1289177Speter/** 2289177Speter * @copyright 3289177Speter * ==================================================================== 4289177Speter * Licensed to the Apache Software Foundation (ASF) under one 5289177Speter * or more contributor license agreements. See the NOTICE file 6289177Speter * distributed with this work for additional information 7289177Speter * regarding copyright ownership. The ASF licenses this file 8289177Speter * to you under the Apache License, Version 2.0 (the 9289177Speter * "License"); you may not use this file except in compliance 10289177Speter * with the License. You may obtain a copy of the License at 11289177Speter * 12289177Speter * http://www.apache.org/licenses/LICENSE-2.0 13289177Speter * 14289177Speter * Unless required by applicable law or agreed to in writing, 15289177Speter * software distributed under the License is distributed on an 16289177Speter * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17289177Speter * KIND, either express or implied. See the License for the 18289177Speter * specific language governing permissions and limitations 19289177Speter * under the License. 20289177Speter * ==================================================================== 21289177Speter * @endcopyright 22289177Speter * 23289177Speter * @file svn_x509.h 24289177Speter * @brief Subversion's X509 parser 25289177Speter */ 26289177Speter 27289177Speter#ifndef SVN_X509_H 28289177Speter#define SVN_X509_H 29289177Speter 30289177Speter#include <apr_pools.h> 31289177Speter#include <apr_tables.h> 32289177Speter#include <apr_time.h> 33289177Speter 34289177Speter#include "svn_error.h" 35289177Speter#include "svn_checksum.h" 36289177Speter 37289177Speter#ifdef __cplusplus 38289177Speterextern "C" { 39289177Speter#endif 40289177Speter 41289177Speter#define SVN_X509_OID_COMMON_NAME "\x55\x04\x03" 42289177Speter#define SVN_X509_OID_COUNTRY "\x55\x04\x06" 43289177Speter#define SVN_X509_OID_LOCALITY "\x55\x04\x07" 44289177Speter#define SVN_X509_OID_STATE "\x55\x04\x08" 45289177Speter#define SVN_X509_OID_ORGANIZATION "\x55\x04\x0A" 46289177Speter#define SVN_X509_OID_ORG_UNIT "\x55\x04\x0B" 47289177Speter#define SVN_X509_OID_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" 48289177Speter 49289177Speter/** 50289177Speter * Representation of parsed certificate info. 51289177Speter * 52289177Speter * @since New in 1.9. 53289177Speter */ 54289177Spetertypedef struct svn_x509_certinfo_t svn_x509_certinfo_t; 55289177Speter 56289177Speter/** 57289177Speter * Representation of an atttribute in an X.509 name (e.g. Subject or Issuer) 58289177Speter * 59289177Speter * @since New in 1.9. 60289177Speter */ 61289177Spetertypedef struct svn_x509_name_attr_t svn_x509_name_attr_t; 62289177Speter 63289177Speter/** 64289177Speter * Parse x509 @a der certificate data from @a buf with length @a 65289177Speter * buflen and return certificate information in @a *certinfo, 66289177Speter * allocated in @a result_pool. 67289177Speter * 68289177Speter * @note This function has been written with the intent of display data in a 69289177Speter * certificate for a user to see. As a result, it does not do much 70289177Speter * validation on the data it parses from the certificate. It does not 71289177Speter * for instance verify that the certificate is signed by the issuer. It 72289177Speter * does not verify a trust chain. It does not error on critical 73289177Speter * extensions it does not know how to parse. So while it can be used as 74289177Speter * part of a certificate validation scheme, it can't be used alone for 75289177Speter * that purpose. 76289177Speter * 77289177Speter * @since New in 1.9. 78289177Speter */ 79289177Spetersvn_error_t * 80289177Spetersvn_x509_parse_cert(svn_x509_certinfo_t **certinfo, 81289177Speter const char *buf, 82289177Speter apr_size_t buflen, 83289177Speter apr_pool_t *result_pool, 84289177Speter apr_pool_t *scratch_pool); 85289177Speter 86289177Speter/** 87289177Speter * Returns a deep copy of the @a attr, allocated in @a result_pool. 88289177Speter * May use @a scratch_pool for temporary allocations. 89289177Speter * @since New in 1.9. 90289177Speter */ 91289177Spetersvn_x509_name_attr_t * 92289177Spetersvn_x509_name_attr_dup(const svn_x509_name_attr_t *attr, 93289177Speter apr_pool_t *result_pool, 94289177Speter apr_pool_t *scratch_pool); 95289177Speter 96289177Speter/** 97289177Speter * Returns the OID of @a attr as encoded in the certificate. The 98289177Speter * length of the OID will be set in @a len. 99289177Speter * @since New in 1.9. 100289177Speter */ 101289177Speterconst unsigned char * 102289177Spetersvn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len); 103289177Speter 104289177Speter/** 105289177Speter * Returns the value of @a attr as a UTF-8 C string. 106289177Speter * @since New in 1.9. 107289177Speter */ 108289177Speterconst char * 109289177Spetersvn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr); 110289177Speter 111289177Speter 112289177Speter/** 113289177Speter * Returns a deep copy of @a certinfo, allocated in @a result_pool. 114289177Speter * May use @a scratch_pool for temporary allocations. 115289177Speter * @since New in 1.9. 116289177Speter */ 117289177Spetersvn_x509_certinfo_t * 118289177Spetersvn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo, 119289177Speter apr_pool_t *result_pool, 120289177Speter apr_pool_t *scratch_pool); 121289177Speter 122289177Speter/** 123289177Speter * Returns the subject DN from @a certinfo. 124289177Speter * @since New in 1.9. 125289177Speter */ 126289177Speterconst char * 127289177Spetersvn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo, 128289177Speter apr_pool_t *result_pool); 129289177Speter 130289177Speter/** 131289177Speter * Returns a list of the attributes for the subject in the @a certinfo. 132289177Speter * Each member of the list is of type svn_x509_name_attr_t. 133289177Speter * 134289177Speter * @since New in 1.9. 135289177Speter */ 136289177Speterconst apr_array_header_t * 137289177Spetersvn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo); 138289177Speter 139289177Speter/** 140289177Speter * Returns the cerficiate issuer DN from @a certinfo. 141289177Speter * @since New in 1.9. 142289177Speter */ 143289177Speterconst char * 144289177Spetersvn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo, 145289177Speter apr_pool_t *result_pool); 146289177Speter 147289177Speter/** 148289177Speter * Returns a list of the attributes for the issuer in the @a certinfo. 149289177Speter * Each member of the list is of type svn_x509_name_attr_t. 150289177Speter * 151289177Speter * @since New in 1.9. 152289177Speter */ 153289177Speterconst apr_array_header_t * 154289177Spetersvn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo); 155289177Speter 156289177Speter/** 157289177Speter * Returns the start of the certificate validity period from @a certinfo. 158289177Speter * 159289177Speter * @since New in 1.9. 160289177Speter */ 161289177Speterapr_time_t 162289177Spetersvn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo); 163289177Speter 164289177Speter/** 165289177Speter * Returns the end of the certificate validity period from @a certinfo. 166289177Speter * 167289177Speter * @since New in 1.9. 168289177Speter */ 169289177Speterconst apr_time_t 170289177Spetersvn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo); 171289177Speter 172289177Speter/** 173289177Speter * Returns the digest (fingerprint) from @a certinfo 174289177Speter * @since New in 1.9. 175289177Speter */ 176289177Speterconst svn_checksum_t * 177289177Spetersvn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo); 178289177Speter 179289177Speter/** 180289177Speter * Returns an array of (const char*) host names from @a certinfo. 181289177Speter * 182289177Speter * @since New in 1.9. 183289177Speter */ 184289177Speterconst apr_array_header_t * 185289177Spetersvn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo); 186289177Speter 187289177Speter/** 188289177Speter * Given an @a oid return a null-terminated C string representation. 189289177Speter * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" 190289177Speter * would be converted to the string "1.2.840.113549.1.9.1". Returns 191289177Speter * NULL if the @oid can't be represented as a string. 192289177Speter * 193289177Speter * @since New in 1.9. */ 194289177Speterconst char * 195289177Spetersvn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len, 196289177Speter apr_pool_t *scratch_pool, apr_pool_t *result_pool); 197289177Speter 198289177Speter#ifdef __cplusplus 199289177Speter} 200289177Speter#endif 201289177Speter#endif /* SVN_X509_H */ 202