OLD | NEW |
| (Empty) |
1 /* pcy_map.c */ | |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 * project 2004. | |
4 */ | |
5 /* ==================================================================== | |
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | |
7 * | |
8 * Redistribution and use in source and binary forms, with or without | |
9 * modification, are permitted provided that the following conditions | |
10 * are met: | |
11 * | |
12 * 1. Redistributions of source code must retain the above copyright | |
13 * notice, this list of conditions and the following disclaimer. | |
14 * | |
15 * 2. Redistributions in binary form must reproduce the above copyright | |
16 * notice, this list of conditions and the following disclaimer in | |
17 * the documentation and/or other materials provided with the | |
18 * distribution. | |
19 * | |
20 * 3. All advertising materials mentioning features or use of this | |
21 * software must display the following acknowledgment: | |
22 * "This product includes software developed by the OpenSSL Project | |
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 * | |
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 * endorse or promote products derived from this software without | |
27 * prior written permission. For written permission, please contact | |
28 * licensing@OpenSSL.org. | |
29 * | |
30 * 5. Products derived from this software may not be called "OpenSSL" | |
31 * nor may "OpenSSL" appear in their names without prior written | |
32 * permission of the OpenSSL Project. | |
33 * | |
34 * 6. Redistributions of any form whatsoever must retain the following | |
35 * acknowledgment: | |
36 * "This product includes software developed by the OpenSSL Project | |
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 * | |
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 * ==================================================================== | |
52 * | |
53 * This product includes cryptographic software written by Eric Young | |
54 * (eay@cryptsoft.com). This product includes software written by Tim | |
55 * Hudson (tjh@cryptsoft.com). | |
56 * | |
57 */ | |
58 | |
59 #include "cryptlib.h" | |
60 #include <openssl/x509.h> | |
61 #include <openssl/x509v3.h> | |
62 | |
63 #include "pcy_int.h" | |
64 | |
65 /* Set policy mapping entries in cache. | |
66 * Note: this modifies the passed POLICY_MAPPINGS structure | |
67 */ | |
68 | |
69 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) | |
70 { | |
71 POLICY_MAPPING *map; | |
72 X509_POLICY_DATA *data; | |
73 X509_POLICY_CACHE *cache = x->policy_cache; | |
74 int i; | |
75 int ret = 0; | |
76 if (sk_POLICY_MAPPING_num(maps) == 0) | |
77 { | |
78 ret = -1; | |
79 goto bad_mapping; | |
80 } | |
81 for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) | |
82 { | |
83 map = sk_POLICY_MAPPING_value(maps, i); | |
84 /* Reject if map to or from anyPolicy */ | |
85 if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) | |
86 || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) | |
87 { | |
88 ret = -1; | |
89 goto bad_mapping; | |
90 } | |
91 | |
92 /* Attempt to find matching policy data */ | |
93 data = policy_cache_find_data(cache, map->issuerDomainPolicy); | |
94 /* If we don't have anyPolicy can't map */ | |
95 if (!data && !cache->anyPolicy) | |
96 continue; | |
97 | |
98 /* Create a NODE from anyPolicy */ | |
99 if (!data) | |
100 { | |
101 data = policy_data_new(NULL, map->issuerDomainPolicy, | |
102 cache->anyPolicy->flags | |
103 & POLICY_DATA_FLAG_CRITICAL); | |
104 if (!data) | |
105 goto bad_mapping; | |
106 data->qualifier_set = cache->anyPolicy->qualifier_set; | |
107 /*map->issuerDomainPolicy = NULL;*/ | |
108 data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; | |
109 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; | |
110 if (!sk_X509_POLICY_DATA_push(cache->data, data)) | |
111 { | |
112 policy_data_free(data); | |
113 goto bad_mapping; | |
114 } | |
115 } | |
116 else | |
117 data->flags |= POLICY_DATA_FLAG_MAPPED; | |
118 if (!sk_ASN1_OBJECT_push(data->expected_policy_set, | |
119 map->subjectDomainPolicy)) | |
120 goto bad_mapping; | |
121 map->subjectDomainPolicy = NULL; | |
122 | |
123 } | |
124 | |
125 ret = 1; | |
126 bad_mapping: | |
127 if (ret == -1) | |
128 x->ex_flags |= EXFLAG_INVALID_POLICY; | |
129 sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); | |
130 return ret; | |
131 | |
132 } | |
OLD | NEW |