source-git / mingw-gnutls

Clone
Source Code
GIT

Blame lib/pcert.c

c8 master
  1.   f6533347d87caea1b0e7da73f23a9ef464150ce5
  2.   lib
  3.   pcert.c
Blob History Raw
Packit 549fdc 
/*
Packit 549fdc 
 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
Packit 549fdc 
 *
Packit 549fdc 
 * Author: Nikos Mavrogiannopoulos
Packit 549fdc 
 *
Packit 549fdc 
 * This file is part of GnuTLS.
Packit 549fdc 
 *
Packit 549fdc 
 * The GnuTLS is free software; you can redistribute it and/or
Packit 549fdc 
 * modify it under the terms of the GNU Lesser General Public License
Packit 549fdc 
 * as published by the Free Software Foundation; either version 2.1 of
Packit 549fdc 
 * the License, or (at your option) any later version.
Packit 549fdc 
 *
Packit 549fdc 
 * This library is distributed in the hope that it will be useful, but
Packit 549fdc 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit 549fdc 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit 549fdc 
 * Lesser General Public License for more details.
Packit 549fdc 
 *
Packit 549fdc 
 * You should have received a copy of the GNU Lesser General Public License
Packit 549fdc 
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
Packit 549fdc 
 *
Packit 549fdc 
 */
Packit 549fdc
Packit 549fdc 
#include "gnutls_int.h"
Packit 549fdc 
#include "errors.h"
Packit 549fdc 
#include <auth/cert.h>
Packit 549fdc 
#include <x509/common.h>
Packit 549fdc 
#include <x509.h>
Packit 549fdc 
#include "x509/x509_int.h"
Packit 549fdc
Packit 549fdc 
/**
Packit 549fdc 
 * gnutls_pcert_import_x509:
Packit 549fdc 
 * @pcert: The pcert structure
Packit 549fdc 
 * @crt: The certificate to be imported
Packit 549fdc 
 * @flags: zero for now
Packit 549fdc 
 *
Packit 549fdc 
 * This convenience function will import the given certificate to a
Packit 549fdc 
 * #gnutls_pcert_st structure. The structure must be deinitialized
Packit 549fdc 
 * afterwards using gnutls_pcert_deinit();
Packit 549fdc 
 *
Packit 549fdc 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit 549fdc 
 *   negative error value.
Packit 549fdc 
 *
Packit 549fdc 
 * Since: 3.0
Packit 549fdc 
 **/
Packit 549fdc 
int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
Packit 549fdc 
			     gnutls_x509_crt_t crt, unsigned int flags)
Packit 549fdc 
{
Packit 549fdc 
	int ret;
Packit 549fdc
Packit 549fdc 
	memset(pcert, 0, sizeof(*pcert));
Packit 549fdc
Packit 549fdc 
	pcert->type = GNUTLS_CRT_X509;
Packit 549fdc 
	pcert->cert.data = NULL;
Packit 549fdc
Packit 549fdc 
	ret =
Packit 549fdc 
	    gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER,
Packit 549fdc 
				    &pcert->cert);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		ret = gnutls_assert_val(ret);
Packit 549fdc 
		goto cleanup;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	ret = gnutls_pubkey_init(&pcert->pubkey);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		ret = gnutls_assert_val(ret);
Packit 549fdc 
		goto cleanup;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		gnutls_pubkey_deinit(pcert->pubkey);
Packit 549fdc 
		pcert->pubkey = NULL;
Packit 549fdc 
		ret = gnutls_assert_val(ret);
Packit 549fdc 
		goto cleanup;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc
Packit 549fdc 
      cleanup:
Packit 549fdc 
	_gnutls_free_datum(&pcert->cert);
Packit 549fdc
Packit 549fdc 
	return ret;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/**
Packit 549fdc 
 * gnutls_pcert_import_x509_list:
Packit 549fdc 
 * @pcert: The pcert structure
Packit 549fdc 
 * @crt: The certificates to be imported
Packit 549fdc 
 * @ncrt: The number of certificates
Packit 549fdc 
 * @flags: zero or %GNUTLS_X509_CRT_LIST_SORT
Packit 549fdc 
 *
Packit 549fdc 
 * This convenience function will import the given certificate to a
Packit 549fdc 
 * #gnutls_pcert_st structure. The structure must be deinitialized
Packit 549fdc 
 * afterwards using gnutls_pcert_deinit();
Packit 549fdc 
 *
Packit 549fdc 
 * In the case %GNUTLS_X509_CRT_LIST_SORT is specified and that
Packit 549fdc 
 * function cannot sort the list, %GNUTLS_E_CERTIFICATE_LIST_UNSORTED
Packit 549fdc 
 * will be returned. Currently sorting can fail if the list size
Packit 549fdc 
 * exceeds an internal constraint (16).
Packit 549fdc 
 *
Packit 549fdc 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit 549fdc 
 *   negative error value.
Packit 549fdc 
 *
Packit 549fdc 
 * Since: 3.4.0
Packit 549fdc 
 **/
Packit 549fdc 
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
Packit 549fdc 
				  gnutls_x509_crt_t *crt, unsigned *ncrt,
Packit 549fdc 
				  unsigned int flags)
Packit 549fdc 
{
Packit 549fdc 
	int ret;
Packit 549fdc 
	unsigned i;
Packit 549fdc 
	unsigned current = 0;
Packit 549fdc 
	gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
Packit 549fdc 
	gnutls_x509_crt_t *s;
Packit 549fdc
Packit 549fdc 
	s = crt;
Packit 549fdc
Packit 549fdc 
	if (flags & GNUTLS_X509_CRT_LIST_SORT && *ncrt > 1) {
Packit 549fdc 
		if (*ncrt > DEFAULT_MAX_VERIFY_DEPTH) {
Packit 549fdc 
			ret = _gnutls_check_if_sorted(crt, *ncrt);
Packit 549fdc 
			if (ret < 0) {
Packit 549fdc 
				gnutls_assert();
Packit 549fdc 
				return GNUTLS_E_CERTIFICATE_LIST_UNSORTED;
Packit 549fdc 
			}
Packit 549fdc 
		} else {
Packit 549fdc 
			s = _gnutls_sort_clist(sorted, crt, ncrt, NULL);
Packit 549fdc 
			if (s == crt) {
Packit 549fdc 
				gnutls_assert();
Packit 549fdc 
				return GNUTLS_E_UNIMPLEMENTED_FEATURE;
Packit 549fdc 
			}
Packit 549fdc 
		}
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	for (i=0;i<*ncrt;i++) {
Packit 549fdc 
		ret = gnutls_pcert_import_x509(&pcert[i], s[i], 0);
Packit 549fdc 
		if (ret < 0) {
Packit 549fdc 
			current = i;
Packit 549fdc 
			goto cleanup;
Packit 549fdc 
		}
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc
Packit 549fdc 
 cleanup:
Packit 549fdc 
	for (i=0;i
Packit 549fdc 
		gnutls_pcert_deinit(&pcert[i]);
Packit 549fdc 
	}
Packit 549fdc 
	return ret;
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/**
Packit 549fdc 
 * gnutls_pcert_list_import_x509_raw:
Packit 549fdc 
 * @pcerts: The structures to store the parsed certificate. Must not be initialized.
Packit 549fdc 
 * @pcert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
Packit 549fdc 
 * @data: The certificates.
Packit 549fdc 
 * @format: One of DER or PEM.
Packit 549fdc 
 * @flags: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
Packit 549fdc 
 *
Packit 549fdc 
 * This function will convert the given PEM encoded certificate list
Packit 549fdc 
 * to the native gnutls_x509_crt_t format. The output will be stored
Packit 549fdc 
 * in @certs.  They will be automatically initialized.
Packit 549fdc 
 *
Packit 549fdc 
 * If the Certificate is PEM encoded it should have a header of "X509
Packit 549fdc 
 * CERTIFICATE", or "CERTIFICATE".
Packit 549fdc 
 *
Packit 549fdc 
 * Returns: the number of certificates read or a negative error value.
Packit 549fdc 
 *
Packit 549fdc 
 * Since: 3.0
Packit 549fdc 
 **/
Packit 549fdc 
int
Packit 549fdc 
gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
Packit 549fdc 
				  unsigned int *pcert_max,
Packit 549fdc 
				  const gnutls_datum_t * data,
Packit 549fdc 
				  gnutls_x509_crt_fmt_t format,
Packit 549fdc 
				  unsigned int flags)
Packit 549fdc 
{
Packit 549fdc 
	int ret;
Packit 549fdc 
	unsigned int i = 0, j;
Packit 549fdc 
	gnutls_x509_crt_t *crt;
Packit 549fdc
Packit 549fdc 
	crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
Packit 549fdc
Packit 549fdc 
	if (crt == NULL)
Packit 549fdc 
		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
Packit 549fdc
Packit 549fdc 
	ret =
Packit 549fdc 
	    gnutls_x509_crt_list_import(crt, pcert_max, data, format,
Packit 549fdc 
					flags);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		ret = gnutls_assert_val(ret);
Packit 549fdc 
		goto cleanup_crt;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	for (i = 0; i < *pcert_max; i++) {
Packit 549fdc 
		ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
Packit 549fdc 
		if (ret < 0) {
Packit 549fdc 
			ret = gnutls_assert_val(ret);
Packit 549fdc 
			goto cleanup_pcert;
Packit 549fdc 
		}
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	ret = 0;
Packit 549fdc 
	goto cleanup;
Packit 549fdc
Packit 549fdc 
 cleanup_pcert:
Packit 549fdc 
	for (j = 0; j < i; j++)
Packit 549fdc 
		gnutls_pcert_deinit(&pcerts[j]);
Packit 549fdc
Packit 549fdc 
 cleanup:
Packit 549fdc 
	for (i = 0; i < *pcert_max; i++)
Packit 549fdc 
		gnutls_x509_crt_deinit(crt[i]);
Packit 549fdc
Packit 549fdc 
 cleanup_crt:
Packit 549fdc 
	gnutls_free(crt);
Packit 549fdc 
	return ret;
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/**
Packit 549fdc 
 * gnutls_pcert_import_x509_raw:
Packit 549fdc 
 * @pcert: The pcert structure
Packit 549fdc 
 * @cert: The raw certificate to be imported
Packit 549fdc 
 * @format: The format of the certificate
Packit 549fdc 
 * @flags: zero for now
Packit 549fdc 
 *
Packit 549fdc 
 * This convenience function will import the given certificate to a
Packit 549fdc 
 * #gnutls_pcert_st structure. The structure must be deinitialized
Packit 549fdc 
 * afterwards using gnutls_pcert_deinit();
Packit 549fdc 
 *
Packit 549fdc 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit 549fdc 
 *   negative error value.
Packit 549fdc 
 *
Packit 549fdc 
 * Since: 3.0
Packit 549fdc 
 **/
Packit 549fdc 
int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
Packit 549fdc 
				 const gnutls_datum_t * cert,
Packit 549fdc 
				 gnutls_x509_crt_fmt_t format,
Packit 549fdc 
				 unsigned int flags)
Packit 549fdc 
{
Packit 549fdc 
	int ret;
Packit 549fdc 
	gnutls_x509_crt_t crt;
Packit 549fdc
Packit 549fdc 
	memset(pcert, 0, sizeof(*pcert));
Packit 549fdc
Packit 549fdc 
	ret = gnutls_x509_crt_init(&crt;;
Packit 549fdc 
	if (ret < 0)
Packit 549fdc 
		return gnutls_assert_val(ret);
Packit 549fdc
Packit 549fdc 
	ret = gnutls_x509_crt_import(crt, cert, format);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		ret = gnutls_assert_val(ret);
Packit 549fdc 
		goto cleanup;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	ret = gnutls_pcert_import_x509(pcert, crt, flags);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		ret = gnutls_assert_val(ret);
Packit 549fdc 
		goto cleanup;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	ret = 0;
Packit 549fdc
Packit 549fdc 
      cleanup:
Packit 549fdc 
	gnutls_x509_crt_deinit(crt);
Packit 549fdc
Packit 549fdc 
	return ret;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/**
Packit 549fdc 
 * gnutls_pcert_export_x509:
Packit 549fdc 
 * @pcert: The pcert structure.
Packit 549fdc 
 * @crt: An initialized #gnutls_x509_crt_t.
Packit 549fdc 
 *
Packit 549fdc 
 * Converts the given #gnutls_pcert_t type into a #gnutls_x509_crt_t.
Packit 549fdc 
 * This function only works if the type of @pcert is %GNUTLS_CRT_X509.
Packit 549fdc 
 * When successful, the value written to @crt must be freed with
Packit 549fdc 
 * gnutls_x509_crt_deinit() when no longer needed.
Packit 549fdc 
 *
Packit 549fdc 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit 549fdc 
 * negative error value.
Packit 549fdc 
 *
Packit 549fdc 
 * Since: 3.4.0
Packit 549fdc 
 */
Packit 549fdc 
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
Packit 549fdc 
			     gnutls_x509_crt_t * crt)
Packit 549fdc 
{
Packit 549fdc 
	int ret;
Packit 549fdc
Packit 549fdc 
	if (pcert->type != GNUTLS_CRT_X509) {
Packit 549fdc 
		gnutls_assert();
Packit 549fdc 
		return GNUTLS_E_INVALID_REQUEST;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	ret = gnutls_x509_crt_init(crt);
Packit 549fdc 
	if (ret < 0)
Packit 549fdc 
		return gnutls_assert_val(ret);
Packit 549fdc
Packit 549fdc 
	ret = gnutls_x509_crt_import(*crt, &pcert->cert, GNUTLS_X509_FMT_DER);
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		gnutls_x509_crt_deinit(*crt);
Packit 549fdc 
		*crt = NULL;
Packit 549fdc
Packit 549fdc 
		return gnutls_assert_val(ret);
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/**
Packit 549fdc 
 * gnutls_pcert_deinit:
Packit 549fdc 
 * @pcert: The structure to be deinitialized
Packit 549fdc 
 *
Packit 549fdc 
 * This function will deinitialize a pcert structure.
Packit 549fdc 
 *
Packit 549fdc 
 * Since: 3.0
Packit 549fdc 
 **/
Packit 549fdc 
void gnutls_pcert_deinit(gnutls_pcert_st * pcert)
Packit 549fdc 
{
Packit 549fdc 
	gnutls_pubkey_deinit(pcert->pubkey);
Packit 549fdc 
	pcert->pubkey = NULL;
Packit 549fdc 
	_gnutls_free_datum(&pcert->cert);
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/* Converts the first certificate for the cert_auth_info structure
Packit 549fdc 
 * to a pcert.
Packit 549fdc 
 */
Packit 549fdc 
int
Packit 549fdc 
_gnutls_get_auth_info_pcert(gnutls_pcert_st * pcert,
Packit 549fdc 
			    gnutls_certificate_type_t type,
Packit 549fdc 
			    cert_auth_info_t info)
Packit 549fdc 
{
Packit 549fdc 
	switch (type) {
Packit 549fdc 
	case GNUTLS_CRT_X509:
Packit 549fdc 
		return gnutls_pcert_import_x509_raw(pcert,
Packit 549fdc 
						    &info->
Packit 549fdc 
						    raw_certificate_list
Packit 549fdc 
						    [0],
Packit 549fdc 
						    GNUTLS_X509_FMT_DER,
Packit 549fdc 
						    GNUTLS_PCERT_NO_CERT);
Packit 549fdc 
	default:
Packit 549fdc 
		gnutls_assert();
Packit 549fdc 
		return GNUTLS_E_INTERNAL_ERROR;
Packit 549fdc 
	}
Packit 549fdc 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation