diff options
Diffstat (limited to 'src/daemon/https/x509/crl.c')
-rw-r--r-- | src/daemon/https/x509/crl.c | 437 |
1 files changed, 0 insertions, 437 deletions
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c deleted file mode 100644 index 98a9748b..00000000 --- a/src/daemon/https/x509/crl.c +++ /dev/null | |||
@@ -1,437 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <libtasn1.h> | ||
27 | |||
28 | #ifdef ENABLE_PKI | ||
29 | |||
30 | #include <gnutls_datum.h> | ||
31 | #include <gnutls_global.h> | ||
32 | #include <gnutls_errors.h> | ||
33 | #include <common.h> | ||
34 | #include <x509_b64.h> | ||
35 | #include <x509.h> | ||
36 | #include <dn.h> | ||
37 | |||
38 | /** | ||
39 | * MHD_gnutls_x509_crl_init - This function initializes a MHD_gnutls_x509_crl_t structure | ||
40 | * @crl: The structure to be initialized | ||
41 | * | ||
42 | * This function will initialize a CRL structure. CRL stands for | ||
43 | * Certificate Revocation List. A revocation list usually contains | ||
44 | * lists of certificate serial numbers that have been revoked | ||
45 | * by an Authority. The revocation lists are always signed with | ||
46 | * the authority's private key. | ||
47 | * | ||
48 | * Returns 0 on success. | ||
49 | * | ||
50 | **/ | ||
51 | int | ||
52 | MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl) | ||
53 | { | ||
54 | *crl = MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_crl_int)); | ||
55 | |||
56 | if (*crl) | ||
57 | { | ||
58 | int result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
59 | "PKIX1.CertificateList", | ||
60 | &(*crl)->crl); | ||
61 | if (result != ASN1_SUCCESS) | ||
62 | { | ||
63 | MHD_gnutls_assert (); | ||
64 | MHD_gnutls_free (*crl); | ||
65 | return MHD_gtls_asn2err (result); | ||
66 | } | ||
67 | return 0; /* success */ | ||
68 | } | ||
69 | return GNUTLS_E_MEMORY_ERROR; | ||
70 | } | ||
71 | |||
72 | /** | ||
73 | * MHD_gnutls_x509_crl_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crl_t structure | ||
74 | * @crl: The structure to be initialized | ||
75 | * | ||
76 | * This function will deinitialize a CRL structure. | ||
77 | * | ||
78 | **/ | ||
79 | void | ||
80 | MHD_gnutls_x509_crl_deinit (MHD_gnutls_x509_crl_t crl) | ||
81 | { | ||
82 | if (!crl) | ||
83 | return; | ||
84 | |||
85 | if (crl->crl) | ||
86 | MHD__asn1_delete_structure (&crl->crl); | ||
87 | |||
88 | MHD_gnutls_free (crl); | ||
89 | } | ||
90 | |||
91 | /** | ||
92 | * MHD_gnutls_x509_crl_import - This function will import a DER or PEM encoded CRL | ||
93 | * @crl: The structure to store the parsed CRL. | ||
94 | * @data: The DER or PEM encoded CRL. | ||
95 | * @format: One of DER or PEM | ||
96 | * | ||
97 | * This function will convert the given DER or PEM encoded CRL | ||
98 | * to the native MHD_gnutls_x509_crl_t format. The output will be stored in 'crl'. | ||
99 | * | ||
100 | * If the CRL is PEM encoded it should have a header of "X509 CRL". | ||
101 | * | ||
102 | * Returns 0 on success. | ||
103 | * | ||
104 | **/ | ||
105 | int | ||
106 | MHD_gnutls_x509_crl_import (MHD_gnutls_x509_crl_t crl, | ||
107 | const MHD_gnutls_datum_t * data, | ||
108 | MHD_gnutls_x509_crt_fmt_t format) | ||
109 | { | ||
110 | int result = 0, need_free = 0; | ||
111 | MHD_gnutls_datum_t _data; | ||
112 | |||
113 | _data.data = data->data; | ||
114 | _data.size = data->size; | ||
115 | |||
116 | if (crl == NULL) | ||
117 | { | ||
118 | MHD_gnutls_assert (); | ||
119 | return GNUTLS_E_INVALID_REQUEST; | ||
120 | } | ||
121 | |||
122 | /* If the CRL is in PEM format then decode it | ||
123 | */ | ||
124 | if (format == GNUTLS_X509_FMT_PEM) | ||
125 | { | ||
126 | opaque *out; | ||
127 | |||
128 | result = | ||
129 | MHD__gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out); | ||
130 | |||
131 | if (result <= 0) | ||
132 | { | ||
133 | if (result == 0) | ||
134 | result = GNUTLS_E_INTERNAL_ERROR; | ||
135 | MHD_gnutls_assert (); | ||
136 | return result; | ||
137 | } | ||
138 | |||
139 | _data.data = out; | ||
140 | _data.size = result; | ||
141 | |||
142 | need_free = 1; | ||
143 | } | ||
144 | |||
145 | |||
146 | result = MHD__asn1_der_decoding (&crl->crl, _data.data, _data.size, NULL); | ||
147 | if (result != ASN1_SUCCESS) | ||
148 | { | ||
149 | result = MHD_gtls_asn2err (result); | ||
150 | MHD_gnutls_assert (); | ||
151 | goto cleanup; | ||
152 | } | ||
153 | |||
154 | if (need_free) | ||
155 | MHD__gnutls_free_datum (&_data); | ||
156 | |||
157 | return 0; | ||
158 | |||
159 | cleanup: | ||
160 | if (need_free) | ||
161 | MHD__gnutls_free_datum (&_data); | ||
162 | return result; | ||
163 | } | ||
164 | |||
165 | |||
166 | /** | ||
167 | * MHD_gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm | ||
168 | * @crl: should contain a MHD_gnutls_x509_crl_t structure | ||
169 | * | ||
170 | * This function will return a value of the MHD_gnutls_sign_algorithm_t enumeration that | ||
171 | * is the signature algorithm. | ||
172 | * | ||
173 | * Returns a negative value on error. | ||
174 | * | ||
175 | **/ | ||
176 | int | ||
177 | MHD_gnutls_x509_crl_get_signature_algorithm (MHD_gnutls_x509_crl_t crl) | ||
178 | { | ||
179 | int result; | ||
180 | MHD_gnutls_datum_t sa; | ||
181 | |||
182 | if (crl == NULL) | ||
183 | { | ||
184 | MHD_gnutls_assert (); | ||
185 | return GNUTLS_E_INVALID_REQUEST; | ||
186 | } | ||
187 | |||
188 | /* Read the signature algorithm. Note that parameters are not | ||
189 | * read. They will be read from the issuer's certificate if needed. | ||
190 | */ | ||
191 | |||
192 | result = | ||
193 | MHD__gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm", | ||
194 | &sa, 0); | ||
195 | |||
196 | if (result < 0) | ||
197 | { | ||
198 | MHD_gnutls_assert (); | ||
199 | return result; | ||
200 | } | ||
201 | |||
202 | result = MHD_gtls_x509_oid2sign_algorithm ((const char *) sa.data); | ||
203 | |||
204 | MHD__gnutls_free_datum (&sa); | ||
205 | |||
206 | return result; | ||
207 | } | ||
208 | |||
209 | /** | ||
210 | * MHD_gnutls_x509_crl_get_signature - Returns the CRL's signature | ||
211 | * @crl: should contain a MHD_gnutls_x509_crl_t structure | ||
212 | * @sig: a pointer where the signature part will be copied (may be null). | ||
213 | * @sizeof_sig: initially holds the size of @sig | ||
214 | * | ||
215 | * This function will extract the signature field of a CRL. | ||
216 | * | ||
217 | * Returns 0 on success, and a negative value on error. | ||
218 | **/ | ||
219 | int | ||
220 | MHD_gnutls_x509_crl_get_signature (MHD_gnutls_x509_crl_t crl, | ||
221 | char *sig, size_t * sizeof_sig) | ||
222 | { | ||
223 | int result; | ||
224 | int bits, len; | ||
225 | |||
226 | if (crl == NULL) | ||
227 | { | ||
228 | MHD_gnutls_assert (); | ||
229 | return GNUTLS_E_INVALID_REQUEST; | ||
230 | } | ||
231 | |||
232 | bits = 0; | ||
233 | result = MHD__asn1_read_value (crl->crl, "signature", NULL, &bits); | ||
234 | if (result != ASN1_MEM_ERROR) | ||
235 | { | ||
236 | MHD_gnutls_assert (); | ||
237 | return MHD_gtls_asn2err (result); | ||
238 | } | ||
239 | |||
240 | if (bits % 8 != 0) | ||
241 | { | ||
242 | MHD_gnutls_assert (); | ||
243 | return GNUTLS_E_CERTIFICATE_ERROR; | ||
244 | } | ||
245 | |||
246 | len = bits / 8; | ||
247 | |||
248 | if (*sizeof_sig < len) | ||
249 | { | ||
250 | *sizeof_sig = bits / 8; | ||
251 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
252 | } | ||
253 | |||
254 | result = MHD__asn1_read_value (crl->crl, "signature", sig, &len); | ||
255 | if (result != ASN1_SUCCESS) | ||
256 | { | ||
257 | MHD_gnutls_assert (); | ||
258 | return MHD_gtls_asn2err (result); | ||
259 | } | ||
260 | |||
261 | return 0; | ||
262 | } | ||
263 | |||
264 | |||
265 | /** | ||
266 | * MHD_gnutls_x509_crl_get_crt_count - This function returns the number of revoked certificates in a CRL | ||
267 | * @crl: should contain a MHD_gnutls_x509_crl_t structure | ||
268 | * | ||
269 | * This function will return the number of revoked certificates in the | ||
270 | * given CRL. | ||
271 | * | ||
272 | * Returns a negative value on failure. | ||
273 | * | ||
274 | **/ | ||
275 | int | ||
276 | MHD_gnutls_x509_crl_get_crt_count (MHD_gnutls_x509_crl_t crl) | ||
277 | { | ||
278 | |||
279 | int count, result; | ||
280 | |||
281 | if (crl == NULL) | ||
282 | { | ||
283 | MHD_gnutls_assert (); | ||
284 | return GNUTLS_E_INVALID_REQUEST; | ||
285 | } | ||
286 | |||
287 | result = | ||
288 | MHD__asn1_number_of_elements (crl->crl, | ||
289 | "tbsCertList.revokedCertificates", &count); | ||
290 | |||
291 | if (result != ASN1_SUCCESS) | ||
292 | { | ||
293 | MHD_gnutls_assert (); | ||
294 | return 0; /* no certificates */ | ||
295 | } | ||
296 | |||
297 | return count; | ||
298 | } | ||
299 | |||
300 | /** | ||
301 | * MHD_gnutls_x509_crl_get_crt_serial - This function returns the serial number of a revoked certificate | ||
302 | * @crl: should contain a MHD_gnutls_x509_crl_t structure | ||
303 | * @indx: the index of the certificate to extract (starting from 0) | ||
304 | * @serial: where the serial number will be copied | ||
305 | * @serial_size: initially holds the size of serial | ||
306 | * @t: if non null, will hold the time this certificate was revoked | ||
307 | * | ||
308 | * This function will return the serial number of the specified, by | ||
309 | * the index, revoked certificate. | ||
310 | * | ||
311 | * Returns a negative value on failure. | ||
312 | * | ||
313 | **/ | ||
314 | int | ||
315 | MHD_gnutls_x509_crl_get_crt_serial (MHD_gnutls_x509_crl_t crl, int indx, | ||
316 | unsigned char *serial, | ||
317 | size_t * serial_size, time_t * t) | ||
318 | { | ||
319 | |||
320 | int result, _serial_size; | ||
321 | char serial_name[MAX_NAME_SIZE]; | ||
322 | char date_name[MAX_NAME_SIZE]; | ||
323 | |||
324 | if (crl == NULL) | ||
325 | { | ||
326 | MHD_gnutls_assert (); | ||
327 | return GNUTLS_E_INVALID_REQUEST; | ||
328 | } | ||
329 | |||
330 | snprintf (serial_name, sizeof (serial_name), | ||
331 | "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1); | ||
332 | snprintf (date_name, sizeof (date_name), | ||
333 | "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1); | ||
334 | |||
335 | _serial_size = *serial_size; | ||
336 | result = | ||
337 | MHD__asn1_read_value (crl->crl, serial_name, serial, &_serial_size); | ||
338 | |||
339 | *serial_size = _serial_size; | ||
340 | if (result != ASN1_SUCCESS) | ||
341 | { | ||
342 | MHD_gnutls_assert (); | ||
343 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
344 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
345 | return MHD_gtls_asn2err (result); | ||
346 | } | ||
347 | |||
348 | if (t) | ||
349 | { | ||
350 | *t = MHD__gnutls_x509_get_time (crl->crl, date_name); | ||
351 | } | ||
352 | |||
353 | return 0; | ||
354 | } | ||
355 | |||
356 | /*- | ||
357 | * MHD__gnutls_x509_crl_get_raw_issuer_dn - This function returns the issuer's DN DER encoded | ||
358 | * @crl: should contain a MHD_gnutls_x509_crl_t structure | ||
359 | * @dn: will hold the starting point of the DN | ||
360 | * | ||
361 | * This function will return a pointer to the DER encoded DN structure and | ||
362 | * the length. | ||
363 | * | ||
364 | * Returns a negative value on error, and zero on success. | ||
365 | * | ||
366 | -*/ | ||
367 | int | ||
368 | MHD__gnutls_x509_crl_get_raw_issuer_dn (MHD_gnutls_x509_crl_t crl, | ||
369 | MHD_gnutls_datum_t * dn) | ||
370 | { | ||
371 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
372 | int result, len1; | ||
373 | int start1, end1; | ||
374 | MHD_gnutls_datum_t crl_signed_data; | ||
375 | |||
376 | if (crl == NULL) | ||
377 | { | ||
378 | MHD_gnutls_assert (); | ||
379 | return GNUTLS_E_INVALID_REQUEST; | ||
380 | } | ||
381 | |||
382 | /* get the issuer of 'crl' | ||
383 | */ | ||
384 | if ((result = | ||
385 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.TBSCertList", | ||
386 | &c2)) != ASN1_SUCCESS) | ||
387 | { | ||
388 | MHD_gnutls_assert (); | ||
389 | return MHD_gtls_asn2err (result); | ||
390 | } | ||
391 | |||
392 | result = | ||
393 | MHD__gnutls_x509_get_signed_data (crl->crl, "tbsCertList", | ||
394 | &crl_signed_data); | ||
395 | if (result < 0) | ||
396 | { | ||
397 | MHD_gnutls_assert (); | ||
398 | goto cleanup; | ||
399 | } | ||
400 | |||
401 | result = | ||
402 | MHD__asn1_der_decoding (&c2, crl_signed_data.data, crl_signed_data.size, | ||
403 | NULL); | ||
404 | if (result != ASN1_SUCCESS) | ||
405 | { | ||
406 | /* couldn't decode DER */ | ||
407 | MHD_gnutls_assert (); | ||
408 | MHD__asn1_delete_structure (&c2); | ||
409 | result = MHD_gtls_asn2err (result); | ||
410 | goto cleanup; | ||
411 | } | ||
412 | |||
413 | result = | ||
414 | MHD__asn1_der_decoding_startEnd (c2, crl_signed_data.data, | ||
415 | crl_signed_data.size, "issuer", | ||
416 | &start1, &end1); | ||
417 | |||
418 | if (result != ASN1_SUCCESS) | ||
419 | { | ||
420 | MHD_gnutls_assert (); | ||
421 | result = MHD_gtls_asn2err (result); | ||
422 | goto cleanup; | ||
423 | } | ||
424 | |||
425 | len1 = end1 - start1 + 1; | ||
426 | |||
427 | MHD__gnutls_set_datum (dn, &crl_signed_data.data[start1], len1); | ||
428 | |||
429 | result = 0; | ||
430 | |||
431 | cleanup: | ||
432 | MHD__asn1_delete_structure (&c2); | ||
433 | MHD__gnutls_free_datum (&crl_signed_data); | ||
434 | return result; | ||
435 | } | ||
436 | |||
437 | #endif | ||