Add HX509_QUERY_MATCH_KEY_HASH_SHA1
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16911 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -1589,6 +1589,23 @@ _hx509_query_match_cert(const hx509_query *q, hx509_cert cert)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) {
|
||||
heim_octet_string os;
|
||||
int ret;
|
||||
|
||||
os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
||||
os.length =
|
||||
c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
|
||||
|
||||
ret = _hx509_verify_signature(NULL,
|
||||
hx509_signature_sha1(),
|
||||
&os,
|
||||
q->keyhash_sha1);
|
||||
if (ret != 0)
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
if (q->match & ~HX509_QUERY_MASK)
|
||||
return 0;
|
||||
|
||||
|
||||
@@ -87,27 +87,28 @@ typedef struct hx509_path {
|
||||
|
||||
struct hx509_query_data {
|
||||
int match;
|
||||
#define HX509_QUERY_FIND_ISSUER_CERT 0x00001
|
||||
#define HX509_QUERY_MATCH_SERIALNUMBER 0x00002
|
||||
#define HX509_QUERY_MATCH_ISSUER_NAME 0x00004
|
||||
#define HX509_QUERY_MATCH_SUBJECT_NAME 0x00008
|
||||
#define HX509_QUERY_MATCH_SUBJECT_KEY_ID 0x00010
|
||||
#define HX509_QUERY_MATCH_ISSUER_ID 0x00020
|
||||
#define HX509_QUERY_PRIVATE_KEY 0x00040
|
||||
#define HX509_QUERY_KU_ENCIPHERMENT 0x00080
|
||||
#define HX509_QUERY_KU_DIGITALSIGNATURE 0x00100
|
||||
#define HX509_QUERY_KU_KEYCERTSIGN 0x00200
|
||||
#define HX509_QUERY_KU_CRLSIGN 0x00400
|
||||
#define HX509_QUERY_KU_NONREPUDIATION 0x00800
|
||||
#define HX509_QUERY_KU_KEYAGREEMENT 0x01000
|
||||
#define HX509_QUERY_KU_DATAENCIPHERMENT 0x02000
|
||||
#define HX509_QUERY_ANCHOR 0x04000
|
||||
#define HX509_QUERY_MATCH_CERTIFICATE 0x08000
|
||||
#define HX509_QUERY_MATCH_LOCAL_KEY_ID 0x10000
|
||||
#define HX509_QUERY_NO_MATCH_PATH 0x20000
|
||||
#define HX509_QUERY_MATCH_FRIENDLY_NAME 0x40000
|
||||
#define HX509_QUERY_MATCH_FUNCTION 0x80000
|
||||
#define HX509_QUERY_MASK 0xfffff
|
||||
#define HX509_QUERY_FIND_ISSUER_CERT 0x000001
|
||||
#define HX509_QUERY_MATCH_SERIALNUMBER 0x000002
|
||||
#define HX509_QUERY_MATCH_ISSUER_NAME 0x000004
|
||||
#define HX509_QUERY_MATCH_SUBJECT_NAME 0x000008
|
||||
#define HX509_QUERY_MATCH_SUBJECT_KEY_ID 0x000010
|
||||
#define HX509_QUERY_MATCH_ISSUER_ID 0x000020
|
||||
#define HX509_QUERY_PRIVATE_KEY 0x000040
|
||||
#define HX509_QUERY_KU_ENCIPHERMENT 0x000080
|
||||
#define HX509_QUERY_KU_DIGITALSIGNATURE 0x000100
|
||||
#define HX509_QUERY_KU_KEYCERTSIGN 0x000200
|
||||
#define HX509_QUERY_KU_CRLSIGN 0x000400
|
||||
#define HX509_QUERY_KU_NONREPUDIATION 0x000800
|
||||
#define HX509_QUERY_KU_KEYAGREEMENT 0x001000
|
||||
#define HX509_QUERY_KU_DATAENCIPHERMENT 0x002000
|
||||
#define HX509_QUERY_ANCHOR 0x004000
|
||||
#define HX509_QUERY_MATCH_CERTIFICATE 0x008000
|
||||
#define HX509_QUERY_MATCH_LOCAL_KEY_ID 0x010000
|
||||
#define HX509_QUERY_NO_MATCH_PATH 0x020000
|
||||
#define HX509_QUERY_MATCH_FRIENDLY_NAME 0x040000
|
||||
#define HX509_QUERY_MATCH_FUNCTION 0x080000
|
||||
#define HX509_QUERY_MATCH_KEY_HASH_SHA1 0x100000
|
||||
#define HX509_QUERY_MASK 0x1fffff
|
||||
Certificate *subject;
|
||||
Certificate *certificate;
|
||||
heim_integer *serial;
|
||||
@@ -118,6 +119,7 @@ struct hx509_query_data {
|
||||
hx509_path *path;
|
||||
char *friendlyname;
|
||||
int (*cmp_func)(hx509_cert);
|
||||
heim_octet_string *keyhash_sha1;
|
||||
};
|
||||
|
||||
struct hx509_keyset_ops {
|
||||
|
||||
Reference in New Issue
Block a user