keystore.h revision 5c51f1241dbbdf2656d0e10011981411ed0c9673
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _KEYSTORE_H
#define _KEYSTORE_H
/*
* Module: keystore.h
* Description: This module contains the structure definitions for processing
* package keystore files.
*/
#ifdef __cplusplus
extern "C" {
#endif
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "pkgerr.h"
/* keystore structures */
/* this opaque type represents a keystore */
typedef void *keystore_handle_t;
/* flags passed to open_keystore */
/* opens keystore read-only. Attempts to modify results in an error */
#define KEYSTORE_ACCESS_READONLY 0x00000001L
/* opens keystore read-write */
#define KEYSTORE_ACCESS_READWRITE 0x00000002L
/*
* tells open_keystore to fall back to app-generic paths in the case that
* the app-specific paths do not exist.
*/
#define KEYSTORE_PATH_SOFT 0x00000010L
/*
* tells open_keystore to use the app-specific paths no matter what,
* failing if they cannot be used for any reason.
*/
#define KEYSTORE_PATH_HARD 0x00000020L
/* masks off various types of flags */
#define KEYSTORE_ACCESS_MASK 0x0000000FL
#define KEYSTORE_PATH_MASK 0x000000F0L
/* default is read-only, soft */
#define KEYSTORE_DFLT_FLAGS \
(KEYSTORE_ACCESS_READONLY|KEYSTORE_PATH_SOFT)
/*
* possible encoding formats used by the library, used
* by print_cert
*/
typedef enum {
KEYSTORE_FORMAT_PEM,
KEYSTORE_FORMAT_DER,
KEYSTORE_FORMAT_TEXT
} keystore_encoding_format_t;
/*
* structure passed back to password callback for determining how
* to prompt for passphrase, and where to record errors
*/
typedef struct {
PKG_ERR *err;
} keystore_passphrase_data;
/* max length of a passphrase. One could use a short story! */
#define KEYSTORE_PASS_MAX 1024
/* callback for collecting passphrase when open_keystore() is called */
typedef int keystore_passphrase_cb(char *, int, int, void *);
/* names of the individual files within the keystore path */
#define TRUSTSTORE "truststore"
#define KEYSTORE "keystore"
#define CERTSTORE "certstore"
/* keystore.c */
extern int open_keystore(PKG_ERR *, char *, char *,
keystore_passphrase_cb, long flags, keystore_handle_t *);
extern int print_certs(PKG_ERR *, keystore_handle_t, char *,
keystore_encoding_format_t, FILE *);
extern int check_cert(PKG_ERR *, X509 *);
extern int check_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *);
extern int print_cert(PKG_ERR *, X509 *,
keystore_encoding_format_t, char *, boolean_t, FILE *);
extern int close_keystore(PKG_ERR *, keystore_handle_t,
keystore_passphrase_cb);
extern int merge_ca_cert(PKG_ERR *, X509 *, keystore_handle_t);
extern int merge_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *,
char *, keystore_handle_t);
extern int delete_cert_and_keys(PKG_ERR *, keystore_handle_t,
char *);
extern int find_key_cert_pair(PKG_ERR *, keystore_handle_t,
char *, EVP_PKEY **, X509 **);
extern int find_ca_certs(PKG_ERR *, keystore_handle_t,
STACK_OF(X509) **);
extern int find_cl_certs(PKG_ERR *, keystore_handle_t,
STACK_OF(X509) **);
#ifdef __cplusplus
}
#endif
#endif /* _KEYSTORE_H */