Estonian ID Card C-library
Loading...
Searching...
No Matches
DigiDocOCSP.h
1#ifndef __DIGIDOC_OCSP_H__
2#define __DIGIDOC_OCSP_H__
3//==================================================
4// FILE: DigiDocOCSP.h
5// PROJECT: Digi Doc
6// DESCRIPTION: DigiDoc OCSP handling routines
7// AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia
8//==================================================
9// Copyright (C) AS Sertifitseerimiskeskus
10// This library is free software; you can redistribute it and/or
11// modify it under the terms of the GNU Lesser General Public
12// License as published by the Free Software Foundation; either
13// version 2.1 of the License, or (at your option) any later version.
14// This library is distributed in the hope that it will be useful,
15// but WITHOUT ANY WARRANTY; without even the implied warranty of
16// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17// Lesser General Public License for more details.
18// GNU Lesser General Public Licence is available at
19// http://www.gnu.org/copyleft/lesser.html
20//==========< HISTORY >=============================
21// 26.04.2006 Veiko Sinivee
22// Creation
23//==================================================
24
25#include <libdigidoc/DigiDocDefs.h>
26#include <libdigidoc/DigiDocObj.h>
27#include <libdigidoc/DigiDocMem.h>
28
29#include <openssl/ocsp.h>
30
31//==========< XML generation routines >========================
32
33#ifdef __cplusplus
34extern "C" {
35#endif
36
37//--------------------------------------------------
38// sends an OCSP_REQUES object to remore server and
39// retrieves the OCSP_RESPONSE object
40// resp - buffer to store the new responses pointer
41// req - request objects pointer
42// url - OCSP responder URL
43// ip_addr - senders ip address if known or 0
44//--------------------------------------------------
45int sendOCSPRequest(OCSP_RESPONSE** resp, OCSP_REQUEST *req,
46 char* url, char* proxyHost, char* proxyPort,
47 unsigned long ip_addr);
48
49// Decodes binary (DER) OCSP_RESPONSE data and returns a OCSP_RESPONSE object
50EXP_OPTION int ddocDecodeOCSPResponseData(OCSP_RESPONSE **ppResp, const byte* data, int len);
51
52// Decodes base64 (PEM) OCSP_RESPONSE data and returns a OCSP_RESPONSE object
53EXP_OPTION int ddocDecodeOCSPResponsePEMData(OCSP_RESPONSE **ppResp, const byte* data, int len);
54
55EXP_OPTION int writeOCSPRequest(SignedDoc* pSigDoc, const char* signerCertFile,
56 const char* issuertCertFile,
57 byte* nonce, int nlen, const char* szOutputFile);
58
59// Creates and sends an OCSP_REQUEST object
60// to the notary server, receives the response
61// and uses it to create a confirmation object.
62EXP_OPTION int getConfirmation(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
63 const X509** caCerts, const X509* pNotCert,
64 char* pkcs12FileName, char* pkcs12Password,
65 char* notaryURL, char* proxyHost, char* proxyPort);
66
67// another way to get OCSP confirmation by sending also callers ip address
68EXP_OPTION int getConfirmationWithIp(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
69 const X509** caCerts, const X509* pNotCert,
70 char* pkcs12FileName, char* pkcs12Password,
71 char* notaryURL, char* proxyHost, char* proxyPort,
72 unsigned long ip);
73
74// another way to get OCSP confirmation by sending also callers ip address
75EXP_OPTION int getConfirmationWithIpEx(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
76 const X509** caCerts, const X509* pNotCert,
77 char* pkcs12FileName, char* pkcs12Password,
78 char* notaryURL, char* proxyHost, char* proxyPort,
79 char* proxyUser, char* proxyPass, unsigned long ip);
80
81// use this if you passed NULL-s to getConfirmation() param notaryCert
82EXP_OPTION int finalizeAndVerifyNotary(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
83 NotaryInfo* pNotInf,
84 const X509** caCerts, const X509* pNotCert);
85
86//--------------------------------------------------
87// Adds responder certificate to notary, searches it's
88// CA chain and then verifies notary
89// pSigDoc - signed doc info
90// pSigInfo - signature info
91// caCertSearches - responder CA certs chain
92// notaryCert - notarys cert search
93// returns error code
94//--------------------------------------------------
95int EXP_OPTION finalizeAndVerifyNotary2(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
96 NotaryInfo* pNotInf,
97 const X509** caCerts, const X509* pNotCert, const X509* pSigCa);
98
99int ReadOCSPResponse(OCSP_RESPONSE **newOCSP_RESPONSE, const char* szFileName);
100int initializeNotaryInfoWithOCSP(SignedDoc *pSigDoc, NotaryInfo *pNotary,
101 OCSP_RESPONSE *resp, X509 *notCert, int initDigest);
102int initializeNotaryInfoWithOCSP2(SignedDoc *pSigDoc, NotaryInfo *pNotary,
103 OCSP_RESPONSE *resp, X509 *notCert, int initDigest);
104
105//--------------------------------------------------
106// Verfies OCSP_RESPONSE signature
107// pResp - signed OCSP response
108// caCerts - CA certificate pointer array terminated with NULL
109// CApath - path to (directory) all certs
110// notCertFile - Notary (e.g. OCSP responder) cert file
111//--------------------------------------------------
112int verifyOCSPResponse(OCSP_RESPONSE* pResp,
113 const X509** caCerts, const char *CApath,
114 const X509* notCert);
115
116//--------------------------------------------------
117// Helper function to read OCSP_RESPONSE from binary input data
118// ppResp - address of newly allocated OCSP_RESPONSE object
119// pMBufInData - input data
120// returns error code or ERR_OK
121//--------------------------------------------------
122int ddocOcspReadOcspResp(OCSP_RESPONSE** ppResp, DigiDocMemBuf* pMBufInData);
123
124//--------------------------------------------------
125// Helper function to write OCSP_RESPONSE to binary output data
126// pResp - address of OCSP_RESPONSE object
127// pMBufOutData - output data
128// returns error code or ERR_OK
129//--------------------------------------------------
130int ddocOcspWriteOcspResp(OCSP_RESPONSE* pResp, DigiDocMemBuf* pMBufOutData);
131
132// get OCSP in PEM form
133EXP_OPTION int getOcspPEM(OCSP_RESPONSE* pResp, int bHeaders, char** buf);
134
135//--------------------------------------------------
136// Helper function to return OCSP_RESPONSE in base64 form.
137// Memory buffer will be resized as necessary.
138// Caller must release output buffer.
139// pNotary - Notary object
140// bHeaders - 1= with headers, 0=no headers
141// pMBufOutData - output data
142// returns error code or ERR_OK
143//--------------------------------------------------
144EXP_OPTION int ddocGetOcspBase64(NotaryInfo *pNotary, int bHeaders, DigiDocMemBuf* pMBufOutData);
145
146#ifdef __cplusplus
147}
148#endif
149
150#endif // __DIGIDOC_OCSP_H__
151
152
Definition DigiDocMem.h:32
Definition DigiDocObj.h:139
Definition DigiDocObj.h:154
Definition DigiDocObj.h:177