20 #ifdef USE_CERTIFICATES
28 #if defined( USE_CERTREQ ) || defined( USE_CERTREV )
41 REQUIRES( srcCertInfoPtr->issuerDNptr != NULL );
43 if( ( dnDataPtr =
clAlloc(
"copyIssuerDnData",
46 memcpy( dnDataPtr, srcCertInfoPtr->issuerDNptr,
48 destCertInfoPtr->issuerDNptr = destCertInfoPtr->issuerDNdata = dnDataPtr;
49 destCertInfoPtr->issuerDNsize = srcCertInfoPtr->
issuerDNsize;
55 #if defined( USE_CERTREV ) || defined( USE_CERTVAL )
80 status = selectGeneralName( userCertInfoPtr, aiaAttribute,
83 status = selectGeneralName( userCertInfoPtr,
87 status = getCertComponentString( userCertInfoPtr,
99 if( ( responderUrl =
clAlloc(
"copyResponderURL", urlSize ) ) == NULL )
104 status = getCertComponentString( userCertInfoPtr,
106 responderUrl, urlSize, &urlSize );
111 requestInfoPtr->cCertVal->responderUrl = responderUrl;
112 requestInfoPtr->cCertVal->responderUrlSize = urlSize;
116 requestInfoPtr->cCertRev->responderUrl = responderUrl;
117 requestInfoPtr->cCertRev->responderUrlSize = urlSize;
122 clFree(
"copyResponderURL", responderUrl );
130 #if defined( USE_CERTREQ ) || defined( USE_CERTREV )
138 const void *serialNumberPtr;
143 assert(
isReadPtr( revInfoPtr->issuerDNptr,
152 REQUIRES( revInfoPtr->issuerDNptr != NULL );
156 if( certInfoPtr->issuerDNptr != NULL )
158 if( certInfoPtr->issuerDNsize != revInfoPtr->
issuerDNsize || \
159 memcmp( certInfoPtr->issuerDNptr, revInfoPtr->issuerDNptr,
174 status = copyIssuerDnData( certInfoPtr, revInfoPtr );
185 serialNumberPtr = revInfoPtr->cCertReq->serialNumber;
186 serialNumberLength = revInfoPtr->cCertReq->serialNumberLength;
190 serialNumberPtr = revInfoPtr->cCertCert->serialNumber;
191 serialNumberLength = revInfoPtr->cCertCert->serialNumberLength;
193 status = addRevocationEntry( &certInfoPtr->cCertRev->revocations,
194 &certInfoPtr->cCertRev->currentRevocation,
195 CRYPT_IKEYID_ISSUERANDSERIALNUMBER,
196 serialNumberPtr, serialNumberLength,
FALSE );
221 void *publicKeyInfoPtr;
226 srcCertInfoPtr == NULL ) || \
231 srcCertInfoPtr == NULL ) || \
233 srcCertInfoPtr != NULL ) );
239 REQUIRES( srcCertInfoPtr == NULL || \
244 if( certInfoPtr->iPubkeyContext !=
CRYPT_ERROR || \
245 certInfoPtr->publicKeyInfo != NULL )
254 if( srcCertInfoPtr != NULL )
256 REQUIRES( memcmp( srcCertInfoPtr->publicKeyID,
257 "\x00\x00\x00\x00\x00\x00\x00\x00", 8 ) );
259 length = srcCertInfoPtr->publicKeyInfoSize;
260 if( ( publicKeyInfoPtr =
clAlloc(
"copyPublicKeyInfo",
263 memcpy( publicKeyInfoPtr, srcCertInfoPtr->publicKeyInfo, length );
264 certInfoPtr->publicKeyAlgo = srcCertInfoPtr->publicKeyAlgo;
265 certInfoPtr->publicKeyFeatures = srcCertInfoPtr->publicKeyFeatures;
266 memcpy( certInfoPtr->publicKeyID, srcCertInfoPtr->publicKeyID,
287 &certInfoPtr->publicKeyAlgo,
291 &certInfoPtr->publicKeyFeatures,
292 CRYPT_IATTRIBUTE_KEYFEATURES );
297 &msgData, CRYPT_IATTRIBUTE_KEYID );
315 &msgData, CRYPT_IATTRIBUTE_KEY_SPKI );
319 if( ( publicKeyInfoPtr =
clAlloc(
"copyPublicKeyInfo",
324 &msgData, CRYPT_IATTRIBUTE_KEY_SPKI );
328 certInfoPtr->publicKeyData = certInfoPtr->publicKeyInfo = \
330 certInfoPtr->publicKeyInfoSize =
length;
402 status = checkDN( certInfoPtr->subjectName,
405 &certInfoPtr->errorLocus,
406 &certInfoPtr->errorType );
438 assert( templateListPtr == NULL || \
448 if( certInfoPtr->attributes == NULL || templateListPtr == NULL )
449 return( checkCertWellFormed( certInfoPtr ) );
453 for( templateAttributeCursor = \
454 getFirstAttribute( &attrEnumInfo, templateListPtr, \
457 templateAttributeCursor != NULL && \
459 templateAttributeCursor = getNextAttribute( &attrEnumInfo ), \
469 status = getAttributeIdInfo( templateAttributeCursor, NULL,
470 &fieldID, &subFieldID );
474 fieldID, subFieldID );
475 if( certAttributePtr == NULL )
488 if( checkAttributeProperty( certAttributePtr,
503 int constrainedAttributeValue, constrainingAttributeValue;
506 status = getAttributeDataValue( certAttributePtr,
507 &constrainedAttributeValue );
510 status = getAttributeDataValue( templateAttributeCursor,
511 &constrainingAttributeValue );
514 if( !( constrainedAttributeValue & constrainingAttributeValue ) )
519 value = constrainedAttributeValue & ~constrainingAttributeValue;
524 status = getAttributeIdInfo( certAttributePtr, NULL, &fieldID,
528 certInfoPtr->errorLocus =
fieldID;
538 status = getAttributeIdInfo( certAttributePtr, NULL, &fieldID,
544 int constrainedAttributeValue, constrainingAttributeValue;
550 status = getAttributeDataValue( certAttributePtr,
551 &constrainedAttributeValue );
554 status = getAttributeDataValue( templateAttributeCursor,
555 &constrainingAttributeValue );
558 if( !( constrainedAttributeValue & constrainingAttributeValue ) )
561 certInfoPtr->errorLocus =
fieldID;
566 ENSURES( iterationCount < FAILSAFE_ITERATIONS_MAX );
568 return( checkCertWellFormed( certInfoPtr ) );
605 status = copyDN( &certInfoPtr->subjectName,
606 certRequestInfoPtr->subjectName );
612 certRequestInfoPtr );
616 status = copyPublicKeyInfo( certInfoPtr,
617 certRequestInfoPtr->iPubkeyContext,
621 certRequestInfoPtr->attributes != NULL )
623 status = copyAttributes( &certInfoPtr->attributes,
624 certRequestInfoPtr->attributes,
625 &certInfoPtr->errorLocus,
626 &certInfoPtr->errorType );
628 deleteDN( &certInfoPtr->subjectName );
643 certRequestInfoPtr->startTime > currentTime - ( 86400L * 365 ) )
644 certInfoPtr->startTime = certRequestInfoPtr->startTime;
646 certRequestInfoPtr->endTime > certInfoPtr->startTime )
647 certInfoPtr->endTime = certRequestInfoPtr->endTime;
669 status = copyRevocationInfo( certInfoPtr, revRequestInfoPtr );
671 revRequestInfoPtr->attributes == NULL )
673 return( copyRevocationAttributes( &certInfoPtr->attributes,
674 revRequestInfoPtr->attributes ) );
682 static
int copyCertToRequest(
INOUT CERT_INFO *crmfRequestInfoPtr,
696 status = copyDN( &crmfRequestInfoPtr->subjectName,
697 certInfoPtr->subjectName );
700 if( crmfRequestInfoPtr->iPubkeyContext ==
CRYPT_ERROR && \
701 crmfRequestInfoPtr->publicKeyInfo == NULL )
708 status = copyPublicKeyInfo( crmfRequestInfoPtr, iCryptHandle, NULL );
717 status = copyCRMFRequestAttributes( &crmfRequestInfoPtr->attributes,
718 certInfoPtr->attributes );
721 deleteDN( &crmfRequestInfoPtr->subjectName );
729 static
int copyCertToRevRequest(
INOUT CERT_INFO *crmfRevRequestInfoPtr,
743 if( crmfRevRequestInfoPtr->issuerName != NULL )
755 status = copyIssuerDnData( crmfRevRequestInfoPtr, certInfoPtr );
758 status = setSerialNumber( crmfRevRequestInfoPtr,
759 certInfoPtr->cCertCert->serialNumber,
760 certInfoPtr->cCertCert->serialNumberLength );
762 ( crmfRevRequestInfoPtr->subjectDNdata = \
763 clAlloc(
"copyCertToRevRequest",
764 certInfoPtr->subjectDNsize ) ) == NULL )
768 clFree(
"copyCertToRevRequest",
769 crmfRevRequestInfoPtr->issuerDNdata );
770 crmfRevRequestInfoPtr->issuerDNptr = \
771 crmfRevRequestInfoPtr->issuerDNdata = NULL;
772 crmfRevRequestInfoPtr->issuerDNsize = 0;
773 if( crmfRevRequestInfoPtr->cCertCert->serialNumber != NULL && \
774 crmfRevRequestInfoPtr->cCertCert->serialNumber != \
775 crmfRevRequestInfoPtr->cCertCert->serialNumberBuffer )
777 clFree(
"copyCertToRevRequest",
778 crmfRevRequestInfoPtr->cCertCert->serialNumber );
780 crmfRevRequestInfoPtr->cCertCert->serialNumber = NULL;
785 memcpy( crmfRevRequestInfoPtr->subjectDNdata, certInfoPtr->subjectDNptr,
786 certInfoPtr->subjectDNsize );
787 crmfRevRequestInfoPtr->subjectDNptr = crmfRevRequestInfoPtr->subjectDNdata;
788 crmfRevRequestInfoPtr->subjectDNsize = certInfoPtr->subjectDNsize;
810 const void *issuerKeyHash,
812 const int issuerKeyHashLength )
820 assert(
isReadPtr( issuerKeyHash, issuerKeyHashLength ) );
826 REQUIRES( certInfoPtr->issuerDNptr != NULL );
827 REQUIRES( certInfoPtr->cCertCert->serialNumber != NULL );
833 certInfoPtr->issuerDNptr,
837 writeSequence( stream,
839 sizeofObject( hashSize ) + sizeofObject( hashSize ) + \
841 certInfoPtr->cCertCert->serialNumberLength ) );
843 writeOctetString( stream, hashBuffer, hashSize,
DEFAULT_TAG );
844 writeOctetString( stream, issuerKeyHash, issuerKeyHashLength,
846 return( writeInteger( stream, certInfoPtr->cCertCert->serialNumber,
847 certInfoPtr->cCertCert->serialNumberLength,
866 status = copyRevocationEntries( &certInfoPtr->cCertRev->revocations,
867 ocspRequestInfoPtr->cCertRev->revocations );
869 status = copyOCSPRequestAttributes( &certInfoPtr->attributes,
870 ocspRequestInfoPtr->attributes );
883 static
int copyCertToOCSPRequest(
INOUT CERT_INFO *ocspRequestInfoPtr,
886 CERT_REV_INFO *revInfoPtr = ocspRequestInfoPtr->cCertRev;
889 BYTE idBuffer[ 256 + 8 ], *idBufPtr = idBuffer;
901 if( !ocspRequestInfoPtr->certHashSet )
909 sMemNullOpen( &stream );
910 status = writeOCSPID( &stream, certInfoPtr,
913 idLength = stell( &stream );
914 sMemClose( &stream );
920 if( ( idBufPtr =
clDynAlloc(
"copyCertToOCSPRequest", \
921 idLength ) ) == NULL )
924 sMemOpen( &stream, idBufPtr, idLength );
925 status = writeOCSPID( &stream, certInfoPtr,
927 sMemDisconnect( &stream );
930 status = addRevocationEntry( &revInfoPtr->revocations,
931 &revInfoPtr->currentRevocation,
935 if( idBufPtr != idBuffer )
936 clFree(
"copyCertToOCSPRequest", idBufPtr );
949 status = dynCreate( &essCertDB, certInfoPtr->objectHandle,
950 CRYPT_IATTRIBUTE_ESSCERTID );
959 ( void ) addAttributeFieldString( \
960 &revInfoPtr->currentRevocation->attributes,
965 dynDestroy( &essCertDB );
989 REQUIRES( caCertInfoPtr->publicKeyInfo != NULL );
991 getHashAtomicParameters(
CRYPT_ALGO_SHA1, 0, &hashFunctionAtomic, NULL );
997 sMemConnect( &stream, caCertInfoPtr->publicKeyInfo,
998 caCertInfoPtr->publicKeyInfoSize );
999 readSequence( &stream, NULL );
1000 readUniversal( &stream );
1001 status = readBitStringHole( &stream, &length, 16,
DEFAULT_TAG );
1003 status = sMemGetDataBlock( &stream, &dataPtr, length );
1007 DEBUG_DIAG((
"Invalid certificate data format when hashing "
1008 "certificate to create OCSP ID" ));
1010 sMemDisconnect( &stream );
1016 certInfoPtr->certHashSet =
TRUE;
1017 sMemDisconnect( &stream );
1046 status = copyValidityEntries( &certInfoPtr->cCertVal->validityInfo,
1047 rtcsRequestInfoPtr->cCertVal->validityInfo );
1049 status = copyRTCSRequestAttributes( &certInfoPtr->attributes,
1050 rtcsRequestInfoPtr->attributes );
1058 static
int copyCertToRTCSRequest(
INOUT CERT_INFO *rtcsRequestInfoPtr,
1061 CERT_VAL_INFO *valInfoPtr = rtcsRequestInfoPtr->cCertVal;
1063 int certHashLength,
status;
1073 status = getCertComponentString( certInfoPtr,
1079 status = addValidityEntry( &valInfoPtr->validityInfo,
1080 &valInfoPtr->currentValidity,
1081 certHash, certHashLength );
1133 if( requestAttrPtr != NULL && pkiUserAttrPtr != NULL )
1137 if( !compareAttribute( requestAttrPtr, pkiUserAttrPtr ) )
1146 status = deleteAttribute( &certInfoPtr->attributes,
1147 &certInfoPtr->attributeCursor,
1149 certInfoPtr->currentSelection.dnPtr );
1183 status = getAttributeFieldValue( certInfoPtr->attributes,
1188 status = getAttributeFieldValue( pkiUserAttributes,
1197 status = deleteCompleteAttribute( &certInfoPtr->attributes,
1198 &certInfoPtr->attributeCursor,
1200 certInfoPtr->currentSelection.dnPtr );
1208 status = copyAttributes( &certInfoPtr->attributes, pkiUserAttributes,
1209 &certInfoPtr->errorLocus,
1210 &certInfoPtr->errorType );
1228 status = deleteCompleteAttribute( &certInfoPtr->attributes,
1229 &certInfoPtr->attributeCursor,
1231 certInfoPtr->currentSelection.dnPtr );
1245 status = deleteCompleteAttribute( &certInfoPtr->attributes,
1246 &certInfoPtr->attributeCursor,
1248 certInfoPtr->currentSelection.dnPtr );
1258 const DN_PTR *pkiUserSubjectName,
1259 IN_BUFFER( commonNameLength )
const void *commonName,
1263 void *tempDN = NULL, *tempDNdata;
1267 assert(
isReadPtr( commonName, commonNameLength ) );
1270 REQUIRES( pkiUserSubjectName != NULL );
1271 REQUIRES( commonNameLength > 0 && \
1276 status = copyDN( &tempDN, pkiUserSubjectName );
1280 commonName, commonNameLength,
1281 &certInfoPtr->errorType );
1283 status = tempDNsize =
sizeofDN( tempDN );
1286 deleteDN( &tempDN );
1289 if( ( tempDNdata =
clAlloc(
"assemblePkiUserDN", tempDNsize ) ) == NULL )
1291 deleteDN( &tempDN );
1302 deleteDN( &certInfoPtr->subjectName );
1303 certInfoPtr->subjectName = tempDN;
1304 sMemOpen( &stream, tempDNdata, tempDNsize );
1307 sMemDisconnect( &stream );
1308 certInfoPtr->subjectDNdata = certInfoPtr->subjectDNptr = tempDNdata;
1309 certInfoPtr->subjectDNsize = tempDNsize;
1319 DN_PTR *requestDNSubset, *pkiUserDNSubset;
1329 REQUIRES( pkiUserInfoPtr->certificate != NULL );
1344 if( certInfoPtr->subjectName == NULL && \
1345 pkiUserInfoPtr->subjectName == NULL )
1351 if( ( certInfoPtr->subjectName == NULL || \
1353 getDNComponentValue( certInfoPtr->subjectName,
1356 ( pkiUserInfoPtr->subjectName == NULL || \
1358 getDNComponentValue( pkiUserInfoPtr->subjectName,
1370 if( certInfoPtr->subjectName == NULL )
1372 status = copyDN( &certInfoPtr->subjectName,
1373 pkiUserInfoPtr->subjectName );
1376 ENSURES( pkiUserInfoPtr->subjectDNptr != NULL );
1377 if( ( certInfoPtr->subjectDNdata = \
1378 clAlloc(
"copyPkiUserToCertReq",
1379 pkiUserInfoPtr->subjectDNsize ) ) == NULL )
1381 deleteDN( &certInfoPtr->subjectName );
1384 memcpy( certInfoPtr->subjectDNdata, pkiUserInfoPtr->subjectDNptr,
1385 pkiUserInfoPtr->subjectDNsize );
1386 certInfoPtr->subjectDNptr = certInfoPtr->subjectDNdata;
1387 certInfoPtr->subjectDNsize = pkiUserInfoPtr->subjectDNsize;
1390 return( copyPkiUserAttributes( certInfoPtr,
1391 pkiUserInfoPtr->attributes ) );
1397 if( pkiUserInfoPtr->subjectName == NULL )
1399 ENSURES( certInfoPtr->subjectName != NULL );
1400 return( copyPkiUserAttributes( certInfoPtr,
1401 pkiUserInfoPtr->attributes ) );
1406 if(
compareDN( certInfoPtr->subjectName,
1407 pkiUserInfoPtr->subjectName,
FALSE, NULL ) )
1409 return( copyPkiUserAttributes( certInfoPtr,
1410 pkiUserInfoPtr->attributes ) );
1486 if(
compareDN( certInfoPtr->subjectName, pkiUserInfoPtr->subjectName,
1487 TRUE, &requestDNSubset ) )
1500 status = getDNComponentInfo( requestDNSubset, &dnComponentType,
1517 status = getDNComponentValue( requestDNSubset,
1538 if( !
compareDN( pkiUserInfoPtr->subjectName, certInfoPtr->subjectName,
1539 TRUE, &pkiUserDNSubset ) )
1541 status = getDNComponentInfo( pkiUserDNSubset, &dnComponentType,
1557 if( certInfoPtr->subjectName == requestDNSubset )
1560 int commonNameLength;
1562 status = getDNComponentValue( requestDNSubset,
1565 &commonNameLength );
1567 status = assemblePkiUserDN( certInfoPtr,
1568 pkiUserInfoPtr->subjectName,
1569 commonName, commonNameLength );
1575 return( copyPkiUserAttributes( certInfoPtr, pkiUserInfoPtr->attributes ) );
1599 REQUIRES( userCertInfoPtr->certificate != NULL );
1607 certInfoPtr->cCertRev->responderUrl == NULL )
1611 status = copyResponderURL( certInfoPtr, userCertInfoPtr );
1618 certInfoPtr->cCertVal->responderUrl == NULL )
1622 status = copyResponderURL( certInfoPtr, userCertInfoPtr );
1629 switch( certInfoPtr->type )
1633 return( copyCertToRequest( certInfoPtr, userCertInfoPtr,
1637 return( copyCertToRevRequest( certInfoPtr, userCertInfoPtr ) );
1642 return( copyRevocationInfo( certInfoPtr, userCertInfoPtr ) );
1645 return( copyCertToOCSPRequest( certInfoPtr, userCertInfoPtr ) );
1650 return( copyCertToRTCSRequest( certInfoPtr, userCertInfoPtr ) );
1679 (
void ** ) &addedCertInfoPtr,
1683 switch( certInfoType )
1686 status = copyUserCertInfo( certInfoPtr, addedCertInfoPtr,
1692 status = copyCaCertToOCSPReq( certInfoPtr, addedCertInfoPtr );
1698 status = copyCertReqToCert( certInfoPtr, addedCertInfoPtr );
1703 case CRYPT_IATTRIBUTE_RTCSREQUEST:
1704 status = copyRtcsReqToResp( certInfoPtr, addedCertInfoPtr );
1709 case CRYPT_IATTRIBUTE_OCSPREQUEST:
1710 status = copyOcspReqToResp( certInfoPtr, addedCertInfoPtr );
1713 case CRYPT_IATTRIBUTE_REVREQUEST:
1714 status = copyRevReqToCert( certInfoPtr, addedCertInfoPtr );
1719 case CRYPT_IATTRIBUTE_PKIUSERINFO:
1720 status = copyPkiUserToCertReq( certInfoPtr, addedCertInfoPtr );
1724 case CRYPT_IATTRIBUTE_BLOCKEDATTRS:
1725 status = sanitiseCertAttributes( certInfoPtr,