Merge branch 'tor-gitlab/mr/583' into maint-0.4.7
[tor.git] / src / lib / tls / x509.h
blobdeaefb969fb787cd780233f0a04b6f19f6245a28
1 /* Copyright (c) 2003, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #ifndef TOR_X509_H
7 #define TOR_X509_H
9 /**
10 * \file x509.h
11 * \brief Headers for tortls.c
12 **/
14 #include "lib/crypt_ops/crypto_rsa.h"
15 #include "lib/testsupport/testsupport.h"
17 /* Opaque structure to hold an X509 certificate. */
18 typedef struct tor_x509_cert_t tor_x509_cert_t;
20 #ifdef ENABLE_NSS
21 typedef struct CERTCertificateStr tor_x509_cert_impl_t;
22 #elif defined(ENABLE_OPENSSL)
23 typedef struct x509_st tor_x509_cert_impl_t;
24 #endif
26 #ifdef TOR_X509_PRIVATE
27 /** Structure that we use for a single certificate. */
28 struct tor_x509_cert_t {
29 tor_x509_cert_impl_t *cert;
30 #ifdef ENABLE_OPENSSL
31 uint8_t *encoded;
32 size_t encoded_len;
33 #endif
34 unsigned pkey_digests_set : 1;
35 common_digests_t cert_digests;
36 common_digests_t pkey_digests;
38 #endif /* defined(TOR_X509_PRIVATE) */
40 void tor_tls_pick_certificate_lifetime(time_t now,
41 unsigned cert_lifetime,
42 time_t *start_time_out,
43 time_t *end_time_out);
45 #ifdef TOR_UNIT_TESTS
46 tor_x509_cert_t *tor_x509_cert_replace_expiration(
47 const tor_x509_cert_t *inp,
48 time_t new_expiration_time,
49 crypto_pk_t *signing_key);
50 #endif /* defined(TOR_UNIT_TESTS) */
52 tor_x509_cert_t *tor_x509_cert_dup(const tor_x509_cert_t *cert);
54 void tor_x509_cert_free_(tor_x509_cert_t *cert);
55 #define tor_x509_cert_free(c) \
56 FREE_AND_NULL(tor_x509_cert_t, tor_x509_cert_free_, (c))
57 tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
58 size_t certificate_len);
59 void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
60 const uint8_t **encoded_out, size_t *size_out);
62 const common_digests_t *tor_x509_cert_get_id_digests(
63 const tor_x509_cert_t *cert);
64 const common_digests_t *tor_x509_cert_get_cert_digests(
65 const tor_x509_cert_t *cert);
67 crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
69 int tor_tls_cert_is_valid(int severity,
70 const tor_x509_cert_t *cert,
71 const tor_x509_cert_t *signing_cert,
72 time_t now,
73 int check_rsa_1024);
75 #endif /* !defined(TOR_X509_H) */