oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: Add hx509_cert_is_{ca,root,self_signed}()

Browse Source 
These are convenient utility functions.
This commit is contained in:
Nicolas Williams
2022-12-19 16:21:39 -06:00
parent e2e7eacb6f
commit 168124cd09
3 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
lib/hx509/cert.c
View File

@@ -1213,6 +1213,65 @@ certificate_is_self_signed(hx509_context context,
return ret;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_cert_is_self_signed(hx509_context context,
hx509_cert c,
int *self_signed)
{
return certificate_is_self_signed(context, c->data, self_signed);
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_cert_is_ca(hx509_context context,
hx509_cert c,
int *is_ca)
{
BasicConstraints bc;
const Extension *e;
size_t size;
size_t i = 0;
int ret = 0;
*is_ca = 0;
if (_hx509_cert_get_version(c->data) < 3)
return certificate_is_self_signed(context, c->data, is_ca);
e = find_extension(c->data, &asn1_oid_id_x509_ce_basicConstraints, &i);
if (e == NULL) {
*is_ca = 0;
return 0;
}
ret = decode_BasicConstraints(e->extnValue.data,
e->extnValue.length, &bc,
&size);
if (ret)
return ret;
*is_ca = bc.cA;
free_BasicConstraints(&bc);
return 0;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_cert_is_root(hx509_context context,
hx509_cert c,
int *is_root)
{
int ret;
*is_root = 0;
ret = hx509_cert_is_ca(context, c, is_root);
if (ret)
return ret;
if (*is_root == 0)
/* Not a CA certificate -> not a root certificate */
return 0;
/* A CA certificate. If it's self-signed, it's a root certificate. */
return hx509_cert_is_self_signed(context, c, is_root);
}
/*
* The subjectName is "null" when it's empty set of relative DBs.
*/

3
lib/hx509/libhx509-exports.def
View File

@@ -131,6 +131,9 @@ EXPORTS
hx509_cert_init
hx509_cert_init_data
hx509_cert_init_private_key
hx509_cert_is_ca
hx509_cert_is_root
hx509_cert_is_self_signed
hx509_cert_keyusage_print
hx509_cert_ref
hx509_cert_set_friendly_name

3
lib/hx509/version-script.map
View File

@@ -113,6 +113,9 @@ HEIMDAL_X509_1.2 {
hx509_cert_init;
hx509_cert_init_data;
hx509_cert_init_private_key;
hx509_cert_is_ca;
hx509_cert_is_root;
hx509_cert_is_self_signed;
hx509_cert_keyusage_print;
hx509_cert_public_encrypt;
hx509_cert_ref;