]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
d2e9e320 | 2 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. |
4acc3e90 | 3 | * |
d2e9e320 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
4acc3e90 DSH |
8 | */ |
9 | ||
b39fc560 | 10 | #include "internal/cryptlib.h" |
4acc3e90 DSH |
11 | #include <openssl/x509.h> |
12 | #include <openssl/x509v3.h> | |
94e84f5e | 13 | #include "internal/x509_int.h" |
4acc3e90 DSH |
14 | |
15 | #include "pcy_int.h" | |
16 | ||
0f113f3e MC |
17 | /* |
18 | * Set policy mapping entries in cache. Note: this modifies the passed | |
19 | * POLICY_MAPPINGS structure | |
4acc3e90 DSH |
20 | */ |
21 | ||
22 | int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) | |
0f113f3e MC |
23 | { |
24 | POLICY_MAPPING *map; | |
25 | X509_POLICY_DATA *data; | |
26 | X509_POLICY_CACHE *cache = x->policy_cache; | |
27 | int i; | |
28 | int ret = 0; | |
29 | if (sk_POLICY_MAPPING_num(maps) == 0) { | |
30 | ret = -1; | |
31 | goto bad_mapping; | |
32 | } | |
33 | for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { | |
34 | map = sk_POLICY_MAPPING_value(maps, i); | |
35 | /* Reject if map to or from anyPolicy */ | |
36 | if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) | |
37 | || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) { | |
38 | ret = -1; | |
39 | goto bad_mapping; | |
40 | } | |
4acc3e90 | 41 | |
0f113f3e MC |
42 | /* Attempt to find matching policy data */ |
43 | data = policy_cache_find_data(cache, map->issuerDomainPolicy); | |
44 | /* If we don't have anyPolicy can't map */ | |
90945fa3 | 45 | if (data == NULL && !cache->anyPolicy) |
0f113f3e | 46 | continue; |
4acc3e90 | 47 | |
0f113f3e | 48 | /* Create a NODE from anyPolicy */ |
90945fa3 | 49 | if (data == NULL) { |
0f113f3e MC |
50 | data = policy_data_new(NULL, map->issuerDomainPolicy, |
51 | cache->anyPolicy->flags | |
52 | & POLICY_DATA_FLAG_CRITICAL); | |
90945fa3 | 53 | if (data == NULL) |
0f113f3e MC |
54 | goto bad_mapping; |
55 | data->qualifier_set = cache->anyPolicy->qualifier_set; | |
56 | /* | |
57 | * map->issuerDomainPolicy = NULL; | |
58 | */ | |
59 | data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; | |
60 | data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; | |
61 | if (!sk_X509_POLICY_DATA_push(cache->data, data)) { | |
62 | policy_data_free(data); | |
63 | goto bad_mapping; | |
64 | } | |
65 | } else | |
66 | data->flags |= POLICY_DATA_FLAG_MAPPED; | |
67 | if (!sk_ASN1_OBJECT_push(data->expected_policy_set, | |
68 | map->subjectDomainPolicy)) | |
69 | goto bad_mapping; | |
70 | map->subjectDomainPolicy = NULL; | |
4acc3e90 | 71 | |
0f113f3e | 72 | } |
4acc3e90 | 73 | |
0f113f3e MC |
74 | ret = 1; |
75 | bad_mapping: | |
76 | if (ret == -1) | |
77 | x->ex_flags |= EXFLAG_INVALID_POLICY; | |
78 | sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); | |
79 | return ret; | |
4acc3e90 | 80 | |
0f113f3e | 81 | } |