PKI_X509_CERT_TYPE PKI_X509_CERT_get_type(const PKI_X509_CERT *x) {
PKI_X509_CERT_TYPE ret = PKI_X509_CERT_TYPE_USER;
const PKI_X509_NAME *subj = NULL;
const PKI_X509_NAME *issuer = NULL;
BASIC_CONSTRAINTS *bs = NULL;
PKI_X509_EXTENSION *ext = NULL;
if (!x || !x->value || (x->type != PKI_DATATYPE_X509_CERT) )
return PKI_X509_CERT_TYPE_UNKNOWN;
subj = PKI_X509_CERT_get_data ( x, PKI_X509_DATA_SUBJECT );
issuer = PKI_X509_CERT_get_data ( x, PKI_X509_DATA_ISSUER );
if ( subj && issuer ) {
if ( PKI_X509_NAME_cmp( subj, issuer ) == 0) {
ret |= PKI_X509_CERT_TYPE_ROOT;
}
}
if((ext = PKI_X509_CERT_get_extension_by_id ( x,
NID_basic_constraints)) != NULL ) {
if(( bs = ext->value )) {
if ( bs->ca ) ret |= PKI_X509_CERT_TYPE_CA;
BASIC_CONSTRAINTS_free ( bs );
}
PKI_X509_EXTENSION_free ( ext );
}
if((ext = PKI_X509_CERT_get_extension_by_id ( x,
NID_proxyCertInfo )) != NULL ) {
if ( ret & PKI_X509_CERT_TYPE_CA ) {
PKI_log_err ( "Certificate Error, Proxy Cert info set",
"in a CA certificate!");
} else {
ret |= PKI_X509_CERT_TYPE_PROXY;
}
PKI_X509_EXTENSION_free ( ext );
}
return ret;
}
PKI_X509_EXTENSION_STACK *PKI_X509_CERT_get_extensions(const PKI_X509_CERT *x) {
PKI_X509_EXTENSION_STACK *ret = NULL;
int i = 0;
int ext_count = 0;
if (!x) return NULL;
if ((ext_count = X509_get_ext_count (x->value)) <= 0 ) return NULL;
for ( i=0; i < ext_count; i++ ) {
LIBPKI_X509_EXTENSION *ext = NULL;
// PKI_X509_EXTENSION_VALUE *ext = NULL;
PKI_X509_EXTENSION *pki_ext = NULL;
if((ext = X509_get_ext ( x->value, i )) == NULL ) {
continue;
}
if((pki_ext = PKI_X509_EXTENSION_new()) == NULL ) {
PKI_log_err ( "Memory Allocation");
continue;
}
if( ext->object == NULL ) {
PKI_X509_EXTENSION_free ( pki_ext );
continue;
}
pki_ext->oid = PKI_OID_dup ( ext->object );
pki_ext->critical = ext->critical;
if((pki_ext->value = X509V3_EXT_d2i ( ext )) == NULL ) {
PKI_log_debug( "Extension %d -- not parsable", i);
PKI_X509_EXTENSION_free ( pki_ext );
continue;
}
}
return ret;
}
PKI_X509_EXTENSION_STACK *PKI_X509_EXTENSION_get_list ( void *x,
PKI_X509_DATA type ) {
PKI_X509_EXTENSION_STACK *ret = NULL;
int i = 0;
int ext_count = 0;
if (!x) return NULL;
if ((ext_count = X509_get_ext_count (x)) <= 0 ) return NULL;
if(( ret = PKI_STACK_X509_EXTENSION_new()) == NULL ) return NULL;
for ( i=0; i < ext_count; i++ ) {
PKI_X509_EXTENSION_VALUE *ext = NULL;
PKI_X509_EXTENSION *pki_ext = NULL;
if((ext = X509_get_ext ( x, i )) == NULL ) {
continue;
}
if((pki_ext = PKI_X509_EXTENSION_new()) == NULL ) {
PKI_log_err ( "Memory Allocation");
continue;
}
pki_ext->oid = ext->object;
pki_ext->critical = ext->critical;
if((pki_ext->value = X509V3_EXT_d2i ( ext )) == NULL ) {
PKI_log_debug( "Extension %d -- not parsable", i);
PKI_X509_EXTENSION_free ( pki_ext );
continue;
}
PKI_STACK_X509_EXTENSION_push ( ret, pki_ext );
}
return ret;
}
PKI_X509_EXTENSION *PKI_X509_CERT_get_extension_by_oid(const PKI_X509_CERT *x,
const PKI_OID *id ) {
PKI_ID nid = PKI_ID_UNKNOWN;
PKI_X509_EXTENSION *ext = NULL;
if ( !x || !id ) return NULL;
if((nid = PKI_OID_get_id ( id )) == PKI_ID_UNKNOWN ) {
return NULL;
}
if(( ext = PKI_X509_EXTENSION_new()) == NULL ) {
return NULL;
}
if((ext->value = X509_get_ext_d2i ( x->value, nid,
NULL, NULL )) == NULL ) {
PKI_X509_EXTENSION_free ( ext );
return ( NULL );
}
return ext;
}
void PKI_X509_EXTENSION_free_void ( void *ext ) {
PKI_X509_EXTENSION_free ( (PKI_X509_EXTENSION *) ext );
}
