High Performance OPC UA Server SDK
1.1.0.158
|
Modules | |
Certificate Validation Flags | |
Bitmask values for controlling the verification process of pki_cert_verify. | |
Data Structures | |
struct | pki_cert_trust_list |
List of trust list elements (trusted|issuers&certs|crls). More... | |
struct | pki_cert_verification_result |
Certificate verification result. More... | |
struct | pki_cert_identity |
Holds all information about a certificate issuer or subject. More... | |
struct | pki_cert_info |
Holds all additional OPC UA relevant information of a certificate. More... | |
Typedefs | |
typedef void * | pki_cert |
X509 certificate handle. More... | |
Enumerations | |
enum | pki_cert_extension { pki_cert_extension_subject_alt_name = 0, pki_cert_extension_basic_constraints = 1, pki_cert_extension_netscape_comment = 2, pki_cert_extension_subject_key_identifier = 3, pki_cert_extension_authority_key_identifier = 4, pki_cert_extension_key_usage = 5, pki_cert_extension_extended_key_usage = 6 } |
Identifiers for supported X509 extenstions. | |
Functions | |
static void | pki_cert_identity_clear (struct pki_cert_identity *id) |
Release all memory referenced by a pki_cert_identitiy structure. More... | |
static void | pki_cert_info_clear (struct pki_cert_info *info) |
Release all memory referenced by a pki_cert_info structure. More... | |
int | pki_cert_from_der (const unsigned char *der, size_t derlen, pki_cert *cert) |
Decode a single certificate from DER format. More... | |
int | pki_cert_verify (size_t cert_len, unsigned char *cert_data, uint32_t verification_flags, struct pki_cert_trust_list *trusted_certs, struct pki_cert_trust_list *trusted_crls, struct pki_cert_trust_list *issuer_certs, struct pki_cert_trust_list *issuer_crls, bool *cert_ok, unsigned int *num_results, struct pki_cert_verification_result *results) |
Check if certificate is valid (time, signature etc.). More... | |
int | pki_cert_get_public_key (pki_cert cert, struct crypto_key *key) |
Get handle to public key of a certificate. More... | |
int | pki_cert_get_identity (pki_cert cert, unsigned char issuer, struct pki_cert_identity *cert_id) |
Get issuer or subject information from a certificate. More... | |
int | pki_cert_get_info (pki_cert cert, struct pki_cert_info *cert_info) |
Get basic X509 information from a certificate. More... | |
void | pki_cert_delete (pki_cert *cert) |
Release handle to certificate. More... | |
int | pki_cert_split_chain (unsigned char *chain, size_t chain_size, uint32_t *pnum_certs, size_t *cert_lengths, unsigned char **cert_datas) |
Get start positions of pnum_certs certificates. More... | |
int | pki_cert_create_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, const struct pki_cert_identity *iss, const struct crypto_key *iss_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
Creates a new cert based on given certificate data and returns it DER encoded. More... | |
int | pki_cert_create (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, const struct pki_cert_identity *iss, const struct crypto_key *iss_key, enum crypto_hash_alg sign_alg, pki_cert *cert) |
Creates a new cert based on given certificate data and returns it in internal format. More... | |
int | pki_cert_create_csr_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
Creates a new certificate signing request based on given certificate data and returns it DER encoded. More... | |
int | pki_cert_get_extension (pki_cert cert, enum pki_cert_extension ext, unsigned char *val, size_t vallen) |
Get extension from cert. More... | |
typedef void* pki_cert |
X509 certificate handle.
int pki_cert_create | ( | const struct pki_cert_info * | cert_info, |
const struct pki_cert_identity * | sub, | ||
const struct crypto_key * | sub_key, | ||
const struct pki_cert_identity * | iss, | ||
const struct crypto_key * | iss_key, | ||
enum crypto_hash_alg | sign_alg, | ||
pki_cert * | cert | ||
) |
Creates a new cert based on given certificate data and returns it in internal format.
cert_info | UA Application information. |
sub | The identity of the cert owner. |
sub_key | The key pair of the cert. The public key part will be stored in the cert. |
iss | The identity of the cert iss. |
iss_key | The key pair of the cert iss. This is needed to sign the cert. |
sign_alg | Set the algorithm to be used for signing the new certificate. |
cert | The created certificate in internal format. |
int pki_cert_create_csr_der | ( | const struct pki_cert_info * | cert_info, |
const struct pki_cert_identity * | sub, | ||
const struct crypto_key * | sub_key, | ||
enum crypto_hash_alg | sign_alg, | ||
unsigned char * | der, | ||
size_t * | derlen | ||
) |
Creates a new certificate signing request based on given certificate data and returns it DER encoded.
cert_info | UA Application information. |
sub | The identity of the cert owner. |
sub_key | The key pair of the cert. The public key part will be stored in the cert. |
sign_alg | Set the algorithm to be used for signing the new certificate. |
der | Buffer to encode the certificate into. |
derlen | Length of the destination buffer; used size on return. |
int pki_cert_create_der | ( | const struct pki_cert_info * | cert_info, |
const struct pki_cert_identity * | sub, | ||
const struct crypto_key * | sub_key, | ||
const struct pki_cert_identity * | iss, | ||
const struct crypto_key * | iss_key, | ||
enum crypto_hash_alg | sign_alg, | ||
unsigned char * | der, | ||
size_t * | derlen | ||
) |
Creates a new cert based on given certificate data and returns it DER encoded.
cert_info | UA Application information. |
sub | The identity of the cert owner. |
sub_key | The key pair of the cert. The public key part will be stored in the cert. |
iss | The identity of the cert iss. |
iss_key | The key pair of the cert iss. This is needed to sign the cert. |
sign_alg | Set the algorithm to be used for signing the new certificate. |
der | Buffer to encode the certificate into. |
derlen | Length of the destination buffer; used size on return. |
void pki_cert_delete | ( | pki_cert * | cert | ) |
Release handle to certificate.
cert | Certificate handle to release. |
int pki_cert_from_der | ( | const unsigned char * | der, |
size_t | derlen, | ||
pki_cert * | cert | ||
) |
Decode a single certificate from DER format.
der | Buffer containing a DER encoded certificate. |
derlen | Length of one encoded certificate in the buffer. |
cert | Handle to the decoded certificate. |
int pki_cert_get_extension | ( | pki_cert | cert, |
enum pki_cert_extension | ext, | ||
unsigned char * | val, | ||
size_t | vallen | ||
) |
Get extension from cert.
cert | The cert to use. |
ext | The cert extension to get. |
val | Place to store the value of the specified extension. |
vallen | Length of the value buffer. |
int pki_cert_get_identity | ( | pki_cert | cert, |
unsigned char | issuer, | ||
struct pki_cert_identity * | cert_id | ||
) |
Get issuer or subject information from a certificate.
cert | The cert to use. |
issuer | Set to 0 to get subject information, else issuer information. |
cert_id | Pointer to structure for storing the identity information. Contents must be freed. |
int pki_cert_get_info | ( | pki_cert | cert, |
struct pki_cert_info * | cert_info | ||
) |
Get basic X509 information from a certificate.
cert | The cert to extract the data from. |
cert_info | Pointer to structure for storing the certificate information. Contents must be freed. |
int pki_cert_get_public_key | ( | pki_cert | cert, |
struct crypto_key * | key | ||
) |
Get handle to public key of a certificate.
The key becomes invalid when the certificate is released.
cert | Handle of the certificate. |
key | Pointer to the key handle memory. |
|
inlinestatic |
Release all memory referenced by a pki_cert_identitiy structure.
|
inlinestatic |
Release all memory referenced by a pki_cert_info structure.
int pki_cert_split_chain | ( | unsigned char * | chain, |
size_t | chain_size, | ||
uint32_t * | pnum_certs, | ||
size_t * | cert_lengths, | ||
unsigned char ** | cert_datas | ||
) |
Get start positions of pnum_certs certificates.
The array certs should be long enough to hold the number of expected certificates.
chain | Buffer containing one or more encoded certificates. |
chain_size | Number of bytes in chain. |
pnum_certs | Number of certs elements before call, number of used certs after call. |
cert_lengths | Array of sizes to store the lengths of the chain elements. |
cert_datas | Array of pointers to store the starting positions of the chain elements. |
int pki_cert_verify | ( | size_t | cert_len, |
unsigned char * | cert_data, | ||
uint32_t | verification_flags, | ||
struct pki_cert_trust_list * | trusted_certs, | ||
struct pki_cert_trust_list * | trusted_crls, | ||
struct pki_cert_trust_list * | issuer_certs, | ||
struct pki_cert_trust_list * | issuer_crls, | ||
bool * | cert_ok, | ||
unsigned int * | num_results, | ||
struct pki_cert_verification_result * | results | ||
) |
Check if certificate is valid (time, signature etc.).
cert_len | Length in bytes of cert_data. |
cert_data | Array containing the DER encoded certificate to be verified. |
verification_flags | Bit mask of verification control flags (see ). |
trusted_certs | Set of trusted application instance certificate and issuer certificates. |
trusted_crls | Set of trusted issuer CRLs. |
issuer_certs | Set of untrusted issuer certificates for chain completion. |
issuer_crls | Set of untrusted issuer CRLs. |
cert_ok | General verification result on return. |
num_results | Size of array results; number of used elements on return. |
results | Preallocated array for storing validation results. |