📄 icdistrict.c
字号:
VoltLibCtx *libCtx
)
{
unsigned int index;
if (params == (icDistrictParameters *)0)
return;
if (params->pubParams != (icPublicParameters *)0)
icPublicParameters_free (params->pubParams);
for (index = 0; index < params->certCount; ++index)
VtDestroyCertObject (&(params->certList[index]));
if (params->certList != (VtCertObject *)0)
Z2Free (params->certList);
VtDestroyPkcs7Object (¶ms->p7SignedData);
if (params->asn1DomainCert != (Asn1X509Cert *)0)
Asn1X509Cert_free (params->asn1DomainCert);
Z2Free (params);
}
static int icDistrictParametersGetDomainCert (
icDistrictParameters *params,
Asn1X509Cert **getCert,
VoltLibCtx *libCtx
)
{
int status;
VoltCertObject *obj;
Asn1X509Cert *newCert = (Asn1X509Cert *)0;
unsigned char *tempBuf;
VOLT_DECLARE_FNCT_LINE (fnctLine)
do
{
/* If there are no certs, undefined.
*/
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_INVALID_DIST_PARAMS;
if (params->certList == (VtCertObject *)0)
break;
if (params->certCount != 2)
break;
/* If we don't have the domain cert object built yet, build it now.
*/
if (params->asn1DomainCert == (Asn1X509Cert *)0)
{
obj = (VoltCertObject *)(params->certList[1]);
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_INVALID_DIST_PARAMS;
tempBuf = obj->certificate.data;
d2i_Asn1X509Cert (&newCert, &tempBuf, obj->certificate.len);
if (newCert == (Asn1X509Cert *)0)
break;
params->asn1DomainCert = newCert;
}
*getCert = params->asn1DomainCert;
status = 0;
} while (0);
if (status == 0)
return (0);
if (newCert != (Asn1X509Cert *)0)
Asn1X509Cert_free (newCert);
VOLT_LOG_ERROR (
(VtLibCtx)libCtx, status, VT_ERROR_TYPE_PRIMARY, fnctLine,
"icDistrictParametersGetDomainCert", (char *)0)
return (status);
}
/* Tries to find district Parameters based on the district name
*/
int icRetrieveDistrictParameters (
icDistrictParameters **params,
char **paramsText,
unsigned char *domain,
unsigned char *district,
icHTTPfn httpFn,
void *httpFnAppData,
unsigned char *trustStore,
unsigned long timeOut,
VtMpIntCtx mpCtx,
VoltLibCtx *libCtx
)
{
int ret, max, responseCode, result = 0;
unsigned int responseLen;
char *server = (char *)0;
char *response = (char *)0;
char *url = (char *)0;
char *checkDomain= (char *)0;
char *commonName = (char *)0;
char *escapedDistrict = (char *)0;
Asn1X509Cert *getCert = (Asn1X509Cert*)0;
VoltHttpRequestInfo reqInfo;
VOLT_DECLARE_ERROR_TYPE (errorType)
VOLT_DECLARE_FNCT_LINE (fnctLine)
/* Assuming we have some domain name to check...
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
if (district != (void *)0)
{
VOLT_SET_FNCT_LINE (fnctLine)
if (icIsStringlower (district, libCtx) != 1)
{
result = VT_ERROR_INVALID_PARAMS;
goto cleanup3;
}
/* Try to find server based on the district */
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
result = icDistrictToParameterServer (district, &server, libCtx);
if (result != 0)
{
result = VT_ERROR_INVALID_PARAMS;
goto cleanup3;
}
/* Construct district name out of server name
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
max = Z2Strlen (district) + 4;
escapedDistrict = (char *)Z3Malloc (max + 1);
if (escapedDistrict == (void *)0)
{
result = VT_ERROR_MEMORY;
goto cleanup3;
}
Z2Strcpy (escapedDistrict, district);
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
result = icStrrepl (&escapedDistrict, "#", "%23", libCtx);
if (result != 0)
goto cleanup3;
/* create url out of all the params */
VOLT_SET_FNCT_LINE (fnctLine)
result = icBuildURLAlloc (
libCtx, VOLT_IC_URL_PARAMS, "https://", server, escapedDistrict, &url);
if (result != 0)
goto cleanup3;
}
else if (domain != (void *)0)
{
/* if no district given we will go with a domain
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
if (icIsStringlower (domain, libCtx) != 1)
{
result = VT_ERROR_INVALID_PARAMS;
goto cleanup3;
}
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
result = icDomainToParameterServer (domain, &server, libCtx);
if (result != 0)
goto cleanup3;
VOLT_SET_FNCT_LINE (fnctLine)
result = icBuildURLAlloc (
libCtx, VOLT_IC_URL_PARAMS, "https://", server, domain, &url);
if (result != 0)
goto cleanup3;
}
else
{
/* else there is no way for us to find domain.
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
result = VT_ERROR_INVALID_PARAMS;
goto cleanup3;
}
/* Build the final URL to send the request to
* And then Send request to the server,
* get response and responceCode back
*/
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
reqInfo.requestType = VOLT_REQUEST_TYPE_GET;
reqInfo.requestData = (Pointer)libCtx;
result = httpFn (
&reqInfo, &response, &responseCode, url,
0, trustStore, timeOut, httpFnAppData);
if (result != 0)
goto cleanup3;
if (responseCode != 200)
{
/* Error trying to retrieve information in the server
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
result = VT_ERROR_DOWNLOAD_FAILURE;
goto cleanup3;
}
/* Create parameters out of the response
*/
responseLen = Z2Strlen (response);
VOLT_SET_FNCT_LINE (fnctLine)
result = icDistrictParametersNew (
params, response, responseLen, mpCtx, libCtx);
if (result != 0)
goto cleanup3;
if ((*params)->version >= 2)
{
/* Get certificate from a parameter
*/
VOLT_SET_FNCT_LINE (fnctLine)
result = icDistrictParametersGetDomainCert (
*params, &getCert, libCtx);
if (result != 0)
goto cleanup3;
/* Find name in the certificate
*/
VOLT_SET_FNCT_LINE (fnctLine)
result = icGetCNFromCertAlloc (libCtx, getCert, &commonName);
if (result != 0)
goto cleanup3;
/* Find a domain based on district
*/
if (district != (void *)0)
{
VOLT_SET_FNCT_LINE (fnctLine)
result = icGetDomainFromDistrict (district, &checkDomain, libCtx);
if (result != 0)
goto cleanup3;
}
else
{
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
result = Z2Strdup (domain, &checkDomain);
if (result != 0)
goto cleanup3;
}
/* Check if name of domain matches the name in the certificate
*/
ret = Z2Strcmp (commonName, checkDomain);
if (ret != 0)
{
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
result = VT_ERROR_DISTRICT_NOT_VERIFIED;
goto cleanup3;
}
}
/* If these are V1 parameters, we're validated by the SSL
*/
*paramsText = response;
cleanup3:
if (escapedDistrict != (char *)0)
Z2Free (escapedDistrict);
if (server != (char *)0)
Z2Free (server);
if (url != (char *)0)
Z2Free (url);
if (checkDomain != (char *)0)
Z2Free (checkDomain);
if (commonName != (char *)0)
Z2Free (commonName);
if (result == 0)
return (0);
/* If there was an error, destroy this object.
*/
if (*params != (icDistrictParameters*)0)
icDistrictParametersFree (*params, libCtx);
*params = (icDistrictParameters*)0;
if (response != (char *)0)
Z2Free (response);
VOLT_LOG_ERROR (
(VtLibCtx)libCtx, result, errorType, fnctLine,
"icRetrieveDistrictParameters", (char *)0)
return (result);
}
int icGetDomainFromDistrict (
char *district,
char** retl,
VoltLibCtx *libCtx
)
{
int status;
unsigned int len;
char *retVal = (unsigned char *)0;
char *pound;
VOLT_DECLARE_ERROR_TYPE (errorType)
VOLT_DECLARE_FNCT_LINE (fnctLine)
do
{
/* Find the #
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_INVALID_INPUT;
pound = (char *)Z2Strchr (district, '#');
if (pound == (char *)0)
break;
len = (unsigned int)pound - (unsigned int)district;
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_MEMORY;
retVal = (char *)Z3Malloc (len + 1);
if (retVal == (char *)0)
break;
Z2Memcpy (retVal, district, len);
retVal[len] = 0;
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
status = icStringlower (retVal, libCtx);
if (status != 0)
break;
*retl = retVal;
} while (0);
if (status == 0)
return (0);
/* If there's an error, free what we allocated and would have
* returned.
*/
if (retVal != (char *)0)
Z2Free (retVal);
VOLT_LOG_ERROR (
(VtLibCtx)libCtx, status, errorType, fnctLine,
"icGetDomainFromDistrict", (char *)0)
return (status);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -