eid-viewer
eid-viewer library
Files | Enumerations | Functions
OpenSSL-based helper functions

Files

file  certhelpers.h
 Certificate helper functions. Linux/OSX only.
 
file  verify_cert.h
 Helper functions to deal with certificate validation using OpenSSL. Linux/OSX only.
 

Enumerations

enum  dump_type { DUMP_DER, DUMP_PEM }
 

Functions

DllExport char * eid_vwr_get_use_flags (const char *label, X509 *cert)
 Get the X.509v3 Key Usage field of the given certificate. More...
 
DllExport char * eid_vwr_detail_cert (const char *label, X509 *cert)
 Get a printable version of the certificate's distinguished name (DN). More...
 
DllExport char * eid_vwr_describe_cert (const char *label, X509 *cert)
 Get a useful label for the certificate. More...
 
DllExport void eid_vwr_dumpcert (int fd, const void *derdata, int len, enum dump_type how)
 Write the given certificate to a file descriptor. More...
 
DllExport enum eid_vwr_result eid_vwr_verify_cert (const void *certificate, size_t certlen, const void *ca, size_t calen, const void *(*perform_ocsp_request)(char *, void *, long, long *, void **), void(*free_ocsp_request)(void *))
 Verify the validity of a certificate. More...
 
DllExport enum eid_vwr_result eid_vwr_verify_rrncert (const void *certificate, size_t certlen)
 Verify the validity of the RRN certificate. More...
 
DllExport char * eid_vwr_x509_get_details (const void *certificate, size_t certlen)
 Produce a human-readable version of the certificate. More...
 

Detailed Description

These functions are available on GNU/Linux and OS X only.

Enumeration Type Documentation

◆ dump_type

enum dump_type

File type to be used when dumping data to a file

Enumerator
DUMP_DER 

Dump using ASN.1 Distinguished Encoding Rules (DER)

DUMP_PEM 

Dump in PEM format.

Function Documentation

◆ eid_vwr_describe_cert()

DllExport char* eid_vwr_describe_cert ( const char *  label,
X509 *  cert 
)

Get a useful label for the certificate.

Parameters
labela fallback label, to be used if nothing better can be found
certthe certificate to parse
Returns
the certificate's Common Name field, or a copy of the value of the label parameter if the certificate has no common name. Should be free()d by the caller when no longer needed.

◆ eid_vwr_detail_cert()

DllExport char* eid_vwr_detail_cert ( const char *  label,
X509 *  cert 
)

Get a printable version of the certificate's distinguished name (DN).

Parameters
labelnot used
certthe certificate to parse
Returns
a multi-line version of the certificate's distinguished name, as displayed on the eID Viewer's "certificates" pane. Should be free()d by the caller when no longer needed.

◆ eid_vwr_dumpcert()

DllExport void eid_vwr_dumpcert ( int  fd,
const void *  derdata,
int  len,
enum dump_type  how 
)

Write the given certificate to a file descriptor.

Parameters
fdthe filedescriptor to write to
derdatathe certificate in DER format
lenthe length in bytes of the preceding parameter
howwhich format to use when writing

◆ eid_vwr_get_use_flags()

DllExport char* eid_vwr_get_use_flags ( const char *  label,
X509 *  cert 
)

Get the X.509v3 Key Usage field of the given certificate.

Parameters
labelnot used
certthe certificate to parse
Returns
a string representation of the X.509v3 Key Usage field, as produced by OpenSSL. Should be free()d by the caller when no longer needed.

◆ eid_vwr_verify_cert()

DllExport enum eid_vwr_result eid_vwr_verify_cert ( const void *  certificate,
size_t  certlen,
const void *  ca,
size_t  calen,
const void *(*)(char *, void *, long, long *, void **)  perform_ocsp_request,
void(*)(void *)  free_ocsp_request 
)

Verify the validity of a certificate.

This function will verify the validity of a certificate by checking signatures, ensuring they're signed by a valid root certificate, and performing an OCSP request against the OCSP server.

Parameters
certificatethe X.509 certificate to check, in DER format.
certlenthe length (in bytes) of certificate.
cathe CA certificate by which the certificate is signed
calenthe length (in bytes) of ca
perform_ocsp_requesta pointer to a function which should perform an HTTP POST request and return the reply. It should return the data as returned by the OCSP server. Its parameters are:
  • the URL for the OCSP server
  • the data that should be sent (by way of an HTTP POST request) to the OCSP server
  • the length of the above data
  • a pointer to store the length of the returned body
  • a pointer to store a handle to the request (which may, but is not required to, be the same as as the return value).
free_ocsp_requestcalled when the return value of perform_ocsp_request is no longer needed. Its parameter will be the data which was returned in perform_ocsp_request's last parameter.

◆ eid_vwr_verify_rrncert()

DllExport enum eid_vwr_result eid_vwr_verify_rrncert ( const void *  certificate,
size_t  certlen 
)

Verify the validity of the RRN certificate.

This function will verify the validity of the RRN certificate by checking that the certificate is signed by a valid root certificate.

Note
This function will not perform an OCSP request, since the root CA does not have an OCSP server.
Parameters
certificatethe X.509 certificate to check, in DER format.
certlenthe length (in bytes) of certificate.

◆ eid_vwr_x509_get_details()

DllExport char* eid_vwr_x509_get_details ( const void *  certificate,
size_t  certlen 
)

Produce a human-readable version of the certificate.

This function will call OpenSSL's X509_print_ex() function on the given certificate which produces the output as produced by the command-line call "openssl x509 -in <certificate> -text".

Parameters
certificatethe certificate for which to get details
certlenthe length of certificate
Returns
a text representation of the certificate. Should be free()d when no longer required.