libksba  1.6.0
About: KSBA is a library to make the tasks of working with X.509 certificates, CMS data and related objects more easy.
  Fossies Dox: libksba-1.6.0.tar.bz2  ("unofficial" and yet experimental doxygen-generated source code documentation)  

cert.c File Reference
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <errno.h>
#include "util.h"
#include "ber-decoder.h"
#include "ber-help.h"
#include "convert.h"
#include "keyinfo.h"
#include "sexp-parse.h"
#include "cert.h"
Include dependency graph for cert.c:

Go to the source code of this file.

Functions

gpg_error_t _ksba_cert_new (ksba_cert_t *acert)
 
void _ksba_cert_ref (ksba_cert_t cert)
 
void _ksba_cert_release (ksba_cert_t cert)
 
gpg_error_t _ksba_cert_set_user_data (ksba_cert_t cert, const char *key, const void *data, size_t datalen)
 
gpg_error_t _ksba_cert_get_user_data (ksba_cert_t cert, const char *key, void *buffer, size_t bufferlen, size_t *datalen)
 
gpg_error_t _ksba_cert_read_der (ksba_cert_t cert, ksba_reader_t reader)
 
gpg_error_t _ksba_cert_init_from_mem (ksba_cert_t cert, const void *buffer, size_t length)
 
const unsigned char * _ksba_cert_get_image (ksba_cert_t cert, size_t *r_length)
 
int _ksba_cert_cmp (ksba_cert_t a, ksba_cert_t b)
 
gpg_error_t _ksba_cert_hash (ksba_cert_t cert, int what, void(*hasher)(void *, const void *, size_t length), void *hasher_arg)
 
const char * _ksba_cert_get_digest_algo (ksba_cert_t cert)
 
ksba_sexp_t _ksba_cert_get_serial (ksba_cert_t cert)
 
gpg_error_t _ksba_cert_get_serial_ptr (ksba_cert_t cert, unsigned char const **ptr, size_t *length)
 
gpg_error_t _ksba_cert_get_issuer_dn_ptr (ksba_cert_t cert, unsigned char const **ptr, size_t *length)
 
gpg_error_t _ksba_cert_get_subject_dn_ptr (ksba_cert_t cert, unsigned char const **ptr, size_t *length)
 
static gpg_error_t get_name (ksba_cert_t cert, int idx, int use_subject, char **result)
 
char * _ksba_cert_get_issuer (ksba_cert_t cert, int idx)
 
char * _ksba_cert_get_subject (ksba_cert_t cert, int idx)
 
gpg_error_t _ksba_cert_get_validity (ksba_cert_t cert, int what, ksba_isotime_t timebuf)
 
ksba_sexp_t _ksba_cert_get_public_key (ksba_cert_t cert)
 
gpg_error_t _ksba_cert_get_public_key_ptr (ksba_cert_t cert, unsigned char const **ptr, size_t *length)
 
ksba_sexp_t _ksba_cert_get_sig_val (ksba_cert_t cert)
 
static gpg_error_t read_extensions (ksba_cert_t cert)
 
gpg_error_t _ksba_cert_get_extension (ksba_cert_t cert, int idx, char const **r_oid, int *r_crit, size_t *r_deroff, size_t *r_derlen)
 
gpg_error_t _ksba_cert_is_ca (ksba_cert_t cert, int *r_ca, int *r_pathlen)
 
gpg_error_t _ksba_cert_get_key_usage (ksba_cert_t cert, unsigned int *r_flags)
 
static gpg_error_t append_cert_policy (char **policies, const char *oid, int crit)
 
gpg_error_t _ksba_cert_get_cert_policies (ksba_cert_t cert, char **r_policies)
 
gpg_error_t _ksba_cert_get_ext_key_usages (ksba_cert_t cert, char **result)
 
static gpg_error_t parse_distribution_point (const unsigned char *der, size_t derlen, ksba_name_t *distpoint, ksba_name_t *issuer, ksba_crl_reason_t *reason)
 
gpg_error_t _ksba_cert_get_crl_dist_point (ksba_cert_t cert, int idx, ksba_name_t *r_distpoint, ksba_name_t *r_issuer, ksba_crl_reason_t *r_reason)
 
gpg_error_t _ksba_cert_get_auth_key_id (ksba_cert_t cert, ksba_sexp_t *r_keyid, ksba_name_t *r_name, ksba_sexp_t *r_serial)
 
static gpg_error_t get_simple_octet_string_ext (ksba_cert_t cert, const char *oid, int *r_crit, ksba_sexp_t *r_data)
 
gpg_error_t _ksba_cert_get_subj_key_id (ksba_cert_t cert, int *r_crit, ksba_sexp_t *r_keyid)
 
static gpg_error_t get_info_access (ksba_cert_t cert, int idx, int mode, char **method, ksba_name_t *location)
 
gpg_error_t _ksba_cert_get_authority_info_access (ksba_cert_t cert, int idx, char **r_method, ksba_name_t *r_location)
 
gpg_error_t _ksba_cert_get_subject_info_access (ksba_cert_t cert, int idx, char **r_method, ksba_name_t *r_location)
 

Variables

static const char oidstr_subjectKeyIdentifier [] = "2.5.29.14"
 
static const char oidstr_keyUsage [] = "2.5.29.15"
 
static const char oidstr_subjectAltName [] = "2.5.29.17"
 
static const char oidstr_issuerAltName [] = "2.5.29.18"
 
static const char oidstr_basicConstraints [] = "2.5.29.19"
 
static const char oidstr_crlDistributionPoints [] = "2.5.29.31"
 
static const char oidstr_certificatePolicies [] = "2.5.29.32"
 
static const char oidstr_authorityKeyIdentifier [] = "2.5.29.35"
 
static const char oidstr_extKeyUsage [] = "2.5.29.37"
 
static const char oidstr_authorityInfoAccess [] = "1.3.6.1.5.5.7.1.1"
 
static const char oidstr_subjectInfoAccess [] = "1.3.6.1.5.5.7.1.11"
 

Function Documentation

◆ _ksba_cert_cmp()

int _ksba_cert_cmp ( ksba_cert_t  a,
ksba_cert_t  b 
)

Definition at line 376 of file cert.c.

References ksba_cert_get_image().

Referenced by _ksba_cms_add_cert().

◆ _ksba_cert_get_auth_key_id()

◆ _ksba_cert_get_authority_info_access()

gpg_error_t _ksba_cert_get_authority_info_access ( ksba_cert_t  cert,
int  idx,
char **  r_method,
ksba_name_t r_location 
)

Definition at line 2173 of file cert.c.

References get_info_access(), GPG_ERR_INV_VALUE, and gpg_error.

◆ _ksba_cert_get_cert_policies()

◆ _ksba_cert_get_crl_dist_point()

◆ _ksba_cert_get_digest_algo()

const char* _ksba_cert_get_digest_algo ( ksba_cert_t  cert)

ksba_cert_get_digest_algo: @cert: Initialized certificate object

Figure out the digest algorithm used for the signature and return its OID. Note that in the case of rsaPSS the returned value is the OID of rsaPSS (1.2.840.113549.1.1.10) and not the hash algorithm to use. The hash algorithm needs to be extracted from the S-expression returned by ksba_cert_get_sig_val.

This function is intended as a helper for the ksba_cert_hash().

Return value: NULL for error otherwise a constant string with the OID. This string is valid as long the certificate object is valid.

Definition at line 441 of file cert.c.

References _ksba_asn_find_node(), _ksba_parse_algorithm_identifier(), ksba_cert_s::cache, ksba_cert_s::digest_algo, gpg_error, ksba_cert_s::image, ksba_cert_s::initialized, ksba_cert_s::last_error, asn_node_struct::len, asn_node_struct::nhdr, asn_node_struct::off, and ksba_cert_s::root.

◆ _ksba_cert_get_ext_key_usages()

◆ _ksba_cert_get_extension()

gpg_error_t _ksba_cert_get_extension ( ksba_cert_t  cert,
int  idx,
char const **  r_oid,
int *  r_crit,
size_t *  r_deroff,
size_t *  r_derlen 
)

◆ _ksba_cert_get_image()

const unsigned char* _ksba_cert_get_image ( ksba_cert_t  cert,
size_t *  r_length 
)

◆ _ksba_cert_get_issuer()

char* _ksba_cert_get_issuer ( ksba_cert_t  cert,
int  idx 
)

ksba_cert_get_issuer: @cert: certificate object

With @idx == 0 this function returns the Distinguished Name (DN) of the certificate issuer which in most cases is a CA. The format of the returned string is in accordance with RFC-2253. NULL is returned if the DN is not available which is an error and should have been catched by the certificate reading function.

With @idx > 0 the function may be used to enumerate alternate issuer names. The function returns NULL if there are no more alternate names. The function does only return alternate names which are recognized by libksba and ignores others. The format of the returned name is either a RFC-2253 formated one which can be detected by checking whether the first character is letter or digit. rfc-2822 conform email addresses are returned enclosed in angle brackets, the opening angle bracket should be used to indicate this. Other formats are returned as an S-Expression in canonical format, so a opening parenthesis may be used to detect this encoding, the name may include binary null characters, so strlen may return a length shorther than actually used, the real length is implictly given by the structure of the S-Exp, an extra null is appended for safety reasons.

The caller must free the returned string using ksba_free() or the function he has registered as a replacement.

Return value: An allocated string or NULL for error.

Definition at line 766 of file cert.c.

References get_name(), ksba_cert_s::last_error, and name.

◆ _ksba_cert_get_issuer_dn_ptr()

gpg_error_t _ksba_cert_get_issuer_dn_ptr ( ksba_cert_t  cert,
unsigned char const **  ptr,
size_t *  length 
)

◆ _ksba_cert_get_key_usage()

◆ _ksba_cert_get_public_key()

◆ _ksba_cert_get_public_key_ptr()

gpg_error_t _ksba_cert_get_public_key_ptr ( ksba_cert_t  cert,
unsigned char const **  ptr,
size_t *  length 
)

◆ _ksba_cert_get_serial()

ksba_sexp_t _ksba_cert_get_serial ( ksba_cert_t  cert)

ksba_cert_get_serial: @cert: certificate object

This function returnes the serial number of the certificate. The serial number is an integer returned as an canonical encoded S-expression with just one element.

Return value: An allocated S-Exp or NULL for no value.

Definition at line 499 of file cert.c.

References _ksba_asn_find_node(), ksba_cert_s::image, ksba_cert_s::initialized, asn_node_struct::len, asn_node_struct::nhdr, asn_node_struct::off, ksba_cert_s::root, and xtrymalloc.

◆ _ksba_cert_get_serial_ptr()

gpg_error_t _ksba_cert_get_serial_ptr ( ksba_cert_t  cert,
unsigned char const **  ptr,
size_t *  length 
)

◆ _ksba_cert_get_sig_val()

◆ _ksba_cert_get_subj_key_id()

gpg_error_t _ksba_cert_get_subj_key_id ( ksba_cert_t  cert,
int *  r_crit,
ksba_sexp_t r_keyid 
)

Definition at line 2032 of file cert.c.

References get_simple_octet_string_ext(), and oidstr_subjectKeyIdentifier.

◆ _ksba_cert_get_subject()

char* _ksba_cert_get_subject ( ksba_cert_t  cert,
int  idx 
)

Definition at line 782 of file cert.c.

References get_name(), ksba_cert_s::last_error, and name.

◆ _ksba_cert_get_subject_dn_ptr()

gpg_error_t _ksba_cert_get_subject_dn_ptr ( ksba_cert_t  cert,
unsigned char const **  ptr,
size_t *  length 
)

◆ _ksba_cert_get_subject_info_access()

gpg_error_t _ksba_cert_get_subject_info_access ( ksba_cert_t  cert,
int  idx,
char **  r_method,
ksba_name_t r_location 
)

Definition at line 2191 of file cert.c.

References get_info_access(), GPG_ERR_INV_VALUE, and gpg_error.

◆ _ksba_cert_get_user_data()

gpg_error_t _ksba_cert_get_user_data ( ksba_cert_t  cert,
const char *  key,
void *  buffer,
size_t  bufferlen,
size_t *  datalen 
)

◆ _ksba_cert_get_validity()

gpg_error_t _ksba_cert_get_validity ( ksba_cert_t  cert,
int  what,
ksba_isotime_t  timebuf 
)

ksba_cert_get_valididy: @cert: certificate object @what: 0 for notBefore, 1 for notAfter @timebuf: Returns the time.

Return the validity object from the certificate. If no value is available 0 is returned because we can safely assume that this is not a valid date.

Return value: The time value an 0 or an error code.

Definition at line 811 of file cert.c.

References _ksba_asn_find_node(), _ksba_asntime_to_iso(), asn_node_struct::down, GPG_ERR_BUG, GPG_ERR_INV_VALUE, gpg_error, ksba_cert_s::image, ksba_cert_s::initialized, asn_node_struct::len, asn_node_struct::nhdr, asn_node_struct::off, return_val_if_fail, asn_node_struct::right, ksba_cert_s::root, asn_node_struct::type, TYPE_GENERALIZED_TIME, and TYPE_UTC_TIME.

◆ _ksba_cert_hash()

gpg_error_t _ksba_cert_hash ( ksba_cert_t  cert,
int  what,
void(*)(void *, const void *, size_t length)  hasher,
void *  hasher_arg 
)

◆ _ksba_cert_init_from_mem()

gpg_error_t _ksba_cert_init_from_mem ( ksba_cert_t  cert,
const void *  buffer,
size_t  length 
)

◆ _ksba_cert_is_ca()

◆ _ksba_cert_new()

gpg_error_t _ksba_cert_new ( ksba_cert_t acert)

ksba_cert_new:

Create a new and empty certificate object

Return value: 0 on success or error code. For a successful operation, ACERT is set to the new certifixate obbject, otherwise it is set to NULL.

Definition at line 70 of file cert.c.

References xtrycalloc.

◆ _ksba_cert_read_der()

gpg_error_t _ksba_cert_read_der ( ksba_cert_t  cert,
ksba_reader_t  reader 
)

ksba_cert_read_der: @cert: An unitialized certificate object @reader: A KSBA Reader object

Read the next certificate from the reader and store it in the certificate object for future access. The certificate is parsed and rejected if it has any syntactical or semantical error (i.e. does not match the ASN.1 description).

Return value: 0 on success or an error value

Definition at line 268 of file cert.c.

References _ksba_asn_release_nodes(), _ksba_ber_decoder_decode(), _ksba_ber_decoder_new(), _ksba_ber_decoder_release(), _ksba_ber_decoder_set_module(), _ksba_ber_decoder_set_reader(), ksba_cert_s::asn_tree, GPG_ERR_INV_VALUE, gpg_error, ksba_cert_s::image, ksba_cert_s::imagelen, ksba_cert_s::initialized, ksba_asn_create_tree(), ksba_asn_tree_release(), and ksba_cert_s::root.

◆ _ksba_cert_ref()

void _ksba_cert_ref ( ksba_cert_t  cert)

Definition at line 81 of file cert.c.

References ksba_cert_s::ref_count.

◆ _ksba_cert_release()

◆ _ksba_cert_set_user_data()

gpg_error_t _ksba_cert_set_user_data ( ksba_cert_t  cert,
const char *  key,
const void *  data,
size_t  datalen 
)

◆ append_cert_policy()

static gpg_error_t append_cert_policy ( char **  policies,
const char *  oid,
int  crit 
)
static

Definition at line 1275 of file cert.c.

References gpg_error, oid, stpcpy, xtrymalloc, and xtryrealloc.

Referenced by _ksba_cert_get_cert_policies(), and _ksba_cert_get_ext_key_usages().

◆ get_info_access()

◆ get_name()

◆ get_simple_octet_string_ext()

static gpg_error_t get_simple_octet_string_ext ( ksba_cert_t  cert,
const char *  oid,
int *  r_crit,
ksba_sexp_t r_data 
)
static

◆ parse_distribution_point()

◆ read_extensions()

Variable Documentation

◆ oidstr_authorityInfoAccess

const char oidstr_authorityInfoAccess[] = "1.3.6.1.5.5.7.1.1"
static

Definition at line 56 of file cert.c.

Referenced by get_info_access().

◆ oidstr_authorityKeyIdentifier

const char oidstr_authorityKeyIdentifier[] = "2.5.29.35"
static

Definition at line 54 of file cert.c.

Referenced by _ksba_cert_get_auth_key_id().

◆ oidstr_basicConstraints

const char oidstr_basicConstraints[] = "2.5.29.19"
static

Definition at line 51 of file cert.c.

Referenced by _ksba_cert_is_ca().

◆ oidstr_certificatePolicies

const char oidstr_certificatePolicies[] = "2.5.29.32"
static

Definition at line 53 of file cert.c.

Referenced by _ksba_cert_get_cert_policies().

◆ oidstr_crlDistributionPoints

const char oidstr_crlDistributionPoints[] = "2.5.29.31"
static

Definition at line 52 of file cert.c.

Referenced by _ksba_cert_get_crl_dist_point().

◆ oidstr_extKeyUsage

const char oidstr_extKeyUsage[] = "2.5.29.37"
static

Definition at line 55 of file cert.c.

Referenced by _ksba_cert_get_ext_key_usages().

◆ oidstr_issuerAltName

const char oidstr_issuerAltName[] = "2.5.29.18"
static

Definition at line 50 of file cert.c.

Referenced by get_name().

◆ oidstr_keyUsage

const char oidstr_keyUsage[] = "2.5.29.15"
static

Definition at line 48 of file cert.c.

Referenced by _ksba_cert_get_key_usage().

◆ oidstr_subjectAltName

const char oidstr_subjectAltName[] = "2.5.29.17"
static

Definition at line 49 of file cert.c.

Referenced by get_name().

◆ oidstr_subjectInfoAccess

const char oidstr_subjectInfoAccess[] = "1.3.6.1.5.5.7.1.11"
static

Definition at line 57 of file cert.c.

Referenced by get_info_access().

◆ oidstr_subjectKeyIdentifier

const char oidstr_subjectKeyIdentifier[] = "2.5.29.14"
static

Definition at line 47 of file cert.c.

Referenced by _ksba_cert_get_subj_key_id().