static int
check_extKeyUsage(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
{
ExtKeyUsage eku;
size_t size, i;
int ret;
check_Null(ctx, status, cf, e);
ret = decode_ExtKeyUsage(e->extnValue.data,
e->extnValue.length,
&eku, &size);
if (ret) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Decoding ExtKeyUsage failed: %d", ret);
return 1;
}
if (size != e->extnValue.length) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Padding data in EKU");
free_ExtKeyUsage(&eku);
return 1;
}
if (eku.len == 0) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"ExtKeyUsage length is 0");
return 1;
}
for (i = 0; i < eku.len; i++) {
char *str;
ret = der_print_heim_oid (&eku.val[i], '.', &str);
if (ret) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"\tEKU: failed to print oid %d", i);
free_ExtKeyUsage(&eku);
return 1;
}
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"\teku-%d: %s\n", i, str);;
free(str);
}
free_ExtKeyUsage(&eku);
return 0;
}
void
_hx509_request_free(hx509_request *req)
{
if ((*req)->name)
hx509_name_free(&(*req)->name);
free_SubjectPublicKeyInfo(&(*req)->key);
free_ExtKeyUsage(&(*req)->eku);
free_GeneralNames(&(*req)->san);
memset(*req, 0, sizeof(**req));
free(*req);
*req = NULL;
}
void
hx509_ca_tbs_free(hx509_ca_tbs *tbs)
{
if (tbs == NULL || *tbs == NULL)
return;
free_SubjectPublicKeyInfo(&(*tbs)->spki);
free_GeneralNames(&(*tbs)->san);
free_ExtKeyUsage(&(*tbs)->eku);
der_free_heim_integer(&(*tbs)->serial);
free_CRLDistributionPoints(&(*tbs)->crldp);
hx509_name_free(&(*tbs)->subject);
memset(*tbs, 0, sizeof(**tbs));
free(*tbs);
*tbs = NULL;
}
void
hx509_ca_tbs_free(hx509_ca_tbs *tbs)
{
if (tbs == NULL || *tbs == NULL)
return;
free_SubjectPublicKeyInfo(&(*tbs)->spki);
free_GeneralNames(&(*tbs)->san);
free_ExtKeyUsage(&(*tbs)->eku);
der_free_heim_integer(&(*tbs)->serial);
free_CRLDistributionPoints(&(*tbs)->crldp);
der_free_bit_string(&(*tbs)->subjectUniqueID);
der_free_bit_string(&(*tbs)->issuerUniqueID);
hx509_name_free(&(*tbs)->subject);
if ((*tbs)->sigalg) {
free_AlgorithmIdentifier((*tbs)->sigalg);
free((*tbs)->sigalg);
}
memset(*tbs, 0, sizeof(**tbs));
free(*tbs);
*tbs = NULL;
}
int
hx509_ca_tbs_set_template(hx509_context context,
hx509_ca_tbs tbs,
int flags,
hx509_cert cert)
{
int ret;
if (flags & HX509_CA_TEMPLATE_SUBJECT) {
if (tbs->subject)
hx509_name_free(&tbs->subject);
ret = hx509_cert_get_subject(cert, &tbs->subject);
if (ret) {
hx509_set_error_string(context, 0, ret,
"Failed to get subject from template");
return ret;
}
}
if (flags & HX509_CA_TEMPLATE_SERIAL) {
der_free_heim_integer(&tbs->serial);
ret = hx509_cert_get_serialnumber(cert, &tbs->serial);
tbs->flags.serial = !ret;
if (ret) {
hx509_set_error_string(context, 0, ret,
"Failed to copy serial number");
return ret;
}
}
if (flags & HX509_CA_TEMPLATE_NOTBEFORE)
tbs->notBefore = hx509_cert_get_notBefore(cert);
if (flags & HX509_CA_TEMPLATE_NOTAFTER)
tbs->notAfter = hx509_cert_get_notAfter(cert);
if (flags & HX509_CA_TEMPLATE_SPKI) {
free_SubjectPublicKeyInfo(&tbs->spki);
ret = hx509_cert_get_SPKI(context, cert, &tbs->spki);
tbs->flags.key = !ret;
if (ret)
return ret;
}
if (flags & HX509_CA_TEMPLATE_KU) {
KeyUsage ku;
ret = _hx509_cert_get_keyusage(context, cert, &ku);
if (ret)
return ret;
tbs->key_usage = KeyUsage2int(ku);
}
if (flags & HX509_CA_TEMPLATE_EKU) {
ExtKeyUsage eku;
int i;
ret = _hx509_cert_get_eku(context, cert, &eku);
if (ret)
return ret;
for (i = 0; i < eku.len; i++) {
ret = hx509_ca_tbs_add_eku(context, tbs, &eku.val[i]);
if (ret) {
free_ExtKeyUsage(&eku);
return ret;
}
}
free_ExtKeyUsage(&eku);
}
return 0;
}
