| //*************************************************************************** |
| // apps/include/crypto/controlse/ccertificate.hxx |
| // |
| // Licensed to the Apache Software Foundation (ASF) under one or more |
| // contributor license agreements. See the NOTICE file distributed with |
| // this work for additional information regarding copyright ownership. The |
| // ASF licenses this file to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance with the |
| // License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| // License for the specific language governing permissions and limitations |
| // under the License. |
| // |
| //*************************************************************************** |
| |
| // Copyright 2024 NXP |
| |
| #pragma once |
| |
| //*************************************************************************** |
| // Included Files |
| //*************************************************************************** |
| |
| #include "crypto/controlse/isecure_element_object.hxx" |
| #include <mbedtls/x509_crt.h> |
| |
| //*************************************************************************** |
| // Class definitions |
| //*************************************************************************** |
| |
| namespace Controlse |
| { |
| class ISecureElement; |
| class CPublicKey; |
| class CSerialNumber; |
| |
| class CCertificate : public ISecureElementObject |
| { |
| public: |
| CCertificate(const ISecureElement &se, uint32_t keystore_id); |
| CCertificate(const uint8_t *crt_der_or_pem, size_t crt_size); |
| CCertificate(const ISecureElement &se, const uint8_t *csr_der_or_pem, |
| size_t csr_size, uint32_t keystore_id); |
| |
| // from_datetime and to_datetime need to have format: YYYYMMDDHHMMSSZ |
| CCertificate(const ISecureElement &se, const uint8_t *csr_der_or_pem, |
| size_t csr_size, uint32_t keystore_id, |
| const char *from_datetime, const char *to_datetime); |
| CCertificate(const CCertificate &) = delete; |
| CCertificate(CCertificate &&) = default; |
| ~CCertificate(); |
| |
| CCertificate &operator=(const CCertificate &other) = delete; |
| |
| bool IsLoaded() const; |
| bool StoreOnSecureElement(const ISecureElement &se, |
| uint32_t keystore_id) const; |
| bool LoadFromSecureElement(const ISecureElement &se, uint32_t keystore_id); |
| bool LoadFromDerOrPem(const uint8_t *crt_der_or_pem, size_t crt_size); |
| bool LoadFromCsrDerOrPem(const ISecureElement &se, |
| const uint8_t *csr_der_or_pem, size_t csr_size, |
| uint32_t keystore_id, const char *from_datetime, |
| const char *to_datetime); |
| |
| bool VerifyAgainst(const ISecureElement &se, |
| uint32_t verify_against_id) const; |
| |
| // Test time range is valid |
| // returns 0 if valid |
| // -1 when expired |
| // 1 when not yet valid |
| int TestValidTimerange(time_t now) const; |
| |
| // Get public key from certificate |
| // returns pointer to public key when successful otherwise NULL |
| // note: must be deleted by caller when not NULL |
| CPublicKey *GetPublicKey() const; |
| |
| // Get oid from certificate if available |
| // oid must be one of MBEDTLS_OID_AT* from mbedtls/oid.h |
| // |
| // returns zero terminated text string when successful otherwise NULL |
| // note: must be deleted by caller when not NULL |
| char *GetOid(const char *oid) const; |
| |
| // Get serial number from from certificate |
| // returns pointer to CSerialNumber when successful otherwise NULL |
| // note: must be deleted by caller when not NULL |
| CSerialNumber *GetSerialNumber() const; |
| |
| size_t GetNumberOfSubjectAlternativeNames() const; |
| |
| // Get SAN from from certificate |
| // returns pointer to array when successful otherwise NULL |
| // note: must be deleted by caller when not NULL |
| char *GetSubjectAlternativeName(int item) const; |
| |
| // Get certificate in DER format |
| // returns size of the der array otherwise 0 |
| // note: der must be deleted by caller when not NULL |
| size_t GetDer(uint8_t **der) const; |
| |
| // Get certificate in PEM format |
| // returns pointer to pem string when successful otherwise NULL |
| // note: must be deleted by caller when not NULL |
| char *GetPem() const; |
| |
| bool ContainsSan(const char *name, size_t size) const; |
| |
| static constexpr char TAG_ID_SIZE = 18; |
| |
| private: |
| bool is_loaded = false; |
| |
| mbedtls_x509_crt crt; |
| }; |
| } // namespace Controlse |