svn_x509.h revision 362181 
1/**
2 * @copyright
3 * ====================================================================
4 *    Licensed to the Apache Software Foundation (ASF) under one
5 *    or more contributor license agreements.  See the NOTICE file
6 *    distributed with this work for additional information
7 *    regarding copyright ownership.  The ASF licenses this file
8 *    to you under the Apache License, Version 2.0 (the
9 *    "License"); you may not use this file except in compliance
10 *    with the License.  You may obtain a copy of the License at
11 *
12 *      http://www.apache.org/licenses/LICENSE-2.0
13 *
14 *    Unless required by applicable law or agreed to in writing,
15 *    software distributed under the License is distributed on an
16 *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 *    KIND, either express or implied.  See the License for the
18 *    specific language governing permissions and limitations
19 *    under the License.
20 * ====================================================================
21 * @endcopyright
22 *
23 * @file svn_x509.h
24 * @brief Subversion's X509 parser
25 */
26
27#ifndef SVN_X509_H
28#define SVN_X509_H
29
30#include <apr_pools.h>
31#include <apr_tables.h>
32#include <apr_time.h>
33
34#include "svn_error.h"
35#include "svn_checksum.h"
36
37#ifdef __cplusplus
38extern "C" {
39#endif
40
41#define SVN_X509_OID_COMMON_NAME  "\x55\x04\x03"
42#define SVN_X509_OID_COUNTRY      "\x55\x04\x06"
43#define SVN_X509_OID_LOCALITY     "\x55\x04\x07"
44#define SVN_X509_OID_STATE        "\x55\x04\x08"
45#define SVN_X509_OID_ORGANIZATION "\x55\x04\x0A"
46#define SVN_X509_OID_ORG_UNIT     "\x55\x04\x0B"
47#define SVN_X509_OID_EMAIL        "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
48
49/**
50 * Representation of parsed certificate info.
51 *
52 * @since New in 1.9.
53 */
54typedef struct svn_x509_certinfo_t svn_x509_certinfo_t;
55
56/**
57 * Representation of an atttribute in an X.509 name (e.g. Subject or Issuer)
58 *
59 * @since New in 1.9.
60 */
61typedef struct svn_x509_name_attr_t svn_x509_name_attr_t;
62
63/**
64 * Parse x509 @a der certificate data from @a buf with length @a
65 * buflen and return certificate information in @a *certinfo,
66 * allocated in @a result_pool.
67 *
68 * @note This function has been written with the intent of display data in a
69 *       certificate for a user to see.  As a result, it does not do much
70 *       validation on the data it parses from the certificate.  It does not
71 *       for instance verify that the certificate is signed by the issuer.  It
72 *       does not verify a trust chain.  It does not error on critical
73 *       extensions it does not know how to parse.  So while it can be used as
74 *       part of a certificate validation scheme, it can't be used alone for
75 *       that purpose.
76 *
77 * @since New in 1.9.
78 */
79svn_error_t *
80svn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
81                    const char *buf,
82                    apr_size_t buflen,
83                    apr_pool_t *result_pool,
84                    apr_pool_t *scratch_pool);
85
86/**
87 * Returns a deep copy of the @a attr, allocated in @a result_pool.
88 * May use @a scratch_pool for temporary allocations.
89 * @since New in 1.9.
90 */
91svn_x509_name_attr_t *
92svn_x509_name_attr_dup(const svn_x509_name_attr_t *attr,
93                       apr_pool_t *result_pool,
94                       apr_pool_t *scratch_pool);
95
96/**
97 * Returns the OID of @a attr as encoded in the certificate.  The
98 * length of the OID will be set in @a len.
99 * @since New in 1.9.
100 */
101const unsigned char *
102svn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len);
103
104/**
105 * Returns the value of @a attr as a UTF-8 C string.
106 * @since New in 1.9.
107 */
108const char *
109svn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr);
110
111
112/**
113 * Returns a deep copy of @a certinfo, allocated in @a result_pool.
114 * May use @a scratch_pool for temporary allocations.
115 * @since New in 1.9.
116 */
117svn_x509_certinfo_t *
118svn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo,
119                      apr_pool_t *result_pool,
120                      apr_pool_t *scratch_pool);
121
122/**
123 * Returns the subject DN from @a certinfo.
124 * @since New in 1.9.
125 */
126const char *
127svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo,
128                              apr_pool_t *result_pool);
129
130/**
131 * Returns a list of the attributes for the subject in the @a certinfo.
132 * Each member of the list is of type svn_x509_name_attr_t.
133 *
134 * @since New in 1.9.
135 */
136const apr_array_header_t *
137svn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo);
138
139/**
140 * Returns the cerficiate issuer DN from @a certinfo.
141 * @since New in 1.9.
142 */
143const char *
144svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo,
145                             apr_pool_t *result_pool);
146
147/**
148 * Returns a list of the attributes for the issuer in the @a certinfo.
149 * Each member of the list is of type svn_x509_name_attr_t.
150 *
151 * @since New in 1.9.
152 */
153const apr_array_header_t *
154svn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo);
155
156/**
157 * Returns the start of the certificate validity period from @a certinfo.
158 *
159 * @since New in 1.9.
160 */
161apr_time_t
162svn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo);
163
164/**
165 * Returns the end of the certificate validity period from @a certinfo.
166 *
167 * @since New in 1.9.
168 */
169apr_time_t
170svn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo);
171
172/**
173 * Returns the digest (fingerprint) from @a certinfo
174 * @since New in 1.9.
175 */
176const svn_checksum_t *
177svn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo);
178
179/**
180 * Returns an array of (const char*) host names from @a certinfo.
181 *
182 * @since New in 1.9.
183 */
184const apr_array_header_t *
185svn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo);
186
187/**
188 * Given an @a oid return a null-terminated C string representation.
189 * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
190 * would be converted to the string "1.2.840.113549.1.9.1".  Returns
191 * NULL if the @a oid can't be represented as a string.
192 *
193 * @since New in 1.9. */
194const char *
195svn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len,
196                       apr_pool_t *scratch_pool, apr_pool_t *result_pool);
197
198#ifdef __cplusplus
199}
200#endif
201#endif        /* SVN_X509_H */
202