Estonian ID Card C-library
DigiDocConfig.h
1 #ifndef __DIGI_DOC_CFG_H__
2 #define __DIGI_DOC_CFG_H__
3 //==================================================
4 // FILE: DigiDocCfonfig.h
5 // PROJECT: Digi Doc
6 // DESCRIPTION: Digi Doc functions for configuration management
7 // AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia
8 //==================================================
9 // Copyright (C) AS Sertifitseerimiskeskus
10 // This library is free software; you can redistribute it and/or
11 // modify it under the terms of the GNU Lesser General Public
12 // License as published by the Free Software Foundation; either
13 // version 2.1 of the License, or (at your option) any later version.
14 // This library is distributed in the hope that it will be useful,
15 // but WITHOUT ANY WARRANTY; without even the implied warranty of
16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 // Lesser General Public License for more details.
18 // GNU Lesser General Public Licence is available at
19 // http://www.gnu.org/copyleft/lesser.html
20 //==========< HISTORY >=============================
21 // 08.01.2004 Veiko Sinivee
22 // Creation
23 // 20.03.2004 Added functions createOrReplacePrivateConfigItem()
24 // writeConfigFile() and writePrivateConfigFile()
25 // 20.03.2004 changed function notarizeSignature to check for PKCS12 arguments
26 //==================================================
27 
28 #include <libdigidoc/DigiDocDefs.h>
29 #include <libdigidoc/DigiDocLib.h>
30 #include <time.h>
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 
37 #include <openssl/x509.h>
38 
39 
40 // item type
41 #define ITEM_TYPE_UNKNOWN 0
42 #define ITEM_TYPE_GLOBAL 1
43 #define ITEM_TYPE_PRIVATE 2
44 
45 // used to mark modified items to then store all together in private config file
46 #define ITEM_STATUS_UNKNOWN 0
47 #define ITEM_STATUS_OK 1
48 #define ITEM_STATUS_MODIFIED 2
49 
50  // holds one configuration item
51  typedef struct ConfigItem_st {
52  char* szKey; // items key
53  char* szValue; // items value
54  int nType; // items type (system wide or private)
55  int nStatus; // item status - clean/modified
56  } ConfigItem;
57 
58  // holds one certificate item
59  typedef struct CertificateItem_st {
60  char* szKey; // items key
61  X509* pCert; // certificate
63 
64  // array of configration items
65  typedef struct ConfigurationStore_st {
66  int nItems;
67  ConfigItem** pItems;
68  int nCerts;
69  CertificateItem** pCerts;
71 
72  //--------------------------------------------------
73  // Returns true (not 0) if config store structure has been inited
74  //--------------------------------------------------
75  EXP_OPTION int isConfigInited();
76 
77  //--------------------------------------------------
78  // Initializes configuration store
79  // szConfigFile - name of config file. Use NULL for default
80  //--------------------------------------------------
81  EXP_OPTION int initConfigStore(const char* szConfigFile);
82 
83  //--------------------------------------------------
84  // Cleans memory of configuration store
85  // pConfStore - configuration collection (use NULL for default)
86  //--------------------------------------------------
87  EXP_OPTION void cleanupConfigStore(ConfigurationStore *pConfStore);
88 
89  //--------------------------------------------------
90  // Adds a new configration item
91  // pConfStore - configuration collection (use NULL for default)
92  // key - items key
93  // value - items value
94  // type - item type
95  // status - item status
96  // returns ERR_OK on success
97  //--------------------------------------------------
98  EXP_OPTION int addConfigItem(ConfigurationStore *pConfStore, const char* key, const char* value, int type, int status);
99 
100  //--------------------------------------------------
101  // Read ca and ocsp responder certs from files and cache in memory
102  //--------------------------------------------------
103  int initCertificateItems();
104 
105  //--------------------------------------------------
106  // Deletes configration item
107  // key - items key
108  // returns ERR_OK on success
109  //--------------------------------------------------
110  EXP_OPTION int ConfigItem_delete(const char* key);
111 
112  //--------------------------------------------------
113  // Adds a new private configration item or modifies
114  // pConfStore - configuration collection (use NULL for default)
115  // an existing one
116  // key - items key
117  // value - items value
118  // returns ERR_OK on success
119  //--------------------------------------------------
120  EXP_OPTION int createOrReplacePrivateConfigItem(ConfigurationStore *pConfStore, const char* key, const char* value);
121 
122  //--------------------------------------------------
123  // Finds a new configration items value by key
124  // key - items key
125  // returns value of config item or NULL if not found
126  //--------------------------------------------------
127  EXP_OPTION const char* ConfigItem_lookup(const char* key);
128 
129  //--------------------------------------------------
130  // Finds a new configration items value by key from the store
131  // key - items key
132  // pConfStore - store to search in
133  // returns value of config item or NULL if not found
134  //--------------------------------------------------
135  EXP_OPTION const char* ConfigItem_lookup_fromStore(ConfigurationStore *pConfStore, const char* key);
136 
137  //--------------------------------------------------
138  // Finds a all configration items that start with this prefix
139  // pConfStore - collection of found items
140  // prefix - item keys prefix
141  // returns error code or ERR_OK
142  //--------------------------------------------------
143  int ConfigItem_findByPrefix(ConfigurationStore *pConfStore, const char* prefix);
144 
145  //--------------------------------------------------
146  // Finds a numeric configration items value by key
147  // key - items key
148  // defValue - default value to be returned
149  // returns value of config item or defValue if not found
150  //--------------------------------------------------
151  EXP_OPTION int ConfigItem_lookup_int(const char* key, int defValue);
152 
153  //--------------------------------------------------
154  // Finds a bolean configration items value by key
155  // key - items key
156  // defValue - default value to be returned
157  // returns value of config item or defValue if not found
158  //--------------------------------------------------
159  EXP_OPTION int ConfigItem_lookup_bool(const char* key, int defValue);
160 
161  //--------------------------------------------------
162  // Finds a new configration items value by key
163  // key - items key
164  // returns value of config item or NULL if not found
165  //--------------------------------------------------
166  EXP_OPTION const char* ConfigItem_lookup_str(const char* key, const char* defValue);
167 
168  //--------------------------------------------------
169  // Reads and parses configuration file
170  // fileName - configuration file name
171  // type - type of config file global/private
172  // return error code or 0 for success
173  //--------------------------------------------------
174  EXP_OPTION int readConfigFile(const char* fileName, int type);
175 
176  //--------------------------------------------------
177  // Writes a configuration file
178  // fileName - configuration file name
179  // type - type of config file global/private
180  // return error code or 0 for success
181  //--------------------------------------------------
182  EXP_OPTION int writeConfigFile(const char* fileName, int type);
183 
184  //--------------------------------------------------
185  // Saves all private config items in correct file
186  // return error code or 0 for success
187  //--------------------------------------------------
188  EXP_OPTION int writePrivateConfigFile();
189 
190  //--------------------------------------------------
191  // Sets a new name for private config file. Can be
192  // used to override default of env(HOME)/.digidoc.conf
193  // Use NULL to restore default value
194  //--------------------------------------------------
195  EXP_OPTION void setPrivateConfigFile(const char* fileName);
196 
197  //--------------------------------------------------
198  // Finds CA certificate of the given certificate
199  // ppCA - address of found CA
200  // pCert - certificate whose CA we are looking for
201  // return error code or 0 for success
202  // deprecated use findCAForCertificateAndSigTime()
203  //--------------------------------------------------
204  DIGIDOC_DEPRECATED EXP_OPTION int findCAForCertificate(X509** ppCA, const X509* pCert);
205 
206  //--------------------------------------------------
207  // Finds CA certificate of the given certificate
208  // ppCA - address of found CA
209  // pCert - certificate whose CA we are looking for
210  // tSigTime - signature timestamp
211  // return error code or 0 for success
212  //--------------------------------------------------
213  EXP_OPTION int findCAForCertificateAndSigTime(X509** ppCA, const X509* pCert, time_t tSigTime);
214 
215  //--------------------------------------------------
216  // Finds CA certificate by CN
217  // ppCA - address of found CA
218  // szCN - CA certs common name
219  // pHash - authority-key-identifier to search for CA
220  // return error code or 0 for success
221  // deprecated use findCAForCNAndSigTime()
222  //--------------------------------------------------
223  DIGIDOC_DEPRECATED EXP_OPTION int findCAForCN(X509** ppCA, const char* szCN, DigiDocMemBuf *pHash);
224 
225  //--------------------------------------------------
226  // Finds CA certificate by CN
227  // ppCA - address of found CA
228  // szCN - CA certs common name
229  // pHash - authority-key-identifier to search for CA
230  // tSigTime - signing time or 0
231  // return error code or 0 for success
232  //--------------------------------------------------
233  EXP_OPTION int findCAForCNAndSigTime(X509** ppCA, const char* szCN, DigiDocMemBuf *pHash, time_t tSigTime);
234 
235  //--------------------------------------------------
236  // Finds CA chain
237  // ppChain - address of cert pointer array
238  // nMaxChain - index of last cert in returned array - 0 based
239  // szCN - CN of the first CA cert (not the child cert!)
240  // pCert - certificate to search ca-s for
241  // return error code or 0 for success
242  // deprecated use findCAChainForCNAndSigTime()
243  //--------------------------------------------------
244  DIGIDOC_DEPRECATED EXP_OPTION int findCAChainForCN(X509** ppChain, int* nMaxChain, const char* szCN, X509* pCert);
245 
246  //--------------------------------------------------
247  // Finds CA chain
248  // ppChain - address of cert pointer array
249  // nMaxChain - index of last cert in returned array - 0 based
250  // szCN - CN of the first CA cert (not the child cert!)
251  // pCert - certificate to search ca-s for
252  // tSigTime - signature timestamp
253  // return error code or 0 for success
254  //--------------------------------------------------
255  EXP_OPTION int findCAChainForCNAndSigTime(X509** ppChain, int* nMaxChain, const char* szCN, X509* pCert, time_t tSigTime);
256 
257  //--------------------------------------------------
258  // Finds Responders certificate by CN
259  // ppResp - address of found cert
260  // szCN - Responder certs common name
261  // hash - responder certs hash in base64 form
262  // szCertSerial - specific serial number to search
263  // return error code or 0 for success
264  //--------------------------------------------------
265  EXP_OPTION int findResponder(X509** ppResp, const char* szCN,
266  const char* szHash, char* szCertSerial);
267 
268  //--------------------------------------------------
269  // Finds Responders certificate by CN and index
270  // ppResp - address of found cert
271  // szCN - Responder certs common name
272  // hash - responder certs hash in base64
273  // nIdx - index of the certificate for this respnder. Starts at 0
274  // return error code or 0 for success
275  //--------------------------------------------------
276  EXP_OPTION int findResponderByCNAndHashAndIndex(X509** ppResp, const char* szCN,
277  const char* hash, int nIdx);
278 
279  //--------------------------------------------------
280  // Finds Responder certificates CA certs CN
281  // caCN - buffer for responders CA CN
282  // len - length of buffer for CA CN
283  // szCN - responder certs common name
284  // hash - responder certs hash in base64 form
285  // return error code or 0 for success
286  //--------------------------------------------------
287  EXP_OPTION int findResponderCA(char* caCN, int len, const char* szCN, const char* hash);
288 
289  //------------------------------------------
290  // Get a notary confirmation for signature
291  // pSigDoc - signed document pointer
292  // pSigInfo - signature to notarize
293  // returns error code
294  //------------------------------------------
295  EXP_OPTION int notarizeSignature(SignedDoc* pSigDoc, SignatureInfo* pSigInfo);
296 
297  //------------------------------------------
298  // Get a notary confirmation for signature
299  // pSigDoc - signed document pointer
300  // pSigInfo - signature to notarize
301  // ip - callers ip address if known
302  // returns error code
303  //------------------------------------------
304  EXP_OPTION int notarizeSignatureWithIp(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, unsigned long ip);
305 
306  //--------------------------------------------------
307  // Signs the document and gets configrmation
308  // pSigDoc - signed document pointer
309  // ppSigInfo - address of new signature pointer
310  // pin - smart card PIN
311  // manifest - manifest / resolution (NULL)
312  // city - signers city (NULL)
313  // state - signers state (NULL)
314  // zip - signers postal code (NULL)
315  // country - signers country (NULL)
316  //--------------------------------------------------
317  EXP_OPTION int signDocument(SignedDoc* pSigDoc, SignatureInfo** ppSigInfo,
318  const char* pin, const char* manifest,
319  const char* city, const char* state,
320  const char* zip, const char* country);
321 
322  //--------------------------------------------------
323  // Signs the document and gets configrmation
324  // pSigDoc - signed document pointer
325  // ppSigInfo - address of new signature pointer
326  // pin - smart card PIN
327  // manifest - manifest / resolution (NULL)
328  // city - signers city (NULL)
329  // state - signers state (NULL)
330  // zip - signers postal code (NULL)
331  // country - signers country (NULL)
332  // signs with PKCS11
333  //--------------------------------------------------
334  EXP_OPTION int signDocumentWithSlot(SignedDoc* pSigDoc, SignatureInfo** ppSigInfo,
335  const char* pin, const char* manifest,
336  const char* city, const char* state,
337  const char* zip, const char* country,
338  int nSlot, int nOcsp, int nSigner);
339 
340  //--------------------------------------------------
341  // Signs the document and gets configrmation
342  // pSigDoc - signed document pointer
343  // ppSigInfo - address of new signature pointer
344  // pin - smart card PIN
345  // manifest - manifest / resolution (NULL)
346  // city - signers city (NULL)
347  // state - signers state (NULL)
348  // zip - signers postal code (NULL)
349  // country - signers country (NULL)
350  // nSigner - 1=PKCS11, 2=CNG (Microsoft CAPI), 3=PKCS#12
351  // szPkcs12FileName - PKCS#12 file name to be used for signing (required if nSigner=3)
352  //--------------------------------------------------
353  EXP_OPTION int signDocumentWithSlotAndSigner(SignedDoc* pSigDoc, SignatureInfo** ppSigInfo,
354  const char* pin, const char* manifest,
355  const char* city, const char* state,
356  const char* zip, const char* country,
357  int nSlot, int nOcsp, int nSigner,
358  const char* szPkcs12FileName);
359 
360  //--------------------------------------------------
361  // Verify this notary
362  // pSigDoc - signed document pointer
363  // pNotInfo - notary to verify
364  // returns error code
365  //--------------------------------------------------
366  int verifyNotary(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, NotaryInfo* pNotInfo);
367 
368  //--------------------------------------------------
369  // Verify this signature and it's notary
370  // pSigDoc - signed document pointer
371  // pSigInfo - signature to verify
372  // szFileName - input digidoc filename
373  // returns error code
374  //--------------------------------------------------
375  EXP_OPTION int verifySignatureAndNotary(SignedDoc* pSigDoc, SignatureInfo* pSigInfo, const char* szFileName);
376 
377  //--------------------------------------------------
378  // Extract common name from cert DN or responder id
379  // src - DN
380  // dest - buffer for CN
381  // destLen - size of output buffer in bytes
382  //--------------------------------------------------
383  int findCN(char* src, char* dest, int destLen);
384 
385  //------------------------------------------
386  // Verify certificate by OCSP
387  // pCert - certificate to check
388  // ppResp - address to return OCSP response. Use NULL if
389  // you don't want OCSP response to be returned
390  // returns error code
391  //------------------------------------------
392  EXP_OPTION int ddocVerifyCertByOCSP(X509* pCert, OCSP_RESPONSE **ppResp);
393 
394  //------------------------------------------
395  // Verify certificate by OCSP
396  // pCert - certificate to check
397  // ppResp - address to return OCSP response. Use NULL if
398  // you don't want OCSP response to be returned
399  // returns error code
400  //------------------------------------------
401  EXP_OPTION int ddocVerifyCertByOCSPWithIp(X509* pCert, OCSP_RESPONSE **ppResp, unsigned long ip);
402 
403  //------------------------------------------
404  // Reads an arbitrary file into memory buffer
405  // szFileName - file name and path
406  // pData - memory buffer object
407  // returns error code
408  //------------------------------------------
409  EXP_OPTION int ddocReadFile(const char* szFileName, DigiDocMemBuf* pData);
410 
411  //------------------------------------------
412  // Writes an arbitrary file into memory buffer
413  // szFileName - file name and path
414  // pData - memory buffer object
415  // returns error code
416  //------------------------------------------
417  EXP_OPTION int ddocWriteFile(const char* szFileName, DigiDocMemBuf* pData);
418 
419 
420 #ifdef __cplusplus
421 }
422 #endif
423 
424 
425 #endif // __DIGI_DOC_CFG_H__
Definition: DigiDocObj.h:154
Definition: DigiDocConfig.h:51
Definition: DigiDocObj.h:177
Definition: DigiDocConfig.h:59
Definition: DigiDocObj.h:139
Definition: DigiDocMem.h:32
Definition: DigiDocConfig.h:65