static int policy_cache_create (X509 * x, CERTIFICATEPOLICIES * policies, int crit) { int i; int ret = 0; X509_POLICY_CACHE *cache = x->policy_cache; X509_POLICY_DATA *data = NULL; POLICYINFO *policy; if (sk_POLICYINFO_num (policies) == 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new (policy_data_cmp); if (!cache->data) goto bad_policy; for (i = 0; i < sk_POLICYINFO_num (policies); i++) { policy = sk_POLICYINFO_value (policies, i); data = policy_data_new (policy, NULL, crit); if (!data) goto bad_policy; /* Duplicate policy OIDs are illegal: reject if matches * found. */ if (OBJ_obj2nid (data->valid_policy) == NID_any_policy) { if (cache->anyPolicy) { ret = -1; goto bad_policy; } cache->anyPolicy = data; } else if (sk_X509_POLICY_DATA_find (cache->data, data) != -1) { ret = -1; goto bad_policy; } else if (!sk_X509_POLICY_DATA_push (cache->data, data)) goto bad_policy; data = NULL; } ret = 1; bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; if (data) policy_data_free (data); sk_POLICYINFO_pop_free (policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free (cache->data, policy_data_free); cache->data = NULL; } return ret; }
static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; POLICYINFO *pol; ASN1_OBJECT *pobj; STACK_OF(CONF_VALUE) *vals; CONF_VALUE *cnf; int i, ia5org; pols = sk_POLICYINFO_new_null(); vals = X509V3_parse_list(value); ia5org = 0; for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); if(cnf->value || !cnf->name ) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pstr = cnf->name; if(!strcmp(pstr,"ia5org")) { ia5org = 1; continue; } else if(*pstr == '@') { STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); if(!polsect) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); if(!pol) goto err; } else { if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pol = POLICYINFO_new(); pol->policyid = pobj; } sk_POLICYINFO_push(pols, pol); } sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; err: sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; }
/** * Returns current certificate policies * * @return certificate policies */ std::vector<std::string> digidoc::X509Cert::getCertificatePolicies() const throw(IOException) { CERTIFICATEPOLICIES *cp = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(cert, NID_certificate_policies, 0, 0); if(!cp) return std::vector<std::string>(); char buf[50]; std::vector<std::string> pol; for(int i = 0; i < sk_POLICYINFO_num(cp); ++i) { memset(buf, 0, 50); int len = OBJ_obj2txt(buf, 50, sk_POLICYINFO_value(cp, i)->policyid, 1); if(len != NID_undef) pol.push_back(std::string(buf, len)); } sk_POLICYINFO_pop_free(cp, POLICYINFO_free); return pol; }
int digidoc::EstEIDSigner::type() const { int result = digidoc::Digest::toMethod( Conf::getInstance()->getSignatureUri() ); if( result == NID_sha1 ) return result; char buf[50]; bool found = false; CERTIFICATEPOLICIES *cp = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(getCert(), NID_certificate_policies, 0, 0); for( int i = 0; i < sk_POLICYINFO_num(cp); ++i ) { memset(buf, 0, 50); int len = OBJ_obj2txt(buf, 50, sk_POLICYINFO_value(cp, i)->policyid, 1); if(len != NID_undef && (strncmp(buf, "1.3.6.1.4.1.10015.1.2.", 22) == 0 || strncmp(buf, "1.3.6.1.4.1.10015.3.2.", 22) == 0)) found = true; } sk_POLICYINFO_pop_free(cp, POLICYINFO_free); if(!found) return X509Cert(getCert()).getPaddingSize() > 128 ? result : NID_sha224; return result; }