 |
High Performance OPC UA Server SDK
1.1.0.158
|
|
High Performance OPC UA Server SDK
1.1.0.158
|
Modules | |
| Certificate Validation Flags | |
| Bitmask values for controlling the verification process of pki_cert_verify. | |
Data Structures | |
| struct | pki_cert_trust_list |
| List of trust list elements (trusted|issuers&certs|crls). More... | |
| struct | pki_cert_verification_result |
| Certificate verification result. More... | |
| struct | pki_cert_identity |
| Holds all information about a certificate issuer or subject. More... | |
| struct | pki_cert_info |
| Holds all additional OPC UA relevant information of a certificate. More... | |
Typedefs | |
| typedef void * | pki_cert |
| X509 certificate handle. More... | |
Enumerations | |
| enum | pki_cert_extension { pki_cert_extension_subject_alt_name = 0, pki_cert_extension_basic_constraints = 1, pki_cert_extension_netscape_comment = 2, pki_cert_extension_subject_key_identifier = 3, pki_cert_extension_authority_key_identifier = 4, pki_cert_extension_key_usage = 5, pki_cert_extension_extended_key_usage = 6 } |
| Identifiers for supported X509 extenstions. | |
Functions | |
| static void | pki_cert_identity_clear (struct pki_cert_identity *id) |
| Release all memory referenced by a pki_cert_identitiy structure. More... | |
| static void | pki_cert_info_clear (struct pki_cert_info *info) |
| Release all memory referenced by a pki_cert_info structure. More... | |
| int | pki_cert_from_der (const unsigned char *der, size_t derlen, pki_cert *cert) |
| Decode a single certificate from DER format. More... | |
| int | pki_cert_verify (size_t cert_len, unsigned char *cert_data, uint32_t verification_flags, struct pki_cert_trust_list *trusted_certs, struct pki_cert_trust_list *trusted_crls, struct pki_cert_trust_list *issuer_certs, struct pki_cert_trust_list *issuer_crls, bool *cert_ok, unsigned int *num_results, struct pki_cert_verification_result *results) |
| Check if certificate is valid (time, signature etc.). More... | |
| int | pki_cert_get_public_key (pki_cert cert, struct crypto_key *key) |
| Get handle to public key of a certificate. More... | |
| int | pki_cert_get_identity (pki_cert cert, unsigned char issuer, struct pki_cert_identity *cert_id) |
| Get issuer or subject information from a certificate. More... | |
| int | pki_cert_get_info (pki_cert cert, struct pki_cert_info *cert_info) |
| Get basic X509 information from a certificate. More... | |
| void | pki_cert_delete (pki_cert *cert) |
| Release handle to certificate. More... | |
| int | pki_cert_split_chain (unsigned char *chain, size_t chain_size, uint32_t *pnum_certs, size_t *cert_lengths, unsigned char **cert_datas) |
| Get start positions of pnum_certs certificates. More... | |
| int | pki_cert_create_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, const struct pki_cert_identity *iss, const struct crypto_key *iss_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
| Creates a new cert based on given certificate data and returns it DER encoded. More... | |
| int | pki_cert_create (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, const struct pki_cert_identity *iss, const struct crypto_key *iss_key, enum crypto_hash_alg sign_alg, pki_cert *cert) |
| Creates a new cert based on given certificate data and returns it in internal format. More... | |
| int | pki_cert_create_csr_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
| Creates a new certificate signing request based on given certificate data and returns it DER encoded. More... | |
| int | pki_cert_get_extension (pki_cert cert, enum pki_cert_extension ext, unsigned char *val, size_t vallen) |
| Get extension from cert. More... | |
| typedef void* pki_cert |
X509 certificate handle.
| int pki_cert_create | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| const struct pki_cert_identity * | iss, | ||
| const struct crypto_key * | iss_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| pki_cert * | cert | ||
| ) |
Creates a new cert based on given certificate data and returns it in internal format.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| iss | The identity of the cert iss. |
| iss_key | The key pair of the cert iss. This is needed to sign the cert. |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| cert | The created certificate in internal format. |
| int pki_cert_create_csr_der | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| unsigned char * | der, | ||
| size_t * | derlen | ||
| ) |
Creates a new certificate signing request based on given certificate data and returns it DER encoded.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| der | Buffer to encode the certificate into. |
| derlen | Length of the destination buffer; used size on return. |
| int pki_cert_create_der | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| const struct pki_cert_identity * | iss, | ||
| const struct crypto_key * | iss_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| unsigned char * | der, | ||
| size_t * | derlen | ||
| ) |
Creates a new cert based on given certificate data and returns it DER encoded.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| iss | The identity of the cert iss. |
| iss_key | The key pair of the cert iss. This is needed to sign the cert. |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| der | Buffer to encode the certificate into. |
| derlen | Length of the destination buffer; used size on return. |
| void pki_cert_delete | ( | pki_cert * | cert | ) |
Release handle to certificate.
| cert | Certificate handle to release. |
| int pki_cert_from_der | ( | const unsigned char * | der, |
| size_t | derlen, | ||
| pki_cert * | cert | ||
| ) |
Decode a single certificate from DER format.
| der | Buffer containing a DER encoded certificate. |
| derlen | Length of one encoded certificate in the buffer. |
| cert | Handle to the decoded certificate. |
| int pki_cert_get_extension | ( | pki_cert | cert, |
| enum pki_cert_extension | ext, | ||
| unsigned char * | val, | ||
| size_t | vallen | ||
| ) |
Get extension from cert.
| cert | The cert to use. |
| ext | The cert extension to get. |
| val | Place to store the value of the specified extension. |
| vallen | Length of the value buffer. |
| int pki_cert_get_identity | ( | pki_cert | cert, |
| unsigned char | issuer, | ||
| struct pki_cert_identity * | cert_id | ||
| ) |
Get issuer or subject information from a certificate.
| cert | The cert to use. |
| issuer | Set to 0 to get subject information, else issuer information. |
| cert_id | Pointer to structure for storing the identity information. Contents must be freed. |
| int pki_cert_get_info | ( | pki_cert | cert, |
| struct pki_cert_info * | cert_info | ||
| ) |
Get basic X509 information from a certificate.
| cert | The cert to extract the data from. |
| cert_info | Pointer to structure for storing the certificate information. Contents must be freed. |
| int pki_cert_get_public_key | ( | pki_cert | cert, |
| struct crypto_key * | key | ||
| ) |
Get handle to public key of a certificate.
The key becomes invalid when the certificate is released.
| cert | Handle of the certificate. |
| key | Pointer to the key handle memory. |
|
inlinestatic |
Release all memory referenced by a pki_cert_identitiy structure.
|
inlinestatic |
Release all memory referenced by a pki_cert_info structure.
| int pki_cert_split_chain | ( | unsigned char * | chain, |
| size_t | chain_size, | ||
| uint32_t * | pnum_certs, | ||
| size_t * | cert_lengths, | ||
| unsigned char ** | cert_datas | ||
| ) |
Get start positions of pnum_certs certificates.
The array certs should be long enough to hold the number of expected certificates.
| chain | Buffer containing one or more encoded certificates. |
| chain_size | Number of bytes in chain. |
| pnum_certs | Number of certs elements before call, number of used certs after call. |
| cert_lengths | Array of sizes to store the lengths of the chain elements. |
| cert_datas | Array of pointers to store the starting positions of the chain elements. |
| int pki_cert_verify | ( | size_t | cert_len, |
| unsigned char * | cert_data, | ||
| uint32_t | verification_flags, | ||
| struct pki_cert_trust_list * | trusted_certs, | ||
| struct pki_cert_trust_list * | trusted_crls, | ||
| struct pki_cert_trust_list * | issuer_certs, | ||
| struct pki_cert_trust_list * | issuer_crls, | ||
| bool * | cert_ok, | ||
| unsigned int * | num_results, | ||
| struct pki_cert_verification_result * | results | ||
| ) |
Check if certificate is valid (time, signature etc.).
| cert_len | Length in bytes of cert_data. |
| cert_data | Array containing the DER encoded certificate to be verified. |
| verification_flags | Bit mask of verification control flags (see ). |
| trusted_certs | Set of trusted application instance certificate and issuer certificates. |
| trusted_crls | Set of trusted issuer CRLs. |
| issuer_certs | Set of untrusted issuer certificates for chain completion. |
| issuer_crls | Set of untrusted issuer CRLs. |
| cert_ok | General verification result on return. |
| num_results | Size of array results; number of used elements on return. |
| results | Preallocated array for storing validation results. |