📄 certcset.c
字号:
&certInfoPtr->errorLocus, &certInfoPtr->errorType );
if( cryptStatusOK( status ) && \
certInfoPtr->currentSelection.updateCursor )
/* If we couldn't update the cursor earlier on because the
attribute field in question hadn't been created yet, do it
now */
selectGeneralName( certInfoPtr,
certInfoPtr->currentSelection.generalName,
MAY_BE_ABSENT );
return( status );
}
if( isDNComponent( certInfoType ) )
{
/* Add the string component to the DN */
status = selectDN( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
CREATE_IF_ABSENT );
if( cryptStatusOK( status ) )
status = insertDNComponent( certInfoPtr->currentSelection.dnPtr,
certInfoType, certInfo, certInfoLength,
&certInfoPtr->errorType );
if( cryptStatusOK( status ) && \
certInfoPtr->currentSelection.updateCursor )
/* If we couldn't update the cursor earlier on because the
attribute field in question hadn't been created yet, do it
now */
selectGeneralName( certInfoPtr,
certInfoPtr->currentSelection.generalName,
MAY_BE_ABSENT );
if( cryptStatusError( status ) && status != CRYPT_ERROR_MEMORY )
certInfoPtr->errorLocus = certInfoType;
return( status );
}
/* If it's standard cert or CMS attribute, add it to the certificate */
if( ( certInfoType >= CRYPT_CERTINFO_FIRST_EXTENSION && \
certInfoType <= CRYPT_CERTINFO_LAST_EXTENSION ) || \
( certInfoType >= CRYPT_CERTINFO_FIRST_CMS && \
certInfoType <= CRYPT_CERTINFO_LAST_CMS ) )
{
int localCertInfoType = certInfoType;
/* Revocation reason codes are actually a single range of values
spread across two different extensions, so we adjust the
(internal) type based on the reason code value */
if( certInfoType == CRYPT_CERTINFO_CRLREASON || \
certInfoType == CRYPT_CERTINFO_CRLEXTREASON )
localCertInfoType = \
( *( ( int * ) certInfo ) < CRYPT_CRLREASON_LAST ) ? \
CRYPT_CERTINFO_CRLREASON : CRYPT_CERTINFO_CRLEXTREASON;
/* If it's a CRL, RTCS, or OCSP per-entry attribute, add the
attribute to the currently selected entry unless it's a
revocation request, in which case it goes in with the main
attributes */
if( isRevocationEntryComponent( localCertInfoType ) && \
certInfoPtr->type != CRYPT_CERTTYPE_REQUEST_REVOCATION )
{
if( certInfoPtr->type == CRYPT_CERTTYPE_RTCS_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_RTCS_RESPONSE )
{
if( certInfoPtr->currentValidity == NULL )
return( CRYPT_ERROR_NOTFOUND );
return( addAttributeField( \
&certInfoPtr->currentValidity->attributes,
localCertInfoType, CRYPT_ATTRIBUTE_NONE,
certInfo, certInfoLength, ATTR_FLAG_NONE,
&certInfoPtr->errorLocus, &certInfoPtr->errorType ) );
}
if( certInfoPtr->currentRevocation == NULL )
return( CRYPT_ERROR_NOTFOUND );
return( addAttributeField( \
&certInfoPtr->currentRevocation->attributes,
localCertInfoType, CRYPT_ATTRIBUTE_NONE,
certInfo, certInfoLength, ATTR_FLAG_NONE,
&certInfoPtr->errorLocus, &certInfoPtr->errorType ) );
}
return( addAttributeField( &certInfoPtr->attributes,
localCertInfoType, CRYPT_ATTRIBUTE_NONE, certInfo, certInfoLength,
ATTR_FLAG_NONE, &certInfoPtr->errorLocus, &certInfoPtr->errorType ) );
}
/* If it's anything else, handle it specially */
switch( certInfoType )
{
case CRYPT_CERTINFO_SELFSIGNED:
if( *( ( int * ) certInfo ) )
certInfoPtr->flags |= CERT_FLAG_SELFSIGNED;
else
certInfoPtr->flags &= ~CERT_FLAG_SELFSIGNED;
return( CRYPT_OK );
case CRYPT_CERTINFO_XYZZY:
return( setXyzzyInfo( certInfoPtr ) );
case CRYPT_CERTINFO_CURRENT_CERTIFICATE:
return( setCertCursorInfo( certInfoPtr,
*( ( int * ) certInfo ) ) );
case CRYPT_CERTINFO_CURRENT_EXTENSION:
case CRYPT_CERTINFO_CURRENT_FIELD:
case CRYPT_CERTINFO_CURRENT_COMPONENT:
return( setCursorInfo( certInfoPtr, certInfoType,
*( ( int * ) certInfo ) ) );
case CRYPT_CERTINFO_TRUSTED_USAGE:
certInfoPtr->trustedUsage = *( ( int * ) certInfo );
return( CRYPT_OK );
case CRYPT_CERTINFO_TRUSTED_IMPLICIT:
return( krnlSendMessage( certInfoPtr->ownerHandle,
IMESSAGE_SETATTRIBUTE,
&certInfoPtr->objectHandle,
*( ( int * ) certInfo ) ? \
CRYPT_IATTRIBUTE_CERT_TRUSTED : \
CRYPT_IATTRIBUTE_CERT_UNTRUSTED ) );
case CRYPT_CERTINFO_SIGNATURELEVEL:
certInfoPtr->signatureLevel = *( ( int * ) certInfo );
return( CRYPT_OK );
case CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO:
return( copyPublicKeyInfo( certInfoPtr,
*( ( CRYPT_HANDLE * ) certInfo ),
NULL ) );
case CRYPT_CERTINFO_CERTIFICATE:
/* If it's a certificate, copy across various components or
store the entire cert where required */
status = krnlSendMessage( *( ( CRYPT_HANDLE * ) certInfo ),
IMESSAGE_GETDEPENDENT, &addedCert,
OBJECT_TYPE_CERTIFICATE );
if( cryptStatusError( status ) )
return( status );
/* If it's a cert chain, we're adding the complete cert, just
store it and exit */
if( certInfoPtr->type == CRYPT_CERTTYPE_CERTCHAIN )
{
int i;
if( certInfoPtr->certChainEnd >= MAX_CHAINLENGTH - 1 )
return( CRYPT_ERROR_OVERFLOW );
/* Perform a simple check to make sure that it hasn't been
added already */
for( i = 0; i < certInfoPtr->certChainEnd; i++ )
if( cryptStatusOK( \
krnlSendMessage( addedCert, IMESSAGE_COMPARE,
&certInfoPtr->certChain[ i ],
MESSAGE_COMPARE_CERTOBJ ) ) )
{
setErrorInfo( certInfoPtr,
CRYPT_CERTINFO_CERTIFICATE,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
/* Add the user cert and increment its reference count */
krnlSendNotifier( addedCert, IMESSAGE_INCREFCOUNT );
certInfoPtr->certChain[ certInfoPtr->certChainEnd++ ] = addedCert;
return( CRYPT_OK );
}
/* For remaining operations we need access to the user cert
internals */
status = krnlGetObject( addedCert, OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyUserCertInfo( certInfoPtr, addedCertInfoPtr,
*( ( CRYPT_HANDLE * ) certInfo ) );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_CERTINFO_CACERTIFICATE:
/* We can't add another CA cert if there's already one present,
in theory this is valid but it's more likely to be an
implementation problem than an attempt to query multiple CAs
through a single responder */
if( certInfoPtr->certHashSet )
{
setErrorInfo( certInfoPtr, CRYPT_CERTINFO_CACERTIFICATE,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
assert( certInfoPtr->version == 1 );
/* Get the cert handle and make sure that it really is a CA
cert */
status = krnlSendMessage( *( ( CRYPT_HANDLE * ) certInfo ),
IMESSAGE_GETDEPENDENT, &addedCert,
OBJECT_TYPE_CERTIFICATE );
if( cryptStatusError( status ) )
return( status );
if( cryptStatusError( \
krnlSendMessage( addedCert, IMESSAGE_CHECK, NULL,
MESSAGE_CHECK_CA ) ) )
return( CRYPT_ARGERROR_NUM1 );
status = krnlGetObject( addedCert, OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyCaCertInfo( certInfoPtr, addedCertInfoPtr );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_CERTINFO_SERIALNUMBER:
if( certInfoPtr->serialNumber != NULL )
{
setErrorInfo( certInfoPtr, CRYPT_CERTINFO_SERIALNUMBER,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
return( setSerialNumber( certInfoPtr, certInfo,
certInfoLength ) );
case CRYPT_CERTINFO_SUBJECTNAME:
case CRYPT_CERTINFO_ISSUERNAME:
if( *( ( int * ) certInfo ) != CRYPT_UNUSED )
return( CRYPT_ARGERROR_NUM1 );
return( selectDN( certInfoPtr, certInfoType, MAY_BE_ABSENT ) );
case CRYPT_CERTINFO_VALIDFROM:
case CRYPT_CERTINFO_THISUPDATE:
{
time_t certTime = *( ( time_t * ) certInfo );
if( certInfoPtr->startTime )
{
setErrorInfo( certInfoPtr, certInfoType,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
if( certInfoPtr->endTime && certTime >= certInfoPtr->endTime )
{
setErrorInfo( certInfoPtr,
( certInfoType == CRYPT_CERTINFO_VALIDFROM ) ? \
CRYPT_CERTINFO_VALIDTO : CRYPT_CERTINFO_NEXTUPDATE,
CRYPT_ERRTYPE_CONSTRAINT );
return( CRYPT_ARGERROR_STR1 );
}
certInfoPtr->startTime = certTime;
return( CRYPT_OK );
}
case CRYPT_CERTINFO_VALIDTO:
case CRYPT_CERTINFO_NEXTUPDATE:
{
time_t certTime = *( ( time_t * ) certInfo );
if( certInfoPtr->endTime )
{
setErrorInfo( certInfoPtr, certInfoType,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
if( certInfoPtr->startTime && certTime <= certInfoPtr->startTime )
{
setErrorInfo( certInfoPtr,
( certInfoType == CRYPT_CERTINFO_VALIDTO ) ? \
CRYPT_CERTINFO_VALIDFROM : CRYPT_CERTINFO_THISUPDATE,
CRYPT_ERRTYPE_CONSTRAINT );
return( CRYPT_ARGERROR_STR1 );
}
certInfoPtr->endTime = certTime;
return( CRYPT_OK );
}
case CRYPT_CERTINFO_CERTREQUEST:
/* Make sure that we haven't already got a public key or DN
present */
if( ( certInfoPtr->iPubkeyContext != CRYPT_ERROR || \
certInfoPtr->publicKeyInfo != NULL ) || \
certInfoPtr->subjectName != NULL )
{
setErrorInfo( certInfoPtr, CRYPT_CERTINFO_CERTREQUEST,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
status = krnlGetObject( *( ( CRYPT_CERTIFICATE * ) certInfo ),
OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyCertReqInfo( certInfoPtr, addedCertInfoPtr );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_CERTINFO_REVOCATIONDATE:
{
time_t certTime = *( ( time_t * ) certInfo ), *revocationTimePtr;
/* If there's a specific invalid/revoked cert selected, set its
invalidity/revocation time, otherwise if there are invalid/
revoked certs present set the first cert's invalidity/
revocation time, otherwise set the default invalidity/
revocation time */
if( certInfoPtr->type == CRYPT_CERTTYPE_RTCS_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_RTCS_RESPONSE )
revocationTimePtr = \
( certInfoPtr->currentValidity != NULL ) ? \
&certInfoPtr->currentValidity->invalidityTime : \
( certInfoPtr->validityInfo != NULL ) ? \
&certInfoPtr->validityInfo->invalidityTime : \
&certInfoPtr->revocationTime;
else
revocationTimePtr = \
( certInfoPtr->currentRevocation != NULL ) ? \
&certInfoPtr->currentRevocation->revocationTime : \
( certInfoPtr->revocations != NULL ) ? \
&certInfoPtr->revocations->revocationTime : \
&certInfoPtr->revocationTime;
if( *revocationTimePtr )
{
setErrorInfo( certInfoPtr, certInfoType,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( CRYPT_ERROR_INITED );
}
*revocationTimePtr = certTime;
return( CRYPT_OK );
}
case CRYPT_CERTINFO_DN:
return( getEncodedDn( certInfoPtr, certInfo, certInfoLength ) );
case CRYPT_IATTRIBUTE_CRLENTRY:
{
STREAM stream;
assert( certInfoPtr->type == CRYPT_CERTTYPE_CRL );
/* The revocation information is being provided to us in pre-
encoded form from a cert store, decode it so that we can add
it to the CRL */
sMemConnect( &stream, certInfo, certInfoLength );
status = readCRLentry( &stream, &certInfoPtr->revocations,
&certInfoPtr->errorLocus,
&certInfoPtr->errorType );
sMemDisconnect( &stream );
return( status );
}
case CRYPT_IATTRIBUTE_CERTCOLLECTION:
return( copyCertChain( certInfoPtr,
*( ( CRYPT_CERTIFICATE * ) certInfo ),
TRUE ) );
case CRYPT_IATTRIBUTE_RTCSREQUEST:
status = krnlGetObject( *( ( CRYPT_CERTIFICATE * ) certInfo ),
OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyRtcsReqInfo( certInfoPtr, addedCertInfoPtr );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_IATTRIBUTE_OCSPREQUEST:
status = krnlGetObject( *( ( CRYPT_CERTIFICATE * ) certInfo ),
OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyOcspReqInfo( certInfoPtr, addedCertInfoPtr );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_IATTRIBUTE_REVREQUEST:
status = krnlGetObject( *( ( CRYPT_CERTIFICATE * ) certInfo ),
OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyRevReqInfo( certInfoPtr, addedCertInfoPtr );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_IATTRIBUTE_PKIUSERINFO:
status = krnlGetObject( *( ( CRYPT_HANDLE * ) certInfo ),
OBJECT_TYPE_CERTIFICATE,
( void ** ) &addedCertInfoPtr,
CRYPT_ARGERROR_NUM1 );
if( cryptStatusError( status ) )
return( status );
status = copyPkiUserInfo( certInfoPtr, addedCertInfoPtr );
krnlReleaseObject( addedCertInfoPtr->objectHandle );
return( status );
case CRYPT_IATTRIBUTE_AUTHCERTID:
assert( certInfoLength == KEYID_SIZE );
memcpy( certInfoPtr->authCertID, certInfo, KEYID_SIZE );
return( CRYPT_OK );
}
/* Everything else isn't available */
assert( NOTREACHED );
return( CRYPT_ARGERROR_VALUE );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -