Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"en-US,en;q\u003d0.5", "gen_ut":1702156956, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"402a60c9cbd258d1af8c81f38ffa7ef6", "oid":{ "oid": "cfa9d88e073533f7505853b6ed9e34ee80d8310f", "alias": [ "refs/heads/main"]},"blobname": "include/libwebsockets/lws-x509.h", "blob": "/*\n * libwebsockets - small server side websockets and web server implementation\n *\n * Copyright (C) 2010 - 2019 Andy Green \u003candy@warmcat.com\u003e\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \u0022Software\u0022), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \u0022AS IS\u0022, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nenum lws_tls_cert_info {\n\tLWS_TLS_CERT_INFO_VALIDITY_FROM,\n\t/**\u003c fills .time with the time_t the cert validity started from */\n\tLWS_TLS_CERT_INFO_VALIDITY_TO,\n\t/**\u003c fills .time with the time_t the cert validity ends at */\n\tLWS_TLS_CERT_INFO_COMMON_NAME,\n\t/**\u003c fills up to len bytes of .ns.name with the cert common name */\n\tLWS_TLS_CERT_INFO_ISSUER_NAME,\n\t/**\u003c fills up to len bytes of .ns.name with the cert issuer name */\n\tLWS_TLS_CERT_INFO_USAGE,\n\t/**\u003c fills verified with a bitfield asserting the valid uses */\n\tLWS_TLS_CERT_INFO_VERIFIED,\n\t/**\u003c fills .verified with a bool representing peer cert validity,\n\t * call returns -1 if no cert */\n\tLWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY,\n\t/**\u003c the certificate's public key, as an opaque bytestream. These\n\t * opaque bytestreams can only be compared with each other using the\n\t * same tls backend, ie, OpenSSL or mbedTLS. The different backends\n\t * produce different, incompatible representations for the same cert.\n\t */\n\tLWS_TLS_CERT_INFO_DER_RAW,\n\t/**\u003c the certificate's raw DER representation. If it's too big,\n\t * -1 is returned and the size will be returned in buf-\u003ens.len.\n\t * If the certificate cannot be found -1 is returned and 0 in\n\t * buf-\u003ens.len. */\n\tLWS_TLS_CERT_INFO_AUTHORITY_KEY_ID,\n\t/**\u003c If the cert has one, the key ID responsible for the signature */\n\tLWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER,\n\t/**\u003c If the cert has one, the issuer responsible for the signature */\n\tLWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_SERIAL,\n\t/**\u003c If the cert has one, serial number responsible for the signature */\n\tLWS_TLS_CERT_INFO_SUBJECT_KEY_ID,\n\t/**\u003c If the cert has one, the cert's subject key ID */\n};\n\nunion lws_tls_cert_info_results {\n\tunsigned int verified;\n\ttime_t time;\n\tunsigned int usage;\n\tstruct {\n\t\tint len;\n\t\t/* KEEP LAST... notice the [64] is only there because\n\t\t * name[] is not allowed in a union. The actual length of\n\t\t * name[] is arbitrary and is passed into the api using the\n\t\t * len parameter. Eg\n\t\t *\n\t\t * char big[1024];\n\t\t * union lws_tls_cert_info_results *buf \u003d\n\t\t * \t(union lws_tls_cert_info_results *)big;\n\t\t *\n\t\t * lws_tls_peer_cert_info(wsi, type, buf, sizeof(big) -\n\t\t *\t\t\t sizeof(*buf) + sizeof(buf-\u003ens.name));\n\t\t */\n\t\tchar name[64];\n\t} ns;\n};\n\nstruct lws_x509_cert;\nstruct lws_jwk;\n\n/**\n * lws_x509_create() - Allocate an lws_x509_cert object\n *\n * \u005cparam x509: pointer to lws_x509_cert pointer to be set to allocated object\n *\n * Allocates an lws_x509_cert object and set *x509 to point to it.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_x509_create(struct lws_x509_cert **x509);\n\n/**\n * lws_x509_parse_from_pem() - Read one or more x509 certs in PEM format from memory\n *\n * \u005cparam x509: pointer to lws_x509_cert object\n * \u005cparam pem: pointer to PEM format content\n * \u005cparam len: length of PEM format content\n *\n * Parses PEM certificates in memory into a native x509 representation for the\n * TLS library. If there are multiple PEM certs concatenated, they are all\n * read into the same object and exist as a \u0022chain\u0022.\n *\n * IMPORTANT for compatibility with mbedtls, the last used byte of \u005cp pem\n * must be '\u005c0' and the \u005cp len must include it.\n *\n * Returns 0 if all went OK, or nonzero for failure.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len);\n\n/**\n * lws_x509_verify() - Validate signing relationship between one or more certs\n *\t\t and a trusted CA cert\n *\n * \u005cparam x509: pointer to lws_x509_cert object, may contain multiple\n * \u005cparam trusted: a single, trusted cert object that we are checking for\n * \u005cparam common_name: NULL, or required CN (Common Name) of \u005cp x509\n *\n * Returns 0 if the cert or certs in \u005cp x509 represent a complete chain that is\n * ultimately signed by the cert in \u005cp trusted. Returns nonzero if that's not\n * the case.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted,\n\t\tconst char *common_name);\n\n/**\n * lws_x509_public_to_jwk() - Copy the public key out of a cert and into a JWK\n *\n * \u005cparam jwk: pointer to the jwk to initialize and set to the public key\n * \u005cparam x509: pointer to lws_x509_cert object that has the public key\n * \u005cparam curves: NULL to disallow EC, else a comma-separated list of valid\n *\t\t curves using the JWA naming, eg, \u0022P-256,P-384,P-521\u0022.\n * \u005cparam rsabits: minimum number of RSA bits required in the cert if RSA\n *\n * Returns 0 if JWK was set to the certificate public key correctly and the\n * curve / the RSA key size was acceptable. Automatically produces an RSA or\n * EC JWK depending on what the cert had.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,\n\t\t const char *curves, int rsabits);\n\n/**\n * lws_x509_jwk_privkey_pem() - Copy a private key PEM into a jwk that has the\n *\t\t\t\tpublic part already\n *\n * \u005cparam cx: lws_context (for random)\n * \u005cparam jwk: pointer to the jwk to initialize and set to the public key\n * \u005cparam pem: pointer to PEM private key in memory\n * \u005cparam len: length of PEM private key in memory\n * \u005cparam passphrase: NULL or passphrase needed to decrypt private key\n *\n * IMPORTANT for compatibility with mbedtls, the last used byte of \u005cp pem\n * must be '\u005c0' and the \u005cp len must include it.\n *\n * Returns 0 if the private key was successfully added to the JWK, else\n * nonzero if failed.\n *\n * The PEM image in memory is zeroed down on both successful and failed exits.\n * The caller should take care to zero down passphrase if used.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk,\n\t\t\t void *pem, size_t len, const char *passphrase);\n\n/**\n * lws_x509_destroy() - Destroy a previously allocated lws_x509_cert object\n *\n * \u005cparam x509: pointer to lws_x509_cert pointer\n *\n * Deallocates an lws_x509_cert object and sets its pointer to NULL.\n */\nLWS_VISIBLE LWS_EXTERN void\nlws_x509_destroy(struct lws_x509_cert **x509);\n\nLWS_VISIBLE LWS_EXTERN int\nlws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type,\n\t union lws_tls_cert_info_results *buf, size_t len);\n\n/**\n * lws_tls_peer_cert_info() - get information from the peer's TLS cert\n *\n * \u005cparam wsi: the connection to query\n * \u005cparam type: one of LWS_TLS_CERT_INFO_\n * \u005cparam buf: pointer to union to take result\n * \u005cparam len: when result is a string, the true length of buf-\u003ens.name[]\n *\n * lws_tls_peer_cert_info() lets you get hold of information from the peer\n * certificate.\n *\n * Return 0 if there is a result in \u005cp buf, or nonzero indicating there was no\n * cert, or another problem.\n *\n * This function works the same no matter if the TLS backend is OpenSSL or\n * mbedTLS.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type,\n\t\t union lws_tls_cert_info_results *buf, size_t len);\n\n/**\n * lws_tls_vhost_cert_info() - get information from the vhost's own TLS cert\n *\n * \u005cparam vhost: the vhost to query\n * \u005cparam type: one of LWS_TLS_CERT_INFO_\n * \u005cparam buf: pointer to union to take result\n * \u005cparam len: when result is a string, the true length of buf-\u003ens.name[]\n *\n * lws_tls_vhost_cert_info() lets you get hold of information from the vhost\n * certificate.\n *\n * Return 0 if there is a result in \u005cp buf, or nonzero indicating there was no\n * cert, or another problem.\n *\n * This function works the same no matter if the TLS backend is OpenSSL or\n * mbedTLS.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type,\n\t\t union lws_tls_cert_info_results *buf, size_t len);\n\n/**\n * lws_tls_acme_sni_cert_create() - creates a temp selfsigned cert\n *\t\t\t\t and attaches to a vhost\n *\n * \u005cparam vhost: the vhost to acquire the selfsigned cert\n * \u005cparam san_a: SAN written into the certificate\n * \u005cparam san_b: second SAN written into the certificate\n *\n *\n * Returns 0 if created and attached to the vhost. Returns nonzero if problems,\n * and frees all allocations before returning.\n *\n * On success, any allocations are destroyed at vhost destruction automatically.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a,\n\t\t\t const char *san_b);\n\n/**\n * lws_tls_acme_sni_csr_create() - creates a CSR and related private key PEM\n *\n * \u005cparam context: lws_context used for random\n * \u005cparam elements: array of LWS_TLS_REQ_ELEMENT_COUNT const char *\n * \u005cparam csr: buffer that will get the b64URL(ASN-1 CSR)\n * \u005cparam csr_len: max length of the csr buffer\n * \u005cparam privkey_pem: pointer to pointer allocated to hold the privkey_pem\n * \u005cparam privkey_len: pointer to size_t set to the length of the privkey_pem\n *\n * Creates a CSR according to the information in \u005cp elements, and a private\n * RSA key used to sign the CSR.\n *\n * The outputs are the b64URL(ASN-1 CSR) into csr, and the PEM private key into\n * privkey_pem.\n *\n * Notice that \u005cp elements points to an array of const char *s pointing to the\n * information listed in the enum above. If an entry is NULL or an empty\n * string, the element is set to \u0022none\u0022 in the CSR.\n *\n * Returns 0 on success or nonzero for failure.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[],\n\t\t\t uint8_t *csr, size_t csr_len, char **privkey_pem,\n\t\t\t size_t *privkey_len);\n\n/**\n * lws_tls_cert_updated() - update every vhost using the given cert path\n *\n * \u005cparam context: our lws_context\n * \u005cparam certpath: the filepath to the certificate\n * \u005cparam keypath: the filepath to the private key of the certificate\n * \u005cparam mem_cert: copy of the cert in memory\n * \u005cparam len_mem_cert: length of the copy of the cert in memory\n * \u005cparam mem_privkey: copy of the private key in memory\n * \u005cparam len_mem_privkey: length of the copy of the private key in memory\n *\n * Checks every vhost to see if it is the using certificate described by the\n * the given filepaths. If so, it attempts to update the vhost ssl_ctx to use\n * the new certificate.\n *\n * Returns 0 on success or nonzero for failure.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_tls_cert_updated(struct lws_context *context, const char *certpath,\n\t\t const char *keypath,\n\t\t const char *mem_cert, size_t len_mem_cert,\n\t\t const char *mem_privkey, size_t len_mem_privkey);\n\n","s":{"c":1702112665,"u": 559}} ],"g": 8974,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}