Certificates

Interface to create and validate certificates.

File information

Filecommon/interface/certificates.h

Classes ICertificates
Data types certificate_error_t
certificate_type_t
fingerprint_t
Examples Example

Logging

To enable logging for ICertificates, the flag LOG_CERTIFICATES must be set in the managers diagnostic settings.

Classes

ICertificates

 
class ICertificates {
public:
    static certificate_error_t ValidateCertificate(class IInstanceLog * log, const byte * cert, size_t certLen);;
    virtual byte * CertificateFingerprint(class IInstanceLog * log, const byte * cert, size_t certLen, size_t * length, fingerprint_t type = FINGERPRINT_SHA256) = 0;;
    virtual byte * CreateCertificate(class IInstanceLog * log, size_t * certLen, certificate_type_t type = CERTIFICATE_PEM) = 0;;
};

Public functions

ValidateCertificate (static function)
This function validates a certificate in PEM format.

Parameters

IInstanceLog * log An IInstanceLog pointer to the logging interface.
const byte * cert A byte buffer which holds the certificate.
size_t certLen The length of the byte buffer.

Return value

An enum certificate_error_t which indicates a possible error.
CertificateFingerprint (static function)
This function generates a certificate fingerprint for PEM certificates.

Parameters

IInstanceLog * log An IInstanceLog pointer to the logging interface.
const byte * cert A byte buffer which holds the certificate.
size_t certLen The length of the byte buffer.
fingerprint_t type The fingerprint hash type.

Return value

A byte buffer holding the fingerprint hash. The buffer must be freed by the caller.
CreateCertificate (static function)
This function creates a certificate.

Parameters

IInstanceLog * log An IInstanceLog pointer to the logging interface.
size_t * certLen The length of the returned buffer.
certificate_type_t type The output certificate type.

Return value

A byte buffer holding the certificates private and public key. The buffer must be freed by the caller.

Data types

certificate_error_t

typedef enum {
    CERTIFICATE_OK = 0,
    CERTIFICATE_PARSING_FAILED,
    CERTIFICATE_PUBLIC_KEY_INVALID,
    CERTIFICATE_PRIVATE_KEY_INVALID,
    CERTIFICATE_LOAD_FAILED,
    CERTIFICATE_CHAIN_INVALID
} certificate_error_t;

Overview

The enum certificate_error_t is used to determine the error code of the parsing or if the parsing succeeded.

certificate_type_t

typedef enum {
    CERTIFICATE_PEM = 0
} certificate_type_t;

Overview

The enum certificate_type_t holds all supported certificate types.

fingerprint_t

typedef enum {
    FINGERPRINT_MD5,
    FINGERPRINT_SHA1,
    FINGERPRINT_SHA224,
    FINGERPRINT_SHA256,
    FINGERPRINT_SHA384,
    FINGERPRINT_SHA512
} fingerprint_t;

Overview

The enum fingerprint_t holds all supported fingerprint hash types.

Code Example 

size_t pemBufferLen = 0;
byte * pemBuffer = ICertificates::CreateCertificate(logIf, &pemBufferLen, CERTIFICATE_PEM);
if(pemBuffer) {
    if(ICertificates::ValidateCertificate(logIf, pemBuffer, pemBufferLen) == CERTIFICATE_OK) {
        size_t certFplength;
        byte * fingerPrint = CertificateFingerprint(logIf, pemBuffer, pemBufferLen, &certFplength, FINGERPRINT_SHA512);
        debug->printf("fingerprint of new certificate: %s", fingerPrint);
        free(fingerPrint);
    }
    free(pemBuffer);
}