API参考
载入中...
搜索中...
未找到
cert_mgr.h
1/*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16#ifndef CERT_MGR_H
17#define CERT_MGR_H
18
19#include <stdint.h>
20#include "hitls_type.h"
21#include "hitls_cert_type.h"
22#include "hitls_cert_reg.h"
23#include "hitls_cert.h"
24#include "bsl_hash.h"
25#include "tls_config.h"
26
27#ifdef __cplusplus
28extern "C" {
29#endif
30
31/* Used to transfer certificates, private keys, and certificate chains. */
32typedef struct {
33 HITLS_CERT_X509 *cert; /* device certificate */
34#ifdef HITLS_TLS_PROTO_TLCP11
35 /* encrypted device cert. Currently this field is used only when the peer-end encrypted certificate is stored. */
36 HITLS_CERT_X509 *encCert;
37 HITLS_CERT_Key *encPrivateKey;
38#endif
39 HITLS_CERT_Key *privateKey; /* private key corresponding to the certificate */
40 HITLS_CERT_Chain *chain; /* certificate chain */
41} CERT_Pair;
42
43struct CertMgrCtxInner {
44 uint32_t currentCertKeyType; /* keyType to the certificate in use. */
45 /* Indicates the certificate resources on the link. Only one certificate of a type can be loaded. */
46 BSL_HASH_Hash *certPairs; /* cert hash table. key keyType, value CERT_Pair */
47 HITLS_CERT_Chain *extraChain;
48 HITLS_CERT_Store *verifyStore; /* Verifies the store, which is used to verify the certificate chain. */
49 HITLS_CERT_Store *chainStore; /* Certificate chain store, used to assemble the certificate chain */
50 HITLS_CERT_Store *certStore; /* Default CA store */
51#ifndef HITLS_TLS_FEATURE_PROVIDER
52 HITLS_CERT_MgrMethod method; /* callback function */
53#endif
54 HITLS_PasswordCb defaultPasswdCb; /* Default password callback, used in loading certificate. */
55 void *defaultPasswdCbUserData; /* Set the userData used by the default password callback. */
56#ifdef HITLS_TLS_CONFIG_CERT_CALLBACK
57 HITLS_VerifyCb verifyCb; /* Certificate verification callback function */
58#endif /* HITLS_TLS_CONFIG_CERT_CALLBACK */
59#ifdef HITLS_TLS_FEATURE_CERT_CB
60 HITLS_CertCb certCb; /* Certificate callback function */
61 void *certCbArg; /* Argument for the certificate callback function */
62#endif /* HITLS_TLS_FEATURE_CERT_CB */
63 HITLS_Lib_Ctx *libCtx; /* library context */
64 const char *attrName; /* attrName */
65};
66
67#define LIBCTX_FROM_CERT_MGR_CTX(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->libCtx)
68#define ATTR_FROM_CERT_MGR_CTX(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->attrName)
69
70/* Get data from CERT_MgrCtx */
71#define SAL_CERT_GET_VERIFY_STORE(mgrCtx) ((mgrCtx)->verifyStore)
72#define SAL_CERT_GET_VERIFY_STORE_EX(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->verifyStore)
73
74#define SAL_CERT_GET_CHAIN_STORE(mgrCtx) ((mgrCtx)->chainStore)
75#define SAL_CERT_GET_CHAIN_STORE_EX(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->chainStore)
76
77#define SAL_CERT_GET_CERT_STORE(mgrCtx) ((mgrCtx)->certStore)
78#define SAL_CERT_GET_CERT_STORE_EX(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->certStore)
79
80#define SAL_CERT_GET_DEFAULT_PWD_CB(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->defaultPasswdCb)
81#define SAL_CERT_GET_DEFAULT_PWD_CB_USRDATA(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->defaultPasswdCbUserData)
82
83#ifdef HITLS_TLS_CONFIG_CERT_CALLBACK
84#define SAL_CERT_GET_VERIIFY_CB(mgrCtx) (((mgrCtx) == NULL) ? NULL : (mgrCtx)->verifyCb)
85#endif
86
87/* Get data from CERT_Pair */
88#define SAL_CERT_PAIR_GET_X509(certPair) ((certPair)->cert)
89#define SAL_CERT_PAIR_GET_X509_EX(certPair) (((certPair) == NULL) ? NULL : (certPair)->cert)
90
91#define SAL_CERT_PAIR_GET_CHAIN(certPair) ((certPair)->chain)
92
93#ifdef HITLS_TLS_PROTO_TLCP11
94#define SAL_CERT_PAIR_GET_TLCP_ENC_CERT(certPair) ((certPair)->encCert)
95#define SAL_CERT_PAIR_GET_TLCP_ENC_CERT_EX(certPair) (((certPair) == NULL) ? NULL : (certPair)->encCert)
96#endif
97
98CERT_Pair *SAL_CERT_PairDup(CERT_MgrCtx *mgrCtx, CERT_Pair *srcCertPair);
99
108void SAL_CERT_PairClear(CERT_MgrCtx *mgrCtx, CERT_Pair *certPair);
109
118void SAL_CERT_PairFree(CERT_MgrCtx *mgrCtx, CERT_Pair *certPair);
119
128int32_t SAL_CERT_HashDup(CERT_MgrCtx *destMgrCtx, CERT_MgrCtx *srcMgrCtx);
129
138bool SAL_CERT_MgrIsEnable(void);
139
147HITLS_CERT_MgrMethod *SAL_CERT_GetMgrMethod(void);
148
156CERT_MgrCtx *SAL_CERT_MgrCtxNew(void);
157
166CERT_MgrCtx *SAL_CERT_MgrCtxProviderNew(HITLS_Lib_Ctx *libCtx, const char *attrName);
167
175CERT_MgrCtx *SAL_CERT_MgrCtxDup(CERT_MgrCtx *mgrCtx);
176
184void SAL_CERT_MgrCtxFree(CERT_MgrCtx *mgrCtx);
185
194int32_t SAL_CERT_SetCertStore(CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store);
195
204int32_t SAL_CERT_SetChainStore(CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store);
205
214int32_t SAL_CERT_SetVerifyStore(CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store);
215
226int32_t SAL_CERT_SetCurrentCert(HITLS_Config *config, HITLS_CERT_X509 *cert, bool isTlcpEncCert);
227
235HITLS_CERT_X509 *SAL_CERT_GetCurrentCert(CERT_MgrCtx *mgrCtx);
236
245HITLS_CERT_X509 *SAL_CERT_GetCert(CERT_MgrCtx *mgrCtx, HITLS_CERT_KeyType keyType);
246
259int32_t SAL_CERT_SetCurrentPrivateKey(HITLS_Config *config, HITLS_CERT_Key *key, bool isTlcpEncCertPriKey);
260
270HITLS_CERT_Key *SAL_CERT_GetCurrentPrivateKey(CERT_MgrCtx *mgrCtx, bool isTlcpEncCert);
271
280HITLS_CERT_Key *SAL_CERT_GetPrivateKey(CERT_MgrCtx *mgrCtx, HITLS_CERT_KeyType keyType);
281
282int32_t SAL_CERT_AddChainCert(CERT_MgrCtx *mgrCtx, HITLS_CERT_X509 *cert);
283
284HITLS_CERT_Chain *SAL_CERT_GetCurrentChainCerts(CERT_MgrCtx *mgrCtx);
285
286void SAL_CERT_ClearCurrentChainCerts(CERT_MgrCtx *mgrCtx);
287
295void SAL_CERT_ClearCertAndKey(CERT_MgrCtx *mgrCtx);
296
297int32_t SAL_CERT_AddExtraChainCert(CERT_MgrCtx *mgrCtx, HITLS_CERT_X509 *cert);
298
299HITLS_CERT_Chain *SAL_CERT_GetExtraChainCerts(CERT_MgrCtx *mgrCtx, bool isExtraChainCertsOnly);
300
301void SAL_CERT_ClearExtraChainCerts(CERT_MgrCtx *mgrCtx);
302
314int32_t SAL_CERT_CtrlVerifyParams(HITLS_Config *config, HITLS_CERT_Store *store, uint32_t cmd, void *in, void *out);
315
324int32_t SAL_CERT_SetDefaultPasswordCb(CERT_MgrCtx *mgrCtx, HITLS_PasswordCb cb);
325
334int32_t SAL_CERT_SetDefaultPasswordCbUserdata(CERT_MgrCtx *mgrCtx, void *userdata);
335
344int32_t SAL_CERT_SetVerifyCb(CERT_MgrCtx *mgrCtx, HITLS_VerifyCb cb);
345
354int32_t SAL_CERT_SetActiveCert(CERT_MgrCtx *mgrCtx, long option);
355
365int32_t SAL_CERT_SetCertCb(CERT_MgrCtx *mgrCtx, HITLS_CertCb certCb, void *arg);
366
372void SAL_CERT_ChainFree(HITLS_CERT_Chain *chain);
373#ifdef __cplusplus
374}
375#endif
376#endif
HITLS_CERT_Key
void HITLS_CERT_Key
Describes the certificate key
定义 hitls_cert_type.h:49
HITLS_CERT_Chain
struct BslList HITLS_CERT_Chain
Describes the certificate chain
定义 hitls_cert_type.h:73
HITLS_CERT_Store
void HITLS_CERT_Store
Describes the certificate
定义 hitls_cert_type.h:55
HITLS_CERT_X509
void HITLS_CERT_X509
Describes the x509 certificate
定义 hitls_cert_type.h:37
HITLS_CERT_KeyType
HITLS_CERT_KeyType
Certificate Public Key Type
定义 hitls_cert_type.h:162
HITLS_CertCb
int32_t(* HITLS_CertCb)(HITLS_Ctx *ctx, void *arg)
Process the certificate callback.
定义 hitls_cert.h:931
HITLS_PasswordCb
int32_t(* HITLS_PasswordCb)(char *buf, int32_t bufLen, int32_t flag, void *userdata)
Password Callback
定义 hitls_cert.h:227
HITLS_Config
struct TlsConfig HITLS_Config
config context
定义 hitls_type.h:41
CERT_Pair
定义 cert_mgr.h:32
CertMgrCtxInner
定义 cert_mgr.h:43
HITLS_CERT_MgrMethod
Structure for certificate management methods
定义 hitls_cert_reg.h:324