Пример #1
0
static int policy_cache_create (X509 * x, CERTIFICATEPOLICIES * policies, int crit)
{
    int i;

    int ret = 0;

    X509_POLICY_CACHE *cache = x->policy_cache;

    X509_POLICY_DATA *data = NULL;

    POLICYINFO *policy;

    if (sk_POLICYINFO_num (policies) == 0)
        goto bad_policy;
    cache->data = sk_X509_POLICY_DATA_new (policy_data_cmp);
    if (!cache->data)
        goto bad_policy;
    for (i = 0; i < sk_POLICYINFO_num (policies); i++)
    {
        policy = sk_POLICYINFO_value (policies, i);
        data = policy_data_new (policy, NULL, crit);
        if (!data)
            goto bad_policy;
        /* Duplicate policy OIDs are illegal: reject if matches
         * found.
         */
        if (OBJ_obj2nid (data->valid_policy) == NID_any_policy)
        {
            if (cache->anyPolicy)
            {
                ret = -1;
                goto bad_policy;
            }
            cache->anyPolicy = data;
        }
        else if (sk_X509_POLICY_DATA_find (cache->data, data) != -1)
        {
            ret = -1;
            goto bad_policy;
        }
        else if (!sk_X509_POLICY_DATA_push (cache->data, data))
            goto bad_policy;
        data = NULL;
    }
    ret = 1;
  bad_policy:
    if (ret == -1)
        x->ex_flags |= EXFLAG_INVALID_POLICY;
    if (data)
        policy_data_free (data);
    sk_POLICYINFO_pop_free (policies, POLICYINFO_free);
    if (ret <= 0)
    {
        sk_X509_POLICY_DATA_pop_free (cache->data, policy_data_free);
        cache->data = NULL;
    }
    return ret;
}
Пример #2
0
static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
		X509V3_CTX *ctx, char *value)
{
	STACK_OF(POLICYINFO) *pols = NULL;
	char *pstr;
	POLICYINFO *pol;
	ASN1_OBJECT *pobj;
	STACK_OF(CONF_VALUE) *vals;
	CONF_VALUE *cnf;
	int i, ia5org;
	pols = sk_POLICYINFO_new_null();
	vals =  X509V3_parse_list(value);
	ia5org = 0;
	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
		cnf = sk_CONF_VALUE_value(vals, i);
		if(cnf->value || !cnf->name ) {
			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
			X509V3_conf_err(cnf);
			goto err;
		}
		pstr = cnf->name;
		if(!strcmp(pstr,"ia5org")) {
			ia5org = 1;
			continue;
		} else if(*pstr == '@') {
			STACK_OF(CONF_VALUE) *polsect;
			polsect = X509V3_get_section(ctx, pstr + 1);
			if(!polsect) {
				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);

				X509V3_conf_err(cnf);
				goto err;
			}
			pol = policy_section(ctx, polsect, ia5org);
			X509V3_section_free(ctx, polsect);
			if(!pol) goto err;
		} else {
			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
				X509V3_conf_err(cnf);
				goto err;
			}
			pol = POLICYINFO_new();
			pol->policyid = pobj;
		}
		sk_POLICYINFO_push(pols, pol);
	}
	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
	return pols;
	err:
	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
	return NULL;
}
Пример #3
0
/**
 * Returns current certificate policies
 *
 * @return certificate policies
 */
std::vector<std::string> digidoc::X509Cert::getCertificatePolicies() const throw(IOException)
{
    CERTIFICATEPOLICIES *cp = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(cert, NID_certificate_policies, 0, 0);
    if(!cp)
        return std::vector<std::string>();

    char buf[50];
    std::vector<std::string> pol;
    for(int i = 0; i < sk_POLICYINFO_num(cp); ++i)
    {
        memset(buf, 0, 50);
        int len = OBJ_obj2txt(buf, 50, sk_POLICYINFO_value(cp, i)->policyid, 1);
        if(len != NID_undef)
            pol.push_back(std::string(buf, len));
    }
    sk_POLICYINFO_pop_free(cp, POLICYINFO_free);
    return pol;
}
Пример #4
0
int digidoc::EstEIDSigner::type() const
{
    int result = digidoc::Digest::toMethod( Conf::getInstance()->getSignatureUri() );
    if( result == NID_sha1 )
        return result;
    char buf[50];
    bool found = false;
    CERTIFICATEPOLICIES *cp = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(getCert(), NID_certificate_policies, 0, 0);
    for( int i = 0; i < sk_POLICYINFO_num(cp); ++i )
    {
        memset(buf, 0, 50);
        int len = OBJ_obj2txt(buf, 50, sk_POLICYINFO_value(cp, i)->policyid, 1);
        if(len != NID_undef &&
           (strncmp(buf, "1.3.6.1.4.1.10015.1.2.", 22) == 0 ||
            strncmp(buf, "1.3.6.1.4.1.10015.3.2.", 22) == 0))
            found = true;
    }
    sk_POLICYINFO_pop_free(cp, POLICYINFO_free);

    if(!found)
        return X509Cert(getCert()).getPaddingSize() > 128 ? result : NID_sha224;

    return result;
}