x509-core.cpp revision 13493ab7596e827b8d0caab2c89e635dd65f78f9
/* $Id$ */
/** @file
* IPRT - Crypto - X.509, Core APIs.
*/
/*
* Copyright (C) 2006-2014 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*
* The contents of this file may alternatively be used under the terms
* of the Common Development and Distribution License Version 1.0
* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
* VirtualBox OSE distribution, in which case the provisions of the
* CDDL are applicable instead of those of the GPL.
*
* You may elect to license modified versions of this file under the
* terms and conditions of either the GPL or the CDDL or both.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#include "x509-internal.h"
/*
* Generate the code.
*/
#include <iprt/asn1-generator-core.h>
/*
* X.509 Validity.
*/
{
return false;
return false;
return true;
}
/*
* One X.509 Algorithm Identifier.
*/
RTDECL(RTDIGESTTYPE) RTCrX509AlgorithmIdentifier_QueryDigestType(PCRTCRX509ALGORITHMIDENTIFIER pThis)
{
return RTDIGESTTYPE_MD5;
return RTDIGESTTYPE_SHA1;
return RTDIGESTTYPE_SHA256;
return RTDIGESTTYPE_SHA512;
return RTDIGESTTYPE_INVALID;
}
{
/* common */
return 128 / 8;
return 160 / 8;
return 256 / 8;
return 512 / 8;
/* Less common. */
return 128 / 8;
return 128 / 8;
return 384 / 8;
return 224 / 8;
return 512 / 8;
return UINT32_MAX;
}
RTDECL(int) RTCrX509AlgorithmIdentifier_CompareWithString(PCRTCRX509ALGORITHMIDENTIFIER pThis, const char *pszObjId)
{
}
RTDECL(int) RTCrX509AlgorithmIdentifier_CompareDigestAndEncryptedDigest(PCRTCRX509ALGORITHMIDENTIFIER pDigest,
{
/* common */
{
return 0;
}
{
return 0;
}
{
return 0;
}
{
return 0;
}
/* Less common. */
{
return 0;
}
{
return 0;
}
{
return 0;
}
{
return 0;
}
{
/* ?? */
}
else
return -1;
return 1;
}
/*
* Set of X.509 Algorithm Identifiers.
*/
/*
* One X.509 AttributeTypeAndValue.
*/
/*
* Set of X.509 AttributeTypeAndValues / X.509 RelativeDistinguishedName.
*/
/**
* Slow code path of rtCrX509CanNameIsNothing.
*
* @returns true if @uc maps to nothing, false if not.
* @param uc The unicode code point.
*/
{
switch (uc)
{
/* 2.2 Map - Paragraph 1: */
case 0x00ad:
case 0x1806:
case 0x034f:
case 0x180b: case 0x180c: case 0x180d:
case 0xfe00: case 0xfe01: case 0xfe02: case 0xfe03:
case 0xfe04: case 0xfe05: case 0xfe06: case 0xfe07:
case 0xfe08: case 0xfe09: case 0xfe0a: case 0xfe0b:
case 0xfe0c: case 0xfe0d: case 0xfe0e: case 0xfe0f:
case 0xfffc:
case 0x0000: case 0x0001: case 0x0002: case 0x0003:
case 0x0004: case 0x0005: case 0x0006: case 0x0007:
case 0x0008:
case 0x000e: case 0x000f:
case 0x0010: case 0x0011: case 0x0012: case 0x0013:
case 0x0014: case 0x0015: case 0x0016: case 0x0017:
case 0x0018: case 0x0019: case 0x001a: case 0x001b:
case 0x001c: case 0x001d: case 0x001e: case 0x001f:
case 0x007f:
case 0x0080: case 0x0081: case 0x0082: case 0x0083:
case 0x0084: /*case 0x0085:*/ case 0x0086: case 0x0087:
case 0x0088: case 0x0089: case 0x008a: case 0x008b:
case 0x008c: case 0x008d: case 0x008e: case 0x008f:
case 0x0090: case 0x0091: case 0x0092: case 0x0093:
case 0x0094: case 0x0095: case 0x0096: case 0x0097:
case 0x0098: case 0x0099: case 0x009a: case 0x009b:
case 0x009c: case 0x009d: case 0x009e: case 0x009f:
case 0x06dd:
case 0x070f:
case 0x180e:
case 0x200c: case 0x200d: case 0x200e: case 0x200f:
case 0x202a: case 0x202b: case 0x202c: case 0x202d: case 0x202e:
case 0x2060: case 0x2061: case 0x2062: case 0x2063:
case 0x206a: case 0x206b: case 0x206c: case 0x206d: case 0x206e: case 0x206f:
case 0xfeff:
case 0xfff9: case 0xfffa: case 0xfffb:
case 0x1d173: case 0x1d174: case 0x1d175: case 0x1d176: case 0x1d177: case 0x1d178: case 0x1d179: case 0x1d17a:
case 0xe0001:
case 0xe0020: case 0xe0021: case 0xe0022: case 0xe0023:
case 0xe0024: case 0xe0025: case 0xe0026: case 0xe0027:
case 0xe0028: case 0xe0029: case 0xe002a: case 0xe002b:
case 0xe002c: case 0xe002d: case 0xe002e: case 0xe002f:
case 0xe0030: case 0xe0031: case 0xe0032: case 0xe0033:
case 0xe0034: case 0xe0035: case 0xe0036: case 0xe0037:
case 0xe0038: case 0xe0039: case 0xe003a: case 0xe003b:
case 0xe003c: case 0xe003d: case 0xe003e: case 0xe003f:
case 0xe0040: case 0xe0041: case 0xe0042: case 0xe0043:
case 0xe0044: case 0xe0045: case 0xe0046: case 0xe0047:
case 0xe0048: case 0xe0049: case 0xe004a: case 0xe004b:
case 0xe004c: case 0xe004d: case 0xe004e: case 0xe004f:
case 0xe0050: case 0xe0051: case 0xe0052: case 0xe0053:
case 0xe0054: case 0xe0055: case 0xe0056: case 0xe0057:
case 0xe0058: case 0xe0059: case 0xe005a: case 0xe005b:
case 0xe005c: case 0xe005d: case 0xe005e: case 0xe005f:
case 0xe0060: case 0xe0061: case 0xe0062: case 0xe0063:
case 0xe0064: case 0xe0065: case 0xe0066: case 0xe0067:
case 0xe0068: case 0xe0069: case 0xe006a: case 0xe006b:
case 0xe006c: case 0xe006d: case 0xe006e: case 0xe006f:
case 0xe0070: case 0xe0071: case 0xe0072: case 0xe0073:
case 0xe0074: case 0xe0075: case 0xe0076: case 0xe0077:
case 0xe0078: case 0xe0079: case 0xe007a: case 0xe007b:
case 0xe007c: case 0xe007d: case 0xe007e: case 0xe007f:
/* 2.2 Map - Paragraph 4. */
case 0x200b:
return true;
}
return false;
}
/**
* Checks if @a uc maps to nothing according to mapping rules of RFC-5280 and
* RFC-4518.
*
* @returns true if @uc maps to nothing, false if not.
* @param uc The unicode code point.
*/
{
return false;
return rtCrX509CanNameIsNothingSlow(uc);
}
/**
* Slow code path of rtCrX509CanNameIsSpace.
*
* @returns true if space, false if not.
* @param uc The unicode code point.
*/
{
switch (uc)
{
/* 2.2 Map - Paragraph 2. */
case 0x09:
case 0x0a:
case 0x0b:
case 0x0c:
case 0x0d:
case 0x20:
case 0x0085:
case 0x00a0:
case 0x1680:
case 0x2000: case 0x2001: case 0x2002: case 0x2003:
case 0x2004: case 0x2005: case 0x2006: case 0x2007:
case 0x2008: case 0x2009: case 0x200a:
case 0x2028: case 0x2029:
case 0x202f:
case 0x205f:
case 0x3000:
return true;
}
return false;
}
/**
* Checks if @a uc is a space character according to the mapping rules of
* RFC-5280 and RFC-4518.
*
* @returns true if space, false if not.
* @param uc The unicode code point.
*/
{
if (uc < 0x0085)
{
if (uc > 0x0020)
return false;
return true;
}
return rtCrX509CanNameIsSpaceSlow(uc);
}
{
/*
* Return space when we've encountered the first non-space-non-nothing code point.
*/
const char *pszPrev;
for (;;)
{
if (!uc)
{
break;
/* NUL inside the string, maps to nothing => ignore it. */
}
break;
}
return pszPrev;
}
{
/*
* Return space when we've encountered the first non-space-non-nothing code point.
*/
const char *pszPrev;
for (;;)
{
if (!uc)
{
{
uc = 0; /* End of string: Ignore trailing spaces. */
break;
}
/* NUL inside the string, maps to nothing => ignore it. */
}
{
break;
}
}
return uc;
}
{
while (*pcch > 0)
{
if (uc < 0x80)
{
*pcch -= 1;
}
else
{
}
if (uc != 0)
return uc;
}
return 0;
}
{
/*
* Return first code point which doesn't map to nothing. If we encounter
* a space, we defer to the mapping-after-space routine above.
*/
for (;;)
{
if (rtCrX509CanNameIsSpace(uc))
return uc;
}
}
{
if (uc)
{
if (!rtCrX509CanNameIsSpace(uc))
{
if (!rtCrX509CanNameIsNothing(uc))
return uc;
}
}
return uc;
}
RTDECL(bool) RTCrX509AttributeTypeAndValue_MatchAsRdnByRfc5280(PCRTCRX509ATTRIBUTETYPEANDVALUE pLeft,
{
{
/*
* Try for perfect match in case we get luck.
*/
#ifdef DEBUG_bird /* Want to test the complicated code path first */
#endif
return true;
/*
* If both are string types, we can compare them according to RFC-5280.
*/
{
const char *pszLeft;
if (RT_SUCCESS(rc))
{
const char *pszRight;
if (RT_SUCCESS(rc))
{
/*
* Perform a simplified RFC-5280 comparsion.
* The algorithm as be relaxed on the following counts:
* 1. No unicode normalization.
* 2. Prohibited characters not checked for.
* 3. Bidirectional characters are not ignored.
*/
{
{
return false;
}
}
}
}
}
}
return false;
}
RTDECL(bool) RTCrX509RelativeDistinguishedName_MatchByRfc5280(PCRTCRX509RELATIVEDISTINGUISHEDNAME pLeft,
{
/*
* No match if the attribute count differs.
*/
{
/*
* Compare each attribute, but don't insist on the same order nor
* bother checking for duplicates (too complicated).
*/
{
bool fFound = false;
{
fFound = true;
break;
}
if (!fFound)
return false;
}
return true;
}
return false;
}
/*
* X.509 Name.
*/
{
{
/* Require exact order. */
if (!RTCrX509RelativeDistinguishedName_MatchByRfc5280(&pLeft->paItems[iRdn], &pRight->paItems[iRdn]))
return false;
return true;
}
return false;
}
{
/*
* Check that the constraint is a prefix of the name. This means that
* the name must have at least as many components and the constraint.
*/
{
/*
* Parallel crawl of the two RDNs arrays.
*/
{
/*
* Walk the constraint attribute & value array.
*/
{
/*
* Find matching attribute & value in the name.
*/
bool fFound = false;
if (RTCrX509AttributeTypeAndValue_MatchAsRdnByRfc5280(pConstrAttrib, &pNameRdns->paItems[iNameAttrib]))
{
fFound = true;
break;
}
if (fFound)
return false;
}
}
return true;
}
return false;
}
/**
* Mapping between X.500 object IDs and short and long names.
*
* See RFC-1327, ...
*/
static struct
{
const char *pszOid;
const char *pszShortNm;
const char *pszLongNm;
} const g_aRdnMap[] =
{
};
{
/* Keep track of the string length. */
/*
* The usual double loop for walking the components.
*/
{
{
/*
* Must be a string.
*/
return false;
/*
* Look up the component name prefix and check whether it's also in the string.
*/
while (iName-- > 0)
break;
AssertMsgReturn(iName != UINT32_MAX, ("Please extend g_aRdnMap with '%s'.\n", pComponent->Type.szObjId), false);
return false;
/*
* Compare the component string.
*/
AssertRCReturn(rc, false);
if (cchComponent > cchString)
return false;
return false;
/*
* Check separator comma + space and skip extra spaces before the next component.
*/
if (cchString)
{
if (pszString[0] != ',')
return false;
return false;
pszString += 2;
cchString -= 2;
{
pszString++;
cchString--;
}
}
}
}
/*
* If we got thru the whole name and the whole string, we're good.
*/
return *pszString == '\0';
}
RTDECL(int) RTCrX509Name_FormatAsString(PCRTCRX509NAME pThis, char *pszBuf, size_t cbBuf, size_t *pcbActual)
{
/*
* The usual double loop for walking the components.
*/
int rc = VINF_SUCCESS;
{
{
/*
* Must be a string.
*/
return VERR_CR_X509_NAME_NOT_STRING;
/*
* Look up the component name prefix.
*/
while (iName-- > 0)
break;
AssertMsgReturn(iName != UINT32_MAX, ("Please extend g_aRdnMap with '%s'.\n", pComponent->Type.szObjId),
/*
* Append the prefix.
*/
if (off)
{
{
}
else
off += 2;
}
{
}
else
/*
* Add the component string.
*/
const char *pszUtf8;
else
}
}
if (pcbActual)
return rc;
}
/*
* One X.509 GeneralName.
*/
/**
* Name constraint matching (RFC-5280): DNS Name.
*
* @returns true on match, false on mismatch.
* @param pConstraint The constraint name.
* @param pName The name to match against the constraint.
*/
static bool rtCrX509GeneralName_ConstraintMatchDnsName(PCRTCRX509GENERALNAME pConstraint, PCRTCRX509GENERALNAME pName)
{
/*
* Empty constraint string is taken to match everything.
*/
return true;
/*
* Get the UTF-8 strings for the two.
*/
char const *pszConstraint;
if (RT_SUCCESS(rc))
{
char const *pszFull;
if (RT_SUCCESS(rc))
{
/*
* No match if the constraint is longer.
*/
if (cchConstraint > cchFull)
return false;
/*
* No match if the constraint and name tail doesn't match
* in a case-insensitive compare.
*/
return false;
if (!offFull)
return true;
/*
* The matching constraint must be delimited by a dot in the full
* name. There seems to be some discussion whether ".oracle.com"
* should match "www..oracle.com". This implementation does choose
* to not succeed in that case.
*/
return true;
return false;
}
}
/* fall back. */
}
/**
* Name constraint matching (RFC-5280): RFC-822 (email).
*
* @returns true on match, false on mismatch.
* @param pConstraint The constraint name.
* @param pName The name to match against the constraint.
*/
static bool rtCrX509GeneralName_ConstraintMatchRfc822Name(PCRTCRX509GENERALNAME pConstraint, PCRTCRX509GENERALNAME pName)
{
/*
* Empty constraint string is taken to match everything.
*/
return true;
/*
* Get the UTF-8 strings for the two.
*/
char const *pszConstraint;
if (RT_SUCCESS(rc))
{
char const *pszFull;
if (RT_SUCCESS(rc))
{
/*
* No match if the constraint is longer.
*/
if (cchConstraint > cchFull)
return false;
/*
* A lone dot matches everything.
*/
return true;
/*
* If there is a '@' in the constraint, the entire address must match.
*/
if (pszConstraintAt)
/*
* No match if the constraint and name tail doesn't match
* in a case-insensitive compare.
*/
return false;
/*
* If the constraint starts with a dot, we're supposed to be
* satisfied with a tail match.
*/
/** @todo Check if this should match even if offFull == 0. */
if (*pszConstraint == '.')
return true;
/*
* Otherwise, we require a hostname match and thus expect an '@'
* immediatly preceding the constraint match.
*/
return true;
return false;
}
}
/* fall back. */
}
/**
* Extracts the hostname from an URI.
*
* @returns true if successfully extract, false if no hostname present.
* @param pszUri The URI.
* @param pchHostName .
* @param pcchHostName .
*/
static bool rtCrX509GeneralName_ExtractHostName(const char *pszUri, const char **pchHostName, size_t *pcchHostName)
{
/*
* Skip the schema name.
*/
if (pszStart)
{
pszStart += 3;
/*
* The name ends with the first slash or ":port".
*/
if (!pszEnd)
do
pszEnd--;
while (*pszEnd != ':');
{
/*
* Drop access credentials at the front of the string if present.
*/
if (pszAt)
/*
* If there is still some string left, that's the host name.
*/
{
*pchHostName = pszStart;
return true;
}
}
}
*pcchHostName = 0;
*pchHostName = NULL;
return false;
}
/**
* Name constraint matching (RFC-5280): URI.
*
* @returns true on match, false on mismatch.
* @param pConstraint The constraint name.
* @param pName The name to match against the constraint.
*/
static bool rtCrX509GeneralName_ConstraintMatchUri(PCRTCRX509GENERALNAME pConstraint, PCRTCRX509GENERALNAME pName)
{
/*
* Empty constraint string is taken to match everything.
*/
return true;
/*
* Get the UTF-8 strings for the two.
*/
char const *pszConstraint;
if (RT_SUCCESS(rc))
{
char const *pszFull;
if (RT_SUCCESS(rc))
{
/*
* Isolate the hostname in the name.
*/
const char *pchHostName;
{
/*
* Domain constraint.
*/
if (*pszConstraint == '.')
{
if (cchHostName >= cchConstraint)
{
{
/* "http://www..oracle.com" does not match ".oracle.com".
It's debatable whether "http://.oracle.com/" should match. */
if ( !offHostName
return true;
}
}
}
/*
* Host name constraint. Full match required.
*/
else if ( cchHostName == cchConstraint
return true;
}
return false;
}
}
/* fall back. */
}
/**
* Name constraint matching (RFC-5280): IP address.
*
* @returns true on match, false on mismatch.
* @param pConstraint The constraint name.
* @param pName The name to match against the constraint.
*/
static bool rtCrX509GeneralName_ConstraintMatchIpAddress(PCRTCRX509GENERALNAME pConstraint, PCRTCRX509GENERALNAME pName)
{
/*
* IPv4.
*/
/*
* IPv6.
*/
{
for (uint32_t i = 0; i < 16; i++)
return false;
return true;
}
}
RTDECL(bool) RTCrX509GeneralName_ConstraintMatch(PCRTCRX509GENERALNAME pConstraint, PCRTCRX509GENERALNAME pName)
{
{
return RTCrX509Name_ConstraintMatch(&pConstraint->u.pT4->DirectoryName, &pName->u.pT4->DirectoryName);
AssertFailed();
}
return false;
}
/*
* Sequence of X.509 GeneralNames.
*/
/*
* X.509 UniqueIdentifier.
*/
/*
* X.509 SubjectPublicKeyInfo.
*/
/*
* X.509 AuthorityKeyIdentifier (IPRT representation).
*/
/*
* One X.509 PolicyQualifierInfo.
*/
/*
* Sequence of X.509 PolicyQualifierInfo.
*/
/*
* One X.509 PolicyInformation.
*/
/*
* Sequence of X.509 CertificatePolicies.
*/
/*
* One X.509 PolicyMapping (IPRT representation).
*/
/*
* Sequence of X.509 PolicyMappings (IPRT representation).
*/
/*
* X.509 BasicConstraints (IPRT representation).
*/
/*
* X.509 GeneralSubtree (IPRT representation).
*/
RTDECL(bool) RTCrX509GeneralSubtree_ConstraintMatch(PCRTCRX509GENERALSUBTREE pConstraint, PCRTCRX509GENERALSUBTREE pName)
{
}
/*
* Sequence of X.509 GeneralSubtrees (IPRT representation).
*/
/*
* X.509 NameConstraints (IPRT representation).
*/
/*
* X.509 PolicyConstraints (IPRT representation).
*/
/*
* One X.509 Extension.
*/
/*
* Sequence of X.509 Extensions.
*/
/*
* X.509 TbsCertificate.
*/
static void rtCrx509TbsCertificate_AddKeyUsageFlags(PRTCRX509TBSCERTIFICATE pThis, PCRTCRX509EXTENSION pExtension)
{
pThis->T3.fKeyUsage |= (uint32_t)RTAsn1BitString_GetAsUInt64((PCRTASN1BITSTRING)pExtension->ExtnValue.pEncapsulated);
}
static void rtCrx509TbsCertificate_AddExtKeyUsageFlags(PRTCRX509TBSCERTIFICATE pThis, PCRTCRX509EXTENSION pExtension)
{
while (i-- > 0)
{
{
{
}
else
}
else if (RTAsn1ObjId_StartsWith(&pObjIds->paItems[i], RTCRX509_APPLE_EKU_APPLE_EXTENDED_KEY_USAGE_OID))
{
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_APPLE_EKU_CODE_SIGNING_DEVELOPMENT_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_APPLE_EKU_SOFTWARE_UPDATE_SIGNING_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_APPLE_EKU_CODE_SIGNING_THRID_PARTY_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_APPLE_EKU_RESOURCE_SIGNING_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_APPLE_EKU_SYSTEM_IDENTITY_OID) == 0)
else
}
{
if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_MS_EKU_TIMESTAMP_SIGNING_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_MS_EKU_OEM_WHQL_CRYPTO_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_MS_EKU_EMBEDDED_NT_CRYPTO_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_MS_EKU_KERNEL_MODE_CODE_SIGNING_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_MS_EKU_LIFETIME_SIGNING_OID) == 0)
else if (RTAsn1ObjId_CompareWithString(&pObjIds->paItems[i], RTCRX509_MS_EKU_DRM_INDIVIDUALIZATION_OID) == 0)
else
}
else
}
}
/**
* (Re-)Process the certificate extensions.
*
* Will fail if duplicate extensions are encountered.
*
* @returns IPRT status code.
* @param pThis The to-be-signed certificate part.
* @param pErrInfo Where to return extended error details,
* optional.
*/
RTDECL(int) RTCrX509TbsCertificate_ReprocessExtensions(PRTCRX509TBSCERTIFICATE pThis, PRTERRINFO pErrInfo)
{
/*
* Clear all variables we will set.
*/
do { \
"Duplicate extension " #a_fPresentFlag); \
} while (0)
/*
* Process all the extensions.
*/
{
{
}
{
}
{
CHECK_SET_PRESENT_RET_ON_DUP(pThis, pErrInfo, RTCRX509TBSCERTIFICATE_F_PRESENT_AUTHORITY_KEY_IDENTIFIER);
Assert(pThis->T3.Extensions.paItems[i].enmValue == RTCRX509EXTENSIONVALUE_AUTHORITY_KEY_IDENTIFIER);
}
else if (RTAsn1ObjId_CompareWithString(pExtnId, RTCRX509_ID_CE_OLD_AUTHORITY_KEY_IDENTIFIER_OID) == 0)
{
CHECK_SET_PRESENT_RET_ON_DUP(pThis, pErrInfo, RTCRX509TBSCERTIFICATE_F_PRESENT_OLD_AUTHORITY_KEY_IDENTIFIER);
pThis->T3.pOldAuthorityKeyIdentifier = (PCRTCRX509OLDAUTHORITYKEYIDENTIFIER)pExtValue->pEncapsulated;
Assert(pThis->T3.Extensions.paItems[i].enmValue == RTCRX509EXTENSIONVALUE_OLD_AUTHORITY_KEY_IDENTIFIER);
}
{
CHECK_SET_PRESENT_RET_ON_DUP(pThis, pErrInfo, RTCRX509TBSCERTIFICATE_F_PRESENT_SUBJECT_KEY_IDENTIFIER);
}
{
}
{
}
{
CHECK_SET_PRESENT_RET_ON_DUP(pThis, pErrInfo, RTCRX509TBSCERTIFICATE_F_PRESENT_CERTIFICATE_POLICIES);
}
{
}
{
}
{
}
{
}
{
}
else
}
return VINF_SUCCESS;
}
/*
* One X.509 Certificate.
*/
{
return true;
return false;
}
RTDECL(bool) RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280(PCRTCRX509CERTIFICATE pThis, PCRTCRX509NAME pName)
{
return true;
{
{
return true;
}
}
return false;
}
{
{
}
return false;
}
/*
* Set of X.509 Certificates.
*/
{
if (RTCrX509Certificate_MatchIssuerAndSerialNumber(&pCertificates->paItems[i], pIssuer, pSerialNumber))
return &pCertificates->paItems[i];
return NULL;
}