PKI_STACK *PKI_STACK_new_type ( PKI_DATATYPE type ) { const PKI_X509_CALLBACKS *cb = NULL; if ((cb = PKI_X509_CALLBACKS_get(type, NULL)) == NULL) { return PKI_STACK_new( NULL ); } return PKI_STACK_new(cb->free); }
PKI_STACK * PKI_CONFIG_get_stack_value ( PKI_CONFIG *doc, char *search ) { PKI_CONFIG_ELEMENT_STACK *sk = NULL; PKI_STACK *ret = NULL; PKI_CONFIG_ELEMENT *curr = NULL; int size = -1; char *val = NULL; if (( sk = PKI_CONFIG_get_element_stack ( doc, search)) == NULL ) { return NULL; } if((size = PKI_STACK_CONFIG_ELEMENT_elements ( sk )) <= 0 ) { return NULL; } ret = PKI_STACK_new( NULL ); while ((curr = PKI_STACK_CONFIG_ELEMENT_pop ( sk )) != NULL ) { if( curr && curr->type == XML_ELEMENT_NODE ) { if((val = PKI_CONFIG_get_element_value ( curr )) != NULL ) { PKI_STACK_push ( ret, strdup (val) ); } } } PKI_STACK_free_all ( sk ); return ret; /* xmlXPathContext *xpathCtx = NULL; xmlXPathObject *xpathObj = NULL; xmlNodeSet *nodes = NULL; PKI_STACK *sk = NULL; char *val = NULL; int size = 0; int i = 0; char *my_search = NULL; if( !doc || !search ) return (NULL); xpathCtx = xmlXPathNewContext(doc); if(xpathCtx == NULL) { PKI_log_debug("ERROR, unable to create new XPath context!\n"); return(NULL); } my_search = _xml_search_namespace_add ( search ); xmlXPathRegisterNs(xpathCtx, (xmlChar *) PKI_NAMESPACE_PREFIX, (xmlChar *) PKI_NAMESPACE_HREF); xpathObj = xmlXPathEvalExpression( (xmlChar *) my_search, xpathCtx); PKI_Free ( my_search ); if( xpathObj == NULL ) { xmlXPathFreeContext(xpathCtx); return(NULL); } nodes = xpathObj->nodesetval; if( nodes ) { size = nodes->nodeNr; } sk = PKI_STACK_new(NULL); for( i=0; i < size; i++ ) { PKI_CONFIG_ELEMENT *curr = NULL; curr = nodes->nodeTab[i]; val = (char *) xmlNodeListGetString(doc, curr->xmlChildrenNode, 1); PKI_STACK_push( sk, strdup( val )); } xmlXPathFreeObject(xpathObj); xmlXPathFreeContext(xpathCtx); return (sk); */ }
PKI_STACK * PKI_STACK_new_null( void ) { return ( PKI_STACK_new( NULL )); }
int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, PKI_CONFIG_STACK *ca_conf_sk) { int i = 0; PKI_STACK *ca_list = NULL; PKI_log_debug("Building CA List"); if ( !ca_conf_sk ) { PKI_log( PKI_LOG_ERR, "No stack of ca configs!"); return ( PKI_ERR ); } if((ca_list = PKI_STACK_new((void (*))CA_LIST_ENTRY_free)) == NULL ) { PKI_log_err ( "Memory Error"); return ( PKI_ERR ); } for (i = 0; i < PKI_STACK_CONFIG_elements( ca_conf_sk ); i++) { char *tmp_s = NULL; URL *tmp_url = NULL; PKI_X509_CERT *tmp_cert = NULL; CA_LIST_ENTRY *ca = NULL; PKI_CONFIG *cnf = NULL; /* Get the current Configureation file */ cnf = PKI_STACK_CONFIG_get_num( ca_conf_sk, i ); if (!cnf) continue; /* Get the CA cert from the cfg file itself */ if((tmp_s = PKI_CONFIG_get_value( cnf, "/caConfig/caCertValue" )) == NULL ) { /* Get the CA parsed url */ if((tmp_url = URL_new( PKI_CONFIG_get_value( cnf, "/caConfig/caCertUrl" ))) == NULL ) { /* Error, can not parse url data */ PKI_log( PKI_LOG_ERR, "Can not parse CA cert url (%s)", PKI_CONFIG_get_value(cnf, "/caConfig/caCertUrl")); continue; } if((tmp_cert = PKI_X509_CERT_get_url(tmp_url, NULL, NULL ))== NULL) { PKI_log_err("Can not get CA cert from (%s)", tmp_url); URL_free (tmp_url); continue; } } else { PKI_X509_CERT_STACK *cc_sk = NULL; PKI_MEM *mm = NULL; if((mm = PKI_MEM_new_null()) == NULL ) { PKI_Free(tmp_s); continue; } PKI_MEM_add ( mm, tmp_s, strlen(tmp_s)); if((cc_sk=PKI_X509_CERT_STACK_get_mem(mm, NULL)) == NULL ) { PKI_log_err ( "Can not parse cert from /caConfig/caCertValue"); PKI_Free(tmp_s); continue; } if ((tmp_cert = PKI_STACK_X509_CERT_pop( cc_sk )) == NULL ) { PKI_log_err ( "No elements on stack from /caConfig/caCertValue"); PKI_STACK_X509_CERT_free_all(cc_sk); PKI_Free(tmp_s); continue; } PKI_STACK_X509_CERT_free ( cc_sk ); PKI_Free(tmp_s); } /* OCSPD create the CA entry */ if ((ca = CA_LIST_ENTRY_new()) == NULL ) { PKI_log_err ( "CA List structure init error"); /* remember to do THIS!!!! */ if( tmp_url ) URL_free ( tmp_url ); if( tmp_cert ) PKI_X509_CERT_free ( tmp_cert ); continue; } ca->ca_cert = tmp_cert; tmp_cert = NULL; ca->ca_url = tmp_url; tmp_url = NULL; ca->ca_id = PKI_CONFIG_get_value( cnf, "/caConfig/name" ); ca->cid = CA_ENTRY_CERTID_new ( ca->ca_cert, handler->digest ); /* Get the CRL URL and the CRL itself */ if((tmp_s = PKI_CONFIG_get_value(cnf, "/caConfig/crlUrl")) == NULL) { PKI_STACK *cdp_sk = NULL; /* Now let's get it from PRQP */ /* Now from the Certificate */ if((cdp_sk = PKI_X509_CERT_get_cdp (ca->ca_cert)) ==NULL) { // No source for the CRL Distribution Point PKI_log_err ( "ERROR::Can not find the CDP for %s, skipping CA", ca->ca_id ); CA_LIST_ENTRY_free ( ca ); continue; } while ((tmp_s = PKI_STACK_pop ( cdp_sk )) != NULL) { if ((ca->crl_url = URL_new ( tmp_s )) == NULL ) { PKI_log_err( "URL %s not in the right format!"); CA_LIST_ENTRY_free ( ca ); continue; } else if( tmp_s ) PKI_Free ( tmp_s ); break; } } else { PKI_log_debug("Got CRL Url -> %s", tmp_s ); if((ca->crl_url = URL_new ( tmp_s )) == NULL ) { PKI_log_err ("Error Parsing CRL URL [%s] for CA [%s]", ca->ca_id, tmp_s); CA_LIST_ENTRY_free ( ca ); PKI_Free(tmp_s); continue; } PKI_Free(tmp_s); } if(OCSPD_load_crl ( ca, handler ) == PKI_ERR ) { PKI_log_err ( "Can not get CRL for %s", ca->ca_id); CA_LIST_ENTRY_free ( ca ); continue; } /* If the Server has a Token to be used with this CA, let's load it */ if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/serverToken" )) == NULL) { /* No token in config, let's see if a specific cert is configured */ ca->token = NULL; if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/serverCertUrl" )) == NULL ) { /* No cert is configured, we will use the defaults */ ca->server_cert = NULL; } else { /* The Server's cert URL is found, let's load the certificate */ if ((tmp_cert = PKI_X509_CERT_get ( tmp_s, NULL, NULL )) == NULL ) { PKI_log_err("Can not get server's cert from %s!", tmp_s ); CA_LIST_ENTRY_free ( ca ); PKI_Free(tmp_s); continue; } else { ca->server_cert = tmp_cert; } PKI_Free(tmp_s); } } else { /* A Token for this CA is found - we do not load it to avoid problems with Thread Initialization */ ca->server_cert = NULL; ca->token_name = tmp_s; ca->token = PKI_TOKEN_new_null(); if ((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/pkiConfigDir" )) != NULL) { ca->token_config_dir = strdup( tmp_s ); PKI_Free(tmp_s); } else { ca->token_config_dir = strdup(handler->token_config_dir); } } if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/caCompromised" )) == NULL) { ca->compromised = 0; } else { ca->compromised = atoi(tmp_s); PKI_Free(tmp_s); } /* Responder Id Type */ if ((tmp_s = PKI_CONFIG_get_value(cnf, "/caConfig/responderIdType")) != NULL) { if (strncmp_nocase(tmp_s, "keyid", 5) == 0) { ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_KEYID; } else if (strncmp_nocase(tmp_s, "name", 4) == 0) { ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME; } else { PKI_log_err("Can not parse responderIdType: %s (allowed 'keyid' or 'name')", tmp_s); exit(1); } PKI_Free(tmp_s); } else { // Default Value ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME; } // Now let's add the CA_LIST_ENTRY to the list of configured CAs PKI_STACK_push ( ca_list, ca ); } handler->ca_list = ca_list; return ( PKI_OK ); }