OLD | NEW |
| (Empty) |
1 /* pcy_int.h */ | |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 * project 2004. | |
4 */ | |
5 /* ==================================================================== | |
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | |
7 * | |
8 * Redistribution and use in source and binary forms, with or without | |
9 * modification, are permitted provided that the following conditions | |
10 * are met: | |
11 * | |
12 * 1. Redistributions of source code must retain the above copyright | |
13 * notice, this list of conditions and the following disclaimer. | |
14 * | |
15 * 2. Redistributions in binary form must reproduce the above copyright | |
16 * notice, this list of conditions and the following disclaimer in | |
17 * the documentation and/or other materials provided with the | |
18 * distribution. | |
19 * | |
20 * 3. All advertising materials mentioning features or use of this | |
21 * software must display the following acknowledgment: | |
22 * "This product includes software developed by the OpenSSL Project | |
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 * | |
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 * endorse or promote products derived from this software without | |
27 * prior written permission. For written permission, please contact | |
28 * licensing@OpenSSL.org. | |
29 * | |
30 * 5. Products derived from this software may not be called "OpenSSL" | |
31 * nor may "OpenSSL" appear in their names without prior written | |
32 * permission of the OpenSSL Project. | |
33 * | |
34 * 6. Redistributions of any form whatsoever must retain the following | |
35 * acknowledgment: | |
36 * "This product includes software developed by the OpenSSL Project | |
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 * | |
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 * ==================================================================== | |
52 * | |
53 * This product includes cryptographic software written by Eric Young | |
54 * (eay@cryptsoft.com). This product includes software written by Tim | |
55 * Hudson (tjh@cryptsoft.com). | |
56 * | |
57 */ | |
58 | |
59 | |
60 typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; | |
61 | |
62 DECLARE_STACK_OF(X509_POLICY_DATA) | |
63 | |
64 /* Internal structures */ | |
65 | |
66 /* This structure and the field names correspond to the Policy 'node' of | |
67 * RFC3280. NB this structure contains no pointers to parent or child | |
68 * data: X509_POLICY_NODE contains that. This means that the main policy data | |
69 * can be kept static and cached with the certificate. | |
70 */ | |
71 | |
72 struct X509_POLICY_DATA_st | |
73 { | |
74 unsigned int flags; | |
75 /* Policy OID and qualifiers for this data */ | |
76 ASN1_OBJECT *valid_policy; | |
77 STACK_OF(POLICYQUALINFO) *qualifier_set; | |
78 STACK_OF(ASN1_OBJECT) *expected_policy_set; | |
79 }; | |
80 | |
81 /* X509_POLICY_DATA flags values */ | |
82 | |
83 /* This flag indicates the structure has been mapped using a policy mapping | |
84 * extension. If policy mapping is not active its references get deleted. | |
85 */ | |
86 | |
87 #define POLICY_DATA_FLAG_MAPPED 0x1 | |
88 | |
89 /* This flag indicates the data doesn't correspond to a policy in Certificate | |
90 * Policies: it has been mapped to any policy. | |
91 */ | |
92 | |
93 #define POLICY_DATA_FLAG_MAPPED_ANY 0x2 | |
94 | |
95 /* AND with flags to see if any mapping has occurred */ | |
96 | |
97 #define POLICY_DATA_FLAG_MAP_MASK 0x3 | |
98 | |
99 /* qualifiers are shared and shouldn't be freed */ | |
100 | |
101 #define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 | |
102 | |
103 /* Parent node is an extra node and should be freed */ | |
104 | |
105 #define POLICY_DATA_FLAG_EXTRA_NODE 0x8 | |
106 | |
107 /* Corresponding CertificatePolicies is critical */ | |
108 | |
109 #define POLICY_DATA_FLAG_CRITICAL 0x10 | |
110 | |
111 /* This structure is cached with a certificate */ | |
112 | |
113 struct X509_POLICY_CACHE_st { | |
114 /* anyPolicy data or NULL if no anyPolicy */ | |
115 X509_POLICY_DATA *anyPolicy; | |
116 /* other policy data */ | |
117 STACK_OF(X509_POLICY_DATA) *data; | |
118 /* If InhibitAnyPolicy present this is its value or -1 if absent. */ | |
119 long any_skip; | |
120 /* If policyConstraints and requireExplicitPolicy present this is its | |
121 * value or -1 if absent. | |
122 */ | |
123 long explicit_skip; | |
124 /* If policyConstraints and policyMapping present this is its | |
125 * value or -1 if absent. | |
126 */ | |
127 long map_skip; | |
128 }; | |
129 | |
130 /*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/ | |
131 | |
132 /* This structure represents the relationship between nodes */ | |
133 | |
134 struct X509_POLICY_NODE_st | |
135 { | |
136 /* node data this refers to */ | |
137 const X509_POLICY_DATA *data; | |
138 /* Parent node */ | |
139 X509_POLICY_NODE *parent; | |
140 /* Number of child nodes */ | |
141 int nchild; | |
142 }; | |
143 | |
144 struct X509_POLICY_LEVEL_st | |
145 { | |
146 /* Cert for this level */ | |
147 X509 *cert; | |
148 /* nodes at this level */ | |
149 STACK_OF(X509_POLICY_NODE) *nodes; | |
150 /* anyPolicy node */ | |
151 X509_POLICY_NODE *anyPolicy; | |
152 /* Extra data */ | |
153 /*STACK_OF(X509_POLICY_DATA) *extra_data;*/ | |
154 unsigned int flags; | |
155 }; | |
156 | |
157 struct X509_POLICY_TREE_st | |
158 { | |
159 /* This is the tree 'level' data */ | |
160 X509_POLICY_LEVEL *levels; | |
161 int nlevel; | |
162 /* Extra policy data when additional nodes (not from the certificate) | |
163 * are required. | |
164 */ | |
165 STACK_OF(X509_POLICY_DATA) *extra_data; | |
166 /* This is the authority constained policy set */ | |
167 STACK_OF(X509_POLICY_NODE) *auth_policies; | |
168 STACK_OF(X509_POLICY_NODE) *user_policies; | |
169 unsigned int flags; | |
170 }; | |
171 | |
172 /* Set if anyPolicy present in user policies */ | |
173 #define POLICY_FLAG_ANY_POLICY 0x2 | |
174 | |
175 /* Useful macros */ | |
176 | |
177 #define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) | |
178 #define node_critical(node) node_data_critical(node->data) | |
179 | |
180 /* Internal functions */ | |
181 | |
182 X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, | |
183 int crit); | |
184 void policy_data_free(X509_POLICY_DATA *data); | |
185 | |
186 X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, | |
187 const ASN1_OBJECT *id); | |
188 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); | |
189 | |
190 | |
191 STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); | |
192 | |
193 void policy_cache_init(void); | |
194 | |
195 void policy_cache_free(X509_POLICY_CACHE *cache); | |
196 | |
197 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, | |
198 const X509_POLICY_NODE *parent, | |
199 const ASN1_OBJECT *id); | |
200 | |
201 X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, | |
202 const ASN1_OBJECT *id); | |
203 | |
204 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, | |
205 const X509_POLICY_DATA *data, | |
206 X509_POLICY_NODE *parent, | |
207 X509_POLICY_TREE *tree); | |
208 void policy_node_free(X509_POLICY_NODE *node); | |
209 int policy_node_match(const X509_POLICY_LEVEL *lvl, | |
210 const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); | |
211 | |
212 const X509_POLICY_CACHE *policy_cache_set(X509 *x); | |
OLD | NEW |