certs/,
973	hx509_cert /cert/);
974
975	/**
976	* Same a hx509_certs_merge() but use a lock and name to describe the
977	* from source.
978	*
979	* @param context a hx509 context.
980	* @param to the store to merge into.
981	* @param lock a lock that unlocks the certificates store, use NULL to
982	* select no password/certifictes/prompt lock (see @ref page_lock).
983	* @param name name of the source store
984	*
985	* @return Returns an hx509 error code.
986	*
987	* @ingroup hx509_keyset
988	*/
989
990	int
991	hx509_certs_append (
992	hx509_context /context/,
993	hx509_certs /to/,
994	hx509_lock /lock/,
995	const char */name/);
996
997	/**
998	* End the iteration over certificates.
999	*
1000	* @param context a hx509 context.
1001	* @param certs certificate store to iterate over.
1002	* @param cursor cursor that will keep track of progress, freed.
1003	*
1004	* @return Returns an hx509 error code.
1005	*
1006	* @ingroup hx509_keyset
1007	*/
1008
1009	int
1010	hx509_certs_end_seq (
1011	hx509_context /context/,
1012	hx509_certs /certs/,
1013	hx509_cursor /cursor/);
1014
1015	/**
1016	* Filter certificate matching the query.
1017	*
1018	* @param context a hx509 context.
1019	* @param certs certificate store to search.
1020	* @param q query allocated with @ref hx509_query functions.
1021	* @param result the filtered certificate store, caller must free with
1022	* hx509_certs_free().
1023	*
1024	* @return Returns an hx509 error code.
1025	*
1026	* @ingroup hx509_keyset
1027	*/
1028
1029	int
1030	hx509_certs_filter (
1031	hx509_context /context/,
1032	hx509_certs /certs/,
1033	const hx509_query */q/,
1034	hx509_certs */result/);
1035
1036	/**
1037	* Find a certificate matching the query.
1038	*
1039	* @param context a hx509 context.
1040	* @param certs certificate store to search.
1041	* @param q query allocated with @ref hx509_query functions.
1042	* @param r return certificate (or NULL on error), should be freed
1043	* with hx509_cert_free().
1044	*
1045	* @return Returns an hx509 error code.
1046	*
1047	* @ingroup hx509_keyset
1048	*/
1049
1050	int
1051	hx509_certs_find (
1052	hx509_context /context/,
1053	hx509_certs /certs/,
1054	const hx509_query */q/,
1055	hx509_cert */r/);
1056
1057	/**
1058	* Free a certificate store.
1059	*
1060	* @param certs certificate store to free.
1061	*
1062	* @ingroup hx509_keyset
1063	*/
1064
1065	void
1066	hx509_certs_free (hx509_certs */certs/);
1067
1068	/**
1069	* Print some info about the certificate store.
1070	*
1071	* @param context a hx509 context.
1072	* @param certs certificate store to print information about.
1073	* @param func function that will get each line of the information, if
1074	* NULL is used the data is printed on a FILE descriptor that should
1075	* be passed in ctx, if ctx also is NULL, stdout is used.
1076	* @param ctx parameter to func.
1077	*
1078	* @return Returns an hx509 error code.
1079	*
1080	* @ingroup hx509_keyset
1081	*/
1082
1083	int
1084	hx509_certs_info (
1085	hx509_context /context/,
1086	hx509_certs /certs/,
1087	int (*/func/)(void , const* char *),
1088	void */ctx/);
1089
1090	/**
1091	* Open or creates a new hx509 certificate store.
1092	*
1093	* @param context A hx509 context
1094	* @param name name of the store, format is TYPE:type-specific-string,
1095	* if NULL is used the MEMORY store is used.
1096	* @param flags list of flags:
1097	* - HX509_CERTS_CREATE create a new keystore of the specific TYPE.
1098	* - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted.
1099	* @param lock a lock that unlocks the certificates store, use NULL to
1100	* select no password/certifictes/prompt lock (see @ref page_lock).
1101	* @param certs return pointer, free with hx509_certs_free().
1102	*
1103	* @return Returns an hx509 error code.
1104	*
1105	* @ingroup hx509_keyset
1106	*/
1107
1108	int
1109	hx509_certs_init (
1110	hx509_context /context/,
1111	const char */name/,
1112	int /flags/,
1113	hx509_lock /lock/,
1114	hx509_certs */certs/);
1115
1116	/**
1117	* Iterate over all certificates in a keystore and call a block
1118	* for each of them.
1119	*
1120	* @param context a hx509 context.
1121	* @param certs certificate store to iterate over.
1122	* @param func block to call for each certificate. The function
1123	* should return non-zero to abort the iteration, that value is passed
1124	* back to the caller of hx509_certs_iter().
1125	*
1126	* @return Returns an hx509 error code.
1127	*
1128	* @ingroup hx509_keyset
1129	*/
1130
1131	#ifdef __BLOCKS__
1132	int
1133	hx509_certs_iter (
1134	hx509_context /context/,
1135	hx509_certs /certs/,
1136	int (^func)(hx509_cert));
1137	#endif /* __BLOCKS__ */
1138
1139	/**
1140	* Iterate over all certificates in a keystore and call a function
1141	* for each of them.
1142	*
1143	* @param context a hx509 context.
1144	* @param certs certificate store to iterate over.
1145	* @param func function to call for each certificate. The function
1146	* should return non-zero to abort the iteration, that value is passed
1147	* back to the caller of hx509_certs_iter_f().
1148	* @param ctx context variable that will passed to the function.
1149	*
1150	* @return Returns an hx509 error code.
1151	*
1152	* @ingroup hx509_keyset
1153	*/
1154
1155	int
1156	hx509_certs_iter_f (
1157	hx509_context /context/,
1158	hx509_certs /certs/,
1159	int (*/func/)(hx509_context, void *, hx509_cert),
1160	void */ctx/);
1161
1162	/**
1163	* Merge a certificate store into another. The from store is keep
1164	* intact.
1165	*
1166	* @param context a hx509 context.
1167	* @param to the store to merge into.
1168	* @param from the store to copy the object from.
1169	*
1170	* @return Returns an hx509 error code.
1171	*
1172	* @ingroup hx509_keyset
1173	*/
1174
1175	int
1176	hx509_certs_merge (
1177	hx509_context /context/,
1178	hx509_certs /to/,
1179	hx509_certs /from/);
1180
1181	/**
1182	* Get next ceritificate from the certificate keystore pointed out by
1183	* cursor.
1184	*
1185	* @param context a hx509 context.
1186	* @param certs certificate store to iterate over.
1187	* @param cursor cursor that keeps track of progress.
1188	* @param cert return certificate next in store, NULL if the store
1189	* contains no more certificates. Free with hx509_cert_free().
1190	*
1191	* @return Returns an hx509 error code.
1192	*
1193	* @ingroup hx509_keyset
1194	*/
1195
1196	int
1197	hx509_certs_next_cert (
1198	hx509_context /context/,
1199	hx509_certs /certs/,
1200	hx509_cursor /cursor/,
1201	hx509_cert */cert/);
1202
1203	hx509_certs
1204	hx509_certs_ref (hx509_certs /certs/);
1205
1206	/**
1207	* Start the integration
1208	*
1209	* @param context a hx509 context.
1210	* @param certs certificate store to iterate over
1211	* @param cursor cursor that will keep track of progress, free with
1212	* hx509_certs_end_seq().
1213	*
1214	* @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is
1215	* returned if the certificate store doesn't support the iteration
1216	* operation.
1217	*
1218	* @ingroup hx509_keyset
1219	*/
1220
1221	int
1222	hx509_certs_start_seq (
1223	hx509_context /context/,
1224	hx509_certs /certs/,
1225	hx509_cursor */cursor/);
1226
1227	/**
1228	* Write the certificate store to stable storage.
1229	*
1230	* @param context A hx509 context.
1231	* @param certs a certificate store to store.
1232	* @param flags currently unused, use 0.
1233	* @param lock a lock that unlocks the certificates store, use NULL to
1234	* select no password/certifictes/prompt lock (see @ref page_lock).
1235	*
1236	* @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if
1237	* the certificate store doesn't support the store operation.
1238	*
1239	* @ingroup hx509_keyset
1240	*/
1241
1242	int
1243	hx509_certs_store (
1244	hx509_context /context/,
1245	hx509_certs /certs/,
1246	int /flags/,
1247	hx509_lock /lock/);
1248
1249	/**
1250	* Function to use to hx509_certs_iter_f() as a function argument, the
1251	* ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
1252	*
1253	* @param context a hx509 context.
1254	* @param ctx used by hx509_certs_iter_f().
1255	* @param c a certificate
1256	*
1257	* @return Returns an hx509 error code.
1258	*
1259	* @ingroup hx509_keyset
1260	*/
1261
1262	int
1263	hx509_ci_print_names (
1264	hx509_context /context/,
1265	void */ctx/,
1266	hx509_cert /c/);
1267
1268	/**
1269	* Resets the error strings the hx509 context.
1270	*
1271	* @param context A hx509 context.
1272	*
1273	* @ingroup hx509_error
1274	*/
1275
1276	void
1277	hx509_clear_error_string (hx509_context /context/);
1278
1279	int
1280	hx509_cms_create_signed (
1281	hx509_context /context/,
1282	int /flags/,
1283	const heim_oid */eContentType/,
1284	const void */data/,
1285	size_t /length/,
1286	const AlgorithmIdentifier */digest_alg/,
1287	hx509_certs /certs/,
1288	hx509_peer_info /peer/,
1289	hx509_certs /anchors/,
1290	hx509_certs /pool/,
1291	heim_octet_string */signed_data/);
1292
1293	/**
1294	* Decode SignedData and verify that the signature is correct.
1295	*
1296	* @param context A hx509 context.
1297	* @param flags
1298	* @param eContentType the type of the data.
1299	* @param data data to sign
1300	* @param length length of the data that data point to.
1301	* @param digest_alg digest algorithm to use, use NULL to get the
1302	* default or the peer determined algorithm.
1303	* @param cert certificate to use for sign the data.
1304	* @param peer info about the peer the message to send the message to,
1305	* like what digest algorithm to use.
1306	* @param anchors trust anchors that the client will use, used to
1307	* polulate the certificates included in the message
1308	* @param pool certificates to use in try to build the path to the
1309	* trust anchors.
1310	* @param signed_data the output of the function, free with
1311	* der_free_octet_string().
1312	*
1313	* @return Returns an hx509 error code.
1314	*
1315	* @ingroup hx509_cms
1316	*/
1317
1318	int
1319	hx509_cms_create_signed_1 (
1320	hx509_context /context/,
1321	int /flags/,
1322	const heim_oid */eContentType/,
1323	const void */data/,
1324	size_t /length/,
1325	const AlgorithmIdentifier */digest_alg/,
1326	hx509_cert /cert/,
1327	hx509_peer_info /peer/,
1328	hx509_certs /anchors/,
1329	hx509_certs /pool/,
1330	heim_octet_string */signed_data/);
1331
1332	/**
1333	* Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
1334	* signatures).
1335	*/
1336
1337	int
1338	hx509_cms_decrypt_encrypted (
1339	hx509_context /context/,
1340	hx509_lock /lock/,
1341	const void */data/,
1342	size_t /length/,
1343	heim_oid */contentType/,
1344	heim_octet_string */content/);
1345
1346	/**
1347	* Encrypt end encode EnvelopedData.
1348	*
1349	* Encrypt and encode EnvelopedData. The data is encrypted with a
1350	* random key and the the random key is encrypted with the
1351	* certificates private key. This limits what private key type can be
1352	* used to RSA.
1353	*
1354	* @param context A hx509 context.
1355	* @param flags flags to control the behavior.
1356	* - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
1357	* - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
1358	* - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
1359	* @param cert Certificate to encrypt the EnvelopedData encryption key
1360	* with.
1361	* @param data pointer the data to encrypt.
1362	* @param length length of the data that data point to.
1363	* @param encryption_type Encryption cipher to use for the bulk data,
1364	* use NULL to get default.
1365	* @param contentType type of the data that is encrypted
1366	* @param content the output of the function,
1367	* free with der_free_octet_string().
1368	*
1369	* @return an hx509 error code.
1370	*
1371	* @ingroup hx509_cms
1372	*/
1373
1374	int
1375	hx509_cms_envelope_1 (
1376	hx509_context /context/,
1377	int /flags/,
1378	hx509_cert /cert/,
1379	const void */data/,
1380	size_t /length/,
1381	const heim_oid */encryption_type/,
1382	const heim_oid */contentType/,
1383	heim_octet_string */content/);
1384
1385	/**
1386	* Decode and unencrypt EnvelopedData.
1387	*
1388	* Extract data and parameteres from from the EnvelopedData. Also
1389	* supports using detached EnvelopedData.
1390	*
1391	* @param context A hx509 context.
1392	* @param certs Certificate that can decrypt the EnvelopedData
1393	* encryption key.
1394	* @param flags HX509_CMS_UE flags to control the behavior.
1395	* @param data pointer the structure the contains the DER/BER encoded
1396	* EnvelopedData stucture.
1397	* @param length length of the data that data point to.
1398	* @param encryptedContent in case of detached signature, this
1399	* contains the actual encrypted data, othersize its should be NULL.
1400	* @param time_now set the current time, if zero the library uses now as the date.
1401	* @param contentType output type oid, should be freed with der_free_oid().
1402	* @param content the data, free with der_free_octet_string().
1403	*
1404	* @return an hx509 error code.
1405	*
1406	* @ingroup hx509_cms
1407	*/
1408
1409	int
1410	hx509_cms_unenvelope (
1411	hx509_context /context/,
1412	hx509_certs /certs/,
1413	int /flags/,
1414	const void */data/,
1415	size_t /length/,
1416	const heim_octet_string */encryptedContent/,
1417	time_t /time_now/,
1418	heim_oid */contentType/,
1419	heim_octet_string */content/);
1420
1421	/**
1422	* Decode an ContentInfo and unwrap data and oid it.
1423	*
1424	* @param in the encoded buffer.
1425	* @param oid type of the content.
1426	* @param out data to be wrapped.
1427	* @param have_data since the data is optional, this flags show dthe
1428	* diffrence between no data and the zero length data.
1429	*
1430	* @return Returns an hx509 error code.
1431	*
1432	* @ingroup hx509_cms
1433	*/
1434
1435	int
1436	hx509_cms_unwrap_ContentInfo (
1437	const heim_octet_string */in/,
1438	heim_oid */oid/,
1439	heim_octet_string */out/,
1440	int */have_data/);
1441
1442	/**
1443	* Decode SignedData and verify that the signature is correct.
1444	*
1445	* @param context A hx509 context.
1446	* @param ctx a hx509 verify context.
1447	* @param flags to control the behaivor of the function.
1448	* - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
1449	* - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
1450	* - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
1451	* @param data pointer to CMS SignedData encoded data.
1452	* @param length length of the data that data point to.
1453	* @param signedContent external data used for signature.
1454	* @param pool certificate pool to build certificates paths.
1455	* @param contentType free with der_free_oid().
1456	* @param content the output of the function, free with
1457	* der_free_octet_string().
1458	* @param signer_certs list of the cerficates used to sign this
1459	* request, free with hx509_certs_free().
1460	*
1461	* @return an hx509 error code.
1462	*
1463	* @ingroup hx509_cms
1464	*/
1465
1466	int
1467	hx509_cms_verify_signed (
1468	hx509_context /context/,
1469	hx509_verify_ctx /ctx/,
1470	unsigned int /flags/,
1471	const void */data/,
1472	size_t /length/,
1473	const heim_octet_string */signedContent/,
1474	hx509_certs /pool/,
1475	heim_oid */contentType/,
1476	heim_octet_string */content/,
1477	hx509_certs */signer_certs/);
1478
1479	/**
1480	* Wrap data and oid in a ContentInfo and encode it.
1481	*
1482	* @param oid type of the content.
1483	* @param buf data to be wrapped. If a NULL pointer is passed in, the
1484	* optional content field in the ContentInfo is not going be filled
1485	* in.
1486	* @param res the encoded buffer, the result should be freed with
1487	* der_free_octet_string().
1488	*
1489	* @return Returns an hx509 error code.
1490	*
1491	* @ingroup hx509_cms
1492	*/
1493
1494	int
1495	hx509_cms_wrap_ContentInfo (
1496	const heim_oid */oid/,
1497	const heim_octet_string */buf/,
1498	heim_octet_string */res/);
1499
1500	/**
1501	* Free the context allocated by hx509_context_init().
1502	*
1503	* @param context context to be freed.
1504	*
1505	* @ingroup hx509
1506	*/
1507
1508	void
1509	hx509_context_free (hx509_context */context/);
1510
1511	/**
1512	* Creates a hx509 context that most functions in the library
1513	* uses. The context is only allowed to be used by one thread at each
1514	* moment. Free the context with hx509_context_free().
1515	*
1516	* @param context Returns a pointer to new hx509 context.
1517	*
1518	* @return Returns an hx509 error code.
1519	*
1520	* @ingroup hx509
1521	*/
1522
1523	int
1524	hx509_context_init (hx509_context */context/);
1525
1526	/**
1527	* Selects if the hx509_revoke_verify() function is going to require
1528	* the existans of a revokation method (OCSP, CRL) or not. Note that
1529	* hx509_verify_path(), hx509_cms_verify_signed(), and other function
1530	* call hx509_revoke_verify().
1531	*
1532	* @param context hx509 context to change the flag for.
1533	* @param flag zero, revokation method required, non zero missing
1534	* revokation method ok
1535	*
1536	* @ingroup hx509_verify
1537	*/
1538
1539	void
1540	hx509_context_set_missing_revoke (
1541	hx509_context /context/,
1542	int /flag/);
1543
1544	/**
1545	* Add revoked certificate to an CRL context.
1546	*
1547	* @param context a hx509 context.
1548	* @param crl the CRL to add the revoked certificate to.
1549	* @param certs keyset of certificate to revoke.
1550	*
1551	* @return An hx509 error code, see hx509_get_error_string().
1552	*
1553	* @ingroup hx509_verify
1554	*/
1555
1556	int
1557	hx509_crl_add_revoked_certs (
1558	hx509_context /context/,
1559	hx509_crl /crl/,
1560	hx509_certs /certs/);
1561
1562	/**
1563	* Create a CRL context. Use hx509_crl_free() to free the CRL context.
1564	*
1565	* @param context a hx509 context.
1566	* @param crl return pointer to a newly allocated CRL context.
1567	*
1568	* @return An hx509 error code, see hx509_get_error_string().
1569	*
1570	* @ingroup hx509_verify
1571	*/
1572
1573	int
1574	hx509_crl_alloc (
1575	hx509_context /context/,
1576	hx509_crl */crl/);
1577
1578	/**
1579	* Free a CRL context.
1580	*
1581	* @param context a hx509 context.
1582	* @param crl a CRL context to free.
1583	*
1584	* @ingroup hx509_verify
1585	*/
1586
1587	void
1588	hx509_crl_free (
1589	hx509_context /context/,
1590	hx509_crl */crl/);
1591
1592	/**
1593	* Set the lifetime of a CRL context.
1594	*
1595	* @param context a hx509 context.
1596	* @param crl a CRL context
1597	* @param delta delta time the certificate is valid, library adds the
1598	* current time to this.
1599	*
1600	* @return An hx509 error code, see hx509_get_error_string().
1601	*
1602	* @ingroup hx509_verify
1603	*/
1604
1605	int
1606	hx509_crl_lifetime (
1607	hx509_context /context/,
1608	hx509_crl /crl/,
1609	int /delta/);
1610
1611	/**
1612	* Sign a CRL and return an encode certificate.
1613	*
1614	* @param context a hx509 context.
1615	* @param signer certificate to sign the CRL with
1616	* @param crl the CRL to sign
1617	* @param os return the signed and encoded CRL, free with
1618	* free_heim_octet_string()
1619	*
1620	* @return An hx509 error code, see hx509_get_error_string().
1621	*
1622	* @ingroup hx509_verify
1623	*/
1624
1625	int
1626	hx509_crl_sign (
1627	hx509_context /context/,
1628	hx509_cert /signer/,
1629	hx509_crl /crl/,
1630	heim_octet_string */os/);
1631
1632	const AlgorithmIdentifier *
1633	hx509_crypto_aes128_cbc (void);
1634
1635	const AlgorithmIdentifier *
1636	hx509_crypto_aes256_cbc (void);
1637
1638	void
1639	hx509_crypto_allow_weak (hx509_crypto /crypto/);
1640
1641	int
1642	hx509_crypto_available (
1643	hx509_context /context/,
1644	int /type/,
1645	hx509_cert /source/,
1646	AlgorithmIdentifier **/val/,
1647	unsigned int */plen/);
1648
1649	int
1650	hx509_crypto_decrypt (
1651	hx509_crypto /crypto/,
1652	const void */data/,
1653	const size_t /length/,
1654	heim_octet_string */ivec/,
1655	heim_octet_string */clear/);
1656
1657	const AlgorithmIdentifier *
1658	hx509_crypto_des_rsdi_ede3_cbc (void);
1659
1660	void
1661	hx509_crypto_destroy (hx509_crypto /crypto/);
1662
1663	int
1664	hx509_crypto_encrypt (
1665	hx509_crypto /crypto/,
1666	const void */data/,
1667	const size_t /length/,
1668	const heim_octet_string */ivec/,
1669	heim_octet_string **/ciphertext/);
1670
1671	const heim_oid *
1672	hx509_crypto_enctype_by_name (const char */name/);
1673
1674	void
1675	hx509_crypto_free_algs (
1676	AlgorithmIdentifier */val/,
1677	unsigned int /len/);
1678
1679	int
1680	hx509_crypto_get_params (
1681	hx509_context /context/,
1682	hx509_crypto /crypto/,
1683	const heim_octet_string */ivec/,
1684	heim_octet_string */param/);
1685
1686	int
1687	hx509_crypto_init (
1688	hx509_context /context/,
1689	const char */provider/,
1690	const heim_oid */enctype/,
1691	hx509_crypto */crypto/);
1692
1693	const char *
1694	hx509_crypto_provider (hx509_crypto /crypto/);
1695
1696	int
1697	hx509_crypto_random_iv (
1698	hx509_crypto /crypto/,
1699	heim_octet_string */ivec/);
1700
1701	int
1702	hx509_crypto_select (
1703	const hx509_context /context/,
1704	int /type/,
1705	const hx509_private_key /source/,
1706	hx509_peer_info /peer/,
1707	AlgorithmIdentifier */selected/);
1708
1709	int
1710	hx509_crypto_set_key_data (
1711	hx509_crypto /crypto/,
1712	const void */data/,
1713	size_t /length/);
1714
1715	int
1716	hx509_crypto_set_key_name (
1717	hx509_crypto /crypto/,
1718	const char */name/);
1719
1720	void
1721	hx509_crypto_set_padding (
1722	hx509_crypto /crypto/,
1723	int /padding_type/);
1724
1725	int
1726	hx509_crypto_set_params (
1727	hx509_context /context/,
1728	hx509_crypto /crypto/,
1729	const heim_octet_string */param/,
1730	heim_octet_string */ivec/);
1731
1732	int
1733	hx509_crypto_set_random_key (
1734	hx509_crypto /crypto/,
1735	heim_octet_string */key/);
1736
1737	/**
1738	* Add a new key/value pair to the hx509_env.
1739	*
1740	* @param context A hx509 context.
1741	* @param env environment to add the environment variable too.
1742	* @param key key to add
1743	* @param value value to add
1744	*
1745	* @return An hx509 error code, see hx509_get_error_string().
1746	*
1747	* @ingroup hx509_env
1748	*/
1749
1750	int
1751	hx509_env_add (
1752	hx509_context /context/,
1753	hx509_env */env/,
1754	const char */key/,
1755	const char */value/);
1756
1757	/**
1758	* Add a new key/binding pair to the hx509_env.
1759	*
1760	* @param context A hx509 context.
1761	* @param env environment to add the environment variable too.
1762	* @param key key to add
1763	* @param list binding list to add
1764	*
1765	* @return An hx509 error code, see hx509_get_error_string().
1766	*
1767	* @ingroup hx509_env
1768	*/
1769
1770	int
1771	hx509_env_add_binding (
1772	hx509_context /context/,
1773	hx509_env */env/,
1774	const char */key/,
1775	hx509_env /list/);
1776
1777	/**
1778	* Search the hx509_env for a key.
1779	*
1780	* @param context A hx509 context.
1781	* @param env environment to add the environment variable too.
1782	* @param key key to search for.
1783	*
1784	* @return the value if the key is found, NULL otherwise.
1785	*
1786	* @ingroup hx509_env
1787	*/
1788
1789	const char *
1790	hx509_env_find (
1791	hx509_context /context/,
1792	hx509_env /env/,
1793	const char */key/);
1794
1795	/**
1796	* Search the hx509_env for a binding.
1797	*
1798	* @param context A hx509 context.
1799	* @param env environment to add the environment variable too.
1800	* @param key key to search for.
1801	*
1802	* @return the binding if the key is found, NULL if not found.
1803	*
1804	* @ingroup hx509_env
1805	*/
1806
1807	hx509_env
1808	hx509_env_find_binding (
1809	hx509_context /context/,
1810	hx509_env /env/,
1811	const char */key/);
1812
1813	/**
1814	* Free an hx509_env environment context.
1815	*
1816	* @param env the environment to free.
1817	*
1818	* @ingroup hx509_env
1819	*/
1820
1821	void
1822	hx509_env_free (hx509_env */env/);
1823
1824	/**
1825	* Search the hx509_env for a length based key.
1826	*
1827	* @param context A hx509 context.
1828	* @param env environment to add the environment variable too.
1829	* @param key key to search for.
1830	* @param len length of key.
1831	*
1832	* @return the value if the key is found, NULL otherwise.
1833	*
1834	* @ingroup hx509_env
1835	*/
1836
1837	const char *
1838	hx509_env_lfind (
1839	hx509_context /context/,
1840	hx509_env /env/,
1841	const char */key/,
1842	size_t /len/);
1843
1844	/**
1845	* Print error message and fatally exit from error code
1846	*
1847	* @param context A hx509 context.
1848	* @param exit_code exit() code from process.
1849	* @param error_code Error code for the reason to exit.
1850	* @param fmt format string with the exit message.
1851	* @param ... argument to format string.
1852	*
1853	* @ingroup hx509_error
1854	*/
1855
1856	void
1857	hx509_err (
1858	hx509_context /context/,
1859	int /exit_code/,
1860	int /error_code/,
1861	const char */fmt/,
1862	...);
1863
1864	hx509_private_key_ops *
1865	hx509_find_private_alg (const heim_oid */oid/);
1866
1867	/**
1868	* Free error string returned by hx509_get_error_string().
1869	*
1870	* @param str error string to free.
1871	*
1872	* @ingroup hx509_error
1873	*/
1874
1875	void
1876	hx509_free_error_string (char */str/);
1877
1878	/**
1879	* Free a list of octet strings returned by another hx509 library
1880	* function.
1881	*
1882	* @param list list to be freed.
1883	*
1884	* @ingroup hx509_misc
1885	*/
1886
1887	void
1888	hx509_free_octet_string_list (hx509_octet_string_list */list/);
1889
1890	/**
1891	* Unparse the hx509 name in name into a string.
1892	*
1893	* @param name the name to print
1894	* @param str an allocated string returns the name in string form
1895	*
1896	* @return An hx509 error code, see hx509_get_error_string().
1897	*
1898	* @ingroup hx509_name
1899	*/
1900
1901	int
1902	hx509_general_name_unparse (
1903	GeneralName */name/,
1904	char **/str/);
1905
1906	/**
1907	* Get an error string from context associated with error_code.
1908	*
1909	* @param context A hx509 context.
1910	* @param error_code Get error message for this error code.
1911	*
1912	* @return error string, free with hx509_free_error_string().
1913	*
1914	* @ingroup hx509_error
1915	*/
1916
1917	char *
1918	hx509_get_error_string (
1919	hx509_context /context/,
1920	int /error_code/);
1921
1922	/**
1923	* Get one random certificate from the certificate store.
1924	*
1925	* @param context a hx509 context.
1926	* @param certs a certificate store to get the certificate from.
1927	* @param c return certificate, should be freed with hx509_cert_free().
1928	*
1929	* @return Returns an hx509 error code.
1930	*
1931	* @ingroup hx509_keyset
1932	*/
1933
1934	int
1935	hx509_get_one_cert (
1936	hx509_context /context/,
1937	hx509_certs /certs/,
1938	hx509_cert */c/);
1939
1940	int
1941	hx509_lock_add_cert (
1942	hx509_context /context/,
1943	hx509_lock /lock/,
1944	hx509_cert /cert/);
1945
1946	int
1947	hx509_lock_add_certs (
1948	hx509_context /context/,
1949	hx509_lock /lock/,
1950	hx509_certs /certs/);
1951
1952	int
1953	hx509_lock_add_password (
1954	hx509_lock /lock/,
1955	const char */password/);
1956
1957	int
1958	hx509_lock_command_string (
1959	hx509_lock /lock/,
1960	const char */string/);
1961
1962	void
1963	hx509_lock_free (hx509_lock /lock/);
1964
1965	/**
1966	* @page page_lock Locking and unlocking certificates and encrypted data.
1967	*
1968	* See the library functions here: @ref hx509_lock
1969	*/
1970
1971	int
1972	hx509_lock_init (
1973	hx509_context /context/,
1974	hx509_lock */lock/);
1975
1976	int
1977	hx509_lock_prompt (
1978	hx509_lock /lock/,
1979	hx509_prompt */prompt/);
1980
1981	void
1982	hx509_lock_reset_certs (
1983	hx509_context /context/,
1984	hx509_lock /lock/);
1985
1986	void
1987	hx509_lock_reset_passwords (hx509_lock /lock/);
1988
1989	void
1990	hx509_lock_reset_promper (hx509_lock /lock/);
1991
1992	int
1993	hx509_lock_set_prompter (
1994	hx509_lock /lock/,
1995	hx509_prompter_fct /prompt/,
1996	void */data/);
1997
1998	/**
1999	* Convert a hx509_name object to DER encoded name.
2000	*
2001	* @param name name to concert
2002	* @param os data to a DER encoded name, free the resulting octet
2003	* string with hx509_xfree(os->data).
2004	*
2005	* @return An hx509 error code, see hx509_get_error_string().
2006	*
2007	* @ingroup hx509_name
2008	*/
2009
2010	int
2011	hx509_name_binary (
2012	const hx509_name /name/,
2013	heim_octet_string */os/);
2014
2015	/**
2016	* Compare to hx509 name object, useful for sorting.
2017	*
2018	* @param n1 a hx509 name object.
2019	* @param n2 a hx509 name object.
2020	*
2021	* @return 0 the objects are the same, returns > 0 is n2 is "larger"
2022	* then n2, < 0 if n1 is "smaller" then n2.
2023	*
2024	* @ingroup hx509_name
2025	*/
2026
2027	int
2028	hx509_name_cmp (
2029	hx509_name /n1/,
2030	hx509_name /n2/);
2031
2032	/**
2033	* Copy a hx509 name object.
2034	*
2035	* @param context A hx509 cotext.
2036	* @param from the name to copy from
2037	* @param to the name to copy to
2038	*
2039	* @return An hx509 error code, see hx509_get_error_string().
2040	*
2041	* @ingroup hx509_name
2042	*/
2043
2044	int
2045	hx509_name_copy (
2046	hx509_context /context/,
2047	const hx509_name /from/,
2048	hx509_name */to/);
2049
2050	/**
2051	* Expands variables in the name using env. Variables are on the form
2052	* ${name}. Useful when dealing with certificate templates.
2053	*
2054	* @param context A hx509 cotext.
2055	* @param name the name to expand.
2056	* @param env environment variable to expand.
2057	*
2058	* @return An hx509 error code, see hx509_get_error_string().
2059	*
2060	* @ingroup hx509_name
2061	*/
2062
2063	int
2064	hx509_name_expand (
2065	hx509_context /context/,
2066	hx509_name /name/,
2067	hx509_env /env/);
2068
2069	/**
2070	* Free a hx509 name object, upond return *name will be NULL.
2071	*
2072	* @param name a hx509 name object to be freed.
2073	*
2074	* @ingroup hx509_name
2075	*/
2076
2077	void
2078	hx509_name_free (hx509_name */name/);
2079
2080	/**
2081	* Unparse the hx509 name in name into a string.
2082	*
2083	* @param name the name to check if its empty/null.
2084	*
2085	* @return non zero if the name is empty/null.
2086	*
2087	* @ingroup hx509_name
2088	*/
2089
2090	int
2091	hx509_name_is_null_p (const hx509_name /name/);
2092
2093	int
2094	hx509_name_normalize (
2095	hx509_context /context/,
2096	hx509_name /name/);
2097
2098	/**
2099	* Convert a hx509_name into a Name.
2100	*
2101	* @param from the name to copy from
2102	* @param to the name to copy to
2103	*
2104	* @return An hx509 error code, see hx509_get_error_string().
2105	*
2106	* @ingroup hx509_name
2107	*/
2108
2109	int
2110	hx509_name_to_Name (
2111	const hx509_name /from/,
2112	Name */to/);
2113
2114	/**
2115	* Convert the hx509 name object into a printable string.
2116	* The resulting string should be freed with free().
2117	*
2118	* @param name name to print
2119	* @param str the string to return
2120	*
2121	* @return An hx509 error code, see hx509_get_error_string().
2122	*
2123	* @ingroup hx509_name
2124	*/
2125
2126	int
2127	hx509_name_to_string (
2128	const hx509_name /name/,
2129	char **/str/);
2130
2131	/**
2132	* Create an OCSP request for a set of certificates.
2133	*
2134	* @param context a hx509 context
2135	* @param reqcerts list of certificates to request ocsp data for
2136	* @param pool certificate pool to use when signing
2137	* @param signer certificate to use to sign the request
2138	* @param digest the signing algorithm in the request, if NULL use the
2139	* default signature algorithm,
2140	* @param request the encoded request, free with free_heim_octet_string().
2141	* @param nonce nonce in the request, free with free_heim_octet_string().
2142	*
2143	* @return An hx509 error code, see hx509_get_error_string().
2144	*
2145	* @ingroup hx509_revoke
2146	*/
2147
2148	int
2149	hx509_ocsp_request (
2150	hx509_context /context/,
2151	hx509_certs /reqcerts/,
2152	hx509_certs /pool/,
2153	hx509_cert /signer/,
2154	const AlgorithmIdentifier */digest/,
2155	heim_octet_string */request/,
2156	heim_octet_string */nonce/);
2157
2158	/**
2159	* Verify that the certificate is part of the OCSP reply and it's not
2160	* expired. Doesn't verify signature the OCSP reply or it's done by a
2161	* authorized sender, that is assumed to be already done.
2162	*
2163	* @param context a hx509 context
2164	* @param now the time right now, if 0, use the current time.
2165	* @param cert the certificate to verify
2166	* @param flags flags control the behavior
2167	* @param data pointer to the encode ocsp reply
2168	* @param length the length of the encode ocsp reply
2169	* @param expiration return the time the OCSP will expire and need to
2170	* be rechecked.
2171	*
2172	* @return An hx509 error code, see hx509_get_error_string().
2173	*
2174	* @ingroup hx509_verify
2175	*/
2176
2177	int
2178	hx509_ocsp_verify (
2179	hx509_context /context/,
2180	time_t /now/,
2181	hx509_cert /cert/,
2182	int /flags/,
2183	const void */data/,
2184	size_t /length/,
2185	time_t */expiration/);
2186
2187	/**
2188	* Print a oid using a hx509_vprint_func function. To print to stdout
2189	* use hx509_print_stdout().
2190	*
2191	* @param oid oid to print
2192	* @param func hx509_vprint_func to print with.
2193	* @param ctx context variable to hx509_vprint_func function.
2194	*
2195	* @ingroup hx509_print
2196	*/
2197
2198	void
2199	hx509_oid_print (
2200	const heim_oid */oid/,
2201	hx509_vprint_func /func/,
2202	void */ctx/);
2203
2204	/**
2205	* Print a oid to a string.
2206	*
2207	* @param oid oid to print
2208	* @param str allocated string, free with hx509_xfree().
2209	*
2210	* @return An hx509 error code, see hx509_get_error_string().
2211	*
2212	* @ingroup hx509_print
2213	*/
2214
2215	int
2216	hx509_oid_sprint (
2217	const heim_oid */oid/,
2218	char **/str/);
2219
2220	/**
2221	* Parse a string into a hx509 name object.
2222	*
2223	* @param context A hx509 context.
2224	* @param str a string to parse.
2225	* @param name the resulting object, NULL in case of error.
2226	*
2227	* @return An hx509 error code, see hx509_get_error_string().
2228	*
2229	* @ingroup hx509_name
2230	*/
2231
2232	int
2233	hx509_parse_name (
2234	hx509_context /context/,
2235	const char */str/,
2236	hx509_name */name/);
2237
2238	int
2239	hx509_parse_private_key (
2240	hx509_context /context/,
2241	const AlgorithmIdentifier */keyai/,
2242	const void */data/,
2243	size_t /len/,
2244	hx509_key_format_t /format/,
2245	hx509_private_key */private_key/);
2246
2247	/**
2248	* Add an additional algorithm that the peer supports.
2249	*
2250	* @param context A hx509 context.
2251	* @param peer the peer to set the new algorithms for
2252	* @param val an AlgorithmsIdentier to add
2253	*
2254	* @return An hx509 error code, see hx509_get_error_string().
2255	*
2256	* @ingroup hx509_peer
2257	*/
2258
2259	int
2260	hx509_peer_info_add_cms_alg (
2261	hx509_context /context/,
2262	hx509_peer_info /peer/,
2263	const AlgorithmIdentifier */val/);
2264
2265	/**
2266	* Allocate a new peer info structure an init it to default values.
2267	*
2268	* @param context A hx509 context.
2269	* @param peer return an allocated peer, free with hx509_peer_info_free().
2270	*
2271	* @return An hx509 error code, see hx509_get_error_string().
2272	*
2273	* @ingroup hx509_peer
2274	*/
2275
2276	int
2277	hx509_peer_info_alloc (
2278	hx509_context /context/,
2279	hx509_peer_info */peer/);
2280
2281	/**
2282	* Free a peer info structure.
2283	*
2284	* @param peer peer info to be freed.
2285	*
2286	* @ingroup hx509_peer
2287	*/
2288
2289	void
2290	hx509_peer_info_free (hx509_peer_info /peer/);
2291
2292	/**
2293	* Set the certificate that remote peer is using.
2294	*
2295	* @param peer peer info to update
2296	* @param cert cerificate of the remote peer.
2297	*
2298	* @return An hx509 error code, see hx509_get_error_string().
2299	*
2300	* @ingroup hx509_peer
2301	*/
2302
2303	int
2304	hx509_peer_info_set_cert (
2305	hx509_peer_info /peer/,
2306	hx509_cert /cert/);
2307
2308	/**
2309	* Set the algorithms that the peer supports.
2310	*
2311	* @param context A hx509 context.
2312	* @param peer the peer to set the new algorithms for
2313	* @param val array of supported AlgorithmsIdentiers
2314	* @param len length of array val.
2315	*
2316	* @return An hx509 error code, see hx509_get_error_string().
2317	*
2318	* @ingroup hx509_peer
2319	*/
2320
2321	int
2322	hx509_peer_info_set_cms_algs (
2323	hx509_context /context/,
2324	hx509_peer_info /peer/,
2325	const AlgorithmIdentifier */val/,
2326	size_t /len/);
2327
2328	int
2329	hx509_pem_add_header (
2330	hx509_pem_header **/headers/,
2331	const char */header/,
2332	const char */value/);
2333
2334	const char *
2335	hx509_pem_find_header (
2336	const hx509_pem_header */h/,
2337	const char */header/);
2338
2339	void
2340	hx509_pem_free_header (hx509_pem_header */headers/);
2341
2342	int
2343	hx509_pem_read (
2344	hx509_context /context/,
2345	FILE */f/,
2346	hx509_pem_read_func /func/,
2347	void */ctx/);
2348
2349	int
2350	hx509_pem_write (
2351	hx509_context /context/,
2352	const char */type/,
2353	hx509_pem_header */headers/,
2354	FILE */f/,
2355	const void */data/,
2356	size_t /size/);
2357
2358	/**
2359	* Print a simple representation of a certificate
2360	*
2361	* @param context A hx509 context, can be NULL
2362	* @param cert certificate to print
2363	* @param out the stdio output stream, if NULL, stdout is used
2364	*
2365	* @return An hx509 error code
2366	*
2367	* @ingroup hx509_cert
2368	*/
2369
2370	int
2371	hx509_print_cert (
2372	hx509_context /context/,
2373	hx509_cert /cert/,
2374	FILE */out/);
2375
2376	/**
2377	* Helper function to print on stdout for:
2378	* - hx509_oid_print(),
2379	* - hx509_bitstring_print(),
2380	* - hx509_validate_ctx_set_print().
2381	*
2382	* @param ctx the context to the print function. If the ctx is NULL,
2383	* stdout is used.
2384	* @param fmt the printing format.
2385	* @param va the argumet list.
2386	*
2387	* @ingroup hx509_print
2388	*/
2389
2390	void
2391	hx509_print_stdout (
2392	void */ctx/,
2393	const char */fmt/,
2394	va_list /va/);
2395
2396	int
2397	hx509_private_key2SPKI (
2398	hx509_context /context/,
2399	hx509_private_key /private_key/,
2400	SubjectPublicKeyInfo */spki/);
2401
2402	void
2403	hx509_private_key_assign_rsa (
2404	hx509_private_key /key/,
2405	void */ptr/);
2406
2407	int
2408	hx509_private_key_free (hx509_private_key */key/);
2409
2410	int
2411	hx509_private_key_init (
2412	hx509_private_key */key/,
2413	hx509_private_key_ops */ops/,
2414	void */keydata/);
2415
2416	int
2417	hx509_private_key_private_decrypt (
2418	hx509_context /context/,
2419	const heim_octet_string */ciphertext/,
2420	const heim_oid */encryption_oid/,
2421	hx509_private_key /p/,
2422	heim_octet_string */cleartext/);
2423
2424	int
2425	hx509_prompt_hidden (hx509_prompt_type /type/);
2426
2427	/**
2428	* Allocate an query controller. Free using hx509_query_free().
2429	*
2430	* @param context A hx509 context.
2431	* @param q return pointer to a hx509_query.
2432	*
2433	* @return An hx509 error code, see hx509_get_error_string().
2434	*
2435	* @ingroup hx509_cert
2436	*/
2437
2438	int
2439	hx509_query_alloc (
2440	hx509_context /context/,
2441	hx509_query **/q/);
2442
2443	/**
2444	* Free the query controller.
2445	*
2446	* @param context A hx509 context.
2447	* @param q a pointer to the query controller.
2448	*
2449	* @ingroup hx509_cert
2450	*/
2451
2452	void
2453	hx509_query_free (
2454	hx509_context /context/,
2455	hx509_query */q/);
2456
2457	/**
2458	* Set the query controller to match using a specific match function.
2459	*
2460	* @param q a hx509 query controller.
2461	* @param func function to use for matching, if the argument is NULL,
2462	* the match function is removed.
2463	* @param ctx context passed to the function.
2464	*
2465	* @return An hx509 error code, see hx509_get_error_string().
2466	*
2467	* @ingroup hx509_cert
2468	*/
2469
2470	int
2471	hx509_query_match_cmp_func (
2472	hx509_query */q/,
2473	int (*/func/)(hx509_context, hx509_cert, void *),
2474	void */ctx/);
2475
2476	/**
2477	* Set the query controller to require an one specific EKU (extended
2478	* key usage). Any previous EKU matching is overwitten. If NULL is
2479	* passed in as the eku, the EKU requirement is reset.
2480	*
2481	* @param q a hx509 query controller.
2482	* @param eku an EKU to match on.
2483	*
2484	* @return An hx509 error code, see hx509_get_error_string().
2485	*
2486	* @ingroup hx509_cert
2487	*/
2488
2489	int
2490	hx509_query_match_eku (
2491	hx509_query */q/,
2492	const heim_oid */eku/);
2493
2494	int
2495	hx509_query_match_expr (
2496	hx509_context /context/,
2497	hx509_query */q/,
2498	const char */expr/);
2499
2500	/**
2501	* Set the query controller to match on a friendly name
2502	*
2503	* @param q a hx509 query controller.
2504	* @param name a friendly name to match on
2505	*
2506	* @return An hx509 error code, see hx509_get_error_string().
2507	*
2508	* @ingroup hx509_cert
2509	*/
2510
2511	int
2512	hx509_query_match_friendly_name (
2513	hx509_query */q/,
2514	const char */name/);
2515
2516	/**
2517	* Set the issuer and serial number of match in the query
2518	* controller. The function make copies of the isser and serial number.
2519	*
2520	* @param q a hx509 query controller
2521	* @param issuer issuer to search for
2522	* @param serialNumber the serialNumber of the issuer.
2523	*
2524	* @return An hx509 error code, see hx509_get_error_string().
2525	*
2526	* @ingroup hx509_cert
2527	*/
2528
2529	int
2530	hx509_query_match_issuer_serial (
2531	hx509_query */q/,
2532	const Name */issuer/,
2533	const heim_integer */serialNumber/);
2534
2535	/**
2536	* Set match options for the hx509 query controller.
2537	*
2538	* @param q query controller.
2539	* @param option options to control the query controller.
2540	*
2541	* @return An hx509 error code, see hx509_get_error_string().
2542	*
2543	* @ingroup hx509_cert
2544	*/
2545
2546	void
2547	hx509_query_match_option (
2548	hx509_query */q/,
2549	hx509_query_option /option/);
2550
2551	/**
2552	* Set a statistic file for the query statistics.
2553	*
2554	* @param context A hx509 context.
2555	* @param fn statistics file name
2556	*
2557	* @ingroup hx509_cert
2558	*/
2559
2560	void
2561	hx509_query_statistic_file (
2562	hx509_context /context/,
2563	const char */fn/);
2564
2565	/**
2566	* Unparse the statistics file and print the result on a FILE descriptor.
2567	*
2568	* @param context A hx509 context.
2569	* @param printtype tyep to print
2570	* @param out the FILE to write the data on.
2571	*
2572	* @ingroup hx509_cert
2573	*/
2574
2575	void
2576	hx509_query_unparse_stats (
2577	hx509_context /context/,
2578	int /printtype/,
2579	FILE */out/);
2580
2581	void
2582	hx509_request_free (hx509_request */req/);
2583
2584	int
2585	hx509_request_get_SubjectPublicKeyInfo (
2586	hx509_context /context/,
2587	hx509_request /req/,
2588	SubjectPublicKeyInfo */key/);
2589
2590	int
2591	hx509_request_get_name (
2592	hx509_context /context/,
2593	hx509_request /req/,
2594	hx509_name */name/);
2595
2596	int
2597	hx509_request_init (
2598	hx509_context /context/,
2599	hx509_request */req/);
2600
2601	int
2602	hx509_request_set_SubjectPublicKeyInfo (
2603	hx509_context /context/,
2604	hx509_request /req/,
2605	const SubjectPublicKeyInfo */key/);
2606
2607	int
2608	hx509_request_set_name (
2609	hx509_context /context/,
2610	hx509_request /req/,
2611	hx509_name /name/);
2612
2613	/**
2614	* Add a CRL file to the revokation context.
2615	*
2616	* @param context hx509 context
2617	* @param ctx hx509 revokation context
2618	* @param path path to file that is going to be added to the context.
2619	*
2620	* @return An hx509 error code, see hx509_get_error_string().
2621	*
2622	* @ingroup hx509_revoke
2623	*/
2624
2625	int
2626	hx509_revoke_add_crl (
2627	hx509_context /context/,
2628	hx509_revoke_ctx /ctx/,
2629	const char */path/);
2630
2631	/**
2632	* Add a OCSP file to the revokation context.
2633	*
2634	* @param context hx509 context
2635	* @param ctx hx509 revokation context
2636	* @param path path to file that is going to be added to the context.
2637	*
2638	* @return An hx509 error code, see hx509_get_error_string().
2639	*
2640	* @ingroup hx509_revoke
2641	*/
2642
2643	int
2644	hx509_revoke_add_ocsp (
2645	hx509_context /context/,
2646	hx509_revoke_ctx /ctx/,
2647	const char */path/);
2648
2649	/**
2650	* Free a hx509 revokation context.
2651	*
2652	* @param ctx context to be freed
2653	*
2654	* @ingroup hx509_revoke
2655	*/
2656
2657	void
2658	hx509_revoke_free (hx509_revoke_ctx */ctx/);
2659
2660	/**
2661	* Allocate a revokation context. Free with hx509_revoke_free().
2662	*
2663	* @param context A hx509 context.
2664	* @param ctx returns a newly allocated revokation context.
2665	*
2666	* @return An hx509 error code, see hx509_get_error_string().
2667	*
2668	* @ingroup hx509_revoke
2669	*/
2670
2671	int
2672	hx509_revoke_init (
2673	hx509_context /context/,
2674	hx509_revoke_ctx */ctx/);
2675
2676	/**
2677	* Print the OCSP reply stored in a file.
2678	*
2679	* @param context a hx509 context
2680	* @param path path to a file with a OCSP reply
2681	* @param out the out FILE descriptor to print the reply on
2682	*
2683	* @return An hx509 error code, see hx509_get_error_string().
2684	*
2685	* @ingroup hx509_revoke
2686	*/
2687
2688	int
2689	hx509_revoke_ocsp_print (
2690	hx509_context /context/,
2691	const char */path/,
2692	FILE */out/);
2693
2694	int
2695	hx509_revoke_print (
2696	hx509_context /context/,
2697	hx509_revoke_ctx /ctx/,
2698	FILE */out/);
2699
2700	/**
2701	* Check that a certificate is not expired according to a revokation
2702	* context. Also need the parent certificte to the check OCSP
2703	* parent identifier.
2704	*
2705	* @param context hx509 context
2706	* @param ctx hx509 revokation context
2707	* @param certs
2708	* @param now
2709	* @param cert
2710	* @param parent_cert
2711	*
2712	* @return An hx509 error code, see hx509_get_error_string().
2713	*
2714	* @ingroup hx509_revoke
2715	*/
2716
2717	int
2718	hx509_revoke_verify (
2719	hx509_context /context/,
2720	hx509_revoke_ctx /ctx/,
2721	hx509_certs /certs/,
2722	time_t /now/,
2723	hx509_cert /cert/,
2724	hx509_cert /parent_cert/);
2725
2726	/**
2727	* See hx509_set_error_stringv().
2728	*
2729	* @param context A hx509 context.
2730	* @param flags
2731	* - HX509_ERROR_APPEND appends the error string to the old messages
2732	(code is updated).
2733	* @param code error code related to error message
2734	* @param fmt error message format
2735	* @param ... arguments to error message format
2736	*
2737	* @ingroup hx509_error
2738	*/
2739
2740	void
2741	hx509_set_error_string (
2742	hx509_context /context/,
2743	int /flags/,
2744	int /code/,
2745	const char */fmt/,
2746	...);
2747
2748	/**
2749	* Add an error message to the hx509 context.
2750	*
2751	* @param context A hx509 context.
2752	* @param flags
2753	* - HX509_ERROR_APPEND appends the error string to the old messages
2754	(code is updated).
2755	* @param code error code related to error message
2756	* @param fmt error message format
2757	* @param ap arguments to error message format
2758	*
2759	* @ingroup hx509_error
2760	*/
2761
2762	void
2763	hx509_set_error_stringv (
2764	hx509_context /context/,
2765	int /flags/,
2766	int /code/,
2767	const char */fmt/,
2768	va_list /ap/);
2769
2770	const AlgorithmIdentifier *
2771	hx509_signature_ecPublicKey (void);
2772
2773	const AlgorithmIdentifier *
2774	hx509_signature_ecdsa_with_sha256 (void);
2775
2776	const AlgorithmIdentifier *
2777	hx509_signature_md5 (void);
2778
2779	const AlgorithmIdentifier *
2780	hx509_signature_rsa (void);
2781
2782	const AlgorithmIdentifier *
2783	hx509_signature_rsa_pkcs1_x509 (void);
2784
2785	const AlgorithmIdentifier *
2786	hx509_signature_rsa_with_md5 (void);
2787
2788	const AlgorithmIdentifier *
2789	hx509_signature_rsa_with_sha1 (void);
2790
2791	const AlgorithmIdentifier *
2792	hx509_signature_rsa_with_sha256 (void);
2793
2794	const AlgorithmIdentifier *
2795	hx509_signature_rsa_with_sha384 (void);
2796
2797	const AlgorithmIdentifier *
2798	hx509_signature_rsa_with_sha512 (void);
2799
2800	const AlgorithmIdentifier *
2801	hx509_signature_sha1 (void);
2802
2803	const AlgorithmIdentifier *
2804	hx509_signature_sha256 (void);
2805
2806	const AlgorithmIdentifier *
2807	hx509_signature_sha384 (void);
2808
2809	const AlgorithmIdentifier *
2810	hx509_signature_sha512 (void);
2811
2812	/**
2813	* Convert a DER encoded name info a string.
2814	*
2815	* @param data data to a DER/BER encoded name
2816	* @param length length of data
2817	* @param str the resulting string, is NULL on failure.
2818	*
2819	* @return An hx509 error code, see hx509_get_error_string().
2820	*
2821	* @ingroup hx509_name
2822	*/
2823
2824	int
2825	hx509_unparse_der_name (
2826	const void */data/,
2827	size_t /length/,
2828	char **/str/);
2829
2830	/**
2831	* Validate/Print the status of the certificate.
2832	*
2833	* @param context A hx509 context.
2834	* @param ctx A hx509 validation context.
2835	* @param cert the cerificate to validate/print.
2836
2837	* @return An hx509 error code, see hx509_get_error_string().
2838	*
2839	* @ingroup hx509_print
2840	*/
2841
2842	int
2843	hx509_validate_cert (
2844	hx509_context /context/,
2845	hx509_validate_ctx /ctx/,
2846	hx509_cert /cert/);
2847
2848	/**
2849	* Add flags to control the behaivor of the hx509_validate_cert()
2850	* function.
2851	*
2852	* @param ctx A hx509 validation context.
2853	* @param flags flags to add to the validation context.
2854	*
2855	* @return An hx509 error code, see hx509_get_error_string().
2856	*
2857	* @ingroup hx509_print
2858	*/
2859
2860	void
2861	hx509_validate_ctx_add_flags (
2862	hx509_validate_ctx /ctx/,
2863	int /flags/);
2864
2865	/**
2866	* Free an hx509 validate context.
2867	*
2868	* @param ctx the hx509 validate context to free.
2869	*
2870	* @ingroup hx509_print
2871	*/
2872
2873	void
2874	hx509_validate_ctx_free (hx509_validate_ctx /ctx/);
2875
2876	/**
2877	* Allocate a hx509 validation/printing context.
2878	*
2879	* @param context A hx509 context.
2880	* @param ctx a new allocated hx509 validation context, free with
2881	* hx509_validate_ctx_free().
2882
2883	* @return An hx509 error code, see hx509_get_error_string().
2884	*
2885	* @ingroup hx509_print
2886	*/
2887
2888	int
2889	hx509_validate_ctx_init (
2890	hx509_context /context/,
2891	hx509_validate_ctx */ctx/);
2892
2893	/**
2894	* Set the printing functions for the validation context.
2895	*
2896	* @param ctx a hx509 valication context.
2897	* @param func the printing function to usea.
2898	* @param c the context variable to the printing function.
2899	*
2900	* @return An hx509 error code, see hx509_get_error_string().
2901	*
2902	* @ingroup hx509_print
2903	*/
2904
2905	void
2906	hx509_validate_ctx_set_print (
2907	hx509_validate_ctx /ctx/,
2908	hx509_vprint_func /func/,
2909	void */c/);
2910
2911	/**
2912	* Set the trust anchors in the verification context, makes an
2913	* reference to the keyset, so the consumer can free the keyset
2914	* independent of the destruction of the verification context (ctx).
2915	* If there already is a keyset attached, it's released.
2916	*
2917	* @param ctx a verification context
2918	* @param set a keyset containing the trust anchors.
2919	*
2920	* @ingroup hx509_verify
2921	*/
2922
2923	void
2924	hx509_verify_attach_anchors (
2925	hx509_verify_ctx /ctx/,
2926	hx509_certs /set/);
2927
2928	/**
2929	* Attach an revocation context to the verfication context, , makes an
2930	* reference to the revoke context, so the consumer can free the
2931	* revoke context independent of the destruction of the verification
2932	* context. If there is no revoke context, the verification process is
2933	* NOT going to check any verification status.
2934	*
2935	* @param ctx a verification context.
2936	* @param revoke_ctx a revoke context.
2937	*
2938	* @ingroup hx509_verify
2939	*/
2940
2941	void
2942	hx509_verify_attach_revoke (
2943	hx509_verify_ctx /ctx/,
2944	hx509_revoke_ctx /revoke_ctx/);
2945
2946	void
2947	hx509_verify_ctx_f_allow_best_before_signature_algs (
2948	hx509_context /ctx/,
2949	int /boolean/);
2950
2951	/**
2952	* Allow using the operating system builtin trust anchors if no other
2953	* trust anchors are configured.
2954	*
2955	* @param ctx a verification context
2956	* @param boolean if non zero, useing the operating systems builtin
2957	* trust anchors.
2958	*
2959	*
2960	* @return An hx509 error code, see hx509_get_error_string().
2961	*
2962	* @ingroup hx509_cert
2963	*/
2964
2965	void
2966	hx509_verify_ctx_f_allow_default_trustanchors (
2967	hx509_verify_ctx /ctx/,
2968	int /boolean/);
2969
2970	/**
2971	* Free an hx509 verification context.
2972	*
2973	* @param ctx the context to be freed.
2974	*
2975	* @ingroup hx509_verify
2976	*/
2977
2978	void
2979	hx509_verify_destroy_ctx (hx509_verify_ctx /ctx/);
2980
2981	/**
2982	* Verify that the certificate is allowed to be used for the hostname
2983	* and address.
2984	*
2985	* @param context A hx509 context.
2986	* @param cert the certificate to match with
2987	* @param flags Flags to modify the behavior:
2988	* - HX509_VHN_F_ALLOW_NO_MATCH no match is ok
2989	* @param type type of hostname:
2990	* - HX509_HN_HOSTNAME for plain hostname.
2991	* - HX509_HN_DNSSRV for DNS SRV names.
2992	* @param hostname the hostname to check
2993	* @param sa address of the host
2994	* @param sa_size length of address
2995	*
2996	* @return An hx509 error code, see hx509_get_error_string().
2997	*
2998	* @ingroup hx509_cert
2999	*/
3000
3001	int
3002	hx509_verify_hostname (
3003	hx509_context /context/,
3004	const hx509_cert /cert/,
3005	int /flags/,
3006	hx509_hostname_type /type/,
3007	const char */hostname/,
3008	const struct sockaddr */sa/,
3009	int /sa_size/);
3010
3011	/**
3012	* Allocate an verification context that is used fo control the
3013	* verification process.
3014	*
3015	* @param context A hx509 context.
3016	* @param ctx returns a pointer to a hx509_verify_ctx object.
3017	*
3018	* @return An hx509 error code, see hx509_get_error_string().
3019	*
3020	* @ingroup hx509_verify
3021	*/
3022
3023	int
3024	hx509_verify_init_ctx (
3025	hx509_context /context/,
3026	hx509_verify_ctx */ctx/);
3027
3028	/**
3029	* Build and verify the path for the certificate to the trust anchor
3030	* specified in the verify context. The path is constructed from the
3031	* certificate, the pool and the trust anchors.
3032	*
3033	* @param context A hx509 context.
3034	* @param ctx A hx509 verification context.
3035	* @param cert the certificate to build the path from.
3036	* @param pool A keyset of certificates to build the chain from.
3037	*
3038	* @return An hx509 error code, see hx509_get_error_string().
3039	*
3040	* @ingroup hx509_verify
3041	*/
3042
3043	int
3044	hx509_verify_path (
3045	hx509_context /context/,
3046	hx509_verify_ctx /ctx/,
3047	hx509_cert /cert/,
3048	hx509_certs /pool/);
3049
3050	/**
3051	* Set the maximum depth of the certificate chain that the path
3052	* builder is going to try.
3053	*
3054	* @param ctx a verification context
3055	* @param max_depth maxium depth of the certificate chain, include
3056	* trust anchor.
3057	*
3058	* @ingroup hx509_verify
3059	*/
3060
3061	void
3062	hx509_verify_set_max_depth (
3063	hx509_verify_ctx /ctx/,
3064	unsigned int /max_depth/);
3065
3066	/**
3067	* Allow or deny the use of proxy certificates
3068	*
3069	* @param ctx a verification context
3070	* @param boolean if non zero, allow proxy certificates.
3071	*
3072	* @ingroup hx509_verify
3073	*/
3074
3075	void
3076	hx509_verify_set_proxy_certificate (
3077	hx509_verify_ctx /ctx/,
3078	int /boolean/);
3079
3080	/**
3081	* Select strict RFC3280 verification of certificiates. This means
3082	* checking key usage on CA certificates, this will make version 1
3083	* certificiates unuseable.
3084	*
3085	* @param ctx a verification context
3086	* @param boolean if non zero, use strict verification.
3087	*
3088	* @ingroup hx509_verify
3089	*/
3090
3091	void
3092	hx509_verify_set_strict_rfc3280_verification (
3093	hx509_verify_ctx /ctx/,
3094	int /boolean/);
3095
3096	/**
3097	* Set the clock time the the verification process is going to
3098	* use. Used to check certificate in the past and future time. If not
3099	* set the current time will be used.
3100	*
3101	* @param ctx a verification context.
3102	* @param t the time the verifiation is using.
3103	*
3104	*
3105	* @ingroup hx509_verify
3106	*/
3107
3108	void
3109	hx509_verify_set_time (
3110	hx509_verify_ctx /ctx/,
3111	time_t /t/);
3112
3113	/**
3114	* Verify a signature made using the private key of an certificate.
3115	*
3116	* @param context A hx509 context.
3117	* @param signer the certificate that made the signature.
3118	* @param alg algorthm that was used to sign the data.
3119	* @param data the data that was signed.
3120	* @param sig the sigature to verify.
3121	*
3122	* @return An hx509 error code, see hx509_get_error_string().
3123	*
3124	* @ingroup hx509_crypto
3125	*/
3126
3127	int
3128	hx509_verify_signature (
3129	hx509_context /context/,
3130	const hx509_cert /signer/,
3131	const AlgorithmIdentifier */alg/,
3132	const heim_octet_string */data/,
3133	const heim_octet_string */sig/);
3134
3135	/**
3136	* Free a data element allocated in the library.
3137	*
3138	* @param ptr data to be freed.
3139	*
3140	* @ingroup hx509_misc
3141	*/
3142
3143	void
3144	hx509_xfree (void */ptr/);
3145
3146	int
3147	yywrap (void);
3148
3149	#ifdef __cplusplus
3150	}
3151	#endif
3152
3153	#endif /* DOXY */
3154	#endif /* __hx509_protos_h__ */
3155

Browse the source code of netbsd/objdir.amd64/destdir.amd64/usr/include/krb5/hx509-protos.h