hi all, I updated the API for pkcs12 key store. Please refer the wiki page and comment if there are any issues.
thanks Milinda On Feb 7, 2008 11:25 AM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote: > The correct location is ... > http://wiki.apache.org/ws/rampartc/pkcs12_API > :) > -Kaushalye > > Kaushalye Kapuruge wrote: > > Hi Milinda, > > I created following[1] WIKI page with some modifications to the API. > > Please add other functions too. > > -Kau > > > > [1]http://wiki.apache.org/general/rampartc/pkcs12_API > > > > Milinda Pathirage wrote: > >> Hi all, > >> > >> After doing some research with openssl pkcs12 implementation, I > designed > >> following API for PKCS12 Keystore to include in Rampart/C. > >> > >> Currently Rampart configuration support specifying certificate using > >> their > >> .pem file name. This approach is limiting our capabilities of server > >> side > >> security because we can only handle one user certificate(correct me > >> if I am > >> wrong). PKCS12 Keystore implementation will allow us to store several > >> certificates inside one single file and retrive and validate them > >> according > >> to our requirements. > >> > >> Here is the API for PKCS12 Keystore (This API is designed after > >> examine the > >> Crypto interface of WSS4J): > >> > >> pkcs12_keystore_t * pkcs12_keystore_create(char *filename, char > >> *password); > >> > >> This method is use to create a key store from given file. > >> > >> > >> openssl_pkey_t * pkcs12_keystore_get_private_key(char *alias, char > >> *passwd) > >> > >> Get the private key of the owner of key store. Currently assuming > >> that we > >> store our private key and public key pair with our CA certificates and > >> others public keys. This method will handle situation with several > >> private > >> keys in the key store because we specify the alias. > >> > >> > >> pkcs12_keystore_get_ certificates(char *alias) > >> > >> Get the certificates for given alias. Need to figure out the return > type > >> (Whether to return STACK_OF(X509) or x509 array). > >> > >> char * pkcs12_keystore_get_alias_for_cert_issuer(char *issuer) > >> > >> Get alias of the certificate that matches given issuer's name. > >> > >> > >> char * pkcs12_keystore_get_alias_for_cert_serial(char *issuer, int > >> serial) > >> > >> Get alias of the certificate that matches given issuer's name and > >> serial. > >> > >> > >> char * pkcs12_keystore_get_alias_for_cert_sub_key_id(char *ski) > >> > >> Get alias of the certificate that matches given Subject Key Identifier. > >> > >> > >> x509 * pkcs12_keystore_get_default_cert() > >> > >> Get the default certificate of the key store. > >> > >> > >> char * pkcs12_keystore_ get_alias_for_defualt_cert() > >> > >> Get the alias of the default certificate. > >> > >> > >> char* pkcs12_keystore_get_alias_for_cert_thumb(char *thumb) > >> > >> Get alias of the matching certificate with given thumbprint. > >> > >> > >> pkcs12_keystore_get_alias_for_cert_DN(char *subject_dn) > >> > >> Get alias of the matching certificate with given DN. > >> > >> > >> Have to figure out how we can validate a given certificate. Function > >> name > >> should change. > >> pkcs12_keystore_validate_cert_path(X509 certs) > >> > >> > >> This is only a draft API. I think there may be some missing parts. > >> Please > >> feel free to comment on this. > >> > >> > >> Thanks > >> > >> Milinda > >> > >> > >> > >> > > > > > > > -- > http://blog.kaushalye.org/ > http://wso2.org/ > > -- http://inf-dimensions.blogspot.com "Infinite Dimensions" http://wsaxc.blogspot.com "Web Services With Axis2/C"
