/**
* gnutls_x509_crq_set_attribute_by_oid - This function will set an attribute in the request
* @crq: should contain a gnutls_x509_crq_t structure
* @oid: holds an Object Identified in null terminated string
* @buf: a pointer to a structure that holds the attribute data
* @sizeof_buf: holds the size of @buf
*
* This function will set the attribute in the certificate request specified
* by the given Object ID. The attribute must be be DER encoded.
*
* Returns 0 on success.
*
**/
int
gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
const char *oid, void *buf,
size_t sizeof_buf)
{
int result;
if (crq == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
/* Add the attribute.
*/
result =
asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
"NEW", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
result =
_gnutls_x509_encode_and_write_attribute (oid,
crq->crq,
"certificationRequestInfo.attributes.?LAST",
buf, sizeof_buf, 1);
if (result < 0)
{
gnutls_assert ();
return result;
}
return 0;
}
/**
* gnutls_x509_crq_set_challenge_password - This function will set a challenge password
* @crq: should contain a gnutls_x509_crq_t structure
* @pass: holds a null terminated password
*
* This function will set a challenge password to be used when revoking the request.
*
* Returns 0 on success.
*
**/
int
gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
const char *pass)
{
int result;
if (crq == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
/* Add the attribute.
*/
result =
asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
"NEW", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
result =
_gnutls_x509_encode_and_write_attribute ("1.2.840.113549.1.9.7",
crq->crq,
"certificationRequestInfo.attributes.?LAST",
pass, strlen (pass), 1);
if (result < 0)
{
gnutls_assert ();
return result;
}
return 0;
}
static int
write_attributes (gnutls_pkcs12_bag_t bag, int elem,
ASN1_TYPE c2, const char *where)
{
int result;
char root[128];
/* If the bag attributes are empty, then write
* nothing to the attribute field.
*/
if (bag->element[elem].friendly_name == NULL &&
bag->element[elem].local_key_id.data == NULL)
{
/* no attributes
*/
result = asn1_write_value (c2, where, NULL, 0);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
if (bag->element[elem].local_key_id.data != NULL)
{
/* Add a new Attribute
*/
result = asn1_write_value (c2, where, "NEW", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
_gnutls_str_cpy (root, sizeof (root), where);
_gnutls_str_cat (root, sizeof (root), ".?LAST");
result =
_gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
bag->
element[elem].local_key_id.
data,
bag->
element[elem].local_key_id.
size, 1);
if (result < 0)
{
gnutls_assert ();
return result;
}
}
if (bag->element[elem].friendly_name != NULL)
{
opaque *name;
int size, i;
const char *p;
/* Add a new Attribute
*/
result = asn1_write_value (c2, where, "NEW", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
/* convert name to BMPString
*/
size = strlen (bag->element[elem].friendly_name) * 2;
name = gnutls_malloc (size);
if (name == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
p = bag->element[elem].friendly_name;
for (i = 0; i < size; i += 2)
{
name[i] = 0;
name[i + 1] = *p;
p++;
}
_gnutls_str_cpy (root, sizeof (root), where);
_gnutls_str_cat (root, sizeof (root), ".?LAST");
result =
_gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
root, name, size, 1);
gnutls_free (name);
if (result < 0)
{
gnutls_assert ();
return result;
}
}
return 0;
}
/* Sets an X509 DN in the asn1_struct, and puts the given OID in the DN.
* The input is assumed to be raw data.
*
* asn1_rdn_name must be a string in the form "tbsCertificate.issuer".
* That is to point before the rndSequence.
*
*/
int
_gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
const char *asn1_name, const char *given_oid,
int raw_flag, const char *name, int sizeof_name)
{
int result;
char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
if (sizeof_name == 0 || name == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
/* create the rdnSequence
*/
result =
asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
_gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name);
_gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name),
".rdnSequence");
/* create a new element
*/
result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
_gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
_gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
/* create the set with only one element
*/
result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
/* Encode and write the data
*/
_gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
_gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST");
if (!raw_flag) {
result =
_gnutls_x509_encode_and_write_attribute(given_oid,
asn1_struct,
tmp, name,
sizeof_name,
0);
} else {
result =
_gnutls_x509_write_attribute(given_oid, asn1_struct,
tmp, name, sizeof_name);
}
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
