int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx)
{
int ret = 0;
ASN1_OBJECT *policy_obj = NULL;
if (!policy)
policy = NCONF_get_string(conf, section,
ENV_DEFAULT_POLICY);
if (!policy)
{
TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
goto err;
}
if (!(policy_obj = OBJ_txt2obj(policy, 0)))
{
TS_CONF_invalid(section, ENV_DEFAULT_POLICY);
goto err;
}
if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
goto err;
ret = 1;
err:
ASN1_OBJECT_free(policy_obj);
return ret;
}
int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
{
int ret = 0;
int i;
STACK_OF(CONF_VALUE) *list = NULL;
char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
if (!digests) {
TS_CONF_lookup_fail(section, ENV_DIGESTS);
goto err;
}
if (!(list = X509V3_parse_list(digests))) {
TS_CONF_invalid(section, ENV_DIGESTS);
goto err;
}
if (sk_CONF_VALUE_num(list) == 0) {
TS_CONF_invalid(section, ENV_DIGESTS);
goto err;
}
for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
const char *extval = val->value ? val->value : val->name;
const EVP_MD *md;
if (!(md = EVP_get_digestbyname(extval))) {
TS_CONF_invalid(section, ENV_DIGESTS);
goto err;
}
if (!TS_RESP_CTX_add_md(ctx, md))
goto err;
}
ret = 1;
err:
sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
return ret;
}
const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
{
if (!section) {
section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
if (!section)
TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
}
return section;
}
int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
TS_RESP_CTX *ctx)
{
int ret = 0;
char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
if (!serial) {
TS_CONF_lookup_fail(section, ENV_SERIAL);
goto err;
}
TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
ret = 1;
err:
return ret;
}
int TS_CONF_set_signer_key(CONF *conf, const char *section,
const char *key, const char *pass,
TS_RESP_CTX *ctx)
{
int ret = 0;
EVP_PKEY *key_obj = NULL;
if (!key)
key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
if (!key)
{
TS_CONF_lookup_fail(section, ENV_SIGNER_KEY);
goto err;
}
if (!(key_obj = TS_CONF_load_key(key, pass))) goto err;
if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err;
ret = 1;
err:
EVP_PKEY_free(key_obj);
return ret;
}
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx)
{
int ret = 0;
X509 *cert_obj = NULL;
if (!cert)
cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
if (!cert) {
TS_CONF_lookup_fail(section, ENV_SIGNER_CERT);
goto err;
}
if (!(cert_obj = TS_CONF_load_cert(cert)))
goto err;
if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
goto err;
ret = 1;
err:
X509_free(cert_obj);
return ret;
}
