[thirdparty/openssl.git] / crypto / x509 / v3_ist.c

/*
 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"

/*
 * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
 * This extension is required to obtain the status of a qualified certificate at Russian Federation.
 * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
 * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
 */

ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = {
        ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING),
        ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING),
        ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING),
        ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING)
} ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL)

IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)


static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                        STACK_OF(CONF_VALUE) *nval)
{
    ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new();
    int i;

    if (ist == NULL) {
        ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
        return NULL;
    }
    for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) {
        CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);

        if (cnf == NULL) {
            continue;
        }
        if (strcmp(cnf->name, "signTool") == 0) {
            ist->signTool = ASN1_UTF8STRING_new();
            if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                goto err;
            }
        } else if (strcmp(cnf->name, "cATool") == 0) {
            ist->cATool = ASN1_UTF8STRING_new();
            if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                goto err;
            }
        } else if (strcmp(cnf->name, "signToolCert") == 0) {
            ist->signToolCert = ASN1_UTF8STRING_new();
            if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                goto err;
            }
        } else if (strcmp(cnf->name, "cAToolCert") == 0) {
            ist->cAToolCert = ASN1_UTF8STRING_new();
            if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                goto err;
            }
        } else {
            ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
            goto err;
        }
    }
    return ist;

err:
    ISSUER_SIGN_TOOL_free(ist);
    return NULL;
}

static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,
                                 ISSUER_SIGN_TOOL *ist, BIO *out,
                                 int indent)
{
    int new_line = 0;

    if (ist == NULL) {
        ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
        return 0;
    }
    if (ist->signTool != NULL) {
        if (new_line == 1) {
            BIO_write(out, "\n", 1);
        }
        BIO_printf(out, "%*ssignTool    : ", indent, "");
        BIO_write(out, ist->signTool->data, ist->signTool->length);
        new_line = 1;
    }
    if (ist->cATool != NULL) {
        if (new_line == 1) {
            BIO_write(out, "\n", 1);
        }
        BIO_printf(out, "%*scATool      : ", indent, "");
        BIO_write(out, ist->cATool->data, ist->cATool->length);
        new_line = 1;
    }
    if (ist->signToolCert != NULL) {
        if (new_line == 1) {
            BIO_write(out, "\n", 1);
        }
        BIO_printf(out, "%*ssignToolCert: ", indent, "");
        BIO_write(out, ist->signToolCert->data, ist->signToolCert->length);
        new_line = 1;
    }
    if (ist->cAToolCert != NULL) {
        if (new_line == 1) {
            BIO_write(out, "\n", 1);
        }
        BIO_printf(out, "%*scAToolCert  : ", indent, "");
        BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length);
        new_line = 1;
    }
    return 1;
}

const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool = {
    NID_issuerSignTool,                   /* nid */
    X509V3_EXT_MULTILINE,                 /* flags */
    ASN1_ITEM_ref(ISSUER_SIGN_TOOL),      /* template */
    0, 0, 0, 0,                           /* old functions, ignored */
    0,                                    /* i2s */
    0,                                    /* s2i */
    0,                                    /* i2v */
    (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */
    (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */
    0,                                    /* r2i */
    NULL                                  /* extension-specific data */
};
Commit	Line	Data
71f85280	1	/*
da1c088f	2	* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
71f85280 NM	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <stdio.h>
	11	#include "internal/cryptlib.h"
	12	#include <openssl/conf.h>
	13	#include <openssl/asn1.h>
	14	#include <openssl/asn1t.h>
	15	#include <openssl/x509v3.h>
	16	#include "ext_dat.h"
	17
	18	/*
	19	* Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
e304aa87	20	* This extension is required to obtain the status of a qualified certificate at Russian Federation.
71f85280 NM	21	* RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
	22	* Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/
	23	*/
	24
	25	ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = {
	26	ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING),
	27	ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING),
	28	ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING),
	29	ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING)
	30	} ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL)
	31
	32	IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)
	33
	34
	35	static ISSUER_SIGN_TOOL v2i_issuer_sign_tool(X509V3_EXT_METHOD method, X509V3_CTX *ctx,
	36	STACK_OF(CONF_VALUE) *nval)
	37	{
	38	ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new();
	39	int i;
	40
	41	if (ist == NULL) {
e077455e	42	ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
71f85280 NM	43	return NULL;
	44	}
	45	for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) {
	46	CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
	47
	48	if (cnf == NULL) {
	49	continue;
	50	}
	51	if (strcmp(cnf->name, "signTool") == 0) {
	52	ist->signTool = ASN1_UTF8STRING_new();
46e95903	53	if (ist->signTool == NULL \|\| !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
e077455e	54	ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
46e95903	55	goto err;
71f85280	56	}
71f85280 NM	57	} else if (strcmp(cnf->name, "cATool") == 0) {
71f85280 NM	58	ist->cATool = ASN1_UTF8STRING_new();
46e95903	59	if (ist->cATool == NULL \|\| !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
e077455e	60	ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
46e95903	61	goto err;
71f85280	62	}
71f85280 NM	63	} else if (strcmp(cnf->name, "signToolCert") == 0) {
71f85280 NM	64	ist->signToolCert = ASN1_UTF8STRING_new();
46e95903	65	if (ist->signToolCert == NULL \|\| !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
e077455e	66	ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
46e95903	67	goto err;
71f85280	68	}
71f85280 NM	69	} else if (strcmp(cnf->name, "cAToolCert") == 0) {
71f85280 NM	70	ist->cAToolCert = ASN1_UTF8STRING_new();
46e95903	71	if (ist->cAToolCert == NULL \|\| !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
e077455e	72	ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
46e95903	73	goto err;
71f85280	74	}
71f85280	75	} else {
9311d0c4	76	ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
46e95903	77	goto err;
71f85280 NM	78	}
	79	}
	80	return ist;
46e95903	81
	82	err:
	83	ISSUER_SIGN_TOOL_free(ist);
	84	return NULL;
71f85280 NM	85	}
	86
	87	static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,
	88	ISSUER_SIGN_TOOL ist, BIO out,
	89	int indent)
	90	{
	91	int new_line = 0;
	92
	93	if (ist == NULL) {
9311d0c4	94	ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
71f85280 NM	95	return 0;
	96	}
	97	if (ist->signTool != NULL) {
	98	if (new_line == 1) {
	99	BIO_write(out, "\n", 1);
	100	}
	101	BIO_printf(out, "%*ssignTool : ", indent, "");
	102	BIO_write(out, ist->signTool->data, ist->signTool->length);
	103	new_line = 1;
	104	}
	105	if (ist->cATool != NULL) {
	106	if (new_line == 1) {
	107	BIO_write(out, "\n", 1);
	108	}
	109	BIO_printf(out, "%*scATool : ", indent, "");
	110	BIO_write(out, ist->cATool->data, ist->cATool->length);
	111	new_line = 1;
	112	}
	113	if (ist->signToolCert != NULL) {
	114	if (new_line == 1) {
	115	BIO_write(out, "\n", 1);
	116	}
	117	BIO_printf(out, "%*ssignToolCert: ", indent, "");
	118	BIO_write(out, ist->signToolCert->data, ist->signToolCert->length);
	119	new_line = 1;
	120	}
	121	if (ist->cAToolCert != NULL) {
	122	if (new_line == 1) {
	123	BIO_write(out, "\n", 1);
	124	}
	125	BIO_printf(out, "%*scAToolCert : ", indent, "");
	126	BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length);
	127	new_line = 1;
	128	}
	129	return 1;
	130	}
	131
47864aea	132	const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool = {
71f85280 NM	133	NID_issuerSignTool, /* nid */
	134	X509V3_EXT_MULTILINE, /* flags */
	135	ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */
	136	0, 0, 0, 0, /* old functions, ignored */
	137	0, /* i2s */
	138	0, /* s2i */
	139	0, /* i2v */
	140	(X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */
	141	(X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */
	142	0, /* r2i */
	143	NULL /* extension-specific data */
	144	};