📄 crlext.c
字号:
}
/* ----- Parse extension DER ----- */
PKIUnpackAuthorityKeyIdentifier(ctx->certasnctx,&pki_aki,ext->extnValue.val,ext->extnValue.len,&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
/* ----- allocate storage for simple data structure ----- */
simpleAKI = TC_Alloc(ctx->memMgr, sizeof (TC_AUTHORITY_KEY_IDENTIFIER_T));
memset(simpleAKI,0,sizeof(TC_AUTHORITY_KEY_IDENTIFIER_T));
*authKeyId=(void*)simpleAKI;
/* ----- Convert from compiler to simple data structure */
if(pki_aki->keyIdentifier)
{
simpleAKI->keyIdentifier = pki_aki->keyIdentifier->val;
simpleAKI->keyIdentifier_len = pki_aki->keyIdentifier->len;
pki_aki->keyIdentifier->val=NULL;
TC_Free(ctx->memMgr,pki_aki->keyIdentifier);
pki_aki->keyIdentifier=NULL;
}
if(pki_aki->authorityCertIssuer)
{
status=tc_PKIGeneralNamesToTC(&simpleAKI->authorityCertIssuer,
pki_aki->authorityCertIssuer,
ctx);
if(status)
break;
}
if(pki_aki->authorityCertSerialNumber)
{
simpleAKI->authorityCertSerialNumber=pki_aki->authorityCertSerialNumber->val;
simpleAKI->authorityCertSerialNumber_len=pki_aki->authorityCertSerialNumber->len;
pki_aki->authorityCertSerialNumber->val=NULL;
TC_Free(ctx->memMgr,pki_aki->authorityCertSerialNumber);
pki_aki->authorityCertSerialNumber=NULL;
}
}
while (0);
/* ----- Clean up ----- */
if(pki_aki)
PKIFreeAuthorityKeyIdentifier(ctx->certasnctx,pki_aki);
return status;
}
void tc_FreeIssuingDistributionPoint(TC_ISSUING_DISTRIBUTION_POINT_T *p,
TC_CONTEXT *c) {
if(p->name)
tc_FreeDistributionPointName(p->name,c);
}
int AddIssuingDistributionPoint (TC_ExtensionList *ext,
const void *v_idp,
int critical,
TC_CONTEXT *ctx)
{
int status=0;
unsigned char *der=NULL;
size_t dersize;
TC_ISSUING_DISTRIBUTION_POINT_T *idp;
PKIIssuingDistributionPoint *asn=NULL;
(void)critical;/*unused, always critical (RFC2459 5.2.5)*/
do
{
idp=(TC_ISSUING_DISTRIBUTION_POINT_T *)v_idp;
asn=PKINewIssuingDistributionPoint(ctx->certasnctx);
if(idp->name)
{
status=tc_DistPointNameToPKI(&asn->distributionPoint,
idp->name,
ctx);
if(status)
break;
}
if(idp->onlyContainsUserCerts)
{
asn->onlyContainsUserCerts=PKINewBOOLEAN(ctx->certasnctx);
PKIPutBoolVal(ctx->certasnctx,asn->onlyContainsUserCerts,PKITRUE);
}
if(idp->onlyContainsCACerts)
{
asn->onlyContainsCACerts=PKINewBOOLEAN(ctx->certasnctx);
PKIPutBoolVal(ctx->certasnctx,asn->onlyContainsCACerts,PKITRUE);
}
if(idp->onlySomeReasons)
{
unsigned char b=idp->onlySomeReasons<<1;
asn->onlySomeReasons=PKINewReasonFlags(ctx->certasnctx);
PKIPutBitString(ctx->certasnctx,asn->onlySomeReasons,&b,1,1);
}
if(idp->indirectCRL)
{
asn->indirectCRL=PKINewBOOLEAN(ctx->certasnctx);
PKIPutBoolVal(ctx->certasnctx,asn->indirectCRL,PKITRUE);
}
dersize=PKISizeofIssuingDistributionPoint(ctx->certasnctx,asn,PKITRUE);
der=TC_Alloc(ctx->memMgr,dersize);
if(!der)
{
status=TC_E_NOMEMORY;
break;
}
PKIPackIssuingDistributionPoint(ctx->certasnctx,der,dersize,asn,&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
status=tc_add_extension(ext,
PKIid_ce_issuingDistributionPoint_OID,
PKIid_ce_issuingDistributionPoint_OID_LEN,
1,/*always critical (RFC2459 5.2.5)*/
der,
dersize,
ctx);
}
while(0);
if(asn)
PKIFreeIssuingDistributionPoint(ctx->certasnctx,asn);
if(der)
TC_Free(ctx->memMgr,der);
return status;
} /* AddIssuingDistributionPoint */
int GetIssuingDistributionPoint (void **ret,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
int status=0;
TC_ISSUING_DISTRIBUTION_POINT_T *idp=NULL;
PKIIssuingDistributionPoint *asn=NULL;
do
{
PKIUnpackIssuingDistributionPoint(ctx->certasnctx,
&asn,
ext->extnValue.val,
ext->extnValue.len,
&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
idp=TC_Alloc(ctx->memMgr,sizeof(TC_ISSUING_DISTRIBUTION_POINT_T));
if(!idp)
{
status=TC_E_NOMEMORY;
break;
}
memset(idp,0,sizeof(TC_ISSUING_DISTRIBUTION_POINT_T));
if(asn->distributionPoint)
{
status=tc_DistPointNameToTC(&idp->name,
asn->distributionPoint,
ctx);
if(status)
break;
}
if(asn->onlyContainsUserCerts)
idp->onlyContainsUserCerts=PKIGetBoolVal(ctx->certasnctx,
asn->onlyContainsUserCerts);
if(asn->onlyContainsCACerts)
idp->onlyContainsCACerts=PKIGetBoolVal(ctx->certasnctx,
asn->onlyContainsCACerts);
if(asn->onlySomeReasons)
idp->onlySomeReasons=(*asn->onlySomeReasons->val>>1) & 0x7f;
if(asn->indirectCRL)
idp->indirectCRL=PKIGetBoolVal(ctx->certasnctx,
asn->indirectCRL);
}
while(0);
if(status&&idp)
{
tc_FreeIssuingDistributionPoint(idp,ctx);
idp=NULL;
}
*ret=(void*)idp;
if(asn)
PKIFreeIssuingDistributionPoint(ctx->certasnctx,asn);
return status;
} /* GetIssuingDistributionPoint */
static struct
{
TC_HOLD_INSTRUCTION_T code;
unsigned char *oid;
size_t oidsize;
} TC_HOLD_INSTRUCTION_MAP[] = {
{
TC_HOLD_INSTRUCTION_NONE,
PKIid_holdinstruction_none_OID,
PKIid_holdinstruction_none_OID_LEN
},
{
TC_HOLD_INSTRUCTION_CALL_ISSUER,
PKIid_holdinstruction_callissuer_OID,
PKIid_holdinstruction_callissuer_OID_LEN
},
{
TC_HOLD_INSTRUCTION_REJECT,
PKIid_holdinstruction_reject_OID,
PKIid_holdinstruction_reject_OID_LEN
},
{
(TC_HOLD_INSTRUCTION_T) -1,
NULL,
0
}
};
/*****
*
* AddHoldInstructionCode
*
* Inputs:
* p_hic
* integer (not pointer) value containing TC_HOLD_INSTRUCTION_T
* critical
* -1 use default criticality (FALSE)
* 0 FALSE
* 1 TRUE
* ctx
* CMS context structure
*
* Outputs:
* ext
* extension list to append
*
* Returns:
* 0 success
* <0 failure
*/
int AddHoldInstructionCode (TC_ExtensionList *ext,
const void *p_hic,
int critical,
TC_CONTEXT *ctx)
{
TC_HOLD_INSTRUCTION_T code;
PKIOBJECT_ID *asn=NULL;
int j,status=0;
unsigned char *der=NULL;
size_t dersize;
unsigned char *oid;
size_t oidsize=0;
do
{
code=(TC_HOLD_INSTRUCTION_T)p_hic;
/*find the oid corresponding this this value*/
oid=NULL;
for(j=0;TC_HOLD_INSTRUCTION_MAP[j].oid;j++)
if(TC_HOLD_INSTRUCTION_MAP[j].code==code)
{
oid=TC_HOLD_INSTRUCTION_MAP[j].oid;
oidsize=TC_HOLD_INSTRUCTION_MAP[j].oidsize;
break;
}
if(!oid)
{
status=TC_E_OTHER;
break;
}
asn=PKINewOBJECT_ID(ctx->certasnctx);
if(!asn)
{
status=TC_E_NOMEMORY;
break;
}
PKIPutOctVal(ctx->certasnctx,asn,oid,oidsize);
dersize=PKISizeofOBJECT_ID(ctx->certasnctx,asn,PKITRUE);
der=TC_Alloc(ctx->memMgr,dersize);
if(!der)
{
status=TC_E_NOMEMORY;
break;
}
PKIPackOBJECT_ID(ctx->certasnctx,der,dersize,asn,&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
status=tc_add_extension(ext,
PKIid_ce_holdInstructionCode_OID,
PKIid_ce_holdInstructionCode_OID_LEN,
(critical < 0) ? 0 : critical,
der,
dersize,
ctx);
}
while(0);
if(der)
TC_Free(ctx->memMgr,der);
if(asn)
PKIFreeOBJECT_ID(ctx->certasnctx,asn);
return status;
} /* AddHoldInstructionCode */
/*****
*
* GetHoldInstructionCode
*
* Inputs:
* ext
* pointer to extension to process
* ctx
* pointer to CMS context structure
*
* Outputs:
* ret
* TC_HOLD_INSTRUCTION_T value
*
* Returns:
* 0 success
* <0 failure
*/
int GetHoldInstructionCode (void **ret,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
TC_HOLD_INSTRUCTION_T hic=TC_HOLD_INSTRUCTION_NONE;
PKIHoldInstructionCode *asn=NULL;
int j,status=0;
do
{
PKIUnpackHoldInstructionCode(ctx->certasnctx,
&asn,
ext->extnValue.val,
ext->extnValue.len,
&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
/* find the enum for the given oid */
for(j=0;TC_HOLD_INSTRUCTION_MAP[j].oid;j++)
{
if(!memcmp(asn->val,TC_HOLD_INSTRUCTION_MAP[j].oid,asn->len))
{
hic=TC_HOLD_INSTRUCTION_MAP[j].code;
break;
}
}
}
while(0);
if(asn)
PKIFreeHoldInstructionCode(ctx->certasnctx,asn);
*ret=(void*)hic;
return status;
} /* GetHoldInstructionCode */
/*****
*
* AddInvalidityDate
*
* Inputs:
* p_id
* time_t value containing the invalidity date
* critical
* -1 default criticality (FALSE)
* 0 FALSE
* 1 TRUE
* ctx
* pointer to CMS context structure
*
* Outputs:
* ext
* extension list to append to
*
* Returns:
* 0 success
* <0 failure
*/
int AddInvalidityDate (TC_ExtensionList *ext,
const void *p_id,
int critical,
TC_CONTEXT *ctx)
{
time_t id;
int status=0;
unsigned char *der=NULL;
size_t dersize;
PKIGeneralizedTime *asn=NULL;
do
{
id=(time_t)p_id;
status=tc_EncodeGeneralizedTime(&asn,id,ctx);
if(status)
break;
dersize=PKISizeofGeneralizedTime(ctx->certasnctx,asn,PKITRUE);
der=TC_Alloc(ctx->memMgr,dersize);
if(!der)
{
status=TC_E_NOMEMORY;
break;
}
PKIPackGeneralizedTime(ctx->certasnctx,der,dersize,asn,&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
status=tc_add_extension(ext,
PKIid_ce_invalidityDate_OID,
PKIid_ce_invalidityDate_OID_LEN,
(critical < 0) ? 0 : critical,
der,
dersize,
ctx);
}
while(0);
if(der)
TC_Free(ctx->memMgr,der);
if(asn)
PKIFreeGeneralizedTime(ctx->certasnctx,asn);
return status;
} /* AddInvalidityDate */
/*****
*
* GetInvalidityDate
*
* Inputs:
* ext
* pointer to extension to process
* ctx
* pointer to CMS context structure
*
* Outputs:
* ret
* time_t value containing invalidity date
*
* Returns:
* 0 success
* <0 failure
*/
int GetInvalidityDate (void **ret,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
int status=0;
PKIInvalidityDate *asn=NULL;
time_t id=0;
do
{
PKIUnpackInvalidityDate(ctx->certasnctx,
&asn,
ext->extnValue.val,
ext->extnValue.len,
&status);
if(status)
{
status=compiler2tc_error(status);
break;
}
id=tc_decode_GeneralizedTime(asn);
}
while(0);
if(asn)
PKIFreeInvalidityDate(ctx->certasnctx,asn);
*ret=(void*)id;
return status;
} /* GetInvalidityDate */
/* vim:ts=4:sw=4:
*/
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -