1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef CF_X509_CERTIFICATE_H
17 #define CF_X509_CERTIFICATE_H
18 
19 #include "certificate.h"
20 #include "cf_blob.h"
21 #include "cf_result.h"
22 #include "x509_cert_match_parameters.h"
23 #include "x509_distinguished_name.h"
24 
25 typedef struct HcfX509Certificate HcfX509Certificate;
26 
27 struct HcfX509Certificate {
28     /** HcfCX509Certificate inherit HcfCertificate. */
29     HcfCertificate base;
30 
31     /** Check whether the certificate is valid at the given time.
32      * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
33     */
34     CfResult (*checkValidityWithDate)(HcfX509Certificate *self, const char *date);
35 
36     /** Get version number from certificate. */
37     long (*getVersion)(HcfX509Certificate *self);
38 
39     /** Get serial number from certificate. */
40     CfResult (*getSerialNumber)(HcfX509Certificate *self, CfBlob *out);
41 
42     /** Get issuer distinguished name from certificate. */
43     CfResult (*getIssuerName)(HcfX509Certificate *self, CfBlob *out);
44 
45     /** Get subject distinguished name from certificate. */
46     CfResult (*getSubjectName)(HcfX509Certificate *self, CfBlob *out);
47 
48     /** Get the not before time within the validity period of the certificate.
49      * time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
50      */
51     CfResult (*getNotBeforeTime)(HcfX509Certificate *self, CfBlob *outDate);
52 
53     /** Get the not after time within the validity period of the certificate.
54      *  time format: YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
55      */
56     CfResult (*getNotAfterTime)(HcfX509Certificate *self, CfBlob *outDate);
57 
58     /** Get signature value from certificate. */
59     CfResult (*getSignature)(HcfX509Certificate *self, CfBlob *sigOut);
60 
61     /** Get signature algorithm name from certificate. */
62     CfResult (*getSignatureAlgName)(HcfX509Certificate *self, CfBlob *outName);
63 
64     /** Get signature algorithm oid from certificate. */
65     CfResult (*getSignatureAlgOid)(HcfX509Certificate *self, CfBlob *out);
66 
67     /** Get the DER encoded signature algorithm parameters from the signature algorithm of the certificate. */
68     CfResult (*getSignatureAlgParams)(HcfX509Certificate *self, CfBlob *sigAlgParamsOut);
69 
70     /** Get a Boolean array representing the bits of keyuse extension.
71      * The key usage extension defines the purpose of the key. */
72     CfResult (*getKeyUsage)(HcfX509Certificate *self, CfBlob *boolArr);
73 
74     /** Get a const string list that represents the object identifier of the extkeyusage. */
75     CfResult (*getExtKeyUsage)(HcfX509Certificate *self, CfArray *keyUsageOut);
76 
77     /** Get the path length of the certificate constraint from the key extensions(BasicConstraints).
78      * The BasicConstraints identify whether the issuer of the certificate is CA and the depth of the cert chain.
79      * Only when CA is set to true, pathLenConstraint is meaningful.
80      */
81     int32_t (*getBasicConstraints)(HcfX509Certificate *self);
82 
83     /** Get subject alternative name from certificate. */
84     CfResult (*getSubjectAltNames)(HcfX509Certificate *self, CfArray *outName);
85 
86     /** Get issuer alternative name from certificate. */
87     CfResult (*getIssuerAltNames)(HcfX509Certificate *self, CfArray *outName);
88 
89     /** Match the ceritificate with X509CertMatchParameters. */
90     CfResult (*match)(HcfX509Certificate *self, const HcfX509CertMatchParams *matchParams, bool *out);
91 
92     /** Get CRL distribution points URI from certificate. */
93     CfResult (*getCRLDistributionPointsURI)(HcfX509Certificate *self, CfArray *outURI);
94 
95     /** Get the string of ceritificate. */
96     CfResult (*toString)(HcfX509Certificate *self, CfBlob *out);
97 
98     /** Get the hashCode of ceritificate. */
99     CfResult (*hashCode)(HcfX509Certificate *self, CfBlob *out);
100 
101     /** Get the Entension Object of ceritificate. */
102     CfResult (*getExtensionsObject)(HcfX509Certificate *self, CfBlob *out);
103 
104     /** Get subject distinguished name utf8 type from certificate. */
105     CfResult (*getSubjectNameEx)(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out);
106 };
107 
108 typedef struct HcfX509CertificateArray HcfX509CertificateArray;
109 struct HcfX509CertificateArray {
110     HcfX509Certificate **data;
111     uint32_t count;
112 };
113 
114 #ifdef __cplusplus
115 extern "C" {
116 #endif
117 
118 CfResult HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj);
119 
120 #ifdef __cplusplus
121 }
122 #endif
123 
124 #endif // CF_X509_CERTIFICATE_H
125 
126