Exemplo n.º 1
0
static VALUE
ossl_ocspreq_add_certid(VALUE self, VALUE certid)
{
    OCSP_REQUEST *req;
    OCSP_CERTID *id;

    GetOCSPReq(self, req);
    GetOCSPCertId(certid, id);
    if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(id)))
        ossl_raise(eOCSPError, NULL);

    return self;
}
Exemplo n.º 2
0
static VALUE
ossl_ocspbres_get_status(VALUE self)
{
    OCSP_BASICRESP *bs;
    OCSP_SINGLERESP *single;
    OCSP_CERTID *cid;
    ASN1_TIME *revtime, *thisupd, *nextupd;
    int status, reason;
    X509_EXTENSION *x509ext;
    VALUE ret, ary, ext;
    int count, ext_count, i, j;

    GetOCSPBasicRes(self, bs);
    ret = rb_ary_new();
    count = OCSP_resp_count(bs);
    for(i = 0; i < count; i++) {
        single = OCSP_resp_get0(bs, i);
        if(!single) continue;

        revtime = thisupd = nextupd = NULL;
        status = OCSP_single_get0_status(single, &reason, &revtime,
                                         &thisupd, &nextupd);
        if(status < 0) continue;
        if(!(cid = OCSP_CERTID_dup(single->certId)))
            ossl_raise(eOCSPError, NULL);
        ary = rb_ary_new();
        rb_ary_push(ary, ossl_ocspcertid_new(cid));
        rb_ary_push(ary, INT2NUM(status));
        rb_ary_push(ary, INT2NUM(reason));
        rb_ary_push(ary, revtime ? asn1time_to_time(revtime) : Qnil);
        rb_ary_push(ary, thisupd ? asn1time_to_time(thisupd) : Qnil);
        rb_ary_push(ary, nextupd ? asn1time_to_time(nextupd) : Qnil);
        ext = rb_ary_new();
        ext_count = OCSP_SINGLERESP_get_ext_count(single);
        for(j = 0; j < ext_count; j++) {
            x509ext = OCSP_SINGLERESP_get_ext(single, j);
            rb_ary_push(ext, ossl_x509ext_new(x509ext));
        }
        rb_ary_push(ary, ext);
        rb_ary_push(ret, ary);
    }

    return ret;
}
Exemplo n.º 3
0
static VALUE
ossl_ocspreq_get_certid(VALUE self)
{
    OCSP_REQUEST *req;
    OCSP_ONEREQ *one;
    OCSP_CERTID *id;
    VALUE ary, tmp;
    int i, count;

    GetOCSPReq(self, req);
    count = OCSP_request_onereq_count(req);
    ary = (count > 0) ? rb_ary_new() : Qnil;
    for(i = 0; i < count; i++) {
        one = OCSP_request_onereq_get0(req, i);
        if(!(id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
            ossl_raise(eOCSPError, NULL);
        WrapOCSPCertId(cOCSPCertId, tmp, id);
        rb_ary_push(ary, tmp);
    }

    return ary;
}
Exemplo n.º 4
0
int SslOcspStapling::getRequestData(unsigned char *pReqData)
{
    int             len = -1;
    OCSP_REQUEST    *ocsp;
    OCSP_CERTID     *id;

    if (m_pCertId == NULL)
        return LS_FAIL;
    ocsp = OCSP_REQUEST_new();
    if (ocsp == NULL)
        return LS_FAIL;

    id = OCSP_CERTID_dup(m_pCertId);
    if (OCSP_request_add0_id(ocsp, id) != NULL)
    {
        len = i2d_OCSP_REQUEST(ocsp, &pReqData);
        if (len > 0)
            *pReqData = 0;
    }
    OCSP_REQUEST_free(ocsp);
    return  len;
}
Exemplo n.º 5
0
OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
						OCSP_CERTID *cid,
						int status, int reason,
						ASN1_TIME *revtime,
					ASN1_TIME *thisupd, ASN1_TIME *nextupd)
	{
	OCSP_SINGLERESP *single = NULL;
	OCSP_CERTSTATUS *cs;
	OCSP_REVOKEDINFO *ri;

	if(!rsp->tbsResponseData->responses &&
	    !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
		goto err;

	if (!(single = OCSP_SINGLERESP_new()))
		goto err;



	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
		goto err;
	if (nextupd &&
		!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
		goto err;

	OCSP_CERTID_free(single->certId);

	if(!(single->certId = OCSP_CERTID_dup(cid)))
		goto err;

	cs = single->certStatus;
	switch(cs->type = status)
		{
	case V_OCSP_CERTSTATUS_REVOKED:
		if (!revtime)
		        {
		        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
			goto err;
		        }
		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
			goto err;	
		if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
		        {
			if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
			        goto err;
			if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
						  reason)))
			        goto err;	
			}
		break;

	case V_OCSP_CERTSTATUS_GOOD:
		cs->value.good = ASN1_NULL_new();
		break;

	case V_OCSP_CERTSTATUS_UNKNOWN:
		cs->value.unknown = ASN1_NULL_new();
		break;

	default:
		goto err;

		}
	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
		goto err;
	return single;
err:
	OCSP_SINGLERESP_free(single);
	return NULL;
	}
Exemplo n.º 6
0
const char* bud_context_get_ocsp_req(bud_context_t* context,
                                     size_t* size,
                                     char** ocsp_request,
                                     size_t* ocsp_request_len) {
  STACK_OF(OPENSSL_STRING)* urls;
  OCSP_REQUEST* req;
  OCSP_CERTID* id;
  char* encoded;
  unsigned char* pencoded;
  size_t encoded_len;

  urls = NULL;
  id = NULL;
  encoded = NULL;

  /* Cached url */
  if (context->ocsp_url != NULL)
    goto has_url;

  urls = X509_get1_ocsp(context->cert);
  if (urls == NULL)
    goto done;

  context->ocsp_url = sk_OPENSSL_STRING_pop(urls);
  context->ocsp_url_len = strlen(context->ocsp_url);

has_url:
  if (context->ocsp_url == NULL)
    goto done;

  id = OCSP_CERTID_dup(context->ocsp_id);
  if (id == NULL)
    goto done;

  /* Create request */
  req = OCSP_REQUEST_new();
  if (req == NULL)
    goto done;
  if (!OCSP_request_add0_id(req, id))
    goto done;
  id = NULL;

  encoded_len = i2d_OCSP_REQUEST(req, NULL);
  encoded = malloc(encoded_len);
  if (encoded == NULL)
    goto done;

  pencoded = (unsigned char*) encoded;
  i2d_OCSP_REQUEST(req, &pencoded);
  OCSP_REQUEST_free(req);

  *ocsp_request = encoded;
  *ocsp_request_len = encoded_len;
  encoded = NULL;

done:
  if (id != NULL)
    OCSP_CERTID_free(id);
  if (urls != NULL)
    X509_email_free(urls);
  if (encoded != NULL)
    free(encoded);

  *size = context->ocsp_url_len;
  return context->ocsp_url;
}