18#ifndef QSC_X509_WRAP_H
19#define QSC_X509_WRAP_H
37QSC_CPLUSPLUS_ENABLED_START
42#define QSC_X509W_CHAIN_MAX 8U
47#define QSC_X509W_ANCHOR_MAX 16U
52#define QSC_X509W_CRL_MAX 8U
57#define QSC_X509W_VERIFY_BUFFER_SIZE QSC_X509_CERTIFICATE_WRITE_MAX
63#define QSC_X509W_RESULT_MESSAGE_MAX 160U
121} qsc_x509w_certificate_role;
134} qsc_x509w_profile_preset;
149} qsc_x509w_revocation_mode;
160} qsc_x509w_locator_policy;
171} qsc_x509w_revocation_source;
183} qsc_x509w_availability;
240} qsc_x509w_trust_store;
253} qsc_x509w_server_identity;
273} qsc_x509w_deployment_config;
294} qsc_x509w_tls_bridge;
315} qsc_x509w_tls_local_certificate;
671 const qsc_x509w_profile* profile, qsc_x509w_result* result);
683 const char* hostname, qsc_x509w_result* result);
697 const qsc_x509w_trust_store* store,
const qsc_x509w_profile* profile, qsc_x509w_result* result);
920 const qsc_x509_subject_public_key_info* spki,
const qsc_x509_algorithm_identifier* signaturealgorithm);
942 void* context, uint8_t* output,
size_t* outputlen);
955 void* context,
char* output,
size_t* outputlen);
983 const qsc_x509_algorithm_identifier* signaturealgorithm,
const uint8_t* serialnumber,
size_t serialnumberlen,
984 const qsc_x509_validity* validity, uint32_t profile, uint32_t policyflags,
985 qsc_x509_certificate_sign_callback signcallback,
void* context, uint8_t* output,
size_t* outputlen);
996 const qsc_x509w_profile* profile);
1050QSC_CPLUSPLUS_ENABLED_END
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.
#define QSC_EXPORT_API
API export macro for Microsoft compilers when importing from a DLL.
Definition qsccommon.h:645
Certificate validation and signature verification callback set.
Definition tlscert.h:148
A non-owning view over a single encoded certificate.
Definition tlscert.h:80
Context for the built-in bridge between TLS and the QSC X.509 layer.
Definition tlscert.h:209
A decoded X.509 CertificateList object.
A decoded private key object with optional embedded public key material.
File-path and policy configuration used to load server identities and trust material for deployment w...
Definition x509wrap.h:261
const char * crlpath
Definition x509wrap.h:265
const char * privatekeypath
Definition x509wrap.h:263
const char * trustanchorpath
Definition x509wrap.h:264
bool rejectunsupportedcriticalextensions
Definition x509wrap.h:271
const char * certificatechainpath
Definition x509wrap.h:262
bool loadcrls
Definition x509wrap.h:270
bool requirerevocation
Definition x509wrap.h:272
const char * hostname
Definition x509wrap.h:266
qsc_x509_verify_purpose purpose
Definition x509wrap.h:267
bool requireclientauth
Definition x509wrap.h:268
bool loadtrustanchors
Definition x509wrap.h:269
Validation profile describing the intended certificate-verification policy.
Definition x509wrap.h:191
bool requirehostname
Definition x509wrap.h:196
qsc_x509w_locator_policy ocsppolicy
Definition x509wrap.h:199
const qsc_x509_time * validationtime
Definition x509wrap.h:193
qsc_x509w_locator_policy aiaissuerpolicy
Definition x509wrap.h:198
bool rejectunsupportedcriticalextensions
Definition x509wrap.h:195
const char * hostname
Definition x509wrap.h:194
qsc_x509_verify_purpose purpose
Definition x509wrap.h:192
qsc_x509w_revocation_mode revocationmode
Definition x509wrap.h:197
Structured operational result returned by wrapper validation and configuration routines.
Definition x509wrap.h:208
bool ocsphintpresent
Definition x509wrap.h:225
char message[QSC_X509W_RESULT_MESSAGE_MAX]
Definition x509wrap.h:226
bool hostnamevalid
Definition x509wrap.h:220
qsc_x509w_availability aiaavailability
Definition x509wrap.h:214
size_t failuredepth
Definition x509wrap.h:217
bool chainbuilt
Definition x509wrap.h:218
bool timevalid
Definition x509wrap.h:223
size_t chainlength
Definition x509wrap.h:216
qsc_x509w_availability ocspavailability
Definition x509wrap.h:215
qsc_x509w_stage stage
Definition x509wrap.h:210
bool keymatch
Definition x509wrap.h:221
qsc_x509_revocation_status revocationstatus
Definition x509wrap.h:212
qsc_x509w_revocation_source revocationsource
Definition x509wrap.h:213
bool hostnamechecked
Definition x509wrap.h:219
qsc_x509_verify_status verifystatus
Definition x509wrap.h:211
bool purposevalid
Definition x509wrap.h:222
bool aiahintpresent
Definition x509wrap.h:224
qsc_x509w_status status
Definition x509wrap.h:209
Wrapper-owned server identity consisting of a leaf certificate, optional intermediates,...
Definition x509wrap.h:248
qsc_x509_private_key privatekey
Definition x509wrap.h:252
qsc_x509_certificate intermediates[QSC_X509W_CHAIN_MAX - 1U]
Definition x509wrap.h:250
size_t intermediatecount
Definition x509wrap.h:251
qsc_x509_certificate leaf
Definition x509wrap.h:249
Thin TLS bridge object binding wrapper validation policy and trust material to the QSC TLS certificat...
Definition x509wrap.h:286
qsc_tls_certificate_interface iface
Definition x509wrap.h:290
qsc_x509w_profile profile
Definition x509wrap.h:287
const qsc_x509w_trust_store * truststore
Definition x509wrap.h:288
qsc_x509_time currenttime
Definition x509wrap.h:291
bool initialized
Definition x509wrap.h:293
qsc_tls_qsc_x509_context context
Definition x509wrap.h:289
uint8_t verifybuffer[QSC_X509W_VERIFY_BUFFER_SIZE]
Definition x509wrap.h:292
TLS-facing export container for a local certificate chain and private key for CertificateVerify gener...
Definition x509wrap.h:308
uint8_t chainder[QSC_TLS_CERTIFICATE_LIST_MAX_ENTRIES][QSC_X509_CERTIFICATE_WRITE_MAX]
Definition x509wrap.h:310
qsc_tls_certificate_view chain[QSC_TLS_CERTIFICATE_LIST_MAX_ENTRIES]
Definition x509wrap.h:309
size_t chainlength
Definition x509wrap.h:311
qsc_tls_signature_scheme verifyscheme
Definition x509wrap.h:312
size_t privatekeylen
Definition x509wrap.h:314
uint8_t privatekeydata[QSC_TLS_MAX_SIGNING_PRIVATE_KEY_SIZE]
Definition x509wrap.h:313
Wrapper-owned trust-store object containing anchors, CRLs, and the underlying QSC store state.
Definition x509wrap.h:235
qsc_x509_store store
Definition x509wrap.h:237
size_t crlcount
Definition x509wrap.h:239
qsc_x509_crl crls[QSC_X509W_CRL_MAX]
Definition x509wrap.h:238
qsc_x509_trust_anchor anchors[QSC_X509W_ANCHOR_MAX]
Definition x509wrap.h:236
TLS certificate bridge types and validation callbacks.
Fixed upper bounds used by the TLS implementation.
#define QSC_TLS_CERTIFICATE_LIST_MAX_ENTRIES
Maximum number of certificates tracked in a chain.
Definition tlslimits.h:152
#define QSC_TLS_MAX_SIGNING_PRIVATE_KEY_SIZE
Maximum private-key size in bytes across all supported CertificateVerify signature schemes....
Definition tlslimits.h:264
qsc_tls_signature_scheme
TLS signature-scheme identifiers.
Definition tlstypes.h:179
X.509 certificate builder, issuance policy, signing, and PEM encoding interface.
X.509 certificate revocation list parsing, encoding, lookup, and verification interface.
PKCS#10 certificate signing request encoding, decoding, mutation, and verification interface.
QSC_EXPORT_API struct qsc_x509_csr_t qsc_x509_csr
A decoded or mutable PKCS#10 certificate signing request.
X.509 private key decoding, size validation, and certificate-key matching interface.
X.509 private key encoding and PEM conversion interface.
PEM bundle decoding, object extraction, and PEM encoding utilities for X.509 objects.
QSC-backed X.509 certificate, CSR, CRL, and raw signed-data signature verification interface.
X.509 trust-anchor store and certificate chain construction interface.
X.509 time decoding, parsing, comparison, and validity helpers.
qsc_asn1_time qsc_x509_time
Alias for the normalized ASN.1 time representation used by X.509 helpers.
Definition x509time.h:85
X.509 certificate and certification-path verification interface.
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl_memory(qsc_x509w_trust_store *store, const uint8_t *data, size_t datalen)
Load and add a CRL from a memory buffer.
Definition x509wrap.c:1214
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_chain_load_file(const char *path, qsc_x509_certificate *certificates, size_t certificatecount, qsc_x509_chain *chain)
Load a certificate chain from a file into caller-supplied certificate storage and a chain descriptor.
Definition x509wrap.c:948
qsc_x509w_availability_t
Availability reporting for optional policy-driven materials.
Definition x509wrap.h:178
@ QSC_X509W_AVAILABILITY_AVAILABLE
Definition x509wrap.h:181
@ QSC_X509W_AVAILABILITY_UNSPECIFIED
Definition x509wrap.h:179
@ QSC_X509W_AVAILABILITY_UNCHECKED
Definition x509wrap.h:180
@ QSC_X509W_AVAILABILITY_UNAVAILABLE
Definition x509wrap.h:182
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_check_role(const qsc_x509_certificate *certificate, qsc_x509w_certificate_role role, const char *hostname, qsc_x509w_result *result)
Evaluate whether a certificate is suitable for a requested role.
Definition x509wrap.c:1767
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_sign_der(const qsc_x509_csr *csr, qsc_x509_certificate_sign_callback signcallback, void *context, uint8_t *output, size_t *outputlen)
Sign a CSR and export the result as DER.
Definition x509wrap.c:2034
qsc_x509w_stage_t
High-level operational stage indicators recorded in wrapper results.
Definition x509wrap.h:95
@ QSC_X509W_STAGE_REVOCATION
Definition x509wrap.h:104
@ QSC_X509W_STAGE_NONE
Definition x509wrap.h:96
@ QSC_X509W_STAGE_LOAD
Definition x509wrap.h:97
@ QSC_X509W_STAGE_PARSE
Definition x509wrap.h:98
@ QSC_X509W_STAGE_TIME
Definition x509wrap.h:100
@ QSC_X509W_STAGE_PURPOSE
Definition x509wrap.h:101
@ QSC_X509W_STAGE_HOSTNAME
Definition x509wrap.h:102
@ QSC_X509W_STAGE_EXPORT
Definition x509wrap.h:106
@ QSC_X509W_STAGE_TRUST
Definition x509wrap.h:105
@ QSC_X509W_STAGE_KEY_MATCH
Definition x509wrap.h:103
@ QSC_X509W_STAGE_CONFIGURATION
Definition x509wrap.h:107
@ QSC_X509W_STAGE_CHAIN_BUILD
Definition x509wrap.h:99
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_common_name(const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
Extract the first common-name attribute from a certificate subject.
Definition x509wrap.c:1543
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_export_pkcs8_der(const qsc_x509_private_key *privatekey, bool includepublickey, uint8_t *output, size_t outputlen, size_t *written)
Export a private key as PKCS#8 DER.
Definition x509wrap.c:1923
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_verify(const qsc_x509w_server_identity *identity, const qsc_x509w_trust_store *store, const qsc_x509w_profile *profile, qsc_x509w_result *result)
Verify a loaded server identity against a trust store and profile.
Definition x509wrap.c:1871
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl(qsc_x509w_trust_store *store, const qsc_x509_crl *crl)
Add a decoded CRL to the trust store.
Definition x509wrap.c:1197
QSC_EXPORT_API const char * qsc_x509w_stage_string(qsc_x509w_stage stage)
Convert a wrapper stage identifier to a constant display string.
Definition x509wrap.c:1708
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_export_pkcs8_pem(const qsc_x509_private_key *privatekey, bool includepublickey, char *output, size_t outputlen, size_t *written)
Export a private key as PKCS#8 PEM.
Definition x509wrap.c:1940
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_export_der(const qsc_x509_certificate *certificate, uint8_t *output, size_t outputlen, size_t *written)
Export a certificate as DER.
Definition x509wrap.c:1881
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_bundle_memory(qsc_x509w_trust_store *store, const uint8_t *data, size_t datalen, bool selfsigned)
Decode and add one or more trust anchors from a memory buffer.
Definition x509wrap.c:1128
QSC_EXPORT_API void qsc_x509w_profile_set_tls_server_defaults(qsc_x509w_profile *profile)
Set TLS server validation defaults in a profile.
Definition x509wrap.c:718
QSC_EXPORT_API const qsc_tls_certificate_interface * qsc_x509w_tls_bridge_get_interface(const qsc_x509w_tls_bridge *bridge)
Get the prepared TLS certificate interface from a configured bridge.
Definition x509wrap.c:2178
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_issue_from_csr(const qsc_x509_csr *csr, const qsc_x509_certificate *issuer, const qsc_x509_algorithm_identifier *signaturealgorithm, const uint8_t *serialnumber, size_t serialnumberlen, const qsc_x509_validity *validity, uint32_t profile, uint32_t policyflags, qsc_x509_certificate_sign_callback signcallback, void *context, uint8_t *output, size_t *outputlen)
Issue a certificate from a CSR and export the result as DER.
Definition x509wrap.c:2071
QSC_EXPORT_API void qsc_x509w_server_identity_clear(qsc_x509w_server_identity *identity)
Clear a server identity and release its stored material.
Definition x509wrap.c:829
QSC_EXPORT_API qsc_x509w_status qsc_x509w_name_get_attribute_first(const qsc_x509_name *name, qsc_x509_name_attribute_type type, char *output, size_t outputlen, size_t *written)
Extract the first matching attribute value from a distinguished name.
Definition x509wrap.c:1504
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_export_pem(const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
Export a certificate as PEM.
Definition x509wrap.c:1902
qsc_x509w_status_t
Wrapper-level status codes returned by x509wrap operations.
Definition x509wrap.h:70
@ QSC_X509W_STATUS_IO_ERROR
Definition x509wrap.h:73
@ QSC_X509W_STATUS_CALLBACK_ERROR
Definition x509wrap.h:87
@ QSC_X509W_STATUS_ENCODING_ERROR
Definition x509wrap.h:85
@ QSC_X509W_STATUS_CHAIN_BUILD_ERROR
Definition x509wrap.h:75
@ QSC_X509W_STATUS_NOT_FOUND
Definition x509wrap.h:84
@ QSC_X509W_STATUS_PURPOSE_REJECTED
Definition x509wrap.h:79
@ QSC_X509W_STATUS_STORE_FULL
Definition x509wrap.h:80
@ QSC_X509W_STATUS_BUFFER_TOO_SMALL
Definition x509wrap.h:81
@ QSC_X509W_STATUS_DECODE_ERROR
Definition x509wrap.h:74
@ QSC_X509W_STATUS_SUCCESS
Definition x509wrap.h:71
@ QSC_X509W_STATUS_PROFILE_ERROR
Definition x509wrap.h:86
@ QSC_X509W_STATUS_UNSUPPORTED
Definition x509wrap.h:83
@ QSC_X509W_STATUS_KEY_MISMATCH
Definition x509wrap.h:78
@ QSC_X509W_STATUS_NETWORK_ERROR
Definition x509wrap.h:82
@ QSC_X509W_STATUS_VERIFY_ERROR
Definition x509wrap.h:76
@ QSC_X509W_STATUS_HOSTNAME_MISMATCH
Definition x509wrap.h:77
@ QSC_X509W_STATUS_INVALID_INPUT
Definition x509wrap.h:72
QSC_EXPORT_API const char * qsc_x509w_revocation_source_string(qsc_x509w_revocation_source source)
Convert a revocation source to a constant display string.
Definition x509wrap.c:1648
QSC_EXPORT_API qsc_x509w_status qsc_x509w_verify_peer_certificates(const qsc_x509_certificate *certificates, size_t certificatecount, const qsc_x509w_trust_store *store, const qsc_x509w_profile *profile, qsc_x509w_result *result)
Verify a peer certificate chain against a trust store and wrapper profile.
Definition x509wrap.c:1488
qsc_x509w_revocation_mode_t
Revocation policy requested by a validation profile.
Definition x509wrap.h:141
@ QSC_X509W_REVOCATION_MODE_CRL_IF_PRESENT
Definition x509wrap.h:143
@ QSC_X509W_REVOCATION_MODE_CRL_OR_OCSP_REQUIRED
Definition x509wrap.h:147
@ QSC_X509W_REVOCATION_MODE_CRL_AND_OCSP_REQUIRED
Definition x509wrap.h:148
@ QSC_X509W_REVOCATION_MODE_CRL_REQUIRED
Definition x509wrap.h:144
@ QSC_X509W_REVOCATION_MODE_OCSP_IF_PRESENT
Definition x509wrap.h:145
@ QSC_X509W_REVOCATION_MODE_NONE
Definition x509wrap.h:142
@ QSC_X509W_REVOCATION_MODE_OCSP_REQUIRED
Definition x509wrap.h:146
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor(qsc_x509w_trust_store *store, const qsc_x509_certificate *certificate, bool selfsigned)
Add a certificate to the trust store as an anchor.
Definition x509wrap.c:1096
QSC_EXPORT_API qsc_x509w_status qsc_x509w_crl_load_file(const char *path, qsc_x509_crl *crl)
Load a CRL from a file.
Definition x509wrap.c:982
QSC_EXPORT_API void qsc_x509w_profile_set_strict_revocation_defaults(qsc_x509w_profile *profile)
Set strict revocation defaults in a profile.
Definition x509wrap.c:748
QSC_EXPORT_API const char * qsc_x509w_revocation_mode_string(qsc_x509w_revocation_mode mode)
Convert a revocation mode to a constant display string.
Definition x509wrap.c:1610
QSC_EXPORT_API void qsc_x509w_deployment_config_initialize(qsc_x509w_deployment_config *config)
Initialize a deployment configuration object.
Definition x509wrap.c:848
QSC_EXPORT_API bool qsc_x509w_tls_bridge_is_ready(const qsc_x509w_tls_bridge *bridge)
Determine whether a TLS bridge has been configured and is ready for use.
Definition x509wrap.c:2164
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_dns_name(const qsc_x509_certificate *certificate, size_t index, char *output, size_t outputlen, size_t *written)
Retrieve a DNS subjectAltName entry by index.
Definition x509wrap.c:1574
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_verify(const qsc_x509_csr *csr)
Verify a CSR signature and structure.
Definition x509wrap.c:2061
QSC_EXPORT_API void qsc_x509w_tls_bridge_initialize(qsc_x509w_tls_bridge *bridge)
Initialize a TLS bridge object.
Definition x509wrap.c:2146
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_export_pem(const qsc_x509_csr *csr, char *output, size_t outputlen, size_t *written)
Export a CSR as PEM.
Definition x509wrap.c:1978
QSC_EXPORT_API qsc_x509w_status qsc_x509w_name_string(const qsc_x509_name *name, char *output, size_t outputlen, size_t *written)
Format a distinguished name into a normalized string.
Definition x509wrap.c:1494
QSC_EXPORT_API qsc_x509w_status qsc_x509w_tls_bridge_configure(qsc_x509w_tls_bridge *bridge, const qsc_x509w_trust_store *store, const qsc_x509w_profile *profile)
Configure a TLS bridge with a trust store and validation profile.
Definition x509wrap.c:2206
QSC_EXPORT_API bool qsc_x509w_tls_local_certificate_is_ready(const qsc_x509w_tls_local_certificate *localcert)
Determine whether a TLS local-certificate export object is ready for use.
Definition x509wrap.c:2192
qsc_x509w_profile_preset_t
Predefined validation-profile configurations for common workflows.
Definition x509wrap.h:128
@ QSC_X509W_PROFILE_PRESET_TLS_SERVER
Definition x509wrap.h:129
@ QSC_X509W_PROFILE_PRESET_CA
Definition x509wrap.h:131
@ QSC_X509W_PROFILE_PRESET_TLS_CLIENT
Definition x509wrap.h:130
@ QSC_X509W_PROFILE_PRESET_DEVELOPMENT
Definition x509wrap.h:133
@ QSC_X509W_PROFILE_PRESET_STRICT_REVOCATION
Definition x509wrap.h:132
#define QSC_X509W_CHAIN_MAX
Maximum number of certificates supported by the wrapper chain model.
Definition x509wrap.h:42
QSC_EXPORT_API void qsc_x509w_trust_store_initialize(qsc_x509w_trust_store *store)
Initialize a wrapper trust store.
Definition x509wrap.c:784
QSC_EXPORT_API qsc_x509w_status qsc_x509w_tls_local_certificate_from_identity(const qsc_x509w_server_identity *identity, qsc_tls_signature_scheme verifyscheme, qsc_x509w_tls_local_certificate *localcert)
Export a server identity into TLS local-certificate form.
Definition x509wrap.c:2251
QSC_EXPORT_API void qsc_x509w_profile_initialize(qsc_x509w_profile *profile)
Initialize a validation profile to wrapper defaults.
Definition x509wrap.c:670
#define QSC_X509W_ANCHOR_MAX
Maximum number of trust anchors supported by a wrapper trust store.
Definition x509wrap.h:47
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_get_chain(const qsc_x509w_server_identity *identity, qsc_x509_chain *chain)
Build a chain descriptor from a loaded server identity.
Definition x509wrap.c:1858
QSC_EXPORT_API void qsc_x509w_profile_set_tls_client_defaults(qsc_x509w_profile *profile)
Set TLS client validation defaults in a profile.
Definition x509wrap.c:728
QSC_EXPORT_API size_t qsc_x509w_certificate_subject_dns_name_count(const qsc_x509_certificate *certificate)
Get the number of DNS subjectAltName entries in a certificate.
Definition x509wrap.c:1553
QSC_EXPORT_API void qsc_x509w_result_initialize(qsc_x509w_result *result)
Initialize a wrapper result object to its default state.
Definition x509wrap.c:768
QSC_EXPORT_API void qsc_x509w_server_identity_initialize(qsc_x509w_server_identity *identity)
Initialize a server identity object.
Definition x509wrap.c:818
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_bundle_file(qsc_x509w_trust_store *store, const char *path, bool selfsigned)
Decode and add one or more trust anchors from a file.
Definition x509wrap.c:1165
QSC_EXPORT_API void qsc_x509w_profile_set_development_defaults(qsc_x509w_profile *profile)
Set relaxed development defaults in a profile.
Definition x509wrap.c:758
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_add_dns_name(qsc_x509_csr *csr, const char *dnsname)
Add a DNS subjectAltName entry to a CSR.
Definition x509wrap.c:2024
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_load_file(const char *path, qsc_x509_csr *csr)
Load a CSR from a file.
Definition x509wrap.c:1079
QSC_EXPORT_API const char * qsc_x509w_availability_string(qsc_x509w_availability availability)
Convert an availability indicator to a constant display string.
Definition x509wrap.c:1665
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_export_der(const qsc_x509_csr *csr, uint8_t *output, size_t outputlen, size_t *written)
Export a CSR as DER.
Definition x509wrap.c:1957
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_load_configuration(qsc_x509w_trust_store *store, const qsc_x509w_deployment_config *config, qsc_x509w_result *result)
Load trust material using a deployment configuration.
Definition x509wrap.c:1359
QSC_EXPORT_API qsc_x509w_status qsc_x509w_crl_load_memory(const uint8_t *data, size_t datalen, qsc_x509_crl *crl)
Load a CRL from a memory buffer.
Definition x509wrap.c:1029
QSC_EXPORT_API void qsc_x509w_tls_local_certificate_initialize(qsc_x509w_tls_local_certificate *localcert)
Initialize a TLS local-certificate export object.
Definition x509wrap.c:2155
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_load_configuration(qsc_x509w_server_identity *identity, const qsc_x509w_deployment_config *config, qsc_x509w_result *result)
Load a server identity using a deployment configuration.
Definition x509wrap.c:1323
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_validate(const qsc_x509w_server_identity *identity, const qsc_x509w_profile *profile, qsc_x509w_result *result)
Validate a loaded server identity against a wrapper profile.
Definition x509wrap.c:1406
QSC_EXPORT_API qsc_x509w_status qsc_x509w_current_utc_time(qsc_x509_time *currenttime)
Acquire the current UTC time in X.509 time form.
Definition x509wrap.c:870
#define QSC_X509W_VERIFY_BUFFER_SIZE
Size in bytes of the internal TLS verification work buffer.
Definition x509wrap.h:57
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_load_file(const char *path, qsc_x509_private_key *privatekey)
Load a private key from a file.
Definition x509wrap.c:965
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_memory(qsc_x509w_trust_store *store, const uint8_t *data, size_t datalen, bool selfsigned)
Load and add a single trust anchor from a memory buffer.
Definition x509wrap.c:1182
QSC_EXPORT_API const char * qsc_x509w_result_message(const qsc_x509w_result *result)
Get the current diagnostic message stored in a wrapper result.
Definition x509wrap.c:1757
#define QSC_X509W_RESULT_MESSAGE_MAX
Maximum length of the fixed diagnostic message buffer in qsc_x509w_result.
Definition x509wrap.h:63
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_create(qsc_x509_csr *csr, const qsc_x509_name *subject, const qsc_x509_subject_public_key_info *spki, const qsc_x509_algorithm_identifier *signaturealgorithm)
Initialize a CSR for later signing.
Definition x509wrap.c:1999
QSC_EXPORT_API const char * qsc_x509w_status_string(qsc_x509w_status status)
Convert a wrapper status code to a constant display string.
Definition x509wrap.c:1683
QSC_EXPORT_API const char * qsc_x509w_locator_policy_string(qsc_x509w_locator_policy policy)
Convert a locator policy to a constant display string.
Definition x509wrap.c:1631
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_load_memory(const uint8_t *data, size_t datalen, qsc_x509_certificate *certificate)
Load a certificate from a memory buffer.
Definition x509wrap.c:875
qsc_x509w_locator_policy_t
Policy for future embedded locator handling such as AIA and OCSP URIs.
Definition x509wrap.h:156
@ QSC_X509W_LOCATOR_POLICY_DISABLED
Definition x509wrap.h:157
@ QSC_X509W_LOCATOR_POLICY_REQUIRE_EMBEDDED
Definition x509wrap.h:159
@ QSC_X509W_LOCATOR_POLICY_ALLOW_EMBEDDED
Definition x509wrap.h:158
QSC_EXPORT_API qsc_x509w_status qsc_x509w_private_key_load_memory(const uint8_t *data, size_t datalen, qsc_x509_private_key *privatekey)
Load a private key from a memory buffer.
Definition x509wrap.c:999
QSC_EXPORT_API void qsc_x509w_profile_set_ca_defaults(qsc_x509w_profile *profile)
Set CA-validation defaults in a profile.
Definition x509wrap.c:738
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_load_file(const char *path, qsc_x509_certificate *certificate)
Load a certificate from a file.
Definition x509wrap.c:900
#define QSC_X509W_CRL_MAX
Maximum number of CRLs stored in a wrapper trust store.
Definition x509wrap.h:52
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_chain_load_memory(const uint8_t *data, size_t datalen, qsc_x509_certificate *certificates, size_t certificatecount, qsc_x509_chain *chain)
Load a certificate chain from a memory buffer into caller-supplied certificate storage and a chain de...
Definition x509wrap.c:917
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_issuer_string(const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
Format a certificate issuer distinguished name into a normalized string.
Definition x509wrap.c:1533
QSC_EXPORT_API void qsc_x509w_trust_store_clear(qsc_x509w_trust_store *store)
Clear a wrapper trust store and release its stored material.
Definition x509wrap.c:795
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_load_memory(const uint8_t *data, size_t datalen, qsc_x509_csr *csr)
Load a CSR from a memory buffer.
Definition x509wrap.c:1054
QSC_EXPORT_API qsc_x509w_status qsc_x509w_server_identity_load_files(qsc_x509w_server_identity *identity, const char *certificatechainpath, const char *privatekeypath)
Load a server identity from certificate-chain and private-key files.
Definition x509wrap.c:1285
qsc_x509w_certificate_role_t
Common certificate roles evaluated by wrapper suitability checks.
Definition x509wrap.h:115
@ QSC_X509W_CERTIFICATE_ROLE_TLS_SERVER
Definition x509wrap.h:117
@ QSC_X509W_CERTIFICATE_ROLE_TRUST_ANCHOR
Definition x509wrap.h:120
@ QSC_X509W_CERTIFICATE_ROLE_CA
Definition x509wrap.h:119
@ QSC_X509W_CERTIFICATE_ROLE_NONE
Definition x509wrap.h:116
@ QSC_X509W_CERTIFICATE_ROLE_TLS_CLIENT
Definition x509wrap.h:118
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_anchor_file(qsc_x509w_trust_store *store, const char *path, bool selfsigned)
Load and add a single trust anchor from a file.
Definition x509wrap.c:1242
QSC_EXPORT_API qsc_x509w_status qsc_x509w_trust_store_add_crl_file(qsc_x509w_trust_store *store, const char *path)
Load and add a CRL from a file.
Definition x509wrap.c:1257
QSC_EXPORT_API void qsc_x509w_profile_apply_preset(qsc_x509w_profile *profile, qsc_x509w_profile_preset preset)
Apply a predefined validation-profile preset.
Definition x509wrap.c:680
QSC_EXPORT_API qsc_x509w_status qsc_x509w_csr_sign_pem(const qsc_x509_csr *csr, qsc_x509_certificate_sign_callback signcallback, void *context, char *output, size_t *outputlen)
Sign a CSR and export the result as PEM.
Definition x509wrap.c:2044
QSC_EXPORT_API qsc_x509w_status qsc_x509w_certificate_subject_string(const qsc_x509_certificate *certificate, char *output, size_t outputlen, size_t *written)
Format a certificate subject distinguished name into a normalized string.
Definition x509wrap.c:1523
QSC_EXPORT_API const char * qsc_x509w_verify_status_string(qsc_x509_verify_status status)
Convert an underlying verification status to a constant display string.
Definition x509wrap.c:1728
qsc_x509w_revocation_source_t
Source category used to satisfy a revocation decision.
Definition x509wrap.h:167
@ QSC_X509W_REVOCATION_SOURCE_CRL
Definition x509wrap.h:169
@ QSC_X509W_REVOCATION_SOURCE_OCSP
Definition x509wrap.h:170
@ QSC_X509W_REVOCATION_SOURCE_NONE
Definition x509wrap.h:168
1.14.0