1289177Speter/**
2289177Speter * @copyright
3289177Speter * ====================================================================
4289177Speter *    Licensed to the Apache Software Foundation (ASF) under one
5289177Speter *    or more contributor license agreements.  See the NOTICE file
6289177Speter *    distributed with this work for additional information
7289177Speter *    regarding copyright ownership.  The ASF licenses this file
8289177Speter *    to you under the Apache License, Version 2.0 (the
9289177Speter *    "License"); you may not use this file except in compliance
10289177Speter *    with the License.  You may obtain a copy of the License at
11289177Speter *
12289177Speter *      http://www.apache.org/licenses/LICENSE-2.0
13289177Speter *
14289177Speter *    Unless required by applicable law or agreed to in writing,
15289177Speter *    software distributed under the License is distributed on an
16289177Speter *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17289177Speter *    KIND, either express or implied.  See the License for the
18289177Speter *    specific language governing permissions and limitations
19289177Speter *    under the License.
20289177Speter * ====================================================================
21289177Speter * @endcopyright
22289177Speter *
23289177Speter * @file svn_x509.h
24289177Speter * @brief Subversion's X509 parser
25289177Speter */
26289177Speter
27289177Speter#ifndef SVN_X509_H
28289177Speter#define SVN_X509_H
29289177Speter
30289177Speter#include <apr_pools.h>
31289177Speter#include <apr_tables.h>
32289177Speter#include <apr_time.h>
33289177Speter
34289177Speter#include "svn_error.h"
35289177Speter#include "svn_checksum.h"
36289177Speter
37289177Speter#ifdef __cplusplus
38289177Speterextern "C" {
39289177Speter#endif
40289177Speter
41289177Speter#define SVN_X509_OID_COMMON_NAME  "\x55\x04\x03"
42289177Speter#define SVN_X509_OID_COUNTRY      "\x55\x04\x06"
43289177Speter#define SVN_X509_OID_LOCALITY     "\x55\x04\x07"
44289177Speter#define SVN_X509_OID_STATE        "\x55\x04\x08"
45289177Speter#define SVN_X509_OID_ORGANIZATION "\x55\x04\x0A"
46289177Speter#define SVN_X509_OID_ORG_UNIT     "\x55\x04\x0B"
47289177Speter#define SVN_X509_OID_EMAIL        "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
48289177Speter
49289177Speter/**
50289177Speter * Representation of parsed certificate info.
51289177Speter *
52289177Speter * @since New in 1.9.
53289177Speter */
54289177Spetertypedef struct svn_x509_certinfo_t svn_x509_certinfo_t;
55289177Speter
56289177Speter/**
57289177Speter * Representation of an atttribute in an X.509 name (e.g. Subject or Issuer)
58289177Speter *
59289177Speter * @since New in 1.9.
60289177Speter */
61289177Spetertypedef struct svn_x509_name_attr_t svn_x509_name_attr_t;
62289177Speter
63289177Speter/**
64289177Speter * Parse x509 @a der certificate data from @a buf with length @a
65289177Speter * buflen and return certificate information in @a *certinfo,
66289177Speter * allocated in @a result_pool.
67289177Speter *
68289177Speter * @note This function has been written with the intent of display data in a
69289177Speter *       certificate for a user to see.  As a result, it does not do much
70289177Speter *       validation on the data it parses from the certificate.  It does not
71289177Speter *       for instance verify that the certificate is signed by the issuer.  It
72289177Speter *       does not verify a trust chain.  It does not error on critical
73289177Speter *       extensions it does not know how to parse.  So while it can be used as
74289177Speter *       part of a certificate validation scheme, it can't be used alone for
75289177Speter *       that purpose.
76289177Speter *
77289177Speter * @since New in 1.9.
78289177Speter */
79289177Spetersvn_error_t *
80289177Spetersvn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
81289177Speter                    const char *buf,
82289177Speter                    apr_size_t buflen,
83289177Speter                    apr_pool_t *result_pool,
84289177Speter                    apr_pool_t *scratch_pool);
85289177Speter
86289177Speter/**
87289177Speter * Returns a deep copy of the @a attr, allocated in @a result_pool.
88289177Speter * May use @a scratch_pool for temporary allocations.
89289177Speter * @since New in 1.9.
90289177Speter */
91289177Spetersvn_x509_name_attr_t *
92289177Spetersvn_x509_name_attr_dup(const svn_x509_name_attr_t *attr,
93289177Speter                       apr_pool_t *result_pool,
94289177Speter                       apr_pool_t *scratch_pool);
95289177Speter
96289177Speter/**
97289177Speter * Returns the OID of @a attr as encoded in the certificate.  The
98289177Speter * length of the OID will be set in @a len.
99289177Speter * @since New in 1.9.
100289177Speter */
101289177Speterconst unsigned char *
102289177Spetersvn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len);
103289177Speter
104289177Speter/**
105289177Speter * Returns the value of @a attr as a UTF-8 C string.
106289177Speter * @since New in 1.9.
107289177Speter */
108289177Speterconst char *
109289177Spetersvn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr);
110289177Speter
111289177Speter
112289177Speter/**
113289177Speter * Returns a deep copy of @a certinfo, allocated in @a result_pool.
114289177Speter * May use @a scratch_pool for temporary allocations.
115289177Speter * @since New in 1.9.
116289177Speter */
117289177Spetersvn_x509_certinfo_t *
118289177Spetersvn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo,
119289177Speter                      apr_pool_t *result_pool,
120289177Speter                      apr_pool_t *scratch_pool);
121289177Speter
122289177Speter/**
123289177Speter * Returns the subject DN from @a certinfo.
124289177Speter * @since New in 1.9.
125289177Speter */
126289177Speterconst char *
127289177Spetersvn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo,
128289177Speter                              apr_pool_t *result_pool);
129289177Speter
130289177Speter/**
131289177Speter * Returns a list of the attributes for the subject in the @a certinfo.
132289177Speter * Each member of the list is of type svn_x509_name_attr_t.
133289177Speter *
134289177Speter * @since New in 1.9.
135289177Speter */
136289177Speterconst apr_array_header_t *
137289177Spetersvn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo);
138289177Speter
139289177Speter/**
140289177Speter * Returns the cerficiate issuer DN from @a certinfo.
141289177Speter * @since New in 1.9.
142289177Speter */
143289177Speterconst char *
144289177Spetersvn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo,
145289177Speter                             apr_pool_t *result_pool);
146289177Speter
147289177Speter/**
148289177Speter * Returns a list of the attributes for the issuer in the @a certinfo.
149289177Speter * Each member of the list is of type svn_x509_name_attr_t.
150289177Speter *
151289177Speter * @since New in 1.9.
152289177Speter */
153289177Speterconst apr_array_header_t *
154289177Spetersvn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo);
155289177Speter
156289177Speter/**
157289177Speter * Returns the start of the certificate validity period from @a certinfo.
158289177Speter *
159289177Speter * @since New in 1.9.
160289177Speter */
161289177Speterapr_time_t
162289177Spetersvn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo);
163289177Speter
164289177Speter/**
165289177Speter * Returns the end of the certificate validity period from @a certinfo.
166289177Speter *
167289177Speter * @since New in 1.9.
168289177Speter */
169289177Speterconst apr_time_t
170289177Spetersvn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo);
171289177Speter
172289177Speter/**
173289177Speter * Returns the digest (fingerprint) from @a certinfo
174289177Speter * @since New in 1.9.
175289177Speter */
176289177Speterconst svn_checksum_t *
177289177Spetersvn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo);
178289177Speter
179289177Speter/**
180289177Speter * Returns an array of (const char*) host names from @a certinfo.
181289177Speter *
182289177Speter * @since New in 1.9.
183289177Speter */
184289177Speterconst apr_array_header_t *
185289177Spetersvn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo);
186289177Speter
187289177Speter/**
188289177Speter * Given an @a oid return a null-terminated C string representation.
189289177Speter * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
190289177Speter * would be converted to the string "1.2.840.113549.1.9.1".  Returns
191289177Speter * NULL if the @oid can't be represented as a string.
192289177Speter *
193289177Speter * @since New in 1.9. */
194289177Speterconst char *
195289177Spetersvn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len,
196289177Speter                       apr_pool_t *scratch_pool, apr_pool_t *result_pool);
197289177Speter
198289177Speter#ifdef __cplusplus
199289177Speter}
200289177Speter#endif
201289177Speter#endif        /* SVN_X509_H */
202