Cross Reference: /osnet-11/usr/src/lib/libkmf/libkmf/common/certop.c

Lines Matching defs:cert
53 get_keyalg_from_cert(KMF_DATA *cert, KMF_KEY_ALG *keyalg)
59 	rv = DerDecodeSignedCertificate(cert, &SignerCert);
112 	KMF_DATA *cert = NULL;
138 	cert = kmf_get_attr_ptr(KMF_CERT_DATA_ATTR, attrlist, numattr);
139 	if (cert == NULL)
142 	ret = get_keyalg_from_cert(cert, &keyalg);
167 	const KMF_DATA *cert,
175 	if (handle == NULL || cert == NULL)
181 	ret = kmf_get_cert_ku(cert, &keyusage);
184 		 * If absent or error, the cert is assumed to be invalid
204 			ret = kmf_get_cert_basic_constraint(cert,
330     KMF_DATA *cert)
338 	    cert == NULL)
367 	/* add or reset the cert data attribute */
372 		    KMF_CERT_DATA_ATTR, cert, sizeof (KMF_DATA));
377 		    KMF_CERT_DATA_ATTR, cert, sizeof (KMF_DATA));
421 check_for_basic_constraint(KMF_DATA *cert)
427 	rv = kmf_get_cert_ku((const KMF_DATA *)cert, &keyUsage);
434 			    (const KMF_DATA *)cert,
455 		 * Decode the DER cert data into the internal
458 		rv = DerDecodeSignedCertificate(cert, &x509cert);
471 		/* Free the old cert data record */
472 		kmf_free_data(cert);
474 		/* Re-encode the cert with the extension */
475 		rv = kmf_encode_cert_record(x509cert, cert);
491  *   This function signs a certificate using the signer cert and
514 	KMF_DATA *tbs_cert = NULL;  /* to be signed cert */
540 	/* Get the signer cert and check its keyUsage */
653  *   This function signs a block of data using the signer cert and
691 	/* Get the signer cert and check its keyUsage. */
701 	 * If a signer cert was given, use it to find the private key
872 	/* kstype is only needed if the signer cert is not present */
885 	/* We only need the algorithm index if we don't have a signer cert. */
897 	/* If the caller passed a signer cert instead of a key use it. */
908 		/* Decode the signer cert so we can get the SPKI data */
1015 	 * Caller must provide at least a key handle or a cert to use
1061  *   Uses the public key from the cert to encrypt the plaintext
1066  *   cert(input) - pointer to a DER encoded certificate for encryption
1087 	KMF_DATA *cert;
1112 	cert = kmf_get_attr_ptr(KMF_CERT_DATA_ATTR, attrlist,
1119 	if (cert == NULL || plaintext == NULL || ciphertext == NULL)
1124 	ret = check_key_usage(handle, cert, KMF_KU_ENCRYPT_DATA);
1130 	/* Decode the cert so we can get the SPKI data */
1131 	if ((ret = DerDecodeSignedCertificate(cert, &x509cert)) != KMF_OK)
1171  *   Uses the private key associated with the cert to decrypt
1184 	KMF_DATA *cert = NULL;
1210 	/* Get the cert and check its keyUsage */
1211 	cert = kmf_get_attr_ptr(KMF_CERT_DATA_ATTR, attrlist,
1213 	if (cert == NULL)
1218 	ret = check_key_usage(handle, cert, KMF_KU_ENCRYPT_DATA);
1240 	    &new_numattr, &prikey, cert);
1248 	/* Decode the cert so we can get the alogorithm */
1249 	ret = DerDecodeSignedCertificate(cert, &x509cert);
1402 cert_get_crl(KMF_HANDLE_T handle, const KMF_DATA *cert, char *proxy,
1415 	if (handle == NULL || cert == NULL || filename == NULL ||
1437 	ret = kmf_get_cert_crl_dist_pts((const KMF_DATA *)cert,
1970 cert_ku_check(KMF_HANDLE_T handle, KMF_DATA *cert)
1978 	if (handle == NULL || cert == NULL)
1983 	ret = kmf_get_cert_ku(cert, &keyusage);
1987 			/* keyusage is not set in cert but is set in policy */
1990 			/* no keyusage set in both cert and policy */
2006 		ret = kmf_get_cert_basic_constraint(cert,
2030 cert_eku_check(KMF_HANDLE_T handle, KMF_DATA *cert)
2038 	if (handle == NULL || cert == NULL)
2049 	ret = kmf_get_cert_eku(cert, &eku);
2206 		/* only one issuer cert is found */
2373 	/* Make sure the TA cert has the correct extensions */
2459 	 * Check if the certificate is a self-signed cert.
2472 		 * this is a self-signed cert
2512 	 * we will try to find the TA cert based on the TA policy
2522 	 * of the subject cert instead of using a specific TA name.
2592 	 * If we did not find the issuer cert earlier
2594 	 * We need the issuer cert if the revocation method is
2784 kmf_check_cert_date(KMF_HANDLE_T handle, const KMF_DATA *cert)
2798 	if (cert == NULL || cert->Data == NULL || cert->Length == 0)
2802 	rv = kmf_get_cert_validity(cert, &t_notbefore, &t_notafter);
2943 	/* Use OpenSSL interfaces to get raw key and cert data */
3033 	 * Shortcut - just extract the already encoded TBS cert data from
3060 	/* We are re-signing this cert, so clear out old signature data */
3077 		 * We changed the cert (updated the signature OID), so we
3146 	/* Now, re-encode the cert with the new signature */
3194 	/* Decode the signer cert so we can get the Algorithm data */
3251  * Use a signer cert to verify another certificate's signature.
3289 	/* Decode the cert into parts for verification */
3295 	/* Decode the to-be-verified cert so we know what algorithm to use */