/src/openssl/crypto/x509/v3_cpols.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/conf.h> |
13 | | #include <openssl/asn1.h> |
14 | | #include <openssl/asn1t.h> |
15 | | #include <openssl/x509v3.h> |
16 | | |
17 | | #include "x509_local.h" |
18 | | #include "pcy_local.h" |
19 | | #include "ext_dat.h" |
20 | | |
21 | | /* Certificate policies extension support: this one is a bit complex... */ |
22 | | |
23 | | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, |
24 | | BIO *out, int indent); |
25 | | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, |
26 | | X509V3_CTX *ctx, const char *value); |
27 | | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
28 | | int indent); |
29 | | static void print_notice(BIO *out, USERNOTICE *notice, int indent); |
30 | | static POLICYINFO *policy_section(X509V3_CTX *ctx, |
31 | | STACK_OF(CONF_VALUE) *polstrs, int ia5org); |
32 | | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
33 | | STACK_OF(CONF_VALUE) *unot, int ia5org); |
34 | | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); |
35 | | static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); |
36 | | static int displaytext_get_tag_len(const char *tagstr); |
37 | | |
38 | | const X509V3_EXT_METHOD ossl_v3_cpols = { |
39 | | NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), |
40 | | 0, 0, 0, 0, |
41 | | 0, 0, |
42 | | 0, 0, |
43 | | (X509V3_EXT_I2R)i2r_certpol, |
44 | | (X509V3_EXT_R2I)r2i_certpol, |
45 | | NULL |
46 | | }; |
47 | | |
48 | | ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = |
49 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) |
50 | | ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) |
51 | | |
52 | | IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) |
53 | | |
54 | | ASN1_SEQUENCE(POLICYINFO) = { |
55 | | ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), |
56 | | ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) |
57 | | } ASN1_SEQUENCE_END(POLICYINFO) |
58 | | |
59 | | IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) |
60 | | |
61 | | ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); |
62 | | |
63 | | ASN1_ADB(POLICYQUALINFO) = { |
64 | | ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), |
65 | | ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) |
66 | | } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); |
67 | | |
68 | | ASN1_SEQUENCE(POLICYQUALINFO) = { |
69 | | ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), |
70 | | ASN1_ADB_OBJECT(POLICYQUALINFO) |
71 | | } ASN1_SEQUENCE_END(POLICYQUALINFO) |
72 | | |
73 | | IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) |
74 | | |
75 | | ASN1_SEQUENCE(USERNOTICE) = { |
76 | | ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), |
77 | | ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) |
78 | | } ASN1_SEQUENCE_END(USERNOTICE) |
79 | | |
80 | | IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) |
81 | | |
82 | | ASN1_SEQUENCE(NOTICEREF) = { |
83 | | ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), |
84 | | ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) |
85 | | } ASN1_SEQUENCE_END(NOTICEREF) |
86 | | |
87 | | IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) |
88 | | |
89 | | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, |
90 | | X509V3_CTX *ctx, const char *value) |
91 | 0 | { |
92 | 0 | STACK_OF(POLICYINFO) *pols; |
93 | 0 | char *pstr; |
94 | 0 | POLICYINFO *pol; |
95 | 0 | ASN1_OBJECT *pobj; |
96 | 0 | STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); |
97 | 0 | CONF_VALUE *cnf; |
98 | 0 | const int num = sk_CONF_VALUE_num(vals); |
99 | 0 | int i, ia5org; |
100 | |
|
101 | 0 | if (vals == NULL) { |
102 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_X509V3_LIB); |
103 | 0 | return NULL; |
104 | 0 | } |
105 | | |
106 | 0 | pols = sk_POLICYINFO_new_reserve(NULL, num); |
107 | 0 | if (pols == NULL) { |
108 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
109 | 0 | goto err; |
110 | 0 | } |
111 | | |
112 | 0 | ia5org = 0; |
113 | 0 | for (i = 0; i < num; i++) { |
114 | 0 | cnf = sk_CONF_VALUE_value(vals, i); |
115 | 0 | if (cnf->value != NULL || cnf->name == NULL) { |
116 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); |
117 | 0 | X509V3_conf_add_error_name_value(cnf); |
118 | 0 | goto err; |
119 | 0 | } |
120 | 0 | pstr = cnf->name; |
121 | 0 | if (strcmp(pstr, "ia5org") == 0) { |
122 | 0 | ia5org = 1; |
123 | 0 | continue; |
124 | 0 | } else if (*pstr == '@') { |
125 | 0 | STACK_OF(CONF_VALUE) *polsect; |
126 | |
|
127 | 0 | polsect = X509V3_get_section(ctx, pstr + 1); |
128 | 0 | if (polsect == NULL) { |
129 | 0 | ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION, |
130 | 0 | "%s", cnf->name); |
131 | 0 | goto err; |
132 | 0 | } |
133 | 0 | pol = policy_section(ctx, polsect, ia5org); |
134 | 0 | X509V3_section_free(ctx, polsect); |
135 | 0 | if (pol == NULL) |
136 | 0 | goto err; |
137 | 0 | } else { |
138 | 0 | if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { |
139 | 0 | ERR_raise_data(ERR_LIB_X509V3, |
140 | 0 | X509V3_R_INVALID_OBJECT_IDENTIFIER, |
141 | 0 | "%s", cnf->name); |
142 | 0 | goto err; |
143 | 0 | } |
144 | 0 | pol = POLICYINFO_new(); |
145 | 0 | if (pol == NULL) { |
146 | 0 | ASN1_OBJECT_free(pobj); |
147 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
148 | 0 | goto err; |
149 | 0 | } |
150 | 0 | pol->policyid = pobj; |
151 | 0 | } |
152 | 0 | if (!sk_POLICYINFO_push(pols, pol)) { |
153 | 0 | POLICYINFO_free(pol); |
154 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
155 | 0 | goto err; |
156 | 0 | } |
157 | 0 | } |
158 | 0 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); |
159 | 0 | return pols; |
160 | 0 | err: |
161 | 0 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); |
162 | 0 | sk_POLICYINFO_pop_free(pols, POLICYINFO_free); |
163 | 0 | return NULL; |
164 | 0 | } |
165 | | |
166 | | static POLICYINFO *policy_section(X509V3_CTX *ctx, |
167 | | STACK_OF(CONF_VALUE) *polstrs, int ia5org) |
168 | 0 | { |
169 | 0 | int i; |
170 | 0 | CONF_VALUE *cnf; |
171 | 0 | POLICYINFO *pol; |
172 | 0 | POLICYQUALINFO *qual; |
173 | |
|
174 | 0 | if ((pol = POLICYINFO_new()) == NULL) { |
175 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
176 | 0 | goto err; |
177 | 0 | } |
178 | 0 | for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { |
179 | 0 | cnf = sk_CONF_VALUE_value(polstrs, i); |
180 | 0 | if (strcmp(cnf->name, "policyIdentifier") == 0) { |
181 | 0 | ASN1_OBJECT *pobj; |
182 | |
|
183 | 0 | if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { |
184 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); |
185 | 0 | X509V3_conf_err(cnf); |
186 | 0 | goto err; |
187 | 0 | } |
188 | 0 | pol->policyid = pobj; |
189 | |
|
190 | 0 | } else if (!ossl_v3_name_cmp(cnf->name, "CPS")) { |
191 | 0 | if (pol->qualifiers == NULL) |
192 | 0 | pol->qualifiers = sk_POLICYQUALINFO_new_null(); |
193 | 0 | if ((qual = POLICYQUALINFO_new()) == NULL) { |
194 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
195 | 0 | goto err; |
196 | 0 | } |
197 | 0 | if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) { |
198 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
199 | 0 | goto err; |
200 | 0 | } |
201 | 0 | if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { |
202 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_INTERNAL_ERROR); |
203 | 0 | goto err; |
204 | 0 | } |
205 | 0 | if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) { |
206 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
207 | 0 | goto err; |
208 | 0 | } |
209 | 0 | if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, |
210 | 0 | strlen(cnf->value))) { |
211 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
212 | 0 | goto err; |
213 | 0 | } |
214 | 0 | } else if (!ossl_v3_name_cmp(cnf->name, "userNotice")) { |
215 | 0 | STACK_OF(CONF_VALUE) *unot; |
216 | 0 | if (*cnf->value != '@') { |
217 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); |
218 | 0 | X509V3_conf_err(cnf); |
219 | 0 | goto err; |
220 | 0 | } |
221 | 0 | unot = X509V3_get_section(ctx, cnf->value + 1); |
222 | 0 | if (!unot) { |
223 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION); |
224 | |
|
225 | 0 | X509V3_conf_err(cnf); |
226 | 0 | goto err; |
227 | 0 | } |
228 | 0 | qual = notice_section(ctx, unot, ia5org); |
229 | 0 | X509V3_section_free(ctx, unot); |
230 | 0 | if (!qual) |
231 | 0 | goto err; |
232 | 0 | if (pol->qualifiers == NULL) |
233 | 0 | pol->qualifiers = sk_POLICYQUALINFO_new_null(); |
234 | 0 | if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) { |
235 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
236 | 0 | goto err; |
237 | 0 | } |
238 | 0 | } else { |
239 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OPTION); |
240 | 0 | X509V3_conf_err(cnf); |
241 | 0 | goto err; |
242 | 0 | } |
243 | 0 | } |
244 | 0 | if (pol->policyid == NULL) { |
245 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_POLICY_IDENTIFIER); |
246 | 0 | goto err; |
247 | 0 | } |
248 | | |
249 | 0 | return pol; |
250 | | |
251 | 0 | err: |
252 | 0 | POLICYINFO_free(pol); |
253 | 0 | return NULL; |
254 | 0 | } |
255 | | |
256 | | static int displaytext_get_tag_len(const char *tagstr) |
257 | 0 | { |
258 | 0 | char *colon = strchr(tagstr, ':'); |
259 | |
|
260 | 0 | return (colon == NULL) ? -1 : colon - tagstr; |
261 | 0 | } |
262 | | |
263 | | static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) |
264 | 0 | { |
265 | 0 | int len; |
266 | |
|
267 | 0 | *tag_len = 0; |
268 | 0 | len = displaytext_get_tag_len(tagstr); |
269 | |
|
270 | 0 | if (len == -1) |
271 | 0 | return V_ASN1_VISIBLESTRING; |
272 | 0 | *tag_len = len; |
273 | 0 | if (len == sizeof("UTF8") - 1 && HAS_PREFIX(tagstr, "UTF8")) |
274 | 0 | return V_ASN1_UTF8STRING; |
275 | 0 | if (len == sizeof("UTF8String") - 1 && HAS_PREFIX(tagstr, "UTF8String")) |
276 | 0 | return V_ASN1_UTF8STRING; |
277 | 0 | if (len == sizeof("BMP") - 1 && HAS_PREFIX(tagstr, "BMP")) |
278 | 0 | return V_ASN1_BMPSTRING; |
279 | 0 | if (len == sizeof("BMPSTRING") - 1 && HAS_PREFIX(tagstr, "BMPSTRING")) |
280 | 0 | return V_ASN1_BMPSTRING; |
281 | 0 | if (len == sizeof("VISIBLE") - 1 && HAS_PREFIX(tagstr, "VISIBLE")) |
282 | 0 | return V_ASN1_VISIBLESTRING; |
283 | 0 | if (len == sizeof("VISIBLESTRING") - 1 && HAS_PREFIX(tagstr, "VISIBLESTRING")) |
284 | 0 | return V_ASN1_VISIBLESTRING; |
285 | 0 | *tag_len = 0; |
286 | 0 | return V_ASN1_VISIBLESTRING; |
287 | 0 | } |
288 | | |
289 | | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
290 | | STACK_OF(CONF_VALUE) *unot, int ia5org) |
291 | 0 | { |
292 | 0 | int i, ret, len, tag; |
293 | 0 | unsigned int tag_len; |
294 | 0 | CONF_VALUE *cnf; |
295 | 0 | USERNOTICE *not; |
296 | 0 | POLICYQUALINFO *qual; |
297 | 0 | char *value = NULL; |
298 | |
|
299 | 0 | if ((qual = POLICYQUALINFO_new()) == NULL) { |
300 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
301 | 0 | goto err; |
302 | 0 | } |
303 | 0 | if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { |
304 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_INTERNAL_ERROR); |
305 | 0 | goto err; |
306 | 0 | } |
307 | 0 | if ((not = USERNOTICE_new()) == NULL) { |
308 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
309 | 0 | goto err; |
310 | 0 | } |
311 | 0 | qual->d.usernotice = not; |
312 | 0 | for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { |
313 | 0 | cnf = sk_CONF_VALUE_value(unot, i); |
314 | |
|
315 | 0 | value = cnf->value; |
316 | 0 | if (strcmp(cnf->name, "explicitText") == 0) { |
317 | 0 | tag = displaytext_str2tag(value, &tag_len); |
318 | 0 | if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL) { |
319 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
320 | 0 | goto err; |
321 | 0 | } |
322 | 0 | if (tag_len != 0) |
323 | 0 | value += tag_len + 1; |
324 | 0 | len = strlen(value); |
325 | 0 | if (!ASN1_STRING_set(not->exptext, value, len)) { |
326 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
327 | 0 | goto err; |
328 | 0 | } |
329 | 0 | } else if (strcmp(cnf->name, "organization") == 0) { |
330 | 0 | NOTICEREF *nref; |
331 | |
|
332 | 0 | if (!not->noticeref) { |
333 | 0 | if ((nref = NOTICEREF_new()) == NULL) { |
334 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
335 | 0 | goto err; |
336 | 0 | } |
337 | 0 | not->noticeref = nref; |
338 | 0 | } else |
339 | 0 | nref = not->noticeref; |
340 | 0 | if (ia5org) |
341 | 0 | nref->organization->type = V_ASN1_IA5STRING; |
342 | 0 | else |
343 | 0 | nref->organization->type = V_ASN1_VISIBLESTRING; |
344 | 0 | if (!ASN1_STRING_set(nref->organization, cnf->value, |
345 | 0 | strlen(cnf->value))) { |
346 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
347 | 0 | goto err; |
348 | 0 | } |
349 | 0 | } else if (strcmp(cnf->name, "noticeNumbers") == 0) { |
350 | 0 | NOTICEREF *nref; |
351 | |
|
352 | 0 | STACK_OF(CONF_VALUE) *nos; |
353 | 0 | if (!not->noticeref) { |
354 | 0 | if ((nref = NOTICEREF_new()) == NULL) { |
355 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
356 | 0 | goto err; |
357 | 0 | } |
358 | 0 | not->noticeref = nref; |
359 | 0 | } else |
360 | 0 | nref = not->noticeref; |
361 | 0 | nos = X509V3_parse_list(cnf->value); |
362 | 0 | if (!nos || !sk_CONF_VALUE_num(nos)) { |
363 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NUMBERS); |
364 | 0 | X509V3_conf_add_error_name_value(cnf); |
365 | 0 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); |
366 | 0 | goto err; |
367 | 0 | } |
368 | 0 | ret = nref_nos(nref->noticenos, nos); |
369 | 0 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); |
370 | 0 | if (!ret) |
371 | 0 | goto err; |
372 | 0 | } else { |
373 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OPTION); |
374 | 0 | X509V3_conf_add_error_name_value(cnf); |
375 | 0 | goto err; |
376 | 0 | } |
377 | 0 | } |
378 | | |
379 | 0 | if (not->noticeref && |
380 | 0 | (!not->noticeref->noticenos || !not->noticeref->organization)) { |
381 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); |
382 | 0 | goto err; |
383 | 0 | } |
384 | | |
385 | 0 | return qual; |
386 | | |
387 | 0 | err: |
388 | 0 | POLICYQUALINFO_free(qual); |
389 | 0 | return NULL; |
390 | 0 | } |
391 | | |
392 | | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) |
393 | 0 | { |
394 | 0 | CONF_VALUE *cnf; |
395 | 0 | ASN1_INTEGER *aint; |
396 | |
|
397 | 0 | int i; |
398 | |
|
399 | 0 | for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { |
400 | 0 | cnf = sk_CONF_VALUE_value(nos, i); |
401 | 0 | if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { |
402 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NUMBER); |
403 | 0 | return 0; |
404 | 0 | } |
405 | 0 | if (!sk_ASN1_INTEGER_push(nnums, aint)) { |
406 | 0 | ASN1_INTEGER_free(aint); |
407 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
408 | 0 | return 0; |
409 | 0 | } |
410 | 0 | } |
411 | 0 | return 1; |
412 | 0 | } |
413 | | |
414 | | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, |
415 | | BIO *out, int indent) |
416 | 0 | { |
417 | 0 | int i; |
418 | 0 | POLICYINFO *pinfo; |
419 | | /* First print out the policy OIDs */ |
420 | 0 | for (i = 0; i < sk_POLICYINFO_num(pol); i++) { |
421 | 0 | if (i > 0) |
422 | 0 | BIO_puts(out, "\n"); |
423 | 0 | pinfo = sk_POLICYINFO_value(pol, i); |
424 | 0 | BIO_printf(out, "%*sPolicy: ", indent, ""); |
425 | 0 | i2a_ASN1_OBJECT(out, pinfo->policyid); |
426 | 0 | if (pinfo->qualifiers) { |
427 | 0 | BIO_puts(out, "\n"); |
428 | 0 | print_qualifiers(out, pinfo->qualifiers, indent + 2); |
429 | 0 | } |
430 | 0 | } |
431 | 0 | return 1; |
432 | 0 | } |
433 | | |
434 | | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
435 | | int indent) |
436 | 0 | { |
437 | 0 | POLICYQUALINFO *qualinfo; |
438 | 0 | int i; |
439 | 0 | for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { |
440 | 0 | if (i > 0) |
441 | 0 | BIO_puts(out, "\n"); |
442 | 0 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
443 | 0 | switch (OBJ_obj2nid(qualinfo->pqualid)) { |
444 | 0 | case NID_id_qt_cps: |
445 | 0 | BIO_printf(out, "%*sCPS: %.*s", indent, "", |
446 | 0 | qualinfo->d.cpsuri->length, |
447 | 0 | qualinfo->d.cpsuri->data); |
448 | 0 | break; |
449 | | |
450 | 0 | case NID_id_qt_unotice: |
451 | 0 | BIO_printf(out, "%*sUser Notice:\n", indent, ""); |
452 | 0 | print_notice(out, qualinfo->d.usernotice, indent + 2); |
453 | 0 | break; |
454 | | |
455 | 0 | default: |
456 | 0 | BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, ""); |
457 | |
|
458 | 0 | i2a_ASN1_OBJECT(out, qualinfo->pqualid); |
459 | 0 | break; |
460 | 0 | } |
461 | 0 | } |
462 | 0 | } |
463 | | |
464 | | static void print_notice(BIO *out, USERNOTICE *notice, int indent) |
465 | 0 | { |
466 | 0 | int i; |
467 | 0 | if (notice->noticeref) { |
468 | 0 | NOTICEREF *ref; |
469 | 0 | ref = notice->noticeref; |
470 | 0 | BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", |
471 | 0 | ref->organization->length, |
472 | 0 | ref->organization->data); |
473 | 0 | BIO_printf(out, "%*sNumber%s: ", indent, "", |
474 | 0 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); |
475 | 0 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { |
476 | 0 | ASN1_INTEGER *num; |
477 | 0 | char *tmp; |
478 | 0 | num = sk_ASN1_INTEGER_value(ref->noticenos, i); |
479 | 0 | if (i) |
480 | 0 | BIO_puts(out, ", "); |
481 | 0 | if (num == NULL) |
482 | 0 | BIO_puts(out, "(null)"); |
483 | 0 | else { |
484 | 0 | tmp = i2s_ASN1_INTEGER(NULL, num); |
485 | 0 | if (tmp == NULL) |
486 | 0 | return; |
487 | 0 | BIO_puts(out, tmp); |
488 | 0 | OPENSSL_free(tmp); |
489 | 0 | } |
490 | 0 | } |
491 | 0 | if (notice->exptext) |
492 | 0 | BIO_puts(out, "\n"); |
493 | 0 | } |
494 | 0 | if (notice->exptext) |
495 | 0 | BIO_printf(out, "%*sExplicit Text: %.*s", indent, "", |
496 | 0 | notice->exptext->length, |
497 | 0 | notice->exptext->data); |
498 | 0 | } |
499 | | |
500 | | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) |
501 | 0 | { |
502 | 0 | const X509_POLICY_DATA *dat = node->data; |
503 | |
|
504 | 0 | BIO_printf(out, "%*sPolicy: ", indent, ""); |
505 | |
|
506 | 0 | i2a_ASN1_OBJECT(out, dat->valid_policy); |
507 | 0 | BIO_puts(out, "\n"); |
508 | 0 | BIO_printf(out, "%*s%s\n", indent + 2, "", |
509 | 0 | node_data_critical(dat) ? "Critical" : "Non Critical"); |
510 | 0 | if (dat->qualifier_set) { |
511 | 0 | print_qualifiers(out, dat->qualifier_set, indent + 2); |
512 | 0 | BIO_puts(out, "\n"); |
513 | 0 | } |
514 | 0 | else |
515 | 0 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); |
516 | 0 | } |