//------------------------------------------------------- // // DigiSign_Toolkit.DLL // // (C) Copyright 2003-2011, Fujitsu Services Oy // //------------------------------------------------------- /** \defgroup DS_Toolkit DigiSign Toolkit * Digisign toolkit interface. * Digisign toolkit interface is a C interface for accessing smart cards. * * Toolkit creates one or more worker threads that are started on dll load. * Threads cannot be stopped on dll uncload, so user should call * ReleaseToolkit() as last operation before releasing the DLL. * @{ */ /** \file * \ref DS_Toolkit header */ extern "C" { /** @name Certificates * @{ */ //------------------------------------------------------- // // FindCertificate // =============== // Description // // Finds and returns the hash of the first digital signature // certificate that associates with DigiSign Client // // IN: bufferLen length of the input buffer // // OUT: buffer hash value // bufferLen length if hash value // //-------------------------------------------------------- BOOL WINAPI FindFirst_DS_Certificate(BYTE *outBuffer,DWORD *outBufferLen); // Key usage = DigitalSignature BOOL WINAPI FindFirst_NR_Certificate(BYTE *outBuffer,DWORD *outBufferLen); // Key usage = nonRepudiation BOOL WINAPI FindNext_DS_Certificate(BYTE *inBuffer,DWORD inBufferLen,BYTE *outBuffer,DWORD *outBufferLen); BOOL WINAPI FindNext_NR_Certificate(BYTE *inBuffer,DWORD inBufferLen,BYTE *outBuffer,DWORD *outBufferLen); /** Certificate search conditions for SelectCertificateByKey(). */ enum TCertSearchKey { /// Search by key usage. SEARCH_KEY_USAGE, /// search by enhanced key usage SEARCH_ENH_KEY_USAGE }; /** Certificate search flags SelectCertificateByKey(). */ enum TCertSearchFlags { /// nonequeal comparsion, return all but matching SEARCHFLAG_NOT = 0x0001, /// Search only digisign certificates. When defined, this overloads /// registry setting onlyDigiSignCertificates. SEARCHFLAG_ONLY_DS = 0x0010, /// Search all certificates. When defined, this overloads /// registry setting onlyDigiSignCertificates. SEARCHFLAG_ALL = 0x0020 }; /** Search certificates and make a query if more than one certitificates are found. * @sa SelectCertificateByKey() for more options to select the certificates. * @param[in] NonRep Set to true for non repudiation certificates, false for signing * @param[out] Hash Buffer for certificate hash. * @param[in,out] HashLen Length of the hash. * @return true on on success. */ BOOL WINAPI SelectCertificate(bool NonRep,BYTE *Hash,DWORD *HashLen); /** Search certificates and make a query if more than one certitificates are found. * @sa SelectCertificate() * If more than one certificates are found, a selection dialog will be presented * to the user. * @param[in] KeyType Search key type * @param[in] Flags Addiotional search flags. see \ref TCertSearchFlags * for possible bits. * @param[in] Key Pointer to the key data. Contents depends on Criteria. * For integer values use DWORD. * @param[out] Hash Certificate hash * @param[out] HashLen Certificate hash length * @return success. false if not certificates are found or user cancels the selection. */ BOOL WINAPI SelectCertificateByKey(TCertSearchKey KeyType, WORD Flags, void* Key, BYTE *Hash,DWORD *HashLen); /** Search certificate and test validity (=key, CRL and certificateion path test) * @param[in] NonRep Set to true for non repudiation certificates, * false for signing * @param[out] certHash Tested certificate * @param[in,out] certHashLen Length of buffer * @param[out] cert Tested certificate * @param[in,out] certLen Length of buffer * @param[out] rootCert Root certificate tested against * @param[in,out] rootCertLen Length of buffer * @return true on on success. */ BOOL WINAPI FindAndTestCertificate(bool NonRep,BYTE *certHash,DWORD *certHashLen, BYTE *cert,DWORD *certLen,BYTE *rootCert,DWORD *rootCertLen); /// @} /** @name Signatures * @{ */ //------------------------------------------------------- // // Compute non-repudiation signature // ================================== // Description // // Finds suitable certificate and returns digital signature // // IN: bufferInLen length of the input buffer // // OUT: bufferOut digital signature // bufferOutLen length of value // //-------------------------------------------------------- BOOL WINAPI Compute_Signature(BYTE *certHash, DWORD certHashLen, BYTE *bufferIn, DWORD bufferInLen, BYTE *bufferOut,DWORD *bufferOutLen); BOOL WINAPI Compute_DS_Signature(BYTE *bufferIn, DWORD bufferInLen, BYTE *bufferOut,DWORD *bufferOutLen); BOOL WINAPI Compute_nonRepudiation_Signature(BYTE *bufferIn, DWORD bufferInLen, BYTE *bufferOut,DWORD *bufferOutLen); //------------------------------------------------------- // // Verify signature // ================= // Description // // Verify signature // // IN: bufferLen length of the input buffer // // OUT: buffer Signed value // bufferLen length of value // //-------------------------------------------------------- BOOL WINAPI Verify_Signature(const BYTE *bufferIn, DWORD bufferInLen, BYTE *bufferOut,DWORD *bufferOutLen); BOOL WINAPI Verify_Signature_and_GetSignerCert(const BYTE *bufferIn, DWORD bufferInLen, BYTE *bufferOut,DWORD *bufferOutLen, BYTE *cert,DWORD *certLen); /* Create a XML signature for given data. * If more than one certificates for non repudiation signatuires are found, user * is prompted to select the certificate. Otherwise the only one (if found) is used * automatically. * * @param[in] Data Null terminated data string. * @param[in] IsXML Is data XML itself. Note: This parameter * is not yet supported. All data is handled as * plain text. * @param[out] BufferOut Buffer for the signature. * @param[in,out] BufferLen Length of the signed bugger and length of the result. * * @return TRUE on success. */ BOOL WINAPI Compute_XML_Signature(const char* Data, bool IsXML, char* BufferOut, DWORD *BufferLen); /// @} //------------------------------------------------------- // // mPolluxAuthenticate // =================== // Description // // Opens SSL connection against mPollux server by // using DS certificate // // IN: URL Address of the mPollux server // // OUT: bufferOut response // bufferOutLen response length // //-------------------------------------------------------- // // #define WINHTTP_CALLBACK_STATUS_RESOLVING_NAME 0x00000001 // #define WINHTTP_CALLBACK_STATUS_NAME_RESOLVED 0x00000002 // #define WINHTTP_CALLBACK_STATUS_CONNECTING_TO_SERVER 0x00000004 // #define WINHTTP_CALLBACK_STATUS_CONNECTED_TO_SERVER 0x00000008 // #define WINHTTP_CALLBACK_STATUS_SENDING_REQUEST 0x00000010 // #define WINHTTP_CALLBACK_STATUS_REQUEST_SENT 0x00000020 // #define WINHTTP_CALLBACK_STATUS_RECEIVING_RESPONSE 0x00000040 // #define WINHTTP_CALLBACK_STATUS_RESPONSE_RECEIVED 0x00000080 // #define WINHTTP_CALLBACK_STATUS_CLOSING_CONNECTION 0x00000100 // #define WINHTTP_CALLBACK_STATUS_CONNECTION_CLOSED 0x00000200 // #define WINHTTP_CALLBACK_STATUS_HANDLE_CREATED 0x00000400 // #define WINHTTP_CALLBACK_STATUS_HANDLE_CLOSING 0x00000800 // #define WINHTTP_CALLBACK_STATUS_DETECTING_PROXY 0x00001000 // #define WINHTTP_CALLBACK_STATUS_REDIRECT 0x00004000 // #define WINHTTP_CALLBACK_STATUS_INTERMEDIATE_RESPONSE 0x00008000 // #define WINHTTP_CALLBACK_STATUS_SECURE_FAILURE 0x00010000 // #define WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE 0x00020000 // #define WINHTTP_CALLBACK_STATUS_DATA_AVAILABLE 0x00040000 // #define WINHTTP_CALLBACK_STATUS_READ_COMPLETE 0x00080000 // #define WINHTTP_CALLBACK_STATUS_WRITE_COMPLETE 0x00100000 // #define WINHTTP_CALLBACK_STATUS_REQUEST_ERROR 0x00200000 // #define WINHTTP_CALLBACK_STATUS_SENDREQUEST_COMPLETE 0x00400000 // // With default proxy (Use proxycfg.exe to define default proxy) BOOL WINAPI mPolluxAuthenticate(char *URL,BYTE *bufferOut,DWORD *bufferOutLen); BOOL WINAPI mPolluxAuthenticateWithoutProxy(char *URL,BYTE *bufferOut,DWORD *bufferOutLen); BOOL WINAPI mPolluxAuthenticateWithProxy(char *URL,BYTE *bufferOut,DWORD *bufferOutLen,char *ProxyName,char *ProxyBypass); //------------------------------------------------------- // // postHttp // ========= // Description // // Post http response to the requested destination // // IN: URL Address of the http/https server // // OUT: bufferIn response // bufferInLen response length // //-------------------------------------------------------- BOOL WINAPI postHttp(char *URL,BYTE *buffer,DWORD *bufferLen,DWORD maxBuffer,char *username=NULL,char *passDWORD=NULL); /** @name Readers * @{ */ //------------------------------------------------------- // // Get the list of readers // ======================== // // IN: string array, string array size // OUT: filled string array // //-------------------------------------------------------- BOOL WINAPI GetReaders(char *tokenNames,DWORD lineWidth, DWORD *lines ); // Get unique reader name; Display dialog if needed // ================================================= // // OUT: reader name // IN: character array length // //-------------------------------------------------------- BOOL WINAPI GetReader(char *tokenName,DWORD tokenNameLen); /** Get reader name. * If more than one readers with cards are found, a selection * dialog is displayed. * @param[out] tokenName Name of the reader. Empty string if no card. * @param[in] tokenNameLen Length of the token name buffer * @param[in] ShowEmptyCards Are readers with empty cards displayed. * @return true on success. */ BOOL WINAPI GetReaderEx(char *tokenName,DWORD tokenNameLen, bool ShowEmptyCards); /// @} /** @name Authentication objects * @{ */ /** Verify PIN. * @param[in] tokenName Name of the reader * @param[in] pinNumber PIN number (1=PIN1 etc, 11=ADMPIN1 etc) * @param[in] padd ? * @param[in] pinValue PIN value * @param[in] path ? * @param[in] pathLen If 0, PKCS#15 authentication * object is verified; Otherwise direct PIN * in the selected application or path. */ BOOL WINAPI VerifyPIN(const char *tokenName, BYTE pinNumber, BYTE padd, const char *pinValue, const char *path, BYTE pathLen); /** Change PIN. * @param[in] tokenName Name of the reader * @param[in] pinNumber PIN number (1=PIN1 etc, 11=ADMPIN1 etc) * @param[in] padd ? * @param[in] oldPinValue Old PIN value * @param[in] newPinValue New PIN value * @param[in] path ? * @param[in] pathLen If 0, PKCS#15 authentication * object is used; Otherwise direct PIN * in the selected application or path. */ BOOL WINAPI ChangePIN(const char *tokenName, BYTE pinNumber, BYTE padd, const char *oldPinValue, const char *newPinValue, const char *path, BYTE pathLen); /** Unblock PIN. * @param[in] tokenName Name of the reader * @param[in] pinNumber PIN number (1=PIN1 etc, 11=ADMPIN1 etc) * @param[in] padd ? * @param[in] pukValue PUK for the PIN * @param[in] newPinValue New PIN value * @param[in] path ? * @param[in] pathLen If 0, PKCS#15 authentication * object is used; Otherwise direct PIN * in the selected application or path. */ BOOL WINAPI UnblockPIN(const char *tokenName, BYTE pinNumber, BYTE padd, const char *pukValue, const char *newPinValue, const char *path, BYTE pathLen); /// @} /** @name Card Initialization and Data Loading. * @{ */ /** Smart card initialization. * @param[in] tokenName Name of the reader * @param[in] pin1 PIN 1 * @param[in] puk1 PUK 1 * @param[in] pin2 PIN 2 * @param[in] puk2 PUK 2 * @param[in] so_pin SO PIN * @param[in] so_puk SO PUK * @param[in] scriptName Internal personliation script name: * "Dynamic" = FINEID S4-2.2 dynamic data content (default) * "Small" = 5K version of FINEID S4-2.2 * @return TRUE on success. */ BOOL WINAPI Initialize(const char *tokenName, const char *pin1, const char *puk1, const char *pin2, const char *puk2, const char *so_pin, const char *so_puk, const char *scriptName ); /** Smart card initialization. * @param[in] tokenName Name of the reader * @param[in] pin1 PIN 1 * @param[in] puk1 PUK 1 * @param[in] pin2 PIN 2 * @param[in] puk2 PUK 2 * @param[in] so_pin SO PIN * @param[in] so_puk SO PUK * @param[in] scriptName Internal personliation script name: * "Dynamic" = FINEID S4-2.2 dynamic data content (default) * "Small" = 5K version of FINEID S4-2.2 * @param[in] cardSN Card serial number. * Format is #\<2 digit length\>\ * @return TRUE on success. */ BOOL WINAPI InitializeEx(const char *tokenName, const char *pin1, const char *puk1, const char *pin2, const char *puk2, const char *so_pin, const char *so_puk, const char *scriptName, const char *cardSN ); /** Import PKCS#12 package. * NOTE: Not implemented in all revisions * @param[in] tokenName Name of the reader * @param[in] passWord PKCS#12 package password * @param[in] fileName PKCS#12 package file path. * @return true on success. */ BOOL WINAPI ImportPKCS12(const char *tokenName, const char *passWord, const char *fileName ); /// @} /** @name Readers and cards * @{ */ /** Is card present * @param[in] tokenName Name of the reader * @return true if card is present. */ BOOL WINAPI IsPresent(const char *tokenName ); /** Query card serial number. * @param[in] tokenName Name of the reader * @param[out] cardSN Buffer for serial number * @param[in] cardSNlen Length of the serial number buffer * @return true on success */ BOOL WINAPI queryCardSN( const char *tokenName, char *cardSN, DWORD cardSNlen ); /** Query card device serial number. * * @param[in] tokenName Name of the reader. If NULL the first reader with * card will be selected or a selection dialog is * presented to the user (only if silentMode is off) * @param[out] cardSN Card serial number * @param[in] cardSNLen Length of the buffer * @return TRUE on success. */ BOOL WINAPI queryCardDeviceSN( const char *tokenName, char *cardSN, DWORD cardSNLen ); /// @} /** @name Event codes * @{ */ #define EVENT_INSERTED 1 ///< Token inserted, not parsed yet #define EVENT_READY 2 ///< Token is ready for use #define EVENT_REMOVED 3 ///< Removed, not available #define EVENT_RESET 4 ///< Reseted by another applicaiton/user #define EVENT_ERROR 5 ///< Error; Token inserted but not available for use #define EVENT_AUTH 6 ///< Warning: Token authentication is needed #define EVENT_CANCELLED 7 ///< Operation cancelled by user #define EVENT_NR_CANCELLED 8 ///< NonRepudition operation cancellec by user #define EVENT_TOKEN_ERROR 9 ///< Token error occured? #define EVENT_CERTLOADER_OK 10 ///< Certificates are loaded to the storage /// @} /** @name Event management * @{ */ /** Callback function prototype * @param[in] Event Event code. see EVENT_INSERTED and other defines. * @param[in] Token Reader name * @return not used. */ typedef BOOL (CALLBACK *t_callbackFunction)(DWORD Event,const char * Token); /** Set call back function. * @param[in] CallbackFunction Callback function pointer. To disable * callback, set to NULL * @return TRUE on success. */ BOOL WINAPI setCallbackFunction(t_callbackFunction CallbackFunction ); /// @} //------------------------------------------------------- // // BOOL getLastEventChange(DWORD *reasonCode, char *tokenName ); // // Return values: // // TRUE = Event has happend since last call, // event information set to reasonCode and tokenName // FALSE = No events // //------------------------------------------------------- BOOL WINAPI getLastEventChange(DWORD *reasonCode, char *tokenName ); /** @name Life cycle management * For example: * - Wait an event until card is inserted * - Set life cycle to "initialization state" * - Initialize token * - Generate or import RSA keys * - Import certificates * - Set life cycle to "operational mode" * @{ */ BOOL WINAPI setInitializationMode(const char *tokenName); BOOL WINAPI setOperationalMode (const char *tokenName); /// @} /** @name Keys and certificates */ /** Get public key from the card. * @param[in] tokenName Name of the reader * @param[in] keyID Key id * @param[in] keyIDlen Length of the key id * @param[out] publicKey Public key * @param[in,out] publicKeyLen Length of the public key buffer / public key. * @return true on success. */ BOOL WINAPI getPublicKey(const char *tokenName, const BYTE *keyID, DWORD keyIDlen, BYTE *publicKey, DWORD *publicKeyLen); //--------------------------------------------------------- // // Add Certificate-, key and data objects to the token // // BOOL WINAPI addCertificate(char *tokenName, char *label, BYTE *keyID, DWORD keyIDlen, BYTE *certificate, DWORD certificateLen ); // BOOL WINAPI addRSAkey (char *tokenName, char *label, BYTE *keyID, DWORD keyIDlen, BYTE authID, BYTE *pkcs8key, DWORD pkcs8keyLen); // BOOL WINAPI addDataObject (char *tokenName, char *objectLabel, char *applicationName, BYTE readAuthID, BYTE *data, DWORD dataLen ) // //--------------------------------------------------------- BOOL WINAPI addCertificate (const char *tokenName, const char *label, const BYTE *keyID, DWORD keyIDlen, const BYTE *certificate, DWORD certificateLen ); BOOL WINAPI addRSAkey (const char *tokenName, const char *label, const BYTE *keyID, DWORD keyIDlen, BYTE authID, const BYTE *pkcs8key, DWORD pkcs8keyLen); BOOL WINAPI addDataObject (const char *tokenName, const char *objectLabel, const char *applicationName, BYTE readAuthID, const BYTE *data, DWORD dataLen ); //--------------------------------------------------------- // // Generate RSA keypair on card // // BOOL WINAPI generateCardRSAkey(char *tokenName, BYTE *keyID, DWORD keyIDlen, BYTE *pubPkcs8key, BYTE authID, DWORD pubPkcs8keyLen) // //--------------------------------------------------------- BOOL WINAPI generateCardRSAkey(const char *tokenName, const char *label, const BYTE *keyID, DWORD keyIDlen, BYTE authID, BYTE *pubPkcs8key, DWORD *pubPkcs8keyLen); BOOL WINAPI generateCardRSAkeyEx(const char *tokenName, const char *label, const BYTE *keyID, DWORD keyIDlen, BYTE authID, DWORD modulusLen, DWORD exponent, BYTE *pubPkcs8key, DWORD *pubPkcs8keyLen); /** Generate RSA key pair. * Key legnth will be 1024 bits. * @sa generateRSAkeyEx(). * @param[in] reserved Reserved * @param[in] exponent Public exponent of the key. * @param[out] Pkcs8key Key pair * @param[in,out] Pkcs8keyLen In: Length of the Pkcs8Key buffer * out: Length of the generated key. * @return true on success. */ BOOL WINAPI generateRSAkey(const char *reserved, DWORD exponent, BYTE *Pkcs8key, DWORD *Pkcs8keyLen); /** Generate RSA key pair. * @param[in] reserved Reserved * @param[in] modulusLen Key length. * @param[in] exponent Public exponent of the key. * @param[out] Pkcs8key Key pair * @param[in,out] Pkcs8keyLen In: Length of the Pkcs8Key buffer * out: Length of the generated key. * @return true on success. */ BOOL WINAPI generateRSAkeyEx(const char *reserved, DWORD modulusLen, DWORD exponent, BYTE *Pkcs8key, DWORD *Pkcs8keyLen); /// @} /** @name RSA operations * @{ */ //--------------------------------------------------------- // // Compute signature by using referred RSA key // // BOOL WINAPI computeRSA_Sign(char *tokenName, BYTE *keyID, DWORD keyIDlen, BYTE *hashBuffer, DWORD hashBufferLen, BYTE *signature, DWORD* signatureLen); // // NOTE: IN: keyID, buffer and the length of HASH buffer, length of signature buffer // OUT: Signature and signature length} // //---------------------------------------------------------- BOOL WINAPI computeRSA_Sign(const char *tokenName, const BYTE *keyID, DWORD keyIDlen, const BYTE *hashBuffer, DWORD hashBufferLen, BYTE *signature, DWORD *signatureLen); //--------------------------------------------------------- // // Encryot/Decrypt block by using referred RSA key // // BOOL WINAPI computeRSA_Decrypt(char *tokenName, BYTE *keyID, DWORD keyIDlen, BYTE *cryptoBuffer, DWORD cryptoBufferLen, BYTE *decrypted, DWORD* decryptedLen); // // NOTE: IN: keyID, cryptoBuffer and the length of cryptoBuffer, length of plain text buffer // OUT: Signature and signature length} // //---------------------------------------------------------- BOOL WINAPI computeRSA_Encrypt( const char *tokenName, const BYTE *keyID, DWORD keyIDlen, const BYTE *plainText, DWORD plainTextLen, BYTE *cryptoBuffer, DWORD *cryptoBufferLen ); BOOL WINAPI computeRSA_Decrypt ( const char *tokenName, const BYTE *keyID, DWORD keyIDlen, const BYTE *cryptoBuffer, DWORD cryptoBufferLen, BYTE *plainText, DWORD *plainTextLen ); /// @} //---------------------------------------------------------- // // Helpper functions to serialize/deserialize records // // ClearRecords() // AddRecord(DWORD recordNumber, BYTE *data, DWORD dataLen); ZERO-based record numbers // GetRecord(DWORD recordNumber, BYTE *data, DWORD *dataLen); // SerializeRecords(BYTE *buffer, DWORD *bufferLen); // DeserializeRecords(BYTE *buffer, DWORD bufferLen) // // Scenario: // // Transmitter: // ------------ // ClearRecordBuffer(); // AddRecord(0,"TestRecord#1",12); // bufferLen = sizeof(buffer); // SerializeRecords(buffer,&bufferLen); // ==> SEQUENCE { OCTET_STRING { "TestRecord#1" } } // bufferOutLen = sizeof(bufferOut); // Compute_nonRepudiation_Signature(buffer,bufferLen,bufferOut,&bufferOutLen); // // Receiver (buffer,bufferLen): // ---------------------------- // ClearRecordBuffer(); // bufferOutLen = sizeof(bufferOutLen); // Verify_Signature(buffer,bufferLen,bufferOut,&bufferOutLen); // DeserializeRecords(bufferOut,bufferOutLen); // bufferLen = sizeof(buffer); // GetRecord(0,buffer,&bufferLen); // //---------------------------------------------------------- BOOL WINAPI ClearRecordBuffer(); BOOL WINAPI AddRecord(DWORD recordNumber, BYTE *data, DWORD dataLen); BOOL WINAPI GetRecord(DWORD recordNumber, BYTE *data, DWORD *dataLen); BOOL WINAPI SerializeRecords(BYTE *buffer, DWORD *bufferLen); BOOL WINAPI DeserializeRecords(BYTE *buffer, DWORD bufferLen); /** @name Toolkit management * @{ */ //---------------------------------------------------------- // // Silent mode on / off // // Default = OFF // ==> Pops up error message boxes and PIN dialogs //---------------------------------------------------------- void WINAPI silentMode_ON(); void WINAPI silentMode_OFF(); /** Enable/Disable stdout debuf printing. * This affect only for debug builds. In release build printing is disabled. * @param[in] Enabled Is StdOut printing enebled. */ void WINAPI SetStdOutEnabled(bool Enabled); /** Release toolkit. * Call this function to release toolkit thread resources when toolkit is no more * used. */ void WINAPI ReleaseToolkit(); /// @} //---------------------------------------------------------------------------- // // Transmit CMP-Message (Certificate Management Protocol, RFC-4210) // // NOTE: Not implemented in all revisions // //---------------------------------------------------------------------------- BOOL WINAPI Transmit_CMPMessage( char *host, DWORD port, // CA connection parameters char *recipientCert_filename, // Recipient's certificate filename char *caCert_filename, // Optional CA certificate char *SKID, // Subject key reference (set NULL if delecated RA mode) char *pkcs12_filename, // Delegated RA PKCS#12 filename (set NULL if password based protection is used) char *password, // PKCS#12 or protection password int msgType, // 0=initReq,1=certReq,2=certRev,10=locally signed test certificate DWORD certReqId, // Certificte reqiest ID; If NULL, generated automatically bool nestedMessage, // Is composed message nested bool confirmRequest, // Confirm certificate request automatically // Subject DN data fields char *country, char *state, char *locality, char *serialNumber, char *organization, char *organizationalUnit, char *surName, char *givenName, char *eMail, char *commonName, char *title, char *pseudonym, // Subject extensions BYTE keyUsage, BYTE netscapeCertType, bool ServerAuthentication, bool ClientAuthentication, bool codeSigning, bool emailProtection, bool SmartCardLogon, bool MSIndividualCodeSigning, bool MSCommercialCodeSigning, bool MSTrustListSigning, bool SSH_PkiRA, char *eMail_ext, char *UPN, // Extension: CPS char *CPS_OID, char *CPS_userNotice, char *CPS_pointerNotice_URL, // Validity in UTCTime format (e.g. "080118235959Z" ) char *validFrom, char *validTo, // Public key (PKCS#1 or PKCS#8 format) BYTE *publicKey, DWORD publicKeyLen, // Certificate SN (used in revReq) DWORD certSN, // Status of request DWORD *lastStatus, // OUT: last status code char *lastStatusStr, // OUT: status string DWORD lastStatusStrLen, // IN: length of status string // Returned certificate BYTE *certificate, DWORD *certificateLen // IN=bufferSize, OUT=length of issued certificate ); //---------------------------------------------------------------------------- // // Parse certificate and return details // //---------------------------------------------------------------------------- BOOL WINAPI GetCertificateDetails( // Input parameters BYTE *certificate, DWORD certificateLen, // Output parameters char *issuerDN,DWORD issuerDNLen, char *issuerCN,DWORD issuerCNLen, char *subjectDN,DWORD subjectDNLen, char *subjectCN,DWORD subjectCNLen, DWORD64 *certSN, DWORD *keyUsage, char *validFrom, DWORD validFromLen, char *validTo, DWORD validToLen ); /** @name Miscallaneus functions. */ /** Start DigiSign manager dialog. * @return true on success. */ BOOL WINAPI startManager(); //---------------------------------------------------------------------------- // // Function to find out if process has admin-rights // //---------------------------------------------------------------------------- BOOL WINAPI IsAdmin (); /** Cancel possible pending GUI operation. * @return true on success. */ BOOL WINAPI CancelGUI(); /// @} /** @name Object Management * @{ */ /** Delete P15 object from the card. * @param[in] tokenName Name of the reader. * @param[in] label Label of the object to delete. * @return true on success. */ BOOL WINAPI DeleteP15Object(const char *tokenName, const char *label); /// @} } // Extern C /// @}