/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. * * Copyright 2018 (c) Mark Giraud, Fraunhofer IOSB */ #ifndef UA_PLUGIN_PKI_H_ #define UA_PLUGIN_PKI_H_ #include #include _UA_BEGIN_DECLS /** * Public Key Infrastructure Integration * ===================================== * This file contains interface definitions for integration in a Public Key * Infrastructure (PKI). Currently only one plugin interface is defined. * * Certificate Verification * ------------------------ * This plugin verifies that the origin of the certificate is trusted. It does * not assign any access rights/roles to the holder of the certificate. * * Usually, implementations of the certificate verification plugin provide an * initialization method that takes a trust-list and a revocation-list as input. * The lifecycle of the plugin is attached to a server or client config. The * ``deleteMembers`` method is called automatically when the config is * destroyed. */ struct UA_CertificateVerification; typedef struct UA_CertificateVerification UA_CertificateVerification; struct UA_CertificateVerification { void *context; /* Verify the certificate against the configured policies and trust chain. */ UA_StatusCode (*verifyCertificate)(void *verificationContext, const UA_ByteString *certificate); /* Verify that the certificate has the applicationURI in the subject name. */ UA_StatusCode (*verifyApplicationURI)(void *verificationContext, const UA_ByteString *certificate, const UA_String *applicationURI); /* Delete the certificate verification context */ void (*deleteMembers)(UA_CertificateVerification *cv); }; _UA_END_DECLS #endif /* UA_PLUGIN_PKI_H_ */