aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/x509/dn.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/x509/dn.c')
-rw-r--r--src/daemon/https/x509/dn.c612
1 files changed, 0 insertions, 612 deletions
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c
index 17b4ed76..fb4fa57e 100644
--- a/src/daemon/https/x509/dn.c
+++ b/src/daemon/https/x509/dn.c
@@ -518,618 +518,6 @@ cleanup:
518 return result; 518 return result;
519} 519}
520 520
521
522/* Parses an X509 DN in the MHD__asn1_struct, and returns the requested
523 * DN OID.
524 *
525 * MHD__asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
526 * That is to point in the rndSequence.
527 *
528 * indx specifies which OID to return. Ie 0 means return the first specified
529 * OID found, 1 the second etc.
530 */
531int
532MHD__gnutls_x509_get_dn_oid (ASN1_TYPE MHD__asn1_struct,
533 const char *MHD__asn1_rdn_name,
534 int indx, void *_oid, size_t * sizeof_oid)
535{
536 int k2, k1, result;
537 char tmpbuffer1[MAX_NAME_SIZE];
538 char tmpbuffer2[MAX_NAME_SIZE];
539 char tmpbuffer3[MAX_NAME_SIZE];
540 char value[256];
541 char oid[128];
542 int len;
543 int i = 0;
544
545 k1 = 0;
546 do
547 {
548
549 k1++;
550 /* create a string like "tbsCertList.issuer.rdnSequence.?1"
551 */
552 if (MHD__asn1_rdn_name[0] != 0)
553 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u",
554 MHD__asn1_rdn_name, k1);
555 else
556 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
557
558 len = sizeof (value) - 1;
559 result =
560 MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer1, value, &len);
561
562 if (result == ASN1_ELEMENT_NOT_FOUND)
563 {
564 MHD_gnutls_assert ();
565 break;
566 }
567
568 if (result != ASN1_VALUE_NOT_FOUND)
569 {
570 MHD_gnutls_assert ();
571 result = MHD_gtls_asn2err (result);
572 goto cleanup;
573 }
574
575 k2 = 0;
576
577 do
578 { /* Move to the attibute type and values
579 */
580 k2++;
581
582 if (tmpbuffer1[0] != 0)
583 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
584 k2);
585 else
586 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
587
588 /* Try to read the RelativeDistinguishedName attributes.
589 */
590
591 len = sizeof (value) - 1;
592 result =
593 MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer2, value, &len);
594
595 if (result == ASN1_ELEMENT_NOT_FOUND)
596 {
597 break;
598 }
599 if (result != ASN1_VALUE_NOT_FOUND)
600 {
601 MHD_gnutls_assert ();
602 result = MHD_gtls_asn2err (result);
603 goto cleanup;
604 }
605
606 /* Read the OID
607 */
608 MHD_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
609 MHD_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
610
611 len = sizeof (oid) - 1;
612 result =
613 MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer3, oid, &len);
614
615 if (result == ASN1_ELEMENT_NOT_FOUND)
616 break;
617 else if (result != ASN1_SUCCESS)
618 {
619 MHD_gnutls_assert ();
620 result = MHD_gtls_asn2err (result);
621 goto cleanup;
622 }
623
624 if (indx == i++)
625 { /* Found the OID */
626
627 len = strlen (oid) + 1;
628
629 if (*sizeof_oid < (unsigned) len)
630 {
631 *sizeof_oid = len;
632 MHD_gnutls_assert ();
633 return GNUTLS_E_SHORT_MEMORY_BUFFER;
634 }
635
636 memcpy (_oid, oid, len);
637 *sizeof_oid = len - 1;
638
639 return 0;
640 }
641 }
642 while (1);
643
644 }
645 while (1);
646
647 MHD_gnutls_assert ();
648
649 result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
650
651cleanup:
652 return result;
653}
654
655/* This will encode and write the AttributeTypeAndValue field.
656 * 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute.
657 * In all cases only one value is written.
658 */
659int
660MHD__gnutls_x509_encode_and_write_attribute (const char *given_oid,
661 ASN1_TYPE MHD__asn1_struct,
662 const char *where,
663 const void *_data,
664 int sizeof_data, int multi)
665{
666 const char *val_name;
667 const opaque *data = _data;
668 char tmp[128];
669 ASN1_TYPE c2;
670 int result;
671
672
673 /* Find how to encode the data.
674 */
675 val_name =
676 MHD__asn1_find_structure_from_oid (MHD__gnutls_get_pkix (), given_oid);
677 if (val_name == NULL)
678 {
679 MHD_gnutls_assert ();
680 return GNUTLS_E_X509_UNSUPPORTED_OID;
681 }
682
683 MHD_gtls_str_cpy (tmp, sizeof (tmp), "PKIX1.");
684 MHD_gtls_str_cat (tmp, sizeof (tmp), val_name);
685
686 result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), tmp, &c2);
687 if (result != ASN1_SUCCESS)
688 {
689 MHD_gnutls_assert ();
690 return MHD_gtls_asn2err (result);
691 }
692
693 tmp[0] = 0;
694
695 if ((result = MHD__gnutls_x509_oid_data_choice (given_oid)) > 0)
696 {
697 char *string_type;
698 int i;
699
700 string_type = "printableString";
701
702 /* Check if the data is plain ascii, and use
703 * the UTF8 string type if not.
704 */
705 for (i = 0; i < sizeof_data; i++)
706 {
707 if (!isascii (data[i]))
708 {
709 string_type = "utf8String";
710 break;
711 }
712 }
713
714 /* if the type is a CHOICE then write the
715 * type we'll use.
716 */
717 result = MHD__asn1_write_value (c2, "", string_type, 1);
718 if (result != ASN1_SUCCESS)
719 {
720 MHD_gnutls_assert ();
721 MHD__asn1_delete_structure (&c2);
722 return MHD_gtls_asn2err (result);
723 }
724
725 MHD_gtls_str_cpy (tmp, sizeof (tmp), string_type);
726 }
727
728 result = MHD__asn1_write_value (c2, tmp, data, sizeof_data);
729 if (result != ASN1_SUCCESS)
730 {
731 MHD_gnutls_assert ();
732 MHD__asn1_delete_structure (&c2);
733 return MHD_gtls_asn2err (result);
734 }
735
736
737 /* write the data (value)
738 */
739
740 MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
741 MHD_gtls_str_cat (tmp, sizeof (tmp), ".value");
742
743 if (multi != 0)
744 { /* if not writing an AttributeTypeAndValue, but an Attribute */
745 MHD_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */
746
747 result = MHD__asn1_write_value (MHD__asn1_struct, tmp, "NEW", 1);
748 if (result != ASN1_SUCCESS)
749 {
750 MHD_gnutls_assert ();
751 return MHD_gtls_asn2err (result);
752 }
753
754 MHD_gtls_str_cat (tmp, sizeof (tmp), ".?LAST");
755
756 }
757
758 result =
759 MHD__gnutls_x509_der_encode_and_copy (c2, "", MHD__asn1_struct, tmp, 0);
760 if (result < 0)
761 {
762 MHD_gnutls_assert ();
763 return result;
764 }
765
766 /* write the type
767 */
768 MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
769 MHD_gtls_str_cat (tmp, sizeof (tmp), ".type");
770
771 result = MHD__asn1_write_value (MHD__asn1_struct, tmp, given_oid, 1);
772 if (result != ASN1_SUCCESS)
773 {
774 MHD_gnutls_assert ();
775 return MHD_gtls_asn2err (result);
776 }
777
778 return 0;
779}
780
781/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
782 * In all cases only one value is written.
783 */
784static int
785MHD__gnutls_x509_write_attribute (const char *given_oid,
786 ASN1_TYPE MHD__asn1_struct,
787 const char *where, const void *_data,
788 int sizeof_data)
789{
790 char tmp[128];
791 int result;
792
793 /* write the data (value)
794 */
795
796 MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
797 MHD_gtls_str_cat (tmp, sizeof (tmp), ".value");
798
799 result = MHD__asn1_write_value (MHD__asn1_struct, tmp, _data, sizeof_data);
800 if (result < 0)
801 {
802 MHD_gnutls_assert ();
803 return MHD_gtls_asn2err (result);
804 }
805
806 /* write the type
807 */
808 MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
809 MHD_gtls_str_cat (tmp, sizeof (tmp), ".type");
810
811 result = MHD__asn1_write_value (MHD__asn1_struct, tmp, given_oid, 1);
812 if (result != ASN1_SUCCESS)
813 {
814 MHD_gnutls_assert ();
815 return MHD_gtls_asn2err (result);
816 }
817
818 return 0;
819}
820
821
822/* Decodes an X.509 Attribute (if multi==1) or an AttributeTypeAndValue
823 * otherwise.
824 *
825 * octet_string should be non zero if we are to decode octet strings after
826 * decoding.
827 *
828 * The output is allocated and stored in value.
829 */
830int
831MHD__gnutls_x509_decode_and_read_attribute (ASN1_TYPE MHD__asn1_struct,
832 const char *where, char *oid,
833 int oid_size,
834 MHD_gnutls_datum_t * value,
835 int multi, int octet_string)
836{
837 char tmpbuffer[128];
838 int len, result;
839
840 /* Read the OID
841 */
842 MHD_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
843 MHD_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
844
845 len = oid_size - 1;
846 result = MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer, oid, &len);
847
848 if (result != ASN1_SUCCESS)
849 {
850 MHD_gnutls_assert ();
851 result = MHD_gtls_asn2err (result);
852 return result;
853 }
854
855 /* Read the Value
856 */
857
858 MHD_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
859 MHD_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
860
861 if (multi)
862 MHD_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
863
864 result =
865 MHD__gnutls_x509_read_value (MHD__asn1_struct, tmpbuffer, value,
866 octet_string);
867 if (result < 0)
868 {
869 MHD_gnutls_assert ();
870 return result;
871 }
872
873 return 0;
874
875}
876
877/* Sets an X509 DN in the MHD__asn1_struct, and puts the given OID in the DN.
878 * The input is assumed to be raw data.
879 *
880 * MHD__asn1_rdn_name must be a string in the form "tbsCertificate.issuer".
881 * That is to point before the rndSequence.
882 *
883 */
884int
885MHD__gnutls_x509_set_dn_oid (ASN1_TYPE MHD__asn1_struct,
886 const char *MHD__asn1_name,
887 const char *given_oid, int raw_flag,
888 const char *name, int sizeof_name)
889{
890 int result;
891 char tmp[MAX_NAME_SIZE], MHD__asn1_rdn_name[MAX_NAME_SIZE];
892
893 if (sizeof_name == 0 || name == NULL)
894 {
895 MHD_gnutls_assert ();
896 return GNUTLS_E_INVALID_REQUEST;
897 }
898
899 /* create the rdnSequence
900 */
901 result =
902 MHD__asn1_write_value (MHD__asn1_struct, MHD__asn1_name, "rdnSequence",
903 1);
904 if (result != ASN1_SUCCESS)
905 {
906 MHD_gnutls_assert ();
907 return MHD_gtls_asn2err (result);
908 }
909
910 MHD_gtls_str_cpy (MHD__asn1_rdn_name, sizeof (MHD__asn1_rdn_name),
911 MHD__asn1_name);
912 MHD_gtls_str_cat (MHD__asn1_rdn_name, sizeof (MHD__asn1_rdn_name),
913 ".rdnSequence");
914
915 /* create a new element
916 */
917 result =
918 MHD__asn1_write_value (MHD__asn1_struct, MHD__asn1_rdn_name, "NEW", 1);
919 if (result != ASN1_SUCCESS)
920 {
921 MHD_gnutls_assert ();
922 return MHD_gtls_asn2err (result);
923 }
924
925 MHD_gtls_str_cpy (tmp, sizeof (tmp), MHD__asn1_rdn_name);
926 MHD_gtls_str_cat (tmp, sizeof (tmp), ".?LAST");
927
928 /* create the set with only one element
929 */
930 result = MHD__asn1_write_value (MHD__asn1_struct, tmp, "NEW", 1);
931 if (result != ASN1_SUCCESS)
932 {
933 MHD_gnutls_assert ();
934 return MHD_gtls_asn2err (result);
935 }
936
937
938 /* Encode and write the data
939 */
940 MHD_gtls_str_cpy (tmp, sizeof (tmp), MHD__asn1_rdn_name);
941 MHD_gtls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST");
942
943 if (!raw_flag)
944 {
945 result =
946 MHD__gnutls_x509_encode_and_write_attribute (given_oid,
947 MHD__asn1_struct,
948 tmp, name, sizeof_name,
949 0);
950 }
951 else
952 {
953 result =
954 MHD__gnutls_x509_write_attribute (given_oid, MHD__asn1_struct,
955 tmp, name, sizeof_name);
956 }
957
958 if (result < 0)
959 {
960 MHD_gnutls_assert ();
961 return result;
962 }
963
964 return 0;
965}
966
967
968/**
969 * MHD_gnutls_x509_rdn_get - This function parses an RDN sequence and returns a string
970 * @idn: should contain a DER encoded RDN sequence
971 * @buf: a pointer to a structure to hold the peer's name
972 * @sizeof_buf: holds the size of @buf
973 *
974 * This function will return the name of the given RDN sequence. The
975 * name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
976 * RFC2253.
977 *
978 * If the provided buffer is not long enough, returns
979 * GNUTLS_E_SHORT_MEMORY_BUFFER and *sizeof_buf will be updated. On
980 * success 0 is returned.
981 *
982 **/
983int
984MHD_gnutls_x509_rdn_get (const MHD_gnutls_datum_t * idn,
985 char *buf, size_t * sizeof_buf)
986{
987 int result;
988 ASN1_TYPE dn = ASN1_TYPE_EMPTY;
989
990 if (sizeof_buf == 0)
991 {
992 MHD_gnutls_assert ();
993 return GNUTLS_E_INVALID_REQUEST;
994 }
995
996 if (buf)
997 buf[0] = 0;
998
999
1000 if ((result =
1001 MHD__asn1_create_element (MHD__gnutls_get_pkix (),
1002 "PKIX1.Name", &dn)) != ASN1_SUCCESS)
1003 {
1004 MHD_gnutls_assert ();
1005 return MHD_gtls_asn2err (result);
1006 }
1007
1008 result = MHD__asn1_der_decoding (&dn, idn->data, idn->size, NULL);
1009 if (result != ASN1_SUCCESS)
1010 {
1011 /* couldn't decode DER */
1012 MHD_gnutls_assert ();
1013 MHD__asn1_delete_structure (&dn);
1014 return MHD_gtls_asn2err (result);
1015 }
1016
1017 result = MHD__gnutls_x509_parse_dn (dn, "rdnSequence", buf, sizeof_buf);
1018
1019 MHD__asn1_delete_structure (&dn);
1020 return result;
1021
1022}
1023
1024/**
1025 * MHD_gnutls_x509_rdn_get_by_oid - This function parses an RDN sequence and returns a string
1026 * @idn: should contain a DER encoded RDN sequence
1027 * @oid: an Object Identifier
1028 * @indx: In case multiple same OIDs exist in the RDN indicates which
1029 * to send. Use 0 for the first one.
1030 * @raw_flag: If non zero then the raw DER data are returned.
1031 * @buf: a pointer to a structure to hold the peer's name
1032 * @sizeof_buf: holds the size of @buf
1033 *
1034 * This function will return the name of the given Object identifier,
1035 * of the RDN sequence. The name will be encoded using the rules
1036 * from RFC2253.
1037 *
1038 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
1039 * the provided buffer is not long enough, and 0 on success.
1040 *
1041 **/
1042int
1043MHD_gnutls_x509_rdn_get_by_oid (const MHD_gnutls_datum_t * idn,
1044 const char *oid, int indx,
1045 unsigned int raw_flag, void *buf,
1046 size_t * sizeof_buf)
1047{
1048 int result;
1049 ASN1_TYPE dn = ASN1_TYPE_EMPTY;
1050
1051 if (sizeof_buf == 0)
1052 {
1053 return GNUTLS_E_INVALID_REQUEST;
1054 }
1055
1056 if ((result =
1057 MHD__asn1_create_element (MHD__gnutls_get_pkix (),
1058 "PKIX1.Name", &dn)) != ASN1_SUCCESS)
1059 {
1060 MHD_gnutls_assert ();
1061 return MHD_gtls_asn2err (result);
1062 }
1063
1064 result = MHD__asn1_der_decoding (&dn, idn->data, idn->size, NULL);
1065 if (result != ASN1_SUCCESS)
1066 {
1067 /* couldn't decode DER */
1068 MHD_gnutls_assert ();
1069 MHD__asn1_delete_structure (&dn);
1070 return MHD_gtls_asn2err (result);
1071 }
1072
1073 result =
1074 MHD__gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
1075 raw_flag, buf, sizeof_buf);
1076
1077 MHD__asn1_delete_structure (&dn);
1078 return result;
1079
1080}
1081
1082/**
1083 * MHD_gnutls_x509_rdn_get_oid - This function parses an RDN sequence and returns an OID.
1084 * @idn: should contain a DER encoded RDN sequence
1085 * @indx: Indicates which OID to return. Use 0 for the first one.
1086 * @oid: a pointer to a structure to hold the peer's name OID
1087 * @sizeof_oid: holds the size of @oid
1088 *
1089 * This function will return the specified Object identifier, of the
1090 * RDN sequence.
1091 *
1092 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
1093 * the provided buffer is not long enough, and 0 on success.
1094 *
1095 **/
1096int
1097MHD_gnutls_x509_rdn_get_oid (const MHD_gnutls_datum_t * idn,
1098 int indx, void *buf, size_t * sizeof_buf)
1099{
1100 int result;
1101 ASN1_TYPE dn = ASN1_TYPE_EMPTY;
1102
1103 if (sizeof_buf == 0)
1104 {
1105 return GNUTLS_E_INVALID_REQUEST;
1106 }
1107
1108 if ((result =
1109 MHD__asn1_create_element (MHD__gnutls_get_pkix (),
1110 "PKIX1.Name", &dn)) != ASN1_SUCCESS)
1111 {
1112 MHD_gnutls_assert ();
1113 return MHD_gtls_asn2err (result);
1114 }
1115
1116 result = MHD__asn1_der_decoding (&dn, idn->data, idn->size, NULL);
1117 if (result != ASN1_SUCCESS)
1118 {
1119 /* couldn't decode DER */
1120 MHD_gnutls_assert ();
1121 MHD__asn1_delete_structure (&dn);
1122 return MHD_gtls_asn2err (result);
1123 }
1124
1125 result =
1126 MHD__gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, sizeof_buf);
1127
1128 MHD__asn1_delete_structure (&dn);
1129 return result;
1130
1131}
1132
1133/* 521/*
1134 * Compares the DER encoded part of a DN. 522 * Compares the DER encoded part of a DN.
1135 * 523 *