summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-01-21 10:51:04 +0100
committerStef Walter <stefw@gnome.org>2013-02-05 14:54:53 +0100
commit67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5 (patch)
treef6a6b30e9abcf03bd66bd6a1f5e6ba7dee0d8969
parent5e4a3ea9b8f254d99544490eed8e17e88c81f975 (diff)
Move the X.509 extension parsing code in common/
* So it can be used by other code, in addition to the trust stuff
-rw-r--r--common/tests/test-x509.c191
-rw-r--r--common/x509.c67
-rw-r--r--common/x509.h9
-rw-r--r--trust/adapter.c132
-rw-r--r--trust/parser.c69
5 files changed, 335 insertions, 133 deletions
diff --git a/common/tests/test-x509.c b/common/tests/test-x509.c
index 17e25bf..0341ed9 100644
--- a/common/tests/test-x509.c
+++ b/common/tests/test-x509.c
@@ -88,13 +88,134 @@ static const char test_eku_client_email_and_timestamp[] = {
0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08,
};
+static const unsigned char test_cacert3_ca_der[] = {
+ 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a,
+ 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+ 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f,
+ 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15,
+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72,
+ 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19,
+ 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20,
+ 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72,
+ 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d,
+ 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32,
+ 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14,
+ 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20,
+ 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
+ 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74,
+ 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43,
+ 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f,
+ 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82,
+ 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43,
+ 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda,
+ 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24,
+ 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe,
+ 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5,
+ 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8,
+ 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c,
+ 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82,
+ 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2,
+ 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60,
+ 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a,
+ 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21,
+ 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a,
+ 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74,
+ 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f,
+ 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3,
+ 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed,
+ 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc,
+ 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54,
+ 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b,
+ 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29,
+ 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8,
+ 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba,
+ 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41,
+ 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70,
+ 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9,
+ 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c,
+ 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9,
+ 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f,
+ 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac,
+ 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66,
+ 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40,
+ 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09,
+ 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c,
+ 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30,
+ 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16,
+ 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2,
+ 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+ 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06,
+ 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
+ 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69,
+ 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31,
+ 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12,
+ 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f,
+ 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e,
+ 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b,
+ 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
+ 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63,
+ 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41,
+ 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31,
+ 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70,
+ 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72,
+ 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31,
+ 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27,
+ 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63,
+ 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68,
+ 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86,
+ 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79,
+ 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+ 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f,
+ 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43,
+ 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85,
+ 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c,
+ 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04,
+ 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72,
+ 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47,
+ 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe,
+ 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c,
+ 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8,
+ 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33,
+ 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7,
+ 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7,
+ 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac,
+ 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e,
+ 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a,
+ 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39,
+ 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18,
+ 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56,
+ 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0,
+ 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00,
+ 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed,
+ 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58,
+ 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06,
+ 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3,
+ 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b,
+ 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7,
+ 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7,
+ 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9,
+ 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38,
+ 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3,
+ 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d,
+ 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f,
+ 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4,
+ 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a,
+};
+
struct {
const char *eku;
size_t length;
const char *expected[16];
} extended_key_usage_fixtures[] = {
{ test_eku_server_and_client, sizeof (test_eku_server_and_client),
- { P11_OID_CLIENT_AUTH_STR, P11_OID_SERVER_AUTH_STR, NULL }, },
+ { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, },
{ test_eku_none, sizeof (test_eku_none),
{ NULL, }, },
{ test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp),
@@ -105,8 +226,8 @@ struct {
static void
test_parse_extended_key_usage (CuTest *cu)
{
- p11_dict *ekus;
- int i, j;
+ p11_array *ekus;
+ int i, j, count;
setup (cu);
@@ -116,11 +237,13 @@ test_parse_extended_key_usage (CuTest *cu)
extended_key_usage_fixtures[i].length);
CuAssertPtrNotNull (cu, ekus);
- for (j = 0; extended_key_usage_fixtures[i].expected[j] != NULL; j++)
- CuAssertTrue (cu, p11_dict_get (ekus, extended_key_usage_fixtures[i].expected[j]) != NULL);
- CuAssertIntEquals (cu, j, p11_dict_size (ekus));
+ for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++);
- p11_dict_free (ekus);
+ CuAssertIntEquals (cu, count, ekus->num);
+ for (j = 0; j < count; j++)
+ CuAssertStrEquals (cu, ekus->elem[j], extended_key_usage_fixtures[i].expected[j]);
+
+ p11_array_free (ekus);
}
teardown (cu);
@@ -160,6 +283,58 @@ test_parse_key_usage (CuTest *cu)
teardown (cu);
}
+static void
+test_parse_extension (CuTest *cu)
+{
+ node_asn *cert;
+ unsigned char *ext;
+ size_t length;
+ bool is_ca;
+
+ setup (cu);
+
+ cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate",
+ test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
+ CuAssertPtrNotNull (cu, cert);
+
+ ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS,
+ test_cacert3_ca_der, sizeof (test_cacert3_ca_der),
+ &length);
+ CuAssertPtrNotNull (cu, ext);
+ CuAssertTrue (cu, length > 0);
+
+ asn1_delete_structure (&cert);
+
+ if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca))
+ CuFail (cu, "failed to parse message");
+
+ free (ext);
+
+ teardown (cu);
+}
+static void
+test_parse_extension_not_found (CuTest *cu)
+{
+ node_asn *cert;
+ unsigned char *ext;
+ size_t length;
+
+ setup (cu);
+
+ cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate",
+ test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
+ CuAssertPtrNotNull (cu, cert);
+
+ ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT,
+ test_cacert3_ca_der, sizeof (test_cacert3_ca_der),
+ &length);
+ CuAssertPtrEquals (cu, NULL, ext);
+
+ asn1_delete_structure (&cert);
+
+ teardown (cu);
+}
+
int
main (void)
{
@@ -172,6 +347,8 @@ main (void)
SUITE_ADD_TEST (suite, test_parse_extended_key_usage);
SUITE_ADD_TEST (suite, test_parse_key_usage);
+ SUITE_ADD_TEST (suite, test_parse_extension);
+ SUITE_ADD_TEST (suite, test_parse_extension_not_found);
CuSuiteRun (suite);
CuSuiteSummary (suite, output);
diff --git a/common/x509.c b/common/x509.c
index 8eb513d..bfb49df 100644
--- a/common/x509.c
+++ b/common/x509.c
@@ -43,6 +43,65 @@
#include <stdlib.h>
#include <string.h>
+unsigned char *
+p11_x509_find_extension (node_asn *cert,
+ const unsigned char *oid,
+ const unsigned char *der,
+ size_t der_len,
+ size_t *ext_len)
+{
+ char field[128];
+ char *value;
+ int start;
+ int end;
+ int ret;
+ int len;
+ int i;
+
+ return_val_if_fail (cert != NULL, NULL);
+ return_val_if_fail (oid != NULL, NULL);
+ return_val_if_fail (ext_len != NULL, NULL);
+
+ for (i = 1; ; i++) {
+ if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0)
+ return_val_if_reached (NULL);
+
+ ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end);
+
+ /* No more extensions */
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ break;
+
+ return_val_if_fail (ret == ASN1_SUCCESS, NULL);
+
+ /* Make sure it's a straightforward oid with certain assumptions */
+ if (!p11_oid_simple (der + start, (end - start) + 1))
+ continue;
+
+ /* The one we're lookin for? */
+ if (!p11_oid_equal (der + start, oid))
+ continue;
+
+ if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0)
+ return_val_if_reached (NULL);
+
+ len = 0;
+ ret = asn1_read_value (cert, field, NULL, &len);
+ return_val_if_fail (ret == ASN1_MEM_ERROR, NULL);
+
+ value = malloc (len);
+ return_val_if_fail (value != NULL, NULL);
+
+ ret = asn1_read_value (cert, field, value, &len);
+ return_val_if_fail (ret == ASN1_SUCCESS, NULL);
+
+ *ext_len = len;
+ return (unsigned char *)value;
+ }
+
+ return NULL;
+}
+
bool
p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
const unsigned char *ext_der,
@@ -98,14 +157,14 @@ p11_x509_parse_key_usage (p11_dict *asn1_defs,
return true;
}
-p11_dict *
+p11_array *
p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
const unsigned char *ext_der,
size_t ext_len)
{
node_asn *asn;
char field[128];
- p11_dict *ekus;
+ p11_array *ekus;
char *eku;
int ret;
int len;
@@ -115,7 +174,7 @@ p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
if (asn == NULL)
return NULL;
- ekus = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
+ ekus = p11_array_new (free);
for (i = 1; ; i++) {
if (snprintf (field, sizeof (field), "?%u", i) < 0)
@@ -142,7 +201,7 @@ p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
continue;
}
- if (!p11_dict_set (ekus, eku, eku))
+ if (!p11_array_push (ekus, eku))
return_val_if_reached (NULL);
}
diff --git a/common/x509.h b/common/x509.h
index b7c9a5e..2ec5eb8 100644
--- a/common/x509.h
+++ b/common/x509.h
@@ -34,11 +34,18 @@
#include <libtasn1.h>
+#include "array.h"
#include "dict.h"
#ifndef P11_X509_H_
#define P11_X509_H_
+unsigned char * p11_x509_find_extension (node_asn *cert,
+ const unsigned char *oid,
+ const unsigned char *der,
+ size_t der_len,
+ size_t *ext_len);
+
bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
const unsigned char *ext_der,
size_t ext_len,
@@ -49,7 +56,7 @@ bool p11_x509_parse_key_usage (p11_dict *asn1_defs,
size_t length,
unsigned int *ku);
-p11_dict * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
+p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
const unsigned char *ext_der,
size_t ext_len);
diff --git a/trust/adapter.c b/trust/adapter.c
index c698382..d17cb70 100644
--- a/trust/adapter.c
+++ b/trust/adapter.c
@@ -113,14 +113,38 @@ build_trust_object_ku (p11_parser *parser,
return p11_attrs_buildn (object, attrs, i);
}
+static bool
+strv_to_dict (const char **array,
+ p11_dict **dict)
+{
+ int i;
+
+ if (!array) {
+ *dict = NULL;
+ return true;
+ }
+
+ *dict = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
+ return_val_if_fail (*dict != NULL, false);
+
+ for (i = 0; array[i] != NULL; i++) {
+ if (!p11_dict_set (*dict, (void *)array[i], (void *)array[i]))
+ return_val_if_reached (false);
+ }
+
+ return true;
+}
+
static CK_ATTRIBUTE *
build_trust_object_eku (p11_parser *parser,
p11_array *parsing,
CK_ATTRIBUTE *object,
CK_TRUST allow,
- p11_dict *purposes,
- p11_dict *rejects)
+ const char **purposes,
+ const char **rejects)
{
+ p11_dict *dict_purp;
+ p11_dict *dict_rej;
CK_TRUST neutral;
CK_TRUST disallow;
CK_ULONG i;
@@ -142,6 +166,10 @@ build_trust_object_eku (p11_parser *parser,
CK_ATTRIBUTE attrs[sizeof (eku_attribute_map)];
+ if (!strv_to_dict (purposes, &dict_purp) ||
+ !strv_to_dict (rejects, &dict_rej))
+ return_val_if_reached (NULL);
+
/* The neutral value is set if an purpose is not present */
if (allow == CKT_NETSCAPE_UNTRUSTED)
neutral = CKT_NETSCAPE_UNTRUSTED;
@@ -159,10 +187,10 @@ build_trust_object_eku (p11_parser *parser,
for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) {
attrs[i].type = eku_attribute_map[i].type;
- if (rejects && p11_dict_get (rejects, eku_attribute_map[i].oid)) {
+ if (dict_rej && p11_dict_get (dict_rej, eku_attribute_map[i].oid)) {
attrs[i].pValue = &disallow;
attrs[i].ulValueLen = sizeof (disallow);
- } else if (purposes && p11_dict_get (purposes, eku_attribute_map[i].oid)) {
+ } else if (dict_purp && p11_dict_get (dict_purp, eku_attribute_map[i].oid)) {
attrs[i].pValue = &allow;
attrs[i].ulValueLen = sizeof (allow);
} else {
@@ -171,6 +199,9 @@ build_trust_object_eku (p11_parser *parser,
}
}
+ p11_dict_free (dict_purp);
+ p11_dict_free (dict_rej);
+
return p11_attrs_buildn (object, attrs, i);
}
@@ -181,8 +212,8 @@ build_nss_trust_object (p11_parser *parser,
CK_BBOOL trust,
CK_BBOOL distrust,
CK_BBOOL authority,
- p11_dict *purposes,
- p11_dict *rejects)
+ const char **purposes,
+ const char **rejects)
{
CK_ATTRIBUTE *object = NULL;
CK_TRUST allow;
@@ -257,34 +288,12 @@ build_nss_trust_object (p11_parser *parser,
return_if_reached ();
}
-static const char *
-yield_oid_from_vec (void **state)
-{
- const char **oids = *state;
- const char *ret = NULL;
- if (*oids != NULL)
- ret = *(oids++);
- *state = oids;
- return ret;
-}
-
-static const char *
-yield_oid_from_dict (void **state)
-{
- p11_dictiter *iter = *state;
- const char *ret = NULL;
- if (iter && !p11_dict_next (iter, (void**)&ret, NULL))
- *state = NULL;
- return ret;
-}
-
static void
build_assertions (p11_parser *parser,
p11_array *parsing,
CK_ATTRIBUTE *cert,
CK_X_ASSERTION_TYPE type,
- const char * (oid_iter) (void **),
- void *oid_state)
+ const char **oids)
{
CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION;
CK_BBOOL vtrue = CK_TRUE;
@@ -304,7 +313,7 @@ build_assertions (p11_parser *parser,
CK_ATTRIBUTE *label;
CK_ATTRIBUTE *id;
CK_ATTRIBUTE *object;
- const char *oid_str;
+ int i;
label = p11_attrs_find (cert, CKA_LABEL);
if (label == NULL)
@@ -317,13 +326,9 @@ build_assertions (p11_parser *parser,
return_if_fail (id != NULL && issuer != NULL && serial != NULL && value != NULL);
- for (;;) {
- oid_str = (oid_iter) (&oid_state);
- if (!oid_str)
- break;
-
- purpose.pValue = (void *)oid_str;
- purpose.ulValueLen = strlen (oid_str);
+ for (i = 0; oids[i] != NULL; i++) {
+ purpose.pValue = (void *)oids[i];
+ purpose.ulValueLen = strlen (oids[i]);
object = p11_attrs_build (NULL, &klass, &token, &private, &modifiable,
id, label, &assertion_type, &purpose,
@@ -342,11 +347,9 @@ build_trust_assertions (p11_parser *parser,
CK_BBOOL trust,
CK_BBOOL distrust,
CK_BBOOL authority,
- p11_dict *purposes,
- p11_dict *rejects)
+ const char **purposes,
+ const char **rejects)
{
- p11_dictiter iter;
-
const char *all_purposes[] = {
P11_OID_SERVER_AUTH_STR,
P11_OID_CLIENT_AUTH_STR,
@@ -361,9 +364,8 @@ build_trust_assertions (p11_parser *parser,
/* Build assertions for anything that's explicitly rejected */
if (rejects) {
- p11_dict_iterate (rejects, &iter);
- build_assertions (parser, parsing, cert, CKT_X_DISTRUSTED_CERTIFICATE,
- yield_oid_from_dict, &iter);
+ build_assertions (parser, parsing, cert,
+ CKT_X_DISTRUSTED_CERTIFICATE, rejects);
}
if (distrust) {
@@ -372,8 +374,8 @@ build_trust_assertions (p11_parser *parser,
* for any purposes. So we just have to go wild and write out a bunch of
* assertions for all our known purposes.
*/
- build_assertions (parser, parsing, cert, CKT_X_DISTRUSTED_CERTIFICATE,
- yield_oid_from_vec, all_purposes);
+ build_assertions (parser, parsing, cert,
+ CKT_X_DISTRUSTED_CERTIFICATE, all_purposes);
}
/*
@@ -384,13 +386,12 @@ build_trust_assertions (p11_parser *parser,
if (trust && authority) {
if (purposes) {
/* If purposes explicitly set, then anchor for those purposes */
- p11_dict_iterate (purposes, &iter);
- build_assertions (parser, parsing, cert, CKT_X_ANCHORED_CERTIFICATE,
- yield_oid_from_dict, &iter);
+ build_assertions (parser, parsing, cert,
+ CKT_X_ANCHORED_CERTIFICATE, purposes);
} else {
/* If purposes not-explicitly set, then anchor for all known */
- build_assertions (parser, parsing, cert, CKT_X_ANCHORED_CERTIFICATE,
- yield_oid_from_vec, all_purposes);
+ build_assertions (parser, parsing, cert,
+ CKT_X_ANCHORED_CERTIFICATE, all_purposes);
}
}
}
@@ -404,8 +405,10 @@ p11_adapter_build_objects (p11_parser *parser,
CK_BBOOL trust = CK_FALSE;
CK_BBOOL distrust = CK_FALSE;
CK_BBOOL authority = CK_FALSE;
- p11_dict *purposes = NULL;
- p11_dict *rejects = NULL;
+ p11_array *purposes = NULL;
+ p11_array *rejects = NULL;
+ const char **purposev;
+ const char **rejectv;
unsigned char *data;
p11_dict *defs;
size_t length;
@@ -431,7 +434,7 @@ p11_adapter_build_objects (p11_parser *parser,
if (data) {
defs = p11_parser_get_asn1_defs (parser);
purposes = p11_x509_parse_extended_key_usage (defs, data, length);
- if (purposes == NULL)
+ if (purposes == NULL)
p11_message ("invalid extended key usage certificate extension");
free (data);
}
@@ -446,11 +449,24 @@ p11_adapter_build_objects (p11_parser *parser,
}
}
+ /* null-terminate these arrays and use as strv's */
+ purposev = rejectv = NULL;
+ if (rejects) {
+ if (!p11_array_push (rejects, NULL))
+ return_if_reached ();
+ rejectv = (const char **)rejects->elem;
+ }
+ if (purposes) {
+ if (!p11_array_push (purposes, NULL))
+ return_if_reached ();
+ purposev = (const char **)purposes->elem;
+ }
+
build_nss_trust_object (parser, parsing, cert, trust, distrust,
- authority, purposes, rejects);
+ authority, purposev, rejectv);
build_trust_assertions (parser, parsing, cert, trust, distrust,
- authority, purposes, rejects);
+ authority, purposev, rejectv);
- p11_dict_free (purposes);
- p11_dict_free (rejects);
+ p11_array_free (purposes);
+ p11_array_free (rejects);
}
diff --git a/trust/parser.c b/trust/parser.c
index 4f8c407..f6da728 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -336,64 +336,6 @@ build_x509_certificate (p11_parser *parser,
return attrs;
}
-static unsigned char *
-find_cert_extension (node_asn *cert,
- const unsigned char *der,
- size_t der_len,
- const unsigned char *oid,
- size_t *length)
-{
- char field[128];
- char *value;
- int start;
- int end;
- int ret;
- int len;
- int i;
-
- assert (oid != NULL);
- assert (length != NULL);
-
- for (i = 1; ; i++) {
- if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0)
- return_val_if_reached (NULL);
-
- ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end);
-
- /* No more extensions */
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- break;
-
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- /* Make sure it's a straightforward oid with certain assumptions */
- if (!p11_oid_simple (der + start, (end - start) + 1))
- continue;
-
- /* The one we're lookin for? */
- if (!p11_oid_equal (der + start, oid))
- continue;
-
- if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0)
- return_val_if_reached (NULL);
-
- len = 0;
- ret = asn1_read_value (cert, field, NULL, &len);
- return_val_if_fail (ret == ASN1_MEM_ERROR, NULL);
-
- value = malloc (len);
- return_val_if_fail (value != NULL, NULL);
-
- ret = asn1_read_value (cert, field, value, &len);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- *length = len;
- return (unsigned char *)value;
- }
-
- return NULL;
-}
-
static CK_ATTRIBUTE *
match_parsing_object (p11_parser *parser,
CK_ATTRIBUTE *match)
@@ -441,8 +383,9 @@ p11_parsing_get_extension (p11_parser *parser,
/* Couldn't find a parsed extension, so look in the current certificate */
} else if (parser->cert_asn) {
- return find_cert_extension (parser->cert_asn, parser->cert_der,
- parser->cert_len, oid, length);
+ return p11_x509_find_extension (parser->cert_asn, oid,
+ parser->cert_der, parser->cert_len,
+ length);
}
return NULL;
@@ -753,7 +696,7 @@ update_trust_and_distrust (p11_parser *parser,
CK_BBOOL distrusted;
unsigned char *data;
size_t length;
- p11_dict *ekus;
+ p11_array *ekus;
/*
* This function is called to update the CKA_TRUSTED and CKA_X_DISTRUSTED
@@ -776,12 +719,12 @@ update_trust_and_distrust (p11_parser *parser,
ekus = p11_x509_parse_extended_key_usage (parser->asn1_defs, data, length);
if (ekus == NULL)
p11_message ("invalid extendend key usage certificate extension");
- else if (p11_dict_size (ekus) == 0) {
+ else if (ekus->num == 0) {
distrusted = CK_TRUE;
trusted = CK_FALSE;
}
- p11_dict_free (ekus);
+ p11_array_free (ekus);
free (data);
}