auth_cert.h

Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation
00003  *
00004  * Author: Nikos Mavrogiannopoulos
00005  *
00006  * This file is part of GNUTLS.
00007  *
00008  * The GNUTLS library is free software; you can redistribute it and/or
00009  * modify it under the terms of the GNU Lesser General Public License
00010  * as published by the Free Software Foundation; either version 2.1 of
00011  * the License, or (at your option) any later version.
00012  *
00013  * This library is distributed in the hope that it will be useful, but
00014  * WITHOUT ANY WARRANTY; without even the implied warranty of
00015  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00016  * Lesser General Public License for more details.
00017  *
00018  * You should have received a copy of the GNU Lesser General Public
00019  * License along with this library; if not, write to the Free Software
00020  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
00021  * USA
00022  *
00023  */
00024 
00025 #ifndef AUTH_CERT_H
00026 #define AUTH_CERT_H
00027 
00028 #include "gnutls_cert.h"
00029 #include "gnutls_auth.h"
00030 #include "auth_dh_common.h"
00031 #include "x509.h"
00032 
00033 /* This structure may be complex, but it's the only way to
00034  * support a server that has multiple certificates
00035  */
00036 
00037 typedef struct MHD_gtls_certificate_credentials_st
00038 {
00039   MHD_gtls_dh_params_t dh_params;
00040   MHD_gtls_rsa_params_t rsa_params;
00041   /* this callback is used to retrieve the DH or RSA
00042    * parameters.
00043    */
00044   MHD_gnutls_params_function *params_func;
00045 
00046   MHD_gnutls_cert **cert_list;
00047   /* contains a list of a list of certificates.
00048    * eg (X509): [0] certificate1, certificate11, certificate111
00049    * (if more than one, one certificate certifies the one before)
00050    *       [1] certificate2, certificate22, ...
00051    */
00052   unsigned *cert_list_length;
00053   /* contains the number of the certificates in a
00054    * row (should be 1 for OpenPGP keys).
00055    */
00056   unsigned ncerts;              /* contains the number of columns in cert_list.
00057                                  * This is the same with the number of pkeys.
00058                                  */
00059 
00060   MHD_gnutls_privkey *pkey;
00061   /* private keys. It contains ncerts private
00062    * keys. pkey[i] corresponds to certificate in
00063    * cert_list[i][0].
00064    */
00065 
00066   /* OpenPGP specific stuff */
00067 
00068 #ifndef KEYRING_HACK
00069   MHD_gnutls_openpgp_keyring_t keyring;
00070 #else
00071   MHD_gnutls_datum_t keyring;
00072   int keyring_format;
00073 #endif
00074 
00075   /* X509 specific stuff */
00076 
00077   MHD_gnutls_x509_crt_t *x509_ca_list;
00078   unsigned x509_ncas;           /* number of CAs in the ca_list
00079                                  */
00080 
00081   MHD_gnutls_x509_crl_t *x509_crl_list;
00082   unsigned x509_ncrls;          /* number of CRLs in the crl_list
00083                                  */
00084 
00085   unsigned int verify_flags;    /* flags to be used at
00086                                  * certificate verification.
00087                                  */
00088   unsigned int verify_depth;
00089   unsigned int verify_bits;
00090 
00091   /* holds a sequence of the
00092    * RDNs of the CAs above.
00093    * This is better than
00094    * generating on every handshake.
00095    */
00096   MHD_gnutls_datum_t x509_rdn_sequence;
00097 
00098   MHD_gnutls_certificate_client_retrieve_function *client_get_cert_callback;
00099   MHD_gnutls_certificate_server_retrieve_function *server_get_cert_callback;
00100 } MHD_gtls_cert_credentials_st;
00101 
00102 typedef struct MHD_gtls_rsa_info_st
00103 {
00104   MHD_gnutls_datum_t modulus;
00105   MHD_gnutls_datum_t exponent;
00106 } rsa_info_st;
00107 
00108 typedef struct MHD_gtls_cert_auth_info_st
00109 {
00110   int certificate_requested;    /* if the peer requested certificate
00111                                  * this is non zero;
00112                                  */
00113 
00114   /* These (dh/rsa) are just copies from the credentials_t structure.
00115    * They must be freed.
00116    */
00117   MHD_gtls_dh_info_st dh;
00118   rsa_info_st rsa_export;
00119 
00120   MHD_gnutls_datum_t *raw_certificate_list;     /* holds the raw certificate of the
00121                                                  * peer.
00122                                                  */
00123   unsigned int ncerts;          /* holds the size of the list above */
00124 } *cert_auth_info_t;
00125 
00126 typedef struct MHD_gtls_cert_auth_info_st cert_auth_info_st;
00127 
00128 void MHD_gtls_free_rsa_info (rsa_info_st * rsa);
00129 
00130 /* AUTH X509 functions */
00131 int MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t, opaque **);
00132 int MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t, opaque **);
00133 int MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t, opaque **);
00134 int MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t, opaque **);
00135 int MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t, opaque *, size_t);
00136 int MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t, opaque *,
00137                                          size_t);
00138 int MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t, opaque *,
00139                                            size_t);
00140 int MHD_gtls_get_selected_cert (MHD_gtls_session_t session,
00141                                 MHD_gnutls_cert ** apr_cert_list,
00142                                 int *apr_cert_list_length,
00143                                 MHD_gnutls_privkey ** apr_pkey);
00144 
00145 int MHD_gtls_server_select_cert (struct MHD_gtls_session_int *,
00146                                  enum MHD_GNUTLS_PublicKeyAlgorithm);
00147 void MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session);
00148 void MHD_gtls_selected_certs_set (MHD_gtls_session_t session,
00149                                   MHD_gnutls_cert * certs, int ncerts,
00150                                   MHD_gnutls_privkey * key, int need_free);
00151 
00152 #define MHD__gnutls_proc_cert_client_certificate MHD_gtls_proc_cert_server_certificate
00153 
00154 MHD_gtls_rsa_params_t
00155 MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params,
00156                                      MHD_gnutls_params_function * func,
00157                                      MHD_gtls_session_t);
00158 
00159 #endif

Generated on Fri Feb 27 18:32:19 2009 for GNU libmicrohttpd by  doxygen 1.5.7.1