char * PKI_X509_CERT_get_parsed(const PKI_X509_CERT *x, PKI_X509_DATA type ) { char *ret = NULL; PKI_X509_KEYPAIR *k = NULL; const PKI_X509_KEYPAIR_VALUE *pkey = NULL; if( !x ) return (NULL); switch( type ) { case PKI_X509_DATA_SERIAL: ret = PKI_INTEGER_get_parsed((PKI_INTEGER *) PKI_X509_CERT_get_data(x, type)); break; case PKI_X509_DATA_SUBJECT: case PKI_X509_DATA_ISSUER: ret = PKI_X509_NAME_get_parsed((PKI_X509_NAME *) PKI_X509_CERT_get_data(x, type)); break; case PKI_X509_DATA_NOTBEFORE: case PKI_X509_DATA_NOTAFTER: ret = PKI_TIME_get_parsed((PKI_TIME *)PKI_X509_CERT_get_data(x, type)); break; case PKI_X509_DATA_ALGORITHM: ret = (char *) PKI_ALGOR_get_parsed((PKI_ALGOR *) PKI_X509_CERT_get_data(x,type)); break; case PKI_X509_DATA_PUBKEY: case PKI_X509_DATA_KEYPAIR_VALUE: if ((pkey = PKI_X509_CERT_get_data(x, type)) != NULL) { k = PKI_X509_new_dup_value(PKI_DATATYPE_X509_KEYPAIR, pkey, NULL); ret = PKI_X509_KEYPAIR_get_parsed( k ); PKI_X509_KEYPAIR_free(k); } break; case PKI_X509_DATA_KEYSIZE: PKI_ERROR(PKI_ERR_PARAM_TYPE, "Deprecated Cert Datatype"); break; case PKI_X509_DATA_CERT_TYPE: case PKI_X509_DATA_SIGNATURE: case PKI_X509_DATA_EXTENSIONS: default: /* Not Recognized/Supported DATATYPE */ return (NULL); } return (ret); }
int check_crl ( PKI_X509_CRL *x_crl, PKI_X509_CERT *x_cacert, OCSPD_CONFIG *conf ) { PKI_X509_KEYPAIR_VALUE *pkey = NULL; PKI_X509_KEYPAIR *k = NULL; int ret = -1; if (!conf) return (-1); PKI_RWLOCK_read_lock ( &conf->crl_lock ); if( !x_crl || !x_crl->value || !x_cacert || !x_cacert->value ) { if( conf->verbose ) { if(!x_crl || !x_crl->value) PKI_log_err ("CRL missing"); if(!x_cacert || !x_cacert->value) PKI_log_err("CA cert missing"); } PKI_RWLOCK_release_read ( &conf->crl_lock ); return(-1); } /* Gets the Public Key of the CA Certificate */ if((pkey = PKI_X509_CERT_get_data( x_cacert, PKI_X509_DATA_PUBKEY )) == NULL ) { PKI_log_err( "Can not parse PubKey from CA Cert"); PKI_RWLOCK_release_read ( &conf->crl_lock ); return(-3); } if ((k = PKI_X509_new_value(PKI_DATATYPE_X509_KEYPAIR, pkey, NULL)) == NULL ) { PKI_log_err ("Memory Error!"); PKI_RWLOCK_release_read ( &conf->crl_lock ); return(-3); } if ( PKI_X509_verify ( x_crl, k ) == PKI_OK ) { PKI_log_debug("CRL signature is verified!"); ret = PKI_OK; } else { ret = PKI_ERR; } k->value = NULL; PKI_X509_KEYPAIR_free ( k ); PKI_RWLOCK_release_read ( &conf->crl_lock ); if ( ret > 0 ) { PKI_log(PKI_LOG_INFO, "CRL matching CA cert ok [ %d ]", ret); } return ret; }
int PKI_X509_CERT_is_selfsigned(const PKI_X509_CERT *x ) { PKI_X509_KEYPAIR *kp = NULL; const PKI_X509_KEYPAIR *kval = NULL; int ret = -1; if (!x) return PKI_ERR; kval = PKI_X509_CERT_get_data ( x, PKI_X509_DATA_PUBKEY ); if ( !kval ) return PKI_ERR; kp = PKI_X509_new_dup_value(PKI_DATATYPE_X509_KEYPAIR, kval, NULL); if ( !kp ) return PKI_ERR; ret = PKI_X509_verify ( x, kp ); PKI_X509_KEYPAIR_free ( kp ); return ret; }