]>
Commit | Line | Data |
---|---|---|
71f85280 NM |
1 | /* |
2 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include "internal/cryptlib.h" | |
12 | #include <openssl/conf.h> | |
13 | #include <openssl/asn1.h> | |
14 | #include <openssl/asn1t.h> | |
15 | #include <openssl/x509v3.h> | |
16 | #include "ext_dat.h" | |
17 | ||
18 | /* | |
19 | * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE) | |
20 | * This extention is required to obtain the status of a qualified certificate at Russian Federation. | |
21 | * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 | |
22 | * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ | |
23 | */ | |
24 | ||
25 | ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = { | |
26 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING), | |
27 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING), | |
28 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING), | |
29 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING) | |
30 | } ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL) | |
31 | ||
32 | IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL) | |
33 | ||
34 | ||
35 | static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |
36 | STACK_OF(CONF_VALUE) *nval) | |
37 | { | |
38 | ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new(); | |
39 | int i; | |
40 | ||
41 | if (ist == NULL) { | |
9311d0c4 | 42 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
71f85280 NM |
43 | return NULL; |
44 | } | |
45 | for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) { | |
46 | CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i); | |
47 | ||
48 | if (cnf == NULL) { | |
49 | continue; | |
50 | } | |
51 | if (strcmp(cnf->name, "signTool") == 0) { | |
52 | ist->signTool = ASN1_UTF8STRING_new(); | |
53 | if (ist->signTool == NULL) { | |
9311d0c4 | 54 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
71f85280 NM |
55 | ISSUER_SIGN_TOOL_free(ist); |
56 | return NULL; | |
57 | } | |
58 | ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value)); | |
59 | } else if (strcmp(cnf->name, "cATool") == 0) { | |
60 | ist->cATool = ASN1_UTF8STRING_new(); | |
61 | if (ist->cATool == NULL) { | |
9311d0c4 | 62 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
71f85280 NM |
63 | ISSUER_SIGN_TOOL_free(ist); |
64 | return NULL; | |
65 | } | |
66 | ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value)); | |
67 | } else if (strcmp(cnf->name, "signToolCert") == 0) { | |
68 | ist->signToolCert = ASN1_UTF8STRING_new(); | |
69 | if (ist->signToolCert == NULL) { | |
9311d0c4 | 70 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
71f85280 NM |
71 | ISSUER_SIGN_TOOL_free(ist); |
72 | return NULL; | |
73 | } | |
74 | ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value)); | |
75 | } else if (strcmp(cnf->name, "cAToolCert") == 0) { | |
76 | ist->cAToolCert = ASN1_UTF8STRING_new(); | |
77 | if (ist->cAToolCert == NULL) { | |
9311d0c4 | 78 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
71f85280 NM |
79 | ISSUER_SIGN_TOOL_free(ist); |
80 | return NULL; | |
81 | } | |
82 | ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value)); | |
83 | } else { | |
9311d0c4 | 84 | ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); |
71f85280 NM |
85 | ISSUER_SIGN_TOOL_free(ist); |
86 | return NULL; | |
87 | } | |
88 | } | |
89 | return ist; | |
90 | } | |
91 | ||
92 | static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method, | |
93 | ISSUER_SIGN_TOOL *ist, BIO *out, | |
94 | int indent) | |
95 | { | |
96 | int new_line = 0; | |
97 | ||
98 | if (ist == NULL) { | |
9311d0c4 | 99 | ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); |
71f85280 NM |
100 | return 0; |
101 | } | |
102 | if (ist->signTool != NULL) { | |
103 | if (new_line == 1) { | |
104 | BIO_write(out, "\n", 1); | |
105 | } | |
106 | BIO_printf(out, "%*ssignTool : ", indent, ""); | |
107 | BIO_write(out, ist->signTool->data, ist->signTool->length); | |
108 | new_line = 1; | |
109 | } | |
110 | if (ist->cATool != NULL) { | |
111 | if (new_line == 1) { | |
112 | BIO_write(out, "\n", 1); | |
113 | } | |
114 | BIO_printf(out, "%*scATool : ", indent, ""); | |
115 | BIO_write(out, ist->cATool->data, ist->cATool->length); | |
116 | new_line = 1; | |
117 | } | |
118 | if (ist->signToolCert != NULL) { | |
119 | if (new_line == 1) { | |
120 | BIO_write(out, "\n", 1); | |
121 | } | |
122 | BIO_printf(out, "%*ssignToolCert: ", indent, ""); | |
123 | BIO_write(out, ist->signToolCert->data, ist->signToolCert->length); | |
124 | new_line = 1; | |
125 | } | |
126 | if (ist->cAToolCert != NULL) { | |
127 | if (new_line == 1) { | |
128 | BIO_write(out, "\n", 1); | |
129 | } | |
130 | BIO_printf(out, "%*scAToolCert : ", indent, ""); | |
131 | BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length); | |
132 | new_line = 1; | |
133 | } | |
134 | return 1; | |
135 | } | |
136 | ||
137 | const X509V3_EXT_METHOD v3_issuer_sign_tool = { | |
138 | NID_issuerSignTool, /* nid */ | |
139 | X509V3_EXT_MULTILINE, /* flags */ | |
140 | ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */ | |
141 | 0, 0, 0, 0, /* old functions, ignored */ | |
142 | 0, /* i2s */ | |
143 | 0, /* s2i */ | |
144 | 0, /* i2v */ | |
145 | (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */ | |
146 | (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */ | |
147 | 0, /* r2i */ | |
148 | NULL /* extension-specific data */ | |
149 | }; |