提交 231493c9 编写于 作者: D Dr. Stephen Henson

Initial print only support for IDP CRL extension.

上级 20a90e3a
......@@ -4,7 +4,8 @@
Changes between 0.9.8 and 0.9.9 [xx XXX xxxx]
*)
*) Add print only support for Issuing Distribution Point CRL extension.
[Steve Henson]
Changes between 0.9.8 and 0.9.8a [XX xxx XXXX]
......
......@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 751
#define NUM_SN 747
#define NUM_LN 747
#define NUM_OBJ 709
#define NUM_NID 752
#define NUM_SN 748
#define NUM_LN 748
#define NUM_OBJ 710
static unsigned char lvalues[5002]={
static unsigned char lvalues[5005]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
......@@ -777,6 +777,7 @@ static unsigned char lvalues[5002]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4977] OBJ_id_ppl_anyLanguage */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4985] OBJ_id_ppl_inheritAll */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4993] OBJ_Independent */
0x55,0x1D,0x1C, /* [5001] OBJ_issuing_distribution_point */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
......@@ -1945,6 +1946,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
&(lvalues[4985]),0},
{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4993]),0},
{"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
NID_issuing_distribution_point,3,&(lvalues[5001]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
......@@ -2382,6 +2385,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[295]),/* "ipsecTunnel" */
&(nid_objs[296]),/* "ipsecUser" */
&(nid_objs[86]),/* "issuerAltName" */
&(nid_objs[751]),/* "issuingDistributionPoint" */
&(nid_objs[492]),/* "janetMailbox" */
&(nid_objs[150]),/* "keyBag" */
&(nid_objs[83]),/* "keyUsage" */
......@@ -2797,6 +2801,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[739]),/* "X509v3 Inhibit Any Policy" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[751]),/* "X509v3 Issuing Distrubution Point" */
&(nid_objs[83]),/* "X509v3 Key Usage" */
&(nid_objs[736]),/* "X509v3 Name Constraints" */
&(nid_objs[403]),/* "X509v3 No Revocation Available" */
......@@ -3502,6 +3507,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */
&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */
&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */
&(nid_objs[751]),/* OBJ_issuing_distribution_point 2 5 29 28 */
&(nid_objs[736]),/* OBJ_name_constraints 2 5 29 30 */
&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */
&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */
......
......@@ -2094,6 +2094,11 @@
#define NID_delta_crl 140
#define OBJ_delta_crl OBJ_id_ce,27L
#define SN_issuing_distribution_point "issuingDistributionPoint"
#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point"
#define NID_issuing_distribution_point 751
#define OBJ_issuing_distribution_point OBJ_id_ce,28L
#define SN_name_constraints "nameConstraints"
#define LN_name_constraints "X509v3 Name Constraints"
#define NID_name_constraints 736
......
......@@ -748,3 +748,4 @@ proxyCertInfo 747
id_ppl_anyLanguage 748
id_ppl_inheritAll 749
Independent 750
issuing_distribution_point 751
......@@ -677,6 +677,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code
id-ce 24 : invalidityDate : Invalidity Date
!Cname delta-crl
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
!Cname issuing-distribution-point
id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point
!Cname name-constraints
id-ce 30 : nameConstraints : X509v3 Name Constraints
!Cname crl-distribution-points
......
......@@ -66,7 +66,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
/* This table will be searched using OBJ_bsearch so it *must* kept in
* order of the ext_nid values.
......@@ -115,7 +115,8 @@ static X509V3_EXT_METHOD *standard_exts[] = {
&v3_name_constraints,
&v3_policy_mappings,
&v3_inhibit_anyp,
&v3_pci
&v3_pci,
&v3_idp
};
/* Number of standard extensions */
......
......@@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999, 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -160,3 +160,112 @@ ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
static int i2r_idp(X509V3_EXT_METHOD *method,
void *pidp, BIO *out, int indent);
X509V3_EXT_METHOD v3_idp =
{
NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
ASN1_ITEM_ref(ISSUING_DIST_POINT),
0,0,0,0,
0,0,
0,0,
i2r_idp,0,
NULL
};
static const BIT_STRING_BITNAME reason_flags[] = {
{1, "Key Compromise", "keyCompromise"},
{2, "CA Compromise", "CACompromise"},
{3, "Affiliation Changed", "affiliationChanged"},
{4, "Superseded", "superseded"},
{5, "Cessation Of Operation", "cessationOfOperation"},
{6, "Certificate Hold", "certificateHold"},
{7, "Privilege Withdrawn", "privilegeWithdrawn"},
{8, "AA Compromise", "AACompromise"},
{-1, NULL, NULL}
};
static int print_reasons(BIO *out, const char *rname,
ASN1_BIT_STRING *rflags, int indent)
{
int first = 1;
const BIT_STRING_BITNAME *pbn;
BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
for (pbn = reason_flags; pbn->lname; pbn++)
{
if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
{
if (first)
first = 0;
else
BIO_puts(out, ",");
BIO_puts(out, pbn->lname);
}
}
if (first)
BIO_puts(out, "<EMPTY>\n");
else
BIO_puts(out, "\n");
return 1;
}
static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
{
int i;
if (dpn->type == 0)
{
STACK_OF(GENERAL_NAME) *gens;
BIO_printf(out, "%*sFull Name:\n", indent, "");
gens = dpn->name.fullname;
for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
{
BIO_printf(out, "%*s", indent + 2, "");
GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
}
}
else
{
X509_NAME ntmp;
ntmp.entries = dpn->name.relativename;
BIO_printf(out, "%*sRelative Name:\n%*s",
indent, "", indent + 2, "");
X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
BIO_puts(out, "\n");
}
return 1;
}
static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
{
ISSUING_DIST_POINT *idp = pidp;
if (idp->distpoint)
print_distpoint(out, idp->distpoint, indent);
if (idp->onlyuser > 0)
BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
if (idp->onlyCA > 0)
BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
if (idp->indirectCRL > 0)
BIO_printf(out, "%*sIndirect CRL\n", indent, "");
if (idp->onlysomereasons)
print_reasons(out, "Only Some Reasons",
idp->onlysomereasons, indent);
if (idp->onlyattr > 0)
BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
&& (idp->indirectCRL <= 0) && !idp->onlysomereasons
&& (idp->onlyattr <= 0))
BIO_printf(out, "%*s<EMPTY>\n", indent, "");
return 1;
}
......@@ -329,6 +329,15 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st
DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
typedef struct ISSUING_DIST_POINT_st
{
DIST_POINT_NAME *distpoint;
int onlyuser;
int onlyCA;
ASN1_BIT_STRING *onlysomereasons;
int indirectCRL;
int onlyattr;
} ISSUING_DIST_POINT;
#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
",name:", val->name, ",value:", val->value);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册