]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
6ec5fce2 | 2 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. |
41b731f2 | 3 | * |
4286ca47 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
41b731f2 DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
ec577822 BM |
12 | #include <openssl/conf.h> |
13 | #include <openssl/asn1.h> | |
9d6b1ce6 | 14 | #include <openssl/asn1t.h> |
ec577822 | 15 | #include <openssl/x509v3.h> |
41b731f2 | 16 | |
ecf13991 | 17 | #include "pcy_int.h" |
df2ee0e2 | 18 | #include "ext_dat.h" |
ecf13991 | 19 | |
41b731f2 DSH |
20 | /* Certificate policies extension support: this one is a bit complex... */ |
21 | ||
0f113f3e MC |
22 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, |
23 | BIO *out, int indent); | |
24 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, | |
c8f717fe | 25 | X509V3_CTX *ctx, const char *value); |
0f113f3e MC |
26 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
27 | int indent); | |
41b731f2 | 28 | static void print_notice(BIO *out, USERNOTICE *notice, int indent); |
ba404b5e | 29 | static POLICYINFO *policy_section(X509V3_CTX *ctx, |
0f113f3e | 30 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); |
ba404b5e | 31 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
0f113f3e | 32 | STACK_OF(CONF_VALUE) *unot, int ia5org); |
60790aff | 33 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); |
0444c52a MK |
34 | static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); |
35 | static int displaytext_get_tag_len(const char *tagstr); | |
41b731f2 | 36 | |
560b79cb | 37 | const X509V3_EXT_METHOD v3_cpols = { |
0f113f3e MC |
38 | NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), |
39 | 0, 0, 0, 0, | |
40 | 0, 0, | |
41 | 0, 0, | |
42 | (X509V3_EXT_I2R)i2r_certpol, | |
43 | (X509V3_EXT_R2I)r2i_certpol, | |
44 | NULL | |
41b731f2 DSH |
45 | }; |
46 | ||
0f113f3e MC |
47 | ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = |
48 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) | |
d339187b | 49 | ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) |
9d6b1ce6 DSH |
50 | |
51 | IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) | |
52 | ||
53 | ASN1_SEQUENCE(POLICYINFO) = { | |
0f113f3e MC |
54 | ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), |
55 | ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) | |
d339187b | 56 | } ASN1_SEQUENCE_END(POLICYINFO) |
9d6b1ce6 DSH |
57 | |
58 | IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) | |
59 | ||
60 | ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); | |
61 | ||
62 | ASN1_ADB(POLICYQUALINFO) = { | |
0f113f3e MC |
63 | ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), |
64 | ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) | |
9d6b1ce6 DSH |
65 | } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); |
66 | ||
67 | ASN1_SEQUENCE(POLICYQUALINFO) = { | |
0f113f3e MC |
68 | ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), |
69 | ASN1_ADB_OBJECT(POLICYQUALINFO) | |
d339187b | 70 | } ASN1_SEQUENCE_END(POLICYQUALINFO) |
9d6b1ce6 DSH |
71 | |
72 | IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) | |
73 | ||
74 | ASN1_SEQUENCE(USERNOTICE) = { | |
0f113f3e MC |
75 | ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), |
76 | ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) | |
d339187b | 77 | } ASN1_SEQUENCE_END(USERNOTICE) |
9d6b1ce6 DSH |
78 | |
79 | IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) | |
80 | ||
81 | ASN1_SEQUENCE(NOTICEREF) = { | |
0f113f3e MC |
82 | ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), |
83 | ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) | |
d339187b | 84 | } ASN1_SEQUENCE_END(NOTICEREF) |
9d6b1ce6 DSH |
85 | |
86 | IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) | |
41b731f2 | 87 | |
6b691a5c | 88 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, |
c8f717fe | 89 | X509V3_CTX *ctx, const char *value) |
41b731f2 | 90 | { |
270a4bba | 91 | STACK_OF(POLICYINFO) *pols; |
0f113f3e MC |
92 | char *pstr; |
93 | POLICYINFO *pol; | |
94 | ASN1_OBJECT *pobj; | |
270a4bba | 95 | STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); |
0f113f3e | 96 | CONF_VALUE *cnf; |
270a4bba | 97 | const int num = sk_CONF_VALUE_num(vals); |
0f113f3e | 98 | int i, ia5org; |
270a4bba | 99 | |
0f113f3e MC |
100 | if (vals == NULL) { |
101 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); | |
270a4bba F |
102 | return NULL; |
103 | } | |
104 | ||
7a908204 PY |
105 | pols = sk_POLICYINFO_new_reserve(NULL, num); |
106 | if (pols == NULL) { | |
270a4bba | 107 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
108 | goto err; |
109 | } | |
270a4bba | 110 | |
0f113f3e | 111 | ia5org = 0; |
270a4bba | 112 | for (i = 0; i < num; i++) { |
0f113f3e | 113 | cnf = sk_CONF_VALUE_value(vals, i); |
270a4bba | 114 | |
0f113f3e MC |
115 | if (cnf->value || !cnf->name) { |
116 | X509V3err(X509V3_F_R2I_CERTPOL, | |
117 | X509V3_R_INVALID_POLICY_IDENTIFIER); | |
118 | X509V3_conf_err(cnf); | |
119 | goto err; | |
120 | } | |
121 | pstr = cnf->name; | |
86885c28 | 122 | if (strcmp(pstr, "ia5org") == 0) { |
0f113f3e MC |
123 | ia5org = 1; |
124 | continue; | |
125 | } else if (*pstr == '@') { | |
126 | STACK_OF(CONF_VALUE) *polsect; | |
127 | polsect = X509V3_get_section(ctx, pstr + 1); | |
128 | if (!polsect) { | |
129 | X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION); | |
130 | ||
131 | X509V3_conf_err(cnf); | |
132 | goto err; | |
133 | } | |
134 | pol = policy_section(ctx, polsect, ia5org); | |
135 | X509V3_section_free(ctx, polsect); | |
75ebbd9a | 136 | if (pol == NULL) |
0f113f3e MC |
137 | goto err; |
138 | } else { | |
75ebbd9a | 139 | if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { |
0f113f3e MC |
140 | X509V3err(X509V3_F_R2I_CERTPOL, |
141 | X509V3_R_INVALID_OBJECT_IDENTIFIER); | |
142 | X509V3_conf_err(cnf); | |
143 | goto err; | |
144 | } | |
145 | pol = POLICYINFO_new(); | |
90945fa3 | 146 | if (pol == NULL) { |
34b9acbd | 147 | ASN1_OBJECT_free(pobj); |
7fcdbd83 | 148 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); |
90945fa3 MC |
149 | goto err; |
150 | } | |
0f113f3e MC |
151 | pol->policyid = pobj; |
152 | } | |
153 | if (!sk_POLICYINFO_push(pols, pol)) { | |
154 | POLICYINFO_free(pol); | |
155 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | |
156 | goto err; | |
157 | } | |
158 | } | |
159 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | |
160 | return pols; | |
161 | err: | |
162 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | |
163 | sk_POLICYINFO_pop_free(pols, POLICYINFO_free); | |
164 | return NULL; | |
41b731f2 DSH |
165 | } |
166 | ||
ba404b5e | 167 | static POLICYINFO *policy_section(X509V3_CTX *ctx, |
0f113f3e | 168 | STACK_OF(CONF_VALUE) *polstrs, int ia5org) |
41b731f2 | 169 | { |
0f113f3e MC |
170 | int i; |
171 | CONF_VALUE *cnf; | |
172 | POLICYINFO *pol; | |
173 | POLICYQUALINFO *qual; | |
75ebbd9a RS |
174 | |
175 | if ((pol = POLICYINFO_new()) == NULL) | |
0f113f3e MC |
176 | goto merr; |
177 | for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { | |
178 | cnf = sk_CONF_VALUE_value(polstrs, i); | |
86885c28 | 179 | if (strcmp(cnf->name, "policyIdentifier") == 0) { |
0f113f3e | 180 | ASN1_OBJECT *pobj; |
75ebbd9a | 181 | if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { |
0f113f3e MC |
182 | X509V3err(X509V3_F_POLICY_SECTION, |
183 | X509V3_R_INVALID_OBJECT_IDENTIFIER); | |
184 | X509V3_conf_err(cnf); | |
185 | goto err; | |
186 | } | |
187 | pol->policyid = pobj; | |
188 | ||
189 | } else if (!name_cmp(cnf->name, "CPS")) { | |
75ebbd9a | 190 | if (pol->qualifiers == NULL) |
0f113f3e | 191 | pol->qualifiers = sk_POLICYQUALINFO_new_null(); |
75ebbd9a | 192 | if ((qual = POLICYQUALINFO_new()) == NULL) |
0f113f3e MC |
193 | goto merr; |
194 | if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | |
195 | goto merr; | |
75ebbd9a | 196 | if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { |
c5f2b533 MC |
197 | X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); |
198 | goto err; | |
199 | } | |
75ebbd9a | 200 | if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) |
c5f2b533 | 201 | goto merr; |
0f113f3e MC |
202 | if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, |
203 | strlen(cnf->value))) | |
204 | goto merr; | |
205 | } else if (!name_cmp(cnf->name, "userNotice")) { | |
206 | STACK_OF(CONF_VALUE) *unot; | |
207 | if (*cnf->value != '@') { | |
208 | X509V3err(X509V3_F_POLICY_SECTION, | |
209 | X509V3_R_EXPECTED_A_SECTION_NAME); | |
210 | X509V3_conf_err(cnf); | |
211 | goto err; | |
212 | } | |
213 | unot = X509V3_get_section(ctx, cnf->value + 1); | |
214 | if (!unot) { | |
215 | X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION); | |
216 | ||
217 | X509V3_conf_err(cnf); | |
218 | goto err; | |
219 | } | |
220 | qual = notice_section(ctx, unot, ia5org); | |
221 | X509V3_section_free(ctx, unot); | |
222 | if (!qual) | |
223 | goto err; | |
224 | if (!pol->qualifiers) | |
225 | pol->qualifiers = sk_POLICYQUALINFO_new_null(); | |
226 | if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | |
227 | goto merr; | |
228 | } else { | |
229 | X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION); | |
230 | ||
231 | X509V3_conf_err(cnf); | |
232 | goto err; | |
233 | } | |
234 | } | |
235 | if (!pol->policyid) { | |
236 | X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER); | |
237 | goto err; | |
238 | } | |
239 | ||
240 | return pol; | |
241 | ||
242 | merr: | |
243 | X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); | |
244 | ||
245 | err: | |
246 | POLICYINFO_free(pol); | |
247 | return NULL; | |
3edd7ed1 DSH |
248 | } |
249 | ||
0444c52a MK |
250 | static int displaytext_get_tag_len(const char *tagstr) |
251 | { | |
252 | char *colon = strchr(tagstr, ':'); | |
253 | ||
254 | return (colon == NULL) ? -1 : colon - tagstr; | |
255 | } | |
256 | ||
257 | static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) | |
258 | { | |
259 | int len; | |
260 | ||
261 | *tag_len = 0; | |
262 | len = displaytext_get_tag_len(tagstr); | |
263 | ||
264 | if (len == -1) | |
265 | return V_ASN1_VISIBLESTRING; | |
266 | *tag_len = len; | |
267 | if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) | |
268 | return V_ASN1_UTF8STRING; | |
269 | if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) | |
270 | return V_ASN1_UTF8STRING; | |
271 | if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) | |
272 | return V_ASN1_BMPSTRING; | |
273 | if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) | |
274 | return V_ASN1_BMPSTRING; | |
275 | if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) | |
276 | return V_ASN1_VISIBLESTRING; | |
277 | if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) | |
278 | return V_ASN1_VISIBLESTRING; | |
279 | *tag_len = 0; | |
280 | return V_ASN1_VISIBLESTRING; | |
281 | } | |
282 | ||
ba404b5e | 283 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
0f113f3e | 284 | STACK_OF(CONF_VALUE) *unot, int ia5org) |
3edd7ed1 | 285 | { |
0444c52a MK |
286 | int i, ret, len, tag; |
287 | unsigned int tag_len; | |
0f113f3e MC |
288 | CONF_VALUE *cnf; |
289 | USERNOTICE *not; | |
290 | POLICYQUALINFO *qual; | |
0444c52a | 291 | char *value = NULL; |
75ebbd9a RS |
292 | |
293 | if ((qual = POLICYQUALINFO_new()) == NULL) | |
0f113f3e | 294 | goto merr; |
75ebbd9a | 295 | if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { |
c5f2b533 MC |
296 | X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); |
297 | goto err; | |
298 | } | |
75ebbd9a | 299 | if ((not = USERNOTICE_new()) == NULL) |
0f113f3e MC |
300 | goto merr; |
301 | qual->d.usernotice = not; | |
302 | for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { | |
303 | cnf = sk_CONF_VALUE_value(unot, i); | |
0444c52a | 304 | value = cnf->value; |
86885c28 | 305 | if (strcmp(cnf->name, "explicitText") == 0) { |
0444c52a MK |
306 | tag = displaytext_str2tag(value, &tag_len); |
307 | if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL) | |
c5f2b533 | 308 | goto merr; |
0444c52a MK |
309 | if (tag_len != 0) |
310 | value += tag_len + 1; | |
311 | len = strlen(value); | |
312 | if (!ASN1_STRING_set(not->exptext, value, len)) | |
0f113f3e | 313 | goto merr; |
86885c28 | 314 | } else if (strcmp(cnf->name, "organization") == 0) { |
0f113f3e MC |
315 | NOTICEREF *nref; |
316 | if (!not->noticeref) { | |
75ebbd9a | 317 | if ((nref = NOTICEREF_new()) == NULL) |
0f113f3e MC |
318 | goto merr; |
319 | not->noticeref = nref; | |
320 | } else | |
321 | nref = not->noticeref; | |
322 | if (ia5org) | |
323 | nref->organization->type = V_ASN1_IA5STRING; | |
324 | else | |
325 | nref->organization->type = V_ASN1_VISIBLESTRING; | |
326 | if (!ASN1_STRING_set(nref->organization, cnf->value, | |
327 | strlen(cnf->value))) | |
328 | goto merr; | |
86885c28 | 329 | } else if (strcmp(cnf->name, "noticeNumbers") == 0) { |
0f113f3e MC |
330 | NOTICEREF *nref; |
331 | STACK_OF(CONF_VALUE) *nos; | |
332 | if (!not->noticeref) { | |
75ebbd9a | 333 | if ((nref = NOTICEREF_new()) == NULL) |
0f113f3e MC |
334 | goto merr; |
335 | not->noticeref = nref; | |
336 | } else | |
337 | nref = not->noticeref; | |
338 | nos = X509V3_parse_list(cnf->value); | |
339 | if (!nos || !sk_CONF_VALUE_num(nos)) { | |
340 | X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); | |
341 | X509V3_conf_err(cnf); | |
6eb311ee | 342 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); |
0f113f3e MC |
343 | goto err; |
344 | } | |
345 | ret = nref_nos(nref->noticenos, nos); | |
346 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); | |
347 | if (!ret) | |
348 | goto err; | |
349 | } else { | |
350 | X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION); | |
351 | X509V3_conf_err(cnf); | |
352 | goto err; | |
353 | } | |
354 | } | |
355 | ||
356 | if (not->noticeref && | |
357 | (!not->noticeref->noticenos || !not->noticeref->organization)) { | |
358 | X509V3err(X509V3_F_NOTICE_SECTION, | |
359 | X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); | |
360 | goto err; | |
361 | } | |
362 | ||
363 | return qual; | |
364 | ||
365 | merr: | |
366 | X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE); | |
367 | ||
368 | err: | |
369 | POLICYQUALINFO_free(qual); | |
370 | return NULL; | |
3edd7ed1 DSH |
371 | } |
372 | ||
60790aff | 373 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) |
3edd7ed1 | 374 | { |
0f113f3e MC |
375 | CONF_VALUE *cnf; |
376 | ASN1_INTEGER *aint; | |
377 | ||
378 | int i; | |
379 | ||
380 | for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { | |
381 | cnf = sk_CONF_VALUE_value(nos, i); | |
75ebbd9a | 382 | if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { |
0f113f3e MC |
383 | X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); |
384 | goto err; | |
385 | } | |
386 | if (!sk_ASN1_INTEGER_push(nnums, aint)) | |
387 | goto merr; | |
388 | } | |
389 | return 1; | |
390 | ||
391 | merr: | |
fe4075f2 | 392 | ASN1_INTEGER_free(aint); |
0f113f3e MC |
393 | X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); |
394 | ||
395 | err: | |
0f113f3e | 396 | return 0; |
41b731f2 DSH |
397 | } |
398 | ||
6b691a5c | 399 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, |
0f113f3e | 400 | BIO *out, int indent) |
41b731f2 | 401 | { |
0f113f3e MC |
402 | int i; |
403 | POLICYINFO *pinfo; | |
404 | /* First print out the policy OIDs */ | |
405 | for (i = 0; i < sk_POLICYINFO_num(pol); i++) { | |
a4c467c9 DO |
406 | if (i > 0) |
407 | BIO_puts(out, "\n"); | |
0f113f3e MC |
408 | pinfo = sk_POLICYINFO_value(pol, i); |
409 | BIO_printf(out, "%*sPolicy: ", indent, ""); | |
410 | i2a_ASN1_OBJECT(out, pinfo->policyid); | |
a4c467c9 DO |
411 | if (pinfo->qualifiers) { |
412 | BIO_puts(out, "\n"); | |
0f113f3e | 413 | print_qualifiers(out, pinfo->qualifiers, indent + 2); |
a4c467c9 | 414 | } |
0f113f3e MC |
415 | } |
416 | return 1; | |
41b731f2 DSH |
417 | } |
418 | ||
6b691a5c | 419 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
0f113f3e | 420 | int indent) |
41b731f2 | 421 | { |
0f113f3e MC |
422 | POLICYQUALINFO *qualinfo; |
423 | int i; | |
424 | for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { | |
a4c467c9 DO |
425 | if (i > 0) |
426 | BIO_puts(out, "\n"); | |
0f113f3e MC |
427 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
428 | switch (OBJ_obj2nid(qualinfo->pqualid)) { | |
429 | case NID_id_qt_cps: | |
a4c467c9 | 430 | BIO_printf(out, "%*sCPS: %s", indent, "", |
0f113f3e MC |
431 | qualinfo->d.cpsuri->data); |
432 | break; | |
433 | ||
434 | case NID_id_qt_unotice: | |
435 | BIO_printf(out, "%*sUser Notice:\n", indent, ""); | |
436 | print_notice(out, qualinfo->d.usernotice, indent + 2); | |
437 | break; | |
438 | ||
439 | default: | |
440 | BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, ""); | |
441 | ||
442 | i2a_ASN1_OBJECT(out, qualinfo->pqualid); | |
0f113f3e MC |
443 | break; |
444 | } | |
445 | } | |
41b731f2 DSH |
446 | } |
447 | ||
6b691a5c | 448 | static void print_notice(BIO *out, USERNOTICE *notice, int indent) |
41b731f2 | 449 | { |
0f113f3e MC |
450 | int i; |
451 | if (notice->noticeref) { | |
452 | NOTICEREF *ref; | |
453 | ref = notice->noticeref; | |
454 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | |
455 | ref->organization->data); | |
456 | BIO_printf(out, "%*sNumber%s: ", indent, "", | |
457 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); | |
458 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { | |
459 | ASN1_INTEGER *num; | |
460 | char *tmp; | |
461 | num = sk_ASN1_INTEGER_value(ref->noticenos, i); | |
462 | if (i) | |
463 | BIO_puts(out, ", "); | |
29d1fad7 BE |
464 | if (num == NULL) |
465 | BIO_puts(out, "(null)"); | |
466 | else { | |
467 | tmp = i2s_ASN1_INTEGER(NULL, num); | |
468 | if (tmp == NULL) | |
469 | return; | |
470 | BIO_puts(out, tmp); | |
471 | OPENSSL_free(tmp); | |
472 | } | |
0f113f3e | 473 | } |
a4c467c9 DO |
474 | if (notice->exptext) |
475 | BIO_puts(out, "\n"); | |
0f113f3e MC |
476 | } |
477 | if (notice->exptext) | |
a4c467c9 | 478 | BIO_printf(out, "%*sExplicit Text: %s", indent, "", |
0f113f3e | 479 | notice->exptext->data); |
41b731f2 | 480 | } |
41b731f2 | 481 | |
ecf13991 | 482 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) |
0f113f3e MC |
483 | { |
484 | const X509_POLICY_DATA *dat = node->data; | |
485 | ||
486 | BIO_printf(out, "%*sPolicy: ", indent, ""); | |
487 | ||
488 | i2a_ASN1_OBJECT(out, dat->valid_policy); | |
489 | BIO_puts(out, "\n"); | |
490 | BIO_printf(out, "%*s%s\n", indent + 2, "", | |
491 | node_data_critical(dat) ? "Critical" : "Non Critical"); | |
a4c467c9 | 492 | if (dat->qualifier_set) { |
0f113f3e | 493 | print_qualifiers(out, dat->qualifier_set, indent + 2); |
a4c467c9 DO |
494 | BIO_puts(out, "\n"); |
495 | } | |
0f113f3e MC |
496 | else |
497 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); | |
498 | } |