x509: XML Security Library Reference Manual

x509

x509 — X509 certificates implementation for OpenSSL.

Stability Level

Stable, unless otherwise indicated

Functions

xmlSecKeyDataId	xmlSecOpenSSLKeyDataX509GetKlass ()
X509 *	xmlSecOpenSSLKeyDataX509GetKeyCert ()
int	xmlSecOpenSSLKeyDataX509AdoptKeyCert ()
int	xmlSecOpenSSLKeyDataX509AdoptCert ()
X509 *	xmlSecOpenSSLKeyDataX509GetCert ()
xmlSecSize	xmlSecOpenSSLKeyDataX509GetCertsSize ()
int	xmlSecOpenSSLKeyDataX509AdoptCrl ()
X509_CRL *	xmlSecOpenSSLKeyDataX509GetCrl ()
xmlSecSize	xmlSecOpenSSLKeyDataX509GetCrlsSize ()
xmlSecKeyDataPtr	xmlSecOpenSSLX509CertGetKey ()
xmlSecKeyDataId	xmlSecOpenSSLKeyDataRawX509CertGetKlass ()
xmlSecKeyDataStoreId	xmlSecOpenSSLX509StoreGetKlass ()
X509 *	xmlSecOpenSSLX509StoreVerify ()
int	xmlSecOpenSSLX509StoreVerifyKey ()
int	xmlSecOpenSSLX509StoreAdoptCert ()
int	xmlSecOpenSSLX509StoreAdoptCrl ()
int	xmlSecOpenSSLX509StoreAddCertsPath ()
int	xmlSecOpenSSLX509StoreAddCertsFile ()

Types and Values

#define	XMLSEC_STACK_OF_X509
#define	XMLSEC_STACK_OF_X509_CRL
#define	xmlSecOpenSSLKeyDataX509Id
#define	xmlSecOpenSSLKeyDataRawX509CertId
#define	xmlSecOpenSSLX509StoreId

Description

Functions

xmlSecOpenSSLKeyDataX509GetKlass ()

xmlSecKeyDataId
xmlSecOpenSSLKeyDataX509GetKlass (void);

The OpenSSL X509 key data klass (http://www.w3.org/TR/xmldsig-core/sec-X509Data).

Returns

the X509 data klass.

xmlSecOpenSSLKeyDataX509GetKeyCert ()

X509 *
xmlSecOpenSSLKeyDataX509GetKeyCert (xmlSecKeyDataPtr data);

Gets the certificate from which the key was extracted.

Parameters

data

the pointer to X509 key data.

Returns

the key's certificate or NULL if key data was not used for key extraction or an error occurs.

xmlSecOpenSSLKeyDataX509AdoptKeyCert ()

int
xmlSecOpenSSLKeyDataX509AdoptKeyCert (xmlSecKeyDataPtr data,
                                      X509 *cert);

Adds certificate to the X509 key data and sets the it as the key's certificate in data . On success, the data owns the cert. This function DOES NOT check if the key matches the key cert (use xmlSecOpenSSLAppKeyCertLoadBIO that performs this check).

Parameters

data	the pointer to X509 key data.
cert	the pointer to OpenSSL X509 certificate.

Returns

0 on success or a negative value if an error occurs.

xmlSecOpenSSLKeyDataX509AdoptCert ()

int
xmlSecOpenSSLKeyDataX509AdoptCert (xmlSecKeyDataPtr data,
                                   X509 *cert);

Adds certificate to the X509 key data. On success, the data owns the cert.

Parameters

data	the pointer to X509 key data.
cert	the pointer to OpenSSL X509 certificate.

Returns

0 on success or a negative value if an error occurs.

xmlSecOpenSSLKeyDataX509GetCert ()

X509 *
xmlSecOpenSSLKeyDataX509GetCert (xmlSecKeyDataPtr data,
                                 xmlSecSize pos);

Gets a certificate from X509 key data.

Parameters

data	the pointer to X509 key data.
pos	the desired certificate position.

Returns

the pointer to certificate or NULL if pos is larger than the number of certificates in data or an error occurs.

xmlSecOpenSSLKeyDataX509GetCertsSize ()

xmlSecSize
xmlSecOpenSSLKeyDataX509GetCertsSize (xmlSecKeyDataPtr data);

Gets the number of certificates in data .

Parameters

data

the pointer to X509 key data.

Returns

te number of certificates in data .

xmlSecOpenSSLKeyDataX509AdoptCrl ()

int
xmlSecOpenSSLKeyDataX509AdoptCrl (xmlSecKeyDataPtr data,
                                  X509_CRL *crl);

Adds CRL to the X509 key data.

Parameters

data	the pointer to X509 key data.
crl	the pointer to OpenSSL X509 CRL.

Returns

0 on success or a negative value if an error occurs.

xmlSecOpenSSLKeyDataX509GetCrl ()

X509_CRL *
xmlSecOpenSSLKeyDataX509GetCrl (xmlSecKeyDataPtr data,
                                xmlSecSize pos);

Gets a CRL from X509 key data.

Parameters

data	the pointer to X509 key data.
pos	the desired CRL position.

Returns

the pointer to CRL or NULL if pos is larger than the number of CRLs in data or an error occurs.

xmlSecOpenSSLKeyDataX509GetCrlsSize ()

xmlSecSize
xmlSecOpenSSLKeyDataX509GetCrlsSize (xmlSecKeyDataPtr data);

Gets the number of CRLs in data .

Parameters

data

the pointer to X509 key data.

Returns

te number of CRLs in data .

xmlSecOpenSSLX509CertGetKey ()

xmlSecKeyDataPtr
xmlSecOpenSSLX509CertGetKey (X509 *cert);

Extracts public key from the cert .

Parameters

cert

the certificate.

Returns

public key value or NULL if an error occurs.

xmlSecOpenSSLKeyDataRawX509CertGetKlass ()

xmlSecKeyDataId
xmlSecOpenSSLKeyDataRawX509CertGetKlass
                               (void);

The raw X509 certificates key data klass.

Returns

raw X509 certificates key data klass.

xmlSecOpenSSLX509StoreGetKlass ()

xmlSecKeyDataStoreId
xmlSecOpenSSLX509StoreGetKlass (void);

The OpenSSL X509 certificates key data store klass.

Returns

pointer to OpenSSL X509 certificates key data store klass.

xmlSecOpenSSLX509StoreVerify ()

X509 *
xmlSecOpenSSLX509StoreVerify (xmlSecKeyDataStorePtr store,
                              XMLSEC_STACK_OF_X509 *certs,
                              XMLSEC_STACK_OF_X509_CRL *crls,
                              xmlSecKeyInfoCtx *keyInfoCtx);

xmlSecOpenSSLX509StoreVerify is deprecated and should not be used in newly-written code.

Verifies certs list.

Parameters

store	the pointer to X509 key data store klass.
certs	the untrusted certificates stack.
crls	the crls stack.
keyInfoCtx	the pointer to <dsig:KeyInfo/> element processing context.

Returns

pointer to the first verified certificate from certs .

xmlSecOpenSSLX509StoreVerifyKey ()

int
xmlSecOpenSSLX509StoreVerifyKey (xmlSecKeyDataStorePtr store,
                                 xmlSecKeyPtr key,
                                 xmlSecKeyInfoCtxPtr keyInfoCtx);

Verifies key with the keys manager mngr created with xmlSecCryptoAppDefaultKeysMngrInit function:

Checks that key certificate is present
Checks that key certificate is valid

Adds key to the keys manager mngr created with xmlSecCryptoAppDefaultKeysMngrInit function.

Parameters

store	the pointer to X509 key data store klass.
key	the pointer to key.
keyInfoCtx	the key info context for verification.

Returns

1 if key is verified, 0 otherwise, or a negative value if an error occurs.

xmlSecOpenSSLX509StoreAdoptCert ()

int
xmlSecOpenSSLX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
                                 X509 *cert,
                                 xmlSecKeyDataType type);

Adds trusted (root) or untrusted certificate to the store.

Parameters

store	the pointer to X509 key data store klass.
cert	the pointer to OpenSSL X509 certificate.
type	the certificate type (trusted/untrusted).

Returns

0 on success or a negative value if an error occurs.

xmlSecOpenSSLX509StoreAdoptCrl ()

int
xmlSecOpenSSLX509StoreAdoptCrl (xmlSecKeyDataStorePtr store,
                                X509_CRL *crl);

Adds X509 CRL to the store.

Parameters

store	the pointer to X509 key data store klass.
crl	the pointer to OpenSSL X509_CRL.

Returns

0 on success or a negative value if an error occurs.

xmlSecOpenSSLX509StoreAddCertsPath ()

int
xmlSecOpenSSLX509StoreAddCertsPath (xmlSecKeyDataStorePtr store,
                                    const char *path);

Adds all certs in the path to the list of trusted certs in store .

Parameters

store	the pointer to OpenSSL x509 store.
path	the path to the certs dir.

Returns

0 on success or a negative value otherwise.

xmlSecOpenSSLX509StoreAddCertsFile ()

int
xmlSecOpenSSLX509StoreAddCertsFile (xmlSecKeyDataStorePtr store,
                                    const char *filename);

Adds all certs in file to the list of trusted certs in store . It is possible for file to contain multiple certs.

Parameters

store	the pointer to OpenSSL x509 store.
filename	the certs file.

Returns

0 on success or a negative value otherwise.

Types and Values

XMLSEC_STACK_OF_X509

#define XMLSEC_STACK_OF_X509            STACK_OF(X509)

Macro. To make docbook happy.

XMLSEC_STACK_OF_X509_CRL

#define XMLSEC_STACK_OF_X509_CRL        STACK_OF(X509_CRL)

Macro. To make docbook happy.

xmlSecOpenSSLKeyDataX509Id

#define             xmlSecOpenSSLKeyDataX509Id

The OpenSSL X509 data klass.

xmlSecOpenSSLKeyDataRawX509CertId

#define             xmlSecOpenSSLKeyDataRawX509CertId

The OpenSSL raw X509 certificate klass.

xmlSecOpenSSLX509StoreId

#define             xmlSecOpenSSLX509StoreId

The OpenSSL X509 store klass.