Added functions to parse the certificate policies extention.
[gnutls.git] / lib / gnutls_pcert.c
blob3341f88c5b4421be9fe732f9ab94d76013574663
1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <auth/cert.h>
26 #include <gnutls_x509.h>
27 #include "x509/x509_int.h"
28 #ifdef ENABLE_OPENPGP
29 #include "openpgp/gnutls_openpgp.h"
30 #endif
32 /**
33 * gnutls_pcert_import_x509:
34 * @pcert: The pcert structure
35 * @crt: The raw certificate to be imported
36 * @flags: zero for now
38 * This convenience function will import the given certificate to a
39 * #gnutls_pcert_st structure. The structure must be deinitialized
40 * afterwards using gnutls_pcert_deinit();
42 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
43 * negative error value.
45 * Since: 3.0
46 **/
47 int gnutls_pcert_import_x509 (gnutls_pcert_st* pcert,
48 gnutls_x509_crt_t crt, unsigned int flags)
50 int ret;
51 size_t sz;
53 memset(pcert, 0, sizeof(*pcert));
55 pcert->type = GNUTLS_CRT_X509;
56 pcert->cert.data = NULL;
58 sz = 0;
59 ret = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, NULL, &sz);
60 if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
62 ret = gnutls_assert_val(ret);
63 goto cleanup;
66 pcert->cert.data = gnutls_malloc(sz);
67 if (pcert->cert.data == NULL)
69 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
70 goto cleanup;
73 ret = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, pcert->cert.data, &sz);
74 if (ret < 0)
76 ret = gnutls_assert_val(ret);
77 goto cleanup;
79 pcert->cert.size = sz;
81 ret = gnutls_pubkey_init(&pcert->pubkey);
82 if (ret < 0)
84 ret = gnutls_assert_val(ret);
85 goto cleanup;
88 ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
89 if (ret < 0)
91 gnutls_pubkey_deinit(pcert->pubkey);
92 pcert->pubkey = NULL;
93 ret = gnutls_assert_val(ret);
94 goto cleanup;
97 return 0;
99 cleanup:
100 _gnutls_free_datum(&pcert->cert);
102 return ret;
106 * gnutls_pcert_list_import_x509_raw:
107 * @pcerts: The structures to store the parsed certificate. Must not be initialized.
108 * @pcert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
109 * @data: The certificates.
110 * @format: One of DER or PEM.
111 * @flags: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
113 * This function will convert the given PEM encoded certificate list
114 * to the native gnutls_x509_crt_t format. The output will be stored
115 * in @certs. They will be automatically initialized.
117 * If the Certificate is PEM encoded it should have a header of "X509
118 * CERTIFICATE", or "CERTIFICATE".
120 * Returns: the number of certificates read or a negative error value.
122 * Since: 3.0
125 gnutls_pcert_list_import_x509_raw (gnutls_pcert_st * pcerts,
126 unsigned int *pcert_max,
127 const gnutls_datum_t * data,
128 gnutls_x509_crt_fmt_t format, unsigned int flags)
130 int ret;
131 unsigned int i = 0, j;
132 gnutls_x509_crt_t *crt;
134 crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
136 if (crt == NULL)
137 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
139 ret = gnutls_x509_crt_list_import( crt, pcert_max, data, format, flags);
140 if (ret < 0)
142 ret = gnutls_assert_val(ret);
143 goto cleanup;
146 for (i=0;i<*pcert_max;i++)
148 ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
149 if (ret < 0)
151 ret = gnutls_assert_val(ret);
152 goto cleanup_pcert;
156 ret = 0;
157 goto cleanup;
159 cleanup_pcert:
160 for (j=0;j<i;j++)
161 gnutls_pcert_deinit(&pcerts[j]);
163 cleanup:
164 for (i=0;i<*pcert_max;i++)
165 gnutls_x509_crt_deinit(crt[i]);
167 gnutls_free(crt);
168 return ret;
173 * gnutls_pcert_import_x509_raw:
174 * @pcert: The pcert structure
175 * @cert: The raw certificate to be imported
176 * @format: The format of the certificate
177 * @flags: zero for now
179 * This convenience function will import the given certificate to a
180 * #gnutls_pcert_st structure. The structure must be deinitialized
181 * afterwards using gnutls_pcert_deinit();
183 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
184 * negative error value.
186 * Since: 3.0
188 int gnutls_pcert_import_x509_raw (gnutls_pcert_st *pcert,
189 const gnutls_datum_t* cert,
190 gnutls_x509_crt_fmt_t format, unsigned int flags)
192 int ret;
193 gnutls_x509_crt_t crt;
195 memset(pcert, 0, sizeof(*pcert));
197 ret = gnutls_x509_crt_init(&crt);
198 if (ret < 0)
199 return gnutls_assert_val(ret);
201 ret = gnutls_x509_crt_import(crt, cert, format);
202 if (ret < 0)
204 ret = gnutls_assert_val(ret);
205 goto cleanup;
208 ret = gnutls_pcert_import_x509(pcert, crt, flags);
209 if (ret < 0)
211 ret = gnutls_assert_val(ret);
212 goto cleanup;
215 ret = 0;
217 cleanup:
218 gnutls_x509_crt_deinit(crt);
220 return ret;
223 #ifdef ENABLE_OPENPGP
226 * gnutls_pcert_import_openpgp:
227 * @pcert: The pcert structure
228 * @crt: The raw certificate to be imported
229 * @flags: zero for now
231 * This convenience function will import the given certificate to a
232 * #gnutls_pcert_st structure. The structure must be deinitialized
233 * afterwards using gnutls_pcert_deinit();
235 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
236 * negative error value.
238 * Since: 3.0
240 int gnutls_pcert_import_openpgp (gnutls_pcert_st* pcert,
241 gnutls_openpgp_crt_t crt, unsigned int flags)
243 int ret;
244 size_t sz;
246 memset(pcert, 0, sizeof(*pcert));
248 pcert->type = GNUTLS_CRT_OPENPGP;
249 pcert->cert.data = NULL;
251 sz = 0;
252 ret = gnutls_openpgp_crt_export(crt, GNUTLS_OPENPGP_FMT_RAW, NULL, &sz);
253 if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
255 ret = gnutls_assert_val(ret);
256 goto cleanup;
259 pcert->cert.data = gnutls_malloc(sz);
260 if (pcert->cert.data == NULL)
262 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
263 goto cleanup;
266 ret = gnutls_openpgp_crt_export(crt, GNUTLS_X509_FMT_DER, pcert->cert.data, &sz);
267 if (ret < 0)
269 ret = gnutls_assert_val(ret);
270 goto cleanup;
272 pcert->cert.size = sz;
274 ret = gnutls_pubkey_init(&pcert->pubkey);
275 if (ret < 0)
277 ret = gnutls_assert_val(ret);
278 goto cleanup;
281 ret = gnutls_pubkey_import_openpgp(pcert->pubkey, crt, 0);
282 if (ret < 0)
284 gnutls_pubkey_deinit(pcert->pubkey);
285 pcert->pubkey = NULL;
286 ret = gnutls_assert_val(ret);
287 goto cleanup;
290 return 0;
292 cleanup:
293 _gnutls_free_datum(&pcert->cert);
295 return ret;
299 * gnutls_pcert_import_openpgp_raw:
300 * @pcert: The pcert structure
301 * @cert: The raw certificate to be imported
302 * @format: The format of the certificate
303 * @keyid: The key ID to use (NULL for the master key)
304 * @flags: zero for now
306 * This convenience function will import the given certificate to a
307 * #gnutls_pcert_st structure. The structure must be deinitialized
308 * afterwards using gnutls_pcert_deinit();
310 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
311 * negative error value.
313 * Since: 3.0
315 int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st *pcert,
316 const gnutls_datum_t* cert,
317 gnutls_openpgp_crt_fmt_t format,
318 gnutls_openpgp_keyid_t keyid,
319 unsigned int flags)
321 int ret;
322 gnutls_openpgp_crt_t crt;
324 memset(pcert, 0, sizeof(*pcert));
326 pcert->cert.data = NULL;
328 ret = gnutls_openpgp_crt_init(&crt);
329 if (ret < 0)
330 return gnutls_assert_val(ret);
332 ret = gnutls_openpgp_crt_import(crt, cert, format);
333 if (ret < 0)
335 ret = gnutls_assert_val(ret);
336 goto cleanup;
339 ret = gnutls_openpgp_crt_set_preferred_key_id(crt, keyid);
340 if (ret < 0)
342 ret = gnutls_assert_val(ret);
343 goto cleanup;
346 ret = gnutls_pcert_import_openpgp(pcert, crt, flags);
347 if (ret < 0)
349 ret = gnutls_assert_val(ret);
350 goto cleanup;
352 ret = 0;
354 cleanup:
355 gnutls_openpgp_crt_deinit(crt);
357 return ret;
360 #endif
363 * gnutls_pcert_deinit:
364 * @pcert: The structure to be deinitialized
366 * This function will deinitialize a pcert structure.
368 * Since: 3.0
370 void
371 gnutls_pcert_deinit (gnutls_pcert_st *pcert)
373 gnutls_pubkey_deinit(pcert->pubkey);
374 pcert->pubkey = NULL;
375 _gnutls_free_datum(&pcert->cert);
378 /* Converts the first certificate for the cert_auth_info structure
379 * to a pcert.
382 _gnutls_get_auth_info_pcert (gnutls_pcert_st* pcert,
383 gnutls_certificate_type_t type,
384 cert_auth_info_t info)
386 switch (type)
388 case GNUTLS_CRT_X509:
389 return gnutls_pcert_import_x509_raw(pcert, &info->raw_certificate_list[0],
390 GNUTLS_X509_FMT_DER, GNUTLS_PCERT_NO_CERT);
391 #ifdef ENABLE_OPENPGP
392 case GNUTLS_CRT_OPENPGP:
393 return gnutls_pcert_import_openpgp_raw(pcert,
394 &info->raw_certificate_list[0],
395 GNUTLS_OPENPGP_FMT_RAW,
396 info->subkey_id, GNUTLS_PCERT_NO_CERT);
397 #endif
398 default:
399 gnutls_assert ();
400 return GNUTLS_E_INTERNAL_ERROR;