static void run_set_extensions(gnutls_x509_crq_t crq)
{
gnutls_x509_crt_t crt;
const char *err = NULL;
gnutls_datum_t out;
int ret;
ret = global_init();
if (ret < 0)
fail("global_init\n");
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
ret = gnutls_x509_crt_init(&crt);
if (ret != 0)
fail("gnutls_x509_crt_init\n");
ret = gnutls_x509_crt_set_crq(crt, crq);
if (ret != 0)
fail("gnutls_x509_crt_set_crq: %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crt_set_issuer_dn(crt, "o = big\\, and one, cn = my CA", &err);
if (ret < 0) {
fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err);
}
ret = gnutls_x509_crt_set_version(crt, 3);
if (ret != 0)
fail("gnutls_x509_crt_set_version\n");
ret = gnutls_x509_crt_set_crq_extensions(crt, crq);
if (ret != 0)
fail("gnutls_x509_crt_set_crq_extensions\n");
ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail("gnutls_x509_crt_print\n");
if (debug)
printf("crt: %.*s\n", out.size, out.data);
gnutls_free(out.data);
ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &out);
if (ret < 0 || out.size == 0)
fail("gnutls_x509_crt_get_raw_issuer_dn: %s\n", gnutls_strerror(ret));
if (out.size != 41 ||
memcmp(out.data, "\x30\x27\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6d\x79\x20\x43\x41\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x62\x69\x67\x2c\x20\x61\x6e\x64\x20\x6f\x6e\x65", 41) != 0) {
hexprint(out.data, out.size);
fail("issuer DN comparison failed\n");
}
gnutls_free(out.data);
ret = gnutls_x509_crt_get_raw_dn(crt, &out);
if (ret < 0 || out.size == 0)
fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret));
if (out.size != 45 ||
memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) {
fail("DN comparison failed\n");
}
gnutls_free(out.data);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
}
void
doit (void)
{
gnutls_x509_privkey_t pkey;
gnutls_x509_crt_t crt;
gnutls_x509_crq_t crq;
gnutls_datum_t out;
size_t s = 0;
char smallbuf[10];
int ret;
ret = gnutls_global_init ();
if (ret < 0)
fail ("gnutls_global_init\n");
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (4711);
ret = gnutls_x509_crq_init (&crq);
if (ret != 0)
fail ("gnutls_x509_crq_init\n");
ret = gnutls_x509_privkey_init (&pkey);
if (ret != 0)
fail ("gnutls_x509_privkey_init\n");
ret = gnutls_x509_crt_init (&crt);
if (ret != 0)
fail ("gnutls_x509_crt_init\n");
ret = gnutls_x509_privkey_import (pkey, &key, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail ("gnutls_x509_privkey_import\n");
ret = gnutls_x509_crq_set_version (crq, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_version\n");
ret = gnutls_x509_crq_set_key (crq, pkey);
if (ret != 0)
fail ("gnutls_x509_crq_set_key\n");
s = 0;
ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail ("gnutls_x509_crq_get_extension_info\n");
ret = gnutls_x509_crq_set_basic_constraints (crq, 0, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_basic_constraints %d\n", ret);
ret = gnutls_x509_crq_set_key_usage (crq, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_key_usage %d\n", ret);
ret = gnutls_x509_crq_get_challenge_password (crq, NULL, &s);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail ("gnutls_x509_crq_get_challenge_password %d\n", ret);
ret = gnutls_x509_crq_set_challenge_password (crq, "foo");
if (ret != 0)
fail ("gnutls_x509_crq_set_challenge_password %d\n", ret);
s = 0;
ret = gnutls_x509_crq_get_challenge_password (crq, NULL, &s);
if (ret != 0 || s != 3)
fail ("gnutls_x509_crq_get_challenge_password2 %d/%d\n", ret, (int) s);
s = 10;
ret = gnutls_x509_crq_get_challenge_password (crq, smallbuf, &s);
if (ret != 0 || s != 3 || strcmp (smallbuf, "foo") != 0)
fail ("gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n",
ret, (int) s, smallbuf);
s = 0;
ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
if (ret != 0)
fail ("gnutls_x509_crq_get_extension_info2\n");
s = 0;
ret = gnutls_x509_crq_get_extension_data (crq, 0, NULL, &s);
if (ret != 0)
fail ("gnutls_x509_crq_get_extension_data\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"bar", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"apa", 3, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
s = 0;
ret = gnutls_x509_crq_get_key_purpose_oid (crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_key_purpose_oid %d\n", ret);
s = 0;
ret = gnutls_x509_crq_get_key_purpose_oid (crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_CLIENT, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret);
ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail ("gnutls_x509_crq_print\n");
if (debug)
printf ("crq: %.*s\n", out.size, out.data);
gnutls_free (out.data);
ret = gnutls_x509_crt_set_version (crt, 3);
if (ret != 0)
fail ("gnutls_x509_crt_set_version\n");
ret = gnutls_x509_crt_set_crq_extensions (crt, crq);
if (ret != 0)
fail ("gnutls_x509_crt_set_crq_extensions\n");
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail ("gnutls_x509_crt_print\n");
if (debug)
printf ("crt: %.*s\n", out.size, out.data);
gnutls_free (out.data);
gnutls_x509_crq_deinit (crq);
gnutls_x509_crt_deinit (crt);
gnutls_x509_privkey_deinit (pkey);
gnutls_global_deinit ();
}
/*!
Copies the extensions from the request to the certificate being created. This
should only be done after checking that the request is safe, since otherwise
you could potentially copy extensions that grant the generated certificate
facilities you did not intend.
*/
bool CertificateBuilder::copyRequestExtensions(const CertificateRequest &crq)
{
d->errnumber = gnutls_x509_crt_set_crq_extensions(d->crt, crq.d->crq);
return GNUTLS_E_SUCCESS == d->errnumber;
}
