- Employ libssl's OID parsing rather than implement it from scratch.
- Rename `struct signed_object_args` to `struct ee_cert`, since it's
just a bunch of EE certificate data.
- Remove `struct signed_data`, because it wasn't actually contributing
anything.
#include "asn1/asn1c/CMSAttribute.h"
+#include <openssl/objects.h>
#include "json_util.h"
#include "asn1/asn1c/ContentType.h"
#include "asn1/asn1c/MessageDigest.h"
if (json_object_add(root, "attrValues", array = json_array_new()))
goto fail;
- if (OBJECT_IDENTIFIER_is_ContentType(&cattr->attrType))
+ switch (OBJECT_IDENTIFIER_to_nid(&cattr->attrType)) {
+ case NID_pkcs9_contentType:
td = &asn_DEF_ContentType;
- else if (OBJECT_IDENTIFIER_is_MessageDigest(&cattr->attrType))
+ break;
+ case NID_pkcs9_messageDigest:
td = &asn_DEF_MessageDigest;
- else if (OBJECT_IDENTIFIER_is_SigningTime(&cattr->attrType))
+ break;
+ case NID_pkcs9_signingTime:
td = &asn_DEF_SigningTime;
- else
+ break;
+ default:
td = &asn_DEF_ANY;
+ break;
+ }
for (a = 0; a < cattr->attrValues.list.count; a++) {
tmp = attr2json(td, cattr->attrValues.list.array[a]);
#include "asn1/asn1c/ContentInfo.h"
+#include <openssl/objects.h>
#include "json_util.h"
#include "asn1/asn1c/SignedData.h"
if (json_object_add(parent, "contentType", child))
goto fail;
- if (OBJECT_IDENTIFIER_is_SignedData(&ci->contentType)) {
+ if (OBJECT_IDENTIFIER_to_nid(&ci->contentType) == NID_pkcs7_signed) {
td = &asn_DEF_SignedData;
child = content2json(td, &ci->content);
} else {
#include "asn1/asn1c/EncapsulatedContentInfo.h"
+#include "nid.h"
#include "json_util.h"
#include "asn1/asn1c/Manifest.h"
#include "asn1/asn1c/RouteOriginAttestation.h"
struct EncapsulatedContentInfo const *eci = sptr;
json_t *parent;
json_t *child;
+ int nid;
if (!eci)
return json_null();
if (json_object_add(parent, "eContentType", child))
goto fail;
- if (OBJECT_IDENTIFIER_is_mft(&eci->eContentType)) {
+ nid = OBJECT_IDENTIFIER_to_nid(&eci->eContentType);
+ if (nid == nid_ct_mft()) {
td = &asn_DEF_Manifest;
child = econtent2json(td, eci->eContent);
- } else if (OBJECT_IDENTIFIER_is_roa(&eci->eContentType)) {
+ } else if (nid == nid_ct_roa()) {
td = &asn_DEF_RouteOriginAttestation;
child = econtent2json(td, eci->eContent);
- } else if (OBJECT_IDENTIFIER_is_gbr(&eci->eContentType)) {
+ } else if (nid == nid_ct_gbr()) {
td = &asn_DEF_OCTET_STRING;
child = OCTET_STRING_encode_json_utf8(td, eci->eContent);
} else {
td = &asn_DEF_OCTET_STRING;
child = td->op->json_encoder(td, eci->eContent);
}
+
if (json_object_add(parent, "eContent", child))
goto fail;
#include <assert.h>
#include <errno.h>
+#include <openssl/objects.h>
#include "json_util.h"
#include "asn1/asn1c/INTEGER.h"
size_t len;
};
+int
+OBJECT_IDENTIFIER_to_nid(OBJECT_IDENTIFIER_t const *oid)
+{
+ ASN1_OBJECT *ao;
+ int result;
+
+ ao = ASN1_OBJECT_create(NID_undef, oid->buf, oid->size, NULL, NULL);
+ if (ao == NULL)
+ return NID_undef;
+
+ result = OBJ_obj2nid(ao);
+
+ ASN1_OBJECT_free(ao);
+ return result;
+}
+
static int
bytes2str(const void *addend, size_t addlen, void *arg)
{
char const *
OBJECT_IDENTIFIER_to_string(OBJECT_IDENTIFIER_t const *oid, char *buf)
{
-// printf("\n===========================\n");
-// for (ret = 0; ret < st->size; ret++)
-// printf("%u ", st->buf[ret]);
-// printf("\n===========================\n");
+ char const *sn;
if (!oid || !oid->buf)
return NULL;
- if (OBJECT_IDENTIFIER_is_rsaEncryption(oid))
- return "rsaEncryption";
- if (OBJECT_IDENTIFIER_is_sha256WithRSAEncryption(oid))
- return "sha256WithRSAEncryption";
- if (OBJECT_IDENTIFIER_is_SignedData(oid))
- return "signedData";
- if (OBJECT_IDENTIFIER_is_ContentType(oid))
- return "Content-Type";
- if (OBJECT_IDENTIFIER_is_MessageDigest(oid))
- return "Message-Digest";
- if (OBJECT_IDENTIFIER_is_SigningTime(oid))
- return "Signing-Time";
- if (OBJECT_IDENTIFIER_is_roa(oid))
- return "ROA";
- if (OBJECT_IDENTIFIER_is_mft(oid))
- return "Manifest";
- if (OBJECT_IDENTIFIER_is_gbr(oid))
- return "Ghostbusters";
- if (OBJECT_IDENTIFIER_is_sha256(oid))
- return "sha256";
-
- return OBJECT_IDENTIFIER_to_literal(oid, buf);
+
+ sn = OBJ_nid2sn(OBJECT_IDENTIFIER_to_nid(oid));
+ return (sn != NULL) ? sn : OBJECT_IDENTIFIER_to_literal(oid, buf);
}
json_t *
OBJECT_IDENTIFIER_encode_json(const struct asn_TYPE_descriptor_s *td,
const void *sptr)
{
- const OBJECT_IDENTIFIER_t *oid = (const OBJECT_IDENTIFIER_t *)sptr;
+ const OBJECT_IDENTIFIER_t *oid = sptr;
char buf[OID_STR_MAXLEN];
char const *string;
errno = EINVAL; /* Broken OID */
return -1;
}
-
-static bool
-is_raw(OBJECT_IDENTIFIER_t const *oid, unsigned char const *raw, size_t size)
-{
- return (oid->size == size) && memcmp(oid->buf, raw, size) == 0;
-}
-
-/* FIXME ber_decode_primitive() */
-bool
-OBJECT_IDENTIFIER_is_rsaEncryption(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 1, 1
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_sha256WithRSAEncryption(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 1, 11
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_SignedData(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 7, 2
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_ContentType(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 9, 3
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_MessageDigest(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 9, 4
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_SigningTime(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 9, 5
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_roa(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 9, 16, 1, 24
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_mft(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 9, 16, 1, 26
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_gbr(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = {
- 42, 134, 72, 134, 247, 13, 1, 9, 16, 1, 35
- };
- return is_raw(oid, RAW, sizeof(RAW));
-}
-
-bool
-OBJECT_IDENTIFIER_is_sha256(OBJECT_IDENTIFIER_t const *oid)
-{
- static const unsigned char RAW[] = { 96, 134, 72, 1, 101, 3, 4, 2, 1 };
- return is_raw(oid, RAW, sizeof(RAW));
-}
* Some handy conversion routines *
**********************************/
+int OBJECT_IDENTIFIER_to_nid(OBJECT_IDENTIFIER_t const *);
+
#define OID_STR_MAXLEN 64 /* Null char included */
char const *OBJECT_IDENTIFIER_to_string(OBJECT_IDENTIFIER_t const *, char *);
ssize_t OBJECT_IDENTIFIER_set_single_arc(uint8_t *arcbuf, size_t arcbuf_len,
asn_oid_arc_t arc_value);
-bool OBJECT_IDENTIFIER_is_rsaEncryption(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_sha256WithRSAEncryption(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_SignedData(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_ContentType(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_MessageDigest(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_SigningTime(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_roa(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_mft(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_gbr(OBJECT_IDENTIFIER_t const *oid);
-bool OBJECT_IDENTIFIER_is_sha256(OBJECT_IDENTIFIER_t const *oid);
-
#endif /* _OBJECT_IDENTIFIER_H_ */
static const OID oid_bsta = OID_BINARY_SIGNING_TIME_ATTR;
void
-signed_object_args_init(struct signed_object_args *args,
- struct rpki_uri *uri,
- STACK_OF(X509_CRL) *crls,
- bool force_inherit)
+eecert_init(struct ee_cert *ee, STACK_OF(X509_CRL) *crls, bool force_inherit)
{
- args->res = resources_create(RPKI_POLICY_RFC6484, force_inherit);
- args->uri = uri;
- args->crls = crls;
- memset(&args->refs, 0, sizeof(args->refs));
+ ee->res = resources_create(RPKI_POLICY_RFC6484, force_inherit);
+ ee->crls = crls;
+ memset(&ee->refs, 0, sizeof(ee->refs));
}
void
-signed_object_args_cleanup(struct signed_object_args *args)
+eecert_cleanup(struct ee_cert *ee)
{
- resources_destroy(args->res);
- refs_cleanup(&args->refs);
+ resources_destroy(ee->res);
+ refs_cleanup(&ee->refs);
}
static int
}
static int
-handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args,
+handle_sdata_certificate(ANY_t *cert_encoded, struct ee_cert *ee,
OCTET_STRING_t *sid, ANY_t *signedData, SignatureValue_t *signature)
{
const unsigned char *otmp, *tmp;
x509_name_pr_debug("Issuer", X509_get_issuer_name(cert));
- error = certificate_validate_chain(cert, args->crls);
+ error = certificate_validate_chain(cert, ee->crls);
if (error)
goto end2;
error = certificate_validate_rfc6487(cert, CERTYPE_EE);
if (error)
goto end2;
- error = certificate_validate_extensions_ee(cert, sid, &args->refs,
+ error = certificate_validate_extensions_ee(cert, sid, &ee->refs,
&policy);
if (error)
goto end2;
- error = certificate_validate_aia(args->refs.caIssuers, cert);
+ error = certificate_validate_aia(ee->refs.caIssuers, cert);
if (error)
goto end2;
error = certificate_validate_signature(cert, signedData, signature);
if (error)
goto end2;
- resources_set_policy(args->res, policy);
- error = certificate_get_resources(cert, args->res, CERTYPE_EE);
+ resources_set_policy(ee->res, policy);
+ error = certificate_get_resources(cert, ee->res, CERTYPE_EE);
if (error)
goto end2;
return -EINVAL;
}
-static int
-validate(struct SignedData *sdata, ANY_t *sdata_encoded,
- struct signed_object_args *args)
+int
+signed_data_validate(ANY_t *encoded, struct SignedData *sdata,
+ struct ee_cert *ee)
{
struct SignerInfo *sinfo;
OCTET_STRING_t *sid = NULL;
}
error = handle_sdata_certificate(sdata->certificates->list.array[0],
- args, sid, sdata_encoded, &sinfo->signature);
+ ee, sid, encoded, &sinfo->signature);
if (error)
return error;
}
int
-signed_data_decode(struct signed_data *sdata, ANY_t *coded)
+signed_data_decode(ANY_t *encoded, struct SignedData **decoded)
{
int error;
- sdata->encoded = coded;
-
- error = asn1_decode_any(coded, &asn_DEF_SignedData,
- (void **) &sdata->decoded, false, false);
+ error = asn1_decode_any(encoded, &asn_DEF_SignedData,
+ (void **) decoded, false, false);
if (error) {
/* Try to decode as PKCS content (RFC 5652 section 5.2.1) */
- error = signed_data_decode_pkcs7(coded, &sdata->decoded);
+ error = signed_data_decode_pkcs7(encoded, decoded);
}
return error;
}
-int
-signed_data_validate(struct signed_data *sdata, struct signed_object_args *args)
-{
- /*
- * TODO (fine) maybe collapse this wrapper,
- * since there's no point to it anymore.
- */
- return validate(sdata->decoded, sdata->encoded, args);
-}
-
-void
-signed_data_cleanup(struct signed_data *sdata)
-{
- ASN_STRUCT_FREE(asn_DEF_SignedData, sdata->decoded);
-}
-
/* Caller must free *@result. */
int
get_content_type_attr(struct SignedData *sdata, OBJECT_IDENTIFIER_t **result)
#include "asn1/asn1c/SignedData.h"
#include "object/certificate.h"
-/*
- * This only exists to reduce argument lists.
- * TODO (fine) rename to signed_data_args, since it has nothing to do with
- * signed objects anymore.
- */
-struct signed_object_args {
- /** Location of the signed object. */
- struct rpki_uri *uri;
- /** CRL that might or might not revoke the embedded certificate. */
+struct ee_cert {
+ /** CRL that might or might not revoke the EE certificate. */
STACK_OF(X509_CRL) *crls;
- /** A copy of the resources carried by the embedded certificate. */
+ /** A copy of the resources carried by the EE certificate. */
struct resources *res;
/**
- * A bunch of URLs found in the embedded certificate's extensions,
+ * A bunch of URLs found in the EE certificate's extensions,
* recorded for future validation.
*/
struct certificate_refs refs;
};
-void signed_object_args_init(struct signed_object_args *, struct rpki_uri *,
- STACK_OF(X509_CRL) *, bool);
-void signed_object_args_cleanup(struct signed_object_args *);
+void eecert_init(struct ee_cert *, STACK_OF(X509_CRL) *, bool);
+void eecert_cleanup(struct ee_cert *);
-struct signed_data {
- ANY_t *encoded;
- struct SignedData *decoded;
-};
-
-int signed_data_decode(struct signed_data *, ANY_t *);
-int signed_data_validate(struct signed_data *, struct signed_object_args *);
-void signed_data_cleanup(struct signed_data *);
+int signed_data_decode(ANY_t *, struct SignedData **);
+int signed_data_validate(ANY_t *, struct SignedData *, struct ee_cert *);
int get_content_type_attr(struct SignedData *, OBJECT_IDENTIFIER_t **);
#include "log.h"
+static int ct_roa_nid;
+static int ct_mft_nid;
+static int ct_gbr_nid;
static int rpki_manifest_nid;
static int signed_object_nid;
static int rpki_notify_nid;
int
nid_init(void)
{
+ ct_roa_nid = register_oid("1.2.840.113549.1.9.16.1.24",
+ "id-ct-routeOriginAuthz",
+ "RPKI ROA (Content type)");
+ if (ct_roa_nid == 0)
+ return -EINVAL;
+
+ ct_mft_nid = register_oid("1.2.840.113549.1.9.16.1.26",
+ "id-ct-rpkiManifest",
+ "RPKI Manifest (Content type)");
+ if (ct_mft_nid == 0)
+ return -EINVAL;
+
+ ct_gbr_nid = register_oid("1.2.840.113549.1.9.16.1.35",
+ "id-ct-rpkiGhostbusters",
+ "RPKI Ghostbusters (Content type)");
+ if (ct_gbr_nid == 0)
+ return -EINVAL;
+
rpki_manifest_nid = register_oid("1.3.6.1.5.5.7.48.10",
"rpkiManifest",
"RPKI Manifest (RFC 6487)");
OBJ_cleanup();
}
-int nid_rpkiManifest(void)
+int
+nid_ct_roa(void)
+{
+ return ct_roa_nid;
+}
+
+int
+nid_ct_mft(void)
+{
+ return ct_mft_nid;
+}
+
+int
+nid_ct_gbr(void)
+{
+ return ct_gbr_nid;
+}
+
+int
+nid_ad_mft(void)
{
return rpki_manifest_nid;
}
-int nid_signedObject(void)
+int
+nid_ad_so(void)
{
return signed_object_nid;
}
-int nid_rpkiNotify(void)
+int
+nid_ad_notify(void)
{
return rpki_notify_nid;
}
-int nid_certPolicyRpki(void)
+int
+nid_certPolicyRpki(void)
{
return cert_policy_rpki_nid;
}
-int nid_certPolicyRpkiV2(void)
+int
+nid_certPolicyRpkiV2(void)
{
return cert_policy_rpki_v2_nid;
}
-int nid_ipAddrBlocksv2(void)
+int
+nid_ipAddrBlocksv2(void)
{
return ip_addr_blocks_v2_nid;
}
-int nid_autonomousSysIdsv2(void)
+int
+nid_autonomousSysIdsv2(void)
{
return autonomous_sys_ids_v2_nid;
}
-int nid_bgpsecRouter(void)
+int
+nid_bgpsecRouter(void)
{
return bgpsec_router_nid;
}
int nid_init(void);
void nid_destroy(void);
-int nid_rpkiManifest(void);
-int nid_signedObject(void);
-int nid_rpkiNotify(void);
+int nid_ct_roa(void);
+int nid_ct_mft(void);
+int nid_ct_gbr(void);
+int nid_ad_mft(void);
+int nid_ad_so(void);
+int nid_ad_notify(void);
int nid_certPolicyRpki(void);
int nid_certPolicyRpkiV2(void);
int nid_ipAddrBlocksv2(void);
goto end;
/* RRDP */
- error = handle_ad(nid_rpkiNotify(), &RPKI_NOTIFY, sia,
+ error = handle_ad(nid_ad_notify(), &RPKI_NOTIFY, sia,
handle_rpkiNotify, uris);
if (error)
goto end;
/* Manifest */
- error = handle_ad(nid_rpkiManifest(), &RPKI_MANIFEST, sia,
+ error = handle_ad(nid_ad_mft(), &RPKI_MANIFEST, sia,
handle_rpkiManifest, uris);
end:
if (sia == NULL)
return cannot_decode(ext_sia());
- error = handle_ad(nid_signedObject(), &SIGNED_OBJECT, sia,
+ error = handle_ad(nid_ad_so(), &SIGNED_OBJECT, sia,
handle_signedObject, arg);
AUTHORITY_INFO_ACCESS_free(sia);
handle_vcard(struct signed_object *sobj)
{
return handle_ghostbusters_vcard(
- sobj->sdata.decoded->encapContentInfo.eContent
+ sobj->sdata->encapContentInfo.eContent
);
}
static OID oid = OID_GHOSTBUSTERS;
struct oid_arcs arcs = OID2ARCS("ghostbusters", oid);
struct signed_object sobj;
- struct signed_object_args sobj_args;
+ struct ee_cert ee;
STACK_OF(X509_CRL) *crl;
int error;
error = rpp_crl(pp, &crl);
if (error)
goto revert_sobj;
- signed_object_args_init(&sobj_args, uri, crl, true);
+ eecert_init(&ee, crl, true);
/* Validate everything */
- error = signed_object_validate(&sobj, &arcs, &sobj_args);
+ error = signed_object_validate(&sobj, &arcs, &ee);
if (error)
goto revert_args;
error = handle_vcard(&sobj);
if (error)
goto revert_args;
- error = refs_validate_ee(&sobj_args.refs, pp, sobj_args.uri);
+ error = refs_validate_ee(&ee.refs, pp, uri);
revert_args:
- signed_object_args_cleanup(&sobj_args);
+ eecert_cleanup(&ee);
revert_sobj:
signed_object_cleanup(&sobj);
revert_log:
decode_manifest(struct signed_object *sobj, struct Manifest **result)
{
return asn1_decode_octet_string(
- sobj->sdata.decoded->encapContentInfo.eContent,
+ sobj->sdata->encapContentInfo.eContent,
&asn_DEF_Manifest,
(void **) result,
true,
static OID oid = OID_MANIFEST;
struct oid_arcs arcs = OID2ARCS("manifest", oid);
struct signed_object sobj;
- struct signed_object_args sobj_args;
+ struct ee_cert ee;
struct Manifest *mft;
STACK_OF(X509_CRL) *crl;
int error;
error = rpp_crl(*pp, &crl);
if (error)
goto revert_rpp;
- signed_object_args_init(&sobj_args, uri, crl, false);
+ eecert_init(&ee, crl, false);
/* Validate everything */
- error = signed_object_validate(&sobj, &arcs, &sobj_args);
+ error = signed_object_validate(&sobj, &arcs, &ee);
if (error)
goto revert_args;
error = validate_manifest(mft);
if (error)
goto revert_args;
- error = refs_validate_ee(&sobj_args.refs, *pp, uri);
+ error = refs_validate_ee(&ee.refs, *pp, uri);
if (error)
goto revert_args;
/* Success */
- signed_object_args_cleanup(&sobj_args);
+ eecert_cleanup(&ee);
goto revert_manifest;
revert_args:
- signed_object_args_cleanup(&sobj_args);
+ eecert_cleanup(&ee);
revert_rpp:
rpp_refput(*pp);
revert_manifest:
decode_roa(struct signed_object *sobj, struct RouteOriginAttestation **result)
{
return asn1_decode_octet_string(
- sobj->sdata.decoded->encapContentInfo.eContent,
+ sobj->sdata->encapContentInfo.eContent,
&asn_DEF_RouteOriginAttestation,
(void **) result,
true,
static OID oid = OID_ROA;
struct oid_arcs arcs = OID2ARCS("roa", oid);
struct signed_object sobj;
- struct signed_object_args sobj_args;
+ struct ee_cert ee;
struct RouteOriginAttestation *roa;
STACK_OF(X509_CRL) *crl;
int error;
error = rpp_crl(pp, &crl);
if (error)
goto revert_roa;
- signed_object_args_init(&sobj_args, uri, crl, false);
+ eecert_init(&ee, crl, false);
/* Validate and handle everything */
- error = signed_object_validate(&sobj, &arcs, &sobj_args);
+ error = signed_object_validate(&sobj, &arcs, &ee);
if (error)
goto revert_args;
- error = __handle_roa(roa, sobj_args.res);
+ error = __handle_roa(roa, ee.res);
if (error)
goto revert_args;
- error = refs_validate_ee(&sobj_args.refs, pp, sobj_args.uri);
+ error = refs_validate_ee(&ee.refs, pp, uri);
revert_args:
- signed_object_args_cleanup(&sobj_args);
+ eecert_cleanup(&ee);
revert_roa:
ASN_STRUCT_FREE(asn_DEF_RouteOriginAttestation, roa);
revert_sobj:
if (error)
return error;
- error = signed_data_decode(&sobj->sdata, &sobj->cinfo->content);
+ error = signed_data_decode(&sobj->cinfo->content, &sobj->sdata);
if (error) {
content_info_free(sobj->cinfo);
return error;
int
signed_object_validate(struct signed_object *sobj, struct oid_arcs const *oid,
- struct signed_object_args *args)
+ struct ee_cert *ee)
{
int error;
/* rfc6482#section-2 */
/* rfc6486#section-4.1 */
/* rfc6486#section-4.4.1 */
- error = validate_eContentType(sobj->sdata.decoded, oid);
+ error = validate_eContentType(sobj->sdata, oid);
if (error)
return error;
/* rfc6482#section-2 */
/* rfc6486#section-4.3 */
- error = validate_content_type(sobj->sdata.decoded, oid);
+ error = validate_content_type(sobj->sdata, oid);
if (error)
return error;
- return signed_data_validate(&sobj->sdata, args);
+ return signed_data_validate(&sobj->cinfo->content, sobj->sdata, ee);
}
void
signed_object_cleanup(struct signed_object *sobj)
{
content_info_free(sobj->cinfo);
- signed_data_cleanup(&sobj->sdata);
+ ASN_STRUCT_FREE(asn_DEF_SignedData, sobj->sdata);
}
struct signed_object {
struct ContentInfo *cinfo;
- struct signed_data sdata;
+ struct SignedData *sdata;
};
int signed_object_decode(struct signed_object *, struct rpki_uri *);
int signed_object_validate(struct signed_object *, struct oid_arcs const *,
- struct signed_object_args *);
+ struct ee_cert *);
void signed_object_cleanup(struct signed_object *);
#endif /* SRC_OBJECT_SIGNED_OBJECT_H_ */