UDIF certificate status store. More...

#include "certificate.h"

Data Structures
struct	udif_certstore_entry
	Certificate status record. More...
struct	udif_certstore
	Fixed-capacity certificate status table. More...

Macros
#define	UDIF_CERTSTORE_CAPACITY 256U
	Maximum number of certificate status records held by one context.

Typedefs
typedef UDIF_EXPORT_API enum udif_certstore_status	udif_certstore_status
typedef UDIF_EXPORT_API struct udif_certstore_entry	udif_certstore_entry
typedef UDIF_EXPORT_API struct udif_certstore	udif_certstore

Enumerations
enum	udif_certstore_status { udif_certstore_status_unknown = 0x00U , udif_certstore_status_active = 0x01U , udif_certstore_status_suspended = 0x02U , udif_certstore_status_revoked = 0x03U , udif_certstore_status_expired = 0x04U }
	Runtime status assigned to a certificate serial. More...

Functions
UDIF_EXPORT_API void	udif_certstore_initialize (udif_certstore *store)
	Initialize a certificate store.
UDIF_EXPORT_API void	udif_certstore_clear (udif_certstore *store)
	Clear a certificate store.
UDIF_EXPORT_API size_t	udif_certstore_count (const udif_certstore *store)
	Return the number of occupied entries.
UDIF_EXPORT_API udif_errors	udif_certstore_add (udif_certstore store, const udif_certificate cert, udif_certstore_status status, uint64_t nowsecs)
	Add or update a certificate status entry.
UDIF_EXPORT_API const udif_certificate *	udif_certstore_find (const udif_certstore store, const uint8_t serial)
	Find a certificate by serial number.
UDIF_EXPORT_API udif_certstore_status	udif_certstore_get_status (const udif_certstore store, const uint8_t serial)
	Return the stored status for a certificate serial.
UDIF_EXPORT_API udif_errors	udif_certstore_set_status (udif_certstore store, const uint8_t serial, udif_certstore_status status, uint64_t nowsecs)
	Set the status of an existing certificate serial.
UDIF_EXPORT_API udif_errors	udif_certstore_validate_status (udif_certstore store, const uint8_t serial, uint64_t nowsecs)
	Validate that a certificate serial is active at a specified time.
UDIF_EXPORT_API udif_errors	udif_certstore_verify_certificate (udif_certstore store, const uint8_t serial, uint64_t nowsecs)
	Verify a certificate recursively against the stored root chain and status.

Detailed Description

UDIF certificate status store.

This module implements the fixed-capacity certificate status table used by UDIF authorities and user agents. The store is keyed by certificate serial number and records the active, suspended, revoked, or expired state used by handler-level authorization and chain validation.

Enumeration Type Documentation

◆ udif_certstore_status

enum udif_certstore_status

Runtime status assigned to a certificate serial.

Enumerator
udif_certstore_status_unknown	No status record exists for the serial.
udif_certstore_status_active	Certificate is active and may be used.
udif_certstore_status_suspended	Certificate is temporarily disabled.
udif_certstore_status_revoked	Certificate is permanently revoked.
udif_certstore_status_expired	Certificate has passed its validity window.

Function Documentation

◆ udif_certstore_add()

UDIF_EXPORT_API udif_errors udif_certstore_add	(	udif_certstore *	store,
		const udif_certificate *	cert,
		udif_certstore_status	status,
		uint64_t	nowsecs )

Add or update a certificate status entry.

Parameters

store	The certificate store.
cert	[const] The certificate to store.
status	The certificate status.
nowsecs	The UTC status time.

Returns: Returns udif_error_none on success.

◆ udif_certstore_clear()

UDIF_EXPORT_API void udif_certstore_clear ( udif_certstore * store )

Clear a certificate store.

Parameters

store The certificate store to clear.

◆ udif_certstore_count()

UDIF_EXPORT_API size_t udif_certstore_count ( const udif_certstore * store )

Return the number of occupied entries.

Parameters

store [const] The certificate store.

Returns: Returns the number of stored certificates.

◆ udif_certstore_find()

UDIF_EXPORT_API const udif_certificate * udif_certstore_find	(	const udif_certstore *	store,
		const uint8_t *	serial )

Find a certificate by serial number.

Parameters

store	[const] The certificate store.
serial	[const] The certificate serial number.

Returns: Returns a pointer to the certificate, or NULL if not found.

◆ udif_certstore_get_status()

UDIF_EXPORT_API udif_certstore_status udif_certstore_get_status	(	const udif_certstore *	store,
		const uint8_t *	serial )

Return the stored status for a certificate serial.

Parameters

store	[const] The certificate store.
serial	[const] The certificate serial number.

Returns: Returns the stored status, or unknown if not found.

◆ udif_certstore_initialize()

UDIF_EXPORT_API void udif_certstore_initialize ( udif_certstore * store )

Initialize a certificate store.

Parameters

store The certificate store to initialize.

◆ udif_certstore_set_status()

UDIF_EXPORT_API udif_errors udif_certstore_set_status	(	udif_certstore *	store,
		const uint8_t *	serial,
		udif_certstore_status	status,
		uint64_t	nowsecs )

Set the status of an existing certificate serial.

Parameters

store	The certificate store.
serial	[const] The certificate serial number.
status	The new certificate status.
nowsecs	The UTC status time.

Returns: Returns udif_error_none on success.

◆ udif_certstore_validate_status()

UDIF_EXPORT_API udif_errors udif_certstore_validate_status	(	udif_certstore *	store,
		const uint8_t *	serial,
		uint64_t	nowsecs )

Validate that a certificate serial is active at a specified time.

Parameters

store	The certificate store.
serial	[const] The certificate serial number.
nowsecs	The UTC validation time.

Returns: Returns udif_error_none if the certificate is active and valid.

◆ udif_certstore_verify_certificate()

UDIF_EXPORT_API udif_errors udif_certstore_verify_certificate	(	udif_certstore *	store,
		const uint8_t *	serial,
		uint64_t	nowsecs )

Verify a certificate recursively against the stored root chain and status.

This function validates the target certificate status and validity window, then walks the issuer chain recursively to the stored Root certificate. Each issuer must be active, within its validity window, have a valid parent signature, and satisfy the UDIF role-transition rules. A revoked, suspended, expired, missing, or malformed issuer causes the target certificate validation to fail.

Parameters

store	The certificate store containing the certificate chain.
serial	[const] The certificate serial number.
nowsecs	The UTC validation time.

Returns: Returns udif_error_none if the complete chain is active, valid, and rooted.

Data Structures

Macros

Typedefs

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

◆ udif_certstore_status

Function Documentation

◆ udif_certstore_add()

◆ udif_certstore_clear()

◆ udif_certstore_count()

◆ udif_certstore_find()

◆ udif_certstore_get_status()

◆ udif_certstore_initialize()

◆ udif_certstore_set_status()

◆ udif_certstore_validate_status()

◆ udif_certstore_verify_certificate()