3
* ====================================================================
4
* Licensed to the Apache Software Foundation (ASF) under one
5
* or more contributor license agreements. See the NOTICE file
6
* distributed with this work for additional information
7
* regarding copyright ownership. The ASF licenses this file
8
* to you under the Apache License, Version 2.0 (the
9
* "License"); you may not use this file except in compliance
10
* with the License. You may obtain a copy of the License at
12
* http://www.apache.org/licenses/LICENSE-2.0
14
* Unless required by applicable law or agreed to in writing,
15
* software distributed under the License is distributed on an
16
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17
* KIND, either express or implied. See the License for the
18
* specific language governing permissions and limitations
20
* ====================================================================
24
* @brief Subversion's X509 parser
30
#include <apr_pools.h>
31
#include <apr_tables.h>
34
#include "svn_error.h"
35
#include "svn_checksum.h"
41
#define SVN_X509_OID_COMMON_NAME "\x55\x04\x03"
42
#define SVN_X509_OID_COUNTRY "\x55\x04\x06"
43
#define SVN_X509_OID_LOCALITY "\x55\x04\x07"
44
#define SVN_X509_OID_STATE "\x55\x04\x08"
45
#define SVN_X509_OID_ORGANIZATION "\x55\x04\x0A"
46
#define SVN_X509_OID_ORG_UNIT "\x55\x04\x0B"
47
#define SVN_X509_OID_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
50
* Representation of parsed certificate info.
54
typedef struct svn_x509_certinfo_t svn_x509_certinfo_t;
57
* Representation of an atttribute in an X.509 name (e.g. Subject or Issuer)
61
typedef struct svn_x509_name_attr_t svn_x509_name_attr_t;
64
* Parse x509 @a der certificate data from @a buf with length @a
65
* buflen and return certificate information in @a *certinfo,
66
* allocated in @a result_pool.
68
* @note This function has been written with the intent of display data in a
69
* certificate for a user to see. As a result, it does not do much
70
* validation on the data it parses from the certificate. It does not
71
* for instance verify that the certificate is signed by the issuer. It
72
* does not verify a trust chain. It does not error on critical
73
* extensions it does not know how to parse. So while it can be used as
74
* part of a certificate validation scheme, it can't be used alone for
80
svn_x509_parse_cert(svn_x509_certinfo_t **certinfo,
83
apr_pool_t *result_pool,
84
apr_pool_t *scratch_pool);
87
* Returns a deep copy of the @a attr, allocated in @a result_pool.
88
* May use @a scratch_pool for temporary allocations.
91
svn_x509_name_attr_t *
92
svn_x509_name_attr_dup(const svn_x509_name_attr_t *attr,
93
apr_pool_t *result_pool,
94
apr_pool_t *scratch_pool);
97
* Returns the OID of @a attr as encoded in the certificate. The
98
* length of the OID will be set in @a len.
101
const unsigned char *
102
svn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len);
105
* Returns the value of @a attr as a UTF-8 C string.
109
svn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr);
113
* Returns a deep copy of @a certinfo, allocated in @a result_pool.
114
* May use @a scratch_pool for temporary allocations.
117
svn_x509_certinfo_t *
118
svn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo,
119
apr_pool_t *result_pool,
120
apr_pool_t *scratch_pool);
123
* Returns the subject DN from @a certinfo.
127
svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo,
128
apr_pool_t *result_pool);
131
* Returns a list of the attributes for the subject in the @a certinfo.
132
* Each member of the list is of type svn_x509_name_attr_t.
136
const apr_array_header_t *
137
svn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo);
140
* Returns the cerficiate issuer DN from @a certinfo.
144
svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo,
145
apr_pool_t *result_pool);
148
* Returns a list of the attributes for the issuer in the @a certinfo.
149
* Each member of the list is of type svn_x509_name_attr_t.
153
const apr_array_header_t *
154
svn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo);
157
* Returns the start of the certificate validity period from @a certinfo.
162
svn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo);
165
* Returns the end of the certificate validity period from @a certinfo.
170
svn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo);
173
* Returns the digest (fingerprint) from @a certinfo
176
const svn_checksum_t *
177
svn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo);
180
* Returns an array of (const char*) host names from @a certinfo.
184
const apr_array_header_t *
185
svn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo);
188
* Given an @a oid return a null-terminated C string representation.
189
* For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
190
* would be converted to the string "1.2.840.113549.1.9.1". Returns
191
* NULL if the @oid can't be represented as a string.
193
* @since New in 1.9. */
195
svn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len,
196
apr_pool_t *scratch_pool, apr_pool_t *result_pool);
201
#endif /* SVN_X509_H */