src/util/cert.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

/*
   SSSD - certificate handling utils - openssl version

   Copyright (C) Sumit Bose <sbose@redhat.com> 2015

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include <stdint.h>
#include <talloc.h>

#include "util/util.h"

#ifndef __CERT_H__
#define __CERT_H__

/* [MS-WCCE]: Windows Client Certificate Enrollment Protocol, 2.2.2.7.5 */
#define OID_NT_PRINCIPAL_NAME "1.3.6.1.4.1.311.20.2.3"

enum sss_cert_general_name {
    sss_cert_other_name = 1,
    sss_cert_rfc822_name = 2,
    sss_cert_dns_name = 3,
    sss_cert_x400_address = 4,
    sss_cert_directory_name = 5,
    sss_cert_ediparty_name = 6,
    sss_cert_uri = 7,
    sss_cert_ip_address = 8,
    sss_cert_register_id = 9
};

errno_t sss_cert_der_to_pem(TALLOC_CTX *mem_ctx, const uint8_t *der_blob,
                            size_t der_size, char **pem, size_t *pem_size);

errno_t sss_cert_pem_to_der(TALLOC_CTX *mem_ctx, const char *pem,
                            uint8_t **der_blob, size_t *der_size);

errno_t sss_cert_derb64_to_pem(TALLOC_CTX *mem_ctx, const char *derb64,
                               char **pem, size_t *pem_size);

errno_t sss_cert_pem_to_derb64(TALLOC_CTX *mem_ctx, const char *pem,
                               char **derb64);

errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const char *derb64,
                                       const char *attr_name,
                                       const char *mapping_conf,
                                       char **ldap_filter);

errno_t bin_to_ldap_filter_value(TALLOC_CTX *mem_ctx,
                                 const uint8_t *blob, size_t blob_size,
                                 char **_str);

errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
                        const uint8_t *der_blob, size_t der_size,
                        struct cert_verify_opts *cert_verify_opts,
                        uint8_t **key, size_t *key_size);

errno_t cert_get_san_values(TALLOC_CTX *mem_ctx, const uint8_t *der,
                            size_t der_size,
                            enum sss_cert_general_name san_name,
                            const char *oid,
                            char ***values);
#endif /* __CERT_H__ */