📄 extensions.c
字号:
localNameList->elt[i] = asnName;
localNameList->n = i+1;
}
}
while(0);
return status;
} /* tc_GEN_NAMES_to_PKIGeneralNames */
/*****
*
* Both SubjectAltName and IssuerAltName are just renames of GeneralNames.
* So the same routine can be used to generate the DER for both. This
* routine will just deal with the GeneralNames DER. We currently only
* support a subset of the values allowed in the GeneralName CHOICE (see the
* switch below).
*
* parameters
* input
* nameList - the list of general names provided by the user
*
* output
* derBuffer - a pointer to a buffer that will be allocated to hold
* the DER
* derBuffLen - length of above
*
* returns
*
*****/
static int
CreateGeneralNamesDER (unsigned char **derBuffer,
size_t *derBuffLen,
TC_GEN_NAMES_LIST_T *nameList,
TC_CONTEXT *ctx)
{
PKIGeneralNames *localNameList = NULL;
int status = 0;
int error = 0;
do
{
localNameList=PKINewGeneralNames(ctx->certasnctx);
status=tc_GEN_NAMES_to_PKIGeneralNames(localNameList,nameList,ctx);
if(status)
break;
/* pack up to get DER */
*derBuffLen = PKISizeofGeneralNames(ctx->certasnctx,
localNameList, PKITRUE);
if (*derBuffLen <= 0)
{
status = TC_E_OTHER;
break;
}
*derBuffer = TC_Alloc(ctx->memMgr, *derBuffLen);
if (*derBuffer == NULL)
{
status = TC_E_NOMEMORY;
break;
}
(void)PKIPackGeneralNames(ctx->certasnctx,
*derBuffer, *derBuffLen,
localNameList, &error);
if (error != 0)
{
status = TC_E_OTHER;
break;
}
}
while(0);
if (status != 0) {
if (*derBuffer != NULL)
TC_Free(ctx->memMgr, derBuffer);
*derBuffer = NULL;
*derBuffLen = 0;
}
if (localNameList != NULL) {
PKIFreeGeneralNames(ctx->certasnctx, localNameList);
}
return status;
} /* CreateGeneralNamesDER */
/*****
*
* Add an subject alternative name extension to the provided extension list.
*
* SubjectAltName extension is defined in
* ITU-T Recommendation X.509, sections ???.
*
* parameters
* input
* genNames - a pointer to the TC_GEN_NAMES_LIST_T structure
* criticality - mark this extension as critical
* 1: critical
* 0: not critical
* -1: use default (false)
*
* output
* ext - the extension list will be updated with the new extension
*
* return
* 0 - okay
* TC_E_INVARGS - invalid arguments
* TC_E_NOMEMORY - out of memory
* TC_E_EXTENSION - error packing extension
*
*****/
static int
AddSubjectAltNameExt(TC_ExtensionList *ext,
const void *genNames,
int criticality,
TC_CONTEXT *ctx)
{
int status = 0;
TC_GEN_NAMES_LIST_T *localNameList = (TC_GEN_NAMES_LIST_T *)genNames;
boolean mycriticality;
unsigned char *derBuffer = NULL;
size_t derSize = 0;
do {
/* check the provided names */
if ((status = CheckGeneralNames(localNameList)) != 0)
break;
/* set criticality */
if (criticality < 0)
mycriticality = PKIFALSE; /* the default is false */
else
mycriticality = (boolean)criticality;
/* create DER */
if ((status = CreateGeneralNamesDER(&derBuffer, &derSize,
localNameList,
ctx)) != 0)
break;
/* add to extension list */
if ((status = tc_add_extension(ext,
PKIid_ce_subjectAltName_OID,
PKIid_ce_subjectAltName_OID_LEN,
mycriticality,
derBuffer,
derSize,
ctx)) != 0)
break;
} while(0);
/* clean up */
if (derBuffer != NULL)
TC_Free(ctx->memMgr, derBuffer);
return status;
} /* AddSubjectAltNameExt */
/*****
*
* Add an issuer alternative name extension to the provided extension list.
*
* IssuerAltName extension is defined in
* ITU-T Recommendation X.509, section ???.
*
* parameters
* input
* genNames - a pointer to the TC_GEN_NAMES_LIST_T structure
* criticality - mark this extension as critical
* 1: critical
* 0: not critical
* -1: use default (false)
*
* output
* ext - the extension list will be updated with the new extension
*
* return
* 0 - okay
* TC_E_INVARGS - invalid arguments
* TC_E_NOMEMORY - out of memory
* TC_E_EXTENSION - error packing extension
*
*****/
static int
AddIssuerAltNameExt(TC_ExtensionList *ext,
const void *genNames,
int criticality,
TC_CONTEXT *ctx)
{
int status = 0;
TC_GEN_NAMES_LIST_T *localNameList = (TC_GEN_NAMES_LIST_T *)genNames;
boolean mycriticality;
unsigned char *derBuffer = NULL;
size_t derSize = 0;
do {
/* check the provided names */
if ((status = CheckGeneralNames(localNameList)) != 0)
break;
/* set criticality */
if (criticality < 0)
mycriticality = PKIFALSE; /* the default is false */
else
mycriticality = (boolean)criticality;
/* create DER */
if ((status = CreateGeneralNamesDER(&derBuffer, &derSize,
localNameList,
ctx)) != 0)
break;
/* add to extension list */
if ((status = tc_add_extension(ext,
PKIid_ce_issuerAltName_OID,
PKIid_ce_issuerAltName_OID_LEN,
mycriticality,
derBuffer,
derSize,
ctx)) != 0)
break;
} while(0);
/* clean up */
if (derBuffer != NULL)
TC_Free(ctx->memMgr, derBuffer);
return status;
} /* AddIssuerAltNameExt */
static int tc_PKIGeneralNameToTC (TC_GEN_NAME_T *name, /* OUT */
PKIGeneralName *asnName, /* IN */
TC_CONTEXT *ctx) /* IN */
{
PKIVariableBlock *asnblock;
int status=0;
switch(asnName->CHOICE_field_type)
{
case PKIrfc822Name_GeneralNameFieldTag:
name->nameType = TC_rfc822Name;
asnblock = (PKIVariableBlock *)asnName->data;
name->nameLen = asnblock->len;
name->name = (void *)TC_Alloc(ctx->memMgr,
asnblock->len);
if (name->name == NULL) {
status = TC_E_NOMEMORY;
break;
}
memcpy(name->name, asnblock->val, asnblock->len);
break;
case PKIdNSName_GeneralNameFieldTag:
name->nameType = TC_dNSName;
asnblock = (PKIVariableBlock *)asnName->data;
name->nameLen = asnblock->len;
name->name = (void *)TC_Alloc(ctx->memMgr,
asnblock->len);
if (name->name == NULL) {
status = TC_E_NOMEMORY;
break;
}
memcpy(name->name, asnblock->val, asnblock->len);
break;
case PKIdirectoryName_GeneralNameFieldTag:
name->nameType = TC_directoryName;
name->nameLen = 0; /* not used for Name type */
status = CopyName((PKIName **)(&name->name),
(PKIName *)asnName->data,
ctx);
break;
case PKIuniformResourceIdentifier_GeneralNameFieldTag:
name->nameType = TC_uniformResourceIdentifier;
asnblock = (PKIVariableBlock *)asnName->data;
name->nameLen = asnblock->len;
name->name = (void *)TC_Alloc(ctx->memMgr,
asnblock->len);
if (name->name == NULL) {
status = TC_E_NOMEMORY;
break;
}
memcpy(name->name, asnblock->val, asnblock->len);
break;
case PKIiPAddress_GeneralNameFieldTag:
name->nameType = TC_iPAddress;
asnblock = (PKIVariableBlock *)asnName->data;
name->nameLen = asnblock->len;
name->name = (void *)TC_Alloc(ctx->memMgr, asnblock->len);
if (name->name == NULL) {
status = TC_E_NOMEMORY;
break;
}
memcpy(name->name, asnblock->val, asnblock->len);
break;
case PKIregisteredID_GeneralNameFieldTag:
name->nameType = TC_registeredID;
asnblock = (PKIVariableBlock *)asnName->data;
name->nameLen = asnblock->len;
name->name = (void *)TC_Alloc(ctx->memMgr, asnblock->len);
if (name->name == NULL) {
status = TC_E_NOMEMORY;
break;
}
memcpy(name->name, asnblock->val, asnblock->len);
break;
default:
status = TC_E_OTHER;
break;
} /* switch */
return status;
} /* tc_PKIGeneralNameToTC */
/*****
*
* Converts GeneralName from ASN.1 compiler to TIS/CMS structures.
* Note: this function makes a copy of the data, so the caller is responsible
* for free'ing data returned by this function, most likely with
* tc_free_gennamelist().
*
* inputs
*
* returns
* 0 - okay
*/
int tc_PKIGeneralNamesToTC (TC_GEN_NAMES_LIST_T **tc, /* OUT */
PKIGeneralNames *asnNameList, /* IN */
TC_CONTEXT *ctx) /* IN */
{
int i, status=0;
PKIGeneralName *asnName;
TC_GEN_NAME_T *name;
TC_GEN_NAMES_LIST_T *localNameList =
(TC_GEN_NAMES_LIST_T *)TC_Alloc(ctx->memMgr,
sizeof(TC_GEN_NAMES_LIST_T));
if (localNameList == NULL)
return TC_E_NOMEMORY;
*tc=localNameList;
for (i = 0; i < PKIMAX_GeneralNames; i++)
localNameList->names[i] = NULL;
localNameList->numberOfNames = 0;
for (i = 0; i < asnNameList->n; i++) {
asnName = asnNameList->elt[i];
name = (TC_GEN_NAME_T *)TC_Alloc(ctx->memMgr, sizeof(TC_GEN_NAME_T));
if (name == NULL) {
status = TC_E_NOMEMORY;
break;
}
status = tc_PKIGeneralNameToTC(name,asnName,ctx);
if (status != 0)
break;
localNameList->names[i] = name;
localNameList->numberOfNames = i+1;
} /* for each name */
return status;
}
/*****
*
* Unpack and return the values in a subject or issuer alternative name
* extension. Since both subject and issuer alt. name are just renames
* of GeneralNames, this routine just needs to deal with GeneralNames.
* We currently only deal with a subset of the allowed values in GeneralName
* (see the switch below).
*
* parameters
* intput
* ext - the extension to process
*
* output
* genNames - a TC_GEN_NAMES_LIST_T structure will be returned containing
* the values from the extension
*
* returns
* 0 - okay
*****/
static int
GetAlternativeNameExt(void **genNames,
const PKIExtension *ext,
TC_CONTEXT *ctx)
{
int status = 0;
int error = 0;
PKIGeneralNames *asnNameList = NULL;
TC_GEN_NAMES_LIST_T *localNameList = NULL;
do {
/* unpack extension data */
(void)PKIUnpackGeneralNames(ctx->certasnctx,
&asnNameList,
ext->extnValue.val,
ext->extnValue.len, &error);
if (error != 0 || asnNameList == NULL) {
status = TC_E_EXTENSION;
break;
}
/* convert ASN compiler structure to TIS/CMS structure */
status = tc_PKIGeneralNamesToTC(&localNameList,asnNameList,ctx);
if (status != 0)
break;
} while(0);
PKIFreeGeneralNames(ctx->certasnctx, asnNameList);
if (status != 0) {
tc_free_gennamelist(localNameList, ctx);
localNameList = NULL;
}
*genNames = (void *)localNameList;
return status;
} /* GetAlternativeNameExt */
/*****
*
*
*****/
int tc_free_gennamelist(TC_GEN_NAMES_LIST_T *list, TC_CONTEXT *ctx)
{
int i;
if (list == NULL)
retur⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -