2
* Copyright (c) 2006 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35
#include <pkcs10_asn1.h>
38
struct hx509_request_data {
40
SubjectPublicKeyInfo key;
50
_hx509_request_init(hx509_context context, hx509_request *req)
52
*req = calloc(1, sizeof(**req));
60
_hx509_request_free(hx509_request *req)
63
hx509_name_free(&(*req)->name);
64
free_SubjectPublicKeyInfo(&(*req)->key);
65
free_ExtKeyUsage(&(*req)->eku);
66
free_GeneralNames(&(*req)->san);
67
memset(*req, 0, sizeof(**req));
73
_hx509_request_set_name(hx509_context context,
78
hx509_name_free(&req->name);
80
int ret = hx509_name_copy(context, name, &req->name);
88
_hx509_request_get_name(hx509_context context,
92
if (req->name == NULL) {
93
hx509_set_error_string(context, 0, EINVAL, "Request have no name");
96
return hx509_name_copy(context, req->name, name);
100
_hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
102
const SubjectPublicKeyInfo *key)
104
free_SubjectPublicKeyInfo(&req->key);
105
return copy_SubjectPublicKeyInfo(key, &req->key);
109
_hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
111
SubjectPublicKeyInfo *key)
113
return copy_SubjectPublicKeyInfo(&req->key, key);
117
_hx509_request_add_eku(hx509_context context,
124
val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1));
129
ret = der_copy_oid(oid, &req->eku.val[req->eku.len]);
139
_hx509_request_add_dns_name(hx509_context context,
141
const char *hostname)
145
memset(&name, 0, sizeof(name));
146
name.element = choice_GeneralName_dNSName;
147
name.u.dNSName = rk_UNCONST(hostname);
149
return add_GeneralNames(&req->san, &name);
153
_hx509_request_add_email(hx509_context context,
159
memset(&name, 0, sizeof(name));
160
name.element = choice_GeneralName_rfc822Name;
161
name.u.dNSName = rk_UNCONST(email);
163
return add_GeneralNames(&req->san, &name);
169
_hx509_request_to_pkcs10(hx509_context context,
170
const hx509_request req,
171
const hx509_private_key signer,
172
heim_octet_string *request)
174
CertificationRequest r;
175
heim_octet_string data, os;
179
if (req->name == NULL) {
180
hx509_set_error_string(context, 0, EINVAL,
181
"PKCS10 needs to have a subject");
185
memset(&r, 0, sizeof(r));
186
memset(request, 0, sizeof(*request));
188
r.certificationRequestInfo.version = pkcs10_v1;
190
ret = copy_Name(&req->name->der_name,
191
&r.certificationRequestInfo.subject);
194
ret = copy_SubjectPublicKeyInfo(&req->key,
195
&r.certificationRequestInfo.subjectPKInfo);
198
r.certificationRequestInfo.attributes =
199
calloc(1, sizeof(*r.certificationRequestInfo.attributes));
200
if (r.certificationRequestInfo.attributes == NULL) {
205
ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length,
206
&r.certificationRequestInfo, &size, ret);
209
if (data.length != size)
212
ret = _hx509_create_signature(context,
214
_hx509_crypto_default_sig_alg,
216
&r.signatureAlgorithm,
221
r.signature.data = os.data;
222
r.signature.length = os.length * 8;
224
ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length,
228
if (data.length != size)
234
free_CertificationRequest(&r);
240
_hx509_request_parse(hx509_context context,
244
CertificationRequest r;
245
CertificationRequestInfo *rinfo;
251
if (strncmp(path, "PKCS10:", 7) != 0) {
252
hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
253
"unsupport type in %s", path);
254
return HX509_UNSUPPORTED_OPERATION;
258
/* XXX PEM request */
260
ret = rk_undumpdata(path, &p, &len);
262
hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
266
ret = decode_CertificationRequest(p, len, &r, &size);
269
hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
273
ret = _hx509_request_init(context, req);
275
free_CertificationRequest(&r);
279
rinfo = &r.certificationRequestInfo;
281
ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
282
&rinfo->subjectPKInfo);
284
free_CertificationRequest(&r);
285
_hx509_request_free(req);
289
ret = _hx509_name_from_Name(&rinfo->subject, &subject);
291
free_CertificationRequest(&r);
292
_hx509_request_free(req);
295
ret = _hx509_request_set_name(context, *req, subject);
296
hx509_name_free(&subject);
297
free_CertificationRequest(&r);
299
_hx509_request_free(req);
308
_hx509_request_print(hx509_context context, hx509_request req, FILE *f)
314
ret = hx509_name_to_string(req->name, &subject);
316
hx509_set_error_string(context, 0, ret, "Failed to print name");
319
fprintf(f, "name: %s\n", subject);