/**
* gnutls_x509_crl_get_next_update:
* @crl: should contain a #gnutls_x509_crl_t structure
*
* This function will return the time the next CRL will be issued.
* This field is optional in a CRL so it might be normal to get an
* error instead.
*
* Returns: when the next CRL will be issued, or (time_t)-1 on error.
**/
time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl)
{
if (crl == NULL) {
gnutls_assert();
return (time_t) - 1;
}
return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate",
0);
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
static void disable_optional_stuff(gnutls_x509_crl_t crl)
{
time_t t;
t = _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate", 0);
if (t == (time_t)-1) {
(void)asn1_write_value(crl->crl, "tbsCertList.nextUpdate", NULL, 0);
}
if (crl->use_extensions == 0) {
(void)asn1_write_value(crl->crl, "tbsCertList.crlExtensions",
NULL, 0);
}
return;
}
/**
* gnutls_x509_crl_get_crt_serial - get the serial number of a revoked certificate
* @crl: should contain a #gnutls_x509_crl_t structure
* @indx: the index of the certificate to extract (starting from 0)
* @serial: where the serial number will be copied
* @serial_size: initially holds the size of serial
* @t: if non null, will hold the time this certificate was revoked
*
* This function will retrieve the serial number of the specified, by
* the index, revoked certificate.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value. and a negative value on error.
**/
int
gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
unsigned char *serial,
size_t * serial_size, time_t * t)
{
int result, _serial_size;
char serial_name[ASN1_MAX_NAME_SIZE];
char date_name[ASN1_MAX_NAME_SIZE];
if (crl == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
snprintf (serial_name, sizeof (serial_name),
"tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
snprintf (date_name, sizeof (date_name),
"tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
_serial_size = *serial_size;
result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size);
*serial_size = _serial_size;
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
if (result == ASN1_ELEMENT_NOT_FOUND)
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
return _gnutls_asn2err (result);
}
if (t)
{
*t = _gnutls_x509_get_time (crl->crl, date_name);
}
return 0;
}
/**
* gnutls_x509_crl_iter_crt_serial:
* @crl: should contain a #gnutls_x509_crl_t structure
* @iter: A pointer to an iterator (initially the iterator should be %NULL)
* @serial: where the serial number will be copied
* @serial_size: initially holds the size of serial
* @t: if non null, will hold the time this certificate was revoked
*
* This function performs the same as gnutls_x509_crl_get_crt_serial(),
* but reads sequentially and keeps state in the iterator
* between calls. That allows it to provide better performance in sequences
* with many elements (50000+).
*
* When past the last element is accessed %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
* is returned and the iterator is reset.
*
* After use, the iterator must be deinitialized using gnutls_x509_crl_iter_deinit().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl,
gnutls_x509_crl_iter_t *iter,
unsigned char *serial,
size_t * serial_size, time_t * t)
{
int result, _serial_size;
char serial_name[ASN1_MAX_NAME_SIZE];
char date_name[ASN1_MAX_NAME_SIZE];
if (crl == NULL || iter == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
if (*iter == NULL) {
*iter = gnutls_calloc(1, sizeof(struct gnutls_x509_crl_iter));
if (*iter == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
}
if ((*iter)->rcache == NULL) {
(*iter)->rcache = asn1_find_node (crl->crl, "tbsCertList.revokedCertificates.?1");
(*iter)->rcache_idx = 1;
} else {
snprintf(serial_name, sizeof(serial_name),
"?%d", (*iter)->rcache_idx);
(*iter)->rcache = asn1_find_node ((*iter)->rcache, serial_name);
}
if ((*iter)->rcache == NULL) {
/* reset */
(*iter)->rcache = NULL;
return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
}
snprintf(serial_name, sizeof(serial_name),
"?%d.userCertificate", (*iter)->rcache_idx);
_serial_size = *serial_size;
result =
asn1_read_value((*iter)->rcache, serial_name, serial, &_serial_size);
*serial_size = _serial_size;
if (result != ASN1_SUCCESS) {
gnutls_assert();
if (result == ASN1_ELEMENT_NOT_FOUND) {
/* reset */
(*iter)->rcache = NULL;
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
return _gnutls_asn2err(result);
}
if (t) {
snprintf(date_name, sizeof(date_name),
"?%d.revocationDate", (*iter)->rcache_idx);
*t = _gnutls_x509_get_time((*iter)->rcache, date_name, 0);
}
(*iter)->rcache_idx++;
return 0;
}