1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
30 #include "byte_array.h"
31 #include "pki_errors.h"
32 #include "crypto_adapter.h"
36 * Maximal lengths of certificate chain.
38 #define MAX_CHAIN_LEN (3)
42 * Prints Certificate to console.
44 * @param crt - pointer to Certificate structure
45 * @return PKI_SUCCESS if success, error code otherwise
47 PKIError PrintCertificate(const CertificateX509 *const crt);
51 * Checks certificate validity period.
53 * @param dateFrom - array with not before field
54 * @param dateTo - array with not after field
55 * @return PKI_SUCCESS if valid, error code otherwise
57 PKIError CheckValidity(ByteArray dateFrom, ByteArray dateTo);
60 * Checks certificate date and sign.
62 * @param[in] certDerCode - Byte array with DER encoded certificate
63 * @param[in] caPublicKey - CA public key
64 * @return 0 if successful
66 PKIError CheckCertificate(ByteArray certDerCode, ByteArray caPublicKey);
69 * Parses each certificates from list.
71 * @param[in] chainDerCode Array of DER encoded certificates
72 * @param[out] chainCrt Array of parsed certificates
73 * @param[in] chainLen Lengths of array
74 * @returns PKI_SUCCESS if no error is occurred
76 PKIError ParseCertificateChain (ByteArray *chainDerCode, CertificateX509 *chainCrt,
80 * Loads certificates in DER format from TLS message to array.
82 * @param[in] msg TLS message with certificate's chain
83 * @param[out] chain Array of DER encoded certificates
84 * @param[out] chainLen Lengths of array
85 * @returns PKI_SUCCESS if no error is occurred
87 PKIError LoadCertificateChain (ByteArray msg, ByteArray *chain, uint8_t *chainLength);
90 * Checks the signature of each certificate in chain.
92 * @param[in] chainCrt Chain of certificates structures
93 * @param[in] chainLen Number of certificates in the chain
94 * @param[in] caPubKey Public key which sign the last certificate from chain
95 * @returns PKI_SUCCESS if no error is occurred
97 PKIError CheckCertificateChain (CertificateX509 *chainCrt, uint8_t chainLen, ByteArray caPubKey);