libwebsockets
Lightweight C library for HTML5 websockets
lws-x509.h
Go to the documentation of this file.
1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  */
24 
25 enum lws_tls_cert_info {
26  LWS_TLS_CERT_INFO_VALIDITY_FROM,
28  LWS_TLS_CERT_INFO_VALIDITY_TO,
30  LWS_TLS_CERT_INFO_COMMON_NAME,
32  LWS_TLS_CERT_INFO_ISSUER_NAME,
34  LWS_TLS_CERT_INFO_USAGE,
36  LWS_TLS_CERT_INFO_VERIFIED,
39  LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY,
45  LWS_TLS_CERT_INFO_DER_RAW,
50  LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID,
52  LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER,
54  LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_SERIAL,
56  LWS_TLS_CERT_INFO_SUBJECT_KEY_ID,
58 };
59 
60 union lws_tls_cert_info_results {
61  unsigned int verified;
62  time_t time;
63  unsigned int usage;
64  struct {
65  int len;
66  /* KEEP LAST... notice the [64] is only there because
67  * name[] is not allowed in a union. The actual length of
68  * name[] is arbitrary and is passed into the api using the
69  * len parameter. Eg
70  *
71  * char big[1024];
72  * union lws_tls_cert_info_results *buf =
73  * (union lws_tls_cert_info_results *)big;
74  *
75  * lws_tls_peer_cert_info(wsi, type, buf, sizeof(big) -
76  * sizeof(*buf) + sizeof(buf->ns.name));
77  */
78  char name[64];
79  } ns;
80 };
81 
82 struct lws_x509_cert;
83 struct lws_jwk;
84 
92 LWS_VISIBLE LWS_EXTERN int
93 lws_x509_create(struct lws_x509_cert **x509);
94 
111 LWS_VISIBLE LWS_EXTERN int
112 lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len);
113 
126 LWS_VISIBLE LWS_EXTERN int
127 lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted,
128  const char *common_name);
129 
143 LWS_VISIBLE LWS_EXTERN int
144 lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
145  const char *curves, int rsabits);
146 
166 LWS_VISIBLE LWS_EXTERN int
167 lws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk,
168  void *pem, size_t len, const char *passphrase);
169 
177 LWS_VISIBLE LWS_EXTERN void
178 lws_x509_destroy(struct lws_x509_cert **x509);
179 
180 LWS_VISIBLE LWS_EXTERN int
181 lws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type,
182  union lws_tls_cert_info_results *buf, size_t len);
183 
201 LWS_VISIBLE LWS_EXTERN int
202 lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type,
203  union lws_tls_cert_info_results *buf, size_t len);
204 
222 LWS_VISIBLE LWS_EXTERN int
223 lws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type,
224  union lws_tls_cert_info_results *buf, size_t len);
225 
240 LWS_VISIBLE LWS_EXTERN int
241 lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a,
242  const char *san_b);
243 
266 LWS_VISIBLE LWS_EXTERN int
267 lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[],
268  uint8_t *csr, size_t csr_len, char **privkey_pem,
269  size_t *privkey_len);
270 
288 LWS_VISIBLE LWS_EXTERN int
289 lws_tls_cert_updated(struct lws_context *context, const char *certpath,
290  const char *keypath,
291  const char *mem_cert, size_t len_mem_cert,
292  const char *mem_privkey, size_t len_mem_privkey);
293 
lws_jwk
Definition: lws-jwk.h:50
LWS_EXTERN
#define LWS_EXTERN
Definition: libwebsockets.h:225
uint8_t
unsigned char uint8_t
Definition: libwebsockets.h:572
LWS_VISIBLE
#define LWS_VISIBLE
Definition: libwebsockets.h:220
lws_x509_verify
LWS_VISIBLE LWS_EXTERN int lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted, const char *common_name)
lws_x509_jwk_privkey_pem
LWS_VISIBLE LWS_EXTERN int lws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk, void *pem, size_t len, const char *passphrase)
lws_tls_acme_sni_cert_create
LWS_VISIBLE LWS_EXTERN int lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a, const char *san_b)
lws_tls_cert_info_results::ns
struct lws_tls_cert_info_results::@51 ns
lws_tls_cert_updated
LWS_VISIBLE LWS_EXTERN int lws_tls_cert_updated(struct lws_context *context, const char *certpath, const char *keypath, const char *mem_cert, size_t len_mem_cert, const char *mem_privkey, size_t len_mem_privkey)
lws_tls_cert_info
lws_tls_cert_info
Definition: lws-x509.h:25
LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID
@ LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID
Definition: lws-x509.h:50
LWS_TLS_CERT_INFO_VERIFIED
@ LWS_TLS_CERT_INFO_VERIFIED
Definition: lws-x509.h:36
LWS_TLS_CERT_INFO_VALIDITY_TO
@ LWS_TLS_CERT_INFO_VALIDITY_TO
Definition: lws-x509.h:28
LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER
@ LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER
Definition: lws-x509.h:52
LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY
@ LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY
Definition: lws-x509.h:39
LWS_TLS_CERT_INFO_ISSUER_NAME
@ LWS_TLS_CERT_INFO_ISSUER_NAME
Definition: lws-x509.h:32
LWS_TLS_CERT_INFO_USAGE
@ LWS_TLS_CERT_INFO_USAGE
Definition: lws-x509.h:34
LWS_TLS_CERT_INFO_SUBJECT_KEY_ID
@ LWS_TLS_CERT_INFO_SUBJECT_KEY_ID
Definition: lws-x509.h:56
LWS_TLS_CERT_INFO_COMMON_NAME
@ LWS_TLS_CERT_INFO_COMMON_NAME
Definition: lws-x509.h:30
LWS_TLS_CERT_INFO_VALIDITY_FROM
@ LWS_TLS_CERT_INFO_VALIDITY_FROM
Definition: lws-x509.h:26
LWS_TLS_CERT_INFO_DER_RAW
@ LWS_TLS_CERT_INFO_DER_RAW
Definition: lws-x509.h:45
LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_SERIAL
@ LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_SERIAL
Definition: lws-x509.h:54
lws_x509_info
LWS_VISIBLE LWS_EXTERN int lws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type, union lws_tls_cert_info_results *buf, size_t len)
lws_x509_create
LWS_VISIBLE LWS_EXTERN int lws_x509_create(struct lws_x509_cert **x509)
lws_tls_peer_cert_info
LWS_VISIBLE LWS_EXTERN int lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type, union lws_tls_cert_info_results *buf, size_t len)
lws_tls_cert_info_results::verified
unsigned int verified
Definition: lws-x509.h:61
lws_x509_destroy
LWS_VISIBLE LWS_EXTERN void lws_x509_destroy(struct lws_x509_cert **x509)
lws_tls_cert_info_results::usage
unsigned int usage
Definition: lws-x509.h:63
lws_x509_parse_from_pem
LWS_VISIBLE LWS_EXTERN int lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len)
lws_tls_vhost_cert_info
LWS_VISIBLE LWS_EXTERN int lws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type, union lws_tls_cert_info_results *buf, size_t len)
lws_x509_public_to_jwk
LWS_VISIBLE LWS_EXTERN int lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, const char *curves, int rsabits)
lws_tls_acme_sni_csr_create
LWS_VISIBLE LWS_EXTERN int lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[], uint8_t *csr, size_t csr_len, char **privkey_pem, size_t *privkey_len)
lws_tls_cert_info_results
Definition: lws-x509.h:60