static int openssl_crl_extensions(lua_State* L)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
if (lua_isnone(L, 2))
{
STACK_OF(X509_EXTENSION) *exts = crl->crl->extensions;
if (exts)
{
openssl_sk_x509_extension_totable(L, exts);
}
else
lua_pushnil(L);
return 1;
}
else
{
STACK_OF(X509_EXTENSION) *exts = openssl_sk_x509_extension_fromtable(L, 2);
int i, n;
n = sk_X509_EXTENSION_num(exts);
for (i = 0; i < n; i++)
{
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
X509_CRL_add_ext(crl, X509_EXTENSION_dup(ext), i);
};
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
return openssl_pushresult(L, 1);
}
}
/*
* Sets X509_EXTENSIONs
*/
static VALUE
ossl_x509crl_set_extensions(VALUE self, VALUE ary)
{
X509_CRL *crl;
X509_EXTENSION *ext;
int i;
Check_Type(ary, T_ARRAY);
/* All ary members should be X509 Extensions */
for (i=0; i<RARRAY_LEN(ary); i++) {
OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
}
GetX509CRL(self, crl);
sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
crl->crl->extensions = NULL;
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]);
if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
X509_EXTENSION_free(ext);
ossl_raise(eX509CRLError, NULL);
}
X509_EXTENSION_free(ext);
}
return ary;
}
void pki_crl::addV3ext(const x509v3ext &e)
{
X509_EXTENSION *ext = e.get();
X509_CRL_add_ext(crl, ext, -1);
X509_EXTENSION_free(ext);
pki_openssl_error();
}
DWORD
VMCAUpdateAuthorityKeyIdentifier(
X509_CRL *pCrl,
PVMCA_X509_CA pCA
)
{
DWORD dwError = 0;
X509V3_CTX ctx;
X509_EXTENSION *pExtension = NULL;
if (!pCA ||
!pCA->pCertificate ||
!pCrl
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR (dwError);
}
X509V3_set_ctx_nodb (&ctx);
X509V3_set_ctx(
&ctx,
pCA->pCertificate,
NULL,
NULL,
pCrl,
0
);
pExtension = X509V3_EXT_conf_nid(
NULL,
&ctx,
NID_authority_key_identifier,
"keyid"
);
if (!pExtension)
{
goto error;
}
X509_CRL_add_ext (pCrl, pExtension, -1);
cleanup:
if (pExtension)
{
X509_EXTENSION_free(pExtension);
}
return dwError;
error:
goto cleanup;
}
int PKI_X509_CRL_add_extension(PKI_X509_CRL *x, PKI_X509_EXTENSION *ext) {
if( !x || !x->value || !ext || !ext->value ) return (PKI_ERR);
if (!X509_CRL_add_ext((X509_CRL *)x->value, ext->value, -1))
return (PKI_ERR);
return (PKI_OK);
}
static VALUE
ossl_x509crl_add_extension(VALUE self, VALUE extension)
{
X509_CRL *crl;
X509_EXTENSION *ext;
GetX509CRL(self, crl);
ext = GetX509ExtPtr(extension);
if (!X509_CRL_add_ext(crl, ext, -1)) {
ossl_raise(eX509CRLError, NULL);
}
return extension;
}
static VALUE
ossl_x509crl_add_extension(VALUE self, VALUE extension)
{
X509_CRL *crl;
X509_EXTENSION *ext;
GetX509CRL(self, crl);
ext = DupX509ExtPtr(extension);
if (!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
X509_EXTENSION_free(ext);
ossl_raise(eX509CRLError, NULL);
}
X509_EXTENSION_free(ext);
return extension;
}
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl)
{
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
return 0;
if(crl) X509_CRL_add_ext(crl, ext, -1);
X509_EXTENSION_free(ext);
}
return 1;
}
/*
* Sets X509_EXTENSIONs
*/
static VALUE
ossl_x509crl_set_extensions(VALUE self, VALUE ary)
{
X509_CRL *crl;
X509_EXTENSION *ext;
long i;
Check_Type(ary, T_ARRAY);
/* All ary members should be X509 Extensions */
for (i=0; i<RARRAY_LEN(ary); i++) {
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509CRL(self, crl);
while ((ext = X509_CRL_delete_ext(crl, 0)))
X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
if (!X509_CRL_add_ext(crl, ext, -1)) {
ossl_raise(eX509CRLError, NULL);
}
}
return ary;
}
int PKI_X509_CRL_add_extension_stack(PKI_X509_CRL *x,
PKI_X509_EXTENSION_STACK *ext) {
int i = 0;
if( !x || !ext ) return (PKI_ERR);
for( i = 0; i < PKI_STACK_X509_EXTENSION_elements(ext); i++ ) {
PKI_X509_EXTENSION *ossl_ext = NULL;
ossl_ext = PKI_STACK_X509_EXTENSION_get_num( ext, i);
if (!ossl_ext ) continue;
if(!X509_CRL_add_ext ( (X509_CRL *) x->value,
ossl_ext->value, -1 )) {
PKI_log_err("Adding Extension::%s",
ERR_error_string(ERR_get_error(), NULL));
return ( PKI_ERR );
}
}
return (PKI_OK);
}
