Hi, I added the missing parts into wiki page. :)
Thanks Milinda On Feb 14, 2008 10:58 AM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote: > Hi Milinda, > Looks fine to me. Would like to add followings suggestions. > 1. The structure of the pkcs12_keystore_t should be in the wiki > 2. The free function is missing > 3. Shouldn't it be > pkcs12_keystore_*create* -> pkcs12_keystore_*load* > Or do we need both functions. > Thoughts? > -Kaushalye > > Milinda Pathirage wrote: > > hi all, > > > > I updated the API for pkcs12 key store. Please refer the wiki page and > > comment if there are any issues. > > > > thanks > > > > Milinda > > > > On Feb 7, 2008 11:25 AM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote: > > > > > >> The correct location is ... > >> http://wiki.apache.org/ws/rampartc/pkcs12_API > >> :) > >> -Kaushalye > >> > >> Kaushalye Kapuruge wrote: > >> > >>> Hi Milinda, > >>> I created following[1] WIKI page with some modifications to the API. > >>> Please add other functions too. > >>> -Kau > >>> > >>> [1]http://wiki.apache.org/general/rampartc/pkcs12_API > >>> > >>> Milinda Pathirage wrote: > >>> > >>>> Hi all, > >>>> > >>>> After doing some research with openssl pkcs12 implementation, I > >>>> > >> designed > >> > >>>> following API for PKCS12 Keystore to include in Rampart/C. > >>>> > >>>> Currently Rampart configuration support specifying certificate using > >>>> their > >>>> .pem file name. This approach is limiting our capabilities of server > >>>> side > >>>> security because we can only handle one user certificate(correct me > >>>> if I am > >>>> wrong). PKCS12 Keystore implementation will allow us to store several > >>>> certificates inside one single file and retrive and validate them > >>>> according > >>>> to our requirements. > >>>> > >>>> Here is the API for PKCS12 Keystore (This API is designed after > >>>> examine the > >>>> Crypto interface of WSS4J): > >>>> > >>>> pkcs12_keystore_t * pkcs12_keystore_create(char *filename, char > >>>> *password); > >>>> > >>>> This method is use to create a key store from given file. > >>>> > >>>> > >>>> openssl_pkey_t * pkcs12_keystore_get_private_key(char *alias, char > >>>> *passwd) > >>>> > >>>> Get the private key of the owner of key store. Currently assuming > >>>> that we > >>>> store our private key and public key pair with our CA certificates > and > >>>> others public keys. This method will handle situation with several > >>>> private > >>>> keys in the key store because we specify the alias. > >>>> > >>>> > >>>> pkcs12_keystore_get_ certificates(char *alias) > >>>> > >>>> Get the certificates for given alias. Need to figure out the return > >>>> > >> type > >> > >>>> (Whether to return STACK_OF(X509) or x509 array). > >>>> > >>>> char * pkcs12_keystore_get_alias_for_cert_issuer(char *issuer) > >>>> > >>>> Get alias of the certificate that matches given issuer's name. > >>>> > >>>> > >>>> char * pkcs12_keystore_get_alias_for_cert_serial(char *issuer, int > >>>> serial) > >>>> > >>>> Get alias of the certificate that matches given issuer's name and > >>>> serial. > >>>> > >>>> > >>>> char * pkcs12_keystore_get_alias_for_cert_sub_key_id(char *ski) > >>>> > >>>> Get alias of the certificate that matches given Subject Key > Identifier. > >>>> > >>>> > >>>> x509 * pkcs12_keystore_get_default_cert() > >>>> > >>>> Get the default certificate of the key store. > >>>> > >>>> > >>>> char * pkcs12_keystore_ get_alias_for_defualt_cert() > >>>> > >>>> Get the alias of the default certificate. > >>>> > >>>> > >>>> char* pkcs12_keystore_get_alias_for_cert_thumb(char *thumb) > >>>> > >>>> Get alias of the matching certificate with given thumbprint. > >>>> > >>>> > >>>> pkcs12_keystore_get_alias_for_cert_DN(char *subject_dn) > >>>> > >>>> Get alias of the matching certificate with given DN. > >>>> > >>>> > >>>> Have to figure out how we can validate a given certificate. Function > >>>> name > >>>> should change. > >>>> pkcs12_keystore_validate_cert_path(X509 certs) > >>>> > >>>> > >>>> This is only a draft API. I think there may be some missing parts. > >>>> Please > >>>> feel free to comment on this. > >>>> > >>>> > >>>> Thanks > >>>> > >>>> Milinda > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> -- > >> http://blog.kaushalye.org/ > >> http://wso2.org/ > >> > >> > >> > > > > > > > > > -- > http://blog.kaushalye.org/ > http://wso2.org/ > > -- http://inf-dimensions.blogspot.com "Infinite Dimensions" http://wsaxc.blogspot.com "Web Services With Axis2/C"
