int PKI_X509_STACK_put_url (PKI_X509_STACK *sk, PKI_DATA_FORMAT format,
URL *url, const char *mime, PKI_CRED *cred, HSM *hsm) {
PKI_MEM *mem = NULL;
PKI_X509 *x_obj = NULL;
PKI_SSL *ssl = NULL;
int idx = 0;
int ret = 0;
if( !sk || !url ) {
return ( PKI_ERR );
}
if((idx = PKI_STACK_X509_elements (sk)) < 1 ) {
return ( PKI_ERR );
}
if( url->proto == URI_PROTO_ID && hsm ) {
return ( HSM_X509_STACK_put_url ( sk, url, cred, hsm ));
};
/* Now that we know the HSM is off the hook, we save it into a
PKI_MEM structure and then we 'put' it via the general function */
/*
if((mem = PKI_MEM_new_null()) == NULL ) {
return (PKI_ERR);
}
*/
if(PKI_X509_STACK_put_mem( sk, format, &mem, cred, hsm ) == NULL ) {
if( mem ) PKI_MEM_free ( mem );
return ( PKI_ERR );
}
/* Lets get the type of X509 objects we have on the stack */
if((x_obj = PKI_STACK_X509_get_num ( sk, 0 )) != NULL ) {
mime = PKI_X509_get_mimetype ( x_obj->type );
} else {
mime = PKI_X509_get_mimetype ( PKI_DATATYPE_UNKNOWN );
}
if ( cred ) {
ssl = (PKI_SSL *) cred->ssl;
if ( !url->usr && cred->username ) {
url->usr = strdup ( cred->username );
}
if ( !url->pwd && cred->password ) {
url->pwd = strdup ( cred->password );
}
}
ret = URL_put_data_url ( url, mem, (char *) mime, NULL, 60, 0, ssl );
if ( mem ) PKI_MEM_free ( mem );
return ( ret );
}
PKI_MEM * HSM_OPENSSL_sign(PKI_MEM *der, PKI_DIGEST_ALG *digest, PKI_X509_KEYPAIR *key)
{
EVP_MD_CTX *ctx = NULL;
size_t out_size = 0;
size_t ossl_ret = 0;
PKI_MEM *out_mem = NULL;
EVP_PKEY *pkey = NULL;
if (!der || !der->data || !key || !key->value)
{
PKI_ERROR( PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Private Key
pkey = key->value;
// Get the Maximum size of a signature
ossl_ret = out_size = (size_t) EVP_PKEY_size(pkey);
// Initialize the return structure
out_mem = PKI_MEM_new ((size_t)out_size);
ctx = EVP_MD_CTX_new();
if (!out_mem || !ctx) {
if (ctx) EVP_MD_CTX_free(ctx);
if (out_mem) PKI_MEM_free(out_mem);
PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
EVP_MD_CTX_init(ctx);
EVP_SignInit_ex(ctx, digest, NULL);
EVP_SignUpdate (ctx, der->data, der->size);
// Finalize the signature
if (!EVP_SignFinal(ctx, out_mem->data, (unsigned int *) &ossl_ret, pkey))
{
PKI_log_err("ERROR while finalizing signature (%s)",
HSM_OPENSSL_get_errdesc(HSM_OPENSSL_get_errno(), NULL, 0));
PKI_MEM_free(out_mem);
out_mem = NULL;
}
else out_mem->size = (size_t) ossl_ret;
// Cleanup the context
#if OPENSSL_VERSION_NUMBER <= 0x1010000f
EVP_MD_CTX_cleanup(ctx);
#else
EVP_MD_CTX_reset(ctx);
#endif
EVP_MD_CTX_free(ctx);
return out_mem;
}
/*
* \brief Frees the memory associated with a PKI_HMAC
*/
void PKI_HMAC_free(PKI_HMAC *hmac)
{
if (!hmac) return;
if (hmac->key) PKI_MEM_free (hmac->key);
if (hmac->value) PKI_MEM_free (hmac->value);
hmac->digestAlg = NULL;
HMAC_CTX_cleanup(&hmac->ctx);
}
void PKI_HTTP_free ( PKI_HTTP *rv )
{
if ( !rv ) return;
if ( rv->location ) PKI_Free ( rv->location );
if ( rv->type ) PKI_Free ( rv->type );
if ( rv->body ) PKI_MEM_free ( rv->body );
if ( rv->head ) PKI_MEM_free ( rv->head );
if ( rv->path ) PKI_Free ( rv->path );
PKI_Free ( rv );
return;
}
PKI_DIGEST *PKI_DIGEST_URL_new ( PKI_DIGEST_ALG *alg, URL *url ) {
PKI_MEM_STACK * stack = NULL;
PKI_MEM *data = NULL;
PKI_DIGEST *ret = NULL;
if(( stack = URL_get_data_url( url, 0, 0, NULL )) == NULL ) {
/* Error, Can not grab the data */
return ( NULL );
}
if( (data = PKI_STACK_MEM_pop( stack )) == NULL ) {
/* Error, no objects returned! */
PKI_STACK_free( stack );
return ( NULL );
}
/* Calculate the Digest over the first object */
ret = PKI_DIGEST_MEM_new( alg, data );
/* Let's free the data */
PKI_MEM_free( data );
/* Let's free the stack data structure */
PKI_STACK_free ( stack );
/* Return the diget data */
return ( ret );
}
int PKI_MEM_decode(PKI_MEM *mem, PKI_DATA_FORMAT format, int opts)
{
PKI_MEM *decoded = NULL;
if ((decoded = PKI_MEM_get_decoded(mem, format, opts)) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return PKI_ERR_MEMORY_ALLOC;
}
// Clears the memory for the old PKI_MEM
if (mem->data) PKI_Free(mem->data);
// Transfer ownership of the data
mem->data = decoded->data;
mem->size = decoded->size;
// Clears the encoded data container
decoded->data = NULL;
decoded->size = 0;
// Free the newly-allocated (now empty) container
PKI_MEM_free(decoded);
// Returns success
return PKI_OK;
}
PKI_MEM *PKI_MEM_new_func ( void *obj, int (*func)(void *, unsigned char **p)) {
size_t size = 0;
int i = 0;
PKI_MEM * ret = NULL;
if (!obj || !func ) return NULL;
if((i = func ( obj, NULL)) <= 0 ) {
return NULL;
}
size = (size_t) i;
if((ret = PKI_MEM_new ( size )) == NULL ) {
return NULL;
}
if ( !func(obj, &(ret->data)) ) {
PKI_MEM_free ( ret );
return NULL;
}
return ret;
}
int PKI_HMAC_finalize(PKI_HMAC *hmac)
{
int size = 0;
unsigned int verify_size = 0;
if (!hmac || !hmac->initialized)
return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
// Let's prepare the return value
size = EVP_MD_size(hmac->digestAlg);
verify_size = (unsigned int) size;
// Generate a new PKI_MEM container
hmac->value = PKI_MEM_new((size_t) size);
// Let's finalize the HMAC
#if OPENSSL_VERSION_NUMBER > 0x0090900fL
int rv = HMAC_Final(&hmac->ctx, hmac->value->data, &verify_size);
if (!rv)
{
PKI_log_err("can not finalize HMAC");
PKI_MEM_free(hmac->value);
hmac->value = NULL;
return PKI_ERR;
}
#else
// In OpenSSL < 0.9.9 the return value is actually void
HMAC_Final(&hmac->ctx, hmac->value->data, &verify_size);
#endif
// Checks the sizes
if (verify_size != size)
{
PKI_log_err("Error while finalizing HMAC, size (%d) should be (%d)",
verify_size, hmac->value->size);
PKI_MEM_free(hmac->value);
hmac->value = NULL;
return PKI_ERR;
}
return PKI_OK;
}
/*
BUF_MEM *http_get_data ( BIO *in, ssize_t max_size ) {
BUF_MEM *buf = NULL;
size_t fullsize = 0;
int newsize = 0;
if( !in )
return NULL;
buf = BUF_MEM_new();
for (;;) {
if ((buf == NULL) || (!BUF_MEM_grow(buf, (int) (fullsize+512)))) {
PKI_log( PKI_LOG_ERR, "Memory Allocation Err (%s:%d)",
__FILE__, __LINE__ );
return ( NULL );
}
newsize = BIO_read(in, &(buf->data[fullsize]), 512);
if (newsize == 0) break;
if (newsize < 0) {
BUF_MEM_free( buf );
return NULL;
}
fullsize += (size_t) newsize;
if( (max_size > 0) && (fullsize > max_size)) {
// fprintf( stderr,
// "ERROR::HTTP::Read::Max read size exceeded "
// " [ %d ]", max_size );
BUF_MEM_free( buf );
return NULL;
}
}
buf->data[fullsize] = '\x0';
return buf;
}
*/
PKI_X509_PRQP_RESP *PKI_X509_PRQP_RESP_get_http ( URL *url,
PKI_X509_PRQP_REQ *req, unsigned long max_size ) {
PKI_MEM *mem = NULL;
PKI_X509_PRQP_RESP *resp = NULL;
PKI_MEM_STACK *mem_sk = NULL;
if(( mem = PKI_X509_PRQP_REQ_put_mem ( req,
PKI_DATA_FORMAT_ASN1, NULL, NULL, NULL )) == NULL ) {
return NULL;
}
if ( URL_put_data_url ( url, mem, "application/prqp-request",
&mem_sk, 60, 0, NULL ) == PKI_ERR ) {
PKI_MEM_free ( mem );
return NULL;
}
PKI_MEM_free ( mem );
if ( PKI_STACK_MEM_elements ( mem_sk ) <= 0 ) {
PKI_log_debug ("No Responses received!");
}
if((mem = PKI_STACK_MEM_pop ( mem_sk )) == NULL ) {
PKI_log_debug ("STACK Memory Error");
PKI_STACK_MEM_free_all ( mem_sk );
return NULL;
}
if((resp = PKI_X509_PRQP_RESP_get_mem ( mem,
NULL, NULL )) == NULL ) {
PKI_log_debug ( "Can not read response from Memory.");
}
PKI_STACK_MEM_free_all ( mem_sk );
return resp;
}
/*
* \brief Initializes the passed hmac to use the passed key and digest algorithm
*/
int PKI_HMAC_init(PKI_HMAC *hmac, unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm)
{
if (!hmac) return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
// Free the memory if another key was used
if (hmac->key) PKI_MEM_free(hmac->key);
hmac->key = NULL;
if (hmac->value) PKI_MEM_free(hmac->value);
hmac->value = NULL;
// Generate the new PKI_MEM to hold the key data
hmac->key = PKI_MEM_new_data(key_size, key);
if (!hmac->key || !hmac->key->data || hmac->key->size <= 0)
{
hmac->initialized = 0;
return PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
}
// Sets the algoritm
hmac->digestAlg = digest ? digest : PKI_DIGEST_ALG_SHA1;
// Checks if HSM implementation was asked by the developer
if (hsm)
{
PKI_ERROR(PKI_ERR_GENERAL, "Code to support HMAC on HSMs not implemented, yet.");
hmac->initialized = 0;
return PKI_ERR;
}
// Initializes the Context
HMAC_Init_ex(&hmac->ctx, (const void *) key, (int) key_size, hmac->digestAlg, NULL);
// Sets the initialization flag
hmac->initialized = 1;
return PKI_OK;
}
PKI_MEM *PKI_MEM_new ( size_t size ) {
PKI_MEM *ret = NULL;
ret = PKI_MEM_new_null();
if( !ret ) return (NULL);
ret->data = PKI_Malloc ( size );
if( !ret->data ) {
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
PKI_MEM_free ( ret );
return (NULL);
}
ret->size = size;
return(ret);
}
int PKI_X509_SCEP_DATA_set_x509_obj ( PKI_X509_SCEP_DATA *data, PKI_X509 *obj )
{
PKI_MEM *mem = NULL;
int ret = PKI_ERR;
if ( !data || !data->value || !obj || !obj->value )
return PKI_ERR;
if (( mem = PKI_X509_put_mem ( obj, PKI_DATA_FORMAT_ASN1, NULL, NULL )) == NULL )
return PKI_ERROR(PKI_ERR_GENERAL, NULL);
ret = PKI_X509_SCEP_DATA_set_raw_data ( data, mem->data, (ssize_t) mem->size );
PKI_MEM_free ( mem );
return ret;
}
/*
* \brief Returns a B64 encoded PKI_MEM for the hmac value
*/
PKI_MEM *PKI_HMAC_get_value_b64(PKI_HMAC *hmac)
{
PKI_MEM *ret = NULL;
// This returns a duplicate of the PKI_MEM value
ret = PKI_HMAC_get_value(hmac);
if (!ret) PKI_log_err("can not get the HMAC PKI_MEM value");
// If a valid PKI_MEM is returned, let's B64 it
if (ret && ret->data && ret->size > 0)
{
if (PKI_MEM_encode(ret, PKI_DATA_FORMAT_B64, 0) != PKI_OK)
{
PKI_log_err("can not B64 encoding HMAC PKI_MEM value");
if (ret) PKI_MEM_free(ret);
return NULL;
}
}
return ret;
}
PKI_HTTP *PKI_HTTP_get_message (const PKI_SOCKET * sock,
int timeout,
size_t max_size) {
PKI_HTTP * ret = NULL;
char * eoh = NULL;
char * body = NULL;
ssize_t read = 0; // Keeps track of the single reading
ssize_t free = 0; // Keeps track of the remaining buffer space
ssize_t idx = 0; // Keeps track of how much data we poured into MEM
ssize_t size = 0; // Keeps track of the read data from socket
// Let's initialize some useful variables (code readability)
long long content_length = -1;
// Buffer where to keep the data
PKI_MEM *m = NULL;
// Allocates the HTTP message container
if ((ret = PKI_HTTP_new()) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL );
goto err;
}
ret->method = PKI_HTTP_METHOD_UNKNOWN;
if (max_size > 0)
{
// Allocates a new MEM object
m = PKI_MEM_new(max_size + 1);
}
else
{
// Allocates the default buffer for HTTP messages
m = PKI_MEM_new(HTTP_BUF_SIZE + 1);
}
if (m == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
// Sets the free space in the buffer
free = (ssize_t) m->size - 1;
// Let's retrieve the data from the socket. Note that this for
// always read at most 'free' bytes which carries the amount of
// free space in the buffer -> safe
for (read = PKI_SOCKET_read(sock, (char *)(&(m->data[idx])), (size_t) free, timeout);
read > 0;
read = PKI_SOCKET_read(sock, (char *)(&(m->data[idx])), (size_t) free, timeout))
{
// If read is negative, there was an error on the socket
// let's just report it as an error and move on
if (read < 0)
{
if (!eoh)
{
PKI_log_err("Error while reading from socket");
goto err;
}
else
{
// Nothing to read anymore - let's break
PKI_log_err("Nothing to read anymore (read = %d)", read);
break;
}
}
else if (read == 0 && eoh)
{
// No data was read, let's assume the stream is complete and
// break from the for loop
break;
}
// Let's be sure there is a NULL-bound limit to the read data
size += read;
free -= read;
m->data[size] = '\x0';
// If we don't have a header yet, let's look for it
if (!eoh && ((eoh = __find_end_of_header(m, idx)) != NULL))
{
// We want the header to finish with just one '\r\n' - since the
// pointer we receive is at the end of the '\r\n\r\n' sequence,
// we need to shrink by 2 bytes
size_t header_size = (size_t) (eoh - (char *) m->data - 2);
ret->head = PKI_MEM_new_data(header_size + 1, m->data);
ret->head->data[header_size] = '\x0';
// If we can not parse the header - we have to return error
if (PKI_ERR == __parse_http_header(ret)) goto err;
// Let's get the pointer to the start of the body
body = eoh + 1;
// Checks for the content-length is in the header - if we have not found it, yet
if (ret->method != PKI_HTTP_METHOD_GET && content_length < 0)
{
char *cnt_len_s = NULL;
if ((cnt_len_s = PKI_HTTP_get_header(ret, "Content-Length" )) != NULL)
{
content_length = atoll(cnt_len_s);
PKI_Free(cnt_len_s);
// PKI_log_debug ( "HTTP Content-Length: %d bytes", content_length);
}
}
} // End of if (!eoh) ...
// Updates the start pointer for the next read operation
idx += read;
// Let's check if we need to expand the buffer
if (max_size <= 0)
{
// We expand the mem if the buffer has less than 2K free
if (free < 2048)
{
ssize_t ofs = 0;
if(body)
{
ofs = (ssize_t)(body - (char *)m->data);
if(ofs < 0)
{
PKI_log_debug ( "Invalid offset for HTTP body: Start: %p - Body: %p", m->data, body);
PKI_ERROR(PKI_ERR_URI_READ, NULL);
goto err;
}
}
// Grow the memory for the HTTP message
if(content_length > 0 && body && m->size < (size_t)(content_length + ofs))
{
size_t len = ((size_t)(content_length + ofs) - m->size);
if (PKI_MEM_grow(m, len + 1) == PKI_ERR)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
goto err;
}
free += (ssize_t)len;
}
else
{
if (PKI_MEM_grow(m, HTTP_BUF_SIZE) == PKI_ERR)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
goto err;
}
free += HTTP_BUF_SIZE;
}
// Let's update the pointer to the body
if(body) body = (char *)m->data + ofs;
}
}
// Let's check if we need to perform the next read or not
if (eoh && ret->method == PKI_HTTP_METHOD_GET)
{
// We do not need to wait for any other read as GETs do not have
// a full body
break;
}
else if ((content_length >= 0) && (&m->data[size] - (unsigned char *)body >= content_length))
{
// Here we have received the full body (since the size of the body corresponds or exceeds the
// contents of the Content-Length: header line), therefore we can safely get out of the cycle
break;
}
} /* End of for..loop */
// Here we should have both the eoh and the body - if not, there was
// an error and we return the malformed request message
if (!eoh)
{
// PKI_log_err ( "Read data (so far): %d bytes - Last read: %d bytes", idx, read);
PKI_ERROR(PKI_ERR_URI_READ, NULL);
goto err;
}
// Sets some HTTP specific data
ret->location = PKI_HTTP_get_header ( ret, "Location" );
ret->type = PKI_HTTP_get_header ( ret, "Content-Type" );
if (ret->method != PKI_HTTP_METHOD_GET && content_length > 0 && body)
{
ssize_t body_start = (ssize_t)(body - (char *)m->data);
ssize_t body_size = idx - body_start;
if (body_start < 0 || body_size < 0)
{
PKI_log_err ( "Invalid offset for HTTP body - body_start: %d bytes - body_size: %d bytes", body_start, body_size);
PKI_ERROR(PKI_ERR_URI_READ, NULL);
goto err;
}
//Check if Content-Length > 0 but body_size is 0
if (body_size == 0) goto err;
// Let's allocate the body for the HTTP message (if any)
ret->body = PKI_MEM_new_data((size_t)body_size+1, (unsigned char *)body);
if(ret->body == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
goto err;
}
ret->body->size = (size_t) body_size;
}
else
{
ret->body = PKI_MEM_new_null();
}
// Let's free the buffer memory
if (m) PKI_MEM_free(m);
// Now we can return the HTTP message
return ret;
err:
// First we free the return message
if (ret) PKI_HTTP_free(ret);
// We then free the buffer memory object
if (m) PKI_MEM_free(m);
return NULL;
}
PKI_X509_OCSP_REQ * ocspd_req_get_socket ( int connfd, OCSPD_CONFIG *ocspd_conf)
{
PKI_X509_OCSP_REQ *req = NULL;
PKI_X509_OCSP_REQ_VALUE *req_val = NULL;
PKI_IO *mem = NULL;
PKI_MEM *pathmem = NULL;
PKI_MEM *b64mem = NULL;
PKI_SOCKET sock;
size_t maxsize = 0;
maxsize = (size_t) ocspd_conf->max_req_size;
PKI_HTTP *http_msg = NULL;
if ( connfd <= 0 ) return NULL;
// Initialize the sock structure
sock.ssl = NULL;
PKI_SOCKET_set_fd ( &sock, connfd );
http_msg = PKI_HTTP_get_message(&sock, (int) ocspd_conf->max_timeout_secs, maxsize);
if (http_msg == NULL)
{
PKI_log_err ("Network Error while reading Request!");
return NULL;
};
/* If method is METHOD_GET we shall de-urlify the buffer and get the
right begin (keep in mind there might be a path set in the config */
if( http_msg->method == PKI_HTTP_METHOD_GET )
{
char *req_pnt = NULL;
if (http_msg->path == NULL)
{
PKI_log_err("Malformed GET request");
goto err;
}
req_pnt = http_msg->path;
while(strchr(req_pnt, '/') != NULL)
{
req_pnt = strchr(req_pnt, '/') + 1;
}
pathmem = PKI_MEM_new_data(strlen(req_pnt), (unsigned char *) req_pnt);
if (pathmem == NULL)
{
PKI_log_err("Memory Allocation Error!");
goto err;
}
if((b64mem = PKI_MEM_url_decode (pathmem, 0)) == NULL)
{
PKI_log_err("Memory Allocation Error!");
PKI_MEM_free(pathmem);
pathmem = NULL; // Safety
goto err;
}
if (PKI_MEM_B64_decode(b64mem, 76) == PKI_ERR )
{
PKI_log_err ("Error decoding B64 Mem");
PKI_MEM_free ( b64mem );
b64mem = NULL;
req_pnt = http_msg->path;
while(req_pnt[0] == '/')
{
req_pnt=req_pnt + 1;
}
b64mem = PKI_MEM_new_data(strlen(req_pnt), (unsigned char *) req_pnt);
if (b64mem == NULL)
{
PKI_log_err("Memory Allocation Error!");
goto err;
}
if (PKI_MEM_B64_decode(b64mem, 76) == PKI_ERR )
{
PKI_log_err ("Error decoding B64 Mem");
PKI_MEM_free ( b64mem );
goto err;
}
}
if((mem = BIO_new_mem_buf(b64mem->data, (int) b64mem->size )) == NULL)
{
PKI_log_err("Memory Allocation Error");
PKI_MEM_free ( b64mem );
goto err;
}
if((req_val = d2i_OCSP_REQ_bio(mem, NULL)) == NULL ) {
PKI_log_err("Can not parse REQ");
}
PKI_MEM_free ( b64mem );
BIO_free (mem);
}
else if ( http_msg->method == PKI_HTTP_METHOD_POST)
{
mem = BIO_new_mem_buf(http_msg->body->data, (int) http_msg->body->size);
if (mem == NULL)
{
PKI_log_err( "Memory Allocation Error");
goto err;
}
else
{
if ((req_val = d2i_OCSP_REQ_bio(mem, NULL)) == NULL)
{
PKI_log_err("Can not parse REQ");
}
BIO_free (mem);
}
}
else
{
PKI_log_err ( "HTTP Method not supported");
goto err;
}
if ( !req_val ) goto err;
req = PKI_X509_new_value(PKI_DATATYPE_X509_OCSP_REQ, req_val, NULL);
if (req == NULL)
{
PKI_log_err ("Can not generate a new X509_OCSP_REQ");
goto err;
}
if ( http_msg ) PKI_HTTP_free ( http_msg );
return (req);
err:
if (http_msg) PKI_HTTP_free(http_msg);
return NULL;
}
PKI_MEM *PKI_X509_PKCS7_get_raw_data( PKI_X509_PKCS7 *p7 ) {
unsigned char *data = NULL;
ssize_t len = -1;
int type = -1;
PKI_X509_PKCS7_VALUE *p7val = NULL;
PKI_MEM *ret = NULL;
if( !p7 || !p7->value ) return ( NULL );
p7val = p7->value;
type = PKI_X509_PKCS7_get_type ( p7 );
switch (type)
{
case PKI_X509_PKCS7_TYPE_DATA:
data = p7val->d.data->data;
len = p7val->d.data->length;
break;
case PKI_X509_PKCS7_TYPE_SIGNED:
if (p7val->d.sign && p7val->d.sign->contents &&
p7val->d.sign->contents->d.data)
{
data = p7val->d.sign->contents->d.data->data;
len = p7val->d.sign->contents->d.data->length;
}
break;
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
if (p7val->d.enveloped && p7val->d.enveloped->enc_data &&
p7val->d.enveloped->enc_data->enc_data)
{
data = p7val->d.enveloped->enc_data->enc_data->data;
len = p7val->d.enveloped->enc_data->enc_data->length;
}
break;
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
if (p7val->d.signed_and_enveloped &&
p7val->d.signed_and_enveloped->enc_data &&
p7val->d.signed_and_enveloped->enc_data->enc_data )
{
data = p7val->d.signed_and_enveloped->enc_data->enc_data->data;
len = p7val->d.signed_and_enveloped->enc_data->enc_data->length;
}
break;
default:
PKI_log_debug ("Unknown PKCS7 type");
return NULL;
}
if ((ret = PKI_MEM_new_null()) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
if (PKI_MEM_add(ret, (char *) data, (size_t) len) == PKI_ERR)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Memory Failure (ret=%p, data=%p, len=%d)",
ret, data, len );
PKI_MEM_free ( ret );
return NULL;
}
/*
if((p7bio = PKCS7_dataInit(p7->value ,NULL)) != NULL ) {
(void)BIO_flush(p7bio);
ret = PKI_MEM_new_bio( p7bio, NULL );
BIO_free_all ( p7bio );
} else {
PKI_log_debug("PKCS7::get_raw_data()::Can not get data [%s]",
ERR_error_string(ERR_get_error(), NULL ));
}
*/
return ( ret );
}
char *parse_url_put_query ( const URL * url, const PKI_MEM *data ) {
char * ret = NULL;
char * table = NULL;
char * tmp_s = NULL;
char * tmp_s2 = NULL;
int where = 0;
int add_and = 0;
char col[1024];
char val[1024];
char tmp[1024];
// char buf[BUFF_MAX_SIZE];
PKI_MEM *buf = NULL;
if( !url || !url->path ) return( NULL );
tmp_s = url->path;
while((tmp_s2 = strchr(tmp_s, '/')) != NULL ) {
tmp_s2++;
tmp_s = tmp_s2;
}
if((table = parse_url_table ( url )) == NULL) {
return (NULL);
}
if((buf = PKI_MEM_new_null()) == NULL ) {
return ( NULL );
}
sprintf( tmp, "INSERT INTO %s (%s) VALUES ('", table, url->attrs );
PKI_MEM_add( buf, tmp, strlen( tmp ));
PKI_MEM_add( buf, (char *) data->data, data->size );
PKI_MEM_add( buf, "') ", 3);
/*
base=strlen(buf);
for( i=0; i < data->size; i++ ) {
sprintf(buf + base + i, "%c", data->data[i]);
}
sprintf(buf+base+i,"') ");
*/
where = 0;
while( (sscanf(tmp_s, "(%[^)=]=\"%[^)\"]\")", col, val) > 1) ||
(sscanf(tmp_s, "(%[^)=]=%[^)])", col, val) > 1)) {
if( where == 0 ) {
/* It is actually an update, let's update! */
snprintf( tmp, sizeof( tmp ),
"UPDATE %s SET %s='", table, url->attrs);
if( buf ) PKI_MEM_free ( buf );
buf = PKI_MEM_new_null();
PKI_MEM_add( buf, tmp, strlen( tmp ));
PKI_MEM_add( buf, (char *) data->data, data->size );
PKI_MEM_add( buf, "' WHERE ", 8);
/*
base=strlen(buf);
for( i=0; i < data->size; i++ ) {
sprintf(buf + base + i, "%c", data->data[i]);
}
sprintf(buf+base+i,"' WHERE ");
*/
/* Let's add the WHERE clause */
where = 1;
}
/* The tmp_s should point to the next token */
tmp_s += strlen(col) + strlen(val) + 3;
/* Control if we need to add the AND in the SQL statement */
if( add_and == 1 ) {
PKI_MEM_add( buf, " AND ", 5);
}
PKI_MEM_add( buf, col, strlen( col ));
PKI_MEM_add( buf, "='", 2);
PKI_MEM_add( buf, val, strlen( val ));
PKI_MEM_add( buf, "' ", 2 );
/*
strncat( buf, col, BUFF_MAX_SIZE - strlen(buf) );
strncat( buf, "='", BUFF_MAX_SIZE - strlen(buf) );
strncat( buf, val, BUFF_MAX_SIZE - strlen(buf) );
strncat( buf, "'", BUFF_MAX_SIZE - strlen(buf) );
*/
/* This triggers the adding of AND on the next iteration */
add_and = 1;
}
PKI_Free (table);
if( (ret = PKI_Malloc(buf->size) + 1) == NULL ) {
if( buf ) PKI_MEM_free ( buf );
return( NULL );
}
memcpy( ret, buf->data, buf->size );
PKI_MEM_free ( buf );
return( ret );
}
void PKI_MEM_free_void ( void *buf ) {
PKI_MEM_free( (PKI_MEM *) buf);
}
int PKI_X509_PKCS7_VALUE_print_bio ( PKI_IO *bio,
PKI_X509_PKCS7_VALUE *p7val ) {
int type;
int i,j;
int cert_num = -1;
int crl_num = -1;
int signers_num = -1;
char *tmp_str = NULL;
PKI_X509_PKCS7 *msg = NULL;
PKCS7_SIGNER_INFO *si = NULL;
PKI_X509_CERT *cert = NULL;
PKI_DIGEST *digest = NULL;
PKI_MEM *mem = NULL;
if (!bio || !p7val ) return PKI_ERR;
if (( msg = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_PKCS7,
p7val, NULL )) == NULL ) {
return PKI_ERR;
}
type = PKI_X509_PKCS7_get_type ( msg );
BIO_printf( bio, "PKCS#7 Message:\r\n" );
BIO_printf( bio, " Message Type:\r\n " );
switch ( type ) {
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
BIO_printf( bio, "Encrypted\r\n" );
break;
case PKI_X509_PKCS7_TYPE_SIGNED:
BIO_printf( bio, "Signed\r\n" );
break;
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
BIO_printf( bio, "Signed and Encrypted\r\n" );
break;
default:
BIO_printf( bio, "Unknown (%d)\r\n", type );
break;
}
BIO_printf( bio, " Message Data:\r\n");
if (( mem = PKI_X509_PKCS7_get_raw_data ( msg )) == NULL ) {
BIO_printf( bio, " None.\r\n");
} else {
int msg_type = 0;
BIO_printf( bio, " Size=%u bytes\r\n",
(unsigned int) mem->size );
msg_type = PKI_X509_PKCS7_get_type ( msg );
if ( msg_type == PKI_X509_PKCS7_TYPE_ENCRYPTED ||
msg_type ==
PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED){
BIO_printf( bio, " Encrypted=yes\r\n");
BIO_printf( bio, " Algorithm=%s\r\n",
PKI_ALGOR_get_parsed (
PKI_X509_PKCS7_get_encode_alg ( msg )));
} else {
BIO_printf( bio, " Encrypted=no\r\n");
}
PKI_MEM_free ( mem );
}
i = 0;
if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) {
BIO_printf(bio, " Signature Info:\r\n" );
BIO_printf(bio, " No Signature found.\r\n" );
}
// Print the Signer Info
BIO_printf( bio, " Signer Info:\r\n");
signers_num = PKI_X509_PKCS7_get_signers_num ( msg );
for ( i = 0; i < signers_num; i++ ) {
PKCS7_ISSUER_AND_SERIAL *ias = NULL;
BIO_printf ( bio, " [%d of %d] Signer Details:\r\n",
i+1, signers_num );
if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL )
break;
if((ias = si->issuer_and_serial) == NULL ) {
BIO_printf ( bio, " "
"ERROR::Missing Info!\r\n");
} else {
tmp_str = PKI_INTEGER_get_parsed ( ias->serial );
BIO_printf ( bio, " Serial=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_NAME_get_parsed ( ias->issuer );
BIO_printf ( bio, " Issuer=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
}
if ( si->digest_enc_alg ) {
BIO_printf( bio, " "
"Encryption Algoritm=%s\r\n",
PKI_ALGOR_get_parsed ( si->digest_enc_alg ));
}
if ( si->digest_alg ) {
BIO_printf( bio, " Digest Algorithm=%s\r\n",
PKI_ALGOR_get_parsed ( si->digest_alg ));
}
BIO_printf( bio, " Signed Attributes:\r\n");
if ( si->auth_attr ) {
PKI_X509_ATTRIBUTE *a = NULL;
int attr_num = 0;
char * tmp_str = NULL;
for ( attr_num = 0; attr_num <
PKI_STACK_X509_ATTRIBUTE_elements (
si->auth_attr ); attr_num++ ) {
a = PKI_STACK_X509_ATTRIBUTE_get_num (
si->auth_attr, attr_num );
if ( PKI_OID_get_id ( a->object ) ==
NID_pkcs9_messageDigest ) {
tmp_str = PKI_X509_ATTRIBUTE_get_parsed
( a );
BIO_printf( bio, " "
"Message Digest:");
for ( j=0; j < strlen(tmp_str); j++ ) {
if ( ( j % 60 ) == 0 ) {
BIO_printf (bio,
"\r\n ");
}
BIO_printf(bio,"%c",tmp_str[j]);
} BIO_printf( bio, "\r\n");
// PKI_Free ( tmp_str );
} else {
BIO_printf( bio, " %s=",
PKI_X509_ATTRIBUTE_get_descr (
a ) );
tmp_str=
PKI_X509_ATTRIBUTE_get_parsed(a);
BIO_printf( bio, "%s\r\n", tmp_str );
PKI_Free ( tmp_str );
}
}
} else {
BIO_printf( bio, " None.\r\n");
}
BIO_printf( bio," Non Signed Attributes:\r\n");
if ( si->unauth_attr ) {
PKI_X509_ATTRIBUTE *a = NULL;
int attr_num = 0;
char * tmp_str = NULL;
for ( attr_num = 0; attr_num <
PKI_STACK_X509_ATTRIBUTE_elements (
si->auth_attr ); attr_num++ ) {
a = PKI_STACK_X509_ATTRIBUTE_get_num (
si->auth_attr, attr_num );
BIO_printf( bio, " %s=",
PKI_X509_ATTRIBUTE_get_descr ( a ) );
tmp_str = PKI_X509_ATTRIBUTE_get_parsed ( a );
BIO_printf( bio, "%s\r\n", tmp_str );
PKI_Free ( tmp_str );
}
BIO_printf( bio, "\r\n");
} else {
BIO_printf( bio, " None.\r\n");
}
}
BIO_printf( bio, "\r\n Recipients Info:\r\n");
if( PKI_X509_PKCS7_has_recipients ( msg ) == PKI_ERR ) {
BIO_printf( bio, " No Recipients\r\n");
} else {
int rec_num = 0;
PKI_X509_CERT *rec = NULL;
rec_num = PKI_X509_PKCS7_get_recipients_num ( msg );
for ( i=0; i < rec_num; i++ ) {
rec = PKI_X509_PKCS7_get_recipient_cert ( msg, i );
if ( !rec ) {
PKCS7_RECIP_INFO *ri = NULL;
PKCS7_ISSUER_AND_SERIAL *ias = NULL;
BIO_printf( bio, " "
"[%d of %d] Recipient Details:\r\n",
i+1, rec_num );
ri = PKI_X509_PKCS7_get_recipient_info ( msg,i);
if (!ri) {
BIO_printf(bio," <ERROR>");
continue;
}
if((ias = ri->issuer_and_serial) != NULL ) {
tmp_str = PKI_INTEGER_get_parsed (
ias->serial );
BIO_printf( bio, " "
"Serial=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_NAME_get_parsed (
ias->issuer );
BIO_printf( bio, " "
"Issuer=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
BIO_printf( bio, " "
"Key Encoding Algorithm=%s\r\n",
PKI_ALGOR_get_parsed (
ri->key_enc_algor ));
}
} else {
BIO_printf( bio, " "
"[%d] Recipient Certificate:\r\n", i );
tmp_str = PKI_X509_CERT_get_parsed( cert,
PKI_X509_DATA_SUBJECT );
BIO_printf( bio, " "
"Subject=%s\r\n", tmp_str);
PKI_Free ( tmp_str );
}
}
}
/* Now Let's Check the CRLs */
BIO_printf(bio, "\r\n Certificates:\r\n");
if ((cert_num = PKI_X509_PKCS7_get_certs_num ( msg )) > 0 ) {
PKI_X509_CERT * cert = NULL;
for (i = 0; i < cert_num; i++ ) {
BIO_printf( bio, " [%d of %d] Certificate:\r\n",
i+1, cert_num);
if((cert = PKI_X509_PKCS7_get_cert ( msg, i )) == NULL ) {
BIO_printf( bio, " Error.\r\n");
continue;
};
tmp_str = PKI_X509_CERT_get_parsed( cert,
PKI_X509_DATA_SERIAL );
BIO_printf( bio, " Serial=%s\r\n",
tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_CERT_get_parsed( cert,
PKI_X509_DATA_ISSUER );
BIO_printf( bio, " Issuer=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_CERT_get_parsed( cert,
PKI_X509_DATA_SUBJECT );
BIO_printf( bio, " Subject=%s\r\n", tmp_str);
PKI_Free ( tmp_str );
digest = PKI_X509_CERT_fingerprint( cert,
PKI_DIGEST_ALG_DEFAULT );
tmp_str = PKI_DIGEST_get_parsed ( digest );
BIO_printf( bio, " Fingerprint [%s]:",
PKI_DIGEST_ALG_get_parsed (
PKI_DIGEST_ALG_DEFAULT ));
for ( j=0; j < strlen(tmp_str); j++ ) {
if ( ( j % 60 ) == 0 ) {
BIO_printf (bio,"\r\n ");
}
BIO_printf( bio, "%c", tmp_str[j] );
} BIO_printf( bio, "\r\n");
PKI_DIGEST_free ( digest );
PKI_Free ( tmp_str );
PKI_X509_CERT_free ( cert );
// X509_signature_print(bp,
// br->signatureAlgorithm, br->signature);
}
} else {
BIO_printf( bio, " None.\r\n");
}
BIO_printf(bio, "\r\n Certificate Revocation Lists:\r\n");
if((crl_num = PKI_X509_PKCS7_get_crls_num ( msg )) > 0 ) {
PKI_X509_CRL * crl = NULL;
for ( i = 0; i < crl_num; i++ ) {
BIO_printf( bio, " [%d of %d] CRL Details:\r\n",
i+1, crl_num );
if(( crl = PKI_X509_PKCS7_get_crl ( msg, i )) == NULL ) {
BIO_printf(bio," ERROR::Missing Data\r\n");
continue;
}
tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_VERSION);
BIO_printf( bio, " Version=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
// tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_SERIAL);
// BIO_printf( bio, " Serial=%s\r\n", tmp_str );
// PKI_Free ( tmp_str );
tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_ISSUER);
BIO_printf( bio, " Issuer=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_CRL_get_parsed(crl,
PKI_X509_DATA_ALGORITHM);
BIO_printf( bio, " Algorithm=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_CRL_get_parsed(crl,
PKI_X509_DATA_NOTBEFORE);
BIO_printf( bio, " Not Before=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
tmp_str = PKI_X509_CRL_get_parsed(crl,
PKI_X509_DATA_NOTAFTER);
BIO_printf( bio, " Not After=%s\r\n", tmp_str );
PKI_Free ( tmp_str );
PKI_X509_CRL_free ( crl );
}
} else {
BIO_printf( bio, " None.\r\n");
}
BIO_printf(bio, "\r\n");
return PKI_OK;
}
char *parse_url_query ( const URL * url ) {
char * ret = NULL;
char * table = NULL;
char * tmp_s = NULL;
char * tmp_s2 = NULL;
int where = 0;
int add_and = 0;
char col[1024];
char val[1024];
char tmp[1024];
PKI_MEM *buf = NULL;
if( !url || !url->path ) return( NULL );
tmp_s = url->path;
while((tmp_s2 = strchr(tmp_s, '/')) != NULL ) {
tmp_s2++;
tmp_s = tmp_s2;
}
if((table = parse_url_table ( url )) == NULL) {
return (NULL);
}
if((buf = PKI_MEM_new_null()) == NULL ) {
return ( NULL );
}
snprintf( tmp, sizeof( tmp ), "SELECT %s from %s ", url->attrs, table );
PKI_Free (table);
PKI_MEM_add( buf, tmp, strlen( tmp ));
where = 0;
while( sscanf(tmp_s, "(%[^)=]=%[^)])", col, val) > 1 ) {
if( where == 0 ) {
/* Let's add the WHERE clause */
PKI_MEM_add(buf, "WHERE ", 6);
where = 1;
}
/* The tmp_s should point to the next token */
tmp_s += strlen(col) + strlen(val) + 3;
/* Control if we need to add the AND in the SQL statement */
if( add_and == 1 ) {
PKI_MEM_add( buf, " AND ", 5);
}
PKI_MEM_add( buf, col, strlen( col ));
PKI_MEM_add( buf, "='", 2);
PKI_MEM_add( buf, val, strlen( val ));
PKI_MEM_add( buf, "' ", 2);
/*
fprintf(stderr, "DEBUG:::PKI_MEM_BUF => ");
for ( i=0; i< buf->size; i++ ) {
fprintf( stderr, "%c", buf->data[i]);
} fprintf( stderr, "\n");
*/
/*
strncat( buf, col, BUFF_MAX_SIZE - strlen(buf) );
strncat( buf, "='", BUFF_MAX_SIZE - strlen(buf) );
strncat( buf, val, BUFF_MAX_SIZE - strlen(buf) );
strncat( buf, "'", BUFF_MAX_SIZE - strlen(buf) );
*/
/* This triggers the adding of AND on the next iteration */
add_and = 1;
}
if( (ret = PKI_Malloc (buf->size+1)) == NULL ) {
PKI_MEM_free ( buf );
return( NULL );
}
memcpy( ret, buf->data, buf->size );
// fprintf( stderr, "DEBUG:::QUERY => %s\n\n", ret );
/*
strncpy( ret, buf, strlen( buf ));
*/
PKI_MEM_free ( buf );
return( ret );
}
