static int policy_cache_create (X509 * x, CERTIFICATEPOLICIES * policies, int crit)
{
int i;
int ret = 0;
X509_POLICY_CACHE *cache = x->policy_cache;
X509_POLICY_DATA *data = NULL;
POLICYINFO *policy;
if (sk_POLICYINFO_num (policies) == 0)
goto bad_policy;
cache->data = sk_X509_POLICY_DATA_new (policy_data_cmp);
if (!cache->data)
goto bad_policy;
for (i = 0; i < sk_POLICYINFO_num (policies); i++)
{
policy = sk_POLICYINFO_value (policies, i);
data = policy_data_new (policy, NULL, crit);
if (!data)
goto bad_policy;
/* Duplicate policy OIDs are illegal: reject if matches
* found.
*/
if (OBJ_obj2nid (data->valid_policy) == NID_any_policy)
{
if (cache->anyPolicy)
{
ret = -1;
goto bad_policy;
}
cache->anyPolicy = data;
}
else if (sk_X509_POLICY_DATA_find (cache->data, data) != -1)
{
ret = -1;
goto bad_policy;
}
else if (!sk_X509_POLICY_DATA_push (cache->data, data))
goto bad_policy;
data = NULL;
}
ret = 1;
bad_policy:
if (ret == -1)
x->ex_flags |= EXFLAG_INVALID_POLICY;
if (data)
policy_data_free (data);
sk_POLICYINFO_pop_free (policies, POLICYINFO_free);
if (ret <= 0)
{
sk_X509_POLICY_DATA_pop_free (cache->data, policy_data_free);
cache->data = NULL;
}
return ret;
}
static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *value)
{
STACK_OF(POLICYINFO) *pols = NULL;
char *pstr;
POLICYINFO *pol;
ASN1_OBJECT *pobj;
STACK_OF(CONF_VALUE) *vals;
CONF_VALUE *cnf;
int i, ia5org;
pols = sk_POLICYINFO_new_null();
vals = X509V3_parse_list(value);
ia5org = 0;
for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
cnf = sk_CONF_VALUE_value(vals, i);
if(cnf->value || !cnf->name ) {
X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
X509V3_conf_err(cnf);
goto err;
}
pstr = cnf->name;
if(!strcmp(pstr,"ia5org")) {
ia5org = 1;
continue;
} else if(*pstr == '@') {
STACK_OF(CONF_VALUE) *polsect;
polsect = X509V3_get_section(ctx, pstr + 1);
if(!polsect) {
X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
X509V3_conf_err(cnf);
goto err;
}
pol = policy_section(ctx, polsect, ia5org);
X509V3_section_free(ctx, polsect);
if(!pol) goto err;
} else {
if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
X509V3_conf_err(cnf);
goto err;
}
pol = POLICYINFO_new();
pol->policyid = pobj;
}
sk_POLICYINFO_push(pols, pol);
}
sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
return pols;
err:
sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
return NULL;
}
/**
* Returns current certificate policies
*
* @return certificate policies
*/
std::vector<std::string> digidoc::X509Cert::getCertificatePolicies() const throw(IOException)
{
CERTIFICATEPOLICIES *cp = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(cert, NID_certificate_policies, 0, 0);
if(!cp)
return std::vector<std::string>();
char buf[50];
std::vector<std::string> pol;
for(int i = 0; i < sk_POLICYINFO_num(cp); ++i)
{
memset(buf, 0, 50);
int len = OBJ_obj2txt(buf, 50, sk_POLICYINFO_value(cp, i)->policyid, 1);
if(len != NID_undef)
pol.push_back(std::string(buf, len));
}
sk_POLICYINFO_pop_free(cp, POLICYINFO_free);
return pol;
}
int digidoc::EstEIDSigner::type() const
{
int result = digidoc::Digest::toMethod( Conf::getInstance()->getSignatureUri() );
if( result == NID_sha1 )
return result;
char buf[50];
bool found = false;
CERTIFICATEPOLICIES *cp = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(getCert(), NID_certificate_policies, 0, 0);
for( int i = 0; i < sk_POLICYINFO_num(cp); ++i )
{
memset(buf, 0, 50);
int len = OBJ_obj2txt(buf, 50, sk_POLICYINFO_value(cp, i)->policyid, 1);
if(len != NID_undef &&
(strncmp(buf, "1.3.6.1.4.1.10015.1.2.", 22) == 0 ||
strncmp(buf, "1.3.6.1.4.1.10015.3.2.", 22) == 0))
found = true;
}
sk_POLICYINFO_pop_free(cp, POLICYINFO_free);
if(!found)
return X509Cert(getCert()).getPaddingSize() > 128 ? result : NID_sha224;
return result;
}
