Subversion: svn_x509.h Source File

00001 /**
00002  * @copyright
00003  * ====================================================================
00004  *    Licensed to the Apache Software Foundation (ASF) under one
00005  *    or more contributor license agreements.  See the NOTICE file
00006  *    distributed with this work for additional information
00007  *    regarding copyright ownership.  The ASF licenses this file
00008  *    to you under the Apache License, Version 2.0 (the
00009  *    "License"); you may not use this file except in compliance
00010  *    with the License.  You may obtain a copy of the License at
00011  *
00012  *      http://www.apache.org/licenses/LICENSE-2.0
00013  *
00014  *    Unless required by applicable law or agreed to in writing,
00015  *    software distributed under the License is distributed on an
00016  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
00017  *    KIND, either express or implied.  See the License for the
00018  *    specific language governing permissions and limitations
00019  *    under the License.
00020  * ====================================================================
00021  * @endcopyright
00022  *
00023  * @file svn_x509.h
00024  * @brief Subversion's X509 parser
00025  */
00026 
00027 #ifndef SVN_X509_H
00028 #define SVN_X509_H
00029 
00030 #include <apr_pools.h>
00031 #include <apr_tables.h>
00032 #include <apr_time.h>
00033 
00034 #include "svn_error.h"
00035 #include "svn_checksum.h"
00036 
00037 #ifdef __cplusplus
00038 extern "C" {
00039 #endif
00040 
00041 #define SVN_X509_OID_COMMON_NAME  "\x55\x04\x03"
00042 #define SVN_X509_OID_COUNTRY      "\x55\x04\x06"
00043 #define SVN_X509_OID_LOCALITY     "\x55\x04\x07"
00044 #define SVN_X509_OID_STATE        "\x55\x04\x08"
00045 #define SVN_X509_OID_ORGANIZATION "\x55\x04\x0A"
00046 #define SVN_X509_OID_ORG_UNIT     "\x55\x04\x0B"
00047 #define SVN_X509_OID_EMAIL        "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
00048 
00049 /**
00050  * Representation of parsed certificate info.
00051  *
00052  * @since New in 1.9.
00053  */
00054 typedef struct svn_x509_certinfo_t svn_x509_certinfo_t;
00055 
00056 /**
00057  * Representation of an atttribute in an X.509 name (e.g. Subject or Issuer)
00058  *
00059  * @since New in 1.9.
00060  */
00061 typedef struct svn_x509_name_attr_t svn_x509_name_attr_t;
00062 
00063 /**
00064  * Parse x509 @a der certificate data from @a buf with length @a
00065  * buflen and return certificate information in @a *certinfo,
00066  * allocated in @a result_pool.
00067  *
00068  * @note This function has been written with the intent of display data in a
00069  *       certificate for a user to see.  As a result, it does not do much
00070  *       validation on the data it parses from the certificate.  It does not
00071  *       for instance verify that the certificate is signed by the issuer.  It
00072  *       does not verify a trust chain.  It does not error on critical
00073  *       extensions it does not know how to parse.  So while it can be used as
00074  *       part of a certificate validation scheme, it can't be used alone for
00075  *       that purpose.
00076  *
00077  * @since New in 1.9.
00078  */
00079 svn_error_t *
00080 svn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
00081                     const char *buf,
00082                     apr_size_t buflen,
00083                     apr_pool_t *result_pool,
00084                     apr_pool_t *scratch_pool);
00085 
00086 /**
00087  * Returns a deep copy of the @a attr, allocated in @a result_pool.
00088  * May use @a scratch_pool for temporary allocations.
00089  * @since New in 1.9.
00090  */
00091 svn_x509_name_attr_t *
00092 svn_x509_name_attr_dup(const svn_x509_name_attr_t *attr,
00093                        apr_pool_t *result_pool,
00094                        apr_pool_t *scratch_pool);
00095 
00096 /**
00097  * Returns the OID of @a attr as encoded in the certificate.  The
00098  * length of the OID will be set in @a len.
00099  * @since New in 1.9.
00100  */
00101 const unsigned char *
00102 svn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len);
00103 
00104 /**
00105  * Returns the value of @a attr as a UTF-8 C string.
00106  * @since New in 1.9.
00107  */
00108 const char *
00109 svn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr);
00110 
00111 
00112 /**
00113  * Returns a deep copy of @a certinfo, allocated in @a result_pool.
00114  * May use @a scratch_pool for temporary allocations.
00115  * @since New in 1.9.
00116  */
00117 svn_x509_certinfo_t *
00118 svn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo,
00119                       apr_pool_t *result_pool,
00120                       apr_pool_t *scratch_pool);
00121 
00122 /**
00123  * Returns the subject DN from @a certinfo.
00124  * @since New in 1.9.
00125  */
00126 const char *
00127 svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo,
00128                               apr_pool_t *result_pool);
00129 
00130 /**
00131  * Returns a list of the attributes for the subject in the @a certinfo.
00132  * Each member of the list is of type svn_x509_name_attr_t.
00133  *
00134  * @since New in 1.9.
00135  */
00136 const apr_array_header_t *
00137 svn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo);
00138 
00139 /**
00140  * Returns the cerficiate issuer DN from @a certinfo.
00141  * @since New in 1.9.
00142  */
00143 const char *
00144 svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo,
00145                              apr_pool_t *result_pool);
00146 
00147 /**
00148  * Returns a list of the attributes for the issuer in the @a certinfo.
00149  * Each member of the list is of type svn_x509_name_attr_t.
00150  *
00151  * @since New in 1.9.
00152  */
00153 const apr_array_header_t *
00154 svn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo);
00155 
00156 /**
00157  * Returns the start of the certificate validity period from @a certinfo.
00158  *
00159  * @since New in 1.9.
00160  */
00161 apr_time_t
00162 svn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo);
00163 
00164 /**
00165  * Returns the end of the certificate validity period from @a certinfo.
00166  *
00167  * @since New in 1.9.
00168  */
00169 const apr_time_t
00170 svn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo);
00171 
00172 /**
00173  * Returns the digest (fingerprint) from @a certinfo
00174  * @since New in 1.9.
00175  */
00176 const svn_checksum_t *
00177 svn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo);
00178 
00179 /**
00180  * Returns an array of (const char*) host names from @a certinfo.
00181  *
00182  * @since New in 1.9.
00183  */
00184 const apr_array_header_t *
00185 svn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo);
00186 
00187 /**
00188  * Given an @a oid return a null-terminated C string representation.
00189  * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
00190  * would be converted to the string "1.2.840.113549.1.9.1".  Returns
00191  * NULL if the @oid can't be represented as a string.
00192  *
00193  * @since New in 1.9. */
00194 const char *
00195 svn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len,
00196                        apr_pool_t *scratch_pool, apr_pool_t *result_pool);
00197 
00198 #ifdef __cplusplus
00199 }
00200 #endif
00201 #endif        /* SVN_X509_H */