x509-sanity.cpp revision 13493ab7596e827b8d0caab2c89e635dd65f78f9
/* $Id$ */
/** @file
* IPRT - Crypto - X.509, Sanity Checkers.
*/
/*
* Copyright (C) 2006-2014 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*
* The contents of this file may alternatively be used under the terms
* of the Common Development and Distribution License Version 1.0
* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
* VirtualBox OSE distribution, in which case the provisions of the
* CDDL are applicable instead of those of the GPL.
*
* You may elect to license modified versions of this file under the
* terms and conditions of either the GPL or the CDDL or both.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#include "x509-internal.h"
static int rtCrX509Validity_CheckSanityExtra(PCRTCRX509VALIDITY pThis, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag)
{
return RTErrInfoSetF(pErrInfo, VERR_CR_X509_VALIDITY_SWAPPED, "%s: NotBefore is after NotAfter", pszErrorTag);
/** @todo check tag constraints? */
return VINF_SUCCESS;
}
static int rtCrX509Name_CheckSanityExtra(PCRTCRX509NAME pThis, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag)
{
{
"%s: Items[%u] has no sub components.", pszErrorTag, i);
{
"%s: Items[%u].paItems[%u].enmType is %d instead of string (%d).",
"%s: Items[%u].paItems[%u] is an empty string", pszErrorTag, i, j);
{
case ASN1_TAG_UTF8_STRING:
break;
case ASN1_TAG_T61_STRING:
case ASN1_TAG_BMP_STRING:
break;
case ASN1_TAG_IA5_STRING: /* Used by "Microsoft Root Certificate Authority" in the "com" part of the Issuer. */
break;
default:
"%s: Items[%u].paItems[%u] invalid string type: %u", pszErrorTag, i, j,
}
}
}
return VINF_SUCCESS;
}
static int rtCrX509SubjectPublicKeyInfo_CheckSanityExtra(PCRTCRX509SUBJECTPUBLICKEYINFO pThis, uint32_t fFlags,
{
return VINF_SUCCESS;
}
{
"%s: Unknown Version number: %llu",
"%s: IssuerUniqueId and SubjectUniqueId requires version 2", pszErrorTag);
return RTErrInfoSetF(pErrInfo, VERR_CR_X509_TBSCERT_EXTS_REQ_V3, "%s: Extensions requires version 3", pszErrorTag);
return VINF_SUCCESS;
}
{
if (RTCrX509AlgorithmIdentifier_Compare(&pThis->SignatureAlgorithm, &pThis->TbsCertificate.Signature) != 0)
"%s: SignatureAlgorithm (%s) does not match TbsCertificate.Signature (%s).", pszErrorTag,
return VINF_SUCCESS;
}
/*
* Generate the code.
*/
#include <iprt/asn1-generator-sanity.h>