PKI_DIGEST *PKI_X509_KEYPAIR_VALUE_pub_digest ( PKI_X509_KEYPAIR_VALUE *pkey,
PKI_DIGEST_ALG *md ) {
X509_PUBKEY *xpk = NULL;
ASN1_BIT_STRING *key = NULL;
PKI_DIGEST * ret = NULL;
if (!pkey) return NULL;
if( !md ) md = PKI_DIGEST_ALG_DEFAULT;
if(!X509_PUBKEY_set(&xpk, pkey )) {
PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::Error building X509 "
"PUBKEY data");
return NULL;
}
if((key = xpk->public_key ) == NULL ) {
PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::No pubkey found!");
return ( NULL );
}
if( key->length < 1 ) {
PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::Pubkey len is 0!");
return ( NULL );
}
if(( ret = PKI_DIGEST_new( md, key->data,
(size_t) key->length )) == NULL ) {
PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::%s",
ERR_error_string( ERR_get_error(), NULL ));
return ( NULL );
}
return ( ret );
}
char * PKI_get_ca_service( PKI_X509_CERT *caCert, char *srv, char *url_s ) {
PKI_STACK *services = NULL;
PKI_STACK *ret_sk = NULL;
char *ret_s = NULL;
if( !srv || !caCert ) return ( NULL );
if((services = PKI_STACK_new_null()) == NULL ) {
PKI_log_debug("Stack creation error in %s:%d",
__FILE__, __LINE__ );
return ( NULL );
}
PKI_log_debug ("Getting Address for %s", srv );
PKI_STACK_push( services, strdup(srv) );
ret_sk = PKI_get_ca_resources( caCert, NULL, NULL, services, url_s );
PKI_STACK_free_all( services );
if( !ret_sk ) {
PKI_log_debug("No address returned for %s", srv );
return ( NULL );
} else {
ret_s = PKI_STACK_pop( ret_sk );
PKI_STACK_free_all( ret_sk );
}
PKI_log_debug ( "Returned address %s", ret_s );
return ( ret_s );
}
PKI_STACK * PKI_get_ca_resources(PKI_X509_CERT *caCert,
PKI_X509_CERT *caIssuerCert, PKI_X509_CERT *issuedCert,
PKI_STACK *sk_services, char *url_s ) {
PKI_X509_PRQP_REQ *p = NULL;
PKI_X509_PRQP_RESP *r = NULL;
PKI_STACK *addr_sk = NULL;
p = PKI_X509_PRQP_REQ_new_certs_res ( caCert, caIssuerCert,
issuedCert, sk_services );
if( !p ) {
PKI_log_debug ("PKI_get_ca_resources()::Can not generate PRQP REQ");
return NULL;
}
if((r = PKI_DISCOVER_get_resp ( p, url_s )) == NULL ) {
PKI_log_debug("PKI_get_ca_resources()::No response retrieved!");
PKI_X509_PRQP_REQ_free ( p );
return NULL;
}
// PKI_PRQP_RESP_print( r->value );
if((addr_sk = PKI_X509_PRQP_RESP_url_sk ( r )) == NULL ) {
PKI_log_debug ("PKI_get_ca_responses()::No list of address is returned!");
}
if ( p ) PKI_X509_PRQP_REQ_free ( p );
if ( r ) PKI_X509_PRQP_RESP_free ( r );
return addr_sk;
}
PKI_MEM *PKI_MSG_RESP_put_mem ( PKI_MSG_RESP *msg, PKI_DATA_FORMAT format,
PKI_MEM **pki_mem, PKI_CRED *cred, HSM *hsm ) {
if( !msg ) return ( NULL );
if( !msg->msg_data ) {
int proto = 0;
proto = PKI_MSG_RESP_get_proto ( msg );
if (PKI_MSG_RESP_encode ( msg, proto ) == NULL ) {
return ( NULL );
}
}
PKI_log_debug("PKI_MSG_RESP_put_mem()::Start");
switch ( msg->proto ) {
case PKI_MSG_PROTO_SCEP:
return PKI_X509_PKCS7_put_mem (
(PKI_X509_PKCS7 *) msg->msg_data,
format, NULL, cred, hsm );
break;
case PKI_MSG_PROTO_CMC:
case PKI_MSG_PROTO_XKMS:
default:
PKI_log_debug("MSG protocol not supported!");
}
return ( NULL );
}
PKI_MEM *PKI_X509_KEYPAIR_get_p8 ( PKI_X509_KEYPAIR *k ) {
BIO *mem = NULL;
PKI_MEM *ret = NULL;
PKI_X509_KEYPAIR_VALUE *pkey = NULL;
if ( !k || !k->value ) return NULL;
pkey = k->value;
if((mem = BIO_new(BIO_s_mem())) == NULL ) {
return NULL;
}
if(i2d_PKCS8PrivateKeyInfo_bio(mem, (EVP_PKEY *) pkey) > 0 ) {
if( BIO_flush ( mem ) <= 0 ) {
PKI_log_debug("ERROR flushing mem");
}
ret = PKI_MEM_new_bio ( mem, NULL );
}
BIO_free ( mem );
return ( ret );
}
PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new( PKI_KEYPARAMS *params,
char *label, PKI_CRED *cred, HSM *hsm ) {
PKI_X509_KEYPAIR *ret = NULL;
URL *url = NULL;
if( hsm && !url && (hsm->type == HSM_TYPE_PKCS11) ) {
PKI_log_debug("PKI_X509_KEYPAIR_new()::Label is required when "
"using HSM!");
return ( NULL );
}
if ( label ) {
if(( url = URL_new(label)) == NULL ) {
PKI_ERROR(PKI_ERR_URI_PARSE, label);
return ( NULL );
}
};
ret = HSM_X509_KEYPAIR_new_url ( params, url, cred, hsm );
if( url ) URL_free( url );
return ( ret );
}
PKI_MEM_STACK *URL_get_data_mysql ( const char *url_s, ssize_t size )
{
PKI_MEM_STACK *ret = NULL;
URL *url = NULL;
if( !url_s )
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return (NULL);
}
if ((url = URL_new(url_s)) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
if (url->proto != URI_PROTO_MYSQL)
{
PKI_log_debug("Wrong protocol for MySQL queries (%d)", URI_PROTO_MYSQL);
URL_free(url);
return NULL;
}
// Get the results
ret = URL_get_data_mysql_url( url, size );
// Free the URL
URL_free(url);
// Return the results
return ret;
}
char * PKI_CONFIG_find_all(char *dir, char *name, char *subdir)
{
PKI_STACK *dir_list = NULL;
char * dir_name = NULL;
char * ret = NULL;
int i = 0;
// Checks the input
if (!dir || !name )
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Get the list of entries for the directory
if ((dir_list = PKI_CONFIG_get_search_paths(dir)) == NULL) return NULL;
// Some debugging
PKI_log_debug( "GOT SEARCH PATHS => %d", PKI_STACK_elements( dir_list ));
// Go throught the different elements of the directory and search them
for ( i=0; i < PKI_STACK_elements( dir_list ); i++ )
{
char buff[BUFF_MAX_SIZE];
dir_name = PKI_STACK_get_num(dir_list, i);
if (subdir != NULL) snprintf(buff, sizeof(buff), "%s/%s", dir_name, subdir);
else snprintf(buff, sizeof(buff), "%s", dir_name );
// Debugging
PKI_log_debug("SEARCHING FOR %s in dir %s", name, buff );
if ((ret = PKI_CONFIG_find(buff, name)) != NULL)
{
PKI_log_debug("FOUND => %s [%s]", name, buff );
break;
}
}
// Free all the contents
if (dir_list) PKI_STACK_free_all(dir_list);
// Let's return the results
return ret;
}
int PKI_X509_PKCS7_encode ( PKI_X509_PKCS7 *p7, unsigned char *data,
size_t size ) {
int type = NID_pkcs7_signed;
PKCS7_SIGNER_INFO *signerInfo = NULL;
BIO *bio = NULL;
if( !p7 || !p7->value ) return ( PKI_ERR );
type = PKI_X509_PKCS7_get_type ( p7 );
if (( type == PKI_X509_PKCS7_TYPE_ENCRYPTED )
|| (type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED)) {
if ( PKI_X509_PKCS7_has_recipients ( p7 ) == PKI_ERR ) {
PKI_log_debug ( "PKI_X509_PKCS7_encode()::Missing "
"Recipients!");
return PKI_ERR;
}
}
if ( (type == PKI_X509_PKCS7_TYPE_SIGNED) ||
(type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED )) {
if(( signerInfo = PKI_X509_PKCS7_get_signer_info( p7,
-1 )) == NULL ) {
return ( PKI_ERR );
}
PKCS7_add_signed_attribute ( signerInfo, NID_pkcs9_contentType,
V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
}
if((bio = PKCS7_dataInit(p7->value, NULL)) == NULL ) {
PKI_log_err("PKI_X509_PKCS7_sign()::Error dataInit [%s]",
ERR_error_string(ERR_get_error(),NULL));
return ( PKI_ERR );
}
if( BIO_write( bio, data, (int) size ) <= 0 ) {
PKI_log_err("PKI_X509_PKCS7_sign()::Error dataSign [%s]",
ERR_error_string(ERR_get_error(),NULL));
return ( PKI_ERR );
}
(void)BIO_flush(bio);
if(!PKCS7_dataFinal( p7->value, bio )) {
PKI_log_err("PKI_X509_PKCS7_sign()::Error End dataSign [%s]",
ERR_error_string(ERR_get_error(),NULL));
return ( PKI_ERR );
};
if( bio ) BIO_free_all ( bio );
return ( PKI_OK );
}
PKI_MEM *PKI_X509_PKCS7_decode ( PKI_X509_PKCS7 *p7, PKI_X509_KEYPAIR *k,
PKI_X509_CERT *x ) {
BIO *bio = NULL;
PKI_MEM *mem = NULL;
PKI_ID type = 0;
PKI_X509_CERT_VALUE *x_val = NULL;
PKI_X509_KEYPAIR_VALUE *pkey = NULL;
if ( !p7 || !p7->value || !k || !k->value ) {
PKI_log_debug("PKI_X509_PKCS7_decode()::Missing p7 or pkey!");
return ( NULL );
};
pkey = k->value;
type = PKI_X509_PKCS7_get_type ( p7 );
switch ( type ) {
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
break;
default:
PKI_log_debug("PKI_X509_PKCS7_decode()::Wrong MSG type!");
return PKI_ERR;
}
if ( x ) x_val = x->value;
if((bio = PKCS7_dataDecode(p7->value, pkey, NULL, x_val)) == NULL) {
PKI_log_debug ( "PKI_X509_PKCS7_decode()::Decrypt error [%s]",
ERR_error_string(ERR_get_error(), NULL ));
return ( NULL );
}
if((mem = PKI_MEM_new_bio( (PKI_IO *) bio, NULL )) == NULL ) {
PKI_log_debug("PKI_X509_PKCS7_decode()::Memory Error!");
if( bio ) BIO_free_all ( bio );
return ( NULL );
}
if (bio ) BIO_free_all ( bio );
return ( mem );
}
PKI_OID * PKI_CONFIG_OID_search ( PKI_CONFIG *doc, char *searchName ) {
PKI_OID *oid = NULL;
PKI_CONFIG_ELEMENT *curr = NULL;
PKI_CONFIG_ELEMENT_STACK *sk = NULL;
xmlChar oidSearchBuff[BUFF_MAX_SIZE];
int size = 0;
int i = 0;
if( !doc || !searchName ) return (NULL);
if((oid = PKI_OID_get( searchName )) != NULL ) {
return ( oid );
}
snprintf( (char *) oidSearchBuff, BUFF_MAX_SIZE,
"/objectIdentifiers/oid[@name=\"%s\"]", searchName );
if (( sk = PKI_CONFIG_get_element_stack ( doc,
(char *)oidSearchBuff )) == NULL ) {
return NULL;
}
size = PKI_STACK_CONFIG_ELEMENT_elements ( sk );
for( i = 0; i < size; i++ ) {
curr = PKI_STACK_CONFIG_ELEMENT_get_num ( sk, i );
if( curr && curr->type == XML_ELEMENT_NODE ) {
xmlChar *name = NULL;
xmlChar *descr = NULL;
xmlChar *val = NULL;
name = xmlGetProp( curr, (xmlChar *) "name" );
descr = xmlGetProp( curr, (xmlChar *) "description" );
val = xmlNodeListGetString(doc,
curr->xmlChildrenNode, 1);
oid = PKI_OID_new ( (char *) val, (char *) name,
(char *) descr);
if( descr ) xmlFree ( descr );
if( name ) xmlFree ( name );
if( val ) xmlFree ( val );
if( oid != NULL ) {
PKI_log_debug("Failed Creating OID (%s, %s, %s)",
name, descr, val );
continue;
}
}
}
return (oid);
}
int check_crl ( PKI_X509_CRL *x_crl, PKI_X509_CERT *x_cacert,
OCSPD_CONFIG *conf ) {
PKI_X509_KEYPAIR_VALUE *pkey = NULL;
PKI_X509_KEYPAIR *k = NULL;
int ret = -1;
if (!conf) return (-1);
PKI_RWLOCK_read_lock ( &conf->crl_lock );
if( !x_crl || !x_crl->value || !x_cacert || !x_cacert->value ) {
if( conf->verbose ) {
if(!x_crl || !x_crl->value)
PKI_log_err ("CRL missing");
if(!x_cacert || !x_cacert->value)
PKI_log_err("CA cert missing");
}
PKI_RWLOCK_release_read ( &conf->crl_lock );
return(-1);
}
/* Gets the Public Key of the CA Certificate */
if((pkey = PKI_X509_CERT_get_data( x_cacert,
PKI_X509_DATA_PUBKEY )) == NULL ) {
PKI_log_err( "Can not parse PubKey from CA Cert");
PKI_RWLOCK_release_read ( &conf->crl_lock );
return(-3);
}
if ((k = PKI_X509_new_value(PKI_DATATYPE_X509_KEYPAIR, pkey, NULL))
== NULL ) {
PKI_log_err ("Memory Error!");
PKI_RWLOCK_release_read ( &conf->crl_lock );
return(-3);
}
if ( PKI_X509_verify ( x_crl, k ) == PKI_OK ) {
PKI_log_debug("CRL signature is verified!");
ret = PKI_OK;
} else {
ret = PKI_ERR;
}
k->value = NULL;
PKI_X509_KEYPAIR_free ( k );
PKI_RWLOCK_release_read ( &conf->crl_lock );
if ( ret > 0 ) {
PKI_log(PKI_LOG_INFO, "CRL matching CA cert ok [ %d ]",
ret);
}
return ret;
}
PKI_MEM *PKI_X509_PKCS7_get_data ( PKI_X509_PKCS7 *p7, PKI_X509_KEYPAIR *k,
PKI_X509_CERT *x ) {
PKI_ID type;
if( !p7 || !p7->value ) return ( NULL );
type = PKI_X509_PKCS7_get_type ( p7 );
switch ( type ) {
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
PKI_log_debug("PKI_X509_PKCS7_get_data()::P7 is encrypted!");
return PKI_X509_PKCS7_decode ( p7, k, x );
break;
default:
PKI_log_debug("PKI_X509_PKCS7_get_data()::P7 not encrypted");
return PKI_X509_PKCS7_get_raw_data ( p7 );
}
}
/*
BUF_MEM *http_get_data ( BIO *in, ssize_t max_size ) {
BUF_MEM *buf = NULL;
size_t fullsize = 0;
int newsize = 0;
if( !in )
return NULL;
buf = BUF_MEM_new();
for (;;) {
if ((buf == NULL) || (!BUF_MEM_grow(buf, (int) (fullsize+512)))) {
PKI_log( PKI_LOG_ERR, "Memory Allocation Err (%s:%d)",
__FILE__, __LINE__ );
return ( NULL );
}
newsize = BIO_read(in, &(buf->data[fullsize]), 512);
if (newsize == 0) break;
if (newsize < 0) {
BUF_MEM_free( buf );
return NULL;
}
fullsize += (size_t) newsize;
if( (max_size > 0) && (fullsize > max_size)) {
// fprintf( stderr,
// "ERROR::HTTP::Read::Max read size exceeded "
// " [ %d ]", max_size );
BUF_MEM_free( buf );
return NULL;
}
}
buf->data[fullsize] = '\x0';
return buf;
}
*/
PKI_X509_PRQP_RESP *PKI_X509_PRQP_RESP_get_http ( URL *url,
PKI_X509_PRQP_REQ *req, unsigned long max_size ) {
PKI_MEM *mem = NULL;
PKI_X509_PRQP_RESP *resp = NULL;
PKI_MEM_STACK *mem_sk = NULL;
if(( mem = PKI_X509_PRQP_REQ_put_mem ( req,
PKI_DATA_FORMAT_ASN1, NULL, NULL, NULL )) == NULL ) {
return NULL;
}
if ( URL_put_data_url ( url, mem, "application/prqp-request",
&mem_sk, 60, 0, NULL ) == PKI_ERR ) {
PKI_MEM_free ( mem );
return NULL;
}
PKI_MEM_free ( mem );
if ( PKI_STACK_MEM_elements ( mem_sk ) <= 0 ) {
PKI_log_debug ("No Responses received!");
}
if((mem = PKI_STACK_MEM_pop ( mem_sk )) == NULL ) {
PKI_log_debug ("STACK Memory Error");
PKI_STACK_MEM_free_all ( mem_sk );
return NULL;
}
if((resp = PKI_X509_PRQP_RESP_get_mem ( mem,
NULL, NULL )) == NULL ) {
PKI_log_debug ( "Can not read response from Memory.");
}
PKI_STACK_MEM_free_all ( mem_sk );
return resp;
}
int PKI_X509_PKCS7_add_signer ( PKI_X509_PKCS7 *p7, PKI_X509_CERT *signer,
PKI_X509_KEYPAIR *k, PKI_DIGEST_ALG *md ) {
PKCS7_SIGNER_INFO *signerInfo = NULL;
if ( !p7 || !signer || !k ) {
if ( !p7 ) PKI_log_debug ( "!p7");
if ( !signer ) PKI_log_debug ( "!signer");
if ( !k ) PKI_log_debug ( "!key");
return PKI_ERR;
}
if ( !p7->value || !signer->value || !k->value ) {
if ( !p7->value ) PKI_log_debug ( "!p7->value");
if ( !signer->value ) PKI_log_debug ( "!signer->value");
if ( !k->value ) PKI_log_debug ( "!key->value");
return PKI_ERR;
}
if( !md ) md = PKI_DIGEST_ALG_DEFAULT;
if((signerInfo = PKCS7_add_signature( p7->value,
signer->value, k->value, md)) == NULL) {
return ( PKI_ERR );
}
PKCS7_add_certificate ( p7->value, signer->value );
return ( PKI_OK );
}
PKI_STACK * PKI_X509_CERT_get_email (const PKI_X509_CERT *x ) {
PKI_STACK *sk = NULL;
PKI_X509_NAME_RDN **list = NULL;
const PKI_X509_NAME *name = NULL;
// PKI_X509_EXTENSION_STACK * ext_list = NULL;
PKI_X509_EXTENSION * ext = NULL;
if(!x || !x->value) return NULL;
if((sk = PKI_STACK_new_null()) == NULL)
return NULL;
name = PKI_X509_CERT_get_data(x, PKI_X509_DATA_SUBJECT);
// Maybe we find something in the DN...
if(name) {
int curr = 0;
PKI_X509_NAME_RDN *el = NULL;
list = PKI_X509_NAME_get_list(name, PKI_X509_NAME_TYPE_EMAIL);
for(curr = 0; el != NULL; curr++ ) {
el = list[curr];
PKI_STACK_push( sk, PKI_X509_NAME_RDN_value(el));
}
}
if((ext = PKI_X509_CERT_get_extension_by_name(x,
"subjectAltName")) != NULL) {
PKI_log_debug("Got subjectAltName: Code Still Missing!");
}
PKI_log_debug("Code still missing!");
return sk;
}
PKI_MEM_STACK *URL_get_data_pkcs11 ( char *url_s, ssize_t size ) {
URL *url = NULL;
if( !url_s ) return (NULL);
if(((url = URL_new( url_s )) == NULL) ||
url->proto != URI_PROTO_PKCS11 ) {
PKI_log_debug ("Not a PKCS11 URL");
return (NULL);
}
return ( URL_get_data_pkcs11_url( url, size ));
}
PKI_X509_PKCS7 *PKI_X509_PKCS7_new ( PKI_X509_PKCS7_TYPE type ) {
PKI_X509_PKCS7 *p7 = NULL;
PKI_X509_PKCS7_VALUE *value = NULL;
if((p7 = PKI_X509_new( PKI_DATATYPE_X509_PKCS7, NULL )) == NULL ) {
PKI_log_debug("PKI_X509_PKCS7_new()::Memory Error!");
return ( NULL );
}
if((value = p7->cb->create()) == NULL ) {
PKI_log_debug ("Memory Allocation Error.");
return NULL;
}
if(!PKCS7_set_type( value, type )) {
PKI_log_err( "PKI_X509_PKCS7_new()::Can not set PKCS7 type!");
return ( NULL );
}
p7->value = value;
switch ( type ) {
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
if(!PKI_X509_PKCS7_set_cipher( p7,
(EVP_CIPHER *) PKI_CIPHER_AES(256,cbc))) {
PKI_log_debug("PKI_X509_PKCS7_new()::Can not set "
"cipher!");
};
break;
case PKI_X509_PKCS7_TYPE_SIGNED:
PKCS7_content_new ( value, NID_pkcs7_data );
break;
default:
break;
}
return ( p7 );
}
/*! \brief Returns the type of DNS records identified by the passed char * arg */
int URL_get_dns_type(char *str) {
int ret = -1;
if (!str) return ret;
#ifdef HAVE_LIBRESOLV
if (strncmp_nocase(str, "AAAA", 4) == 0) {
ret = T_AAAA;
} else if (strncmp_nocase(str, "A", 1) == 0) {
ret = T_A;
} else if (strncmp_nocase(str, "NS", 2) == 0) {
ret = T_NS;
} else if (strncmp_nocase(str, "MX", 2) == 0) {
ret = T_MX;
} else if (strncmp_nocase(str, "CNAME", 5) == 0) {
ret = T_CNAME;
} else if (strncmp_nocase(str, "SRV", 3) == 0) {
ret = T_SRV;
} else if (strncmp_nocase(str, "TXT", 3) == 0) {
ret = T_TXT;
} else if (strncmp_nocase(str, "CERT", 4) == 0) {
ret = T_CERT;
} else if (strncmp_nocase(str, "ANY", 3) == 0) {
ret = T_ANY;
} else if (atoi(str) > 0) {
ret = atoi(str);
} else {
PKI_log_err("DNS URI: record type (%s) not supported.", str);
}
PKI_log_debug("DNS URI: record type (%s=%d) parsed", str, ret);
#else
PKI_log_debug("DNS URI: dns support disabled at compile time");
#endif
return ret;
}
int PKI_MSG_RESP_put ( PKI_MSG_RESP *msg, PKI_DATA_FORMAT format,
char *url, char *mime, PKI_CRED *cred, HSM *hsm ) {
PKI_MEM *mem = NULL;
if( !msg ) return ( PKI_ERR );
if( !msg->msg_data ) {
int proto;
proto = PKI_MSG_RESP_get_proto ( msg );
if (PKI_MSG_RESP_encode ( msg, proto ) == NULL ) {
return ( PKI_ERR );
}
}
PKI_log_debug("PKI_MSG_RESP_put()::Start");
switch ( msg->proto ) {
case PKI_MSG_PROTO_SCEP:
mem = PKI_X509_PKCS7_put_mem (
(PKI_X509_PKCS7 *) msg->msg_data, format,
NULL, cred, hsm );
break;
case PKI_MSG_PROTO_CMC:
case PKI_MSG_PROTO_XKMS:
default:
PKI_log_debug("MSG protocol not supported!");
}
if (!mem || !mem->data ) return ( PKI_ERR );
return URL_put_data( url, mem, "application/x-pki-message",
NULL, 120, 64*1024, NULL );
}
PKI_X509_PKCS7_TYPE PKI_X509_PKCS7_get_type ( PKI_X509_PKCS7 *p7 ) {
PKI_ID type = PKI_ID_UNKNOWN;
PKI_X509_PKCS7_VALUE *value = NULL;
if(!p7 || !p7->value ) {
PKI_log_debug ( "PKI_X509_PKCS7_get_type()::No Message!");
return PKI_X509_PKCS7_TYPE_UNKNOWN;
}
value = p7->value;
if(!value->type ) {
PKI_log_debug ( "PKI_X509_PKCS7_get_type()::No Message Type!");
return PKI_X509_PKCS7_TYPE_UNKNOWN;
}
type = PKI_OID_get_id( value->type );
switch ( type ) {
case NID_pkcs7_enveloped:
return PKI_X509_PKCS7_TYPE_ENCRYPTED;
break;
case NID_pkcs7_signed:
return PKI_X509_PKCS7_TYPE_SIGNED;
break;
case NID_pkcs7_signedAndEnveloped:
return PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED;
break;
case NID_pkcs7_data:
return PKI_X509_PKCS7_TYPE_DATA;
break;
default:
return PKI_X509_PKCS7_TYPE_UNKNOWN;
}
}
PKI_CONFIG_ELEMENT *PKI_CONFIG_add_node ( PKI_CONFIG *doc,
char *parent, char *name, char *value ) {
PKI_CONFIG_ELEMENT *p_node = NULL;
// PKI_log_debug("add_node()::parent=%s, name=%s, value=%s",
// parent, name, value );
if((p_node = PKI_CONFIG_get_element( doc, parent, -1 )) == NULL ) {
PKI_log_debug("ERROR::Can not find Parent node (%s)", parent );
return NULL;
}
return PKI_CONFIG_ELEMENT_add_child ( doc, p_node, name, value );
}
/*! \brief Returns the reverse cert pointer present in a cross cert pair */
PKI_X509_CERT * PKI_X509_XPAIR_get_reverse ( PKI_X509_XPAIR *xp ) {
PKI_XPAIR *xp_val = NULL;
PKI_X509_CERT *ret = NULL;
if( !xp || !xp->value ) return ( NULL );
xp_val = xp->value;
if( !xp_val->reverse ) return ( NULL );
if((ret = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_CERT,
xp_val->reverse, NULL )) != NULL ) {
PKI_log_debug( "Can not duplicate reverse cert!");
}
return ret;
}
int HSM_SLOT_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ) {
int ret = PKI_OK;
if( !hsm ) {
return ( ret );
}
if( hsm && hsm->callbacks && hsm->callbacks->select_slot ) {
ret = hsm->callbacks->select_slot ( num, cred, hsm );
} else {
PKI_log_debug("No slot select function for current HSM");
ret = PKI_OK;
}
return ( ret );
}
PKI_X509_ATTRIBUTE *PKI_X509_PKCS7_get_attribute(PKI_X509_PKCS7 *p7,
PKI_ID id ) {
PKCS7_SIGNER_INFO *signerInfo = NULL;
if( !p7 || !p7->value ) return ( NULL );
if((signerInfo = PKI_X509_PKCS7_get_signer_info ( p7, -1 )) == NULL ) {
PKI_log_debug ( "PKI_X509_PKCS7_add_signed_attribute()::Signer Info "
"not present in P7!");
return ( NULL );
}
if( signerInfo->unauth_attr == NULL ) {
return ( NULL );
}
return ( PKI_STACK_X509_ATTRIBUTE_get( signerInfo->auth_attr, id));
}
int PKI_X509_PKCS7_add_attribute ( PKI_X509_PKCS7 *p7, PKI_X509_ATTRIBUTE *a ) {
PKCS7_SIGNER_INFO *signerInfo = NULL;
if( !p7 || !p7->value || !a ) return ( PKI_ERR );
if((signerInfo = PKI_X509_PKCS7_get_signer_info ( p7, -1 )) == NULL ) {
PKI_log_debug ( "PKI_X509_PKCS7_add_signed_attribute()::Signer Info "
"not present in P7!");
return ( PKI_ERR );
}
if( signerInfo->unauth_attr == NULL ) {
signerInfo->unauth_attr = PKI_STACK_X509_ATTRIBUTE_new_null();
}
return ( PKI_STACK_X509_ATTRIBUTE_add( signerInfo->unauth_attr, a ));
}
PKI_X509_EXTENSION_STACK *PKI_X509_CERT_get_extensions(const PKI_X509_CERT *x) {
PKI_X509_EXTENSION_STACK *ret = NULL;
int i = 0;
int ext_count = 0;
if (!x) return NULL;
if ((ext_count = X509_get_ext_count (x->value)) <= 0 ) return NULL;
for ( i=0; i < ext_count; i++ ) {
LIBPKI_X509_EXTENSION *ext = NULL;
// PKI_X509_EXTENSION_VALUE *ext = NULL;
PKI_X509_EXTENSION *pki_ext = NULL;
if((ext = X509_get_ext ( x->value, i )) == NULL ) {
continue;
}
if((pki_ext = PKI_X509_EXTENSION_new()) == NULL ) {
PKI_log_err ( "Memory Allocation");
continue;
}
if( ext->object == NULL ) {
PKI_X509_EXTENSION_free ( pki_ext );
continue;
}
pki_ext->oid = PKI_OID_dup ( ext->object );
pki_ext->critical = ext->critical;
if((pki_ext->value = X509V3_EXT_d2i ( ext )) == NULL ) {
PKI_log_debug( "Extension %d -- not parsable", i);
PKI_X509_EXTENSION_free ( pki_ext );
continue;
}
}
return ret;
}
PKI_X509_EXTENSION_STACK *PKI_X509_EXTENSION_get_list ( void *x,
PKI_X509_DATA type ) {
PKI_X509_EXTENSION_STACK *ret = NULL;
int i = 0;
int ext_count = 0;
if (!x) return NULL;
if ((ext_count = X509_get_ext_count (x)) <= 0 ) return NULL;
if(( ret = PKI_STACK_X509_EXTENSION_new()) == NULL ) return NULL;
for ( i=0; i < ext_count; i++ ) {
PKI_X509_EXTENSION_VALUE *ext = NULL;
PKI_X509_EXTENSION *pki_ext = NULL;
if((ext = X509_get_ext ( x, i )) == NULL ) {
continue;
}
if((pki_ext = PKI_X509_EXTENSION_new()) == NULL ) {
PKI_log_err ( "Memory Allocation");
continue;
}
pki_ext->oid = ext->object;
pki_ext->critical = ext->critical;
if((pki_ext->value = X509V3_EXT_d2i ( ext )) == NULL ) {
PKI_log_debug( "Extension %d -- not parsable", i);
PKI_X509_EXTENSION_free ( pki_ext );
continue;
}
PKI_STACK_X509_EXTENSION_push ( ret, pki_ext );
}
return ret;
}
PKI_STACK * PKI_get_cert_service_sk( PKI_X509_CERT *cert,
char *srv, char *url_s ) {
PKI_STACK *services = NULL;
PKI_STACK *ret_sk = NULL;
if( !srv || !cert ) return ( NULL );
if((services = PKI_STACK_new_null()) == NULL ) {
PKI_log_debug("Stack creation error");
return ( NULL );
}
PKI_STACK_push( services, strdup( srv ));
ret_sk = PKI_get_ca_resources( NULL, NULL, cert, services, url_s );
PKI_STACK_free_all( services );
return ( ret_sk );
}
int PKI_X509_PKCS7_set_cipher ( PKI_X509_PKCS7 *p7, PKI_CIPHER *cipher ) {
int type;
if( !p7 || !p7->value || !cipher ) return ( PKI_ERR );
type = PKI_X509_PKCS7_get_type ( p7 );
switch ( type ) {
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
break;
default:
return PKI_ERR;
}
if(!PKCS7_set_cipher(p7->value, cipher)) {
PKI_log_debug("PKI_X509_PKCS7_set_cipher()::Error setting Cipher "
"[%s]", ERR_error_string(ERR_get_error(), NULL));
return ( PKI_ERR );
}
return PKI_OK;
}
