diff options
author | Stef Walter <stefw@gnome.org> | 2013-01-02 16:06:19 +0100 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2013-02-05 14:54:53 +0100 |
commit | 18bb2582c32f4373f7ed85894fb490f2733cb03b (patch) | |
tree | 3ecdcbc5451beb67e095ebaf0f233cdfd680ad94 /trust/parser.h | |
parent | 3b482acc47ba971406db526ebddf589ad1a8f16e (diff) | |
download | p11-kit-18bb2582c32f4373f7ed85894fb490f2733cb03b.tar.gz |
Implement stapled certificate extensions internally
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
Diffstat (limited to 'trust/parser.h')
-rw-r--r-- | trust/parser.h | 39 |
1 files changed, 15 insertions, 24 deletions
diff --git a/trust/parser.h b/trust/parser.h index 44529ba..31f307c 100644 --- a/trust/parser.h +++ b/trust/parser.h @@ -32,6 +32,7 @@ * Author: Stef Walter <stefw@redhat.com> */ +#include "array.h" #include "dict.h" #include "pkcs11.h" @@ -51,27 +52,6 @@ enum { #define P11_PARSER_FIRST_HANDLE 0xA0000000UL -#define P11_EKU_SERVER_AUTH "1.3.6.1.5.5.7.3.1" -#define P11_EKU_CLIENT_AUTH "1.3.6.1.5.5.7.3.2" -#define P11_EKU_CODE_SIGNING "1.3.6.1.5.5.7.3.3" -#define P11_EKU_EMAIL "1.3.6.1.5.5.7.3.4" -#define P11_EKU_IPSEC_END_SYSTEM "1.3.6.1.5.5.7.3.5" -#define P11_EKU_IPSEC_TUNNEL "1.3.6.1.5.5.7.3.6" -#define P11_EKU_IPSEC_USER "1.3.6.1.5.5.7.3.7" -#define P11_EKU_TIME_STAMPING "1.3.6.1.5.5.7.3.8" - -enum { - P11_KU_DIGITAL_SIGNATURE = 128, - P11_KU_NON_REPUDIATION = 64, - P11_KU_KEY_ENCIPHERMENT = 32, - P11_KU_DATA_ENCIPHERMENT = 16, - P11_KU_KEY_AGREEMENT = 8, - P11_KU_KEY_CERT_SIGN = 4, - P11_KU_CRL_SIGN = 2, - P11_KU_ENCIPHER_ONLY = 1, - P11_KU_DECIPHER_ONLY = 32768, -}; - typedef struct _p11_parser p11_parser; p11_parser * p11_parser_new (void); @@ -100,9 +80,20 @@ int p11_parse_key_usage (p11_parser *parser, size_t length, unsigned int *ku); -int p11_parse_extended_key_usage (p11_parser *parser, +p11_dict * p11_parse_extended_key_usage (p11_parser *parser, const unsigned char *data, - size_t length, - p11_dict *ekus); + size_t length); + +/* Functions used for retrieving parsing information */ + +int p11_parsing_get_flags (p11_parser *parser); + +CK_ATTRIBUTE * p11_parsing_get_certificate (p11_parser *parser, + p11_array *parsing); + +unsigned char * p11_parsing_get_extension (p11_parser *parser, + p11_array *parsing, + const unsigned char *oid, + size_t *length); #endif |