📄 dn.c
字号:
typedef struct {
BUFFER_FIXED( labelLen ) \
const char *label;
BUFFER_FIXED( textLen ) \
const char *text;
int labelLen, textLen; /* DN component label and value */
BOOLEAN isContinued; /* Whether further AVAs in this RDN */
} DN_STRING_INFO;
#define MAX_DNSTRING_COMPONENTS 64
CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1, 2 ) ) \
static BOOLEAN parseDNString( INOUT_ARRAY( MAX_DNSTRING_COMPONENTS + 1 ) \
DN_STRING_INFO *dnStringInfo,
IN_BUFFER( stringLength ) const char *string,
IN_LENGTH_ATTRIBUTE const int stringLength )
{
int stringPos = 0, stringInfoIndex = 0, i;
assert( isWritePtr( dnStringInfo, sizeof( DN_STRING_INFO ) * \
( MAX_DNSTRING_COMPONENTS + 1 ) ) );
assert( isReadPtr( string, stringLength ) );
REQUIRES( stringLength > 0 && stringLength <= MAX_ATTRIBUTE_SIZE );
memset( dnStringInfo, 0,
sizeof( DN_STRING_INFO ) * ( MAX_DNSTRING_COMPONENTS + 1 ) );
/* Make sure that there are no control characters in the string */
for( i = 0; i < stringLength; i++ )
{
if( ( string[ i ] & 0x7F ) < ' ' )
return( FALSE );
}
/* Verify that a DN string is of the form:
dnString ::= assignment '\0' | assignment ',' assignment
assignment ::= label '=' text */
do
{
DN_STRING_INFO *dnStringInfoPtr = &dnStringInfo[ stringInfoIndex ];
/* Check for label '=' ... */
for( i = stringPos; i < stringLength; i++ )
{
const int ch = string[ i ];
if( ch == '\\' )
return( FALSE );/* No escapes in the label component */
if( ch == '=' || ch == ',' || ch == '+' )
break;
}
if( i <= stringPos || i >= stringLength || \
string[ i ] == ',' || string[ i ] == '+' )
return( FALSE ); /* No text or no '=' or spurious ',' */
dnStringInfoPtr->label = string + stringPos;
dnStringInfoPtr->labelLen = i - stringPos;
stringPos = i + 1; /* Skip text + '=' */
/* Check for ... text { '\0' | ',' ... | '+' ... } */
for( i = stringPos;
i < stringLength && \
!( string[ i - 1 ] != '\\' && \
( string[ i ] == ',' || string[ i ] == '+' || \
string[ i ] == '=' ) ); i++ );
if( i <= stringPos || string[ i ] == '=' )
return( FALSE ); /* No text or spurious '=' */
dnStringInfoPtr->text = string + stringPos;
dnStringInfoPtr->textLen = i - stringPos;
dnStringInfoPtr->isContinued = ( i < stringLength && \
string[ i ] == '+' ) ? TRUE : FALSE;
stringPos = i; /* Skip text + optional ',' */
if( stringPos != stringLength && ++stringPos >= stringLength )
/* Trailing ',' */
return( FALSE );
/* Strip leading and trailing whitespace on the label and text */
for( i = 0; i < dnStringInfoPtr->labelLen && \
dnStringInfoPtr->label[ i ] == ' '; i++ );
dnStringInfoPtr->label += i;
dnStringInfoPtr->labelLen -= i;
for( i = dnStringInfoPtr->labelLen; i > 0 && \
dnStringInfoPtr->label[ i - 1 ] == ' '; i-- );
dnStringInfoPtr->labelLen = i;
for( i = 0; i < dnStringInfoPtr->textLen && \
dnStringInfoPtr->text[ i ] == ' '; i++ );
dnStringInfoPtr->text += i;
dnStringInfoPtr->textLen -= i;
for( i = dnStringInfoPtr->textLen; i > 0 && \
dnStringInfoPtr->text[ i - 1 ] == ' '; i-- );
dnStringInfoPtr->textLen = i;
if( dnStringInfoPtr->labelLen <= 0 || dnStringInfoPtr->textLen <= 0 )
return( FALSE );
if( ++stringInfoIndex >= MAX_DNSTRING_COMPONENTS )
return( FALSE );
}
while( stringPos < stringLength );
return( TRUE );
}
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int readDNstring( INOUT_PTR void **dnComponentListPtrPtr,
IN_BUFFER( stringLength ) const char *string,
IN_LENGTH_ATTRIBUTE const int stringLength )
{
DN_STRING_INFO dnStringInfo[ MAX_DNSTRING_COMPONENTS + 1 + 8 ];
DN_COMPONENT *dnComponentPtr;
int stringInfoIndex;
assert( isWritePtr( dnComponentListPtrPtr, sizeof( DN_COMPONENT * ) ) );
assert( isReadPtr( string, stringLength ) );
REQUIRES( stringLength > 0 && stringLength <= MAX_ATTRIBUTE_SIZE );
/* We have to perform the text string to DN translation in two stages
thanks to the backwards encoding required by RFC 1779, first we parse
it forwards to separate out the RDN components, then we move through
the parsed information backwards adding it to the RDN (with special
handling for multi-AVA RDNs as for writeDNstring()). Overall this
isn't so bad because it means that we can perform a general firewall
check to make sure that the DN string is well-formed and then leave
the encoding as a separate pass */
if( !parseDNString( dnStringInfo, string, stringLength ) )
return( CRYPT_ARGERROR_STR1 );
/* Find the end of the DN components */
for( stringInfoIndex = 0;
dnStringInfo[ stringInfoIndex + 1 ].label != NULL && \
stringInfoIndex < MAX_DNSTRING_COMPONENTS;
stringInfoIndex++ );
ENSURES( stringInfoIndex < MAX_DNSTRING_COMPONENTS );
do
{
const DN_STRING_INFO *dnStringInfoPtr;
BOOLEAN isContinued;
int iterationCount = 0;
/* Find the start of the RDN */
while( stringInfoIndex > 0 && \
dnStringInfo[ stringInfoIndex - 1 ].isContinued )
stringInfoIndex--;
dnStringInfoPtr = &dnStringInfo[ stringInfoIndex ];
do
{
CRYPT_ERRTYPE_TYPE dummy;
const DN_COMPONENT_INFO *dnComponentInfo = NULL;
BYTE textBuffer[ MAX_ATTRIBUTE_SIZE + 1 + 8 ];
CRYPT_ATTRIBUTE_TYPE type;
int i, textIndex = 0, status;
/* Look up the DN component information */
for( i = 0; certInfoOIDs[ i ].oid != NULL && \
i < FAILSAFE_ARRAYSIZE( certInfoOIDs, DN_COMPONENT_INFO );
i++ )
{
if( ( strlen( certInfoOIDs[ i ].name ) == \
dnStringInfoPtr->labelLen && \
!strCompare( certInfoOIDs[ i ].name, dnStringInfoPtr->label,
dnStringInfoPtr->labelLen ) ) || \
( certInfoOIDs[ i ].altName != NULL && \
strlen( certInfoOIDs[ i ].altName ) == \
dnStringInfoPtr->labelLen && \
!strCompare( certInfoOIDs[ i ].altName, dnStringInfoPtr->label,
dnStringInfoPtr->labelLen ) ) )
{
dnComponentInfo = &certInfoOIDs[ i ];
break;
}
}
ENSURES( i < FAILSAFE_ARRAYSIZE( certInfoOIDs, DN_COMPONENT_INFO ) );
if( dnComponentInfo == NULL )
return( CRYPT_ARGERROR_STR1 );
type = dnComponentInfo->type;
/* Convert the text to canonical form, removing any escapes for
special characters */
for( i = 0; i < dnStringInfoPtr->textLen; i++ )
{
int ch = dnStringInfoPtr->text[ i ];
if( ch == '\\' )
{
if( ++i >= dnStringInfoPtr->textLen )
return( CRYPT_ARGERROR_STR1 );
ch = dnStringInfoPtr->text[ i ];
}
textBuffer[ textIndex++ ] = ch;
}
/* Add the AVA to the DN */
if( type == CRYPT_CERTINFO_COUNTRYNAME )
{
/* If it's a country code, force it to uppercase as per ISO 3166 */
if( textIndex != 2 )
return( CRYPT_ARGERROR_STR1 );
textBuffer[ 0 ] = toUpper( textBuffer[ 0 ] );
textBuffer[ 1 ] = toUpper( textBuffer[ 1 ] );
status = insertDNstring( ( DN_COMPONENT ** ) dnComponentListPtrPtr,
type, textBuffer, 2,
( dnStringInfoPtr->isContinued ) ? \
DN_FLAG_CONTINUED | DN_FLAG_NOCHECK : \
DN_FLAG_NOCHECK, &dummy );
}
else
{
status = insertDNstring( ( DN_COMPONENT ** ) dnComponentListPtrPtr,
type, textBuffer, textIndex,
( dnStringInfoPtr->isContinued ) ? \
DN_FLAG_CONTINUED | DN_FLAG_NOCHECK :
DN_FLAG_NOCHECK, &dummy );
}
if( cryptStatusError( status ) )
{
deleteDN( dnComponentListPtrPtr );
return( status );
}
/* Move on to the next AVA */
isContinued = dnStringInfoPtr->isContinued;
dnStringInfoPtr++;
}
while( isContinued && iterationCount++ < FAILSAFE_ITERATIONS_LARGE );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
}
while( --stringInfoIndex >= 0 );
/* We're done, lock the DN against further updates */
for( dnComponentPtr = *dnComponentListPtrPtr; dnComponentPtr != NULL;
dnComponentPtr = dnComponentPtr->next )
dnComponentPtr->flags |= DN_FLAG_LOCKED;
return( CRYPT_OK );
}
/* Write a DN in string form */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int writeDNstring( INOUT STREAM *stream,
IN_OPT const void *dnComponentList )
{
const DN_COMPONENT *dnComponentPtr = dnComponentList;
int iterationCount, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( dnComponentList == NULL || \
isReadPtr( dnComponentList, sizeof( DN_COMPONENT ) ) );
/* If it's an empty DN there's nothing to write */
if( dnComponentPtr == NULL )
return( CRYPT_OK );
/* Find the end of the DN string. We have to print the RDNs backwards
because of ISODE's JANET memorial backwards encoding */
for( iterationCount = 0;
dnComponentPtr->next != NULL && \
iterationCount < FAILSAFE_ITERATIONS_MED;
dnComponentPtr = dnComponentPtr->next, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
do
{
const DN_COMPONENT *dnComponentCursor;
BOOLEAN isContinued;
/* Find the start of the RDN */
for( iterationCount = 0;
dnComponentPtr->prev != NULL && \
( dnComponentPtr->prev->flags & DN_FLAG_CONTINUED ) && \
iterationCount < FAILSAFE_ITERATIONS_MED;
dnComponentPtr = dnComponentPtr->prev, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
dnComponentCursor = dnComponentPtr;
dnComponentPtr = dnComponentPtr->prev;
/* Print the current RDN */
for( isContinued = TRUE, status = CRYPT_OK, iterationCount = 0;
isContinued && cryptStatusOK( status ) && \
iterationCount < FAILSAFE_ITERATIONS_MAX;
iterationCount++ )
{
const DN_COMPONENT_INFO *componentInfoPtr = \
dnComponentCursor->typeInfo;
int i;
/* Print the current AVA */
swrite( stream, componentInfoPtr->name,
strlen( componentInfoPtr->name ) );
status = sputc( stream, '=' );
for( i = 0; cryptStatusOK( status ) && \
i < dnComponentCursor->valueLength; i++ )
{
const int ch = ( ( BYTE * ) dnComponentCursor->value )[ i ];
if( ch == ',' || ch == '=' || ch == '+' || ch == ';' || \
ch == '\\' || ch == '"' )
sputc( stream, '\\' );
status = sputc( stream, ch );
}
if( cryptStatusError( status ) )
return( status );
/* If there are more AVAs in this RDN print a continuation
indicator and move on to the next AVA */
isContinued = ( dnComponentCursor->flags & DN_FLAG_CONTINUED ) ? \
TRUE : FALSE;
if( isContinued )
{
status = swrite( stream, " + ", 3 );
dnComponentCursor = dnComponentCursor->next;
}
}
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MAX );
if( cryptStatusError( status ) )
return( status );
/* If there are more components to come, print an RDN separator */
if( dnComponentPtr != NULL )
{
status = swrite( stream, ", ", 2 );
if( cryptStatusError( status ) )
return( status );
}
}
while( dnComponentPtr != NULL );
return( CRYPT_OK );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -