コード例 #1
0
ファイル: pki_keypair.c プロジェクト: Brenhilt/libpki
PKI_DIGEST *PKI_X509_KEYPAIR_VALUE_pub_digest ( PKI_X509_KEYPAIR_VALUE *pkey,
							PKI_DIGEST_ALG *md ) {

	X509_PUBKEY *xpk = NULL;
	ASN1_BIT_STRING *key = NULL;
	PKI_DIGEST * ret = NULL;

	if (!pkey) return NULL;

	if( !md ) md = PKI_DIGEST_ALG_DEFAULT;

	if(!X509_PUBKEY_set(&xpk, pkey )) {
		PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::Error building X509 "
			"PUBKEY data");
		return NULL;
	}
	if((key = xpk->public_key ) == NULL ) {
		PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::No pubkey found!");
		return ( NULL );
	}

	if( key->length < 1 ) {
		PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::Pubkey len is 0!");
		return ( NULL );
	}

	if(( ret = PKI_DIGEST_new( md, key->data, 
					(size_t) key->length )) == NULL ) {
		PKI_log_debug("PKI_X509_KEYPAIR_pub_digest()::%s",
			ERR_error_string( ERR_get_error(), NULL ));
		return ( NULL );
	}

	return ( ret );
}
コード例 #2
0
ファイル: prqp_srv.c プロジェクト: Brenhilt/libpki
char * PKI_get_ca_service( PKI_X509_CERT *caCert, char *srv, char *url_s ) {

	PKI_STACK *services = NULL;
	PKI_STACK *ret_sk = NULL;

	char *ret_s = NULL;

	if( !srv || !caCert ) return ( NULL );

	if((services = PKI_STACK_new_null()) == NULL ) {
		PKI_log_debug("Stack creation error in %s:%d",
						__FILE__, __LINE__ );
		return ( NULL );
	}

	PKI_log_debug ("Getting Address for %s", srv );

	PKI_STACK_push( services, strdup(srv) );
	ret_sk = PKI_get_ca_resources( caCert, NULL, NULL, services, url_s );

	PKI_STACK_free_all( services );

	if( !ret_sk ) {
		PKI_log_debug("No address returned for %s", srv );
		return ( NULL );
	} else {
		ret_s = PKI_STACK_pop( ret_sk );
		PKI_STACK_free_all( ret_sk );
	}

	PKI_log_debug ( "Returned address %s", ret_s );

	return ( ret_s );
}
コード例 #3
0
ファイル: prqp_srv.c プロジェクト: Brenhilt/libpki
PKI_STACK * PKI_get_ca_resources(PKI_X509_CERT *caCert, 
			PKI_X509_CERT *caIssuerCert, PKI_X509_CERT *issuedCert,
			PKI_STACK *sk_services, char *url_s ) {

	PKI_X509_PRQP_REQ *p = NULL;
	PKI_X509_PRQP_RESP *r = NULL;
	PKI_STACK *addr_sk = NULL;

	p = PKI_X509_PRQP_REQ_new_certs_res ( caCert, caIssuerCert, 
						issuedCert, sk_services );

	if( !p ) {
		PKI_log_debug ("PKI_get_ca_resources()::Can not generate PRQP REQ");
		return NULL;
	}

	if((r = PKI_DISCOVER_get_resp ( p, url_s )) == NULL ) {
		PKI_log_debug("PKI_get_ca_resources()::No response retrieved!");
		PKI_X509_PRQP_REQ_free ( p );
		return NULL;
	}

	// PKI_PRQP_RESP_print( r->value );

	if((addr_sk = PKI_X509_PRQP_RESP_url_sk ( r )) == NULL ) {
		PKI_log_debug ("PKI_get_ca_responses()::No list of address is returned!");
	}

	if ( p ) PKI_X509_PRQP_REQ_free ( p );
	if ( r ) PKI_X509_PRQP_RESP_free ( r );

	return addr_sk;
}
コード例 #4
0
ファイル: pki_msg_resp_io.c プロジェクト: Brenhilt/libpki
PKI_MEM *PKI_MSG_RESP_put_mem ( PKI_MSG_RESP *msg, PKI_DATA_FORMAT format,
			PKI_MEM **pki_mem, PKI_CRED *cred, HSM *hsm ) {

	if( !msg ) return ( NULL );

	if( !msg->msg_data ) {
		int proto = 0;
		proto = PKI_MSG_RESP_get_proto ( msg );

		if (PKI_MSG_RESP_encode ( msg, proto ) == NULL ) {
			return ( NULL );
		}
	}

	PKI_log_debug("PKI_MSG_RESP_put_mem()::Start");

	switch ( msg->proto ) {
		case PKI_MSG_PROTO_SCEP:
			return PKI_X509_PKCS7_put_mem ( 
					(PKI_X509_PKCS7 *) msg->msg_data, 
						format, NULL, cred, hsm );
			break;
		case PKI_MSG_PROTO_CMC:
		case PKI_MSG_PROTO_XKMS:
		default:
			PKI_log_debug("MSG protocol not supported!");
	}

	return ( NULL );
}
コード例 #5
0
ファイル: pki_keypair.c プロジェクト: Brenhilt/libpki
PKI_MEM *PKI_X509_KEYPAIR_get_p8 ( PKI_X509_KEYPAIR *k ) {

	BIO *mem = NULL;
	PKI_MEM *ret = NULL;
	PKI_X509_KEYPAIR_VALUE *pkey = NULL;

	if ( !k || !k->value ) return NULL;

	pkey = k->value;

	if((mem = BIO_new(BIO_s_mem())) == NULL ) {
		return NULL;
	}

	if(i2d_PKCS8PrivateKeyInfo_bio(mem, (EVP_PKEY *) pkey) > 0 ) {
		if( BIO_flush ( mem ) <= 0 ) {
			PKI_log_debug("ERROR flushing mem");
		}
		ret = PKI_MEM_new_bio ( mem, NULL );
	}

	BIO_free ( mem );

	return ( ret );
}
コード例 #6
0
ファイル: hsm_keypair.c プロジェクト: Brenhilt/libpki
PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new( PKI_KEYPARAMS *params, 
			char *label, PKI_CRED *cred, HSM *hsm ) {

	PKI_X509_KEYPAIR *ret = NULL;
	URL *url = NULL;

	if( hsm && !url && (hsm->type == HSM_TYPE_PKCS11) ) {
		PKI_log_debug("PKI_X509_KEYPAIR_new()::Label is required when "
			"using HSM!");
		return ( NULL );
	}

	if ( label ) {
		if(( url = URL_new(label)) == NULL ) {
			PKI_ERROR(PKI_ERR_URI_PARSE, label);
			return ( NULL );
		}
	};

	ret = HSM_X509_KEYPAIR_new_url ( params, url, cred, hsm );
	
	if( url ) URL_free( url );

	return ( ret );
}
コード例 #7
0
ファイル: mysql.c プロジェクト: openca/libpki
PKI_MEM_STACK *URL_get_data_mysql ( const char *url_s, ssize_t size )
{
	PKI_MEM_STACK *ret = NULL;
	URL *url = NULL;

	if( !url_s ) 
	{
		PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
		return (NULL);
	}

	if ((url = URL_new(url_s)) == NULL)
	{
		PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
		return NULL;
	}

	if (url->proto != URI_PROTO_MYSQL)
	{
		PKI_log_debug("Wrong protocol for MySQL queries (%d)", URI_PROTO_MYSQL);
		URL_free(url);

		return NULL;
	}

	// Get the results
	ret = URL_get_data_mysql_url( url, size );
	
	// Free the URL
	URL_free(url);

	// Return the results
	return ret;
}
コード例 #8
0
ファイル: pki_config.c プロジェクト: Brenhilt/libpki
char * PKI_CONFIG_find_all(char *dir, char *name, char *subdir)
{
	PKI_STACK *dir_list = NULL;
	char * dir_name = NULL;
	char * ret = NULL;

	int i = 0;

	// Checks the input
	if (!dir || !name )
	{
		PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
		return NULL;
	}

	// Get the list of entries for the directory
	if ((dir_list = PKI_CONFIG_get_search_paths(dir)) == NULL) return NULL;
	
	// Some debugging
	PKI_log_debug( "GOT SEARCH PATHS => %d", PKI_STACK_elements( dir_list ));

	// Go throught the different elements of the directory and search them
	for ( i=0; i < PKI_STACK_elements( dir_list ); i++ )
	{
		char buff[BUFF_MAX_SIZE];

		dir_name = PKI_STACK_get_num(dir_list, i);

		if (subdir != NULL) snprintf(buff, sizeof(buff), "%s/%s", dir_name, subdir);
		else snprintf(buff, sizeof(buff), "%s", dir_name );

		// Debugging
		PKI_log_debug("SEARCHING FOR %s in dir %s", name, buff );

		if ((ret = PKI_CONFIG_find(buff, name)) != NULL)
		{
			PKI_log_debug("FOUND => %s [%s]", name, buff );
			break;
		}
	}

	// Free all the contents
	if (dir_list) PKI_STACK_free_all(dir_list);

	// Let's return the results
	return ret;
}
コード例 #9
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
int PKI_X509_PKCS7_encode ( PKI_X509_PKCS7 *p7, unsigned char *data, 
							size_t size ) {

	int type = NID_pkcs7_signed;
	PKCS7_SIGNER_INFO *signerInfo = NULL;
	BIO *bio = NULL;

	if( !p7 || !p7->value ) return ( PKI_ERR );

	type = PKI_X509_PKCS7_get_type ( p7 );

	if (( type == PKI_X509_PKCS7_TYPE_ENCRYPTED ) 
			|| (type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED)) {

		if ( PKI_X509_PKCS7_has_recipients ( p7 ) == PKI_ERR ) {
			PKI_log_debug ( "PKI_X509_PKCS7_encode()::Missing "
								"Recipients!");
			return PKI_ERR;
		}
	}

	if ( (type == PKI_X509_PKCS7_TYPE_SIGNED) ||
			(type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED )) {

		if(( signerInfo = PKI_X509_PKCS7_get_signer_info( p7,
							-1 )) == NULL ) {
			return ( PKI_ERR );
		}

		PKCS7_add_signed_attribute ( signerInfo, NID_pkcs9_contentType,
			V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
	}

	if((bio = PKCS7_dataInit(p7->value, NULL)) == NULL ) {
		PKI_log_err("PKI_X509_PKCS7_sign()::Error dataInit [%s]",
			ERR_error_string(ERR_get_error(),NULL));
		return ( PKI_ERR );
	}
	
	if( BIO_write( bio, data, (int) size ) <= 0 ) {
		PKI_log_err("PKI_X509_PKCS7_sign()::Error dataSign [%s]",
			ERR_error_string(ERR_get_error(),NULL));
		return ( PKI_ERR );
	}

	(void)BIO_flush(bio);

	if(!PKCS7_dataFinal( p7->value, bio )) {
		PKI_log_err("PKI_X509_PKCS7_sign()::Error End dataSign [%s]",
			ERR_error_string(ERR_get_error(),NULL));
		return ( PKI_ERR );
	};

	if( bio ) BIO_free_all ( bio );

	return ( PKI_OK );

}
コード例 #10
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
PKI_MEM *PKI_X509_PKCS7_decode ( PKI_X509_PKCS7 *p7, PKI_X509_KEYPAIR *k, 
						PKI_X509_CERT *x ) {

	BIO *bio = NULL;
	PKI_MEM *mem = NULL;
	PKI_ID type = 0;
	PKI_X509_CERT_VALUE *x_val = NULL;
	PKI_X509_KEYPAIR_VALUE *pkey = NULL;

	if ( !p7 || !p7->value || !k || !k->value ) {
		PKI_log_debug("PKI_X509_PKCS7_decode()::Missing p7 or pkey!");
		return ( NULL );
	};
 
	pkey = k->value;

	type = PKI_X509_PKCS7_get_type ( p7 );

	switch ( type ) {
		case PKI_X509_PKCS7_TYPE_ENCRYPTED:
		case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
			break;
		default:
			PKI_log_debug("PKI_X509_PKCS7_decode()::Wrong MSG type!");
                	return PKI_ERR;
        }

	if ( x ) x_val = x->value;

	if((bio = PKCS7_dataDecode(p7->value, pkey, NULL, x_val)) == NULL) {
		PKI_log_debug ( "PKI_X509_PKCS7_decode()::Decrypt error [%s]",
			ERR_error_string(ERR_get_error(), NULL ));
		return ( NULL );
	}

	if((mem = PKI_MEM_new_bio( (PKI_IO *) bio, NULL )) == NULL ) {
		PKI_log_debug("PKI_X509_PKCS7_decode()::Memory Error!");
		if( bio ) BIO_free_all ( bio );
		return ( NULL );
	}

	if (bio ) BIO_free_all ( bio );

	return ( mem );
}
コード例 #11
0
ファイル: pki_config.c プロジェクト: Brenhilt/libpki
PKI_OID * PKI_CONFIG_OID_search ( PKI_CONFIG *doc, char *searchName ) {

	PKI_OID *oid = NULL;
	PKI_CONFIG_ELEMENT *curr = NULL;
	PKI_CONFIG_ELEMENT_STACK *sk = NULL;

	xmlChar oidSearchBuff[BUFF_MAX_SIZE];

	int size = 0;
	int i = 0;

	if( !doc || !searchName ) return (NULL);

	if((oid = PKI_OID_get( searchName )) != NULL ) {
		return ( oid );
	}

	snprintf( (char *) oidSearchBuff, BUFF_MAX_SIZE,
		"/objectIdentifiers/oid[@name=\"%s\"]", searchName );

	if (( sk = PKI_CONFIG_get_element_stack ( doc, 
					(char *)oidSearchBuff )) == NULL ) {
		return NULL;
	}

	size = PKI_STACK_CONFIG_ELEMENT_elements ( sk );

	for( i = 0; i < size; i++ ) {
		curr = PKI_STACK_CONFIG_ELEMENT_get_num ( sk, i );

		if( curr && curr->type == XML_ELEMENT_NODE ) {
			xmlChar *name = NULL;
			xmlChar *descr = NULL;
			xmlChar *val = NULL;

			name = xmlGetProp( curr, (xmlChar *) "name" );
			descr = xmlGetProp( curr, (xmlChar *) "description" );
			val = xmlNodeListGetString(doc, 
						curr->xmlChildrenNode, 1);

			oid = PKI_OID_new ( (char *) val, (char *) name, 
							(char *) descr);

			if( descr ) xmlFree ( descr  );
			if( name ) xmlFree ( name );
			if( val ) xmlFree ( val );

			if( oid != NULL ) {
				PKI_log_debug("Failed Creating OID (%s, %s, %s)",
					name, descr, val );
				continue;
			}
		}
	}

	return (oid);
}
コード例 #12
0
ファイル: crl.c プロジェクト: Brenhilt/openca-ocspd
int check_crl ( PKI_X509_CRL *x_crl, PKI_X509_CERT *x_cacert,
		OCSPD_CONFIG *conf ) {

	PKI_X509_KEYPAIR_VALUE *pkey = NULL;
	PKI_X509_KEYPAIR *k = NULL;

	int ret = -1;

	if (!conf) return (-1);

	PKI_RWLOCK_read_lock ( &conf->crl_lock );
	if( !x_crl || !x_crl->value || !x_cacert || !x_cacert->value ) {
		if( conf->verbose ) {
			if(!x_crl || !x_crl->value) 
					PKI_log_err ("CRL missing");
			if(!x_cacert || !x_cacert->value) 
					PKI_log_err("CA cert missing");
		}
		PKI_RWLOCK_release_read ( &conf->crl_lock );
		return(-1);
	}

	/* Gets the Public Key of the CA Certificate */
	if((pkey = PKI_X509_CERT_get_data( x_cacert, 
				PKI_X509_DATA_PUBKEY )) == NULL ) { 
		PKI_log_err( "Can not parse PubKey from CA Cert");
		PKI_RWLOCK_release_read ( &conf->crl_lock );
		return(-3);
	}

	if ((k = PKI_X509_new_value(PKI_DATATYPE_X509_KEYPAIR, pkey, NULL))
							== NULL ) {
		PKI_log_err ("Memory Error!");
		PKI_RWLOCK_release_read ( &conf->crl_lock );
		return(-3);
	}
	
	if ( PKI_X509_verify ( x_crl, k ) == PKI_OK ) {
		PKI_log_debug("CRL signature is verified!");
		ret = PKI_OK;
	} else {
		ret = PKI_ERR;
	}

	k->value = NULL;
	PKI_X509_KEYPAIR_free ( k );

	PKI_RWLOCK_release_read ( &conf->crl_lock );

	if ( ret > 0 ) {
		PKI_log(PKI_LOG_INFO, "CRL matching CA cert ok [ %d ]",
				ret);
	}

	return ret;
}
コード例 #13
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
PKI_MEM *PKI_X509_PKCS7_get_data ( PKI_X509_PKCS7 *p7, PKI_X509_KEYPAIR *k,
					PKI_X509_CERT *x ) {

	PKI_ID type;

	if( !p7 || !p7->value ) return ( NULL );

	type = PKI_X509_PKCS7_get_type ( p7 );

	switch ( type ) {
		case PKI_X509_PKCS7_TYPE_ENCRYPTED:
		case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
			PKI_log_debug("PKI_X509_PKCS7_get_data()::P7 is encrypted!");
			return PKI_X509_PKCS7_decode ( p7, k, x );
			break;
		default:
			PKI_log_debug("PKI_X509_PKCS7_get_data()::P7 not encrypted");
			return PKI_X509_PKCS7_get_raw_data ( p7 );
	}
}
コード例 #14
0
ファイル: http_client.c プロジェクト: Brenhilt/libpki
/*
BUF_MEM *http_get_data ( BIO *in, ssize_t max_size ) {

	BUF_MEM *buf = NULL;
	size_t fullsize = 0;
	int newsize  = 0;

	if( !in )
		return NULL;

	buf = BUF_MEM_new();
	for (;;) {
		if ((buf == NULL) || (!BUF_MEM_grow(buf, (int) (fullsize+512)))) {
			PKI_log( PKI_LOG_ERR, "Memory Allocation Err (%s:%d)",
					__FILE__, __LINE__ );
			return ( NULL );
		}

		newsize   = BIO_read(in, &(buf->data[fullsize]), 512);
		if (newsize == 0) break;

		if (newsize < 0) {
			BUF_MEM_free( buf );
			return NULL;
		}

		fullsize += (size_t) newsize;

		if( (max_size > 0) && (fullsize > max_size)) {
			// fprintf( stderr, 
			// 	"ERROR::HTTP::Read::Max read size exceeded "
			// 	" [ %d ]", max_size );
			BUF_MEM_free( buf );
			return NULL;
		}
	}

	buf->data[fullsize] = '\x0';

	return buf;
}
*/
PKI_X509_PRQP_RESP *PKI_X509_PRQP_RESP_get_http ( URL *url,
		PKI_X509_PRQP_REQ *req, unsigned long max_size ) {

	PKI_MEM *mem = NULL;
	PKI_X509_PRQP_RESP *resp = NULL;
	PKI_MEM_STACK *mem_sk = NULL;

	if(( mem = PKI_X509_PRQP_REQ_put_mem ( req, 
			PKI_DATA_FORMAT_ASN1, NULL, NULL, NULL  )) == NULL ) {
		return NULL;
	}
	
	if ( URL_put_data_url ( url, mem, "application/prqp-request", 
				&mem_sk, 60, 0, NULL ) == PKI_ERR ) {
		PKI_MEM_free ( mem );
		return NULL;
	}

	PKI_MEM_free ( mem );

	if ( PKI_STACK_MEM_elements ( mem_sk ) <= 0 ) {
		PKI_log_debug ("No Responses received!");
	}

	if((mem = PKI_STACK_MEM_pop ( mem_sk )) == NULL ) {
		PKI_log_debug ("STACK Memory Error");
		PKI_STACK_MEM_free_all ( mem_sk );
		return NULL;
	}

	if((resp = PKI_X509_PRQP_RESP_get_mem ( mem, 
					NULL, NULL )) == NULL ) {
		PKI_log_debug ( "Can not read response from Memory.");
	}

	PKI_STACK_MEM_free_all ( mem_sk );

	return resp;
	
}
コード例 #15
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
int PKI_X509_PKCS7_add_signer ( PKI_X509_PKCS7 *p7, PKI_X509_CERT *signer,
			PKI_X509_KEYPAIR *k, PKI_DIGEST_ALG *md ) {

	PKCS7_SIGNER_INFO *signerInfo = NULL;

	if ( !p7 || !signer || !k ) {
		if ( !p7 ) PKI_log_debug ( "!p7");
		if ( !signer ) PKI_log_debug ( "!signer");
		if ( !k ) PKI_log_debug ( "!key");
		return PKI_ERR;
	}

	if ( !p7->value || !signer->value || !k->value ) {
		if ( !p7->value ) PKI_log_debug ( "!p7->value");
		if ( !signer->value ) PKI_log_debug ( "!signer->value");
		if ( !k->value ) PKI_log_debug ( "!key->value");
		return PKI_ERR;
	}

	if( !md ) md = PKI_DIGEST_ALG_DEFAULT;

	if((signerInfo = PKCS7_add_signature( p7->value, 
					signer->value, k->value, md)) == NULL) {
		return ( PKI_ERR );
	}
	PKCS7_add_certificate ( p7->value, signer->value );

	return ( PKI_OK );

}
コード例 #16
0
ファイル: pki_x509_cert.c プロジェクト: openca/libpki
PKI_STACK * PKI_X509_CERT_get_email (const PKI_X509_CERT *x ) {

  PKI_STACK *sk = NULL;
  PKI_X509_NAME_RDN **list = NULL;
  const PKI_X509_NAME *name = NULL;

  // PKI_X509_EXTENSION_STACK * ext_list = NULL;

  PKI_X509_EXTENSION * ext = NULL;

  if(!x || !x->value) return NULL;

  if((sk = PKI_STACK_new_null()) == NULL)
    return NULL;

  name = PKI_X509_CERT_get_data(x, PKI_X509_DATA_SUBJECT);

  // Maybe we find something in the DN...
  if(name) {

    int curr = 0;

    PKI_X509_NAME_RDN *el = NULL;
    list = PKI_X509_NAME_get_list(name, PKI_X509_NAME_TYPE_EMAIL);
    
    for(curr = 0; el != NULL; curr++ ) {
      el = list[curr];
      PKI_STACK_push( sk, PKI_X509_NAME_RDN_value(el));
    }
  }
  
  if((ext = PKI_X509_CERT_get_extension_by_name(x, 
                                         "subjectAltName")) != NULL) {
      PKI_log_debug("Got subjectAltName: Code Still Missing!");
  }

  PKI_log_debug("Code still missing!");
  return sk;
}
コード例 #17
0
ファイル: pkcs11.c プロジェクト: Brenhilt/libpki
PKI_MEM_STACK *URL_get_data_pkcs11 ( char *url_s, ssize_t size ) {
	URL *url = NULL;

	if( !url_s ) return (NULL);

	if(((url = URL_new( url_s )) == NULL) ||
		url->proto != URI_PROTO_PKCS11 ) {
		PKI_log_debug ("Not a PKCS11 URL");
		return (NULL);
	}

	return ( URL_get_data_pkcs11_url( url, size ));
}
コード例 #18
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
PKI_X509_PKCS7 *PKI_X509_PKCS7_new ( PKI_X509_PKCS7_TYPE type ) {

	PKI_X509_PKCS7 *p7 = NULL;
	PKI_X509_PKCS7_VALUE *value = NULL;

	if((p7 = PKI_X509_new( PKI_DATATYPE_X509_PKCS7, NULL )) == NULL ) {
		PKI_log_debug("PKI_X509_PKCS7_new()::Memory Error!");
		return ( NULL );
	}

	if((value = p7->cb->create()) == NULL ) {
		PKI_log_debug ("Memory Allocation Error.");
		return NULL;
	}

	if(!PKCS7_set_type( value, type )) {
		PKI_log_err( "PKI_X509_PKCS7_new()::Can not set PKCS7 type!");
		return ( NULL );
	}

	p7->value = value;

	switch ( type ) {
		case PKI_X509_PKCS7_TYPE_ENCRYPTED:
		case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
			if(!PKI_X509_PKCS7_set_cipher( p7, 
				     (EVP_CIPHER *) PKI_CIPHER_AES(256,cbc))) {
				PKI_log_debug("PKI_X509_PKCS7_new()::Can not set "
					"cipher!");
			};
			break;
		case PKI_X509_PKCS7_TYPE_SIGNED:
			PKCS7_content_new ( value, NID_pkcs7_data );
			break;
		default:
			break;
	}
	return ( p7 );
}
コード例 #19
0
ファイル: dns.c プロジェクト: Brenhilt/libpki
/*! \brief Returns the type of DNS records identified by the passed char * arg */
int URL_get_dns_type(char *str) {

	int ret = -1;
	if (!str) return ret;

#ifdef HAVE_LIBRESOLV

	if (strncmp_nocase(str, "AAAA", 4) == 0) {
		ret = T_AAAA;
	} else if (strncmp_nocase(str, "A", 1) == 0) {
		ret = T_A;
	} else if (strncmp_nocase(str, "NS", 2) == 0) {
		ret = T_NS;
	} else if (strncmp_nocase(str, "MX", 2) == 0) {
		ret = T_MX;
	} else if (strncmp_nocase(str, "CNAME", 5) == 0) {
		ret = T_CNAME;
	} else if (strncmp_nocase(str, "SRV", 3) == 0) {
		ret = T_SRV;
	} else if (strncmp_nocase(str, "TXT", 3) == 0) {
		ret = T_TXT;
	} else if (strncmp_nocase(str, "CERT", 4) == 0) {
		ret = T_CERT;
	} else if (strncmp_nocase(str, "ANY", 3) == 0) {
		ret = T_ANY;
	} else if (atoi(str) > 0) {
		ret = atoi(str);
	} else {
		PKI_log_err("DNS URI: record type (%s) not supported.", str);
	}

	PKI_log_debug("DNS URI: record type (%s=%d) parsed", str, ret);
#else
  PKI_log_debug("DNS URI: dns support disabled at compile time");
#endif
	return ret;
}
コード例 #20
0
ファイル: pki_msg_resp_io.c プロジェクト: Brenhilt/libpki
int PKI_MSG_RESP_put ( PKI_MSG_RESP *msg, PKI_DATA_FORMAT format, 
			char *url, char *mime, PKI_CRED *cred, HSM *hsm ) {

	PKI_MEM *mem = NULL;

	if( !msg ) return ( PKI_ERR );

	if( !msg->msg_data ) {
		int proto;

		proto = PKI_MSG_RESP_get_proto ( msg );

		if (PKI_MSG_RESP_encode ( msg, proto ) == NULL ) {
			return ( PKI_ERR );
		}
	}

	PKI_log_debug("PKI_MSG_RESP_put()::Start");

	switch ( msg->proto ) {
		case PKI_MSG_PROTO_SCEP:
			mem = PKI_X509_PKCS7_put_mem ( 
				(PKI_X509_PKCS7 *) msg->msg_data, format,
					NULL, cred, hsm );
			break;
		case PKI_MSG_PROTO_CMC:
		case PKI_MSG_PROTO_XKMS:
		default:
			PKI_log_debug("MSG protocol not supported!");
	}

	if (!mem || !mem->data ) return ( PKI_ERR );

	return URL_put_data( url, mem, "application/x-pki-message", 
			NULL, 120, 64*1024, NULL );
}
コード例 #21
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
PKI_X509_PKCS7_TYPE PKI_X509_PKCS7_get_type ( PKI_X509_PKCS7 *p7 ) {

	PKI_ID type = PKI_ID_UNKNOWN;
	PKI_X509_PKCS7_VALUE *value = NULL;

	if(!p7 || !p7->value ) {
		PKI_log_debug ( "PKI_X509_PKCS7_get_type()::No Message!");
		return PKI_X509_PKCS7_TYPE_UNKNOWN;
	}

	value = p7->value;

	if(!value->type ) {
		PKI_log_debug ( "PKI_X509_PKCS7_get_type()::No Message Type!");
		return PKI_X509_PKCS7_TYPE_UNKNOWN;
	}

	type = PKI_OID_get_id( value->type );

	switch ( type ) {
		case NID_pkcs7_enveloped:
			return PKI_X509_PKCS7_TYPE_ENCRYPTED;
			break;
		case NID_pkcs7_signed:
			return PKI_X509_PKCS7_TYPE_SIGNED;
			break;
		case NID_pkcs7_signedAndEnveloped:
			return PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED;
			break;
		case NID_pkcs7_data:
			return PKI_X509_PKCS7_TYPE_DATA;
			break;
		default:
			return PKI_X509_PKCS7_TYPE_UNKNOWN;
	}
}
コード例 #22
0
ファイル: pki_config.c プロジェクト: Brenhilt/libpki
PKI_CONFIG_ELEMENT *PKI_CONFIG_add_node ( PKI_CONFIG *doc,
			char *parent, char *name, char *value ) {

	
	PKI_CONFIG_ELEMENT *p_node = NULL;

	// PKI_log_debug("add_node()::parent=%s, name=%s, value=%s",
	// 			parent, name, value );

	if((p_node = PKI_CONFIG_get_element( doc, parent, -1 )) == NULL ) {
		PKI_log_debug("ERROR::Can not find Parent node (%s)", parent );
		return NULL;
	}

	return PKI_CONFIG_ELEMENT_add_child ( doc, p_node, name, value );
}
コード例 #23
0
ファイル: pki_x509_xpair.c プロジェクト: Brenhilt/libpki
/*! \brief Returns the reverse cert pointer present in a cross cert pair */
PKI_X509_CERT * PKI_X509_XPAIR_get_reverse ( PKI_X509_XPAIR *xp ) {

	PKI_XPAIR *xp_val = NULL;
	PKI_X509_CERT *ret = NULL;

	if( !xp || !xp->value ) return ( NULL );

	xp_val = xp->value;
	if( !xp_val->reverse ) return ( NULL );

	if((ret = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_CERT, 
			xp_val->reverse, NULL )) != NULL ) {
		PKI_log_debug( "Can not duplicate reverse cert!");
	}

	return ret;
}
コード例 #24
0
ファイル: hsm_slot.c プロジェクト: Brenhilt/libpki
int HSM_SLOT_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ) {

	int ret = PKI_OK;

	if( !hsm ) {
		return ( ret );
	}

	if( hsm && hsm->callbacks && hsm->callbacks->select_slot ) {
		ret = hsm->callbacks->select_slot ( num, cred, hsm );
	} else {
		PKI_log_debug("No slot select function for current HSM");
		ret = PKI_OK;
	}

	return ( ret );
}
コード例 #25
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
PKI_X509_ATTRIBUTE *PKI_X509_PKCS7_get_attribute(PKI_X509_PKCS7 *p7, 
								PKI_ID id ) {

	PKCS7_SIGNER_INFO *signerInfo = NULL;

        if( !p7 || !p7->value ) return ( NULL  );

        if((signerInfo = PKI_X509_PKCS7_get_signer_info ( p7, -1 )) == NULL ) {
                PKI_log_debug ( "PKI_X509_PKCS7_add_signed_attribute()::Signer Info "
                        "not present in P7!");
                return ( NULL  );
        }

        if( signerInfo->unauth_attr == NULL ) {
                return ( NULL );
        }
	return ( PKI_STACK_X509_ATTRIBUTE_get( signerInfo->auth_attr, id));
}
コード例 #26
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
int PKI_X509_PKCS7_add_attribute ( PKI_X509_PKCS7 *p7, PKI_X509_ATTRIBUTE *a ) {

	PKCS7_SIGNER_INFO *signerInfo = NULL;

	if( !p7 || !p7->value || !a ) return ( PKI_ERR );

	if((signerInfo = PKI_X509_PKCS7_get_signer_info ( p7, -1 )) == NULL ) {
		PKI_log_debug ( "PKI_X509_PKCS7_add_signed_attribute()::Signer Info "
			"not present in P7!");
		return ( PKI_ERR );
	}

	if( signerInfo->unauth_attr == NULL ) {
		signerInfo->unauth_attr = PKI_STACK_X509_ATTRIBUTE_new_null();
	}

	return ( PKI_STACK_X509_ATTRIBUTE_add( signerInfo->unauth_attr, a ));

}
コード例 #27
0
ファイル: pki_x509_cert.c プロジェクト: openca/libpki
PKI_X509_EXTENSION_STACK *PKI_X509_CERT_get_extensions(const PKI_X509_CERT *x) {

  PKI_X509_EXTENSION_STACK *ret = NULL;

  int i = 0;
  int ext_count = 0;

  if (!x) return NULL;

  if ((ext_count = X509_get_ext_count (x->value)) <= 0 ) return NULL;

  for ( i=0; i < ext_count; i++ ) {
    LIBPKI_X509_EXTENSION *ext = NULL;
    // PKI_X509_EXTENSION_VALUE *ext = NULL;
    PKI_X509_EXTENSION *pki_ext = NULL;
    
    if((ext = X509_get_ext ( x->value, i )) == NULL ) {
      continue;
    }

    if((pki_ext = PKI_X509_EXTENSION_new()) == NULL ) {
      PKI_log_err ( "Memory Allocation");
      continue;
    }

    if( ext->object == NULL ) {
      PKI_X509_EXTENSION_free ( pki_ext );
      continue;
    }

    pki_ext->oid = PKI_OID_dup ( ext->object );
    pki_ext->critical = ext->critical;

    if((pki_ext->value = X509V3_EXT_d2i ( ext )) == NULL ) {
      PKI_log_debug( "Extension %d -- not parsable", i);
      PKI_X509_EXTENSION_free ( pki_ext );
      continue;
    }
  }

  return ret;
}
コード例 #28
0
ファイル: pki_x509_extension.c プロジェクト: Brenhilt/libpki
PKI_X509_EXTENSION_STACK *PKI_X509_EXTENSION_get_list ( void *x, 
						PKI_X509_DATA type ) {

	PKI_X509_EXTENSION_STACK *ret = NULL;

	int i = 0;
	int ext_count = 0;

	if (!x) return NULL;

	if ((ext_count = X509_get_ext_count (x)) <= 0 ) return NULL;

	if(( ret = PKI_STACK_X509_EXTENSION_new()) == NULL ) return NULL;

	for ( i=0; i < ext_count; i++ ) {
		PKI_X509_EXTENSION_VALUE *ext = NULL;
		PKI_X509_EXTENSION *pki_ext = NULL;
		
		if((ext = X509_get_ext ( x, i )) == NULL ) {
			continue;
		}

		if((pki_ext = PKI_X509_EXTENSION_new()) == NULL ) {
			PKI_log_err ( "Memory Allocation");
			continue;
		}

		pki_ext->oid = ext->object;
		pki_ext->critical = ext->critical;

		if((pki_ext->value = X509V3_EXT_d2i ( ext )) == NULL ) {
			PKI_log_debug( "Extension %d -- not parsable", i);
			PKI_X509_EXTENSION_free ( pki_ext );
			continue;
		}

		PKI_STACK_X509_EXTENSION_push ( ret, pki_ext );
	}

	return ret;
}
コード例 #29
0
ファイル: prqp_srv.c プロジェクト: Brenhilt/libpki
PKI_STACK * PKI_get_cert_service_sk( PKI_X509_CERT *cert, 
					char *srv, char *url_s ) {

	PKI_STACK *services = NULL;
	PKI_STACK *ret_sk = NULL;

	if( !srv || !cert ) return ( NULL );

	if((services = PKI_STACK_new_null()) == NULL ) {
		PKI_log_debug("Stack creation error");
		return ( NULL );
	}

	PKI_STACK_push( services, strdup( srv ));

	ret_sk = PKI_get_ca_resources( NULL, NULL, cert, services, url_s );

	PKI_STACK_free_all( services );

	return ( ret_sk );
}
コード例 #30
0
ファイル: pki_x509_pkcs7.c プロジェクト: Brenhilt/libpki
int PKI_X509_PKCS7_set_cipher ( PKI_X509_PKCS7 *p7, PKI_CIPHER *cipher ) {

	int type;

	if( !p7 || !p7->value || !cipher ) return ( PKI_ERR );

	type = PKI_X509_PKCS7_get_type ( p7 );
	switch ( type ) {
		case PKI_X509_PKCS7_TYPE_ENCRYPTED:
		case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
			break;
		default:
			return PKI_ERR;
	}

        if(!PKCS7_set_cipher(p7->value, cipher)) {
		PKI_log_debug("PKI_X509_PKCS7_set_cipher()::Error setting Cipher "
			"[%s]", ERR_error_string(ERR_get_error(), NULL));
		return ( PKI_ERR );
	}

	return PKI_OK;
}