view common/listutil.h @ 249:6a7eb102716d

Remove code duplication by unifying the certificatelist. You should now check for isInstallCert to determine wether this certificate should be installed or removed. Leaving the getInstallCertificates and getRemoveCertificates in place for compatibilty would have been easier to keep the tests stable.
author Andre Heinecke <aheinecke@intevation.de>
date Mon, 31 Mar 2014 08:06:17 +0000
parents 571f68c7a38f
children 881ce5126f07
line wrap: on
line source
#ifndef LISTUTIL_H
#define LISTUTIL_H

#ifdef __cplusplus
extern "C" {
#endif

#include <stddef.h>

/**
 * @file listutil.h
 * @brief Functions to work with the certificate list.
 */

/**
 * @brief Status of the List Operations
 */
typedef enum {
    Valid = 100, // Could be read and signature matched
    UnknownError = 1, // The expected unexpected
    TooLarge = 2, // Failed because the file exeeds the limit
    InvalidFormat = 3, // File does not appear to be in list format
    InvalidSignature = 4, // Signature was invalid
    SeekFailed = 5, // Could not seek in the file
    ReadFailed = 6, // File exists but could not read the file
    IncompatibleVersion = 7, // The Format Version does not match
    NoList = 8 // No list parsed
} list_status_t;

/* Definitions based on the format */
#define MAX_LINE_LENGTH 9999
#define MAX_LINES 1000

/**
 * @brief Obtain the complete and verified Certificate list.
 *
 * This checks if the file fileName is a valid certificate
 * list signed by the key specified in pubkey.h
 *
 * The caller has to free data.
 *
 * @param[in] fileName Name of the file (UTF-8 encoded).
 * @param[out] data Newly allocated pointer to the file content.
 * @param[out] size Size in Bytes of the file content.
 *
 * @return status of the operation.
 */
list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size);

/** @brief verify the certificate list
 *
 * The public key to verify against is the static publicKeyPEM data defined
 * in the pubkey header.
 *
 *  @param [in] data the list data
 *  @param [in] size the size of the data
 *
 *  @returns 0 if the list is valid a polarssl error or -1 otherwise
 */
int verify_list(const char *data, const size_t size);

/** @brief get a list of the certificates marked with I:
 *
 * Get a list of certificates that should be installed by the
 * certificatelist pointed to by data.
 * On Success this function makes a copy of the certificates
 * and the certificates need to be freed by the caller.
 *
 * @param [in] data the certificatelist to parse
 * @param [in] size the size of the certificatelist
 *
 * @returns a newly allocated array of strings containing the encoded
 * certificates or NULL on error.
 * */
char **get_certs_to_install(const char *data, const size_t size);

/** @brief get a list of the certificates marked with R:
 *
 * Get a list of certificates that should be removed by the
 * certificatelist pointed to by data.
 * On Success this function makes a copy of the certificates
 * and the certificates need to be freed by the caller.
 *
 * @param [in] data the certificatelist to parse
 * @param [in] size the size of the certificatelist
 *
 * @returns a newly allocated array of strings containing the encoded
 * certificates or NULL on error.
 * */
char **get_certs_to_remove(const char *data, const size_t size);


#ifdef __cplusplus
}
#endif
#endif

http://wald.intevation.org/projects/trustbridge/