📄 cert.c
字号:
/* * Copyright (c) 2004 - 2007 Kungliga Tekniska H鰃skolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */#include "hx_locl.h"RCSID("$Id: cert.c 22583 2008-02-11 20:46:21Z lha $");#include "crypto-headers.h"#include <rtbl.h>/** * @page page_cert The basic certificate * * The basic hx509 cerificate object in hx509 is hx509_cert. The * hx509_cert object is representing one X509/PKIX certificate and * associated attributes; like private key, friendly name, etc. * * A hx509_cert object is usully found via the keyset interfaces (@ref * page_keyset), but its also possible to create a certificate * directly from a parsed object with hx509_cert_init() and * hx509_cert_init_data(). * * See the library functions here: @ref hx509_cert */struct hx509_verify_ctx_data { hx509_certs trust_anchors; int flags;#define HX509_VERIFY_CTX_F_TIME_SET 1#define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE 2#define HX509_VERIFY_CTX_F_REQUIRE_RFC3280 4#define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS 8#define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS 16 time_t time_now; unsigned int max_depth;#define HX509_VERIFY_MAX_DEPTH 30 hx509_revoke_ctx revoke_ctx;};#define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280)#define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS)#define ALLOW_DEF_TA(ctx) (((ctx)->flags & HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS) == 0)struct _hx509_cert_attrs { size_t len; hx509_cert_attribute *val;};struct hx509_cert_data { unsigned int ref; char *friendlyname; Certificate *data; hx509_private_key private_key; struct _hx509_cert_attrs attrs; hx509_name basename; _hx509_cert_release_func release; void *ctx;};typedef struct hx509_name_constraints { NameConstraints *val; size_t len;} hx509_name_constraints;#define GeneralSubtrees_SET(g,var) \ (g)->len = (var)->len, (g)->val = (var)->val;/** * Creates a hx509 context that most functions in the library * uses. The context is only allowed to be used by one thread at each * moment. Free the context with hx509_context_free(). * * @param context Returns a pointer to new hx509 context. * * @return Returns an hx509 error code. * * @ingroup hx509 */inthx509_context_init(hx509_context *context){ *context = calloc(1, sizeof(**context)); if (*context == NULL) return ENOMEM; _hx509_ks_null_register(*context); _hx509_ks_mem_register(*context); _hx509_ks_file_register(*context); _hx509_ks_pkcs12_register(*context); _hx509_ks_pkcs11_register(*context); _hx509_ks_dir_register(*context); _hx509_ks_keychain_register(*context); ENGINE_add_conf_module(); OpenSSL_add_all_algorithms(); (*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF; initialize_hx_error_table_r(&(*context)->et_list); initialize_asn1_error_table_r(&(*context)->et_list);#ifdef HX509_DEFAULT_ANCHORS (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0, NULL, &(*context)->default_trust_anchors);#endif return 0;}/** * Selects if the hx509_revoke_verify() function is going to require * the existans of a revokation method (OSCP, CRL) or not. Note that * hx509_verify_path(), hx509_cms_verify_signed(), and other function * call hx509_revoke_verify(). * * @param context hx509 context to change the flag for. * @param flag zero, revokation method required, non zero missing * revokation method ok * * @ingroup hx509_verify */voidhx509_context_set_missing_revoke(hx509_context context, int flag){ if (flag) context->flags |= HX509_CTX_VERIFY_MISSING_OK; else context->flags &= ~HX509_CTX_VERIFY_MISSING_OK;}/** * Free the context allocated by hx509_context_init(). * * @param context context to be freed. * * @ingroup hx509 */voidhx509_context_free(hx509_context *context){ hx509_clear_error_string(*context); if ((*context)->ks_ops) { free((*context)->ks_ops); (*context)->ks_ops = NULL; } (*context)->ks_num_ops = 0; free_error_table ((*context)->et_list); if ((*context)->querystat) free((*context)->querystat); memset(*context, 0, sizeof(**context)); free(*context); *context = NULL;}/* * */Certificate *_hx509_get_cert(hx509_cert cert){ return cert->data;}/* * */int_hx509_cert_get_version(const Certificate *t){ return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1;}/** * Allocate and init an hx509 certificate object from the decoded * certificate `c⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -