S2OPC OPCUA Toolkit
sopc_pki_stack_lib_itf.h
Go to the documentation of this file.
1 /*
2  * Licensed to Systerel under one or more contributor license
3  * agreements. See the NOTICE file distributed with this work
4  * for additional information regarding copyright ownership.
5  * Systerel licenses this file to you under the Apache
6  * License, Version 2.0 (the "License"); you may not use this
7  * file except in compliance with the License. You may obtain
8  * a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
29 #ifndef SOPC_PKI_STACK_LIB_ITF_H_
30 #define SOPC_PKI_STACK_LIB_ITF_H_
31 
32 #include "sopc_pki_decl.h"
33 
34 /*
35 TODO :
36  - Handle that the security level of the update is not higher than the security level of the endpoint
37  (The following issue has been SUBMITTED : https://mantis.opcfoundation.org/view.php?id=8976)
38 */
39 
89 SOPC_ReturnStatus SOPC_PKIProvider_CreateFromStore(const char* directoryStorePath, SOPC_PKIProvider** ppPKI);
90 
121  SOPC_CRLList* pTrustedCrl,
122  SOPC_CertificateList* pIssuerCerts,
123  SOPC_CRLList* pIssuerCrl,
124  SOPC_PKIProvider** ppPKI);
125 
137 
156 
173 
185 
197 
204 
219 SOPC_ReturnStatus SOPC_PKIProvider_CreateProfile(const char* securityPolicyUri, SOPC_PKI_Profile** ppProfile);
220 
239 
251 
263 
272 
279 
299  const SOPC_CertificateList* pToValidate,
300  const SOPC_PKI_Profile* pProfile,
301  uint32_t* error);
302 
321  const SOPC_PKI_ChainProfile* pProfile,
322  uint32_t** pErrors,
323  char*** ppThumbprints,
324  uint32_t* pLength);
325 
338  const SOPC_PKI_LeafProfile* pProfile,
339  uint32_t* error);
340 
351 SOPC_ReturnStatus SOPC_PKIProvider_SetStorePath(const char* directoryStorePath, SOPC_PKIProvider* pPKI);
352 
371 SOPC_ReturnStatus SOPC_PKIProvider_WriteToStore(SOPC_PKIProvider* pPKI, const bool bEraseExistingFiles);
372 
397  SOPC_CertificateList** ppTrustedCerts,
398  SOPC_CRLList** ppTrustedCrl,
399  SOPC_CertificateList** ppIssuerCerts,
400  SOPC_CRLList** ppIssuerCrl);
401 
412 
428 
441 
458  const char* securityPolicyUri,
459  SOPC_CertificateList* pTrustedCerts,
460  SOPC_CRLList* pTrustedCrl,
461  SOPC_CertificateList* pIssuerCerts,
462  SOPC_CRLList* pIssuerCrl,
463  const bool bIncludeExistingList);
464 
480  const char* pThumbprint,
481  const bool bIsTrusted,
482  bool* pIsRemoved,
483  bool* pIsIssuer);
484 
491 
492 #endif /* SOPC_PKI_STACK_LIB_ITF_H_ */
sopc_pki_decl.h
Defines the common declarations for the PKI objects. The structures and macros defined in this file a...
SOPC_PKIProvider_DeleteLeafProfile
void SOPC_PKIProvider_DeleteLeafProfile(SOPC_PKI_LeafProfile **ppProfile)
Delete a leaf profile.
SOPC_PKIProvider_DeleteProfile
void SOPC_PKIProvider_DeleteProfile(SOPC_PKI_Profile **ppProfile)
Delete a PKI profile.
SOPC_PKIProvider_CreateProfile
SOPC_ReturnStatus SOPC_PKIProvider_CreateProfile(const char *securityPolicyUri, SOPC_PKI_Profile **ppProfile)
Create a PKI profile for a validation process. Backward interoperability is enabled....
SOPC_PKI_ChainProfile
Structure containing the certificate chain profile for the validation with SOPC_PKIProvider_ValidateC...
Definition: sopc_pki_struct_lib_internal.h:92
SOPC_PKIProvider_ProfileSetURL
SOPC_ReturnStatus SOPC_PKIProvider_ProfileSetURL(SOPC_PKI_Profile *pProfile, const char *url)
Set the endpoint URL used for connection to the PKI profile.
SOPC_CertificateList
The signed public key representation.
Definition: key_manager_cyclone.h:60
SOPC_PKIProvider
The PKIProvider object for the Public Key Infrastructure.
Definition: sopc_pki_struct_lib_internal.h:129
SOPC_PKIProvider_CreateFromStore
SOPC_ReturnStatus SOPC_PKIProvider_CreateFromStore(const char *directoryStorePath, SOPC_PKIProvider **ppPKI)
Creates the PKIProvider from a directory where certificates are stored.
SOPC_PKIProvider_WriteOrAppendToList
SOPC_ReturnStatus SOPC_PKIProvider_WriteOrAppendToList(SOPC_PKIProvider *pPKI, SOPC_CertificateList **ppTrustedCerts, SOPC_CRLList **ppTrustedCrl, SOPC_CertificateList **ppIssuerCerts, SOPC_CRLList **ppIssuerCrl)
Extracts certificates from the PKI object.
SOPC_PKIProvider_LeafProfileSetURI
SOPC_ReturnStatus SOPC_PKIProvider_LeafProfileSetURI(SOPC_PKI_LeafProfile *pProfile, const char *applicationUri)
Set the application URI to the leaf profile.
SOPC_PKIProvider_VerifyEveryCertificate
SOPC_ReturnStatus SOPC_PKIProvider_VerifyEveryCertificate(SOPC_PKIProvider *pPKI, const SOPC_PKI_ChainProfile *pProfile, uint32_t **pErrors, char ***ppThumbprints, uint32_t *pLength)
Verify every certificate of the PKI.
SOPC_PKIProvider_RemoveCertificate
SOPC_ReturnStatus SOPC_PKIProvider_RemoveCertificate(SOPC_PKIProvider *pPKI, const char *pThumbprint, const bool bIsTrusted, bool *pIsRemoved, bool *pIsIssuer)
Remove all the certificates matching with the given thumbprint. If the Certificate is a CA Certificat...
SOPC_PKIProvider_WriteToStore
SOPC_ReturnStatus SOPC_PKIProvider_WriteToStore(SOPC_PKIProvider *pPKI, const bool bEraseExistingFiles)
Write the certificate files in the updatedTrustList folder of the PKI storage. The updatedTrustList f...
SOPC_PKIProvider_ValidateCertificate
SOPC_ReturnStatus SOPC_PKIProvider_ValidateCertificate(SOPC_PKIProvider *pPKI, const SOPC_CertificateList *pToValidate, const SOPC_PKI_Profile *pProfile, uint32_t *error)
Validation function for a certificate with the PKI chain.
SOPC_PKIProvider_CreateLeafProfile
SOPC_ReturnStatus SOPC_PKIProvider_CreateLeafProfile(const char *securityPolicyUri, SOPC_PKI_LeafProfile **ppProfile)
Create a leaf certificate profile from security policy to check certificate properties.
SOPC_PKIProvider_UpdateFromList
SOPC_ReturnStatus SOPC_PKIProvider_UpdateFromList(SOPC_PKIProvider *pPKI, const char *securityPolicyUri, SOPC_CertificateList *pTrustedCerts, SOPC_CRLList *pTrustedCrl, SOPC_CertificateList *pIssuerCerts, SOPC_CRLList *pIssuerCrl, const bool bIncludeExistingList)
Update the PKI with new lists of certificates and CRL.
SOPC_PKIProvider_CreateMinimalUserProfile
SOPC_ReturnStatus SOPC_PKIProvider_CreateMinimalUserProfile(SOPC_PKI_Profile **ppProfile)
Create a minimal PKI profile for user validation process.
SOPC_PKIProvider_Free
void SOPC_PKIProvider_Free(SOPC_PKIProvider **ppPKI)
Free a PKI provider.
SOPC_PKI_LeafProfile
Structure containing the leaf certificate profile for validation with SOPC_PKIProvider_ValidateCertif...
Definition: sopc_pki_struct_lib_internal.h:63
SOPC_PKIProvider_CheckLeafCertificate
SOPC_ReturnStatus SOPC_PKIProvider_CheckLeafCertificate(const SOPC_CertificateList *pToValidate, const SOPC_PKI_LeafProfile *pProfile, uint32_t *error)
Check leaf certificate properties.
SOPC_PKIProvider_CopyRejectedList
SOPC_ReturnStatus SOPC_PKIProvider_CopyRejectedList(SOPC_PKIProvider *pPKI, SOPC_CertificateList **ppCert)
Copy the list of certificate that have been rejected.
SOPC_PKIProvider_LeafProfileSetURL
SOPC_ReturnStatus SOPC_PKIProvider_LeafProfileSetURL(SOPC_PKI_LeafProfile *pProfile, const char *url)
Set the endpoint URL used for connection to the leaf profile.
SOPC_PKIProvider_ProfileSetUsageFromType
SOPC_ReturnStatus SOPC_PKIProvider_ProfileSetUsageFromType(SOPC_PKI_Profile *pProfile, SOPC_PKI_Type PKIType)
Set the properties to the PKI profile from the PKI type.
SOPC_PKIProvider_SetStorePath
SOPC_ReturnStatus SOPC_PKIProvider_SetStorePath(const char *directoryStorePath, SOPC_PKIProvider *pPKI)
Redefines the directory store where the certificates will be stored with SOPC_PKIProvider_WriteToStor...
SOPC_PKI_Type
SOPC_PKI_Type
Type of PKI.
Definition: sopc_pki_decl.h:129
SOPC_PKIProvider_ProfileSetURI
SOPC_ReturnStatus SOPC_PKIProvider_ProfileSetURI(SOPC_PKI_Profile *pProfile, const char *applicationUri)
Set the application URI to the PKI profile.
SOPC_PKIProvider_AddCertToRejectedList
SOPC_ReturnStatus SOPC_PKIProvider_AddCertToRejectedList(SOPC_PKIProvider *pPKI, const SOPC_CertificateList *pCert)
Add a certificate to the PKI rejected list.
SOPC_PKI_Profile
Structure containing the validation configuration.
Definition: sopc_pki_struct_lib_internal.h:118
SOPC_PKIPermissive_Create
SOPC_ReturnStatus SOPC_PKIPermissive_Create(SOPC_PKIProvider **ppPKI)
Creates a PKI Provider without security.
SOPC_PKIProvider_WriteRejectedCertToStore
SOPC_ReturnStatus SOPC_PKIProvider_WriteRejectedCertToStore(SOPC_PKIProvider *pPKI)
Write the rejected certificates files in the rejected folder of the PKI storage. The format of the wr...
SOPC_CRLList
A list of Certificate Revocation Lists.
Definition: key_manager_cyclone.h:79
SOPC_PKIProvider_CreateFromList
SOPC_ReturnStatus SOPC_PKIProvider_CreateFromList(SOPC_CertificateList *pTrustedCerts, SOPC_CRLList *pTrustedCrl, SOPC_CertificateList *pIssuerCerts, SOPC_CRLList *pIssuerCrl, SOPC_PKIProvider **ppPKI)
Create the PKIProvider from list representation.
SOPC_PKIProvider_LeafProfileSetUsageFromType
SOPC_ReturnStatus SOPC_PKIProvider_LeafProfileSetUsageFromType(SOPC_PKI_LeafProfile *pProfile, SOPC_PKI_Type PKIType)
Set the keyUsage and extendedKeyUsage to the leaf profile from the PKI type.
SOPC_ReturnStatus
SOPC_ReturnStatus
Definition: libs2opc_client.h:64