lib/hx509/req.c

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "hx_locl.h"
  35 #include <pkcs10_asn1.h>
  36
  37 struct hx509_request_data {
  38     hx509_name name;
  39     SubjectPublicKeyInfo key;
  40     ExtKeyUsage eku;
  41     GeneralNames san;
  42 };
  43
  44 /*
  45  *
  46  */
  47
  48 int
  49 _hx509_request_init(hx509_context context, hx509_request *req)
  50 {
  51     *req = calloc(1, sizeof(**req));
  52     if (*req == NULL)
  53         return ENOMEM;
  54
  55     return 0;
  56 }
  57
  58 void
  59 _hx509_request_free(hx509_request *req)
  60 {
  61     if ((*req)->name)
  62         hx509_name_free(&(*req)->name);
  63     free_SubjectPublicKeyInfo(&(*req)->key);
  64     free_ExtKeyUsage(&(*req)->eku);
  65     free_GeneralNames(&(*req)->san);
  66     memset(*req, 0, sizeof(**req));
  67     free(*req);
  68     *req = NULL;
  69 }
  70
  71 int
  72 _hx509_request_set_name(hx509_context context,
  73                         hx509_request req,
  74                         hx509_name name)
  75 {
  76     if (req->name)
  77         hx509_name_free(&req->name);
  78     if (name) {
  79         int ret = hx509_name_copy(context, name, &req->name);
  80         if (ret)
  81             return ret;
  82     }
  83     return 0;
  84 }
  85
  86 int
  87 _hx509_request_get_name(hx509_context context,
  88                         hx509_request req,
  89                         hx509_name *name)
  90 {
  91     if (req->name == NULL) {
  92         hx509_set_error_string(context, 0, EINVAL, "Request have no name");
  93         return EINVAL;
  94     }
  95     return hx509_name_copy(context, req->name, name);
  96 }
  97
  98 int
  99 _hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
 100                                         hx509_request req,
 101                                         const SubjectPublicKeyInfo *key)
 102 {
 103     free_SubjectPublicKeyInfo(&req->key);
 104     return copy_SubjectPublicKeyInfo(key, &req->key);
 105 }
 106
 107 int
 108 _hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
 109                                         hx509_request req,
 110                                         SubjectPublicKeyInfo *key)
 111 {
 112     return copy_SubjectPublicKeyInfo(&req->key, key);
 113 }
 114
 115 int
 116 _hx509_request_add_eku(hx509_context context,
 117                        hx509_request req,
 118                        const heim_oid *oid)
 119 {
 120     void *val;
 121     int ret;
 122
 123     val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1));
 124     if (val == NULL)
 125         return ENOMEM;
 126     req->eku.val = val;
 127
 128     ret = der_copy_oid(oid, &req->eku.val[req->eku.len]);
 129     if (ret)
 130         return ret;
 131
 132     req->eku.len += 1;
 133
 134     return 0;
 135 }
 136
 137 int
 138 _hx509_request_add_dns_name(hx509_context context,
 139                             hx509_request req,
 140                             const char *hostname)
 141 {
 142     GeneralName name;
 143
 144     memset(&name, 0, sizeof(name));
 145     name.element = choice_GeneralName_dNSName;
 146     name.u.dNSName = rk_UNCONST(hostname);
 147
 148     return add_GeneralNames(&req->san, &name);
 149 }
 150
 151 int
 152 _hx509_request_add_email(hx509_context context,
 153                          hx509_request req,
 154                          const char *email)
 155 {
 156     GeneralName name;
 157
 158     memset(&name, 0, sizeof(name));
 159     name.element = choice_GeneralName_rfc822Name;
 160     name.u.dNSName = rk_UNCONST(email);
 161
 162     return add_GeneralNames(&req->san, &name);
 163 }
 164
 165
 166
 167 int
 168 _hx509_request_to_pkcs10(hx509_context context,
 169                          const hx509_request req,
 170                          const hx509_private_key signer,
 171                          heim_octet_string *request)
 172 {
 173     CertificationRequest r;
 174     heim_octet_string data, os;
 175     int ret;
 176     size_t size;
 177
 178     if (req->name == NULL) {
 179         hx509_set_error_string(context, 0, EINVAL,
 180                                "PKCS10 needs to have a subject");
 181         return EINVAL;
 182     }
 183
 184     memset(&r, 0, sizeof(r));
 185     memset(request, 0, sizeof(*request));
 186
 187     r.certificationRequestInfo.version = pkcs10_v1;
 188
 189     ret = copy_Name(&req->name->der_name,
 190                     &r.certificationRequestInfo.subject);
 191     if (ret)
 192         goto out;
 193     ret = copy_SubjectPublicKeyInfo(&req->key,
 194                                     &r.certificationRequestInfo.subjectPKInfo);
 195     if (ret)
 196         goto out;
 197     r.certificationRequestInfo.attributes =
 198         calloc(1, sizeof(*r.certificationRequestInfo.attributes));
 199     if (r.certificationRequestInfo.attributes == NULL) {
 200         ret = ENOMEM;
 201         goto out;
 202     }
 203
 204     ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length,
 205                        &r.certificationRequestInfo, &size, ret);
 206     if (ret)
 207         goto out;
 208     if (data.length != size)
 209         abort();
 210
 211     ret = _hx509_create_signature(context,
 212                                   signer,
 213                                   _hx509_crypto_default_sig_alg,
 214                                   &data,
 215                                   &r.signatureAlgorithm,
 216                                   &os);
 217     free(data.data);
 218     if (ret)
 219         goto out;
 220     r.signature.data = os.data;
 221     r.signature.length = os.length * 8;
 222
 223     ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length,
 224                        &r, &size, ret);
 225     if (ret)
 226         goto out;
 227     if (data.length != size)
 228         abort();
 229
 230     *request = data;
 231
 232 out:
 233     free_CertificationRequest(&r);
 234
 235     return ret;
 236 }
 237
 238 int
 239 _hx509_request_parse(hx509_context context,
 240                      const char *path,
 241                      hx509_request *req)
 242 {
 243     CertificationRequest r;
 244     CertificationRequestInfo *rinfo;
 245     hx509_name subject;
 246     size_t len, size;
 247     void *p;
 248     int ret;
 249
 250     if (strncmp(path, "PKCS10:", 7) != 0) {
 251         hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
 252                                "unsupport type in %s", path);
 253         return HX509_UNSUPPORTED_OPERATION;
 254     }
 255     path += 7;
 256
 257     /* XXX PEM request */
 258
 259     ret = rk_undumpdata(path, &p, &len);
 260     if (ret) {
 261         hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
 262         return ret;
 263     }
 264
 265     ret = decode_CertificationRequest(p, len, &r, &size);
 266     rk_xfree(p);
 267     if (ret) {
 268         hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
 269         return ret;
 270     }
 271
 272     ret = _hx509_request_init(context, req);
 273     if (ret) {
 274         free_CertificationRequest(&r);
 275         return ret;
 276     }
 277
 278     rinfo = &r.certificationRequestInfo;
 279
 280     ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
 281                                                   &rinfo->subjectPKInfo);
 282     if (ret) {
 283         free_CertificationRequest(&r);
 284         _hx509_request_free(req);
 285         return ret;
 286     }
 287
 288     ret = _hx509_name_from_Name(&rinfo->subject, &subject);
 289     if (ret) {
 290         free_CertificationRequest(&r);
 291         _hx509_request_free(req);
 292         return ret;
 293     }
 294     ret = _hx509_request_set_name(context, *req, subject);
 295     hx509_name_free(&subject);
 296     free_CertificationRequest(&r);
 297     if (ret) {
 298         _hx509_request_free(req);
 299         return ret;
 300     }
 301
 302     return 0;
 303 }
 304
 305
 306 int
 307 _hx509_request_print(hx509_context context, hx509_request req, FILE *f)
 308 {
 309     int ret;
 310
 311     if (req->name) {
 312         char *subject;
 313         ret = hx509_name_to_string(req->name, &subject);
 314         if (ret) {
 315             hx509_set_error_string(context, 0, ret, "Failed to print name");
 316             return ret;
 317         }
 318         fprintf(f, "name: %s\n", subject);
 319         free(subject);
 320     }
 321
 322     return 0;
 323 }
 324