2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/conf.h>
13 #include <openssl/asn1.h>
14 #include <openssl/asn1t.h>
15 #include <openssl/x509v3.h>
18 static STACK_OF(CONF_VALUE
) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD
*method
,
19 AUTHORITY_KEYID
*akeyid
,
22 static AUTHORITY_KEYID
*v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD
*method
,
24 STACK_OF(CONF_VALUE
) *values
);
26 const X509V3_EXT_METHOD v3_akey_id
= {
27 NID_authority_key_identifier
,
28 X509V3_EXT_MULTILINE
, ASN1_ITEM_ref(AUTHORITY_KEYID
),
31 (X509V3_EXT_I2V
) i2v_AUTHORITY_KEYID
,
32 (X509V3_EXT_V2I
)v2i_AUTHORITY_KEYID
,
37 static STACK_OF(CONF_VALUE
) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD
*method
,
38 AUTHORITY_KEYID
*akeyid
,
44 tmp
= OPENSSL_buf2hexstr(akeyid
->keyid
->data
, akeyid
->keyid
->length
);
45 X509V3_add_value((akeyid
->issuer
|| akeyid
->serial
) ? "keyid" : NULL
, tmp
, &extlist
);
49 extlist
= i2v_GENERAL_NAMES(NULL
, akeyid
->issuer
, extlist
);
51 tmp
= OPENSSL_buf2hexstr(akeyid
->serial
->data
, akeyid
->serial
->length
);
52 X509V3_add_value("serial", tmp
, &extlist
);
59 * Currently two options:
60 * keyid: use the issuers subject keyid, the value 'always' means its is
61 * an error if the issuer certificate doesn't have a key id.
62 * issuer: use the issuers cert issuer and serial number. The default is
63 * to only use this if keyid is not present. With the option 'always'
64 * this is always included.
67 static AUTHORITY_KEYID
*v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD
*method
,
69 STACK_OF(CONF_VALUE
) *values
)
71 char keyid
= 0, issuer
= 0;
74 ASN1_OCTET_STRING
*ikeyid
= NULL
;
75 X509_NAME
*isname
= NULL
;
76 GENERAL_NAMES
*gens
= NULL
;
77 GENERAL_NAME
*gen
= NULL
;
78 ASN1_INTEGER
*serial
= NULL
;
81 AUTHORITY_KEYID
*akeyid
;
83 for (i
= 0; i
< sk_CONF_VALUE_num(values
); i
++) {
84 cnf
= sk_CONF_VALUE_value(values
, i
);
85 if (strcmp(cnf
->name
, "keyid") == 0) {
87 if (cnf
->value
&& strcmp(cnf
->value
, "always") == 0)
89 } else if (strcmp(cnf
->name
, "issuer") == 0) {
91 if (cnf
->value
&& strcmp(cnf
->value
, "always") == 0)
94 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID
, X509V3_R_UNKNOWN_OPTION
);
95 ERR_add_error_data(2, "name=", cnf
->name
);
100 if (!ctx
|| !ctx
->issuer_cert
) {
101 if (ctx
&& (ctx
->flags
== CTX_TEST
))
102 return AUTHORITY_KEYID_new();
103 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID
,
104 X509V3_R_NO_ISSUER_CERTIFICATE
);
108 cert
= ctx
->issuer_cert
;
111 i
= X509_get_ext_by_NID(cert
, NID_subject_key_identifier
, -1);
112 if ((i
>= 0) && (ext
= X509_get_ext(cert
, i
)))
113 ikeyid
= X509V3_EXT_d2i(ext
);
114 if (keyid
== 2 && !ikeyid
) {
115 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID
,
116 X509V3_R_UNABLE_TO_GET_ISSUER_KEYID
);
121 if ((issuer
&& !ikeyid
) || (issuer
== 2)) {
122 isname
= X509_NAME_dup(X509_get_issuer_name(cert
));
123 serial
= ASN1_INTEGER_dup(X509_get_serialNumber(cert
));
124 if (!isname
|| !serial
) {
125 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID
,
126 X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS
);
131 if ((akeyid
= AUTHORITY_KEYID_new()) == NULL
)
135 if ((gens
= sk_GENERAL_NAME_new_null()) == NULL
136 || (gen
= GENERAL_NAME_new()) == NULL
137 || !sk_GENERAL_NAME_push(gens
, gen
)) {
138 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID
, ERR_R_MALLOC_FAILURE
);
141 gen
->type
= GEN_DIRNAME
;
142 gen
->d
.dirn
= isname
;
145 akeyid
->issuer
= gens
;
148 akeyid
->serial
= serial
;
149 akeyid
->keyid
= ikeyid
;
154 sk_GENERAL_NAME_free(gens
);
155 GENERAL_NAME_free(gen
);
156 X509_NAME_free(isname
);
157 ASN1_INTEGER_free(serial
);
158 ASN1_OCTET_STRING_free(ikeyid
);