/* char *value: Value */ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) { X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; if(ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } if(!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); return NULL; } /* Now get internal extension representation based on type */ if(method->v2i) { if(*value == '@') nval = CONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); if(!nval) { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); return NULL; } ext_struc = method->v2i(method, ctx, nval); if(*value != '@') sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); if(!ext_struc) return NULL; } else if(method->s2i) { if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; } else if(method->r2i) { if(!ctx->db) { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); return NULL; } if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } else { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); return NULL; } ext = do_ext_i2d(method, ext_nid, crit, ext_struc); method->ext_free(ext_struc); return ext; }
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; if(!(nval = CONF_get_section(conf, section))) return 0; for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) return 0; if(crl) X509_CRL_add_ext(crl, ext, -1); X509_EXTENSION_free(ext); } return 1; }
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req) { X509_EXTENSION *ext; STACK_OF(X509_EXTENSION) *extlist = NULL; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; if(!(nval = CONF_get_section(conf, section))) return 0; for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) return 0; if(!extlist) extlist = sk_X509_EXTENSION_new_null(); sk_X509_EXTENSION_push(extlist, ext); } if(req) i = X509_REQ_add_extensions(req, extlist); else i = 1; sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; }
CertificateRequestSPKAC* CertificateRequestFactory::fromSPKAC(std::string &path) throw (EncodeException, RandomException, NetscapeSPKIException) { STACK_OF(CONF_VALUE) *sk=NULL; LHASH_OF(CONF_VALUE) *parms=NULL; X509_REQ *req=NULL; CONF_VALUE *cv=NULL; NETSCAPE_SPKI *spki = NULL; X509_REQ_INFO *ri; char *type,*buf; EVP_PKEY *pktmp=NULL; X509_NAME *n=NULL; unsigned long chtype = MBSTRING_ASC; int i; long errline; int nid; CertificateRequestSPKAC* ret=NULL; /* * Load input file into a hash table. (This is just an easy * way to read and parse the file, then put it into a convenient * STACK format). */ parms=CONF_load(NULL,path.c_str(),&errline); if (parms == NULL) { throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } sk=CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } /* * Now create a dummy X509 request structure. We don't actually * have an X509 request, but we have many of the components * (a public key, various DN components). The idea is that we * put these components into the right X509 request structure * and we can use the same code as if you had a real X509 request. */ req=X509_REQ_new(); if (req == NULL) { if (parms != NULL) CONF_free(parms); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } /* * Build up the subject name set. */ ri=req->req_info; n = ri->subject; for (i = 0; ; i++) { if (sk_CONF_VALUE_num(sk) <= i) break; cv=sk_CONF_VALUE_value(sk,i); type=cv->name; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for (buf = cv->name; *buf ; buf++) if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { buf++; if (*buf) type = buf; break; } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) { if (strcmp(type, "SPKAC") == 0) { spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BASE64_DECODE, "CertificateRequestFactory::fromSPKAC"); } } continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *)buf, -1, -1, 0)) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } } if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } /* * Now extract the key from the SPKI structure. */ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); ret = new CertificateRequestSPKAC(req, spki); return ret; }