tail head cat sleep
QR code linking to this page

Manual Pages  — hx509 CA functions

NAME

hx509 CA functions -

Functions


   int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs *tbs)
   
void hx509_ca_tbs_free (hx509_ca_tbs *tbs)
   
int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)
   
int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)
   
int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)
   
struct units * hx509_ca_tbs_template_units (void)
   
int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)
   
int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
   
int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
   
int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)
   
int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)
   
int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)
   
int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)
   
int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)
   
int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)
   
int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char *principal)
   
int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char *principal)
   
int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char *jid)
   
int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)
   
int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)
   
int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)
   
int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)
   
int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)
   
int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)
   
int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)

CONTENTS

Detailed Description

See the Hx509 CA functions for description and examples.

Function Documentation

int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert * certificate)

Sign a to-be-signed certificate object with a issuer certificate.

The caller needs to at least have called the following functions on the to-be-signed certificate object:
» hx509_ca_tbs_init()
» hx509_ca_tbs_set_subject()
» hx509_ca_tbs_set_spki()

When done the to-be-signed certificate object should be freed with hx509_ca_tbs_free().

When creating self-signed certificate use hx509_ca_sign_self() instead.

Parameters:

context A hx509 context.
tbs object to be signed.
signer the CA certificate object to sign with (need private key).
certificate return cerificate, free with hx509_cert_free().

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert * certificate)

Work just like hx509_ca_sign() but signs it-self.

Parameters:

context A hx509 context.
tbs object to be signed.
signer private key to sign with.
certificate return cerificate, free with hx509_cert_free().

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char * uri, hx509_name issuername)

Add CRL distribution point URI to the to-be-signed certificate object.

Parameters:

context A hx509 context.
tbs object to be signed.
uri uri to the CRL.
issuername name of the issuer.

Returns:

An hx509 error code, see hx509_get_error_string().

issuername not supported

int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid)

An an extended key usage to the to-be-signed certificate object. Duplicates will detected and not added.

Parameters:

context A hx509 context.
tbs object to be signed.
oid extended key usage to add.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char * dnsname)

Add a Subject Alternative Name hostname to to-be-signed certificate object. A domain match starts with ., an exact match does not.

Example of a an domain match: .domain.se matches the hostname host.domain.se.

Parameters:

context A hx509 context.
tbs object to be signed.
dnsname a hostame.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char * jid)

Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object. The jid is an UTF8 string.

Parameters:

context A hx509 context.
tbs object to be signed.
jid string of an a jabber id in UTF8.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char * principal)

Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string.

Parameters:

context A hx509 context.
tbs object to be signed.
principal Microsoft UPN string.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid, const heim_octet_string * os)

Add Subject Alternative Name otherName to the to-be-signed certificate object.

Parameters:

context A hx509 context.
tbs object to be signed.
oid the oid of the OtherName.
os data in the other name.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char * principal)

Add Kerberos Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string.

Parameters:

context A hx509 context.
tbs object to be signed.
principal Kerberos principal to add to the certificate.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char * rfc822Name)

Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object.

Parameters:

context A hx509 context.
tbs object to be signed.
rfc822Name a string to a email address.

Returns:

An hx509 error code, see hx509_get_error_string().

void hx509_ca_tbs_free (hx509_ca_tbs * tbs)

Free an To Be Signed object.

Parameters:

tbs object to free.

int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs * tbs)

Allocate an to-be-signed certificate object that will be converted into an certificate.

Parameters:

context A hx509 context.
tbs returned to-be-signed certicate object, free with hx509_ca_tbs_free().

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)

Make the to-be-signed certificate object a CA certificate. If the pathLenConstraint is negative path length constraint is used.

Parameters:

context A hx509 context.
tbs object to be signed.
pathLenConstraint path length constraint, negative, no constraint.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)

Make the to-be-signed certificate object a windows domain controller certificate.

Parameters:

context A hx509 context.
tbs object to be signed.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)

Set the absolute time when the certificate is valid to.

Parameters:

context A hx509 context.
tbs object to be signed.
t time when the certificate will expire

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)

Set the relative time when the certificiate is going to expire.

Parameters:

context A hx509 context.
tbs object to be signed.
delta seconds to the certificate is going to expire.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)

Set the absolute time when the certificate is valid from. If not set the current time will be used.

Parameters:

context A hx509 context.
tbs object to be signed.
t time the certificated will start to be valid

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)

Make the to-be-signed certificate object a proxy certificate. If the pathLenConstraint is negative path length constraint is used.

Parameters:

context A hx509 context.
tbs object to be signed.
pathLenConstraint path length constraint, negative, no constraint.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer * serialNumber)

Set the serial number to use for to-be-signed certificate object.

Parameters:

context A hx509 context.
tbs object to be signed.
serialNumber serial number to use for the to-be-signed certificate object.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo * spki)

Set the subject public key info (SPKI) in the to-be-signed certificate object. SPKI is the public key and key related parameters in the certificate.

Parameters:

context A hx509 context.
tbs object to be signed.
spki subject public key info to use for the to-be-signed certificate object.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)

Set the subject name of a to-be-signed certificate object.

Parameters:

context A hx509 context.
tbs object to be signed.
subject the name to set a subject.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)

Initialize the to-be-signed certificate object from a template certifiate.

Parameters:

context A hx509 context.
tbs object to be signed.
flags bit field selecting what to copy from the template certifiate.
cert template certificate.

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string * subjectUniqueID, const heim_bit_string * issuerUniqueID)

Set the issuerUniqueID and subjectUniqueID

These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier. This function is to allow application using legacy protocol to issue them.

Parameters:

context A hx509 context.
tbs object to be signed.
issuerUniqueID to be set
subjectUniqueID to be set

Returns:

An hx509 error code, see hx509_get_error_string().

int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)

Expand the the subject name in the to-be-signed certificate object using hx509_name_expand().

Parameters:

context A hx509 context.
tbs object to be signed.
env enviroment variable to expand variables in the subject name, see hx509_env_init().

Returns:

An hx509 error code, see hx509_get_error_string().

struct units* hx509_ca_tbs_template_units (void) [read]

Make of template units, use to build flags argument to hx509_ca_tbs_set_template() with parse_units().

Returns:

an units structure.


11 Jan 2012 hx509 CA functions (3) Version 1.5.2

tail head cat sleep
QR code linking to this page


Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

To err is human...to really foul up requires the root password.