From 0d73993576d34ff8b7df93aff940d8613d9cb565 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 2 Jun 2007 03:27:58 +0000 Subject: [PATCH] Support to generate an empty CRL. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20796 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/revoke.c | 111 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c index 7f5e9041d..782aa2733 100644 --- a/lib/hx509/revoke.c +++ b/lib/hx509/revoke.c @@ -801,7 +801,7 @@ hx509_ocsp_request(hx509_context context, memset(&req, 0, sizeof(req)); if (digest == NULL) - digest = hx509_signature_sha256(); + digest = _hx509_crypto_default_digest_alg; ctx.req = &req.tbsRequest; ctx.certs = pool; @@ -1019,3 +1019,112 @@ hx509_ocsp_verify(hx509_context context, return 0; } + +struct hx509_crl { + int foo; +}; + +int +hx509_crl_alloc(hx509_context context, hx509_crl *crl) +{ + *crl = NULL; + return 0; +} + +int +hx509_crl_free(hx509_context context, hx509_crl crl) +{ + return 0; +} + +int +hx509_crl_sign(hx509_context context, + hx509_cert signer, + hx509_crl crl, + heim_octet_string *os) +{ + const AlgorithmIdentifier *sigalg = _hx509_crypto_default_sig_alg; + CRLCertificateList c; + size_t size; + int ret; + hx509_private_key signerkey; + + memset(&c, 0, sizeof(c)); + + signerkey = _hx509_cert_private_key(signer); + if (signerkey == NULL) { + ret = HX509_PRIVATE_KEY_MISSING; + hx509_set_error_string(context, 0, ret, + "Private key missing for CRL signing"); + return ret; + } + + c.tbsCertList.version = malloc(sizeof(*c.tbsCertList.version)); + if (c.tbsCertList.version == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + *c.tbsCertList.version = 1; + + ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer, + &c.tbsCertList.issuer); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + c.tbsCertList.thisUpdate.element = choice_Time_generalTime; + c.tbsCertList.thisUpdate.u.generalTime = time(NULL) - 24 * 3600; + + c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate)); + if (c.tbsCertList.nextUpdate == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + c.tbsCertList.nextUpdate->element = choice_Time_generalTime; + c.tbsCertList.nextUpdate->u.generalTime = time(NULL) + 24 * 3600 * 365; + + c.tbsCertList.revokedCertificates = NULL; + c.tbsCertList.crlExtensions = NULL; + + ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length, + &c.tbsCertList, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL"); + goto out; + } + if (size != os->length) + _hx509_abort("internal ASN.1 encoder error"); + + + ret = _hx509_create_signature_bitstring(context, + signerkey, + sigalg, + os, + &c.signatureAlgorithm, + &c.signatureValue); + free(os->data); + + ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length, + &c, &size, ret); + free_CRLCertificateList(&c); + if (ret) { + hx509_set_error_string(context, 0, ret, "failed to encode CRL"); + goto out; + } + if (size != os->length) + _hx509_abort("internal ASN.1 encoder error"); + + return 0; + +out: + free_CRLCertificateList(&c); + return ret; +}