xref: /freebsd/crypto/heimdal/lib/hx509/cert.c (revision 8ddb146abcdf061be9f2c0db7e391697dafad85c)
1 /*
2  * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "hx_locl.h"
35 #include "crypto-headers.h"
36 #include <rtbl.h>
37 
38 /**
39  * @page page_cert The basic certificate
40  *
41  * The basic hx509 cerificate object in hx509 is hx509_cert. The
42  * hx509_cert object is representing one X509/PKIX certificate and
43  * associated attributes; like private key, friendly name, etc.
44  *
45  * A hx509_cert object is usully found via the keyset interfaces (@ref
46  * page_keyset), but its also possible to create a certificate
47  * directly from a parsed object with hx509_cert_init() and
48  * hx509_cert_init_data().
49  *
50  * See the library functions here: @ref hx509_cert
51  */
52 
53 struct hx509_verify_ctx_data {
54     hx509_certs trust_anchors;
55     int flags;
56 #define HX509_VERIFY_CTX_F_TIME_SET			1
57 #define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE	2
58 #define HX509_VERIFY_CTX_F_REQUIRE_RFC3280		4
59 #define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS		8
60 #define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS		16
61 #define HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK		32
62     time_t time_now;
63     unsigned int max_depth;
64 #define HX509_VERIFY_MAX_DEPTH 30
65     hx509_revoke_ctx revoke_ctx;
66 };
67 
68 #define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280)
69 #define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS)
70 #define ALLOW_DEF_TA(ctx) (((ctx)->flags & HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS) == 0)
71 
72 struct _hx509_cert_attrs {
73     size_t len;
74     hx509_cert_attribute *val;
75 };
76 
77 struct hx509_cert_data {
78     unsigned int ref;
79     char *friendlyname;
80     Certificate *data;
81     hx509_private_key private_key;
82     struct _hx509_cert_attrs attrs;
83     hx509_name basename;
84     _hx509_cert_release_func release;
85     void *ctx;
86 };
87 
88 typedef struct hx509_name_constraints {
89     NameConstraints *val;
90     size_t len;
91 } hx509_name_constraints;
92 
93 #define GeneralSubtrees_SET(g,var) \
94 	(g)->len = (var)->len, (g)->val = (var)->val;
95 
96 /**
97  * Creates a hx509 context that most functions in the library
98  * uses. The context is only allowed to be used by one thread at each
99  * moment. Free the context with hx509_context_free().
100  *
101  * @param context Returns a pointer to new hx509 context.
102  *
103  * @return Returns an hx509 error code.
104  *
105  * @ingroup hx509
106  */
107 
108 int
109 hx509_context_init(hx509_context *context)
110 {
111     *context = calloc(1, sizeof(**context));
112     if (*context == NULL)
113 	return ENOMEM;
114 
115     _hx509_ks_null_register(*context);
116     _hx509_ks_mem_register(*context);
117     _hx509_ks_file_register(*context);
118     _hx509_ks_pkcs12_register(*context);
119     _hx509_ks_pkcs11_register(*context);
120     _hx509_ks_dir_register(*context);
121     _hx509_ks_keychain_register(*context);
122 
123     ENGINE_add_conf_module();
124     OpenSSL_add_all_algorithms();
125 
126     (*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF;
127 
128     initialize_hx_error_table_r(&(*context)->et_list);
129     initialize_asn1_error_table_r(&(*context)->et_list);
130 
131 #ifdef HX509_DEFAULT_ANCHORS
132     (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0,
133 			   NULL, &(*context)->default_trust_anchors);
134 #endif
135 
136     return 0;
137 }
138 
139 /**
140  * Selects if the hx509_revoke_verify() function is going to require
141  * the existans of a revokation method (OCSP, CRL) or not. Note that
142  * hx509_verify_path(), hx509_cms_verify_signed(), and other function
143  * call hx509_revoke_verify().
144  *
145  * @param context hx509 context to change the flag for.
146  * @param flag zero, revokation method required, non zero missing
147  * revokation method ok
148  *
149  * @ingroup hx509_verify
150  */
151 
152 void
153 hx509_context_set_missing_revoke(hx509_context context, int flag)
154 {
155     if (flag)
156 	context->flags |= HX509_CTX_VERIFY_MISSING_OK;
157     else
158 	context->flags &= ~HX509_CTX_VERIFY_MISSING_OK;
159 }
160 
161 /**
162  * Free the context allocated by hx509_context_init().
163  *
164  * @param context context to be freed.
165  *
166  * @ingroup hx509
167  */
168 
169 void
170 hx509_context_free(hx509_context *context)
171 {
172     hx509_clear_error_string(*context);
173     if ((*context)->ks_ops) {
174 	free((*context)->ks_ops);
175 	(*context)->ks_ops = NULL;
176     }
177     (*context)->ks_num_ops = 0;
178     free_error_table ((*context)->et_list);
179     if ((*context)->querystat)
180 	free((*context)->querystat);
181     memset(*context, 0, sizeof(**context));
182     free(*context);
183     *context = NULL;
184 }
185 
186 /*
187  *
188  */
189 
190 Certificate *
191 _hx509_get_cert(hx509_cert cert)
192 {
193     return cert->data;
194 }
195 
196 /*
197  *
198  */
199 
200 int
201 _hx509_cert_get_version(const Certificate *t)
202 {
203     return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1;
204 }
205 
206 /**
207  * Allocate and init an hx509 certificate object from the decoded
208  * certificate `c´.
209  *
210  * @param context A hx509 context.
211  * @param c
212  * @param cert
213  *
214  * @return Returns an hx509 error code.
215  *
216  * @ingroup hx509_cert
217  */
218 
219 int
220 hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
221 {
222     int ret;
223 
224     *cert = malloc(sizeof(**cert));
225     if (*cert == NULL)
226 	return ENOMEM;
227     (*cert)->ref = 1;
228     (*cert)->friendlyname = NULL;
229     (*cert)->attrs.len = 0;
230     (*cert)->attrs.val = NULL;
231     (*cert)->private_key = NULL;
232     (*cert)->basename = NULL;
233     (*cert)->release = NULL;
234     (*cert)->ctx = NULL;
235 
236     (*cert)->data = calloc(1, sizeof(*(*cert)->data));
237     if ((*cert)->data == NULL) {
238 	free(*cert);
239 	return ENOMEM;
240     }
241     ret = copy_Certificate(c, (*cert)->data);
242     if (ret) {
243 	free((*cert)->data);
244 	free(*cert);
245 	*cert = NULL;
246     }
247     return ret;
248 }
249 
250 /**
251  * Just like hx509_cert_init(), but instead of a decode certificate
252  * takes an pointer and length to a memory region that contains a
253  * DER/BER encoded certificate.
254  *
255  * If the memory region doesn't contain just the certificate and
256  * nothing more the function will fail with
257  * HX509_EXTRA_DATA_AFTER_STRUCTURE.
258  *
259  * @param context A hx509 context.
260  * @param ptr pointer to memory region containing encoded certificate.
261  * @param len length of memory region.
262  * @param cert a return pointer to a hx509 certificate object, will
263  * contain NULL on error.
264  *
265  * @return An hx509 error code, see hx509_get_error_string().
266  *
267  * @ingroup hx509_cert
268  */
269 
270 int
271 hx509_cert_init_data(hx509_context context,
272 		     const void *ptr,
273 		     size_t len,
274 		     hx509_cert *cert)
275 {
276     Certificate t;
277     size_t size;
278     int ret;
279 
280     ret = decode_Certificate(ptr, len, &t, &size);
281     if (ret) {
282 	hx509_set_error_string(context, 0, ret, "Failed to decode certificate");
283 	return ret;
284     }
285     if (size != len) {
286 	free_Certificate(&t);
287 	hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
288 			       "Extra data after certificate");
289 	return HX509_EXTRA_DATA_AFTER_STRUCTURE;
290     }
291 
292     ret = hx509_cert_init(context, &t, cert);
293     free_Certificate(&t);
294     return ret;
295 }
296 
297 void
298 _hx509_cert_set_release(hx509_cert cert,
299 			_hx509_cert_release_func release,
300 			void *ctx)
301 {
302     cert->release = release;
303     cert->ctx = ctx;
304 }
305 
306 
307 /* Doesn't make a copy of `private_key'. */
308 
309 int
310 _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
311 {
312     if (cert->private_key)
313 	hx509_private_key_free(&cert->private_key);
314     cert->private_key = _hx509_private_key_ref(private_key);
315     return 0;
316 }
317 
318 /**
319  * Free reference to the hx509 certificate object, if the refcounter
320  * reaches 0, the object if freed. Its allowed to pass in NULL.
321  *
322  * @param cert the cert to free.
323  *
324  * @ingroup hx509_cert
325  */
326 
327 void
328 hx509_cert_free(hx509_cert cert)
329 {
330     size_t i;
331 
332     if (cert == NULL)
333 	return;
334 
335     if (cert->ref <= 0)
336 	_hx509_abort("cert refcount <= 0 on free");
337     if (--cert->ref > 0)
338 	return;
339 
340     if (cert->release)
341 	(cert->release)(cert, cert->ctx);
342 
343     if (cert->private_key)
344 	hx509_private_key_free(&cert->private_key);
345 
346     free_Certificate(cert->data);
347     free(cert->data);
348 
349     for (i = 0; i < cert->attrs.len; i++) {
350 	der_free_octet_string(&cert->attrs.val[i]->data);
351 	der_free_oid(&cert->attrs.val[i]->oid);
352 	free(cert->attrs.val[i]);
353     }
354     free(cert->attrs.val);
355     free(cert->friendlyname);
356     if (cert->basename)
357 	hx509_name_free(&cert->basename);
358     memset(cert, 0, sizeof(*cert));
359     free(cert);
360 }
361 
362 /**
363  * Add a reference to a hx509 certificate object.
364  *
365  * @param cert a pointer to an hx509 certificate object.
366  *
367  * @return the same object as is passed in.
368  *
369  * @ingroup hx509_cert
370  */
371 
372 hx509_cert
373 hx509_cert_ref(hx509_cert cert)
374 {
375     if (cert == NULL)
376 	return NULL;
377     if (cert->ref <= 0)
378 	_hx509_abort("cert refcount <= 0");
379     cert->ref++;
380     if (cert->ref == 0)
381 	_hx509_abort("cert refcount == 0");
382     return cert;
383 }
384 
385 /**
386  * Allocate an verification context that is used fo control the
387  * verification process.
388  *
389  * @param context A hx509 context.
390  * @param ctx returns a pointer to a hx509_verify_ctx object.
391  *
392  * @return An hx509 error code, see hx509_get_error_string().
393  *
394  * @ingroup hx509_verify
395  */
396 
397 int
398 hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
399 {
400     hx509_verify_ctx c;
401 
402     c = calloc(1, sizeof(*c));
403     if (c == NULL)
404 	return ENOMEM;
405 
406     c->max_depth = HX509_VERIFY_MAX_DEPTH;
407 
408     *ctx = c;
409 
410     return 0;
411 }
412 
413 /**
414  * Free an hx509 verification context.
415  *
416  * @param ctx the context to be freed.
417  *
418  * @ingroup hx509_verify
419  */
420 
421 void
422 hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
423 {
424     if (ctx) {
425 	hx509_certs_free(&ctx->trust_anchors);
426 	hx509_revoke_free(&ctx->revoke_ctx);
427 	memset(ctx, 0, sizeof(*ctx));
428     }
429     free(ctx);
430 }
431 
432 /**
433  * Set the trust anchors in the verification context, makes an
434  * reference to the keyset, so the consumer can free the keyset
435  * independent of the destruction of the verification context (ctx).
436  * If there already is a keyset attached, it's released.
437  *
438  * @param ctx a verification context
439  * @param set a keyset containing the trust anchors.
440  *
441  * @ingroup hx509_verify
442  */
443 
444 void
445 hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
446 {
447     if (ctx->trust_anchors)
448 	hx509_certs_free(&ctx->trust_anchors);
449     ctx->trust_anchors = hx509_certs_ref(set);
450 }
451 
452 /**
453  * Attach an revocation context to the verfication context, , makes an
454  * reference to the revoke context, so the consumer can free the
455  * revoke context independent of the destruction of the verification
456  * context. If there is no revoke context, the verification process is
457  * NOT going to check any verification status.
458  *
459  * @param ctx a verification context.
460  * @param revoke_ctx a revoke context.
461  *
462  * @ingroup hx509_verify
463  */
464 
465 void
466 hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)
467 {
468     if (ctx->revoke_ctx)
469 	hx509_revoke_free(&ctx->revoke_ctx);
470     ctx->revoke_ctx = _hx509_revoke_ref(revoke_ctx);
471 }
472 
473 /**
474  * Set the clock time the the verification process is going to
475  * use. Used to check certificate in the past and future time. If not
476  * set the current time will be used.
477  *
478  * @param ctx a verification context.
479  * @param t the time the verifiation is using.
480  *
481  *
482  * @ingroup hx509_verify
483  */
484 
485 void
486 hx509_verify_set_time(hx509_verify_ctx ctx, time_t t)
487 {
488     ctx->flags |= HX509_VERIFY_CTX_F_TIME_SET;
489     ctx->time_now = t;
490 }
491 
492 time_t
493 _hx509_verify_get_time(hx509_verify_ctx ctx)
494 {
495     return ctx->time_now;
496 }
497 
498 /**
499  * Set the maximum depth of the certificate chain that the path
500  * builder is going to try.
501  *
502  * @param ctx a verification context
503  * @param max_depth maxium depth of the certificate chain, include
504  * trust anchor.
505  *
506  * @ingroup hx509_verify
507  */
508 
509 void
510 hx509_verify_set_max_depth(hx509_verify_ctx ctx, unsigned int max_depth)
511 {
512     ctx->max_depth = max_depth;
513 }
514 
515 /**
516  * Allow or deny the use of proxy certificates
517  *
518  * @param ctx a verification context
519  * @param boolean if non zero, allow proxy certificates.
520  *
521  * @ingroup hx509_verify
522  */
523 
524 void
525 hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean)
526 {
527     if (boolean)
528 	ctx->flags |= HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
529     else
530 	ctx->flags &= ~HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
531 }
532 
533 /**
534  * Select strict RFC3280 verification of certificiates. This means
535  * checking key usage on CA certificates, this will make version 1
536  * certificiates unuseable.
537  *
538  * @param ctx a verification context
539  * @param boolean if non zero, use strict verification.
540  *
541  * @ingroup hx509_verify
542  */
543 
544 void
545 hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean)
546 {
547     if (boolean)
548 	ctx->flags |= HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
549     else
550 	ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
551 }
552 
553 /**
554  * Allow using the operating system builtin trust anchors if no other
555  * trust anchors are configured.
556  *
557  * @param ctx a verification context
558  * @param boolean if non zero, useing the operating systems builtin
559  * trust anchors.
560  *
561  *
562  * @return An hx509 error code, see hx509_get_error_string().
563  *
564  * @ingroup hx509_cert
565  */
566 
567 void
568 hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean)
569 {
570     if (boolean)
571 	ctx->flags &= ~HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
572     else
573 	ctx->flags |= HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
574 }
575 
576 void
577 hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
578 						    int boolean)
579 {
580     if (boolean)
581 	ctx->flags &= ~HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK;
582     else
583 	ctx->flags |= HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK;
584 }
585 
586 static const Extension *
587 find_extension(const Certificate *cert, const heim_oid *oid, size_t *idx)
588 {
589     const TBSCertificate *c = &cert->tbsCertificate;
590 
591     if (c->version == NULL || *c->version < 2 || c->extensions == NULL)
592 	return NULL;
593 
594     for (;*idx < c->extensions->len; (*idx)++) {
595 	if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0)
596 	    return &c->extensions->val[(*idx)++];
597     }
598     return NULL;
599 }
600 
601 static int
602 find_extension_auth_key_id(const Certificate *subject,
603 			   AuthorityKeyIdentifier *ai)
604 {
605     const Extension *e;
606     size_t size;
607     size_t i = 0;
608 
609     memset(ai, 0, sizeof(*ai));
610 
611     e = find_extension(subject, &asn1_oid_id_x509_ce_authorityKeyIdentifier, &i);
612     if (e == NULL)
613 	return HX509_EXTENSION_NOT_FOUND;
614 
615     return decode_AuthorityKeyIdentifier(e->extnValue.data,
616 					 e->extnValue.length,
617 					 ai, &size);
618 }
619 
620 int
621 _hx509_find_extension_subject_key_id(const Certificate *issuer,
622 				     SubjectKeyIdentifier *si)
623 {
624     const Extension *e;
625     size_t size;
626     size_t i = 0;
627 
628     memset(si, 0, sizeof(*si));
629 
630     e = find_extension(issuer, &asn1_oid_id_x509_ce_subjectKeyIdentifier, &i);
631     if (e == NULL)
632 	return HX509_EXTENSION_NOT_FOUND;
633 
634     return decode_SubjectKeyIdentifier(e->extnValue.data,
635 				       e->extnValue.length,
636 				       si, &size);
637 }
638 
639 static int
640 find_extension_name_constraints(const Certificate *subject,
641 				NameConstraints *nc)
642 {
643     const Extension *e;
644     size_t size;
645     size_t i = 0;
646 
647     memset(nc, 0, sizeof(*nc));
648 
649     e = find_extension(subject, &asn1_oid_id_x509_ce_nameConstraints, &i);
650     if (e == NULL)
651 	return HX509_EXTENSION_NOT_FOUND;
652 
653     return decode_NameConstraints(e->extnValue.data,
654 				  e->extnValue.length,
655 				  nc, &size);
656 }
657 
658 static int
659 find_extension_subject_alt_name(const Certificate *cert, size_t *i,
660 				GeneralNames *sa)
661 {
662     const Extension *e;
663     size_t size;
664 
665     memset(sa, 0, sizeof(*sa));
666 
667     e = find_extension(cert, &asn1_oid_id_x509_ce_subjectAltName, i);
668     if (e == NULL)
669 	return HX509_EXTENSION_NOT_FOUND;
670 
671     return decode_GeneralNames(e->extnValue.data,
672 			       e->extnValue.length,
673 			       sa, &size);
674 }
675 
676 static int
677 find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
678 {
679     const Extension *e;
680     size_t size;
681     size_t i = 0;
682 
683     memset(eku, 0, sizeof(*eku));
684 
685     e = find_extension(cert, &asn1_oid_id_x509_ce_extKeyUsage, &i);
686     if (e == NULL)
687 	return HX509_EXTENSION_NOT_FOUND;
688 
689     return decode_ExtKeyUsage(e->extnValue.data,
690 			      e->extnValue.length,
691 			      eku, &size);
692 }
693 
694 static int
695 add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
696 {
697     void *p;
698     int ret;
699 
700     p = realloc(list->val, (list->len + 1) * sizeof(list->val[0]));
701     if (p == NULL)
702 	return ENOMEM;
703     list->val = p;
704     ret = der_copy_octet_string(entry, &list->val[list->len]);
705     if (ret)
706 	return ret;
707     list->len++;
708     return 0;
709 }
710 
711 /**
712  * Free a list of octet strings returned by another hx509 library
713  * function.
714  *
715  * @param list list to be freed.
716  *
717  * @ingroup hx509_misc
718  */
719 
720 void
721 hx509_free_octet_string_list(hx509_octet_string_list *list)
722 {
723     size_t i;
724     for (i = 0; i < list->len; i++)
725 	der_free_octet_string(&list->val[i]);
726     free(list->val);
727     list->val = NULL;
728     list->len = 0;
729 }
730 
731 /**
732  * Return a list of subjectAltNames specified by oid in the
733  * certificate. On error the
734  *
735  * The returned list of octet string should be freed with
736  * hx509_free_octet_string_list().
737  *
738  * @param context A hx509 context.
739  * @param cert a hx509 certificate object.
740  * @param oid an oid to for SubjectAltName.
741  * @param list list of matching SubjectAltName.
742  *
743  * @return An hx509 error code, see hx509_get_error_string().
744  *
745  * @ingroup hx509_cert
746  */
747 
748 int
749 hx509_cert_find_subjectAltName_otherName(hx509_context context,
750 					 hx509_cert cert,
751 					 const heim_oid *oid,
752 					 hx509_octet_string_list *list)
753 {
754     GeneralNames sa;
755     int ret;
756     size_t i, j;
757 
758     list->val = NULL;
759     list->len = 0;
760 
761     i = 0;
762     while (1) {
763 	ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa);
764 	i++;
765 	if (ret == HX509_EXTENSION_NOT_FOUND) {
766 	    return 0;
767 	} else if (ret != 0) {
768 	    hx509_set_error_string(context, 0, ret, "Error searching for SAN");
769 	    hx509_free_octet_string_list(list);
770 	    return ret;
771 	}
772 
773 	for (j = 0; j < sa.len; j++) {
774 	    if (sa.val[j].element == choice_GeneralName_otherName &&
775 		der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0)
776 	    {
777 		ret = add_to_list(list, &sa.val[j].u.otherName.value);
778 		if (ret) {
779 		    hx509_set_error_string(context, 0, ret,
780 					   "Error adding an exra SAN to "
781 					   "return list");
782 		    hx509_free_octet_string_list(list);
783 		    free_GeneralNames(&sa);
784 		    return ret;
785 		}
786 	    }
787 	}
788 	free_GeneralNames(&sa);
789     }
790 }
791 
792 
793 static int
794 check_key_usage(hx509_context context, const Certificate *cert,
795 		unsigned flags, int req_present)
796 {
797     const Extension *e;
798     KeyUsage ku;
799     size_t size;
800     int ret;
801     size_t i = 0;
802     unsigned ku_flags;
803 
804     if (_hx509_cert_get_version(cert) < 3)
805 	return 0;
806 
807     e = find_extension(cert, &asn1_oid_id_x509_ce_keyUsage, &i);
808     if (e == NULL) {
809 	if (req_present) {
810 	    hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
811 				   "Required extension key "
812 				   "usage missing from certifiate");
813 	    return HX509_KU_CERT_MISSING;
814 	}
815 	return 0;
816     }
817 
818     ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size);
819     if (ret)
820 	return ret;
821     ku_flags = KeyUsage2int(ku);
822     if ((ku_flags & flags) != flags) {
823 	unsigned missing = (~ku_flags) & flags;
824 	char buf[256], *name;
825 
826 	unparse_flags(missing, asn1_KeyUsage_units(), buf, sizeof(buf));
827 	_hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
828 	hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
829 			       "Key usage %s required but missing "
830 			       "from certifiate %s", buf, name);
831 	free(name);
832 	return HX509_KU_CERT_MISSING;
833     }
834     return 0;
835 }
836 
837 /*
838  * Return 0 on matching key usage 'flags' for 'cert', otherwise return
839  * an error code. If 'req_present' the existance is required of the
840  * KeyUsage extension.
841  */
842 
843 int
844 _hx509_check_key_usage(hx509_context context, hx509_cert cert,
845 		       unsigned flags, int req_present)
846 {
847     return check_key_usage(context, _hx509_get_cert(cert), flags, req_present);
848 }
849 
850 enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
851 
852 static int
853 check_basic_constraints(hx509_context context, const Certificate *cert,
854 			enum certtype type, size_t depth)
855 {
856     BasicConstraints bc;
857     const Extension *e;
858     size_t size;
859     int ret;
860     size_t i = 0;
861 
862     if (_hx509_cert_get_version(cert) < 3)
863 	return 0;
864 
865     e = find_extension(cert, &asn1_oid_id_x509_ce_basicConstraints, &i);
866     if (e == NULL) {
867 	switch(type) {
868 	case PROXY_CERT:
869 	case EE_CERT:
870 	    return 0;
871 	case CA_CERT: {
872 	    char *name;
873 	    ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
874 	    assert(ret == 0);
875 	    hx509_set_error_string(context, 0, HX509_EXTENSION_NOT_FOUND,
876 				   "basicConstraints missing from "
877 				   "CA certifiacte %s", name);
878 	    free(name);
879 	    return HX509_EXTENSION_NOT_FOUND;
880 	}
881 	}
882     }
883 
884     ret = decode_BasicConstraints(e->extnValue.data,
885 				  e->extnValue.length, &bc,
886 				  &size);
887     if (ret)
888 	return ret;
889     switch(type) {
890     case PROXY_CERT:
891 	if (bc.cA != NULL && *bc.cA)
892 	    ret = HX509_PARENT_IS_CA;
893 	break;
894     case EE_CERT:
895 	ret = 0;
896 	break;
897     case CA_CERT:
898 	if (bc.cA == NULL || !*bc.cA)
899 	    ret = HX509_PARENT_NOT_CA;
900 	else if (bc.pathLenConstraint)
901 	    if (depth - 1 > *bc.pathLenConstraint)
902 		ret = HX509_CA_PATH_TOO_DEEP;
903 	break;
904     }
905     free_BasicConstraints(&bc);
906     return ret;
907 }
908 
909 int
910 _hx509_cert_is_parent_cmp(const Certificate *subject,
911 			  const Certificate *issuer,
912 			  int allow_self_signed)
913 {
914     int diff;
915     AuthorityKeyIdentifier ai;
916     SubjectKeyIdentifier si;
917     int ret_ai, ret_si, ret;
918 
919     ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
920 			  &subject->tbsCertificate.issuer,
921 			  &diff);
922     if (ret)
923 	return ret;
924     if (diff)
925 	return diff;
926 
927     memset(&ai, 0, sizeof(ai));
928     memset(&si, 0, sizeof(si));
929 
930     /*
931      * Try to find AuthorityKeyIdentifier, if it's not present in the
932      * subject certificate nor the parent.
933      */
934 
935     ret_ai = find_extension_auth_key_id(subject, &ai);
936     if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND)
937 	return 1;
938     ret_si = _hx509_find_extension_subject_key_id(issuer, &si);
939     if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND)
940 	return -1;
941 
942     if (ret_si && ret_ai)
943 	goto out;
944     if (ret_ai)
945 	goto out;
946     if (ret_si) {
947 	if (allow_self_signed) {
948 	    diff = 0;
949 	    goto out;
950 	} else if (ai.keyIdentifier) {
951 	    diff = -1;
952 	    goto out;
953 	}
954     }
955 
956     if (ai.keyIdentifier == NULL) {
957 	Name name;
958 
959 	if (ai.authorityCertIssuer == NULL)
960 	    return -1;
961 	if (ai.authorityCertSerialNumber == NULL)
962 	    return -1;
963 
964 	diff = der_heim_integer_cmp(ai.authorityCertSerialNumber,
965 				    &issuer->tbsCertificate.serialNumber);
966 	if (diff)
967 	    return diff;
968 	if (ai.authorityCertIssuer->len != 1)
969 	    return -1;
970 	if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
971 	    return -1;
972 
973 	name.element =
974 	    ai.authorityCertIssuer->val[0].u.directoryName.element;
975 	name.u.rdnSequence =
976 	    ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence;
977 
978 	ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
979 			      &name,
980 			      &diff);
981 	if (ret)
982 	    return ret;
983 	if (diff)
984 	    return diff;
985 	diff = 0;
986     } else
987 	diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si);
988     if (diff)
989 	goto out;
990 
991  out:
992     free_AuthorityKeyIdentifier(&ai);
993     free_SubjectKeyIdentifier(&si);
994     return diff;
995 }
996 
997 static int
998 certificate_is_anchor(hx509_context context,
999 		      hx509_certs trust_anchors,
1000 		      const hx509_cert cert)
1001 {
1002     hx509_query q;
1003     hx509_cert c;
1004     int ret;
1005 
1006     if (trust_anchors == NULL)
1007 	return 0;
1008 
1009     _hx509_query_clear(&q);
1010 
1011     q.match = HX509_QUERY_MATCH_CERTIFICATE;
1012     q.certificate = _hx509_get_cert(cert);
1013 
1014     ret = hx509_certs_find(context, trust_anchors, &q, &c);
1015     if (ret == 0)
1016 	hx509_cert_free(c);
1017     return ret == 0;
1018 }
1019 
1020 static int
1021 certificate_is_self_signed(hx509_context context,
1022 			   const Certificate *cert,
1023 			   int *self_signed)
1024 {
1025     int ret, diff;
1026     ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
1027 			  &cert->tbsCertificate.issuer, &diff);
1028     *self_signed = (diff == 0);
1029     if (ret) {
1030 	hx509_set_error_string(context, 0, ret,
1031 			       "Failed to check if self signed");
1032     } else
1033 	ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
1034 
1035     return ret;
1036 }
1037 
1038 /*
1039  * The subjectName is "null" when it's empty set of relative DBs.
1040  */
1041 
1042 static int
1043 subject_null_p(const Certificate *c)
1044 {
1045     return c->tbsCertificate.subject.u.rdnSequence.len == 0;
1046 }
1047 
1048 
1049 static int
1050 find_parent(hx509_context context,
1051 	    time_t time_now,
1052 	    hx509_certs trust_anchors,
1053 	    hx509_path *path,
1054 	    hx509_certs pool,
1055 	    hx509_cert current,
1056 	    hx509_cert *parent)
1057 {
1058     AuthorityKeyIdentifier ai;
1059     hx509_query q;
1060     int ret;
1061 
1062     *parent = NULL;
1063     memset(&ai, 0, sizeof(ai));
1064 
1065     _hx509_query_clear(&q);
1066 
1067     if (!subject_null_p(current->data)) {
1068 	q.match |= HX509_QUERY_FIND_ISSUER_CERT;
1069 	q.subject = _hx509_get_cert(current);
1070     } else {
1071 	ret = find_extension_auth_key_id(current->data, &ai);
1072 	if (ret) {
1073 	    hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
1074 				   "Subjectless certificate missing AuthKeyID");
1075 	    return HX509_CERTIFICATE_MALFORMED;
1076 	}
1077 
1078 	if (ai.keyIdentifier == NULL) {
1079 	    free_AuthorityKeyIdentifier(&ai);
1080 	    hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
1081 				   "Subjectless certificate missing keyIdentifier "
1082 				   "inside AuthKeyID");
1083 	    return HX509_CERTIFICATE_MALFORMED;
1084 	}
1085 
1086 	q.subject_id = ai.keyIdentifier;
1087 	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
1088     }
1089 
1090     q.path = path;
1091     q.match |= HX509_QUERY_NO_MATCH_PATH;
1092 
1093     if (pool) {
1094 	q.timenow = time_now;
1095 	q.match |= HX509_QUERY_MATCH_TIME;
1096 
1097 	ret = hx509_certs_find(context, pool, &q, parent);
1098 	if (ret == 0) {
1099 	    free_AuthorityKeyIdentifier(&ai);
1100 	    return 0;
1101 	}
1102 	q.match &= ~HX509_QUERY_MATCH_TIME;
1103     }
1104 
1105     if (trust_anchors) {
1106 	ret = hx509_certs_find(context, trust_anchors, &q, parent);
1107 	if (ret == 0) {
1108 	    free_AuthorityKeyIdentifier(&ai);
1109 	    return ret;
1110 	}
1111     }
1112     free_AuthorityKeyIdentifier(&ai);
1113 
1114     {
1115 	hx509_name name;
1116 	char *str;
1117 
1118 	ret = hx509_cert_get_subject(current, &name);
1119 	if (ret) {
1120 	    hx509_clear_error_string(context);
1121 	    return HX509_ISSUER_NOT_FOUND;
1122 	}
1123 	ret = hx509_name_to_string(name, &str);
1124 	hx509_name_free(&name);
1125 	if (ret) {
1126 	    hx509_clear_error_string(context);
1127 	    return HX509_ISSUER_NOT_FOUND;
1128 	}
1129 
1130 	hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND,
1131 			       "Failed to find issuer for "
1132 			       "certificate with subject: '%s'", str);
1133 	free(str);
1134     }
1135     return HX509_ISSUER_NOT_FOUND;
1136 }
1137 
1138 /*
1139  *
1140  */
1141 
1142 static int
1143 is_proxy_cert(hx509_context context,
1144 	      const Certificate *cert,
1145 	      ProxyCertInfo *rinfo)
1146 {
1147     ProxyCertInfo info;
1148     const Extension *e;
1149     size_t size;
1150     int ret;
1151     size_t i = 0;
1152 
1153     if (rinfo)
1154 	memset(rinfo, 0, sizeof(*rinfo));
1155 
1156     e = find_extension(cert, &asn1_oid_id_pkix_pe_proxyCertInfo, &i);
1157     if (e == NULL) {
1158 	hx509_clear_error_string(context);
1159 	return HX509_EXTENSION_NOT_FOUND;
1160     }
1161 
1162     ret = decode_ProxyCertInfo(e->extnValue.data,
1163 			       e->extnValue.length,
1164 			       &info,
1165 			       &size);
1166     if (ret) {
1167 	hx509_clear_error_string(context);
1168 	return ret;
1169     }
1170     if (size != e->extnValue.length) {
1171 	free_ProxyCertInfo(&info);
1172 	hx509_clear_error_string(context);
1173 	return HX509_EXTRA_DATA_AFTER_STRUCTURE;
1174     }
1175     if (rinfo == NULL)
1176 	free_ProxyCertInfo(&info);
1177     else
1178 	*rinfo = info;
1179 
1180     return 0;
1181 }
1182 
1183 /*
1184  * Path operations are like MEMORY based keyset, but with exposed
1185  * internal so we can do easy searches.
1186  */
1187 
1188 int
1189 _hx509_path_append(hx509_context context, hx509_path *path, hx509_cert cert)
1190 {
1191     hx509_cert *val;
1192     val = realloc(path->val, (path->len + 1) * sizeof(path->val[0]));
1193     if (val == NULL) {
1194 	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1195 	return ENOMEM;
1196     }
1197 
1198     path->val = val;
1199     path->val[path->len] = hx509_cert_ref(cert);
1200     path->len++;
1201 
1202     return 0;
1203 }
1204 
1205 void
1206 _hx509_path_free(hx509_path *path)
1207 {
1208     unsigned i;
1209 
1210     for (i = 0; i < path->len; i++)
1211 	hx509_cert_free(path->val[i]);
1212     free(path->val);
1213     path->val = NULL;
1214     path->len = 0;
1215 }
1216 
1217 /*
1218  * Find path by looking up issuer for the top certificate and continue
1219  * until an anchor certificate is found or max limit is found. A
1220  * certificate never included twice in the path.
1221  *
1222  * If the trust anchors are not given, calculate optimistic path, just
1223  * follow the chain upward until we no longer find a parent or we hit
1224  * the max path limit. In this case, a failure will always be returned
1225  * depending on what error condition is hit first.
1226  *
1227  * The path includes a path from the top certificate to the anchor
1228  * certificate.
1229  *
1230  * The caller needs to free `path´ both on successful built path and
1231  * failure.
1232  */
1233 
1234 int
1235 _hx509_calculate_path(hx509_context context,
1236 		      int flags,
1237 		      time_t time_now,
1238 		      hx509_certs anchors,
1239 		      unsigned int max_depth,
1240 		      hx509_cert cert,
1241 		      hx509_certs pool,
1242 		      hx509_path *path)
1243 {
1244     hx509_cert parent, current;
1245     int ret;
1246 
1247     if (max_depth == 0)
1248 	max_depth = HX509_VERIFY_MAX_DEPTH;
1249 
1250     ret = _hx509_path_append(context, path, cert);
1251     if (ret)
1252 	return ret;
1253 
1254     current = hx509_cert_ref(cert);
1255 
1256     while (!certificate_is_anchor(context, anchors, current)) {
1257 
1258 	ret = find_parent(context, time_now, anchors, path,
1259 			  pool, current, &parent);
1260 	hx509_cert_free(current);
1261 	if (ret)
1262 	    return ret;
1263 
1264 	ret = _hx509_path_append(context, path, parent);
1265 	if (ret)
1266 	    return ret;
1267 	current = parent;
1268 
1269 	if (path->len > max_depth) {
1270 	    hx509_cert_free(current);
1271 	    hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG,
1272 				   "Path too long while bulding "
1273 				   "certificate chain");
1274 	    return HX509_PATH_TOO_LONG;
1275 	}
1276     }
1277 
1278     if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) &&
1279 	path->len > 0 &&
1280 	certificate_is_anchor(context, anchors, path->val[path->len - 1]))
1281     {
1282 	hx509_cert_free(path->val[path->len - 1]);
1283 	path->len--;
1284     }
1285 
1286     hx509_cert_free(current);
1287     return 0;
1288 }
1289 
1290 int
1291 _hx509_AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p,
1292 			       const AlgorithmIdentifier *q)
1293 {
1294     int diff;
1295     diff = der_heim_oid_cmp(&p->algorithm, &q->algorithm);
1296     if (diff)
1297 	return diff;
1298     if (p->parameters) {
1299 	if (q->parameters)
1300 	    return heim_any_cmp(p->parameters,
1301 				q->parameters);
1302 	else
1303 	    return 1;
1304     } else {
1305 	if (q->parameters)
1306 	    return -1;
1307 	else
1308 	    return 0;
1309     }
1310 }
1311 
1312 int
1313 _hx509_Certificate_cmp(const Certificate *p, const Certificate *q)
1314 {
1315     int diff;
1316     diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue);
1317     if (diff)
1318 	return diff;
1319     diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm,
1320 					  &q->signatureAlgorithm);
1321     if (diff)
1322 	return diff;
1323     diff = der_heim_octet_string_cmp(&p->tbsCertificate._save,
1324 				     &q->tbsCertificate._save);
1325     return diff;
1326 }
1327 
1328 /**
1329  * Compare to hx509 certificate object, useful for sorting.
1330  *
1331  * @param p a hx509 certificate object.
1332  * @param q a hx509 certificate object.
1333  *
1334  * @return 0 the objects are the same, returns > 0 is p is "larger"
1335  * then q, < 0 if p is "smaller" then q.
1336  *
1337  * @ingroup hx509_cert
1338  */
1339 
1340 int
1341 hx509_cert_cmp(hx509_cert p, hx509_cert q)
1342 {
1343     return _hx509_Certificate_cmp(p->data, q->data);
1344 }
1345 
1346 /**
1347  * Return the name of the issuer of the hx509 certificate.
1348  *
1349  * @param p a hx509 certificate object.
1350  * @param name a pointer to a hx509 name, should be freed by
1351  * hx509_name_free().
1352  *
1353  * @return An hx509 error code, see hx509_get_error_string().
1354  *
1355  * @ingroup hx509_cert
1356  */
1357 
1358 int
1359 hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
1360 {
1361     return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
1362 }
1363 
1364 /**
1365  * Return the name of the subject of the hx509 certificate.
1366  *
1367  * @param p a hx509 certificate object.
1368  * @param name a pointer to a hx509 name, should be freed by
1369  * hx509_name_free(). See also hx509_cert_get_base_subject().
1370  *
1371  * @return An hx509 error code, see hx509_get_error_string().
1372  *
1373  * @ingroup hx509_cert
1374  */
1375 
1376 int
1377 hx509_cert_get_subject(hx509_cert p, hx509_name *name)
1378 {
1379     return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
1380 }
1381 
1382 /**
1383  * Return the name of the base subject of the hx509 certificate. If
1384  * the certiicate is a verified proxy certificate, the this function
1385  * return the base certificate (root of the proxy chain). If the proxy
1386  * certificate is not verified with the base certificate
1387  * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.
1388  *
1389  * @param context a hx509 context.
1390  * @param c a hx509 certificate object.
1391  * @param name a pointer to a hx509 name, should be freed by
1392  * hx509_name_free(). See also hx509_cert_get_subject().
1393  *
1394  * @return An hx509 error code, see hx509_get_error_string().
1395  *
1396  * @ingroup hx509_cert
1397  */
1398 
1399 int
1400 hx509_cert_get_base_subject(hx509_context context, hx509_cert c,
1401 			    hx509_name *name)
1402 {
1403     if (c->basename)
1404 	return hx509_name_copy(context, c->basename, name);
1405     if (is_proxy_cert(context, c->data, NULL) == 0) {
1406 	int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED;
1407 	hx509_set_error_string(context, 0, ret,
1408 			       "Proxy certificate have not been "
1409 			       "canonicalize yet, no base name");
1410 	return ret;
1411     }
1412     return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name);
1413 }
1414 
1415 /**
1416  * Get serial number of the certificate.
1417  *
1418  * @param p a hx509 certificate object.
1419  * @param i serial number, should be freed ith der_free_heim_integer().
1420  *
1421  * @return An hx509 error code, see hx509_get_error_string().
1422  *
1423  * @ingroup hx509_cert
1424  */
1425 
1426 int
1427 hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
1428 {
1429     return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
1430 }
1431 
1432 /**
1433  * Get notBefore time of the certificate.
1434  *
1435  * @param p a hx509 certificate object.
1436  *
1437  * @return return not before time
1438  *
1439  * @ingroup hx509_cert
1440  */
1441 
1442 time_t
1443 hx509_cert_get_notBefore(hx509_cert p)
1444 {
1445     return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notBefore);
1446 }
1447 
1448 /**
1449  * Get notAfter time of the certificate.
1450  *
1451  * @param p a hx509 certificate object.
1452  *
1453  * @return return not after time.
1454  *
1455  * @ingroup hx509_cert
1456  */
1457 
1458 time_t
1459 hx509_cert_get_notAfter(hx509_cert p)
1460 {
1461     return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notAfter);
1462 }
1463 
1464 /**
1465  * Get the SubjectPublicKeyInfo structure from the hx509 certificate.
1466  *
1467  * @param context a hx509 context.
1468  * @param p a hx509 certificate object.
1469  * @param spki SubjectPublicKeyInfo, should be freed with
1470  * free_SubjectPublicKeyInfo().
1471  *
1472  * @return An hx509 error code, see hx509_get_error_string().
1473  *
1474  * @ingroup hx509_cert
1475  */
1476 
1477 int
1478 hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)
1479 {
1480     int ret;
1481 
1482     ret = copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, spki);
1483     if (ret)
1484 	hx509_set_error_string(context, 0, ret, "Failed to copy SPKI");
1485     return ret;
1486 }
1487 
1488 /**
1489  * Get the AlgorithmIdentifier from the hx509 certificate.
1490  *
1491  * @param context a hx509 context.
1492  * @param p a hx509 certificate object.
1493  * @param alg AlgorithmIdentifier, should be freed with
1494  *            free_AlgorithmIdentifier(). The algorithmidentifier is
1495  *            typicly rsaEncryption, or id-ecPublicKey, or some other
1496  *            public key mechanism.
1497  *
1498  * @return An hx509 error code, see hx509_get_error_string().
1499  *
1500  * @ingroup hx509_cert
1501  */
1502 
1503 int
1504 hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
1505 					hx509_cert p,
1506 					AlgorithmIdentifier *alg)
1507 {
1508     int ret;
1509 
1510     ret = copy_AlgorithmIdentifier(&p->data->tbsCertificate.subjectPublicKeyInfo.algorithm, alg);
1511     if (ret)
1512 	hx509_set_error_string(context, 0, ret,
1513 			       "Failed to copy SPKI AlgorithmIdentifier");
1514     return ret;
1515 }
1516 
1517 static int
1518 get_x_unique_id(hx509_context context, const char *name,
1519 		const heim_bit_string *cert, heim_bit_string *subject)
1520 {
1521     int ret;
1522 
1523     if (cert == NULL) {
1524 	ret = HX509_EXTENSION_NOT_FOUND;
1525 	hx509_set_error_string(context, 0, ret, "%s unique id doesn't exists", name);
1526 	return ret;
1527     }
1528     ret = der_copy_bit_string(cert, subject);
1529     if (ret) {
1530 	hx509_set_error_string(context, 0, ret, "malloc out of memory", name);
1531 	return ret;
1532     }
1533     return 0;
1534 }
1535 
1536 /**
1537  * Get a copy of the Issuer Unique ID
1538  *
1539  * @param context a hx509_context
1540  * @param p a hx509 certificate
1541  * @param issuer the issuer id returned, free with der_free_bit_string()
1542  *
1543  * @return An hx509 error code, see hx509_get_error_string(). The
1544  * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate
1545  * doesn't have a issuerUniqueID
1546  *
1547  * @ingroup hx509_cert
1548  */
1549 
1550 int
1551 hx509_cert_get_issuer_unique_id(hx509_context context, hx509_cert p, heim_bit_string *issuer)
1552 {
1553     return get_x_unique_id(context, "issuer", p->data->tbsCertificate.issuerUniqueID, issuer);
1554 }
1555 
1556 /**
1557  * Get a copy of the Subect Unique ID
1558  *
1559  * @param context a hx509_context
1560  * @param p a hx509 certificate
1561  * @param subject the subject id returned, free with der_free_bit_string()
1562  *
1563  * @return An hx509 error code, see hx509_get_error_string(). The
1564  * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate
1565  * doesn't have a subjectUniqueID
1566  *
1567  * @ingroup hx509_cert
1568  */
1569 
1570 int
1571 hx509_cert_get_subject_unique_id(hx509_context context, hx509_cert p, heim_bit_string *subject)
1572 {
1573     return get_x_unique_id(context, "subject", p->data->tbsCertificate.subjectUniqueID, subject);
1574 }
1575 
1576 
1577 hx509_private_key
1578 _hx509_cert_private_key(hx509_cert p)
1579 {
1580     return p->private_key;
1581 }
1582 
1583 int
1584 hx509_cert_have_private_key(hx509_cert p)
1585 {
1586     return p->private_key ? 1 : 0;
1587 }
1588 
1589 
1590 int
1591 _hx509_cert_private_key_exportable(hx509_cert p)
1592 {
1593     if (p->private_key == NULL)
1594 	return 0;
1595     return _hx509_private_key_exportable(p->private_key);
1596 }
1597 
1598 int
1599 _hx509_cert_private_decrypt(hx509_context context,
1600 			    const heim_octet_string *ciphertext,
1601 			    const heim_oid *encryption_oid,
1602 			    hx509_cert p,
1603 			    heim_octet_string *cleartext)
1604 {
1605     cleartext->data = NULL;
1606     cleartext->length = 0;
1607 
1608     if (p->private_key == NULL) {
1609 	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1610 			       "Private key missing");
1611 	return HX509_PRIVATE_KEY_MISSING;
1612     }
1613 
1614     return hx509_private_key_private_decrypt(context,
1615 					      ciphertext,
1616 					      encryption_oid,
1617 					      p->private_key,
1618 					      cleartext);
1619 }
1620 
1621 int
1622 hx509_cert_public_encrypt(hx509_context context,
1623 			   const heim_octet_string *cleartext,
1624 			   const hx509_cert p,
1625 			   heim_oid *encryption_oid,
1626 			   heim_octet_string *ciphertext)
1627 {
1628     return _hx509_public_encrypt(context,
1629 				 cleartext, p->data,
1630 				 encryption_oid, ciphertext);
1631 }
1632 
1633 /*
1634  *
1635  */
1636 
1637 time_t
1638 _hx509_Time2time_t(const Time *t)
1639 {
1640     switch(t->element) {
1641     case choice_Time_utcTime:
1642 	return t->u.utcTime;
1643     case choice_Time_generalTime:
1644 	return t->u.generalTime;
1645     }
1646     return 0;
1647 }
1648 
1649 /*
1650  *
1651  */
1652 
1653 static int
1654 init_name_constraints(hx509_name_constraints *nc)
1655 {
1656     memset(nc, 0, sizeof(*nc));
1657     return 0;
1658 }
1659 
1660 static int
1661 add_name_constraints(hx509_context context, const Certificate *c, int not_ca,
1662 		     hx509_name_constraints *nc)
1663 {
1664     NameConstraints tnc;
1665     int ret;
1666 
1667     ret = find_extension_name_constraints(c, &tnc);
1668     if (ret == HX509_EXTENSION_NOT_FOUND)
1669 	return 0;
1670     else if (ret) {
1671 	hx509_set_error_string(context, 0, ret, "Failed getting NameConstraints");
1672 	return ret;
1673     } else if (not_ca) {
1674 	ret = HX509_VERIFY_CONSTRAINTS;
1675 	hx509_set_error_string(context, 0, ret, "Not a CA and "
1676 			       "have NameConstraints");
1677     } else {
1678 	NameConstraints *val;
1679 	val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1));
1680 	if (val == NULL) {
1681 	    hx509_clear_error_string(context);
1682 	    ret = ENOMEM;
1683 	    goto out;
1684 	}
1685 	nc->val = val;
1686 	ret = copy_NameConstraints(&tnc, &nc->val[nc->len]);
1687 	if (ret) {
1688 	    hx509_clear_error_string(context);
1689 	    goto out;
1690 	}
1691 	nc->len += 1;
1692     }
1693 out:
1694     free_NameConstraints(&tnc);
1695     return ret;
1696 }
1697 
1698 static int
1699 match_RDN(const RelativeDistinguishedName *c,
1700 	  const RelativeDistinguishedName *n)
1701 {
1702     size_t i;
1703 
1704     if (c->len != n->len)
1705 	return HX509_NAME_CONSTRAINT_ERROR;
1706 
1707     for (i = 0; i < n->len; i++) {
1708 	int diff, ret;
1709 
1710 	if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0)
1711 	    return HX509_NAME_CONSTRAINT_ERROR;
1712 	ret = _hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value, &diff);
1713 	if (ret)
1714 	    return ret;
1715 	if (diff != 0)
1716 	    return HX509_NAME_CONSTRAINT_ERROR;
1717     }
1718     return 0;
1719 }
1720 
1721 static int
1722 match_X501Name(const Name *c, const Name *n)
1723 {
1724     size_t i;
1725     int ret;
1726 
1727     if (c->element != choice_Name_rdnSequence
1728 	|| n->element != choice_Name_rdnSequence)
1729 	return 0;
1730     if (c->u.rdnSequence.len > n->u.rdnSequence.len)
1731 	return HX509_NAME_CONSTRAINT_ERROR;
1732     for (i = 0; i < c->u.rdnSequence.len; i++) {
1733 	ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]);
1734 	if (ret)
1735 	    return ret;
1736     }
1737     return 0;
1738 }
1739 
1740 
1741 static int
1742 match_general_name(const GeneralName *c, const GeneralName *n, int *match)
1743 {
1744     /*
1745      * Name constraints only apply to the same name type, see RFC3280,
1746      * 4.2.1.11.
1747      */
1748     assert(c->element == n->element);
1749 
1750     switch(c->element) {
1751     case choice_GeneralName_otherName:
1752 	if (der_heim_oid_cmp(&c->u.otherName.type_id,
1753 			 &n->u.otherName.type_id) != 0)
1754 	    return HX509_NAME_CONSTRAINT_ERROR;
1755 	if (heim_any_cmp(&c->u.otherName.value,
1756 			 &n->u.otherName.value) != 0)
1757 	    return HX509_NAME_CONSTRAINT_ERROR;
1758 	*match = 1;
1759 	return 0;
1760     case choice_GeneralName_rfc822Name: {
1761 	const char *s;
1762 	size_t len1, len2;
1763 	s = memchr(c->u.rfc822Name.data, '@', c->u.rfc822Name.length);
1764 	if (s) {
1765 	    if (der_printable_string_cmp(&c->u.rfc822Name, &n->u.rfc822Name) != 0)
1766 		return HX509_NAME_CONSTRAINT_ERROR;
1767 	} else {
1768 	    s = memchr(n->u.rfc822Name.data, '@', n->u.rfc822Name.length);
1769 	    if (s == NULL)
1770 		return HX509_NAME_CONSTRAINT_ERROR;
1771 	    len1 = c->u.rfc822Name.length;
1772 	    len2 = n->u.rfc822Name.length -
1773 		(s - ((char *)n->u.rfc822Name.data));
1774 	    if (len1 > len2)
1775 		return HX509_NAME_CONSTRAINT_ERROR;
1776 	    if (memcmp(s + 1 + len2 - len1, c->u.rfc822Name.data, len1) != 0)
1777 		return HX509_NAME_CONSTRAINT_ERROR;
1778 	    if (len1 < len2 && s[len2 - len1 + 1] != '.')
1779 		return HX509_NAME_CONSTRAINT_ERROR;
1780 	}
1781 	*match = 1;
1782 	return 0;
1783     }
1784     case choice_GeneralName_dNSName: {
1785 	size_t lenc, lenn;
1786 	char *ptr;
1787 
1788 	lenc = c->u.dNSName.length;
1789 	lenn = n->u.dNSName.length;
1790 	if (lenc > lenn)
1791 	    return HX509_NAME_CONSTRAINT_ERROR;
1792 	ptr = n->u.dNSName.data;
1793 	if (memcmp(&ptr[lenn - lenc], c->u.dNSName.data, lenc) != 0)
1794 	    return HX509_NAME_CONSTRAINT_ERROR;
1795 	if (lenn != lenc && ptr[lenn - lenc - 1] != '.')
1796 	    return HX509_NAME_CONSTRAINT_ERROR;
1797 	*match = 1;
1798 	return 0;
1799     }
1800     case choice_GeneralName_directoryName: {
1801 	Name c_name, n_name;
1802 	int ret;
1803 
1804 	c_name._save.data = NULL;
1805 	c_name._save.length = 0;
1806 	c_name.element = c->u.directoryName.element;
1807 	c_name.u.rdnSequence = c->u.directoryName.u.rdnSequence;
1808 
1809 	n_name._save.data = NULL;
1810 	n_name._save.length = 0;
1811 	n_name.element = n->u.directoryName.element;
1812 	n_name.u.rdnSequence = n->u.directoryName.u.rdnSequence;
1813 
1814 	ret = match_X501Name(&c_name, &n_name);
1815 	if (ret == 0)
1816 	    *match = 1;
1817 	return ret;
1818     }
1819     case choice_GeneralName_uniformResourceIdentifier:
1820     case choice_GeneralName_iPAddress:
1821     case choice_GeneralName_registeredID:
1822     default:
1823 	return HX509_NAME_CONSTRAINT_ERROR;
1824     }
1825 }
1826 
1827 static int
1828 match_alt_name(const GeneralName *n, const Certificate *c,
1829 	       int *same, int *match)
1830 {
1831     GeneralNames sa;
1832     int ret;
1833     size_t i, j;
1834 
1835     i = 0;
1836     do {
1837 	ret = find_extension_subject_alt_name(c, &i, &sa);
1838 	if (ret == HX509_EXTENSION_NOT_FOUND) {
1839 	    ret = 0;
1840 	    break;
1841 	} else if (ret != 0)
1842 	    break;
1843 
1844 	for (j = 0; j < sa.len; j++) {
1845 	    if (n->element == sa.val[j].element) {
1846 		*same = 1;
1847 		ret = match_general_name(n, &sa.val[j], match);
1848 	    }
1849 	}
1850 	free_GeneralNames(&sa);
1851     } while (1);
1852     return ret;
1853 }
1854 
1855 
1856 static int
1857 match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
1858 {
1859     int name, alt_name, same;
1860     unsigned int i;
1861     int ret = 0;
1862 
1863     name = alt_name = same = *match = 0;
1864     for (i = 0; i < t->len; i++) {
1865 	if (t->val[i].minimum && t->val[i].maximum)
1866 	    return HX509_RANGE;
1867 
1868 	/*
1869 	 * If the constraint apply to directoryNames, test is with
1870 	 * subjectName of the certificate if the certificate have a
1871 	 * non-null (empty) subjectName.
1872 	 */
1873 
1874 	if (t->val[i].base.element == choice_GeneralName_directoryName
1875 	    && !subject_null_p(c))
1876 	{
1877 	    GeneralName certname;
1878 
1879 	    memset(&certname, 0, sizeof(certname));
1880 	    certname.element = choice_GeneralName_directoryName;
1881 	    certname.u.directoryName.element =
1882 		c->tbsCertificate.subject.element;
1883 	    certname.u.directoryName.u.rdnSequence =
1884 		c->tbsCertificate.subject.u.rdnSequence;
1885 
1886 	    ret = match_general_name(&t->val[i].base, &certname, &name);
1887 	}
1888 
1889 	/* Handle subjectAltNames, this is icky since they
1890 	 * restrictions only apply if the subjectAltName is of the
1891 	 * same type. So if there have been a match of type, require
1892 	 * altname to be set.
1893 	 */
1894 	ret = match_alt_name(&t->val[i].base, c, &same, &alt_name);
1895     }
1896     if (name && (!same || alt_name))
1897 	*match = 1;
1898     return ret;
1899 }
1900 
1901 static int
1902 check_name_constraints(hx509_context context,
1903 		       const hx509_name_constraints *nc,
1904 		       const Certificate *c)
1905 {
1906     int match, ret;
1907     size_t i;
1908 
1909     for (i = 0 ; i < nc->len; i++) {
1910 	GeneralSubtrees gs;
1911 
1912 	if (nc->val[i].permittedSubtrees) {
1913 	    GeneralSubtrees_SET(&gs, nc->val[i].permittedSubtrees);
1914 	    ret = match_tree(&gs, c, &match);
1915 	    if (ret) {
1916 		hx509_clear_error_string(context);
1917 		return ret;
1918 	    }
1919 	    /* allow null subjectNames, they wont matches anything */
1920 	    if (match == 0 && !subject_null_p(c)) {
1921 		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
1922 				       "Error verify constraints, "
1923 				       "certificate didn't match any "
1924 				       "permitted subtree");
1925 		return HX509_VERIFY_CONSTRAINTS;
1926 	    }
1927 	}
1928 	if (nc->val[i].excludedSubtrees) {
1929 	    GeneralSubtrees_SET(&gs, nc->val[i].excludedSubtrees);
1930 	    ret = match_tree(&gs, c, &match);
1931 	    if (ret) {
1932 		hx509_clear_error_string(context);
1933 		return ret;
1934 	    }
1935 	    if (match) {
1936 		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
1937 				       "Error verify constraints, "
1938 				       "certificate included in excluded "
1939 				       "subtree");
1940 		return HX509_VERIFY_CONSTRAINTS;
1941 	    }
1942 	}
1943     }
1944     return 0;
1945 }
1946 
1947 static void
1948 free_name_constraints(hx509_name_constraints *nc)
1949 {
1950     size_t i;
1951 
1952     for (i = 0 ; i < nc->len; i++)
1953 	free_NameConstraints(&nc->val[i]);
1954     free(nc->val);
1955 }
1956 
1957 /**
1958  * Build and verify the path for the certificate to the trust anchor
1959  * specified in the verify context. The path is constructed from the
1960  * certificate, the pool and the trust anchors.
1961  *
1962  * @param context A hx509 context.
1963  * @param ctx A hx509 verification context.
1964  * @param cert the certificate to build the path from.
1965  * @param pool A keyset of certificates to build the chain from.
1966  *
1967  * @return An hx509 error code, see hx509_get_error_string().
1968  *
1969  * @ingroup hx509_verify
1970  */
1971 
1972 int
1973 hx509_verify_path(hx509_context context,
1974 		  hx509_verify_ctx ctx,
1975 		  hx509_cert cert,
1976 		  hx509_certs pool)
1977 {
1978     hx509_name_constraints nc;
1979     hx509_path path;
1980     int ret, proxy_cert_depth, selfsigned_depth, diff;
1981     size_t i, k;
1982     enum certtype type;
1983     Name proxy_issuer;
1984     hx509_certs anchors = NULL;
1985 
1986     memset(&proxy_issuer, 0, sizeof(proxy_issuer));
1987 
1988     ret = init_name_constraints(&nc);
1989     if (ret)
1990 	return ret;
1991 
1992     path.val = NULL;
1993     path.len = 0;
1994 
1995     if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0)
1996 	ctx->time_now = time(NULL);
1997 
1998     /*
1999      *
2000      */
2001     if (ctx->trust_anchors)
2002 	anchors = hx509_certs_ref(ctx->trust_anchors);
2003     else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
2004 	anchors = hx509_certs_ref(context->default_trust_anchors);
2005     else {
2006 	ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
2007 	if (ret)
2008 	    goto out;
2009     }
2010 
2011     /*
2012      * Calculate the path from the certificate user presented to the
2013      * to an anchor.
2014      */
2015     ret = _hx509_calculate_path(context, 0, ctx->time_now,
2016 				anchors, ctx->max_depth,
2017 				cert, pool, &path);
2018     if (ret)
2019 	goto out;
2020 
2021     /*
2022      * Check CA and proxy certificate chain from the top of the
2023      * certificate chain. Also check certificate is valid with respect
2024      * to the current time.
2025      *
2026      */
2027 
2028     proxy_cert_depth = 0;
2029     selfsigned_depth = 0;
2030 
2031     if (ctx->flags & HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE)
2032 	type = PROXY_CERT;
2033     else
2034 	type = EE_CERT;
2035 
2036     for (i = 0; i < path.len; i++) {
2037 	Certificate *c;
2038 	time_t t;
2039 
2040 	c = _hx509_get_cert(path.val[i]);
2041 
2042 	/*
2043 	 * Lets do some basic check on issuer like
2044 	 * keyUsage.keyCertSign and basicConstraints.cA bit depending
2045 	 * on what type of certificate this is.
2046 	 */
2047 
2048 	switch (type) {
2049 	case CA_CERT:
2050 
2051 	    /* XXX make constants for keyusage */
2052 	    ret = check_key_usage(context, c, 1 << 5,
2053 				  REQUIRE_RFC3280(ctx) ? TRUE : FALSE);
2054 	    if (ret) {
2055 		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
2056 				       "Key usage missing from CA certificate");
2057 		goto out;
2058 	    }
2059 
2060 	    /* self signed cert doesn't add to path length */
2061 	    if (i + 1 != path.len) {
2062 		int selfsigned;
2063 
2064 		ret = certificate_is_self_signed(context, c, &selfsigned);
2065 		if (ret)
2066 		    goto out;
2067 		if (selfsigned)
2068 		    selfsigned_depth++;
2069 	    }
2070 
2071 	    break;
2072 	case PROXY_CERT: {
2073 	    ProxyCertInfo info;
2074 
2075 	    if (is_proxy_cert(context, c, &info) == 0) {
2076 		size_t j;
2077 
2078 		if (info.pCPathLenConstraint != NULL &&
2079 		    *info.pCPathLenConstraint < i)
2080 		{
2081 		    free_ProxyCertInfo(&info);
2082 		    ret = HX509_PATH_TOO_LONG;
2083 		    hx509_set_error_string(context, 0, ret,
2084 					   "Proxy certificate chain "
2085 					   "longer then allowed");
2086 		    goto out;
2087 		}
2088 		/* XXX MUST check info.proxyPolicy */
2089 		free_ProxyCertInfo(&info);
2090 
2091 		j = 0;
2092 		if (find_extension(c, &asn1_oid_id_x509_ce_subjectAltName, &j)) {
2093 		    ret = HX509_PROXY_CERT_INVALID;
2094 		    hx509_set_error_string(context, 0, ret,
2095 					   "Proxy certificate have explicity "
2096 					   "forbidden subjectAltName");
2097 		    goto out;
2098 		}
2099 
2100 		j = 0;
2101 		if (find_extension(c, &asn1_oid_id_x509_ce_issuerAltName, &j)) {
2102 		    ret = HX509_PROXY_CERT_INVALID;
2103 		    hx509_set_error_string(context, 0, ret,
2104 					   "Proxy certificate have explicity "
2105 					   "forbidden issuerAltName");
2106 		    goto out;
2107 		}
2108 
2109 		/*
2110 		 * The subject name of the proxy certificate should be
2111 		 * CN=XXX,<proxy issuer>, prune of CN and check if its
2112 		 * the same over the whole chain of proxy certs and
2113 		 * then check with the EE cert when we get to it.
2114 		 */
2115 
2116 		if (proxy_cert_depth) {
2117 		    ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject, &diff);
2118 		    if (ret) {
2119 			hx509_set_error_string(context, 0, ret, "Out of memory");
2120 			goto out;
2121 		    }
2122 		    if (diff) {
2123 			ret = HX509_PROXY_CERT_NAME_WRONG;
2124 			hx509_set_error_string(context, 0, ret,
2125 					       "Base proxy name not right");
2126 			goto out;
2127 		    }
2128 		}
2129 
2130 		free_Name(&proxy_issuer);
2131 
2132 		ret = copy_Name(&c->tbsCertificate.subject, &proxy_issuer);
2133 		if (ret) {
2134 		    hx509_clear_error_string(context);
2135 		    goto out;
2136 		}
2137 
2138 		j = proxy_issuer.u.rdnSequence.len;
2139 		if (proxy_issuer.u.rdnSequence.len < 2
2140 		    || proxy_issuer.u.rdnSequence.val[j - 1].len > 1
2141 		    || der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type,
2142 					&asn1_oid_id_at_commonName))
2143 		{
2144 		    ret = HX509_PROXY_CERT_NAME_WRONG;
2145 		    hx509_set_error_string(context, 0, ret,
2146 					   "Proxy name too short or "
2147 					   "does not have Common name "
2148 					   "at the top");
2149 		    goto out;
2150 		}
2151 
2152 		free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]);
2153 		proxy_issuer.u.rdnSequence.len -= 1;
2154 
2155 		ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer, &diff);
2156 		if (ret) {
2157 		    hx509_set_error_string(context, 0, ret, "Out of memory");
2158 		    goto out;
2159 		}
2160 		if (diff != 0) {
2161 		    ret = HX509_PROXY_CERT_NAME_WRONG;
2162 		    hx509_set_error_string(context, 0, ret,
2163 					   "Proxy issuer name not as expected");
2164 		    goto out;
2165 		}
2166 
2167 		break;
2168 	    } else {
2169 		/*
2170 		 * Now we are done with the proxy certificates, this
2171 		 * cert was an EE cert and we we will fall though to
2172 		 * EE checking below.
2173 		 */
2174 		type = EE_CERT;
2175 		/* FALLTHOUGH */
2176 	    }
2177 	}
2178 	case EE_CERT:
2179 	    /*
2180 	     * If there where any proxy certificates in the chain
2181 	     * (proxy_cert_depth > 0), check that the proxy issuer
2182 	     * matched proxy certificates "base" subject.
2183 	     */
2184 	    if (proxy_cert_depth) {
2185 
2186 		ret = _hx509_name_cmp(&proxy_issuer,
2187 				      &c->tbsCertificate.subject, &diff);
2188 		if (ret) {
2189 		    hx509_set_error_string(context, 0, ret, "out of memory");
2190 		    goto out;
2191 		}
2192 		if (diff) {
2193 		    ret = HX509_PROXY_CERT_NAME_WRONG;
2194 		    hx509_clear_error_string(context);
2195 		    goto out;
2196 		}
2197 		if (cert->basename)
2198 		    hx509_name_free(&cert->basename);
2199 
2200 		ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
2201 		if (ret) {
2202 		    hx509_clear_error_string(context);
2203 		    goto out;
2204 		}
2205 	    }
2206 
2207 	    break;
2208 	}
2209 
2210 	ret = check_basic_constraints(context, c, type,
2211 				      i - proxy_cert_depth - selfsigned_depth);
2212 	if (ret)
2213 	    goto out;
2214 
2215 	/*
2216 	 * Don't check the trust anchors expiration time since they
2217 	 * are transported out of band, from RFC3820.
2218 	 */
2219 	if (i + 1 != path.len || CHECK_TA(ctx)) {
2220 
2221 	    t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
2222 	    if (t > ctx->time_now) {
2223 		ret = HX509_CERT_USED_BEFORE_TIME;
2224 		hx509_clear_error_string(context);
2225 		goto out;
2226 	    }
2227 	    t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
2228 	    if (t < ctx->time_now) {
2229 		ret = HX509_CERT_USED_AFTER_TIME;
2230 		hx509_clear_error_string(context);
2231 		goto out;
2232 	    }
2233 	}
2234 
2235 	if (type == EE_CERT)
2236 	    type = CA_CERT;
2237 	else if (type == PROXY_CERT)
2238 	    proxy_cert_depth++;
2239     }
2240 
2241     /*
2242      * Verify constraints, do this backward so path constraints are
2243      * checked in the right order.
2244      */
2245 
2246     for (ret = 0, k = path.len; k > 0; k--) {
2247 	Certificate *c;
2248 	int selfsigned;
2249 	i = k - 1;
2250 
2251 	c = _hx509_get_cert(path.val[i]);
2252 
2253 	ret = certificate_is_self_signed(context, c, &selfsigned);
2254 	if (ret)
2255 	    goto out;
2256 
2257 	/* verify name constraints, not for selfsigned and anchor */
2258 	if (!selfsigned || i + 1 != path.len) {
2259 	    ret = check_name_constraints(context, &nc, c);
2260 	    if (ret) {
2261 		goto out;
2262 	    }
2263 	}
2264 	ret = add_name_constraints(context, c, i == 0, &nc);
2265 	if (ret)
2266 	    goto out;
2267 
2268 	/* XXX verify all other silly constraints */
2269 
2270     }
2271 
2272     /*
2273      * Verify that no certificates has been revoked.
2274      */
2275 
2276     if (ctx->revoke_ctx) {
2277 	hx509_certs certs;
2278 
2279 	ret = hx509_certs_init(context, "MEMORY:revoke-certs", 0,
2280 			       NULL, &certs);
2281 	if (ret)
2282 	    goto out;
2283 
2284 	for (i = 0; i < path.len; i++) {
2285 	    ret = hx509_certs_add(context, certs, path.val[i]);
2286 	    if (ret) {
2287 		hx509_certs_free(&certs);
2288 		goto out;
2289 	    }
2290 	}
2291 	ret = hx509_certs_merge(context, certs, pool);
2292 	if (ret) {
2293 	    hx509_certs_free(&certs);
2294 	    goto out;
2295 	}
2296 
2297 	for (i = 0; i < path.len - 1; i++) {
2298 	    size_t parent = (i < path.len - 1) ? i + 1 : i;
2299 
2300 	    ret = hx509_revoke_verify(context,
2301 				      ctx->revoke_ctx,
2302 				      certs,
2303 				      ctx->time_now,
2304 				      path.val[i],
2305 				      path.val[parent]);
2306 	    if (ret) {
2307 		hx509_certs_free(&certs);
2308 		goto out;
2309 	    }
2310 	}
2311 	hx509_certs_free(&certs);
2312     }
2313 
2314     /*
2315      * Verify signatures, do this backward so public key working
2316      * parameter is passed up from the anchor up though the chain.
2317      */
2318 
2319     for (k = path.len; k > 0; k--) {
2320 	hx509_cert signer;
2321 	Certificate *c;
2322 	i = k - 1;
2323 
2324 	c = _hx509_get_cert(path.val[i]);
2325 
2326 	/* is last in chain (trust anchor) */
2327 	if (i + 1 == path.len) {
2328 	    int selfsigned;
2329 
2330 	    signer = path.val[i];
2331 
2332 	    ret = certificate_is_self_signed(context, signer->data, &selfsigned);
2333 	    if (ret)
2334 		goto out;
2335 
2336 	    /* if trust anchor is not self signed, don't check sig */
2337 	    if (!selfsigned)
2338 		continue;
2339 	} else {
2340 	    /* take next certificate in chain */
2341 	    signer = path.val[i + 1];
2342 	}
2343 
2344 	/* verify signatureValue */
2345 	ret = _hx509_verify_signature_bitstring(context,
2346 						signer,
2347 						&c->signatureAlgorithm,
2348 						&c->tbsCertificate._save,
2349 						&c->signatureValue);
2350 	if (ret) {
2351 	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
2352 				   "Failed to verify signature of certificate");
2353 	    goto out;
2354 	}
2355 	/*
2356 	 * Verify that the sigature algorithm "best-before" date is
2357 	 * before the creation date of the certificate, do this for
2358 	 * trust anchors too, since any trust anchor that is created
2359 	 * after a algorithm is known to be bad deserved to be invalid.
2360 	 *
2361 	 * Skip the leaf certificate for now...
2362 	 */
2363 
2364 	if (i != 0 && (ctx->flags & HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK) == 0) {
2365 	    time_t notBefore =
2366 		_hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
2367 	    ret = _hx509_signature_best_before(context,
2368 					       &c->signatureAlgorithm,
2369 					       notBefore);
2370 	    if (ret)
2371 		goto out;
2372 	}
2373     }
2374 
2375 out:
2376     hx509_certs_free(&anchors);
2377     free_Name(&proxy_issuer);
2378     free_name_constraints(&nc);
2379     _hx509_path_free(&path);
2380 
2381     return ret;
2382 }
2383 
2384 /**
2385  * Verify a signature made using the private key of an certificate.
2386  *
2387  * @param context A hx509 context.
2388  * @param signer the certificate that made the signature.
2389  * @param alg algorthm that was used to sign the data.
2390  * @param data the data that was signed.
2391  * @param sig the sigature to verify.
2392  *
2393  * @return An hx509 error code, see hx509_get_error_string().
2394  *
2395  * @ingroup hx509_crypto
2396  */
2397 
2398 int
2399 hx509_verify_signature(hx509_context context,
2400 		       const hx509_cert signer,
2401 		       const AlgorithmIdentifier *alg,
2402 		       const heim_octet_string *data,
2403 		       const heim_octet_string *sig)
2404 {
2405     return _hx509_verify_signature(context, signer, alg, data, sig);
2406 }
2407 
2408 int
2409 _hx509_verify_signature_bitstring(hx509_context context,
2410 				  const hx509_cert signer,
2411 				  const AlgorithmIdentifier *alg,
2412 				  const heim_octet_string *data,
2413 				  const heim_bit_string *sig)
2414 {
2415     heim_octet_string os;
2416 
2417     if (sig->length & 7) {
2418 	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
2419 			       "signature not multiple of 8 bits");
2420 	return HX509_CRYPTO_SIG_INVALID_FORMAT;
2421     }
2422 
2423     os.data = sig->data;
2424     os.length = sig->length / 8;
2425 
2426     return _hx509_verify_signature(context, signer, alg, data, &os);
2427 }
2428 
2429 
2430 
2431 /**
2432  * Verify that the certificate is allowed to be used for the hostname
2433  * and address.
2434  *
2435  * @param context A hx509 context.
2436  * @param cert the certificate to match with
2437  * @param flags Flags to modify the behavior:
2438  * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok
2439  * @param type type of hostname:
2440  * - HX509_HN_HOSTNAME for plain hostname.
2441  * - HX509_HN_DNSSRV for DNS SRV names.
2442  * @param hostname the hostname to check
2443  * @param sa address of the host
2444  * @param sa_size length of address
2445  *
2446  * @return An hx509 error code, see hx509_get_error_string().
2447  *
2448  * @ingroup hx509_cert
2449  */
2450 
2451 int
2452 hx509_verify_hostname(hx509_context context,
2453 		      const hx509_cert cert,
2454 		      int flags,
2455 		      hx509_hostname_type type,
2456 		      const char *hostname,
2457 		      const struct sockaddr *sa,
2458 		      /* XXX krb5_socklen_t */ int sa_size)
2459 {
2460     GeneralNames san;
2461     const Name *name;
2462     int ret;
2463     size_t i, j, k;
2464 
2465     if (sa && sa_size <= 0)
2466 	return EINVAL;
2467 
2468     memset(&san, 0, sizeof(san));
2469 
2470     i = 0;
2471     do {
2472 	ret = find_extension_subject_alt_name(cert->data, &i, &san);
2473 	if (ret == HX509_EXTENSION_NOT_FOUND)
2474 	    break;
2475 	else if (ret != 0)
2476 	    return HX509_PARSING_NAME_FAILED;
2477 
2478 	for (j = 0; j < san.len; j++) {
2479 	    switch (san.val[j].element) {
2480 	    case choice_GeneralName_dNSName: {
2481 		heim_printable_string hn;
2482 		hn.data = rk_UNCONST(hostname);
2483 		hn.length = strlen(hostname);
2484 
2485 		if (der_printable_string_cmp(&san.val[j].u.dNSName, &hn) == 0) {
2486 		    free_GeneralNames(&san);
2487 		    return 0;
2488 		}
2489 		break;
2490 	    }
2491 	    default:
2492 		break;
2493 	    }
2494 	}
2495 	free_GeneralNames(&san);
2496     } while (1);
2497 
2498     name = &cert->data->tbsCertificate.subject;
2499 
2500     /* Find first CN= in the name, and try to match the hostname on that */
2501     for (ret = 0, k = name->u.rdnSequence.len; ret == 0 && k > 0; k--) {
2502 	i = k - 1;
2503 	for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
2504 	    AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j];
2505 
2506 	    if (der_heim_oid_cmp(&n->type, &asn1_oid_id_at_commonName) == 0) {
2507 		DirectoryString *ds = &n->value;
2508 		switch (ds->element) {
2509 		case choice_DirectoryString_printableString: {
2510 		    heim_printable_string hn;
2511 		    hn.data = rk_UNCONST(hostname);
2512 		    hn.length = strlen(hostname);
2513 
2514 		    if (der_printable_string_cmp(&ds->u.printableString, &hn) == 0)
2515 			return 0;
2516 		    break;
2517 		}
2518 		case choice_DirectoryString_ia5String: {
2519 		    heim_ia5_string hn;
2520 		    hn.data = rk_UNCONST(hostname);
2521 		    hn.length = strlen(hostname);
2522 
2523 		    if (der_ia5_string_cmp(&ds->u.ia5String, &hn) == 0)
2524 			return 0;
2525 		    break;
2526 		}
2527 		case choice_DirectoryString_utf8String:
2528 		    if (strcasecmp(ds->u.utf8String, hostname) == 0)
2529 			return 0;
2530 		default:
2531 		    break;
2532 		}
2533 		ret = HX509_NAME_CONSTRAINT_ERROR;
2534 	    }
2535 	}
2536     }
2537 
2538     if ((flags & HX509_VHN_F_ALLOW_NO_MATCH) == 0)
2539 	ret = HX509_NAME_CONSTRAINT_ERROR;
2540 
2541     return ret;
2542 }
2543 
2544 int
2545 _hx509_set_cert_attribute(hx509_context context,
2546 			  hx509_cert cert,
2547 			  const heim_oid *oid,
2548 			  const heim_octet_string *attr)
2549 {
2550     hx509_cert_attribute a;
2551     void *d;
2552 
2553     if (hx509_cert_get_attribute(cert, oid) != NULL)
2554 	return 0;
2555 
2556     d = realloc(cert->attrs.val,
2557 		sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1));
2558     if (d == NULL) {
2559 	hx509_clear_error_string(context);
2560 	return ENOMEM;
2561     }
2562     cert->attrs.val = d;
2563 
2564     a = malloc(sizeof(*a));
2565     if (a == NULL)
2566 	return ENOMEM;
2567 
2568     der_copy_octet_string(attr, &a->data);
2569     der_copy_oid(oid, &a->oid);
2570 
2571     cert->attrs.val[cert->attrs.len] = a;
2572     cert->attrs.len++;
2573 
2574     return 0;
2575 }
2576 
2577 /**
2578  * Get an external attribute for the certificate, examples are
2579  * friendly name and id.
2580  *
2581  * @param cert hx509 certificate object to search
2582  * @param oid an oid to search for.
2583  *
2584  * @return an hx509_cert_attribute, only valid as long as the
2585  * certificate is referenced.
2586  *
2587  * @ingroup hx509_cert
2588  */
2589 
2590 hx509_cert_attribute
2591 hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
2592 {
2593     size_t i;
2594     for (i = 0; i < cert->attrs.len; i++)
2595 	if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
2596 	    return cert->attrs.val[i];
2597     return NULL;
2598 }
2599 
2600 /**
2601  * Set the friendly name on the certificate.
2602  *
2603  * @param cert The certificate to set the friendly name on
2604  * @param name Friendly name.
2605  *
2606  * @return An hx509 error code, see hx509_get_error_string().
2607  *
2608  * @ingroup hx509_cert
2609  */
2610 
2611 int
2612 hx509_cert_set_friendly_name(hx509_cert cert, const char *name)
2613 {
2614     if (cert->friendlyname)
2615 	free(cert->friendlyname);
2616     cert->friendlyname = strdup(name);
2617     if (cert->friendlyname == NULL)
2618 	return ENOMEM;
2619     return 0;
2620 }
2621 
2622 /**
2623  * Get friendly name of the certificate.
2624  *
2625  * @param cert cert to get the friendly name from.
2626  *
2627  * @return an friendly name or NULL if there is. The friendly name is
2628  * only valid as long as the certificate is referenced.
2629  *
2630  * @ingroup hx509_cert
2631  */
2632 
2633 const char *
2634 hx509_cert_get_friendly_name(hx509_cert cert)
2635 {
2636     hx509_cert_attribute a;
2637     PKCS9_friendlyName n;
2638     size_t sz;
2639     int ret;
2640     size_t i;
2641 
2642     if (cert->friendlyname)
2643 	return cert->friendlyname;
2644 
2645     a = hx509_cert_get_attribute(cert, &asn1_oid_id_pkcs_9_at_friendlyName);
2646     if (a == NULL) {
2647 	hx509_name name;
2648 
2649 	ret = hx509_cert_get_subject(cert, &name);
2650 	if (ret)
2651 	    return NULL;
2652 	ret = hx509_name_to_string(name, &cert->friendlyname);
2653 	hx509_name_free(&name);
2654 	if (ret)
2655 	    return NULL;
2656 	return cert->friendlyname;
2657     }
2658 
2659     ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
2660     if (ret)
2661 	return NULL;
2662 
2663     if (n.len != 1) {
2664 	free_PKCS9_friendlyName(&n);
2665 	return NULL;
2666     }
2667 
2668     cert->friendlyname = malloc(n.val[0].length + 1);
2669     if (cert->friendlyname == NULL) {
2670 	free_PKCS9_friendlyName(&n);
2671 	return NULL;
2672     }
2673 
2674     for (i = 0; i < n.val[0].length; i++) {
2675 	if (n.val[0].data[i] <= 0xff)
2676 	    cert->friendlyname[i] = n.val[0].data[i] & 0xff;
2677 	else
2678 	    cert->friendlyname[i] = 'X';
2679     }
2680     cert->friendlyname[i] = '\0';
2681     free_PKCS9_friendlyName(&n);
2682 
2683     return cert->friendlyname;
2684 }
2685 
2686 void
2687 _hx509_query_clear(hx509_query *q)
2688 {
2689     memset(q, 0, sizeof(*q));
2690 }
2691 
2692 /**
2693  * Allocate an query controller. Free using hx509_query_free().
2694  *
2695  * @param context A hx509 context.
2696  * @param q return pointer to a hx509_query.
2697  *
2698  * @return An hx509 error code, see hx509_get_error_string().
2699  *
2700  * @ingroup hx509_cert
2701  */
2702 
2703 int
2704 hx509_query_alloc(hx509_context context, hx509_query **q)
2705 {
2706     *q = calloc(1, sizeof(**q));
2707     if (*q == NULL)
2708 	return ENOMEM;
2709     return 0;
2710 }
2711 
2712 
2713 /**
2714  * Set match options for the hx509 query controller.
2715  *
2716  * @param q query controller.
2717  * @param option options to control the query controller.
2718  *
2719  * @return An hx509 error code, see hx509_get_error_string().
2720  *
2721  * @ingroup hx509_cert
2722  */
2723 
2724 void
2725 hx509_query_match_option(hx509_query *q, hx509_query_option option)
2726 {
2727     switch(option) {
2728     case HX509_QUERY_OPTION_PRIVATE_KEY:
2729 	q->match |= HX509_QUERY_PRIVATE_KEY;
2730 	break;
2731     case HX509_QUERY_OPTION_KU_ENCIPHERMENT:
2732 	q->match |= HX509_QUERY_KU_ENCIPHERMENT;
2733 	break;
2734     case HX509_QUERY_OPTION_KU_DIGITALSIGNATURE:
2735 	q->match |= HX509_QUERY_KU_DIGITALSIGNATURE;
2736 	break;
2737     case HX509_QUERY_OPTION_KU_KEYCERTSIGN:
2738 	q->match |= HX509_QUERY_KU_KEYCERTSIGN;
2739 	break;
2740     case HX509_QUERY_OPTION_END:
2741     default:
2742 	break;
2743     }
2744 }
2745 
2746 /**
2747  * Set the issuer and serial number of match in the query
2748  * controller. The function make copies of the isser and serial number.
2749  *
2750  * @param q a hx509 query controller
2751  * @param issuer issuer to search for
2752  * @param serialNumber the serialNumber of the issuer.
2753  *
2754  * @return An hx509 error code, see hx509_get_error_string().
2755  *
2756  * @ingroup hx509_cert
2757  */
2758 
2759 int
2760 hx509_query_match_issuer_serial(hx509_query *q,
2761 				const Name *issuer,
2762 				const heim_integer *serialNumber)
2763 {
2764     int ret;
2765     if (q->serial) {
2766 	der_free_heim_integer(q->serial);
2767 	free(q->serial);
2768     }
2769     q->serial = malloc(sizeof(*q->serial));
2770     if (q->serial == NULL)
2771 	return ENOMEM;
2772     ret = der_copy_heim_integer(serialNumber, q->serial);
2773     if (ret) {
2774 	free(q->serial);
2775 	q->serial = NULL;
2776 	return ret;
2777     }
2778     if (q->issuer_name) {
2779 	free_Name(q->issuer_name);
2780 	free(q->issuer_name);
2781     }
2782     q->issuer_name = malloc(sizeof(*q->issuer_name));
2783     if (q->issuer_name == NULL)
2784 	return ENOMEM;
2785     ret = copy_Name(issuer, q->issuer_name);
2786     if (ret) {
2787 	free(q->issuer_name);
2788 	q->issuer_name = NULL;
2789 	return ret;
2790     }
2791     q->match |= HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
2792     return 0;
2793 }
2794 
2795 /**
2796  * Set the query controller to match on a friendly name
2797  *
2798  * @param q a hx509 query controller.
2799  * @param name a friendly name to match on
2800  *
2801  * @return An hx509 error code, see hx509_get_error_string().
2802  *
2803  * @ingroup hx509_cert
2804  */
2805 
2806 int
2807 hx509_query_match_friendly_name(hx509_query *q, const char *name)
2808 {
2809     if (q->friendlyname)
2810 	free(q->friendlyname);
2811     q->friendlyname = strdup(name);
2812     if (q->friendlyname == NULL)
2813 	return ENOMEM;
2814     q->match |= HX509_QUERY_MATCH_FRIENDLY_NAME;
2815     return 0;
2816 }
2817 
2818 /**
2819  * Set the query controller to require an one specific EKU (extended
2820  * key usage). Any previous EKU matching is overwitten. If NULL is
2821  * passed in as the eku, the EKU requirement is reset.
2822  *
2823  * @param q a hx509 query controller.
2824  * @param eku an EKU to match on.
2825  *
2826  * @return An hx509 error code, see hx509_get_error_string().
2827  *
2828  * @ingroup hx509_cert
2829  */
2830 
2831 int
2832 hx509_query_match_eku(hx509_query *q, const heim_oid *eku)
2833 {
2834     int ret;
2835 
2836     if (eku == NULL) {
2837 	if (q->eku) {
2838 	    der_free_oid(q->eku);
2839 	    free(q->eku);
2840 	    q->eku = NULL;
2841 	}
2842 	q->match &= ~HX509_QUERY_MATCH_EKU;
2843     } else {
2844 	if (q->eku) {
2845 	    der_free_oid(q->eku);
2846 	} else {
2847 	    q->eku = calloc(1, sizeof(*q->eku));
2848 	    if (q->eku == NULL)
2849 		return ENOMEM;
2850 	}
2851 	ret = der_copy_oid(eku, q->eku);
2852 	if (ret) {
2853 	    free(q->eku);
2854 	    q->eku = NULL;
2855 	    return ret;
2856 	}
2857 	q->match |= HX509_QUERY_MATCH_EKU;
2858     }
2859     return 0;
2860 }
2861 
2862 int
2863 hx509_query_match_expr(hx509_context context, hx509_query *q, const char *expr)
2864 {
2865     if (q->expr) {
2866 	_hx509_expr_free(q->expr);
2867 	q->expr = NULL;
2868     }
2869 
2870     if (expr == NULL) {
2871 	q->match &= ~HX509_QUERY_MATCH_EXPR;
2872     } else {
2873 	q->expr = _hx509_expr_parse(expr);
2874 	if (q->expr)
2875 	    q->match |= HX509_QUERY_MATCH_EXPR;
2876     }
2877 
2878     return 0;
2879 }
2880 
2881 /**
2882  * Set the query controller to match using a specific match function.
2883  *
2884  * @param q a hx509 query controller.
2885  * @param func function to use for matching, if the argument is NULL,
2886  * the match function is removed.
2887  * @param ctx context passed to the function.
2888  *
2889  * @return An hx509 error code, see hx509_get_error_string().
2890  *
2891  * @ingroup hx509_cert
2892  */
2893 
2894 int
2895 hx509_query_match_cmp_func(hx509_query *q,
2896 			   int (*func)(hx509_context, hx509_cert, void *),
2897 			   void *ctx)
2898 {
2899     if (func)
2900 	q->match |= HX509_QUERY_MATCH_FUNCTION;
2901     else
2902 	q->match &= ~HX509_QUERY_MATCH_FUNCTION;
2903     q->cmp_func = func;
2904     q->cmp_func_ctx = ctx;
2905     return 0;
2906 }
2907 
2908 /**
2909  * Free the query controller.
2910  *
2911  * @param context A hx509 context.
2912  * @param q a pointer to the query controller.
2913  *
2914  * @ingroup hx509_cert
2915  */
2916 
2917 void
2918 hx509_query_free(hx509_context context, hx509_query *q)
2919 {
2920     if (q == NULL)
2921 	return;
2922 
2923     if (q->serial) {
2924 	der_free_heim_integer(q->serial);
2925 	free(q->serial);
2926     }
2927     if (q->issuer_name) {
2928 	free_Name(q->issuer_name);
2929 	free(q->issuer_name);
2930     }
2931     if (q->eku) {
2932 	der_free_oid(q->eku);
2933 	free(q->eku);
2934     }
2935     if (q->friendlyname)
2936 	free(q->friendlyname);
2937     if (q->expr)
2938 	_hx509_expr_free(q->expr);
2939 
2940     memset(q, 0, sizeof(*q));
2941     free(q);
2942 }
2943 
2944 int
2945 _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert)
2946 {
2947     Certificate *c = _hx509_get_cert(cert);
2948     int ret, diff;
2949 
2950     _hx509_query_statistic(context, 1, q);
2951 
2952     if ((q->match & HX509_QUERY_FIND_ISSUER_CERT) &&
2953 	_hx509_cert_is_parent_cmp(q->subject, c, 0) != 0)
2954 	return 0;
2955 
2956     if ((q->match & HX509_QUERY_MATCH_CERTIFICATE) &&
2957 	_hx509_Certificate_cmp(q->certificate, c) != 0)
2958 	return 0;
2959 
2960     if ((q->match & HX509_QUERY_MATCH_SERIALNUMBER)
2961 	&& der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0)
2962 	return 0;
2963 
2964     if (q->match & HX509_QUERY_MATCH_ISSUER_NAME) {
2965 	ret = _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name, &diff);
2966 	if (ret || diff)
2967 	    return 0;
2968     }
2969 
2970     if (q->match & HX509_QUERY_MATCH_SUBJECT_NAME) {
2971 	ret = _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name, &diff);
2972 	if (ret || diff)
2973 	    return 0;
2974     }
2975 
2976     if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) {
2977 	SubjectKeyIdentifier si;
2978 
2979 	ret = _hx509_find_extension_subject_key_id(c, &si);
2980 	if (ret == 0) {
2981 	    if (der_heim_octet_string_cmp(&si, q->subject_id) != 0)
2982 		ret = 1;
2983 	    free_SubjectKeyIdentifier(&si);
2984 	}
2985 	if (ret)
2986 	    return 0;
2987     }
2988     if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
2989 	return 0;
2990     if ((q->match & HX509_QUERY_PRIVATE_KEY) &&
2991 	_hx509_cert_private_key(cert) == NULL)
2992 	return 0;
2993 
2994     {
2995 	unsigned ku = 0;
2996 	if (q->match & HX509_QUERY_KU_DIGITALSIGNATURE)
2997 	    ku |= (1 << 0);
2998 	if (q->match & HX509_QUERY_KU_NONREPUDIATION)
2999 	    ku |= (1 << 1);
3000 	if (q->match & HX509_QUERY_KU_ENCIPHERMENT)
3001 	    ku |= (1 << 2);
3002 	if (q->match & HX509_QUERY_KU_DATAENCIPHERMENT)
3003 	    ku |= (1 << 3);
3004 	if (q->match & HX509_QUERY_KU_KEYAGREEMENT)
3005 	    ku |= (1 << 4);
3006 	if (q->match & HX509_QUERY_KU_KEYCERTSIGN)
3007 	    ku |= (1 << 5);
3008 	if (q->match & HX509_QUERY_KU_CRLSIGN)
3009 	    ku |= (1 << 6);
3010 	if (ku && check_key_usage(context, c, ku, TRUE))
3011 	    return 0;
3012     }
3013     if ((q->match & HX509_QUERY_ANCHOR))
3014 	return 0;
3015 
3016     if (q->match & HX509_QUERY_MATCH_LOCAL_KEY_ID) {
3017 	hx509_cert_attribute a;
3018 
3019 	a = hx509_cert_get_attribute(cert, &asn1_oid_id_pkcs_9_at_localKeyId);
3020 	if (a == NULL)
3021 	    return 0;
3022 	if (der_heim_octet_string_cmp(&a->data, q->local_key_id) != 0)
3023 	    return 0;
3024     }
3025 
3026     if (q->match & HX509_QUERY_NO_MATCH_PATH) {
3027 	size_t i;
3028 
3029 	for (i = 0; i < q->path->len; i++)
3030 	    if (hx509_cert_cmp(q->path->val[i], cert) == 0)
3031 		return 0;
3032     }
3033     if (q->match & HX509_QUERY_MATCH_FRIENDLY_NAME) {
3034 	const char *name = hx509_cert_get_friendly_name(cert);
3035 	if (name == NULL)
3036 	    return 0;
3037 	if (strcasecmp(q->friendlyname, name) != 0)
3038 	    return 0;
3039     }
3040     if (q->match & HX509_QUERY_MATCH_FUNCTION) {
3041 	ret = (*q->cmp_func)(context, cert, q->cmp_func_ctx);
3042 	if (ret != 0)
3043 	    return 0;
3044     }
3045 
3046     if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) {
3047 	heim_octet_string os;
3048 
3049 	os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
3050 	os.length =
3051 	    c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
3052 
3053 	ret = _hx509_verify_signature(context,
3054 				      NULL,
3055 				      hx509_signature_sha1(),
3056 				      &os,
3057 				      q->keyhash_sha1);
3058 	if (ret != 0)
3059 	    return 0;
3060     }
3061 
3062     if (q->match & HX509_QUERY_MATCH_TIME) {
3063 	time_t t;
3064 	t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
3065 	if (t > q->timenow)
3066 	    return 0;
3067 	t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
3068 	if (t < q->timenow)
3069 	    return 0;
3070     }
3071 
3072     /* If an EKU is required, check the cert for it. */
3073     if ((q->match & HX509_QUERY_MATCH_EKU) &&
3074 	hx509_cert_check_eku(context, cert, q->eku, 0))
3075 	return 0;
3076 
3077     if ((q->match & HX509_QUERY_MATCH_EXPR)) {
3078 	hx509_env env = NULL;
3079 
3080 	ret = _hx509_cert_to_env(context, cert, &env);
3081 	if (ret)
3082 	    return 0;
3083 
3084 	ret = _hx509_expr_eval(context, env, q->expr);
3085 	hx509_env_free(&env);
3086 	if (ret == 0)
3087 	    return 0;
3088     }
3089 
3090     if (q->match & ~HX509_QUERY_MASK)
3091 	return 0;
3092 
3093     return 1;
3094 }
3095 
3096 /**
3097  * Set a statistic file for the query statistics.
3098  *
3099  * @param context A hx509 context.
3100  * @param fn statistics file name
3101  *
3102  * @ingroup hx509_cert
3103  */
3104 
3105 void
3106 hx509_query_statistic_file(hx509_context context, const char *fn)
3107 {
3108     if (context->querystat)
3109 	free(context->querystat);
3110     context->querystat = strdup(fn);
3111 }
3112 
3113 void
3114 _hx509_query_statistic(hx509_context context, int type, const hx509_query *q)
3115 {
3116     FILE *f;
3117     if (context->querystat == NULL)
3118 	return;
3119     f = fopen(context->querystat, "a");
3120     if (f == NULL)
3121 	return;
3122     rk_cloexec_file(f);
3123     fprintf(f, "%d %d\n", type, q->match);
3124     fclose(f);
3125 }
3126 
3127 static const char *statname[] = {
3128     "find issuer cert",
3129     "match serialnumber",
3130     "match issuer name",
3131     "match subject name",
3132     "match subject key id",
3133     "match issuer id",
3134     "private key",
3135     "ku encipherment",
3136     "ku digitalsignature",
3137     "ku keycertsign",
3138     "ku crlsign",
3139     "ku nonrepudiation",
3140     "ku keyagreement",
3141     "ku dataencipherment",
3142     "anchor",
3143     "match certificate",
3144     "match local key id",
3145     "no match path",
3146     "match friendly name",
3147     "match function",
3148     "match key hash sha1",
3149     "match time"
3150 };
3151 
3152 struct stat_el {
3153     unsigned long stats;
3154     unsigned int index;
3155 };
3156 
3157 
3158 static int
3159 stat_sort(const void *a, const void *b)
3160 {
3161     const struct stat_el *ae = a;
3162     const struct stat_el *be = b;
3163     return be->stats - ae->stats;
3164 }
3165 
3166 /**
3167  * Unparse the statistics file and print the result on a FILE descriptor.
3168  *
3169  * @param context A hx509 context.
3170  * @param printtype tyep to print
3171  * @param out the FILE to write the data on.
3172  *
3173  * @ingroup hx509_cert
3174  */
3175 
3176 void
3177 hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
3178 {
3179     rtbl_t t;
3180     FILE *f;
3181     int type, mask, num;
3182     size_t i;
3183     unsigned long multiqueries = 0, totalqueries = 0;
3184     struct stat_el stats[32];
3185 
3186     if (context->querystat == NULL)
3187 	return;
3188     f = fopen(context->querystat, "r");
3189     if (f == NULL) {
3190 	fprintf(out, "No statistic file %s: %s.\n",
3191 		context->querystat, strerror(errno));
3192 	return;
3193     }
3194     rk_cloexec_file(f);
3195 
3196     for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
3197 	stats[i].index = i;
3198 	stats[i].stats = 0;
3199     }
3200 
3201     while (fscanf(f, "%d %d\n", &type, &mask) == 2) {
3202 	if (type != printtype)
3203 	    continue;
3204 	num = i = 0;
3205 	while (mask && i < sizeof(stats)/sizeof(stats[0])) {
3206 	    if (mask & 1) {
3207 		stats[i].stats++;
3208 		num++;
3209 	    }
3210 	    mask = mask >>1 ;
3211 	    i++;
3212 	}
3213 	if (num > 1)
3214 	    multiqueries++;
3215 	totalqueries++;
3216     }
3217     fclose(f);
3218 
3219     qsort(stats, sizeof(stats)/sizeof(stats[0]), sizeof(stats[0]), stat_sort);
3220 
3221     t = rtbl_create();
3222     if (t == NULL)
3223 	errx(1, "out of memory");
3224 
3225     rtbl_set_separator (t, "  ");
3226 
3227     rtbl_add_column_by_id (t, 0, "Name", 0);
3228     rtbl_add_column_by_id (t, 1, "Counter", 0);
3229 
3230 
3231     for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
3232 	char str[10];
3233 
3234 	if (stats[i].index < sizeof(statname)/sizeof(statname[0]))
3235 	    rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]);
3236 	else {
3237 	    snprintf(str, sizeof(str), "%d", stats[i].index);
3238 	    rtbl_add_column_entry_by_id (t, 0, str);
3239 	}
3240 	snprintf(str, sizeof(str), "%lu", stats[i].stats);
3241 	rtbl_add_column_entry_by_id (t, 1, str);
3242     }
3243 
3244     rtbl_format(t, out);
3245     rtbl_destroy(t);
3246 
3247     fprintf(out, "\nQueries: multi %lu total %lu\n",
3248 	    multiqueries, totalqueries);
3249 }
3250 
3251 /**
3252  * Check the extended key usage on the hx509 certificate.
3253  *
3254  * @param context A hx509 context.
3255  * @param cert A hx509 context.
3256  * @param eku the EKU to check for
3257  * @param allow_any_eku if the any EKU is set, allow that to be a
3258  * substitute.
3259  *
3260  * @return An hx509 error code, see hx509_get_error_string().
3261  *
3262  * @ingroup hx509_cert
3263  */
3264 
3265 int
3266 hx509_cert_check_eku(hx509_context context, hx509_cert cert,
3267 		     const heim_oid *eku, int allow_any_eku)
3268 {
3269     ExtKeyUsage e;
3270     int ret;
3271     size_t i;
3272 
3273     ret = find_extension_eku(_hx509_get_cert(cert), &e);
3274     if (ret) {
3275 	hx509_clear_error_string(context);
3276 	return ret;
3277     }
3278 
3279     for (i = 0; i < e.len; i++) {
3280 	if (der_heim_oid_cmp(eku, &e.val[i]) == 0) {
3281 	    free_ExtKeyUsage(&e);
3282 	    return 0;
3283 	}
3284 	if (allow_any_eku) {
3285 #if 0
3286 	    if (der_heim_oid_cmp(id_any_eku, &e.val[i]) == 0) {
3287 		free_ExtKeyUsage(&e);
3288 		return 0;
3289 	    }
3290 #endif
3291 	}
3292     }
3293     free_ExtKeyUsage(&e);
3294     hx509_clear_error_string(context);
3295     return HX509_CERTIFICATE_MISSING_EKU;
3296 }
3297 
3298 int
3299 _hx509_cert_get_keyusage(hx509_context context,
3300 			 hx509_cert c,
3301 			 KeyUsage *ku)
3302 {
3303     Certificate *cert;
3304     const Extension *e;
3305     size_t size;
3306     int ret;
3307     size_t i = 0;
3308 
3309     memset(ku, 0, sizeof(*ku));
3310 
3311     cert = _hx509_get_cert(c);
3312 
3313     if (_hx509_cert_get_version(cert) < 3)
3314 	return 0;
3315 
3316     e = find_extension(cert, &asn1_oid_id_x509_ce_keyUsage, &i);
3317     if (e == NULL)
3318 	return HX509_KU_CERT_MISSING;
3319 
3320     ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size);
3321     if (ret)
3322 	return ret;
3323     return 0;
3324 }
3325 
3326 int
3327 _hx509_cert_get_eku(hx509_context context,
3328 		    hx509_cert cert,
3329 		    ExtKeyUsage *e)
3330 {
3331     int ret;
3332 
3333     memset(e, 0, sizeof(*e));
3334 
3335     ret = find_extension_eku(_hx509_get_cert(cert), e);
3336     if (ret && ret != HX509_EXTENSION_NOT_FOUND) {
3337 	hx509_clear_error_string(context);
3338 	return ret;
3339     }
3340     return 0;
3341 }
3342 
3343 /**
3344  * Encodes the hx509 certificate as a DER encode binary.
3345  *
3346  * @param context A hx509 context.
3347  * @param c the certificate to encode.
3348  * @param os the encode certificate, set to NULL, 0 on case of
3349  * error. Free the os->data with hx509_xfree().
3350  *
3351  * @return An hx509 error code, see hx509_get_error_string().
3352  *
3353  * @ingroup hx509_cert
3354  */
3355 
3356 int
3357 hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os)
3358 {
3359     size_t size;
3360     int ret;
3361 
3362     os->data = NULL;
3363     os->length = 0;
3364 
3365     ASN1_MALLOC_ENCODE(Certificate, os->data, os->length,
3366 		       _hx509_get_cert(c), &size, ret);
3367     if (ret) {
3368 	os->data = NULL;
3369 	os->length = 0;
3370 	return ret;
3371     }
3372     if (os->length != size)
3373 	_hx509_abort("internal ASN.1 encoder error");
3374 
3375     return ret;
3376 }
3377 
3378 /*
3379  * Last to avoid lost __attribute__s due to #undef.
3380  */
3381 
3382 #undef __attribute__
3383 #define __attribute__(X)
3384 
3385 void
3386 _hx509_abort(const char *fmt, ...)
3387      __attribute__ ((noreturn, format (printf, 1, 2)))
3388 {
3389     va_list ap;
3390     va_start(ap, fmt);
3391     vprintf(fmt, ap);
3392     va_end(ap);
3393     printf("\n");
3394     fflush(stdout);
3395     abort();
3396 }
3397 
3398 /**
3399  * Free a data element allocated in the library.
3400  *
3401  * @param ptr data to be freed.
3402  *
3403  * @ingroup hx509_misc
3404  */
3405 
3406 void
3407 hx509_xfree(void *ptr)
3408 {
3409     free(ptr);
3410 }
3411 
3412 /**
3413  *
3414  */
3415 
3416 int
3417 _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
3418 {
3419     ExtKeyUsage eku;
3420     hx509_name name;
3421     char *buf;
3422     int ret;
3423     hx509_env envcert = NULL;
3424 
3425     *env = NULL;
3426 
3427     /* version */
3428     asprintf(&buf, "%d", _hx509_cert_get_version(_hx509_get_cert(cert)));
3429     ret = hx509_env_add(context, &envcert, "version", buf);
3430     free(buf);
3431     if (ret)
3432 	goto out;
3433 
3434     /* subject */
3435     ret = hx509_cert_get_subject(cert, &name);
3436     if (ret)
3437 	goto out;
3438 
3439     ret = hx509_name_to_string(name, &buf);
3440     if (ret) {
3441 	hx509_name_free(&name);
3442 	goto out;
3443     }
3444 
3445     ret = hx509_env_add(context, &envcert, "subject", buf);
3446     hx509_name_free(&name);
3447     if (ret)
3448 	goto out;
3449 
3450     /* issuer */
3451     ret = hx509_cert_get_issuer(cert, &name);
3452     if (ret)
3453 	goto out;
3454 
3455     ret = hx509_name_to_string(name, &buf);
3456     hx509_name_free(&name);
3457     if (ret)
3458 	goto out;
3459 
3460     ret = hx509_env_add(context, &envcert, "issuer", buf);
3461     hx509_xfree(buf);
3462     if (ret)
3463 	goto out;
3464 
3465     /* eku */
3466 
3467     ret = _hx509_cert_get_eku(context, cert, &eku);
3468     if (ret == HX509_EXTENSION_NOT_FOUND)
3469 	;
3470     else if (ret != 0)
3471 	goto out;
3472     else {
3473 	size_t i;
3474 	hx509_env enveku = NULL;
3475 
3476 	for (i = 0; i < eku.len; i++) {
3477 
3478 	    ret = der_print_heim_oid(&eku.val[i], '.', &buf);
3479 	    if (ret) {
3480 		free_ExtKeyUsage(&eku);
3481 		hx509_env_free(&enveku);
3482 		goto out;
3483 	    }
3484 	    ret = hx509_env_add(context, &enveku, buf, "oid-name-here");
3485 	    free(buf);
3486 	    if (ret) {
3487 		free_ExtKeyUsage(&eku);
3488 		hx509_env_free(&enveku);
3489 		goto out;
3490 	    }
3491 	}
3492 	free_ExtKeyUsage(&eku);
3493 
3494 	ret = hx509_env_add_binding(context, &envcert, "eku", enveku);
3495 	if (ret) {
3496 	    hx509_env_free(&enveku);
3497 	    goto out;
3498 	}
3499     }
3500 
3501     {
3502 	Certificate *c = _hx509_get_cert(cert);
3503         heim_octet_string os, sig;
3504 	hx509_env envhash = NULL;
3505 
3506 	os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
3507 	os.length =
3508 	  c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
3509 
3510 	ret = _hx509_create_signature(context,
3511 				      NULL,
3512 				      hx509_signature_sha1(),
3513 				      &os,
3514 				      NULL,
3515 				      &sig);
3516 	if (ret != 0)
3517 	    goto out;
3518 
3519 	ret = hex_encode(sig.data, sig.length, &buf);
3520 	der_free_octet_string(&sig);
3521 	if (ret < 0) {
3522 	    ret = ENOMEM;
3523 	    hx509_set_error_string(context, 0, ret,
3524 				   "Out of memory");
3525 	    goto out;
3526 	}
3527 
3528 	ret = hx509_env_add(context, &envhash, "sha1", buf);
3529 	free(buf);
3530 	if (ret)
3531 	    goto out;
3532 
3533 	ret = hx509_env_add_binding(context, &envcert, "hash", envhash);
3534 	if (ret) {
3535 	  hx509_env_free(&envhash);
3536 	  goto out;
3537 	}
3538     }
3539 
3540     ret = hx509_env_add_binding(context, env, "certificate", envcert);
3541     if (ret)
3542 	goto out;
3543 
3544     return 0;
3545 
3546 out:
3547     hx509_env_free(&envcert);
3548     return ret;
3549 }
3550 
3551 /**
3552  * Print a simple representation of a certificate
3553  *
3554  * @param context A hx509 context, can be NULL
3555  * @param cert certificate to print
3556  * @param out the stdio output stream, if NULL, stdout is used
3557  *
3558  * @return An hx509 error code
3559  *
3560  * @ingroup hx509_cert
3561  */
3562 
3563 int
3564 hx509_print_cert(hx509_context context, hx509_cert cert, FILE *out)
3565 {
3566     hx509_name name;
3567     char *str;
3568     int ret;
3569 
3570     if (out == NULL)
3571 	out = stderr;
3572 
3573     ret = hx509_cert_get_issuer(cert, &name);
3574     if (ret)
3575 	return ret;
3576     hx509_name_to_string(name, &str);
3577     hx509_name_free(&name);
3578     fprintf(out, "    issuer:  \"%s\"\n", str);
3579     free(str);
3580 
3581     ret = hx509_cert_get_subject(cert, &name);
3582     if (ret)
3583 	return ret;
3584     hx509_name_to_string(name, &str);
3585     hx509_name_free(&name);
3586     fprintf(out, "    subject: \"%s\"\n", str);
3587     free(str);
3588 
3589     {
3590 	heim_integer serialNumber;
3591 
3592 	ret = hx509_cert_get_serialnumber(cert, &serialNumber);
3593 	if (ret)
3594 	    return ret;
3595 	ret = der_print_hex_heim_integer(&serialNumber, &str);
3596 	if (ret)
3597 	    return ret;
3598 	der_free_heim_integer(&serialNumber);
3599 	fprintf(out, "    serial: %s\n", str);
3600 	free(str);
3601     }
3602 
3603     printf("    keyusage: ");
3604     ret = hx509_cert_keyusage_print(context, cert, &str);
3605     if (ret == 0) {
3606 	fprintf(out, "%s\n", str);
3607 	free(str);
3608     } else
3609 	fprintf(out, "no");
3610 
3611     return 0;
3612 }
3613