2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <auth/cert.h>
26 #include <gnutls_x509.h>
27 #include "x509/x509_int.h"
29 #include "openpgp/gnutls_openpgp.h"
33 * gnutls_pcert_import_x509:
34 * @pcert: The pcert structure
35 * @crt: The raw certificate to be imported
36 * @flags: zero for now
38 * This convenience function will import the given certificate to a
39 * #gnutls_pcert_st structure. The structure must be deinitialized
40 * afterwards using gnutls_pcert_deinit();
42 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
43 * negative error value.
47 int gnutls_pcert_import_x509 (gnutls_pcert_st
* pcert
,
48 gnutls_x509_crt_t crt
, unsigned int flags
)
53 memset(pcert
, 0, sizeof(*pcert
));
55 pcert
->type
= GNUTLS_CRT_X509
;
56 pcert
->cert
.data
= NULL
;
59 ret
= gnutls_x509_crt_export(crt
, GNUTLS_X509_FMT_DER
, NULL
, &sz
);
60 if (ret
< 0 && ret
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
62 ret
= gnutls_assert_val(ret
);
66 pcert
->cert
.data
= gnutls_malloc(sz
);
67 if (pcert
->cert
.data
== NULL
)
69 ret
= gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
73 ret
= gnutls_x509_crt_export(crt
, GNUTLS_X509_FMT_DER
, pcert
->cert
.data
, &sz
);
76 ret
= gnutls_assert_val(ret
);
79 pcert
->cert
.size
= sz
;
81 ret
= gnutls_pubkey_init(&pcert
->pubkey
);
84 ret
= gnutls_assert_val(ret
);
88 ret
= gnutls_pubkey_import_x509(pcert
->pubkey
, crt
, 0);
91 gnutls_pubkey_deinit(pcert
->pubkey
);
93 ret
= gnutls_assert_val(ret
);
100 _gnutls_free_datum(&pcert
->cert
);
106 * gnutls_pcert_list_import_x509_raw:
107 * @pcerts: The structures to store the parsed certificate. Must not be initialized.
108 * @pcert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
109 * @data: The certificates.
110 * @format: One of DER or PEM.
111 * @flags: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
113 * This function will convert the given PEM encoded certificate list
114 * to the native gnutls_x509_crt_t format. The output will be stored
115 * in @certs. They will be automatically initialized.
117 * If the Certificate is PEM encoded it should have a header of "X509
118 * CERTIFICATE", or "CERTIFICATE".
120 * Returns: the number of certificates read or a negative error value.
125 gnutls_pcert_list_import_x509_raw (gnutls_pcert_st
* pcerts
,
126 unsigned int *pcert_max
,
127 const gnutls_datum_t
* data
,
128 gnutls_x509_crt_fmt_t format
, unsigned int flags
)
131 unsigned int i
= 0, j
;
132 gnutls_x509_crt_t
*crt
;
134 crt
= gnutls_malloc((*pcert_max
) * sizeof(gnutls_x509_crt_t
));
137 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
139 ret
= gnutls_x509_crt_list_import( crt
, pcert_max
, data
, format
, flags
);
142 ret
= gnutls_assert_val(ret
);
146 for (i
=0;i
<*pcert_max
;i
++)
148 ret
= gnutls_pcert_import_x509(&pcerts
[i
], crt
[i
], flags
);
151 ret
= gnutls_assert_val(ret
);
161 gnutls_pcert_deinit(&pcerts
[j
]);
164 for (i
=0;i
<*pcert_max
;i
++)
165 gnutls_x509_crt_deinit(crt
[i
]);
173 * gnutls_pcert_import_x509_raw:
174 * @pcert: The pcert structure
175 * @cert: The raw certificate to be imported
176 * @format: The format of the certificate
177 * @flags: zero for now
179 * This convenience function will import the given certificate to a
180 * #gnutls_pcert_st structure. The structure must be deinitialized
181 * afterwards using gnutls_pcert_deinit();
183 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
184 * negative error value.
188 int gnutls_pcert_import_x509_raw (gnutls_pcert_st
*pcert
,
189 const gnutls_datum_t
* cert
,
190 gnutls_x509_crt_fmt_t format
, unsigned int flags
)
193 gnutls_x509_crt_t crt
;
195 memset(pcert
, 0, sizeof(*pcert
));
197 ret
= gnutls_x509_crt_init(&crt
);
199 return gnutls_assert_val(ret
);
201 ret
= gnutls_x509_crt_import(crt
, cert
, format
);
204 ret
= gnutls_assert_val(ret
);
208 ret
= gnutls_pcert_import_x509(pcert
, crt
, flags
);
211 ret
= gnutls_assert_val(ret
);
218 gnutls_x509_crt_deinit(crt
);
223 #ifdef ENABLE_OPENPGP
226 * gnutls_pcert_import_openpgp:
227 * @pcert: The pcert structure
228 * @crt: The raw certificate to be imported
229 * @flags: zero for now
231 * This convenience function will import the given certificate to a
232 * #gnutls_pcert_st structure. The structure must be deinitialized
233 * afterwards using gnutls_pcert_deinit();
235 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
236 * negative error value.
240 int gnutls_pcert_import_openpgp (gnutls_pcert_st
* pcert
,
241 gnutls_openpgp_crt_t crt
, unsigned int flags
)
246 memset(pcert
, 0, sizeof(*pcert
));
248 pcert
->type
= GNUTLS_CRT_OPENPGP
;
249 pcert
->cert
.data
= NULL
;
252 ret
= gnutls_openpgp_crt_export(crt
, GNUTLS_OPENPGP_FMT_RAW
, NULL
, &sz
);
253 if (ret
< 0 && ret
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
255 ret
= gnutls_assert_val(ret
);
259 pcert
->cert
.data
= gnutls_malloc(sz
);
260 if (pcert
->cert
.data
== NULL
)
262 ret
= gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
266 ret
= gnutls_openpgp_crt_export(crt
, GNUTLS_X509_FMT_DER
, pcert
->cert
.data
, &sz
);
269 ret
= gnutls_assert_val(ret
);
272 pcert
->cert
.size
= sz
;
274 ret
= gnutls_pubkey_init(&pcert
->pubkey
);
277 ret
= gnutls_assert_val(ret
);
281 ret
= gnutls_pubkey_import_openpgp(pcert
->pubkey
, crt
, 0);
284 gnutls_pubkey_deinit(pcert
->pubkey
);
285 pcert
->pubkey
= NULL
;
286 ret
= gnutls_assert_val(ret
);
293 _gnutls_free_datum(&pcert
->cert
);
299 * gnutls_pcert_import_openpgp_raw:
300 * @pcert: The pcert structure
301 * @cert: The raw certificate to be imported
302 * @format: The format of the certificate
303 * @keyid: The key ID to use (NULL for the master key)
304 * @flags: zero for now
306 * This convenience function will import the given certificate to a
307 * #gnutls_pcert_st structure. The structure must be deinitialized
308 * afterwards using gnutls_pcert_deinit();
310 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
311 * negative error value.
315 int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st
*pcert
,
316 const gnutls_datum_t
* cert
,
317 gnutls_openpgp_crt_fmt_t format
,
318 gnutls_openpgp_keyid_t keyid
,
322 gnutls_openpgp_crt_t crt
;
324 memset(pcert
, 0, sizeof(*pcert
));
326 pcert
->cert
.data
= NULL
;
328 ret
= gnutls_openpgp_crt_init(&crt
);
330 return gnutls_assert_val(ret
);
332 ret
= gnutls_openpgp_crt_import(crt
, cert
, format
);
335 ret
= gnutls_assert_val(ret
);
339 ret
= gnutls_openpgp_crt_set_preferred_key_id(crt
, keyid
);
342 ret
= gnutls_assert_val(ret
);
346 ret
= gnutls_pcert_import_openpgp(pcert
, crt
, flags
);
349 ret
= gnutls_assert_val(ret
);
355 gnutls_openpgp_crt_deinit(crt
);
363 * gnutls_pcert_deinit:
364 * @pcert: The structure to be deinitialized
366 * This function will deinitialize a pcert structure.
371 gnutls_pcert_deinit (gnutls_pcert_st
*pcert
)
373 gnutls_pubkey_deinit(pcert
->pubkey
);
374 pcert
->pubkey
= NULL
;
375 _gnutls_free_datum(&pcert
->cert
);
378 /* Converts the first certificate for the cert_auth_info structure
382 _gnutls_get_auth_info_pcert (gnutls_pcert_st
* pcert
,
383 gnutls_certificate_type_t type
,
384 cert_auth_info_t info
)
388 case GNUTLS_CRT_X509
:
389 return gnutls_pcert_import_x509_raw(pcert
, &info
->raw_certificate_list
[0],
390 GNUTLS_X509_FMT_DER
, GNUTLS_PCERT_NO_CERT
);
391 #ifdef ENABLE_OPENPGP
392 case GNUTLS_CRT_OPENPGP
:
393 return gnutls_pcert_import_openpgp_raw(pcert
,
394 &info
->raw_certificate_list
[0],
395 GNUTLS_OPENPGP_FMT_RAW
,
396 info
->subkey_id
, GNUTLS_PCERT_NO_CERT
);
400 return GNUTLS_E_INTERNAL_ERROR
;