📄 comp_get.c
字号:
*certInfoPtr->currentSelection.dnPtr );
if( cryptStatusOK( status ) )
*certInfoLength = stell( &stream );
sMemDisconnect( &stream );
return( status );
}
case CRYPT_CERTINFO_PKIUSER_ID:
case CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD:
case CRYPT_CERTINFO_PKIUSER_REVPASSWORD:
return( getPkiUserInfo( certInfoPtr, certInfoType, certInfo,
certInfoLength ) );
case CRYPT_IATTRIBUTE_CRLENTRY:
return( getCrlEntry( certInfoPtr, certInfo, certInfoLength ) );
case CRYPT_IATTRIBUTE_SUBJECT:
#if 0
/* Normally these attributes are only present for signed objects
(i.e. ones that are in the high state), however CRMF requests
acting as CMP revocation requests aren't signed so we have to
set the ACLs to allow the attribute to be read in the low state
as well. Since this only represents a programming error rather
than a real access violation, we catch it here with an
assertion */
assert( ( certInfoPtr->type == CRYPT_CERTTYPE_REQUEST_REVOCATION && \
certInfoPtr->certificate == NULL ) || \
certInfoPtr->certificate != NULL );
#else
assert( certInfoPtr->certificate != NULL );
#endif /* 0 */
return( copyCertInfo( certInfo, certInfoLength,
certInfoPtr->subjectDNptr,
certInfoPtr->subjectDNsize ) );
case CRYPT_IATTRIBUTE_ISSUER:
return( copyCertInfo( certInfo, certInfoLength,
certInfoPtr->issuerDNptr,
certInfoPtr->issuerDNsize ) );
case CRYPT_IATTRIBUTE_ISSUERANDSERIALNUMBER:
return( getIAndS( certInfoPtr, certInfo, certInfoLength ) );
case CRYPT_IATTRIBUTE_SPKI:
{
BYTE *dataStartPtr = certInfo;
int status;
status = copyCertInfo( certInfo, certInfoLength,
certInfoPtr->publicKeyInfo,
certInfoPtr->publicKeyInfoSize );
if( cryptStatusOK( status ) && \
dataStartPtr != NULL && *dataStartPtr == MAKE_CTAG( 6 ) )
/* Fix up CRMF braindamage */
*dataStartPtr = BER_SEQUENCE;
return( status );
}
case CRYPT_IATTRIBUTE_CERTHASHALGO:
return( copyCertInfoValue( certInfo,
certInfoPtr->cCertCert->hashAlgo ) );
case CRYPT_IATTRIBUTE_RESPONDERURL:
{
const char *responderURL = \
( certInfoPtr->type == CRYPT_CERTTYPE_OCSP_REQUEST ) ? \
certInfoPtr->cCertRev->responderUrl : \
certInfoPtr->cCertVal->responderUrl;
/* An RTCS/OCSP URL may be present if it was copied over from a
cert that's being checked, however if there wasn't any
authorityInfoAccess information present the URL won't have
been initialised. Since this attribute isn't accessed via
the normal cert attribute mechanisms, we have to explictly
check for its non-presence */
if( responderURL == NULL )
return( CRYPT_ERROR_NOTFOUND );
return( copyCertInfo( certInfo, certInfoLength, responderURL,
( certInfoPtr->type == CRYPT_CERTTYPE_OCSP_REQUEST ) ? \
certInfoPtr->cCertRev->responderUrlSize : \
certInfoPtr->cCertVal->responderUrlSize ) );
}
case CRYPT_IATTRIBUTE_AUTHCERTID:
/* An authorising certificate identifier will be present if
the request was handled by cryptlib but not if it came from
an external source, so we have to make sure there's something
actually present before we try to return it */
if( !memcmp( certInfoPtr->cCertReq->authCertID,
"\x00\x00\x00\x00\x00\x00\x00\x00", 8 ) )
return( CRYPT_ERROR_NOTFOUND );
return( copyCertInfo( certInfo, certInfoLength,
certInfoPtr->cCertReq->authCertID,
KEYID_SIZE ) );
case CRYPT_IATTRIBUTE_ESSCERTID:
return( getESSCertID( certInfoPtr, certInfo, certInfoLength ) );
}
/* Everything else isn't available */
assert( NOTREACHED );
return( CRYPT_ARGERROR_VALUE );
}
/****************************************************************************
* *
* Delete a Component *
* *
****************************************************************************/
/* Delete a cert attribute */
static int deleteCertattribute( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType )
{
ATTRIBUTE_LIST *attributeListPtr;
const BOOLEAN isRevocationEntry = \
isRevocationEntryComponent( certInfoType ) ? TRUE : FALSE;
int status;
if( isRevocationEntry )
{
/* If it's an RTCS per-entry attribute, look for the attribute in
the currently selected entry */
if( certInfoPtr->type == CRYPT_CERTTYPE_RTCS_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_RTCS_RESPONSE )
{
const CERT_VAL_INFO *certValInfo = certInfoPtr->cCertVal;
if( certValInfo->currentValidity == NULL )
return( CRYPT_ERROR_NOTFOUND );
attributeListPtr = findAttributeFieldEx( \
certValInfo->currentValidity->attributes, certInfoType );
}
else
{
const CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
/* It's a CRL/OCSP per-entry attribute, look for the attribute
in the currently selected entry */
if( certRevInfo->currentRevocation == NULL )
return( CRYPT_ERROR_NOTFOUND );
attributeListPtr = findAttributeFieldEx( \
certRevInfo->currentRevocation->attributes, certInfoType );
}
}
else
attributeListPtr = findAttributeFieldEx( certInfoPtr->attributes,
certInfoType );
if( attributeListPtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
if( isDefaultFieldValue( attributeListPtr ) )
/* This is a non-present field in a present attribute with a default
value for the field. There isn't really any satisfactory return
code for this case, returning CRYPT_OK is wrong because the caller
can keep deleting the same field, and return CRYPT_NOTFOUND is
wrong because the caller may have added the attribute at an
earlier date but it was never written because it had the default
value, so that to the caller it appears that the field they added
has been lost. The least unexpected action is to return
CRYPT_OK */
return( CRYPT_OK );
if( isCompleteAttribute( attributeListPtr ) )
{
ATTRIBUTE_LIST *fieldAttributeListPtr;
ATTRIBUTE_LIST attributeListItem;
/* If the cert has a fleur de lis, make sure that it can't be scraped
off */
fieldAttributeListPtr = findAttribute( certInfoPtr->attributes,
certInfoType, TRUE );
if( fieldAttributeListPtr != NULL && \
fieldAttributeListPtr->flags & ATTR_FLAG_LOCKED )
return( CRYPT_ERROR_PERMISSION );
/* This is a non-present field in a present attribute that denotes an
entire (constructed) attribute, create a special list pseudo-entry
to convey this and delete the entire attribute */
memcpy( &attributeListItem, attributeListPtr, sizeof( ATTRIBUTE_LIST ) );
attributeListItem.intValue = certInfoType;
if( isRevocationEntry )
{
if( certInfoPtr->type == CRYPT_CERTTYPE_RTCS_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_RTCS_RESPONSE )
status = deleteAttribute( &certInfoPtr->cCertVal->currentValidity->attributes,
&certInfoPtr->attributeCursor,
&attributeListItem,
certInfoPtr->currentSelection.dnPtr );
else
status = deleteAttribute( &certInfoPtr->cCertRev->currentRevocation->attributes,
&certInfoPtr->attributeCursor,
&attributeListItem,
certInfoPtr->currentSelection.dnPtr );
}
else
status = deleteAttribute( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
&attributeListItem,
certInfoPtr->currentSelection.dnPtr );
}
else
{
/* If the cert has a fleur de lis, make sure that it can't be scraped
off */
if( attributeListPtr->flags & ATTR_FLAG_LOCKED )
return( CRYPT_ERROR_PERMISSION );
/* It's a single field, delete that */
if( isRevocationEntry )
{
if( certInfoPtr->type == CRYPT_CERTTYPE_RTCS_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_RTCS_RESPONSE )
status = deleteAttributeField( &certInfoPtr->cCertVal->currentValidity->attributes,
&certInfoPtr->attributeCursor,
attributeListPtr,
certInfoPtr->currentSelection.dnPtr );
else
status = deleteAttributeField( &certInfoPtr->cCertRev->currentRevocation->attributes,
&certInfoPtr->attributeCursor,
attributeListPtr,
certInfoPtr->currentSelection.dnPtr );
}
else
status = deleteAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
attributeListPtr,
certInfoPtr->currentSelection.dnPtr );
if( status == OK_SPECIAL )
/* We've deleted the attribute containing the currently selected
DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
}
return( CRYPT_OK );
}
/* Delete a certificate component */
int deleteCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType )
{
int status;
/* If it's a GeneralName or DN component, delete it. These are
special-case attribute values, so they have to come before the
general attribute-handling code */
if( isGeneralNameSelectionComponent( certInfoType ) )
{
CRYPT_ATTRIBUTE_TYPE attributeID, fieldID;
ATTRIBUTE_LIST *attributeListPtr;
/* Check whether this GeneralName is present */
status = selectGeneralName( certInfoPtr, certInfoType,
MUST_BE_PRESENT );
if( cryptStatusError( status ) )
return( status );
attributeID = certInfoPtr->attributeCursor->attributeID;
fieldID = certInfoPtr->attributeCursor->fieldID;
/* Delete each field in the GeneralName */
for( attributeListPtr = certInfoPtr->attributeCursor; \
attributeListPtr != NULL && \
attributeListPtr->attributeID == attributeID && \
attributeListPtr->fieldID == fieldID; \
attributeListPtr = attributeListPtr->next )
if( deleteAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor, attributeListPtr,
certInfoPtr->currentSelection.dnPtr ) == OK_SPECIAL )
/* We've deleted the attribute containing the currently
selected DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
return( CRYPT_OK );
}
if( isGeneralNameComponent( certInfoType ) )
{
ATTRIBUTE_LIST *attributeListPtr;
/* Check whether this GeneralName is present */
status = selectGeneralName( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
if( cryptStatusError( status ) )
return( status );
/* Delete the field within the GeneralName */
attributeListPtr = findAttributeField( certInfoPtr->attributeCursor,
certInfoPtr->attributeCursor->fieldID,
certInfoType );
if( attributeListPtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
if( deleteAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor, attributeListPtr,
certInfoPtr->currentSelection.dnPtr ) == OK_SPECIAL )
/* We've deleted the attribute containing the currently selected
DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
return( CRYPT_OK );
}
if( isDNComponent( certInfoType ) )
{
status = selectDN( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
if( cryptStatusOK( status ) )
status = deleteDNComponent( certInfoPtr->currentSelection.dnPtr,
certInfoType, NULL, 0 );
return( status );
}
/* If it's standard cert or CMS attribute, delete it */
if( ( certInfoType >= CRYPT_CERTINFO_FIRST_EXTENSION && \
certInfoType <= CRYPT_CERTINFO_LAST_EXTENSION ) || \
( certInfoType >= CRYPT_CERTINFO_FIRST_CMS && \
certInfoType <= CRYPT_CERTINFO_LAST_CMS ) )
return( deleteCertattribute( certInfoPtr, certInfoType ) );
/* If it's anything else, handle it specially */
switch( certInfoType )
{
case CRYPT_CERTINFO_SELFSIGNED:
if( !( certInfoPtr->flags & CERT_FLAG_SELFSIGNED ) )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->flags &= ~CERT_FLAG_SELFSIGNED;
return( CRYPT_OK );
case CRYPT_CERTINFO_CURRENT_CERTIFICATE:
case CRYPT_ATTRIBUTE_CURRENT_GROUP:
case CRYPT_ATTRIBUTE_CURRENT:
case CRYPT_ATTRIBUTE_CURRENT_INSTANCE:
if( certInfoPtr->attributeCursor == NULL )
return( CRYPT_ERROR_NOTFOUND );
if( certInfoType == CRYPT_ATTRIBUTE_CURRENT_GROUP )
status = deleteAttribute( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
certInfoPtr->attributeCursor,
certInfoPtr->currentSelection.dnPtr );
else
/* The current component and field are essentially the
same thing since a component is one of a set of
entries in a multivalued field, thus they're handled
identically */
status = deleteAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
certInfoPtr->attributeCursor,
certInfoPtr->currentSelection.dnPtr );
if( status == OK_SPECIAL )
/* We've deleted the attribute containing the currently
selected DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
return( CRYPT_OK );
case CRYPT_CERTINFO_TRUSTED_USAGE:
if( certInfoPtr->cCertCert->trustedUsage == CRYPT_ERROR )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->cCertCert->trustedUsage = CRYPT_ERROR;
return( CRYPT_OK );
case CRYPT_CERTINFO_TRUSTED_IMPLICIT:
return( krnlSendMessage( certInfoPtr->ownerHandle,
IMESSAGE_SETATTRIBUTE,
&certInfoPtr->objectHandle,
CRYPT_IATTRIBUTE_CERT_UNTRUSTED ) );
case CRYPT_CERTINFO_VALIDFROM:
case CRYPT_CERTINFO_THISUPDATE:
if( certInfoPtr->startTime <= 0 )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->startTime = 0;
return( CRYPT_OK );
case CRYPT_CERTINFO_VALIDTO:
case CRYPT_CERTINFO_NEXTUPDATE:
if( certInfoPtr->endTime <= 0 )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->endTime = 0;
return( CRYPT_OK );
case CRYPT_CERTINFO_SUBJECTNAME:
if( certInfoPtr->currentSelection.dnPtr == &certInfoPtr->subjectName )
/* If the DN we're about to delete is currently selected,
deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
deleteDN( &certInfoPtr->subjectName );
return( CRYPT_OK );
case CRYPT_CERTINFO_REVOCATIONDATE:
{
time_t *revocationTimePtr = getRevocationTimePtr( certInfoPtr );
if( revocationTimePtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
*revocationTimePtr = 0;
return( CRYPT_OK );
}
}
/* Everything else is an error */
assert( NOTREACHED );
return( CRYPT_ARGERROR_VALUE );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -