Couchbase Lite C
Couchbase Lite C API
Loading...
Searching...
No Matches
CBLTLSIdentity.h
Go to the documentation of this file.
1//
2// CBLTLSIdentity.h
3//
4// Copyright (c) 2025 Couchbase, Inc All rights reserved.
5//
6// Licensed under the Apache License, Version 2.0 (the "License");
7// you may not use this file except in compliance with the License.
8// You may obtain a copy of the License at
9//
10// http://www.apache.org/licenses/LICENSE-2.0
11//
12// Unless required by applicable law or agreed to in writing, software
13// distributed under the License is distributed on an "AS IS" BASIS,
14// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15// See the License for the specific language governing permissions and
16// limitations under the License.
17//
18
19#pragma once
20#include "CBLBase.h"
21
22#ifdef COUCHBASE_ENTERPRISE
23
24#ifdef __OBJC__
25#import <Foundation/Foundation.h>
26#import <Security/Security.h>
27#endif
28
29CBL_CAPI_BEGIN
30
59
63
64// Certificate Attribute Keys:
65CBL_PUBLIC extern const FLString kCBLCertAttrKeyCommonName; // "CN", e.g. "Jane Doe", (or "jane.example.com")
66CBL_PUBLIC extern const FLString kCBLCertAttrKeyPseudonym; // "pseudonym", e.g. "plainjane837"
67CBL_PUBLIC extern const FLString kCBLCertAttrKeyGivenName; // "GN", e.g. "Jane"
68CBL_PUBLIC extern const FLString kCBLCertAttrKeySurname; // "SN", e.g. "Doe"
69CBL_PUBLIC extern const FLString kCBLCertAttrKeyOrganization; // "O", e.g. "Example Corp."
70CBL_PUBLIC extern const FLString kCBLCertAttrKeyOrganizationUnit; // "OU", e.g. "Marketing"
71CBL_PUBLIC extern const FLString kCBLCertAttrKeyPostalAddress; // "postalAddress", e.g. "123 Example Blvd #2A"
72CBL_PUBLIC extern const FLString kCBLCertAttrKeyLocality; // "L", e.g. "Boston"
73CBL_PUBLIC extern const FLString kCBLCertAttrKeyPostalCode; // "postalCode", e.g. "02134"
74CBL_PUBLIC extern const FLString kCBLCertAttrKeyStateOrProvince; // "ST", e.g. "Massachusetts" (or "Quebec", ...)
75CBL_PUBLIC extern const FLString kCBLCertAttrKeyCountry; // "C", e.g. "us" (2-letter ISO country code)
76
77// Certificate Subject Alternative Name attribute Keys:
78CBL_PUBLIC extern const FLString kCBLCertAttrKeyEmailAddress; // "rfc822Name", e.g. "jane@example.com"
79CBL_PUBLIC extern const FLString kCBLCertAttrKeyHostname; // "dNSName", e.g. "www.example.com"
80CBL_PUBLIC extern const FLString kCBLCertAttrKeyURL; // "uniformResourceIdentifier", e.g. "https://example.com/jane"
81CBL_PUBLIC extern const FLString kCBLCertAttrKeyIPAddress; // "iPAddress", e.g. An IP Address in binary format e.g. "\x0A\x00\x01\x01"
82CBL_PUBLIC extern const FLString kCBLCertAttrKeyRegisteredID; // "registeredID", e.g. A domain-specific identifier encoded as an ASN.1 Object Identifier (OID) in DER format.
83
85typedef struct CBLCert CBLCert;
86CBL_REFCOUNTED(CBLCert*, Cert);
87
89typedef struct CBLKeyPair CBLKeyPair;
90CBL_REFCOUNTED(CBLKeyPair*, KeyPair);
91
99_cbl_warn_unused
100CBLCert* _cbl_nullable CBLCert_CreateWithData(FLSlice certData, CBLError* _cbl_nullable outError) CBLAPI;
101
106_cbl_warn_unused
107CBLCert* _cbl_nullable CBLCert_CertNextInChain(CBLCert* cert) CBLAPI;
108
115_cbl_warn_unused
116FLSliceResult CBLCert_Data(CBLCert* cert, bool pemEncoded) CBLAPI;
117
125_cbl_warn_unused
126FLSliceResult CBLCert_SubjectName(CBLCert* cert) CBLAPI;
127
133_cbl_warn_unused
134FLSliceResult CBLCert_SubjectNameComponent(CBLCert* cert, FLString attributeKey) CBLAPI;
135
140void CBLCert_ValidTimespan(CBLCert* cert,
141 CBLTimestamp* _cbl_nullable outCreated,
142 CBLTimestamp* _cbl_nullable outExpires) CBLAPI;
143
146_cbl_warn_unused
147CBLKeyPair* CBLCert_PublicKey(CBLCert*) CBLAPI;
148
150
154
165
170typedef struct CBLExternalKeyCallbacks {
178 bool (*publicKeyData)(void* externalKey, void* output, size_t outputMaxLen, size_t* outputLen);
179
190 bool (*decrypt)(void* externalKey, FLSlice input, void* output, size_t outputMaxLen, size_t* outputLen);
191
203 bool (*sign)(void* externalKey, CBLSignatureDigestAlgorithm digestAlgorithm, FLSlice inputData, void* outSignature);
204
208 void (*_cbl_nullable free)(void* externalKey);
209} CBLExternalKeyCallbacks;
210
219_cbl_warn_unused
220CBLKeyPair* _cbl_nullable CBLKeyPair_CreateWithExternalKey(size_t keySizeInBits,
221 void* externalKey,
222 CBLExternalKeyCallbacks callbacks,
223 CBLError* _cbl_nullable outError) CBLAPI;
224
232_cbl_warn_unused
233CBLKeyPair* _cbl_nullable CBLKeyPair_CreateWithPrivateKeyData(FLSlice privateKeyData,
234 FLSlice passwordOrNull,
235 CBLError* _cbl_nullable outError) CBLAPI;
236
237
243_cbl_warn_unused
244FLSliceResult CBLKeyPair_PublicKeyDigest(CBLKeyPair* keyPair) CBLAPI;
245
251_cbl_warn_unused
252FLSliceResult CBLKeyPair_PublicKeyData(CBLKeyPair* keyPair) CBLAPI;
253
259_cbl_warn_unused
260FLSliceResult CBLKeyPair_PrivateKeyData(CBLKeyPair* keyPair) CBLAPI;
261
263
267
269typedef struct CBLTLSIdentity CBLTLSIdentity;
270CBL_REFCOUNTED(CBLTLSIdentity*, TLSIdentity);
271
272
276_cbl_warn_unused
277CBLCert* CBLTLSIdentity_Certificates(CBLTLSIdentity* identity) CBLAPI;
278
280
284CBLTimestamp CBLTLSIdentity_Expiration(CBLTLSIdentity* identity) CBLAPI;
285
293
306_cbl_warn_unused
307CBLTLSIdentity* _cbl_nullable CBLTLSIdentity_CreateIdentity(CBLKeyUsages keyUsages,
308 FLDict attributes,
309 int64_t validityInMilliseconds,
310 FLString label,
311 CBLError* _cbl_nullable outError) CBLAPI;
312
322_cbl_warn_unused
323CBLTLSIdentity* _cbl_nullable CBLTLSIdentity_CreateIdentityWithKeyPair(CBLKeyUsages keyUsages,
324 CBLKeyPair* keypair,
325 FLDict attributes,
326 int64_t validityInMilliseconds,
327 CBLError* _cbl_nullable outError) CBLAPI;
328
329#if !defined(__linux__) && !defined(__ANDROID__)
330
337bool CBLTLSIdentity_DeleteIdentityWithLabel(FLString label,
338 CBLError* _cbl_nullable outError) CBLAPI;
339
340_cbl_warn_unused
349CBLTLSIdentity* _cbl_nullable CBLTLSIdentity_IdentityWithLabel(FLString label,
350 CBLError* _cbl_nullable outError) CBLAPI;
351
352#endif //#if !defined(__linux__) && !defined(__ANDROID__)
353
361_cbl_warn_unused
362CBLTLSIdentity* _cbl_nullable CBLTLSIdentity_IdentityWithKeyPairAndCerts(CBLKeyPair* keypair,
363 CBLCert* cert,
364 CBLError* _cbl_nullable outError) CBLAPI;
365
366#if !defined(__linux__) && !defined(__ANDROID__)
367
376_cbl_warn_unused
377CBLTLSIdentity* _cbl_nullable CBLTLSIdentity_IdentityWithCerts(CBLCert* cert,
378 CBLError* _cbl_nullable outError) CBLAPI;
379
380#endif //#if !defined(__linux__) && !defined(__ANDROID__)
381
382#ifdef __OBJC__
383
390CBLTLSIdentity* _cbl_nullable CBLTLSIdentity_IdentityWithSecIdentity(SecIdentityRef secIdentity,
391 NSArray* _cbl_nullable certs,
392 CBLError* _cbl_nullable outError) CBLAPI;
393
394#endif //#ifdef __OBJC__
395
397 // end of outer \defgroup
399
400CBL_CAPI_END
401
402#endif // #ifdef COUCHBASE_ENTERPRISE
CBL_OPTIONS
#define CBL_OPTIONS(_type, _name)
Definition CBL_Compat.h:63
CBLAPI
#define CBLAPI
Definition CBL_Compat.h:105
_cbl_nullable
#define _cbl_nullable
Definition CBL_Compat.h:92
CBL_CAPI_BEGIN
#define CBL_CAPI_BEGIN
Definition CBL_Compat.h:107
CBL_CAPI_END
#define CBL_CAPI_END
Definition CBL_Compat.h:108
CBL_PUBLIC
#define CBL_PUBLIC
Definition CBL_Compat.h:125
CBL_ENUM
#define CBL_ENUM(_type, _name)
Definition CBL_Compat.h:62
_cbl_warn_unused
#define _cbl_warn_unused
Definition CBL_Compat.h:40
FLString
FLSlice FLString
Definition FLSlice.h:98
CBLKeyPair_PrivateKeyData
_cbl_warn_unused FLSliceResult CBLKeyPair_PrivateKeyData(CBLKeyPair *keyPair)
Returns the private key data in DER format, if the private key is known and its data is accessible.
kCBLCertAttrKeyStateOrProvince
CBL_PUBLIC const FLString kCBLCertAttrKeyStateOrProvince
CBLKeyPair_CreateWithPrivateKeyData
_cbl_warn_unused CBLKeyPair *_cbl_nullable CBLKeyPair_CreateWithPrivateKeyData(FLSlice privateKeyData, FLSlice passwordOrNull, CBLError *_cbl_nullable outError)
Creates an RSA KeyPair from private key data in PEM or DER format.
CBLTLSIdentity_IdentityWithCerts
_cbl_warn_unused CBLTLSIdentity *_cbl_nullable CBLTLSIdentity_IdentityWithCerts(CBLCert *cert, CBLError *_cbl_nullable outError)
Returns an existing TLS identity associated with the provided certificate chain in the keystore (Keyc...
CBLCert_ValidTimespan
void CBLCert_ValidTimespan(CBLCert *cert, CBLTimestamp *_cbl_nullable outCreated, CBLTimestamp *_cbl_nullable outExpires)
Returns the time range during which a certificate is valid.
CBLCert_CertNextInChain
_cbl_warn_unused CBLCert *_cbl_nullable CBLCert_CertNextInChain(CBLCert *cert)
Gets the next certificate in the chain if presents.
kCBLCertAttrKeyPseudonym
CBL_PUBLIC const FLString kCBLCertAttrKeyPseudonym
CBLCert_Data
_cbl_warn_unused FLSliceResult CBLCert_Data(CBLCert *cert, bool pemEncoded)
Returns the X.509 certificate data in either DER or PEM format.
kCBLCertAttrKeyEmailAddress
CBL_PUBLIC const FLString kCBLCertAttrKeyEmailAddress
CBLTLSIdentity_CreateIdentityWithKeyPair
_cbl_warn_unused CBLTLSIdentity *_cbl_nullable CBLTLSIdentity_CreateIdentityWithKeyPair(CBLKeyUsages keyUsages, CBLKeyPair *keypair, FLDict attributes, int64_t validityInMilliseconds, CBLError *_cbl_nullable outError)
Creates a self-signed TLS identity using the provided RSA key pair and certificate attributes.
CBLTLSIdentity_IdentityWithKeyPairAndCerts
_cbl_warn_unused CBLTLSIdentity *_cbl_nullable CBLTLSIdentity_IdentityWithKeyPairAndCerts(CBLKeyPair *keypair, CBLCert *cert, CBLError *_cbl_nullable outError)
Returns a TLS identity from an existing identity using the provided RSA keypair and certificate chain...
kCBLCertAttrKeyPostalAddress
CBL_PUBLIC const FLString kCBLCertAttrKeyPostalAddress
CBLKeyPair
struct CBLKeyPair CBLKeyPair
An opaque object representing the key pair.
Definition CBLTLSIdentity.h:89
CBLKeyPair_PublicKeyDigest
_cbl_warn_unused FLSliceResult CBLKeyPair_PublicKeyDigest(CBLKeyPair *keyPair)
Returns a hex-encoded digest of the public key.
CBLCert
struct CBLCert CBLCert
An opaque object representing the X.509 Certifcate.
Definition CBLBase.h:249
kCBLCertAttrKeyCountry
CBL_PUBLIC const FLString kCBLCertAttrKeyCountry
CBLTLSIdentity_DeleteIdentityWithLabel
bool CBLTLSIdentity_DeleteIdentityWithLabel(FLString label, CBLError *_cbl_nullable outError)
Deletes the TLS identity associated with the given persistent label from the platform's keystore (Key...
kCBLCertAttrKeyCommonName
CBL_PUBLIC const FLString kCBLCertAttrKeyCommonName
CBLCert_PublicKey
_cbl_warn_unused CBLKeyPair * CBLCert_PublicKey(CBLCert *)
Returns a certificate's public key.
CBLKeyPair_PublicKeyData
_cbl_warn_unused FLSliceResult CBLKeyPair_PublicKeyData(CBLKeyPair *keyPair)
Returns the public key data.
CBLKeyPair_CreateWithExternalKey
_cbl_warn_unused CBLKeyPair *_cbl_nullable CBLKeyPair_CreateWithExternalKey(size_t keySizeInBits, void *externalKey, CBLExternalKeyCallbacks callbacks, CBLError *_cbl_nullable outError)
Returns an RSA key pair object that wraps an external key pair managed by application code.
CBLTLSIdentity_Certificates
_cbl_warn_unused CBLCert * CBLTLSIdentity_Certificates(CBLTLSIdentity *identity)
Returns the certificate chain associated with the given TLS identity.
CBLKeyUsages
CBLKeyUsages
Definition CBLTLSIdentity.h:289
CBLCert_SubjectName
_cbl_warn_unused FLSliceResult CBLCert_SubjectName(CBLCert *cert)
Returns the certificate's Subject Name, which identifies the cert's owner.
kCBLCertAttrKeyRegisteredID
CBL_PUBLIC const FLString kCBLCertAttrKeyRegisteredID
kCBLCertAttrKeyGivenName
CBL_PUBLIC const FLString kCBLCertAttrKeyGivenName
kCBLCertAttrKeyOrganizationUnit
CBL_PUBLIC const FLString kCBLCertAttrKeyOrganizationUnit
kCBLCertAttrKeyHostname
CBL_PUBLIC const FLString kCBLCertAttrKeyHostname
kCBLCertAttrKeyLocality
CBL_PUBLIC const FLString kCBLCertAttrKeyLocality
kCBLCertAttrKeyPostalCode
CBL_PUBLIC const FLString kCBLCertAttrKeyPostalCode
kCBLCertAttrKeySurname
CBL_PUBLIC const FLString kCBLCertAttrKeySurname
CBLCert_SubjectNameComponent
_cbl_warn_unused FLSliceResult CBLCert_SubjectNameComponent(CBLCert *cert, FLString attributeKey)
Returns a component of the certificate's subject name that matches the specified attribute key.
CBLTLSIdentity
struct CBLTLSIdentity CBLTLSIdentity
An opaque object representing the TLSIdentity.
Definition CBLTLSIdentity.h:269
kCBLCertAttrKeyOrganization
CBL_PUBLIC const FLString kCBLCertAttrKeyOrganization
CBLTLSIdentity_Expiration
CBLTimestamp CBLTLSIdentity_Expiration(CBLTLSIdentity *identity)
Returns the date/time at which the first certificate in the chain expires.
CBLSignatureDigestAlgorithm
CBLSignatureDigestAlgorithm
Definition CBLTLSIdentity.h:156
CBLTLSIdentity_CreateIdentity
_cbl_warn_unused CBLTLSIdentity *_cbl_nullable CBLTLSIdentity_CreateIdentity(CBLKeyUsages keyUsages, FLDict attributes, int64_t validityInMilliseconds, FLString label, CBLError *_cbl_nullable outError)
Creates a self-signed TLS identity using the specified certificate attributes.
kCBLCertAttrKeyIPAddress
CBL_PUBLIC const FLString kCBLCertAttrKeyIPAddress
CBLTLSIdentity_IdentityWithLabel
_cbl_warn_unused CBLTLSIdentity *_cbl_nullable CBLTLSIdentity_IdentityWithLabel(FLString label, CBLError *_cbl_nullable outError)
Retrieves a TLS identity associated with the given persistent label from the platform's keystore (Key...
CBLCert_CreateWithData
_cbl_warn_unused CBLCert *_cbl_nullable CBLCert_CreateWithData(FLSlice certData, CBLError *_cbl_nullable outError)
Creates a CBLCert from X.509 certificate data in DER or PEM format.
kCBLCertAttrKeyURL
CBL_PUBLIC const FLString kCBLCertAttrKeyURL
kCBLKeyUsagesClientAuth
@ kCBLKeyUsagesClientAuth
For client authentication.
Definition CBLTLSIdentity.h:290
kCBLKeyUsagesServerAuth
@ kCBLKeyUsagesServerAuth
For server authentication.
Definition CBLTLSIdentity.h:291
kCBLSignatureDigestNone
@ kCBLSignatureDigestNone
No digest, just direct signature of input data.
Definition CBLTLSIdentity.h:157
kCBLSignatureDigestSHA512
@ kCBLSignatureDigestSHA512
SHA-512 message digest.
Definition CBLTLSIdentity.h:162
kCBLSignatureDigestSHA224
@ kCBLSignatureDigestSHA224
SHA-224 message digest.
Definition CBLTLSIdentity.h:159
kCBLSignatureDigestSHA384
@ kCBLSignatureDigestSHA384
SHA-384 message digest.
Definition CBLTLSIdentity.h:161
kCBLSignatureDigestSHA1
@ kCBLSignatureDigestSHA1
SHA-1 message digest.
Definition CBLTLSIdentity.h:158
kCBLSignatureDigestRIPEMD160
@ kCBLSignatureDigestRIPEMD160
RIPEMD-160 message digest.
Definition CBLTLSIdentity.h:163
kCBLSignatureDigestSHA256
@ kCBLSignatureDigestSHA256
SHA-256 message digest.
Definition CBLTLSIdentity.h:160
CBLTimestamp
int64_t CBLTimestamp
A date/time representation used for document expiration (and in date/time queries....
Definition CBLBase.h:124
CBL_REFCOUNTED
#define CBL_REFCOUNTED(TYPE, NAME)
Definition CBLBase.h:171
FLDict
const struct _FLDict * FLDict
A reference to a dictionary (map) value.
Definition FLBase.h:37
CBLError
A struct holding information about an error.
Definition CBLBase.h:105
CBLExternalKeyCallbacks
Callbacks for performing cryptographic operations with an externally managed key pair.
Definition CBLTLSIdentity.h:170
CBLExternalKeyCallbacks::_cbl_nullable
void(* _cbl_nullable)(void *externalKey)
Called when the CBLKeyPair is released and the callback is no longer needed, so that your code can fr...
Definition CBLTLSIdentity.h:208
CBLExternalKeyCallbacks::publicKeyData
bool(* publicKeyData)(void *externalKey, void *output, size_t outputMaxLen, size_t *outputLen)
Provides the public key data as an ASN.1 DER-encoded SubjectPublicKeyInfo structure.
Definition CBLTLSIdentity.h:178
CBLExternalKeyCallbacks::decrypt
bool(* decrypt)(void *externalKey, FLSlice input, void *output, size_t outputMaxLen, size_t *outputLen)
Decrypts the input data using the private key, applying the RSA algorithm with PKCS#1 v1....
Definition CBLTLSIdentity.h:190
CBLExternalKeyCallbacks::sign
bool(* sign)(void *externalKey, CBLSignatureDigestAlgorithm digestAlgorithm, FLSlice inputData, void *outSignature)
Generates a signature for the input data using the private key and the PKCS#1 v1.5 padding algorithm.
Definition CBLTLSIdentity.h:203
FLSlice
A simple reference to a block of memory.
Definition FLSlice.h:45
FLSliceResult
A heap-allocated block of memory returned from an API call.
Definition FLSlice.h:66
Generated by doxygen 1.14.0