|
TrustedQSL Library API
|
Certificates are managed by manipulating tQSL_Cert objects. A tQSL_Cert contains:
The certificate management process consists of:
| DLLEXPORT int CALLCONVENTION tqsl_createCertRequest | ( | const char * | filename, |
| TQSL_CERT_REQ * | req, | ||
| int(*)(char *pwbuf, int pwsize, void *userdata) | pwcb, | ||
| void * | user | ||
| ) |
Create a certificate-request Gabbi file.
The req parameter must be properly populated with the required fields.
If req->password is NULL and cb is not NULL, the callback will be called to acquire the password. Otherwise req->password will be used as the password. If the password is NULL or an empty string the generated private key will be stored unencrypted.
If req->signer is not zero and the signing certificate requires a password, the password may be in req->signer_password, else signer_pwcb is called.
| DLLEXPORT int CALLCONVENTION tqsl_deleteCertificate | ( | tQSL_Cert | cert | ) |
Delete a certificate and private key
| DLLEXPORT int CALLCONVENTION tqsl_exportPKCS12Base64 | ( | tQSL_Cert | cert, |
| char * | base64, | ||
| int | b64len, | ||
| const char * | p12password | ||
| ) |
Save a key pair and certificates to a Base64 string in PKCS12 format.
The tQSL_Cert must be initialized for signing (see tqsl_beginSigning()) if the user certificate is being exported.
The supplied p12password is used to encrypt the PKCS12 data.
| DLLEXPORT int CALLCONVENTION tqsl_exportPKCS12File | ( | tQSL_Cert | cert, |
| const char * | filename, | ||
| const char * | p12password | ||
| ) |
Save a key pair and certificates to a file in PKCS12 format.
The tQSL_Cert must be initialized for signing (see tqsl_beginSigning()) if the user certificate is being exported.
The supplied p12password is used to encrypt the PKCS12 data.
| DLLEXPORT int CALLCONVENTION tqsl_exportPKCS12FileWeakCrypto | ( | tQSL_Cert | cert, |
| const char * | filename, | ||
| const char * | p12password | ||
| ) |
Save a key pair and certificates to a file in PKCS12 format. Use downgraded crypto for Apple Keyring compatibility.
The tQSL_Cert must be initialized for signing (see tqsl_beginSigning()) if the user certificate is being exported.
The supplied p12password is used to encrypt the PKCS12 data.
| DLLEXPORT void CALLCONVENTION tqsl_freeCertificate | ( | tQSL_Cert | cert | ) |
Free the memory used by the tQSL_Cert. Once this function is called, cert should not be used again in any way.
| DLLEXPORT void CALLCONVENTION tqsl_freeCertificateList | ( | tQSL_Cert * | list, |
| int | ncerts | ||
| ) |
Free the memory used by a certificate list. The allocated list of tQSL_Certs are freed and the pointer array is freed. Once this function is called, the list or the cert should not be used again in any way.
| DLLEXPORT void CALLCONVENTION tqsl_freeDeletedCertificateList | ( | char ** | list, |
| int | nloc | ||
| ) |
Free the list of restorable Callsign Certificates.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateAROName | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the ARO name string from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateCallSign | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the ARO call sign string from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateDXCCEntity | ( | tQSL_Cert | cert, |
| int * | dxcc | ||
| ) |
Get the DXCC entity number from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() dxcc - Pointer to an int to hold the returned date.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateEmailAddress | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the email address from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateEncoded | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the encoded certificate for inclusion in a GABBI file.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateIssuer | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the issuer (DN) string from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateIssuerOrganization | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the issuer's organization name from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateIssuerOrganizationalUnit | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the issuer's organizational unit name from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateKeyOnly | ( | tQSL_Cert | cert, |
| int * | keyonly | ||
| ) |
Find out if the "certificate" is just a key pair.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateNotAfterDate | ( | tQSL_Cert | cert, |
| tQSL_Date * | date | ||
| ) |
Get the certificate's not-after date from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() date - Pointer to a tQSL_Date struct to hold the returned date.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateNotBeforeDate | ( | tQSL_Cert | cert, |
| tQSL_Date * | date | ||
| ) |
Get the certificate's not-before date from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() date - Pointer to a tQSL_Date struct to hold the returned date.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificatePrivateKeyType | ( | tQSL_Cert | cert | ) |
Determine the nature of the private key associated with a certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates()Returns one of the following values:
TQSL_PK_TYPE_ERR - An error occurred. Use tqsl_getErrorString() to examine. TQSL_PK_TYPE_NONE - No matching private key was found. TQSL_PK_TYPE_UNENC - The matching private key is unencrypted. TQSL_PK_TYPE_ENC - The matching private key is encrypted (password protected). | DLLEXPORT int CALLCONVENTION tqsl_getCertificateQSONotAfterDate | ( | tQSL_Cert | cert, |
| tQSL_Date * | date | ||
| ) |
Get the QSO not-after date from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() date - Pointer to a tQSL_Date struct to hold the returned date.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateQSONotBeforeDate | ( | tQSL_Cert | cert, |
| tQSL_Date * | date | ||
| ) |
Get the QSO not-before date from a tQSL_Cert.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() date - Pointer to a tQSL_Date struct to hold the returned date.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateRequestAddress1 | ( | tQSL_Cert | cert, |
| char * | str, | ||
| int | bufsiz | ||
| ) |
Get the first address line from the certificate request used in applying for a tQSL_Cert certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateRequestAddress2 | ( | tQSL_Cert | cert, |
| char * | str, | ||
| int | bufsiz | ||
| ) |
Get the second address line from the certificate request used in applying for a tQSL_Cert certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateRequestCity | ( | tQSL_Cert | cert, |
| char * | str, | ||
| int | bufsiz | ||
| ) |
Get the city from the certificate request used in applying for a tQSL_Cert certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateRequestCountry | ( | tQSL_Cert | cert, |
| char * | str, | ||
| int | bufsiz | ||
| ) |
Get the country from the certificate request used in applying for a tQSL_Cert certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateRequestPostalCode | ( | tQSL_Cert | cert, |
| char * | str, | ||
| int | bufsiz | ||
| ) |
Get the postal (ZIP) code from the certificate request used in applying for a tQSL_Cert certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateRequestState | ( | tQSL_Cert | cert, |
| char * | str, | ||
| int | bufsiz | ||
| ) |
Get the state from the certificate request used in applying for a tQSL_Cert certificate.
cert - a tQSL_Cert object, normally one returned from tqsl_selectCertificates() buf - Buffer to hold the returned string. bufsiz - Size of buf.Returns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateSerial | ( | tQSL_Cert | cert, |
| long * | serial | ||
| ) |
Get the issuer's serial number of the certificate.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateSerialExt | ( | tQSL_Cert | cert, |
| char * | serial, | ||
| int | serialsiz | ||
| ) |
Get the issuer's serial number of the certificate as a hexadecimal string. Needed for certs with long serial numbers (typically root certs).
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateSerialLength | ( | tQSL_Cert | cert | ) |
Get the length of the issuer's serial number of the certificate as it will be returned by tqsl_getCertificateSerialExt.
| DLLEXPORT int CALLCONVENTION tqsl_getCertificateStatus | ( | long | serial | ) |
Determine the status of a callsign certificate
serial - the serial number of the certificate tqsl_selectCertificates() status - an integer to receive the certificate statusReturns one of the following values:
TQSL_CERT_STATUS_UNK - An error occurred and the status is unknown TQSL_CERT_STATUS_SUP - The certificate has been superceded TQSL_CERT_STATUS_EXP - The certificate has expired TQSL_CERT_STATUS_OK - The certificate is valid TQSL_CERT_STATUS_INV - The serial number supplied is invalid | DLLEXPORT int CALLCONVENTION tqsl_getDeletedCallsignCertificates | ( | char *** | calls, |
| int * | ncall, | ||
| const char * | filter | ||
| ) |
Get the list of restorable station locations.
| DLLEXPORT int CALLCONVENTION tqsl_getKeyEncoded | ( | tQSL_Cert | cert, |
| char * | buf, | ||
| int | bufsiz | ||
| ) |
Get the encoded private key for inclusion in a backup file.
| DLLEXPORT int CALLCONVENTION tqsl_getNumProviders | ( | int * | n | ) |
Get the number of certificate providers known to tqsllib.
| DLLEXPORT int CALLCONVENTION tqsl_getProvider | ( | int | idx, |
| TQSL_PROVIDER * | provider | ||
| ) |
Get the information for a certificate provider.
idx is the index, 0 <= idx < tqsl_getNumProviders() | DLLEXPORT int CALLCONVENTION tqsl_getSelectedCertificate | ( | tQSL_Cert * | cert, |
| const tQSL_Cert ** | certlist, | ||
| int | idx | ||
| ) |
Get a particulat certificate from the list returnded by tqsl_selectCertificates. This function exists principally to make it easier for VB programs to access the list of certificates.
It is the caller's responsibility to ensure that 0 <= idx < ncerts (where ncerts is the value returned by tqsl_selectCertificates)
| DLLEXPORT int CALLCONVENTION tqsl_getSerialFromTQSLFile | ( | const char * | file, |
| long * | serial | ||
| ) |
Get the serial for the first user cert from a .tq6 file used to support asking the user to save their cert after import
file is the path to the file serial is where the serial number is returnedReturns 0 on success, nonzero on failure.
| DLLEXPORT int CALLCONVENTION tqsl_importKeyPairEncoded | ( | const char * | callsign, |
| const char * | type, | ||
| const char * | keybuf, | ||
| const char * | certbuf | ||
| ) |
Import a base64 encoded certificate and private key from a backup file.
| DLLEXPORT int CALLCONVENTION tqsl_importPKCS12Base64 | ( | const char * | base64, |
| const char * | p12password, | ||
| const char * | password, | ||
| int(*)(char *buf, int bufsiz, void *userdata) | pwcb, | ||
| int(*)(int type, const char *message, void *userdata) | cb, | ||
| void * | user | ||
| ) |
Load certificates and a private key from a Base64 encoded PKCS12 string.
| DLLEXPORT int CALLCONVENTION tqsl_importPKCS12File | ( | const char * | filename, |
| const char * | p12password, | ||
| const char * | password, | ||
| int(*)(char *buf, int bufsiz, void *userdata) | pwcb, | ||
| int(*)(int type, const char *message, void *userdata) | cb, | ||
| void * | user | ||
| ) |
Load certificates and a private key from a PKCS12 file.
| DLLEXPORT int CALLCONVENTION tqsl_importTQSLFile | ( | const char * | file, |
| int(*)(int type, const char *message, void *userdata) | cb, | ||
| void * | user | ||
| ) |
Import a Gabbi cert file received from a CA
The callback, cb, will be called whenever a certificate is ready to be imported:
cb(type, message);
type has several fields that can be accessed via macros:
TQSL_CERT_CB_CALL_TYPE(type) := TQSL_CERT_CB_MILESTONE | TQSL_CERT_CB_RESULT
TQSL_CERT_CB_CERT_TYPE(type) := TQSL_CERT_CB_ROOT | TQSL_CERT_CB_CA | TQSL_CERT_CB_USER
TQSL_CERT_CB_RESULT_TYPE(type) := TQSL_CERT_CB_PROMPT | TQSL_CERT_CB_WARNING | TQSL_CERT_CB_ERROR
TQSL_CERT_CB_RESULT_TYPE() is meaningful only if TQSL_CERT_CB_CALL_TYPE() == TQSL_CERT_CB_RESULT
| DLLEXPORT int CALLCONVENTION tqsl_isCertificateExpired | ( | tQSL_Cert | cert, |
| int * | status | ||
| ) |
Find out if the "certificate" is expired
| DLLEXPORT int CALLCONVENTION tqsl_isCertificateSuperceded | ( | tQSL_Cert | cert, |
| int * | status | ||
| ) |
Find out if the "certificate" is superceded
| DLLEXPORT int CALLCONVENTION tqsl_restoreCallsignCertificate | ( | const char * | callsign | ) |
Restore a deleted callsign certificate by callsign.
| DLLEXPORT int CALLCONVENTION tqsl_selectCACertificates | ( | tQSL_Cert ** | certlist, |
| int * | ncerts, | ||
| const char * | type | ||
| ) |
Get a list of authority certificates
Selects a set of certificates from the root or authorities certificate stores The function produces a list of tQSL_Cert objects.
Each of the tQSL_Cert objects in the list should be freed by calling tqsl_freeCertificate(). tqsl_freeCertificateList() is a better function to use for that as it also frees the allocated array that holds the certificate pointers.
| DLLEXPORT int CALLCONVENTION tqsl_selectCertificates | ( | tQSL_Cert ** | certlist, |
| int * | ncerts, | ||
| const char * | callsign, | ||
| int | dxcc, | ||
| const tQSL_Date * | date, | ||
| const TQSL_PROVIDER * | issuer, | ||
| int | flag | ||
| ) |
Get a list of certificates
Selects a set of certificates from the user's certificate store based on optional selection criteria. The function produces a list of tQSL_Cert objects.
certlist - Pointer to a variable that is set by the function to point to the list of tQSL_Cert objects. ncerts - Pointer to an int that is set to the number of objects in the certlist list. callsign - Optional call sign to match. date - Optional QSO date string in ISO format. Only certs that have a QSO date range that encompasses this date will be returned. issuer - Optional issuer (DN) string to match. flag - OR of TQSL_SELECT_CERT_EXPIRED (include expired certs), TQSL_SELECT_CERT_SUPERCEDED and TQSL_SELECT_CERT_WITHKEYS (keys that don't have associated certs will be returned).Returns 0 on success, nonzero on failure.
Each of the tQSL_Cert objects in the list should be freed by calling tqsl_freeCertificate(). tqsl_freeCertificateList() is a better function to use for that as it also frees the allocated array that holds the certificate pointers.
| DLLEXPORT int CALLCONVENTION tqsl_setCertificateStatus | ( | long | serial, |
| const char * | status | ||
| ) |
Store the status of a callsign certificate
serial - serial number of the certificate status - the status value to store. 1.9.6