2
0

v3_sxnet.c 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230
  1. /*
  2. * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/conf.h>
  12. #include <openssl/asn1.h>
  13. #include <openssl/asn1t.h>
  14. #include <openssl/x509v3.h>
  15. #include "ext_dat.h"
  16. DEFINE_STACK_OF(SXNETID)
  17. DEFINE_STACK_OF(CONF_VALUE)
  18. /* Support for Thawte strong extranet extension */
  19. #define SXNET_TEST
  20. static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
  21. int indent);
  22. #ifdef SXNET_TEST
  23. static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  24. STACK_OF(CONF_VALUE) *nval);
  25. #endif
  26. const X509V3_EXT_METHOD v3_sxnet = {
  27. NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
  28. 0, 0, 0, 0,
  29. 0, 0,
  30. 0,
  31. #ifdef SXNET_TEST
  32. (X509V3_EXT_V2I)sxnet_v2i,
  33. #else
  34. 0,
  35. #endif
  36. (X509V3_EXT_I2R)sxnet_i2r,
  37. 0,
  38. NULL
  39. };
  40. ASN1_SEQUENCE(SXNETID) = {
  41. ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
  42. ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
  43. } ASN1_SEQUENCE_END(SXNETID)
  44. IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
  45. ASN1_SEQUENCE(SXNET) = {
  46. ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
  47. ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
  48. } ASN1_SEQUENCE_END(SXNET)
  49. IMPLEMENT_ASN1_FUNCTIONS(SXNET)
  50. static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
  51. int indent)
  52. {
  53. long v;
  54. char *tmp;
  55. SXNETID *id;
  56. int i;
  57. v = ASN1_INTEGER_get(sx->version);
  58. BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
  59. for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
  60. id = sk_SXNETID_value(sx->ids, i);
  61. tmp = i2s_ASN1_INTEGER(NULL, id->zone);
  62. BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
  63. OPENSSL_free(tmp);
  64. ASN1_STRING_print(out, id->user);
  65. }
  66. return 1;
  67. }
  68. #ifdef SXNET_TEST
  69. /*
  70. * NBB: this is used for testing only. It should *not* be used for anything
  71. * else because it will just take static IDs from the configuration file and
  72. * they should really be separate values for each user.
  73. */
  74. static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  75. STACK_OF(CONF_VALUE) *nval)
  76. {
  77. CONF_VALUE *cnf;
  78. SXNET *sx = NULL;
  79. int i;
  80. for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
  81. cnf = sk_CONF_VALUE_value(nval, i);
  82. if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
  83. return NULL;
  84. }
  85. return sx;
  86. }
  87. #endif
  88. /* Strong Extranet utility functions */
  89. /* Add an id given the zone as an ASCII number */
  90. int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
  91. {
  92. ASN1_INTEGER *izone;
  93. if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
  94. X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
  95. return 0;
  96. }
  97. return SXNET_add_id_INTEGER(psx, izone, user, userlen);
  98. }
  99. /* Add an id given the zone as an unsigned long */
  100. int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
  101. int userlen)
  102. {
  103. ASN1_INTEGER *izone;
  104. if ((izone = ASN1_INTEGER_new()) == NULL
  105. || !ASN1_INTEGER_set(izone, lzone)) {
  106. X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
  107. ASN1_INTEGER_free(izone);
  108. return 0;
  109. }
  110. return SXNET_add_id_INTEGER(psx, izone, user, userlen);
  111. }
  112. /*
  113. * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
  114. * passed integer and doesn't make a copy so don't free it up afterwards.
  115. */
  116. int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
  117. int userlen)
  118. {
  119. SXNET *sx = NULL;
  120. SXNETID *id = NULL;
  121. if (psx == NULL || zone == NULL || user == NULL) {
  122. X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
  123. X509V3_R_INVALID_NULL_ARGUMENT);
  124. return 0;
  125. }
  126. if (userlen == -1)
  127. userlen = strlen(user);
  128. if (userlen > 64) {
  129. X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
  130. return 0;
  131. }
  132. if (*psx == NULL) {
  133. if ((sx = SXNET_new()) == NULL)
  134. goto err;
  135. if (!ASN1_INTEGER_set(sx->version, 0))
  136. goto err;
  137. *psx = sx;
  138. } else
  139. sx = *psx;
  140. if (SXNET_get_id_INTEGER(sx, zone)) {
  141. X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
  142. return 0;
  143. }
  144. if ((id = SXNETID_new()) == NULL)
  145. goto err;
  146. if (userlen == -1)
  147. userlen = strlen(user);
  148. if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
  149. goto err;
  150. if (!sk_SXNETID_push(sx->ids, id))
  151. goto err;
  152. id->zone = zone;
  153. return 1;
  154. err:
  155. X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
  156. SXNETID_free(id);
  157. SXNET_free(sx);
  158. *psx = NULL;
  159. return 0;
  160. }
  161. ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
  162. {
  163. ASN1_INTEGER *izone;
  164. ASN1_OCTET_STRING *oct;
  165. if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
  166. X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
  167. return NULL;
  168. }
  169. oct = SXNET_get_id_INTEGER(sx, izone);
  170. ASN1_INTEGER_free(izone);
  171. return oct;
  172. }
  173. ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
  174. {
  175. ASN1_INTEGER *izone;
  176. ASN1_OCTET_STRING *oct;
  177. if ((izone = ASN1_INTEGER_new()) == NULL
  178. || !ASN1_INTEGER_set(izone, lzone)) {
  179. X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
  180. ASN1_INTEGER_free(izone);
  181. return NULL;
  182. }
  183. oct = SXNET_get_id_INTEGER(sx, izone);
  184. ASN1_INTEGER_free(izone);
  185. return oct;
  186. }
  187. ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
  188. {
  189. SXNETID *id;
  190. int i;
  191. for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
  192. id = sk_SXNETID_value(sx->ids, i);
  193. if (!ASN1_INTEGER_cmp(id->zone, zone))
  194. return id->user;
  195. }
  196. return NULL;
  197. }