char * PKI_X509_CERT_get_parsed(const PKI_X509_CERT *x,
PKI_X509_DATA type ) {
char *ret = NULL;
PKI_X509_KEYPAIR *k = NULL;
const PKI_X509_KEYPAIR_VALUE *pkey = NULL;
if( !x ) return (NULL);
switch( type ) {
case PKI_X509_DATA_SERIAL:
ret = PKI_INTEGER_get_parsed((PKI_INTEGER *)
PKI_X509_CERT_get_data(x, type));
break;
case PKI_X509_DATA_SUBJECT:
case PKI_X509_DATA_ISSUER:
ret = PKI_X509_NAME_get_parsed((PKI_X509_NAME *)
PKI_X509_CERT_get_data(x, type));
break;
case PKI_X509_DATA_NOTBEFORE:
case PKI_X509_DATA_NOTAFTER:
ret = PKI_TIME_get_parsed((PKI_TIME *)PKI_X509_CERT_get_data(x, type));
break;
case PKI_X509_DATA_ALGORITHM:
ret = (char *) PKI_ALGOR_get_parsed((PKI_ALGOR *)
PKI_X509_CERT_get_data(x,type));
break;
case PKI_X509_DATA_PUBKEY:
case PKI_X509_DATA_KEYPAIR_VALUE:
if ((pkey = PKI_X509_CERT_get_data(x, type)) != NULL) {
k = PKI_X509_new_dup_value(PKI_DATATYPE_X509_KEYPAIR, pkey, NULL);
ret = PKI_X509_KEYPAIR_get_parsed( k );
PKI_X509_KEYPAIR_free(k);
}
break;
case PKI_X509_DATA_KEYSIZE:
PKI_ERROR(PKI_ERR_PARAM_TYPE, "Deprecated Cert Datatype");
break;
case PKI_X509_DATA_CERT_TYPE:
case PKI_X509_DATA_SIGNATURE:
case PKI_X509_DATA_EXTENSIONS:
default:
/* Not Recognized/Supported DATATYPE */
return (NULL);
}
return (ret);
}
int check_crl ( PKI_X509_CRL *x_crl, PKI_X509_CERT *x_cacert,
OCSPD_CONFIG *conf ) {
PKI_X509_KEYPAIR_VALUE *pkey = NULL;
PKI_X509_KEYPAIR *k = NULL;
int ret = -1;
if (!conf) return (-1);
PKI_RWLOCK_read_lock ( &conf->crl_lock );
if( !x_crl || !x_crl->value || !x_cacert || !x_cacert->value ) {
if( conf->verbose ) {
if(!x_crl || !x_crl->value)
PKI_log_err ("CRL missing");
if(!x_cacert || !x_cacert->value)
PKI_log_err("CA cert missing");
}
PKI_RWLOCK_release_read ( &conf->crl_lock );
return(-1);
}
/* Gets the Public Key of the CA Certificate */
if((pkey = PKI_X509_CERT_get_data( x_cacert,
PKI_X509_DATA_PUBKEY )) == NULL ) {
PKI_log_err( "Can not parse PubKey from CA Cert");
PKI_RWLOCK_release_read ( &conf->crl_lock );
return(-3);
}
if ((k = PKI_X509_new_value(PKI_DATATYPE_X509_KEYPAIR, pkey, NULL))
== NULL ) {
PKI_log_err ("Memory Error!");
PKI_RWLOCK_release_read ( &conf->crl_lock );
return(-3);
}
if ( PKI_X509_verify ( x_crl, k ) == PKI_OK ) {
PKI_log_debug("CRL signature is verified!");
ret = PKI_OK;
} else {
ret = PKI_ERR;
}
k->value = NULL;
PKI_X509_KEYPAIR_free ( k );
PKI_RWLOCK_release_read ( &conf->crl_lock );
if ( ret > 0 ) {
PKI_log(PKI_LOG_INFO, "CRL matching CA cert ok [ %d ]",
ret);
}
return ret;
}
int PKI_X509_CERT_is_selfsigned(const PKI_X509_CERT *x ) {
PKI_X509_KEYPAIR *kp = NULL;
const PKI_X509_KEYPAIR *kval = NULL;
int ret = -1;
if (!x) return PKI_ERR;
kval = PKI_X509_CERT_get_data ( x, PKI_X509_DATA_PUBKEY );
if ( !kval ) return PKI_ERR;
kp = PKI_X509_new_dup_value(PKI_DATATYPE_X509_KEYPAIR, kval, NULL);
if ( !kp ) return PKI_ERR;
ret = PKI_X509_verify ( x, kp );
PKI_X509_KEYPAIR_free ( kp );
return ret;
}
