38
38
get_extension (ASN1_TYPE asn, const char *root,
39
const char *extension_id, int indx,
40
gnutls_datum_t * ret, unsigned int *_critical)
39
const char *extension_id, int indx,
40
gnutls_datum_t * ret, unsigned int *_critical)
42
42
int k, result, len;
43
43
char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
67
67
if (result == ASN1_ELEMENT_NOT_FOUND)
75
_gnutls_str_cpy (name2, sizeof (name2), name);
76
_gnutls_str_cat (name2, sizeof (name2), ".extnID");
78
len = sizeof (extnID) - 1;
79
result = asn1_read_value (asn, name2, extnID, &len);
81
if (result == ASN1_ELEMENT_NOT_FOUND)
86
else if (result != ASN1_SUCCESS)
89
return _gnutls_asn2err (result);
94
if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
96
/* extension was found
99
/* read the critical status.
101
_gnutls_str_cpy (name2, sizeof (name2), name);
102
_gnutls_str_cat (name2, sizeof (name2), ".critical");
104
len = sizeof (str_critical);
105
result = asn1_read_value (asn, name2, str_critical, &len);
107
if (result == ASN1_ELEMENT_NOT_FOUND)
112
else if (result != ASN1_SUCCESS)
115
return _gnutls_asn2err (result);
118
if (str_critical[0] == 'T')
125
_gnutls_str_cpy (name2, sizeof (name2), name);
126
_gnutls_str_cat (name2, sizeof (name2), ".extnValue");
128
result = _gnutls_x509_read_value (asn, name2, &value, 0);
135
ret->data = value.data;
136
ret->size = value.size;
139
*_critical = critical;
75
_gnutls_str_cpy (name2, sizeof (name2), name);
76
_gnutls_str_cat (name2, sizeof (name2), ".extnID");
78
len = sizeof (extnID) - 1;
79
result = asn1_read_value (asn, name2, extnID, &len);
81
if (result == ASN1_ELEMENT_NOT_FOUND)
86
else if (result != ASN1_SUCCESS)
89
return _gnutls_asn2err (result);
94
if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
96
/* extension was found
99
/* read the critical status.
101
_gnutls_str_cpy (name2, sizeof (name2), name);
102
_gnutls_str_cat (name2, sizeof (name2), ".critical");
104
len = sizeof (str_critical);
105
result = asn1_read_value (asn, name2, str_critical, &len);
107
if (result == ASN1_ELEMENT_NOT_FOUND)
112
else if (result != ASN1_SUCCESS)
115
return _gnutls_asn2err (result);
118
if (str_critical[0] == 'T')
125
_gnutls_str_cpy (name2, sizeof (name2), name);
126
_gnutls_str_cat (name2, sizeof (name2), ".extnValue");
128
result = _gnutls_x509_read_value (asn, name2, &value, 0);
135
ret->data = value.data;
136
ret->size = value.size;
139
*_critical = critical;
171
171
_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
172
const char *extension_id, int indx,
173
gnutls_datum_t * ret, unsigned int *_critical)
172
const char *extension_id, int indx,
173
gnutls_datum_t * ret, unsigned int *_critical)
175
175
return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
176
indx, ret, _critical);
176
indx, ret, _critical);
180
180
_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
181
const char *extension_id, int indx,
182
gnutls_datum_t * ret, unsigned int *_critical)
181
const char *extension_id, int indx,
182
gnutls_datum_t * ret, unsigned int *_critical)
184
184
return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
185
indx, ret, _critical);
185
indx, ret, _critical);
218
218
if (result == ASN1_ELEMENT_NOT_FOUND)
226
_gnutls_str_cpy (name2, sizeof (name2), name);
227
_gnutls_str_cat (name2, sizeof (name2), ".extnID");
229
len = sizeof (extnID) - 1;
230
result = asn1_read_value (asn, name2, extnID, &len);
232
if (result == ASN1_ELEMENT_NOT_FOUND)
237
else if (result != ASN1_SUCCESS)
240
return _gnutls_asn2err (result);
245
if (indx == indx_counter++)
247
len = strlen (extnID) + 1;
249
if (*sizeof_oid < (unsigned) len)
253
return GNUTLS_E_SHORT_MEMORY_BUFFER;
256
memcpy (oid, extnID, len);
257
*sizeof_oid = len - 1;
226
_gnutls_str_cpy (name2, sizeof (name2), name);
227
_gnutls_str_cat (name2, sizeof (name2), ".extnID");
229
len = sizeof (extnID) - 1;
230
result = asn1_read_value (asn, name2, extnID, &len);
232
if (result == ASN1_ELEMENT_NOT_FOUND)
237
else if (result != ASN1_SUCCESS)
240
return _gnutls_asn2err (result);
245
if (indx == indx_counter++)
247
len = strlen (extnID) + 1;
249
if (*sizeof_oid < (unsigned) len)
253
return GNUTLS_E_SHORT_MEMORY_BUFFER;
256
memcpy (oid, extnID, len);
257
*sizeof_oid = len - 1;
286
286
_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
287
int indx, void *oid, size_t * sizeof_oid)
287
int indx, void *oid, size_t * sizeof_oid)
289
289
return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
294
294
_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
295
int indx, void *oid, size_t * sizeof_oid)
295
int indx, void *oid, size_t * sizeof_oid)
297
297
return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
301
301
/* This function will attempt to set the requested extension in
430
430
if (root[0] != 0)
431
snprintf (name, sizeof (name), "%s.?%u", root, k);
431
snprintf (name, sizeof (name), "%s.?%u", root, k);
433
snprintf (name, sizeof (name), "?%u", k);
433
snprintf (name, sizeof (name), "?%u", k);
435
435
len = sizeof (extnID) - 1;
436
436
result = asn1_read_value (asn, name, extnID, &len);
441
441
if (result == ASN1_ELEMENT_NOT_FOUND)
449
_gnutls_str_cpy (name2, sizeof (name2), name);
450
_gnutls_str_cat (name2, sizeof (name2), ".extnID");
452
len = sizeof (extnID) - 1;
453
result = asn1_read_value (asn, name2, extnID, &len);
455
if (result == ASN1_ELEMENT_NOT_FOUND)
460
else if (result != ASN1_SUCCESS)
463
return _gnutls_asn2err (result);
468
if (strcmp (extnID, ext_id) == 0)
470
/* extension was found
472
return overwrite_extension (asn, root, k, ext_data, critical);
449
_gnutls_str_cpy (name2, sizeof (name2), name);
450
_gnutls_str_cat (name2, sizeof (name2), ".extnID");
452
len = sizeof (extnID) - 1;
453
result = asn1_read_value (asn, name2, extnID, &len);
455
if (result == ASN1_ELEMENT_NOT_FOUND)
460
else if (result != ASN1_SUCCESS)
463
return _gnutls_asn2err (result);
468
if (strcmp (extnID, ext_id) == 0)
470
/* extension was found
472
return overwrite_extension (asn, root, k, ext_data, critical);
501
501
_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
503
const gnutls_datum_t * ext_data,
504
unsigned int critical)
503
const gnutls_datum_t * ext_data,
504
unsigned int critical)
506
506
return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
511
511
_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
513
const gnutls_datum_t * ext_data,
514
unsigned int critical)
513
const gnutls_datum_t * ext_data,
514
unsigned int critical)
516
516
return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
520
520
#ifdef ENABLE_PKI
522
522
_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
524
const gnutls_datum_t * ext_data,
525
unsigned int critical)
524
const gnutls_datum_t * ext_data,
525
unsigned int critical)
527
527
unsigned char *extensions = NULL;
528
528
size_t extensions_size = 0;
533
533
result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
534
0, NULL, &extensions_size);
534
0, NULL, &extensions_size);
535
535
if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
537
537
extensions = gnutls_malloc (extensions_size);
538
538
if (extensions == NULL)
541
return GNUTLS_E_MEMORY_ERROR;
541
return GNUTLS_E_MEMORY_ERROR;
544
544
result = gnutls_x509_crq_get_attribute_by_oid (crq,
545
"1.2.840.113549.1.9.14",
545
"1.2.840.113549.1.9.14",
551
551
if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
558
gnutls_free (extensions);
558
gnutls_free (extensions);
563
563
result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
573
573
result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
574
574
gnutls_free (extensions);
575
575
if (result != ASN1_SUCCESS)
578
asn1_delete_structure (&c2);
579
return _gnutls_asn2err (result);
578
asn1_delete_structure (&c2);
579
return _gnutls_asn2err (result);
583
583
result = set_extension (c2, "", ext_id, ext_data, critical);
689
689
if (pathLenConstraint)
691
691
result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
693
693
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
694
*pathLenConstraint = -1;
694
*pathLenConstraint = -1;
695
695
else if (result != GNUTLS_E_SUCCESS)
698
asn1_delete_structure (&ext);
699
return _gnutls_asn2err (result);
698
asn1_delete_structure (&ext);
699
return _gnutls_asn2err (result);
703
703
/* the default value of cA is false.
994
994
&& prev_der_ext->size != 0)
997
asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
997
asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
1000
1000
if (result != ASN1_SUCCESS)
1003
asn1_delete_structure (&ext);
1004
return _gnutls_asn2err (result);
1003
asn1_delete_structure (&ext);
1004
return _gnutls_asn2err (result);
1008
1008
result = write_new_general_name (ext, "", type, data, data_size);
1032
1032
_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
1033
gnutls_datum_t * der_ext)
1033
gnutls_datum_t * der_ext)
1035
1035
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1039
1039
asn1_create_element (_gnutls_get_pkix (),
1040
"PKIX1.SubjectKeyIdentifier", &ext);
1040
"PKIX1.SubjectKeyIdentifier", &ext);
1041
1041
if (result != ASN1_SUCCESS)
1043
1043
gnutls_assert ();
1071
1071
_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
1072
gnutls_datum_t * der_ext)
1072
gnutls_datum_t * der_ext)
1074
1074
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1078
1078
asn1_create_element (_gnutls_get_pkix (),
1079
"PKIX1.AuthorityKeyIdentifier", &ext);
1079
"PKIX1.AuthorityKeyIdentifier", &ext);
1080
1080
if (result != ASN1_SUCCESS)
1082
1082
gnutls_assert ();
1151
1151
result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
1152
1152
if (result != ASN1_SUCCESS)
1155
result = _gnutls_asn2err (result);
1155
result = _gnutls_asn2err (result);
1161
1161
result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
1162
1162
if (result != ASN1_SUCCESS)
1165
result = _gnutls_asn2err (result);
1165
result = _gnutls_asn2err (result);
1170
1170
result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
1249
1249
if (pathLenConstraint)
1251
1251
result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
1253
1253
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
1254
*pathLenConstraint = -1;
1254
*pathLenConstraint = -1;
1255
1255
else if (result != GNUTLS_E_SUCCESS)
1257
asn1_delete_structure (&ext);
1258
return _gnutls_asn2err (result);
1257
asn1_delete_structure (&ext);
1258
return _gnutls_asn2err (result);
1262
1262
result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
1264
1264
if (result < 0)
1266
1266
gnutls_assert ();
1304
1304
_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
1305
const char *policyLanguage,
1307
size_t sizeof_policy,
1308
gnutls_datum_t * der_ext)
1305
const char *policyLanguage,
1307
size_t sizeof_policy,
1308
gnutls_datum_t * der_ext)
1310
1310
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1313
1313
result = asn1_create_element (_gnutls_get_pkix (),
1314
"PKIX1.ProxyCertInfo", &ext);
1314
"PKIX1.ProxyCertInfo", &ext);
1315
1315
if (result != ASN1_SUCCESS)
1317
1317
gnutls_assert ();