static LUA_FUNCTION(openssl_pkcs7_add) { PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7"); int n = lua_gettop(L); int i, ret; ret = 1; luaL_argcheck(L, lua_isuserdata(L, 2), 2, "must supply certificate or crl object"); for (i = 2; i <= n; i++) { luaL_argcheck(L, auxiliar_isclass(L, "openssl.x509", i) || auxiliar_isclass(L, "openssl.x509_crl", i), i, "must supply certificate or crl object"); if (auxiliar_isclass(L, "openssl.x509", i)) { X509* x = CHECK_OBJECT(i, X509, "openssl.x509"); ret = PKCS7_add_certificate(p7, x); } else { X509_CRL *crl = CHECK_OBJECT(i, X509_CRL, "openssl.x509_crl"); ret = PKCS7_add_crl(p7, crl); } luaL_argcheck(L, ret, i, "add to pkcs7 fail"); } return openssl_pushresult(L, ret); }
int PKI_X509_PKCS7_add_crl ( PKI_X509_PKCS7 *p7, PKI_X509_CRL *crl ) { if ( !p7 || !p7->value || !crl ) { PKI_log_err( "PKI_X509_PKCS7_add_crl()::Missing CRL"); return PKI_ERR; } PKCS7_add_crl( p7->value, crl->value ); return( PKI_OK ); }
static VALUE ossl_pkcs7_add_crl(VALUE self, VALUE crl) { PKCS7 *pkcs7; X509_CRL *x509crl; GetPKCS7(self, pkcs7); /* NO DUP needed! */ x509crl = GetX509CRLPtr(crl); if (!PKCS7_add_crl(pkcs7, x509crl)) { ossl_raise(ePKCS7Error, NULL); } return self; }
void Pkcs7SignedDataBuilder::addCrl(CertificateRevocationList &crl) throw (Pkcs7Exception, InvalidStateException) { int rc; if (this->state != Pkcs7Builder::INIT && this->state != Pkcs7Builder::UPDATE) { throw InvalidStateException("Pkcs7SignedDataBuilder::addCrl"); } rc = PKCS7_add_crl(this->pkcs7, crl.getX509Crl()); if (!rc) { PKCS7_free(this->pkcs7); this->pkcs7 = NULL; throw Pkcs7Exception(Pkcs7Exception::ADDING_CERTIFICATE, "Pkcs7SignedDataBuilder::addCrl", true); } }
int PKI_X509_PKCS7_add_crl_stack ( PKI_X509_PKCS7 *p7, PKI_X509_CRL_STACK *crl_sk ) { int i; if( !p7 || !p7->value || !crl_sk ) { PKI_log_err( "PKI_X509_PKCS7_add_crl_stack()::Missing param!"); return PKI_ERR; } for( i=0; i < PKI_STACK_X509_CRL_elements( crl_sk ); i++ ) { PKI_X509_CRL *crl = NULL; if(( crl = PKI_STACK_X509_CRL_get_num ( crl_sk, i )) == NULL ){ continue; } PKCS7_add_crl ( p7->value, crl->value ); } return PKI_OK; }
/* Allocate the SCEP_MSG structures */ SCEP_MSG *SCEP_MSG_new( int messageType, X509 *cert, EVP_PKEY *pkey, X509 *recip_cert, SCEP_MSG *inMsg, X509_REQ *req, X509 *issued_cert, SCEP_ISSUER_AND_SUBJECT *cert_info, PKCS7_ISSUER_AND_SERIAL *ias, X509_CRL *crl, X509 *cacert, EVP_CIPHER cipher ) { SCEP_MSG *msg = NULL; PKCS7_SIGNER_INFO *si = NULL; EVP_MD *dgst=NULL; unsigned char *raw_data = NULL; int envelope = 0; long raw_len = 0; BIO *debug_bio = NULL; BIO *p7ebio = NULL; BIO *inbio = NULL; char buf[256]; if ((debug_bio=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(debug_bio,stderr,BIO_NOCLOSE|BIO_FP_TEXT); //if( !cert || !pkey || !recip_cert ) if( !cert || !pkey ) return NULL; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] Generating New SCEP-Message...\n", __FILE__, __LINE__); /* Allocate memory and initialize structures */ if((msg = SCEP_MSG_new_null()) == NULL) return NULL; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] Allocate memory\n", __FILE__, __LINE__); /* Signed Infos */ dgst = (EVP_MD *) EVP_get_digestbyname("md5"); if( (si = PKCS7_SIGNER_INFO_new()) == NULL ) goto err; if(!PKCS7_SIGNER_INFO_set(si, cert, pkey, dgst)) goto err; sk_PKCS7_SIGNER_INFO_push( msg->sk_signer_info, si ); msg->signer_ias = si->issuer_and_serial; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] signer infos set\n", __FILE__, __LINE__); /* If pkey, let's add to the message structure to ease * message encryption (enveloped data content creation) */ SCEP_MSG_set_pkey ( msg, pkey ); // msg->signer_pkey = pkey; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] encryption key set\n", __FILE__, __LINE__); /* If not explicit, we guess the certificate to be present * in the passed inMsg structure, if any. Otherwise ERROR! */ if( !recip_cert && inMsg ) recip_cert = inMsg->signer_cert; /* Set the messageType */ SCEP_set_messageType ( msg, messageType ); if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] message type set\n", __FILE__, __LINE__); switch( messageType ) { case MSG_CERTREP: if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] Actions for CERTREP\n", __FILE__, __LINE__); msg->env_data.NID_p7data = NID_pkcs7_signed; msg->env_data.p7 = PKCS7_new(); PKCS7_set_type( msg->env_data.p7, NID_pkcs7_signed ); PKCS7_content_new( msg->env_data.p7, NID_pkcs7_data ); if( issued_cert ) { if (debug) BIO_printf( debug_bio, "%s:%d: creating inner degenerated PKCS7... \n", __FILE__, __LINE__); /* Adds issued certificate */ PKCS7_add_certificate( msg->env_data.p7, issued_cert ); // PKCS7_add_certificate( msg->env_data.p7, cert ); envelope = 1; if (debug) BIO_printf( debug_bio, "%s:%d: done \n", __FILE__, __LINE__); } else if( crl ) { if (debug) BIO_printf( debug_bio, "%s:%d: Adding CRL ... \n", __FILE__, __LINE__); /* Adds crl */ PKCS7_add_crl( msg->env_data.p7, crl ); envelope = 1; if (debug) BIO_printf( debug_bio, "%s:%d: done \n", __FILE__, __LINE__); } if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); break; case MSG_PKCSREQ: if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] Actions for PKCSREQ\n", __FILE__, __LINE__); /* The inner pkcs7 structure is signed * and enveloped and the data is to be * the X509_REQ passed */ msg->env_data.NID_p7data = NID_pkcs7_signedAndEnveloped; if( req ) { msg->env_data.content.req = req; /* Ask for the data p7 to be generated and * encrypted */ envelope = 1; } if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); break; case MSG_GETCRL: if (debug) { BIO_printf( debug_bio, "%s:%d: [Debug Info] Actions for GETCRL\n", __FILE__, __LINE__); BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } break; case MSG_GETCERT: if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] Actions for GETCERT\n", __FILE__, __LINE__); msg->env_data.NID_p7data = NID_pkcs7_signedAndEnveloped; /* If it is a query for a general certificate * the CAcert should be included in the enveloped * data*/ /* Otherwise, if it is a request for its own * certificate, the self-signed certificate should * be included */ // if( cacert ) // msg->env_data.cacert = cacert; /* Issuer and Serial should be present ! */ if( !ias ) goto err; msg->env_data.content.ias = ias; envelope = 1; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); break; case MSG_GETCERTINITIAL: if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] Actions for GETCERTINITIAL\n", __FILE__, __LINE__); msg->env_data.NID_p7data = NID_pkcs7_signed; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); break; case MSG_V2REQUEST: /* Not currently handled */ if (debug) { BIO_printf( debug_bio, "%s:%d: [Debug Info] Actions for V2REQUEST\n", __FILE__, __LINE__); BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } default: goto err; } if (debug) BIO_printf( debug_bio, "%s:%d: Debug ... \n", __FILE__, __LINE__); /* If different from NULL, we have to encode something */ if( envelope == 1 ) { if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] encode\n", __FILE__, __LINE__); /* Encrypt the message data */ if( !SCEP_MSG_encrypt( msg, recip_cert, cipher )) goto err; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] add sign-cert to structure\n", __FILE__, __LINE__); /* Signer certificate */ msg->signer_cert = cert; if (debug) PEM_write_bio_SCEP_MSG( debug_bio, msg, pkey ); if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] add attributes\n", __FILE__, __LINE__); /* Set message attributes, if any */ if ( inMsg ) { char *tmp = NULL; int len = 0; if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] take data from request\n", __FILE__, __LINE__); switch ( msg->messageType ) { default: if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] set transId\n", __FILE__, __LINE__); /* The transId is ever required */ tmp = SCEP_get_string_attr_by_name( inMsg->attrs, "transId"); if( tmp ) { SCEP_set_transId( msg, tmp, strlen(tmp)); OPENSSL_free( tmp ); if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] set recipient nonce (sendernonce from req)\n", __FILE__, __LINE__); /* Copy the sendernonce to the recipient nonce and * generate a new sendernonce for the generated msg */ tmp = SCEP_get_octect_attr_by_name( inMsg->attrs, "senderNonce", &len); if( tmp ) { if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] %d\n", __FILE__, __LINE__, tmp); SCEP_set_recipientNonce( msg, tmp, len ); OPENSSL_free( tmp ); } if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] set sender nonce\n", __FILE__, __LINE__); SCEP_set_senderNonce_new(msg); if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] set pki_status\n", __FILE__, __LINE__); SCEP_set_pkiStatus ( msg, PKI_PENDING ); if (debug) { BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } } else { if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] generate new data\n", __FILE__, __LINE__); SCEP_set_senderNonce_new ( msg ); SCEP_set_recipientNonce_new ( msg ); SCEP_set_transId_new ( msg ); if (debug) BIO_printf( debug_bio, "%s:%d: [Debug Info] done\n", __FILE__, __LINE__); } if (debug) PEM_write_bio_SCEP_MSG( debug_bio, msg, pkey ); return (msg); err: ERR_print_errors_fp(stderr); return(NULL); }