PKI_STACK *PKI_STACK_new_type ( PKI_DATATYPE type ) {
const PKI_X509_CALLBACKS *cb = NULL;
if ((cb = PKI_X509_CALLBACKS_get(type, NULL)) == NULL)
{
return PKI_STACK_new( NULL );
}
return PKI_STACK_new(cb->free);
}
PKI_STACK * PKI_CONFIG_get_stack_value ( PKI_CONFIG *doc, char *search ) {
PKI_CONFIG_ELEMENT_STACK *sk = NULL;
PKI_STACK *ret = NULL;
PKI_CONFIG_ELEMENT *curr = NULL;
int size = -1;
char *val = NULL;
if (( sk = PKI_CONFIG_get_element_stack ( doc, search)) == NULL ) {
return NULL;
}
if((size = PKI_STACK_CONFIG_ELEMENT_elements ( sk )) <= 0 ) {
return NULL;
}
ret = PKI_STACK_new( NULL );
while ((curr = PKI_STACK_CONFIG_ELEMENT_pop ( sk )) != NULL ) {
if( curr && curr->type == XML_ELEMENT_NODE ) {
if((val = PKI_CONFIG_get_element_value ( curr )) != NULL ) {
PKI_STACK_push ( ret, strdup (val) );
}
}
}
PKI_STACK_free_all ( sk );
return ret;
/*
xmlXPathContext *xpathCtx = NULL;
xmlXPathObject *xpathObj = NULL;
xmlNodeSet *nodes = NULL;
PKI_STACK *sk = NULL;
char *val = NULL;
int size = 0;
int i = 0;
char *my_search = NULL;
if( !doc || !search ) return (NULL);
xpathCtx = xmlXPathNewContext(doc);
if(xpathCtx == NULL) {
PKI_log_debug("ERROR, unable to create new XPath context!\n");
return(NULL);
}
my_search = _xml_search_namespace_add ( search );
xmlXPathRegisterNs(xpathCtx, (xmlChar *) PKI_NAMESPACE_PREFIX,
(xmlChar *) PKI_NAMESPACE_HREF);
xpathObj = xmlXPathEvalExpression( (xmlChar *) my_search, xpathCtx);
PKI_Free ( my_search );
if( xpathObj == NULL ) {
xmlXPathFreeContext(xpathCtx);
return(NULL);
}
nodes = xpathObj->nodesetval;
if( nodes ) {
size = nodes->nodeNr;
}
sk = PKI_STACK_new(NULL);
for( i=0; i < size; i++ ) {
PKI_CONFIG_ELEMENT *curr = NULL;
curr = nodes->nodeTab[i];
val = (char *) xmlNodeListGetString(doc,
curr->xmlChildrenNode, 1);
PKI_STACK_push( sk, strdup( val ));
}
xmlXPathFreeObject(xpathObj);
xmlXPathFreeContext(xpathCtx);
return (sk);
*/
}
PKI_STACK * PKI_STACK_new_null( void ) {
return ( PKI_STACK_new( NULL ));
}
int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
PKI_CONFIG_STACK *ca_conf_sk) {
int i = 0;
PKI_STACK *ca_list = NULL;
PKI_log_debug("Building CA List");
if ( !ca_conf_sk ) {
PKI_log( PKI_LOG_ERR, "No stack of ca configs!");
return ( PKI_ERR );
}
if((ca_list = PKI_STACK_new((void (*))CA_LIST_ENTRY_free)) == NULL ) {
PKI_log_err ( "Memory Error");
return ( PKI_ERR );
}
for (i = 0; i < PKI_STACK_CONFIG_elements( ca_conf_sk ); i++)
{
char *tmp_s = NULL;
URL *tmp_url = NULL;
PKI_X509_CERT *tmp_cert = NULL;
CA_LIST_ENTRY *ca = NULL;
PKI_CONFIG *cnf = NULL;
/* Get the current Configureation file */
cnf = PKI_STACK_CONFIG_get_num( ca_conf_sk, i );
if (!cnf) continue;
/* Get the CA cert from the cfg file itself */
if((tmp_s = PKI_CONFIG_get_value( cnf, "/caConfig/caCertValue" )) == NULL )
{
/* Get the CA parsed url */
if((tmp_url = URL_new( PKI_CONFIG_get_value( cnf, "/caConfig/caCertUrl" ))) == NULL )
{
/* Error, can not parse url data */
PKI_log( PKI_LOG_ERR, "Can not parse CA cert url (%s)",
PKI_CONFIG_get_value(cnf, "/caConfig/caCertUrl"));
continue;
}
if((tmp_cert = PKI_X509_CERT_get_url(tmp_url, NULL, NULL ))== NULL)
{
PKI_log_err("Can not get CA cert from (%s)", tmp_url);
URL_free (tmp_url);
continue;
}
}
else
{
PKI_X509_CERT_STACK *cc_sk = NULL;
PKI_MEM *mm = NULL;
if((mm = PKI_MEM_new_null()) == NULL )
{
PKI_Free(tmp_s);
continue;
}
PKI_MEM_add ( mm, tmp_s, strlen(tmp_s));
if((cc_sk=PKI_X509_CERT_STACK_get_mem(mm, NULL)) == NULL )
{
PKI_log_err ( "Can not parse cert from /caConfig/caCertValue");
PKI_Free(tmp_s);
continue;
}
if ((tmp_cert = PKI_STACK_X509_CERT_pop( cc_sk )) == NULL )
{
PKI_log_err ( "No elements on stack from /caConfig/caCertValue");
PKI_STACK_X509_CERT_free_all(cc_sk);
PKI_Free(tmp_s);
continue;
}
PKI_STACK_X509_CERT_free ( cc_sk );
PKI_Free(tmp_s);
}
/* OCSPD create the CA entry */
if ((ca = CA_LIST_ENTRY_new()) == NULL )
{
PKI_log_err ( "CA List structure init error");
/* remember to do THIS!!!! */
if( tmp_url ) URL_free ( tmp_url );
if( tmp_cert ) PKI_X509_CERT_free ( tmp_cert );
continue;
}
ca->ca_cert = tmp_cert;
tmp_cert = NULL;
ca->ca_url = tmp_url;
tmp_url = NULL;
ca->ca_id = PKI_CONFIG_get_value( cnf, "/caConfig/name" );
ca->cid = CA_ENTRY_CERTID_new ( ca->ca_cert, handler->digest );
/* Get the CRL URL and the CRL itself */
if((tmp_s = PKI_CONFIG_get_value(cnf, "/caConfig/crlUrl")) == NULL)
{
PKI_STACK *cdp_sk = NULL;
/* Now let's get it from PRQP */
/* Now from the Certificate */
if((cdp_sk = PKI_X509_CERT_get_cdp (ca->ca_cert)) ==NULL)
{
// No source for the CRL Distribution Point
PKI_log_err ( "ERROR::Can not find the CDP for %s, skipping CA", ca->ca_id );
CA_LIST_ENTRY_free ( ca );
continue;
}
while ((tmp_s = PKI_STACK_pop ( cdp_sk )) != NULL)
{
if ((ca->crl_url = URL_new ( tmp_s )) == NULL )
{
PKI_log_err( "URL %s not in the right format!");
CA_LIST_ENTRY_free ( ca );
continue;
}
else if( tmp_s ) PKI_Free ( tmp_s );
break;
}
}
else
{
PKI_log_debug("Got CRL Url -> %s", tmp_s );
if((ca->crl_url = URL_new ( tmp_s )) == NULL )
{
PKI_log_err ("Error Parsing CRL URL [%s] for CA [%s]", ca->ca_id, tmp_s);
CA_LIST_ENTRY_free ( ca );
PKI_Free(tmp_s);
continue;
}
PKI_Free(tmp_s);
}
if(OCSPD_load_crl ( ca, handler ) == PKI_ERR )
{
PKI_log_err ( "Can not get CRL for %s", ca->ca_id);
CA_LIST_ENTRY_free ( ca );
continue;
}
/* If the Server has a Token to be used with this CA, let's
load it */
if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/serverToken" )) == NULL)
{
/* No token in config, let's see if a specific cert
is configured */
ca->token = NULL;
if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/serverCertUrl" )) == NULL )
{
/* No cert is configured, we will use the defaults */
ca->server_cert = NULL;
}
else
{
/* The Server's cert URL is found, let's load the certificate */
if ((tmp_cert = PKI_X509_CERT_get ( tmp_s, NULL, NULL )) == NULL )
{
PKI_log_err("Can not get server's cert from %s!", tmp_s );
CA_LIST_ENTRY_free ( ca );
PKI_Free(tmp_s);
continue;
}
else
{
ca->server_cert = tmp_cert;
}
PKI_Free(tmp_s);
}
}
else
{
/* A Token for this CA is found - we do not load
it to avoid problems with Thread Initialization */
ca->server_cert = NULL;
ca->token_name = tmp_s;
ca->token = PKI_TOKEN_new_null();
if ((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/pkiConfigDir" )) != NULL) {
ca->token_config_dir = strdup( tmp_s );
PKI_Free(tmp_s);
}
else
{
ca->token_config_dir = strdup(handler->token_config_dir);
}
}
if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/caCompromised" )) == NULL) {
ca->compromised = 0;
}
else
{
ca->compromised = atoi(tmp_s);
PKI_Free(tmp_s);
}
/* Responder Id Type */
if ((tmp_s = PKI_CONFIG_get_value(cnf, "/caConfig/responderIdType")) != NULL)
{
if (strncmp_nocase(tmp_s, "keyid", 5) == 0)
{
ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_KEYID;
}
else if (strncmp_nocase(tmp_s, "name", 4) == 0)
{
ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME;
}
else
{
PKI_log_err("Can not parse responderIdType: %s (allowed 'keyid' or 'name')", tmp_s);
exit(1);
}
PKI_Free(tmp_s);
}
else
{
// Default Value
ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME;
}
// Now let's add the CA_LIST_ENTRY to the list of configured CAs
PKI_STACK_push ( ca_list, ca );
}
handler->ca_list = ca_list;
return ( PKI_OK );
}
