diff options
| author | Stef Walter <stefw@gnome.org> | 2013-01-21 10:51:04 +0100 |
|---|---|---|
| committer | Stef Walter <stefw@gnome.org> | 2013-02-05 14:54:53 +0100 |
| commit | 67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5 (patch) | |
| tree | f6a6b30e9abcf03bd66bd6a1f5e6ba7dee0d8969 | |
| parent | 5e4a3ea9b8f254d99544490eed8e17e88c81f975 (diff) | |
| download | p11-kit-67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5.tar.gz | |
Move the X.509 extension parsing code in common/
* So it can be used by other code, in addition to the trust stuff
| -rw-r--r-- | common/tests/test-x509.c | 191 | ||||
| -rw-r--r-- | common/x509.c | 67 | ||||
| -rw-r--r-- | common/x509.h | 9 | ||||
| -rw-r--r-- | trust/adapter.c | 132 | ||||
| -rw-r--r-- | trust/parser.c | 69 |
5 files changed, 335 insertions, 133 deletions
diff --git a/common/tests/test-x509.c b/common/tests/test-x509.c index 17e25bf..0341ed9 100644 --- a/common/tests/test-x509.c +++ b/common/tests/test-x509.c @@ -88,13 +88,134 @@ static const char test_eku_client_email_and_timestamp[] = { 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, }; +static const unsigned char test_cacert3_ca_der[] = { + 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, + 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, + 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, + 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, + 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, + 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, + 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, + 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, + 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, + 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, + 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, + 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, + 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, + 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, + 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, + 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, + 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, + 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, + 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, + 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, + 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, + 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, + 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, + 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, + 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, + 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, + 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, + 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, + 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, + 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, + 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, + 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, + 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, + 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, + 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, + 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, + 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, + 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, + 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, + 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, + 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, + 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, + 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, + 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, + 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, + 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, + 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, + 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, + 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, + 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, + 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, + 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, + 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, + 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, + 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, + 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, + 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, + 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, + 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, + 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, + 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, + 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, + 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, + 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, + 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, + 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, + 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, + 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, + 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, + 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, + 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, + 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, + 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, + 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, + 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, + 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, + 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, + 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, + 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, + 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, + 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, + 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, + 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, + 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, + 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, + 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, + 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, + 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, +}; + struct { const char *eku; size_t length; const char *expected[16]; } extended_key_usage_fixtures[] = { { test_eku_server_and_client, sizeof (test_eku_server_and_client), - { P11_OID_CLIENT_AUTH_STR, P11_OID_SERVER_AUTH_STR, NULL }, }, + { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, }, { test_eku_none, sizeof (test_eku_none), { NULL, }, }, { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp), @@ -105,8 +226,8 @@ struct { static void test_parse_extended_key_usage (CuTest *cu) { - p11_dict *ekus; - int i, j; + p11_array *ekus; + int i, j, count; setup (cu); @@ -116,11 +237,13 @@ test_parse_extended_key_usage (CuTest *cu) extended_key_usage_fixtures[i].length); CuAssertPtrNotNull (cu, ekus); - for (j = 0; extended_key_usage_fixtures[i].expected[j] != NULL; j++) - CuAssertTrue (cu, p11_dict_get (ekus, extended_key_usage_fixtures[i].expected[j]) != NULL); - CuAssertIntEquals (cu, j, p11_dict_size (ekus)); + for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); - p11_dict_free (ekus); + CuAssertIntEquals (cu, count, ekus->num); + for (j = 0; j < count; j++) + CuAssertStrEquals (cu, ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); + + p11_array_free (ekus); } teardown (cu); @@ -160,6 +283,58 @@ test_parse_key_usage (CuTest *cu) teardown (cu); } +static void +test_parse_extension (CuTest *cu) +{ + node_asn *cert; + unsigned char *ext; + size_t length; + bool is_ca; + + setup (cu); + + cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + CuAssertPtrNotNull (cu, cert); + + ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), + &length); + CuAssertPtrNotNull (cu, ext); + CuAssertTrue (cu, length > 0); + + asn1_delete_structure (&cert); + + if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) + CuFail (cu, "failed to parse message"); + + free (ext); + + teardown (cu); +} +static void +test_parse_extension_not_found (CuTest *cu) +{ + node_asn *cert; + unsigned char *ext; + size_t length; + + setup (cu); + + cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + CuAssertPtrNotNull (cu, cert); + + ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), + &length); + CuAssertPtrEquals (cu, NULL, ext); + + asn1_delete_structure (&cert); + + teardown (cu); +} + int main (void) { @@ -172,6 +347,8 @@ main (void) SUITE_ADD_TEST (suite, test_parse_extended_key_usage); SUITE_ADD_TEST (suite, test_parse_key_usage); + SUITE_ADD_TEST (suite, test_parse_extension); + SUITE_ADD_TEST (suite, test_parse_extension_not_found); CuSuiteRun (suite); CuSuiteSummary (suite, output); diff --git a/common/x509.c b/common/x509.c index 8eb513d..bfb49df 100644 --- a/common/x509.c +++ b/common/x509.c @@ -43,6 +43,65 @@ #include <stdlib.h> #include <string.h> +unsigned char * +p11_x509_find_extension (node_asn *cert, + const unsigned char *oid, + const unsigned char *der, + size_t der_len, + size_t *ext_len) +{ + char field[128]; + char *value; + int start; + int end; + int ret; + int len; + int i; + + return_val_if_fail (cert != NULL, NULL); + return_val_if_fail (oid != NULL, NULL); + return_val_if_fail (ext_len != NULL, NULL); + + for (i = 1; ; i++) { + if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0) + return_val_if_reached (NULL); + + ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end); + + /* No more extensions */ + if (ret == ASN1_ELEMENT_NOT_FOUND) + break; + + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + /* Make sure it's a straightforward oid with certain assumptions */ + if (!p11_oid_simple (der + start, (end - start) + 1)) + continue; + + /* The one we're lookin for? */ + if (!p11_oid_equal (der + start, oid)) + continue; + + if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0) + return_val_if_reached (NULL); + + len = 0; + ret = asn1_read_value (cert, field, NULL, &len); + return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); + + value = malloc (len); + return_val_if_fail (value != NULL, NULL); + + ret = asn1_read_value (cert, field, value, &len); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + *ext_len = len; + return (unsigned char *)value; + } + + return NULL; +} + bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, const unsigned char *ext_der, @@ -98,14 +157,14 @@ p11_x509_parse_key_usage (p11_dict *asn1_defs, return true; } -p11_dict * +p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, const unsigned char *ext_der, size_t ext_len) { node_asn *asn; char field[128]; - p11_dict *ekus; + p11_array *ekus; char *eku; int ret; int len; @@ -115,7 +174,7 @@ p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, if (asn == NULL) return NULL; - ekus = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); + ekus = p11_array_new (free); for (i = 1; ; i++) { if (snprintf (field, sizeof (field), "?%u", i) < 0) @@ -142,7 +201,7 @@ p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, continue; } - if (!p11_dict_set (ekus, eku, eku)) + if (!p11_array_push (ekus, eku)) return_val_if_reached (NULL); } diff --git a/common/x509.h b/common/x509.h index b7c9a5e..2ec5eb8 100644 --- a/common/x509.h +++ b/common/x509.h @@ -34,11 +34,18 @@ #include <libtasn1.h> +#include "array.h" #include "dict.h" #ifndef P11_X509_H_ #define P11_X509_H_ +unsigned char * p11_x509_find_extension (node_asn *cert, + const unsigned char *oid, + const unsigned char *der, + size_t der_len, + size_t *ext_len); + bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, const unsigned char *ext_der, size_t ext_len, @@ -49,7 +56,7 @@ bool p11_x509_parse_key_usage (p11_dict *asn1_defs, size_t length, unsigned int *ku); -p11_dict * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, +p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, const unsigned char *ext_der, size_t ext_len); diff --git a/trust/adapter.c b/trust/adapter.c index c698382..d17cb70 100644 --- a/trust/adapter.c +++ b/trust/adapter.c @@ -113,14 +113,38 @@ build_trust_object_ku (p11_parser *parser, return p11_attrs_buildn (object, attrs, i); } +static bool +strv_to_dict (const char **array, + p11_dict **dict) +{ + int i; + + if (!array) { + *dict = NULL; + return true; + } + + *dict = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + return_val_if_fail (*dict != NULL, false); + + for (i = 0; array[i] != NULL; i++) { + if (!p11_dict_set (*dict, (void *)array[i], (void *)array[i])) + return_val_if_reached (false); + } + + return true; +} + static CK_ATTRIBUTE * build_trust_object_eku (p11_parser *parser, p11_array *parsing, CK_ATTRIBUTE *object, CK_TRUST allow, - p11_dict *purposes, - p11_dict *rejects) + const char **purposes, + const char **rejects) { + p11_dict *dict_purp; + p11_dict *dict_rej; CK_TRUST neutral; CK_TRUST disallow; CK_ULONG i; @@ -142,6 +166,10 @@ build_trust_object_eku (p11_parser *parser, CK_ATTRIBUTE attrs[sizeof (eku_attribute_map)]; + if (!strv_to_dict (purposes, &dict_purp) || + !strv_to_dict (rejects, &dict_rej)) + return_val_if_reached (NULL); + /* The neutral value is set if an purpose is not present */ if (allow == CKT_NETSCAPE_UNTRUSTED) neutral = CKT_NETSCAPE_UNTRUSTED; @@ -159,10 +187,10 @@ build_trust_object_eku (p11_parser *parser, for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) { attrs[i].type = eku_attribute_map[i].type; - if (rejects && p11_dict_get (rejects, eku_attribute_map[i].oid)) { + if (dict_rej && p11_dict_get (dict_rej, eku_attribute_map[i].oid)) { attrs[i].pValue = &disallow; attrs[i].ulValueLen = sizeof (disallow); - } else if (purposes && p11_dict_get (purposes, eku_attribute_map[i].oid)) { + } else if (dict_purp && p11_dict_get (dict_purp, eku_attribute_map[i].oid)) { attrs[i].pValue = &allow; attrs[i].ulValueLen = sizeof (allow); } else { @@ -171,6 +199,9 @@ build_trust_object_eku (p11_parser *parser, } } + p11_dict_free (dict_purp); + p11_dict_free (dict_rej); + return p11_attrs_buildn (object, attrs, i); } @@ -181,8 +212,8 @@ build_nss_trust_object (p11_parser *parser, CK_BBOOL trust, CK_BBOOL distrust, CK_BBOOL authority, - p11_dict *purposes, - p11_dict *rejects) + const char **purposes, + const char **rejects) { CK_ATTRIBUTE *object = NULL; CK_TRUST allow; @@ -257,34 +288,12 @@ build_nss_trust_object (p11_parser *parser, return_if_reached (); } -static const char * -yield_oid_from_vec (void **state) -{ - const char **oids = *state; - const char *ret = NULL; - if (*oids != NULL) - ret = *(oids++); - *state = oids; - return ret; -} - -static const char * -yield_oid_from_dict (void **state) -{ - p11_dictiter *iter = *state; - const char *ret = NULL; - if (iter && !p11_dict_next (iter, (void**)&ret, NULL)) - *state = NULL; - return ret; -} - static void build_assertions (p11_parser *parser, p11_array *parsing, CK_ATTRIBUTE *cert, CK_X_ASSERTION_TYPE type, - const char * (oid_iter) (void **), - void *oid_state) + const char **oids) { CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION; CK_BBOOL vtrue = CK_TRUE; @@ -304,7 +313,7 @@ build_assertions (p11_parser *parser, CK_ATTRIBUTE *label; CK_ATTRIBUTE *id; CK_ATTRIBUTE *object; - const char *oid_str; + int i; label = p11_attrs_find (cert, CKA_LABEL); if (label == NULL) @@ -317,13 +326,9 @@ build_assertions (p11_parser *parser, return_if_fail (id != NULL && issuer != NULL && serial != NULL && value != NULL); - for (;;) { - oid_str = (oid_iter) (&oid_state); - if (!oid_str) - break; - - purpose.pValue = (void *)oid_str; - purpose.ulValueLen = strlen (oid_str); + for (i = 0; oids[i] != NULL; i++) { + purpose.pValue = (void *)oids[i]; + purpose.ulValueLen = strlen (oids[i]); object = p11_attrs_build (NULL, &klass, &token, &private, &modifiable, id, label, &assertion_type, &purpose, @@ -342,11 +347,9 @@ build_trust_assertions (p11_parser *parser, CK_BBOOL trust, CK_BBOOL distrust, CK_BBOOL authority, - p11_dict *purposes, - p11_dict *rejects) + const char **purposes, + const char **rejects) { - p11_dictiter iter; - const char *all_purposes[] = { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, @@ -361,9 +364,8 @@ build_trust_assertions (p11_parser *parser, /* Build assertions for anything that's explicitly rejected */ if (rejects) { - p11_dict_iterate (rejects, &iter); - build_assertions (parser, parsing, cert, CKT_X_DISTRUSTED_CERTIFICATE, - yield_oid_from_dict, &iter); + build_assertions (parser, parsing, cert, + CKT_X_DISTRUSTED_CERTIFICATE, rejects); } if (distrust) { @@ -372,8 +374,8 @@ build_trust_assertions (p11_parser *parser, * for any purposes. So we just have to go wild and write out a bunch of * assertions for all our known purposes. */ - build_assertions (parser, parsing, cert, CKT_X_DISTRUSTED_CERTIFICATE, - yield_oid_from_vec, all_purposes); + build_assertions (parser, parsing, cert, + CKT_X_DISTRUSTED_CERTIFICATE, all_purposes); } /* @@ -384,13 +386,12 @@ build_trust_assertions (p11_parser *parser, if (trust && authority) { if (purposes) { /* If purposes explicitly set, then anchor for those purposes */ - p11_dict_iterate (purposes, &iter); - build_assertions (parser, parsing, cert, CKT_X_ANCHORED_CERTIFICATE, - yield_oid_from_dict, &iter); + build_assertions (parser, parsing, cert, + CKT_X_ANCHORED_CERTIFICATE, purposes); } else { /* If purposes not-explicitly set, then anchor for all known */ - build_assertions (parser, parsing, cert, CKT_X_ANCHORED_CERTIFICATE, - yield_oid_from_vec, all_purposes); + build_assertions (parser, parsing, cert, + CKT_X_ANCHORED_CERTIFICATE, all_purposes); } } } @@ -404,8 +405,10 @@ p11_adapter_build_objects (p11_parser *parser, CK_BBOOL trust = CK_FALSE; CK_BBOOL distrust = CK_FALSE; CK_BBOOL authority = CK_FALSE; - p11_dict *purposes = NULL; - p11_dict *rejects = NULL; + p11_array *purposes = NULL; + p11_array *rejects = NULL; + const char **purposev; + const char **rejectv; unsigned char *data; p11_dict *defs; size_t length; @@ -431,7 +434,7 @@ p11_adapter_build_objects (p11_parser *parser, if (data) { defs = p11_parser_get_asn1_defs (parser); purposes = p11_x509_parse_extended_key_usage (defs, data, length); - if (purposes == NULL) + if (purposes == NULL) p11_message ("invalid extended key usage certificate extension"); free (data); } @@ -446,11 +449,24 @@ p11_adapter_build_objects (p11_parser *parser, } } + /* null-terminate these arrays and use as strv's */ + purposev = rejectv = NULL; + if (rejects) { + if (!p11_array_push (rejects, NULL)) + return_if_reached (); + rejectv = (const char **)rejects->elem; + } + if (purposes) { + if (!p11_array_push (purposes, NULL)) + return_if_reached (); + purposev = (const char **)purposes->elem; + } + build_nss_trust_object (parser, parsing, cert, trust, distrust, - authority, purposes, rejects); + authority, purposev, rejectv); build_trust_assertions (parser, parsing, cert, trust, distrust, - authority, purposes, rejects); + authority, purposev, rejectv); - p11_dict_free (purposes); - p11_dict_free (rejects); + p11_array_free (purposes); + p11_array_free (rejects); } diff --git a/trust/parser.c b/trust/parser.c index 4f8c407..f6da728 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -336,64 +336,6 @@ build_x509_certificate (p11_parser *parser, return attrs; } -static unsigned char * -find_cert_extension (node_asn *cert, - const unsigned char *der, - size_t der_len, - const unsigned char *oid, - size_t *length) -{ - char field[128]; - char *value; - int start; - int end; - int ret; - int len; - int i; - - assert (oid != NULL); - assert (length != NULL); - - for (i = 1; ; i++) { - if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0) - return_val_if_reached (NULL); - - ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end); - - /* No more extensions */ - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - /* Make sure it's a straightforward oid with certain assumptions */ - if (!p11_oid_simple (der + start, (end - start) + 1)) - continue; - - /* The one we're lookin for? */ - if (!p11_oid_equal (der + start, oid)) - continue; - - if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0) - return_val_if_reached (NULL); - - len = 0; - ret = asn1_read_value (cert, field, NULL, &len); - return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); - - value = malloc (len); - return_val_if_fail (value != NULL, NULL); - - ret = asn1_read_value (cert, field, value, &len); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - *length = len; - return (unsigned char *)value; - } - - return NULL; -} - static CK_ATTRIBUTE * match_parsing_object (p11_parser *parser, CK_ATTRIBUTE *match) @@ -441,8 +383,9 @@ p11_parsing_get_extension (p11_parser *parser, /* Couldn't find a parsed extension, so look in the current certificate */ } else if (parser->cert_asn) { - return find_cert_extension (parser->cert_asn, parser->cert_der, - parser->cert_len, oid, length); + return p11_x509_find_extension (parser->cert_asn, oid, + parser->cert_der, parser->cert_len, + length); } return NULL; @@ -753,7 +696,7 @@ update_trust_and_distrust (p11_parser *parser, CK_BBOOL distrusted; unsigned char *data; size_t length; - p11_dict *ekus; + p11_array *ekus; /* * This function is called to update the CKA_TRUSTED and CKA_X_DISTRUSTED @@ -776,12 +719,12 @@ update_trust_and_distrust (p11_parser *parser, ekus = p11_x509_parse_extended_key_usage (parser->asn1_defs, data, length); if (ekus == NULL) p11_message ("invalid extendend key usage certificate extension"); - else if (p11_dict_size (ekus) == 0) { + else if (ekus->num == 0) { distrusted = CK_TRUE; trusted = CK_FALSE; } - p11_dict_free (ekus); + p11_array_free (ekus); free (data); } |