Defines the cryptographic abstraction interface for the minimal PKI implementation provided by the stack. A cryptographic implementation must define all the function declared in this file. The stack will not to provide a full-blown configurable PKI. The stack provides only a minimal, always safe validating PKI. More...
#include "sopc_pki_decl.h"Go to the source code of this file.
Functions | |
| SOPC_ReturnStatus | SOPC_PKIProvider_VerifyEveryCertificate (SOPC_PKIProvider *pPKI, const SOPC_PKI_ChainProfile *pProfile, uint32_t **pErrors, char ***ppThumbprints, uint32_t *pLength) |
| Verify every certificate of the PKI. | |
| SOPC_ReturnStatus | SOPC_PKIProvider_AddCertToRejectedList (SOPC_PKIProvider *pPKI, const SOPC_CertificateList *pCert) |
| Add a certificate to the PKI rejected list. | |
| SOPC_ReturnStatus | SOPC_PKIProvider_CheckCommonName (const SOPC_CertificateList *pToValidate) |
| Checks if the Common Name attribute of a certificate thumbprint is specified. | |
| SOPC_ReturnStatus | SOPC_PKIProvider_CheckSecurityPolicy (const SOPC_CertificateList *pToValidate, const SOPC_PKI_LeafProfile *pConfig) |
| Checks if the PKI public keys are valid. | |
| SOPC_ReturnStatus | SOPC_PKIProvider_CheckHostName (const SOPC_CertificateList *pToValidate, const char *url) |
| Checks if the host name in the URL used to connect to the server is the same as the host name in the certificate URL. | |
| SOPC_ReturnStatus | SOPC_PKIProvider_CheckCertificateUsage (const SOPC_CertificateList *pToValidate, const SOPC_PKI_LeafProfile *pProfile) |
| Checks if the certificate uses are matching the required uses. | |
Detailed Description
Defines the cryptographic abstraction interface for the minimal PKI implementation provided by the stack. A cryptographic implementation must define all the function declared in this file. The stack will not to provide a full-blown configurable PKI. The stack provides only a minimal, always safe validating PKI.
Function Documentation
◆ SOPC_PKIProvider_VerifyEveryCertificate()
| SOPC_ReturnStatus SOPC_PKIProvider_VerifyEveryCertificate | ( | SOPC_PKIProvider * | pPKI, |
| const SOPC_PKI_ChainProfile * | pProfile, | ||
| uint32_t ** | pErrors, | ||
| char *** | ppThumbprints, | ||
| uint32_t * | pLength ) |
Verify every certificate of the PKI.
Each certificate of the chain is checked for signature, validity and profile.
- Parameters
-
pPKI A valid pointer to the PKIProvider. pProfile A valid pointer to the PKI chain profile. [out] pErrors Array to store the OpcUa error code when a certificate is invalid. [out] ppThumbprints Array to store the certificate thumbprint when a certificate is invalid. [out] pLength The length of pErrorsandppThumbprints.
- Note
pErrorsandppThumbprintsare only created and set if the returned status is SOPC_STATUS_NOK. In case of invalid certificate (SOPC_STATUS_NOK) the thumbprint is associated to the error at the same index.
- Returns
- SOPC_STATUS_OK when every certificate is successfully validated, and SOPC_STATUS_INVALID_PARAMETERS, SOPC_STATUS_INVALID_STATE, SOPC_STATUS_OUT_OF_MEMORY or SOPC_STATUS_NOK.
◆ SOPC_PKIProvider_AddCertToRejectedList()
| SOPC_ReturnStatus SOPC_PKIProvider_AddCertToRejectedList | ( | SOPC_PKIProvider * | pPKI, |
| const SOPC_CertificateList * | pCert ) |
Add a certificate to the PKI rejected list.
- Parameters
-
pPKI A valid pointer to the PKIProvider. pCert A valid pointer to the certificate to be added.
- Note
- The function removes the oldest certificate if the list size reaches
SOPC_PKI_MAX_NB_CERT_REJECTED.
- Warning
pCertshall contains a single certificate.
- Returns
- SOPC_STATUS_OK when successful.
◆ SOPC_PKIProvider_CheckCommonName()
| SOPC_ReturnStatus SOPC_PKIProvider_CheckCommonName | ( | const SOPC_CertificateList * | pToValidate | ) |
Checks if the Common Name attribute of a certificate thumbprint is specified.
- Parameters
-
pToValidate A valid pointer to the Certificate to validate.
- Returns
- SOPC_STATUS_OK when successful.
◆ SOPC_PKIProvider_CheckSecurityPolicy()
| SOPC_ReturnStatus SOPC_PKIProvider_CheckSecurityPolicy | ( | const SOPC_CertificateList * | pToValidate, |
| const SOPC_PKI_LeafProfile * | pConfig ) |
Checks if the PKI public keys are valid.
- Parameters
-
pToValidate A valid pointer to the Certificate to validate. pConfig A valid pointer to a profile configuration.
- Returns
- SOPC_STATUS_OK when successful.
◆ SOPC_PKIProvider_CheckHostName()
| SOPC_ReturnStatus SOPC_PKIProvider_CheckHostName | ( | const SOPC_CertificateList * | pToValidate, |
| const char * | url ) |
Checks if the host name in the URL used to connect to the server is the same as the host name in the certificate URL.
- Parameters
-
pToValidate A valid pointer to the Certificate to validate. url A valid URL extracted from a certificate.
- Returns
- SOPC_STATUS_OK when successful.
◆ SOPC_PKIProvider_CheckCertificateUsage()
| SOPC_ReturnStatus SOPC_PKIProvider_CheckCertificateUsage | ( | const SOPC_CertificateList * | pToValidate, |
| const SOPC_PKI_LeafProfile * | pProfile ) |
Checks if the certificate uses are matching the required uses.
- Parameters
-
pToValidate A valid pointer to the certificate to validate. pProfile A valid pointer to the expected profile of a certificate.
- Returns
- SOPC_STATUS_OK when successful.
Generated on Mon Feb 3 2025 15:08:45 for S2OPC OPCUA Toolkit by
1.12.0