S2OPC OPCUA Toolkit
|
Defines the cryptographic abstraction interface for Asymmetric Key Management such as loading signed public keys (Certificate) and the corresponding private key. A cryptographic implementation must define all the function declared in this file. KeyManager is different than PKIProvider, which only handles signed public key validation and storage. KeyManager API is context-less. The KeyManager is generic, and is not linked to the current security policy. More...
#include <stddef.h>
#include "sopc_crypto_decl.h"
#include "sopc_enums.h"
#include "sopc_crypto_struct_lib_itf.h"
Go to the source code of this file.
Functions | |
SOPC_ReturnStatus | SOPC_KeyManager_AsymmetricKey_CreateFromBuffer (const uint8_t *buffer, uint32_t lenBuf, bool is_public, SOPC_AsymmetricKey **ppKey) |
Creates an asymmetric key (usually a private key) from in-memory buffer buffer . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_AsymmetricKey_CreateFromFile (const char *szPath, SOPC_AsymmetricKey **ppKey, char *password, uint32_t lenPassword) |
Creates an asymmetric key (usually a private key) from a file in the DER or PEM format. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_AsymmetricKey_GenRSA (uint32_t RSAKeySize, SOPC_AsymmetricKey **ppKey) |
Generate an RSA asymmetric key. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_AsymmetricKey_CreateFromCertificate (const SOPC_CertificateList *pCert, SOPC_AsymmetricKey **pKey) |
Returns the public key of the signed public key. More... | |
void | SOPC_KeyManager_AsymmetricKey_Free (SOPC_AsymmetricKey *pKey) |
Frees a previously created asymmetric key created with SOPC_KeyManager_AsymmetricKey_CreateFromBuffer or SOPC_KeyManager_AsymmetricKey_CreateFromFile . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_AsymmetricKey_ToDER (const SOPC_AsymmetricKey *pKey, bool is_public, uint8_t *pDest, uint32_t lenDest, uint32_t *pLenWritten) |
Encodes the pKey as a DER buffer, and writes the result in pDest . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_AsymmetricKey_ToPEMFile (SOPC_AsymmetricKey *pKey, const bool bIsPublic, const char *filePath, const char *pwd, const uint32_t pwdLen) |
Write an asymmetric key to a PEM file. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey (const SOPC_AsymmetricKey *pKey, bool is_public, SOPC_SerializedAsymmetricKey **out) |
Creates a serialized asymmetric key from an SOPC_AsymmetricKey structure. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_CreateOrAddFromDER (const uint8_t *bufferDER, uint32_t lenDER, SOPC_CertificateList **ppCert) |
Creates a new Certificate (signed public key) from a DER encoded buffer, or add it to an existing certificate list. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_CreateOrAddFromFile (const char *szPath, SOPC_CertificateList **ppCert) |
Creates a new Certificate (signed public key) from a file in the DER or PEM format, or add it to an existing certificate list. More... | |
void | SOPC_KeyManager_Certificate_Free (SOPC_CertificateList *pCert) |
Frees a Certificate created with SOPC_KeyManager_Certificate_CreateOrAddFromFile or SOPC_KeyManager_Certificate_CreateOrAddFromDER. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_ToDER (const SOPC_CertificateList *pCert, uint8_t **ppDest, uint32_t *pLenAllocated) |
Encodes a pCert as a DER buffer and writes the result in ppDest . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_ToDER_Files (SOPC_CertificateList *pCerts, const char *directoryPath) |
Write all the certificates of pCerts in DER files at destination directoryPath . File names are defined using the SHA1 of the certificates. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_GetThumbprint (const SOPC_CryptoProvider *pProvider, const SOPC_CertificateList *pCert, uint8_t **ppDest, uint32_t *lenDest) |
Computes and writes the thumbprint of pCert to pDest . More... | |
bool | SOPC_KeyManager_Certificate_CheckApplicationUri (const SOPC_CertificateList *pCert, const char *applicationUri) |
Verify the application URI embedded in a certificate. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_GetMaybeApplicationUri (const SOPC_CertificateList *pCert, char **ppApplicationUri, size_t *pStringLength) |
Copy the application URI embedded in a certificate. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_GetListLength (const SOPC_CertificateList *pCert, size_t *pLength) |
Return the number of chained certificates in the certificate list pCert . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_GetSubjectName (const SOPC_CertificateList *pCert, char **ppSubjectName, uint32_t *pSubjectNameLen) |
Returns the subject name of certificate pCert as a C String. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_GetSanDnsNames (const SOPC_CertificateList *pCert, char ***ppDnsNameArray, uint32_t *pArrayLength) |
Returns all the DNS names of certificate pCert as an array of C String. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CertificateList_FindCertInList (const SOPC_CertificateList *pList, const SOPC_CertificateList *pCert, bool *pbMatch) |
Finds whether a certificate is in the given certificate list or not. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CertificateList_RemoveCertFromSHA1 (SOPC_CertificateList **ppCertList, SOPC_CRLList **ppCRLList, const char *pThumbprint, bool *pbMatch, bool *pbIsIssuer) |
Remove a single Certificate from its thumbprint. If the Certificate is a CA Certificate then all the CRLs for that CA are removed. More... | |
char * | SOPC_KeyManager_Certificate_GetCstring_SHA1 (const SOPC_CertificateList *pCert) |
Returns the SHA-1 thumbprint of a certificate. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_IsSelfSigned (const SOPC_CertificateList *pCert, bool *pbIsSelfSigned) |
Whether the first item of a certificate list is self signed. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_Certificate_Copy (const SOPC_CertificateList *pCert, SOPC_CertificateList **ppCertCopy) |
Makes a copy of a given certificate list. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CertificateList_AttachToSerializedArray (const SOPC_CertificateList *pCerts, SOPC_SerializedCertificate **pSerializedArray, uint32_t *pLenArray) |
Attach a DER certificate list to a serialized certificate array. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CRL_CreateOrAddFromDER (const uint8_t *bufferDER, uint32_t lenDER, SOPC_CRLList **ppCRL) |
Creates a new Certificate Revocation List (CRL) from a DER encoded buffer, or add it to an existing CRL list. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CRL_CreateOrAddFromFile (const char *szPath, SOPC_CRLList **ppCRL) |
Creates a new Certificate Revocation List (CRL) from a file in the DER or PEM format, or add it to an existing CRL list. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CRL_ToDER_Files (SOPC_CRLList *pCrls, const char *directoryPath) |
Write all the CRL ( pCrls ) in DER files. at destination directoryPath . File names are defined using the SHA1 of the crls. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CRL_Copy (const SOPC_CRLList *pCrl, SOPC_CRLList **ppCrlCopy) |
Makes a copy of a given CRL list. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CRL_GetListLength (const SOPC_CRLList *pCrl, size_t *pLength) |
Returns the number of chained CRL in pCrl list. More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CRLList_AttachToSerializedArray (const SOPC_CRLList *pCRLs, SOPC_SerializedCRL **pSerializedArray, uint32_t *pLenArray) |
Attach a DER CRL list to a serialized CRL array. More... | |
void | SOPC_KeyManager_CRL_Free (SOPC_CRLList *pCRL) |
Frees a Certificate created with SOPC_KeyManager_CRL_CreateOrAddFromFile or SOPC_KeyManager_CRL_CreateOrAddFromDER . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CSR_Create (const char *subjectName, const bool bIsServer, const char *mdType, const char *uri, char **pDnsArray, uint32_t arrayLength, SOPC_CSR **ppCSR) |
Create a certificate signing request signed with pKey . More... | |
SOPC_ReturnStatus | SOPC_KeyManager_CSR_ToDER (SOPC_CSR *pCSR, SOPC_AsymmetricKey *pKey, uint8_t **ppDest, uint32_t *pLenAllocated) |
Encodes CSR pCSR as a DER buffer and writes the result in ppDest . More... | |
void | SOPC_KeyManager_CSR_Free (SOPC_CSR *pCSR) |
Frees a CSR created with SOPC_KeyManager_CSR_Create. More... | |
Defines the cryptographic abstraction interface for Asymmetric Key Management such as loading signed public keys (Certificate) and the corresponding private key. A cryptographic implementation must define all the function declared in this file. KeyManager is different than PKIProvider, which only handles signed public key validation and storage. KeyManager API is context-less. The KeyManager is generic, and is not linked to the current security policy.
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromBuffer | ( | const uint8_t * | buffer, |
uint32_t | lenBuf, | ||
bool | is_public, | ||
SOPC_AsymmetricKey ** | ppKey | ||
) |
Creates an asymmetric key (usually a private key) from in-memory buffer buffer
.
buffer
is lenBuf
long, and describes the key in the DER of PEM format.
Public keys are usually extracted from Certificate, see SOPC_KeyManager_AsymmetricKey_CreateFromCertificate or SOPC_KeyManager_AsymmetricKey_CreateFromCertificate .
buffer | A valid pointer to the buffer containing the DER or PEM description. | |
lenBuf | The length in bytes of the DER/PEM description of the key. | |
is_public | Whether the buffer holds a public or a private key. | |
[out] | ppKey | A handle to the created key. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free . |
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromFile | ( | const char * | szPath, |
SOPC_AsymmetricKey ** | ppKey, | ||
char * | password, | ||
uint32_t | lenPassword | ||
) |
Creates an asymmetric key (usually a private key) from a file in the DER or PEM format.
szPath
is the path to the file containing the key. It should be zero-terminated. The key may be described in the DER of PEM format.
Public keys are usually extracted from Certificate, see SOPC_KeyManager_AsymmetricKey_CreateFromCertificate or SOPC_KeyManager_AsymmetricKey_CreateFromCertificate .
szPath | The path to the DER/PEM file. | |
[out] | ppKey | A handle to the created key. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free . |
password | An optional password. The password must be a zero-terminated string with at most lenPassword non null chars, and at least lenPassword + 1 allocated chars. | |
lenPassword | The length of the password. |
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_GenRSA | ( | uint32_t | RSAKeySize, |
SOPC_AsymmetricKey ** | ppKey | ||
) |
Generate an RSA asymmetric key.
RSAKeySize | The RSA key length to generate. | |
[out] | ppKey | A handle to the generated key. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free |
SOPC_STATUS_OK
on success, or an error code in case of failure. SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromCertificate | ( | const SOPC_CertificateList * | pCert, |
SOPC_AsymmetricKey ** | pKey | ||
) |
Returns the public key of the signed public key.
pCert | A valid pointer to the signed public key. | |
[out] | pKey | A handle to the created key structure, the SOPC_AsymmetricKey will then be rewritten to contain the public key. This is not a deep copy, and the key is not valid anymore when the certificate is not valid. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free which will only deallocate the structure. |
void SOPC_KeyManager_AsymmetricKey_Free | ( | SOPC_AsymmetricKey * | pKey | ) |
Frees a previously created asymmetric key created with SOPC_KeyManager_AsymmetricKey_CreateFromBuffer or SOPC_KeyManager_AsymmetricKey_CreateFromFile .
pKey | A valid pointer to the key to free. |
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_ToDER | ( | const SOPC_AsymmetricKey * | pKey, |
bool | is_public, | ||
uint8_t * | pDest, | ||
uint32_t | lenDest, | ||
uint32_t * | pLenWritten | ||
) |
Encodes the pKey
as a DER buffer, and writes the result in pDest
.
The encoding process is not predictable, and a buffer of sufficient length must be provided. A rule of thumb is to provide a buffer which is at least 8 times longer than the key (8 * SOPC_CryptoProvider_AsymmetricGetLength_KeyBytes ).
When SOPC_STATUS_NOK is returned, the function may be called again with a larger buffer.
pKey | A valid pointer to the asymmetric key (public/private) to encode. | |
is_public | Whether the key is public or private. | |
[out] | pDest | A valid pointer to the buffer which will receive the DER encoded key. |
lenDest | The length in bytes of the buffer pDest . | |
[out] | pLenWritten | A valid pointer to the number of bytes written to pDest. |
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_ToPEMFile | ( | SOPC_AsymmetricKey * | pKey, |
const bool | bIsPublic, | ||
const char * | filePath, | ||
const char * | pwd, | ||
const uint32_t | pwdLen | ||
) |
Write an asymmetric key to a PEM file.
pKey | A valid pointer to the asymmetric key (public/private). |
bIsPublic | Whether the key is public or private. |
filePath | Path to the file. |
pwd | An optional password (!= NULL). The password must be a zero-terminated string with at most pwdLen non null chars, and at least pwdLen + 1 allocated chars. |
pwdLen | The length of the password. |
pwd
and pwdLen
are used only to encrypt the key when it is private.SOPC_STATUS_OK
on success, or an error code in case of failure. SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey | ( | const SOPC_AsymmetricKey * | pKey, |
bool | is_public, | ||
SOPC_SerializedAsymmetricKey ** | out | ||
) |
Creates a serialized asymmetric key from an SOPC_AsymmetricKey structure.
pKey | A valid pointer to the asymmetric key (public/private) to serialize. | |
is_public | Whether the key is public or private. | |
[out] | out | the newly allocated serialized key |
SOPC_STATUS_OK
on success, or an error code in case of failure. SOPC_ReturnStatus SOPC_KeyManager_Certificate_CreateOrAddFromDER | ( | const uint8_t * | bufferDER, |
uint32_t | lenDER, | ||
SOPC_CertificateList ** | ppCert | ||
) |
Creates a new Certificate (signed public key) from a DER encoded buffer, or add it to an existing certificate list.
bufferDER
is lenDER
long, and describes the certificate in the DER format.
bufferDER | A valid pointer to the buffer containing the DER description. | |
lenDER | The length in bytes of the DER description of the certificate. | |
[out] | ppCert | Creation: a valid handle which will point to the newly created Certificate. Addition: a pointer to a pointer to a Certificate list to which add the certificate. In either cases, this object must be freed with a call to SOPC_KeyManager_Certificate_Free . |
ppCert
set to NULL to avoid double frees.SOPC_ReturnStatus SOPC_KeyManager_Certificate_CreateOrAddFromFile | ( | const char * | szPath, |
SOPC_CertificateList ** | ppCert | ||
) |
Creates a new Certificate (signed public key) from a file in the DER or PEM format, or add it to an existing certificate list.
szPath
is the path to the file containing the key. It should be zero-terminated. The key may be described in the DER of PEM format.
szPath | The path to the DER/PEM file. | |
[out] | ppCert | Creation: a valid pointer pointing to NULL which will be set to the newly created Certificate. Addition: a pointer to a pointer to a Certificate list to which add the certificate. In either cases, this object must be freed with a call to SOPC_KeyManager_Certificate_Free |
ppCert
set to NULL to avoid double frees.void SOPC_KeyManager_Certificate_Free | ( | SOPC_CertificateList * | pCert | ) |
Frees a Certificate created with SOPC_KeyManager_Certificate_CreateOrAddFromFile or SOPC_KeyManager_Certificate_CreateOrAddFromDER.
pCert | The Certificate to free. |
SOPC_ReturnStatus SOPC_KeyManager_Certificate_ToDER | ( | const SOPC_CertificateList * | pCert, |
uint8_t ** | ppDest, | ||
uint32_t * | pLenAllocated | ||
) |
Encodes a pCert
as a DER buffer and writes the result in ppDest
.
pCert | A valid pointer to the Certificate. There must be only one certificate in the list. | |
[out] | ppDest | A valid pointer pointing to NULL which will be set to the newly created buffer storing the DER certificate content. The allocated buffer must be freed by the caller using SOPC_KeyManager_Certificate_Free. |
[out] | pLenAllocated | A valid pointer for which pointed value will be set to the length of the allocated buffer. |
pCert
must contain a single certificate.SOPC_ReturnStatus SOPC_KeyManager_Certificate_ToDER_Files | ( | SOPC_CertificateList * | pCerts, |
const char * | directoryPath | ||
) |
Write all the certificates of pCerts
in DER files at destination directoryPath
. File names are defined using the SHA1 of the certificates.
pCerts | A valid pointer to the certificate list. |
directoryPath | The directory path to write the DER files. |
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetThumbprint | ( | const SOPC_CryptoProvider * | pProvider, |
const SOPC_CertificateList * | pCert, | ||
uint8_t ** | ppDest, | ||
uint32_t * | lenDest | ||
) |
Computes and writes the thumbprint of pCert
to pDest
.
The computation of the thumbprint and its size depends on the current security policy. The thumbprint is usually a SHA digest of the DER representation of the certificate.
The size of the thumbprint is provided by SOPC_CryptoProvider_CertificateGetLength_Thumbprint .
pProvider | An initialized cryptographic context. | |
pCert | A valid pointer to the signed public key to thumbprint. | |
[out] | ppDest | A valid pointer pointing to NULL which will be set to the newly allocated buffer containing the thumbprint. |
[out] | lenDest | A valid pointer (!= NULL) to store the length in bytes allocated in ppDest . |
pCert
must contain a single certificate.bool SOPC_KeyManager_Certificate_CheckApplicationUri | ( | const SOPC_CertificateList * | pCert, |
const char * | applicationUri | ||
) |
Verify the application URI embedded in a certificate.
This function does a strict, case sensitive comparison of the URIs and does not respect the URI comparison rules from RFC3986 (the URI scheme comparison for example is case sensitive).
SOPC_KeyManager_Certificate_GetMaybeApplicationUri
.pCert | The certificate. |
applicationUri | The value that should be stored in the URI subject altName of the certificate. This should be a zero-terminated string. |
pCert
must contain a single certificate.TRUE
if the values match, return FALSE
else. SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetMaybeApplicationUri | ( | const SOPC_CertificateList * | pCert, |
char ** | ppApplicationUri, | ||
size_t * | pStringLength | ||
) |
Copy the application URI embedded in a certificate.
pCert | The certificate. | |
[out] | ppApplicationUri | A valid pointer pointing to NULL which will be set to the newly allocated zero-terminated string containing the application URI. |
[out] | pStringLength | Optional pointer to the string length (excluding the trailing \0). |
pCert
must contain a single certificate.SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetListLength | ( | const SOPC_CertificateList * | pCert, |
size_t * | pLength | ||
) |
Return the number of chained certificates in the certificate list pCert
.
pCert | The certificate or certificate list. | |
[out] | pLength | A valid pointer to the computed length of the list. |
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetSubjectName | ( | const SOPC_CertificateList * | pCert, |
char ** | ppSubjectName, | ||
uint32_t * | pSubjectNameLen | ||
) |
Returns the subject name of certificate pCert
as a C String.
pCert | The certificate. | |
[out] | ppSubjectName | A valid pointer pointing to NULL which will be set to the newly subject name of certificate pCert (NULL terminated C string) |
[out] | pSubjectNameLen | The length of ppSubjectName . |
pCert
must contain a single certificate.SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetSanDnsNames | ( | const SOPC_CertificateList * | pCert, |
char *** | ppDnsNameArray, | ||
uint32_t * | pArrayLength | ||
) |
Returns all the DNS names of certificate pCert
as an array of C String.
pCert | The certificate. | |
[out] | ppDnsNameArray | A valid pointer pointing to NULL which will be set to the newly allocated array of DNS names for the certificate pCert (each name shall be a NULL terminated C string) |
[out] | pArrayLength | The length of ppDnsNameArray . |
pCert
must contain a single certificate. No error is returned if no DNS is defined.SOPC_ReturnStatus SOPC_KeyManager_CertificateList_FindCertInList | ( | const SOPC_CertificateList * | pList, |
const SOPC_CertificateList * | pCert, | ||
bool * | pbMatch | ||
) |
Finds whether a certificate is in the given certificate list or not.
pList | An optional pointer to the Certificate list. | |
pCert | An optional pointer to a single Certificate to find in the list. | |
[out] | pbMatch | A valid pointer to the result of the find. True indicates that the certificate was found in the list. Otherwise false. |
pCert
must contain a single certificate.pCert
has more than one certificate. SOPC_ReturnStatus SOPC_KeyManager_CertificateList_RemoveCertFromSHA1 | ( | SOPC_CertificateList ** | ppCertList, |
SOPC_CRLList ** | ppCRLList, | ||
const char * | pThumbprint, | ||
bool * | pbMatch, | ||
bool * | pbIsIssuer | ||
) |
Remove a single Certificate from its thumbprint. If the Certificate is a CA Certificate then all the CRLs for that CA are removed.
pThumbprint
does not match the SHA1 length. If ppCertList
becomes empty, the list is freed and its content is set to NULL. If ppCRLList
becomes empty, the list is freed and its content is set to NULL.ppCertList | A valid pointer to the Certificate list. | |
ppCRLList | A valid pointer to the CRL list. | |
pThumbprint | The SHA1 of the certificate formatted as a hexadecimal C string (NULL terminated) 40 bytes shall be allocated in pThumbprint (+ 1 byte for the NULL character) | |
[out] | pbMatch | A valid pointer indicating whether the certificate has been found and deleted. |
[out] | pbIsIssuer | A valid pointer indicating whether the deleted certificate is an issuer. |
char* SOPC_KeyManager_Certificate_GetCstring_SHA1 | ( | const SOPC_CertificateList * | pCert | ) |
Returns the SHA-1 thumbprint of a certificate.
pCert | A pointer to a single Certificate. |
pCert
must contain a single certificate.pCert
. SOPC_ReturnStatus SOPC_KeyManager_Certificate_IsSelfSigned | ( | const SOPC_CertificateList * | pCert, |
bool * | pbIsSelfSigned | ||
) |
Whether the first item of a certificate list is self signed.
pCert | A valid pointer to the certificate list. | |
[out] | pbIsSelfSigned | A valid pointer to the result. |
pCert
is processed.SOPC_ReturnStatus SOPC_KeyManager_Certificate_Copy | ( | const SOPC_CertificateList * | pCert, |
SOPC_CertificateList ** | ppCertCopy | ||
) |
Makes a copy of a given certificate list.
pCert | A valid pointer to the certificate list to copy. | |
[out] | ppCertCopy | A valid pointer pointing to NULL which will be set to the newly allocated certificate list copy. Caller is responsible to call SOPC_KeyManager_Certificate_Free if needed. |
SOPC_ReturnStatus SOPC_KeyManager_CertificateList_AttachToSerializedArray | ( | const SOPC_CertificateList * | pCerts, |
SOPC_SerializedCertificate ** | pSerializedArray, | ||
uint32_t * | pLenArray | ||
) |
Attach a DER certificate list to a serialized certificate array.
pCerts
is freed by SOPC_KeyManager_Certificate_Free. The array shall be deallocated by caller.pCerts | The DER certificate list to attach | |
[out] | pSerializedArray | The serialized certificate array |
[out] | pLenArray | The length of pSerializedArray |
SOPC_STATUS_OK
on success, or an error code in case of failure. SOPC_ReturnStatus SOPC_KeyManager_CRL_CreateOrAddFromDER | ( | const uint8_t * | bufferDER, |
uint32_t | lenDER, | ||
SOPC_CRLList ** | ppCRL | ||
) |
Creates a new Certificate Revocation List (CRL) from a DER encoded buffer, or add it to an existing CRL list.
bufferDER
is lenDER
long, and describes one CRL in the DER format.
bufferDER | A valid pointer to the buffer containing the DER description. | |
lenDER | The length in bytes of the DER description of the certificate. | |
[out] | ppCRL | Creation: a valid pointer pointing to NULL which will be set to the newly created CRL. Addition: a pointer to a pointer to a CRL list to which add the CRL. In either cases, this object must be freed with a call to SOPC_KeyManager_CRL_Free . |
ppCRL
set to NULL to avoid double frees.SOPC_ReturnStatus SOPC_KeyManager_CRL_CreateOrAddFromFile | ( | const char * | szPath, |
SOPC_CRLList ** | ppCRL | ||
) |
Creates a new Certificate Revocation List (CRL) from a file in the DER or PEM format, or add it to an existing CRL list.
szPath
is the path to the file containing the key. It should be zero-terminated. The key may be described in the DER of PEM format.
szPath | The path to the DER/PEM file. | |
[out] | ppCRL | Creation: a valid pointer pointing to NULL which will be set to the newly created CRL. Addition: a pointer to a pointer to a CRL list to which add the CRL. In either cases, this object must be freed with a call to SOPC_KeyManager_CRL_Free . |
ppCRL
set to NULL to avoid double frees.SOPC_ReturnStatus SOPC_KeyManager_CRL_ToDER_Files | ( | SOPC_CRLList * | pCrls, |
const char * | directoryPath | ||
) |
Write all the CRL ( pCrls
) in DER files. at destination directoryPath
. File names are defined using the SHA1 of the crls.
pCrls | A valid pointer to the CRL list. |
directoryPath | The directory path to write the DER files. |
SOPC_ReturnStatus SOPC_KeyManager_CRL_Copy | ( | const SOPC_CRLList * | pCrl, |
SOPC_CRLList ** | ppCrlCopy | ||
) |
Makes a copy of a given CRL list.
pCrl | A valid pointer to the CRL list to copy. | |
[out] | ppCrlCopy | A valid pointer pointing to NULL which will be set to the newly allocated CRL list copy. Caller is responsible to call SOPC_KeyManager_CRL_Free if needed. |
SOPC_ReturnStatus SOPC_KeyManager_CRL_GetListLength | ( | const SOPC_CRLList * | pCrl, |
size_t * | pLength | ||
) |
Returns the number of chained CRL in pCrl
list.
pCrl | A valid pointer to the CRL list. | |
[out] | pLength | A valid pointer to the computed length of the list. |
SOPC_ReturnStatus SOPC_KeyManager_CRLList_AttachToSerializedArray | ( | const SOPC_CRLList * | pCRLs, |
SOPC_SerializedCRL ** | pSerializedArray, | ||
uint32_t * | pLenArray | ||
) |
Attach a DER CRL list to a serialized CRL array.
pCRLs
is freed by SOPC_KeyManager_CRL_Free. The array shall be deallocated by caller.pCRLs | The DER CRL list to attach | |
[out] | pSerializedArray | The serialized CRL array |
[out] | pLenArray | The length of pSerializedArray |
SOPC_STATUS_OK
on success, or an error code in case of failure. void SOPC_KeyManager_CRL_Free | ( | SOPC_CRLList * | pCRL | ) |
Frees a Certificate created with SOPC_KeyManager_CRL_CreateOrAddFromFile or SOPC_KeyManager_CRL_CreateOrAddFromDER .
pCRL | The CRL to free. |
SOPC_ReturnStatus SOPC_KeyManager_CSR_Create | ( | const char * | subjectName, |
const bool | bIsServer, | ||
const char * | mdType, | ||
const char * | uri, | ||
char ** | pDnsArray, | ||
uint32_t | arrayLength, | ||
SOPC_CSR ** | ppCSR | ||
) |
Create a certificate signing request signed with pKey
.
subjectName | The subject name to set. The format is a sequence of name (OID types) value pairs separated by a ‘,’. | |
bIsServer | Whether this CSR is to request a server or a client certificate. | |
mdType | The MD algorithm (terminated by '\0') use for the signature eg SHA1, SHA256... | |
uri | The application URI (terminated by '\0'). Shall not be NULL. | |
pDnsArray | Array of DSN names of the server (name terminated by '\0'). Shall not be NULL. Array is not modified by the function. | |
arrayLength | The length of pDnsArray . | |
[out] | ppCSR | A handle to the created CSR. This object must be freed with a call to SOPC_KeyManager_CSR_Free . |
bIsServer
is true, otherwise clientAuth. The subject alternative name is filled with uri
and/or dns
. The basic constraints is set to false for the CA flag.SOPC_STATUS_OK
on success, or an error code in case of failure. SOPC_ReturnStatus SOPC_KeyManager_CSR_ToDER | ( | SOPC_CSR * | pCSR, |
SOPC_AsymmetricKey * | pKey, | ||
uint8_t ** | ppDest, | ||
uint32_t * | pLenAllocated | ||
) |
Encodes CSR pCSR
as a DER buffer and writes the result in ppDest
.
pCSR | A valid pointer to the CSR. | |
pKey | A valid pointer to the asymmetric key. The key shall be private. The key is attached to the CSR but not freed by SOPC_KeyManager_CSR_Free . | |
[out] | ppDest | A valid pointer pointing to NULL which will be set to the newly created buffer storing the DER. The allocated buffer must be freed by the caller. |
[out] | pLenAllocated | A valid pointer to the length allocated by this operation. |
SOPC_STATUS_OK
on success, or an error code in case of failure. void SOPC_KeyManager_CSR_Free | ( | SOPC_CSR * | pCSR | ) |
Frees a CSR created with SOPC_KeyManager_CSR_Create.
pCSR | The CSR to free. |