eid-viewer
eid-viewer library
|
Files | |
file | certhelpers.h |
Certificate helper functions. Linux/OSX only. | |
file | verify_cert.h |
Helper functions to deal with certificate validation using OpenSSL. Linux/OSX only. | |
Enumerations |
Functions | |
DllExport char * | eid_vwr_get_use_flags (const char *label, X509 *cert) |
Get the X.509v3 Key Usage field of the given certificate. More... | |
DllExport char * | eid_vwr_detail_cert (const char *label, X509 *cert) |
Get a printable version of the certificate's distinguished name (DN). More... | |
DllExport char * | eid_vwr_describe_cert (const char *label, X509 *cert) |
Get a useful label for the certificate. More... | |
DllExport int | eid_vwr_check_data_validity (const void *photo, int plen, const void *photohash, int hashlen, const void *datafile, int datfilelen, const void *datasig, int datsiglen, const void *addrfile, int addfilelen, const void *addrsig, int addsiglen, const void *rrncert, int certlen) |
Check that the data on the card is correctly signed. More... | |
DllExport void | eid_vwr_dumpcert (int fd, const void *derdata, int len, enum dump_type how) |
Write the given certificate to a file descriptor. More... | |
DllExport enum eid_vwr_result | eid_vwr_verify_cert (const void *certificate, size_t certlen, const void *ca, size_t calen, const void *(*perform_ocsp_request)(char *, void *, long, long *, void **), void(*free_ocsp_request)(void *)) |
Verify the validity of a certificate. More... | |
DllExport enum eid_vwr_result | eid_vwr_verify_rrncert (const void *certificate, size_t certlen) |
Verify the validity of the RRN certificate. More... | |
DllExport char * | eid_vwr_x509_get_details (const void *certificate, size_t certlen) |
Produce a human-readable version of the certificate. More... | |
These functions are available on GNU/Linux and OS X only.
enum dump_type |
DllExport int eid_vwr_check_data_validity | ( | const void * | photo, |
int | plen, | ||
const void * | photohash, | ||
int | hashlen, | ||
const void * | datafile, | ||
int | datfilelen, | ||
const void * | datasig, | ||
int | datsiglen, | ||
const void * | addrfile, | ||
int | addfilelen, | ||
const void * | addrsig, | ||
int | addsiglen, | ||
const void * | rrncert, | ||
int | certlen | ||
) |
Check that the data on the card is correctly signed.
This method will:
photo | the contents of the binary data with label "PHOTO_FILE" |
plen | the length in bytes of the preceding parameter |
photohash | the contents of the binary data with label "photo_hash" |
hashlen | the length in bytes of the preceding parameter |
datafile | the contents of the binary data with label "DATA_FILE" |
datfilelen | the length in bytes of the preceding parameter |
datasig | the contents of the binary data with label "SIGN_DATA_FILE" |
datsiglen | the length in bytes of the preceding parameter |
addrfile | the contents of the binary data with label "ADDRESS_FILE" |
addfilelen | the length in bytes of the preceding parameter |
addrsig | the contents of the binary data with label "SIGN_ADDRESS_FILE" |
addsiglen | the length in bytes of the preceding parameter |
rrncert | the contents of the binary data with label CERT_RN_FILE (i.e., the RRN certificate) |
certlen | the length in bytes of the preceding parameter |
DllExport char* eid_vwr_describe_cert | ( | const char * | label, |
X509 * | cert | ||
) |
Get a useful label for the certificate.
label | a fallback label, to be used if nothing better can be found |
cert | the certificate to parse |
DllExport char* eid_vwr_detail_cert | ( | const char * | label, |
X509 * | cert | ||
) |
Get a printable version of the certificate's distinguished name (DN).
label | not used |
cert | the certificate to parse |
DllExport void eid_vwr_dumpcert | ( | int | fd, |
const void * | derdata, | ||
int | len, | ||
enum dump_type | how | ||
) |
Write the given certificate to a file descriptor.
fd | the filedescriptor to write to |
derdata | the certificate in DER format |
len | the length in bytes of the preceding parameter |
how | which format to use when writing |
DllExport char* eid_vwr_get_use_flags | ( | const char * | label, |
X509 * | cert | ||
) |
Get the X.509v3 Key Usage field of the given certificate.
label | not used |
cert | the certificate to parse |
DllExport enum eid_vwr_result eid_vwr_verify_cert | ( | const void * | certificate, |
size_t | certlen, | ||
const void * | ca, | ||
size_t | calen, | ||
const void *(*)(char *, void *, long, long *, void **) | perform_ocsp_request, | ||
void(*)(void *) | free_ocsp_request | ||
) |
Verify the validity of a certificate.
This function will verify the validity of a certificate by checking signatures, ensuring they're signed by a valid root certificate, and performing an OCSP request against the OCSP server.
certificate | the X.509 certificate to check, in DER format. |
certlen | the length (in bytes) of certificate. |
ca | the CA certificate by which the certificate is signed |
calen | the length (in bytes) of ca |
perform_ocsp_request | a pointer to a function which should perform an HTTP POST request and return the reply. It should return the data as returned by the OCSP server. Its parameters are:
|
free_ocsp_request | called when the return value of perform_ocsp_request is no longer needed. Its parameter will be the data which was returned in perform_ocsp_request's last parameter. |
DllExport enum eid_vwr_result eid_vwr_verify_rrncert | ( | const void * | certificate, |
size_t | certlen | ||
) |
Verify the validity of the RRN certificate.
This function will verify the validity of the RRN certificate by checking that the certificate is signed by a valid root certificate.
certificate | the X.509 certificate to check, in DER format. |
certlen | the length (in bytes) of certificate. |
DllExport char* eid_vwr_x509_get_details | ( | const void * | certificate, |
size_t | certlen | ||
) |
Produce a human-readable version of the certificate.
This function will call OpenSSL's X509_print_ex() function on the given certificate which produces the output as produced by the command-line call "openssl x509 -in <certificate> -text".
certificate | the certificate for which to get details |
certlen | the length of certificate |