view common/certhelp.h @ 1367:e7a8ec3185f2

Add nosign option to linux-createpackage and use it in create-dist-package This should prevent doubled signatures in distributed packages which were first signed on the development system with the test key and then from the administrator application.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 24 Nov 2014 14:03:47 +0100
parents 265583011f24
children
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef CERTHELP_H
#define CERTHELP_H

/* Polarssl mh.h contains a conversion which gcc warns about */
#ifndef __clang__
#pragma GCC diagnostic ignored "-Wsign-conversion"
#pragma GCC diagnostic ignored "-Wconversion"
#endif
#include <polarssl/oid.h>
#include <polarssl/x509_crt.h>
#ifndef __clang__
#pragma GCC diagnostic pop
#pragma GCC diagnostic pop
#endif

#define CERT_OID_CN     (unsigned char *)OID_AT_CN "\0"
#define CERT_OID_O      (unsigned char *)OID_AT_ORGANIZATION "\0"
#define CERT_OID_OU     (unsigned char *)OID_AT_ORG_UNIT "\0"
#define CERT_OID_SN     (unsigned char *)OID_AT_SERIAL_NUMBER "\0"

#ifdef WIN32
#include <windows.h>
#include <wincrypt.h>
#endif

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @file
 * @brief Helper functinos to handle and parse X.509 certificates.
 *
 * Simple helper functions based on PolarSSL.
 */

/**
 * @brief Extracts value of an gieb OID from an x509_name object.
 *
 * The value is copyed to an bull byte terminated c-string.
 * The caller should free it after use.
 * @param[in] namebuf ponter to the x509_name object.
 * @param[in] oid the oid to search for.
 * @returns the extracted String, or NULL in failure.
 */
char *get_oid_valstr(x509_name *namebuf, unsigned char *oid);

/**
 * @brief Parse x509 certificate and retrieve specified OID from Subject.
 *
 * The value is copyed to an bull byte terminated c-string.
 * The caller should free it after use.
 * @param[in] derdata pointer to certificate in DER format.
 * @param[in] derlen length of the DER data.
 * @param[in] oid the OID to search for.
 * @returns the extracted String, or NULL in failure.
 */
char *x509_parse_subject(unsigned char *derdata, size_t derlen,
                         unsigned char *oid);

#ifdef WIN32
/**
 * @brief Parse a X509 ASN encoded base64 encoded certificate.
 *
 * This function creates a Windows cert contect for the certificate
 * encoded in b64_data. The new certificate has to be freed with
 * CertFreeCertificateContext.
 *
 * @param[in] b64_data pointer to the certificate data.
 * @param[in] b64_size sizeof the the data. (Without terminating \0)
 *
 * @returns NULL on error.
 */
PCCERT_CONTEXT b64_to_cert_context(char *b64_data, size_t b64_size);
#endif

#ifdef __cplusplus
}
#endif

#endif

http://wald.intevation.org/projects/trustbridge/