QSC Post Quantum Cryptographic Library 1.3.0.0 (C1)
A post quantum secure library written in Ansi C
Loading...
Searching...
No Matches
x509wrap.h File Reference

High-level offline X.509 wrapper for certificate loading, validation, deployment configuration, trust-store management, provisioning, and TLS bridge integration. More...

#include "qsccommon.h"
#include "x509cert.h"
#include "x509certwrite.h"
#include "x509crl.h"
#include "x509csr.h"
#include "x509key.h"
#include "x509keywrite.h"
#include "x509name.h"
#include "x509pem.h"
#include "x509sigver.h"
#include "x509store.h"
#include "x509time.h"
#include "x509verify.h"
#include "tlscert.h"
#include "tlslimits.h"

Go to the source code of this file.

Data Structures

struct  qsc_x509w_profile_t
 Validation profile describing the intended certificate-verification policy. More...
struct  qsc_x509w_result_t
 Structured operational result returned by wrapper validation and configuration routines. More...
struct  qsc_x509w_trust_store_t
 Wrapper-owned trust-store object containing anchors, CRLs, and the underlying QSC store state. More...
struct  qsc_x509w_server_identity_t
 Wrapper-owned server identity consisting of a leaf certificate, optional intermediates, and the associated private key. More...
struct  qsc_x509w_deployment_config_t
 File-path and policy configuration used to load server identities and trust material for deployment workflows. More...
struct  qsc_x509w_tls_bridge_t
 Thin TLS bridge object binding wrapper validation policy and trust material to the QSC TLS certificate interface. More...
struct  qsc_x509w_tls_local_certificate_t
 TLS-facing export container for a local certificate chain and private key for CertificateVerify generation. More...

Macros

#define QSC_X509W_CHAIN_MAX   8U
 Maximum number of certificates supported by the wrapper chain model.
#define QSC_X509W_ANCHOR_MAX   16U
 Maximum number of trust anchors supported by a wrapper trust store.
#define QSC_X509W_CRL_MAX   8U
 Maximum number of CRLs stored in a wrapper trust store.
#define QSC_X509W_VERIFY_BUFFER_SIZE   QSC_X509_CERTIFICATE_WRITE_MAX
 Size in bytes of the internal TLS verification work buffer.
#define QSC_X509W_RESULT_MESSAGE_MAX   160U
 Maximum length of the fixed diagnostic message buffer in qsc_x509w_result.

Typedefs

typedef enum qsc_x509w_status_t qsc_x509w_status
typedef enum qsc_x509w_stage_t qsc_x509w_stage
typedef enum qsc_x509w_certificate_role_t qsc_x509w_certificate_role
typedef enum qsc_x509w_profile_preset_t qsc_x509w_profile_preset
typedef enum qsc_x509w_revocation_mode_t qsc_x509w_revocation_mode
typedef enum qsc_x509w_locator_policy_t qsc_x509w_locator_policy
typedef enum qsc_x509w_revocation_source_t qsc_x509w_revocation_source
typedef enum qsc_x509w_availability_t qsc_x509w_availability
typedef struct qsc_x509w_profile_t qsc_x509w_profile
typedef struct qsc_x509w_result_t qsc_x509w_result
typedef struct qsc_x509w_trust_store_t qsc_x509w_trust_store
typedef struct qsc_x509w_server_identity_t qsc_x509w_server_identity
typedef struct qsc_x509w_deployment_config_t qsc_x509w_deployment_config
typedef struct qsc_x509w_tls_bridge_t qsc_x509w_tls_bridge
typedef struct qsc_x509w_tls_local_certificate_t qsc_x509w_tls_local_certificate

Enumerations

enum  qsc_x509w_status_t {
  QSC_X509W_STATUS_SUCCESS = 0 , QSC_X509W_STATUS_INVALID_INPUT = 1 , QSC_X509W_STATUS_IO_ERROR = 2 , QSC_X509W_STATUS_DECODE_ERROR = 3 ,
  QSC_X509W_STATUS_CHAIN_BUILD_ERROR = 4 , QSC_X509W_STATUS_VERIFY_ERROR = 5 , QSC_X509W_STATUS_HOSTNAME_MISMATCH = 6 , QSC_X509W_STATUS_KEY_MISMATCH = 7 ,
  QSC_X509W_STATUS_PURPOSE_REJECTED = 8 , QSC_X509W_STATUS_STORE_FULL = 9 , QSC_X509W_STATUS_BUFFER_TOO_SMALL = 10 , QSC_X509W_STATUS_NETWORK_ERROR = 11 ,
  QSC_X509W_STATUS_UNSUPPORTED = 12 , QSC_X509W_STATUS_NOT_FOUND = 13 , QSC_X509W_STATUS_ENCODING_ERROR = 14 , QSC_X509W_STATUS_PROFILE_ERROR = 15 ,
  QSC_X509W_STATUS_CALLBACK_ERROR = 16
}
 Wrapper-level status codes returned by x509wrap operations. More...
enum  qsc_x509w_stage_t {
  QSC_X509W_STAGE_NONE = 0 , QSC_X509W_STAGE_LOAD = 1 , QSC_X509W_STAGE_PARSE = 2 , QSC_X509W_STAGE_CHAIN_BUILD = 3 ,
  QSC_X509W_STAGE_TIME = 4 , QSC_X509W_STAGE_PURPOSE = 5 , QSC_X509W_STAGE_HOSTNAME = 6 , QSC_X509W_STAGE_KEY_MATCH = 7 ,
  QSC_X509W_STAGE_REVOCATION = 8 , QSC_X509W_STAGE_TRUST = 9 , QSC_X509W_STAGE_EXPORT = 10 , QSC_X509W_STAGE_CONFIGURATION = 11
}
 High-level operational stage indicators recorded in wrapper results. More...
enum  qsc_x509w_certificate_role_t {
  QSC_X509W_CERTIFICATE_ROLE_NONE = 0 , QSC_X509W_CERTIFICATE_ROLE_TLS_SERVER = 1 , QSC_X509W_CERTIFICATE_ROLE_TLS_CLIENT = 2 , QSC_X509W_CERTIFICATE_ROLE_CA = 3 ,
  QSC_X509W_CERTIFICATE_ROLE_TRUST_ANCHOR = 4
}
 Common certificate roles evaluated by wrapper suitability checks. More...
enum  qsc_x509w_profile_preset_t {
  QSC_X509W_PROFILE_PRESET_TLS_SERVER = 1 , QSC_X509W_PROFILE_PRESET_TLS_CLIENT = 2 , QSC_X509W_PROFILE_PRESET_CA = 3 , QSC_X509W_PROFILE_PRESET_STRICT_REVOCATION = 4 ,
  QSC_X509W_PROFILE_PRESET_DEVELOPMENT = 5
}
 Predefined validation-profile configurations for common workflows. More...
enum  qsc_x509w_revocation_mode_t {
  QSC_X509W_REVOCATION_MODE_NONE = 0 , QSC_X509W_REVOCATION_MODE_CRL_IF_PRESENT = 1 , QSC_X509W_REVOCATION_MODE_CRL_REQUIRED = 2 , QSC_X509W_REVOCATION_MODE_OCSP_IF_PRESENT = 3 ,
  QSC_X509W_REVOCATION_MODE_OCSP_REQUIRED = 4 , QSC_X509W_REVOCATION_MODE_CRL_OR_OCSP_REQUIRED = 5 , QSC_X509W_REVOCATION_MODE_CRL_AND_OCSP_REQUIRED = 6
}
 Revocation policy requested by a validation profile. More...
enum  qsc_x509w_locator_policy_t { QSC_X509W_LOCATOR_POLICY_DISABLED = 0 , QSC_X509W_LOCATOR_POLICY_ALLOW_EMBEDDED = 1 , QSC_X509W_LOCATOR_POLICY_REQUIRE_EMBEDDED = 2 }
 Policy for future embedded locator handling such as AIA and OCSP URIs. More...
enum  qsc_x509w_revocation_source_t { QSC_X509W_REVOCATION_SOURCE_NONE = 0 , QSC_X509W_REVOCATION_SOURCE_CRL = 1 , QSC_X509W_REVOCATION_SOURCE_OCSP = 2 }
 Source category used to satisfy a revocation decision. More...
enum  qsc_x509w_availability_t { QSC_X509W_AVAILABILITY_UNSPECIFIED = 0 , QSC_X509W_AVAILABILITY_UNCHECKED = 1 , QSC_X509W_AVAILABILITY_AVAILABLE = 2 , QSC_X509W_AVAILABILITY_UNAVAILABLE = 3 }
 Availability reporting for optional policy-driven materials. More...

Functions

QSC_EXPORT_API void qsc_x509w_profile_initialize (qsc_x509w_profile *profile)
 Initialize a validation profile to wrapper defaults.
QSC_EXPORT_API void qsc_x509w_profile_apply_preset (qsc_x509w_profile *profile, qsc_x509w_profile_preset preset)
 Apply a predefined validation-profile preset.
QSC_EXPORT_API void qsc_x509w_profile_set_tls_server_defaults (qsc_x509w_profile *profile)
 Set TLS server validation defaults in a profile.
QSC_EXPORT_API void qsc_x509w_profile_set_tls_client_defaults (qsc_x509w_profile *profile)
 Set TLS client validation defaults in a profile.
QSC_EXPORT_API void qsc_x509w_profile_set_ca_defaults (qsc_x509w_profile *profile)
 Set CA-validation defaults in a profile.
QSC_EXPORT_API void qsc_x509w_profile_set_strict_revocation_defaults (qsc_x509w_profile *profile)
 Set strict revocation defaults in a profile.
QSC_EXPORT_API void qsc_x509w_profile_set_development_defaults (qsc_x509w_profile *profile)
 Set relaxed development defaults in a profile.
QSC_EXPORT_API void qsc_x509w_result_initialize (qsc_x509w_result *result)
 Initialize a wrapper result object to its default state.
QSC_EXPORT_API void qsc_x509w_trust_store_initialize (qsc_x509w_trust_store *store)
 Initialize a wrapper trust store.
QSC_EXPORT_API void qsc_x509w_trust_store_clear (qsc_x509w_trust_store *store)
 Clear a wrapper trust store and release its stored material.
QSC_EXPORT_API void qsc_x509w_server_identity_initialize (qsc_x509w_server_identity *identity)
 Initialize a server identity object.
QSC_EXPORT_API void qsc_x509w_server_identity_clear (qsc_x509w_server_identity *identity)
 Clear a server identity and release its stored material.
QSC_EXPORT_API void qsc_x509w_deployment_config_initialize (qsc_x509w_deployment_config *config)
 Initialize a deployment configuration object.
QSC_EXPORT_API void qsc_x509w_tls_bridge_initialize (qsc_x509w_tls_bridge *bridge)
 Initialize a TLS bridge object.
QSC_EXPORT_API void qsc_x509w_tls_local_certificate_initialize (qsc_x509w_tls_local_certificate *localcert)
 Initialize a TLS local-certificate export object.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_current_utc_time (qsc_x509_time *currenttime)
 Acquire the current UTC time in X.509 time form.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_load_file (const char *path, qsc_x509_certificate *certificate)
 Load a certificate from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_load_memory (const uint8_t *data, size_t datalen, qsc_x509_certificate *certificate)
 Load a certificate from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_chain_load_file (const char *path, qsc_x509_certificate *certificates, size_t certificatecount, qsc_x509_chain *chain)
 Load a certificate chain from a file into caller-supplied certificate storage and a chain descriptor.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_chain_load_memory (const uint8_t *data, size_t datalen, qsc_x509_certificate *certificates, size_t certificatecount, qsc_x509_chain *chain)
 Load a certificate chain from a memory buffer into caller-supplied certificate storage and a chain descriptor.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_load_file (const char *path, qsc_x509_private_key *privatekey)
 Load a private key from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_load_memory (const uint8_t *data, size_t datalen, qsc_x509_private_key *privatekey)
 Load a private key from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_crl_load_file (const char *path, qsc_x509_crl *crl)
 Load a CRL from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_crl_load_memory (const uint8_t *data, size_t datalen, qsc_x509_crl *crl)
 Load a CRL from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_load_file (const char *path, qsc_x509_csr *csr)
 Load a CSR from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_load_memory (const uint8_t *data, size_t datalen, qsc_x509_csr *csr)
 Load a CSR from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor (qsc_x509w_trust_store *store, const qsc_x509_certificate *certificate, bool selfsigned)
 Add a certificate to the trust store as an anchor.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_bundle_memory (qsc_x509w_trust_store *store, const uint8_t *data, size_t datalen, bool selfsigned)
 Decode and add one or more trust anchors from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_bundle_file (qsc_x509w_trust_store *store, const char *path, bool selfsigned)
 Decode and add one or more trust anchors from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_file (qsc_x509w_trust_store *store, const char *path, bool selfsigned)
 Load and add a single trust anchor from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_memory (qsc_x509w_trust_store *store, const uint8_t *data, size_t datalen, bool selfsigned)
 Load and add a single trust anchor from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl (qsc_x509w_trust_store *store, const qsc_x509_crl *crl)
 Add a decoded CRL to the trust store.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl_file (qsc_x509w_trust_store *store, const char *path)
 Load and add a CRL from a file.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl_memory (qsc_x509w_trust_store *store, const uint8_t *data, size_t datalen)
 Load and add a CRL from a memory buffer.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_load_files (qsc_x509w_server_identity *identity, const char *certificatechainpath, const char *privatekeypath)
 Load a server identity from certificate-chain and private-key files.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_load_configuration (qsc_x509w_server_identity *identity, const qsc_x509w_deployment_config *config, qsc_x509w_result *result)
 Load a server identity using a deployment configuration.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_load_configuration (qsc_x509w_trust_store *store, const qsc_x509w_deployment_config *config, qsc_x509w_result *result)
 Load trust material using a deployment configuration.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_get_chain (const qsc_x509w_server_identity *identity, qsc_x509_chain *chain)
 Build a chain descriptor from a loaded server identity.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_validate (const qsc_x509w_server_identity *identity, const qsc_x509w_profile *profile, qsc_x509w_result *result)
 Validate a loaded server identity against a wrapper profile.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_verify (const qsc_x509w_server_identity *identity, const qsc_x509w_trust_store *store, const qsc_x509w_profile *profile, qsc_x509w_result *result)
 Verify a loaded server identity against a trust store and profile.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_check_role (const qsc_x509_certificate *certificate, qsc_x509w_certificate_role role, const char *hostname, qsc_x509w_result *result)
 Evaluate whether a certificate is suitable for a requested role.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_verify_peer_certificates (const qsc_x509_certificate *certificates, size_t certificatecount, const qsc_x509w_trust_store *store, const qsc_x509w_profile *profile, qsc_x509w_result *result)
 Verify a peer certificate chain against a trust store and wrapper profile.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_name_string (const qsc_x509_name *name, char *output, size_t outputlen, size_t *written)
 Format a distinguished name into a normalized string.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_name_get_attribute_first (const qsc_x509_name *name, qsc_x509_name_attribute_type type, char *output, size_t outputlen, size_t *written)
 Extract the first matching attribute value from a distinguished name.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_string (const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
 Format a certificate subject distinguished name into a normalized string.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_issuer_string (const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
 Format a certificate issuer distinguished name into a normalized string.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_common_name (const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
 Extract the first common-name attribute from a certificate subject.
QSC_EXPORT_API size_t qsc_x509w_certificate_subject_dns_name_count (const qsc_x509_certificate *certificate)
 Get the number of DNS subjectAltName entries in a certificate.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_dns_name (const qsc_x509_certificate *certificate, size_t index, char *output, size_t outputlen, size_t *written)
 Retrieve a DNS subjectAltName entry by index.
QSC_EXPORT_API const char * qsc_x509w_revocation_mode_string (qsc_x509w_revocation_mode mode)
 Convert a revocation mode to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_locator_policy_string (qsc_x509w_locator_policy policy)
 Convert a locator policy to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_revocation_source_string (qsc_x509w_revocation_source source)
 Convert a revocation source to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_availability_string (qsc_x509w_availability availability)
 Convert an availability indicator to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_status_string (qsc_x509w_status status)
 Convert a wrapper status code to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_stage_string (qsc_x509w_stage stage)
 Convert a wrapper stage identifier to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_verify_status_string (qsc_x509_verify_status status)
 Convert an underlying verification status to a constant display string.
QSC_EXPORT_API const char * qsc_x509w_result_message (const qsc_x509w_result *result)
 Get the current diagnostic message stored in a wrapper result.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_export_der (const qsc_x509_certificate *certificate, uint8_t *output, size_t outputlen, size_t *written)
 Export a certificate as DER.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_export_pem (const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
 Export a certificate as PEM.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_export_pkcs8_der (const qsc_x509_private_key *privatekey, bool includepublickey, uint8_t *output, size_t outputlen, size_t *written)
 Export a private key as PKCS#8 DER.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_export_pkcs8_pem (const qsc_x509_private_key *privatekey, bool includepublickey, char *output, size_t outputlen, size_t *written)
 Export a private key as PKCS#8 PEM.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_export_der (const qsc_x509_csr *csr, uint8_t *output, size_t outputlen, size_t *written)
 Export a CSR as DER.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_export_pem (const qsc_x509_csr *csr, char *output, size_t outputlen, size_t *written)
 Export a CSR as PEM.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_create (qsc_x509_csr *csr, const qsc_x509_name *subject, const qsc_x509_subject_public_key_info *spki, const qsc_x509_algorithm_identifier *signaturealgorithm)
 Initialize a CSR for later signing.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_add_dns_name (qsc_x509_csr *csr, const char *dnsname)
 Add a DNS subjectAltName entry to a CSR.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_sign_der (const qsc_x509_csr *csr, qsc_x509_certificate_sign_callback signcallback, void *context, uint8_t *output, size_t *outputlen)
 Sign a CSR and export the result as DER.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_sign_pem (const qsc_x509_csr *csr, qsc_x509_certificate_sign_callback signcallback, void *context, char *output, size_t *outputlen)
 Sign a CSR and export the result as PEM.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_verify (const qsc_x509_csr *csr)
 Verify a CSR signature and structure.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_issue_from_csr (const qsc_x509_csr *csr, const qsc_x509_certificate *issuer, const qsc_x509_algorithm_identifier *signaturealgorithm, const uint8_t *serialnumber, size_t serialnumberlen, const qsc_x509_validity *validity, uint32_t profile, uint32_t policyflags, qsc_x509_certificate_sign_callback signcallback, void *context, uint8_t *output, size_t *outputlen)
 Issue a certificate from a CSR and export the result as DER.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_tls_bridge_configure (qsc_x509w_tls_bridge *bridge, const qsc_x509w_trust_store *store, const qsc_x509w_profile *profile)
 Configure a TLS bridge with a trust store and validation profile.
QSC_EXPORT_API bool qsc_x509w_tls_bridge_is_ready (const qsc_x509w_tls_bridge *bridge)
 Determine whether a TLS bridge has been configured and is ready for use.
QSC_EXPORT_API const qsc_tls_certificate_interfaceqsc_x509w_tls_bridge_get_interface (const qsc_x509w_tls_bridge *bridge)
 Get the prepared TLS certificate interface from a configured bridge.
QSC_EXPORT_API bool qsc_x509w_tls_local_certificate_is_ready (const qsc_x509w_tls_local_certificate *localcert)
 Determine whether a TLS local-certificate export object is ready for use.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_tls_local_certificate_from_identity (const qsc_x509w_server_identity *identity, qsc_tls_signature_scheme verifyscheme, qsc_x509w_tls_local_certificate *localcert)
 Export a server identity into TLS local-certificate form.

Detailed Description

High-level offline X.509 wrapper for certificate loading, validation, deployment configuration, trust-store management, provisioning, and TLS bridge integration.

This header defines the public wrapper layer over the QSC X.509 implementation. The wrapper is intended to simplify the most common operational uses of X.509 while preserving strict control over ownership, validation policy, diagnostics, and TLS integration boundaries.

The wrapper is offline-only. Public APIs declared in this header do not perform network I/O, dereference remote URIs, fetch issuer certificates, retrieve CRLs, or issue OCSP requests. Any future network-assisted certificate retrieval is expected to reside in a separate companion layer.

Enumeration Type Documentation

◆ qsc_x509w_availability_t

enum qsc_x509w_availability_t

Availability reporting for optional policy-driven materials.

Enumerator
QSC_X509W_AVAILABILITY_UNSPECIFIED 

Availability was not specified or is not meaningful.

QSC_X509W_AVAILABILITY_UNCHECKED 

Availability was not checked by the offline wrapper.

QSC_X509W_AVAILABILITY_AVAILABLE 

Required material or locator information was available.

QSC_X509W_AVAILABILITY_UNAVAILABLE 

Required material or locator information was unavailable.

◆ qsc_x509w_certificate_role_t

enum qsc_x509w_certificate_role_t

Common certificate roles evaluated by wrapper suitability checks.

Enumerator
QSC_X509W_CERTIFICATE_ROLE_NONE 

No specific certificate role is requested.

QSC_X509W_CERTIFICATE_ROLE_TLS_SERVER 

The certificate is intended for TLS server authentication.

QSC_X509W_CERTIFICATE_ROLE_TLS_CLIENT 

The certificate is intended for TLS client authentication.

QSC_X509W_CERTIFICATE_ROLE_CA 

The certificate is intended to act as a certificate authority.

QSC_X509W_CERTIFICATE_ROLE_TRUST_ANCHOR 

The certificate is intended to be loaded as a trust anchor.

◆ qsc_x509w_locator_policy_t

enum qsc_x509w_locator_policy_t

Policy for future embedded locator handling such as AIA and OCSP URIs.

Enumerator
QSC_X509W_LOCATOR_POLICY_DISABLED 

Embedded locator information is ignored.

QSC_X509W_LOCATOR_POLICY_ALLOW_EMBEDDED 

Embedded locator information is allowed but not required.

QSC_X509W_LOCATOR_POLICY_REQUIRE_EMBEDDED 

Embedded locator information is required by policy.

◆ qsc_x509w_profile_preset_t

enum qsc_x509w_profile_preset_t

Predefined validation-profile configurations for common workflows.

Enumerator
QSC_X509W_PROFILE_PRESET_TLS_SERVER 

TLS server certificate validation defaults.

QSC_X509W_PROFILE_PRESET_TLS_CLIENT 

TLS client certificate validation defaults.

QSC_X509W_PROFILE_PRESET_CA 

CA and trust-material validation defaults.

QSC_X509W_PROFILE_PRESET_STRICT_REVOCATION 

TLS server defaults with mandatory CRL revocation checking.

QSC_X509W_PROFILE_PRESET_DEVELOPMENT 

Relaxed development and test defaults.

◆ qsc_x509w_revocation_mode_t

enum qsc_x509w_revocation_mode_t

Revocation policy requested by a validation profile.

Enumerator
QSC_X509W_REVOCATION_MODE_NONE 

Revocation is not evaluated.

QSC_X509W_REVOCATION_MODE_CRL_IF_PRESENT 

Use CRLs only when suitable loaded CRLs are present.

QSC_X509W_REVOCATION_MODE_CRL_REQUIRED 

Require CRL-based revocation information.

QSC_X509W_REVOCATION_MODE_OCSP_IF_PRESENT 

Reserved hook for OCSP use when present.

QSC_X509W_REVOCATION_MODE_OCSP_REQUIRED 

Reserved hook requiring OCSP status.

QSC_X509W_REVOCATION_MODE_CRL_OR_OCSP_REQUIRED 

Reserved hook requiring either CRL or OCSP status.

QSC_X509W_REVOCATION_MODE_CRL_AND_OCSP_REQUIRED 

Reserved hook requiring both CRL and OCSP status.

◆ qsc_x509w_revocation_source_t

enum qsc_x509w_revocation_source_t

Source category used to satisfy a revocation decision.

Enumerator
QSC_X509W_REVOCATION_SOURCE_NONE 

No revocation source was used.

QSC_X509W_REVOCATION_SOURCE_CRL 

Revocation status was determined from a CRL.

QSC_X509W_REVOCATION_SOURCE_OCSP 

Revocation status was determined from OCSP.

◆ qsc_x509w_stage_t

enum qsc_x509w_stage_t

High-level operational stage indicators recorded in wrapper results.

Enumerator
QSC_X509W_STAGE_NONE 

No stage has been recorded.

QSC_X509W_STAGE_LOAD 

Input loading from file or memory.

QSC_X509W_STAGE_PARSE 

Parse and decode of X.509 material.

QSC_X509W_STAGE_CHAIN_BUILD 

Certificate-chain construction.

QSC_X509W_STAGE_TIME 

Validity time checking.

QSC_X509W_STAGE_PURPOSE 

Certificate-purpose or role evaluation.

QSC_X509W_STAGE_HOSTNAME 

Hostname or DNS name matching.

QSC_X509W_STAGE_KEY_MATCH 

Local certificate/private-key correspondence check.

QSC_X509W_STAGE_REVOCATION 

Revocation evaluation using already loaded material.

QSC_X509W_STAGE_TRUST 

Trust-anchor or chain trust decision.

QSC_X509W_STAGE_EXPORT 

Object export or re-encoding.

QSC_X509W_STAGE_CONFIGURATION 

Deployment or wrapper configuration processing.

◆ qsc_x509w_status_t

enum qsc_x509w_status_t

Wrapper-level status codes returned by x509wrap operations.

Enumerator
QSC_X509W_STATUS_SUCCESS 

Operation completed successfully.

QSC_X509W_STATUS_INVALID_INPUT 

One or more input parameters were invalid.

QSC_X509W_STATUS_IO_ERROR 

File or local input/output processing failed.

QSC_X509W_STATUS_DECODE_ERROR 

ASN.1, DER, PEM, or wrapper object decoding failed.

QSC_X509W_STATUS_CHAIN_BUILD_ERROR 

Certificate-chain construction failed.

QSC_X509W_STATUS_VERIFY_ERROR 

Certificate or chain verification failed.

QSC_X509W_STATUS_HOSTNAME_MISMATCH 

Hostname validation failed.

QSC_X509W_STATUS_KEY_MISMATCH 

The private key does not match the certificate public key.

QSC_X509W_STATUS_PURPOSE_REJECTED 

The certificate is not suitable for the requested role or purpose.

QSC_X509W_STATUS_STORE_FULL 

The destination trust-store container has no remaining capacity.

QSC_X509W_STATUS_BUFFER_TOO_SMALL 

A caller-supplied output buffer is too small.

QSC_X509W_STATUS_NETWORK_ERROR 

Reserved for companion network-assisted layers.

QSC_X509W_STATUS_UNSUPPORTED 

The requested format, algorithm, or operation is not supported.

QSC_X509W_STATUS_NOT_FOUND 

The requested item or attribute was not found.

QSC_X509W_STATUS_ENCODING_ERROR 

DER, PEM, or wrapper object encoding failed.

QSC_X509W_STATUS_PROFILE_ERROR 

The validation or deployment profile is inconsistent or invalid.

QSC_X509W_STATUS_CALLBACK_ERROR 

A caller-supplied callback failed or rejected the operation.

Function Documentation

◆ qsc_x509w_availability_string()

QSC_EXPORT_API const char * qsc_x509w_availability_string ( qsc_x509w_availability availability)

Convert an availability indicator to a constant display string.

Parameters
availabilityThe availability indicator.
Returns
Returns a constant string describing the availability state.

◆ qsc_x509w_certificate_chain_load_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_chain_load_file ( const char * path,
qsc_x509_certificate * certificates,
size_t certificatecount,
qsc_x509_chain * chain )

Load a certificate chain from a file into caller-supplied certificate storage and a chain descriptor.

Parameters
pathThe input file path.
certificatesThe caller-supplied certificate storage array.
certificatecountThe capacity of the certificate storage array.
chainThe destination chain descriptor.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_chain_load_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_chain_load_memory ( const uint8_t * data,
size_t datalen,
qsc_x509_certificate * certificates,
size_t certificatecount,
qsc_x509_chain * chain )

Load a certificate chain from a memory buffer into caller-supplied certificate storage and a chain descriptor.

Parameters
dataThe input buffer.
datalenThe length of the input buffer in bytes.
certificatesThe caller-supplied certificate storage array.
certificatecountThe capacity of the certificate storage array.
chainThe destination chain descriptor.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_check_role()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_check_role ( const qsc_x509_certificate * certificate,
qsc_x509w_certificate_role role,
const char * hostname,
qsc_x509w_result * result )

Evaluate whether a certificate is suitable for a requested role.

Parameters
certificateThe certificate to test.
roleThe requested certificate role.
hostnameAn optional hostname used for TLS server role evaluation.
resultThe destination diagnostic result object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_export_der()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_export_der ( const qsc_x509_certificate * certificate,
uint8_t * output,
size_t outputlen,
size_t * written )

Export a certificate as DER.

Parameters
certificateThe certificate to export.
outputThe destination byte buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_export_pem()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_export_pem ( const qsc_x509_certificate * certificate,
char * output,
size_t outputlen,
size_t * written )

Export a certificate as PEM.

Parameters
certificateThe certificate to export.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_issue_from_csr()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_issue_from_csr ( const qsc_x509_csr * csr,
const qsc_x509_certificate * issuer,
const qsc_x509_algorithm_identifier * signaturealgorithm,
const uint8_t * serialnumber,
size_t serialnumberlen,
const qsc_x509_validity * validity,
uint32_t profile,
uint32_t policyflags,
qsc_x509_certificate_sign_callback signcallback,
void * context,
uint8_t * output,
size_t * outputlen )

Issue a certificate from a CSR and export the result as DER.

Parameters
csrThe source CSR.
issuerThe issuer certificate.
signaturealgorithmThe signature algorithm identifier to encode.
serialnumberThe certificate serial number buffer.
serialnumberlenThe length of the serial-number buffer in bytes.
validityThe certificate validity period.
profileThe issuer-profile flags passed through to the certificate builder.
policyflagsAdditional issuance policy flags passed through to the certificate builder.
signcallbackThe issuer signing callback.
contextThe opaque callback context.
outputThe destination DER buffer.
outputlenOn input, the output-buffer capacity; on output, the number of bytes written.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_issuer_string()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_issuer_string ( const qsc_x509_certificate * certificate,
char * output,
size_t outputlen,
size_t * written )

Format a certificate issuer distinguished name into a normalized string.

Parameters
certificateThe source certificate.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_load_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_load_file ( const char * path,
qsc_x509_certificate * certificate )

Load a certificate from a file.

Parameters
pathThe input file path.
certificateThe destination certificate object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_load_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_load_memory ( const uint8_t * data,
size_t datalen,
qsc_x509_certificate * certificate )

Load a certificate from a memory buffer.

Parameters
dataThe input buffer.
datalenThe length of the input buffer in bytes.
certificateThe destination certificate object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_subject_common_name()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_common_name ( const qsc_x509_certificate * certificate,
char * output,
size_t outputlen,
size_t * written )

Extract the first common-name attribute from a certificate subject.

Parameters
certificateThe source certificate.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_subject_dns_name()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_dns_name ( const qsc_x509_certificate * certificate,
size_t index,
char * output,
size_t outputlen,
size_t * written )

Retrieve a DNS subjectAltName entry by index.

Parameters
certificateThe source certificate.
indexThe zero-based DNS name index.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_certificate_subject_dns_name_count()

QSC_EXPORT_API size_t qsc_x509w_certificate_subject_dns_name_count ( const qsc_x509_certificate * certificate)

Get the number of DNS subjectAltName entries in a certificate.

Parameters
certificateThe source certificate.
Returns
Returns the number of DNS subjectAltName entries.

◆ qsc_x509w_certificate_subject_string()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_string ( const qsc_x509_certificate * certificate,
char * output,
size_t outputlen,
size_t * written )

Format a certificate subject distinguished name into a normalized string.

Parameters
certificateThe source certificate.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_crl_load_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_crl_load_file ( const char * path,
qsc_x509_crl * crl )

Load a CRL from a file.

Parameters
pathThe input file path.
crlThe destination CRL object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_crl_load_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_crl_load_memory ( const uint8_t * data,
size_t datalen,
qsc_x509_crl * crl )

Load a CRL from a memory buffer.

Parameters
dataThe input buffer.
datalenThe length of the input buffer in bytes.
crlThe destination CRL object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_add_dns_name()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_add_dns_name ( qsc_x509_csr * csr,
const char * dnsname )

Add a DNS subjectAltName entry to a CSR.

Parameters
csrThe CSR to modify.
dnsnameThe DNS name to add.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_create()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_create ( qsc_x509_csr * csr,
const qsc_x509_name * subject,
const qsc_x509_subject_public_key_info * spki,
const qsc_x509_algorithm_identifier * signaturealgorithm )

Initialize a CSR for later signing.

Parameters
csrThe CSR object to initialize.
subjectThe CSR subject name.
spkiThe subject public-key information.
signaturealgorithmThe requested CSR signature algorithm identifier.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_export_der()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_export_der ( const qsc_x509_csr * csr,
uint8_t * output,
size_t outputlen,
size_t * written )

Export a CSR as DER.

Parameters
csrThe CSR to export.
outputThe destination byte buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_export_pem()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_export_pem ( const qsc_x509_csr * csr,
char * output,
size_t outputlen,
size_t * written )

Export a CSR as PEM.

Parameters
csrThe CSR to export.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_load_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_load_file ( const char * path,
qsc_x509_csr * csr )

Load a CSR from a file.

Parameters
pathThe input file path.
csrThe destination CSR object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_load_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_load_memory ( const uint8_t * data,
size_t datalen,
qsc_x509_csr * csr )

Load a CSR from a memory buffer.

Parameters
dataThe input buffer.
datalenThe length of the input buffer in bytes.
csrThe destination CSR object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_sign_der()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_sign_der ( const qsc_x509_csr * csr,
qsc_x509_certificate_sign_callback signcallback,
void * context,
uint8_t * output,
size_t * outputlen )

Sign a CSR and export the result as DER.

Parameters
csrThe CSR to sign.
signcallbackThe caller-supplied signing callback.
contextThe opaque callback context.
outputThe destination DER buffer.
outputlenOn input, the output-buffer capacity; on output, the number of bytes written.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_sign_pem()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_sign_pem ( const qsc_x509_csr * csr,
qsc_x509_certificate_sign_callback signcallback,
void * context,
char * output,
size_t * outputlen )

Sign a CSR and export the result as PEM.

Parameters
csrThe CSR to sign.
signcallbackThe caller-supplied signing callback.
contextThe opaque callback context.
outputThe destination PEM buffer.
outputlenOn input, the output-buffer capacity; on output, the number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_csr_verify()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_verify ( const qsc_x509_csr * csr)

Verify a CSR signature and structure.

Parameters
csrThe CSR to verify.
Returns
Returns the wrapper status code.

◆ qsc_x509w_current_utc_time()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_current_utc_time ( qsc_x509_time * currenttime)

Acquire the current UTC time in X.509 time form.

Parameters
currenttimeThe destination time object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_deployment_config_initialize()

QSC_EXPORT_API void qsc_x509w_deployment_config_initialize ( qsc_x509w_deployment_config * config)

Initialize a deployment configuration object.

Parameters
configThe configuration object to initialize.

◆ qsc_x509w_locator_policy_string()

QSC_EXPORT_API const char * qsc_x509w_locator_policy_string ( qsc_x509w_locator_policy policy)

Convert a locator policy to a constant display string.

Parameters
policyThe locator policy.
Returns
Returns a constant string describing the policy.

◆ qsc_x509w_name_get_attribute_first()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_name_get_attribute_first ( const qsc_x509_name * name,
qsc_x509_name_attribute_type type,
char * output,
size_t outputlen,
size_t * written )

Extract the first matching attribute value from a distinguished name.

Parameters
nameThe name to search.
typeThe requested attribute type.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_name_string()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_name_string ( const qsc_x509_name * name,
char * output,
size_t outputlen,
size_t * written )

Format a distinguished name into a normalized string.

Parameters
nameThe name to format.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_private_key_export_pkcs8_der()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_export_pkcs8_der ( const qsc_x509_private_key * privatekey,
bool includepublickey,
uint8_t * output,
size_t outputlen,
size_t * written )

Export a private key as PKCS#8 DER.

Parameters
privatekeyThe private key to export.
includepublickeySet true to include public-key data when supported.
outputThe destination byte buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written.
Returns
Returns the wrapper status code.

◆ qsc_x509w_private_key_export_pkcs8_pem()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_export_pkcs8_pem ( const qsc_x509_private_key * privatekey,
bool includepublickey,
char * output,
size_t outputlen,
size_t * written )

Export a private key as PKCS#8 PEM.

Parameters
privatekeyThe private key to export.
includepublickeySet true to include public-key data when supported.
outputThe destination character buffer.
outputlenThe capacity of the destination buffer in bytes.
writtenThe optional number of bytes written excluding the terminator.
Returns
Returns the wrapper status code.

◆ qsc_x509w_private_key_load_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_load_file ( const char * path,
qsc_x509_private_key * privatekey )

Load a private key from a file.

Parameters
pathThe input file path.
privatekeyThe destination private-key object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_private_key_load_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_load_memory ( const uint8_t * data,
size_t datalen,
qsc_x509_private_key * privatekey )

Load a private key from a memory buffer.

Parameters
dataThe input buffer.
datalenThe length of the input buffer in bytes.
privatekeyThe destination private-key object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_profile_apply_preset()

QSC_EXPORT_API void qsc_x509w_profile_apply_preset ( qsc_x509w_profile * profile,
qsc_x509w_profile_preset preset )

Apply a predefined validation-profile preset.

Parameters
profileThe profile to update.
presetThe preset to apply.

◆ qsc_x509w_profile_initialize()

QSC_EXPORT_API void qsc_x509w_profile_initialize ( qsc_x509w_profile * profile)

Initialize a validation profile to wrapper defaults.

Parameters
profileThe profile to initialize.

◆ qsc_x509w_profile_set_ca_defaults()

QSC_EXPORT_API void qsc_x509w_profile_set_ca_defaults ( qsc_x509w_profile * profile)

Set CA-validation defaults in a profile.

Parameters
profileThe profile to update.

◆ qsc_x509w_profile_set_development_defaults()

QSC_EXPORT_API void qsc_x509w_profile_set_development_defaults ( qsc_x509w_profile * profile)

Set relaxed development defaults in a profile.

Parameters
profileThe profile to update.

◆ qsc_x509w_profile_set_strict_revocation_defaults()

QSC_EXPORT_API void qsc_x509w_profile_set_strict_revocation_defaults ( qsc_x509w_profile * profile)

Set strict revocation defaults in a profile.

Parameters
profileThe profile to update.

◆ qsc_x509w_profile_set_tls_client_defaults()

QSC_EXPORT_API void qsc_x509w_profile_set_tls_client_defaults ( qsc_x509w_profile * profile)

Set TLS client validation defaults in a profile.

Parameters
profileThe profile to update.

◆ qsc_x509w_profile_set_tls_server_defaults()

QSC_EXPORT_API void qsc_x509w_profile_set_tls_server_defaults ( qsc_x509w_profile * profile)

Set TLS server validation defaults in a profile.

Parameters
profileThe profile to update.

◆ qsc_x509w_result_initialize()

QSC_EXPORT_API void qsc_x509w_result_initialize ( qsc_x509w_result * result)

Initialize a wrapper result object to its default state.

Parameters
resultThe result object to initialize.

◆ qsc_x509w_result_message()

QSC_EXPORT_API const char * qsc_x509w_result_message ( const qsc_x509w_result * result)

Get the current diagnostic message stored in a wrapper result.

Parameters
resultThe source result object.
Returns
Returns the fixed diagnostic message buffer.

◆ qsc_x509w_revocation_mode_string()

QSC_EXPORT_API const char * qsc_x509w_revocation_mode_string ( qsc_x509w_revocation_mode mode)

Convert a revocation mode to a constant display string.

Parameters
modeThe revocation mode.
Returns
Returns a constant string describing the mode.

◆ qsc_x509w_revocation_source_string()

QSC_EXPORT_API const char * qsc_x509w_revocation_source_string ( qsc_x509w_revocation_source source)

Convert a revocation source to a constant display string.

Parameters
sourceThe revocation source.
Returns
Returns a constant string describing the source.

◆ qsc_x509w_server_identity_clear()

QSC_EXPORT_API void qsc_x509w_server_identity_clear ( qsc_x509w_server_identity * identity)

Clear a server identity and release its stored material.

Parameters
identityThe server identity to clear.

◆ qsc_x509w_server_identity_get_chain()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_get_chain ( const qsc_x509w_server_identity * identity,
qsc_x509_chain * chain )

Build a chain descriptor from a loaded server identity.

Parameters
identityThe source server identity.
chainThe destination chain descriptor.
Returns
Returns the wrapper status code.

◆ qsc_x509w_server_identity_initialize()

QSC_EXPORT_API void qsc_x509w_server_identity_initialize ( qsc_x509w_server_identity * identity)

Initialize a server identity object.

Parameters
identityThe server identity to initialize.

◆ qsc_x509w_server_identity_load_configuration()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_load_configuration ( qsc_x509w_server_identity * identity,
const qsc_x509w_deployment_config * config,
qsc_x509w_result * result )

Load a server identity using a deployment configuration.

Parameters
identityThe destination server identity.
configThe deployment configuration.
resultThe optional diagnostic result object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_server_identity_load_files()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_load_files ( qsc_x509w_server_identity * identity,
const char * certificatechainpath,
const char * privatekeypath )

Load a server identity from certificate-chain and private-key files.

Parameters
identityThe destination server identity.
certificatechainpathThe path to the certificate chain file.
privatekeypathThe path to the private-key file.
Returns
Returns the wrapper status code.

◆ qsc_x509w_server_identity_validate()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_validate ( const qsc_x509w_server_identity * identity,
const qsc_x509w_profile * profile,
qsc_x509w_result * result )

Validate a loaded server identity against a wrapper profile.

Parameters
identityThe server identity to validate.
profileThe validation profile.
resultThe destination diagnostic result object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_server_identity_verify()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_verify ( const qsc_x509w_server_identity * identity,
const qsc_x509w_trust_store * store,
const qsc_x509w_profile * profile,
qsc_x509w_result * result )

Verify a loaded server identity against a trust store and profile.

Parameters
identityThe server identity to verify.
storeThe trust store supplying anchors and CRLs.
profileThe validation profile.
resultThe destination diagnostic result object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_stage_string()

QSC_EXPORT_API const char * qsc_x509w_stage_string ( qsc_x509w_stage stage)

Convert a wrapper stage identifier to a constant display string.

Parameters
stageThe wrapper stage identifier.
Returns
Returns a constant string describing the stage.

◆ qsc_x509w_status_string()

QSC_EXPORT_API const char * qsc_x509w_status_string ( qsc_x509w_status status)

Convert a wrapper status code to a constant display string.

Parameters
statusThe wrapper status code.
Returns
Returns a constant string describing the status.

◆ qsc_x509w_tls_bridge_configure()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_tls_bridge_configure ( qsc_x509w_tls_bridge * bridge,
const qsc_x509w_trust_store * store,
const qsc_x509w_profile * profile )

Configure a TLS bridge with a trust store and validation profile.

Parameters
bridgeThe bridge to configure.
storeThe trust store that must outlive the bridge.
profileThe validation profile to copy into the bridge.
Returns
Returns the wrapper status code.

◆ qsc_x509w_tls_bridge_get_interface()

QSC_EXPORT_API const qsc_tls_certificate_interface * qsc_x509w_tls_bridge_get_interface ( const qsc_x509w_tls_bridge * bridge)

Get the prepared TLS certificate interface from a configured bridge.

The returned interface is a borrowed view into bridge. TLS client and server configuration objects should copy this interface using TLS-layer configuration setters. The X.509 wrapper intentionally does not mutate TLS client or server state objects, preserving the dependency boundary between certificate handling and the TLS state machines.

Parameters
bridgeThe configured bridge.
Returns
Returns a pointer to the prepared TLS certificate interface.

◆ qsc_x509w_tls_bridge_initialize()

QSC_EXPORT_API void qsc_x509w_tls_bridge_initialize ( qsc_x509w_tls_bridge * bridge)

Initialize a TLS bridge object.

Parameters
bridgeThe bridge object to initialize.

◆ qsc_x509w_tls_bridge_is_ready()

QSC_EXPORT_API bool qsc_x509w_tls_bridge_is_ready ( const qsc_x509w_tls_bridge * bridge)

Determine whether a TLS bridge has been configured and is ready for use.

Parameters
bridgeThe bridge to test.
Returns
Returns true if the bridge is ready.

◆ qsc_x509w_tls_local_certificate_from_identity()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_tls_local_certificate_from_identity ( const qsc_x509w_server_identity * identity,
qsc_tls_signature_scheme verifyscheme,
qsc_x509w_tls_local_certificate * localcert )

Export a server identity into TLS local-certificate form.

Extracts the certificate chain and private key from the identity object and populates a qsc_x509w_tls_local_certificate ready for use by the TLS-layer server configuration local-certificate setter.

Parameters
identityThe source server identity (must contain a valid private key).
verifyschemeThe TLS CertificateVerify signature scheme identifier.
localcertThe destination TLS local-certificate export object.
Returns
Returns the wrapper status code.
Note
C6 fix: the previous API accepted a pre-computed signature; this function now extracts the private key directly from identity->privatekey so the signature can be produced at CertificateVerify build time.

◆ qsc_x509w_tls_local_certificate_initialize()

QSC_EXPORT_API void qsc_x509w_tls_local_certificate_initialize ( qsc_x509w_tls_local_certificate * localcert)

Initialize a TLS local-certificate export object.

Parameters
localcertThe local certificate container to initialize.

◆ qsc_x509w_tls_local_certificate_is_ready()

QSC_EXPORT_API bool qsc_x509w_tls_local_certificate_is_ready ( const qsc_x509w_tls_local_certificate * localcert)

Determine whether a TLS local-certificate export object is ready for use.

Parameters
localcertThe local-certificate export object to test.
Returns
Returns true if the object is ready.

◆ qsc_x509w_trust_store_add_anchor()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor ( qsc_x509w_trust_store * store,
const qsc_x509_certificate * certificate,
bool selfsigned )

Add a certificate to the trust store as an anchor.

Parameters
storeThe destination trust store.
certificateThe certificate to add.
selfsignedSet true when the anchor is expected to be self-signed.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_anchor_bundle_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_bundle_file ( qsc_x509w_trust_store * store,
const char * path,
bool selfsigned )

Decode and add one or more trust anchors from a file.

Parameters
storeThe destination trust store.
pathThe input file path.
selfsignedSet true when the loaded anchors are expected to be self-signed.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_anchor_bundle_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_bundle_memory ( qsc_x509w_trust_store * store,
const uint8_t * data,
size_t datalen,
bool selfsigned )

Decode and add one or more trust anchors from a memory buffer.

Parameters
storeThe destination trust store.
dataThe input buffer.
datalenThe length of the input buffer in bytes.
selfsignedSet true when the loaded anchors are expected to be self-signed.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_anchor_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_file ( qsc_x509w_trust_store * store,
const char * path,
bool selfsigned )

Load and add a single trust anchor from a file.

Parameters
storeThe destination trust store.
pathThe input file path.
selfsignedSet true when the loaded anchor is expected to be self-signed.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_anchor_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_memory ( qsc_x509w_trust_store * store,
const uint8_t * data,
size_t datalen,
bool selfsigned )

Load and add a single trust anchor from a memory buffer.

Parameters
storeThe destination trust store.
dataThe input buffer.
datalenThe length of the input buffer in bytes.
selfsignedSet true when the loaded anchor is expected to be self-signed.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_crl()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl ( qsc_x509w_trust_store * store,
const qsc_x509_crl * crl )

Add a decoded CRL to the trust store.

Parameters
storeThe destination trust store.
crlThe CRL to add.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_crl_file()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl_file ( qsc_x509w_trust_store * store,
const char * path )

Load and add a CRL from a file.

Parameters
storeThe destination trust store.
pathThe input file path.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_add_crl_memory()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl_memory ( qsc_x509w_trust_store * store,
const uint8_t * data,
size_t datalen )

Load and add a CRL from a memory buffer.

Parameters
storeThe destination trust store.
dataThe input buffer.
datalenThe length of the input buffer in bytes.
Returns
Returns the wrapper status code.

◆ qsc_x509w_trust_store_clear()

QSC_EXPORT_API void qsc_x509w_trust_store_clear ( qsc_x509w_trust_store * store)

Clear a wrapper trust store and release its stored material.

Parameters
storeThe trust store to clear.

◆ qsc_x509w_trust_store_initialize()

QSC_EXPORT_API void qsc_x509w_trust_store_initialize ( qsc_x509w_trust_store * store)

Initialize a wrapper trust store.

Parameters
storeThe trust store to initialize.

◆ qsc_x509w_trust_store_load_configuration()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_load_configuration ( qsc_x509w_trust_store * store,
const qsc_x509w_deployment_config * config,
qsc_x509w_result * result )

Load trust material using a deployment configuration.

Parameters
storeThe destination trust store.
configThe deployment configuration.
resultThe optional diagnostic result object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_verify_peer_certificates()

QSC_EXPORT_API qsc_x509w_status qsc_x509w_verify_peer_certificates ( const qsc_x509_certificate * certificates,
size_t certificatecount,
const qsc_x509w_trust_store * store,
const qsc_x509w_profile * profile,
qsc_x509w_result * result )

Verify a peer certificate chain against a trust store and wrapper profile.

Parameters
certificatesThe certificate chain array in peer-presented order.
certificatecountThe number of certificates in the array.
storeThe trust store supplying anchors and CRLs.
profileThe validation profile.
resultThe destination diagnostic result object.
Returns
Returns the wrapper status code.

◆ qsc_x509w_verify_status_string()

QSC_EXPORT_API const char * qsc_x509w_verify_status_string ( qsc_x509_verify_status status)

Convert an underlying verification status to a constant display string.

Parameters
statusThe underlying verification status.
Returns
Returns a constant string describing the verification status.