libwebsockets
Lightweight C library for HTML5 websockets
lws-x509.h
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25enum lws_tls_cert_info {
26 LWS_TLS_CERT_INFO_VALIDITY_FROM,
28 LWS_TLS_CERT_INFO_VALIDITY_TO,
30 LWS_TLS_CERT_INFO_COMMON_NAME,
32 LWS_TLS_CERT_INFO_ISSUER_NAME,
34 LWS_TLS_CERT_INFO_USAGE,
36 LWS_TLS_CERT_INFO_VERIFIED,
39 LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY,
45 LWS_TLS_CERT_INFO_DER_RAW,
50 LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID,
52 LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER,
54 LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_SERIAL,
56 LWS_TLS_CERT_INFO_SUBJECT_KEY_ID,
58};
59
60union lws_tls_cert_info_results {
61 unsigned int verified;
62 time_t time;
63 unsigned int usage;
64 struct {
65 int len;
66 /* KEEP LAST... notice the [64] is only there because
67 * name[] is not allowed in a union. The actual length of
68 * name[] is arbitrary and is passed into the api using the
69 * len parameter. Eg
70 *
71 * char big[1024];
72 * union lws_tls_cert_info_results *buf =
73 * (union lws_tls_cert_info_results *)big;
74 *
75 * lws_tls_peer_cert_info(wsi, type, buf, sizeof(big) -
76 * sizeof(*buf) + sizeof(buf->ns.name));
77 */
78 char name[64];
79 } ns;
80};
81
82struct lws_x509_cert;
83struct lws_jwk;
84
92LWS_VISIBLE LWS_EXTERN int
93lws_x509_create(struct lws_x509_cert **x509);
94
111LWS_VISIBLE LWS_EXTERN int
112lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len);
113
126LWS_VISIBLE LWS_EXTERN int
127lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted,
128 const char *common_name);
129
143LWS_VISIBLE LWS_EXTERN int
144lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
145 const char *curves, int rsabits);
146
166LWS_VISIBLE LWS_EXTERN int
167lws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk,
168 void *pem, size_t len, const char *passphrase);
169
177LWS_VISIBLE LWS_EXTERN void
178lws_x509_destroy(struct lws_x509_cert **x509);
179
180LWS_VISIBLE LWS_EXTERN int
181lws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type,
182 union lws_tls_cert_info_results *buf, size_t len);
183
201LWS_VISIBLE LWS_EXTERN int
202lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type,
203 union lws_tls_cert_info_results *buf, size_t len);
204
222LWS_VISIBLE LWS_EXTERN int
223lws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type,
224 union lws_tls_cert_info_results *buf, size_t len);
225
240LWS_VISIBLE LWS_EXTERN int
241lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a,
242 const char *san_b);
243
266LWS_VISIBLE LWS_EXTERN int
267lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[],
268 uint8_t *csr, size_t csr_len, char **privkey_pem,
269 size_t *privkey_len);
270
288LWS_VISIBLE LWS_EXTERN int
289lws_tls_cert_updated(struct lws_context *context, const char *certpath,
290 const char *keypath,
291 const char *mem_cert, size_t len_mem_cert,
292 const char *mem_privkey, size_t len_mem_privkey);
293
lws_jwk
Definition: lws-jwk.h:50
lws_tls_cert_info_results
Definition: lws-x509.h:60