📄 extensions.c
字号:
},
{
AddSubjectAltNameExt,
GetAlternativeNameExt,
PKIid_ce_subjectAltName_OID, /* subjectAltName */
PKIid_ce_subjectAltName_OID_LEN
},
{
AddIssuerAltNameExt,
GetAlternativeNameExt,
PKIid_ce_issuerAltName_OID, /* issuerAltName */
PKIid_ce_issuerAltName_OID_LEN
},
{
AddCRLNumberExt,
GetCRLNumberExt,
PKIid_ce_cRLNumber_OID, /* cRLNumber */
PKIid_ce_cRLNumber_OID_LEN
},
{
AddDeltaCRLIndicatorExt,
GetDeltaCRLIndicatorExt,
PKIid_ce_deltaCRLIndicator_OID, /* deltaCRLIndicator */
PKIid_ce_deltaCRLIndicator_OID_LEN
},
{
AddAuthorityKeyIdentifier,
GetAuthorityKeyIdentifier,
PKIid_ce_authorityKeyIdentifier_OID,
PKIid_ce_authorityKeyIdentifier_OID_LEN
},
{
AddSubjectKeyIdentifier,
GetOctetStringExt,
PKIid_ce_subjectKeyIdentifier_OID,
PKIid_ce_subjectKeyIdentifier_OID_LEN
},
{
AddPrivateKeyUsagePeriod,
GetPrivateKeyUsagePeriod,
PKIid_ce_privateKeyUsagePeriod_OID,
PKIid_ce_privateKeyUsagePeriod_OID_LEN
},
{
AddCertificatePolicies,
GetCertificatePolicies,
PKIid_ce_certificatePolicies_OID,
PKIid_ce_certificatePolicies_OID_LEN
},
{
AddPolicyMappings,
GetPolicyMappings,
PKIid_ce_policyMappings_OID,
PKIid_ce_policyMappings_OID_LEN
},
{
AddSubjectDirectoryAttributes,
GetSubjectDirectoryAttributes,
PKIid_ce_subjectDirectoryAttributes_OID,
PKIid_ce_subjectDirectoryAttributes_OID_LEN
},
{
AddNameConstraints,
GetNameConstraints,
PKIid_ce_nameConstraints_OID,
PKIid_ce_nameConstraints_OID_LEN
},
{
AddPolicyConstraints,
GetPolicyConstraints,
PKIid_ce_policyConstraints_OID,
PKIid_ce_policyConstraints_OID_LEN
},
{
AddExtKeyUsageSyntax,
GetExtKeyUsageSyntax,
PKIid_ce_extKeyUsage_OID,
PKIid_ce_extKeyUsage_OID_LEN
},
{
AddCRLDistributionPoints,
GetCRLDistributionPoints,
PKIid_ce_cRLDistributionPoints_OID,
PKIid_ce_cRLDistributionPoints_OID_LEN
},
{
AddAuthorityInfoAccess,
GetAuthorityInfoAccess,
PKIid_pe_authorityInfoAccess_OID,
PKIid_pe_authorityInfoAccess_OID_LEN
},
{
AddIssuingDistributionPoint,
GetIssuingDistributionPoint,
PKIid_ce_issuingDistributionPoint_OID,
PKIid_ce_issuingDistributionPoint_OID_LEN
},
{
AddCRLReason,
GetCRLReason,
PKIid_ce_cRLReasons_OID,
PKIid_ce_cRLReasons_OID_LEN
},
{
AddHoldInstructionCode,
GetHoldInstructionCode,
PKIid_ce_holdInstructionCode_OID,
PKIid_ce_holdInstructionCode_OID_LEN
},
{
AddInvalidityDate,
GetInvalidityDate,
PKIid_ce_invalidityDate_OID,
PKIid_ce_invalidityDate_OID_LEN
},
{
NULL,
NULL,
(unsigned char *) 0, /* null terminator */
0
}
}; /* supportedExtensions */
/******************************************************************/
/* Debugging functions for CreateKeyUsageDER */
/******************************************************************/
#ifdef DEBUG
void print_bits (unsigned int bits)
{
int i;
for (i = sizeof (unsigned int) * 8 - 1; i >= 0; i--)
{
if (( bits >> i) & 0x01 )
fprintf (stderr, "1");
else
fprintf (stderr, "0");
} /* for */
fprintf(stderr, "\n");
} /* print_bits */
void print_chars (unsigned char character)
{
int i;
for (i = sizeof (unsigned char) * 8 - 1; i >= 0; i--)
{
if (( character >> i) & 0x01 )
fprintf (stderr, "1");
else
fprintf (stderr, "0");
} /* for */
} /* print_chars */
#endif /* DEBUG */
/******************************************************************/
/* tc_setextval */
/******************************************************************/
/* Routine to add extension data to an existing extension list. */
/* */
/* Extensions are defined in ITU-T X.509 Recommendation. */
/* */
/* Given a current extension list, OID, OID length, extension */
/* data structure and criticality value for the extension, make */
/* calls to create extension DER and add it to the extension list.*/
/* */
/* Caller is expected to free returned space when done. */
/* */
/* Supported set extensions: */
/* key usage */
/* basic constraints */
/* */
/* Parameters */
/* input */
/* ext - pointer to current extension list */
/* oid - OID of extension to be added (in DER) */
/* oidlen - length, in bytes, of OID */
/* criticality - mark this extension as critical */
/* 1: critical */
/* 0: not critical */
/* -1: use default spec'd by ITU standard */
/* value - pointer to structure with values for extension */
/* output */
/* ext - updated extension list */
/* */
/* Return */
/* 0 - okay */
/* TC_E_INVARGS - invalid arguments */
/* TC_E_NOMEMORY - out of memory */
/* TC_E_EXTENSION - error packing extension */
/* TC_E_EXTNOTSUPPORTED - given oid is not supported */
/******************************************************************/
int tc_setextval(TC_ExtensionList *ext,
const unsigned char *oid,
size_t oidlen,
int criticality,
const void *value,
TC_CONTEXT *ctx)
{
int status = 0;
int i = 0; /* loop index */
boolean extensionOIDSupported = PKIFALSE;
do
{
/* ----- Basic parameter checks ----- */
if ((ext == (TC_ExtensionList *) 0) ||
(oidlen <= 0) ||
((criticality > 1)|| (criticality < -1)) ||
(value == (void *) 0) ||
(ctx == NULL))
{
status = TC_E_INVARGS;
break;
} /* if */
/* ----- Check that provided OID has been implemented ----- */
while (supportedExtensions[i].oid != (unsigned char *) 0)
{
if ( supportedExtensions[i].oidlen == oidlen )
if (!memcmp((char *) supportedExtensions[i].oid,
(char *) oid,
oidlen))
if (supportedExtensions[i].ExtensionSetter != NULL)
{
extensionOIDSupported = PKITRUE;
break; /* from while loop */
} /* if */
i++;
} /* while */
if (! extensionOIDSupported)
{
status = TC_E_EXTNOTSUPPORTED;
break;
} /* if */
/* ----- Call ith extension adding function ----- */
status = ((* supportedExtensions[i].ExtensionSetter) (ext,
value,
criticality,
ctx));
if (status != 0)
break;
} while(0);
/* --- No cleanup needed here: ext is either correct or unchanged --- */
return(status);
} /* tc_setextval */
/******************************************************************/
/* tc_getextval */
/******************************************************************/
/* Routine to extract extension data from an existing extension. */
/* */
/* Extensions are defined in ITU-T X.509 Recommendation. */
/* */
/* Given the extension, OID, and OID length, make calls to the */
/* appropriate extension data "get" routine to fill up a simple */
/* TC data structure. */
/* */
/* Caller is expected to free returned space (value) when done. */
/* */
/* Supported get extensions: */
/* basic constraints */
/* */
/* Parameters */
/* input */
/* extlist - pointer to extension list */
/* oid - OID of extension to be read (in DER) */
/* oidlen - length, in bytes, of OID */
/* output */
/* value - pointer to structure with extension values */
/* criticality - whether this extension was marked critical */
/* 1: critical */
/* 0: not critical */
/* */
/* Return */
/* 0 - okay */
/* TC_E_INVARGS - invalid arguments */
/* TC_E_NOMEMORY - out of memory */
/* TC_E_EXTENSION - error packing extension */
/* TC_E_EXTNOTSUPPORTED - given oid is not supported */
/******************************************************************/
int tc_getextval(void **value,
boolean *criticality,
const unsigned char *oid,
size_t oidlen,
const TC_ExtensionList *extlist,
TC_CONTEXT *ctx)
{
int status = 0;
int i = 0;
boolean extensionOIDSupported = PKIFALSE;
PKIExtension *myExt = NULL;
do
{
/* ----- Basic parameter checks ----- */
if ((extlist == (TC_ExtensionList *) 0) ||
(oidlen <= 0) ||
(value == NULL) ||
(ctx == NULL))
{
status = TC_E_INVARGS;
break;
} /* if */
/* ----- Check that provided OID has been implemented ----- */
while (supportedExtensions[i].oid != (unsigned char *) 0)
{
if ( supportedExtensions[i].oidlen == oidlen )
if (!memcmp((char *) supportedExtensions[i].oid,
(char *) oid,
oidlen))
if (supportedExtensions[i].ExtensionGetter != NULL)
{
extensionOIDSupported = PKITRUE;
break; /* from while loop */
} /* if */
i++;
} /* while */
if (! extensionOIDSupported)
{
status = TC_E_EXTNOTSUPPORTED;
break;
} /* if */
/* ----- Find the extension in the cert and get the value ----- */
status = tc_find_extension (&myExt,
extlist,
oid,
oidlen,
ctx);
if (status != 0)
break;
/* ----- check criticality ----- */
/* TODO: the "critical" argument to the Get*Value() functions can be
removed since we do this here */
*criticality = (myExt->critical && (myExt->critical->val != 0));
/* ----- get the extension value ------ */
status = ((* supportedExtensions[i].ExtensionGetter)
(value,
myExt,
ctx));
if (status != 0)
break;
} while(/* CONSTCOND */ 0);
/* --- cleanup : value and criticality
are either correct or unchanged --- */
return(status);
} /* tc_getextval */
/******************************************************************/
/* AddKeyUsageExt */
/******************************************************************/
/* Routine to set criticality and add key usage data */
/* to an extension list. */
/* */
/* Key usage extension is defined in ITU-T Recommendation X.509 */
/* Section 12.2.2.3 */
/* */
/* Given a current extension list and a string variable */
/* representing key usage data, make calls to create DER and */
/* append to the extension list. */
/* */
/* Caller is expected to free returned space when done. */
/* */
/* Parameters */
/* input */
/* ext - current extension list */
/* keyU - pointer to bit string filled by caller */
/* criticality - mark this extension as critical */
/* 1: critical */
/* 0: not critical */
/* -1: use default (false) */
/* output */
/* ext - updated extension list */
/* */
/* Return */
/* 0 - okay */
/* TC_E_INVARGS - invalid arguments */
/* TC_E_NOMEMORY - out of memory */
/* TC_E_EXTENSION - error packing extension */
/******************************************************************/
static int AddKeyUsageExt(TC_ExtensionList *ext,
const void *keyU,
int criticality,
TC_CONTEXT *ctx)
{
int status = 0;
unsigned char *derBuffer = NULL;
size_t derSize = 0;
boolean mycriticality;
unsigned int *keyUsage = NULL;
boolean defaultCriticality = PKITRUE; /* per PKIX part 1 */
keyUsage = (unsigned int *) keyU;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -