Estonian ID Card C-library
DigiDocOCSP.h
1 #ifndef __DIGIDOC_OCSP_H__
2 #define __DIGIDOC_OCSP_H__
3 //==================================================
4 // FILE: DigiDocOCSP.h
5 // PROJECT: Digi Doc
6 // DESCRIPTION: DigiDoc OCSP handling routines
7 // AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia
8 //==================================================
9 // Copyright (C) AS Sertifitseerimiskeskus
10 // This library is free software; you can redistribute it and/or
11 // modify it under the terms of the GNU Lesser General Public
12 // License as published by the Free Software Foundation; either
13 // version 2.1 of the License, or (at your option) any later version.
14 // This library is distributed in the hope that it will be useful,
15 // but WITHOUT ANY WARRANTY; without even the implied warranty of
16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 // Lesser General Public License for more details.
18 // GNU Lesser General Public Licence is available at
19 // http://www.gnu.org/copyleft/lesser.html
20 //==========< HISTORY >=============================
21 // 26.04.2006 Veiko Sinivee
22 // Creation
23 //==================================================
24 
25 #include <libdigidoc/DigiDocDefs.h>
26 #include <libdigidoc/DigiDocObj.h>
27 #include <libdigidoc/DigiDocMem.h>
28 
29 #include <openssl/ocsp.h>
30 
31 //==========< XML generation routines >========================
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 //--------------------------------------------------
38 // sends an OCSP_REQUES object to remore server and
39 // retrieves the OCSP_RESPONSE object
40 // resp - buffer to store the new responses pointer
41 // req - request objects pointer
42 // url - OCSP responder URL
43 // ip_addr - senders ip address if known or 0
44 //--------------------------------------------------
45 int sendOCSPRequest(OCSP_RESPONSE** resp, OCSP_REQUEST *req,
46  char* url, char* proxyHost, char* proxyPort,
47  unsigned long ip_addr);
48 
49 // Decodes binary (DER) OCSP_RESPONSE data and returns a OCSP_RESPONSE object
50 EXP_OPTION int ddocDecodeOCSPResponseData(OCSP_RESPONSE **ppResp, const byte* data, int len);
51 
52 // Decodes base64 (PEM) OCSP_RESPONSE data and returns a OCSP_RESPONSE object
53 EXP_OPTION int ddocDecodeOCSPResponsePEMData(OCSP_RESPONSE **ppResp, const byte* data, int len);
54 
55 EXP_OPTION int writeOCSPRequest(SignedDoc* pSigDoc, const char* signerCertFile,
56  const char* issuertCertFile,
57  byte* nonce, int nlen, const char* szOutputFile);
58 
59 // Creates and sends an OCSP_REQUEST object
60 // to the notary server, receives the response
61 // and uses it to create a confirmation object.
62 EXP_OPTION int getConfirmation(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
63  const X509** caCerts, const X509* pNotCert,
64  char* pkcs12FileName, char* pkcs12Password,
65  char* notaryURL, char* proxyHost, char* proxyPort);
66 
67 // another way to get OCSP confirmation by sending also callers ip address
68 EXP_OPTION int getConfirmationWithIp(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
69  const X509** caCerts, const X509* pNotCert,
70  char* pkcs12FileName, char* pkcs12Password,
71  char* notaryURL, char* proxyHost, char* proxyPort,
72  unsigned long ip);
73 
74 // another way to get OCSP confirmation by sending also callers ip address
75 EXP_OPTION int getConfirmationWithIpEx(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
76  const X509** caCerts, const X509* pNotCert,
77  char* pkcs12FileName, char* pkcs12Password,
78  char* notaryURL, char* proxyHost, char* proxyPort,
79  char* proxyUser, char* proxyPass, unsigned long ip);
80 
81 // use this if you passed NULL-s to getConfirmation() param notaryCert
82 EXP_OPTION int finalizeAndVerifyNotary(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
83  NotaryInfo* pNotInf,
84  const X509** caCerts, const X509* pNotCert);
85 
86 //--------------------------------------------------
87 // Adds responder certificate to notary, searches it's
88 // CA chain and then verifies notary
89 // pSigDoc - signed doc info
90 // pSigInfo - signature info
91 // caCertSearches - responder CA certs chain
92 // notaryCert - notarys cert search
93 // returns error code
94 //--------------------------------------------------
95 int EXP_OPTION finalizeAndVerifyNotary2(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
96  NotaryInfo* pNotInf,
97  const X509** caCerts, const X509* pNotCert, const X509* pSigCa);
98 
99 int ReadOCSPResponse(OCSP_RESPONSE **newOCSP_RESPONSE, const char* szFileName);
100 int initializeNotaryInfoWithOCSP(SignedDoc *pSigDoc, NotaryInfo *pNotary,
101  OCSP_RESPONSE *resp, X509 *notCert, int initDigest);
102 int initializeNotaryInfoWithOCSP2(SignedDoc *pSigDoc, NotaryInfo *pNotary,
103  OCSP_RESPONSE *resp, X509 *notCert, int initDigest);
104 
105 //--------------------------------------------------
106 // Verfies OCSP_RESPONSE signature
107 // pResp - signed OCSP response
108 // caCerts - CA certificate pointer array terminated with NULL
109 // CApath - path to (directory) all certs
110 // notCertFile - Notary (e.g. OCSP responder) cert file
111 //--------------------------------------------------
112 int verifyOCSPResponse(OCSP_RESPONSE* pResp,
113  const X509** caCerts, const char *CApath,
114  const X509* notCert);
115 
116 //--------------------------------------------------
117 // Helper function to read OCSP_RESPONSE from binary input data
118 // ppResp - address of newly allocated OCSP_RESPONSE object
119 // pMBufInData - input data
120 // returns error code or ERR_OK
121 //--------------------------------------------------
122 int ddocOcspReadOcspResp(OCSP_RESPONSE** ppResp, DigiDocMemBuf* pMBufInData);
123 
124 //--------------------------------------------------
125 // Helper function to write OCSP_RESPONSE to binary output data
126 // pResp - address of OCSP_RESPONSE object
127 // pMBufOutData - output data
128 // returns error code or ERR_OK
129 //--------------------------------------------------
130 int ddocOcspWriteOcspResp(OCSP_RESPONSE* pResp, DigiDocMemBuf* pMBufOutData);
131 
132 // get OCSP in PEM form
133 EXP_OPTION int getOcspPEM(OCSP_RESPONSE* pResp, int bHeaders, char** buf);
134 
135 //--------------------------------------------------
136 // Helper function to return OCSP_RESPONSE in base64 form.
137 // Memory buffer will be resized as necessary.
138 // Caller must release output buffer.
139 // pNotary - Notary object
140 // bHeaders - 1= with headers, 0=no headers
141 // pMBufOutData - output data
142 // returns error code or ERR_OK
143 //--------------------------------------------------
144 EXP_OPTION int ddocGetOcspBase64(NotaryInfo *pNotary, int bHeaders, DigiDocMemBuf* pMBufOutData);
145 
146 #ifdef __cplusplus
147 }
148 #endif
149 
150 #endif // __DIGIDOC_OCSP_H__
151 
152 
Definition: DigiDocObj.h:154
Definition: DigiDocObj.h:177
Definition: DigiDocObj.h:139
Definition: DigiDocMem.h:32