annotate common/certhelp.c @ 1362:c2b76c8a8b82

(issue177) Only install certificate lists which are newer
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 19 Nov 2014 19:07:56 +0100
parents 265583011f24
children
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 332
diff changeset
7 */
259
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
8 #include <stdlib.h>
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
9
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
10 #include "certhelp.h"
260
Sascha Wilde <wilde@intevation.de>
parents: 259
diff changeset
11 #include "logging.h"
259
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
12 #include "errorcodes.h"
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
13 #include "strhelp.h"
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
14
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
15 char *
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
16 get_oid_valstr(x509_name *namebuf, unsigned char *oid)
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
17 {
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
18 char *str = NULL;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
19 size_t oid_len = strlen((char *)oid);
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
20 while ( namebuf != NULL )
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
21 {
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
22 if ( (namebuf->oid.len == oid_len) &&
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
23 (memcmp(namebuf->oid.p, oid, oid_len) == 0) )
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
24 {
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
25 str = xstrndup((char *)namebuf->val.p, namebuf->val.len);
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
26 break;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
27 }
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
28 namebuf = namebuf->next;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
29 }
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
30 return str;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
31 }
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
32
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
33 char *
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
34 x509_parse_subject(unsigned char *derdata, size_t derlen,
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
35 unsigned char *oid)
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
36 {
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
37 x509_crt chain;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
38 char *str;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
39
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
40 x509_crt_init(&chain);
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
41 if (x509_crt_parse_der(&chain, derdata, derlen) != 0)
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
42 {
332
81a205fc651e Do not exit on error
Andre Heinecke <aheinecke@intevation.de>
parents: 260
diff changeset
43 ERRORPRINTF("Could not parse certificate!\n");
81a205fc651e Do not exit on error
Andre Heinecke <aheinecke@intevation.de>
parents: 260
diff changeset
44 return NULL;
259
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
45 }
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
46 else
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
47 {
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
48 str = get_oid_valstr(&(chain.subject), oid);
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
49 x509_crt_free(&chain);
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
50 }
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
51 return str;
20d515604daa Added new module with helper functions to parse certs.
Sascha Wilde <wilde@intevation.de>
parents:
diff changeset
52 }
1288
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
53
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
54 #ifdef WIN32
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
55 PCCERT_CONTEXT
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
56 b64_to_cert_context(char *b64_data, size_t b64_size)
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
57 {
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
58 size_t buf_size = 0;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
59 char *buf = NULL;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
60 PCCERT_CONTEXT pCert = NULL;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
61 int ret = -1;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
62
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
63 ret = str_base64_decode (&buf, &buf_size, b64_data, b64_size);
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
64
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
65 if (ret != 0)
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
66 {
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
67 ERRORPRINTF ("decoding certificate failed\n");
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
68 return NULL;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
69 }
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
70
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
71 pCert = CertCreateContext (CERT_STORE_CERTIFICATE_CONTEXT,
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
72 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
73 (const PBYTE) buf,
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
74 (DWORD) buf_size,
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
75 0,
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
76 NULL);
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
77 free (buf); /* Windows has a copy */
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
78
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
79 if (pCert == NULL)
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
80 {
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
81 char *error = getLastErrorMsg();
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
82 if (error)
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
83 {
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
84 ERRORPRINTF ("Failed to create cert context: %s \n", error);
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
85 free (error);
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
86 }
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
87 return NULL;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
88 }
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
89 return pCert;
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
90 }
265583011f24 (issue123) Add possibility to open native certificate dialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
91 #endif

http://wald.intevation.org/projects/trustbridge/