//*************************************************************************** // apps/include/crypto/controlse/ccertificate.hxx // // Licensed to the Apache Software Foundation (ASF) under one or more // contributor license agreements. See the NOTICE file distributed with // this work for additional information regarding copyright ownership. The // ASF licenses this file to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance with the // License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations // under the License. // //*************************************************************************** // Copyright 2024 NXP #pragma once //*************************************************************************** // Included Files //*************************************************************************** #include "crypto/controlse/isecure_element_object.hxx" #include //*************************************************************************** // Class definitions //*************************************************************************** namespace Controlse { class ISecureElement; class CPublicKey; class CSerialNumber; class CCertificate : public ISecureElementObject { public: CCertificate(const ISecureElement &se, uint32_t keystore_id); CCertificate(const uint8_t *crt_der_or_pem, size_t crt_size); CCertificate(const ISecureElement &se, const uint8_t *csr_der_or_pem, size_t csr_size, uint32_t keystore_id); // from_datetime and to_datetime need to have format: YYYYMMDDHHMMSSZ CCertificate(const ISecureElement &se, const uint8_t *csr_der_or_pem, size_t csr_size, uint32_t keystore_id, const char *from_datetime, const char *to_datetime); CCertificate(const CCertificate &) = delete; CCertificate(CCertificate &&) = default; ~CCertificate(); CCertificate &operator=(const CCertificate &other) = delete; bool IsLoaded() const; bool StoreOnSecureElement(const ISecureElement &se, uint32_t keystore_id) const; bool LoadFromSecureElement(const ISecureElement &se, uint32_t keystore_id); bool LoadFromDerOrPem(const uint8_t *crt_der_or_pem, size_t crt_size); bool LoadFromCsrDerOrPem(const ISecureElement &se, const uint8_t *csr_der_or_pem, size_t csr_size, uint32_t keystore_id, const char *from_datetime, const char *to_datetime); bool VerifyAgainst(const ISecureElement &se, uint32_t verify_against_id) const; // Test time range is valid // returns 0 if valid // -1 when expired // 1 when not yet valid int TestValidTimerange(time_t now) const; // Get public key from certificate // returns pointer to public key when successful otherwise NULL // note: must be deleted by caller when not NULL CPublicKey *GetPublicKey() const; // Get oid from certificate if available // oid must be one of MBEDTLS_OID_AT* from mbedtls/oid.h // // returns zero terminated text string when successful otherwise NULL // note: must be deleted by caller when not NULL char *GetOid(const char *oid) const; // Get serial number from from certificate // returns pointer to CSerialNumber when successful otherwise NULL // note: must be deleted by caller when not NULL CSerialNumber *GetSerialNumber() const; size_t GetNumberOfSubjectAlternativeNames() const; // Get SAN from from certificate // returns pointer to array when successful otherwise NULL // note: must be deleted by caller when not NULL char *GetSubjectAlternativeName(int item) const; // Get certificate in DER format // returns size of the der array otherwise 0 // note: der must be deleted by caller when not NULL size_t GetDer(uint8_t **der) const; // Get certificate in PEM format // returns pointer to pem string when successful otherwise NULL // note: must be deleted by caller when not NULL char *GetPem() const; bool ContainsSan(const char *name, size_t size) const; static constexpr char TAG_ID_SIZE = 18; private: bool is_loaded = false; mbedtls_x509_crt crt; }; } // namespace Controlse