v3_pcons.c 3.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. /*
  2. * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/asn1.h>
  12. #include <openssl/asn1t.h>
  13. #include <openssl/conf.h>
  14. #include <openssl/x509v3.h>
  15. #include "ext_dat.h"
  16. static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
  17. *method, void *bcons, STACK_OF(CONF_VALUE)
  18. *extlist);
  19. static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
  20. X509V3_CTX *ctx,
  21. STACK_OF(CONF_VALUE) *values);
  22. const X509V3_EXT_METHOD v3_policy_constraints = {
  23. NID_policy_constraints, 0,
  24. ASN1_ITEM_ref(POLICY_CONSTRAINTS),
  25. 0, 0, 0, 0,
  26. 0, 0,
  27. i2v_POLICY_CONSTRAINTS,
  28. v2i_POLICY_CONSTRAINTS,
  29. NULL, NULL,
  30. NULL
  31. };
  32. ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
  33. ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
  34. ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
  35. } ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
  36. IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
  37. static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
  38. *method, void *a, STACK_OF(CONF_VALUE)
  39. *extlist)
  40. {
  41. POLICY_CONSTRAINTS *pcons = a;
  42. X509V3_add_value_int("Require Explicit Policy",
  43. pcons->requireExplicitPolicy, &extlist);
  44. X509V3_add_value_int("Inhibit Policy Mapping",
  45. pcons->inhibitPolicyMapping, &extlist);
  46. return extlist;
  47. }
  48. static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
  49. X509V3_CTX *ctx,
  50. STACK_OF(CONF_VALUE) *values)
  51. {
  52. POLICY_CONSTRAINTS *pcons = NULL;
  53. CONF_VALUE *val;
  54. int i;
  55. if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
  56. X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
  57. return NULL;
  58. }
  59. for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
  60. val = sk_CONF_VALUE_value(values, i);
  61. if (strcmp(val->name, "requireExplicitPolicy") == 0) {
  62. if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
  63. goto err;
  64. } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
  65. if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
  66. goto err;
  67. } else {
  68. X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
  69. X509V3_conf_err(val);
  70. goto err;
  71. }
  72. }
  73. if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
  74. X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
  75. X509V3_R_ILLEGAL_EMPTY_EXTENSION);
  76. goto err;
  77. }
  78. return pcons;
  79. err:
  80. POLICY_CONSTRAINTS_free(pcons);
  81. return NULL;
  82. }