]>
Commit | Line | Data |
---|---|---|
2f0eae31 | 1 | /* v3_sxnet.c */ |
0f113f3e MC |
2 | /* |
3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
4 | * 1999. | |
2f0eae31 DSH |
5 | */ |
6 | /* ==================================================================== | |
7 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 14 | * notice, this list of conditions and the following disclaimer. |
2f0eae31 DSH |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * licensing@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | * | |
54 | * This product includes cryptographic software written by Eric Young | |
55 | * (eay@cryptsoft.com). This product includes software written by Tim | |
56 | * Hudson (tjh@cryptsoft.com). | |
57 | * | |
58 | */ | |
59 | ||
60 | #include <stdio.h> | |
b39fc560 | 61 | #include "internal/cryptlib.h" |
ec577822 BM |
62 | #include <openssl/conf.h> |
63 | #include <openssl/asn1.h> | |
9d6b1ce6 | 64 | #include <openssl/asn1t.h> |
ec577822 | 65 | #include <openssl/x509v3.h> |
df2ee0e2 | 66 | #include "ext_dat.h" |
2f0eae31 DSH |
67 | |
68 | /* Support for Thawte strong extranet extension */ | |
69 | ||
28a98809 DSH |
70 | #define SXNET_TEST |
71 | ||
0f113f3e MC |
72 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, |
73 | int indent); | |
28a98809 | 74 | #ifdef SXNET_TEST |
0f113f3e MC |
75 | static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
76 | STACK_OF(CONF_VALUE) *nval); | |
28a98809 | 77 | #endif |
560b79cb | 78 | const X509V3_EXT_METHOD v3_sxnet = { |
0f113f3e MC |
79 | NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), |
80 | 0, 0, 0, 0, | |
81 | 0, 0, | |
82 | 0, | |
28a98809 | 83 | #ifdef SXNET_TEST |
0f113f3e | 84 | (X509V3_EXT_V2I)sxnet_v2i, |
28a98809 | 85 | #else |
0f113f3e | 86 | 0, |
28a98809 | 87 | #endif |
0f113f3e MC |
88 | (X509V3_EXT_I2R)sxnet_i2r, |
89 | 0, | |
90 | NULL | |
2f0eae31 DSH |
91 | }; |
92 | ||
9d6b1ce6 | 93 | ASN1_SEQUENCE(SXNETID) = { |
0f113f3e MC |
94 | ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), |
95 | ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) | |
d339187b | 96 | } ASN1_SEQUENCE_END(SXNETID) |
2f0eae31 | 97 | |
9d6b1ce6 | 98 | IMPLEMENT_ASN1_FUNCTIONS(SXNETID) |
2f0eae31 | 99 | |
9d6b1ce6 | 100 | ASN1_SEQUENCE(SXNET) = { |
0f113f3e MC |
101 | ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), |
102 | ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) | |
d339187b | 103 | } ASN1_SEQUENCE_END(SXNET) |
2f0eae31 | 104 | |
9d6b1ce6 | 105 | IMPLEMENT_ASN1_FUNCTIONS(SXNET) |
2f0eae31 | 106 | |
6b691a5c | 107 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, |
0f113f3e | 108 | int indent) |
2f0eae31 | 109 | { |
0f113f3e MC |
110 | long v; |
111 | char *tmp; | |
112 | SXNETID *id; | |
113 | int i; | |
114 | v = ASN1_INTEGER_get(sx->version); | |
115 | BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); | |
116 | for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { | |
117 | id = sk_SXNETID_value(sx->ids, i); | |
118 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); | |
119 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); | |
120 | OPENSSL_free(tmp); | |
f422a514 | 121 | ASN1_STRING_print(out, id->user); |
0f113f3e MC |
122 | } |
123 | return 1; | |
2f0eae31 | 124 | } |
28a98809 DSH |
125 | |
126 | #ifdef SXNET_TEST | |
127 | ||
0f113f3e MC |
128 | /* |
129 | * NBB: this is used for testing only. It should *not* be used for anything | |
28a98809 DSH |
130 | * else because it will just take static IDs from the configuration file and |
131 | * they should really be separate values for each user. | |
132 | */ | |
133 | ||
0f113f3e MC |
134 | static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
135 | STACK_OF(CONF_VALUE) *nval) | |
28a98809 | 136 | { |
0f113f3e MC |
137 | CONF_VALUE *cnf; |
138 | SXNET *sx = NULL; | |
139 | int i; | |
140 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | |
141 | cnf = sk_CONF_VALUE_value(nval, i); | |
142 | if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) | |
143 | return NULL; | |
144 | } | |
145 | return sx; | |
28a98809 | 146 | } |
0f113f3e | 147 | |
28a98809 DSH |
148 | #endif |
149 | ||
150 | /* Strong Extranet utility functions */ | |
151 | ||
152 | /* Add an id given the zone as an ASCII number */ | |
153 | ||
0f113f3e | 154 | int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) |
28a98809 | 155 | { |
75ebbd9a RS |
156 | ASN1_INTEGER *izone; |
157 | ||
158 | if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { | |
0f113f3e MC |
159 | X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); |
160 | return 0; | |
161 | } | |
162 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | |
28a98809 DSH |
163 | } |
164 | ||
165 | /* Add an id given the zone as an unsigned long */ | |
166 | ||
61f5b6f3 | 167 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, |
0f113f3e | 168 | int userlen) |
28a98809 | 169 | { |
75ebbd9a RS |
170 | ASN1_INTEGER *izone; |
171 | ||
172 | if ((izone = ASN1_INTEGER_new()) == NULL | |
173 | || !ASN1_INTEGER_set(izone, lzone)) { | |
0f113f3e | 174 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); |
f422a514 | 175 | ASN1_INTEGER_free(izone); |
0f113f3e MC |
176 | return 0; |
177 | } | |
178 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | |
179 | ||
28a98809 DSH |
180 | } |
181 | ||
0f113f3e MC |
182 | /* |
183 | * Add an id given the zone as an ASN1_INTEGER. Note this version uses the | |
184 | * passed integer and doesn't make a copy so don't free it up afterwards. | |
28a98809 DSH |
185 | */ |
186 | ||
61f5b6f3 | 187 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, |
0f113f3e | 188 | int userlen) |
28a98809 | 189 | { |
0f113f3e MC |
190 | SXNET *sx = NULL; |
191 | SXNETID *id = NULL; | |
192 | if (!psx || !zone || !user) { | |
193 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, | |
194 | X509V3_R_INVALID_NULL_ARGUMENT); | |
195 | return 0; | |
196 | } | |
197 | if (userlen == -1) | |
198 | userlen = strlen(user); | |
199 | if (userlen > 64) { | |
200 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); | |
201 | return 0; | |
202 | } | |
75ebbd9a RS |
203 | if (*psx == NULL) { |
204 | if ((sx = SXNET_new()) == NULL) | |
0f113f3e MC |
205 | goto err; |
206 | if (!ASN1_INTEGER_set(sx->version, 0)) | |
207 | goto err; | |
208 | *psx = sx; | |
209 | } else | |
210 | sx = *psx; | |
211 | if (SXNET_get_id_INTEGER(sx, zone)) { | |
212 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID); | |
213 | return 0; | |
214 | } | |
28a98809 | 215 | |
75ebbd9a | 216 | if ((id = SXNETID_new()) == NULL) |
0f113f3e MC |
217 | goto err; |
218 | if (userlen == -1) | |
219 | userlen = strlen(user); | |
220 | ||
f422a514 | 221 | if (!ASN1_OCTET_STRING_set(id->user, (unsigned char *)user, userlen)) |
0f113f3e MC |
222 | goto err; |
223 | if (!sk_SXNETID_push(sx->ids, id)) | |
224 | goto err; | |
225 | id->zone = zone; | |
226 | return 1; | |
227 | ||
228 | err: | |
229 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE); | |
230 | SXNETID_free(id); | |
231 | SXNET_free(sx); | |
232 | *psx = NULL; | |
233 | return 0; | |
28a98809 DSH |
234 | } |
235 | ||
6b691a5c | 236 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) |
28a98809 | 237 | { |
75ebbd9a | 238 | ASN1_INTEGER *izone; |
0f113f3e | 239 | ASN1_OCTET_STRING *oct; |
75ebbd9a RS |
240 | |
241 | if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { | |
0f113f3e MC |
242 | X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); |
243 | return NULL; | |
244 | } | |
245 | oct = SXNET_get_id_INTEGER(sx, izone); | |
f422a514 | 246 | ASN1_INTEGER_free(izone); |
0f113f3e | 247 | return oct; |
28a98809 DSH |
248 | } |
249 | ||
6b691a5c | 250 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) |
28a98809 | 251 | { |
75ebbd9a | 252 | ASN1_INTEGER *izone; |
0f113f3e | 253 | ASN1_OCTET_STRING *oct; |
75ebbd9a RS |
254 | |
255 | if ((izone = ASN1_INTEGER_new()) == NULL | |
256 | || !ASN1_INTEGER_set(izone, lzone)) { | |
0f113f3e | 257 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); |
f422a514 | 258 | ASN1_INTEGER_free(izone); |
0f113f3e MC |
259 | return NULL; |
260 | } | |
261 | oct = SXNET_get_id_INTEGER(sx, izone); | |
f422a514 | 262 | ASN1_INTEGER_free(izone); |
0f113f3e | 263 | return oct; |
28a98809 DSH |
264 | } |
265 | ||
6b691a5c | 266 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) |
28a98809 | 267 | { |
0f113f3e MC |
268 | SXNETID *id; |
269 | int i; | |
270 | for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { | |
271 | id = sk_SXNETID_value(sx->ids, i); | |
f422a514 | 272 | if (!ASN1_INTEGER_cmp(id->zone, zone)) |
0f113f3e MC |
273 | return id->user; |
274 | } | |
275 | return NULL; | |
28a98809 | 276 | } |