Retrieve information from credentials. More...
Typedefs | |
typedef struct _ato_Credential | ato_Credential |
The credential object. More... | |
Enumerations | |
enum | ato_eCredtype { ATO_NONE , ATO_CREDUSER , ATO_CREDDEVICE } |
Defines the type of credential. More... | |
enum | ato_eCredfilter { ATO_FILTER_ALL , ATO_FILTER_VALID , ATO_FILTER_USER , ATO_FILTER_VALIDUSER , ATO_FILTER_DEVICE , ATO_FILTER_VALIDDEVICE } |
Used to filter lists of ato_Credential in a keystore - see ato_ks_credentials(). More... | |
Functions | |
ATO_AKM_EXPORT const char * | ato_cr_id (ato_Credential *cr) |
Return the credential id. More... | |
ATO_AKM_EXPORT const char * | ato_cr_alias (ato_Credential *cr) |
Same as ato_cr_id(). More... | |
ATO_AKM_EXPORT ato_eCredtype | ato_cr_type (ato_Credential *cr) |
Return the credential type. More... | |
ATO_AKM_EXPORT const char * | ato_cr_abn (ato_Credential *cr) |
Return the credential ABN. More... | |
ATO_AKM_EXPORT const char * | ato_cr_legalname (ato_Credential *cr) |
Return the credential legal name. More... | |
ATO_AKM_EXPORT const char * | ato_cr_serialnr (ato_Credential *cr) |
Return the credential serial number. More... | |
ATO_AKM_EXPORT const char * | ato_cr_creationdate (ato_Credential *cr) |
Return the credential creation time. More... | |
ATO_AKM_EXPORT const char * | ato_cr_notbefore (ato_Credential *cr) |
Returns the start of the credential validity period. More... | |
ATO_AKM_EXPORT const char * | ato_cr_notafter (ato_Credential *cr) |
Returns the end of the credential validity period. More... | |
ATO_AKM_EXPORT const char * | ato_cr_sha1fingerprint (ato_Credential *cr) |
Return the credential SHA1 fingerprint. More... | |
ATO_AKM_EXPORT const char * | ato_cr_sha1fingerprint_hex (ato_Ctx *ctx, ato_Credential *cr) |
Return the credential SHA1 fingerprint as a hex string. More... | |
ATO_AKM_EXPORT const char * | ato_cr_personid (ato_Credential *cr) |
Return the credential person id or NULL if not a USER credential. More... | |
ATO_AKM_EXPORT const char * | ato_cr_devicename (ato_Credential *cr) |
Return the credential device name or NULL if not a DEVICE credential. More... | |
ATO_AKM_EXPORT const char * | ato_cr_givenames (ato_Credential *cr) |
Return the credential given name(s) or NULL if not a USER credential. More... | |
ATO_AKM_EXPORT const char * | ato_cr_familyname (ato_Credential *cr) |
Return the credential family name or NULL if not a USER credential. More... | |
ATO_AKM_EXPORT bool | ato_cr_matchesfilter (ato_Credential *cr, ato_eCredfilter filter) |
Determines if the credential matches the given filter criteria. More... | |
ATO_AKM_EXPORT bool | ato_cr_iscurrent (ato_Credential *cr) |
Determines if the credential is current (between NotBefore and NotAfter dates). More... | |
ATO_AKM_EXPORT bool | ato_cr_ismodified (ato_Credential *cr) |
Check if the credential has been changed since the last load. More... | |
ATO_AKM_EXPORT bool | ato_cr_isrenewed (ato_Credential *cr) |
Determines if the credential is renewed, this relates only to the current session. More... | |
ATO_AKM_EXPORT bool | ato_cr_isrenewable (ato_Ctx *ctx, ato_Credential *cr) |
Determines if the credential is ready to be renewed - see ato_cr_renew(). More... | |
ATO_AKM_EXPORT bool | ato_is_integrity_valid (ato_Ctx *ctx, ato_Credential *cr) |
Determines if the credential matches its expected integrity value. More... | |
ATO_AKM_EXPORT int | ato_cr_checkcorrectpwd (ato_Ctx *ctx, ato_Credential *cr, const char *pwd) |
Test if the password is correct for the credential. More... | |
ATO_AKM_EXPORT int | ato_cr_iscorrectpwd (ato_Ctx *ctx, ato_Credential *cr, bool *correct, const char *pwd) |
ATO_AKM_EXPORT bool | ato_cr_ispbe2 (ato_Ctx *ctx, ato_Credential *cr) |
Determines if the credential P8 uses PBES1 or PBES2 scheme. More... | |
ATO_AKM_EXPORT int | ato_cr_certificate (ato_Ctx *ctx, ato_Credential *cr, ato_String **certificate) |
Construct a X509 certificate object from the credential and return as a DER encoded array. More... | |
ATO_AKM_EXPORT int | ato_cr_chain (ato_Ctx *ctx, ato_Credential *cr, ato_String **certificates) |
Construct a P7 certificate chain object from the credential and return as a DER encoded array. More... | |
ATO_AKM_EXPORT int | ato_cr_privatekey (ato_Ctx *ctx, ato_Credential *cr, ato_String **privatekey, const char *pwd) |
Construct a decrypted private key object from the credential and return as a DER encoded array. More... | |
ATO_AKM_EXPORT int | ato_cr_p12 (ato_Ctx *ctx, ato_Credential *cr, ato_String **p12, const char *pwd) |
Construct a P12 object from the credential and return as a DER encoded array. More... | |
ATO_AKM_EXPORT ato_String * | ato_cr_integrityvalue (ato_Credential *cr) |
Return the integrityvalue stored in the keystore for the credential. More... | |
ATO_AKM_EXPORT ato_String * | ato_cr_b64salt (ato_Credential *cr) |
Return the salt stored in the keystore for the credential. More... | |
ATO_AKM_EXPORT ato_String * | ato_cr_b64p7 (ato_Credential *cr) |
Return the base64 encoded P7c stored in the keystore for the credential. More... | |
ATO_AKM_EXPORT ato_String * | ato_cr_b64p8 (ato_Credential *cr) |
Return the base64 encoded P8 stored in the keystore for the credential. More... | |
ATO_AKM_EXPORT int | ato_cr_sign (ato_Ctx *ctx, ato_Credential *cr, ato_String **signed_data, const char *pwd, const char *data, size_t len) |
Sign some data using the private key. More... | |
ATO_AKM_EXPORT int | ato_cr_request_generate (ato_Ctx *ctx, ato_Credential *cr, const char *pwd, const char *id) |
Credential request. More... | |
ATO_AKM_EXPORT ato_String * | ato_cr_b64p10 (ato_Credential *cr) |
Returns the p10 request. More... | |
ATO_AKM_EXPORT ato_String * | ato_cr_request_data (ato_Credential *cr) |
Return the data generated from ato_cr_request_generate(). More... | |
ATO_AKM_EXPORT int | ato_cr_request_process (ato_Ctx *ctx, ato_Credential *cr, const char *responseData) |
Credential request. More... | |
Retrieve information from credentials.
typedef struct _ato_Credential ato_Credential |
The credential object.
An credential has a limited lifetime defined by ato_cr_notbefore() and ato_cr_notafter().
enum ato_eCredtype |
enum ato_eCredfilter |
Used to filter lists of ato_Credential in a keystore - see ato_ks_credentials().
ATO_AKM_EXPORT const char * ato_cr_id | ( | ato_Credential * | cr | ) |
Return the credential id.
This corresponds to the credential "id" attributed in the store.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_alias | ( | ato_Credential * | cr | ) |
ATO_AKM_EXPORT ato_eCredtype ato_cr_type | ( | ato_Credential * | cr | ) |
Return the credential type.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_abn | ( | ato_Credential * | cr | ) |
Return the credential ABN.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_legalname | ( | ato_Credential * | cr | ) |
Return the credential legal name.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_serialnr | ( | ato_Credential * | cr | ) |
Return the credential serial number.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_creationdate | ( | ato_Credential * | cr | ) |
Return the credential creation time.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_notbefore | ( | ato_Credential * | cr | ) |
Returns the start of the credential validity period.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_notafter | ( | ato_Credential * | cr | ) |
Returns the end of the credential validity period.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_sha1fingerprint | ( | ato_Credential * | cr | ) |
Return the credential SHA1 fingerprint.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_sha1fingerprint_hex | ( | ato_Ctx * | ctx, |
ato_Credential * | cr | ||
) |
Return the credential SHA1 fingerprint as a hex string.
ctx | the current thread local Context |
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_personid | ( | ato_Credential * | cr | ) |
Return the credential person id or NULL if not a USER credential.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_devicename | ( | ato_Credential * | cr | ) |
Return the credential device name or NULL if not a DEVICE credential.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_givenames | ( | ato_Credential * | cr | ) |
Return the credential given name(s) or NULL if not a USER credential.
cr | the credential object. |
ATO_AKM_EXPORT const char * ato_cr_familyname | ( | ato_Credential * | cr | ) |
Return the credential family name or NULL if not a USER credential.
cr | the credential object. |
ATO_AKM_EXPORT bool ato_cr_matchesfilter | ( | ato_Credential * | cr, |
ato_eCredfilter | filter | ||
) |
Determines if the credential matches the given filter criteria.
cr | the credential object. |
filter | the filter to check. |
ATO_AKM_EXPORT bool ato_cr_iscurrent | ( | ato_Credential * | cr | ) |
Determines if the credential is current (between NotBefore and NotAfter dates).
cr | the credential object. |
ATO_AKM_EXPORT bool ato_cr_ismodified | ( | ato_Credential * | cr | ) |
Check if the credential has been changed since the last load.
cr | the credential object. |
ATO_AKM_EXPORT bool ato_cr_isrenewed | ( | ato_Credential * | cr | ) |
Determines if the credential is renewed, this relates only to the current session.
cr | the credential object. |
ATO_AKM_EXPORT bool ato_cr_isrenewable | ( | ato_Ctx * | ctx, |
ato_Credential * | cr | ||
) |
Determines if the credential is ready to be renewed - see ato_cr_renew().
Prior to using a method that access a credential private key, ato_cr_renew() or ato_cr_isrenewable() MUST be called at least once per session, for the given credential, otherwise the method in questions will return the error ATO_AKM_ERR_RENEWNOTCALLED.
To effectively disable renewal, simply call this method and not ato_cr_renew().
If the credential is due to expire within 14 months it is within the expiry period. This expiry period can be set in the config file, although the minimum is 14 months. A 25 month period for a 2 year credential will result in a new credential always being renewed - useful for testing.
ctx | the current thread local Context |
cr | the credential object. |
ATO_AKM_EXPORT bool ato_is_integrity_valid | ( | ato_Ctx * | ctx, |
ato_Credential * | cr | ||
) |
Determines if the credential matches its expected integrity value.
This will always be true, unless the credential has changed or, possibly if the keystore was loaded without integrity validation and there is a mismatch. Used for testing scenarious.
ctx | the current thread local Context |
cr | the credential object. |
ATO_AKM_EXPORT int ato_cr_checkcorrectpwd | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
const char * | pwd | ||
) |
Test if the password is correct for the credential.
ctx | the current thread local Context. |
cr | the credential object. |
pwd | the password |
ATO_AKM_EXPORT int ato_cr_iscorrectpwd | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
bool * | correct, | ||
const char * | pwd | ||
) |
Determines if the credential password is valid.
Given that all credentials in a keystore must have the same password, this is really just a convenience method on the credential.
ctx | the current thread local Context |
cr | the credential object. |
correct | address of the bool/int to set as TRUE or FALSE |
pwd | the password to test |
ATO_AKM_EXPORT bool ato_cr_ispbe2 | ( | ato_Ctx * | ctx, |
ato_Credential * | cr | ||
) |
Determines if the credential P8 uses PBES1 or PBES2 scheme.
ctx | the current thread local Context |
cr | the credential object. |
ATO_AKM_EXPORT int ato_cr_certificate | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
ato_String ** | certificate | ||
) |
Construct a X509 certificate object from the credential and return as a DER encoded array.
This includes the principle as well as the issuer certificates.
ctx | the current thread local Context |
cr | the credential object. |
certificate | the address of an ato_String object to allocate. The caller must free this using ato_str_free(). |
ATO_AKM_EXPORT int ato_cr_chain | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
ato_String ** | certificates | ||
) |
Construct a P7 certificate chain object from the credential and return as a DER encoded array.
This includes the principle as well as the issuer certificates.
ctx | the current thread local Context. |
cr | the credential object. |
certificates | the address of an ato_String object to allocate. The caller must free this using ato_str_free(). |
ATO_AKM_EXPORT int ato_cr_privatekey | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
ato_String ** | privatekey, | ||
const char * | pwd | ||
) |
Construct a decrypted private key object from the credential and return as a DER encoded array.
ctx | the current thread local Context. |
cr | the credential object. |
privatekey | the address of an ato_String object to allocate. The caller must free this using ato_str_free(). |
pwd | the password used to access the private key. |
ATO_AKM_EXPORT int ato_cr_p12 | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
ato_String ** | p12, | ||
const char * | pwd | ||
) |
Construct a P12 object from the credential and return as a DER encoded array.
ctx | the current thread local Context. |
cr | the credential object. |
p12 | the address of an ato_String object to allocate. The caller must free this using ato_str_free(). |
pwd | the password used to access the private key. |
ATO_AKM_EXPORT ato_String * ato_cr_integrityvalue | ( | ato_Credential * | cr | ) |
Return the integrityvalue stored in the keystore for the credential.
cr | the credential object. |
ATO_AKM_EXPORT ato_String * ato_cr_b64salt | ( | ato_Credential * | cr | ) |
Return the salt stored in the keystore for the credential.
cr | the credential object. |
ATO_AKM_EXPORT ato_String * ato_cr_b64p7 | ( | ato_Credential * | cr | ) |
Return the base64 encoded P7c stored in the keystore for the credential.
cr | the credential object. |
ATO_AKM_EXPORT ato_String * ato_cr_b64p8 | ( | ato_Credential * | cr | ) |
Return the base64 encoded P8 stored in the keystore for the credential.
cr | the credential object. |
ATO_AKM_EXPORT int ato_cr_sign | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
ato_String ** | signed_data, | ||
const char * | pwd, | ||
const char * | data, | ||
size_t | len | ||
) |
Sign some data using the private key.
ctx | the current thread local Context. |
cr | the credential object. |
signed_data | the address of an ato_String object to allocate. The caller must free this using ato_str_free(). |
pwd | the password used to access the private key. |
data | the data to sign. |
len | the length of data. |
ATO_AKM_EXPORT int ato_cr_request_generate | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
const char * | pwd, | ||
const char * | id | ||
) |
Credential request.
ctx | the current thread local Context. |
cr | the credential object. |
pwd | the password used to access the private key. |
id | used to match request/response - should be unique. |
ATO_AKM_EXPORT ato_String * ato_cr_b64p10 | ( | ato_Credential * | cr | ) |
Returns the p10 request.
cr | the credential object. |
ATO_AKM_EXPORT ato_String * ato_cr_request_data | ( | ato_Credential * | cr | ) |
Return the data generated from ato_cr_request_generate().
cr | the credential object. |
ATO_AKM_EXPORT int ato_cr_request_process | ( | ato_Ctx * | ctx, |
ato_Credential * | cr, | ||
const char * | responseData | ||
) |
Credential request.
ctx | the current thread local Context. |
cr | the credential object. |
responseData | the response from the service. |