oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Code to set CRLDistributionPoints in certificates.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20102 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-31 15:37:05 +00:00
parent c6fb026eb1
commit 4156103f1a
1 changed files with 88 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
lib/hx509/ca.c
View File

@@ -51,6 +51,7 @@ struct hx509_ca_tbs {
time_t notBefore; time_t notBefore;
time_t notAfter; time_t notAfter;
int pathLenConstraint; /* both for CA and Proxy */ int pathLenConstraint; /* both for CA and Proxy */
CRLDistributionPoints crldp;
}; };
int int
@@ -66,6 +67,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
(*tbs)->eku.len = 0; (*tbs)->eku.len = 0;
(*tbs)->eku.val = NULL; (*tbs)->eku.val = NULL;
(*tbs)->pathLenConstraint = 0; (*tbs)->pathLenConstraint = 0;
(*tbs)->crldp.len = 0;
(*tbs)->crldp.val = NULL;
return 0; return 0;
} }
@@ -80,6 +83,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs)
free_GeneralNames(&(*tbs)->san); free_GeneralNames(&(*tbs)->san);
free_ExtKeyUsage(&(*tbs)->eku); free_ExtKeyUsage(&(*tbs)->eku);
der_free_heim_integer(&(*tbs)->serial); der_free_heim_integer(&(*tbs)->serial);
free_CRLDistributionPoints(&(*tbs)->crldp);
hx509_name_free(&(*tbs)->subject); hx509_name_free(&(*tbs)->subject);
@@ -272,6 +276,73 @@ hx509_ca_tbs_add_eku(hx509_context context,
return 0; return 0;
} }
int
hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
hx509_ca_tbs tbs,
const char *uri,
hx509_name issuername)
{
GeneralNames crlissuer;
DistributionPoint dp;
DistributionPointName name;
int ret;
memset(&dp, 0, sizeof(dp));
memset(&name, 0, sizeof(name));
memset(&crlissuer, 0, sizeof(crlissuer));
{
GeneralName gn;
gn.element = choice_GeneralName_uniformResourceIdentifier;
gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
name.element = choice_DistributionPointName_fullName;
ret = add_GeneralNames(&name.u.fullName, &gn);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
goto out;
}
}
dp.distributionPoint = &name;
if (issuername) {
GeneralName gn;
Name n;
gn.element = choice_GeneralName_directoryName;
ret = hx509_name_to_Name(issuername, &n);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
goto out;
}
gn.u.directoryName.element = n.element;
gn.u.directoryName.u.rdnSequence = n.u.rdnSequence;
ret = add_GeneralNames(&crlissuer, &gn);
free_Name(&n);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
goto out;
}
dp.cRLIssuer = &crlissuer;
}
ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
goto out;
}
out:
free_GeneralNames(&crlissuer);
free_DistributionPointName(&name);
return ret;
}
int int
hx509_ca_tbs_add_san_otherName(hx509_context context, hx509_ca_tbs_add_san_otherName(hx509_context context,
hx509_ca_tbs tbs, hx509_ca_tbs tbs,
@@ -871,6 +942,23 @@ ca_sign(hx509_context context,
goto out; goto out;
} }
if (tbs->crldp.len) {
ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
&tbs->crldp, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
if (size != data.length)
_hx509_abort("internal ASN.1 encoder error");
ret = add_extension(context, tbsc, FALSE,
oid_id_x509_ce_cRLDistributionPoints(),
&data);
free(data.data);
if (ret)
goto out;
}
ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret); ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
if (ret) { if (ret) {