📄 crlext.c
字号:
/****************************************************************************
*
* Copyright (c) 1999, Network Associates, Inc. and its affiliated Companies
*
****************************************************************************/
#include "cms.h"
#include "cert_oid.h"
#include "extensions.h"
static int AddINTEGERExt( TC_ExtensionList *ext,
const void *p_value,
int criticality,
TC_CONTEXT *ctx,
unsigned char *oid,
size_t oidlen,
boolean defaultCriticality )
{
int status = 0;
PKIINTEGER *IntBuf = NULL;
unsigned char *derBuffer = NULL;
size_t derSize = 0;
int value = *((unsigned int *)p_value);
boolean mycriticality;
do
{
/* ------ Basic parameter checks ------ */
/* Parameters checked by tc_setextval */
/* ---------- Set criticality ------------------ */
if (criticality < 0) /* use default criticality */
mycriticality = defaultCriticality;
else /* take override value */
mycriticality = (boolean) criticality;
IntBuf = PKINewINTEGER(ctx->certasnctx);
if ( IntBuf == NULL )
{
status = TC_E_NOMEMORY;
break;
} /* if IntBuf */
if ( PKIPutIntVal(ctx->certasnctx,
IntBuf,
(long)value) == -1 )
{
status = -1;
break;
} /* if put_int_val */
derSize = PKISizeofINTEGER( ctx->certasnctx, IntBuf, PKITRUE );
if ( derSize <= 0)
{
status = TC_E_OTHER;
break;
}
derBuffer = TC_Alloc( ctx->memMgr, derSize );
if (derBuffer == NULL)
{
status = TC_E_NOMEMORY;
break;
}
PKIPackINTEGER( ctx->certasnctx, derBuffer, derSize,
IntBuf, &status );
if ( status != 0 )
break;
/* add to extension list */
if ((status = tc_add_extension(ext,
oid,
oidlen,
mycriticality,
(unsigned char *) derBuffer,
derSize,
ctx)) != 0)
break;
} while (0);
/* clean up */
if (derBuffer != NULL)
TC_Free(ctx->memMgr, derBuffer);
return status;
}
int AddCRLNumberExt(TC_ExtensionList *ext,
const void *p_CRLnumber,
int criticality,
TC_CONTEXT *ctx)
{
boolean defaultCriticality = PKIFALSE;
int status;
status = AddINTEGERExt( ext, p_CRLnumber, criticality, ctx,
PKIid_ce_cRLNumber_OID, PKIid_ce_cRLNumber_OID_LEN,
defaultCriticality );
return status;
}
int AddDeltaCRLIndicatorExt(TC_ExtensionList *ext,
const void *p_deltaCRLIndicator,
int criticality,
TC_CONTEXT *ctx)
{
boolean defaultCriticality = PKIFALSE;
int status;
status = AddINTEGERExt( ext, p_deltaCRLIndicator, criticality, ctx,
PKIid_ce_deltaCRLIndicator_OID,
PKIid_ce_deltaCRLIndicator_OID_LEN,
defaultCriticality );
return status;
}
int AddCRLReason (TC_ExtensionList *ext,
const void *p_CRLReason,
int criticality,
TC_CONTEXT *ctx)
{
PKIINTEGER *i;
int status=0;
i=PKINewINTEGER(ctx->certasnctx);
if(!i)
return TC_E_NOMEMORY;
PKIPutIntVal(ctx->certasnctx,i,(TC_CRL_REASON_T)p_CRLReason);
if(status==0)
{
status=AddINTEGERExt(ext,
i,
criticality,
ctx,
PKIid_ce_cRLReasons_OID,
PKIid_ce_cRLReasons_OID_LEN,
0/*always noncritical*/);
}
PKIFreeINTEGER(ctx->certasnctx,i);
return status;
}
static int GetINTEGERExt (void **p_value,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
PKIINTEGER *IntBuf;
int *p;
int status;
do
{
p = malloc( sizeof( int ) );
*p_value = p;
/* unpack extension data */
(void)PKIUnpackINTEGER(ctx->certasnctx,
&IntBuf,
ext->extnValue.val,
ext->extnValue.len, &status);
if (status != 0 || IntBuf == NULL)
{
status = TC_E_EXTENSION;
break;
}
*p = (int)PKIGetIntVal(ctx->certasnctx,
IntBuf,
&status);
if (status != 0)
break;
} while ( 0 );
PKIFreeINTEGER( ctx->certasnctx, IntBuf );
return status;
}
int GetCRLNumberExt(void **p_CRLNumber,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
return GetINTEGERExt( p_CRLNumber, ext, ctx );
}
int GetDeltaCRLIndicatorExt(void **p_DeltaCRLIndicator,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
return GetINTEGERExt( p_DeltaCRLIndicator, ext, ctx );
}
int GetCRLReason (void **ret,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
return GetINTEGERExt(ret,ext,ctx);
}
/* TODO: this was moved to extensions.c */
#if 0
/*
* This function allocates the PKI list and fills it.
*/
static int
TC_GEN_NAMES_to_PKIGeneralNames(PKIGeneralNames **PKIlist,
TC_GEN_NAMES_LIST_T *nameList,
TC_CONTEXT *ctx)
{
TC_GEN_NAME_T *name;
PKIGeneralNames *localNameList;
PKIGeneralName *asnName = NULL;
PKIIA5String *string;
PKIOCTET_STRING *octblock;
PKIOBJECT_ID *objidblock;
int status = 0;
int i;
do
{
localNameList = PKINewGeneralNames(ctx->certasnctx);
if (localNameList == NULL)
{
status = TC_E_NOMEMORY;
break;
}
/* add each individual name to the ASN data structure list */
for (i = 0; i < nameList->numberOfNames; i++)
{
name = nameList->names[i];
asnName = PKINewGeneralName(ctx->certasnctx);
if (asnName == NULL)
{
status = TC_E_NOMEMORY;
break;
}
/* set the CHOICE field type and the choice's data; these
are explicitly tagged values, so we need to use the
tag value for the CHOICE field */
switch(name->nameType)
{
case TC_rfc822Name:
asnName->CHOICE_field_type = 0x80|0x20|0x01;
string = PKINewIA5String(ctx->certasnctx);
if (string == NULL)
{
status = TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,
string, (unsigned char *)name->name,
name->nameLen);
asnName->data = (void *)string;
break;
case TC_dNSName:
asnName->CHOICE_field_type = 0x80|0x20|0x02;
string = PKINewIA5String(ctx->certasnctx);
if (string == NULL)
{
status = TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,
string, (unsigned char *)name->name,
name->nameLen);
asnName->data = (void *)string;
break;
case TC_directoryName:
asnName->CHOICE_field_type = 0x80|0x20|0x04;
CopyName((PKIName **)&asnName->data,
(PKIName *)name->name, ctx);
break;
case TC_uniformResourceIdentifier:
asnName->CHOICE_field_type = 0x80|0x20|0x06;
string = PKINewIA5String(ctx->certasnctx);
if (string == NULL)
{
status = TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,
string, (unsigned char *)name->name,
name->nameLen);
asnName->data = (void *)string;
break;
case TC_iPAddress:
asnName->CHOICE_field_type = 0x80|0x20|0x07;
octblock = PKINewOCTET_STRING(ctx->certasnctx);
if (octblock == NULL)
{
status = TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,
octblock, (unsigned char *)name->name,
name->nameLen);
asnName->data = (void *)octblock;
break;
case TC_registeredID:
asnName->CHOICE_field_type = 0x80|0x20|0x08;
objidblock = PKINewOBJECT_ID(ctx->certasnctx);
if (objidblock == NULL)
{
status = TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,
objidblock, (unsigned char *)name->name,
name->nameLen);
asnName->data = (void *)objidblock;
break;
default:
status = TC_E_OTHER;
break;
} /* switch */
if (status != 0)
break;
localNameList->elt[i] = asnName;
localNameList->n = i+1;
} /* for each name */
} while(0);
PKIlist = &localNameList;
return status;
} /* TC_GEN_NAMES_to_PKIGeneralNames */
#endif /* 0 */
static int
CreateAuthorityKeyIdentifierDER(const TC_AUTHORITY_KEY_IDENTIFIER_T *simpleAKI,
unsigned char **buf,
size_t *size,
TC_CONTEXT *ctx)
{
PKIAuthorityKeyIdentifier *pki_aki = NULL;
int status = 0;
do
{
/* verify valid output pointers */
if ( buf == NULL || size == NULL || simpleAKI == NULL )
{
status = TC_E_INVARGS;
break;
} /* if */
pki_aki = PKINewAuthorityKeyIdentifier(ctx->certasnctx);
if ( pki_aki == (PKIAuthorityKeyIdentifier *) 0 )
{
status = TC_E_NOMEMORY;
break;
}
if ( simpleAKI->keyIdentifier_len > 0 )
{
pki_aki->keyIdentifier = PKINewKeyIdentifier( ctx->certasnctx );
if(!pki_aki->keyIdentifier)
{
status=TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,pki_aki->keyIdentifier,simpleAKI->keyIdentifier,simpleAKI->keyIdentifier_len);
}
if ( simpleAKI->authorityCertIssuer != NULL )
{
PKIGeneralNames *PGN;
PGN=PKINewGeneralNames(ctx->certasnctx);
if(!PGN)
{
status=TC_E_NOMEMORY;
break;
}
status = tc_GEN_NAMES_to_PKIGeneralNames( PGN,
simpleAKI->authorityCertIssuer,
ctx);
pki_aki->authorityCertIssuer = PGN;
}
if ( simpleAKI->authorityCertSerialNumber_len > 0 )
{
pki_aki->authorityCertSerialNumber=PKINewCertificateSerialNumber(ctx->certasnctx);
if(!pki_aki->authorityCertSerialNumber)
{
status=TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,pki_aki->authorityCertSerialNumber,simpleAKI->authorityCertSerialNumber,simpleAKI->authorityCertSerialNumber_len);
}
*size=PKISizeofAuthorityKeyIdentifier(ctx->certasnctx,pki_aki,1);
*buf=TC_Alloc(ctx->memMgr,*size);
if(!*buf)
{
status=TC_E_NOMEMORY;
break;
}
PKIPackAuthorityKeyIdentifier(ctx->certasnctx,*buf,*size,pki_aki,&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
} while ( 0 );
if(pki_aki)
PKIFreeAuthorityKeyIdentifier(ctx->certasnctx,pki_aki);
return status;
}
int AddAuthorityKeyIdentifier (TC_ExtensionList *ext,
const void *v_sAKI,
int critical,
TC_CONTEXT *ctx)
{
int status;
unsigned char *derBuffer = NULL;
size_t derSize;
TC_AUTHORITY_KEY_IDENTIFIER_T *simpleAKI;
(void)critical;
do
{
/* ------ Basic parameter checks ------ */
if(!ext || !v_sAKI|| !ctx)
return TC_E_INVARGS;
simpleAKI=(TC_AUTHORITY_KEY_IDENTIFIER_T*)v_sAKI;
status=CreateAuthorityKeyIdentifierDER(simpleAKI,&derBuffer,&derSize,ctx);
if(status)
break;
/* ----- Add extension ----- */
status=tc_add_extension(ext,
PKIid_ce_authorityKeyIdentifier_OID,
PKIid_ce_authorityKeyIdentifier_OID_LEN,
0, /* always non-critical (RFC2459 4.2.1.1) */
derBuffer,
derSize,
ctx);
}
while ( 0 );
/* ----- clean up ----- */
if(derBuffer)
TC_Free(ctx->memMgr,derBuffer);
return status;
}
int GetAuthorityKeyIdentifier (void **authKeyId,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
TC_AUTHORITY_KEY_IDENTIFIER_T *simpleAKI=NULL;
PKIAuthorityKeyIdentifier *pki_aki = NULL;
int status=0;
do
{
/* ----- Check arguments ----- */
if(!authKeyId || !ext || !ctx)
{
status = TC_E_INVARGS;
break;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -