/* crypto/x509/x509.h *//* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. *  * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to.  The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code.  The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). *  * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. *  * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright *    notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in the *    documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software *    must display the following acknowledgement: *    "This product includes cryptographic software written by *     Eric Young (eay@cryptsoft.com)" *    The word 'cryptographic' can be left out if the rouines from the library *    being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from  *    the apps directory (application code) you must include an acknowledgement: *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" *  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. *  * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed.  i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */#ifndef HEADER_X509_H#define HEADER_X509_H#include <openssl/symhacks.h>#ifndef OPENSSL_NO_BUFFER#include <openssl/buffer.h>#endif#ifndef OPENSSL_NO_EVP#include <openssl/evp.h>#endif#ifndef OPENSSL_NO_BIO#include <openssl/bio.h>#endif#include <openssl/stack.h>#include <openssl/asn1.h>#include <openssl/safestack.h>#ifndef OPENSSL_NO_RSA#include <openssl/rsa.h>#endif#ifndef OPENSSL_NO_DSA#include <openssl/dsa.h>#endif#ifndef OPENSSL_NO_DH#include <openssl/dh.h>#endif#ifndef OPENSSL_NO_SHA#include <openssl/sha.h>#endif#include <openssl/e_os2.h>#include <openssl/ossl_typ.h>#ifdef  __cplusplusextern "C" {#endif#ifdef OPENSSL_SYS_WIN32/* Under Win32 this is defined in wincrypt.h */#undef X509_NAME#endif#define X509_FILETYPE_PEM	1#define X509_FILETYPE_ASN1	2#define X509_FILETYPE_DEFAULT	3#define X509v3_KU_DIGITAL_SIGNATURE	0x0080#define X509v3_KU_NON_REPUDIATION	0x0040#define X509v3_KU_KEY_ENCIPHERMENT	0x0020#define X509v3_KU_DATA_ENCIPHERMENT	0x0010#define X509v3_KU_KEY_AGREEMENT		0x0008#define X509v3_KU_KEY_CERT_SIGN		0x0004#define X509v3_KU_CRL_SIGN		0x0002#define X509v3_KU_ENCIPHER_ONLY		0x0001#define X509v3_KU_DECIPHER_ONLY		0x8000#define X509v3_KU_UNDEF			0xfffftypedef struct X509_objects_st	{	int nid;	int (*a2i)();	int (*i2a)();	} X509_OBJECTS;struct X509_algor_st	{	ASN1_OBJECT *algorithm;	ASN1_TYPE *parameter;	} /* X509_ALGOR */;DECLARE_STACK_OF(X509_ALGOR)DECLARE_ASN1_SET_OF(X509_ALGOR)typedef struct X509_val_st	{	ASN1_TIME *notBefore;	ASN1_TIME *notAfter;	} X509_VAL;typedef struct X509_pubkey_st	{	X509_ALGOR *algor;	ASN1_BIT_STRING *public_key;	EVP_PKEY *pkey;	} X509_PUBKEY;typedef struct X509_sig_st	{	X509_ALGOR *algor;	ASN1_OCTET_STRING *digest;	} X509_SIG;typedef struct X509_name_entry_st	{	ASN1_OBJECT *object;	ASN1_STRING *value;	int set;	int size; 	/* temp variable */	} X509_NAME_ENTRY;DECLARE_STACK_OF(X509_NAME_ENTRY)DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)/* we always keep X509_NAMEs in 2 forms. */struct X509_name_st	{	STACK_OF(X509_NAME_ENTRY) *entries;	int modified;	/* true if 'bytes' needs to be built */#ifndef OPENSSL_NO_BUFFER	BUF_MEM *bytes;#else	char *bytes;#endif	unsigned long hash; /* Keep the hash around for lookups */	} /* X509_NAME */;DECLARE_STACK_OF(X509_NAME)#define X509_EX_V_NETSCAPE_HACK		0x8000#define X509_EX_V_INIT			0x0001typedef struct X509_extension_st	{	ASN1_OBJECT *object;	ASN1_BOOLEAN critical;	ASN1_OCTET_STRING *value;	} X509_EXTENSION;DECLARE_STACK_OF(X509_EXTENSION)DECLARE_ASN1_SET_OF(X509_EXTENSION)/* a sequence of these are used */typedef struct x509_attributes_st	{	ASN1_OBJECT *object;	int single; /* 0 for a set, 1 for a single item (which is wrong) */	union	{		char		*ptr;/* 0 */		STACK_OF(ASN1_TYPE) *set;/* 1 */		ASN1_TYPE	*single;		} value;	} X509_ATTRIBUTE;DECLARE_STACK_OF(X509_ATTRIBUTE)DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)typedef struct X509_req_info_st	{	ASN1_ENCODING enc;	ASN1_INTEGER *version;	X509_NAME *subject;	X509_PUBKEY *pubkey;	/*  d=2 hl=2 l=  0 cons: cont: 00 */	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */	} X509_REQ_INFO;typedef struct X509_req_st	{	X509_REQ_INFO *req_info;	X509_ALGOR *sig_alg;	ASN1_BIT_STRING *signature;	int references;	} X509_REQ;typedef struct x509_cinf_st	{	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */	ASN1_INTEGER *serialNumber;	X509_ALGOR *signature;	X509_NAME *issuer;	X509_VAL *validity;	X509_NAME *subject;	X509_PUBKEY *key;	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */	} X509_CINF;/* This stuff is certificate "auxiliary info" * it contains details which are useful in certificate * stores and databases. When used this is tagged onto * the end of the certificate itself */typedef struct x509_cert_aux_st	{	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */	ASN1_UTF8STRING *alias;			/* "friendly name" */	ASN1_OCTET_STRING *keyid;		/* key id of private key */	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */	} X509_CERT_AUX;struct x509_st	{	X509_CINF *cert_info;	X509_ALGOR *sig_alg;	ASN1_BIT_STRING *signature;	int valid;	int references;	char *name;	CRYPTO_EX_DATA ex_data;	/* These contain copies of various extension values */	long ex_pathlen;	unsigned long ex_flags;	unsigned long ex_kusage;	unsigned long ex_xkusage;	unsigned long ex_nscert;	ASN1_OCTET_STRING *skid;	struct AUTHORITY_KEYID_st *akid;#ifndef OPENSSL_NO_SHA	unsigned char sha1_hash[SHA_DIGEST_LENGTH];#endif	X509_CERT_AUX *aux;	} /* X509 */;DECLARE_STACK_OF(X509)DECLARE_ASN1_SET_OF(X509)/* This is used for a table of trust checking functions */typedef struct x509_trust_st {	int trust;	int flags;	int (*check_trust)(struct x509_trust_st *, X509 *, int);	char *name;	int arg1;	void *arg2;} X509_TRUST;DECLARE_STACK_OF(X509_TRUST)/* standard trust ids */#define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */#define X509_TRUST_COMPAT	1#define X509_TRUST_SSL_CLIENT	2#define X509_TRUST_SSL_SERVER	3#define X509_TRUST_EMAIL	4#define X509_TRUST_OBJECT_SIGN	5#define X509_TRUST_OCSP_SIGN	6#define X509_TRUST_OCSP_REQUEST	7/* Keep these up to date! */#define X509_TRUST_MIN		1#define X509_TRUST_MAX		7/* trust_flags values */#define	X509_TRUST_DYNAMIC 	1#define	X509_TRUST_DYNAMIC_NAME	2/* check_trust return codes */#define X509_TRUST_TRUSTED	1#define X509_TRUST_REJECTED	2#define X509_TRUST_UNTRUSTED	3/* Flags for X509_print_ex() */#define	X509_FLAG_COMPAT		0#define	X509_FLAG_NO_HEADER		1L#define	X509_FLAG_NO_VERSION		(1L << 1)#define	X509_FLAG_NO_SERIAL		(1L << 2)#define	X509_FLAG_NO_SIGNAME		(1L << 3)#define	X509_FLAG_NO_ISSUER		(1L << 4)#define	X509_FLAG_NO_VALIDITY		(1L << 5)#define	X509_FLAG_NO_SUBJECT		(1L << 6)#define	X509_FLAG_NO_PUBKEY		(1L << 7)#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)#define	X509_FLAG_NO_SIGDUMP		(1L << 9)#define	X509_FLAG_NO_AUX		(1L << 10)#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)/* Flags specific to X509_NAME_print_ex() */	/* The field separator information */#define XN_FLAG_SEP_MASK	(0xf << 16)#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order *//* How the field name is shown */#define XN_FLAG_FN_MASK		(0x3 << 21)#define XN_FLAG_FN_SN		0		/* Object short name */#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' *//* This determines if we dump fields we don't recognise: * RFC2253 requires this. */#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters *//* Complete set of RFC2253 flags */#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \			XN_FLAG_SEP_COMMA_PLUS | \			XN_FLAG_DN_REV | \			XN_FLAG_FN_SN | \			XN_FLAG_DUMP_UNKNOWN_FIELDS)/* readable oneline form */#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \			ASN1_STRFLGS_ESC_QUOTE | \			XN_FLAG_SEP_CPLUS_SPC | \			XN_FLAG_SPC_EQ | \			XN_FLAG_FN_SN)/* readable multiline form */#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \			ASN1_STRFLGS_ESC_MSB | \			XN_FLAG_SEP_MULTILINE | \			XN_FLAG_SPC_EQ | \			XN_FLAG_FN_LN | \			XN_FLAG_FN_ALIGN)typedef struct X509_revoked_st	{	ASN1_INTEGER *serialNumber;	ASN1_TIME *revocationDate;	STACK_OF(X509_EXTENSION) /* optional */ *extensions;	int sequence; /* load sequence */	} X509_REVOKED;DECLARE_STACK_OF(X509_REVOKED)DECLARE_ASN1_SET_OF(X509_REVOKED)typedef struct X509_crl_info_st	{	ASN1_INTEGER *version;	X509_ALGOR *sig_alg;	X509_NAME *issuer;	ASN1_TIME *lastUpdate;	ASN1_TIME *nextUpdate;	STACK_OF(X509_REVOKED) *revoked;	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;	ASN1_ENCODING enc;	} X509_CRL_INFO;struct X509_crl_st	{	/* actual signature */	X509_CRL_INFO *crl;	X509_ALGOR *sig_alg;