1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#ifndef AWS_IO_PKI_UTILS_H
#define AWS_IO_PKI_UTILS_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/io/io.h>
#ifdef _WIN32
/* It's ok to include external headers because this is a PRIVATE header file
* (it is usually a crime to include windows.h from header file) */
# include <Windows.h>
#endif /* _WIN32 */
#ifdef AWS_OS_APPLE
/* It's ok to include external headers because this is a PRIVATE header file */
# include <CoreFoundation/CFArray.h>
#endif /* AWS_OS_APPLE */
struct aws_string;
AWS_EXTERN_C_BEGIN
/**
* Returns the path to the directory and file, respectively, which holds the
* SSL certificate trust store on the system.
*/
AWS_IO_API const char *aws_determine_default_pki_dir(void);
AWS_IO_API const char *aws_determine_default_pki_ca_file(void);
#ifdef AWS_OS_APPLE
# if !defined(AWS_OS_IOS)
/**
* Imports a PEM armored PKCS#7 public/private key pair
* into identity for use with SecurityFramework.
*/
int aws_import_public_and_private_keys_to_identity(
struct aws_allocator *alloc,
CFAllocatorRef cf_alloc,
const struct aws_byte_cursor *public_cert_chain,
const struct aws_byte_cursor *private_key,
CFArrayRef *identity,
const struct aws_string *keychain_path);
# endif /* AWS_OS_IOS */
/**
* Imports a PKCS#12 file into identity for use with
* SecurityFramework
*/
int aws_import_pkcs12_to_identity(
CFAllocatorRef cf_alloc,
const struct aws_byte_cursor *pkcs12_cursor,
const struct aws_byte_cursor *password,
CFArrayRef *identity);
/**
* Loads PRM armored PKCS#7 certificates into certs
* for use with custom CA.
*/
int aws_import_trusted_certificates(
struct aws_allocator *alloc,
CFAllocatorRef cf_alloc,
const struct aws_byte_cursor *certificates_blob,
CFArrayRef *certs);
/**
* Releases identity (the output of the aws_import_* functions).
*/
void aws_release_identity(CFArrayRef identity);
/**
* releases the output of aws_import_trusted_certificates.
*/
void aws_release_certificates(CFArrayRef certs);
#endif /* AWS_OS_APPLE */
#ifdef _WIN32
/**
* Returns AWS_OP_SUCCESS if we were able to successfully load the certificate and cert_store.
*
* Returns AWS_OP_ERR otherwise.
*/
AWS_IO_API int aws_load_cert_from_system_cert_store(
const char *cert_path,
HCERTSTORE *cert_store,
PCCERT_CONTEXT *certs);
/**
* Imports a PEM armored PKCS#7 blob into an ephemeral certificate store for use
* as a custom CA.
*/
AWS_IO_API int aws_import_trusted_certificates(
struct aws_allocator *alloc,
const struct aws_byte_cursor *certificates_blob,
HCERTSTORE *cert_store);
/**
* Closes a cert store that was opened by aws_is_system_cert_store, aws_import_trusted_certificates,
* or aws_import_key_pair_to_cert_context.
*/
AWS_IO_API void aws_close_cert_store(HCERTSTORE cert_store);
/**
* Imports a PEM armored PKCS#7 public/private key pair into certs for use as a certificate with SSPI.
*/
AWS_IO_API int aws_import_key_pair_to_cert_context(
struct aws_allocator *alloc,
const struct aws_byte_cursor *public_cert_chain,
const struct aws_byte_cursor *private_key,
bool is_client_mode,
HCERTSTORE *cert_store,
PCCERT_CONTEXT *certs,
HCRYPTPROV *crypto_provider,
HCRYPTKEY *private_key_handle);
#endif /* _WIN32 */
AWS_EXTERN_C_END
#endif /* AWS_IO_PKI_UTILS_H */
|
