diff options
Diffstat (limited to 'libparc/parc/security/parc_Certificate.h')
-rwxr-xr-x | libparc/parc/security/parc_Certificate.h | 352 |
1 files changed, 352 insertions, 0 deletions
diff --git a/libparc/parc/security/parc_Certificate.h b/libparc/parc/security/parc_Certificate.h new file mode 100755 index 00000000..43eb9416 --- /dev/null +++ b/libparc/parc/security/parc_Certificate.h @@ -0,0 +1,352 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file parc_Certificate.h + * @ingroup security + * @brief The API for a generic certificate. + * + */ + +#ifndef libparc_parc_Certificate_h +#define libparc_parc_Certificate_h + +#include <parc/algol/parc_Buffer.h> +#include <parc/security/parc_CertificateType.h> +#include <parc/security/parc_ContainerEncoding.h> +#include <parc/security/parc_CryptoHasher.h> +#include <parc/security/parc_Signature.h> +#include <parc/security/parc_CryptoHashType.h> +#include <parc/security/parc_Key.h> + +struct parc_certificate; +/** + * @typedef PARCCertificate + * @brief The structure for PARCCertificate + */ +typedef struct parc_certificate PARCCertificate; + +typedef struct parc_certificate_interface { + /** + * The hash of the certificate's public key. + * + * Try using `parcSigner_CreateKeyId` for a sinterfaceer interface. + * You must destroy the returned PARCCryptoHash. + * For public key, its the SHA256 digest of the public key. + * For HMAC, its the SHA256 digest of the secret key. + * + * Equivalent of (for rsa/sha256): + * openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der + * openssl sha256 -out test_rsa_pub_sha256.bin -sha256 -binary < test_rsa_pub.der + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return A `PARCCryptoHash` instance. + */ + PARCCryptoHash *(*GetPublicKeyDigest)(void *certificate); + + /** + * Returns a copy of the the certificate digest. + * + * Returns NULL for symmetric keystores. + * + * Equivalent of (for rsa/sha256): + * openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt + * openssl sha256 -out test_rsa_crt_sha256.bin -sha256 -binary < test_rsa_crt.der + * Which is also the same as (but not in der format) + * openssl x509 -in test_rsa.crt -fingerprint -sha256 + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return A `PARCCryptoHash` instance which internally contains a hash digest of the certificate. + */ + PARCCryptoHash *(*GetCertificateDigest)(void *certificate); + + /** + * Returns a copy of the DER encoded certificate. + * + * Returns NULL for symmetric keystores. + * + * Equivalent of: + * openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return A pointer to a `PARCBuffer` containing the encoded certificate. + */ + PARCBuffer *(*GetDEREncodedCertificate)(void *certificate); + + /** + * Returns a copy of the encoded public key in DER form. + * + * Equivalent of (for rsa/sha256): + * `openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der` + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return A pointer to a `PARCBuffer` containing the encoded public key. + */ + PARCBuffer *(*GetDEREncodedPublicKey)(void *certificate); + + /** + * Returns the `PARCCertificateType` of this certificate, i.e., PEM, DER, PKCS12. + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return The `PARCCertificateType` associated with this certificate. + */ + PARCCertificateType (*GetCertificateType)(const void *certificate); + + /** + * Returns the `PARCContainerEncoding` of this certificate, e.g., X509. + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return The `PARCContainerEncoding` associated with this certificate. + */ + PARCContainerEncoding (*GetContainerEncoding)(const void *certificate); +} PARCCertificateInterface; + +/** + * Create a generic `PARCCertificate` instance from a concrete `PARCCertificate` instance. + * + * NOTE: This function should not be used directly. Construct certificates using the + * `PARCCertificateFactory` instead. + * + * @param [in] impl A pointer to a concrete `PARCCertificate` interface implementation. + * @param [in] instance A pointer to the instance that implements this interface. + * + * @return NULL Memory could not be allocated. + * @return non-NULL A newly allocated `PARCCertificate` instance containing the concrete + * `PARCCertificate` instance. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = ...; + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * } + * @endcode + */ +PARCCertificate *parcCertificate_CreateFromInstance(PARCCertificateInterface *impl, void *instance); + +/** + * Increase the number of references to a `PARCCertificate` instance. + * + * Note that a new `PARCCertificate` is not created, + * only that the given `PARCCertificate` reference count is incremented. + * Discard the reference by invoking {@link parcCertificate_Release}. + * + * @param [in] certificate A pointer to the original instance. + * @return The value of the input parameter @p instance. + * + * Example: + * @code + * { + * PARCCertificate *x = parcCertificate_CreateFromInstance(...); + * PARCCertificate *x2 = parcCertificate_Acquire(x); + * + * parcCertificate_Release(&x); + * parcCertificate_Release(&x2); + * } + * @endcode + * + * @see {@link parcCertificate_Release} + */ +PARCCertificate *parcCertificate_Acquire(const PARCCertificate *certificate); + +/** + * Release a previously acquired reference to the specified instance, + * decrementing the reference count for the instance. + * + * The pointer to the instance is set to NULL as a side-effect of this function. + * + * If the invocation causes the last reference to the instance to be released, + * the instance is deallocated and the instance's implementation will perform + * additional cleanup and release other privately held references. + * + * @param [in,out] certificateP A pointer to a pointer to the instance to release. + * + * Example: + * @code + * { + * PARCCertificate *x = parcCertificate_Acquire(...); + * + * parcCertificate_Release(&x); + * } + * @endcode + * + * @see {@link parcCertificate_Acquire} + */ +void parcCertificate_Release(PARCCertificate **certificateP); + +/** + * Returns the `PARCCertificateType` of this certificate, i.e., X509. + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return The `PARCCertificateType` associated with this certificate. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCCertificateType type = parcCertificate_GetCertificateType(wrapper); + * // type == PARCCertificateType_X509 + * } + * @endcode + */ +PARCCertificateType parcCertificate_GetCertificateType(const PARCCertificate *certificate); + +/** + * Returns the `PARCContainerEncoding` of this certificate, e.g., PEM, DER. + * + * @param [in] certificate A pointer to a concrete `PARCCertificate` instance. + * + * @return The `PARCContainerEncoding` associated with this certificate. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCContainerEncoding encoding = parcCertificate_GetCertificateType(wrapper); + * // encoding == PARCCertificateType_PEM + * } + * @endcode + */ +PARCContainerEncoding parcCertificate_GetContainerEncoding(const PARCCertificate *certificate); + +/** + * Retrieve the SHA-256 hash digest of the certificate's public key. + * + * You must release the returned `PARCCryptoHash` via {@link parcCryptoHash_Release}. + * + * Equivalent of (for rsa/sha256): + * openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der + * openssl sha256 -out test_rsa_pub_sha256.bin -sha256 -binary < test_rsa_pub.der + * + * @param [in] certificate A pointer to a `PARCCertificate` instance. + * + * @return NULL Memory could not be allocated. + * @return non-NULL A `PARCCryptoHash` value which internally contains a hash digest of the certificate key. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCCryptoHash *certificateKeyDigest = parcCertificate_GetPublicKeyDigest(wrapper); + * } + * @endcode + */ +PARCCryptoHash *parcCertificate_GetPublicKeyDigest(const PARCCertificate *certificate); + +/** + * Get the SHA-256 digest of the certificate. + * + * Equivalent of (for rsa/sha256): + * openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt + * openssl sha256 -out test_rsa_crt_sha256.bin -sha256 -binary < test_rsa_crt.der + * Which is also the same as (but not in der format) + * openssl x509 -in test_rsa.crt -fingerprint -sha256 + * + * @param [in] certificate A pointer to a `PARCCertificate` instance. + * + * @return NULL Memory could not be allocated. + * @return A `PARCCryptoHash` instance which internally contains a hash digest of the certificate. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCCryptoHash *certificateKeyDigest = parcCertificate_GetPublicKeyDigest(wrapper); + * } + * @endcode + */ +PARCCryptoHash *parcCertificate_GetCertificateDigest(const PARCCertificate *certificate); + +/** + * Get a `PARCBuffer` containing the DER encoded representation of the certificate. + * + * Equivalent of: + * openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt + * + * @param [in] certificate A pointer to a `PARCCertificate` instance. + * + * @return NULL Memory could not be allocated. + * @return non-NULL A pointer to a `PARCBuffer` containing the encoded certificate. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCBuffer *certificateDER = parcCertificate_GetDEREncodedCertificate(wrapper); + * } + * @endcode + */ +PARCBuffer *parcCertificate_GetDEREncodedCertificate(const PARCCertificate *certificate); + +/** + * Get the certificate's public key in DER encoding in a `PARCBuffer`. + * + * Equivalent of (for rsa/sha256): + * `openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der` + * + * @param [in] certificate A pointer to a `PARCCertificate` instance. + * + * @return NULL Memory could not be allocated. + * @return non-NULL A pointer to a `PARCBuffer` containing the encoded certificate's public key. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCBuffer *certificateDER = parcCertificate_GetDEREncodedPublicKey(wrapper); + * } + * @endcode + */ +PARCBuffer *parcCertificate_GetDEREncodedPublicKey(const PARCCertificate *certificate); + +/** + * Get the `PARCKey` public key associated with this certificate. + * + * @param [in] certificate A pointer to a `PARCCertificate` instance. + * + * @return NULL Memory could not be allocated. + * @return non-NULL A pointer to a `PARCKey` instance. + * + * Example: + * @code + * { + * PARCX509Certificate *certificate = parcX509Certificate_CreateFromPEMFile(filename); + * PARCCertificate *wrapper = parcCertificate_CreateFromInstance(PARCX509CertificateInterface, certificate); + * + * PARCKey *publicKey = parcCertificate_GetPublicKey(wrapper); + * } + * @endcode + */ +PARCKey *parcCertificate_GetPublicKey(const PARCCertificate *certificate); +#endif // libparc_parc_Certificate_h |