view common/listutil.h @ 248:9f0865dc8b14

Add accessor to check if the certificate should be installed
author Andre Heinecke <aheinecke@intevation.de>
date Mon, 31 Mar 2014 08:03:20 +0000
parents 571f68c7a38f
children 881ce5126f07
line wrap: on
line source
#ifndef LISTUTIL_H
#define LISTUTIL_H

#ifdef __cplusplus
extern "C" {
#endif

#include <stddef.h>

/**
 * @file listutil.h
 * @brief Functions to work with the certificate list.
 */

/**
 * @brief Status of the List Operations
 */
typedef enum {
    Valid = 100, // Could be read and signature matched
    UnknownError = 1, // The expected unexpected
    TooLarge = 2, // Failed because the file exeeds the limit
    InvalidFormat = 3, // File does not appear to be in list format
    InvalidSignature = 4, // Signature was invalid
    SeekFailed = 5, // Could not seek in the file
    ReadFailed = 6, // File exists but could not read the file
    IncompatibleVersion = 7, // The Format Version does not match
    NoList = 8 // No list parsed
} list_status_t;

/* Definitions based on the format */
#define MAX_LINE_LENGTH 9999
#define MAX_LINES 1000

/**
 * @brief Obtain the complete and verified Certificate list.
 *
 * This checks if the file fileName is a valid certificate
 * list signed by the key specified in pubkey.h
 *
 * The caller has to free data.
 *
 * @param[in] fileName Name of the file (UTF-8 encoded).
 * @param[out] data Newly allocated pointer to the file content.
 * @param[out] size Size in Bytes of the file content.
 *
 * @return status of the operation.
 */
list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size);

/** @brief verify the certificate list
 *
 * The public key to verify against is the static publicKeyPEM data defined
 * in the pubkey header.
 *
 *  @param [in] data the list data
 *  @param [in] size the size of the data
 *
 *  @returns 0 if the list is valid a polarssl error or -1 otherwise
 */
int verify_list(const char *data, const size_t size);

/** @brief get a list of the certificates marked with I:
 *
 * Get a list of certificates that should be installed by the
 * certificatelist pointed to by data.
 * On Success this function makes a copy of the certificates
 * and the certificates need to be freed by the caller.
 *
 * @param [in] data the certificatelist to parse
 * @param [in] size the size of the certificatelist
 *
 * @returns a newly allocated array of strings containing the encoded
 * certificates or NULL on error.
 * */
char **get_certs_to_install(const char *data, const size_t size);

/** @brief get a list of the certificates marked with R:
 *
 * Get a list of certificates that should be removed by the
 * certificatelist pointed to by data.
 * On Success this function makes a copy of the certificates
 * and the certificates need to be freed by the caller.
 *
 * @param [in] data the certificatelist to parse
 * @param [in] size the size of the certificatelist
 *
 * @returns a newly allocated array of strings containing the encoded
 * certificates or NULL on error.
 * */
char **get_certs_to_remove(const char *data, const size_t size);


#ifdef __cplusplus
}
#endif
#endif

http://wald.intevation.org/projects/trustbridge/