S2OPC OPCUA Toolkit
Functions
sopc_key_manager_lib_itf.h File Reference

Defines the cryptographic abstraction interface for Asymmetric Key Management such as loading signed public keys (Certificate) and the corresponding private key. A cryptographic implementation must define all the function declared in this file. KeyManager is different than PKIProvider, which only handles signed public key validation and storage. KeyManager API is context-less. The KeyManager is generic, and is not linked to the current security policy. More...

#include <stddef.h>
#include "sopc_crypto_decl.h"
#include "sopc_enums.h"
#include "sopc_crypto_struct_lib_itf.h"

Go to the source code of this file.

Functions

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromBuffer (const uint8_t *buffer, uint32_t lenBuf, bool is_public, SOPC_AsymmetricKey **ppKey)
 Creates an asymmetric key (usually a private key) from in-memory buffer buffer. More...
 
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromFile (const char *szPath, SOPC_AsymmetricKey **ppKey, char *password, uint32_t lenPassword)
 Creates an asymmetric key (usually a private key) from a file in the DER or PEM format. More...
 
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_GenRSA (uint32_t RSAKeySize, SOPC_AsymmetricKey **ppKey)
 Generate an RSA asymmetric key. More...
 
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromCertificate (const SOPC_CertificateList *pCert, SOPC_AsymmetricKey **pKey)
 Returns the public key of the signed public key. More...
 
void SOPC_KeyManager_AsymmetricKey_Free (SOPC_AsymmetricKey *pKey)
 Frees a previously created asymmetric key created with SOPC_KeyManager_AsymmetricKey_CreateFromBuffer or SOPC_KeyManager_AsymmetricKey_CreateFromFile . More...
 
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_ToDER (const SOPC_AsymmetricKey *pKey, bool is_public, uint8_t *pDest, uint32_t lenDest, uint32_t *pLenWritten)
 Encodes the pKey as a DER buffer, and writes the result in pDest. More...
 
SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_ToPEMFile (SOPC_AsymmetricKey *pKey, const bool bIsPublic, const char *filePath, const char *pwd, const uint32_t pwdLen)
 Write an asymmetric key to a PEM file. More...
 
SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey (const SOPC_AsymmetricKey *pKey, bool is_public, SOPC_SerializedAsymmetricKey **out)
 Creates a serialized asymmetric key from an SOPC_AsymmetricKey structure. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_CreateOrAddFromDER (const uint8_t *bufferDER, uint32_t lenDER, SOPC_CertificateList **ppCert)
 Creates a new Certificate (signed public key) from a DER encoded buffer, or add it to an existing certificate list. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_CreateOrAddFromFile (const char *szPath, SOPC_CertificateList **ppCert)
 Creates a new Certificate (signed public key) from a file in the DER or PEM format, or add it to an existing certificate list. More...
 
void SOPC_KeyManager_Certificate_Free (SOPC_CertificateList *pCert)
 Frees a Certificate created with SOPC_KeyManager_Certificate_CreateOrAddFromFile or SOPC_KeyManager_Certificate_CreateOrAddFromDER. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_ToDER (const SOPC_CertificateList *pCert, uint8_t **ppDest, uint32_t *pLenAllocated)
 Encodes a pCert as a DER buffer and writes the result in ppDest. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_ToDER_Files (SOPC_CertificateList *pCerts, const char *directoryPath)
 Write all the certificates of pCerts in DER files at destination directoryPath . File names are defined using the SHA1 of the certificates. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetThumbprint (const SOPC_CryptoProvider *pProvider, const SOPC_CertificateList *pCert, uint8_t **ppDest, uint32_t *lenDest)
 Computes and writes the thumbprint of pCert to pDest. More...
 
bool SOPC_KeyManager_Certificate_CheckApplicationUri (const SOPC_CertificateList *pCert, const char *applicationUri)
 Verify the application URI embedded in a certificate. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetMaybeApplicationUri (const SOPC_CertificateList *pCert, char **ppApplicationUri, size_t *pStringLength)
 Copy the application URI embedded in a certificate. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetListLength (const SOPC_CertificateList *pCert, size_t *pLength)
 Return the number of chained certificates in the certificate list pCert. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetSubjectName (const SOPC_CertificateList *pCert, char **ppSubjectName, uint32_t *pSubjectNameLen)
 Returns the subject name of certificate pCert as a C String. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetSanDnsNames (const SOPC_CertificateList *pCert, char ***ppDnsNameArray, uint32_t *pArrayLength)
 Returns all the DNS names of certificate pCert as an array of C String. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CertificateList_FindCertInList (const SOPC_CertificateList *pList, const SOPC_CertificateList *pCert, bool *pbMatch)
 Finds whether a certificate is in the given certificate list or not. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CertificateList_RemoveCertFromSHA1 (SOPC_CertificateList **ppCertList, SOPC_CRLList **ppCRLList, const char *pThumbprint, bool *pbMatch, bool *pbIsIssuer)
 Remove a single Certificate from its thumbprint. If the Certificate is a CA Certificate then all the CRLs for that CA are removed. More...
 
char * SOPC_KeyManager_Certificate_GetCstring_SHA1 (const SOPC_CertificateList *pCert)
 Returns the SHA-1 thumbprint of a certificate. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_IsSelfSigned (const SOPC_CertificateList *pCert, bool *pbIsSelfSigned)
 Whether the first item of a certificate list is self signed. More...
 
SOPC_ReturnStatus SOPC_KeyManager_Certificate_Copy (const SOPC_CertificateList *pCert, SOPC_CertificateList **ppCertCopy)
 Makes a copy of a given certificate list. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CertificateList_AttachToSerializedArray (const SOPC_CertificateList *pCerts, SOPC_SerializedCertificate **pSerializedArray, uint32_t *pLenArray)
 Attach a DER certificate list to a serialized certificate array. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CRL_CreateOrAddFromDER (const uint8_t *bufferDER, uint32_t lenDER, SOPC_CRLList **ppCRL)
 Creates a new Certificate Revocation List (CRL) from a DER encoded buffer, or add it to an existing CRL list. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CRL_CreateOrAddFromFile (const char *szPath, SOPC_CRLList **ppCRL)
 Creates a new Certificate Revocation List (CRL) from a file in the DER or PEM format, or add it to an existing CRL list. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CRL_ToDER_Files (SOPC_CRLList *pCrls, const char *directoryPath)
 Write all the CRL ( pCrls ) in DER files. at destination directoryPath . File names are defined using the SHA1 of the crls. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CRL_Copy (const SOPC_CRLList *pCrl, SOPC_CRLList **ppCrlCopy)
 Makes a copy of a given CRL list. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CRL_GetListLength (const SOPC_CRLList *pCrl, size_t *pLength)
 Returns the number of chained CRL in pCrl list. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CRLList_AttachToSerializedArray (const SOPC_CRLList *pCRLs, SOPC_SerializedCRL **pSerializedArray, uint32_t *pLenArray)
 Attach a DER CRL list to a serialized CRL array. More...
 
void SOPC_KeyManager_CRL_Free (SOPC_CRLList *pCRL)
 Frees a Certificate created with SOPC_KeyManager_CRL_CreateOrAddFromFile or SOPC_KeyManager_CRL_CreateOrAddFromDER . More...
 
SOPC_ReturnStatus SOPC_KeyManager_CSR_Create (const char *subjectName, const bool bIsServer, const char *mdType, const char *uri, char **pDnsArray, uint32_t arrayLength, SOPC_CSR **ppCSR)
 Create a certificate signing request signed with pKey. More...
 
SOPC_ReturnStatus SOPC_KeyManager_CSR_ToDER (SOPC_CSR *pCSR, SOPC_AsymmetricKey *pKey, uint8_t **ppDest, uint32_t *pLenAllocated)
 Encodes CSR pCSR as a DER buffer and writes the result in ppDest. More...
 
void SOPC_KeyManager_CSR_Free (SOPC_CSR *pCSR)
 Frees a CSR created with SOPC_KeyManager_CSR_Create. More...
 

Detailed Description

Defines the cryptographic abstraction interface for Asymmetric Key Management such as loading signed public keys (Certificate) and the corresponding private key. A cryptographic implementation must define all the function declared in this file. KeyManager is different than PKIProvider, which only handles signed public key validation and storage. KeyManager API is context-less. The KeyManager is generic, and is not linked to the current security policy.

Function Documentation

◆ SOPC_KeyManager_AsymmetricKey_CreateFromBuffer()

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromBuffer ( const uint8_t *  buffer,
uint32_t  lenBuf,
bool  is_public,
SOPC_AsymmetricKey **  ppKey 
)

Creates an asymmetric key (usually a private key) from in-memory buffer buffer.

buffer is lenBuf long, and describes the key in the DER of PEM format.

Public keys are usually extracted from Certificate, see SOPC_KeyManager_AsymmetricKey_CreateFromCertificate or SOPC_KeyManager_AsymmetricKey_CreateFromCertificate .

Parameters
bufferA valid pointer to the buffer containing the DER or PEM description.
lenBufThe length in bytes of the DER/PEM description of the key.
is_publicWhether the buffer holds a public or a private key.
[out]ppKeyA handle to the created key. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free .
Note
Content of the key is unspecified when return value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_AsymmetricKey_CreateFromFile()

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromFile ( const char *  szPath,
SOPC_AsymmetricKey **  ppKey,
char *  password,
uint32_t  lenPassword 
)

Creates an asymmetric key (usually a private key) from a file in the DER or PEM format.

szPath is the path to the file containing the key. It should be zero-terminated. The key may be described in the DER of PEM format.

Public keys are usually extracted from Certificate, see SOPC_KeyManager_AsymmetricKey_CreateFromCertificate or SOPC_KeyManager_AsymmetricKey_CreateFromCertificate .

Parameters
szPathThe path to the DER/PEM file.
[out]ppKeyA handle to the created key. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free .
passwordAn optional password. The password must be a zero-terminated string with at most lenPassword non null chars, and at least lenPassword + 1 allocated chars.
lenPasswordThe length of the password.
Note
Content of the key is unspecified when return value is not SOPC_STATUS_OK. Supported encryption algorithm: AES-128-CBC, AES-192-CBC and AES-256-CBC
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_AsymmetricKey_GenRSA()

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_GenRSA ( uint32_t  RSAKeySize,
SOPC_AsymmetricKey **  ppKey 
)

Generate an RSA asymmetric key.

Parameters
RSAKeySizeThe RSA key length to generate.
[out]ppKeyA handle to the generated key. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_AsymmetricKey_CreateFromCertificate()

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_CreateFromCertificate ( const SOPC_CertificateList pCert,
SOPC_AsymmetricKey **  pKey 
)

Returns the public key of the signed public key.

Warning
The returned SOPC_AsymmetricKey must not be used after the Certificate is freed by SOPC_KeyManager_Certificate_Free .
Parameters
pCertA valid pointer to the signed public key.
[out]pKeyA handle to the created key structure, the SOPC_AsymmetricKey will then be rewritten to contain the public key. This is not a deep copy, and the key is not valid anymore when the certificate is not valid. This object must be freed with a call to SOPC_KeyManager_AsymmetricKey_Free which will only deallocate the structure.
Note
Content of the certificate is unspecified when return value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_AsymmetricKey_Free()

void SOPC_KeyManager_AsymmetricKey_Free ( SOPC_AsymmetricKey pKey)

Frees a previously created asymmetric key created with SOPC_KeyManager_AsymmetricKey_CreateFromBuffer or SOPC_KeyManager_AsymmetricKey_CreateFromFile .

Parameters
pKeyA valid pointer to the key to free.

◆ SOPC_KeyManager_AsymmetricKey_ToDER()

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_ToDER ( const SOPC_AsymmetricKey pKey,
bool  is_public,
uint8_t *  pDest,
uint32_t  lenDest,
uint32_t *  pLenWritten 
)

Encodes the pKey as a DER buffer, and writes the result in pDest.

The encoding process is not predictable, and a buffer of sufficient length must be provided. A rule of thumb is to provide a buffer which is at least 8 times longer than the key (8 * SOPC_CryptoProvider_AsymmetricGetLength_KeyBytes ).

When SOPC_STATUS_NOK is returned, the function may be called again with a larger buffer.

Parameters
pKeyA valid pointer to the asymmetric key (public/private) to encode.
is_publicWhether the key is public or private.
[out]pDestA valid pointer to the buffer which will receive the DER encoded key.
lenDestThe length in bytes of the buffer pDest.
[out]pLenWrittenA valid pointer to the number of bytes written to pDest.
Note
Content of the output is unspecified when return value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_AsymmetricKey_ToPEMFile()

SOPC_ReturnStatus SOPC_KeyManager_AsymmetricKey_ToPEMFile ( SOPC_AsymmetricKey pKey,
const bool  bIsPublic,
const char *  filePath,
const char *  pwd,
const uint32_t  pwdLen 
)

Write an asymmetric key to a PEM file.

Parameters
pKeyA valid pointer to the asymmetric key (public/private).
bIsPublicWhether the key is public or private.
filePathPath to the file.
pwdAn optional password (!= NULL). The password must be a zero-terminated string with at most pwdLen non null chars, and at least pwdLen + 1 allocated chars.
pwdLenThe length of the password.
Note
The supported encryption algorithm is AES-256-CBC. pwd and pwdLen are used only to encrypt the key when it is private.
Warning
Only PKCS#1 format is supported, In other words, the function is limited to RSA keys.
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey()

SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey ( const SOPC_AsymmetricKey pKey,
bool  is_public,
SOPC_SerializedAsymmetricKey **  out 
)

Creates a serialized asymmetric key from an SOPC_AsymmetricKey structure.

Parameters
pKeyA valid pointer to the asymmetric key (public/private) to serialize.
is_publicWhether the key is public or private.
[out]outthe newly allocated serialized key
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_Certificate_CreateOrAddFromDER()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_CreateOrAddFromDER ( const uint8_t *  bufferDER,
uint32_t  lenDER,
SOPC_CertificateList **  ppCert 
)

Creates a new Certificate (signed public key) from a DER encoded buffer, or add it to an existing certificate list.

bufferDER is lenDER long, and describes the certificate in the DER format.

Parameters
bufferDERA valid pointer to the buffer containing the DER description.
lenDERThe length in bytes of the DER description of the certificate.
[out]ppCertCreation: a valid handle which will point to the newly created Certificate. Addition: a pointer to a pointer to a Certificate list to which add the certificate. In either cases, this object must be freed with a call to SOPC_KeyManager_Certificate_Free .
Note
Content of the certificate is unspecified when return value is not SOPC_STATUS_OK. However, in case of a failed addition, the whole certificate list is freed, and ppCert set to NULL to avoid double frees.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_Certificate_CreateOrAddFromFile()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_CreateOrAddFromFile ( const char *  szPath,
SOPC_CertificateList **  ppCert 
)

Creates a new Certificate (signed public key) from a file in the DER or PEM format, or add it to an existing certificate list.

szPath is the path to the file containing the key. It should be zero-terminated. The key may be described in the DER of PEM format.

Parameters
szPathThe path to the DER/PEM file.
[out]ppCertCreation: a valid pointer pointing to NULL which will be set to the newly created Certificate. Addition: a pointer to a pointer to a Certificate list to which add the certificate. In either cases, this object must be freed with a call to SOPC_KeyManager_Certificate_Free
Note
Content of the certificate is unspecified when return value is not SOPC_STATUS_OK. However, in case of a failed addition, the whole certificate list is freed, and ppCert set to NULL to avoid double frees.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_Certificate_Free()

void SOPC_KeyManager_Certificate_Free ( SOPC_CertificateList pCert)

Frees a Certificate created with SOPC_KeyManager_Certificate_CreateOrAddFromFile or SOPC_KeyManager_Certificate_CreateOrAddFromDER.

Warning
You must not free a Certificate for which a key is still being used. SOPC_KeyManager_AsymmetricKey_CreateFromCertificate .
Parameters
pCertThe Certificate to free.

◆ SOPC_KeyManager_Certificate_ToDER()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_ToDER ( const SOPC_CertificateList pCert,
uint8_t **  ppDest,
uint32_t *  pLenAllocated 
)

Encodes a pCert as a DER buffer and writes the result in ppDest.

Parameters
pCertA valid pointer to the Certificate. There must be only one certificate in the list.
[out]ppDestA valid pointer pointing to NULL which will be set to the newly created buffer storing the DER certificate content. The allocated buffer must be freed by the caller using SOPC_KeyManager_Certificate_Free.
[out]pLenAllocatedA valid pointer for which pointed value will be set to the length of the allocated buffer.
Note
Content of the output is unspecified when return value is not SOPC_STATUS_OK.
Warning
pCert must contain a single certificate.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL or the certificate list contains more than one certificate, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_Certificate_ToDER_Files()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_ToDER_Files ( SOPC_CertificateList pCerts,
const char *  directoryPath 
)

Write all the certificates of pCerts in DER files at destination directoryPath . File names are defined using the SHA1 of the certificates.

Parameters
pCertsA valid pointer to the certificate list.
directoryPathThe directory path to write the DER files.
Returns
SOPC_STATUS_OK when successful.

◆ SOPC_KeyManager_Certificate_GetThumbprint()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetThumbprint ( const SOPC_CryptoProvider pProvider,
const SOPC_CertificateList pCert,
uint8_t **  ppDest,
uint32_t *  lenDest 
)

Computes and writes the thumbprint of pCert to pDest.

The computation of the thumbprint and its size depends on the current security policy. The thumbprint is usually a SHA digest of the DER representation of the certificate.

The size of the thumbprint is provided by SOPC_CryptoProvider_CertificateGetLength_Thumbprint .

Parameters
pProviderAn initialized cryptographic context.
pCertA valid pointer to the signed public key to thumbprint.
[out]ppDestA valid pointer pointing to NULL which will be set to the newly allocated buffer containing the thumbprint.
[out]lenDestA valid pointer (!= NULL) to store the length in bytes allocated in ppDest .
Note
Content of the output is unspecified when return value is not SOPC_STATUS_OK.
Warning
pCert must contain a single certificate.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL or the certificate list contains more than one certificate, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_Certificate_CheckApplicationUri()

bool SOPC_KeyManager_Certificate_CheckApplicationUri ( const SOPC_CertificateList pCert,
const char *  applicationUri 
)

Verify the application URI embedded in a certificate.

This function does a strict, case sensitive comparison of the URIs and does not respect the URI comparison rules from RFC3986 (the URI scheme comparison for example is case sensitive).

Warning
Some limitations apply, see SOPC_KeyManager_Certificate_GetMaybeApplicationUri.
Parameters
pCertThe certificate.
applicationUriThe value that should be stored in the URI subject altName of the certificate. This should be a zero-terminated string.
Warning
pCert must contain a single certificate.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL or the certificate list contains more than one certificate,
TRUE if the values match, return FALSE else.

◆ SOPC_KeyManager_Certificate_GetMaybeApplicationUri()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetMaybeApplicationUri ( const SOPC_CertificateList pCert,
char **  ppApplicationUri,
size_t *  pStringLength 
)

Copy the application URI embedded in a certificate.

Warning
Some limitations apply when using the MbedTLS crypto backend: MbedTLS has no way to extract anything else than the DNS altName from the certificate extensions (see https://github.com/ARMmbed/mbedtls/pull/731). We have for now a poor man's ASN.1 "parser" that tries to find it. It should not be considered as secure, as it can produce false positives (ie. extract the application URI from a field that is not the right one).
Parameters
pCertThe certificate.
[out]ppApplicationUriA valid pointer pointing to NULL which will be set to the newly allocated zero-terminated string containing the application URI.
[out]pStringLengthOptional pointer to the string length (excluding the trailing \0).
Warning
pCert must contain a single certificate.
Returns
SOPC_STATUS_OK when successfully copied.

◆ SOPC_KeyManager_Certificate_GetListLength()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetListLength ( const SOPC_CertificateList pCert,
size_t *  pLength 
)

Return the number of chained certificates in the certificate list pCert.

Parameters
pCertThe certificate or certificate list.
[out]pLengthA valid pointer to the computed length of the list.
Note
Content of the output is unspecified when return value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL.

◆ SOPC_KeyManager_Certificate_GetSubjectName()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetSubjectName ( const SOPC_CertificateList pCert,
char **  ppSubjectName,
uint32_t *  pSubjectNameLen 
)

Returns the subject name of certificate pCert as a C String.

Parameters
pCertThe certificate.
[out]ppSubjectNameA valid pointer pointing to NULL which will be set to the newly subject name of certificate pCert (NULL terminated C string)
[out]pSubjectNameLenThe length of ppSubjectName .
Note
Content of the output is unspecified when the value returned is not SOPC_STATUS_OK.
Warning
pCert must contain a single certificate.
Returns
SOPC_STATUS_OK when successful.

◆ SOPC_KeyManager_Certificate_GetSanDnsNames()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_GetSanDnsNames ( const SOPC_CertificateList pCert,
char ***  ppDnsNameArray,
uint32_t *  pArrayLength 
)

Returns all the DNS names of certificate pCert as an array of C String.

Parameters
pCertThe certificate.
[out]ppDnsNameArrayA valid pointer pointing to NULL which will be set to the newly allocated array of DNS names for the certificate pCert (each name shall be a NULL terminated C string)
[out]pArrayLengthThe length of ppDnsNameArray .
Note
Content of the output is unspecified when the value returned is not SOPC_STATUS_OK.
Warning
pCert must contain a single certificate. No error is returned if no DNS is defined.
Returns
SOPC_STATUS_OK when successful.

◆ SOPC_KeyManager_CertificateList_FindCertInList()

SOPC_ReturnStatus SOPC_KeyManager_CertificateList_FindCertInList ( const SOPC_CertificateList pList,
const SOPC_CertificateList pCert,
bool *  pbMatch 
)

Finds whether a certificate is in the given certificate list or not.

Parameters
pListAn optional pointer to the Certificate list.
pCertAn optional pointer to a single Certificate to find in the list.
[out]pbMatchA valid pointer to the result of the find. True indicates that the certificate was found in the list. Otherwise false.
Warning
pCert must contain a single certificate.
Note
Content of the output is unspecified when return value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL or pCert has more than one certificate.

◆ SOPC_KeyManager_CertificateList_RemoveCertFromSHA1()

SOPC_ReturnStatus SOPC_KeyManager_CertificateList_RemoveCertFromSHA1 ( SOPC_CertificateList **  ppCertList,
SOPC_CRLList **  ppCRLList,
const char *  pThumbprint,
bool *  pbMatch,
bool *  pbIsIssuer 
)

Remove a single Certificate from its thumbprint. If the Certificate is a CA Certificate then all the CRLs for that CA are removed.

Warning
This function will fail if pThumbprint does not match the SHA1 length. If ppCertList becomes empty, the list is freed and its content is set to NULL. If ppCRLList becomes empty, the list is freed and its content is set to NULL.
Parameters
ppCertListA valid pointer to the Certificate list.
ppCRLListA valid pointer to the CRL list.
pThumbprintThe SHA1 of the certificate formatted as a hexadecimal C string (NULL terminated) 40 bytes shall be allocated in pThumbprint (+ 1 byte for the NULL character)
[out]pbMatchA valid pointer indicating whether the certificate has been found and deleted.
[out]pbIsIssuerA valid pointer indicating whether the deleted certificate is an issuer.
Returns
SOPC_STATUS_OK when successful

◆ SOPC_KeyManager_Certificate_GetCstring_SHA1()

char* SOPC_KeyManager_Certificate_GetCstring_SHA1 ( const SOPC_CertificateList pCert)

Returns the SHA-1 thumbprint of a certificate.

Parameters
pCertA pointer to a single Certificate.
Warning
pCert must contain a single certificate.
Note
The returned SHA-1 Cstring must be freed by the caller.
Returns
NULL if error otherwise the SHA-1 thumbprint of pCert .

◆ SOPC_KeyManager_Certificate_IsSelfSigned()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_IsSelfSigned ( const SOPC_CertificateList pCert,
bool *  pbIsSelfSigned 
)

Whether the first item of a certificate list is self signed.

Parameters
pCertA valid pointer to the certificate list.
[out]pbIsSelfSignedA valid pointer to the result.
Note
Only the first certificate of pCert is processed.
Returns
SOPC_STATUS_OK when successful otherwise SOPC_STATUS_NOK.

◆ SOPC_KeyManager_Certificate_Copy()

SOPC_ReturnStatus SOPC_KeyManager_Certificate_Copy ( const SOPC_CertificateList pCert,
SOPC_CertificateList **  ppCertCopy 
)

Makes a copy of a given certificate list.

Parameters
pCertA valid pointer to the certificate list to copy.
[out]ppCertCopyA valid pointer pointing to NULL which will be set to the newly allocated certificate list copy. Caller is responsible to call SOPC_KeyManager_Certificate_Free if needed.
Returns
SOPC_STATUS_OK when successful.

◆ SOPC_KeyManager_CertificateList_AttachToSerializedArray()

SOPC_ReturnStatus SOPC_KeyManager_CertificateList_AttachToSerializedArray ( const SOPC_CertificateList pCerts,
SOPC_SerializedCertificate **  pSerializedArray,
uint32_t *  pLenArray 
)

Attach a DER certificate list to a serialized certificate array.

Warning
The returned SOPC_SerializedCertificate array content shall not be modified and shall not be used after the certificate list pCerts is freed by SOPC_KeyManager_Certificate_Free. The array shall be deallocated by caller.
Parameters
pCertsThe DER certificate list to attach
[out]pSerializedArrayThe serialized certificate array
[out]pLenArrayThe length of pSerializedArray
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_CRL_CreateOrAddFromDER()

SOPC_ReturnStatus SOPC_KeyManager_CRL_CreateOrAddFromDER ( const uint8_t *  bufferDER,
uint32_t  lenDER,
SOPC_CRLList **  ppCRL 
)

Creates a new Certificate Revocation List (CRL) from a DER encoded buffer, or add it to an existing CRL list.

bufferDER is lenDER long, and describes one CRL in the DER format.

Parameters
bufferDERA valid pointer to the buffer containing the DER description.
lenDERThe length in bytes of the DER description of the certificate.
[out]ppCRLCreation: a valid pointer pointing to NULL which will be set to the newly created CRL. Addition: a pointer to a pointer to a CRL list to which add the CRL. In either cases, this object must be freed with a call to SOPC_KeyManager_CRL_Free .
Note
Content of the CRL is unspecified when return value is not SOPC_STATUS_OK. However, in case of a failed addition, the whole CRL list is freed, and ppCRL set to NULL to avoid double frees.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_CRL_CreateOrAddFromFile()

SOPC_ReturnStatus SOPC_KeyManager_CRL_CreateOrAddFromFile ( const char *  szPath,
SOPC_CRLList **  ppCRL 
)

Creates a new Certificate Revocation List (CRL) from a file in the DER or PEM format, or add it to an existing CRL list.

szPath is the path to the file containing the key. It should be zero-terminated. The key may be described in the DER of PEM format.

Parameters
szPathThe path to the DER/PEM file.
[out]ppCRLCreation: a valid pointer pointing to NULL which will be set to the newly created CRL. Addition: a pointer to a pointer to a CRL list to which add the CRL. In either cases, this object must be freed with a call to SOPC_KeyManager_CRL_Free .
Note
Content of the certificate is unspecified when return value is not SOPC_STATUS_OK. However, in case of a failed addition, the whole CRL list is freed, and ppCRL set to NULL to avoid double frees.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL, and SOPC_STATUS_NOK when there was an error.

◆ SOPC_KeyManager_CRL_ToDER_Files()

SOPC_ReturnStatus SOPC_KeyManager_CRL_ToDER_Files ( SOPC_CRLList pCrls,
const char *  directoryPath 
)

Write all the CRL ( pCrls ) in DER files. at destination directoryPath . File names are defined using the SHA1 of the crls.

Parameters
pCrlsA valid pointer to the CRL list.
directoryPathThe directory path to write the DER files.
Returns
SOPC_STATUS_OK when successful.

◆ SOPC_KeyManager_CRL_Copy()

SOPC_ReturnStatus SOPC_KeyManager_CRL_Copy ( const SOPC_CRLList pCrl,
SOPC_CRLList **  ppCrlCopy 
)

Makes a copy of a given CRL list.

Parameters
pCrlA valid pointer to the CRL list to copy.
[out]ppCrlCopyA valid pointer pointing to NULL which will be set to the newly allocated CRL list copy. Caller is responsible to call SOPC_KeyManager_CRL_Free if needed.
Returns
SOPC_STATUS_OK when successful.

◆ SOPC_KeyManager_CRL_GetListLength()

SOPC_ReturnStatus SOPC_KeyManager_CRL_GetListLength ( const SOPC_CRLList pCrl,
size_t *  pLength 
)

Returns the number of chained CRL in pCrl list.

Parameters
pCrlA valid pointer to the CRL list.
[out]pLengthA valid pointer to the computed length of the list.
Note
Content of the output is unspecified when the returned value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK when successful, SOPC_STATUS_INVALID_PARAMETERS when parameters are NULL.

◆ SOPC_KeyManager_CRLList_AttachToSerializedArray()

SOPC_ReturnStatus SOPC_KeyManager_CRLList_AttachToSerializedArray ( const SOPC_CRLList pCRLs,
SOPC_SerializedCRL **  pSerializedArray,
uint32_t *  pLenArray 
)

Attach a DER CRL list to a serialized CRL array.

Warning
The returned SOPC_SerializedCRL array content shall not be modified and shall not be used after the CRL list pCRLs is freed by SOPC_KeyManager_CRL_Free. The array shall be deallocated by caller.
Parameters
pCRLsThe DER CRL list to attach
[out]pSerializedArrayThe serialized CRL array
[out]pLenArrayThe length of pSerializedArray
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_CRL_Free()

void SOPC_KeyManager_CRL_Free ( SOPC_CRLList pCRL)

Frees a Certificate created with SOPC_KeyManager_CRL_CreateOrAddFromFile or SOPC_KeyManager_CRL_CreateOrAddFromDER .

Parameters
pCRLThe CRL to free.

◆ SOPC_KeyManager_CSR_Create()

SOPC_ReturnStatus SOPC_KeyManager_CSR_Create ( const char *  subjectName,
const bool  bIsServer,
const char *  mdType,
const char *  uri,
char **  pDnsArray,
uint32_t  arrayLength,
SOPC_CSR **  ppCSR 
)

Create a certificate signing request signed with pKey.

Parameters
subjectNameThe subject name to set. The format is a sequence of name (OID types) value pairs separated by a ‘,’.
bIsServerWhether this CSR is to request a server or a client certificate.
mdTypeThe MD algorithm (terminated by '\0') use for the signature eg SHA1, SHA256...
uriThe application URI (terminated by '\0'). Shall not be NULL.
pDnsArrayArray of DSN names of the server (name terminated by '\0'). Shall not be NULL. Array is not modified by the function.
arrayLengthThe length of pDnsArray.
[out]ppCSRA handle to the created CSR. This object must be freed with a call to SOPC_KeyManager_CSR_Free .
Note
The keyUsage is filled with digitalSignature, nonRepudiation, keyEncipherment and dataEncipherment. The extendedKeyUsage is filled with serverAuth if bIsServer is true, otherwise clientAuth. The subject alternative name is filled with uri and/or dns . The basic constraints is set to false for the CA flag.
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_CSR_ToDER()

SOPC_ReturnStatus SOPC_KeyManager_CSR_ToDER ( SOPC_CSR pCSR,
SOPC_AsymmetricKey pKey,
uint8_t **  ppDest,
uint32_t *  pLenAllocated 
)

Encodes CSR pCSR as a DER buffer and writes the result in ppDest.

Parameters
pCSRA valid pointer to the CSR.
pKeyA valid pointer to the asymmetric key. The key shall be private. The key is attached to the CSR but not freed by SOPC_KeyManager_CSR_Free .
[out]ppDestA valid pointer pointing to NULL which will be set to the newly created buffer storing the DER. The allocated buffer must be freed by the caller.
[out]pLenAllocatedA valid pointer to the length allocated by this operation.
Note
Content of the outputs is unspecified when return value is not SOPC_STATUS_OK.
Returns
SOPC_STATUS_OK on success, or an error code in case of failure.

◆ SOPC_KeyManager_CSR_Free()

void SOPC_KeyManager_CSR_Free ( SOPC_CSR pCSR)

Frees a CSR created with SOPC_KeyManager_CSR_Create.

Parameters
pCSRThe CSR to free.