| blob | 232b1a68e842355254c0dede76eaae539494d002 |
1 /**
2 * @file certificate.h Public-Key Certificate API
3 * @ingroup core
4 * @see @ref certificate-signals
5 * @since 2.2.0
6 */
8 /*
9 *
10 * purple
11 *
12 * Purple is the legal property of its developers, whose names are too numerous
13 * to list here. Please refer to the COPYRIGHT file distributed with this
14 * source distribution.
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
29 */
31 #ifndef _PURPLE_CERTIFICATE_H
32 #define _PURPLE_CERTIFICATE_H
34 #include <time.h>
36 #include <glib.h>
38 #ifdef __cplusplus
44 {
55 /**
56 * Callback function for the results of a verification check
57 * @param st Status code
58 * @param userdata User-defined data
59 */
62 gpointer userdata);
64 /** A certificate instance
65 *
66 * An opaque data structure representing a single certificate under some
67 * CertificateScheme
68 */
69 struct _PurpleCertificate
70 {
71 /** Scheme this certificate is under */
73 /** Opaque pointer to internal data */
74 gpointer data;
75 };
77 /**
78 * Database for retrieval or storage of Certificates
79 *
80 * More or less a hash table; all lookups and writes are controlled by a string
81 * key.
82 */
83 struct _PurpleCertificatePool
84 {
85 /** Scheme this Pool operates for */
87 /** Internal name to refer to the pool by */
90 /** User-friendly name for this type
91 * ex: N_("SSL Servers")
92 * When this is displayed anywhere, it should be i18ned
93 * ex: _(pool->fullname)
94 */
97 /** Internal pool data */
98 gpointer data;
100 /**
101 * Set up the Pool's internal state
102 *
103 * Upon calling purple_certificate_register_pool() , this function will
104 * be called. May be NULL.
105 * @return TRUE if the initialization succeeded, otherwise FALSE
106 */
109 /**
110 * Uninit the Pool's internal state
111 *
112 * Will be called by purple_certificate_unregister_pool() . May be NULL
113 */
116 /** Check for presence of a certificate in the pool using unique ID */
118 /** Retrieve a PurpleCertificate from the pool */
120 /** Add a certificate to the pool. Must overwrite any other
121 * certificates sharing the same ID in the pool.
122 * @return TRUE if the operation succeeded, otherwise FALSE
123 */
125 /** Delete a certificate from the pool */
128 /** Returns a list of IDs stored in the pool */
135 };
137 /** A certificate type
138 *
139 * A CertificateScheme must implement all of the fields in the structure,
140 * and register it using purple_certificate_register_scheme()
141 *
142 * There may be only ONE CertificateScheme provided for each certificate
143 * type, as specified by the "name" field.
144 */
145 struct _PurpleCertificateScheme
146 {
147 /** Name of the certificate type
148 * ex: "x509", "pgp", etc.
149 * This must be globally unique - you may not register more than one
150 * CertificateScheme of the same name at a time.
151 */
154 /** User-friendly name for this type
155 * ex: N_("X.509 Certificates")
156 * When this is displayed anywhere, it should be i18ned
157 * ex: _(scheme->fullname)
158 */
161 /** Imports a certificate from a file
162 *
163 * @param filename File to import the certificate from
164 * @return Pointer to the newly allocated Certificate struct
165 * or NULL on failure.
166 */
169 /**
170 * Exports a certificate to a file
171 *
172 * @param filename File to export the certificate to
173 * @param crt Certificate to export
174 * @return TRUE if the export succeeded, otherwise FALSE
175 * @see purple_certificate_export()
176 */
179 /**
180 * Duplicates a certificate
181 *
182 * Certificates are generally assumed to be read-only, so feel free to
183 * do any sort of reference-counting magic you want here. If this ever
184 * changes, please remember to change the magic accordingly.
185 * @return Reference to the new copy
186 */
189 /** Destroys and frees a Certificate structure
190 *
191 * Destroys a Certificate's internal data structures and calls
192 * free(crt)
193 *
194 * @param crt Certificate instance to be destroyed. It WILL NOT be
195 * destroyed if it is not of the correct
196 * CertificateScheme. Can be NULL
197 */
200 /** Find whether "crt" has a valid signature from issuer "issuer"
201 * @see purple_certificate_signed_by() */
203 /**
204 * Retrieves the certificate public key fingerprint using SHA1
205 *
206 * @param crt Certificate instance
207 * @return Binary representation of SHA1 hash - must be freed using
208 * g_byte_array_free()
209 */
212 /**
213 * Retrieves a unique certificate identifier
214 *
215 * @param crt Certificate instance
216 * @return Newly allocated string that can be used to uniquely
217 * identify the certificate.
218 */
221 /**
222 * Retrieves a unique identifier for the certificate's issuer
223 *
224 * @param crt Certificate instance
225 * @return Newly allocated string that can be used to uniquely
226 * identify the issuer's certificate.
227 */
230 /**
231 * Gets the certificate subject's name
232 *
233 * For X.509, this is the "Common Name" field, as we're only using it
234 * for hostname verification at the moment
235 *
236 * @see purple_certificate_get_subject_name()
237 *
238 * @param crt Certificate instance
239 * @return Newly allocated string with the certificate subject.
240 */
243 /**
244 * Check the subject name against that on the certificate
245 * @see purple_certificate_check_subject_name()
246 * @return TRUE if it is a match, else FALSE
247 */
250 /** Retrieve the certificate activation/expiration times */
257 };
259 /** A set of operations used to provide logic for verifying a Certificate's
260 * authenticity.
261 *
262 * A Verifier provider must fill out these fields, then register it using
263 * purple_certificate_register_verifier()
264 *
265 * The (scheme_name, name) value must be unique for each Verifier - you may not
266 * register more than one Verifier of the same name for each Scheme
267 */
268 struct _PurpleCertificateVerifier
269 {
270 /** Name of the scheme this Verifier operates on
271 *
272 * The scheme will be looked up by name when a Request is generated
273 * using this Verifier
274 */
277 /** Name of the Verifier - case insensitive */
280 /**
281 * Start the verification process
282 *
283 * To be called from purple_certificate_verify once it has
284 * constructed the request. This will use the information in the
285 * given VerificationRequest to check the certificate and callback
286 * the requester with the verification results.
287 *
288 * @param vrq Request to process
289 */
292 /**
293 * Destroy a completed Request under this Verifier
294 * The function pointed to here is only responsible for cleaning up
295 * whatever PurpleCertificateVerificationRequest::data points to.
296 * It should not call free(vrq)
297 *
298 * @param vrq Request to destroy
299 */
306 };
308 /** Structure for a single certificate request
309 *
310 * Useful for keeping track of the state of a verification that involves
311 * several steps
312 */
313 struct _PurpleCertificateVerificationRequest
314 {
315 /** Reference to the verification logic used */
317 /** Reference to the scheme used.
318 *
319 * This is looked up from the Verifier when the Request is generated
320 */
323 /**
324 * Name to check that the certificate is issued to
325 *
326 * For X.509 certificates, this is the Common Name
327 */
330 /** List of certificates in the chain to be verified (such as that returned by purple_ssl_get_peer_certificates )
331 *
332 * This is most relevant for X.509 certificates used in SSL sessions.
333 * The list order should be: certificate, issuer, issuer's issuer, etc.
334 */
337 /** Internal data used by the Verifier code */
338 gpointer data;
340 /** Function to call with the verification result */
341 PurpleCertificateVerifiedCallback cb;
342 /** Data to pass to the post-verification callback */
343 gpointer cb_data;
344 };
346 /*****************************************************************************/
347 /** @name Certificate Verification Functions */
348 /*****************************************************************************/
349 /*@{*/
351 /**
352 * Constructs a verification request and passed control to the specified Verifier
353 *
354 * It is possible that the callback will be called immediately upon calling
355 * this function. Plan accordingly.
356 *
357 * @param verifier Verification logic to use.
358 * @see purple_certificate_find_verifier()
359 *
360 * @param subject_name Name that should match the first certificate in the
361 * chain for the certificate to be valid. Will be strdup'd
362 * into the Request struct
363 *
364 * @param cert_chain Certificate chain to check. If there is more than one
365 * certificate in the chain (X.509), the peer's
366 * certificate comes first, then the issuer/signer's
367 * certificate, etc. The whole list is duplicated into the
368 * Request struct.
369 *
370 * @param cb Callback function to be called with whether the
371 * certificate was approved or not.
372 * @param cb_data User-defined data for the above.
373 */
374 void
377 PurpleCertificateVerifiedCallback cb,
378 gpointer cb_data);
380 /**
381 * Completes and destroys a VerificationRequest
382 *
383 * @param vrq Request to conclude
384 * @param st Success/failure code to pass to the request's
385 * completion callback.
386 */
387 void
389 PurpleCertificateVerificationStatus st);
391 /*@}*/
393 /*****************************************************************************/
394 /** @name Certificate Functions */
395 /*****************************************************************************/
396 /*@{*/
398 /**
399 * Makes a duplicate of a certificate
400 *
401 * @param crt Instance to duplicate
402 * @return Pointer to new instance
403 */
404 PurpleCertificate *
407 /**
408 * Duplicates an entire list of certificates
409 *
410 * @param crt_list List to duplicate
411 * @return New list copy
412 */
413 GList *
416 /**
417 * Destroys and free()'s a Certificate
418 *
419 * @param crt Instance to destroy. May be NULL.
420 */
421 void
424 /**
425 * Destroy an entire list of Certificate instances and the containing list
426 *
427 * @param crt_list List of certificates to destroy. May be NULL.
428 */
429 void
432 /**
433 * Check whether 'crt' has a valid signature made by 'issuer'
434 *
435 * @param crt Certificate instance to check signature of
436 * @param issuer Certificate thought to have signed 'crt'
437 *
438 * @return TRUE if 'crt' has a valid signature made by 'issuer',
439 * otherwise FALSE
440 * @todo Find a way to give the reason (bad signature, not the issuer, etc.)
441 */
442 gboolean
445 /**
446 * Check that a certificate chain is valid
447 *
448 * Uses purple_certificate_signed_by() to verify that each PurpleCertificate
449 * in the chain carries a valid signature from the next. A single-certificate
450 * chain is considered to be valid.
451 *
452 * @param chain List of PurpleCertificate instances comprising the chain,
453 * in the order certificate, issuer, issuer's issuer, etc.
454 * @return TRUE if the chain is valid. See description.
455 * @todo Specify which certificate in the chain caused a failure
456 */
457 gboolean
460 /**
461 * Imports a PurpleCertificate from a file
462 *
463 * @param scheme Scheme to import under
464 * @param filename File path to import from
465 * @return Pointer to a new PurpleCertificate, or NULL on failure
466 */
467 PurpleCertificate *
470 /**
471 * Exports a PurpleCertificate to a file
472 *
473 * @param filename File to export the certificate to
474 * @param crt Certificate to export
475 * @return TRUE if the export succeeded, otherwise FALSE
476 */
477 gboolean
481 /**
482 * Retrieves the certificate public key fingerprint using SHA1.
483 *
484 * @param crt Certificate instance
485 * @return Binary representation of the hash. You are responsible for free()ing
486 * this.
487 * @see purple_base16_encode_chunked()
488 */
489 GByteArray *
492 /**
493 * Get a unique identifier for the certificate
494 *
495 * @param crt Certificate instance
496 * @return String representing the certificate uniquely. Must be g_free()'ed
497 */
498 gchar *
501 /**
502 * Get a unique identifier for the certificate's issuer
503 *
504 * @param crt Certificate instance
505 * @return String representing the certificate's issuer uniquely. Must be
506 * g_free()'ed
507 */
508 gchar *
511 /**
512 * Gets the certificate subject's name
513 *
514 * For X.509, this is the "Common Name" field, as we're only using it
515 * for hostname verification at the moment
516 *
517 * @param crt Certificate instance
518 * @return Newly allocated string with the certificate subject.
519 */
520 gchar *
523 /**
524 * Check the subject name against that on the certificate
525 * @param crt Certificate instance
526 * @param name Name to check.
527 * @return TRUE if it is a match, else FALSE
528 */
529 gboolean
532 /**
533 * Get the expiration/activation times.
534 *
535 * @param crt Certificate instance
536 * @param activation Reference to store the activation time at. May be NULL
537 * if you don't actually want it.
538 * @param expiration Reference to store the expiration time at. May be NULL
539 * if you don't actually want it.
540 * @return TRUE if the requested values were obtained, otherwise FALSE.
541 */
542 gboolean
545 /*@}*/
547 /*****************************************************************************/
548 /** @name Certificate Pool Functions */
549 /*****************************************************************************/
550 /*@{*/
551 /**
552 * Helper function for generating file paths in ~/.purple/certificates for
553 * CertificatePools that use them.
554 *
555 * All components will be escaped for filesystem friendliness.
556 *
557 * @param pool CertificatePool to build a path for
558 * @param id Key to look up a Certificate by. May be NULL.
559 * @return A newly allocated path of the form
560 * ~/.purple/certificates/scheme_name/pool_name/unique_id
561 */
562 gchar *
565 /**
566 * Determines whether a pool can be used.
567 *
568 * Checks whether the associated CertificateScheme is loaded.
569 *
570 * @param pool Pool to check
571 *
572 * @return TRUE if the pool can be used, otherwise FALSE
573 */
574 gboolean
577 /**
578 * Looks up the scheme the pool operates under
579 *
580 * @param pool Pool to get the scheme of
581 *
582 * @return Pointer to the pool's scheme, or NULL if it isn't loaded.
583 * @see purple_certificate_pool_usable()
584 */
585 PurpleCertificateScheme *
588 /**
589 * Check for presence of an ID in a pool.
590 * @param pool Pool to look in
591 * @param id ID to look for
592 * @return TRUE if the ID is in the pool, else FALSE
593 */
594 gboolean
597 /**
598 * Retrieve a certificate from a pool.
599 * @param pool Pool to fish in
600 * @param id ID to look up
601 * @return Retrieved certificate, or NULL if it wasn't there
602 */
603 PurpleCertificate *
606 /**
607 * Add a certificate to a pool
608 *
609 * Any pre-existing certificate of the same ID will be overwritten.
610 *
611 * @param pool Pool to add to
612 * @param id ID to store the certificate with
613 * @param crt Certificate to store
614 * @return TRUE if the operation succeeded, otherwise FALSE
615 */
616 gboolean
617 purple_certificate_pool_store(PurpleCertificatePool *pool, const gchar *id, PurpleCertificate *crt);
619 /**
620 * Remove a certificate from a pool
621 *
622 * @param pool Pool to remove from
623 * @param id ID to remove
624 * @return TRUE if the operation succeeded, otherwise FALSE
625 */
626 gboolean
629 /**
630 * Get the list of IDs currently in the pool.
631 *
632 * @param pool Pool to enumerate
633 * @return GList pointing to newly-allocated id strings. Free using
634 * purple_certificate_pool_destroy_idlist()
635 */
636 GList *
639 /**
640 * Destroys the result given by purple_certificate_pool_get_idlist()
641 *
642 * @param idlist ID List to destroy
643 */
644 void
647 /*@}*/
649 /*****************************************************************************/
650 /** @name Certificate Subsystem API */
651 /*****************************************************************************/
652 /*@{*/
654 /**
655 * Initialize the certificate system
656 */
657 void
660 /**
661 * Un-initialize the certificate system
662 */
663 void
666 /**
667 * Get the Certificate subsystem handle for signalling purposes
668 */
669 gpointer
672 /** Look up a registered CertificateScheme by name
673 * @param name The scheme name. Case insensitive.
674 * @return Pointer to the located Scheme, or NULL if it isn't found.
675 */
676 PurpleCertificateScheme *
679 /**
680 * Get all registered CertificateSchemes
681 *
682 * @return GList pointing to all registered CertificateSchemes . This value
683 * is owned by libpurple
684 */
685 GList *
688 /** Register a CertificateScheme with libpurple
689 *
690 * No two schemes can be registered with the same name; this function enforces
691 * that.
692 *
693 * @param scheme Pointer to the scheme to register.
694 * @return TRUE if the scheme was successfully added, otherwise FALSE
695 */
696 gboolean
699 /** Unregister a CertificateScheme from libpurple
700 *
701 * @param scheme Scheme to unregister.
702 * If the scheme is not registered, this is a no-op.
703 *
704 * @return TRUE if the unregister completed successfully
705 */
706 gboolean
709 /** Look up a registered PurpleCertificateVerifier by scheme and name
710 * @param scheme_name Scheme name. Case insensitive.
711 * @param ver_name The verifier name. Case insensitive.
712 * @return Pointer to the located Verifier, or NULL if it isn't found.
713 */
714 PurpleCertificateVerifier *
717 /**
718 * Get the list of registered CertificateVerifiers
719 *
720 * @return GList of all registered PurpleCertificateVerifier. This value
721 * is owned by libpurple
722 */
723 GList *
726 /**
727 * Register a CertificateVerifier with libpurple
728 *
729 * @param vr Verifier to register.
730 * @return TRUE if register succeeded, otherwise FALSE
731 */
732 gboolean
735 /**
736 * Unregister a CertificateVerifier with libpurple
737 *
738 * @param vr Verifier to unregister.
739 * @return TRUE if unregister succeeded, otherwise FALSE
740 */
741 gboolean
744 /** Look up a registered PurpleCertificatePool by scheme and name
745 * @param scheme_name Scheme name. Case insensitive.
746 * @param pool_name Pool name. Case insensitive.
747 * @return Pointer to the located Pool, or NULL if it isn't found.
748 */
749 PurpleCertificatePool *
752 /**
753 * Get the list of registered Pools
754 *
755 * @return GList of all registered PurpleCertificatePool s. This value
756 * is owned by libpurple
757 */
758 GList *
761 /**
762 * Register a CertificatePool with libpurple and call its init function
763 *
764 * @param pool Pool to register.
765 * @return TRUE if the register succeeded, otherwise FALSE
766 */
767 gboolean
770 /**
771 * Unregister a CertificatePool with libpurple and call its uninit function
772 *
773 * @param pool Pool to unregister.
774 * @return TRUE if the unregister succeeded, otherwise FALSE
775 */
776 gboolean
779 /*@}*/
782 /**
783 * Displays a window showing X.509 certificate information
784 *
785 * @param crt Certificate under an "x509" Scheme
786 * @todo Will break on CA certs, as they have no Common Name
787 */
788 void
791 /**
792 * Add a search path for certificates.
793 *
794 * @param path Path to search for certificates.
795 */
798 #ifdef __cplusplus
799 }