High Performance OPC UA Server SDK
1.2.1.203
|
Store certificates, CRLs and private keys in backend specific locations. More...
Data Structures | |
struct | pki_store_file |
Configuration structure of the file based PKI store. More... | |
Functions | |
int | pki_store_string_to_sha1 (const char *src, unsigned char *id) |
Convenience function to convert certificate ID from string to binary/API representation. More... | |
int | pki_store_sha1_to_string (const unsigned char *id, char *dest) |
Convenience function to convert certificate ID to string representation. More... | |
int | pki_store_init (void) |
Initialize PKI store management. More... | |
int | pki_store_clear (void) |
Clear PKI store management. More... | |
int | pki_store_open (const char *config, uint32_t store) |
Open the PKI store with the given id and settings and create directory layout if not existing. More... | |
int | pki_store_close (uint32_t store) |
Closes the store with the given id. More... | |
int | pki_store_load_cert (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, enum pki_store_loc location, size_t *cert_len, unsigned char **cert_data, int prio) |
Load a certificate from the store. More... | |
int | pki_store_save_cert (uint32_t store, struct pki_store_credentials *credentials, enum pki_store_loc location, size_t cert_len, unsigned char *cert_data, int prio) |
Save a certificate in the store. More... | |
int | pki_store_remove_cert (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, enum pki_store_loc location, int prio) |
Remove a certificate from the store. More... | |
int | pki_store_load_certs (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_certs, unsigned char **cert_sha, enum pki_store_loc *location, int **results, size_t **cert_len, unsigned char ***cert_data, int prio) |
Load a set of certificates from the store. More... | |
int | pki_store_save_certs (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_certs, enum pki_store_loc *location, size_t *cert_len, unsigned char **cert_data, int **results, int prio) |
Save a set of certificates in the store. More... | |
int | pki_store_remove_certs (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_certs, unsigned char **cert_sha, enum pki_store_loc *location, int **results, int prio) |
Remove a set of certificates from the store. More... | |
int | pki_store_list_certs (uint32_t store, struct pki_store_credentials *credentials, enum pki_store_loc location, unsigned int *num_cert_shas, unsigned char **cert_shas, int prio) |
Retrieve a list of all certificates in a particular location in the store. More... | |
int | pki_store_load_crl (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, enum pki_store_loc location, size_t *crl_len, unsigned char **crl_data, int prio) |
Load a CRL from the store. More... | |
int | pki_store_save_crl (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, enum pki_store_loc location, size_t crl_len, unsigned char *crl_data, int prio) |
Save a CRL in the store. More... | |
int | pki_store_remove_crl (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, enum pki_store_loc location, int prio) |
Remove a CRL form the store. More... | |
int | pki_store_load_crls (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_crls, unsigned char **cert_sha, enum pki_store_loc *location, int **results, size_t **crl_len, unsigned char ***crl_data, int prio) |
Load a set of CRLs from the store. More... | |
int | pki_store_save_crls (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_crls, unsigned char **cert_sha, enum pki_store_loc *location, size_t *crl_len, unsigned char **crl_data, int **results, int prio) |
Save a set of certificates in the store. More... | |
int | pki_store_remove_crls (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_crls, unsigned char **cert_sha, enum pki_store_loc *location, int **results, int prio) |
Remove a set of CRLs from the store. More... | |
int | pki_store_list_crls (uint32_t store, struct pki_store_credentials *credentials, enum pki_store_loc location, unsigned int *num_cert_shas, unsigned char **cert_shas, int prio) |
Retrieve a list of all CRLs in a particular location in the store. More... | |
int | pki_store_load_key (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, struct crypto_key *key, int prio) |
Load a key from the store. More... | |
int | pki_store_save_key (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, size_t key_len, unsigned char *key_data, int prio) |
Save a key in the store. More... | |
int | pki_store_remove_key (uint32_t store, struct pki_store_credentials *credentials, unsigned char *cert_sha, int prio) |
Remove a key from the store. More... | |
int | pki_store_load_keys (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_keys, unsigned char **cert_sha, int **results, struct crypto_key **key, int prio) |
Load a set of keys from the store. More... | |
int | pki_store_save_keys (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_keys, unsigned char **cert_sha, size_t *key_len, unsigned char **key_data, int **results, int prio) |
Save a set of keys in the store. More... | |
int | pki_store_remove_keys (uint32_t store, struct pki_store_credentials *credentials, unsigned int num_keys, unsigned char **cert_sha, int **results, int prio) |
Remove a set of keys from the store. More... | |
int | pki_store_list_keys (uint32_t store, struct pki_store_credentials *credentials, unsigned int *num_cert_shas, unsigned char **cert_shas, int prio) |
Retrieve a list of all keys in the store. More... | |
int | pki_store_verify_cert (uint32_t store, size_t cert_len, unsigned char *cert_data, uint32_t verification_flags, uint32_t num_issuers, size_t *issuer_lengths, unsigned char **issuer_datas, bool *cert_ok, unsigned int *num_results, struct pki_cert_verification_result **results, int prio) |
Verify a certificate in the context of the PKI store with the given ID. More... | |
static int | pki_store_make_cert_id (struct ua_bytestring *cert, unsigned char *id) |
Convenience function to create SHA1 for use as certificate ID. More... | |
Variables | |
static struct pki_store_file | g_pki_stores [PKI_STORE_MAX_STORES] |
Array of store instances. More... | |
static char * | pki_store_load_files_extension = NULL |
Global helper for passing filter information into ua_file_scandir(). More... | |
Store certificates, CRLs and private keys in backend specific locations.
int pki_store_clear | ( | void | ) |
Clear PKI store management.
No further PKI store calls allowed after this call.
int pki_store_close | ( | uint32_t | store | ) |
Closes the store with the given id.
store | Identifier of the store to be initialized. |
int pki_store_init | ( | void | ) |
Initialize PKI store management.
Must be called before any other PKI store function.
int pki_store_list_certs | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
enum pki_store_loc | location, | ||
unsigned int * | num_cert_shas, | ||
unsigned char ** | cert_shas, | ||
int | prio | ||
) |
Retrieve a list of all certificates in a particular location in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
location | Store element (trusted, issuers, etc.). |
num_cert_shas | Number of CRLs in the store. |
cert_shas | num_cert_shas identifiers of objects in the store. |
prio | IPC specific priority value. |
int pki_store_list_crls | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
enum pki_store_loc | location, | ||
unsigned int * | num_cert_shas, | ||
unsigned char ** | cert_shas, | ||
int | prio | ||
) |
Retrieve a list of all CRLs in a particular location in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
location | Store element (trusted, issuers, etc.). |
num_cert_shas | Number of CRLs in the store. |
cert_shas | num_cert_shas identifiers of objects in the store. |
prio | IPC specific priority value. |
int pki_store_list_keys | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int * | num_cert_shas, | ||
unsigned char ** | cert_shas, | ||
int | prio | ||
) |
Retrieve a list of all keys in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_cert_shas | Number of keys in the store. |
cert_shas | num_cert_shas key identifiers of objects in the store. |
prio | IPC specific priority value. |
int pki_store_load_cert | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
size_t * | cert_len, | ||
unsigned char ** | cert_data, | ||
int | prio | ||
) |
Load a certificate from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to load. |
location | Store element (trusted, issuers, etc.). |
cert_len | The length of the loaded element. |
cert_data | The content of the loaded element. |
prio | IPC specific priority value. |
int pki_store_load_certs | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_certs, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
size_t ** | cert_len, | ||
unsigned char *** | cert_data, | ||
int | prio | ||
) |
Load a set of certificates from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_certs | Number of elements to load. |
cert_sha | num_certs SHA1 ids of the elements to load. |
location | Store element (trusted, issuers, etc.). |
results | num_certs result codes. |
cert_len | num_certs element lengths; particular element may be <= 0 if sub operation failed. |
cert_data | num_certs loaded elements; particular element may be NULL if sub operation failed. |
prio | IPC specific priority value. |
int pki_store_load_crl | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
size_t * | crl_len, | ||
unsigned char ** | crl_data, | ||
int | prio | ||
) |
Load a CRL from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to load. |
location | Store element (trusted, issuers, etc.). |
crl_len | The length of the loaded element. |
crl_data | The content of the loaded element. |
prio | IPC specific priority value. |
int pki_store_load_crls | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_crls, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
size_t ** | crl_len, | ||
unsigned char *** | crl_data, | ||
int | prio | ||
) |
Load a set of CRLs from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_crls | Number of elements to load. |
cert_sha | num_crls SHA1 ids of the elements to load. |
location | Store element (trusted, issuers, etc.). |
results | num_crls result codes. |
crl_len | num_crls element lengths; particular element may be <= 0 if sub operation failed. |
crl_data | num_crls loaded elements; particular element may be NULL if sub operation failed. |
prio | IPC specific priority value. |
int pki_store_load_key | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
struct crypto_key * | key, | ||
int | prio | ||
) |
Load a key from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to load. |
key | The content of the loaded element. |
prio | IPC specific priority value. |
int pki_store_load_keys | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_keys, | ||
unsigned char ** | cert_sha, | ||
int ** | results, | ||
struct crypto_key ** | key, | ||
int | prio | ||
) |
Load a set of keys from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_keys | Number of elements to load. |
cert_sha | num_keys SHA1 ids of the elements to load. |
results | num_keys result codes. |
key | num_keys loaded elements; particular element may be NULL if sub operation failed. |
prio | IPC specific priority value. |
|
inline |
Convenience function to create SHA1 for use as certificate ID.
cert | DER encoded certificate. |
id | Destination buffer for the SHA1 certificate id. |
int pki_store_open | ( | const char * | config, |
uint32_t | store | ||
) |
Open the PKI store with the given id and settings and create directory layout if not existing.
Must be called before any other operation on a store with the given id.
config | The configuration string for the store. |
store | Identifier of the store to be initialized. |
int pki_store_remove_cert | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
int | prio | ||
) |
Remove a certificate from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to delete. |
location | Store element (trusted, issuers, etc.). |
prio | IPC specific priority value. |
int pki_store_remove_certs | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_certs, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
int | prio | ||
) |
Remove a set of certificates from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_certs | Number of elements to delete. |
cert_sha | num_certs SHA1 ids of the elements to delete. |
location | Store element (trusted, issuers, etc.). |
results | num_certs result codes. |
prio | IPC specific priority value. |
int pki_store_remove_crl | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
int | prio | ||
) |
Remove a CRL form the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to delete. |
location | Store element (trusted, issuers, etc.). |
prio | IPC specific priority value. |
int pki_store_remove_crls | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_crls, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
int | prio | ||
) |
Remove a set of CRLs from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_crls | Number of elements to delete. |
cert_sha | num_crls SHA1 ids of the elements to delete. |
location | Store element (trusted, issuers, etc.). |
results | num_crls result codes. |
prio | IPC specific priority value. |
int pki_store_remove_key | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
int | prio | ||
) |
Remove a key from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to delete. |
prio | IPC specific priority value. |
int pki_store_remove_keys | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_keys, | ||
unsigned char ** | cert_sha, | ||
int ** | results, | ||
int | prio | ||
) |
Remove a set of keys from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_keys | Number of elements to delete. |
cert_sha | num_keys SHA1 ids of the elements to load. |
results | num_keys result codes. |
prio | IPC specific priority value. |
int pki_store_save_cert | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
enum pki_store_loc | location, | ||
size_t | cert_len, | ||
unsigned char * | cert_data, | ||
int | prio | ||
) |
Save a certificate in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
location | Store element (trusted, issuers, etc.). |
cert_len | The length of the element to store. |
cert_data | The content of the element to store. |
prio | IPC specific priority value. |
int pki_store_save_certs | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_certs, | ||
enum pki_store_loc * | location, | ||
size_t * | cert_len, | ||
unsigned char ** | cert_data, | ||
int ** | results, | ||
int | prio | ||
) |
Save a set of certificates in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_certs | Number of elements to store. |
location | num_certs store elements (trusted, issuers, etc.). |
cert_len | num_certs object lengths of the certificates to store. |
cert_data | num_certs certificates bodies to store. |
results | num_certs result codes. |
prio | IPC specific priority value. |
int pki_store_save_crl | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
size_t | crl_len, | ||
unsigned char * | crl_data, | ||
int | prio | ||
) |
Save a CRL in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to store. |
location | Store element (trusted, issuers, etc.). |
crl_len | The length of the element to store. |
crl_data | The content of the element to store. |
prio | IPC specific priority value. |
int pki_store_save_crls | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_crls, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
size_t * | crl_len, | ||
unsigned char ** | crl_data, | ||
int ** | results, | ||
int | prio | ||
) |
Save a set of certificates in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_crls | Number of elements to store. |
cert_sha | num_crls SHA1 ids of the elements to load. |
location | num_crls store elements (trusted, issuers, etc.). |
crl_len | num_crls object lengths of the CRLs to store. |
crl_data | num_crls CRL bodies to store. |
results | num_crls result codes. |
prio | IPC specific priority value. |
int pki_store_save_key | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
size_t | key_len, | ||
unsigned char * | key_data, | ||
int | prio | ||
) |
Save a key in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to store. |
key_len | The length of the element to store. |
key_data | The content of the element to store. |
prio | IPC specific priority value. |
int pki_store_save_keys | ( | uint32_t | store, |
struct pki_store_credentials * | credentials, | ||
unsigned int | num_keys, | ||
unsigned char ** | cert_sha, | ||
size_t * | key_len, | ||
unsigned char ** | key_data, | ||
int ** | results, | ||
int | prio | ||
) |
Save a set of keys in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_keys | Number of elements to store. |
cert_sha | num_keys SHA1 ids of the elements to save. |
key_len | num_crls object lengths of the CRLs to store. |
key_data | num_crls CRL bodies to store. |
results | num_keys result codes. |
prio | IPC specific priority value. |
int pki_store_sha1_to_string | ( | const unsigned char * | id, |
char * | dest | ||
) |
Convenience function to convert certificate ID to string representation.
hash | Certificate ID (SHA1) in binary representation |
dest | Destination buffer of at least 41 bytes. |
int pki_store_string_to_sha1 | ( | const char * | src, |
unsigned char * | id | ||
) |
Convenience function to convert certificate ID from string to binary/API representation.
hash | Certificate ID in string representation (zero terminated). |
dest | Destination buffer of at least 20 bytes for Certificate ID (SHA1) in binary representation. |
int pki_store_verify_cert | ( | uint32_t | store, |
size_t | cert_len, | ||
unsigned char * | cert_data, | ||
uint32_t | verification_flags, | ||
uint32_t | num_issuers, | ||
size_t * | issuer_lengths, | ||
unsigned char ** | issuer_datas, | ||
bool * | cert_ok, | ||
unsigned int * | num_results, | ||
struct pki_cert_verification_result ** | results, | ||
int | prio | ||
) |
Verify a certificate in the context of the PKI store with the given ID.
Generally, this function behaves like pki_cert_verify with the trust list parameter replaced by the content of the referenced store. Additional issuer certificates may be added temporarily to the untrusted issuer certificates from the store. This is necessary if a communication partner provides these certficates in a handshake message. The verification result is the same as if the issuer certificates would be added to the issuer location in the store before calling this function. But this is not required if a client provides them in the connect phase. Internal: The reason for results being a double pointer is to have the IPC mechanism to pass it to the callback when using the asynchronous proxy version of this function (begin_pki_store_verify_cert). The pointer itself is not intended to be changed.
store | Identifier of the store containing certificates and CRLs to be used for verification. |
cert_len | Length in bytes of cert_data. |
cert_data | Array containing the DER encoded certificate to be verified. |
verification_flags | Bit mask of verification control flags (see ). |
num_issuers | Number of elements in issuer_lengths and issuer_datas. |
issuer_lengths | Array containing the lengts of the elements of issuer_datas. |
issuer_datas | Array with pointers to DER encoded issuer certificates which will be treated like issuer certificates from the store. |
cert_ok | General verification result on return. |
num_results | Size of array results; number of used elements on return. |
results | Preallocated array for storing validation results. |
prio | IPC priority value. |
|
static |
Array of store instances.
|
static |
Global helper for passing filter information into ua_file_scandir().