diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-14 07:22:20 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-14 07:22:20 +0000 |
| commit | 5a6422bdf36f7ba095438c40d4ebfd96c4cb2447 (patch) | |
| tree | f74c79a7499efef4514a5c8f3097bd35eeabd239 /lib/x509/extensions.c | |
| parent | c007d29663d46333da8df4de7b522059799fdae6 (diff) | |
| download | gnutls-5a6422bdf36f7ba095438c40d4ebfd96c4cb2447.tar.gz | |
updated the extensions handling.
Diffstat (limited to 'lib/x509/extensions.c')
| -rw-r--r-- | lib/x509/extensions.c | 192 |
1 files changed, 113 insertions, 79 deletions
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 9bd0e87cd1..ca908ed881 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -148,20 +148,18 @@ int _gnutls_x509_crt_get_extension( gnutls_x509_crt cert, const char* extension_ } } -#warning does not work yet -/* This function will attempt to delete the requested extension found in +/* This function will attempt to return the requested extension OID found in * the given X509v3 certificate. * - * If the extension does not exist, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will + * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. */ -int _gnutls_x509_crt_delete_extension( gnutls_x509_crt cert, const char* extension_id) +int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert, + int indx, void* oid, size_t* sizeof_oid) { int k, result, len; char name[128], name2[128], counter[MAX_INT_DIGITS]; char str[1024]; - char str_critical[10]; - int critical = 0; char extnID[128]; char extnValue[256]; int indx_counter = 0; @@ -201,17 +199,20 @@ int _gnutls_x509_crt_delete_extension( gnutls_x509_crt cert, const char* extensi return _gnutls_asn2err(result); } - /* Delete Extension + /* Handle Extension */ - if ( strcmp(extnID, extension_id)==0) { - /* extension was found - */ - result = asn1_write_value( cert->cert, name2, NULL, 0); - if (result != ASN1_SUCCESS) { + if ( indx == indx_counter++) { + len = strlen( extnID) + 1; + + if ( *sizeof_oid < (uint)len) { + *sizeof_oid = len; gnutls_assert(); - return _gnutls_asn2err(result); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } + memcpy( oid, extnID, len); + *sizeof_oid = len - 1; + return 0; } @@ -227,22 +228,106 @@ int _gnutls_x509_crt_delete_extension( gnutls_x509_crt cert, const char* extensi } } -/* This function will attempt to return the requested extension OID found in +/* This function will attempt to set the requested extension in * the given X509v3 certificate. * - * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will - * be returned. + * Critical will be either 0 or 1. */ -int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert, - int indx, void* oid, size_t* sizeof_oid) +static int set_extension( ASN1_TYPE asn, const char* extension_id, + const gnutls_datum* ext_data, unsigned int critical) { - int k, result, len; + int result; + const char *str; + + /* Add a new extension in the list. + */ + result = asn1_write_value(asn, "tbsCertificate.extensions", "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = asn1_write_value(asn, "tbsCertificate.extensions.?LAST.extnID", extension_id, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + if (critical==0) str = "FALSE"; + else str = "TRUE"; + + + result = asn1_write_value(asn, "tbsCertificate.extensions.?LAST.critical", str, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = _gnutls_x509_write_value( asn, "tbsCertificate.extensions.?LAST.extnValue", + ext_data, 0); + if (result < 0) { + gnutls_assert(); + return result; + } + + return 0; +} + +/* Overwrite the given extension (using the index) + * index here starts from one. + */ +static int overwrite_extension( ASN1_TYPE asn, unsigned int indx, + const gnutls_datum *ext_data, unsigned int critical) +{ +char name[128], name2[128], counter[MAX_INT_DIGITS]; +const char* str; +int result; + + _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); + _gnutls_int2str(indx, counter); + _gnutls_str_cat(name, sizeof(name), counter); + + if (critical==0) str = "FALSE"; + else str = "TRUE"; + + _gnutls_str_cpy(name2, sizeof(name2), name); + _gnutls_str_cat(name2, sizeof(name2), ".critical"); + + result = asn1_write_value(asn, name2, str, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + _gnutls_str_cpy(name2, sizeof(name2), name); + _gnutls_str_cat(name2, sizeof(name2), ".extnValue"); + + result = _gnutls_x509_write_value( asn, name2, ext_data, 0); + if (result < 0) { + gnutls_assert(); + return result; + } +} + +/* This function will attempt to overwrite the requested extension with + * the given one. + * + * Critical will be either 0 or 1. + */ +int _gnutls_x509_crt_set_extension( gnutls_x509_crt cert, const char* ext_id, + const gnutls_datum* ext_data, unsigned int critical) +{ + int result; + const char *str; + int k, len; char name[128], name2[128], counter[MAX_INT_DIGITS]; - char str[1024]; + char str_critical[10]; char extnID[128]; - char extnValue[256]; + gnutls_datum value; int indx_counter = 0; + /* Find the index of the given extension. + */ k = 0; do { k++; @@ -251,8 +336,8 @@ int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert, _gnutls_int2str(k, counter); _gnutls_str_cat(name, sizeof(name), counter); - len = sizeof(str) - 1; - result = asn1_read_value(cert->cert, name, str, &len); + len = sizeof(extnID) - 1; + result = asn1_read_value(cert->cert, name, extnID, &len); /* move to next */ @@ -280,19 +365,10 @@ int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert, /* Handle Extension */ - if ( indx == indx_counter++) { - len = strlen( extnID) + 1; - - if ( *sizeof_oid < (uint)len) { - *sizeof_oid = len; - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - memcpy( oid, extnID, len); - *sizeof_oid = len - 1; - - return 0; + if ( strcmp(extnID, ext_id)==0) { + /* extension was found + */ + return overwrite_extension( cert->cert, k, ext_data, critical); } @@ -300,54 +376,12 @@ int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert, } while (1); if (result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return set_extension( cert->cert, ext_id, ext_data, critical); } else { gnutls_assert(); return _gnutls_asn2err(result); } -} -/* This function will attempt to set the requested extension in - * the given X509v3 certificate. - * - * Critical will be either 0 or 1. - */ -int _gnutls_x509_crt_set_extension( gnutls_x509_crt cert, const char* extension_id, - const gnutls_datum* ext_data, unsigned int critical) -{ - int result; - const char *str; - - /* Add a new extension in the list. - */ - result = asn1_write_value(cert->cert, "tbsCertificate.extensions", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = asn1_write_value(cert->cert, "tbsCertificate.extensions.?LAST.extnID", extension_id, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - if (critical==0) str = "FALSE"; - else str = "TRUE"; - - - result = asn1_write_value(cert->cert, "tbsCertificate.extensions.?LAST.critical", str, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = _gnutls_x509_write_value( cert->cert, "tbsCertificate.extensions.?LAST.extnValue", - ext_data, 0); - if (result < 0) { - gnutls_assert(); - return result; - } return 0; } |