From 04a99a3e5ce84858831787a31c9704d0a29f5d93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 3 Jun 2007 15:31:07 +0000
Subject: [PATCH] Add revoking certs.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20848 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/revoke.c | 56 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c
index 5ef51dfa5..2591387e0 100644
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -1099,6 +1099,41 @@ hx509_crl_free(hx509_context context, hx509_crl *crl)
     *crl = NULL;
 }
 
+static int
+add_revoked(hx509_context context, void *ctx, hx509_cert cert)
+{
+    TBSCRLCertList *c = ctx;
+    unsigned int num;
+    void *ptr;
+    int ret;
+
+    num = c->revokedCertificates->len;
+    ptr = realloc(c->revokedCertificates->val,
+		  (num + 1) * sizeof(c->revokedCertificates->val[0]));
+    if (ptr == NULL) {
+	hx509_clear_error_string(context);
+	return ENOMEM;
+    }
+    c->revokedCertificates->val = ptr;
+
+    ret = hx509_cert_get_serialnumber(cert, 
+				      &c->revokedCertificates->val[num].userCertificate);
+    if (ret) {
+	hx509_clear_error_string(context);
+	return ret;
+    }
+    c->revokedCertificates->val[num].revocationDate.element = 
+	choice_Time_generalTime;
+    c->revokedCertificates->val[num].revocationDate.u.generalTime =
+	time(NULL) - 3600 * 24;
+    c->revokedCertificates->val[num].crlEntryExtensions = NULL;
+
+    c->revokedCertificates->len++;
+
+    return 0;
+}    
+
+
 int
 hx509_crl_sign(hx509_context context,
 	       hx509_cert signer,
@@ -1148,14 +1183,31 @@ hx509_crl_sign(hx509_context context,
     c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate));
     if (c.tbsCertList.nextUpdate == NULL) {
 	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
+	ret = ENOMEM;
+	goto out;
     }
     c.tbsCertList.nextUpdate->element = choice_Time_generalTime;
     c.tbsCertList.nextUpdate->u.generalTime = time(NULL) + 24 * 3600 * 365;
 
-    c.tbsCertList.revokedCertificates = NULL;
+    c.tbsCertList.revokedCertificates = 
+	calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
+    if (c.tbsCertList.revokedCertificates == NULL) {
+	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+	ret = ENOMEM;
+	goto out;
+    }
     c.tbsCertList.crlExtensions = NULL;
 
+    ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
+    if (ret)
+	goto out;
+
+    /* if not revoked certs, remove OPTIONAL entry */
+    if (c.tbsCertList.revokedCertificates->len == 0) {
+	free(c.tbsCertList.revokedCertificates);
+	c.tbsCertList.revokedCertificates = NULL;
+    }
+
     ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length,
 		       &c.tbsCertList, &size, ret);
     if (ret) {