1/*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef NET_SSL_C_H
17#define NET_SSL_C_H
18
19/**
20 * @addtogroup netstack
21 * @{
22 *
23 * @brief Provides C APIs for the SSL/TLS certificate chain verification module.
24 *
25 * @since 11
26 * @version 1.0
27 */
28
29/**
30 * @file net_ssl_c.h
31 *
32 * @brief Defines C APIs for the SSL/TLS certificate chain verification module.
33 *
34 * @library libnet_ssl.so
35 * @kit NetworkKit
36 * @syscap SystemCapability.Communication.NetStack
37 * @since 11
38 * @version 1.0
39 */
40
41#include "net_ssl_c_type.h"
42
43#ifdef __cplusplus
44extern "C" {
45#endif
46
47/**
48 * @brief Provides certificate chain verification APIs for external systems.
49 *
50 * @param cert Certificate to be verified.
51 * @param caCert CA certificate specified by the user. If this parameter is left blank, the preset certificate is used.
52 * @return 0 - success.
53 * 2305001 - Unspecified error.
54 * 2305002 - Unable to get issuer certificate.
55 * 2305003 - Unable to get certificate revocation list (CRL).
56 * 2305004 - Unable to decrypt certificate signature.
57 * 2305005 - Unable to decrypt CRL signature.
58 * 2305006 - Unable to decode issuer public key.
59 * 2305007 - Certificate signature failure.
60 * 2305008 - CRL signature failure.
61 * 2305009 - Certificate is not yet valid.
62 * 2305010 - Certificate has expired.
63 * 2305011 - CRL is not yet valid.
64 * 2305012 - CRL has expired.
65 * 2305023 - Certificate has been revoked.
66 * 2305024 - Invalid certificate authority (CA).
67 * 2305027 - Certificate is untrusted.
68 * @syscap SystemCapability.Communication.NetStack
69 * @since 11
70 * @version 1.0
71 */
72uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert);
73
74/**
75 * @brief Gets pin set for hostname.
76 *
77 * @param hostname Hostname.
78 * @param pin Certificate lock information.
79 * @return 0 - Success.
80 *         401 - Parameter error.
81 *         2305999 - Out of memory.
82 * @syscap SystemCapability.Communication.NetStack
83 * @since 12
84 * @version 1.0
85 */
86int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_CertificatePinning *pin);
87
88/**
89 * @brief Gets certificates for hostname.
90 *
91 * @param hostname Hostname.
92 * @param certs Certificate Information.
93 * @return 0 - Success.
94 *         401 - Parameter error.
95 *         2305999 - Out of memory.
96 * @syscap SystemCapability.Communication.NetStack
97 * @since 12
98 * @version 1.0
99 */
100int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Certificates *certs);
101
102/**
103 * @brief Frees content of the certificates.
104 *
105 * @param certs Certificate.
106 * @syscap SystemCapability.Communication.NetStack
107 * @since 12
108 * @version 1.0
109 */
110void OH_Netstack_DestroyCertificatesContent(NetStack_Certificates *certs);
111
112#ifdef __cplusplus
113}
114#endif
115
116#endif // NET_SSL_C_H
117