view common/listutil.h @ 639:c1b35edb097f trustbridge-refactor

New methods to modify and use the certificate list.
author Raimund Renkert <rrenkert@intevation.de>
date Tue, 24 Jun 2014 17:03:59 +0200
parents 17e1c8f37d72
children bf54c9fc0d63
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef LISTUTIL_H
#define LISTUTIL_H

#ifdef __cplusplus
extern "C" {
#endif

#include <stddef.h>

/**
 * @file listutil.h
 * @brief Functions to work with the certificate list.
 */

/**
 * @brief Status of the List Operations
 */
typedef enum {
    Valid = 100, // Could be read and signature matched
    UnknownError = 1, // The expected unexpected
    TooLarge = 2, // Failed because the file exeeds the limit
    InvalidFormat = 3, // File does not appear to be in list format
    InvalidSignature = 4, // Signature was invalid
    SeekFailed = 5, // Could not seek in the file
    ReadFailed = 6, // File exists but could not read the file
    IncompatibleVersion = 7, // The Format Version does not match
    NoList = 8 // No list parsed
} list_status_t;

/* Definitions based on the format */
#define MAX_LINE_LENGTH 9999
#define MAX_LINES 1000

/**
 * @brief Obtain the complete and verified Certificate list.
 *
 * This checks if the file fileName is a valid certificate
 * list signed by the key specified in pubkey.h
 *
 * The caller has to free data.
 *
 * @param[in] fileName Name of the file (UTF-8 encoded).
 * @param[out] data Newly allocated pointer to the file content.
 * @param[out] size Size in Bytes of the file content.
 *
 * @return status of the operation.
 */
list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size);

/** @brief verify the certificate list
 *
 * The public key to verify against is the static publicKeyPEM data defined
 * in the pubkey header.
 *
 *  @param [in] data the list data
 *  @param [in] size the size of the data
 *
 *  @returns 0 if the list is valid a polarssl error or -1 otherwise
 */
int verify_list(const char *data, const size_t size);

/** @brief get a list of the certificates marked with I: or R:
 *
 * Get a list of certificates that are contained in the
 * certificatelist pointed to by data.
 * On Success this function makes a copy of the certificates
 * and the certificates need to be freed by the caller.
 *
 * @param [in] data the certificatelist to parse
 * @param [in] size the size of the certificatelist
 *
 * @returns a newly allocated array of strings containing the encoded
 * certificates or NULL on error.
 * */
char **get_certs_from_list (char *data, const size_t size);

#ifdef __cplusplus
}
#endif
#endif

http://wald.intevation.org/projects/trustbridge/