📄 cryptcrt.c
字号:
initSelectionInfo( certInfoPtr );
/* Return the certificate info pointer */
*certInfoPtrPtr = certInfoPtr;
return( iCertificate );
}
/* Create a certificate */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int createCertificate( INOUT MESSAGE_CREATEOBJECT_INFO *createInfo,
STDC_UNUSED const void *auxDataPtr,
STDC_UNUSED const int auxValue )
{
CRYPT_CERTIFICATE iCertificate;
CERT_INFO *certInfoPtr;
int status;
assert( isWritePtr( createInfo, sizeof( MESSAGE_CREATEOBJECT_INFO ) ) );
REQUIRES( auxDataPtr == NULL && auxValue == 0 );
REQUIRES( createInfo->arg1 > CRYPT_CERTTYPE_NONE && \
createInfo->arg1 < CRYPT_CERTTYPE_LAST );
REQUIRES( createInfo->arg2 == 0 && createInfo->strArg1 == NULL && \
createInfo->strArgLen1 == 0 );
/* Pass the call on to the lower-level open function */
status = createCertificateInfo( &certInfoPtr, createInfo->cryptOwner,
createInfo->arg1 );
if( cryptStatusError( status ) )
return( status );
iCertificate = status;
/* We've finished setting up the object-type-specific info, tell the
kernel that the object is ready for use */
status = krnlSendMessage( iCertificate, IMESSAGE_SETATTRIBUTE,
MESSAGE_VALUE_OK, CRYPT_IATTRIBUTE_STATUS );
if( cryptStatusOK( status ) )
createInfo->cryptHandle = iCertificate;
return( status );
}
/* Create a certificate by instantiating it from its encoded form */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int createCertificateIndirect( INOUT MESSAGE_CREATEOBJECT_INFO *createInfo,
STDC_UNUSED const void *auxDataPtr,
STDC_UNUSED const int auxValue )
{
CRYPT_CERTIFICATE iCertificate;
int status;
assert( isWritePtr( createInfo, sizeof( MESSAGE_CREATEOBJECT_INFO ) ) );
assert( auxDataPtr == NULL && auxValue == 0 );
assert( createInfo->arg1 >= CRYPT_CERTTYPE_NONE && \
createInfo->arg1 < CRYPT_CERTTYPE_LAST );
assert( createInfo->strArg1 != NULL );
assert( createInfo->strArgLen1 > 16 && \
createInfo->strArgLen1 < MAX_INTLENGTH );
/* May be CMS attribute (short) or a mega-CRL (long ) */
assert( ( createInfo->arg2 == 0 && createInfo->strArg2 == NULL && \
createInfo->strArgLen2 == 0 ) || \
( ( createInfo->arg2 == CRYPT_IKEYID_KEYID || \
createInfo->arg2 == CRYPT_IKEYID_ISSUERANDSERIALNUMBER ) && \
createInfo->strArg2 != NULL && \
createInfo->strArgLen2 > 2 && \
createInfo->strArgLen2 < MAX_INTLENGTH_SHORT ) );
/* Pass the call through to the low-level import function */
status = importCert( createInfo->strArg1, createInfo->strArgLen1,
&iCertificate, createInfo->cryptOwner,
createInfo->arg2, createInfo->strArg2,
createInfo->strArgLen2, createInfo->arg1 );
if( cryptStatusOK( status ) )
createInfo->cryptHandle = iCertificate;
return( status );
}
/* Generic management function for this class of object */
CHECK_RETVAL \
int certManagementFunction( IN_ENUM( MANAGEMENT_ACTION ) \
const MANAGEMENT_ACTION_TYPE action )
{
REQUIRES( action == MANAGEMENT_ACTION_PRE_INIT );
switch( action )
{
case MANAGEMENT_ACTION_PRE_INIT:
if( !checkExtensionTables() )
retIntError();
return( CRYPT_OK );
}
retIntError();
}
/****************************************************************************
* *
* Certificate Extension Blob Functions *
* *
****************************************************************************/
/* Get/add/delete certificate attributes */
C_NONNULL_ARG( ( 2, 3, 6 ) ) \
C_RET cryptGetCertExtension( C_IN CRYPT_CERTIFICATE certificate,
C_IN char C_PTR oid,
C_OUT int C_PTR criticalFlag,
C_OUT_OPT void C_PTR extension,
C_IN int extensionMaxLength,
C_OUT int C_PTR extensionLength )
{
CERT_INFO *certInfoPtr;
ATTRIBUTE_LIST *attributeListPtr;
BYTE binaryOID[ MAX_OID_SIZE + 8 ];
#ifdef EBCDIC_CHARS
char asciiOID[ CRYPT_MAX_TEXTSIZE + 1 + 8 ];
#endif /* EBCDIC_CHARS */
int binaryOidLen, value, status;
/* Perform basic parameter error checking */
if( !isReadPtr( oid, MIN_ASCII_OIDSIZE ) )
return( CRYPT_ERROR_PARAM2 );
if( !isWritePtr( criticalFlag, sizeof( int ) ) )
return( CRYPT_ERROR_PARAM3 );
*criticalFlag = CRYPT_ERROR;
if( extension != NULL )
{
if( extensionMaxLength <= 4 || \
extensionMaxLength >= MAX_INTLENGTH_SHORT )
return( CRYPT_ERROR_PARAM5 );
if( !isWritePtr( extension, extensionMaxLength ) )
return( CRYPT_ERROR_PARAM4 );
memset( extension, 0, min( 16, extensionMaxLength ) );
}
if( !isWritePtr( extensionLength, sizeof( int ) ) )
return( CRYPT_ERROR_PARAM6 );
*extensionLength = 0;
if( strlen( oid ) < MIN_ASCII_OIDSIZE || \
strlen( oid ) > CRYPT_MAX_TEXTSIZE )
return( CRYPT_ERROR_PARAM2 );
#ifdef EBCDIC_CHARS
strlcpy_s( asciiOID, CRYPT_MAX_TEXTSIZE, oid );
ebcdicToAscii( asciiOID, asciiOID, strlen( asciiOID ) );
if( cryptStatusError( textToOID( asciiOID, strlen( asciiOID ),
binaryOID, MAX_OID_SIZE, &binaryOidLen ) )
return( CRYPT_ERROR_PARAM2 );
#else
if( cryptStatusError( textToOID( oid, strlen( oid ), binaryOID,
MAX_OID_SIZE, &binaryOidLen ) ) )
return( CRYPT_ERROR_PARAM2 );
#endif /* EBCDIC_CHARS */
/* Perform object error checking. Normally this is handled by the
kernel, however since this function accesses multiple parameters and
the target isn't a cryptlib attribute we have to handle the access
ourselves here. In order to avoid potential race conditions we
check whether the object is internal twice, once before we lock it
and again afterwards. We perform the check by reading the locked
property attribute, which is always available */
status = krnlSendMessage( certificate, MESSAGE_GETATTRIBUTE,
&value, CRYPT_CERTINFO_CERTTYPE );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_PARAM1 );
status = krnlAcquireObject( certificate, OBJECT_TYPE_CERTIFICATE,
( void ** ) &certInfoPtr,
CRYPT_ERROR_PARAM1 );
if( cryptStatusError( status ) )
return( status );
status = krnlSendMessage( certificate, MESSAGE_GETATTRIBUTE, &value,
CRYPT_PROPERTY_LOCKED );
if( cryptStatusError( status ) )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_PARAM1 );
}
/* Lock the currently selected certificate in a cert chain if
necessary */
if( certInfoPtr->type == CRYPT_CERTTYPE_CERTCHAIN && \
certInfoPtr->cCertCert->chainPos >= 0 )
{
CERT_INFO *certChainInfoPtr;
ENSURES( certInfoPtr->cCertCert->chainPos >= 0 && \
certInfoPtr->cCertCert->chainPos < MAX_CHAINLENGTH );
status = krnlAcquireObject( certInfoPtr->cCertCert->chain[ certInfoPtr->cCertCert->chainPos ],
OBJECT_TYPE_CERTIFICATE,
( void ** ) &certChainInfoPtr,
CRYPT_ERROR_PARAM1 );
krnlReleaseObject( certInfoPtr->objectHandle );
if( cryptStatusError( status ) )
return( status );
certInfoPtr = certChainInfoPtr;
}
/* Locate the attribute identified by the OID and get its information */
attributeListPtr = findAttributeByOID( certInfoPtr->attributes,
binaryOID, binaryOidLen );
if( attributeListPtr == NULL )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_NOTFOUND );
}
*criticalFlag = ( attributeListPtr->flags & ATTR_FLAG_CRITICAL ) ? \
TRUE : FALSE;
status = attributeCopyParams( extension, extensionMaxLength,
extensionLength, attributeListPtr->value,
attributeListPtr->valueLength );
krnlReleaseObject( certInfoPtr->objectHandle );
return( status );
}
C_RET cryptAddCertExtension( C_IN CRYPT_CERTIFICATE certificate,
C_IN char C_PTR oid, C_IN int criticalFlag,
C_IN void C_PTR extension,
C_IN int extensionLength )
{
CERT_INFO *certInfoPtr;
BYTE binaryOID[ MAX_OID_SIZE + 8 ];
#ifdef EBCDIC_CHARS
char asciiOID[ CRYPT_MAX_TEXTSIZE + 1 + 8 ];
#endif /* EBCDIC_CHARS */
int binaryOidLen, value, status;
/* Perform basic parameter error checking */
if( !isReadPtr( oid, MIN_ASCII_OIDSIZE ) )
return( CRYPT_ERROR_PARAM2 );
if( extensionLength <= 4 || extensionLength > MAX_ATTRIBUTE_SIZE )
return( CRYPT_ERROR_PARAM5 );
if( !isReadPtr( extension, extensionLength ) || \
cryptStatusError( checkObjectEncoding( extension, \
extensionLength ) ) )
return( CRYPT_ERROR_PARAM4 );
if( strlen( oid ) < MIN_ASCII_OIDSIZE || \
strlen( oid ) > CRYPT_MAX_TEXTSIZE )
return( CRYPT_ERROR_PARAM2 );
#ifdef EBCDIC_CHARS
strlcpy_s( asciiOID, CRYPT_MAX_TEXTSIZE, oid );
ebcdicToAscii( asciiOID, asciiOID, strlen( asciiOID ) );
if( cryptStatusError( textToOID( asciiOID, strlen( asciiOID ),
binaryOID, MAX_OID_SIZE, &binaryOidLen ) ) )
return( CRYPT_ERROR_PARAM2 );
#else
if( cryptStatusError( textToOID( oid, strlen( oid ), binaryOID,
MAX_OID_SIZE, &binaryOidLen ) ) )
return( CRYPT_ERROR_PARAM2 );
#endif /* EBCDIC_CHARS */
/* Perform object error checking. Normally this is handled by the
kernel, however since this function accesses multiple parameters and
the target isn't a cryptlib attribute we have to handle the access
ourselves here. In order to avoid potential race conditions we
check whether the object is internal twice, once before we lock it
and again afterwards. We perform the check by reading the locked
property attribute, which is always available */
status = krnlSendMessage( certificate, MESSAGE_GETATTRIBUTE,
&value, CRYPT_CERTINFO_CERTTYPE );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_PARAM1 );
status = krnlAcquireObject( certificate, OBJECT_TYPE_CERTIFICATE,
( void ** ) &certInfoPtr,
CRYPT_ERROR_PARAM1 );
if( cryptStatusError( status ) )
return( status );
status = krnlSendMessage( certificate, MESSAGE_GETATTRIBUTE, &value,
CRYPT_PROPERTY_LOCKED );
if( cryptStatusError( status ) )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_PARAM1 );
}
if( certInfoPtr->certificate != NULL || \
( certInfoPtr->type == CRYPT_CERTTYPE_CERTCHAIN && \
certInfoPtr->cCertCert->chainPos >= 0 ) )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_PERMISSION );
}
if( certInfoPtr->type == CRYPT_CERTTYPE_CMS_ATTRIBUTES && \
criticalFlag != CRYPT_UNUSED )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_PARAM3 );
}
/* Add the attribute to the certificate */
status = addAttribute( \
( certInfoPtr->type == CRYPT_CERTTYPE_CMS_ATTRIBUTES ) ? \
ATTRIBUTE_CMS : ATTRIBUTE_CERTIFICATE,
&certInfoPtr->attributes, binaryOID, binaryOidLen,
( certInfoPtr->type == CRYPT_CERTTYPE_CMS_ATTRIBUTES ) ? \
FALSE : criticalFlag,
extension, extensionLength, ATTR_FLAG_NONE );
if( status == CRYPT_ERROR_INITED )
{
/* If the attribute is already present, set error information for it.
We can't set an error locus since it's an unknown blob */
setErrorInfo( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
CRYPT_ERRTYPE_ATTR_PRESENT );
}
krnlReleaseObject( certInfoPtr->objectHandle );
return( status );
}
C_RET cryptDeleteCertExtension( C_IN CRYPT_CERTIFICATE certificate,
C_IN char C_PTR oid )
{
CERT_INFO *certInfoPtr;
ATTRIBUTE_LIST *attributeListPtr;
BYTE binaryOID[ MAX_OID_SIZE + 8 ];
#ifdef EBCDIC_CHARS
char asciiOID[ CRYPT_MAX_TEXTSIZE + 1 + 8 ];
#endif /* EBCDIC_CHARS */
int binaryOidLen, value, status;
/* Perform basic parameter error checking */
if( !isReadPtr( oid, MIN_ASCII_OIDSIZE ) )
return( CRYPT_ERROR_PARAM2 );
if( strlen( oid ) < MIN_ASCII_OIDSIZE || \
strlen( oid ) > CRYPT_MAX_TEXTSIZE )
return( CRYPT_ERROR_PARAM2 );
#ifdef EBCDIC_CHARS
strlcpy_s( asciiOID, CRYPT_MAX_TEXTSIZE, oid );
ebcdicToAscii( asciiOID, asciiOID, strlen( asciiOID ) );
if( cryptStatusError( textToOID( asciiOID, strlen( asciiOID ),
binaryOID, MAX_OID_SIZE, &binaryOidLen ) ) )
return( CRYPT_ERROR_PARAM2 );
#else
if( cryptStatusError( textToOID( oid, strlen( oid ), binaryOID,
MAX_OID_SIZE, &binaryOidLen ) ) )
return( CRYPT_ERROR_PARAM2 );
#endif /* EBCDIC_CHARS */
/* Perform object error checking. Normally this is handled by the
kernel, however since this function accesses multiple parameters and
the target isn't a cryptlib attribute we have to handle the access
ourselves here. In order to avoid potential race conditions we
check whether the object is internal twice, once before we lock it
and again afterwards. We perform the check by reading the locked
property attribute, which is always available */
status = krnlSendMessage( certificate, MESSAGE_GETATTRIBUTE,
&value, CRYPT_CERTINFO_CERTTYPE );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_PARAM1 );
status = krnlAcquireObject( certificate, OBJECT_TYPE_CERTIFICATE,
( void ** ) &certInfoPtr,
CRYPT_ERROR_PARAM1 );
if( cryptStatusError( status ) )
return( status );
status = krnlSendMessage( certificate, MESSAGE_GETATTRIBUTE, &value,
CRYPT_PROPERTY_LOCKED );
if( cryptStatusError( status ) )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_PARAM1 );
}
if( certInfoPtr->certificate != NULL || \
( certInfoPtr->type == CRYPT_CERTTYPE_CERTCHAIN && \
certInfoPtr->cCertCert->chainPos >= 0 ) )
{
krnlReleaseObject( certInfoPtr->objectHandle );
return( CRYPT_ERROR_PERMISSION );
}
/* Find the attribute identified by the OID and delete it */
attributeListPtr = findAttributeByOID( certInfoPtr->attributes,
binaryOID, binaryOidLen );
if( attributeListPtr == NULL )
status = CRYPT_ERROR_NOTFOUND;
else
deleteAttribute( &certInfoPtr->attributes, NULL, attributeListPtr,
NULL );
krnlReleaseObject( certInfoPtr->objectHandle );
return( status );
}
#endif /* USE_CERTIFICATES */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -