2 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <crypto/ctype.h>
12 #include <openssl/asn1t.h>
13 #include <openssl/err.h>
14 #include <openssl/x509.h>
15 #include <openssl/x509v3.h>
16 #include "x509_acert.h"
19 * OpenSSL ASN.1 template translation of RFC 5755 4.1.
22 ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO
) = {
23 ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO
, digestedObjectType
, ASN1_ENUMERATED
),
24 ASN1_OPT(OSSL_OBJECT_DIGEST_INFO
, otherObjectTypeID
, ASN1_OBJECT
),
25 ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO
, digestAlgorithm
, X509_ALGOR
),
26 ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO
, objectDigest
, ASN1_BIT_STRING
),
27 } ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO
)
29 ASN1_SEQUENCE(OSSL_ISSUER_SERIAL
) = {
30 ASN1_SEQUENCE_OF(OSSL_ISSUER_SERIAL
, issuer
, GENERAL_NAME
),
31 ASN1_EMBED(OSSL_ISSUER_SERIAL
, serial
, ASN1_INTEGER
),
32 ASN1_OPT(OSSL_ISSUER_SERIAL
, issuerUID
, ASN1_BIT_STRING
),
33 } ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL
)
35 ASN1_SEQUENCE(X509_ACERT_ISSUER_V2FORM
) = {
36 ASN1_SEQUENCE_OF_OPT(X509_ACERT_ISSUER_V2FORM
, issuerName
, GENERAL_NAME
),
37 ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM
, baseCertificateId
, OSSL_ISSUER_SERIAL
, 0),
38 ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM
, objectDigestInfo
, OSSL_OBJECT_DIGEST_INFO
, 1),
39 } ASN1_SEQUENCE_END(X509_ACERT_ISSUER_V2FORM
)
41 ASN1_CHOICE(X509_ACERT_ISSUER
) = {
42 ASN1_SEQUENCE_OF(X509_ACERT_ISSUER
, u
.v1Form
, GENERAL_NAME
),
43 ASN1_IMP(X509_ACERT_ISSUER
, u
.v2Form
, X509_ACERT_ISSUER_V2FORM
, 0),
44 } ASN1_CHOICE_END(X509_ACERT_ISSUER
)
46 ASN1_SEQUENCE(X509_HOLDER
) = {
47 ASN1_IMP_OPT(X509_HOLDER
, baseCertificateID
, OSSL_ISSUER_SERIAL
, 0),
48 ASN1_IMP_SEQUENCE_OF_OPT(X509_HOLDER
, entityName
, GENERAL_NAME
, 1),
49 ASN1_IMP_OPT(X509_HOLDER
, objectDigestInfo
, OSSL_OBJECT_DIGEST_INFO
, 2),
50 } ASN1_SEQUENCE_END(X509_HOLDER
)
52 ASN1_SEQUENCE(X509_ACERT_INFO
) = {
53 ASN1_EMBED(X509_ACERT_INFO
, version
, ASN1_INTEGER
),
54 ASN1_EMBED(X509_ACERT_INFO
, holder
, X509_HOLDER
),
55 ASN1_EMBED(X509_ACERT_INFO
, issuer
, X509_ACERT_ISSUER
),
56 ASN1_EMBED(X509_ACERT_INFO
, signature
, X509_ALGOR
),
57 ASN1_EMBED(X509_ACERT_INFO
, serialNumber
, ASN1_INTEGER
),
58 ASN1_EMBED(X509_ACERT_INFO
, validityPeriod
, X509_VAL
),
59 ASN1_SEQUENCE_OF(X509_ACERT_INFO
, attributes
, X509_ATTRIBUTE
),
60 ASN1_OPT(X509_ACERT_INFO
, issuerUID
, ASN1_BIT_STRING
),
61 ASN1_SEQUENCE_OF_OPT(X509_ACERT_INFO
, extensions
, X509_EXTENSION
),
62 } ASN1_SEQUENCE_END(X509_ACERT_INFO
)
64 ASN1_SEQUENCE(X509_ACERT
) = {
65 ASN1_SIMPLE(X509_ACERT
, acinfo
, X509_ACERT_INFO
),
66 ASN1_EMBED(X509_ACERT
, sig_alg
, X509_ALGOR
),
67 ASN1_EMBED(X509_ACERT
, signature
, ASN1_BIT_STRING
),
68 } ASN1_SEQUENCE_END(X509_ACERT
)
70 IMPLEMENT_ASN1_FUNCTIONS(X509_ACERT
)
71 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ACERT
)
72 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO
)
73 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL
)
74 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO
)
75 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM
)
77 IMPLEMENT_PEM_rw(X509_ACERT
, X509_ACERT
, PEM_STRING_ACERT
, X509_ACERT
)
79 static X509_NAME
*get_dirName(const GENERAL_NAMES
*names
)
81 GENERAL_NAME
*dirName
;
83 if (sk_GENERAL_NAME_num(names
) != 1)
86 dirName
= sk_GENERAL_NAME_value(names
, 0);
87 if (dirName
->type
!= GEN_DIRNAME
)
90 return dirName
->d
.directoryName
;
93 void OSSL_OBJECT_DIGEST_INFO_get0_digest(const OSSL_OBJECT_DIGEST_INFO
*o
,
94 int *digestedObjectType
,
95 const X509_ALGOR
**digestAlgorithm
,
96 const ASN1_BIT_STRING
**digest
)
98 if (digestedObjectType
!= NULL
)
99 *digestedObjectType
= ASN1_ENUMERATED_get(&o
->digestedObjectType
);
100 if (digestAlgorithm
!= NULL
)
101 *digestAlgorithm
= &o
->digestAlgorithm
;
103 *digest
= &o
->objectDigest
;
106 const X509_NAME
*OSSL_ISSUER_SERIAL_get0_issuer(const OSSL_ISSUER_SERIAL
*isss
)
108 return get_dirName(isss
->issuer
);
111 const ASN1_INTEGER
*OSSL_ISSUER_SERIAL_get0_serial(const OSSL_ISSUER_SERIAL
*isss
)
113 return &isss
->serial
;
116 const ASN1_BIT_STRING
*OSSL_ISSUER_SERIAL_get0_issuerUID(const OSSL_ISSUER_SERIAL
*isss
)
118 return isss
->issuerUID
;
121 long X509_ACERT_get_version(const X509_ACERT
*x
)
123 return ASN1_INTEGER_get(&x
->acinfo
->version
);
126 void X509_ACERT_get0_signature(const X509_ACERT
*x
,
127 const ASN1_BIT_STRING
**psig
,
128 const X509_ALGOR
**palg
)
131 *psig
= &x
->signature
;
136 int X509_ACERT_get_signature_nid(const X509_ACERT
*x
)
138 return OBJ_obj2nid(x
->sig_alg
.algorithm
);
141 const GENERAL_NAMES
*X509_ACERT_get0_holder_entityName(const X509_ACERT
*x
)
143 return x
->acinfo
->holder
.entityName
;
146 const OSSL_ISSUER_SERIAL
*X509_ACERT_get0_holder_baseCertId(const X509_ACERT
*x
)
148 return x
->acinfo
->holder
.baseCertificateID
;
151 const OSSL_OBJECT_DIGEST_INFO
*X509_ACERT_get0_holder_digest(const X509_ACERT
*x
)
153 return x
->acinfo
->holder
.objectDigestInfo
;
156 const X509_NAME
*X509_ACERT_get0_issuerName(const X509_ACERT
*x
)
158 if (x
->acinfo
->issuer
.type
!= X509_ACERT_ISSUER_V2
159 || x
->acinfo
->issuer
.u
.v2Form
== NULL
)
162 return get_dirName(x
->acinfo
->issuer
.u
.v2Form
->issuerName
);
165 const ASN1_BIT_STRING
*X509_ACERT_get0_issuerUID(const X509_ACERT
*x
)
167 return x
->acinfo
->issuerUID
;
170 const X509_ALGOR
*X509_ACERT_get0_info_sigalg(const X509_ACERT
*x
)
172 return &x
->acinfo
->signature
;
175 const ASN1_INTEGER
*X509_ACERT_get0_serialNumber(const X509_ACERT
*x
)
177 return &x
->acinfo
->serialNumber
;
180 const ASN1_GENERALIZEDTIME
*X509_ACERT_get0_notBefore(const X509_ACERT
*x
)
182 return x
->acinfo
->validityPeriod
.notBefore
;
185 const ASN1_GENERALIZEDTIME
*X509_ACERT_get0_notAfter(const X509_ACERT
*x
)
187 return x
->acinfo
->validityPeriod
.notAfter
;
190 /* Attribute management functions */
192 int X509_ACERT_get_attr_count(const X509_ACERT
*x
)
194 return X509at_get_attr_count(x
->acinfo
->attributes
);
197 int X509_ACERT_get_attr_by_NID(const X509_ACERT
*x
, int nid
, int lastpos
)
199 return X509at_get_attr_by_NID(x
->acinfo
->attributes
, nid
, lastpos
);
202 int X509_ACERT_get_attr_by_OBJ(const X509_ACERT
*x
, const ASN1_OBJECT
*obj
,
205 return X509at_get_attr_by_OBJ(x
->acinfo
->attributes
, obj
, lastpos
);
208 X509_ATTRIBUTE
*X509_ACERT_get_attr(const X509_ACERT
*x
, int loc
)
210 return X509at_get_attr(x
->acinfo
->attributes
, loc
);
213 X509_ATTRIBUTE
*X509_ACERT_delete_attr(X509_ACERT
*x
, int loc
)
215 return X509at_delete_attr(x
->acinfo
->attributes
, loc
);
218 int X509_ACERT_add1_attr(X509_ACERT
*x
, X509_ATTRIBUTE
*attr
)
220 STACK_OF(X509_ATTRIBUTE
) **attrs
= &x
->acinfo
->attributes
;
222 return X509at_add1_attr(attrs
, attr
) != NULL
;
225 int X509_ACERT_add1_attr_by_OBJ(X509_ACERT
*x
, const ASN1_OBJECT
*obj
,
226 int type
, const void *bytes
, int len
)
228 STACK_OF(X509_ATTRIBUTE
) **attrs
= &x
->acinfo
->attributes
;
230 return X509at_add1_attr_by_OBJ(attrs
, obj
, type
, bytes
, len
) != NULL
;
233 int X509_ACERT_add1_attr_by_NID(X509_ACERT
*x
, int nid
, int type
,
234 const void *bytes
, int len
)
236 STACK_OF(X509_ATTRIBUTE
) **attrs
= &x
->acinfo
->attributes
;
238 return X509at_add1_attr_by_NID(attrs
, nid
, type
, bytes
, len
) != NULL
;
241 int X509_ACERT_add1_attr_by_txt(X509_ACERT
*x
, const char *attrname
, int type
,
242 const unsigned char *bytes
, int len
)
244 STACK_OF(X509_ATTRIBUTE
) **attrs
= &x
->acinfo
->attributes
;
246 return X509at_add1_attr_by_txt(attrs
, attrname
, type
, bytes
, len
) != NULL
;
249 static int check_asn1_attribute(const char **value
)
251 const char *p
= *value
;
253 if (strncmp(p
, "ASN1:", 5) != 0)
257 while (ossl_isspace(*p
))
264 int X509_ACERT_add_attr_nconf(CONF
*conf
, const char *section
,
268 STACK_OF(CONF_VALUE
) *attr_sk
= NCONF_get_section(conf
, section
);
273 for (i
= 0; i
< sk_CONF_VALUE_num(attr_sk
); i
++) {
274 CONF_VALUE
*v
= sk_CONF_VALUE_value(attr_sk
, i
);
275 const char *value
= v
->value
;
278 ERR_raise_data(ERR_LIB_X509
, X509_R_INVALID_ATTRIBUTES
,
279 "name=%s,section=%s",v
->name
, section
);
283 if (check_asn1_attribute(&value
) == 1) {
285 unsigned char *att_data
= NULL
;
286 ASN1_TYPE
*asn1
= ASN1_generate_nconf(value
, conf
);
291 att_len
= i2d_ASN1_TYPE(asn1
, &att_data
);
293 ret
= X509_ACERT_add1_attr_by_txt(acert
, v
->name
, V_ASN1_SEQUENCE
,
295 OPENSSL_free(att_data
);
296 ASN1_TYPE_free(asn1
);
301 ret
= X509_ACERT_add1_attr_by_txt(acert
, v
->name
,
303 (unsigned char *)value
,
314 void *X509_ACERT_get_ext_d2i(const X509_ACERT
*x
, int nid
, int *crit
, int *idx
)
316 return X509V3_get_d2i(x
->acinfo
->extensions
, nid
, crit
, idx
);
319 int X509_ACERT_add1_ext_i2d(X509_ACERT
*x
, int nid
, void *value
, int crit
,
322 return X509V3_add1_i2d(&x
->acinfo
->extensions
, nid
, value
, crit
, flags
);
325 const STACK_OF(X509_EXTENSION
) *X509_ACERT_get0_extensions(const X509_ACERT
*x
)
327 return x
->acinfo
->extensions
;