DistributionPoint::DistributionPoint(DIST_POINT *distPoint) { int i; if (distPoint) { if (distPoint->distpoint) { this->distributionPointName = DistributionPointName(distPoint->distpoint); } if (distPoint->reasons) { for (i=0;i<7;i++) { this->reasons[i] = (ASN1_BIT_STRING_get_bit(distPoint->reasons, i))?true:false; } } else { for (i=0;i<7;i++) { this->reasons[i] = false; } } if (distPoint->CRLissuer) { this->crlIssuer = GeneralNames(distPoint->CRLissuer); } } }
/** * Implements signing certificate selector for EstEID ID-Cards. * * @param certificates list of certificates to choose from. List of all certificates * found ID-card. * @return should return the selected certificate. * @throws SignException throws exception if no suitable certificate was found. */ digidoc::PKCS11Signer::PKCS11Cert digidoc::EstEIDSigner::selectSigningCertificate( const std::vector<PKCS11Signer::PKCS11Cert> &certificates) const throw(SignException) { // Find EstEID signing certificate if(certificates.empty()) THROW_SIGNEXCEPTION("Could not find certificate."); for(std::vector<PKCS11Signer::PKCS11Cert>::const_iterator i = certificates.begin(); i < certificates.end(); ++i) { ASN1_BIT_STRING *keyusage = (ASN1_BIT_STRING*)X509_get_ext_d2i(i->cert, NID_key_usage, 0, 0); if(!keyusage) continue; for(int n = 0; n < 9; ++n) { if(ASN1_BIT_STRING_get_bit(keyusage, n) && n == 1) { ASN1_BIT_STRING_free( keyusage ); return *i; } } ASN1_BIT_STRING_free( keyusage ); } THROW_SIGNEXCEPTION("Could not find certificate."); return PKCS11Signer::PKCS11Cert(); }
static int TS_status_map_print(BIO *bio, struct status_map_st *a, ASN1_BIT_STRING *v) { int lines = 0; for (; a->bit >= 0; ++a) { if (ASN1_BIT_STRING_get_bit(v, a->bit)) { if (++lines > 1) BIO_printf(bio, ", "); BIO_printf(bio, "%s", a->text); } } return lines; }
/** * Returns current certificate key usage bits * * @return key usage bits */ std::vector<digidoc::X509Cert::KeyUsage> digidoc::X509Cert::getKeyUsage() const throw(IOException) { ASN1_BIT_STRING *keyusage = (ASN1_BIT_STRING*)X509_get_ext_d2i(cert, NID_key_usage, 0, 0); if(!keyusage) return std::vector<KeyUsage>(); std::vector<KeyUsage> usage; for(int n = 0; n < 9; ++n) { if(ASN1_BIT_STRING_get_bit(keyusage, n)) usage.push_back(KeyUsage(n)); } ASN1_BIT_STRING_free(keyusage); return usage; }
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, BIT_STRING_BITNAME *tbl, int indent) { BIT_STRING_BITNAME *bnam; char first = 1; BIO_printf(out, "%*s", indent, ""); for(bnam = tbl; bnam->lname; bnam++) { if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { if(!first) BIO_puts(out, ", "); BIO_puts(out, bnam->lname); first = 0; } } BIO_puts(out, "\n"); return 1; }
int GT_analyseResponseStatus(const GTPKIStatusInfo *status) { int res = GT_UNKNOWN_ERROR; long pki_status = ASN1_INTEGER_get(status->status); if (pki_status != GTPKIStatus_granted) { if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_badAlg)) { res = GT_PKI_BAD_ALG; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_badRequest)) { res = GT_PKI_BAD_REQUEST; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_badDataFormat)) { res = GT_PKI_BAD_DATA_FORMAT; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_unacceptedPolicy)) { res = GT_UNACCEPTED_POLICY; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_unacceptedExtension)) { res = GT_PROTOCOL_MISMATCH; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_systemFailure)) { res = GT_PKI_SYSTEM_FAILURE; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_extendLater)) { res = GT_NONSTD_EXTEND_LATER; } else if (ASN1_BIT_STRING_get_bit(status->failInfo, GTPKIFailureInfo_extensionOverdue)) { res = GT_NONSTD_EXTENSION_OVERDUE; } goto cleanup; } res = GT_OK; cleanup: return res; }
result_t x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku, int expected_len) { ASN1_BIT_STRING *ku = NULL; result_t fFound = FAILURE; if ((ku = (ASN1_BIT_STRING *) X509_get_ext_d2i (x509, NID_key_usage, NULL, NULL)) == NULL) { msg (D_HANDSHAKE, "Certificate does not have key usage extension"); } else { unsigned nku = 0; int i; for (i = 0; i < 8; i++) { if (ASN1_BIT_STRING_get_bit (ku, i)) nku |= 1 << (7 - i); } /* * Fixup if no LSB bits */ if ((nku & 0xff) == 0) { nku >>= 8; } msg (D_HANDSHAKE, "Validating certificate key usage"); for (i = 0; fFound != SUCCESS && i < expected_len; i++) { if (expected_ku[i] != 0) { msg (D_HANDSHAKE, "++ Certificate has key usage %04x, expects " "%04x", nku, expected_ku[i]); if (nku == expected_ku[i]) fFound = SUCCESS; } } }
/** * @param cert X509 certificate * @return returns if certificate is valid for signing */ bool digidoc::PKCS11SignerPrivate::checkCert( X509 *cert ) const { if(!cert) return false; ASN1_BIT_STRING *keyusage = (ASN1_BIT_STRING*)X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL); if(!keyusage) return false; bool ret = false; for(int n = 0; n < 9; ++n) { if(ASN1_BIT_STRING_get_bit(keyusage, n) && n == 1) { ret = true; break; } } ASN1_BIT_STRING_free( keyusage ); return ret; }
static int print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent) { int first = 1; const BIT_STRING_BITNAME *pbn; BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); for (pbn = reason_flags; pbn->lname; pbn++) { if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { if (first) first = 0; else BIO_puts(out, ", "); BIO_puts(out, pbn->lname); } } if (first) BIO_puts(out, "<EMPTY>\n"); else BIO_puts(out, "\n"); return 1; }
/** * Get the proxy group from a GSS name. * * This function will get the proxy group from a GSS name structure. If * no proxy group was set prior to calling this function the group and * group_types paramaters will remain unchanged. * * @param minor_status * The minor status returned by this function. This paramter * will be 0 upon success. * @param name * The GSS name from which the group information is extracted. * @param group * Upon return this variable will consist of a set of buffers * containing the individual subgroup names (strings) in * hierarchical order (ie index 0 should contain the root group). * @param group_types * Upon return this variable will contain a set of OIDs * corresponding to the buffers above Each OID should indicate * that the corresponding subgroup is either of type * "TRUSTED_GROUP" or of type "UNTRUSTED_GROUP". * * @return * GSS_S_COMPLETE upon success * GSS_S_BAD_NAME if the name was found to be faulty * GSS_S_FAILURE upon general failure */ OM_uint32 GSS_CALLCONV gss_get_group( OM_uint32 * minor_status, const gss_name_t name, gss_buffer_set_t * group, gss_OID_set * group_types) { OM_uint32 major_status = GSS_S_COMPLETE; OM_uint32 tmp_minor_status; int i; int num_subgroups; gss_name_desc * internal_name; char * subgroup; gss_buffer_desc buffer; static char * _function_name_ = "gss_get_group"; GLOBUS_I_GSI_GSSAPI_DEBUG_ENTER; internal_name = (gss_name_desc *) name; if(minor_status == NULL) { major_status = GSS_S_FAILURE; GLOBUS_GSI_GSSAPI_ERROR_RESULT( minor_status, major_status, GLOBUS_GSI_GSSAPI_ERROR_BAD_ARGUMENT, (_GGSL("NULL parameter minor_status passed to function: %s"), _function_name_)); goto exit; } *minor_status = (OM_uint32) GLOBUS_SUCCESS; if(name == GSS_C_NO_NAME) { major_status = GSS_S_FAILURE; GLOBUS_GSI_GSSAPI_ERROR_RESULT( minor_status, major_status, GLOBUS_GSI_GSSAPI_ERROR_BAD_ARGUMENT, (_GGSL("Invalid group name passed to function: %s"), _function_name_)); goto exit; } if(group == NULL) { major_status = GSS_S_FAILURE; GLOBUS_GSI_GSSAPI_ERROR_RESULT( minor_status, major_status, GLOBUS_GSI_GSSAPI_ERROR_BAD_ARGUMENT, (_GGSL("Invalid group passed to function: %s"), _function_name_)); goto exit; } if(group_types == NULL) { major_status = GSS_S_FAILURE; GLOBUS_GSI_GSSAPI_ERROR_RESULT( minor_status, major_status, GLOBUS_GSI_GSSAPI_ERROR_BAD_ARGUMENT, (_GGSL("Invalid group types passed to function: %s"), _function_name_)); goto exit; } num_subgroups = sk_num(internal_name->group); if(internal_name->group == NULL || num_subgroups == 0) { goto exit; } if(internal_name->group_types == NULL) { GLOBUS_GSI_GSSAPI_ERROR_RESULT( minor_status, GLOBUS_GSI_GSSAPI_ERROR_BAD_NAME); major_status = GSS_S_BAD_NAME; goto exit; } major_status = gss_create_empty_buffer_set(local_minor_status, group); if(GSS_ERROR(major_status)) { GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT( minor_status, local_minor_status, GLOBUS_GSI_GSSAPI_ERROR_WITH_GROUP); goto exit; } major_status = gss_create_empty_oid_set(local_minor_status, group_types); if(GSS_ERROR(major_status)) { GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT( minor_status, local_minor_status, GLOBUS_GSI_GSSAPI_ERROR_WITH_GROUP); goto release_buffer; } for(++index = 0; ++index < num_subgroups; ++index) { subgroup = sk_value(internal_name->group, ++index); buffer.value = (void *) subgroup; buffer.length = strlen(subgroup) + 1; major_status = gss_add_buffer_set_member(&local_minor_status, &buffer, group); if(GSS_ERROR(major_status)) { GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT( minor_status, local_minor_status, GLOBUS_GSI_GSSAPI_ERROR_WITH_GROUP); goto release_oid; } if(ASN1_BIT_STRING_get_bit(internal_name->group_types, index)) { major_status = gss_add_oid_set_member( &local_minor_status, (gss_OID) gss_untrusted_group, group_types); } else { major_status = gss_add_oid_set_member( &local_minor_status, (gss_OID) gss_trusted_group, group_types); } if(GSS_ERROR(major_status)) { GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT( minor_status, local_minor_status, GLOBUS_GSI_GSSAPI_ERROR_WITH_GROUP); goto release_oid; } } goto exit; release_oid: gss_release_oid_set(&local_minor_status, group_types); release_buffer: gss_release_buffer_set(&local_minor_status, group); exit: GLOBUS_I_GSI_GSSAPI_DEBUG_EXIT; return major_status; }