aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/x509/crl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/x509/crl.c')
-rw-r--r--src/daemon/https/x509/crl.c437
1 files changed, 0 insertions, 437 deletions
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c
deleted file mode 100644
index 98a9748b..00000000
--- a/src/daemon/https/x509/crl.c
+++ /dev/null
@@ -1,437 +0,0 @@
1/*
2 * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25#include <gnutls_int.h>
26#include <libtasn1.h>
27
28#ifdef ENABLE_PKI
29
30#include <gnutls_datum.h>
31#include <gnutls_global.h>
32#include <gnutls_errors.h>
33#include <common.h>
34#include <x509_b64.h>
35#include <x509.h>
36#include <dn.h>
37
38/**
39 * MHD_gnutls_x509_crl_init - This function initializes a MHD_gnutls_x509_crl_t structure
40 * @crl: The structure to be initialized
41 *
42 * This function will initialize a CRL structure. CRL stands for
43 * Certificate Revocation List. A revocation list usually contains
44 * lists of certificate serial numbers that have been revoked
45 * by an Authority. The revocation lists are always signed with
46 * the authority's private key.
47 *
48 * Returns 0 on success.
49 *
50 **/
51int
52MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl)
53{
54 *crl = MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_crl_int));
55
56 if (*crl)
57 {
58 int result = MHD__asn1_create_element (MHD__gnutls_get_pkix (),
59 "PKIX1.CertificateList",
60 &(*crl)->crl);
61 if (result != ASN1_SUCCESS)
62 {
63 MHD_gnutls_assert ();
64 MHD_gnutls_free (*crl);
65 return MHD_gtls_asn2err (result);
66 }
67 return 0; /* success */
68 }
69 return GNUTLS_E_MEMORY_ERROR;
70}
71
72/**
73 * MHD_gnutls_x509_crl_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crl_t structure
74 * @crl: The structure to be initialized
75 *
76 * This function will deinitialize a CRL structure.
77 *
78 **/
79void
80MHD_gnutls_x509_crl_deinit (MHD_gnutls_x509_crl_t crl)
81{
82 if (!crl)
83 return;
84
85 if (crl->crl)
86 MHD__asn1_delete_structure (&crl->crl);
87
88 MHD_gnutls_free (crl);
89}
90
91/**
92 * MHD_gnutls_x509_crl_import - This function will import a DER or PEM encoded CRL
93 * @crl: The structure to store the parsed CRL.
94 * @data: The DER or PEM encoded CRL.
95 * @format: One of DER or PEM
96 *
97 * This function will convert the given DER or PEM encoded CRL
98 * to the native MHD_gnutls_x509_crl_t format. The output will be stored in 'crl'.
99 *
100 * If the CRL is PEM encoded it should have a header of "X509 CRL".
101 *
102 * Returns 0 on success.
103 *
104 **/
105int
106MHD_gnutls_x509_crl_import (MHD_gnutls_x509_crl_t crl,
107 const MHD_gnutls_datum_t * data,
108 MHD_gnutls_x509_crt_fmt_t format)
109{
110 int result = 0, need_free = 0;
111 MHD_gnutls_datum_t _data;
112
113 _data.data = data->data;
114 _data.size = data->size;
115
116 if (crl == NULL)
117 {
118 MHD_gnutls_assert ();
119 return GNUTLS_E_INVALID_REQUEST;
120 }
121
122 /* If the CRL is in PEM format then decode it
123 */
124 if (format == GNUTLS_X509_FMT_PEM)
125 {
126 opaque *out;
127
128 result =
129 MHD__gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out);
130
131 if (result <= 0)
132 {
133 if (result == 0)
134 result = GNUTLS_E_INTERNAL_ERROR;
135 MHD_gnutls_assert ();
136 return result;
137 }
138
139 _data.data = out;
140 _data.size = result;
141
142 need_free = 1;
143 }
144
145
146 result = MHD__asn1_der_decoding (&crl->crl, _data.data, _data.size, NULL);
147 if (result != ASN1_SUCCESS)
148 {
149 result = MHD_gtls_asn2err (result);
150 MHD_gnutls_assert ();
151 goto cleanup;
152 }
153
154 if (need_free)
155 MHD__gnutls_free_datum (&_data);
156
157 return 0;
158
159cleanup:
160 if (need_free)
161 MHD__gnutls_free_datum (&_data);
162 return result;
163}
164
165
166/**
167 * MHD_gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm
168 * @crl: should contain a MHD_gnutls_x509_crl_t structure
169 *
170 * This function will return a value of the MHD_gnutls_sign_algorithm_t enumeration that
171 * is the signature algorithm.
172 *
173 * Returns a negative value on error.
174 *
175 **/
176int
177MHD_gnutls_x509_crl_get_signature_algorithm (MHD_gnutls_x509_crl_t crl)
178{
179 int result;
180 MHD_gnutls_datum_t sa;
181
182 if (crl == NULL)
183 {
184 MHD_gnutls_assert ();
185 return GNUTLS_E_INVALID_REQUEST;
186 }
187
188 /* Read the signature algorithm. Note that parameters are not
189 * read. They will be read from the issuer's certificate if needed.
190 */
191
192 result =
193 MHD__gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm",
194 &sa, 0);
195
196 if (result < 0)
197 {
198 MHD_gnutls_assert ();
199 return result;
200 }
201
202 result = MHD_gtls_x509_oid2sign_algorithm ((const char *) sa.data);
203
204 MHD__gnutls_free_datum (&sa);
205
206 return result;
207}
208
209/**
210 * MHD_gnutls_x509_crl_get_signature - Returns the CRL's signature
211 * @crl: should contain a MHD_gnutls_x509_crl_t structure
212 * @sig: a pointer where the signature part will be copied (may be null).
213 * @sizeof_sig: initially holds the size of @sig
214 *
215 * This function will extract the signature field of a CRL.
216 *
217 * Returns 0 on success, and a negative value on error.
218 **/
219int
220MHD_gnutls_x509_crl_get_signature (MHD_gnutls_x509_crl_t crl,
221 char *sig, size_t * sizeof_sig)
222{
223 int result;
224 int bits, len;
225
226 if (crl == NULL)
227 {
228 MHD_gnutls_assert ();
229 return GNUTLS_E_INVALID_REQUEST;
230 }
231
232 bits = 0;
233 result = MHD__asn1_read_value (crl->crl, "signature", NULL, &bits);
234 if (result != ASN1_MEM_ERROR)
235 {
236 MHD_gnutls_assert ();
237 return MHD_gtls_asn2err (result);
238 }
239
240 if (bits % 8 != 0)
241 {
242 MHD_gnutls_assert ();
243 return GNUTLS_E_CERTIFICATE_ERROR;
244 }
245
246 len = bits / 8;
247
248 if (*sizeof_sig < len)
249 {
250 *sizeof_sig = bits / 8;
251 return GNUTLS_E_SHORT_MEMORY_BUFFER;
252 }
253
254 result = MHD__asn1_read_value (crl->crl, "signature", sig, &len);
255 if (result != ASN1_SUCCESS)
256 {
257 MHD_gnutls_assert ();
258 return MHD_gtls_asn2err (result);
259 }
260
261 return 0;
262}
263
264
265/**
266 * MHD_gnutls_x509_crl_get_crt_count - This function returns the number of revoked certificates in a CRL
267 * @crl: should contain a MHD_gnutls_x509_crl_t structure
268 *
269 * This function will return the number of revoked certificates in the
270 * given CRL.
271 *
272 * Returns a negative value on failure.
273 *
274 **/
275int
276MHD_gnutls_x509_crl_get_crt_count (MHD_gnutls_x509_crl_t crl)
277{
278
279 int count, result;
280
281 if (crl == NULL)
282 {
283 MHD_gnutls_assert ();
284 return GNUTLS_E_INVALID_REQUEST;
285 }
286
287 result =
288 MHD__asn1_number_of_elements (crl->crl,
289 "tbsCertList.revokedCertificates", &count);
290
291 if (result != ASN1_SUCCESS)
292 {
293 MHD_gnutls_assert ();
294 return 0; /* no certificates */
295 }
296
297 return count;
298}
299
300/**
301 * MHD_gnutls_x509_crl_get_crt_serial - This function returns the serial number of a revoked certificate
302 * @crl: should contain a MHD_gnutls_x509_crl_t structure
303 * @indx: the index of the certificate to extract (starting from 0)
304 * @serial: where the serial number will be copied
305 * @serial_size: initially holds the size of serial
306 * @t: if non null, will hold the time this certificate was revoked
307 *
308 * This function will return the serial number of the specified, by
309 * the index, revoked certificate.
310 *
311 * Returns a negative value on failure.
312 *
313 **/
314int
315MHD_gnutls_x509_crl_get_crt_serial (MHD_gnutls_x509_crl_t crl, int indx,
316 unsigned char *serial,
317 size_t * serial_size, time_t * t)
318{
319
320 int result, _serial_size;
321 char serial_name[MAX_NAME_SIZE];
322 char date_name[MAX_NAME_SIZE];
323
324 if (crl == NULL)
325 {
326 MHD_gnutls_assert ();
327 return GNUTLS_E_INVALID_REQUEST;
328 }
329
330 snprintf (serial_name, sizeof (serial_name),
331 "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
332 snprintf (date_name, sizeof (date_name),
333 "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
334
335 _serial_size = *serial_size;
336 result =
337 MHD__asn1_read_value (crl->crl, serial_name, serial, &_serial_size);
338
339 *serial_size = _serial_size;
340 if (result != ASN1_SUCCESS)
341 {
342 MHD_gnutls_assert ();
343 if (result == ASN1_ELEMENT_NOT_FOUND)
344 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
345 return MHD_gtls_asn2err (result);
346 }
347
348 if (t)
349 {
350 *t = MHD__gnutls_x509_get_time (crl->crl, date_name);
351 }
352
353 return 0;
354}
355
356/*-
357 * MHD__gnutls_x509_crl_get_raw_issuer_dn - This function returns the issuer's DN DER encoded
358 * @crl: should contain a MHD_gnutls_x509_crl_t structure
359 * @dn: will hold the starting point of the DN
360 *
361 * This function will return a pointer to the DER encoded DN structure and
362 * the length.
363 *
364 * Returns a negative value on error, and zero on success.
365 *
366 -*/
367int
368MHD__gnutls_x509_crl_get_raw_issuer_dn (MHD_gnutls_x509_crl_t crl,
369 MHD_gnutls_datum_t * dn)
370{
371 ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
372 int result, len1;
373 int start1, end1;
374 MHD_gnutls_datum_t crl_signed_data;
375
376 if (crl == NULL)
377 {
378 MHD_gnutls_assert ();
379 return GNUTLS_E_INVALID_REQUEST;
380 }
381
382 /* get the issuer of 'crl'
383 */
384 if ((result =
385 MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.TBSCertList",
386 &c2)) != ASN1_SUCCESS)
387 {
388 MHD_gnutls_assert ();
389 return MHD_gtls_asn2err (result);
390 }
391
392 result =
393 MHD__gnutls_x509_get_signed_data (crl->crl, "tbsCertList",
394 &crl_signed_data);
395 if (result < 0)
396 {
397 MHD_gnutls_assert ();
398 goto cleanup;
399 }
400
401 result =
402 MHD__asn1_der_decoding (&c2, crl_signed_data.data, crl_signed_data.size,
403 NULL);
404 if (result != ASN1_SUCCESS)
405 {
406 /* couldn't decode DER */
407 MHD_gnutls_assert ();
408 MHD__asn1_delete_structure (&c2);
409 result = MHD_gtls_asn2err (result);
410 goto cleanup;
411 }
412
413 result =
414 MHD__asn1_der_decoding_startEnd (c2, crl_signed_data.data,
415 crl_signed_data.size, "issuer",
416 &start1, &end1);
417
418 if (result != ASN1_SUCCESS)
419 {
420 MHD_gnutls_assert ();
421 result = MHD_gtls_asn2err (result);
422 goto cleanup;
423 }
424
425 len1 = end1 - start1 + 1;
426
427 MHD__gnutls_set_datum (dn, &crl_signed_data.data[start1], len1);
428
429 result = 0;
430
431cleanup:
432 MHD__asn1_delete_structure (&c2);
433 MHD__gnutls_free_datum (&crl_signed_data);
434 return result;
435}
436
437#endif