|
Packit |
549fdc |
/*
|
|
Packit |
549fdc |
* Copyright (C) 2011-2012 Free Software Foundation, Inc.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This file is part of GnuTLS.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
549fdc |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
549fdc |
* the License, or (at your option) any later version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
549fdc |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
549fdc |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
549fdc |
* Lesser General Public License for more details.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include "gnutls_int.h"
|
|
Packit |
549fdc |
#include "errors.h"
|
|
Packit |
549fdc |
#include <auth/cert.h>
|
|
Packit |
549fdc |
#include <x509/common.h>
|
|
Packit |
549fdc |
#include <x509.h>
|
|
Packit |
549fdc |
#include "x509/x509_int.h"
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_pcert_import_x509:
|
|
Packit |
549fdc |
* @pcert: The pcert structure
|
|
Packit |
549fdc |
* @crt: The certificate to be imported
|
|
Packit |
549fdc |
* @flags: zero for now
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This convenience function will import the given certificate to a
|
|
Packit |
549fdc |
* #gnutls_pcert_st structure. The structure must be deinitialized
|
|
Packit |
549fdc |
* afterwards using gnutls_pcert_deinit();
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit |
549fdc |
* negative error value.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
|
|
Packit |
549fdc |
gnutls_x509_crt_t crt, unsigned int flags)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
memset(pcert, 0, sizeof(*pcert));
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
pcert->type = GNUTLS_CRT_X509;
|
|
Packit |
549fdc |
pcert->cert.data = NULL;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret =
|
|
Packit |
549fdc |
gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER,
|
|
Packit |
549fdc |
&pcert->cert);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_pubkey_init(&pcert->pubkey);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
gnutls_pubkey_deinit(pcert->pubkey);
|
|
Packit |
549fdc |
pcert->pubkey = NULL;
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cleanup:
|
|
Packit |
549fdc |
_gnutls_free_datum(&pcert->cert);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_pcert_import_x509_list:
|
|
Packit |
549fdc |
* @pcert: The pcert structure
|
|
Packit |
549fdc |
* @crt: The certificates to be imported
|
|
Packit |
549fdc |
* @ncrt: The number of certificates
|
|
Packit |
549fdc |
* @flags: zero or %GNUTLS_X509_CRT_LIST_SORT
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This convenience function will import the given certificate to a
|
|
Packit |
549fdc |
* #gnutls_pcert_st structure. The structure must be deinitialized
|
|
Packit |
549fdc |
* afterwards using gnutls_pcert_deinit();
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* In the case %GNUTLS_X509_CRT_LIST_SORT is specified and that
|
|
Packit |
549fdc |
* function cannot sort the list, %GNUTLS_E_CERTIFICATE_LIST_UNSORTED
|
|
Packit |
549fdc |
* will be returned. Currently sorting can fail if the list size
|
|
Packit |
549fdc |
* exceeds an internal constraint (16).
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit |
549fdc |
* negative error value.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.4.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
|
|
Packit |
549fdc |
gnutls_x509_crt_t *crt, unsigned *ncrt,
|
|
Packit |
549fdc |
unsigned int flags)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
unsigned i;
|
|
Packit |
549fdc |
unsigned current = 0;
|
|
Packit |
549fdc |
gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
|
|
Packit |
549fdc |
gnutls_x509_crt_t *s;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
s = crt;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (flags & GNUTLS_X509_CRT_LIST_SORT && *ncrt > 1) {
|
|
Packit |
549fdc |
if (*ncrt > DEFAULT_MAX_VERIFY_DEPTH) {
|
|
Packit |
549fdc |
ret = _gnutls_check_if_sorted(crt, *ncrt);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
gnutls_assert();
|
|
Packit |
549fdc |
return GNUTLS_E_CERTIFICATE_LIST_UNSORTED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
} else {
|
|
Packit |
549fdc |
s = _gnutls_sort_clist(sorted, crt, ncrt, NULL);
|
|
Packit |
549fdc |
if (s == crt) {
|
|
Packit |
549fdc |
gnutls_assert();
|
|
Packit |
549fdc |
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
for (i=0;i<*ncrt;i++) {
|
|
Packit |
549fdc |
ret = gnutls_pcert_import_x509(&pcert[i], s[i], 0);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
current = i;
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cleanup:
|
|
Packit |
549fdc |
for (i=0;i
|
|
Packit |
549fdc |
gnutls_pcert_deinit(&pcert[i]);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_pcert_list_import_x509_raw:
|
|
Packit |
549fdc |
* @pcerts: The structures to store the parsed certificate. Must not be initialized.
|
|
Packit |
549fdc |
* @pcert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
|
|
Packit |
549fdc |
* @data: The certificates.
|
|
Packit |
549fdc |
* @format: One of DER or PEM.
|
|
Packit |
549fdc |
* @flags: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This function will convert the given PEM encoded certificate list
|
|
Packit |
549fdc |
* to the native gnutls_x509_crt_t format. The output will be stored
|
|
Packit |
549fdc |
* in @certs. They will be automatically initialized.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* If the Certificate is PEM encoded it should have a header of "X509
|
|
Packit |
549fdc |
* CERTIFICATE", or "CERTIFICATE".
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: the number of certificates read or a negative error value.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
|
|
Packit |
549fdc |
unsigned int *pcert_max,
|
|
Packit |
549fdc |
const gnutls_datum_t * data,
|
|
Packit |
549fdc |
gnutls_x509_crt_fmt_t format,
|
|
Packit |
549fdc |
unsigned int flags)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
unsigned int i = 0, j;
|
|
Packit |
549fdc |
gnutls_x509_crt_t *crt;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (crt == NULL)
|
|
Packit |
549fdc |
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret =
|
|
Packit |
549fdc |
gnutls_x509_crt_list_import(crt, pcert_max, data, format,
|
|
Packit |
549fdc |
flags);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup_crt;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
for (i = 0; i < *pcert_max; i++) {
|
|
Packit |
549fdc |
ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup_pcert;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = 0;
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cleanup_pcert:
|
|
Packit |
549fdc |
for (j = 0; j < i; j++)
|
|
Packit |
549fdc |
gnutls_pcert_deinit(&pcerts[j]);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cleanup:
|
|
Packit |
549fdc |
for (i = 0; i < *pcert_max; i++)
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(crt[i]);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cleanup_crt:
|
|
Packit |
549fdc |
gnutls_free(crt);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_pcert_import_x509_raw:
|
|
Packit |
549fdc |
* @pcert: The pcert structure
|
|
Packit |
549fdc |
* @cert: The raw certificate to be imported
|
|
Packit |
549fdc |
* @format: The format of the certificate
|
|
Packit |
549fdc |
* @flags: zero for now
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This convenience function will import the given certificate to a
|
|
Packit |
549fdc |
* #gnutls_pcert_st structure. The structure must be deinitialized
|
|
Packit |
549fdc |
* afterwards using gnutls_pcert_deinit();
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit |
549fdc |
* negative error value.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
|
|
Packit |
549fdc |
const gnutls_datum_t * cert,
|
|
Packit |
549fdc |
gnutls_x509_crt_fmt_t format,
|
|
Packit |
549fdc |
unsigned int flags)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
gnutls_x509_crt_t crt;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
memset(pcert, 0, sizeof(*pcert));
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_init(&crt;;
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return gnutls_assert_val(ret);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_import(crt, cert, format);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_pcert_import_x509(pcert, crt, flags);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
ret = gnutls_assert_val(ret);
|
|
Packit |
549fdc |
goto cleanup;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cleanup:
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(crt);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_pcert_export_x509:
|
|
Packit |
549fdc |
* @pcert: The pcert structure.
|
|
Packit |
549fdc |
* @crt: An initialized #gnutls_x509_crt_t.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Converts the given #gnutls_pcert_t type into a #gnutls_x509_crt_t.
|
|
Packit |
549fdc |
* This function only works if the type of @pcert is %GNUTLS_CRT_X509.
|
|
Packit |
549fdc |
* When successful, the value written to @crt must be freed with
|
|
Packit |
549fdc |
* gnutls_x509_crt_deinit() when no longer needed.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit |
549fdc |
* negative error value.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.4.0
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
|
|
Packit |
549fdc |
gnutls_x509_crt_t * crt)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (pcert->type != GNUTLS_CRT_X509) {
|
|
Packit |
549fdc |
gnutls_assert();
|
|
Packit |
549fdc |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_init(crt);
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return gnutls_assert_val(ret);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_import(*crt, &pcert->cert, GNUTLS_X509_FMT_DER);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(*crt);
|
|
Packit |
549fdc |
*crt = NULL;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return gnutls_assert_val(ret);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return 0;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_pcert_deinit:
|
|
Packit |
549fdc |
* @pcert: The structure to be deinitialized
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This function will deinitialize a pcert structure.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
void gnutls_pcert_deinit(gnutls_pcert_st * pcert)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
gnutls_pubkey_deinit(pcert->pubkey);
|
|
Packit |
549fdc |
pcert->pubkey = NULL;
|
|
Packit |
549fdc |
_gnutls_free_datum(&pcert->cert);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Converts the first certificate for the cert_auth_info structure
|
|
Packit |
549fdc |
* to a pcert.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
_gnutls_get_auth_info_pcert(gnutls_pcert_st * pcert,
|
|
Packit |
549fdc |
gnutls_certificate_type_t type,
|
|
Packit |
549fdc |
cert_auth_info_t info)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
switch (type) {
|
|
Packit |
549fdc |
case GNUTLS_CRT_X509:
|
|
Packit |
549fdc |
return gnutls_pcert_import_x509_raw(pcert,
|
|
Packit |
549fdc |
&info->
|
|
Packit |
549fdc |
raw_certificate_list
|
|
Packit |
549fdc |
[0],
|
|
Packit |
549fdc |
GNUTLS_X509_FMT_DER,
|
|
Packit |
549fdc |
GNUTLS_PCERT_NO_CERT);
|
|
Packit |
549fdc |
default:
|
|
Packit |
549fdc |
gnutls_assert();
|
|
Packit |
549fdc |
return GNUTLS_E_INTERNAL_ERROR;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|