]>
Commit | Line | Data |
---|---|---|
4acc3e90 | 1 | /* pcy_int.h */ |
ae5c8664 MC |
2 | /* |
3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
4 | * 2004. | |
4acc3e90 DSH |
5 | */ |
6 | /* ==================================================================== | |
7 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
ae5c8664 | 14 | * notice, this list of conditions and the following disclaimer. |
4acc3e90 DSH |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * licensing@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | * | |
54 | * This product includes cryptographic software written by Eric Young | |
55 | * (eay@cryptsoft.com). This product includes software written by Tim | |
56 | * Hudson (tjh@cryptsoft.com). | |
57 | * | |
58 | */ | |
59 | ||
4acc3e90 | 60 | typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; |
4acc3e90 | 61 | |
3c07d3a3 | 62 | DECLARE_STACK_OF(X509_POLICY_DATA) |
3c07d3a3 | 63 | |
4acc3e90 DSH |
64 | /* Internal structures */ |
65 | ||
ae5c8664 MC |
66 | /* |
67 | * This structure and the field names correspond to the Policy 'node' of | |
68 | * RFC3280. NB this structure contains no pointers to parent or child data: | |
69 | * X509_POLICY_NODE contains that. This means that the main policy data can | |
70 | * be kept static and cached with the certificate. | |
4acc3e90 DSH |
71 | */ |
72 | ||
ae5c8664 MC |
73 | struct X509_POLICY_DATA_st { |
74 | unsigned int flags; | |
75 | /* Policy OID and qualifiers for this data */ | |
76 | ASN1_OBJECT *valid_policy; | |
77 | STACK_OF(POLICYQUALINFO) *qualifier_set; | |
78 | STACK_OF(ASN1_OBJECT) *expected_policy_set; | |
79 | }; | |
4acc3e90 DSH |
80 | |
81 | /* X509_POLICY_DATA flags values */ | |
82 | ||
ae5c8664 MC |
83 | /* |
84 | * This flag indicates the structure has been mapped using a policy mapping | |
85 | * extension. If policy mapping is not active its references get deleted. | |
4acc3e90 DSH |
86 | */ |
87 | ||
ae5c8664 | 88 | #define POLICY_DATA_FLAG_MAPPED 0x1 |
4acc3e90 | 89 | |
ae5c8664 MC |
90 | /* |
91 | * This flag indicates the data doesn't correspond to a policy in Certificate | |
4acc3e90 DSH |
92 | * Policies: it has been mapped to any policy. |
93 | */ | |
94 | ||
ae5c8664 | 95 | #define POLICY_DATA_FLAG_MAPPED_ANY 0x2 |
4acc3e90 DSH |
96 | |
97 | /* AND with flags to see if any mapping has occurred */ | |
98 | ||
ae5c8664 | 99 | #define POLICY_DATA_FLAG_MAP_MASK 0x3 |
4acc3e90 DSH |
100 | |
101 | /* qualifiers are shared and shouldn't be freed */ | |
102 | ||
ae5c8664 | 103 | #define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 |
4acc3e90 DSH |
104 | |
105 | /* Parent node is an extra node and should be freed */ | |
106 | ||
ae5c8664 | 107 | #define POLICY_DATA_FLAG_EXTRA_NODE 0x8 |
4acc3e90 DSH |
108 | |
109 | /* Corresponding CertificatePolicies is critical */ | |
110 | ||
ae5c8664 | 111 | #define POLICY_DATA_FLAG_CRITICAL 0x10 |
4acc3e90 | 112 | |
4acc3e90 DSH |
113 | /* This structure is cached with a certificate */ |
114 | ||
115 | struct X509_POLICY_CACHE_st { | |
ae5c8664 MC |
116 | /* anyPolicy data or NULL if no anyPolicy */ |
117 | X509_POLICY_DATA *anyPolicy; | |
118 | /* other policy data */ | |
119 | STACK_OF(X509_POLICY_DATA) *data; | |
120 | /* If InhibitAnyPolicy present this is its value or -1 if absent. */ | |
121 | long any_skip; | |
122 | /* | |
123 | * If policyConstraints and requireExplicitPolicy present this is its | |
124 | * value or -1 if absent. | |
125 | */ | |
126 | long explicit_skip; | |
127 | /* | |
128 | * If policyConstraints and policyMapping present this is its value or -1 | |
129 | * if absent. | |
130 | */ | |
131 | long map_skip; | |
132 | }; | |
133 | ||
134 | /* | |
135 | * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL | |
136 | */ | |
4acc3e90 DSH |
137 | |
138 | /* This structure represents the relationship between nodes */ | |
139 | ||
ae5c8664 MC |
140 | struct X509_POLICY_NODE_st { |
141 | /* node data this refers to */ | |
142 | const X509_POLICY_DATA *data; | |
143 | /* Parent node */ | |
144 | X509_POLICY_NODE *parent; | |
145 | /* Number of child nodes */ | |
146 | int nchild; | |
147 | }; | |
148 | ||
149 | struct X509_POLICY_LEVEL_st { | |
150 | /* Cert for this level */ | |
151 | X509 *cert; | |
152 | /* nodes at this level */ | |
153 | STACK_OF(X509_POLICY_NODE) *nodes; | |
154 | /* anyPolicy node */ | |
155 | X509_POLICY_NODE *anyPolicy; | |
156 | /* Extra data */ | |
157 | /* | |
158 | * STACK_OF(X509_POLICY_DATA) *extra_data; | |
159 | */ | |
160 | unsigned int flags; | |
161 | }; | |
162 | ||
163 | struct X509_POLICY_TREE_st { | |
164 | /* This is the tree 'level' data */ | |
165 | X509_POLICY_LEVEL *levels; | |
166 | int nlevel; | |
167 | /* | |
168 | * Extra policy data when additional nodes (not from the certificate) are | |
169 | * required. | |
170 | */ | |
171 | STACK_OF(X509_POLICY_DATA) *extra_data; | |
172 | /* This is the authority constained policy set */ | |
173 | STACK_OF(X509_POLICY_NODE) *auth_policies; | |
174 | STACK_OF(X509_POLICY_NODE) *user_policies; | |
175 | unsigned int flags; | |
176 | }; | |
4acc3e90 DSH |
177 | |
178 | /* Set if anyPolicy present in user policies */ | |
ae5c8664 | 179 | #define POLICY_FLAG_ANY_POLICY 0x2 |
4acc3e90 DSH |
180 | |
181 | /* Useful macros */ | |
182 | ||
ecf13991 DSH |
183 | #define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) |
184 | #define node_critical(node) node_data_critical(node->data) | |
4acc3e90 DSH |
185 | |
186 | /* Internal functions */ | |
187 | ||
002e66c0 | 188 | X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, |
ae5c8664 | 189 | int crit); |
4acc3e90 DSH |
190 | void policy_data_free(X509_POLICY_DATA *data); |
191 | ||
192 | X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, | |
ae5c8664 | 193 | const ASN1_OBJECT *id); |
4acc3e90 DSH |
194 | int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); |
195 | ||
4acc3e90 DSH |
196 | STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); |
197 | ||
198 | void policy_cache_init(void); | |
199 | ||
2d2a5ba3 GT |
200 | void policy_cache_free(X509_POLICY_CACHE *cache); |
201 | ||
4acc3e90 | 202 | X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, |
ae5c8664 MC |
203 | const X509_POLICY_NODE *parent, |
204 | const ASN1_OBJECT *id); | |
4acc3e90 | 205 | |
b79c82ea | 206 | X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, |
ae5c8664 | 207 | const ASN1_OBJECT *id); |
4acc3e90 DSH |
208 | |
209 | X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, | |
ae5c8664 MC |
210 | const X509_POLICY_DATA *data, |
211 | X509_POLICY_NODE *parent, | |
212 | X509_POLICY_TREE *tree); | |
4acc3e90 | 213 | void policy_node_free(X509_POLICY_NODE *node); |
002e66c0 | 214 | int policy_node_match(const X509_POLICY_LEVEL *lvl, |
ae5c8664 | 215 | const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); |
4acc3e90 DSH |
216 | |
217 | const X509_POLICY_CACHE *policy_cache_set(X509 *x); |