From 4156103f1acd4041d59e633de6af20ffe9f1dbf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 31 Jan 2007 15:37:05 +0000 Subject: [PATCH] Code to set CRLDistributionPoints in certificates. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20102 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/ca.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index 21454cc25..9cd0198ad 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -51,6 +51,7 @@ struct hx509_ca_tbs { time_t notBefore; time_t notAfter; int pathLenConstraint; /* both for CA and Proxy */ + CRLDistributionPoints crldp; }; int @@ -66,6 +67,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) (*tbs)->eku.len = 0; (*tbs)->eku.val = NULL; (*tbs)->pathLenConstraint = 0; + (*tbs)->crldp.len = 0; + (*tbs)->crldp.val = NULL; return 0; } @@ -80,6 +83,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs) free_GeneralNames(&(*tbs)->san); free_ExtKeyUsage(&(*tbs)->eku); der_free_heim_integer(&(*tbs)->serial); + free_CRLDistributionPoints(&(*tbs)->crldp); hx509_name_free(&(*tbs)->subject); @@ -272,6 +276,73 @@ hx509_ca_tbs_add_eku(hx509_context context, return 0; } +int +hx509_ca_tbs_add_crl_dp_uri(hx509_context context, + hx509_ca_tbs tbs, + const char *uri, + hx509_name issuername) +{ + GeneralNames crlissuer; + DistributionPoint dp; + DistributionPointName name; + int ret; + + memset(&dp, 0, sizeof(dp)); + memset(&name, 0, sizeof(name)); + memset(&crlissuer, 0, sizeof(crlissuer)); + + { + GeneralName gn; + + gn.element = choice_GeneralName_uniformResourceIdentifier; + gn.u.uniformResourceIdentifier = rk_UNCONST(uri); + + name.element = choice_DistributionPointName_fullName; + ret = add_GeneralNames(&name.u.fullName, &gn); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + } + dp.distributionPoint = &name; + + if (issuername) { + GeneralName gn; + Name n; + + gn.element = choice_GeneralName_directoryName; + ret = hx509_name_to_Name(issuername, &n); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + gn.u.directoryName.element = n.element; + gn.u.directoryName.u.rdnSequence = n.u.rdnSequence; + + ret = add_GeneralNames(&crlissuer, &gn); + free_Name(&n); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + dp.cRLIssuer = &crlissuer; + } + + ret = add_CRLDistributionPoints(&tbs->crldp, &dp); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + +out: + free_GeneralNames(&crlissuer); + free_DistributionPointName(&name); + + return ret; +} + int hx509_ca_tbs_add_san_otherName(hx509_context context, hx509_ca_tbs tbs, @@ -871,6 +942,23 @@ ca_sign(hx509_context context, goto out; } + if (tbs->crldp.len) { + + ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length, + &tbs->crldp, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, FALSE, + oid_id_x509_ce_cRLDistributionPoints(), + &data); + free(data.data); + if (ret) + goto out; + } ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret); if (ret) {