191 _hx509_get_cert(hx509_cert cert)
193     return cert->data;
212  * @param cert
220 hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
224     *cert = malloc(sizeof(**cert));
225     if (*cert == NULL)
227     (*cert)->ref = 1;
228     (*cert)->friendlyname = NULL;
229     (*cert)->attrs.len = 0;
230     (*cert)->attrs.val = NULL;
231     (*cert)->private_key = NULL;
232     (*cert)->basename = NULL;
233     (*cert)->release = NULL;
234     (*cert)->ctx = NULL;
236     (*cert)->data = calloc(1, sizeof(*(*cert)->data));
237     if ((*cert)->data == NULL) {
238 	free(*cert);
241     ret = copy_Certificate(c, (*cert)->data);
243 	free((*cert)->data);
244 	free(*cert);
245 	*cert = NULL;
262  * @param cert a return pointer to a hx509 certificate object, will
274 		     hx509_cert *cert)
291     ret = hx509_cert_init(context, &t, cert);
297 _hx509_cert_set_release(hx509_cert cert,
301     cert->release = release;
302     cert->ctx = ctx;
309 _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
311     if (cert->private_key)
312 	_hx509_private_key_free(&cert->private_key);
313     cert->private_key = _hx509_private_key_ref(private_key);
321  * @param cert the cert to free.
327 hx509_cert_free(hx509_cert cert)
331     if (cert == NULL)
334     if (cert->ref <= 0)
335 	_hx509_abort("cert refcount <= 0 on free");
336     if (--cert->ref > 0)
339     if (cert->release)
340 	(cert->release)(cert, cert->ctx);
342     if (cert->private_key)
343 	_hx509_private_key_free(&cert->private_key);
345     free_Certificate(cert->data);
346     free(cert->data);
348     for (i = 0; i < cert->attrs.len; i++) {
349 	der_free_octet_string(&cert->attrs.val[i]->data);
350 	der_free_oid(&cert->attrs.val[i]->oid);
351 	free(cert->attrs.val[i]);
353     free(cert->attrs.val);
354     free(cert->friendlyname);
355     if (cert->basename)
356 	hx509_name_free(&cert->basename);
357     memset(cert, 0, sizeof(cert));
358     free(cert);
364  * @param cert a pointer to an hx509 certificate object.
372 hx509_cert_ref(hx509_cert cert)
374     if (cert == NULL)
376     if (cert->ref <= 0)
377 	_hx509_abort("cert refcount <= 0");
378     cert->ref++;
379     if (cert->ref == 0)
380 	_hx509_abort("cert refcount == 0");
381     return cert;
586 find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
588     const TBSCertificate *c = &cert->tbsCertificate;
658 find_extension_subject_alt_name(const Certificate *cert, int *i,
666     e = find_extension(cert, &asn1_oid_id_x509_ce_subjectAltName, i);
676 find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
684     e = find_extension(cert, &asn1_oid_id_x509_ce_extKeyUsage, &i);
738  * @param cert a hx509 certificate object.
749 					 hx509_cert cert,
761 	ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa);
792 check_key_usage(hx509_context context, const Certificate *cert,
801     if (_hx509_cert_get_version(cert) < 3)
804     e = find_extension(cert, &asn1_oid_id_x509_ce_keyUsage, &i);
824 	_hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
835  * Return 0 on matching key usage 'flags' for 'cert', otherwise return
841 _hx509_check_key_usage(hx509_context context, hx509_cert cert,
844     return check_key_usage(context, _hx509_get_cert(cert), flags, req_present);
850 check_basic_constraints(hx509_context context, const Certificate *cert,
858     if (_hx509_cert_get_version(cert) < 3)
861     e = find_extension(cert, &asn1_oid_id_x509_ce_basicConstraints, &i);
869 	    ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
996 		      const hx509_cert cert)
1008     q.certificate = _hx509_get_cert(cert);
1018 			   const Certificate *cert,
1022     ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
1023 			  &cert->tbsCertificate.issuer, &diff);
1137 	      const Certificate *cert,
1148     e = find_extension(cert, &asn1_oid_id_pkix_pe_proxyCertInfo, &i);
1181 _hx509_path_append(hx509_context context, hx509_path *path, hx509_cert cert)
1191     path->val[path->len] = hx509_cert_ref(cert);
1232 		      hx509_cert cert,
1242     ret = _hx509_path_append(context, path, cert);
1246     current = hx509_cert_ref(cert);
1892  * @param cert the certificate to build the path from.
1903 		  hx509_cert cert,
1944 				cert, pool, &path);
1987 	    /* self signed cert doesn't add to path length */
2040 		 * then check with the EE cert when we get to it.
2098 		 * cert was an EE cert and we we will fall though to
2124 		if (cert->basename)
2125 		    hx509_name_free(&cert->basename);
2127 		ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
2338  * @param cert the certificate to match with
2355 		      const hx509_cert cert,
2373 	ret = find_extension_subject_alt_name(cert->data, &i, &san);
2394     name = &cert->data->tbsCertificate.subject;
2431 			  hx509_cert cert,
2438     if (hx509_cert_get_attribute(cert, oid) != NULL)
2441     d = realloc(cert->attrs.val,
2442 		sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1));
2447     cert->attrs.val = d;
2456     cert->attrs.val[cert->attrs.len] = a;
2457     cert->attrs.len++;
2466  * @param cert hx509 certificate object to search
2476 hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
2479     for (i = 0; i < cert->attrs.len; i++)
2480 	if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
2481 	    return cert->attrs.val[i];
2488  * @param cert The certificate to set the friendly name on
2497 hx509_cert_set_friendly_name(hx509_cert cert, const char *name)
2499     if (cert->friendlyname)
2500 	free(cert->friendlyname);
2501     cert->friendlyname = strdup(name);
2502     if (cert->friendlyname == NULL)
2510  * @param cert cert to get the friendly name from.
2519 hx509_cert_get_friendly_name(hx509_cert cert)
2526     if (cert->friendlyname)
2527 	return cert->friendlyname;
2529     a = hx509_cert_get_attribute(cert, &asn1_oid_id_pkcs_9_at_friendlyName);
2533 	ret = hx509_cert_get_subject(cert, &name);
2536 	ret = hx509_name_to_string(name, &cert->friendlyname);
2540 	return cert->friendlyname;
2552     cert->friendlyname = malloc(n.val[0].length + 1);
2553     if (cert->friendlyname == NULL) {
2560 	    cert->friendlyname[i] = n.val[0].data[i] & 0xff;
2562 	    cert->friendlyname[i] = 'X';
2564     cert->friendlyname[i] = '\0';
2567     return cert->friendlyname;
2829 _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert)
2831     Certificate *c = _hx509_get_cert(cert);
2875 	_hx509_cert_private_key(cert) == NULL)
2903 	a = hx509_cert_get_attribute(cert, &asn1_oid_id_pkcs_9_at_localKeyId);
2914 	    if (hx509_cert_cmp(q->path->val[i], cert) == 0)
2918 	const char *name = hx509_cert_get_friendly_name(cert);
2925 	ret = (*q->cmp_func)(context, cert, q->cmp_func_ctx);
2956     /* If an EKU is required, check the cert for it. */
2958 	hx509_cert_check_eku(context, cert, q->eku, 0))
2964 	ret = _hx509_cert_to_env(context, cert, &env);
3012     "find issuer cert",
3138  * @param cert A hx509 context.
3149 hx509_cert_check_eku(hx509_context context, hx509_cert cert,
3155     ret = find_extension_eku(_hx509_get_cert(cert), &e);
3185     Certificate *cert;
3192     cert = _hx509_get_cert(c);
3194     if (_hx509_cert_get_version(cert) < 3)
3197     e = find_extension(cert, &asn1_oid_id_x509_ce_keyUsage, &i);
3209 		    hx509_cert cert,
3216     ret = find_extension_eku(_hx509_get_cert(cert), e);
3298 _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
3309     asprintf(&buf, "%d", _hx509_cert_get_version(_hx509_get_cert(cert)));
3316     ret = hx509_cert_get_subject(cert, &name);
3332     ret = hx509_cert_get_issuer(cert, &name);
3348     ret = _hx509_cert_get_eku(context, cert, &eku);
3383 	Certificate *c = _hx509_get_cert(cert);

Indexes created Wed Sep 11 23:09:49 MDT 2024