]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
3c2bdd7d | 2 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. |
4acc3e90 | 3 | * |
4286ca47 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
4acc3e90 DSH |
8 | */ |
9 | ||
4acc3e90 | 10 | typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; |
4acc3e90 | 11 | |
85885715 | 12 | DEFINE_STACK_OF(X509_POLICY_DATA) |
3c07d3a3 | 13 | |
4acc3e90 DSH |
14 | /* Internal structures */ |
15 | ||
0f113f3e MC |
16 | /* |
17 | * This structure and the field names correspond to the Policy 'node' of | |
18 | * RFC3280. NB this structure contains no pointers to parent or child data: | |
19 | * X509_POLICY_NODE contains that. This means that the main policy data can | |
20 | * be kept static and cached with the certificate. | |
4acc3e90 DSH |
21 | */ |
22 | ||
0f113f3e MC |
23 | struct X509_POLICY_DATA_st { |
24 | unsigned int flags; | |
25 | /* Policy OID and qualifiers for this data */ | |
26 | ASN1_OBJECT *valid_policy; | |
27 | STACK_OF(POLICYQUALINFO) *qualifier_set; | |
28 | STACK_OF(ASN1_OBJECT) *expected_policy_set; | |
29 | }; | |
4acc3e90 DSH |
30 | |
31 | /* X509_POLICY_DATA flags values */ | |
32 | ||
0f113f3e MC |
33 | /* |
34 | * This flag indicates the structure has been mapped using a policy mapping | |
35 | * extension. If policy mapping is not active its references get deleted. | |
4acc3e90 DSH |
36 | */ |
37 | ||
0f113f3e | 38 | #define POLICY_DATA_FLAG_MAPPED 0x1 |
4acc3e90 | 39 | |
0f113f3e MC |
40 | /* |
41 | * This flag indicates the data doesn't correspond to a policy in Certificate | |
4acc3e90 DSH |
42 | * Policies: it has been mapped to any policy. |
43 | */ | |
44 | ||
0f113f3e | 45 | #define POLICY_DATA_FLAG_MAPPED_ANY 0x2 |
4acc3e90 DSH |
46 | |
47 | /* AND with flags to see if any mapping has occurred */ | |
48 | ||
0f113f3e | 49 | #define POLICY_DATA_FLAG_MAP_MASK 0x3 |
4acc3e90 DSH |
50 | |
51 | /* qualifiers are shared and shouldn't be freed */ | |
52 | ||
0f113f3e | 53 | #define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 |
4acc3e90 DSH |
54 | |
55 | /* Parent node is an extra node and should be freed */ | |
56 | ||
0f113f3e | 57 | #define POLICY_DATA_FLAG_EXTRA_NODE 0x8 |
4acc3e90 DSH |
58 | |
59 | /* Corresponding CertificatePolicies is critical */ | |
60 | ||
0f113f3e | 61 | #define POLICY_DATA_FLAG_CRITICAL 0x10 |
4acc3e90 | 62 | |
4acc3e90 DSH |
63 | /* This structure is cached with a certificate */ |
64 | ||
65 | struct X509_POLICY_CACHE_st { | |
0f113f3e MC |
66 | /* anyPolicy data or NULL if no anyPolicy */ |
67 | X509_POLICY_DATA *anyPolicy; | |
68 | /* other policy data */ | |
69 | STACK_OF(X509_POLICY_DATA) *data; | |
70 | /* If InhibitAnyPolicy present this is its value or -1 if absent. */ | |
71 | long any_skip; | |
72 | /* | |
73 | * If policyConstraints and requireExplicitPolicy present this is its | |
74 | * value or -1 if absent. | |
75 | */ | |
76 | long explicit_skip; | |
77 | /* | |
78 | * If policyConstraints and policyMapping present this is its value or -1 | |
79 | * if absent. | |
80 | */ | |
81 | long map_skip; | |
82 | }; | |
83 | ||
84 | /* | |
85 | * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL | |
86 | */ | |
4acc3e90 DSH |
87 | |
88 | /* This structure represents the relationship between nodes */ | |
89 | ||
0f113f3e MC |
90 | struct X509_POLICY_NODE_st { |
91 | /* node data this refers to */ | |
92 | const X509_POLICY_DATA *data; | |
93 | /* Parent node */ | |
94 | X509_POLICY_NODE *parent; | |
95 | /* Number of child nodes */ | |
96 | int nchild; | |
97 | }; | |
98 | ||
99 | struct X509_POLICY_LEVEL_st { | |
100 | /* Cert for this level */ | |
101 | X509 *cert; | |
102 | /* nodes at this level */ | |
103 | STACK_OF(X509_POLICY_NODE) *nodes; | |
104 | /* anyPolicy node */ | |
105 | X509_POLICY_NODE *anyPolicy; | |
106 | /* Extra data */ | |
107 | /* | |
108 | * STACK_OF(X509_POLICY_DATA) *extra_data; | |
109 | */ | |
110 | unsigned int flags; | |
111 | }; | |
112 | ||
113 | struct X509_POLICY_TREE_st { | |
114 | /* This is the tree 'level' data */ | |
115 | X509_POLICY_LEVEL *levels; | |
116 | int nlevel; | |
117 | /* | |
118 | * Extra policy data when additional nodes (not from the certificate) are | |
119 | * required. | |
120 | */ | |
121 | STACK_OF(X509_POLICY_DATA) *extra_data; | |
8483a003 | 122 | /* This is the authority constrained policy set */ |
0f113f3e MC |
123 | STACK_OF(X509_POLICY_NODE) *auth_policies; |
124 | STACK_OF(X509_POLICY_NODE) *user_policies; | |
125 | unsigned int flags; | |
126 | }; | |
4acc3e90 DSH |
127 | |
128 | /* Set if anyPolicy present in user policies */ | |
0f113f3e | 129 | #define POLICY_FLAG_ANY_POLICY 0x2 |
4acc3e90 DSH |
130 | |
131 | /* Useful macros */ | |
132 | ||
ecf13991 DSH |
133 | #define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) |
134 | #define node_critical(node) node_data_critical(node->data) | |
4acc3e90 DSH |
135 | |
136 | /* Internal functions */ | |
137 | ||
b54cab31 SL |
138 | X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, |
139 | int crit); | |
140 | void ossl_policy_data_free(X509_POLICY_DATA *data); | |
4acc3e90 | 141 | |
b54cab31 SL |
142 | X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache, |
143 | const ASN1_OBJECT *id); | |
144 | int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); | |
4acc3e90 | 145 | |
b54cab31 | 146 | STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void); |
4acc3e90 | 147 | |
b54cab31 | 148 | void ossl_policy_cache_free(X509_POLICY_CACHE *cache); |
4acc3e90 | 149 | |
b54cab31 SL |
150 | X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, |
151 | const X509_POLICY_NODE *parent, | |
152 | const ASN1_OBJECT *id); | |
2d2a5ba3 | 153 | |
b54cab31 SL |
154 | X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, |
155 | const ASN1_OBJECT *id); | |
4acc3e90 | 156 | |
b54cab31 SL |
157 | X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, |
158 | X509_POLICY_DATA *data, | |
159 | X509_POLICY_NODE *parent, | |
160 | X509_POLICY_TREE *tree); | |
161 | void ossl_policy_node_free(X509_POLICY_NODE *node); | |
162 | int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, | |
163 | const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); | |
4acc3e90 | 164 | |
b54cab31 | 165 | const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x); |