]>
Commit | Line | Data |
---|---|---|
7dcee34c DHG |
1 | /* |
2 | * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/asn1t.h> | |
11 | #include <openssl/x509.h> | |
12 | #include <openssl/x509v3.h> | |
13 | #include "x509_acert.h" | |
14 | ||
15 | /* | |
16 | * OpenSSL ASN.1 template translation of RFC 5755 4.1. | |
17 | */ | |
18 | ||
19 | ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO) = { | |
20 | ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED), | |
21 | ASN1_OPT(OSSL_OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT), | |
22 | ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestAlgorithm, X509_ALGOR), | |
23 | ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING), | |
24 | } ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO) | |
25 | ||
26 | ASN1_SEQUENCE(OSSL_ISSUER_SERIAL) = { | |
27 | ASN1_SEQUENCE_OF(OSSL_ISSUER_SERIAL, issuer, GENERAL_NAME), | |
28 | ASN1_EMBED(OSSL_ISSUER_SERIAL, serial, ASN1_INTEGER), | |
29 | ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING), | |
30 | } ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL) | |
31 | ||
32 | ASN1_SEQUENCE(X509_ACERT_ISSUER_V2FORM) = { | |
33 | ASN1_SEQUENCE_OF_OPT(X509_ACERT_ISSUER_V2FORM, issuerName, GENERAL_NAME), | |
34 | ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM, baseCertificateId, OSSL_ISSUER_SERIAL, 0), | |
35 | ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM, objectDigestInfo, OSSL_OBJECT_DIGEST_INFO, 1), | |
36 | } ASN1_SEQUENCE_END(X509_ACERT_ISSUER_V2FORM) | |
37 | ||
38 | ASN1_CHOICE(X509_ACERT_ISSUER) = { | |
39 | ASN1_SEQUENCE_OF(X509_ACERT_ISSUER, u.v1Form, GENERAL_NAME), | |
40 | ASN1_IMP(X509_ACERT_ISSUER, u.v2Form, X509_ACERT_ISSUER_V2FORM, 0), | |
41 | } ASN1_CHOICE_END(X509_ACERT_ISSUER) | |
42 | ||
43 | ASN1_SEQUENCE(X509_HOLDER) = { | |
44 | ASN1_IMP_OPT(X509_HOLDER, baseCertificateID, OSSL_ISSUER_SERIAL, 0), | |
45 | ASN1_IMP_SEQUENCE_OF_OPT(X509_HOLDER, entityName, GENERAL_NAME, 1), | |
46 | ASN1_IMP_OPT(X509_HOLDER, objectDigestInfo, OSSL_OBJECT_DIGEST_INFO, 2), | |
47 | } ASN1_SEQUENCE_END(X509_HOLDER) | |
48 | ||
49 | ASN1_SEQUENCE(X509_ACERT_INFO) = { | |
50 | ASN1_EMBED(X509_ACERT_INFO, version, ASN1_INTEGER), | |
51 | ASN1_EMBED(X509_ACERT_INFO, holder, X509_HOLDER), | |
52 | ASN1_EMBED(X509_ACERT_INFO, issuer, X509_ACERT_ISSUER), | |
53 | ASN1_EMBED(X509_ACERT_INFO, signature, X509_ALGOR), | |
54 | ASN1_EMBED(X509_ACERT_INFO, serialNumber, ASN1_INTEGER), | |
55 | ASN1_EMBED(X509_ACERT_INFO, validityPeriod, X509_VAL), | |
56 | ASN1_SEQUENCE_OF(X509_ACERT_INFO, attributes, X509_ATTRIBUTE), | |
57 | ASN1_OPT(X509_ACERT_INFO, issuerUID, ASN1_BIT_STRING), | |
58 | ASN1_SEQUENCE_OF_OPT(X509_ACERT_INFO, extensions, X509_EXTENSION), | |
59 | } ASN1_SEQUENCE_END(X509_ACERT_INFO) | |
60 | ||
61 | ASN1_SEQUENCE(X509_ACERT) = { | |
62 | ASN1_SIMPLE(X509_ACERT, acinfo, X509_ACERT_INFO), | |
63 | ASN1_EMBED(X509_ACERT, sig_alg, X509_ALGOR), | |
64 | ASN1_EMBED(X509_ACERT, signature, ASN1_BIT_STRING), | |
65 | } ASN1_SEQUENCE_END(X509_ACERT) | |
66 | ||
67 | IMPLEMENT_ASN1_FUNCTIONS(X509_ACERT) | |
68 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ACERT) | |
69 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO) | |
70 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL) | |
71 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO) | |
72 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM) | |
73 | ||
74 | IMPLEMENT_PEM_rw(X509_ACERT, X509_ACERT, PEM_STRING_ACERT, X509_ACERT) | |
75 | ||
9e1a8b5e DHG |
76 | static X509_NAME *get_dirName(const GENERAL_NAMES *names) |
77 | { | |
78 | GENERAL_NAME *dirName; | |
79 | ||
80 | if (sk_GENERAL_NAME_num(names) != 1) | |
81 | return NULL; | |
82 | ||
83 | dirName = sk_GENERAL_NAME_value(names, 0); | |
84 | if (dirName->type != GEN_DIRNAME) | |
85 | return NULL; | |
86 | ||
87 | return dirName->d.directoryName; | |
88 | } | |
89 | ||
90 | void OSSL_OBJECT_DIGEST_INFO_get0_digest(const OSSL_OBJECT_DIGEST_INFO *o, | |
91 | int *digestedObjectType, | |
92 | const X509_ALGOR **digestAlgorithm, | |
93 | const ASN1_BIT_STRING **digest) | |
94 | { | |
95 | if (digestedObjectType != NULL) | |
96 | *digestedObjectType = ASN1_ENUMERATED_get(&o->digestedObjectType); | |
97 | if (digestAlgorithm != NULL) | |
98 | *digestAlgorithm = &o->digestAlgorithm; | |
99 | if (digest != NULL) | |
100 | *digest = &o->objectDigest; | |
101 | } | |
102 | ||
103 | const X509_NAME *OSSL_ISSUER_SERIAL_get0_issuer(const OSSL_ISSUER_SERIAL *isss) | |
104 | { | |
105 | return get_dirName(isss->issuer); | |
106 | } | |
107 | ||
108 | const ASN1_INTEGER *OSSL_ISSUER_SERIAL_get0_serial(const OSSL_ISSUER_SERIAL *isss) | |
109 | { | |
110 | return &isss->serial; | |
111 | } | |
112 | ||
113 | const ASN1_BIT_STRING *OSSL_ISSUER_SERIAL_get0_issuerUID(const OSSL_ISSUER_SERIAL *isss) | |
114 | { | |
115 | return isss->issuerUID; | |
116 | } | |
117 | ||
118 | long X509_ACERT_get_version(const X509_ACERT *x) | |
119 | { | |
120 | return ASN1_INTEGER_get(&x->acinfo->version); | |
121 | } | |
122 | ||
123 | void X509_ACERT_get0_signature(const X509_ACERT *x, | |
124 | const ASN1_BIT_STRING **psig, | |
125 | const X509_ALGOR **palg) | |
126 | { | |
127 | if (psig != NULL) | |
128 | *psig = &x->signature; | |
129 | if (palg != NULL) | |
130 | *palg = &x->sig_alg; | |
131 | } | |
132 | ||
133 | int X509_ACERT_get_signature_nid(const X509_ACERT *x) | |
134 | { | |
135 | return OBJ_obj2nid(x->sig_alg.algorithm); | |
136 | } | |
137 | ||
138 | const GENERAL_NAMES *X509_ACERT_get0_holder_entityName(const X509_ACERT *x) | |
139 | { | |
140 | return x->acinfo->holder.entityName; | |
141 | } | |
142 | ||
143 | const OSSL_ISSUER_SERIAL *X509_ACERT_get0_holder_baseCertId(const X509_ACERT *x) | |
144 | { | |
145 | return x->acinfo->holder.baseCertificateID; | |
146 | } | |
147 | ||
148 | const OSSL_OBJECT_DIGEST_INFO *X509_ACERT_get0_holder_digest(const X509_ACERT *x) | |
149 | { | |
150 | return x->acinfo->holder.objectDigestInfo; | |
151 | } | |
152 | ||
153 | const X509_NAME *X509_ACERT_get0_issuerName(const X509_ACERT *x) | |
154 | { | |
155 | if (x->acinfo->issuer.type != X509_ACERT_ISSUER_V2 | |
156 | || x->acinfo->issuer.u.v2Form == NULL) | |
157 | return NULL; | |
158 | ||
159 | return get_dirName(x->acinfo->issuer.u.v2Form->issuerName); | |
160 | } | |
161 | ||
162 | const ASN1_BIT_STRING *X509_ACERT_get0_issuerUID(const X509_ACERT *x) | |
163 | { | |
164 | return x->acinfo->issuerUID; | |
165 | } | |
166 | ||
167 | const X509_ALGOR *X509_ACERT_get0_info_sigalg(const X509_ACERT *x) | |
168 | { | |
169 | return &x->acinfo->signature; | |
170 | } | |
171 | ||
172 | const ASN1_INTEGER *X509_ACERT_get0_serialNumber(const X509_ACERT *x) | |
173 | { | |
174 | return &x->acinfo->serialNumber; | |
175 | } | |
176 | ||
177 | const ASN1_GENERALIZEDTIME *X509_ACERT_get0_notBefore(const X509_ACERT *x) | |
178 | { | |
179 | return x->acinfo->validityPeriod.notBefore; | |
180 | } | |
181 | ||
182 | const ASN1_GENERALIZEDTIME *X509_ACERT_get0_notAfter(const X509_ACERT *x) | |
183 | { | |
184 | return x->acinfo->validityPeriod.notAfter; | |
185 | } | |
62960b87 DHG |
186 | |
187 | /* Attribute management functions */ | |
188 | ||
189 | int X509_ACERT_get_attr_count(const X509_ACERT *x) | |
190 | { | |
191 | return X509at_get_attr_count(x->acinfo->attributes); | |
192 | } | |
193 | ||
194 | int X509_ACERT_get_attr_by_NID(const X509_ACERT *x, int nid, int lastpos) | |
195 | { | |
196 | return X509at_get_attr_by_NID(x->acinfo->attributes, nid, lastpos); | |
197 | } | |
198 | ||
199 | int X509_ACERT_get_attr_by_OBJ(const X509_ACERT *x, const ASN1_OBJECT *obj, | |
200 | int lastpos) | |
201 | { | |
202 | return X509at_get_attr_by_OBJ(x->acinfo->attributes, obj, lastpos); | |
203 | } | |
204 | ||
205 | X509_ATTRIBUTE *X509_ACERT_get_attr(const X509_ACERT *x, int loc) | |
206 | { | |
207 | return X509at_get_attr(x->acinfo->attributes, loc); | |
208 | } | |
209 | ||
210 | X509_ATTRIBUTE *X509_ACERT_delete_attr(X509_ACERT *x, int loc) | |
211 | { | |
212 | return X509at_delete_attr(x->acinfo->attributes, loc); | |
213 | } | |
214 | ||
215 | int X509_ACERT_add1_attr(X509_ACERT *x, X509_ATTRIBUTE *attr) | |
216 | { | |
217 | STACK_OF(X509_ATTRIBUTE) **attrs = &x->acinfo->attributes; | |
218 | ||
219 | return X509at_add1_attr(attrs, attr) != NULL; | |
220 | } | |
221 | ||
222 | int X509_ACERT_add1_attr_by_OBJ(X509_ACERT *x, const ASN1_OBJECT *obj, | |
223 | int type, const void *bytes, int len) | |
224 | { | |
225 | STACK_OF(X509_ATTRIBUTE) **attrs = &x->acinfo->attributes; | |
226 | ||
227 | return X509at_add1_attr_by_OBJ(attrs, obj, type, bytes, len) != NULL; | |
228 | } | |
229 | ||
230 | int X509_ACERT_add1_attr_by_NID(X509_ACERT *x, int nid, int type, | |
231 | const void *bytes, int len) | |
232 | { | |
233 | STACK_OF(X509_ATTRIBUTE) **attrs = &x->acinfo->attributes; | |
234 | ||
235 | return X509at_add1_attr_by_NID(attrs, nid, type, bytes, len) != NULL; | |
236 | } | |
237 | ||
238 | int X509_ACERT_add1_attr_by_txt(X509_ACERT *x, const char *attrname, int type, | |
239 | const unsigned char *bytes, int len) | |
240 | { | |
241 | STACK_OF(X509_ATTRIBUTE) **attrs = &x->acinfo->attributes; | |
242 | ||
243 | return X509at_add1_attr_by_txt(attrs, attrname, type, bytes, len) != NULL; | |
244 | } |