certificate_enrollment.h

00001 // ----------------------------------------------------------------------------
00002 // Copyright 2018 ARM Ltd.
00003 //  
00004 // Licensed under the Apache License, Version 2.0 (the "License");
00005 // you may not use this file except in compliance with the License.
00006 // You may obtain a copy of the License at
00007 //  
00008 //     http://www.apache.org/licenses/LICENSE-2.0
00009 //  
00010 // Unless required by applicable law or agreed to in writing, software
00011 // distributed under the License is distributed on an "AS IS" BASIS,
00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013 // See the License for the specific language governing permissions and
00014 // limitations under the License.
00015 // ----------------------------------------------------------------------------
00016 
00017 #ifndef __CERTIFICATE_ENROLLMENT_H__
00018 #define __CERTIFICATE_ENROLLMENT_H__
00019 
00020 #include <stdint.h>
00021 #include <stddef.h>
00022 #include <stdlib.h>
00023 
00024 #include "ce_status.h"
00025 #include "cs_der_keys_and_csrs.h"
00026 
00027 
00028 #ifdef __cplusplus
00029 extern "C" {
00030 #endif
00031 
00032 typedef struct ce_renewal_params_ {
00033     struct cert_chain_context_s *cert_data;// Not owner
00034     cs_key_handle_t crypto_handle;//This should include pointer to private key/private  and public key object optional - Not owner 
00035 } ce_renewal_params_s;
00036     
00037 
00038 ce_status_e  ce_init(void);
00039 
00040 
00041 /** Translates key-configurator-manager (KCM) statuses into certificate enrollment statuses.
00042 *
00043 * @param kcm_status[in] The KCM status to translate
00044 *
00045 * @returns
00046 *       one of the `::ce_status_e` statuses listed in ce_status.h.
00047 */
00048 ce_status_e  ce_error_handler(kcm_status_e  kcm_status);
00049 
00050 /** Generates key pair and a CSR from a given certificate name.
00051 * Calling to cs_ec_key_new(..) prior calling this function is mandatory in order to achieve the handle to the key object in store.
00052 * Calling to cs_ec_key_free(..) prior calling this function is mandatory in order to evacuate the handle resources.
00053 * Please refer cs_der_keys_and_csr.h for specific API details.
00054 *
00055 * @param certifcate_name[in] Certificate name to search in store, the certificate
00056 *                            name must be NULL terminated string
00057 * @param key_h[in] A handle to a key object that obtained by calling to cs_ec_key_new(..)
00058 * @param csr_out[out] A pointer to a newly allocated buffer that accommodate the CSR.
00059 *                     It is the user responsibility to evacuate this buffer.
00060 * @param csr_size_out[out] The size in bytes of the newly created CSR
00061 * @returns
00062 *       CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise.
00063 */
00064 ce_status_e  ce_generate_keys_and_create_csr_from_certificate(
00065     const char *certificate_name, const cs_key_handle_t key_h,
00066     uint8_t **csr_out, size_t *csr_size_out);
00067 
00068 /*! The API updates certificate/certificate chain and correlated key/key pair.
00069 *
00070 *    @param[in] item_name              item name.
00071 *    @param[in] item_name_len          item name length.
00072 *    @param[in] renewal_data           pointer to renewal data structure.
00073 *
00074 *    @returns
00075 *        CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise.
00076 */
00077 ce_status_e  ce_safe_renewal(const char *item_name, ce_renewal_params_s *renewal_data);
00078 
00079 /*! The API called during kcm_init() in case of error during renewal_certificate API.
00080 * The functions checks status of the renewal process, restores original data and deletes redundant files.
00081 * The APIs checks the status based on renewal file and its data.
00082 *    @void
00083 */
00084 void ce_check_and_restore_backup_status(void);
00085 
00086 #ifdef __cplusplus
00087 }
00088 #endif
00089 
00090 #endif  //__CERTIFICATE_ENROLLMENT_H__