libkmf/common/certgetsetop.c

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * or http://www.opensolaris.org/os/licensing.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll *
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <stdio.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <link.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <fcntl.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ctype.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/param.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/types.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/stat.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <errno.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/socket.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <netinet/in.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <arpa/inet.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ber_der.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapiP.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <libgen.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <cryptoutil.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscopy_data(KMF_DATA *dst, KMF_DATA *src)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (dst == NULL || src == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll    if (src->Length == 0) {
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll        dst->Length = 0;
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll        dst->Data = NULL;
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll        src->Data = NULL;
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll        return (ret);
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll    }
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dst->Data = malloc(src->Length);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (dst->Data == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dst->Length = src->Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memcpy(dst->Data, src->Data, src->Length);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
448b8615fe9e8af757530284920a235430ead7e8wyllysKMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscopy_extension_data(KMF_X509_EXTENSION *dstext,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION *srcext)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (dstext == NULL || srcext == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(dstext, 0, sizeof (KMF_X509_EXTENSION));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = copy_data(&dstext->extnId, &srcext->extnId);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto cleanup;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dstext->extnId.Length = srcext->extnId.Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dstext->critical = srcext->critical;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dstext->format = srcext->format;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = copy_data(&dstext->BERvalue, &srcext->BERvalue);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto cleanup;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dstext->value.tagAndValue = malloc(sizeof (KMF_X509EXT_TAGandVALUE));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (dstext->value.tagAndValue == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto cleanup;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(dstext->value.tagAndValue, 0,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (KMF_X509EXT_TAGandVALUE));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = copy_data(&dstext->value.tagAndValue->value,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &srcext->value.tagAndValue->value);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto cleanup;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    dstext->value.tagAndValue->type = srcext->value.tagAndValue->type;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscleanup:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (dstext->extnId.Data != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_data(&dstext->extnId);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (dstext->BERvalue.Data != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_data(&dstext->BERvalue);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (dstext->value.tagAndValue->value.Data == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_data(&dstext->value.tagAndValue->value);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Given a block of DER encoded X.509 certificate data and
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * an OID for the desired extension, this routine will
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * parse the cert data and return the data associated with
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * the extension if it is found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * RETURNS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   KMF_OK - if extension found and copied OK.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   KMF_ERR_EXTENSION_NOT_FOUND - extension not found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   parsing and memory allocation errors are also possible.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_extn(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_OID *extoid, KMF_X509_EXTENSION *extdata)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_CERTIFICATE *cert = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION *eptr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i, found = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || extoid == NULL || extdata == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = DerDecodeSignedCertificate(certdata, &cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    if (cert->certificate.extensions.numberOfExtensions == 0) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys        goto end;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset((void *)extdata, 0, sizeof (KMF_X509_EXTENSION));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    for (i = 0; !found &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        i < cert->certificate.extensions.numberOfExtensions;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        eptr = &cert->certificate.extensions.extensions[i];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (IsEqualOid(extoid, &eptr->extnId)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = copy_extension_data(extdata, eptr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            found++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (!found)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_EXTENSION_NOT_FOUND;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (cert != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_signed_cert(cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Given a block of DER encoded X.509 certificate data and
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * a "crit/non-crit/all" flag, search the extensions and
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * return the OIDs for critical, non-critical or all extensions.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * RETURNS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   KMF_OK - if extension found and copied OK.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   parsing and memory allocation errors are also possible.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   OIDlist - array of KMF_OID records, allocated
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *             by this function.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   NumOIDs - number of critical extensions found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_extns(const KMF_DATA *certdata, KMF_FLAG_CERT_EXTN flag,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION **extlist, int *nextns)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_CERTIFICATE *cert;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION *eptr, *elist;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || extlist == NULL || nextns == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (flag < KMF_ALL_EXTNS || flag > KMF_NONCRITICAL_EXTNS)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *nextns = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *extlist = elist = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = DerDecodeSignedCertificate(certdata, &cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (cert->certificate.extensions.numberOfExtensions == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_EXTENSION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    for (i = 0; i < cert->certificate.extensions.numberOfExtensions;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        eptr = &cert->certificate.extensions.extensions[i];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (flag == KMF_CRITICAL_EXTNS && eptr->critical == 0)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            continue;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        else if (flag == KMF_NONCRITICAL_EXTNS && eptr->critical != 0)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            continue;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (*nextns)++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        elist = realloc(elist, sizeof (KMF_X509_EXTENSION) *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (*nextns));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (elist == NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            ret = KMF_ERR_MEMORY;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        ret = copy_extension_data(&elist[(*nextns) - 1], eptr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (ret != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_signed_cert(cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    free(cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (elist != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(elist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            elist = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *nextns = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    /*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     * If the flag is not all, then it is possible that we did not find
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     * any critical or non_critical extensions.  When that happened,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     * return KMF_ERR_EXTENSION_NOT_FOUND.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (flag != KMF_ALL_EXTNS && ret == KMF_OK && *nextns == 0)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        ret = KMF_ERR_EXTENSION_NOT_FOUND;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    *extlist = elist;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If the given certificate data (X.509 DER encoded data)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * contains the Key Usage extension, parse that
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * data and return it in the KMF_X509EXT_BASICCONSTRAINTS
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * RETURNS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_OK - success
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_BAD_PARAMETER - input data was bad.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_EXTENSION_NOT_FOUND - extension not found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_ku(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_KEY_USAGE *keyusage)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || keyusage == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (extn));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Check standard KeyUsage bits
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_extn(certdata, (KMF_OID *)&KMFOID_KeyUsage, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    keyusage->critical = (extn.critical != 0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (extn.value.tagAndValue->value.Length > 1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        keyusage->KeyUsageBits =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            extn.value.tagAndValue->value.Data[1] << 8;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else  {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        keyusage->KeyUsageBits = extn.value.tagAndValue->value.Data[0];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_extn(&extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllysKMF_BOOL
d00756ccb34596a328f8a15d1965da5412d366d0wyllysis_eku_present(KMF_X509EXT_EKU *ekuptr, KMF_OID *ekuoid)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ekuptr == NULL || ekuoid == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    for (i = 0; i < ekuptr->nEKUs; i++)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (IsEqualOid(&ekuptr->keyPurposeIdList[i], ekuoid))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllysKMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysparse_eku_data(const KMF_DATA *asn1data, KMF_X509EXT_EKU *ekuptr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue exdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_OID oid;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Decode the ASN.1 data for the extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_val = (char *)asn1data->Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_len = asn1data->Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_init(&exdata)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (kmfber_first_element(asn1, &size, &end) != BER_OBJECT_IDENTIFIER) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Count the number of EKU OIDs and store in
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * the array.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while (kmfber_next_element(asn1, &size, end) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        BER_OBJECT_IDENTIFIER) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Skip over the CONSTRUCTED SET tag */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "D", &oid) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ekuptr->nEKUs++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ekuptr->keyPurposeIdList = realloc(ekuptr->keyPurposeIdList,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            ekuptr->nEKUs * sizeof (KMF_OID));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (ekuptr->keyPurposeIdList == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ekuptr->keyPurposeIdList[ekuptr->nEKUs - 1] = oid;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (ekuptr->keyPurposeIdList != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free_keyidlist(ekuptr->keyPurposeIdList, ekuptr->nEKUs);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ekuptr->keyPurposeIdList = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ekuptr->critical = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_eku(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_EKU *ekuptr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || ekuptr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (KMF_X509_EXTENSION));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ekuptr->nEKUs = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ekuptr->keyPurposeIdList = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ekuptr->critical = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_extn(certdata,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_ExtendedKeyUsage, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = parse_eku_data(&extn.BERvalue, ekuptr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_extn(&extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If the given certificate data (X.509 DER encoded data)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * contains the Basic Constraints extension, parse that
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * data and return it in the KMF_X509EXT_BASICCONSTRAINTS
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * RETURNS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_OK - success
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_BAD_PARAMETER - input data was bad.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_EXTENSION_NOT_FOUND - extension not found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_basic_constraint(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BOOL *critical, KMF_X509EXT_BASICCONSTRAINTS *constraint)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue exdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int tag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || constraint == NULL || critical == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (KMF_X509_EXTENSION));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_extn(certdata,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_BasicConstraints, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *critical = (extn.critical != 0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_val = (char *)extn.value.tagAndValue->value.Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_len = extn.value.tagAndValue->value.Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_init(&exdata)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_scanf(asn1, "b", &constraint->cA) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    constraint->pathLenConstraintPresent = KMF_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tag == BER_INTEGER) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "i",
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &constraint->pathLenConstraint) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        constraint->pathLenConstraintPresent = KMF_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_extn(&extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_X509EXT_POLICYQUALIFIERINFO *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysget_pqinfo(BerElement *asn1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_POLICYQUALIFIERINFO *pqinfo = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int tag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Policy Qualifiers may be a list of sequences.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * PolicyInformation ::= SEQUENCE {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  policyIdentifier   CertPolicyId,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  policyQualifiers   SEQUENCE SIZE (1..MAX) OF
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *          PolicyQualifierInfo OPTIONAL
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * PolicyQualifierInfo ::= SEQUENCE {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  policyQualifierId  PolicyQualifierId,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  qualifier     ANY DEFINED BY policyQualifierId
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * We already got the CertPolicyId, we just need to
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * find all of the policyQualifiers in the set.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Mark the first element of the SEQUENCE and reset the end ptr
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * so the ber/der code knows when to stop looking.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((tag = kmfber_first_element(asn1, &size, &end)) !=
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* We found a sequence, loop until done */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while ((tag = kmfber_next_element(asn1, &size, end)) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Skip over the CONSTRUCTED SET tag */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "T", &tag) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * Allocate memory for the Policy Qualifier Info
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        pqinfo = malloc(sizeof (KMF_X509EXT_POLICYQUALIFIERINFO));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (pqinfo == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset((void *)pqinfo, 0,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_X509EXT_POLICYQUALIFIERINFO));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * Read the PolicyQualifier OID
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "D",
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &pqinfo->policyQualifierId) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * The OID of the policyQualifierId determines what
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * sort of data comes next.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (IsEqualOid(&pqinfo->policyQualifierId,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (KMF_OID *)&KMFOID_PKIX_PQ_CPSuri)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             * CPS uri must be an IA5STRING
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "tl", &tag, &size) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMFBER_DEFAULT || tag != BER_IA5STRING ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                size == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if ((pqinfo->value.Data = malloc(size)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "s", pqinfo->value.Data,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                &pqinfo->value.Length) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        } else if (IsEqualOid(&pqinfo->policyQualifierId,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (KMF_OID *)&KMFOID_PKIX_PQ_Unotice)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "tl", &tag, &size) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMFBER_DEFAULT ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                tag != BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             * For now, just copy the while UserNotice ASN.1
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             * blob into the pqinfo data record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             * TBD - parse it into individual fields.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if ((pqinfo->value.Data = malloc(size)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "s", pqinfo->value.Data,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                &pqinfo->value.Length) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (pqinfo != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_data(&pqinfo->value);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_data(&pqinfo->policyQualifierId);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(pqinfo);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            pqinfo = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (pqinfo);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If the given certificate data (X.509 DER encoded data)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * contains the Certificate Policies extension, parse that
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * data and return it in the KMF_X509EXT_CERT_POLICIES
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * RETURNS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_OK - success
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_BAD_PARAMETER - input data was bad.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_EXTENSION_NOT_FOUND - extension not found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  parsing and memory allocation errors are also possible.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_policies(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BOOL *critical, KMF_X509EXT_CERT_POLICIES *extptr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_POLICYINFO  *pinfo;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_POLICYQUALIFIERINFO *pqinfo;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue exdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int tag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || critical == NULL || extptr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (extn));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_extn(certdata,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_CertificatePolicies, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *critical = (extn.critical != 0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Decode the ASN.1 data for the extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_val = (char *)extn.BERvalue.Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_len = extn.BERvalue.Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset((void *)extptr, 0, sizeof (KMF_X509EXT_CERT_POLICIES));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_init(&exdata)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((tag = kmfber_first_element(asn1, &size, &end)) !=
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Collect all of the PolicyInformation SEQUENCES
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * PolicyInformation ::= SEQUENCE {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  policyIdentifier   CertPolicyId,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  policyQualifiers   SEQUENCE SIZE (1..MAX) OF
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *          PolicyQualifierInfo OPTIONAL
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Loop over the SEQUENCES of PolicyInfo
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while ((tag = kmfber_next_element(asn1, &size, end)) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Skip over the CONSTRUCTED SET tag */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "T", &tag) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        pinfo = malloc(sizeof (KMF_X509EXT_POLICYINFO));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (pinfo == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset((void *)pinfo, 0,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_X509EXT_POLICYINFO));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * Decode the PolicyInformation SEQUENCE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if ((tag = kmfber_scanf(asn1, "D",
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &pinfo->policyIdentifier)) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * Gather all of the associated PolicyQualifierInfo recs
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        pqinfo = get_pqinfo(asn1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (pqinfo != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            int cnt =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                pinfo->policyQualifiers.numberOfPolicyQualifiers;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cnt++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            pinfo->policyQualifiers.policyQualifier = realloc(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                pinfo->policyQualifiers.policyQualifier,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                cnt * sizeof (KMF_X509EXT_POLICYQUALIFIERINFO));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (pinfo->policyQualifiers.policyQualifier == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            pinfo->policyQualifiers.numberOfPolicyQualifiers = cnt;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            pinfo->policyQualifiers.policyQualifier[cnt-1] =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                *pqinfo;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(pqinfo);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        extptr->numberOfPolicyInfo++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        extptr->policyInfo = realloc(extptr->policyInfo,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            extptr->numberOfPolicyInfo *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_X509EXT_POLICYINFO));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (extptr->policyInfo == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        extptr->policyInfo[extptr->numberOfPolicyInfo-1] = *pinfo;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(pinfo);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_extn(&extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If the given certificate data (X.509 DER encoded data)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * contains the Authority Information Access extension, parse that
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * data and return it in the KMF_X509EXT_AUTHINFOACCESS
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * RETURNS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_OK - success
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_BAD_PARAMETER - input data was bad.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  KMF_ERR_EXTENSION_NOT_FOUND - extension not found.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_auth_info_access(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_AUTHINFOACCESS *aia)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue exdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int tag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_ACCESSDESC *access_info = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || aia == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (KMF_X509_EXTENSION));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_extn(certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (KMF_OID *)&KMFOID_AuthorityInfoAccess, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Decode the ASN.1 data for the extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_val = (char *)extn.BERvalue.Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_len = extn.BERvalue.Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset((void *)aia, 0, sizeof (KMF_X509EXT_AUTHINFOACCESS));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_init(&exdata)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * AuthorityInfoAccessSyntax  ::=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  SEQUENCE SIZE (1..MAX) OF AccessDescription
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((tag = kmfber_first_element(asn1, &size, &end)) !=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * AccessDescription  ::=  SEQUENCE {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  accessMethod    OBJECT IDENTIFIER,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  accessLocation  GeneralName  }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while ((tag = kmfber_next_element(asn1, &size, end)) ==
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Skip over the CONSTRUCTED SET tag */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "T", &tag) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        access_info = malloc(sizeof (KMF_X509EXT_ACCESSDESC));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (access_info == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset((void *)access_info, 0,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            sizeof (KMF_X509EXT_ACCESSDESC));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * Read the AccessMethod OID
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "D",
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &access_info->AccessMethod) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * The OID of the AccessMethod determines what
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * sort of data comes next.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (IsEqualOid(&access_info->AccessMethod,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (KMF_OID *)&KMFOID_PkixAdOcsp)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "tl", &tag, &size) ==
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                KMFBER_DEFAULT || size == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             * OCSP uri must be an IA5STRING or a GENNAME_URI
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             * with an implicit tag.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys             */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (tag != BER_IA5STRING &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                tag != (0x80 | GENNAME_URI)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if ((access_info->AccessLocation.Data =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                malloc(size)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "s",
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                access_info->AccessLocation.Data,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                &access_info->AccessLocation.Length) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        } else if (IsEqualOid(&access_info->AccessMethod,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (KMF_OID *)&KMFOID_PkixAdCaIssuers)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* will be supported later with PKIX */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(access_info);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            access_info = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            continue;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        aia->numberOfAccessDescription++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        aia->AccessDesc = realloc(aia->AccessDesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            aia->numberOfAccessDescription *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            sizeof (KMF_X509EXT_ACCESSDESC));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (aia->AccessDesc == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        aia->AccessDesc[aia->numberOfAccessDescription-1] =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            *access_info;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(access_info);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        access_info = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_extn(&extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (access_info != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(access_info);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function parses the name portion of a der-encoded distribution point
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * returns it in the KMF_CRL_DIST_POINT record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The "DistributionPointName" syntax is
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   DistributionPointName ::= CHOICE {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  fullName                [0]     GeneralNames,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *  nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GerneralName
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Note: for phase 1, we support fullName only.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysparse_dp_name(char *dp_der_code, int dp_der_size, KMF_CRL_DIST_POINT *dp)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *url = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue ber_data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int tag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_GENERALNAMES *fullname;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (dp_der_code == NULL || dp_der_size == 0 || dp == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_data.bv_val = dp_der_code;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_data.bv_len = dp_der_size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_init(&ber_data)) == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_CERT_FORMAT);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tag = kmfber_first_element(asn1, &size, &end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tag != 0xA0 && tag != 0xA1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tag == 0xA0) { /* fullName */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        dp->type = DP_GENERAL_NAME;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fullname = &(dp->name.full_name);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fullname->number = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Skip over the explicit tag and size */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) kmfber_scanf(asn1, "T", &tag);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        while (tag != KMFBER_DEFAULT &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            tag != KMFBER_END_OF_SEQORSET) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "tl", &tag, &size) ==
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                KMFBER_DEFAULT || size == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* For phase 1, we are interested in a URI name only */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (tag != (0x80 | GENNAME_URI)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                continue;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if ((url = malloc(size)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* Skip type and len, then read url and save it. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_read(asn1, url, 2) != 2) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_read(asn1, url, size) !=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                (ber_slen_t)size) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fullname->number++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fullname->namelist = realloc(fullname->namelist,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                fullname->number * sizeof (KMF_GENERALNAME));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (fullname->namelist == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fullname->namelist[fullname->number - 1].choice =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                GENNAME_URI;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fullname->namelist[fullname->number - 1].name.Length =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fullname->namelist[fullname->number - 1].name.Data =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                (unsigned char *)url;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* next */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (tag == 0xA1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* "nameRelativeToCRLIssuer" is not supported at phase 1. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free_dp_name(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK && fullname->number == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_EXTENSION_NOT_FOUND;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (url != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(url);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function retrieves the CRL Distribution Points extension data from
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * a DER encoded certificate if it contains this extension, parses the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * extension data, and returns it in the KMF_X509EXT_CRLDISTPOINTS record.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_crl_dist_pts(const KMF_DATA *certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_CRLDISTPOINTS *crl_dps)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue exdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ber_len_t size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *end = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int tag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CRL_DIST_POINT *dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certdata == NULL || crl_dps == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Get the ASN.1 data for this extension. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (KMF_X509_EXTENSION));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_extn(certdata,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (KMF_OID *)&KMFOID_CrlDistributionPoints, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Decode the CRLDistributionPoints ASN.1 data. The Syntax for
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * CRLDistributionPoints is
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * CRLDistributionPoints ::=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  SEQUENCE SIZE (1..MAX) OF DistributionPoint
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * DistributionPoint ::= SEQUENCE {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  distributionPoint   [0] DistributionPointName OPTIONAL,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  reasons         [1] ReasonFlags OPTIONAL,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *  cRLIssuer       [2] GeneralNames OPTIONAL }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_val = (char *)extn.BERvalue.Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exdata.bv_len = extn.BERvalue.Length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_init(&exdata)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((tag = kmfber_first_element(asn1, &size, &end)) !=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset((void *)crl_dps, 0, sizeof (KMF_X509EXT_CRLDISTPOINTS));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while ((tag = kmfber_next_element(asn1, &size, end)) ==
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        BER_CONSTRUCTED_SEQUENCE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        boolean_t has_name = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        boolean_t has_issuer = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Skip over the CONSTRUCTED SET tag */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_scanf(asn1, "T", &tag) == KMFBER_DEFAULT) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tag != 0xA0 && tag != 0xA1 && tag != 0xA2)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if ((dp = malloc(sizeof (KMF_CRL_DIST_POINT))) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset((void *)dp, 0, sizeof (KMF_CRL_DIST_POINT));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tag == 0xA0) { /* distributionPoint Name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            char *name_der;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            int name_size = size + 2;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if ((name_der = malloc(name_size)) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_read(asn1, name_der, name_size) !=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                (ber_slen_t)(name_size)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(name_der);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            has_name = B_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = parse_dp_name(name_der, name_size, dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(name_der);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* next field */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tag == 0XA1) { /* reasons */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            char *bit_string;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            int len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_scanf(asn1, "B", &bit_string, &len) !=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                BER_BIT_STRING) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            dp->reasons.Length = len / 8;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if ((dp->reasons.Data = malloc(dp->reasons.Length)) ==
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) memcpy(dp->reasons.Data, (uchar_t *)bit_string,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp->reasons.Length);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* next field */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            tag = kmfber_next_element(asn1, &size, end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tag == 0XA2) { /* cRLIssuer */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            char *issuer_der = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            int issuer_size;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* For cRLIssuer, read the data only at phase 1 */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            issuer_size = size + 2;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            issuer_der = malloc(issuer_size);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (issuer_der == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfber_read(asn1, issuer_der, issuer_size) !=
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                (ber_slen_t)(issuer_size)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(issuer_der);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            has_issuer = B_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(issuer_der);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* A distribution point cannot have a "reasons" field only. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (has_name == B_FALSE && has_issuer == B_FALSE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free_dp(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * Although it is legal that a distributioon point contains
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * a cRLIssuer field only, with or without "reasons", we will
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * skip it if the name field is not presented for phase 1.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (has_name == B_FALSE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free_dp(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            crl_dps->number++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            crl_dps->dplist = realloc(crl_dps->dplist,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                crl_dps->number * sizeof (KMF_CRL_DIST_POINT));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (crl_dps->dplist == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free_dp(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            crl_dps->dplist[crl_dps->number - 1] = *dp;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* free the dp itself since we just used its contents */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (dp != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(dp);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            dp = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_extn(&extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        for (i = 0; i < crl_dps->number; i++)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free_dp(&(crl_dps->dplist[i]));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(crl_dps->dplist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK && crl_dps->number == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_BAD_CERT_FORMAT;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_CertGetPrintable(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PRINTABLE_ITEM flag, char *resultStr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN (*getPrintableFn)(void *, const KMF_DATA *,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_PRINTABLE_ITEM, char *);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (SignedCert == NULL || resultStr == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * This framework function is actually implemented in the openssl
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * plugin library, so we find the function address and call it.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (plugin == NULL || plugin->dldesc == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    getPrintableFn = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "OpenSSL_CertGetPrintable");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (getPrintableFn == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (getPrintableFn(handle, SignedCert, flag, resultStr));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_version_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_VERSION,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_subject_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_SUBJECT,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_issuer_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_ISSUER,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_serial_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_SERIALNUM,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_start_date_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_NOTBEFORE,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_end_date_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_NOTAFTER,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_pubkey_alg_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_PUBKEY_ALG,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_sig_alg_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_SIGNATURE_ALG,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_pubkey_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_PUBKEY_DATA,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_email_str(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = KMF_CertGetPrintable(handle, SignedCert, KMF_CERT_EMAIL, tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Given a certificate (DER Encoded data) and a KMF
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * extension identifier constant (e.g. KMF_X509_EXT_*),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * return a human readable interpretation of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * extension data.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The string will be a maximum of KMF_CERT_PRINTABLE_LEN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * bytes long.  The string is allocated locally and
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * must be freed by the caller.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_extn_str(KMF_HANDLE_T handle, const KMF_DATA *cert,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PRINTABLE_ITEM extension, char **result)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (cert == NULL || result == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    tmpstr = malloc(KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tmpstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, KMF_CERT_PRINTABLE_LEN);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = KMF_CertGetPrintable(handle, cert, extension, tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = tmpstr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        *result = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_id_data(const KMF_DATA *SignedCert, KMF_DATA *ID)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_CERTIFICATE *cert = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || ID == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = DerDecodeSignedCertificate(SignedCert, &cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = GetIDFromSPKI(&cert->certificate.subjectPublicKeyInfo, ID);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_signed_cert(cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    free(cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_id_str(const KMF_DATA *SignedCert, char **idstr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_DATA ID = { 0, NULL };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char tmpstr[256];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (SignedCert == NULL || idstr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_cert_id_data(SignedCert, &ID);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_data(&ID);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(tmpstr, 0, sizeof (tmpstr));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    for (i = 0; i < ID.Length; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        int len = strlen(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) snprintf(&tmpstr[len], sizeof (tmpstr) -  len,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "%02x", (uchar_t)ID.Data[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if ((i+1) < ID.Length)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) strcat(tmpstr, ":");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *idstr = strdup(tmpstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((*idstr) == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_data(&ID);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function gets the time_t values of the notbefore and notafter dates
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * from a der-encoded certificate.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_cert_validity(const KMF_DATA *cert, time_t *not_before,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    time_t *not_after)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_CERTIFICATE *certData = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    struct tm tm_tmp;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    time_t t_notbefore;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    time_t t_notafter;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    unsigned char *not_before_str;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    unsigned char *not_after_str;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (cert == NULL || not_before == NULL || not_after == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = DerDecodeSignedCertificate(cert, &certData);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Get notBefore */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    not_before_str = certData->certificate.validity.notBefore.time.Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (strptime((const char *)not_before_str, "%y %m %d %H %M %S",
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        &tm_tmp) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ERR_VALIDITY_PERIOD;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    errno = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (((t_notbefore = mktime(&tm_tmp)) == (time_t)(-1)) &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        errno == EOVERFLOW) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ERR_VALIDITY_PERIOD;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *not_before = t_notbefore;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Get notAfter */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    not_after_str = certData->certificate.validity.notAfter.time.Data;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (strptime((const char *)not_after_str, "%y %m %d %H %M %S",
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        &tm_tmp) == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ERR_VALIDITY_PERIOD;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    errno = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (((t_notafter = mktime(&tm_tmp)) == (time_t)(-1)) &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        errno == EOVERFLOW) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ERR_VALIDITY_PERIOD;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    *not_after = t_notafter;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (certData != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_signed_cert(certData);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(certData);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_pubkey(KMF_HANDLE_T handle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE *KMFKey,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_CERTIFICATE *Cert)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_SPKI *spki_ptr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_DATA KeyData = { 0, NULL };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (KMFKey == NULL || Cert == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* The keystore must extract the pubkey data */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    plugin = FindPlugin(handle, KMFKey->kstype);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (plugin != NULL && plugin->funclist->EncodePubkeyData != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = plugin->funclist->EncodePubkeyData(handle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMFKey, &KeyData);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    spki_ptr = &Cert->certificate.subjectPublicKeyInfo;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (KeyData.Data != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = DerDecodeSPKI(&KeyData, spki_ptr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(KeyData.Data);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_subject(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_NAME *subject_name_ptr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
97732469ba455a24d7e12fc63faad3110ba70777haimay    KMF_RETURN rv = KMF_OK;
97732469ba455a24d7e12fc63faad3110ba70777haimay    KMF_X509_NAME *temp_name_ptr = NULL;
97732469ba455a24d7e12fc63faad3110ba70777haimay
97732469ba455a24d7e12fc63faad3110ba70777haimay    if (CertData != NULL && subject_name_ptr != NULL) {
97732469ba455a24d7e12fc63faad3110ba70777haimay        rv = CopyRDN(subject_name_ptr, &temp_name_ptr);
97732469ba455a24d7e12fc63faad3110ba70777haimay        if (rv == KMF_OK) {
97732469ba455a24d7e12fc63faad3110ba70777haimay            CertData->certificate.subject = *temp_name_ptr;
97732469ba455a24d7e12fc63faad3110ba70777haimay        }
97732469ba455a24d7e12fc63faad3110ba70777haimay    } else {
97732469ba455a24d7e12fc63faad3110ba70777haimay        return (KMF_ERR_BAD_PARAMETER);
97732469ba455a24d7e12fc63faad3110ba70777haimay    }
97732469ba455a24d7e12fc63faad3110ba70777haimay    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysset_key_usage_extension(KMF_X509_EXTENSIONS *extns,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int critical, uint32_t bits)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue *extdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int bitlen, i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    uint16_t kubits = (uint16_t)(bits & 0x0000ffff);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (extns == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (extn));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = copy_data(&extn.extnId, (KMF_OID *)&KMFOID_KeyUsage);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.critical = critical;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.format = KMF_X509_DATAFORMAT_ENCODED;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    for (i = 7; i <= 15 && !(kubits & (1 << i)); i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        /* empty body */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        ;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    bitlen = 16 - i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_alloc()) == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    kubits = htons(kubits);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_printf(asn1, "B", (char *)&kubits, bitlen) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_flatten(asn1, &extdata) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.BERvalue.Data = (uchar_t *)extdata->bv_val;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.BERvalue.Length = extdata->bv_len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    free(extdata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = add_an_extension(extns, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(extn.BERvalue.Data);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_ku(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int critical, uint16_t kubits)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = set_key_usage_extension(&CertData->certificate.extensions,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        critical, kubits);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_issuer(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_NAME *issuer_name_ptr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
97732469ba455a24d7e12fc63faad3110ba70777haimay
97732469ba455a24d7e12fc63faad3110ba70777haimay    KMF_RETURN rv = KMF_OK;
97732469ba455a24d7e12fc63faad3110ba70777haimay    KMF_X509_NAME *temp_name_ptr = NULL;
97732469ba455a24d7e12fc63faad3110ba70777haimay
97732469ba455a24d7e12fc63faad3110ba70777haimay    if (CertData != NULL && issuer_name_ptr != NULL) {
97732469ba455a24d7e12fc63faad3110ba70777haimay        rv = CopyRDN(issuer_name_ptr, &temp_name_ptr);
97732469ba455a24d7e12fc63faad3110ba70777haimay        if (rv == KMF_OK) {
97732469ba455a24d7e12fc63faad3110ba70777haimay            CertData->certificate.issuer = *temp_name_ptr;
97732469ba455a24d7e12fc63faad3110ba70777haimay        }
97732469ba455a24d7e12fc63faad3110ba70777haimay    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
97732469ba455a24d7e12fc63faad3110ba70777haimay    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
97732469ba455a24d7e12fc63faad3110ba70777haimay    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_ALGORITHM_INDEX sigAlg)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_OID *alg;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    alg = x509_algid_to_algoid(sigAlg);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (alg != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) copy_data((KMF_DATA *)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CertData->certificate.signature.algorithm,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (KMF_DATA *)alg);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) copy_data(&CertData->certificate.signature.parameters,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CertData->certificate.subjectPublicKeyInfo.algorithm.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parameters);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) copy_data(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CertData->signature.algorithmIdentifier.algorithm,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CertData->certificate.signature.algorithm);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) copy_data(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CertData->signature.algorithmIdentifier.parameters,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CertData->certificate.signature.parameters);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_validity(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    time_t notBefore, uint32_t delta)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    time_t      clock;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    struct tm   *gmt;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        szNotBefore[256];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        szNotAfter[256];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Set up validity fields */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (notBefore == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        clock = time(NULL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        clock = notBefore;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    gmt = gmtime(&clock);  /* valid starting today */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Build the format in 2 parts so SCCS doesn't get confused */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) strftime(szNotBefore, sizeof (szNotBefore),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "%y%m%d%H" "%M00Z", gmt);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CertData->certificate.validity.notBefore.timeType = BER_UTCTIME;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CertData->certificate.validity.notBefore.time.Length =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        strlen((char *)szNotBefore);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CertData->certificate.validity.notBefore.time.Data =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (uchar_t *)strdup(szNotBefore);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    clock += delta;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    gmt = gmtime(&clock);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Build the format in 2 parts so SCCS doesn't get confused */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) strftime(szNotAfter, sizeof (szNotAfter),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "%y%m%d%H" "%M00Z", gmt);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CertData->certificate.validity.notAfter.timeType = BER_UTCTIME;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CertData->certificate.validity.notAfter.time.Length =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        strlen((char *)szNotAfter);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CertData->certificate.validity.notAfter.time.Data =
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (uchar_t *)strdup(szNotAfter);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Utility routine to set Integer values in the Certificate template
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * for things like serialNumber and Version. The data structure
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * expects pointers, not literal values, so we must allocate
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and copy here.  Don't use memory from the stack since this data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * is freed later and that would be bad.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysset_integer(KMF_DATA *data, void *value, int length)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (data == NULL || value == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    data->Data = malloc(length);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (data->Data == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    data->Length = length;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memcpy((void *)data->Data, (const void *)value, length);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysset_bigint(KMF_BIGINT *data, KMF_BIGINT *bigint)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (data == NULL || bigint == NULL || bigint->len == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    data->val = malloc(bigint->len);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (data->val == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    data->len = bigint->len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memcpy((void *)data->val, bigint->val, bigint->len);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_serial(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT *serno)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL || serno == NULL || serno->len == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (set_bigint(&CertData->certificate.serialNumber, serno));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_version(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    uint32_t version)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * From RFC 3280:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (version != 0 && version != 1 && version != 2)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (set_integer(&CertData->certificate.version, (void *)&version,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (uint32_t)));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int critical,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_GENERALNAMECHOICES nametype,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *namedata)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL || namedata == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (kmf_set_altname(&CertData->certificate.extensions,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_IssuerAltName, critical, nametype, namedata));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int critical,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_GENERALNAMECHOICES nametype,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *namedata)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL || namedata == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (kmf_set_altname(&CertData->certificate.extensions,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_SubjectAltName, critical, nametype, namedata));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_add_cert_eku(KMF_X509_CERTIFICATE *CertData, KMF_OID *ekuOID,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int critical)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION *foundextn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION newextn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue *extdata = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *olddata = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    size_t oldsize = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509EXT_EKU ekudata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL || ekuOID == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&ekudata, 0, sizeof (KMF_X509EXT_EKU));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&newextn, 0, sizeof (newextn));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    foundextn = FindExtn(&CertData->certificate.extensions,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_ExtendedKeyUsage);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (foundextn != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        ret = GetSequenceContents((char *)foundextn->BERvalue.Data,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            foundextn->BERvalue.Length, &olddata, &oldsize);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         * If the EKU is already in the cert, then just return OK.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = parse_eku_data(&foundextn->BERvalue, &ekudata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (ret == KMF_OK) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            if (is_eku_present(&ekudata, ekuOID)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_alloc()) == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_printf(asn1, "{") == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Write the old extension data first */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (olddata != NULL && oldsize > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_write(asn1, olddata, oldsize, 0) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Append this EKU OID and close the sequence */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_printf(asn1, "D}", ekuOID) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_flatten(asn1, &extdata) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * If we are just adding to an existing list of EKU OIDs,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * just replace the BER data associated with the found extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (foundextn != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(foundextn->BERvalue.Data);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        foundextn->critical = critical;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        foundextn->BERvalue.Data = (uchar_t *)extdata->bv_val;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        foundextn->BERvalue.Length = extdata->bv_len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = copy_data(&newextn.extnId,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (KMF_DATA *)&KMFOID_ExtendedKeyUsage);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        newextn.critical = critical;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        newextn.format = KMF_X509_DATAFORMAT_ENCODED;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        newextn.BERvalue.Data = (uchar_t *)extdata->bv_val;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        newextn.BERvalue.Length = extdata->bv_len;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        ret = kmf_set_cert_extn(CertData, &newextn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(newextn.BERvalue.Data);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_eku(&ekudata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (extdata != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(extdata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (olddata != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(olddata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_data(&newextn.extnId);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_extn(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION *extn)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSIONS *exts;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CertData == NULL || extn == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exts = &CertData->certificate.extensions;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = add_an_extension(exts, extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *CertData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BOOL critical, KMF_X509EXT_BASICCONSTRAINTS *constraint)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSION extn;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerElement *asn1 = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    BerValue *extdata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((CertData == NULL) || (constraint == NULL))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&extn, 0, sizeof (extn));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = copy_data(&extn.extnId, (KMF_OID *)&KMFOID_BasicConstraints);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.critical = critical;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.format = KMF_X509_DATAFORMAT_ENCODED;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((asn1 = kmfder_alloc()) == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_printf(asn1, "{") == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_printf(asn1, "b", constraint->cA) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (constraint->pathLenConstraintPresent) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Write the pathLenConstraint value */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfber_printf(asn1, "i",
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            constraint->pathLenConstraint) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_printf(asn1, "}") == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfber_flatten(asn1, &extdata) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = KMF_ERR_ENCODING;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.BERvalue.Data = (uchar_t *)extdata->bv_val;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extn.BERvalue.Length = extdata->bv_len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    free(extdata);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_set_cert_extn(CertData, &extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(extn.BERvalue.Data);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (asn1 != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kmfber_free(asn1, 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys/*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Phase 1 APIs still needed to maintain compat with elfsign.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_GetCertSubjectNameString(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    char **result)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (kmf_get_cert_subject_str(handle, SignedCert, result));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_GetCertIssuerNameString(KMF_HANDLE_T handle, const KMF_DATA *SignedCert,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    char **result)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (kmf_get_cert_issuer_str(handle, SignedCert, result));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_GetCertIDString(const KMF_DATA *SignedCert, char **idstr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (kmf_get_cert_id_str(SignedCert, idstr));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}