📄 extensions.c
字号:
do {
/* ------ Basic parameter checks ------ */
/* Parameters checked by tc_setextval */
/* ---------- Set criticality ------------------ */
if (criticality < 0) /* use default criticality */
mycriticality = defaultCriticality;
else /* take override value */
mycriticality = (boolean) criticality;
/* ------- Create DER buffer and add to extensions list ------- */
if ( (status = CreateKeyUsageDER(*keyUsage,
&derBuffer,
&derSize,
ctx)) < 0 )
{
break;
} /* if */
if ( (status = tc_add_extension(ext,
PKIid_ce_keyUsage_OID,
PKIid_ce_keyUsage_OID_LEN,
mycriticality,
derBuffer,
derSize,
ctx)) < 0 )
{
break;
} /* if */
} while (/* CONSTCOND */ 0);
/* ------- Clean up: free unneeded space ------ */
TC_Free(ctx->memMgr, derBuffer);
return status;
} /* AddKeyUsageExt */
/******************************************************************/
/* AddBasicConstraintsExt */
/******************************************************************/
/* Routine to set criticality and add basic constraints data */
/* to an extension list. */
/* */
/* Basic constraints extension is defined in ITU-T Recommendation */
/* X.509 Section 12.4.2.1 */
/* */
/* Given a current extension list and a simple structure */
/* representing basic constraints, make calls to create DER and */
/* append to the extension list. */
/* */
/* Caller is expected to free returned space when done. */
/* */
/* Parameters */
/* input */
/* ext - current extension list */
/* simpleBCons - basic cons. structure filled by caller */
/* criticality - mark this extension as critical */
/* 1: critical */
/* 0: not critical */
/* -1: use default (true) */
/* output */
/* ext - updated extension list */
/* */
/* Return */
/* 0 - okay */
/* TC_E_INVARGS - invalid arguments */
/* TC_E_NOMEMORY - out of memory */
/* TC_E_EXTENSION - error packing extension */
/******************************************************************/
static int AddBasicConstraintsExt(TC_ExtensionList *ext,
const void *simpleBC,
int criticality,
TC_CONTEXT *ctx)
{
int status = 0;
TC_BASIC_CONSTRAINT *simpleBCons = NULL;
unsigned char *derBuffer = NULL;
size_t derSize = 0;
boolean mycriticality;
boolean defaultCriticality = PKITRUE;
simpleBCons = (TC_BASIC_CONSTRAINT *) simpleBC;
do
{
/* ---------- Basic Parameter Checks ----------- */
/* cA must be a boolean */
/* ext and criticality checked by tc_setextval */
if ((simpleBCons->cA != 0) && (simpleBCons->cA != 1))
{
status = TC_E_INVARGS;
break;
} /* if */
/* ---------- Set criticality ------------------ */
if (criticality < 0) /* use default criticality */
mycriticality = defaultCriticality;
else /* take override value */
mycriticality = (boolean) criticality;
/* ------- Create DER buffer and add to extensions list ------- */
if ( (status = CreateBasicConstraintsDER( simpleBCons,
&derBuffer,
&derSize,
ctx) ) < 0)
{
break;
} /* if */
if ( (status = tc_add_extension( ext,
PKIid_ce_basicConstraints_OID,
PKIid_ce_basicConstraints_OID_LEN,
mycriticality,
derBuffer,
derSize,
ctx)) < 0 )
{
break;
} /* if */
} while (/* CONSTCOND */ 0);
/* ------- Clean up: free unneeded space ------ */
TC_Free(ctx->memMgr, derBuffer);
return status;
} /* AddBasicConstraintsExt */
/******************************************************************/
/* CreateKeyUsageDER */
/******************************************************************/
/* Routine to create the key usage extension DER */
/* */
/* Given the bits to turn on, create the DER for the bit string. */
/* Caller is expected to free returned space when done. */
/* */
/* Parameters */
/* input */
/* bits - the OR of all the bits that should be set */
/* output */
/* buf - pointer updated to location of DER block created */
/* size - size of DER block created */
/* */
/* Return */
/* 0 - okay */
/* TC_E_INVARGS - invalid arguments */
/* TC_E_NOMEMORY - out of memory */
/* TC_E_EXTENSION - error packing extension */
/******************************************************************/
static int CreateKeyUsageDER(unsigned int bits,
unsigned char **buf,
size_t *size,
TC_CONTEXT *ctx)
{
PKIKeyUsage *keyUsage = NULL;
unsigned char *bufPtr = NULL;
int errorRet = 0;
int status = 0;
unsigned char *localBits = NULL;
int lastUsedBit = sizeof (unsigned int) * 8 - 1;
int numUnusedBits = 0;
int bytesNeeded = 0;
int localBytes = 0;
int i;
int j;
do {
/* ------ Basic parameter checks ------ */
/* Note: input bits are interpreted from right to left */
/* i.e., 001101 means dig signature, key enciph, data enciph */
/* bits can have any value */
if ( buf == NULL || size == NULL )
{
status = TC_E_INVARGS;
break;
} /* if */
/* ----- Find end (high-bits) of one-bits in "bits" integer ----- */
if ( bits == 0) /* no key usage bits set */
lastUsedBit = 0;
else
while ((( bits >> lastUsedBit ) & 0x1 ) == 0 )
lastUsedBit--;
bytesNeeded = lastUsedBit / 8 + 1;
numUnusedBits = bytesNeeded * 8 - lastUsedBit - 1;
/* ----- Create a localBits array to hold just enough bytes ----- */
/* Note: localBits array is created for interpretation left */
/* to right. I.e., 1101000 means dig sig, non repud, data enciph */
localBits = (unsigned char *)TC_Alloc(ctx->memMgr,
sizeof(unsigned char) * bytesNeeded);
if (localBits == NULL)
{
status = TC_E_NOMEMORY;
break;
} /* if */
memset(localBits, 0, sizeof(unsigned char) * bytesNeeded);
/* ----- copy key usage bits into localbits ----- */
/* starting at low order byte, drop rightmost zeros, reverse
bit string and store in char array */
j = 7;
for (i = 0; i <= lastUsedBit ; i++)
{
localBits[ localBytes ] = localBits[ localBytes ] |
(unsigned char) ((( bits >> i ) & 0x1 ) << j );
j--;
/* reset for next byte */
if (j < 0)
{
localBytes++;
j = 7;
} /* if j */
} /* for */
/* ----- DEBUG: test to print localBits array ----- */
#ifdef DEBUG
fprintf(stderr, "CreateKeyUsageDER:input parameter bits: ");
print_bits (bits);
fprintf( stderr, "lastUsedBit: %i\n", lastUsedBit);
fprintf( stderr, "bytesNeeded: %i\n", bytesNeeded);
fprintf( stderr, "numUnusedBits: %i\n", numUnusedBits);
fprintf(stderr, "CreateKeyUsageDER:localBits array: ");
for (i = 0; i < bytesNeeded ; i++)
{
print_chars( localBits[i] );
} /* for */
fprintf(stderr, "\n");
#endif /* DEBUG */
/* ------ create key usage structure ------ */
keyUsage = PKINewKeyUsage(ctx->certasnctx);
if (keyUsage == (PKIKeyUsage *)0)
{
status = TC_E_NOMEMORY;
break;
} /* if */
status = PKIPutBitString(ctx->certasnctx,
keyUsage, /* maps to a BIT_STRING type */
localBits,
bytesNeeded,
numUnusedBits);
if (status != 0)
{
break;
} /* if */
/* ------ allocate memory for key usage DER buffer ------ */
*size = PKISizeofKeyUsage(ctx->certasnctx, keyUsage, PKITRUE);
bufPtr = (unsigned char *)TC_Alloc(ctx->memMgr, *size);
if (bufPtr == (unsigned char *)0)
{
status = TC_E_NOMEMORY;
break;
} /* if */
/* ------ pack key usage data from C structure to DER buffer ------ */
(void) PKIPackKeyUsage(ctx->certasnctx, bufPtr,
*size, keyUsage, &errorRet);
if( errorRet != 0 )
{
status = TC_E_EXTENSION;
break;
} /* if */
} while (0);
/* ------- Clean up: free unneeded space ------ */
if (status < 0)
{
TC_Free(ctx->memMgr, bufPtr);
bufPtr = NULL;
*size = 0;
} /* if */
PKIFreeKeyUsage(ctx->certasnctx, keyUsage);
TC_Free(ctx->memMgr, localBits);
*buf = bufPtr;
return status;
} /* CreateKeyUsageDER */
/******************************************************************/
/* CreateBasicConstraintsDER */
/******************************************************************/
/* Routine to create the basic constraints extension DER */
/* */
/* Given whether the cert will be for a CA and the CA path */
/* length, create the DER. */
/* */
/* Caller is expected to free returned space when done. */
/* */
/* Parameters */
/* input */
/* CA - true for CA, false for non-CA cert */
/* path length - max number of CA certs that may follow */
/* this cert in a certification path */
/* output */
/* buf - pointer updated to location of DER block created */
/* size - size of DER block created */
/* */
/* Return */
/* 0 - okay */
/* TC_E_INVARGS - invalid arguments */
/* TC_E_NOMEMORY - out of memory */
/* TC_E_EXTENSION - error packing extension */
/******************************************************************/
static int CreateBasicConstraintsDER(const TC_BASIC_CONSTRAINT *simpleBCons,
unsigned char **buf,
size_t *size,
TC_CONTEXT *ctx)
{
PKIBasicConstraints *basicConstraints = NULL;
unsigned char *bufPtr = NULL;
int errorRet = 0;
int status = 0;
do {
/* ------ check the provided parameters ------ */
if ( buf == NULL || size == NULL || simpleBCons == NULL )
{
status = TC_E_INVARGS;
break;
} /* if */
/* ------ create basicConstraints structure ------ */
basicConstraints = PKINewBasicConstraints(ctx->certasnctx);
if (basicConstraints == (PKIBasicConstraints *)0)
{
status = TC_E_NOMEMORY;
break;
} /* if */
/* only provide the cA value if its not the default of FALSE */
if (simpleBCons->cA == PKITRUE) {
basicConstraints->cA = PKINewBOOLEAN(ctx->certasnctx);
if ((basicConstraints->cA) == (PKIBOOLEAN *) 0)
{
status = TC_E_NOMEMORY;
break;
} /* if basicConstraints */
if ( PKIPutBoolVal(ctx->certasnctx, basicConstraints->cA,
(int)simpleBCons->cA) == -1 )
{
status = TC_E_INVARGS;
break;
} /* if put_bool_val */
}
/* ------ if CA path length is needed, then allocate and add it ------ */
if ((simpleBCons->cA == PKITRUE) &&
(simpleBCons->pathLength >= 0 ))
{
basicConstraints->pathLenConstraint = PKINewINTEGER(ctx->certasnctx);
if ((basicConstraints->pathLenConstraint) == (PKIINTEGER *) 0)
{
status = TC_E_NOMEMORY;
break;
} /* if basicConstraints */
if ( PKIPutIntVal(ctx->certasnctx,
basicConstraints->pathLenConstraint,
(long)(simpleBCons->pathLength)) == -1 )
{
status = -1;
break;
} /* if put_int_val */
} /* if simpleBCons */
/* ------ allocate memory for basicConstraints DER buffer ------ */
*size = PKISizeofBasicConstraints(ctx->certasnctx,
basicConstraints, PKITRUE);
bufPtr = (unsigned char *)TC_Alloc(ctx->memMgr, *size);
if (bufPtr == (unsigned char *)0)
{
status = TC_E_NOMEMORY;
break;
} /* if */
/* ------ pack basicConstraints data from C structure to DER buffer --- */
(void) PKIPackBasicConstraints(ctx->certasnctx,
bufPtr, *size,
basicConstraints, &errorRet);
if( errorRet != 0 )
{
status = TC_E_EXTENSION;
break;
}
} while (0);
/* ------- Clean up: free unneeded space ------ */
if (status < 0)
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -