2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34 dn_append(void *ctx, const void *buf, size_t len)
36 VEC_ADDMANY(*(bvector *)ctx, buf, len);
40 certificate_to_trust_anchor_inner(br_x509_trust_anchor *ta,
41 br_x509_certificate *xc)
43 br_x509_decoder_context dc;
44 bvector vdn = VEC_INIT;
47 br_x509_decoder_init(&dc, dn_append, &vdn);
48 br_x509_decoder_push(&dc, xc->data, xc->data_len);
49 pk = br_x509_decoder_get_pkey(&dc);
51 fprintf(stderr, "ERROR: CA decoding failed with error %d\n",
52 br_x509_decoder_last_error(&dc));
56 ta->dn.data = VEC_TOARRAY(vdn);
57 ta->dn.len = VEC_LEN(vdn);
60 if (br_x509_decoder_isCA(&dc)) {
61 ta->flags |= BR_X509_TA_CA;
63 switch (pk->key_type) {
65 ta->pkey.key_type = BR_KEYTYPE_RSA;
66 ta->pkey.key.rsa.n = xblobdup(pk->key.rsa.n, pk->key.rsa.nlen);
67 ta->pkey.key.rsa.nlen = pk->key.rsa.nlen;
68 ta->pkey.key.rsa.e = xblobdup(pk->key.rsa.e, pk->key.rsa.elen);
69 ta->pkey.key.rsa.elen = pk->key.rsa.elen;
72 ta->pkey.key_type = BR_KEYTYPE_EC;
73 ta->pkey.key.ec.curve = pk->key.ec.curve;
74 ta->pkey.key.ec.q = xblobdup(pk->key.ec.q, pk->key.ec.qlen);
75 ta->pkey.key.ec.qlen = pk->key.ec.qlen;
78 fprintf(stderr, "ERROR: unsupported public key type in CA\n");
86 br_x509_trust_anchor *
87 certificate_to_trust_anchor(br_x509_certificate *xc)
89 br_x509_trust_anchor ta;
91 if (certificate_to_trust_anchor_inner(&ta, xc) < 0) {
94 return xblobdup(&ta, sizeof ta);
100 free_ta_contents(br_x509_trust_anchor *ta)
103 switch (ta->pkey.key_type) {
105 xfree(ta->pkey.key.rsa.n);
106 xfree(ta->pkey.key.rsa.e);
109 xfree(ta->pkey.key.ec.q);
116 read_trust_anchors(anchor_list *dst, const char *fname)
118 br_x509_certificate *xcs;
119 anchor_list tas = VEC_INIT;
122 xcs = read_certificates(fname, &num);
126 for (u = 0; u < num; u ++) {
127 br_x509_trust_anchor ta;
129 if (certificate_to_trust_anchor_inner(&ta, &xcs[u]) < 0) {
130 VEC_CLEAREXT(tas, free_ta_contents);
131 free_certificates(xcs, num);
136 VEC_ADDMANY(*dst, &VEC_ELT(tas, 0), num);
138 free_certificates(xcs, num);
144 get_cert_signer_algo(br_x509_certificate *xc)
146 br_x509_decoder_context dc;
149 br_x509_decoder_init(&dc, 0, 0);
150 br_x509_decoder_push(&dc, xc->data, xc->data_len);
151 err = br_x509_decoder_last_error(&dc);
154 "ERROR: certificate decoding failed with error %d\n",
158 return br_x509_decoder_get_signer_key_type(&dc);
162 xwc_start_chain(const br_x509_class **ctx, const char *server_name)
164 x509_noanchor_context *xwc;
166 xwc = (x509_noanchor_context *)ctx;
167 (*xwc->inner)->start_chain(xwc->inner, server_name);
171 xwc_start_cert(const br_x509_class **ctx, uint32_t length)
173 x509_noanchor_context *xwc;
175 xwc = (x509_noanchor_context *)ctx;
176 (*xwc->inner)->start_cert(xwc->inner, length);
180 xwc_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)
182 x509_noanchor_context *xwc;
184 xwc = (x509_noanchor_context *)ctx;
185 (*xwc->inner)->append(xwc->inner, buf, len);
189 xwc_end_cert(const br_x509_class **ctx)
191 x509_noanchor_context *xwc;
193 xwc = (x509_noanchor_context *)ctx;
194 (*xwc->inner)->end_cert(xwc->inner);
198 xwc_end_chain(const br_x509_class **ctx)
200 x509_noanchor_context *xwc;
203 xwc = (x509_noanchor_context *)ctx;
204 r = (*xwc->inner)->end_chain(xwc->inner);
205 if (r == BR_ERR_X509_NOT_TRUSTED) {
211 static const br_x509_pkey *
212 xwc_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
214 x509_noanchor_context *xwc;
216 xwc = (x509_noanchor_context *)ctx;
217 return (*xwc->inner)->get_pkey(xwc->inner, usages);
221 const br_x509_class x509_noanchor_vtable = {
222 sizeof(x509_noanchor_context),
233 x509_noanchor_init(x509_noanchor_context *xwc, const br_x509_class **inner)
235 xwc->vtable = &x509_noanchor_vtable;