📄 ks_p12.c
字号:
/* * Copyright (c) 2004 - 2007 Kungliga Tekniska H鰃skolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */#include "hx_locl.h"RCSID("$Id: ks_p12.c 21146 2007-06-18 21:37:25Z lha $");struct ks_pkcs12 { hx509_certs certs; char *fn;};typedef int (*collector_func)(hx509_context, struct hx509_collector *, const void *, size_t, const PKCS12_Attributes *);struct type { const heim_oid * (*oid)(void); collector_func func;};static voidparse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, const void *, size_t, const PKCS12_Attributes *);static const PKCS12_Attribute *find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid){ int i; if (attrs == NULL) return NULL; for (i = 0; i < attrs->len; i++) if (der_heim_oid_cmp(oid, &attrs->val[i].attrId) == 0) return &attrs->val[i]; return NULL;}static intkeyBag_parser(hx509_context context, struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs){ const PKCS12_Attribute *attr; PKCS8PrivateKeyInfo ki; const heim_octet_string *os = NULL; int ret; attr = find_attribute(attrs, oid_id_pkcs_9_at_localKeyId()); if (attr) os = &attr->attrValues; ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL); if (ret) return ret; _hx509_collector_private_key_add(context, c, &ki.privateKeyAlgorithm, NULL, &ki.privateKey, os); free_PKCS8PrivateKeyInfo(&ki); return 0;}static intShroudedKeyBag_parser(hx509_context context, struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs){ PKCS8EncryptedPrivateKeyInfo pk; heim_octet_string content; int ret; memset(&pk, 0, sizeof(pk)); ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL); if (ret) return ret; ret = _hx509_pbe_decrypt(context, _hx509_collector_get_lock(c), &pk.encryptionAlgorithm, &pk.encryptedData, &content); free_PKCS8EncryptedPrivateKeyInfo(&pk); if (ret) return ret; ret = keyBag_parser(context, c, content.data, content.length, attrs); der_free_octet_string(&content); return ret;}static intcertBag_parser(hx509_context context, struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs){ heim_octet_string os; hx509_cert cert; PKCS12_CertBag cb; int ret; ret = decode_PKCS12_CertBag(data, length, &cb, NULL); if (ret) return ret; if (der_heim_oid_cmp(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType)) { free_PKCS12_CertBag(&cb); return 0; } ret = decode_PKCS12_OctetString(cb.certValue.data, cb.certValue.length, &os, NULL); free_PKCS12_CertBag(&cb); if (ret) return ret; ret = hx509_cert_init_data(context, os.data, os.length, &cert); der_free_octet_string(&os); if (ret) return ret; ret = _hx509_collector_certs_add(context, c, cert); if (ret) { hx509_cert_free(cert); return ret; } { const PKCS12_Attribute *attr; const heim_oid * (*oids[])(void) = { oid_id_pkcs_9_at_localKeyId, oid_id_pkcs_9_at_friendlyName }; int i; for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) { const heim_oid *oid = (*(oids[i]))(); attr = find_attribute(attrs, oid); if (attr) _hx509_set_cert_attribute(context, cert, oid, &attr->attrValues); } } hx509_cert_free(cert); return 0;}static intparse_safe_content(hx509_context context, struct hx509_collector *c, const unsigned char *p, size_t len){ PKCS12_SafeContents sc; int ret, i; memset(&sc, 0, sizeof(sc)); ret = decode_PKCS12_SafeContents(p, len, &sc, NULL); if (ret) return ret; for (i = 0; i < sc.len ; i++) parse_pkcs12_type(context, c, &sc.val[i].bagId, sc.val[i].bagValue.data, sc.val[i].bagValue.length, sc.val[i].bagAttributes); free_PKCS12_SafeContents(&sc); return 0;}static intsafeContent_parser(hx509_context context, struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs){ heim_octet_string os; int ret; ret = decode_PKCS12_OctetString(data, length, &os, NULL); if (ret) return ret; ret = parse_safe_content(context, c, os.data, os.length); der_free_octet_string(&os); return ret;}static intencryptedData_parser(hx509_context context, struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs){ heim_octet_string content; heim_oid contentType; int ret; memset(&contentType, 0, sizeof(contentType)); ret = hx509_cms_decrypt_encrypted(context, _hx509_collector_get_lock(c), data, length, &contentType, &content); if (ret) return ret; if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) ret = parse_safe_content(context, c, content.data, content.length); der_free_octet_string(&content); der_free_oid(&contentType); return ret;}static intenvelopedData_parser(hx509_context context, struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs){ heim_octet_string content; heim_oid contentType; hx509_lock lock; int ret; memset(&contentType, 0, sizeof(contentType)); lock = _hx509_collector_get_lock(c); ret = hx509_cms_unenvelope(context, _hx509_lock_unlock_certs(lock), 0, data, length, NULL, &contentType, &content); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "PKCS12 failed to unenvelope"); return ret; } if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) ret = parse_safe_content(context, c, content.data, content.length); der_free_octet_string(&content); der_free_oid(&contentType); return ret;}struct type bagtypes[] = { { oid_id_pkcs12_keyBag, keyBag_parser }, { oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser }, { oid_id_pkcs12_certBag, certBag_parser }, { oid_id_pkcs7_data, safeContent_parser }, { oid_id_pkcs7_encryptedData, encryptedData_parser }, { oid_id_pkcs7_envelopedData, envelopedData_parser }};static voidparse_pkcs12_type(hx509_context context, struct hx509_collector *c, const heim_oid *oid, const void *data, size_t length, const PKCS12_Attributes *attrs){ int i; for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) if (der_heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0) (*bagtypes[i].func)(context, c, data, length, attrs);}static intp12_init(hx509_context context, hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock){ struct ks_pkcs12 *p12; size_t len; void *buf; PKCS12_PFX pfx; PKCS12_AuthenticatedSafe as; int ret, i; struct hx509_collector *c; *data = NULL; if (lock == NULL) lock = _hx509_empty_lock; ret = _hx509_collector_alloc(context, lock, &c); if (ret) return ret; p12 = calloc(1, sizeof(*p12)); if (p12 == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } p12->fn = strdup(residue); if (p12->fn == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -