23 #define MIN_ASCII_OIDSIZE 7
25 #ifdef USE_CERTIFICATES
46 assert( ( data == NULL && dataLength == 0 ) || \
52 data == NULL && dataLength == 0 && \
63 memcmp( data, certInfoPtr->subjectDNptr,
99 length = ( int ) sizeofObject( \
101 sizeofObject( certInfoPtr->cCertCert->serialNumberLength ) );
102 if( length < dataLength - 2 || length > dataLength + 2 )
117 sMemConnect( &stream, data, dataLength );
118 status = readSequence( &stream, NULL );
121 dataLeft = dataLength - stell( &stream );
122 status = sMemGetDataBlock( &stream, &dataPtr, dataLeft );
125 status = getObjectLength( dataPtr, dataLeft, &length );
127 status = readUniversal( &stream );
130 sMemDisconnect( &stream );
135 memcmp( dataPtr, certInfoPtr->issuerDNptr,
138 sMemDisconnect( &stream );
143 status = readGenericHole( &stream, &serialNoLength, 1,
147 dataLeft = dataLength - stell( &stream );
148 status = sMemGetDataBlock( &stream, &dataPtr, dataLeft );
151 status = sSkip( &stream, serialNoLength );
152 sMemDisconnect( &stream );
155 if( !compareSerialNumber( certInfoPtr->cCertCert->serialNumber,
156 certInfoPtr->cCertCert->serialNumberLength,
157 dataPtr, serialNoLength ) )
168 static const MAP_TABLE fingerprintMapTable[] = {
177 int fingerPrintLength, attributeToCompare;
179 status = mapValue( compareType, &attributeToCompare,
187 if( certInfoPtr->certificate == NULL )
192 status = getCertComponentString( (
CERT_INFO * ) certInfoPtr,
193 attributeToCompare, fingerPrint,
195 &fingerPrintLength );
203 return( ( dataLength == fingerPrintLength && \
204 !memcmp( data, fingerPrint, fingerPrintLength ) ) ? \
272 CRYPT_KEYUSAGE_ENCIPHERONLY;
280 CRYPT_KEYUSAGE_DECIPHERONLY;
303 status = checkCertBasic( certInfoPtr );
360 status = checkKeyUsage( certInfoPtr, checkKeyFlag, keyUsageValue,
361 complianceLevel, &certInfoPtr->errorLocus,
362 &certInfoPtr->errorType );
375 static
int exportCertData(
CERT_INFO *certInfoPtr,
386 assert( ( certData == NULL && certDataMaxLength == 0 ) || \
388 assert(
isWritePtr( certDataLength,
sizeof(
int ) ) );
392 REQUIRES( ( certData == NULL && certDataMaxLength == 0 ) || \
393 ( certData != NULL && \
394 certDataMaxLength > 0 && \
408 WRITECERT_FUNCTION writeCertFunction;
411 REQUIRES( certFormat == CRYPT_ICERTFORMAT_DATA );
413 writeCertFunction = \
415 ENSURES( writeCertFunction != NULL );
416 sMemOpenOpt( &stream, certData, certDataMaxLength );
417 status = writeCertFunction( &stream, certInfoPtr, NULL,
420 *certDataLength = stell( &stream );
421 sMemDisconnect( &stream );
441 certInfoPtr->certificate == NULL )
451 certInfoPtr->cCertCert->chainPos >= 0 && \
458 ENSURES( certInfoPtr->cCertCert->chainPos >= 0 && \
460 status = krnlAcquireObject( certInfoPtr->cCertCert->chain[ certInfoPtr->cCertCert->chainPos ],
462 (
void ** ) &certChainInfoPtr,
466 status = exportCert( certData, certDataMaxLength, certDataLength,
467 certFormat, certChainInfoPtr );
473 certInfoPtr->certificate == NULL ) || \
474 certInfoPtr->certificate != NULL );
475 return( exportCert( certData, certDataMaxLength, certDataLength,
476 certFormat, certInfoPtr ) );
516 assert(
isReadPtr( keyID, keyIDlength ) );
529 return( assembleCertChain( iCertificate, iCertSource, keyIDtype,
530 keyID, keyIDlength, options ) );
550 int *
valuePtr = (
int * ) messageDataPtr;
567 *valuePtr = certInfoPtr->errorType;
572 *valuePtr = certInfoPtr->errorLocus;
575 return( getCertComponent( certInfoPtr, attribute, valuePtr ) );
578 return( getCertComponentString( certInfoPtr, attribute,
579 msgData->data, msgData->
length,
588 validCursorPosition = \
589 ( attribute >= CRYPT_CERTINFO_FIRST_CMS && \
590 attribute <= CRYPT_CERTINFO_LAST_CMS ) ?
TRUE :
FALSE;
594 validCursorPosition = \
595 ( attribute >= CRYPT_CERTINFO_FIRST_EXTENSION && \
596 attribute <= CRYPT_CERTINFO_LAST_EXTENSION ) ?
TRUE :
FALSE;
604 REQUIRES( certInfoPtr->certificate == NULL || \
615 attribute == CRYPT_IATTRIBUTE_INITIALISED ||
617 attribute == CRYPT_IATTRIBUTE_PKIUSERINFO );
623 if( attribute == CRYPT_IATTRIBUTE_INITIALISED )
633 return( addCertComponent( certInfoPtr, attribute, value ) );
636 return( addCertComponentString( certInfoPtr, attribute,
637 msgData->data, msgData->
length ) );
639 return( deleteCertComponent( certInfoPtr, attribute ) );
650 void *messageDataPtr,
670 if( certInfoPtr->certificate != NULL )
673 clFree(
"certificateMessageFunction", certInfoPtr->certificate );
679 if( certInfoPtr->cCertCert->serialNumber != NULL && \
680 certInfoPtr->cCertCert->serialNumber != \
681 certInfoPtr->cCertCert->serialNumberBuffer )
682 clFree(
"certificateMessageFunction",
683 certInfoPtr->cCertCert->serialNumber );
688 if( certInfoPtr->cCertReq->serialNumber != NULL && \
689 certInfoPtr->cCertReq->serialNumber != \
690 certInfoPtr->cCertReq->serialNumberBuffer )
691 clFree(
"certificateMessageFunction",
692 certInfoPtr->cCertReq->serialNumber );
695 #ifdef USE_CERT_OBSOLETE
698 if( certInfoPtr->cCertCert->subjectUniqueID != NULL )
699 clFree(
"certificateMessageFunction",
700 certInfoPtr->cCertCert->subjectUniqueID );
701 if( certInfoPtr->cCertCert->issuerUniqueID != NULL )
702 clFree(
"certificateMessageFunction",
703 certInfoPtr->cCertCert->issuerUniqueID );
706 if( certInfoPtr->publicKeyData != NULL )
707 clFree(
"certificateMessageFunction", certInfoPtr->publicKeyData );
708 if( certInfoPtr->subjectDNdata != NULL )
709 clFree(
"certificateMessageFunction", certInfoPtr->subjectDNdata );
710 if( certInfoPtr->issuerDNdata != NULL )
711 clFree(
"certificateMessageFunction", certInfoPtr->issuerDNdata );
717 if( certInfoPtr->cCertRev->responderUrl != NULL )
718 clFree(
"certificateMessageFunction",
719 certInfoPtr->cCertRev->responderUrl );
726 if( certInfoPtr->cCertVal->responderUrl != NULL )
727 clFree(
"certificateMessageFunction",
728 certInfoPtr->cCertVal->responderUrl );
745 if( certInfoPtr->cCertVal->validityInfo != NULL )
746 deleteValidityEntries( &certInfoPtr->cCertVal->validityInfo );
754 if( certInfoPtr->cCertRev->revocations != NULL )
755 deleteRevocationEntries( &certInfoPtr->cCertRev->revocations );
761 certInfoPtr->cCertCert->chainEnd > 0 )
765 ENSURES( certInfoPtr->cCertCert->chainEnd >= 0 && \
767 for( i = 0; i < certInfoPtr->cCertCert->chainEnd && \
773 ENSURES( i < MAX_CHAINLENGTH );
789 certInfoPtr->cCertCert->chainPos >= 0 && \
799 ENSURES( certInfoPtr->cCertCert->chainPos >= 0 && \
801 status = krnlAcquireObject( certInfoPtr->cCertCert->chain[ certInfoPtr->cCertCert->chainPos ],
803 (
void ** ) &certChainInfoPtr,
807 status = processCertAttribute( certChainInfoPtr, message,
808 messageDataPtr, messageValue );
813 return( processCertAttribute( certInfoPtr, message, messageDataPtr,
826 return( compareCertInfo( certInfoPtr, messageValue, NULL, 0,
830 return( compareCertInfo( certInfoPtr, messageValue, msgData->data,
837 return( checkCertUsage( certInfoPtr, messageValue ) );
873 REQUIRES( certInfoPtr->certificate == NULL );
899 return( signCert( certInfoPtr, messageValue ) );
903 REQUIRES( certInfoPtr->certificate != NULL || \
911 return( checkCertValidity( certInfoPtr, messageValue ) );
917 return( exportCertData( certInfoPtr, messageValue,
918 msgData->data, msgData->
length,
947 *certInfoPtrPtr = NULL;
976 storageSize =
sizeof( CERT_REQ_INFO );
983 storageSize =
sizeof( CERT_REV_INFO );
990 storageSize =
sizeof( CERT_REV_INFO );
1006 storageSize =
sizeof( CERT_VAL_INFO );
1013 storageSize =
sizeof( CERT_PKIUSER_INFO );
1025 status = krnlCreateObject( &iCertificate, (
void ** ) &certInfoPtr,
1030 certificateMessageFunction );
1037 switch( certInfoPtr->
type )
1042 certInfoPtr->cCertCert = (
CERT_CERT_INFO * ) certInfoPtr->storage;
1044 certInfoPtr->cCertCert->trustedUsage =
CRYPT_ERROR;
1050 certInfoPtr->cCertReq = ( CERT_REQ_INFO * ) certInfoPtr->storage;
1058 certInfoPtr->cCertRev = ( CERT_REV_INFO * ) certInfoPtr->storage;
1065 certInfoPtr->cCertVal = ( CERT_VAL_INFO * ) certInfoPtr->storage;
1071 certInfoPtr->cCertUser = ( CERT_PKIUSER_INFO * ) certInfoPtr->storage;
1125 return( iCertificate );
1141 REQUIRES( auxDataPtr == NULL && auxValue == 0 );
1144 REQUIRES( createInfo->arg2 == 0 && createInfo->strArg1 == NULL && \
1145 createInfo->strArgLen1 == 0 );
1148 status = createCertificateInfo( &certInfoPtr, createInfo->cryptOwner,
1175 REQUIRES( auxDataPtr == NULL && auxValue == 0 );
1178 REQUIRES( createInfo->strArg1 != NULL );
1179 REQUIRES( createInfo->strArgLen1 > 16 && \
1182 REQUIRES( ( createInfo->arg2 == 0 && createInfo->strArg2 == NULL && \
1183 createInfo->strArgLen2 == 0 ) || \
1184 ( ( createInfo->arg2 == CRYPT_IKEYID_KEYID || \
1185 createInfo->arg2 == CRYPT_IKEYID_ISSUERANDSERIALNUMBER ) && \
1186 createInfo->strArg2 != NULL && \
1187 createInfo->strArgLen2 > 2 && \
1191 status = importCert( createInfo->strArg1, createInfo->strArgLen1,
1192 &iCertificate, createInfo->cryptOwner,
1193 createInfo->arg2, createInfo->strArg2,
1194 createInfo->strArgLen2, createInfo->arg1 );
1213 DEBUG_DIAG((
"Certificate class initialisation failed" ));
1253 if( extension != NULL )
1255 if( extensionMaxLength <= 4 || \
1258 if( !
isWritePtr( extension, extensionMaxLength ) )
1260 memset( extension, 0,
min( 16, extensionMaxLength ) );
1264 *extensionLength = 0;
1270 ebcdicToAscii( asciiOID, asciiOID, strlen( asciiOID ) );
1292 (
void ** ) &certInfoPtr,
1307 certInfoPtr->cCertCert->chainPos >= 0 )
1311 ENSURES( certInfoPtr->cCertCert->chainPos >= 0 && \
1313 status = krnlAcquireObject( certInfoPtr->cCertCert->chain[ certInfoPtr->cCertCert->chainPos ],
1315 (
void ** ) &certChainInfoPtr,
1320 certInfoPtr = certChainInfoPtr;
1324 attributeListPtr = findAttributeByOID( certInfoPtr->
attributes,
1325 binaryOID, binaryOidLen );
1326 if( attributeListPtr == NULL )
1331 status = getAttributeDataPtr( attributeListPtr, &dataPtr, &dataLength );
1337 *criticalFlag = checkAttributeProperty( attributeListPtr,
1340 status = attributeCopyParams( extension, extensionMaxLength,
1341 extensionLength, dataPtr, dataLength );
1349 C_IN int extensionLength )
1363 if( !
isReadPtr( extension, extensionLength ) || \
1365 extensionLength ) ) )
1372 ebcdicToAscii( asciiOID, asciiOID, strlen( asciiOID ) );
1394 (
void ** ) &certInfoPtr,
1405 if( certInfoPtr->certificate != NULL || \
1407 certInfoPtr->cCertCert->chainPos >= 0 ) )
1420 status = addAttribute( \
1423 &certInfoPtr->
attributes, binaryOID, binaryOidLen,
1425 FALSE : criticalFlag,
1426 extension, extensionLength, 0 );
1457 ebcdicToAscii( asciiOID, asciiOID, strlen( asciiOID ) );
1479 (
void ** ) &certInfoPtr,
1490 if( certInfoPtr->certificate != NULL || \
1492 certInfoPtr->cCertCert->chainPos >= 0 ) )
1499 attributeListPtr = findAttributeByOID( certInfoPtr->
attributes,
1500 binaryOID, binaryOidLen );
1501 if( attributeListPtr == NULL )
1504 deleteAttribute( &certInfoPtr->
attributes, NULL, attributeListPtr,