/** * gnutls_x509_crq_set_attribute_by_oid - This function will set an attribute in the request * @crq: should contain a gnutls_x509_crq_t structure * @oid: holds an Object Identified in null terminated string * @buf: a pointer to a structure that holds the attribute data * @sizeof_buf: holds the size of @buf * * This function will set the attribute in the certificate request specified * by the given Object ID. The attribute must be be DER encoded. * * Returns 0 on success. * **/ int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, const char *oid, void *buf, size_t sizeof_buf) { int result; if (crq == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } /* Add the attribute. */ result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } result = _gnutls_x509_encode_and_write_attribute (oid, crq->crq, "certificationRequestInfo.attributes.?LAST", buf, sizeof_buf, 1); if (result < 0) { gnutls_assert (); return result; } return 0; }
/** * gnutls_x509_crq_set_challenge_password - This function will set a challenge password * @crq: should contain a gnutls_x509_crq_t structure * @pass: holds a null terminated password * * This function will set a challenge password to be used when revoking the request. * * Returns 0 on success. * **/ int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, const char *pass) { int result; if (crq == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } /* Add the attribute. */ result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } result = _gnutls_x509_encode_and_write_attribute ("1.2.840.113549.1.9.7", crq->crq, "certificationRequestInfo.attributes.?LAST", pass, strlen (pass), 1); if (result < 0) { gnutls_assert (); return result; } return 0; }
static int write_attributes (gnutls_pkcs12_bag_t bag, int elem, ASN1_TYPE c2, const char *where) { int result; char root[128]; /* If the bag attributes are empty, then write * nothing to the attribute field. */ if (bag->element[elem].friendly_name == NULL && bag->element[elem].local_key_id.data == NULL) { /* no attributes */ result = asn1_write_value (c2, where, NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } return 0; } if (bag->element[elem].local_key_id.data != NULL) { /* Add a new Attribute */ result = asn1_write_value (c2, where, "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } _gnutls_str_cpy (root, sizeof (root), where); _gnutls_str_cat (root, sizeof (root), ".?LAST"); result = _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root, bag-> element[elem].local_key_id. data, bag-> element[elem].local_key_id. size, 1); if (result < 0) { gnutls_assert (); return result; } } if (bag->element[elem].friendly_name != NULL) { opaque *name; int size, i; const char *p; /* Add a new Attribute */ result = asn1_write_value (c2, where, "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } /* convert name to BMPString */ size = strlen (bag->element[elem].friendly_name) * 2; name = gnutls_malloc (size); if (name == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } p = bag->element[elem].friendly_name; for (i = 0; i < size; i += 2) { name[i] = 0; name[i + 1] = *p; p++; } _gnutls_str_cpy (root, sizeof (root), where); _gnutls_str_cat (root, sizeof (root), ".?LAST"); result = _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2, root, name, size, 1); gnutls_free (name); if (result < 0) { gnutls_assert (); return result; } } return 0; }
/* Sets an X509 DN in the asn1_struct, and puts the given OID in the DN. * The input is assumed to be raw data. * * asn1_rdn_name must be a string in the form "tbsCertificate.issuer". * That is to point before the rndSequence. * */ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, const char *asn1_name, const char *given_oid, int raw_flag, const char *name, int sizeof_name) { int result; char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE]; if (sizeof_name == 0 || name == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } /* create the rdnSequence */ result = asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name); _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name), ".rdnSequence"); /* create a new element */ result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); /* create the set with only one element */ result = asn1_write_value(asn1_struct, tmp, "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } /* Encode and write the data */ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST"); if (!raw_flag) { result = _gnutls_x509_encode_and_write_attribute(given_oid, asn1_struct, tmp, name, sizeof_name, 0); } else { result = _gnutls_x509_write_attribute(given_oid, asn1_struct, tmp, name, sizeof_name); } if (result < 0) { gnutls_assert(); return result; } return 0; }