1 /*
2  * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <openssl/asn1t.h>
11 #include <openssl/x509v3.h>
12 #include <openssl/x509.h>
13 #include <crypto/x509.h>
14 #include "ext_dat.h"
15 
16 ASN1_CHOICE(OSSL_ALLOWED_ATTRIBUTES_CHOICE) = {
17     ASN1_IMP(OSSL_ALLOWED_ATTRIBUTES_CHOICE, choice.attributeType, ASN1_OBJECT,
18              OSSL_AAA_ATTRIBUTE_TYPE),
19     ASN1_IMP(OSSL_ALLOWED_ATTRIBUTES_CHOICE, choice.attributeTypeandValues,
20              X509_ATTRIBUTE, OSSL_AAA_ATTRIBUTE_VALUES),
21 } ASN1_CHOICE_END(OSSL_ALLOWED_ATTRIBUTES_CHOICE)
22 
23 ASN1_SEQUENCE(OSSL_ALLOWED_ATTRIBUTES_ITEM) = {
24     ASN1_IMP_SET_OF(OSSL_ALLOWED_ATTRIBUTES_ITEM, attributes,
25                     OSSL_ALLOWED_ATTRIBUTES_CHOICE, 0),
26     /* This MUST be EXPLICIT, because it contains a CHOICE. */
27     ASN1_EXP(OSSL_ALLOWED_ATTRIBUTES_ITEM, holderDomain, GENERAL_NAME, 1),
28 } ASN1_SEQUENCE_END(OSSL_ALLOWED_ATTRIBUTES_ITEM)
29 
30 ASN1_ITEM_TEMPLATE(OSSL_ALLOWED_ATTRIBUTES_SYNTAX) =
31     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, OSSL_ALLOWED_ATTRIBUTES_SYNTAX,
32                           OSSL_ALLOWED_ATTRIBUTES_ITEM)
33 ASN1_ITEM_TEMPLATE_END(OSSL_ALLOWED_ATTRIBUTES_SYNTAX)
34 
35 IMPLEMENT_ASN1_FUNCTIONS(OSSL_ALLOWED_ATTRIBUTES_CHOICE)
36 IMPLEMENT_ASN1_FUNCTIONS(OSSL_ALLOWED_ATTRIBUTES_ITEM)
37 IMPLEMENT_ASN1_FUNCTIONS(OSSL_ALLOWED_ATTRIBUTES_SYNTAX)
38 
39 static int i2r_ALLOWED_ATTRIBUTES_CHOICE(X509V3_EXT_METHOD *method,
40                                          OSSL_ALLOWED_ATTRIBUTES_CHOICE *a,
41                                          BIO *out, int indent)
42 {
43     ASN1_OBJECT *attr_obj;
44     int attr_nid, j;
45     X509_ATTRIBUTE *attr;
46     ASN1_TYPE *av;
47 
48     switch (a->type) {
49     case (OSSL_AAA_ATTRIBUTE_TYPE):
50         if (BIO_printf(out, "%*sAttribute Type: ", indent, "") <= 0)
51             return 0;
52         if (i2a_ASN1_OBJECT(out, a->choice.attributeType) <= 0)
53             return 0;
54         return BIO_puts(out, "\n") > 0;
55     case (OSSL_AAA_ATTRIBUTE_VALUES):
56         attr = a->choice.attributeTypeandValues;
57         attr_obj = X509_ATTRIBUTE_get0_object(attr);
58         attr_nid = OBJ_obj2nid(attr_obj);
59         if (BIO_printf(out, "%*sAttribute Values: ", indent, "") <= 0)
60             return 0;
61         if (i2a_ASN1_OBJECT(out, attr_obj) <= 0)
62             return 0;
63         if (BIO_puts(out, "\n") <= 0)
64             return 0;
65         for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) {
66             av = X509_ATTRIBUTE_get0_type(attr, j);
67             if (ossl_print_attribute_value(out, attr_nid, av, indent + 4) <= 0)
68                 return 0;
69             if (BIO_puts(out, "\n") <= 0)
70                 return 0;
71         }
72         break;
73     default:
74         return 0;
75     }
76     return 1;
77 }
78 
i2r_ALLOWED_ATTRIBUTES_ITEM(X509V3_EXT_METHOD * method,OSSL_ALLOWED_ATTRIBUTES_ITEM * aai,BIO * out,int indent)79 static int i2r_ALLOWED_ATTRIBUTES_ITEM(X509V3_EXT_METHOD *method,
80                                        OSSL_ALLOWED_ATTRIBUTES_ITEM *aai,
81                                        BIO *out, int indent)
82 {
83     int i;
84     OSSL_ALLOWED_ATTRIBUTES_CHOICE *a;
85 
86     for (i = 0; i < sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_num(aai->attributes); i++) {
87         if (BIO_printf(out, "%*sAllowed Attribute Type or Values:\n", indent, "") <= 0)
88             return 0;
89         a = sk_OSSL_ALLOWED_ATTRIBUTES_CHOICE_value(aai->attributes, i);
90         if (i2r_ALLOWED_ATTRIBUTES_CHOICE(method, a, out, indent + 4) <= 0)
91             return 0;
92     }
93     if (BIO_printf(out, "%*sHolder Domain: ", indent, "") <= 0)
94         return 0;
95     if (GENERAL_NAME_print(out, aai->holderDomain) <= 0)
96         return 0;
97     if (BIO_puts(out, "\n") <= 0)
98         return 0;
99     return 1;
100 }
101 
i2r_ALLOWED_ATTRIBUTES_SYNTAX(X509V3_EXT_METHOD * method,OSSL_ALLOWED_ATTRIBUTES_SYNTAX * aaa,BIO * out,int indent)102 static int i2r_ALLOWED_ATTRIBUTES_SYNTAX(X509V3_EXT_METHOD *method,
103                                          OSSL_ALLOWED_ATTRIBUTES_SYNTAX *aaa,
104                                          BIO *out, int indent)
105 {
106     int i;
107     OSSL_ALLOWED_ATTRIBUTES_ITEM *aai;
108 
109     for (i = 0; i < sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_num(aaa); i++) {
110         if (BIO_printf(out, "%*sAllowed Attributes:\n", indent, "") <= 0)
111             return 0;
112         aai = sk_OSSL_ALLOWED_ATTRIBUTES_ITEM_value(aaa, i);
113         if (i2r_ALLOWED_ATTRIBUTES_ITEM(method, aai, out, indent + 4) <= 0)
114             return 0;
115     }
116     return 1;
117 }
118 
119 const X509V3_EXT_METHOD ossl_v3_allowed_attribute_assignments = {
120     NID_allowed_attribute_assignments, 0,
121     ASN1_ITEM_ref(OSSL_ALLOWED_ATTRIBUTES_SYNTAX),
122     0, 0, 0, 0,
123     0, 0,
124     0,
125     0,
126     (X509V3_EXT_I2R)i2r_ALLOWED_ATTRIBUTES_SYNTAX,
127     0,
128     NULL
129 };
130