]>
Commit | Line | Data |
---|---|---|
71f85280 | 1 | /* |
da1c088f | 2 | * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. |
71f85280 NM |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include "internal/cryptlib.h" | |
12 | #include <openssl/conf.h> | |
13 | #include <openssl/asn1.h> | |
14 | #include <openssl/asn1t.h> | |
15 | #include <openssl/x509v3.h> | |
16 | #include "ext_dat.h" | |
17 | ||
18 | /* | |
19 | * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE) | |
e304aa87 | 20 | * This extension is required to obtain the status of a qualified certificate at Russian Federation. |
71f85280 NM |
21 | * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 |
22 | * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ | |
23 | */ | |
24 | ||
25 | ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = { | |
26 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING), | |
27 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING), | |
28 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING), | |
29 | ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING) | |
30 | } ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL) | |
31 | ||
32 | IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL) | |
33 | ||
34 | ||
35 | static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |
36 | STACK_OF(CONF_VALUE) *nval) | |
37 | { | |
38 | ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new(); | |
39 | int i; | |
40 | ||
41 | if (ist == NULL) { | |
e077455e | 42 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
71f85280 NM |
43 | return NULL; |
44 | } | |
45 | for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) { | |
46 | CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i); | |
47 | ||
48 | if (cnf == NULL) { | |
49 | continue; | |
50 | } | |
51 | if (strcmp(cnf->name, "signTool") == 0) { | |
52 | ist->signTool = ASN1_UTF8STRING_new(); | |
46e95903 | 53 | if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { |
e077455e | 54 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
46e95903 | 55 | goto err; |
71f85280 | 56 | } |
71f85280 NM |
57 | } else if (strcmp(cnf->name, "cATool") == 0) { |
58 | ist->cATool = ASN1_UTF8STRING_new(); | |
46e95903 | 59 | if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { |
e077455e | 60 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
46e95903 | 61 | goto err; |
71f85280 | 62 | } |
71f85280 NM |
63 | } else if (strcmp(cnf->name, "signToolCert") == 0) { |
64 | ist->signToolCert = ASN1_UTF8STRING_new(); | |
46e95903 | 65 | if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { |
e077455e | 66 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
46e95903 | 67 | goto err; |
71f85280 | 68 | } |
71f85280 NM |
69 | } else if (strcmp(cnf->name, "cAToolCert") == 0) { |
70 | ist->cAToolCert = ASN1_UTF8STRING_new(); | |
46e95903 | 71 | if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { |
e077455e | 72 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
46e95903 | 73 | goto err; |
71f85280 | 74 | } |
71f85280 | 75 | } else { |
9311d0c4 | 76 | ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); |
46e95903 | 77 | goto err; |
71f85280 NM |
78 | } |
79 | } | |
80 | return ist; | |
46e95903 | 81 | |
82 | err: | |
83 | ISSUER_SIGN_TOOL_free(ist); | |
84 | return NULL; | |
71f85280 NM |
85 | } |
86 | ||
87 | static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method, | |
88 | ISSUER_SIGN_TOOL *ist, BIO *out, | |
89 | int indent) | |
90 | { | |
91 | int new_line = 0; | |
92 | ||
93 | if (ist == NULL) { | |
9311d0c4 | 94 | ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); |
71f85280 NM |
95 | return 0; |
96 | } | |
97 | if (ist->signTool != NULL) { | |
98 | if (new_line == 1) { | |
99 | BIO_write(out, "\n", 1); | |
100 | } | |
101 | BIO_printf(out, "%*ssignTool : ", indent, ""); | |
102 | BIO_write(out, ist->signTool->data, ist->signTool->length); | |
103 | new_line = 1; | |
104 | } | |
105 | if (ist->cATool != NULL) { | |
106 | if (new_line == 1) { | |
107 | BIO_write(out, "\n", 1); | |
108 | } | |
109 | BIO_printf(out, "%*scATool : ", indent, ""); | |
110 | BIO_write(out, ist->cATool->data, ist->cATool->length); | |
111 | new_line = 1; | |
112 | } | |
113 | if (ist->signToolCert != NULL) { | |
114 | if (new_line == 1) { | |
115 | BIO_write(out, "\n", 1); | |
116 | } | |
117 | BIO_printf(out, "%*ssignToolCert: ", indent, ""); | |
118 | BIO_write(out, ist->signToolCert->data, ist->signToolCert->length); | |
119 | new_line = 1; | |
120 | } | |
121 | if (ist->cAToolCert != NULL) { | |
122 | if (new_line == 1) { | |
123 | BIO_write(out, "\n", 1); | |
124 | } | |
125 | BIO_printf(out, "%*scAToolCert : ", indent, ""); | |
126 | BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length); | |
127 | new_line = 1; | |
128 | } | |
129 | return 1; | |
130 | } | |
131 | ||
47864aea | 132 | const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool = { |
71f85280 NM |
133 | NID_issuerSignTool, /* nid */ |
134 | X509V3_EXT_MULTILINE, /* flags */ | |
135 | ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */ | |
136 | 0, 0, 0, 0, /* old functions, ignored */ | |
137 | 0, /* i2s */ | |
138 | 0, /* s2i */ | |
139 | 0, /* i2v */ | |
140 | (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */ | |
141 | (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */ | |
142 | 0, /* r2i */ | |
143 | NULL /* extension-specific data */ | |
144 | }; |