search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* io.c (rb_open_file): encoding in mode string was ignored if perm is
[ruby-svn.git] / ext / openssl / ossl_x509store.c
blob769ce8a91ae2f716ea4a5cf1b9b8944719e5c860
1 /*
2 * $Id$
3 * 'OpenSSL for Ruby' project
4 * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5 * All rights reserved.
6 */
7 /*
8 * This program is licenced under the same licence as Ruby.
9 * (See the file 'LICENCE'.)
10 */
11 #include "ossl.h"
12 #include <rubysig.h>
13
14 #define WrapX509Store(klass, obj, st) do { \
15 if (!st) { \
16 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
17 } \
18 obj = Data_Wrap_Struct(klass, 0, X509_STORE_free, st); \
19 } while (0)
20 #define GetX509Store(obj, st) do { \
21 Data_Get_Struct(obj, X509_STORE, st); \
22 if (!st) { \
23 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
24 } \
25 } while (0)
26 #define SafeGetX509Store(obj, st) do { \
27 OSSL_Check_Kind(obj, cX509Store); \
28 GetX509Store(obj, st); \
29 } while (0)
30
31 #define WrapX509StCtx(klass, obj, ctx) do { \
32 if (!ctx) { \
33 ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
34 } \
35 obj = Data_Wrap_Struct(klass, 0, ossl_x509stctx_free, ctx); \
36 } while (0)
37 #define GetX509StCtx(obj, ctx) do { \
38 Data_Get_Struct(obj, X509_STORE_CTX, ctx); \
39 if (!ctx) { \
40 ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
41 } \
42 } while (0)
43 #define SafeGetX509StCtx(obj, storep) do { \
44 OSSL_Check_Kind(obj, cX509StoreContext); \
45 GetX509Store(obj, ctx); \
46 } while (0)
47
48 /*
49 * Classes
50 */
51 VALUE cX509Store;
52 VALUE cX509StoreContext;
53 VALUE eX509StoreError;
54
55 /*
56 * Public functions
57 */
58 VALUE
59 ossl_x509store_new(X509_STORE *store)
60 {
61 VALUE obj;
62
63 WrapX509Store(cX509Store, obj, store);
64
65 return obj;
66 }
67
68 X509_STORE *
69 GetX509StorePtr(VALUE obj)
70 {
71 X509_STORE *store;
72
73 SafeGetX509Store(obj, store);
74
75 return store;
76 }
77
78 X509_STORE *
79 DupX509StorePtr(VALUE obj)
80 {
81 X509_STORE *store;
82
83 SafeGetX509Store(obj, store);
84 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
85
86 return store;
87 }
88
89 /*
90 * Private functions
91 */
92 static VALUE
93 ossl_x509store_alloc(VALUE klass)
94 {
95 X509_STORE *store;
96 VALUE obj;
97
98 if((store = X509_STORE_new()) == NULL){
99 ossl_raise(eX509StoreError, NULL);
100 }
101 WrapX509Store(klass, obj, store);
102
103 return obj;
104 }
105
106 /*
107 * General callback for OpenSSL verify
108 */
109 static VALUE
110 ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
111 {
112 X509_STORE *store;
113
114 GetX509Store(self, store);
115 X509_STORE_set_ex_data(store, ossl_verify_cb_idx, (void*)cb);
116 rb_iv_set(self, "@verify_callback", cb);
117
118 return cb;
119 }
120
121
122 /*
123 * call-seq:
124 * X509::Store.new => store
125 *
126 */
127 static VALUE
128 ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
129 {
130 X509_STORE *store;
131
132 /* BUG: This method takes any number of arguments but appears to ignore them. */
133 GetX509Store(self, store);
134 X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
135 ossl_x509store_set_vfy_cb(self, Qnil);
136
137 #if (OPENSSL_VERSION_NUMBER < 0x00907000L)
138 rb_iv_set(self, "@flags", INT2NUM(0));
139 rb_iv_set(self, "@purpose", INT2NUM(0));
140 rb_iv_set(self, "@trust", INT2NUM(0));
141 #endif
142
143 /* last verification status */
144 rb_iv_set(self, "@error", Qnil);
145 rb_iv_set(self, "@error_string", Qnil);
146 rb_iv_set(self, "@chain", Qnil);
147 rb_iv_set(self, "@time", Qnil);
148
149 return self;
150 }
151
152 static VALUE
153 ossl_x509store_set_flags(VALUE self, VALUE flags)
154 {
155 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
156 X509_STORE *store;
157 long f = NUM2LONG(flags);
158
159 GetX509Store(self, store);
160 X509_STORE_set_flags(store, f);
161 #else
162 rb_iv_set(self, "@flags", flags);
163 #endif
164
165 return flags;
166 }
167
168 static VALUE
169 ossl_x509store_set_purpose(VALUE self, VALUE purpose)
170 {
171 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
172 X509_STORE *store;
173 long p = NUM2LONG(purpose);
174
175 GetX509Store(self, store);
176 X509_STORE_set_purpose(store, p);
177 #else
178 rb_iv_set(self, "@purpose", purpose);
179 #endif
180
181 return purpose;
182 }
183
184 static VALUE
185 ossl_x509store_set_trust(VALUE self, VALUE trust)
186 {
187 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
188 X509_STORE *store;
189 long t = NUM2LONG(trust);
190
191 GetX509Store(self, store);
192 X509_STORE_set_trust(store, t);
193 #else
194 rb_iv_set(self, "@trust", trust);
195 #endif
196
197 return trust;
198 }
199
200 static VALUE
201 ossl_x509store_set_time(VALUE self, VALUE time)
202 {
203 rb_iv_set(self, "@time", time);
204 return time;
205 }
206
207 static VALUE
208 ossl_x509store_add_file(VALUE self, VALUE file)
209 {
210 X509_STORE *store;
211 X509_LOOKUP *lookup;
212 char *path = NULL;
213
214 if(file != Qnil){
215 Check_SafeStr(file);
216 path = RSTRING_PTR(file);
217 }
218 GetX509Store(self, store);
219 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
220 if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
221 if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
222 ossl_raise(eX509StoreError, NULL);
223 }
224
225 return self;
226 }
227
228 static VALUE
229 ossl_x509store_add_path(VALUE self, VALUE dir)
230 {
231 X509_STORE *store;
232 X509_LOOKUP *lookup;
233 char *path = NULL;
234
235 if(dir != Qnil){
236 Check_SafeStr(dir);
237 path = RSTRING_PTR(dir);
238 }
239 GetX509Store(self, store);
240 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
241 if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
242 if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
243 ossl_raise(eX509StoreError, NULL);
244 }
245
246 return self;
247 }
248
249 static VALUE
250 ossl_x509store_set_default_paths(VALUE self)
251 {
252 X509_STORE *store;
253
254 GetX509Store(self, store);
255 if (X509_STORE_set_default_paths(store) != 1){
256 ossl_raise(eX509StoreError, NULL);
257 }
258
259 return Qnil;
260 }
261
262 static VALUE
263 ossl_x509store_add_cert(VALUE self, VALUE arg)
264 {
265 X509_STORE *store;
266 X509 *cert;
267
268 cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
269 GetX509Store(self, store);
270 if (X509_STORE_add_cert(store, cert) != 1){
271 ossl_raise(eX509StoreError, NULL);
272 }
273
274 return self;
275 }
276
277 static VALUE
278 ossl_x509store_add_crl(VALUE self, VALUE arg)
279 {
280 X509_STORE *store;
281 X509_CRL *crl;
282
283 crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
284 GetX509Store(self, store);
285 if (X509_STORE_add_crl(store, crl) != 1){
286 ossl_raise(eX509StoreError, NULL);
287 }
288
289 return self;
290 }
291
292 static VALUE ossl_x509stctx_get_err(VALUE);
293 static VALUE ossl_x509stctx_get_err_string(VALUE);
294 static VALUE ossl_x509stctx_get_chain(VALUE);
295
296 static VALUE
297 ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
298 {
299 VALUE cert, chain;
300 VALUE ctx, proc, result;
301
302 rb_scan_args(argc, argv, "11", &cert, &chain);
303 ctx = rb_funcall(cX509StoreContext, rb_intern("new"), 3, self, cert, chain);
304 proc = rb_block_given_p() ? rb_block_proc() :
305 rb_iv_get(self, "@verify_callback");
306 rb_iv_set(ctx, "@verify_callback", proc);
307 result = rb_funcall(ctx, rb_intern("verify"), 0);
308
309 rb_iv_set(self, "@error", ossl_x509stctx_get_err(ctx));
310 rb_iv_set(self, "@error_string", ossl_x509stctx_get_err_string(ctx));
311 rb_iv_set(self, "@chain", ossl_x509stctx_get_chain(ctx));
312
313 return result;
314 }
315
316 /*
317 * Public Functions
318 */
319 static void ossl_x509stctx_free(X509_STORE_CTX*);
320
321 VALUE
322 ossl_x509stctx_new(X509_STORE_CTX *ctx)
323 {
324 VALUE obj;
325
326 WrapX509StCtx(cX509StoreContext, obj, ctx);
327
328 return obj;
329 }
330
331 VALUE
332 ossl_x509stctx_clear_ptr(VALUE obj)
333 {
334 OSSL_Check_Kind(obj, cX509StoreContext);
335 RDATA(obj)->data = NULL;
336
337 return obj;
338 }
339
340 /*
341 * Private functions
342 */
343 static void
344 ossl_x509stctx_free(X509_STORE_CTX *ctx)
345 {
346 if(ctx->untrusted)
347 sk_X509_pop_free(ctx->untrusted, X509_free);
348 if(ctx->cert)
349 X509_free(ctx->cert);
350 X509_STORE_CTX_free(ctx);
351 }
352
353 static VALUE
354 ossl_x509stctx_alloc(VALUE klass)
355 {
356 X509_STORE_CTX *ctx;
357 VALUE obj;
358
359 if((ctx = X509_STORE_CTX_new()) == NULL){
360 ossl_raise(eX509StoreError, NULL);
361 }
362 WrapX509StCtx(klass, obj, ctx);
363
364 return obj;
365 }
366
367 static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
368 static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
369 static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
370 static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
371
372 static VALUE
373 ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
374 {
375 VALUE store, cert, chain, t;
376 X509_STORE_CTX *ctx;
377 X509_STORE *x509st;
378 X509 *x509 = NULL;
379 STACK_OF(X509) *x509s = NULL;
380
381 rb_scan_args(argc, argv, "12", &store, &cert, &chain);
382 GetX509StCtx(self, ctx);
383 SafeGetX509Store(store, x509st);
384 if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
385 if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
386 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
387 if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
388 sk_X509_pop_free(x509s, X509_free);
389 ossl_raise(eX509StoreError, NULL);
390 }
391 #else
392 X509_STORE_CTX_init(ctx, x509st, x509, x509s);
393 ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
394 ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
395 ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
396 #endif
397 if (!NIL_P(t = rb_iv_get(store, "@time")))
398 ossl_x509stctx_set_time(self, t);
399 rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
400 rb_iv_set(self, "@cert", cert);
401
402 return self;
403 }
404
405 static VALUE
406 ossl_x509stctx_verify(VALUE self)
407 {
408 X509_STORE_CTX *ctx;
409 int result;
410
411 GetX509StCtx(self, ctx);
412 X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
413 (void*)rb_iv_get(self, "@verify_callback"));
414 result = X509_verify_cert(ctx);
415
416 return result ? Qtrue : Qfalse;
417 }
418
419 static VALUE
420 ossl_x509stctx_get_chain(VALUE self)
421 {
422 X509_STORE_CTX *ctx;
423 STACK_OF(X509) *chain;
424 X509 *x509;
425 int i, num;
426 VALUE ary;
427
428 GetX509StCtx(self, ctx);
429 if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
430 return Qnil;
431 }
432 if((num = sk_X509_num(chain)) < 0){
433 OSSL_Debug("certs in chain < 0???");
434 return rb_ary_new();
435 }
436 ary = rb_ary_new2(num);
437 for(i = 0; i < num; i++) {
438 x509 = sk_X509_value(chain, i);
439 rb_ary_push(ary, ossl_x509_new(x509));
440 }
441
442 return ary;
443 }
444
445 static VALUE
446 ossl_x509stctx_get_err(VALUE self)
447 {
448 X509_STORE_CTX *ctx;
449
450 GetX509StCtx(self, ctx);
451
452 return INT2FIX(X509_STORE_CTX_get_error(ctx));
453 }
454
455 static VALUE
456 ossl_x509stctx_set_error(VALUE self, VALUE err)
457 {
458 X509_STORE_CTX *ctx;
459
460 GetX509StCtx(self, ctx);
461 X509_STORE_CTX_set_error(ctx, NUM2INT(err));
462
463 return err;
464 }
465
466 static VALUE
467 ossl_x509stctx_get_err_string(VALUE self)
468 {
469 X509_STORE_CTX *ctx;
470 long err;
471
472 GetX509StCtx(self, ctx);
473 err = X509_STORE_CTX_get_error(ctx);
474
475 return rb_str_new2(X509_verify_cert_error_string(err));
476 }
477
478 static VALUE
479 ossl_x509stctx_get_err_depth(VALUE self)
480 {
481 X509_STORE_CTX *ctx;
482
483 GetX509StCtx(self, ctx);
484
485 return INT2FIX(X509_STORE_CTX_get_error_depth(ctx));
486 }
487
488 static VALUE
489 ossl_x509stctx_get_curr_cert(VALUE self)
490 {
491 X509_STORE_CTX *ctx;
492
493 GetX509StCtx(self, ctx);
494
495 return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
496 }
497
498 static VALUE
499 ossl_x509stctx_get_curr_crl(VALUE self)
500 {
501 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
502 X509_STORE_CTX *ctx;
503
504 GetX509StCtx(self, ctx);
505 if(!ctx->current_crl) return Qnil;
506
507 return ossl_x509crl_new(ctx->current_crl);
508 #else
509 return Qnil;
510 #endif
511 }
512
513 static VALUE
514 ossl_x509stctx_cleanup(VALUE self)
515 {
516 X509_STORE_CTX *ctx;
517
518 GetX509StCtx(self, ctx);
519 X509_STORE_CTX_cleanup(ctx);
520
521 return self;
522 }
523
524 static VALUE
525 ossl_x509stctx_set_flags(VALUE self, VALUE flags)
526 {
527 X509_STORE_CTX *store;
528 long f = NUM2LONG(flags);
529
530 GetX509StCtx(self, store);
531 X509_STORE_CTX_set_flags(store, f);
532
533 return flags;
534 }
535
536 static VALUE
537 ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
538 {
539 X509_STORE_CTX *store;
540 long p = NUM2LONG(purpose);
541
542 GetX509StCtx(self, store);
543 X509_STORE_CTX_set_purpose(store, p);
544
545 return purpose;
546 }
547
548 static VALUE
549 ossl_x509stctx_set_trust(VALUE self, VALUE trust)
550 {
551 X509_STORE_CTX *store;
552 long t = NUM2LONG(trust);
553
554 GetX509StCtx(self, store);
555 X509_STORE_CTX_set_trust(store, t);
556
557 return trust;
558 }
559
560 /*
561 * call-seq:
562 * storectx.time = time => time
563 */
564 static VALUE
565 ossl_x509stctx_set_time(VALUE self, VALUE time)
566 {
567 X509_STORE_CTX *store;
568 long t;
569
570 t = NUM2LONG(rb_Integer(time));
571 GetX509StCtx(self, store);
572 X509_STORE_CTX_set_time(store, 0, t);
573
574 return time;
575 }
576
577 /*
578 * INIT
579 */
580 void
581 Init_ossl_x509store()
582 {
583 VALUE x509stctx;
584
585 eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError);
586
587 cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
588 rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
589 rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
590 rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
591 rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
592 rb_define_alloc_func(cX509Store, ossl_x509store_alloc);
593 rb_define_method(cX509Store, "initialize", ossl_x509store_initialize, -1);
594 rb_define_method(cX509Store, "verify_callback=", ossl_x509store_set_vfy_cb, 1);
595 rb_define_method(cX509Store, "flags=", ossl_x509store_set_flags, 1);
596 rb_define_method(cX509Store, "purpose=", ossl_x509store_set_purpose, 1);
597 rb_define_method(cX509Store, "trust=", ossl_x509store_set_trust, 1);
598 rb_define_method(cX509Store, "time=", ossl_x509store_set_time, 1);
599 rb_define_method(cX509Store, "add_path", ossl_x509store_add_path, 1);
600 rb_define_method(cX509Store, "add_file", ossl_x509store_add_file, 1);
601 rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0);
602 rb_define_method(cX509Store, "add_cert", ossl_x509store_add_cert, 1);
603 rb_define_method(cX509Store, "add_crl", ossl_x509store_add_crl, 1);
604 rb_define_method(cX509Store, "verify", ossl_x509store_verify, -1);
605
606 cX509StoreContext = rb_define_class_under(mX509,"StoreContext",rb_cObject);
607 x509stctx = cX509StoreContext;
608 rb_define_alloc_func(cX509StoreContext, ossl_x509stctx_alloc);
609 rb_define_method(x509stctx,"initialize", ossl_x509stctx_initialize, -1);
610 rb_define_method(x509stctx,"verify", ossl_x509stctx_verify, 0);
611 rb_define_method(x509stctx,"chain", ossl_x509stctx_get_chain,0);
612 rb_define_method(x509stctx,"error", ossl_x509stctx_get_err, 0);
613 rb_define_method(x509stctx,"error=", ossl_x509stctx_set_error, 1);
614 rb_define_method(x509stctx,"error_string",ossl_x509stctx_get_err_string,0);
615 rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0);
616 rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
617 rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
618 rb_define_method(x509stctx,"cleanup", ossl_x509stctx_cleanup, 0);
619 rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1);
620 rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1);
621 rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1);
622 rb_define_method(x509stctx,"time=", ossl_x509stctx_set_time, 1);
623
624 }
ruby svn mirror