CertificateGroup Plugin API --------------------------- .. code-block:: c struct UA_CertificateGroup { /* The NodeId of the certificate group this pki store is associated with */ UA_NodeId certificateGroupId; /* Context-pointer to be set by the CertificateGroup plugin implementation */ void *context; /* Pointer to logging pointer in the server/client configuration. If the * logging pointer is changed outside of the plugin, the new logger is used * automatically. */ const UA_Logger *logging; UA_StatusCode (*getTrustList)(UA_CertificateGroup *certGroup, UA_TrustListDataType *trustList); UA_StatusCode (*setTrustList)(UA_CertificateGroup *certGroup, const UA_TrustListDataType *trustList); UA_StatusCode (*addToTrustList)(UA_CertificateGroup *certGroup, const UA_TrustListDataType *trustList); UA_StatusCode (*removeFromTrustList)(UA_CertificateGroup *certGroup, const UA_TrustListDataType *trustList); UA_StatusCode (*getRejectedList)(UA_CertificateGroup *certGroup, UA_ByteString **rejectedList, size_t *rejectedListSize); /* Provides all associated CRLs for a CA certificate. */ UA_StatusCode (*getCertificateCrls)(UA_CertificateGroup *certGroup, const UA_ByteString *certificate, const UA_Boolean isTrusted, UA_ByteString **crls, size_t *crlsSize); UA_StatusCode (*verifyCertificate)(UA_CertificateGroup *certGroup, const UA_ByteString *certificate); void (*clear)(UA_CertificateGroup *certGroup); }; /* Verify that the certificate has the applicationURI in the subject name. */ UA_StatusCode UA_CertificateUtils_verifyApplicationURI(UA_RuleHandling ruleHandling, const UA_ByteString *certificate, const UA_String *applicationURI, UA_Logger *logger); /* Get the expire date from certificate */ UA_StatusCode UA_CertificateUtils_getExpirationDate(UA_ByteString *certificate, UA_DateTime *expiryDateTime); UA_StatusCode UA_CertificateUtils_getSubjectName(UA_ByteString *certificate, UA_String *subjectName); UA_StatusCode UA_CertificateUtils_getThumbprint(UA_ByteString *certificate, UA_String *thumbprint); UA_StatusCode UA_CertificateUtils_getKeySize(UA_ByteString *certificate, size_t *keySize); /* Compares the public keys from two byte strings, which can represent either * certificates or Certificate Signing Requests (CSR). This function extracts * the public keys from the provided byte strings and compares them to determine * if they are identical. * * @param certificate1 Containing either a certificate or a CSR. * @param certificate2 Containing either a certificate or a CSR. * @return UA_STATUSCODE_GOOD if the public keys are identical, * UA_STATUSCODE_BADNOMATCH if the public keys do not match, * UA_STATUSCODE_BADINTERNALERROR if an error occurs. */ UA_StatusCode UA_CertificateUtils_comparePublicKeys(const UA_ByteString *certificate1, const UA_ByteString *certificate2); UA_StatusCode UA_CertificateUtils_checkKeyPair(const UA_ByteString *certificate, const UA_ByteString *privateKey); UA_StatusCode UA_CertificateUtils_checkCA(const UA_ByteString *certificate); /* Decrypt a private key in PEM format using a password. The output is the key * in the binary DER format. Also succeeds if the PEM private key does not * require a password or is already in the DER format. The outDerKey memory is * allocated internally. * * Returns UA_STATUSCODE_BADSECURITYCHECKSFAILED if the password is wrong. */ UA_StatusCode UA_CertificateUtils_decryptPrivateKey(const UA_ByteString privateKey, const UA_ByteString password, UA_ByteString *outDerKey);