Subversion
Macros | Typedefs | Functions
svn_x509.h File Reference

Subversion's X509 parser. More...

#include <apr_pools.h>
#include <apr_tables.h>
#include <apr_time.h>
#include "svn_error.h"
#include "svn_checksum.h"

Go to the source code of this file.

Macros

#define SVN_X509_OID_COMMON_NAME   "\x55\x04\x03"
 
#define SVN_X509_OID_COUNTRY   "\x55\x04\x06"
 
#define SVN_X509_OID_LOCALITY   "\x55\x04\x07"
 
#define SVN_X509_OID_STATE   "\x55\x04\x08"
 
#define SVN_X509_OID_ORGANIZATION   "\x55\x04\x0A"
 
#define SVN_X509_OID_ORG_UNIT   "\x55\x04\x0B"
 
#define SVN_X509_OID_EMAIL   "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
 

Typedefs

typedef struct svn_x509_certinfo_t svn_x509_certinfo_t
 Representation of parsed certificate info. More...
 
typedef struct svn_x509_name_attr_t svn_x509_name_attr_t
 Representation of an atttribute in an X.509 name (e.g. More...
 

Functions

svn_error_tsvn_x509_parse_cert (svn_x509_certinfo_t **certinfo, const char *buf, apr_size_t buflen, apr_pool_t *result_pool, apr_pool_t *scratch_pool)
 Parse x509 der certificate data from buf with length buflen and return certificate information in *certinfo, allocated in result_pool. More...
 
svn_x509_name_attr_tsvn_x509_name_attr_dup (const svn_x509_name_attr_t *attr, apr_pool_t *result_pool, apr_pool_t *scratch_pool)
 Returns a deep copy of the attr, allocated in result_pool. More...
 
const unsigned char * svn_x509_name_attr_get_oid (const svn_x509_name_attr_t *attr, apr_size_t *len)
 Returns the OID of attr as encoded in the certificate. More...
 
const char * svn_x509_name_attr_get_value (const svn_x509_name_attr_t *attr)
 Returns the value of attr as a UTF-8 C string. More...
 
svn_x509_certinfo_tsvn_x509_certinfo_dup (const svn_x509_certinfo_t *certinfo, apr_pool_t *result_pool, apr_pool_t *scratch_pool)
 Returns a deep copy of certinfo, allocated in result_pool. More...
 
const char * svn_x509_certinfo_get_subject (const svn_x509_certinfo_t *certinfo, apr_pool_t *result_pool)
 Returns the subject DN from certinfo. More...
 
const apr_array_header_t * svn_x509_certinfo_get_subject_attrs (const svn_x509_certinfo_t *certinfo)
 Returns a list of the attributes for the subject in the certinfo. More...
 
const char * svn_x509_certinfo_get_issuer (const svn_x509_certinfo_t *certinfo, apr_pool_t *result_pool)
 Returns the cerficiate issuer DN from certinfo. More...
 
const apr_array_header_t * svn_x509_certinfo_get_issuer_attrs (const svn_x509_certinfo_t *certinfo)
 Returns a list of the attributes for the issuer in the certinfo. More...
 
apr_time_t svn_x509_certinfo_get_valid_from (const svn_x509_certinfo_t *certinfo)
 Returns the start of the certificate validity period from certinfo. More...
 
apr_time_t svn_x509_certinfo_get_valid_to (const svn_x509_certinfo_t *certinfo)
 Returns the end of the certificate validity period from certinfo. More...
 
const svn_checksum_tsvn_x509_certinfo_get_digest (const svn_x509_certinfo_t *certinfo)
 Returns the digest (fingerprint) from certinfo. More...
 
const apr_array_header_t * svn_x509_certinfo_get_hostnames (const svn_x509_certinfo_t *certinfo)
 Returns an array of (const char*) host names from certinfo. More...
 
const char * svn_x509_oid_to_string (const unsigned char *oid, apr_size_t oid_len, apr_pool_t *scratch_pool, apr_pool_t *result_pool)
 Given an oid return a null-terminated C string representation. More...
 

Detailed Description

Subversion's X509 parser.

@if copyrights

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations

under the License.

Definition in file svn_x509.h.

Typedef Documentation

◆ svn_x509_certinfo_t

typedef struct svn_x509_certinfo_t svn_x509_certinfo_t

Representation of parsed certificate info.

Since
New in 1.9.

Definition at line 54 of file svn_x509.h.

◆ svn_x509_name_attr_t

typedef struct svn_x509_name_attr_t svn_x509_name_attr_t

Representation of an atttribute in an X.509 name (e.g.

Subject or Issuer)

Since
New in 1.9.

Definition at line 61 of file svn_x509.h.

Function Documentation

◆ svn_x509_certinfo_dup()

svn_x509_certinfo_t* svn_x509_certinfo_dup ( const svn_x509_certinfo_t certinfo,
apr_pool_t *  result_pool,
apr_pool_t *  scratch_pool 
)

Returns a deep copy of certinfo, allocated in result_pool.

May use scratch_pool for temporary allocations.

Since
New in 1.9.

◆ svn_x509_certinfo_get_digest()

const svn_checksum_t* svn_x509_certinfo_get_digest ( const svn_x509_certinfo_t certinfo)

Returns the digest (fingerprint) from certinfo.

Since
New in 1.9.

◆ svn_x509_certinfo_get_hostnames()

const apr_array_header_t* svn_x509_certinfo_get_hostnames ( const svn_x509_certinfo_t certinfo)

Returns an array of (const char*) host names from certinfo.

Since
New in 1.9.

◆ svn_x509_certinfo_get_issuer()

const char* svn_x509_certinfo_get_issuer ( const svn_x509_certinfo_t certinfo,
apr_pool_t *  result_pool 
)

Returns the cerficiate issuer DN from certinfo.

Since
New in 1.9.

◆ svn_x509_certinfo_get_issuer_attrs()

const apr_array_header_t* svn_x509_certinfo_get_issuer_attrs ( const svn_x509_certinfo_t certinfo)

Returns a list of the attributes for the issuer in the certinfo.

Each member of the list is of type svn_x509_name_attr_t.

Since
New in 1.9.

◆ svn_x509_certinfo_get_subject()

const char* svn_x509_certinfo_get_subject ( const svn_x509_certinfo_t certinfo,
apr_pool_t *  result_pool 
)

Returns the subject DN from certinfo.

Since
New in 1.9.

◆ svn_x509_certinfo_get_subject_attrs()

const apr_array_header_t* svn_x509_certinfo_get_subject_attrs ( const svn_x509_certinfo_t certinfo)

Returns a list of the attributes for the subject in the certinfo.

Each member of the list is of type svn_x509_name_attr_t.

Since
New in 1.9.

◆ svn_x509_certinfo_get_valid_from()

apr_time_t svn_x509_certinfo_get_valid_from ( const svn_x509_certinfo_t certinfo)

Returns the start of the certificate validity period from certinfo.

Since
New in 1.9.

◆ svn_x509_certinfo_get_valid_to()

apr_time_t svn_x509_certinfo_get_valid_to ( const svn_x509_certinfo_t certinfo)

Returns the end of the certificate validity period from certinfo.

Since
New in 1.9.

◆ svn_x509_name_attr_dup()

svn_x509_name_attr_t* svn_x509_name_attr_dup ( const svn_x509_name_attr_t attr,
apr_pool_t *  result_pool,
apr_pool_t *  scratch_pool 
)

Returns a deep copy of the attr, allocated in result_pool.

May use scratch_pool for temporary allocations.

Since
New in 1.9.

◆ svn_x509_name_attr_get_oid()

const unsigned char* svn_x509_name_attr_get_oid ( const svn_x509_name_attr_t attr,
apr_size_t *  len 
)

Returns the OID of attr as encoded in the certificate.

The length of the OID will be set in len.

Since
New in 1.9.

◆ svn_x509_name_attr_get_value()

const char* svn_x509_name_attr_get_value ( const svn_x509_name_attr_t attr)

Returns the value of attr as a UTF-8 C string.

Since
New in 1.9.

◆ svn_x509_oid_to_string()

const char* svn_x509_oid_to_string ( const unsigned char *  oid,
apr_size_t  oid_len,
apr_pool_t *  scratch_pool,
apr_pool_t *  result_pool 
)

Given an oid return a null-terminated C string representation.

For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" would be converted to the string "1.2.840.113549.1.9.1". Returns NULL if the oid can't be represented as a string.

Since
New in 1.9.

◆ svn_x509_parse_cert()

svn_error_t* svn_x509_parse_cert ( svn_x509_certinfo_t **  certinfo,
const char *  buf,
apr_size_t  buflen,
apr_pool_t *  result_pool,
apr_pool_t *  scratch_pool 
)

Parse x509 der certificate data from buf with length buflen and return certificate information in *certinfo, allocated in result_pool.

Note
This function has been written with the intent of display data in a certificate for a user to see. As a result, it does not do much validation on the data it parses from the certificate. It does not for instance verify that the certificate is signed by the issuer. It does not verify a trust chain. It does not error on critical extensions it does not know how to parse. So while it can be used as part of a certificate validation scheme, it can't be used alone for that purpose.
Since
New in 1.9.
Generated by   doxygen 1.8.17