aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2008-10-12 21:40:47 +0000
committerChristian Grothoff <christian@grothoff.org>2008-10-12 21:40:47 +0000
commitfd769761a5236eeead5f7895aa5209b1ffad7028 (patch)
tree81e662c3745c806d3bba1e7418bd1abba58a7d93
parent19db7f74f4f6e37dc645f8363fd1259422a01462 (diff)
downloadlibmicrohttpd-fd769761a5236eeead5f7895aa5209b1ffad7028.tar.gz
libmicrohttpd-fd769761a5236eeead5f7895aa5209b1ffad7028.zip
removing dead extension code
Diffstat
-rw-r--r--src/daemon/https/x509/common.c82
-rw-r--r--src/daemon/https/x509/common.h4
-rw-r--r--src/daemon/https/x509/dn.c4
-rw-r--r--src/daemon/https/x509/extensions.c736
-rw-r--r--src/daemon/https/x509/extensions.h30
-rw-r--r--src/daemon/https/x509/sign.c94
-rw-r--r--src/daemon/https/x509/sign.h8
-rw-r--r--src/daemon/https/x509/x509.c1576
-rw-r--r--src/daemon/https/x509/x509.h131
9 files changed, 14 insertions, 2651 deletions
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
index 43da45c9..6e7e0853 100644
--- a/src/daemon/https/x509/common.c
+++ b/src/daemon/https/x509/common.c
@@ -381,7 +381,7 @@ MHD__gnutls_x509_oid_data2string (const char *oid,
381 } 381 }
382 else 382 else
383 { 383 {
384 result = MHD__gnutls_x509_data2hex (str, len, res, res_size); 384 result = MHD__gnutls_x509_data2hex ((const unsigned char*) str, len, (unsigned char*) res, res_size);
385 if (result < 0) 385 if (result < 0)
386 { 386 {
387 MHD_gnutls_assert (); 387 MHD_gnutls_assert ();
@@ -425,8 +425,8 @@ MHD__gnutls_x509_data2hex (const opaque * data,
425 425
426 if (out) 426 if (out)
427 { 427 {
428 strcpy (out, "#"); 428 strcpy ((char*) out, "#");
429 strcat (out, res); 429 strcat ((char*) out, res);
430 } 430 }
431 431
432 return 0; 432 return 0;
@@ -521,7 +521,7 @@ mktime_utc (const struct fake_tm *tm)
521 * month|day|hour|minute|sec* (2 chars each) 521 * month|day|hour|minute|sec* (2 chars each)
522 * and year is given. Returns a time_t date. 522 * and year is given. Returns a time_t date.
523 */ 523 */
524time_t 524static time_t
525MHD__gnutls_x509_time2gtime (const char *ttime, int year) 525MHD__gnutls_x509_time2gtime (const char *ttime, int year)
526{ 526{
527 char xx[3]; 527 char xx[3];
@@ -588,7 +588,7 @@ MHD__gnutls_x509_time2gtime (const char *ttime, int year)
588 * 588 *
589 * (seconds are optional) 589 * (seconds are optional)
590 */ 590 */
591time_t 591static time_t
592MHD__gnutls_x509_utcTime2gtime (const char *ttime) 592MHD__gnutls_x509_utcTime2gtime (const char *ttime)
593{ 593{
594 char xx[3]; 594 char xx[3];
@@ -614,44 +614,11 @@ MHD__gnutls_x509_utcTime2gtime (const char *ttime)
614 return MHD__gnutls_x509_time2gtime (ttime, year); 614 return MHD__gnutls_x509_time2gtime (ttime, year);
615} 615}
616 616
617/* returns a time value that contains the given time.
618 * The given time is expressed as:
619 * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)
620 */
621int
622MHD__gnutls_x509_gtime2utcTime (time_t gtime, char *str_time, int str_time_size)
623{
624 size_t ret;
625
626#ifdef HAVE_GMTIME_R
627 struct tm _tm;
628
629 gmtime_r (&gtime, &_tm);
630
631 ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
632#else
633 struct tm *_tm;
634
635 _tm = gmtime (&gtime);
636
637 ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", _tm);
638#endif
639
640 if (!ret)
641 {
642 MHD_gnutls_assert ();
643 return GNUTLS_E_SHORT_MEMORY_BUFFER;
644 }
645
646 return 0;
647
648}
649
650/* returns a time_t value that contains the given time. 617/* returns a time_t value that contains the given time.
651 * The given time is expressed as: 618 * The given time is expressed as:
652 * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)* 619 * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
653 */ 620 */
654time_t 621static time_t
655MHD__gnutls_x509_generalTime2gtime (const char *ttime) 622MHD__gnutls_x509_generalTime2gtime (const char *ttime)
656{ 623{
657 char xx[5]; 624 char xx[5];
@@ -735,43 +702,6 @@ MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when)
735 return c_time; 702 return c_time;
736} 703}
737 704
738/* Sets the time in time_t in the ASN1_TYPE given. Where should
739 * be something like "tbsCertList.thisUpdate".
740 */
741int
742MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim)
743{
744 char str_time[MAX_TIME];
745 char name[128];
746 int result, len;
747
748 MHD_gtls_str_cpy (name, sizeof (name), where);
749
750 if ((result = MHD__asn1_write_value (c2, name, "utcTime", 1)) < 0)
751 {
752 MHD_gnutls_assert ();
753 return MHD_gtls_asn2err (result);
754 }
755
756 result = MHD__gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time));
757 if (result < 0)
758 {
759 MHD_gnutls_assert ();
760 return result;
761 }
762
763 MHD_gtls_str_cat (name, sizeof (name), ".utcTime");
764
765 len = strlen (str_time);
766 result = MHD__asn1_write_value (c2, name, str_time, len);
767 if (result != ASN1_SUCCESS)
768 {
769 MHD_gnutls_assert ();
770 return MHD_gtls_asn2err (result);
771 }
772
773 return 0;
774}
775 705
776MHD_gnutls_x509_subject_alt_name_t 706MHD_gnutls_x509_subject_alt_name_t
777MHD__gnutls_x509_san_find_type (char *str_type) 707MHD__gnutls_x509_san_find_type (char *str_type)
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
index 059fafe0..0102c5a7 100644
--- a/src/daemon/https/x509/common.h
+++ b/src/daemon/https/x509/common.h
@@ -58,10 +58,6 @@
58#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" 58#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
59#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" 59#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
60 60
61time_t MHD__gnutls_x509_utcTime2gtime (const char *ttime);
62time_t MHD__gnutls_x509_generalTime2gtime (const char *ttime);
63int MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
64
65int MHD__gnutls_x509_decode_octet_string (const char *string_type, 61int MHD__gnutls_x509_decode_octet_string (const char *string_type,
66 const opaque * der, size_t der_size, 62 const opaque * der, size_t der_size,
67 opaque * output, size_t * output_size); 63 opaque * output, size_t * output_size);
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c
index 8dcc458a..eac31f33 100644
--- a/src/daemon/https/x509/dn.c
+++ b/src/daemon/https/x509/dn.c
@@ -273,7 +273,7 @@ MHD__gnutls_x509_parse_dn (ASN1_TYPE MHD__asn1_struct,
273 273
274 if (!printable || result < 0) 274 if (!printable || result < 0)
275 result = 275 result =
276 MHD__gnutls_x509_data2hex (value2, len, string, &sizeof_string); 276 MHD__gnutls_x509_data2hex ((const unsigned char*) value2, len, (unsigned char*) string, &sizeof_string);
277 277
278 if (result < 0) 278 if (result < 0)
279 { 279 {
@@ -477,7 +477,7 @@ MHD__gnutls_x509_parse_dn_oid (ASN1_TYPE MHD__asn1_struct,
477 cbuf, sizeof_buf); 477 cbuf, sizeof_buf);
478 else 478 else
479 result = 479 result =
480 MHD__gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf); 480 MHD__gnutls_x509_data2hex (buf, len, (unsigned char*) cbuf, sizeof_buf);
481 481
482 if (result < 0) 482 if (result < 0)
483 { 483 {
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c
index f22fac36..8bf36000 100644
--- a/src/daemon/https/x509/extensions.c
+++ b/src/daemon/https/x509/extensions.c
@@ -259,191 +259,6 @@ MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
259 } 259 }
260} 260}
261 261
262/* This function will attempt to set the requested extension in
263 * the given X509v3 certificate.
264 *
265 * Critical will be either 0 or 1.
266 */
267static int
268set_extension (ASN1_TYPE asn, const char *extension_id,
269 const MHD_gnutls_datum_t * ext_data, unsigned int critical)
270{
271 int result;
272 const char *str;
273
274 /* Add a new extension in the list.
275 */
276 result = MHD__asn1_write_value (asn, "tbsCertificate.extensions", "NEW", 1);
277 if (result != ASN1_SUCCESS)
278 {
279 MHD_gnutls_assert ();
280 return MHD_gtls_asn2err (result);
281 }
282
283 result =
284 MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.extnID",
285 extension_id, 1);
286 if (result != ASN1_SUCCESS)
287 {
288 MHD_gnutls_assert ();
289 return MHD_gtls_asn2err (result);
290 }
291
292 if (critical == 0)
293 str = "FALSE";
294 else
295 str = "TRUE";
296
297
298 result =
299 MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.critical",
300 str, 1);
301 if (result != ASN1_SUCCESS)
302 {
303 MHD_gnutls_assert ();
304 return MHD_gtls_asn2err (result);
305 }
306
307 result =
308 MHD__gnutls_x509_write_value (asn,
309 "tbsCertificate.extensions.?LAST.extnValue",
310 ext_data, 0);
311 if (result < 0)
312 {
313 MHD_gnutls_assert ();
314 return result;
315 }
316
317 return 0;
318}
319
320/* Overwrite the given extension (using the index)
321 * index here starts from one.
322 */
323static int
324overwrite_extension (ASN1_TYPE asn, unsigned int indx,
325 const MHD_gnutls_datum_t * ext_data, unsigned int critical)
326{
327 char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE];
328 const char *str;
329 int result;
330
331 snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", indx);
332
333 if (critical == 0)
334 str = "FALSE";
335 else
336 str = "TRUE";
337
338 MHD_gtls_str_cpy (name2, sizeof (name2), name);
339 MHD_gtls_str_cat (name2, sizeof (name2), ".critical");
340
341 result = MHD__asn1_write_value (asn, name2, str, 1);
342 if (result != ASN1_SUCCESS)
343 {
344 MHD_gnutls_assert ();
345 return MHD_gtls_asn2err (result);
346 }
347
348 MHD_gtls_str_cpy (name2, sizeof (name2), name);
349 MHD_gtls_str_cat (name2, sizeof (name2), ".extnValue");
350
351 result = MHD__gnutls_x509_write_value (asn, name2, ext_data, 0);
352 if (result < 0)
353 {
354 MHD_gnutls_assert ();
355 return result;
356 }
357
358 return 0;
359}
360
361/* This function will attempt to overwrite the requested extension with
362 * the given one.
363 *
364 * Critical will be either 0 or 1.
365 */
366int
367MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert,
368 const char *ext_id,
369 const MHD_gnutls_datum_t * ext_data,
370 unsigned int critical)
371{
372 int result;
373 int k, len;
374 char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE];
375 char extnID[128];
376
377 /* Find the index of the given extension.
378 */
379 k = 0;
380 do
381 {
382 k++;
383
384 snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", k);
385
386 len = sizeof (extnID) - 1;
387 result = MHD__asn1_read_value (cert->cert, name, extnID, &len);
388
389 /* move to next
390 */
391
392 if (result == ASN1_ELEMENT_NOT_FOUND)
393 {
394 break;
395 }
396
397 do
398 {
399
400 MHD_gtls_str_cpy (name2, sizeof (name2), name);
401 MHD_gtls_str_cat (name2, sizeof (name2), ".extnID");
402
403 len = sizeof (extnID) - 1;
404 result = MHD__asn1_read_value (cert->cert, name2, extnID, &len);
405
406 if (result == ASN1_ELEMENT_NOT_FOUND)
407 {
408 MHD_gnutls_assert ();
409 break;
410 }
411 else if (result != ASN1_SUCCESS)
412 {
413 MHD_gnutls_assert ();
414 return MHD_gtls_asn2err (result);
415 }
416
417 /* Handle Extension
418 */
419 if (strcmp (extnID, ext_id) == 0)
420 {
421 /* extension was found
422 */
423 return overwrite_extension (cert->cert, k, ext_data, critical);
424 }
425
426
427 }
428 while (0);
429 }
430 while (1);
431
432 if (result == ASN1_ELEMENT_NOT_FOUND)
433 {
434 return set_extension (cert->cert, ext_id, ext_data, critical);
435 }
436 else
437 {
438 MHD_gnutls_assert ();
439 return MHD_gtls_asn2err (result);
440 }
441
442
443 return 0;
444}
445
446
447/* Here we only extract the KeyUsage field, from the DER encoded 262/* Here we only extract the KeyUsage field, from the DER encoded
448 * extension. 263 * extension.
449 */ 264 */
@@ -520,7 +335,7 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
520 if (pathLenConstraint) 335 if (pathLenConstraint)
521 { 336 {
522 result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint", 337 result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint",
523 pathLenConstraint); 338 (unsigned int*) pathLenConstraint);
524 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) 339 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
525 *pathLenConstraint = -1; 340 *pathLenConstraint = -1;
526 else if (result != GNUTLS_E_SUCCESS) 341 else if (result != GNUTLS_E_SUCCESS)
@@ -544,552 +359,3 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
544 359
545 return 0; 360 return 0;
546} 361}
547
548/* generate the basicConstraints in a DER encoded extension
549 * Use 0 or 1 (TRUE) for CA.
550 * Use negative values for pathLenConstraint to indicate that the field
551 * should not be present, >= 0 to indicate set values.
552 */
553int
554MHD__gnutls_x509_ext_gen_basicConstraints (int CA,
555 int pathLenConstraint,
556 MHD_gnutls_datum_t * der_ext)
557{
558 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
559 const char *str;
560 int result;
561
562 if (CA == 0)
563 str = "FALSE";
564 else
565 str = "TRUE";
566
567 result =
568 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
569 if (result != ASN1_SUCCESS)
570 {
571 MHD_gnutls_assert ();
572 return MHD_gtls_asn2err (result);
573 }
574
575 result = MHD__asn1_write_value (ext, "cA", str, 1);
576 if (result != ASN1_SUCCESS)
577 {
578 MHD_gnutls_assert ();
579 MHD__asn1_delete_structure (&ext);
580 return MHD_gtls_asn2err (result);
581 }
582
583 if (pathLenConstraint < 0)
584 {
585 result = MHD__asn1_write_value (ext, "pathLenConstraint", NULL, 0);
586 if (result < 0)
587 result = MHD_gtls_asn2err (result);
588 }
589 else
590 result = MHD__gnutls_x509_write_uint32 (ext, "pathLenConstraint",
591 pathLenConstraint);
592 if (result < 0)
593 {
594 MHD_gnutls_assert ();
595 MHD__asn1_delete_structure (&ext);
596 return result;
597 }
598
599 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
600
601 MHD__asn1_delete_structure (&ext);
602
603 if (result < 0)
604 {
605 MHD_gnutls_assert ();
606 return result;
607 }
608
609 return 0;
610}
611
612/* generate the keyUsage in a DER encoded extension
613 * Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
614 */
615int
616MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext)
617{
618 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
619 int result;
620 uint8_t str[2];
621
622 result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
623 if (result != ASN1_SUCCESS)
624 {
625 MHD_gnutls_assert ();
626 return MHD_gtls_asn2err (result);
627 }
628
629 str[0] = usage & 0xff;
630 str[1] = usage >> 8;
631
632 result = MHD__asn1_write_value (ext, "", str, 9);
633 if (result != ASN1_SUCCESS)
634 {
635 MHD_gnutls_assert ();
636 MHD__asn1_delete_structure (&ext);
637 return MHD_gtls_asn2err (result);
638 }
639
640 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
641
642 MHD__asn1_delete_structure (&ext);
643
644 if (result < 0)
645 {
646 MHD_gnutls_assert ();
647 return result;
648 }
649
650 return 0;
651}
652
653static int
654write_new_general_name (ASN1_TYPE ext, const char *ext_name,
655 MHD_gnutls_x509_subject_alt_name_t type,
656 const char *data_string)
657{
658 const char *str;
659 int result;
660 char name[128];
661
662 result = MHD__asn1_write_value (ext, ext_name, "NEW", 1);
663 if (result != ASN1_SUCCESS)
664 {
665 MHD_gnutls_assert ();
666 return MHD_gtls_asn2err (result);
667 }
668
669 switch (type)
670 {
671 case GNUTLS_SAN_DNSNAME:
672 str = "dNSName";
673 break;
674 case GNUTLS_SAN_RFC822NAME:
675 str = "rfc822Name";
676 break;
677 case GNUTLS_SAN_URI:
678 str = "uniformResourceIdentifier";
679 break;
680 case GNUTLS_SAN_IPADDRESS:
681 str = "iPAddress";
682 break;
683 default:
684 MHD_gnutls_assert ();
685 return GNUTLS_E_INTERNAL_ERROR;
686 }
687
688 if (ext_name[0] == 0)
689 { /* no dot */
690 MHD_gtls_str_cpy (name, sizeof (name), "?LAST");
691 }
692 else
693 {
694 MHD_gtls_str_cpy (name, sizeof (name), ext_name);
695 MHD_gtls_str_cat (name, sizeof (name), ".?LAST");
696 }
697
698 result = MHD__asn1_write_value (ext, name, str, 1);
699 if (result != ASN1_SUCCESS)
700 {
701 MHD_gnutls_assert ();
702 return MHD_gtls_asn2err (result);
703 }
704
705 MHD_gtls_str_cat (name, sizeof (name), ".");
706 MHD_gtls_str_cat (name, sizeof (name), str);
707
708 result = MHD__asn1_write_value (ext, name, data_string, strlen (data_string));
709 if (result != ASN1_SUCCESS)
710 {
711 MHD_gnutls_assert ();
712 MHD__asn1_delete_structure (&ext);
713 return MHD_gtls_asn2err (result);
714 }
715
716 return 0;
717}
718
719/* Convert the given name to GeneralNames in a DER encoded extension.
720 * This is the same as subject alternative name.
721 */
722int
723MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t
724 type, const char *data_string,
725 MHD_gnutls_datum_t * der_ext)
726{
727 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
728 int result;
729
730 result =
731 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
732 if (result != ASN1_SUCCESS)
733 {
734 MHD_gnutls_assert ();
735 return MHD_gtls_asn2err (result);
736 }
737
738 result = write_new_general_name (ext, "", type, data_string);
739 if (result < 0)
740 {
741 MHD_gnutls_assert ();
742 MHD__asn1_delete_structure (&ext);
743 return result;
744 }
745
746 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
747
748 MHD__asn1_delete_structure (&ext);
749
750 if (result < 0)
751 {
752 MHD_gnutls_assert ();
753 return result;
754 }
755
756 return 0;
757}
758
759/* generate the SubjectKeyID in a DER encoded extension
760 */
761int
762MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
763 MHD_gnutls_datum_t * der_ext)
764{
765 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
766 int result;
767
768 result =
769 MHD__asn1_create_element (MHD__gnutls_get_pkix (),
770 "PKIX1.SubjectKeyIdentifier", &ext);
771 if (result != ASN1_SUCCESS)
772 {
773 MHD_gnutls_assert ();
774 return MHD_gtls_asn2err (result);
775 }
776
777 result = MHD__asn1_write_value (ext, "", id, id_size);
778 if (result != ASN1_SUCCESS)
779 {
780 MHD_gnutls_assert ();
781 MHD__asn1_delete_structure (&ext);
782 return MHD_gtls_asn2err (result);
783 }
784
785 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
786
787 MHD__asn1_delete_structure (&ext);
788
789 if (result < 0)
790 {
791 MHD_gnutls_assert ();
792 return result;
793 }
794
795 return 0;
796}
797
798/* generate the AuthorityKeyID in a DER encoded extension
799 */
800int
801MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
802 MHD_gnutls_datum_t * der_ext)
803{
804 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
805 int result;
806
807 result =
808 MHD__asn1_create_element (MHD__gnutls_get_pkix (),
809 "PKIX1.AuthorityKeyIdentifier", &ext);
810 if (result != ASN1_SUCCESS)
811 {
812 MHD_gnutls_assert ();
813 return MHD_gtls_asn2err (result);
814 }
815
816 result = MHD__asn1_write_value (ext, "keyIdentifier", id, id_size);
817 if (result != ASN1_SUCCESS)
818 {
819 MHD_gnutls_assert ();
820 MHD__asn1_delete_structure (&ext);
821 return MHD_gtls_asn2err (result);
822 }
823
824 MHD__asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
825 MHD__asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
826
827 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
828
829 MHD__asn1_delete_structure (&ext);
830
831 if (result < 0)
832 {
833 MHD_gnutls_assert ();
834 return result;
835 }
836
837 return 0;
838}
839
840
841/* Creates and encodes the CRL Distribution points. data_string should be a name
842 * and type holds the type of the name.
843 * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
844 *
845 */
846int
847MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t
848 type, const void *data_string,
849 unsigned int reason_flags,
850 MHD_gnutls_datum_t * der_ext)
851{
852 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
853 MHD_gnutls_datum_t gnames = { NULL, 0 };
854 int result;
855 uint8_t reasons[2];
856
857 reasons[0] = reason_flags & 0xff;
858 reasons[1] = reason_flags >> 8;
859
860 result =
861 MHD__asn1_create_element (MHD__gnutls_get_pkix (),
862 "PKIX1.CRLDistributionPoints", &ext);
863 if (result != ASN1_SUCCESS)
864 {
865 MHD_gnutls_assert ();
866 result = MHD_gtls_asn2err (result);
867 goto cleanup;
868 }
869
870 result = MHD__asn1_write_value (ext, "", "NEW", 1);
871 if (result != ASN1_SUCCESS)
872 {
873 MHD_gnutls_assert ();
874 result = MHD_gtls_asn2err (result);
875 goto cleanup;
876 }
877
878 if (reason_flags)
879 {
880 result = MHD__asn1_write_value (ext, "?LAST.reasons", reasons, 9);
881 if (result != ASN1_SUCCESS)
882 {
883 MHD_gnutls_assert ();
884 result = MHD_gtls_asn2err (result);
885 goto cleanup;
886 }
887 }
888 else
889 {
890 result = MHD__asn1_write_value (ext, "?LAST.reasons", NULL, 0);
891 if (result != ASN1_SUCCESS)
892 {
893 MHD_gnutls_assert ();
894 result = MHD_gtls_asn2err (result);
895 goto cleanup;
896 }
897 }
898
899 result = MHD__asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
900 if (result != ASN1_SUCCESS)
901 {
902 MHD_gnutls_assert ();
903 result = MHD_gtls_asn2err (result);
904 goto cleanup;
905 }
906
907 /* When used as type CHOICE.
908 */
909 result = MHD__asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
910 if (result != ASN1_SUCCESS)
911 {
912 MHD_gnutls_assert ();
913 result = MHD_gtls_asn2err (result);
914 goto cleanup;
915 }
916
917#if 0
918 /* only needed in old code (where defined as SEQUENCE OF) */
919 MHD__asn1_write_value (ext,
920 "?LAST.distributionPoint.nameRelativeToCRLIssuer",
921 NULL, 0);
922#endif
923
924 result =
925 write_new_general_name (ext, "?LAST.distributionPoint.fullName",
926 type, data_string);
927 if (result < 0)
928 {
929 MHD_gnutls_assert ();
930 goto cleanup;
931 }
932
933 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
934
935 if (result < 0)
936 {
937 MHD_gnutls_assert ();
938 goto cleanup;
939 }
940
941 result = 0;
942
943cleanup:
944 MHD__gnutls_free_datum (&gnames);
945 MHD__asn1_delete_structure (&ext);
946
947 return result;
948}
949
950/* extract the proxyCertInfo from the DER encoded extension
951 */
952int
953MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
954 char **policyLanguage,
955 char **policy,
956 size_t * sizeof_policy,
957 opaque * extnValue, int extnValueLen)
958{
959 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
960 int result;
961 MHD_gnutls_datum_t value;
962
963 if ((result = MHD__asn1_create_element
964 (MHD__gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
965 {
966 MHD_gnutls_assert ();
967 return MHD_gtls_asn2err (result);
968 }
969
970 result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
971 if (result != ASN1_SUCCESS)
972 {
973 MHD_gnutls_assert ();
974 MHD__asn1_delete_structure (&ext);
975 return MHD_gtls_asn2err (result);
976 }
977
978 if (pathLenConstraint)
979 {
980 result = MHD__gnutls_x509_read_uint (ext, "pCPathLenConstraint",
981 pathLenConstraint);
982 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
983 *pathLenConstraint = -1;
984 else if (result != GNUTLS_E_SUCCESS)
985 {
986 MHD__asn1_delete_structure (&ext);
987 return MHD_gtls_asn2err (result);
988 }
989 }
990
991 result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
992 &value, 0);
993 if (result < 0)
994 {
995 MHD_gnutls_assert ();
996 MHD__asn1_delete_structure (&ext);
997 return result;
998 }
999
1000 if (policyLanguage)
1001 *policyLanguage = MHD_gnutls_strdup (value.data);
1002
1003 result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policy", &value, 0);
1004 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
1005 {
1006 if (policy)
1007 *policy = NULL;
1008 if (sizeof_policy)
1009 *sizeof_policy = 0;
1010 }
1011 else if (result < 0)
1012 {
1013 MHD_gnutls_assert ();
1014 MHD__asn1_delete_structure (&ext);
1015 return result;
1016 }
1017 else
1018 {
1019 if (policy)
1020 *policy = value.data;
1021 if (sizeof_policy)
1022 *sizeof_policy = value.size;
1023 }
1024
1025 MHD__asn1_delete_structure (&ext);
1026
1027 return 0;
1028}
1029
1030/* generate the proxyCertInfo in a DER encoded extension
1031 */
1032int
1033MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
1034 const char *policyLanguage,
1035 const char *policy,
1036 size_t sizeof_policy,
1037 MHD_gnutls_datum_t * der_ext)
1038{
1039 ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1040 int result;
1041
1042 result = MHD__asn1_create_element (MHD__gnutls_get_pkix (),
1043 "PKIX1.ProxyCertInfo", &ext);
1044 if (result != ASN1_SUCCESS)
1045 {
1046 MHD_gnutls_assert ();
1047 return MHD_gtls_asn2err (result);
1048 }
1049
1050 if (pathLenConstraint < 0)
1051 {
1052 result = MHD__asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
1053 if (result < 0)
1054 result = MHD_gtls_asn2err (result);
1055 }
1056 else
1057 result = MHD__gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
1058 pathLenConstraint);
1059 if (result < 0)
1060 {
1061 MHD_gnutls_assert ();
1062 MHD__asn1_delete_structure (&ext);
1063 return result;
1064 }
1065
1066 result = MHD__asn1_write_value (ext, "proxyPolicy.policyLanguage",
1067 policyLanguage, 1);
1068 if (result < 0)
1069 {
1070 MHD_gnutls_assert ();
1071 MHD__asn1_delete_structure (&ext);
1072 return MHD_gtls_asn2err (result);
1073 }
1074
1075 result = MHD__asn1_write_value (ext, "proxyPolicy.policy",
1076 policy, sizeof_policy);
1077 if (result < 0)
1078 {
1079 MHD_gnutls_assert ();
1080 MHD__asn1_delete_structure (&ext);
1081 return MHD_gtls_asn2err (result);
1082 }
1083
1084 result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
1085
1086 MHD__asn1_delete_structure (&ext);
1087
1088 if (result < 0)
1089 {
1090 MHD_gnutls_assert ();
1091 return result;
1092 }
1093
1094 return 0;
1095}
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h
index b314d0a7..a124290e 100644
--- a/src/daemon/https/x509/extensions.h
+++ b/src/daemon/https/x509/extensions.h
@@ -36,33 +36,3 @@ int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
36 int *pathLenConstraint, 36 int *pathLenConstraint,
37 opaque * extnValue, 37 opaque * extnValue,
38 int extnValueLen); 38 int extnValueLen);
39int MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert,
40 const char *extension_id,
41 const MHD_gnutls_datum_t * ext_data,
42 unsigned int critical);
43int MHD__gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
44 MHD_gnutls_datum_t * der_ext);
45int MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext);
46int MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t
47 type, const char *data_string,
48 MHD_gnutls_datum_t * der_ext);
49int MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t
50 type, const void *data_string,
51 unsigned int reason_flags,
52 MHD_gnutls_datum_t * der_ext);
53int MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
54 MHD_gnutls_datum_t * der_data);
55int MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
56 MHD_gnutls_datum_t * der_data);
57
58int MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
59 char **policyLanguage,
60 char **policy,
61 size_t * sizeof_policy,
62 opaque * extnValue,
63 int extnValueLen);
64int MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
65 const char *policyLanguage,
66 const char *policy,
67 size_t sizeof_policy,
68 MHD_gnutls_datum_t * der_ext);
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c
index 8b89b038..eb3da891 100644
--- a/src/daemon/https/x509/sign.c
+++ b/src/daemon/https/x509/sign.c
@@ -103,7 +103,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
103 } 103 }
104 104
105 info->size = 0; 105 info->size = 0;
106 MHD__asn1_der_coding (dinfo, "", NULL, &info->size, NULL); 106 MHD__asn1_der_coding (dinfo, "", NULL, (int*) &info->size, NULL);
107 107
108 info->data = MHD_gnutls_malloc (info->size); 108 info->data = MHD_gnutls_malloc (info->size);
109 if (info->data == NULL) 109 if (info->data == NULL)
@@ -113,7 +113,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
113 return GNUTLS_E_MEMORY_ERROR; 113 return GNUTLS_E_MEMORY_ERROR;
114 } 114 }
115 115
116 result = MHD__asn1_der_coding (dinfo, "", info->data, &info->size, NULL); 116 result = MHD__asn1_der_coding (dinfo, "", info->data, (int*) &info->size, NULL);
117 if (result != ASN1_SUCCESS) 117 if (result != ASN1_SUCCESS)
118 { 118 {
119 MHD_gnutls_assert (); 119 MHD_gnutls_assert ();
@@ -185,7 +185,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash,
185 * 'signature' will hold the signature! 185 * 'signature' will hold the signature!
186 * 'hash' is only used in PKCS1 RSA signing. 186 * 'hash' is only used in PKCS1 RSA signing.
187 */ 187 */
188int 188static int
189MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, 189MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
190 enum MHD_GNUTLS_HashAlgorithm hash, 190 enum MHD_GNUTLS_HashAlgorithm hash,
191 MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature) 191 MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature)
@@ -255,93 +255,5 @@ MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
255 return result; 255 return result;
256} 256}
257 257
258/*-
259 * MHD__gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key
260 * @src: should contain an ASN1_TYPE
261 * @issuer: is the certificate of the certificate issuer
262 * @issuer_key: holds the issuer's private key
263 *
264 * This function will sign a CRL or a certificate with the issuer's private key, and
265 * will copy the issuer's information into the CRL or certificate.
266 *
267 * Returns 0 on success.
268 *
269 -*/
270int
271MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
272 enum MHD_GNUTLS_HashAlgorithm dig,
273 MHD_gnutls_x509_crt_t issuer,
274 MHD_gnutls_x509_privkey_t issuer_key)
275{
276 int result;
277 MHD_gnutls_datum_t signature;
278 char name[128];
279
280 /* Step 1. Copy the issuer's name into the certificate.
281 */
282 MHD_gtls_str_cpy (name, sizeof (name), src_name);
283 MHD_gtls_str_cat (name, sizeof (name), ".issuer");
284
285 result = MHD__asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject");
286 if (result != ASN1_SUCCESS)
287 {
288 MHD_gnutls_assert ();
289 return MHD_gtls_asn2err (result);
290 }
291
292 /* Step 1.5. Write the signature stuff in the tbsCertificate.
293 */
294 MHD_gtls_str_cpy (name, sizeof (name), src_name);
295 MHD_gtls_str_cat (name, sizeof (name), ".signature");
296
297 result = MHD__gnutls_x509_write_sig_params (src, name,
298 issuer_key->pk_algorithm, dig,
299 issuer_key->params,
300 issuer_key->params_size);
301 if (result < 0)
302 {
303 MHD_gnutls_assert ();
304 return result;
305 }
306
307 /* Step 2. Sign the certificate.
308 */
309 result = MHD__gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature);
310
311 if (result < 0)
312 {
313 MHD_gnutls_assert ();
314 return result;
315 }
316
317 /* write the signature (bits)
318 */
319 result =
320 MHD__asn1_write_value (src, "signature", signature.data, signature.size * 8);
321
322 MHD__gnutls_free_datum (&signature);
323
324 if (result != ASN1_SUCCESS)
325 {
326 MHD_gnutls_assert ();
327 return MHD_gtls_asn2err (result);
328 }
329
330 /* Step 3. Move up and write the AlgorithmIdentifier, which is also
331 * the same.
332 */
333
334 result = MHD__gnutls_x509_write_sig_params (src, "signatureAlgorithm",
335 issuer_key->pk_algorithm, dig,
336 issuer_key->params,
337 issuer_key->params_size);
338 if (result < 0)
339 {
340 MHD_gnutls_assert ();
341 return result;
342 }
343
344 return 0;
345}
346 258
347#endif 259#endif
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h
index b2f7d939..03993157 100644
--- a/src/daemon/https/x509/sign.h
+++ b/src/daemon/https/x509/sign.h
@@ -22,15 +22,7 @@
22 * 22 *
23 */ 23 */
24 24
25int MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
26 enum MHD_GNUTLS_HashAlgorithm hash,
27 MHD_gnutls_x509_privkey_t signer,
28 MHD_gnutls_datum_t * signature);
29int MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, 25int MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
30 enum MHD_GNUTLS_HashAlgorithm hash, 26 enum MHD_GNUTLS_HashAlgorithm hash,
31 MHD_gnutls_x509_privkey_t signer, 27 MHD_gnutls_x509_privkey_t signer,
32 MHD_gnutls_datum_t * signature); 28 MHD_gnutls_datum_t * signature);
33int MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
34 enum MHD_GNUTLS_HashAlgorithm,
35 MHD_gnutls_x509_crt_t issuer,
36 MHD_gnutls_x509_privkey_t issuer_key);
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
index 599902ca..343030cc 100644
--- a/src/daemon/https/x509/x509.c
+++ b/src/daemon/https/x509/x509.c
@@ -71,62 +71,6 @@ MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert)
71 return 0; /* success */ 71 return 0; /* success */
72} 72}
73 73
74/*-
75 * MHD__gnutls_x509_crt_cpy - This function copies a MHD_gnutls_x509_crt_t structure
76 * @dest: The structure where to copy
77 * @src: The structure to be copied
78 *
79 * This function will copy an X.509 certificate structure.
80 *
81 * Returns 0 on success.
82 *
83 -*/
84int
85MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src)
86{
87 int ret;
88 size_t der_size;
89 opaque *der;
90 MHD_gnutls_datum_t tmp;
91
92 ret = MHD_gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
93 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
94 {
95 MHD_gnutls_assert ();
96 return ret;
97 }
98
99 der = MHD_gnutls_alloca (der_size);
100 if (der == NULL)
101 {
102 MHD_gnutls_assert ();
103 return GNUTLS_E_MEMORY_ERROR;
104 }
105
106 ret = MHD_gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
107 if (ret < 0)
108 {
109 MHD_gnutls_assert ();
110 MHD_gnutls_afree (der);
111 return ret;
112 }
113
114 tmp.data = der;
115 tmp.size = der_size;
116 ret = MHD_gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER);
117
118 MHD_gnutls_afree (der);
119
120 if (ret < 0)
121 {
122 MHD_gnutls_assert ();
123 return ret;
124 }
125
126 return 0;
127
128}
129
130/** 74/**
131 * MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure 75 * MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure
132 * @cert: The structure to be initialized 76 * @cert: The structure to be initialized
@@ -233,149 +177,6 @@ cleanup:MHD_gnutls_free (signature);
233} 177}
234 178
235/** 179/**
236 * MHD_gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name
237 * @cert: should contain a MHD_gnutls_x509_crt_t structure
238 * @buf: a pointer to a structure to hold the name (may be null)
239 * @sizeof_buf: initially holds the size of @buf
240 *
241 * This function will copy the name of the Certificate issuer in the
242 * provided buffer. The name will be in the form
243 * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
244 * will be ASCII or UTF-8 encoded, depending on the certificate data.
245 *
246 * If @buf is null then only the size will be filled.
247 *
248 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
249 * long enough, and in that case the *sizeof_buf will be updated with
250 * the required size. On success 0 is returned.
251 *
252 **/
253int
254MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert,
255 char *buf, size_t * sizeof_buf)
256{
257 if (cert == NULL)
258 {
259 MHD_gnutls_assert ();
260 return GNUTLS_E_INVALID_REQUEST;
261 }
262
263 return MHD__gnutls_x509_parse_dn (cert->cert,
264 "tbsCertificate.issuer.rdnSequence", buf,
265 sizeof_buf);
266}
267
268/**
269 * MHD_gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name
270 * @cert: should contain a MHD_gnutls_x509_crt_t structure
271 * @oid: holds an Object Identified in null terminated string
272 * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
273 * @raw_flag: If non zero returns the raw DER data of the DN part.
274 * @buf: a pointer to a structure to hold the name (may be null)
275 * @sizeof_buf: initially holds the size of @buf
276 *
277 * This function will extract the part of the name of the Certificate
278 * issuer specified by the given OID. The output, if the raw flag is not
279 * used, will be encoded as described in RFC2253. Thus a string that is
280 * ASCII or UTF-8 encoded, depending on the certificate data.
281 *
282 * Some helper macros with popular OIDs can be found in gnutls/x509.h
283 * If raw flag is zero, this function will only return known OIDs as
284 * text. Other OIDs will be DER encoded, as described in RFC2253 --
285 * in hex format with a '\#' prefix. You can check about known OIDs
286 * using MHD_gnutls_x509_dn_oid_known().
287 *
288 * If @buf is null then only the size will be filled.
289 *
290 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
291 * long enough, and in that case the *sizeof_buf will be updated with
292 * the required size. On success 0 is returned.
293 *
294 **/
295int
296MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert,
297 const char *oid,
298 int indx,
299 unsigned int raw_flag,
300 void *buf, size_t * sizeof_buf)
301{
302 if (cert == NULL)
303 {
304 MHD_gnutls_assert ();
305 return GNUTLS_E_INVALID_REQUEST;
306 }
307
308 return MHD__gnutls_x509_parse_dn_oid (cert->cert,
309 "tbsCertificate.issuer.rdnSequence", oid,
310 indx, raw_flag, buf, sizeof_buf);
311}
312
313/**
314 * MHD_gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs
315 * @cert: should contain a MHD_gnutls_x509_crt_t structure
316 * @indx: This specifies which OID to return. Use zero to get the first one.
317 * @oid: a pointer to a buffer to hold the OID (may be null)
318 * @sizeof_oid: initially holds the size of @oid
319 *
320 * This function will extract the OIDs of the name of the Certificate
321 * issuer specified by the given index.
322 *
323 * If @oid is null then only the size will be filled.
324 *
325 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
326 * long enough, and in that case the *sizeof_oid will be updated with
327 * the required size. On success 0 is returned.
328 *
329 **/
330int
331MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert,
332 int indx, void *oid, size_t * sizeof_oid)
333{
334 if (cert == NULL)
335 {
336 MHD_gnutls_assert ();
337 return GNUTLS_E_INVALID_REQUEST;
338 }
339
340 return MHD__gnutls_x509_get_dn_oid (cert->cert,
341 "tbsCertificate.issuer.rdnSequence", indx,
342 oid, sizeof_oid);
343}
344
345/**
346 * MHD_gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name
347 * @cert: should contain a MHD_gnutls_x509_crt_t structure
348 * @buf: a pointer to a structure to hold the name (may be null)
349 * @sizeof_buf: initially holds the size of @buf
350 *
351 * This function will copy the name of the Certificate in the
352 * provided buffer. The name will be in the form
353 * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
354 * will be ASCII or UTF-8 encoded, depending on the certificate data.
355 *
356 * If @buf is null then only the size will be filled.
357 *
358 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
359 * long enough, and in that case the *sizeof_buf will be updated with
360 * the required size. On success 0 is returned.
361 *
362 **/
363int
364MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert,
365 char *buf, size_t * sizeof_buf)
366{
367 if (cert == NULL)
368 {
369 MHD_gnutls_assert ();
370 return GNUTLS_E_INVALID_REQUEST;
371 }
372
373 return MHD__gnutls_x509_parse_dn (cert->cert,
374 "tbsCertificate.subject.rdnSequence", buf,
375 sizeof_buf);
376}
377
378/**
379 * MHD_gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name 180 * MHD_gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name
380 * @cert: should contain a MHD_gnutls_x509_crt_t structure 181 * @cert: should contain a MHD_gnutls_x509_crt_t structure
381 * @oid: holds an Object Identified in null terminated string 182 * @oid: holds an Object Identified in null terminated string
@@ -421,38 +222,6 @@ MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert,
421} 222}
422 223
423/** 224/**
424 * MHD_gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs
425 * @cert: should contain a MHD_gnutls_x509_crt_t structure
426 * @indx: This specifies which OID to return. Use zero to get the first one.
427 * @oid: a pointer to a buffer to hold the OID (may be null)
428 * @sizeof_oid: initially holds the size of @oid
429 *
430 * This function will extract the OIDs of the name of the Certificate
431 * subject specified by the given index.
432 *
433 * If oid is null then only the size will be filled.
434 *
435 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
436 * long enough, and in that case the *sizeof_oid will be updated with
437 * the required size. On success 0 is returned.
438 *
439 **/
440int
441MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert,
442 int indx, void *oid, size_t * sizeof_oid)
443{
444 if (cert == NULL)
445 {
446 MHD_gnutls_assert ();
447 return GNUTLS_E_INVALID_REQUEST;
448 }
449
450 return MHD__gnutls_x509_get_dn_oid (cert->cert,
451 "tbsCertificate.subject.rdnSequence", indx,
452 oid, sizeof_oid);
453}
454
455/**
456 * MHD_gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm 225 * MHD_gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm
457 * @cert: should contain a MHD_gnutls_x509_crt_t structure 226 * @cert: should contain a MHD_gnutls_x509_crt_t structure
458 * 227 *
@@ -671,179 +440,6 @@ MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
671 return 0; 440 return 0;
672} 441}
673 442
674/**
675 * MHD_gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier
676 * @cert: should contain a MHD_gnutls_x509_crt_t structure
677 * @ret: The place where the identifier will be copied
678 * @ret_size: Holds the size of the result field.
679 * @critical: will be non zero if the extension is marked as critical (may be null)
680 *
681 * This function will return the X.509v3 certificate's subject key identifier.
682 * This is obtained by the X.509 Subject Key identifier extension
683 * field (2.5.29.14).
684 *
685 * Returns 0 on success and a negative value in case of an error.
686 *
687 **/
688int
689MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
690 void *ret,
691 size_t * ret_size, unsigned int *critical)
692{
693 int result, len;
694 MHD_gnutls_datum_t id;
695 ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
696
697 if (cert == NULL)
698 {
699 MHD_gnutls_assert ();
700 return GNUTLS_E_INVALID_REQUEST;
701 }
702
703 if (ret)
704 memset (ret, 0, *ret_size);
705 else
706 *ret_size = 0;
707
708 if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
709 critical)) < 0)
710 {
711 return result;
712 }
713
714 if (id.size == 0 || id.data == NULL)
715 {
716 MHD_gnutls_assert ();
717 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
718 }
719
720 result =
721 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier",
722 &c2);
723 if (result != ASN1_SUCCESS)
724 {
725 MHD_gnutls_assert ();
726 MHD__gnutls_free_datum (&id);
727 return MHD_gtls_asn2err (result);
728 }
729
730 result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL);
731 MHD__gnutls_free_datum (&id);
732
733 if (result != ASN1_SUCCESS)
734 {
735 MHD_gnutls_assert ();
736 MHD__asn1_delete_structure (&c2);
737 return MHD_gtls_asn2err (result);
738 }
739
740 len = *ret_size;
741 result = MHD__asn1_read_value (c2, "", ret, &len);
742
743 *ret_size = len;
744 MHD__asn1_delete_structure (&c2);
745
746 if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
747 {
748 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
749 }
750
751 if (result != ASN1_SUCCESS)
752 {
753 MHD_gnutls_assert ();
754 return MHD_gtls_asn2err (result);
755 }
756
757 return 0;
758}
759
760/**
761 * MHD_gnutls_x509_crt_get_authority_key_id - This function returns the certificate authority's identifier
762 * @cert: should contain a MHD_gnutls_x509_crt_t structure
763 * @result: The place where the identifier will be copied
764 * @result_size: Holds the size of the result field.
765 * @critical: will be non zero if the extension is marked as critical (may be null)
766 *
767 * This function will return the X.509v3 certificate authority's key identifier.
768 * This is obtained by the X.509 Authority Key identifier extension
769 * field (2.5.29.35). Note that this function only returns the keyIdentifier
770 * field of the extension.
771 *
772 * Returns 0 on success and a negative value in case of an error.
773 *
774 **/
775int
776MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert,
777 void *ret,
778 size_t * ret_size,
779 unsigned int *critical)
780{
781 int result, len;
782 MHD_gnutls_datum_t id;
783 ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
784
785 if (cert == NULL)
786 {
787 MHD_gnutls_assert ();
788 return GNUTLS_E_INVALID_REQUEST;
789 }
790
791 if (ret)
792 memset (ret, 0, *ret_size);
793 else
794 *ret_size = 0;
795
796 if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
797 critical)) < 0)
798 {
799 return result;
800 }
801
802 if (id.size == 0 || id.data == NULL)
803 {
804 MHD_gnutls_assert ();
805 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
806 }
807
808 result =
809 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier",
810 &c2);
811 if (result != ASN1_SUCCESS)
812 {
813 MHD_gnutls_assert ();
814 MHD__gnutls_free_datum (&id);
815 return MHD_gtls_asn2err (result);
816 }
817
818 result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL);
819 MHD__gnutls_free_datum (&id);
820
821 if (result != ASN1_SUCCESS)
822 {
823 MHD_gnutls_assert ();
824 MHD__asn1_delete_structure (&c2);
825 return MHD_gtls_asn2err (result);
826 }
827
828 len = *ret_size;
829 result = MHD__asn1_read_value (c2, "keyIdentifier", ret, &len);
830
831 *ret_size = len;
832 MHD__asn1_delete_structure (&c2);
833
834 if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
835 {
836 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
837 }
838
839 if (result != ASN1_SUCCESS)
840 {
841 MHD_gnutls_assert ();
842 return MHD_gtls_asn2err (result);
843 }
844
845 return 0;
846}
847 443
848/** 444/**
849 * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm 445 * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm
@@ -1194,70 +790,6 @@ MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert,
1194} 790}
1195 791
1196/** 792/**
1197 * MHD_gnutls_x509_crt_get_subject_alt_name2 - Get certificate's alternative name, if any
1198 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1199 * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
1200 * @ret: is the place where the alternative name will be copied to
1201 * @ret_size: holds the size of ret.
1202 * @ret_type: holds the type of the alternative name (one of MHD_gnutls_x509_subject_alt_name_t).
1203 * @critical: will be non zero if the extension is marked as critical (may be null)
1204 *
1205 * This function will return the alternative names, contained in the
1206 * given certificate. It is the same as MHD_gnutls_x509_crt_get_subject_alt_name()
1207 * except for the fact that it will return the type of the alternative
1208 * name in @ret_type even if the function fails for some reason (i.e.
1209 * the buffer provided is not enough).
1210 *
1211 * The return values are the same as with MHD_gnutls_x509_crt_get_subject_alt_name().
1212 *
1213 **/
1214int
1215MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert,
1216 unsigned int seq,
1217 void *ret,
1218 size_t * ret_size,
1219 unsigned int *ret_type,
1220 unsigned int *critical)
1221{
1222 return get_subject_alt_name (cert, seq, ret, ret_size, ret_type, critical,
1223 0);
1224}
1225
1226/**
1227 * MHD_gnutls_x509_crt_get_subject_alt_othername_oid - Get SAN otherName OID
1228 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1229 * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
1230 * @ret: is the place where the otherName OID will be copied to
1231 * @ret_size: holds the size of ret.
1232 *
1233 * This function will extract the type OID of an otherName Subject
1234 * Alternative Name, contained in the given certificate, and return
1235 * the type as an enumerated element.
1236 *
1237 * This function is only useful if
1238 * MHD_gnutls_x509_crt_get_subject_alt_name() returned
1239 * %GNUTLS_SAN_OTHERNAME.
1240 *
1241 * Returns the alternative subject name type on success. The type is
1242 * one of the enumerated MHD_gnutls_x509_subject_alt_name_t. For
1243 * supported OIDs, it will return one of the virtual
1244 * (GNUTLS_SAN_OTHERNAME_*) types, e.g. %GNUTLS_SAN_OTHERNAME_XMPP,
1245 * and %GNUTLS_SAN_OTHERNAME for unknown OIDs. It will return
1246 * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to
1247 * hold the value. In that case @ret_size will be updated with the
1248 * required size. If the certificate does not have an Alternative
1249 * name with the specified sequence number and with the otherName type
1250 * then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
1251 **/
1252int
1253MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
1254 unsigned int seq,
1255 void *ret, size_t * ret_size)
1256{
1257 return get_subject_alt_name (cert, seq, ret, ret_size, NULL, NULL, 1);
1258}
1259
1260/**
1261 * MHD_gnutls_x509_crt_get_basic_constraints - This function returns the certificate basic constraints 793 * MHD_gnutls_x509_crt_get_basic_constraints - This function returns the certificate basic constraints
1262 * @cert: should contain a MHD_gnutls_x509_crt_t structure 794 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1263 * @critical: will be non zero if the extension is marked as critical 795 * @critical: will be non zero if the extension is marked as critical
@@ -1277,7 +809,7 @@ MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
1277 * certificate does not contain the basicConstraints extension 809 * certificate does not contain the basicConstraints extension
1278 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. 810 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1279 **/ 811 **/
1280int 812static int
1281MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert, 813MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert,
1282 unsigned int *critical, 814 unsigned int *critical,
1283 int *ca, int *pathlen) 815 int *ca, int *pathlen)
@@ -1409,66 +941,6 @@ MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert,
1409 return 0; 941 return 0;
1410} 942}
1411 943
1412/**
1413 * MHD_gnutls_x509_crt_get_proxy - This function returns the proxy certificate info
1414 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1415 * @critical: will be non zero if the extension is marked as critical
1416 * @pathlen: pointer to output integer indicating path length (may be
1417 * NULL), non-negative values indicate a present pCPathLenConstraint
1418 * field and the actual value, -1 indicate that the field is absent.
1419 *
1420 * This function will read the certificate's basic constraints, and
1421 * return the certificates CA status. It reads the basicConstraints
1422 * X.509 extension (2.5.29.19).
1423 *
1424 * Return value: If the certificate is a CA a positive value will be
1425 * returned, or zero if the certificate does not have CA flag set. A
1426 * negative value may be returned in case of errors. If the
1427 * certificate does not contain the basicConstraints extension
1428 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1429 **/
1430int
1431MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
1432 unsigned int *critical,
1433 int *pathlen,
1434 char **policyLanguage,
1435 char **policy, size_t * sizeof_policy)
1436{
1437 int result;
1438 MHD_gnutls_datum_t proxyCertInfo;
1439
1440 if (cert == NULL)
1441 {
1442 MHD_gnutls_assert ();
1443 return GNUTLS_E_INVALID_REQUEST;
1444 }
1445
1446 if ((result = MHD__gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0,
1447 &proxyCertInfo,
1448 critical)) < 0)
1449 {
1450 return result;
1451 }
1452
1453 if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL)
1454 {
1455 MHD_gnutls_assert ();
1456 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
1457 }
1458
1459 result = MHD__gnutls_x509_ext_extract_proxyCertInfo (pathlen, policyLanguage,
1460 policy, sizeof_policy,
1461 proxyCertInfo.data,
1462 proxyCertInfo.size);
1463 MHD__gnutls_free_datum (&proxyCertInfo);
1464 if (result < 0)
1465 {
1466 MHD_gnutls_assert ();
1467 return result;
1468 }
1469
1470 return 0;
1471}
1472 944
1473/** 945/**
1474 * MHD_gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension 946 * MHD_gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension
@@ -1488,7 +960,7 @@ MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
1488 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. 960 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1489 * 961 *
1490 **/ 962 **/
1491int 963static int
1492MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert, 964MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
1493 const char *oid, 965 const char *oid,
1494 int indx, 966 int indx,
@@ -1536,167 +1008,6 @@ MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
1536 1008
1537} 1009}
1538 1010
1539/**
1540 * MHD_gnutls_x509_crt_get_extension_oid - This function returns the specified extension OID
1541 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1542 * @indx: Specifies which extension OID to send. Use zero to get the first one.
1543 * @oid: a pointer to a structure to hold the OID (may be null)
1544 * @sizeof_oid: initially holds the size of @oid
1545 *
1546 * This function will return the requested extension OID in the certificate.
1547 * The extension OID will be stored as a string in the provided buffer.
1548 *
1549 * A negative value may be returned in case of parsing error.
1550 * If your have reached the last extension available
1551 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1552 *
1553 **/
1554int
1555MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
1556 int indx, void *oid, size_t * sizeof_oid)
1557{
1558 int result;
1559
1560 if (cert == NULL)
1561 {
1562 MHD_gnutls_assert ();
1563 return GNUTLS_E_INVALID_REQUEST;
1564 }
1565
1566 result = MHD__gnutls_x509_crt_get_extension_oid (cert, indx, oid, sizeof_oid);
1567 if (result < 0)
1568 {
1569 return result;
1570 }
1571
1572 return 0;
1573
1574}
1575
1576/**
1577 * MHD_gnutls_x509_crt_get_extension_info - Get extension id and criticality
1578 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1579 * @indx: Specifies which extension OID to send. Use zero to get the first one.
1580 * @oid: a pointer to a structure to hold the OID
1581 * @sizeof_oid: initially holds the size of @oid
1582 * @critical: output variable with critical flag, may be NULL.
1583 *
1584 * This function will return the requested extension OID in the
1585 * certificate, and the critical flag for it. The extension OID will
1586 * be stored as a string in the provided buffer. Use
1587 * MHD_gnutls_x509_crt_get_extension_data() to extract the data.
1588 *
1589 * Return 0 on success. A negative value may be returned in case of
1590 * parsing error. If you have reached the last extension available
1591 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1592 *
1593 **/
1594int
1595MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert,
1596 int indx,
1597 void *oid,
1598 size_t * sizeof_oid, int *critical)
1599{
1600 int result;
1601 char str_critical[10];
1602 char name[MAX_NAME_SIZE];
1603 int len;
1604
1605 if (!cert)
1606 {
1607 MHD_gnutls_assert ();
1608 return GNUTLS_E_INVALID_REQUEST;
1609 }
1610
1611 snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
1612 indx + 1);
1613
1614 len = *sizeof_oid;
1615 result = MHD__asn1_read_value (cert->cert, name, oid, &len);
1616 *sizeof_oid = len;
1617
1618 if (result == ASN1_ELEMENT_NOT_FOUND)
1619 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
1620 else if (result < 0)
1621 {
1622 MHD_gnutls_assert ();
1623 return MHD_gtls_asn2err (result);
1624 }
1625
1626 snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical",
1627 indx + 1);
1628 len = sizeof (str_critical);
1629 result = MHD__asn1_read_value (cert->cert, name, str_critical, &len);
1630 if (result < 0)
1631 {
1632 MHD_gnutls_assert ();
1633 return MHD_gtls_asn2err (result);
1634 }
1635
1636 if (critical)
1637 {
1638 if (str_critical[0] == 'T')
1639 *critical = 1;
1640 else
1641 *critical = 0;
1642 }
1643
1644 return 0;
1645
1646}
1647
1648/**
1649 * MHD_gnutls_x509_crt_get_extension_data - Get the specified extension data
1650 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1651 * @indx: Specifies which extension OID to send. Use zero to get the first one.
1652 * @data: a pointer to a structure to hold the data (may be null)
1653 * @sizeof_data: initially holds the size of @oid
1654 *
1655 * This function will return the requested extension data in the
1656 * certificate. The extension data will be stored as a string in the
1657 * provided buffer.
1658 *
1659 * Use MHD_gnutls_x509_crt_get_extension_info() to extract the OID and
1660 * critical flag. Use MHD_gnutls_x509_crt_get_extension_by_oid() instead,
1661 * if you want to get data indexed by the extension OID rather than
1662 * sequence.
1663 *
1664 * Return 0 on success. A negative value may be returned in case of
1665 * parsing error. If you have reached the last extension available
1666 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1667 **/
1668int
1669MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert,
1670 int indx,
1671 void *data, size_t * sizeof_data)
1672{
1673 int result, len;
1674 char name[MAX_NAME_SIZE];
1675
1676 if (!cert)
1677 {
1678 MHD_gnutls_assert ();
1679 return GNUTLS_E_INVALID_REQUEST;
1680 }
1681
1682 snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue",
1683 indx + 1);
1684
1685 len = *sizeof_data;
1686 result = MHD__asn1_read_value (cert->cert, name, data, &len);
1687 *sizeof_data = len;
1688
1689 if (result == ASN1_ELEMENT_NOT_FOUND)
1690 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
1691 else if (result < 0)
1692 {
1693 MHD_gnutls_assert ();
1694 return MHD_gtls_asn2err (result);
1695 }
1696
1697 return 0;
1698}
1699
1700static int 1011static int
1701MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert, 1012MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert,
1702 const char *whom, MHD_gnutls_datum_t * start) 1013 const char *whom, MHD_gnutls_datum_t * start)
@@ -1817,171 +1128,6 @@ MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, MHD_gnutls_x509_dn_
1817} 1128}
1818 1129
1819/** 1130/**
1820 * MHD_gnutls_x509_crt_get_issuer: get opaque issuer DN pointer
1821 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1822 * @dn: output variable with pointer to opaque DN
1823 *
1824 * Return the Certificate's Issuer DN as an opaque data type. You may
1825 * use MHD_gnutls_x509_dn_get_rdn_ava() to decode the DN.
1826 *
1827 * Note that @dn points into the @cert object, and thus you may not
1828 * deallocate @cert and continue to access @dn.
1829 *
1830 * Returns: Returns 0 on success, or an error code.
1831 **/
1832int
1833MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert, MHD_gnutls_x509_dn_t * dn)
1834{
1835 return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn);
1836}
1837
1838/**
1839 * MHD_gnutls_x509_dn_get_rdn_ava:
1840 * @dn: input variable with opaque DN pointer
1841 * @irdn: index of RDN
1842 * @iava: index of AVA.
1843 * @ava: Pointer to structure which will hold output information.
1844 *
1845 * Get pointers to data within the DN.
1846 *
1847 * Note that @ava will contain pointers into the @dn structure, so you
1848 * should not modify any data or deallocate it. Note also that the DN
1849 * in turn points into the original certificate structure, and thus
1850 * you may not deallocate the certificate and continue to access @dn.
1851 *
1852 * Returns: Returns 0 on success, or an error code.
1853 **/
1854int
1855MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn,
1856 int irdn, int iava, MHD_gnutls_x509_ava_st * ava)
1857{
1858 ASN1_TYPE rdn, elem;
1859 long len;
1860 int lenlen, remlen, ret;
1861 char rbuf[MAX_NAME_SIZE];
1862 unsigned char cls, *ptr;
1863
1864 iava++;
1865 irdn++; /* 0->1, 1->2 etc */
1866
1867 snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
1868 rdn = MHD__asn1_find_node (dn, rbuf);
1869 if (!rdn)
1870 {
1871 MHD_gnutls_assert ();
1872 return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
1873 }
1874
1875 snprintf (rbuf, sizeof (rbuf), "?%d.type", iava);
1876 elem = MHD__asn1_find_node (rdn, rbuf);
1877 if (!elem)
1878 {
1879 MHD_gnutls_assert ();
1880 return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
1881 }
1882
1883 ava->oid.data = elem->value;
1884 ava->oid.size = elem->value_len;
1885
1886 snprintf (rbuf, sizeof (rbuf), "?%d.value", iava);
1887 elem = MHD__asn1_find_node (rdn, rbuf);
1888 if (!elem)
1889 {
1890 MHD_gnutls_assert ();
1891 return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
1892 }
1893
1894 /* The value still has the previous tag's length bytes, plus the
1895 * current value's tag and length bytes. Decode them.
1896 */
1897
1898 ptr = elem->value;
1899 remlen = elem->value_len;
1900 len = MHD__asn1_get_length_der (ptr, remlen, &lenlen);
1901 if (len < 0)
1902 {
1903 MHD_gnutls_assert ();
1904 return GNUTLS_E_ASN1_DER_ERROR;
1905 }
1906
1907 ptr += lenlen;
1908 remlen -= lenlen;
1909 ret = MHD__asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag);
1910 if (ret)
1911 {
1912 MHD_gnutls_assert ();
1913 return MHD_gtls_asn2err (ret);
1914 }
1915
1916 ptr += lenlen;
1917 remlen -= lenlen;
1918
1919 ava->value.size = MHD__asn1_get_length_der (ptr, remlen, &lenlen);
1920 ava->value.data = ptr + lenlen;
1921
1922 return 0;
1923}
1924
1925/**
1926 * MHD_gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint
1927 * @cert: should contain a MHD_gnutls_x509_crt_t structure
1928 * @algo: is a digest algorithm
1929 * @buf: a pointer to a structure to hold the fingerprint (may be null)
1930 * @sizeof_buf: initially holds the size of @buf
1931 *
1932 * This function will calculate and copy the certificate's fingerprint
1933 * in the provided buffer.
1934 *
1935 * If the buffer is null then only the size will be filled.
1936 *
1937 * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
1938 * not long enough, and in that case the *sizeof_buf will be updated
1939 * with the required size. On success 0 is returned.
1940 **/
1941int
1942MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert,
1943 enum MHD_GNUTLS_HashAlgorithm algo,
1944 void *buf, size_t * sizeof_buf)
1945{
1946 opaque *cert_buf;
1947 int cert_buf_size;
1948 int result;
1949 MHD_gnutls_datum_t tmp;
1950
1951 if (sizeof_buf == 0 || cert == NULL)
1952 {
1953 return GNUTLS_E_INVALID_REQUEST;
1954 }
1955
1956 cert_buf_size = 0;
1957 MHD__asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL);
1958
1959 cert_buf = MHD_gnutls_alloca (cert_buf_size);
1960 if (cert_buf == NULL)
1961 {
1962 MHD_gnutls_assert ();
1963 return GNUTLS_E_MEMORY_ERROR;
1964 }
1965
1966 result = MHD__asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL);
1967
1968 if (result != ASN1_SUCCESS)
1969 {
1970 MHD_gnutls_assert ();
1971 MHD_gnutls_afree (cert_buf);
1972 return MHD_gtls_asn2err (result);
1973 }
1974
1975 tmp.data = cert_buf;
1976 tmp.size = cert_buf_size;
1977
1978 result = MHD__gnutls_fingerprint (algo, &tmp, buf, sizeof_buf);
1979 MHD_gnutls_afree (cert_buf);
1980
1981 return result;
1982}
1983
1984/**
1985 * MHD_gnutls_x509_crt_export - This function will export the certificate 1131 * MHD_gnutls_x509_crt_export - This function will export the certificate
1986 * @cert: Holds the certificate 1132 * @cert: Holds the certificate
1987 * @format: the format of output params. One of PEM or DER. 1133 * @format: the format of output params. One of PEM or DER.
@@ -2016,158 +1162,6 @@ MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
2016 output_data, output_data_size); 1162 output_data, output_data_size);
2017} 1163}
2018 1164
2019static int
2020rsadsa_get_key_id (MHD_gnutls_x509_crt_t crt,
2021 int pk,
2022 unsigned char *output_data, size_t * output_data_size)
2023{
2024 mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
2025 int params_size = MAX_PUBLIC_PARAMS_SIZE;
2026 int i, result = 0;
2027 MHD_gnutls_datum_t der = { NULL,
2028 0
2029 };
2030 GNUTLS_HASH_HANDLE hd;
2031
2032 result = MHD__gnutls_x509_crt_get_mpis (crt, params, &params_size);
2033 if (result < 0)
2034 {
2035 MHD_gnutls_assert ();
2036 return result;
2037 }
2038
2039 if (pk == MHD_GNUTLS_PK_RSA)
2040 {
2041 result = MHD__gnutls_x509_write_rsa_params (params, params_size, &der);
2042 if (result < 0)
2043 {
2044 MHD_gnutls_assert ();
2045 goto cleanup;
2046 }
2047 }
2048 else
2049 return GNUTLS_E_INTERNAL_ERROR;
2050
2051 hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
2052 if (hd == GNUTLS_HASH_FAILED)
2053 {
2054 MHD_gnutls_assert ();
2055 result = GNUTLS_E_INTERNAL_ERROR;
2056 goto cleanup;
2057 }
2058
2059 MHD_gnutls_hash (hd, der.data, der.size);
2060
2061 MHD_gnutls_hash_deinit (hd, output_data);
2062 *output_data_size = 20;
2063
2064 result = 0;
2065
2066cleanup:
2067
2068 MHD__gnutls_free_datum (&der);
2069
2070 /* release all allocated MPIs
2071 */
2072 for (i = 0; i < params_size; i++)
2073 {
2074 MHD_gtls_mpi_release (&params[i]);
2075 }
2076 return result;
2077}
2078
2079/**
2080 * MHD_gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters
2081 * @crt: Holds the certificate
2082 * @flags: should be 0 for now
2083 * @output_data: will contain the key ID
2084 * @output_data_size: holds the size of output_data (and will be
2085 * replaced by the actual size of parameters)
2086 *
2087 * This function will return a unique ID the depends on the public
2088 * key parameters. This ID can be used in checking whether a
2089 * certificate corresponds to the given private key.
2090 *
2091 * If the buffer provided is not long enough to hold the output, then
2092 * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
2093 * be returned. The output will normally be a SHA-1 hash output,
2094 * which is 20 bytes.
2095 *
2096 * Return value: In case of failure a negative value will be
2097 * returned, and 0 on success.
2098 **/
2099int
2100MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt,
2101 unsigned int flags,
2102 unsigned char *output_data,
2103 size_t * output_data_size)
2104{
2105 int pk, result = 0;
2106 MHD_gnutls_datum_t pubkey;
2107
2108 if (crt == NULL)
2109 {
2110 MHD_gnutls_assert ();
2111 return GNUTLS_E_INVALID_REQUEST;
2112 }
2113
2114 if (*output_data_size < 20)
2115 {
2116 MHD_gnutls_assert ();
2117 *output_data_size = 20;
2118 return GNUTLS_E_SHORT_MEMORY_BUFFER;
2119 }
2120
2121 pk = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL);
2122 if (pk < 0)
2123 {
2124 MHD_gnutls_assert ();
2125 return pk;
2126 }
2127
2128 if (pk == MHD_GNUTLS_PK_RSA)
2129 {
2130 /* This is for compatibility with what GnuTLS has printed for
2131 RSA/DSA before the code below was added. The code below is
2132 applicable to all types, and it would probably be a better
2133 idea to use it for RSA/DSA too, but doing so would break
2134 backwards compatibility. */
2135 return rsadsa_get_key_id (crt, pk, output_data, output_data_size);
2136 }
2137
2138 pubkey.size = 0;
2139 result = MHD__asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
2140 NULL, &pubkey.size, NULL);
2141 if (result != ASN1_MEM_ERROR)
2142 {
2143 MHD_gnutls_assert ();
2144 return MHD_gtls_asn2err (result);
2145 }
2146
2147 pubkey.data = MHD_gnutls_alloca (pubkey.size);
2148 if (pubkey.data == NULL)
2149 {
2150 MHD_gnutls_assert ();
2151 return GNUTLS_E_MEMORY_ERROR;
2152 }
2153
2154 result = MHD__asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
2155 pubkey.data, &pubkey.size, NULL);
2156 if (result != ASN1_SUCCESS)
2157 {
2158 MHD_gnutls_assert ();
2159 MHD_gnutls_afree (pubkey.data);
2160 return MHD_gtls_asn2err (result);
2161 }
2162
2163 result = MHD__gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data,
2164 output_data_size);
2165
2166 MHD_gnutls_afree (pubkey.data);
2167
2168 return result;
2169}
2170
2171#ifdef ENABLE_PKI 1165#ifdef ENABLE_PKI
2172 1166
2173/** 1167/**
@@ -2276,571 +1270,5 @@ MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert,
2276 return 0; /* not revoked. */ 1270 return 0; /* not revoked. */
2277} 1271}
2278 1272
2279/**
2280 * MHD_gnutls_x509_crt_verify_data - This function will verify the given signed data.
2281 * @crt: Holds the certificate
2282 * @flags: should be 0 for now
2283 * @data: holds the data to be signed
2284 * @signature: contains the signature
2285 *
2286 * This function will verify the given signed data, using the
2287 * parameters from the certificate.
2288 *
2289 * Returns: In case of a verification failure 0 is returned, and 1 on
2290 * success.
2291 **/
2292int
2293MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt,
2294 unsigned int flags,
2295 const MHD_gnutls_datum_t * data,
2296 const MHD_gnutls_datum_t * signature)
2297{
2298 int result;
2299
2300 if (crt == NULL)
2301 {
2302 MHD_gnutls_assert ();
2303 return GNUTLS_E_INVALID_REQUEST;
2304 }
2305
2306 result = MHD__gnutls_x509_verify_signature (data, signature, crt);
2307 if (result < 0)
2308 {
2309 MHD_gnutls_assert ();
2310 return 0;
2311 }
2312
2313 return result;
2314}
2315
2316/**
2317 * MHD_gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points
2318 * @cert: should contain a MHD_gnutls_x509_crt_t structure
2319 * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
2320 * @ret: is the place where the distribution point will be copied to
2321 * @ret_size: holds the size of ret.
2322 * @reason_flags: Revocation reasons flags.
2323 * @critical: will be non zero if the extension is marked as critical (may be null)
2324 *
2325 * This function will return the CRL distribution points (2.5.29.31),
2326 * contained in the given certificate.
2327 *
2328 * @reason_flags should be an ORed sequence of
2329 * GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,
2330 * GNUTLS_CRL_REASON_CA_COMPROMISE,
2331 * GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
2332 * GNUTLS_CRL_REASON_SUPERSEEDED,
2333 * GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
2334 * GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
2335 * GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
2336 * GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
2337 *
2338 * This is specified in X509v3 Certificate Extensions. GNUTLS will
2339 * return the distribution point type, or a negative error code on
2340 * error.
2341 *
2342 * Returns %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if
2343 * &@ret_size is not enough to hold the distribution point, or the
2344 * type of the distribution point if everything was ok. The type is
2345 * one of the enumerated %MHD_gnutls_x509_subject_alt_name_t. If the
2346 * certificate does not have an Alternative name with the specified
2347 * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is
2348 * returned.
2349 **/
2350int
2351MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert,
2352 unsigned int seq,
2353 void *ret,
2354 size_t * ret_size,
2355 unsigned int *reason_flags,
2356 unsigned int *critical)
2357{
2358 int result;
2359 MHD_gnutls_datum_t dist_points = { NULL,
2360 0
2361 };
2362 ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
2363 char name[MAX_NAME_SIZE];
2364 int len;
2365 MHD_gnutls_x509_subject_alt_name_t type;
2366 uint8_t reasons[2];
2367
2368 if (cert == NULL)
2369 {
2370 MHD_gnutls_assert ();
2371 return GNUTLS_E_INVALID_REQUEST;
2372 }
2373
2374 if (*ret_size > 0 && ret)
2375 memset (ret, 0, *ret_size);
2376 else
2377 *ret_size = 0;
2378
2379 if (reason_flags)
2380 *reason_flags = 0;
2381
2382 result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
2383 critical);
2384 if (result < 0)
2385 {
2386 return result;
2387 }
2388
2389 if (dist_points.size == 0 || dist_points.data == NULL)
2390 {
2391 MHD_gnutls_assert ();
2392 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
2393 }
2394
2395 result =
2396 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.CRLDistributionPoints",
2397 &c2);
2398 if (result != ASN1_SUCCESS)
2399 {
2400 MHD_gnutls_assert ();
2401 MHD__gnutls_free_datum (&dist_points);
2402 return MHD_gtls_asn2err (result);
2403 }
2404
2405 result = MHD__asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL);
2406 MHD__gnutls_free_datum (&dist_points);
2407
2408 if (result != ASN1_SUCCESS)
2409 {
2410 MHD_gnutls_assert ();
2411 MHD__asn1_delete_structure (&c2);
2412 return MHD_gtls_asn2err (result);
2413 }
2414
2415 /* Return the different names from the first CRLDistr. point.
2416 * The whole thing is a mess.
2417 */
2418 MHD_gtls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName");
2419
2420 result = parse_general_name (c2, name, seq, ret, ret_size, NULL, 0);
2421 if (result < 0)
2422 {
2423 MHD__asn1_delete_structure (&c2);
2424 return result;
2425 }
2426
2427 type = result;
2428
2429 /* Read the CRL reasons.
2430 */
2431 if (reason_flags)
2432 {
2433 MHD_gtls_str_cpy (name, sizeof (name), "?1.reasons");
2434
2435 reasons[0] = reasons[1] = 0;
2436
2437 len = sizeof (reasons);
2438 result = MHD__asn1_read_value (c2, name, reasons, &len);
2439
2440 if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
2441 {
2442 MHD_gnutls_assert ();
2443 MHD__asn1_delete_structure (&c2);
2444 return MHD_gtls_asn2err (result);
2445 }
2446
2447 *reason_flags = reasons[0] | (reasons[1] << 8);
2448 }
2449
2450 return type;
2451}
2452
2453/**
2454 * MHD_gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs
2455 * @cert: should contain a MHD_gnutls_x509_crt_t structure
2456 * @indx: This specifies which OID to return. Use zero to get the first one.
2457 * @oid: a pointer to a buffer to hold the OID (may be null)
2458 * @sizeof_oid: initially holds the size of @oid
2459 *
2460 * This function will extract the key purpose OIDs of the Certificate
2461 * specified by the given index. These are stored in the Extended Key
2462 * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
2463 * human readable names.
2464 *
2465 * If @oid is null then only the size will be filled.
2466 *
2467 * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
2468 * not long enough, and in that case the *sizeof_oid will be updated
2469 * with the required size. On success 0 is returned.
2470 **/
2471int
2472MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
2473 int indx,
2474 void *oid,
2475 size_t * sizeof_oid,
2476 unsigned int *critical)
2477{
2478 char tmpstr[MAX_NAME_SIZE];
2479 int result, len;
2480 MHD_gnutls_datum_t id;
2481 ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
2482
2483 if (cert == NULL)
2484 {
2485 MHD_gnutls_assert ();
2486 return GNUTLS_E_INVALID_REQUEST;
2487 }
2488
2489 if (oid)
2490 memset (oid, 0, *sizeof_oid);
2491 else
2492 *sizeof_oid = 0;
2493
2494 if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
2495 critical)) < 0)
2496 {
2497 return result;
2498 }
2499
2500 if (id.size == 0 || id.data == NULL)
2501 {
2502 MHD_gnutls_assert ();
2503 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
2504 }
2505
2506 result =
2507 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
2508 if (result != ASN1_SUCCESS)
2509 {
2510 MHD_gnutls_assert ();
2511 MHD__gnutls_free_datum (&id);
2512 return MHD_gtls_asn2err (result);
2513 }
2514
2515 result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL);
2516 MHD__gnutls_free_datum (&id);
2517
2518 if (result != ASN1_SUCCESS)
2519 {
2520 MHD_gnutls_assert ();
2521 MHD__asn1_delete_structure (&c2);
2522 return MHD_gtls_asn2err (result);
2523 }
2524
2525 indx++;
2526 /* create a string like "?1"
2527 */
2528 snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
2529
2530 len = *sizeof_oid;
2531 result = MHD__asn1_read_value (c2, tmpstr, oid, &len);
2532
2533 *sizeof_oid = len;
2534 MHD__asn1_delete_structure (&c2);
2535
2536 if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
2537 {
2538 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
2539 }
2540
2541 if (result != ASN1_SUCCESS)
2542 {
2543 MHD_gnutls_assert ();
2544 return MHD_gtls_asn2err (result);
2545 }
2546
2547 return 0;
2548
2549}
2550
2551/**
2552 * MHD_gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key
2553 * @crt: Holds the certificate
2554 * @m: will hold the modulus
2555 * @e: will hold the public exponent
2556 *
2557 * This function will export the RSA public key's parameters found in
2558 * the given structure. The new parameters will be allocated using
2559 * MHD_gnutls_malloc() and will be stored in the appropriate datum.
2560 *
2561 * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
2562 **/
2563int
2564MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt,
2565 MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e)
2566{
2567 int ret;
2568 mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
2569 int params_size = MAX_PUBLIC_PARAMS_SIZE;
2570 int i;
2571
2572 if (crt == NULL)
2573 {
2574 MHD_gnutls_assert ();
2575 return GNUTLS_E_INVALID_REQUEST;
2576 }
2577
2578 ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL);
2579 if (ret != MHD_GNUTLS_PK_RSA)
2580 {
2581 MHD_gnutls_assert ();
2582 return GNUTLS_E_INVALID_REQUEST;
2583 }
2584
2585 ret = MHD__gnutls_x509_crt_get_mpis (crt, params, &params_size);
2586 if (ret < 0)
2587 {
2588 MHD_gnutls_assert ();
2589 return ret;
2590 }
2591
2592 ret = MHD_gtls_mpi_dprint (m, params[0]);
2593 if (ret < 0)
2594 {
2595 MHD_gnutls_assert ();
2596 goto cleanup;
2597 }
2598
2599 ret = MHD_gtls_mpi_dprint (e, params[1]);
2600 if (ret < 0)
2601 {
2602 MHD_gnutls_assert ();
2603 MHD__gnutls_free_datum (m);
2604 goto cleanup;
2605 }
2606
2607 ret = 0;
2608
2609cleanup:for (i = 0; i < params_size; i++)
2610 {
2611 MHD_gtls_mpi_release (&params[i]);
2612 }
2613 return ret;
2614}
2615
2616/**
2617 * MHD_gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key
2618 * @crt: Holds the certificate
2619 * @p: will hold the p
2620 * @q: will hold the q
2621 * @g: will hold the g
2622 * @y: will hold the y
2623 *
2624 * This function will export the DSA public key's parameters found in
2625 * the given certificate. The new parameters will be allocated using
2626 * MHD_gnutls_malloc() and will be stored in the appropriate datum.
2627 *
2628 * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
2629 **/
2630int
2631MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt,
2632 MHD_gnutls_datum_t * p,
2633 MHD_gnutls_datum_t * q,
2634 MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y)
2635{
2636 int ret;
2637 mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
2638 int params_size = MAX_PUBLIC_PARAMS_SIZE;
2639 int i;
2640
2641 if (crt == NULL)
2642 {
2643 MHD_gnutls_assert ();
2644 return GNUTLS_E_INVALID_REQUEST;
2645 }
2646
2647 ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL);
2648
2649 ret = MHD__gnutls_x509_crt_get_mpis (crt, params, &params_size);
2650 if (ret < 0)
2651 {
2652 MHD_gnutls_assert ();
2653 return ret;
2654 }
2655
2656 /* P */
2657 ret = MHD_gtls_mpi_dprint (p, params[0]);
2658 if (ret < 0)
2659 {
2660 MHD_gnutls_assert ();
2661 goto cleanup;
2662 }
2663
2664 /* Q */
2665 ret = MHD_gtls_mpi_dprint (q, params[1]);
2666 if (ret < 0)
2667 {
2668 MHD_gnutls_assert ();
2669 MHD__gnutls_free_datum (p);
2670 goto cleanup;
2671 }
2672
2673 /* G */
2674 ret = MHD_gtls_mpi_dprint (g, params[2]);
2675 if (ret < 0)
2676 {
2677 MHD_gnutls_assert ();
2678 MHD__gnutls_free_datum (p);
2679 MHD__gnutls_free_datum (q);
2680 goto cleanup;
2681 }
2682
2683 /* Y */
2684 ret = MHD_gtls_mpi_dprint (y, params[3]);
2685 if (ret < 0)
2686 {
2687 MHD_gnutls_assert ();
2688 MHD__gnutls_free_datum (p);
2689 MHD__gnutls_free_datum (g);
2690 MHD__gnutls_free_datum (q);
2691 goto cleanup;
2692 }
2693
2694 ret = 0;
2695
2696cleanup:for (i = 0; i < params_size; i++)
2697 {
2698 MHD_gtls_mpi_release (&params[i]);
2699 }
2700 return ret;
2701
2702}
2703
2704#endif 1273#endif
2705 1274
2706/**
2707 * MHD_gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list
2708 * @certs: The structures to store the parsed certificate. Must not be initialized.
2709 * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
2710 * @data: The PEM encoded certificate.
2711 * @format: One of DER or PEM.
2712 * @flags: must be zero or an OR'd sequence of MHD_gnutls_certificate_import_flags.
2713 *
2714 * This function will convert the given PEM encoded certificate list
2715 * to the native MHD_gnutls_x509_crt_t format. The output will be stored
2716 * in @certs. They will be automatically initialized.
2717 *
2718 * If the Certificate is PEM encoded it should have a header of "X509
2719 * CERTIFICATE", or "CERTIFICATE".
2720 *
2721 * Returns: the number of certificates read or a negative error value.
2722 **/
2723int
2724MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs,
2725 unsigned int *cert_max,
2726 const MHD_gnutls_datum_t * data,
2727 MHD_gnutls_x509_crt_fmt_t format, unsigned int flags)
2728{
2729 int size;
2730 const char *ptr;
2731 MHD_gnutls_datum_t tmp;
2732 int ret, nocopy = 0;
2733 unsigned int count = 0, j;
2734
2735 if (format == GNUTLS_X509_FMT_DER)
2736 {
2737 if (*cert_max < 1)
2738 {
2739 *cert_max = 1;
2740 return GNUTLS_E_SHORT_MEMORY_BUFFER;
2741 }
2742
2743 count = 1; /* import only the first one */
2744
2745 ret = MHD_gnutls_x509_crt_init (&certs[0]);
2746 if (ret < 0)
2747 {
2748 MHD_gnutls_assert ();
2749 goto error;
2750 }
2751
2752 ret = MHD_gnutls_x509_crt_import (certs[0], data, format);
2753 if (ret < 0)
2754 {
2755 MHD_gnutls_assert ();
2756 goto error;
2757 }
2758
2759 *cert_max = 1;
2760 return 1;
2761 }
2762
2763 /* move to the certificate
2764 */
2765 ptr = MHD_memmem (data->data, data->size,
2766 PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
2767 if (ptr == NULL)
2768 ptr = MHD_memmem (data->data, data->size,
2769 PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
2770
2771 if (ptr == NULL)
2772 {
2773 MHD_gnutls_assert ();
2774 return GNUTLS_E_BASE64_DECODING_ERROR;
2775 }
2776 size = data->size - (ptr - (char *) data->data);
2777
2778 count = 0;
2779
2780 do
2781 {
2782 if (count >= *cert_max)
2783 {
2784 if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
2785 break;
2786 else
2787 nocopy = 1;
2788 }
2789
2790 if (!nocopy)
2791 {
2792 ret = MHD_gnutls_x509_crt_init (&certs[count]);
2793 if (ret < 0)
2794 {
2795 MHD_gnutls_assert ();
2796 goto error;
2797 }
2798
2799 tmp.data = (void *) ptr;
2800 tmp.size = size;
2801
2802 ret =
2803 MHD_gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
2804 if (ret < 0)
2805 {
2806 MHD_gnutls_assert ();
2807 goto error;
2808 }
2809 }
2810
2811 /* now we move ptr after the pem header
2812 */
2813 ptr++;
2814 /* find the next certificate (if any)
2815 */
2816 size = data->size - (ptr - (char *) data->data);
2817
2818 if (size > 0)
2819 {
2820 char *ptr2;
2821
2822 ptr2 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
2823 if (ptr2 == NULL)
2824 ptr2 =
2825 MHD_memmem (ptr, size, PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
2826
2827 ptr = ptr2;
2828 }
2829 else
2830 ptr = NULL;
2831
2832 count++;
2833 }
2834 while (ptr != NULL);
2835
2836 *cert_max = count;
2837
2838 if (nocopy == 0)
2839 return count;
2840 else
2841 return GNUTLS_E_SHORT_MEMORY_BUFFER;
2842
2843error:for (j = 0; j < count; j++)
2844 MHD_gnutls_x509_crt_deinit (certs[j]);
2845 return ret;
2846}
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
index ee28dc73..87a81954 100644
--- a/src/daemon/https/x509/x509.h
+++ b/src/daemon/https/x509/x509.h
@@ -92,33 +92,9 @@ extern "C"
92 int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, 92 int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert,
93 const MHD_gnutls_datum_t * data, 93 const MHD_gnutls_datum_t * data,
94 MHD_gnutls_x509_crt_fmt_t format); 94 MHD_gnutls_x509_crt_fmt_t format);
95 int MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs,
96 unsigned int *cert_max,
97 const MHD_gnutls_datum_t * data,
98 MHD_gnutls_x509_crt_fmt_t format,
99 unsigned int flags);
100 int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, 95 int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
101 MHD_gnutls_x509_crt_fmt_t format, 96 MHD_gnutls_x509_crt_fmt_t format,
102 void *output_data, size_t * output_data_size); 97 void *output_data, size_t * output_data_size);
103 int MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert,
104 char *buf, size_t * sizeof_buf);
105 int MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert,
106 int indx,
107 void *oid, size_t * sizeof_oid);
108 int MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert,
109 const char *oid,
110 int indx,
111 unsigned int raw_flag,
112 void *buf, size_t * sizeof_buf);
113 int MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert,
114 char *buf, size_t * sizeof_buf);
115 int MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert,
116 int indx, void *oid, size_t * sizeof_oid);
117 int MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert,
118 const char *oid,
119 int indx,
120 unsigned int raw_flag,
121 void *buf, size_t * sizeof_buf);
122 int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert, 98 int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert,
123 const char *hostname); 99 const char *hostname);
124 100
@@ -126,22 +102,6 @@ extern "C"
126 int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert, 102 int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert,
127 char *sig, size_t * sizeof_sig); 103 char *sig, size_t * sizeof_sig);
128 int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); 104 int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert);
129 int MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt,
130 unsigned int flags,
131 unsigned char *output_data,
132 size_t * output_data_size);
133
134 int MHD_gnutls_x509_crt_set_authority_key_id (MHD_gnutls_x509_crt_t cert,
135 const void *id, size_t id_size);
136 int MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert,
137 void *ret,
138 size_t * ret_size,
139 unsigned int *critical);
140
141 int MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
142 void *ret,
143 size_t * ret_size,
144 unsigned int *critical);
145 105
146#define GNUTLS_CRL_REASON_UNUSED 128 106#define GNUTLS_CRL_REASON_UNUSED 128
147#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 107#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
@@ -153,20 +113,6 @@ extern "C"
153#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 113#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
154#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 114#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
155 115
156 int MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert,
157 unsigned int seq,
158 void *ret,
159 size_t * ret_size,
160 unsigned int *reason_flags,
161 unsigned int *critical);
162 int MHD_gnutls_x509_crt_set_crl_dist_points (MHD_gnutls_x509_crt_t crt,
163 MHD_gnutls_x509_subject_alt_name_t
164 type,
165 const void *data_string,
166 unsigned int reason_flags);
167 int MHD_gnutls_x509_crt_cpy_crl_dist_points (MHD_gnutls_x509_crt_t dst,
168 MHD_gnutls_x509_crt_t src);
169
170 time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert); 116 time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert);
171 time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert); 117 time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert);
172 int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, 118 int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
@@ -174,36 +120,13 @@ extern "C"
174 120
175 int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, 121 int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
176 unsigned int *bits); 122 unsigned int *bits);
177 int MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt,
178 MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e);
179 int MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt,
180 MHD_gnutls_datum_t * p,
181 MHD_gnutls_datum_t * q,
182 MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y);
183
184 int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert, 123 int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert,
185 unsigned int seq, 124 unsigned int seq,
186 void *ret, 125 void *ret,
187 size_t * ret_size, 126 size_t * ret_size,
188 unsigned int *critical); 127 unsigned int *critical);
189 int MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert,
190 unsigned int seq,
191 void *ret,
192 size_t * ret_size,
193 unsigned int *ret_type,
194 unsigned int *critical);
195
196 int MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
197 unsigned int seq,
198 void *ret,
199 size_t * ret_size);
200
201 int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, 128 int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
202 unsigned int *critical); 129 unsigned int *critical);
203 int MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert,
204 unsigned int *critical,
205 int *ca, int *pathlen);
206
207/* The key_usage flags are defined in gnutls.h. They are the 130/* The key_usage flags are defined in gnutls.h. They are the
208 * GNUTLS_KEY_* definitions. 131 * GNUTLS_KEY_* definitions.
209 */ 132 */
@@ -213,34 +136,9 @@ extern "C"
213 int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, 136 int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt,
214 unsigned int usage); 137 unsigned int usage);
215 138
216 int MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
217 unsigned int *critical,
218 int *pathlen,
219 char **policyLanguage,
220 char **policy, size_t * sizeof_policy);
221
222 int MHD_gnutls_x509_dn_oid_known (const char *oid); 139 int MHD_gnutls_x509_dn_oid_known (const char *oid);
223 140
224/* Read extensions by OID. */
225 int MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
226 int indx,
227 void *oid, size_t * sizeof_oid);
228 int MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
229 const char *oid,
230 int indx,
231 void *buf,
232 size_t * sizeof_buf,
233 unsigned int *critical);
234
235/* Read extensions by sequence number. */ 141/* Read extensions by sequence number. */
236 int MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert,
237 int indx,
238 void *oid,
239 size_t * sizeof_oid, int *critical);
240 int MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert,
241 int indx,
242 void *data, size_t * sizeof_data);
243
244 int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, 142 int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt,
245 const char *oid, 143 const char *oid,
246 const void *buf, 144 const void *buf,
@@ -344,12 +242,6 @@ extern "C"
344 242
345 int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, 243 int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert,
346 MHD_gnutls_x509_dn_t * dn); 244 MHD_gnutls_x509_dn_t * dn);
347 int MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert,
348 MHD_gnutls_x509_dn_t * dn);
349 int MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn,
350 int irdn,
351 int iava, MHD_gnutls_x509_ava_st * avast);
352
353/* CRL handling functions. 245/* CRL handling functions.
354 */ 246 */
355 int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl); 247 int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl);
@@ -362,8 +254,6 @@ extern "C"
362 MHD_gnutls_x509_crt_fmt_t format, 254 MHD_gnutls_x509_crt_fmt_t format,
363 void *output_data, size_t * output_data_size); 255 void *output_data, size_t * output_data_size);
364 256
365 int MHD_gnutls_x509_crl_get_issuer_dn (const MHD_gnutls_x509_crl_t crl,
366 char *buf, size_t * sizeof_buf);
367 int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl, 257 int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl,
368 const char *oid, 258 const char *oid,
369 int indx, 259 int indx,
@@ -508,21 +398,6 @@ extern "C"
508 const MHD_gnutls_x509_crl_t * 398 const MHD_gnutls_x509_crl_t *
509 crl_list, int crl_list_length); 399 crl_list, int crl_list_length);
510 400
511 int MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert,
512 enum MHD_GNUTLS_HashAlgorithm algo,
513 void *buf, size_t * sizeof_buf);
514
515 int MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
516 int indx,
517 void *oid,
518 size_t * sizeof_oid,
519 unsigned int *critical);
520 int MHD_gnutls_x509_crt_set_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
521 const void *oid,
522 unsigned int critical);
523
524/* Private key handling.
525 */
526 401
527/* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function. 402/* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function.
528 */ 403 */
@@ -601,10 +476,6 @@ extern "C"
601 unsigned int flags, 476 unsigned int flags,
602 const MHD_gnutls_datum_t * data, 477 const MHD_gnutls_datum_t * data,
603 const MHD_gnutls_datum_t * signature); 478 const MHD_gnutls_datum_t * signature);
604 int MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt,
605 unsigned int flags,
606 const MHD_gnutls_datum_t * data,
607 const MHD_gnutls_datum_t * signature);
608 479
609/* Certificate request stuff. 480/* Certificate request stuff.
610 */ 481 */
@@ -753,8 +624,6 @@ int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
753int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, 624int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
754 unsigned int *bits); 625 unsigned int *bits);
755 626
756int MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src);
757
758int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, 627int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
759 void *result, size_t * result_size); 628 void *result, size_t * result_size);
760 629
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-15 14:46:38 +0000