crypto/dist/heimdal/lib/hx509/req.c

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "hx_locl.h"
  35 #include <pkcs10_asn1.h>
  36 __RCSID("$Heimdal: req.c 21344 2007-06-26 14:22:34Z lha $"
  37         "$NetBSD$");
  38
  39 struct hx509_request_data {
  40     hx509_name name;
  41     SubjectPublicKeyInfo key;
  42     ExtKeyUsage eku;
  43     GeneralNames san;
  44 };
  45
  46 /*
  47  *
  48  */
  49
  50 int
  51 _hx509_request_init(hx509_context context, hx509_request *req)
  52 {
  53     *req = calloc(1, sizeof(**req));
  54     if (*req == NULL)
  55         return ENOMEM;
  56
  57     return 0;
  58 }
  59
  60 void
  61 _hx509_request_free(hx509_request *req)
  62 {
  63     if ((*req)->name)
  64         hx509_name_free(&(*req)->name);
  65     free_SubjectPublicKeyInfo(&(*req)->key);
  66     free_ExtKeyUsage(&(*req)->eku);
  67     free_GeneralNames(&(*req)->san);
  68     memset(*req, 0, sizeof(**req));
  69     free(*req);
  70     *req = NULL;
  71 }
  72
  73 int
  74 _hx509_request_set_name(hx509_context context,
  75                         hx509_request req,
  76                         hx509_name name)
  77 {
  78     if (req->name)
  79         hx509_name_free(&req->name);
  80     if (name) {
  81         int ret = hx509_name_copy(context, name, &req->name);
  82         if (ret)
  83             return ret;
  84     }
  85     return 0;
  86 }
  87
  88 int
  89 _hx509_request_get_name(hx509_context context,
  90                         hx509_request req,
  91                         hx509_name *name)
  92 {
  93     if (req->name == NULL) {
  94         hx509_set_error_string(context, 0, EINVAL, "Request have no name");
  95         return EINVAL;
  96     }
  97     return hx509_name_copy(context, req->name, name);
  98 }
  99
 100 int
 101 _hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
 102                                         hx509_request req,
 103                                         const SubjectPublicKeyInfo *key)
 104 {
 105     free_SubjectPublicKeyInfo(&req->key);
 106     return copy_SubjectPublicKeyInfo(key, &req->key);
 107 }
 108
 109 int
 110 _hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
 111                                         hx509_request req,
 112                                         SubjectPublicKeyInfo *key)
 113 {
 114     return copy_SubjectPublicKeyInfo(&req->key, key);
 115 }
 116
 117 int
 118 _hx509_request_add_eku(hx509_context context,
 119                        hx509_request req,
 120                        const heim_oid *oid)
 121 {
 122     void *val;
 123     int ret;
 124
 125     val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1));
 126     if (val == NULL)
 127         return ENOMEM;
 128     req->eku.val = val;
 129
 130     ret = der_copy_oid(oid, &req->eku.val[req->eku.len]);
 131     if (ret)
 132         return ret;
 133
 134     req->eku.len += 1;
 135
 136     return 0;
 137 }
 138
 139 int
 140 _hx509_request_add_dns_name(hx509_context context,
 141                             hx509_request req,
 142                             const char *hostname)
 143 {
 144     GeneralName name;
 145
 146     memset(&name, 0, sizeof(name));
 147     name.element = choice_GeneralName_dNSName;
 148     name.u.dNSName = rk_UNCONST(hostname);
 149
 150     return add_GeneralNames(&req->san, &name);
 151 }
 152
 153 int
 154 _hx509_request_add_email(hx509_context context,
 155                          hx509_request req,
 156                          const char *email)
 157 {
 158     GeneralName name;
 159
 160     memset(&name, 0, sizeof(name));
 161     name.element = choice_GeneralName_rfc822Name;
 162     name.u.dNSName = rk_UNCONST(email);
 163
 164     return add_GeneralNames(&req->san, &name);
 165 }
 166
 167
 168
 169 int
 170 _hx509_request_to_pkcs10(hx509_context context,
 171                          const hx509_request req,
 172                          const hx509_private_key signer,
 173                          heim_octet_string *request)
 174 {
 175     CertificationRequest r;
 176     heim_octet_string data, os;
 177     int ret;
 178     size_t size;
 179
 180     if (req->name == NULL) {
 181         hx509_set_error_string(context, 0, EINVAL,
 182                                "PKCS10 needs to have a subject");
 183         return EINVAL;
 184     }
 185
 186     memset(&r, 0, sizeof(r));
 187     memset(request, 0, sizeof(*request));
 188
 189     r.certificationRequestInfo.version = pkcs10_v1;
 190
 191     ret = copy_Name(&req->name->der_name,
 192                     &r.certificationRequestInfo.subject);
 193     if (ret)
 194         goto out;
 195     ret = copy_SubjectPublicKeyInfo(&req->key,
 196                                     &r.certificationRequestInfo.subjectPKInfo);
 197     if (ret)
 198         goto out;
 199     r.certificationRequestInfo.attributes =
 200         calloc(1, sizeof(*r.certificationRequestInfo.attributes));
 201     if (r.certificationRequestInfo.attributes == NULL) {
 202         ret = ENOMEM;
 203         goto out;
 204     }
 205
 206     ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length,
 207                        &r.certificationRequestInfo, &size, ret);
 208     if (ret)
 209         goto out;
 210     if (data.length != size)
 211         abort();
 212
 213     ret = _hx509_create_signature(context,
 214                                   signer,
 215                                   _hx509_crypto_default_sig_alg,
 216                                   &data,
 217                                   &r.signatureAlgorithm,
 218                                   &os);
 219     free(data.data);
 220     if (ret)
 221         goto out;
 222     r.signature.data = os.data;
 223     r.signature.length = os.length * 8;
 224
 225     ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length,
 226                        &r, &size, ret);
 227     if (ret)
 228         goto out;
 229     if (data.length != size)
 230         abort();
 231
 232     *request = data;
 233
 234 out:
 235     free_CertificationRequest(&r);
 236
 237     return ret;
 238 }
 239
 240 int
 241 _hx509_request_parse(hx509_context context,
 242                      const char *path,
 243                      hx509_request *req)
 244 {
 245     CertificationRequest r;
 246     CertificationRequestInfo *rinfo;
 247     hx509_name subject;
 248     size_t len, size;
 249     void *p;
 250     int ret;
 251
 252     if (strncmp(path, "PKCS10:", 7) != 0) {
 253         hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
 254                                "unsupport type in %s", path);
 255         return HX509_UNSUPPORTED_OPERATION;
 256     }
 257     path += 7;
 258
 259     /* XXX PEM request */
 260
 261     ret = _hx509_map_file(path, &p, &len, NULL);
 262     if (ret) {
 263         hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
 264         return ret;
 265     }
 266
 267     ret = decode_CertificationRequest(p, len, &r, &size);
 268     _hx509_unmap_file(p, len);
 269     if (ret) {
 270         hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
 271         return ret;
 272     }
 273
 274     ret = _hx509_request_init(context, req);
 275     if (ret) {
 276         free_CertificationRequest(&r);
 277         return ret;
 278     }
 279
 280     rinfo = &r.certificationRequestInfo;
 281
 282     ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
 283                                                   &rinfo->subjectPKInfo);
 284     if (ret) {
 285         free_CertificationRequest(&r);
 286         _hx509_request_free(req);
 287         return ret;
 288     }
 289
 290     ret = _hx509_name_from_Name(&rinfo->subject, &subject);
 291     if (ret) {
 292         free_CertificationRequest(&r);
 293         _hx509_request_free(req);
 294         return ret;
 295     }
 296     ret = _hx509_request_set_name(context, *req, subject);
 297     hx509_name_free(&subject);
 298     free_CertificationRequest(&r);
 299     if (ret) {
 300         _hx509_request_free(req);
 301         return ret;
 302     }
 303
 304     return 0;
 305 }
 306
 307
 308 int
 309 _hx509_request_print(hx509_context context, hx509_request req, FILE *f)
 310 {
 311     int ret;
 312
 313     if (req->name) {
 314         char *subject;
 315         ret = hx509_name_to_string(req->name, &subject);
 316         if (ret) {
 317             hx509_set_error_string(context, 0, ret, "Failed to print name");
 318             return ret;
 319         }
 320         fprintf(f, "name: %s\n", subject);
 321         free(subject);
 322     }
 323
 324     return 0;
 325 }
 326