x509: XML Security Library Reference Manual

x509

x509 — X509 certificates implementation for NSS.

Stability Level

Stable, unless otherwise indicated

Functions

xmlSecKeyDataId	xmlSecNssKeyDataX509GetKlass ()
CERTCertificate *	xmlSecNssKeyDataX509GetKeyCert ()
int	xmlSecNssKeyDataX509AdoptKeyCert ()
int	xmlSecNssKeyDataX509AdoptCert ()
CERTCertificate *	xmlSecNssKeyDataX509GetCert ()
xmlSecSize	xmlSecNssKeyDataX509GetCertsSize ()
int	xmlSecNssKeyDataX509AdoptCrl ()
CERTSignedCrl *	xmlSecNssKeyDataX509GetCrl ()
xmlSecSize	xmlSecNssKeyDataX509GetCrlsSize ()
xmlSecKeyDataPtr	xmlSecNssX509CertGetKey ()
xmlSecKeyDataId	xmlSecNssKeyDataRawX509CertGetKlass ()
xmlSecKeyDataStoreId	xmlSecNssX509StoreGetKlass ()
CERTCertificate *	xmlSecNssX509StoreVerify ()
int	xmlSecNssX509StoreAdoptCert ()
int	xmlSecNssX509StoreAdoptCrl ()

Types and Values

#define	xmlSecNssKeyDataX509Id
#define	xmlSecNssKeyDataRawX509CertId
#define	xmlSecNssX509StoreId

Description

Functions

xmlSecNssKeyDataX509GetKlass ()

xmlSecKeyDataId
xmlSecNssKeyDataX509GetKlass (void);

The NSS X509 key data klass (http://www.w3.org/TR/xmldsig-core/sec-X509Data).

Returns

the X509 data klass.

xmlSecNssKeyDataX509GetKeyCert ()

CERTCertificate *
xmlSecNssKeyDataX509GetKeyCert (xmlSecKeyDataPtr data);

Gets the certificate from which the key was extracted.

Parameters

data

the pointer to X509 key data.

Returns

the key's certificate or NULL if key data was not used for key extraction or an error occurs.

xmlSecNssKeyDataX509AdoptKeyCert ()

int
xmlSecNssKeyDataX509AdoptKeyCert (xmlSecKeyDataPtr data,
                                  CERTCertificate *cert);

Adds certificate to the X509 key data and sets the it as the key's certificate in data . On success, the data owns the cert.

Parameters

data	the pointer to X509 key data.
cert	the pointer to NSS X509 certificate.

Returns

0 on success or a negative value if an error occurs.

xmlSecNssKeyDataX509AdoptCert ()

int
xmlSecNssKeyDataX509AdoptCert (xmlSecKeyDataPtr data,
                               CERTCertificate *cert);

Adds certificate to the X509 key data.

Parameters

data	the pointer to X509 key data.
cert	the pointer to NSS X509 certificate.

Returns

0 on success or a negative value if an error occurs.

xmlSecNssKeyDataX509GetCert ()

CERTCertificate *
xmlSecNssKeyDataX509GetCert (xmlSecKeyDataPtr data,
                             xmlSecSize pos);

Gets a certificate from X509 key data.

Parameters

data	the pointer to X509 key data.
pos	the desired certificate position.

Returns

the pointer to certificate or NULL if pos is larger than the number of certificates in data or an error occurs.

xmlSecNssKeyDataX509GetCertsSize ()

xmlSecSize
xmlSecNssKeyDataX509GetCertsSize (xmlSecKeyDataPtr data);

Gets the number of certificates in data .

Parameters

data

the pointer to X509 key data.

Returns

te number of certificates in data .

xmlSecNssKeyDataX509AdoptCrl ()

int
xmlSecNssKeyDataX509AdoptCrl (xmlSecKeyDataPtr data,
                              CERTSignedCrl *crl);

Adds CRL to the X509 key data.

Parameters

data	the pointer to X509 key data.
crl	the pointer to NSS X509 CRL.

Returns

0 on success or a negative value if an error occurs.

xmlSecNssKeyDataX509GetCrl ()

CERTSignedCrl *
xmlSecNssKeyDataX509GetCrl (xmlSecKeyDataPtr data,
                            xmlSecSize pos);

Gets a CRL from X509 key data.

Parameters

data	the pointer to X509 key data.
pos	the desired CRL position.

Returns

the pointer to CRL or NULL if pos is larger than the number of CRLs in data or an error occurs.

xmlSecNssKeyDataX509GetCrlsSize ()

xmlSecSize
xmlSecNssKeyDataX509GetCrlsSize (xmlSecKeyDataPtr data);

Gets the number of CRLs in data .

Parameters

data

the pointer to X509 key data.

Returns

te number of CRLs in data .

xmlSecNssX509CertGetKey ()

xmlSecKeyDataPtr
xmlSecNssX509CertGetKey (CERTCertificate *cert);

Extracts public key from the cert .

Parameters

cert

the certificate.

Returns

public key value or NULL if an error occurs.

xmlSecNssKeyDataRawX509CertGetKlass ()

xmlSecKeyDataId
xmlSecNssKeyDataRawX509CertGetKlass (void);

The raw X509 certificates key data klass.

Returns

raw X509 certificates key data klass.

xmlSecNssX509StoreGetKlass ()

xmlSecKeyDataStoreId
xmlSecNssX509StoreGetKlass (void);

The NSS X509 certificates key data store klass.

Returns

pointer to NSS X509 certificates key data store klass.

xmlSecNssX509StoreVerify ()

CERTCertificate *
xmlSecNssX509StoreVerify (xmlSecKeyDataStorePtr store,
                          CERTCertList *certs,
                          xmlSecKeyInfoCtx *keyInfoCtx);

xmlSecNssX509StoreVerify is deprecated and should not be used in newly-written code.

Verifies certs list.

Parameters

store	the pointer to X509 key data store klass.
certs	the untrusted certificates stack.
keyInfoCtx	the pointer to <dsig:KeyInfo/> element processing context.

Returns

pointer to the first verified certificate from certs .

xmlSecNssX509StoreAdoptCert ()

int
xmlSecNssX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
                             CERTCertificate *cert,
                             xmlSecKeyDataType type);

Adds trusted (root) or untrusted certificate to the store.

Parameters

store	the pointer to X509 key data store klass.
cert	the pointer to NSS X509 certificate.
type	the certificate type (trusted/untrusted).

Returns

0 on success or a negative value if an error occurs.

xmlSecNssX509StoreAdoptCrl ()

int
xmlSecNssX509StoreAdoptCrl (xmlSecKeyDataStorePtr store,
                            CERTSignedCrl *crl);

Adds CRL to the store.

Parameters

store	the pointer to X509 key data store klass.
crl	the pointer to NSS X509 CRL.

Returns

0 on success or a negative value if an error occurs.

Types and Values

xmlSecNssKeyDataX509Id

#define             xmlSecNssKeyDataX509Id

The NSS X509 data klass.

xmlSecNssKeyDataRawX509CertId

#define             xmlSecNssKeyDataRawX509CertId

The NSS raw X509 certificate klass.

xmlSecNssX509StoreId

#define             xmlSecNssX509StoreId

The NSS X509 store klass.