📄 user_attr.c
字号:
if( cryptStatusError( status ) )
return( status );
/* Assemble the trusted certs into the cert chain */
status = enumTrustedCerts( userInfoPtr->trustInfoPtr,
createInfo.cryptHandle, CRYPT_UNUSED );
if( cryptStatusOK( status ) )
*valuePtr = createInfo.cryptHandle;
else
krnlSendNotifier( createInfo.cryptHandle, IMESSAGE_DECREFCOUNT );
return( status );
}
}
/* Anything else has to be a configuration option */
assert( attribute > CRYPT_OPTION_FIRST && \
attribute < CRYPT_OPTION_LAST );
/* A numeric-value get can never fail because we always have default
values present */
return( getOption( userInfoPtr->configOptions, attribute, valuePtr ) );
}
/* Get a string attribute */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int getUserAttributeS( INOUT USER_INFO *userInfoPtr,
INOUT MESSAGE_DATA *msgData,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute )
{
const void *string;
int stringLen, status;
assert( isWritePtr( userInfoPtr, sizeof( USER_INFO ) ) );
assert( isWritePtr( msgData, sizeof( MESSAGE_DATA ) ) );
REQUIRES( isAttribute( attribute ) || \
isInternalAttribute( attribute ) );
/* This can only be a configuration option */
REQUIRES( attribute > CRYPT_OPTION_FIRST && \
attribute < CRYPT_OPTION_LAST );
/* Check whether there's a configuration value of this type present */
status = getOptionString( userInfoPtr->configOptions, attribute,
&string, &stringLen );
if( cryptStatusError( status ) )
return( status );
return( attributeCopy( msgData, string, stringLen ) );
}
/****************************************************************************
* *
* Set Attributes *
* *
****************************************************************************/
/* Set a numeric/boolean attribute */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setUserAttribute( INOUT USER_INFO *userInfoPtr,
IN_INT_Z const int value,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute )
{
int status;
assert( isWritePtr( userInfoPtr, sizeof( USER_INFO ) ) );
REQUIRES( ( attribute == CRYPT_IATTRUBUTE_CERTKEYSET && \
value == CRYPT_UNUSED ) || \
( value >= 0 && value < MAX_INTLENGTH ) );
REQUIRES( isAttribute( attribute ) || \
isInternalAttribute( attribute ) );
switch( attribute )
{
case CRYPT_USERINFO_CAKEY_CERTSIGN:
case CRYPT_USERINFO_CAKEY_CRLSIGN:
case CRYPT_USERINFO_CAKEY_OCSPSIGN:
{
const int requiredKeyUsage = \
( attribute == CRYPT_USERINFO_CAKEY_CERTSIGN ) ? \
CRYPT_KEYUSAGE_KEYCERTSIGN : \
( attribute == CRYPT_USERINFO_CAKEY_CRLSIGN ) ? \
CRYPT_KEYUSAGE_CRLSIGN : \
( CRYPT_KEYUSAGE_DIGITALSIGNATURE | \
CRYPT_KEYUSAGE_NONREPUDIATION );
int attributeValue;
/* Make sure that this key type isn't already present in the
object */
if( userInfoPtr->iCryptContext != CRYPT_UNUSED )
return( exitErrorInited( userInfoPtr, attribute ) );
/* Make sure that we've been given a signing key */
status = krnlSendMessage( value, IMESSAGE_CHECK, NULL,
MESSAGE_CHECK_PKC_SIGN );
if( cryptStatusError( status ) )
return( CRYPT_ARGERROR_NUM1 );
/* Make sure that the object has an initialised cert of the
correct type associated with it */
status = krnlSendMessage( value, IMESSAGE_GETATTRIBUTE,
&attributeValue,
CRYPT_CERTINFO_IMMUTABLE );
if( cryptStatusError( status ) || !attributeValue )
return( CRYPT_ARGERROR_NUM1 );
status = krnlSendMessage( value, IMESSAGE_GETATTRIBUTE,
&attributeValue,
CRYPT_CERTINFO_CERTTYPE );
if( cryptStatusError( status ) ||
( attributeValue != CRYPT_CERTTYPE_CERTIFICATE && \
attributeValue != CRYPT_CERTTYPE_CERTCHAIN ) )
return( CRYPT_ARGERROR_NUM1 );
/* Make sure that the key usage required for this action is
permitted. OCSP is a bit difficult since the key may or may
not have an OCSP extended usage (depending on whether the CA
bothers to set it or not, even if they do they may delegate
the functionality to a short-term generic signing key) and the
signing ability may be indicated by either a digital signature
flag or a nonrepudiation flag depending on whether the CA
considers an OCSP signature to be short or long-term, so we
just check for a generic signing ability */
status = krnlSendMessage( value, IMESSAGE_GETATTRIBUTE,
&attributeValue,
CRYPT_CERTINFO_KEYUSAGE );
if( cryptStatusError( status ) || \
!( attributeValue & requiredKeyUsage ) )
return( CRYPT_ARGERROR_NUM1 );
/*!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*/
/* Save key in the keyset at some point. Also handle get */
/* (gets public key) and delete (removes key), this */
/* functionality is only needed for CA users so is left for */
/* the full implementation of user roles */
/*!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*/
return( status );
}
case CRYPT_IATTRUBUTE_CERTKEYSET:
/* If it's a presence check, handle it specially */
if( value == CRYPT_UNUSED )
return( enumTrustedCerts( userInfoPtr->trustInfoPtr,
CRYPT_UNUSED, CRYPT_UNUSED ) );
/* Send all trusted certs to the keyset */
return( enumTrustedCerts( userInfoPtr->trustInfoPtr,
CRYPT_UNUSED, value ) );
case CRYPT_IATTRIBUTE_CTL:
/* Add the certs via the trust list */
status = addTrustEntry( userInfoPtr->trustInfoPtr,
value, NULL, 0, FALSE );
if( cryptStatusOK( status ) )
userInfoPtr->trustInfoChanged = TRUE;
return( status );
}
/* Anything else has to be a configuration option */
REQUIRES( attribute > CRYPT_OPTION_FIRST && \
attribute < CRYPT_OPTION_LAST );
/* Set the option. If it's not one of the two special options with
side-effects, we're done */
status = setOption( userInfoPtr->configOptions, attribute, value );
if( attribute != CRYPT_OPTION_CONFIGCHANGED && \
attribute != CRYPT_OPTION_SELFTESTOK )
return( status );
/* If there was a problem setting a side-effects option, don't go any
further */
if( status != OK_SPECIAL )
return( status );
/* Complete the processing of the special options */
if( attribute == CRYPT_OPTION_CONFIGCHANGED )
return( twoPhaseConfigUpdate( userInfoPtr, value ) );
return( twoPhaseSelftest( userInfoPtr, value ) );
}
/* Set a string attribute */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int setUserAttributeS( INOUT USER_INFO *userInfoPtr,
IN_BUFFER( dataLength ) const void *data,
IN_LENGTH const int dataLength,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute )
{
assert( isWritePtr( userInfoPtr, sizeof( USER_INFO ) ) );
assert( isReadPtr( data, dataLength ) );
REQUIRES( dataLength > 0 && dataLength < MAX_INTLENGTH );
REQUIRES( isAttribute( attribute ) || \
isInternalAttribute( attribute ) );
switch( attribute )
{
case CRYPT_USERINFO_PASSWORD:
return( setUserPassword( userInfoPtr, data, dataLength ) );
}
/* Anything else has to be a configuration option */
REQUIRES( attribute > CRYPT_OPTION_FIRST && \
attribute < CRYPT_OPTION_LAST );
return( setOptionString( userInfoPtr->configOptions, attribute,
data, dataLength ) );
}
/****************************************************************************
* *
* Delete Attributes *
* *
****************************************************************************/
/* Delete an attribute */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int deleteUserAttribute( INOUT USER_INFO *userInfoPtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute )
{
assert( isWritePtr( userInfoPtr, sizeof( USER_INFO ) ) );
REQUIRES( isAttribute( attribute ) || \
isInternalAttribute( attribute ) );
switch( attribute )
{
case CRYPT_USERINFO_CAKEY_CERTSIGN:
case CRYPT_USERINFO_CAKEY_CRLSIGN:
case CRYPT_USERINFO_CAKEY_OCSPSIGN:
return( CRYPT_ERROR_NOTFOUND );
}
/* Anything else has to be a configuration option */
REQUIRES( attribute > CRYPT_OPTION_FIRST && \
attribute < CRYPT_OPTION_LAST );
return( deleteOption( userInfoPtr->configOptions, attribute ) );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -