]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
3c2bdd7d | 2 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. |
41b731f2 | 3 | * |
4286ca47 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
41b731f2 DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
ec577822 BM |
12 | #include <openssl/conf.h> |
13 | #include <openssl/asn1.h> | |
9d6b1ce6 | 14 | #include <openssl/asn1t.h> |
ec577822 | 15 | #include <openssl/x509v3.h> |
41b731f2 | 16 | |
c90c4693 | 17 | #include "x509_local.h" |
706457b7 | 18 | #include "pcy_local.h" |
df2ee0e2 | 19 | #include "ext_dat.h" |
ecf13991 | 20 | |
41b731f2 DSH |
21 | /* Certificate policies extension support: this one is a bit complex... */ |
22 | ||
0f113f3e MC |
23 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, |
24 | BIO *out, int indent); | |
25 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, | |
c8f717fe | 26 | X509V3_CTX *ctx, const char *value); |
0f113f3e MC |
27 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
28 | int indent); | |
41b731f2 | 29 | static void print_notice(BIO *out, USERNOTICE *notice, int indent); |
ba404b5e | 30 | static POLICYINFO *policy_section(X509V3_CTX *ctx, |
0f113f3e | 31 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); |
ba404b5e | 32 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
0f113f3e | 33 | STACK_OF(CONF_VALUE) *unot, int ia5org); |
60790aff | 34 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); |
0444c52a MK |
35 | static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); |
36 | static int displaytext_get_tag_len(const char *tagstr); | |
41b731f2 | 37 | |
47864aea | 38 | const X509V3_EXT_METHOD ossl_v3_cpols = { |
0f113f3e MC |
39 | NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), |
40 | 0, 0, 0, 0, | |
41 | 0, 0, | |
42 | 0, 0, | |
43 | (X509V3_EXT_I2R)i2r_certpol, | |
44 | (X509V3_EXT_R2I)r2i_certpol, | |
45 | NULL | |
41b731f2 DSH |
46 | }; |
47 | ||
0f113f3e MC |
48 | ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = |
49 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) | |
d339187b | 50 | ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) |
9d6b1ce6 DSH |
51 | |
52 | IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) | |
53 | ||
54 | ASN1_SEQUENCE(POLICYINFO) = { | |
0f113f3e MC |
55 | ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), |
56 | ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) | |
d339187b | 57 | } ASN1_SEQUENCE_END(POLICYINFO) |
9d6b1ce6 DSH |
58 | |
59 | IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) | |
60 | ||
61 | ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); | |
62 | ||
63 | ASN1_ADB(POLICYQUALINFO) = { | |
0f113f3e MC |
64 | ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), |
65 | ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) | |
9d6b1ce6 DSH |
66 | } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); |
67 | ||
68 | ASN1_SEQUENCE(POLICYQUALINFO) = { | |
0f113f3e MC |
69 | ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), |
70 | ASN1_ADB_OBJECT(POLICYQUALINFO) | |
d339187b | 71 | } ASN1_SEQUENCE_END(POLICYQUALINFO) |
9d6b1ce6 DSH |
72 | |
73 | IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) | |
74 | ||
75 | ASN1_SEQUENCE(USERNOTICE) = { | |
0f113f3e MC |
76 | ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), |
77 | ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) | |
d339187b | 78 | } ASN1_SEQUENCE_END(USERNOTICE) |
9d6b1ce6 DSH |
79 | |
80 | IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) | |
81 | ||
82 | ASN1_SEQUENCE(NOTICEREF) = { | |
0f113f3e MC |
83 | ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), |
84 | ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) | |
d339187b | 85 | } ASN1_SEQUENCE_END(NOTICEREF) |
9d6b1ce6 DSH |
86 | |
87 | IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) | |
41b731f2 | 88 | |
6b691a5c | 89 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, |
c8f717fe | 90 | X509V3_CTX *ctx, const char *value) |
41b731f2 | 91 | { |
270a4bba | 92 | STACK_OF(POLICYINFO) *pols; |
0f113f3e MC |
93 | char *pstr; |
94 | POLICYINFO *pol; | |
95 | ASN1_OBJECT *pobj; | |
270a4bba | 96 | STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); |
0f113f3e | 97 | CONF_VALUE *cnf; |
270a4bba | 98 | const int num = sk_CONF_VALUE_num(vals); |
0f113f3e | 99 | int i, ia5org; |
270a4bba | 100 | |
0f113f3e | 101 | if (vals == NULL) { |
9311d0c4 | 102 | ERR_raise(ERR_LIB_X509V3, ERR_R_X509V3_LIB); |
270a4bba F |
103 | return NULL; |
104 | } | |
105 | ||
7a908204 PY |
106 | pols = sk_POLICYINFO_new_reserve(NULL, num); |
107 | if (pols == NULL) { | |
9311d0c4 | 108 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
109 | goto err; |
110 | } | |
270a4bba | 111 | |
0f113f3e | 112 | ia5org = 0; |
270a4bba | 113 | for (i = 0; i < num; i++) { |
0f113f3e | 114 | cnf = sk_CONF_VALUE_value(vals, i); |
c90c4693 | 115 | if (cnf->value != NULL || cnf->name == NULL) { |
9311d0c4 | 116 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); |
c90c4693 | 117 | X509V3_conf_add_error_name_value(cnf); |
0f113f3e MC |
118 | goto err; |
119 | } | |
120 | pstr = cnf->name; | |
86885c28 | 121 | if (strcmp(pstr, "ia5org") == 0) { |
0f113f3e MC |
122 | ia5org = 1; |
123 | continue; | |
124 | } else if (*pstr == '@') { | |
125 | STACK_OF(CONF_VALUE) *polsect; | |
12a765a5 | 126 | |
0f113f3e | 127 | polsect = X509V3_get_section(ctx, pstr + 1); |
12a765a5 | 128 | if (polsect == NULL) { |
a150f8e1 RL |
129 | ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION, |
130 | "%s", cnf->name); | |
0f113f3e MC |
131 | goto err; |
132 | } | |
133 | pol = policy_section(ctx, polsect, ia5org); | |
134 | X509V3_section_free(ctx, polsect); | |
75ebbd9a | 135 | if (pol == NULL) |
0f113f3e MC |
136 | goto err; |
137 | } else { | |
75ebbd9a | 138 | if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { |
a150f8e1 RL |
139 | ERR_raise_data(ERR_LIB_X509V3, |
140 | X509V3_R_INVALID_OBJECT_IDENTIFIER, | |
141 | "%s", cnf->name); | |
0f113f3e MC |
142 | goto err; |
143 | } | |
144 | pol = POLICYINFO_new(); | |
90945fa3 | 145 | if (pol == NULL) { |
34b9acbd | 146 | ASN1_OBJECT_free(pobj); |
9311d0c4 | 147 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
90945fa3 MC |
148 | goto err; |
149 | } | |
0f113f3e MC |
150 | pol->policyid = pobj; |
151 | } | |
152 | if (!sk_POLICYINFO_push(pols, pol)) { | |
153 | POLICYINFO_free(pol); | |
9311d0c4 | 154 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
155 | goto err; |
156 | } | |
157 | } | |
158 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | |
159 | return pols; | |
160 | err: | |
161 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | |
162 | sk_POLICYINFO_pop_free(pols, POLICYINFO_free); | |
163 | return NULL; | |
41b731f2 DSH |
164 | } |
165 | ||
ba404b5e | 166 | static POLICYINFO *policy_section(X509V3_CTX *ctx, |
0f113f3e | 167 | STACK_OF(CONF_VALUE) *polstrs, int ia5org) |
41b731f2 | 168 | { |
0f113f3e MC |
169 | int i; |
170 | CONF_VALUE *cnf; | |
171 | POLICYINFO *pol; | |
172 | POLICYQUALINFO *qual; | |
75ebbd9a RS |
173 | |
174 | if ((pol = POLICYINFO_new()) == NULL) | |
0f113f3e MC |
175 | goto merr; |
176 | for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { | |
177 | cnf = sk_CONF_VALUE_value(polstrs, i); | |
86885c28 | 178 | if (strcmp(cnf->name, "policyIdentifier") == 0) { |
0f113f3e | 179 | ASN1_OBJECT *pobj; |
c90c4693 | 180 | |
75ebbd9a | 181 | if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { |
9311d0c4 | 182 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); |
0f113f3e MC |
183 | X509V3_conf_err(cnf); |
184 | goto err; | |
185 | } | |
186 | pol->policyid = pobj; | |
187 | ||
47864aea | 188 | } else if (!ossl_v3_name_cmp(cnf->name, "CPS")) { |
75ebbd9a | 189 | if (pol->qualifiers == NULL) |
0f113f3e | 190 | pol->qualifiers = sk_POLICYQUALINFO_new_null(); |
75ebbd9a | 191 | if ((qual = POLICYQUALINFO_new()) == NULL) |
0f113f3e MC |
192 | goto merr; |
193 | if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | |
194 | goto merr; | |
75ebbd9a | 195 | if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { |
9311d0c4 | 196 | ERR_raise(ERR_LIB_X509V3, ERR_R_INTERNAL_ERROR); |
c5f2b533 MC |
197 | goto err; |
198 | } | |
75ebbd9a | 199 | if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) |
c5f2b533 | 200 | goto merr; |
0f113f3e MC |
201 | if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, |
202 | strlen(cnf->value))) | |
203 | goto merr; | |
47864aea | 204 | } else if (!ossl_v3_name_cmp(cnf->name, "userNotice")) { |
0f113f3e MC |
205 | STACK_OF(CONF_VALUE) *unot; |
206 | if (*cnf->value != '@') { | |
9311d0c4 | 207 | ERR_raise(ERR_LIB_X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); |
0f113f3e MC |
208 | X509V3_conf_err(cnf); |
209 | goto err; | |
210 | } | |
211 | unot = X509V3_get_section(ctx, cnf->value + 1); | |
212 | if (!unot) { | |
9311d0c4 | 213 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION); |
0f113f3e MC |
214 | |
215 | X509V3_conf_err(cnf); | |
216 | goto err; | |
217 | } | |
218 | qual = notice_section(ctx, unot, ia5org); | |
219 | X509V3_section_free(ctx, unot); | |
220 | if (!qual) | |
221 | goto err; | |
12a765a5 | 222 | if (pol->qualifiers == NULL) |
0f113f3e MC |
223 | pol->qualifiers = sk_POLICYQUALINFO_new_null(); |
224 | if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | |
225 | goto merr; | |
226 | } else { | |
9311d0c4 | 227 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OPTION); |
0f113f3e MC |
228 | X509V3_conf_err(cnf); |
229 | goto err; | |
230 | } | |
231 | } | |
12a765a5 | 232 | if (pol->policyid == NULL) { |
9311d0c4 | 233 | ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_POLICY_IDENTIFIER); |
0f113f3e MC |
234 | goto err; |
235 | } | |
236 | ||
237 | return pol; | |
238 | ||
239 | merr: | |
9311d0c4 | 240 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
241 | |
242 | err: | |
243 | POLICYINFO_free(pol); | |
244 | return NULL; | |
3edd7ed1 DSH |
245 | } |
246 | ||
0444c52a MK |
247 | static int displaytext_get_tag_len(const char *tagstr) |
248 | { | |
249 | char *colon = strchr(tagstr, ':'); | |
250 | ||
251 | return (colon == NULL) ? -1 : colon - tagstr; | |
252 | } | |
253 | ||
254 | static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) | |
255 | { | |
256 | int len; | |
257 | ||
258 | *tag_len = 0; | |
259 | len = displaytext_get_tag_len(tagstr); | |
260 | ||
261 | if (len == -1) | |
262 | return V_ASN1_VISIBLESTRING; | |
263 | *tag_len = len; | |
264 | if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) | |
265 | return V_ASN1_UTF8STRING; | |
266 | if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) | |
267 | return V_ASN1_UTF8STRING; | |
268 | if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) | |
269 | return V_ASN1_BMPSTRING; | |
270 | if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) | |
271 | return V_ASN1_BMPSTRING; | |
272 | if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) | |
273 | return V_ASN1_VISIBLESTRING; | |
274 | if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) | |
275 | return V_ASN1_VISIBLESTRING; | |
276 | *tag_len = 0; | |
277 | return V_ASN1_VISIBLESTRING; | |
278 | } | |
279 | ||
ba404b5e | 280 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
0f113f3e | 281 | STACK_OF(CONF_VALUE) *unot, int ia5org) |
3edd7ed1 | 282 | { |
0444c52a MK |
283 | int i, ret, len, tag; |
284 | unsigned int tag_len; | |
0f113f3e MC |
285 | CONF_VALUE *cnf; |
286 | USERNOTICE *not; | |
287 | POLICYQUALINFO *qual; | |
0444c52a | 288 | char *value = NULL; |
75ebbd9a RS |
289 | |
290 | if ((qual = POLICYQUALINFO_new()) == NULL) | |
0f113f3e | 291 | goto merr; |
75ebbd9a | 292 | if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { |
9311d0c4 | 293 | ERR_raise(ERR_LIB_X509V3, ERR_R_INTERNAL_ERROR); |
c5f2b533 MC |
294 | goto err; |
295 | } | |
75ebbd9a | 296 | if ((not = USERNOTICE_new()) == NULL) |
0f113f3e MC |
297 | goto merr; |
298 | qual->d.usernotice = not; | |
299 | for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { | |
300 | cnf = sk_CONF_VALUE_value(unot, i); | |
c90c4693 | 301 | |
0444c52a | 302 | value = cnf->value; |
86885c28 | 303 | if (strcmp(cnf->name, "explicitText") == 0) { |
0444c52a MK |
304 | tag = displaytext_str2tag(value, &tag_len); |
305 | if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL) | |
c5f2b533 | 306 | goto merr; |
0444c52a MK |
307 | if (tag_len != 0) |
308 | value += tag_len + 1; | |
309 | len = strlen(value); | |
310 | if (!ASN1_STRING_set(not->exptext, value, len)) | |
0f113f3e | 311 | goto merr; |
86885c28 | 312 | } else if (strcmp(cnf->name, "organization") == 0) { |
0f113f3e | 313 | NOTICEREF *nref; |
c90c4693 | 314 | |
0f113f3e | 315 | if (!not->noticeref) { |
75ebbd9a | 316 | if ((nref = NOTICEREF_new()) == NULL) |
0f113f3e MC |
317 | goto merr; |
318 | not->noticeref = nref; | |
319 | } else | |
320 | nref = not->noticeref; | |
321 | if (ia5org) | |
322 | nref->organization->type = V_ASN1_IA5STRING; | |
323 | else | |
324 | nref->organization->type = V_ASN1_VISIBLESTRING; | |
325 | if (!ASN1_STRING_set(nref->organization, cnf->value, | |
326 | strlen(cnf->value))) | |
327 | goto merr; | |
86885c28 | 328 | } else if (strcmp(cnf->name, "noticeNumbers") == 0) { |
0f113f3e | 329 | NOTICEREF *nref; |
c90c4693 | 330 | |
0f113f3e MC |
331 | STACK_OF(CONF_VALUE) *nos; |
332 | if (!not->noticeref) { | |
75ebbd9a | 333 | if ((nref = NOTICEREF_new()) == NULL) |
0f113f3e MC |
334 | goto merr; |
335 | not->noticeref = nref; | |
336 | } else | |
337 | nref = not->noticeref; | |
338 | nos = X509V3_parse_list(cnf->value); | |
339 | if (!nos || !sk_CONF_VALUE_num(nos)) { | |
9311d0c4 | 340 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NUMBERS); |
c90c4693 | 341 | X509V3_conf_add_error_name_value(cnf); |
6eb311ee | 342 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); |
0f113f3e MC |
343 | goto err; |
344 | } | |
345 | ret = nref_nos(nref->noticenos, nos); | |
346 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); | |
347 | if (!ret) | |
348 | goto err; | |
349 | } else { | |
9311d0c4 | 350 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OPTION); |
c90c4693 | 351 | X509V3_conf_add_error_name_value(cnf); |
0f113f3e MC |
352 | goto err; |
353 | } | |
354 | } | |
355 | ||
356 | if (not->noticeref && | |
357 | (!not->noticeref->noticenos || !not->noticeref->organization)) { | |
9311d0c4 | 358 | ERR_raise(ERR_LIB_X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); |
0f113f3e MC |
359 | goto err; |
360 | } | |
361 | ||
362 | return qual; | |
363 | ||
364 | merr: | |
9311d0c4 | 365 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
366 | |
367 | err: | |
368 | POLICYQUALINFO_free(qual); | |
369 | return NULL; | |
3edd7ed1 DSH |
370 | } |
371 | ||
60790aff | 372 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) |
3edd7ed1 | 373 | { |
0f113f3e MC |
374 | CONF_VALUE *cnf; |
375 | ASN1_INTEGER *aint; | |
376 | ||
377 | int i; | |
378 | ||
379 | for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { | |
380 | cnf = sk_CONF_VALUE_value(nos, i); | |
75ebbd9a | 381 | if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { |
9311d0c4 | 382 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NUMBER); |
0f113f3e MC |
383 | goto err; |
384 | } | |
385 | if (!sk_ASN1_INTEGER_push(nnums, aint)) | |
386 | goto merr; | |
387 | } | |
388 | return 1; | |
389 | ||
390 | merr: | |
fe4075f2 | 391 | ASN1_INTEGER_free(aint); |
9311d0c4 | 392 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
393 | |
394 | err: | |
0f113f3e | 395 | return 0; |
41b731f2 DSH |
396 | } |
397 | ||
6b691a5c | 398 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, |
0f113f3e | 399 | BIO *out, int indent) |
41b731f2 | 400 | { |
0f113f3e MC |
401 | int i; |
402 | POLICYINFO *pinfo; | |
403 | /* First print out the policy OIDs */ | |
404 | for (i = 0; i < sk_POLICYINFO_num(pol); i++) { | |
a4c467c9 DO |
405 | if (i > 0) |
406 | BIO_puts(out, "\n"); | |
0f113f3e MC |
407 | pinfo = sk_POLICYINFO_value(pol, i); |
408 | BIO_printf(out, "%*sPolicy: ", indent, ""); | |
409 | i2a_ASN1_OBJECT(out, pinfo->policyid); | |
a4c467c9 DO |
410 | if (pinfo->qualifiers) { |
411 | BIO_puts(out, "\n"); | |
0f113f3e | 412 | print_qualifiers(out, pinfo->qualifiers, indent + 2); |
a4c467c9 | 413 | } |
0f113f3e MC |
414 | } |
415 | return 1; | |
41b731f2 DSH |
416 | } |
417 | ||
6b691a5c | 418 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
0f113f3e | 419 | int indent) |
41b731f2 | 420 | { |
0f113f3e MC |
421 | POLICYQUALINFO *qualinfo; |
422 | int i; | |
423 | for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { | |
a4c467c9 DO |
424 | if (i > 0) |
425 | BIO_puts(out, "\n"); | |
0f113f3e MC |
426 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
427 | switch (OBJ_obj2nid(qualinfo->pqualid)) { | |
428 | case NID_id_qt_cps: | |
a4c467c9 | 429 | BIO_printf(out, "%*sCPS: %s", indent, "", |
0f113f3e MC |
430 | qualinfo->d.cpsuri->data); |
431 | break; | |
432 | ||
433 | case NID_id_qt_unotice: | |
434 | BIO_printf(out, "%*sUser Notice:\n", indent, ""); | |
435 | print_notice(out, qualinfo->d.usernotice, indent + 2); | |
436 | break; | |
437 | ||
438 | default: | |
439 | BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, ""); | |
440 | ||
441 | i2a_ASN1_OBJECT(out, qualinfo->pqualid); | |
0f113f3e MC |
442 | break; |
443 | } | |
444 | } | |
41b731f2 DSH |
445 | } |
446 | ||
6b691a5c | 447 | static void print_notice(BIO *out, USERNOTICE *notice, int indent) |
41b731f2 | 448 | { |
0f113f3e MC |
449 | int i; |
450 | if (notice->noticeref) { | |
451 | NOTICEREF *ref; | |
452 | ref = notice->noticeref; | |
453 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | |
454 | ref->organization->data); | |
455 | BIO_printf(out, "%*sNumber%s: ", indent, "", | |
456 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); | |
457 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { | |
458 | ASN1_INTEGER *num; | |
459 | char *tmp; | |
460 | num = sk_ASN1_INTEGER_value(ref->noticenos, i); | |
461 | if (i) | |
462 | BIO_puts(out, ", "); | |
29d1fad7 BE |
463 | if (num == NULL) |
464 | BIO_puts(out, "(null)"); | |
465 | else { | |
466 | tmp = i2s_ASN1_INTEGER(NULL, num); | |
467 | if (tmp == NULL) | |
468 | return; | |
469 | BIO_puts(out, tmp); | |
470 | OPENSSL_free(tmp); | |
471 | } | |
0f113f3e | 472 | } |
a4c467c9 DO |
473 | if (notice->exptext) |
474 | BIO_puts(out, "\n"); | |
0f113f3e MC |
475 | } |
476 | if (notice->exptext) | |
a4c467c9 | 477 | BIO_printf(out, "%*sExplicit Text: %s", indent, "", |
0f113f3e | 478 | notice->exptext->data); |
41b731f2 | 479 | } |
41b731f2 | 480 | |
ecf13991 | 481 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) |
0f113f3e MC |
482 | { |
483 | const X509_POLICY_DATA *dat = node->data; | |
484 | ||
485 | BIO_printf(out, "%*sPolicy: ", indent, ""); | |
486 | ||
487 | i2a_ASN1_OBJECT(out, dat->valid_policy); | |
488 | BIO_puts(out, "\n"); | |
489 | BIO_printf(out, "%*s%s\n", indent + 2, "", | |
490 | node_data_critical(dat) ? "Critical" : "Non Critical"); | |
a4c467c9 | 491 | if (dat->qualifier_set) { |
0f113f3e | 492 | print_qualifiers(out, dat->qualifier_set, indent + 2); |
a4c467c9 DO |
493 | BIO_puts(out, "\n"); |
494 | } | |
0f113f3e MC |
495 | else |
496 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); | |
497 | } |