-/*
- * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE);
- */
-
-static STACK_OF(POLICYINFO) *r2i_certpol(method, ctx, value)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-char *value;
-{
- STACK_OF(POLICYINFO) *pols = NULL;
- char *pstr;
- POLICYINFO *pol;
- ASN1_OBJECT *pobj;
- STACK *vals;
- CONF_VALUE *cnf;
- int i;
- pols = sk_POLICYINFO_new_null();
- vals = X509V3_parse_list(value);
- for(i = 0; i < sk_num(vals); i++) {
- cnf = (CONF_VALUE *)sk_value(vals, i);
- if(cnf->value || !cnf->name ) {
- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pstr = cnf->name;
- if(*pstr == '@') {
- STACK *polsect;
- polsect = X509V3_get_section(ctx, pstr + 1);
- if(!polsect) {
- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- pol = policy_section(ctx, polsect);
- X509V3_section_free(ctx, polsect);
- if(!pol) goto err;
- } else {
- if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pol = POLICYINFO_new();
- pol->policyid = pobj;
- }
- sk_POLICYINFO_push(pols, pol);
- }
- sk_pop_free(vals, X509V3_conf_free);
- return pols;
- err:
- sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
- return NULL;
-}
-
-static POLICYINFO *policy_section(ctx, polstrs)
-X509V3_CTX *ctx;
-STACK *polstrs;
-{
- int i;
- CONF_VALUE *cnf;
- POLICYINFO *pol;
- POLICYQUALINFO *qual;
- if(!(pol = POLICYINFO_new())) goto merr;
- for(i = 0; i < sk_num(polstrs); i++) {
- cnf = (CONF_VALUE *)sk_value(polstrs, i);
- if(!strcmp(cnf->name, "policyIdentifier")) {
- ASN1_OBJECT *pobj;
- if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pol->policyid = pobj;
-
- } else if(!name_cmp(cnf->name, "CPS")) {
- if(!pol->qualifiers) pol->qualifiers =
- sk_POLICYQUALINFO_new_null();
- if(!(qual = POLICYQUALINFO_new())) goto merr;
- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
- goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
- qual->d.cpsuri = ASN1_IA5STRING_new();
- if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
- strlen(cnf->value))) goto merr;
- } else if(!name_cmp(cnf->name, "userNotice")) {
- STACK *unot;
- if(*cnf->value != '@') {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
- X509V3_conf_err(cnf);
- goto err;
- }
- unot = X509V3_get_section(ctx, cnf->value + 1);
- if(!unot) {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- qual = notice_section(ctx, unot);
- X509V3_section_free(ctx, unot);
- if(!qual) goto err;
- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
- goto merr;
- } else {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- }
- if(!pol->policyid) {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
- goto err;
- }
-
- return pol;
-
- err:
- POLICYINFO_free(pol);
- return NULL;
-
- merr:
- X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
- POLICYINFO_free(pol);
- return NULL;
-
-}
-
-static POLICYQUALINFO *notice_section(ctx, unot)
-X509V3_CTX *ctx;
-STACK *unot;
-{
- int i;
- CONF_VALUE *cnf;
- USERNOTICE *not;
- POLICYQUALINFO *qual;
- if(!(qual = POLICYQUALINFO_new())) goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
- if(!(not = USERNOTICE_new())) goto merr;
- qual->d.usernotice = not;
- for(i = 0; i < sk_num(unot); i++) {
- cnf = (CONF_VALUE *)sk_value(unot, i);
- if(!strcmp(cnf->name, "explicitText")) {
- not->exptext = ASN1_VISIBLESTRING_new();
- if(!ASN1_STRING_set(not->exptext, cnf->value,
- strlen(cnf->value))) goto merr;
- } else if(!strcmp(cnf->name, "organization")) {
- NOTICEREF *nref;
- if(!not->noticeref) {
- if(!(nref = NOTICEREF_new())) goto merr;
- not->noticeref = nref;
- } else nref = not->noticeref;
- nref->organization = ASN1_VISIBLESTRING_new();
- if(!ASN1_STRING_set(nref->organization, cnf->value,
- strlen(cnf->value))) goto merr;
- } else if(!strcmp(cnf->name, "noticeNumbers")) {
- NOTICEREF *nref;
- STACK *nos;
- if(!not->noticeref) {
- if(!(nref = NOTICEREF_new())) goto merr;
- not->noticeref = nref;
- } else nref = not->noticeref;
- nos = X509V3_parse_list(cnf->value);
- if(!nos || !sk_num(nos)) {
- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
- X509V3_conf_err(cnf);
- goto err;
- }
- nref->noticenos = nref_nos(nos);
- sk_pop_free(nos, X509V3_conf_free);
- if(!nref->noticenos) goto err;
- } else {
- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- }
-
- if(not->noticeref &&
- (!not->noticeref->noticenos || !not->noticeref->organization)) {
- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
- goto err;
- }
-
- return qual;
-
- err:
- POLICYQUALINFO_free(qual);
- return NULL;
-
- merr:
- X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
- POLICYQUALINFO_free(qual);
- return NULL;
-}
-
-static STACK *nref_nos(nos)
-STACK *nos;
-{
- STACK *nnums;
- CONF_VALUE *cnf;
- ASN1_INTEGER *aint;
- int i;
- if(!(nnums = sk_new_null())) goto merr;
- for(i = 0; i < sk_num(nos); i++) {
- cnf = (CONF_VALUE *)sk_value(nos, i);
- if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
- X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
- goto err;
- }
- if(!sk_push(nnums, (char *)aint)) goto merr;
- }
- return nnums;
-
- err:
- sk_pop_free(nnums, ASN1_STRING_free);
- return NULL;
-
- merr:
- X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
- sk_pop_free(nnums, ASN1_STRING_free);
- return NULL;
-}
-
-
-static int i2r_certpol(method, pol, out, indent)
-X509V3_EXT_METHOD *method;
-STACK_OF(POLICYINFO) *pol;
-BIO *out;
-int indent;
-{
- int i;
- POLICYINFO *pinfo;
- /* First print out the policy OIDs */
- for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
- pinfo = sk_POLICYINFO_value(pol, i);
- BIO_printf(out, "%*sPolicy: ", indent, "");
- i2a_ASN1_OBJECT(out, pinfo->policyid);
- BIO_puts(out, "\n");
- if(pinfo->qualifiers)
- print_qualifiers(out, pinfo->qualifiers, indent + 2);
- }
- return 1;
-}
-
-
-int i2d_CERTIFICATEPOLICIES(a, pp)
-STACK_OF(POLICYINFO) *a;
-unsigned char **pp;
-{
-
-return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL, IS_SEQUENCE);}
-
-STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new()
-{
- return sk_POLICYINFO_new_null();
-}
-
-void CERTIFICATEPOLICIES_free(a)
-STACK_OF(POLICYINFO) *a;
-{
- sk_POLICYINFO_pop_free(a, POLICYINFO_free);
-}
-
-STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(a,pp,length)
-STACK_OF(POLICYINFO) **a;
-unsigned char **pp;
-long length;
-{
-return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
- POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-
-}
-
-IMPLEMENT_STACK_OF(POLICYINFO)
-IMPLEMENT_ASN1_SET_OF(POLICYINFO)
-
-int i2d_POLICYINFO(a,pp)
-POLICYINFO *a;
-unsigned char **pp;
-{
- M_ASN1_I2D_vars(a);
-
- M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
- M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
- i2d_POLICYQUALINFO);
-
- M_ASN1_I2D_seq_total();
-
- M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
- M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
- i2d_POLICYQUALINFO);
-
- M_ASN1_I2D_finish();
-}
-
-POLICYINFO *POLICYINFO_new()
-{
- POLICYINFO *ret=NULL;
- ASN1_CTX c;
- M_ASN1_New_Malloc(ret, POLICYINFO);
- ret->policyid = NULL;
- ret->qualifiers = NULL;
- return (ret);
- M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
-}
-
-POLICYINFO *d2i_POLICYINFO(a,pp,length)
-POLICYINFO **a;
-unsigned char **pp;
-long length;
-{
- M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
- if(!M_ASN1_D2I_end_sequence()) {
- M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
- d2i_POLICYQUALINFO, POLICYQUALINFO_free);
- }
- M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
-}
-
-void POLICYINFO_free(a)
-POLICYINFO *a;
-{
- if (a == NULL) return;
- ASN1_OBJECT_free(a->policyid);
- sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
- Free (a);
-}
-
-static void print_qualifiers(out, quals, indent)
-BIO *out;
-STACK_OF(POLICYQUALINFO) *quals;
-int indent;
-{
- POLICYQUALINFO *qualinfo;
- int i;
- for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
- qualinfo = sk_POLICYQUALINFO_value(quals, i);
- switch(OBJ_obj2nid(qualinfo->pqualid))
- {
- case NID_id_qt_cps:
- BIO_printf(out, "%*sCPS: %s\n", indent, "",
- qualinfo->d.cpsuri->data);
- break;
-
- case NID_id_qt_unotice:
- BIO_printf(out, "%*sUser Notice:\n", indent, "");
- print_notice(out, qualinfo->d.usernotice, indent + 2);
- break;
-
- default:
- BIO_printf(out, "%*sUnknown Qualifier: ",
- indent + 2, "");
-
- i2a_ASN1_OBJECT(out, qualinfo->pqualid);
- BIO_puts(out, "\n");
- break;
- }
- }
-}