//---------------------------------------------------------------------------- // // Copyright (C) 2003 Intel Corporation // // File: CertificateOperations.h // // Contents: Certificates handling functions for an Intel� AMT Audit-Log client. // //---------------------------------------------------------------------------- #ifndef _CERT_OPERATIONS_H_ #define _CERT_OPERATIONS_H_ #include #ifdef _WIN32 #include #include #else /* Linux */ #include #include #include #include #include #include #include #include #endif /* Function Prototypes */ #ifdef _WIN32 /***************************************************************************** * Get Certificate Name that is encoded in the certificate blob encoded in ASN_1 * Arguments: * blob - Certificate blob date. * Length - Data Length. * * Return value: * Certificate name ****************************************************************************/ std::string GetStringFromASN_1(BYTE *blob, WORD length); /***************************************************************************** * Verify Digital signature (Hash SHA1/SHA256/SHA384) * Arguments: * certContext - Signing Certificate (for Public Key). * data - Data to verify the signature. * dataLength - Data Length. * signature - Digital signature. * signatureLength - Digital signature Length. * signatureMechanism - Digital signature Length signing mechanism. * valid - Output parameter that indicates if the signature is valid * or not. * * Return value: * true - on success * false - on failure (Error) ****************************************************************************/ bool VerifySign(PCCERT_CONTEXT certContext, BYTE *data, DWORD dataLength, BYTE *signature, DWORD signatureLength, WORD signatureMechanism, bool &valid); /***************************************************************************** * Get Certificate from Active Directory or LDAP * Arguments: * serialNumber - Certificate Serial Number * serialNumberLength - Certificate Serial Number Length. * issuerAsn1 - Issuer * issuerAsn1Length - Issuer length. * * Return value: * Certificate context or NULL for error. ****************************************************************************/ PCCERT_CONTEXT GetCertContext(BYTE *serialNumber, WORD serialNumberLength, BYTE *issuerAsn1, WORD issuerAsn1Length); /***************************************************************************** * Get Certificate Context from PEM File. * Arguments: * filename - PEM Filename. * * Return value: * PCCERT_CONTEXT - Certificate Context Pointer. ****************************************************************************/ PCCERT_CONTEXT GetCetficateContextFromFile(std::string filename); /***************************************************************************** * Validates a Given Certificate Chain. (valid using the Root CA's defined * in the computer). * Arguments: * chain - Array of Certificates (PCCERT_CONTEXT) * valid - Output parameter that indicates if the chain is valid or not * * Return value: * true - on success * false - on failure (Error) ****************************************************************************/ bool ValidCertChain(PCCERT_CONTEXT chain[], bool &valid); #else /* Linux */ /***************************************************************************** * Create X509 OpenSSL Object from certificate string. * * Arguments: * certStr - [in] The certificate. * Return Value: * Pointer to X509 OpenSSL Object that represent X509 Certificate. * NULL On Error ****************************************************************************/ X509* LoadCertificateFromMem(unsigned char *certBuf, unsigned int certLen); #endif #endif //_CERT_OPERATIONS_H_