126  * Parse the "validation-methods" section of the policy.
130 	KMF_POLICY_RECORD *policy)
139 			parseOCSPValidation(n, &policy->validation_info);
140 			policy->revocation |= KMF_REVOCATION_METHOD_OCSP;
182 			policy->revocation |= KMF_REVOCATION_METHOD_CRL;
414 parsePolicyElement(xmlNodePtr node, KMF_POLICY_RECORD *policy)
422 			policy->name = (char *)xmlGetProp(node,
428 				policy->ignore_date = 1;
435 				policy->ignore_unknown_ekus = 1;
442 				policy->ignore_trust_anchor = 1;
449 				policy->validity_adjusttime = c;
451 				policy->validity_adjusttime = NULL;
454 			policy->ta_name = (char *)xmlGetProp(node,
457 			policy->ta_serial = (char *)xmlGetProp(node,
465 				parseValidation(n, &policy->validation_info,
466 				    policy);
469 				parseKeyUsageSet(n, &policy->ku_bits);
472 				ret = parseExtKeyUsage(n, &policy->eku_set);
477 				ret = parseMapper(n, &policy->mapper);
507  * Add CRL policy information to the XML tree.
554  * Add OCSP information to the policy tree.
626  * Add validation method information to the policy tree.
630 AddValidationNodes(xmlNodePtr parent, KMF_POLICY_RECORD *policy)
643 	if (policy->revocation & KMF_REVOCATION_METHOD_OCSP) {
644 		ret = AddOCSPNodes(mnode, &(policy->validation_info.ocsp_info));
649 	if (policy->revocation & KMF_REVOCATION_METHOD_CRL) {
650 		ret = AddCRLNodes(mnode, &(policy->validation_info.crl_info));
668  * Add mapper policy info to the policy tree.
719  * Add Key Usage information to the policy tree.
765  * Add Extended-Key-Usage information to the policy tree.
825 kmf_free_policy_record(KMF_POLICY_RECORD *policy)
827 	if (policy == NULL)
830 	FREE_POLICY_STR(policy->name)
831 	FREE_POLICY_STR(policy->VAL_OCSP_BASIC.responderURI)
832 	FREE_POLICY_STR(policy->VAL_OCSP_BASIC.proxy)
833 	FREE_POLICY_STR(policy->VAL_OCSP_BASIC.response_lifetime)
834 	FREE_POLICY_STR(policy->VAL_OCSP_RESP_CERT.name)
835 	FREE_POLICY_STR(policy->VAL_OCSP_RESP_CERT.serial)
836 	FREE_POLICY_STR(policy->validation_info.crl_info.basefilename)
837 	FREE_POLICY_STR(policy->validation_info.crl_info.directory)
838 	FREE_POLICY_STR(policy->validation_info.crl_info.proxy)
839 	FREE_POLICY_STR(policy->validity_adjusttime)
840 	FREE_POLICY_STR(policy->ta_name)
841 	FREE_POLICY_STR(policy->ta_serial)
842 	FREE_POLICY_STR(policy->mapper.mapname)
843 	FREE_POLICY_STR(policy->mapper.pathname)
844 	FREE_POLICY_STR(policy->mapper.options)
845 	FREE_POLICY_STR(policy->mapper.dir)
847 	kmf_free_eku_policy(&policy->eku_set);
849 	(void) memset(policy, 0, sizeof (KMF_POLICY_RECORD));
855  * Find a policy record in the database.
876 	/* Read the policy DB and verify it against the schema. */
894 		 * Search for the policy that matches the given name.
932  * Set the policy record in the handle.  This searches
933  * the policy DB for the named policy.  If it is not found
934  * or an error occurred in processing, the existing policy
963 	/* release the existing policy data (if any). */
964 	if (handle->policy != NULL) {
965 		kmf_free_policy_record(handle->policy);
966 		free(handle->policy);
969 	handle->policy = newpolicy;
992 		 * Search for the policy that matches the given name.
1075 		 * as the policy file.
1136  * Find a policy by name and remove it from the policy DB file.
1137  * If the policy is not found, return an error.
1151 	 * Cannot delete the default policy record from the system
1152 	 * default policy database (/etc/security/kmfpolicy.xml).
1158 	/* Make sure the policy file exists */
1162 	/* Read the policy DB and verify it against the schema. */
1197  * Add a new policy node to the Policy DB XML tree.
1200 addPolicyNode(xmlNodePtr pnode, KMF_POLICY_RECORD *policy)
1204 	if (pnode != NULL && policy != NULL) {
1205 		if (newprop(pnode, KMF_POLICY_NAME_ATTR, policy->name) != 0) {
1209 		if (policy->ignore_date) {
1217 		if (policy->ignore_unknown_ekus) {
1225 		if (policy->ignore_trust_anchor) {
1233 		if (policy->validity_adjusttime) {
1235 			    policy->validity_adjusttime)) {
1242 		    policy->ta_name) != 0) {
1248 		    policy->ta_serial) != 0) {
1256 		if (ret = AddValidationNodes(pnode, policy)) {
1260 		if ((ret = AddKeyUsageNodes(pnode, policy->ku_bits))) {
1264 		if ((ret = AddExtKeyUsageNodes(pnode, &policy->eku_set))) {
1267 		if ((ret = AddMapperPolicyNodes(pnode, &policy->mapper))) {
1283 kmf_verify_policy(KMF_POLICY_RECORD *policy)
1288 	if (policy->name == NULL || !strlen(policy->name))
1291 	/* Check the TA related policy */
1292 	if (policy->ta_name != NULL &&
1293 	    strcasecmp(policy->ta_name, "search") == 0) {
1295 	} else if (policy->ta_name != NULL && policy->ta_serial != NULL) {
1297 	} else if (policy->ta_name == NULL && policy->ta_serial == NULL) {
1307 	if (has_ta == B_FALSE && policy->ignore_trust_anchor == B_FALSE)
1310 	if (policy->revocation & KMF_REVOCATION_METHOD_OCSP) {
1315 		if ((policy->VAL_OCSP_BASIC.responderURI == NULL &&
1316 		    policy->VAL_OCSP_BASIC.uri_from_cert == B_FALSE) ||
1317 		    (policy->VAL_OCSP_BASIC.responderURI != NULL &&
1318 		    policy->VAL_OCSP_BASIC.uri_from_cert == B_TRUE))
1325 		if ((policy->VAL_OCSP_RESP_CERT.name != NULL &&
1326 		    policy->VAL_OCSP_RESP_CERT.serial == NULL) ||
1327 		    (policy->VAL_OCSP_RESP_CERT.name == NULL &&
1328 		    policy->VAL_OCSP_RESP_CERT.serial != NULL))
1336  * Update the KMF policy file by creating a new XML Policy doc tree
1338  * is true, then we check the policy sanity also.
1341 kmf_add_policy_to_db(KMF_POLICY_RECORD *policy, char *dbfilename,
1349 	if (policy == NULL || dbfilename == NULL)
1353 		if (ret = kmf_verify_policy(policy))
1381 		 * If the DB has an existing policy of the
1384 		ret = deletePolicyNode(node, policy->name);
1408 	/* Append the new policy info to the root node. */
1415 		ret = addPolicyNode(pnode, policy);

Indexes created Wed Aug 28 06:45:35 MDT 2024