search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* io.c (rb_open_file): encoding in mode string was ignored if perm is
[ruby-svn.git] / ext / openssl / ossl_pkcs7.c
blobfe1ef7c5deef7b874f1c4c8262511211b518e41d
1 /*
2 * $Id$
3 * 'OpenSSL for Ruby' project
4 * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5 * All rights reserved.
6 */
7 /*
8 * This program is licenced under the same licence as Ruby.
9 * (See the file 'LICENCE'.)
10 */
11 #include "ossl.h"
12
13 #define WrapPKCS7(klass, obj, pkcs7) do { \
14 if (!pkcs7) { \
15 ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
16 } \
17 obj = Data_Wrap_Struct(klass, 0, PKCS7_free, pkcs7); \
18 } while (0)
19 #define GetPKCS7(obj, pkcs7) do { \
20 Data_Get_Struct(obj, PKCS7, pkcs7); \
21 if (!pkcs7) { \
22 ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
23 } \
24 } while (0)
25 #define SafeGetPKCS7(obj, pkcs7) do { \
26 OSSL_Check_Kind(obj, cPKCS7); \
27 GetPKCS7(obj, pkcs7); \
28 } while (0)
29
30 #define WrapPKCS7si(klass, obj, p7si) do { \
31 if (!p7si) { \
32 ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
33 } \
34 obj = Data_Wrap_Struct(klass, 0, PKCS7_SIGNER_INFO_free, p7si); \
35 } while (0)
36 #define GetPKCS7si(obj, p7si) do { \
37 Data_Get_Struct(obj, PKCS7_SIGNER_INFO, p7si); \
38 if (!p7si) { \
39 ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
40 } \
41 } while (0)
42 #define SafeGetPKCS7si(obj, p7si) do { \
43 OSSL_Check_Kind(obj, cPKCS7Signer); \
44 GetPKCS7si(obj, p7si); \
45 } while (0)
46
47 #define WrapPKCS7ri(klass, obj, p7ri) do { \
48 if (!p7ri) { \
49 ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
50 } \
51 obj = Data_Wrap_Struct(klass, 0, PKCS7_RECIP_INFO_free, p7ri); \
52 } while (0)
53 #define GetPKCS7ri(obj, p7ri) do { \
54 Data_Get_Struct(obj, PKCS7_RECIP_INFO, p7ri); \
55 if (!p7ri) { \
56 ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
57 } \
58 } while (0)
59 #define SafeGetPKCS7ri(obj, p7ri) do { \
60 OSSL_Check_Kind(obj, cPKCS7Recipient); \
61 GetPKCS7ri(obj, p7ri); \
62 } while (0)
63
64 #define numberof(ary) (sizeof(ary)/sizeof(ary[0]))
65
66 #define ossl_pkcs7_set_data(o,v) rb_iv_set((o), "@data", (v))
67 #define ossl_pkcs7_get_data(o) rb_iv_get((o), "@data")
68 #define ossl_pkcs7_set_err_string(o,v) rb_iv_set((o), "@error_string", (v))
69 #define ossl_pkcs7_get_err_string(o) rb_iv_get((o), "@error_string")
70
71 /*
72 * Classes
73 */
74 VALUE cPKCS7;
75 VALUE cPKCS7Signer;
76 VALUE cPKCS7Recipient;
77 VALUE ePKCS7Error;
78
79 /*
80 * Public
81 * (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
82 */
83 static VALUE
84 ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
85 {
86 PKCS7_SIGNER_INFO *pkcs7;
87 VALUE obj;
88
89 pkcs7 = p7si ? PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
90 if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
91 WrapPKCS7si(cPKCS7Signer, obj, pkcs7);
92
93 return obj;
94 }
95
96 static PKCS7_SIGNER_INFO *
97 DupPKCS7SignerPtr(VALUE obj)
98 {
99 PKCS7_SIGNER_INFO *p7si, *pkcs7;
100
101 SafeGetPKCS7si(obj, p7si);
102 if (!(pkcs7 = PKCS7_SIGNER_INFO_dup(p7si))) {
103 ossl_raise(ePKCS7Error, NULL);
104 }
105
106 return pkcs7;
107 }
108
109 static VALUE
110 ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
111 {
112 PKCS7_RECIP_INFO *pkcs7;
113 VALUE obj;
114
115 pkcs7 = p7ri ? PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
116 if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
117 WrapPKCS7ri(cPKCS7Recipient, obj, pkcs7);
118
119 return obj;
120 }
121
122 static PKCS7_RECIP_INFO *
123 DupPKCS7RecipientPtr(VALUE obj)
124 {
125 PKCS7_RECIP_INFO *p7ri, *pkcs7;
126
127 SafeGetPKCS7ri(obj, p7ri);
128 if (!(pkcs7 = PKCS7_RECIP_INFO_dup(p7ri))) {
129 ossl_raise(ePKCS7Error, NULL);
130 }
131
132 return pkcs7;
133 }
134
135 /*
136 * call-seq:
137 * PKCS7.read_smime(string) => pkcs7
138 */
139 static VALUE
140 ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg)
141 {
142 BIO *in, *out;
143 PKCS7 *pkcs7;
144 VALUE ret, data;
145
146 in = ossl_obj2bio(arg);
147 out = NULL;
148 pkcs7 = SMIME_read_PKCS7(in, &out);
149 BIO_free(in);
150 if(!pkcs7) ossl_raise(ePKCS7Error, NULL);
151 data = out ? ossl_membio2str(out) : Qnil;
152 WrapPKCS7(cPKCS7, ret, pkcs7);
153 ossl_pkcs7_set_data(ret, data);
154 ossl_pkcs7_set_err_string(ret, Qnil);
155
156 return ret;
157 }
158
159 /*
160 * call-seq:
161 * PKCS7.write_smime(pkcs7 [, data [, flags]]) => string
162 */
163 static VALUE
164 ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
165 {
166 VALUE pkcs7, data, flags;
167 BIO *out, *in;
168 PKCS7 *p7;
169 VALUE str;
170 int flg;
171
172 rb_scan_args(argc, argv, "12", &pkcs7, &data, &flags);
173 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
174 if(NIL_P(data)) data = ossl_pkcs7_get_data(pkcs7);
175 SafeGetPKCS7(pkcs7, p7);
176 if(!NIL_P(data) && PKCS7_is_detached(p7))
177 flg |= PKCS7_DETACHED;
178 in = NIL_P(data) ? NULL : ossl_obj2bio(data);
179 if(!(out = BIO_new(BIO_s_mem()))){
180 BIO_free(in);
181 ossl_raise(ePKCS7Error, NULL);
182 }
183 if(!SMIME_write_PKCS7(out, p7, in, flg)){
184 BIO_free(out);
185 BIO_free(in);
186 ossl_raise(ePKCS7Error, NULL);
187 }
188 BIO_free(in);
189 str = ossl_membio2str(out);
190
191 return str;
192 }
193
194 /*
195 * call-seq:
196 * PKCS7.sign(cert, key, data, [, certs [, flags]]) => pkcs7
197 */
198 static VALUE
199 ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
200 {
201 VALUE cert, key, data, certs, flags;
202 X509 *x509;
203 EVP_PKEY *pkey;
204 BIO *in;
205 STACK_OF(X509) *x509s;
206 int flg, status = 0;
207 PKCS7 *pkcs7;
208 VALUE ret;
209
210 rb_scan_args(argc, argv, "32", &cert, &key, &data, &certs, &flags);
211 x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
212 pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
213 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
214 in = ossl_obj2bio(data);
215 if(NIL_P(certs)) x509s = NULL;
216 else{
217 x509s = ossl_protect_x509_ary2sk(certs, &status);
218 if(status){
219 BIO_free(in);
220 rb_jump_tag(status);
221 }
222 }
223 if(!(pkcs7 = PKCS7_sign(x509, pkey, x509s, in, flg))){
224 BIO_free(in);
225 sk_X509_pop_free(x509s, X509_free);
226 ossl_raise(ePKCS7Error, NULL);
227 }
228 WrapPKCS7(cPKCS7, ret, pkcs7);
229 ossl_pkcs7_set_data(ret, data);
230 ossl_pkcs7_set_err_string(ret, Qnil);
231 BIO_free(in);
232 sk_X509_pop_free(x509s, X509_free);
233
234 return ret;
235 }
236
237 /*
238 * call-seq:
239 * PKCS7.encrypt(certs, data, [, cipher [, flags]]) => pkcs7
240 */
241 static VALUE
242 ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
243 {
244 VALUE certs, data, cipher, flags;
245 STACK_OF(X509) *x509s;
246 BIO *in;
247 const EVP_CIPHER *ciph;
248 int flg, status = 0;
249 VALUE ret;
250 PKCS7 *p7;
251
252 rb_scan_args(argc, argv, "22", &certs, &data, &cipher, &flags);
253 if(NIL_P(cipher)){
254 #if !defined(OPENSSL_NO_RC2)
255 ciph = EVP_rc2_40_cbc();
256 #elif !defined(OPENSSL_NO_DES)
257 ciph = EVP_des_ede3_cbc();
258 #elif !defined(OPENSSL_NO_RC2)
259 ciph = EVP_rc2_40_cbc();
260 #elif !defined(OPENSSL_NO_AES)
261 ciph = EVP_EVP_aes_128_cbc();
262 #else
263 ossl_raise(ePKCS7Error, "Must specify cipher");
264 #endif
265
266 }
267 else ciph = GetCipherPtr(cipher); /* NO NEED TO DUP */
268 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
269 in = ossl_obj2bio(data);
270 x509s = ossl_protect_x509_ary2sk(certs, &status);
271 if(status){
272 BIO_free(in);
273 rb_jump_tag(status);
274 }
275 if(!(p7 = PKCS7_encrypt(x509s, in, (EVP_CIPHER*)ciph, flg))){
276 BIO_free(in);
277 sk_X509_pop_free(x509s, X509_free);
278 ossl_raise(ePKCS7Error, NULL);
279 }
280 BIO_free(in);
281 WrapPKCS7(cPKCS7, ret, p7);
282 ossl_pkcs7_set_data(ret, data);
283 sk_X509_pop_free(x509s, X509_free);
284
285 return ret;
286 }
287
288 static VALUE
289 ossl_pkcs7_alloc(VALUE klass)
290 {
291 PKCS7 *pkcs7;
292 VALUE obj;
293
294 if (!(pkcs7 = PKCS7_new())) {
295 ossl_raise(ePKCS7Error, NULL);
296 }
297 WrapPKCS7(klass, obj, pkcs7);
298
299 return obj;
300 }
301
302 /*
303 * call-seq:
304 * PKCS7.new => pkcs7
305 * PKCS7.new(string) => pkcs7
306 *
307 * Many methods in this class aren't documented.
308 */
309 static VALUE
310 ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
311 {
312 PKCS7 *p7, *pkcs = DATA_PTR(self);
313 BIO *in;
314 VALUE arg;
315
316 if(rb_scan_args(argc, argv, "01", &arg) == 0)
317 return self;
318 arg = ossl_to_der_if_possible(arg);
319 in = ossl_obj2bio(arg);
320 p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
321 DATA_PTR(self) = pkcs;
322 if (!p7) {
323 (void)BIO_reset(in);
324 p7 = d2i_PKCS7_bio(in, &pkcs);
325 DATA_PTR(self) = pkcs;
326 }
327 BIO_free(in);
328 ossl_pkcs7_set_data(self, Qnil);
329 ossl_pkcs7_set_err_string(self, Qnil);
330
331 return self;
332 }
333
334 static VALUE
335 ossl_pkcs7_copy(VALUE self, VALUE other)
336 {
337 PKCS7 *a, *b, *pkcs7;
338
339 rb_check_frozen(self);
340 if (self == other) return self;
341
342 GetPKCS7(self, a);
343 SafeGetPKCS7(other, b);
344
345 pkcs7 = PKCS7_dup(b);
346 if (!pkcs7) {
347 ossl_raise(ePKCS7Error, NULL);
348 }
349 DATA_PTR(self) = pkcs7;
350 PKCS7_free(a);
351
352 return self;
353 }
354
355 static int
356 ossl_pkcs7_sym2typeid(VALUE sym)
357 {
358 int i, ret = Qnil;
359 const char *s;
360
361 static struct {
362 const char *name;
363 int nid;
364 } p7_type_tab[] = {
365 { "signed", NID_pkcs7_signed },
366 { "data", NID_pkcs7_data },
367 { "signedAndEnveloped", NID_pkcs7_signedAndEnveloped },
368 { "enveloped", NID_pkcs7_enveloped },
369 { "encrypted", NID_pkcs7_encrypted },
370 { "digest", NID_pkcs7_digest },
371 { NULL, 0 },
372 };
373
374 if(TYPE(sym) == T_SYMBOL) s = rb_id2name(SYM2ID(sym));
375 else s = StringValuePtr(sym);
376 for(i = 0; i < numberof(p7_type_tab); i++){
377 if(p7_type_tab[i].name == NULL)
378 ossl_raise(ePKCS7Error, "unknown type \"%s\"", s);
379 if(strcmp(p7_type_tab[i].name, s) == 0){
380 ret = p7_type_tab[i].nid;
381 break;
382 }
383 }
384
385 return ret;
386 }
387
388 /*
389 * call-seq:
390 * pkcs7.type = type => type
391 */
392 static VALUE
393 ossl_pkcs7_set_type(VALUE self, VALUE type)
394 {
395 PKCS7 *p7;
396
397 GetPKCS7(self, p7);
398 if(!PKCS7_set_type(p7, ossl_pkcs7_sym2typeid(type)))
399 ossl_raise(ePKCS7Error, NULL);
400
401 return type;
402 }
403
404 /*
405 * call-seq:
406 * pkcs7.type => string or nil
407 */
408 static VALUE
409 ossl_pkcs7_get_type(VALUE self)
410 {
411 PKCS7 *p7;
412
413 GetPKCS7(self, p7);
414 if(PKCS7_type_is_signed(p7))
415 return ID2SYM(rb_intern("signed"));
416 if(PKCS7_type_is_encrypted(p7))
417 return ID2SYM(rb_intern("encrypted"));
418 if(PKCS7_type_is_enveloped(p7))
419 return ID2SYM(rb_intern("enveloped"));
420 if(PKCS7_type_is_signedAndEnveloped(p7))
421 return ID2SYM(rb_intern("signedAndEnveloped"));
422 if(PKCS7_type_is_data(p7))
423 return ID2SYM(rb_intern("data"));
424 return Qnil;
425 }
426
427 static VALUE
428 ossl_pkcs7_set_detached(VALUE self, VALUE flag)
429 {
430 PKCS7 *p7;
431
432 GetPKCS7(self, p7);
433 if(flag != Qtrue && flag != Qfalse)
434 ossl_raise(ePKCS7Error, "must specify a boolean");
435 if(!PKCS7_set_detached(p7, flag == Qtrue ? 1 : 0))
436 ossl_raise(ePKCS7Error, NULL);
437
438 return flag;
439 }
440
441 static VALUE
442 ossl_pkcs7_get_detached(VALUE self)
443 {
444 PKCS7 *p7;
445 GetPKCS7(self, p7);
446 return PKCS7_get_detached(p7) ? Qtrue : Qfalse;
447 }
448
449 static VALUE
450 ossl_pkcs7_detached_p(VALUE self)
451 {
452 PKCS7 *p7;
453 GetPKCS7(self, p7);
454 return PKCS7_is_detached(p7) ? Qtrue : Qfalse;
455 }
456
457 static VALUE
458 ossl_pkcs7_set_cipher(VALUE self, VALUE cipher)
459 {
460 PKCS7 *pkcs7;
461
462 GetPKCS7(self, pkcs7);
463 if (!PKCS7_set_cipher(pkcs7, GetCipherPtr(cipher))) {
464 ossl_raise(ePKCS7Error, NULL);
465 }
466
467 return cipher;
468 }
469
470 static VALUE
471 ossl_pkcs7_add_signer(VALUE self, VALUE signer)
472 {
473 PKCS7 *pkcs7;
474 PKCS7_SIGNER_INFO *p7si;
475
476 p7si = DupPKCS7SignerPtr(signer); /* NEED TO DUP */
477 GetPKCS7(self, pkcs7);
478 if (!PKCS7_add_signer(pkcs7, p7si)) {
479 PKCS7_SIGNER_INFO_free(p7si);
480 ossl_raise(ePKCS7Error, "Could not add signer.");
481 }
482 if (PKCS7_type_is_signed(pkcs7)){
483 PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
484 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
485 }
486
487 return self;
488 }
489
490 static VALUE
491 ossl_pkcs7_get_signer(VALUE self)
492 {
493 PKCS7 *pkcs7;
494 STACK_OF(PKCS7_SIGNER_INFO) *sk;
495 PKCS7_SIGNER_INFO *si;
496 int num, i;
497 VALUE ary;
498
499 GetPKCS7(self, pkcs7);
500 if (!(sk = PKCS7_get_signer_info(pkcs7))) {
501 OSSL_Debug("OpenSSL::PKCS7#get_signer_info == NULL!");
502 return rb_ary_new();
503 }
504 if ((num = sk_PKCS7_SIGNER_INFO_num(sk)) < 0) {
505 ossl_raise(ePKCS7Error, "Negative number of signers!");
506 }
507 ary = rb_ary_new2(num);
508 for (i=0; i<num; i++) {
509 si = sk_PKCS7_SIGNER_INFO_value(sk, i);
510 rb_ary_push(ary, ossl_pkcs7si_new(si));
511 }
512
513 return ary;
514 }
515
516 static VALUE
517 ossl_pkcs7_add_recipient(VALUE self, VALUE recip)
518 {
519 PKCS7 *pkcs7;
520 PKCS7_RECIP_INFO *ri;
521
522 ri = DupPKCS7RecipientPtr(recip); /* NEED TO DUP */
523 GetPKCS7(self, pkcs7);
524 if (!PKCS7_add_recipient_info(pkcs7, ri)) {
525 PKCS7_RECIP_INFO_free(ri);
526 ossl_raise(ePKCS7Error, "Could not add recipient.");
527 }
528
529 return self;
530 }
531
532 static VALUE
533 ossl_pkcs7_get_recipient(VALUE self)
534 {
535 PKCS7 *pkcs7;
536 STACK_OF(PKCS7_RECIP_INFO) *sk;
537 PKCS7_RECIP_INFO *si;
538 int num, i;
539 VALUE ary;
540
541 GetPKCS7(self, pkcs7);
542 if (PKCS7_type_is_enveloped(pkcs7))
543 sk = pkcs7->d.enveloped->recipientinfo;
544 else if (PKCS7_type_is_signedAndEnveloped(pkcs7))
545 sk = pkcs7->d.signed_and_enveloped->recipientinfo;
546 else sk = NULL;
547 if (!sk) return rb_ary_new();
548 if ((num = sk_PKCS7_RECIP_INFO_num(sk)) < 0) {
549 ossl_raise(ePKCS7Error, "Negative number of recipient!");
550 }
551 ary = rb_ary_new2(num);
552 for (i=0; i<num; i++) {
553 si = sk_PKCS7_RECIP_INFO_value(sk, i);
554 rb_ary_push(ary, ossl_pkcs7ri_new(si));
555 }
556
557 return ary;
558 }
559
560 static VALUE
561 ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
562 {
563 PKCS7 *pkcs7;
564 X509 *x509;
565
566 GetPKCS7(self, pkcs7);
567 x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
568 if (!PKCS7_add_certificate(pkcs7, x509)){
569 ossl_raise(ePKCS7Error, NULL);
570 }
571
572 return self;
573 }
574
575 static STACK *
576 pkcs7_get_certs_or_crls(VALUE self, int want_certs)
577 {
578 PKCS7 *pkcs7;
579 STACK_OF(X509) *certs;
580 STACK_OF(X509_CRL) *crls;
581 int i;
582
583 GetPKCS7(self, pkcs7);
584 i = OBJ_obj2nid(pkcs7->type);
585 switch(i){
586 case NID_pkcs7_signed:
587 certs = pkcs7->d.sign->cert;
588 crls = pkcs7->d.sign->crl;
589 break;
590 case NID_pkcs7_signedAndEnveloped:
591 certs = pkcs7->d.signed_and_enveloped->cert;
592 crls = pkcs7->d.signed_and_enveloped->crl;
593 break;
594 default:
595 certs = crls = NULL;
596 }
597
598 return want_certs ? certs : crls;
599 }
600
601 static VALUE
602 ossl_pkcs7_set_certs_i(VALUE i, VALUE arg)
603 {
604 return ossl_pkcs7_add_certificate(arg, i);
605 }
606
607 static VALUE
608 ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
609 {
610 STACK_OF(X509) *certs;
611 X509 *cert;
612
613 certs = pkcs7_get_certs_or_crls(self, 1);
614 while((cert = sk_X509_pop(certs))) X509_free(cert);
615 rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
616
617 return ary;
618 }
619
620 static VALUE
621 ossl_pkcs7_get_certificates(VALUE self)
622 {
623 return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
624 }
625
626 static VALUE
627 ossl_pkcs7_add_crl(VALUE self, VALUE crl)
628 {
629 PKCS7 *pkcs7;
630 X509_CRL *x509crl;
631
632 GetPKCS7(self, pkcs7); /* NO DUP needed! */
633 x509crl = GetX509CRLPtr(crl);
634 if (!PKCS7_add_crl(pkcs7, x509crl)) {
635 ossl_raise(ePKCS7Error, NULL);
636 }
637
638 return self;
639 }
640
641 static VALUE
642 ossl_pkcs7_set_crls_i(VALUE i, VALUE arg)
643 {
644 return ossl_pkcs7_add_crl(arg, i);
645 }
646
647 static VALUE
648 ossl_pkcs7_set_crls(VALUE self, VALUE ary)
649 {
650 STACK_OF(X509_CRL) *crls;
651 X509_CRL *crl;
652
653 crls = pkcs7_get_certs_or_crls(self, 0);
654 while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
655 rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
656
657 return ary;
658 }
659
660 static VALUE
661 ossl_pkcs7_get_crls(VALUE self)
662 {
663 return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
664 }
665
666 static VALUE
667 ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
668 {
669 VALUE certs, store, indata, flags;
670 STACK_OF(X509) *x509s;
671 X509_STORE *x509st;
672 int flg, ok, status = 0;
673 BIO *in, *out;
674 PKCS7 *p7;
675 VALUE data;
676 const char *msg;
677
678 rb_scan_args(argc, argv, "22", &certs, &store, &indata, &flags);
679 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
680 if(NIL_P(indata)) indata = ossl_pkcs7_get_data(self);
681 in = NIL_P(indata) ? NULL : ossl_obj2bio(indata);
682 if(NIL_P(certs)) x509s = NULL;
683 else{
684 x509s = ossl_protect_x509_ary2sk(certs, &status);
685 if(status){
686 BIO_free(in);
687 rb_jump_tag(status);
688 }
689 }
690 x509st = GetX509StorePtr(store);
691 GetPKCS7(self, p7);
692 if(!(out = BIO_new(BIO_s_mem()))){
693 BIO_free(in);
694 sk_X509_pop_free(x509s, X509_free);
695 ossl_raise(ePKCS7Error, NULL);
696 }
697 ok = PKCS7_verify(p7, x509s, x509st, in, out, flg);
698 BIO_free(in);
699 if (ok < 0) ossl_raise(ePKCS7Error, NULL);
700 msg = ERR_reason_error_string(ERR_get_error());
701 ossl_pkcs7_set_err_string(self, msg ? rb_str_new2(msg) : Qnil);
702 ERR_clear_error();
703 data = ossl_membio2str(out);
704 ossl_pkcs7_set_data(self, data);
705 sk_X509_pop_free(x509s, X509_free);
706
707 return (ok == 1) ? Qtrue : Qfalse;
708 }
709
710 static VALUE
711 ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
712 {
713 VALUE pkey, cert, flags;
714 EVP_PKEY *key;
715 X509 *x509;
716 int flg;
717 PKCS7 *p7;
718 BIO *out;
719 VALUE str;
720
721 rb_scan_args(argc, argv, "21", &pkey, &cert, &flags);
722 key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */
723 x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
724 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
725 GetPKCS7(self, p7);
726 if(!(out = BIO_new(BIO_s_mem())))
727 ossl_raise(ePKCS7Error, NULL);
728 if(!PKCS7_decrypt(p7, key, x509, out, flg)){
729 BIO_free(out);
730 ossl_raise(ePKCS7Error, NULL);
731 }
732 str = ossl_membio2str(out); /* out will be free */
733
734 return str;
735 }
736
737 static VALUE
738 ossl_pkcs7_add_data(VALUE self, VALUE data)
739 {
740 PKCS7 *pkcs7;
741 BIO *out, *in;
742 char buf[4096];
743 int len;
744
745 in = ossl_obj2bio(data);
746 GetPKCS7(self, pkcs7);
747 if(PKCS7_type_is_signed(pkcs7)){
748 if(!PKCS7_content_new(pkcs7, NID_pkcs7_data))
749 ossl_raise(ePKCS7Error, NULL);
750 }
751 if(!(out = PKCS7_dataInit(pkcs7, NULL))) goto err;
752 for(;;){
753 if((len = BIO_read(in, buf, sizeof(buf))) <= 0)
754 break;
755 if(BIO_write(out, buf, len) != len)
756 goto err;
757 }
758 if(!PKCS7_dataFinal(pkcs7, out)) goto err;
759 ossl_pkcs7_set_data(self, Qnil);
760
761 err:
762 BIO_free(out);
763 BIO_free(in);
764 if(ERR_peek_error()){
765 ossl_raise(ePKCS7Error, NULL);
766 }
767
768 return data;
769 }
770
771 static VALUE
772 ossl_pkcs7_to_der(VALUE self)
773 {
774 PKCS7 *pkcs7;
775 VALUE str;
776 long len;
777 unsigned char *p;
778
779 GetPKCS7(self, pkcs7);
780 if((len = i2d_PKCS7(pkcs7, NULL)) <= 0)
781 ossl_raise(ePKCS7Error, NULL);
782 str = rb_str_new(0, len);
783 p = (unsigned char *)RSTRING_PTR(str);
784 if(i2d_PKCS7(pkcs7, &p) <= 0)
785 ossl_raise(ePKCS7Error, NULL);
786 ossl_str_adjust(str, p);
787
788 return str;
789 }
790
791 static VALUE
792 ossl_pkcs7_to_pem(VALUE self)
793 {
794 PKCS7 *pkcs7;
795 BIO *out;
796 VALUE str;
797
798 GetPKCS7(self, pkcs7);
799 if (!(out = BIO_new(BIO_s_mem()))) {
800 ossl_raise(ePKCS7Error, NULL);
801 }
802 if (!PEM_write_bio_PKCS7(out, pkcs7)) {
803 BIO_free(out);
804 ossl_raise(ePKCS7Error, NULL);
805 }
806 str = ossl_membio2str(out);
807
808 return str;
809 }
810
811 /*
812 * SIGNER INFO
813 */
814 static VALUE
815 ossl_pkcs7si_alloc(VALUE klass)
816 {
817 PKCS7_SIGNER_INFO *p7si;
818 VALUE obj;
819
820 if (!(p7si = PKCS7_SIGNER_INFO_new())) {
821 ossl_raise(ePKCS7Error, NULL);
822 }
823 WrapPKCS7si(klass, obj, p7si);
824
825 return obj;
826 }
827
828 static VALUE
829 ossl_pkcs7si_initialize(VALUE self, VALUE cert, VALUE key, VALUE digest)
830 {
831 PKCS7_SIGNER_INFO *p7si;
832 EVP_PKEY *pkey;
833 X509 *x509;
834 const EVP_MD *md;
835
836 pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
837 x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
838 md = GetDigestPtr(digest);
839 GetPKCS7si(self, p7si);
840 if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, (EVP_MD*)md))) {
841 ossl_raise(ePKCS7Error, NULL);
842 }
843
844 return self;
845 }
846
847 static VALUE
848 ossl_pkcs7si_get_issuer(VALUE self)
849 {
850 PKCS7_SIGNER_INFO *p7si;
851
852 GetPKCS7si(self, p7si);
853
854 return ossl_x509name_new(p7si->issuer_and_serial->issuer);
855 }
856
857 static VALUE
858 ossl_pkcs7si_get_serial(VALUE self)
859 {
860 PKCS7_SIGNER_INFO *p7si;
861
862 GetPKCS7si(self, p7si);
863
864 return asn1integer_to_num(p7si->issuer_and_serial->serial);
865 }
866
867 static VALUE
868 ossl_pkcs7si_get_signed_time(VALUE self)
869 {
870 PKCS7_SIGNER_INFO *p7si;
871 ASN1_TYPE *asn1obj;
872
873 GetPKCS7si(self, p7si);
874
875 if (!(asn1obj = PKCS7_get_signed_attribute(p7si, NID_pkcs9_signingTime))) {
876 ossl_raise(ePKCS7Error, NULL);
877 }
878 if (asn1obj->type == V_ASN1_UTCTIME) {
879 return asn1time_to_time(asn1obj->value.utctime);
880 }
881 /*
882 * OR
883 * ossl_raise(ePKCS7Error, "...");
884 * ?
885 */
886
887 return Qnil;
888 }
889
890 /*
891 * RECIPIENT INFO
892 */
893 static VALUE
894 ossl_pkcs7ri_alloc(VALUE klass)
895 {
896 PKCS7_RECIP_INFO *p7ri;
897 VALUE obj;
898
899 if (!(p7ri = PKCS7_RECIP_INFO_new())) {
900 ossl_raise(ePKCS7Error, NULL);
901 }
902 WrapPKCS7ri(klass, obj, p7ri);
903
904 return obj;
905 }
906
907 static VALUE
908 ossl_pkcs7ri_initialize(VALUE self, VALUE cert)
909 {
910 PKCS7_RECIP_INFO *p7ri;
911 X509 *x509;
912
913 x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
914 GetPKCS7ri(self, p7ri);
915 if (!PKCS7_RECIP_INFO_set(p7ri, x509)) {
916 ossl_raise(ePKCS7Error, NULL);
917 }
918
919 return self;
920 }
921
922 static VALUE
923 ossl_pkcs7ri_get_issuer(VALUE self)
924 {
925 PKCS7_RECIP_INFO *p7ri;
926
927 GetPKCS7ri(self, p7ri);
928
929 return ossl_x509name_new(p7ri->issuer_and_serial->issuer);
930 }
931
932 static VALUE
933 ossl_pkcs7ri_get_serial(VALUE self)
934 {
935 PKCS7_RECIP_INFO *p7ri;
936
937 GetPKCS7ri(self, p7ri);
938
939 return asn1integer_to_num(p7ri->issuer_and_serial->serial);
940 }
941
942 static VALUE
943 ossl_pkcs7ri_get_enc_key(VALUE self)
944 {
945 PKCS7_RECIP_INFO *p7ri;
946
947 GetPKCS7ri(self, p7ri);
948
949 return asn1str_to_str(p7ri->enc_key);
950 }
951
952 /*
953 * INIT
954 */
955 void
956 Init_ossl_pkcs7()
957 {
958 cPKCS7 = rb_define_class_under(mOSSL, "PKCS7", rb_cObject);
959 ePKCS7Error = rb_define_class_under(cPKCS7, "PKCS7Error", eOSSLError);
960 rb_define_singleton_method(cPKCS7, "read_smime", ossl_pkcs7_s_read_smime, 1);
961 rb_define_singleton_method(cPKCS7, "write_smime", ossl_pkcs7_s_write_smime, -1);
962 rb_define_singleton_method(cPKCS7, "sign", ossl_pkcs7_s_sign, -1);
963 rb_define_singleton_method(cPKCS7, "encrypt", ossl_pkcs7_s_encrypt, -1);
964 rb_attr(cPKCS7, rb_intern("data"), 1, 0, Qfalse);
965 rb_attr(cPKCS7, rb_intern("error_string"), 1, 1, Qfalse);
966 rb_define_alloc_func(cPKCS7, ossl_pkcs7_alloc);
967 rb_define_copy_func(cPKCS7, ossl_pkcs7_copy);
968 rb_define_method(cPKCS7, "initialize", ossl_pkcs7_initialize, -1);
969 rb_define_method(cPKCS7, "type=", ossl_pkcs7_set_type, 1);
970 rb_define_method(cPKCS7, "type", ossl_pkcs7_get_type, 0);
971 rb_define_method(cPKCS7, "detached=", ossl_pkcs7_set_detached, 1);
972 rb_define_method(cPKCS7, "detached", ossl_pkcs7_get_detached, 0);
973 rb_define_method(cPKCS7, "detached?", ossl_pkcs7_detached_p, 0);
974 rb_define_method(cPKCS7, "cipher=", ossl_pkcs7_set_cipher, 1);
975 rb_define_method(cPKCS7, "add_signer", ossl_pkcs7_add_signer, 1);
976 rb_define_method(cPKCS7, "signers", ossl_pkcs7_get_signer, 0);
977 rb_define_method(cPKCS7, "add_recipient", ossl_pkcs7_add_recipient, 1);
978 rb_define_method(cPKCS7, "recipients", ossl_pkcs7_get_recipient, 0);
979 rb_define_method(cPKCS7, "add_certificate", ossl_pkcs7_add_certificate, 1);
980 rb_define_method(cPKCS7, "certificates=", ossl_pkcs7_set_certificates, 1);
981 rb_define_method(cPKCS7, "certificates", ossl_pkcs7_get_certificates, 0);
982 rb_define_method(cPKCS7, "add_crl", ossl_pkcs7_add_crl, 1);
983 rb_define_method(cPKCS7, "crls=", ossl_pkcs7_set_crls, 1);
984 rb_define_method(cPKCS7, "crls", ossl_pkcs7_get_crls, 0);
985 rb_define_method(cPKCS7, "add_data", ossl_pkcs7_add_data, 1);
986 rb_define_alias(cPKCS7, "data=", "add_data");
987 rb_define_method(cPKCS7, "verify", ossl_pkcs7_verify, -1);
988 rb_define_method(cPKCS7, "decrypt", ossl_pkcs7_decrypt, -1);
989 rb_define_method(cPKCS7, "to_pem", ossl_pkcs7_to_pem, 0);
990 rb_define_alias(cPKCS7, "to_s", "to_pem");
991 rb_define_method(cPKCS7, "to_der", ossl_pkcs7_to_der, 0);
992
993 cPKCS7Signer = rb_define_class_under(cPKCS7, "SignerInfo", rb_cObject);
994 rb_define_const(cPKCS7, "Signer", cPKCS7Signer);
995 rb_define_alloc_func(cPKCS7Signer, ossl_pkcs7si_alloc);
996 rb_define_method(cPKCS7Signer, "initialize", ossl_pkcs7si_initialize,3);
997 rb_define_method(cPKCS7Signer, "issuer", ossl_pkcs7si_get_issuer, 0);
998 rb_define_alias(cPKCS7Signer, "name", "issuer");
999 rb_define_method(cPKCS7Signer, "serial", ossl_pkcs7si_get_serial,0);
1000 rb_define_method(cPKCS7Signer,"signed_time",ossl_pkcs7si_get_signed_time,0);
1001
1002 cPKCS7Recipient = rb_define_class_under(cPKCS7,"RecipientInfo",rb_cObject);
1003 rb_define_alloc_func(cPKCS7Recipient, ossl_pkcs7ri_alloc);
1004 rb_define_method(cPKCS7Recipient, "initialize", ossl_pkcs7ri_initialize,1);
1005 rb_define_method(cPKCS7Recipient, "issuer", ossl_pkcs7ri_get_issuer,0);
1006 rb_define_method(cPKCS7Recipient, "serial", ossl_pkcs7ri_get_serial,0);
1007 rb_define_method(cPKCS7Recipient, "enc_key", ossl_pkcs7ri_get_enc_key,0);
1008
1009 #define DefPKCS7Const(x) rb_define_const(cPKCS7, #x, INT2NUM(PKCS7_##x))
1010
1011 DefPKCS7Const(TEXT);
1012 DefPKCS7Const(NOCERTS);
1013 DefPKCS7Const(NOSIGS);
1014 DefPKCS7Const(NOCHAIN);
1015 DefPKCS7Const(NOINTERN);
1016 DefPKCS7Const(NOVERIFY);
1017 DefPKCS7Const(DETACHED);
1018 DefPKCS7Const(BINARY);
1019 DefPKCS7Const(NOATTR);
1020 DefPKCS7Const(NOSMIMECAP);
1021 }
ruby svn mirror