Add language to support querying certificates to find a match. Support constructs like "1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"".

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22677 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-13 17:35:49 +00:00
parent 08cb59513f
commit 7776ed30a9
16 changed files with 1006 additions and 71 deletions
--- a/lib/hx509/hx_locl.h
+++ b/lib/hx509/hx_locl.h
@@ -80,6 +80,8 @@ typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *);

 typedef struct hx509_private_key_ops hx509_private_key_ops;

+#include "sel.h"
+
 #include <hx509-private.h>
 #include <hx509_err.h>

@@ -129,7 +131,8 @@ struct hx509_query_data {
 #define HX509_QUERY_MATCH_KEY_HASH_SHA1		0x100000
 #define HX509_QUERY_MATCH_TIME			0x200000
 #define HX509_QUERY_MATCH_EKU			0x400000
-#define HX509_QUERY_MASK			0x7fffff
+#define HX509_QUERY_MATCH_EXPR			0x800000
+#define HX509_QUERY_MASK			0xffffff
    Certificate *subject;
    Certificate *certificate;
    heim_integer *serial;
@@ -144,6 +147,7 @@ struct hx509_query_data {
    heim_octet_string *keyhash_sha1;
    time_t timenow;
    heim_oid *eku;
+    struct hx_expr *expr;
 };

 struct hx509_keyset_ops {
@@ -188,6 +192,18 @@ struct hx509_context_data {
 /* _hx509_calculate_path flag field */
 #define HX509_CALCULATE_PATH_NO_ANCHOR 1

+/* environment */
+struct hx509_env_data {
+    enum { env_string, env_list } type;
+    char *name;
+    struct hx509_env_data *next;
+    union {
+	char *string;
+	struct hx509_env_data *list;
+    } u;
+};
+
+
 extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg;
 extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg;
 extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg;