Back to index

nordugrid-arc-nox  1.1.0~rc6
Proxycertinfo.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <cstring>
00006 
00007 #include <openssl/err.h>
00008 #include <openssl/asn1_mac.h>
00009 #include <openssl/objects.h>
00010 
00011 #include "Proxycertinfo.h"
00012 
00013 namespace ArcCredential {
00014 
00015 /* PROXYPOLICY function */
00016 
00017 PROXYPOLICY * PROXYPOLICY_new() {
00018   ASN1_CTX                            c;
00019   PROXYPOLICY *                       ret;
00020   ret = NULL;
00021 
00022   M_ASN1_New_Malloc(ret, PROXYPOLICY);
00023   ret->policy_language = OBJ_nid2obj(OBJ_sn2nid(IMPERSONATION_PROXY_SN));
00024   ret->policy = NULL;
00025   return (ret);
00026   M_ASN1_New_Error(ASN1_F_PROXYPOLICY_NEW);
00027 }
00028 
00029 #ifndef NO_OLD_ASN1
00030 char *ASN1_dup(int (*i2d)(void*, unsigned char**), char *(*d2i)(void**, const unsigned char**, long int), char *x) {
00031   unsigned char *b,*p;
00032   long i;
00033   char *ret;
00034   if (x == NULL) return(NULL);
00035   i=(long)i2d(x,NULL);
00036   b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
00037   if (b == NULL) { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
00038   p= b;
00039   i=i2d(x,&p);
00040   p= b;
00041   ret=d2i(NULL,(const unsigned char**)&p,i);
00042   OPENSSL_free(b);
00043   return(ret);
00044   }
00045 #endif
00046 
00047 void PROXYPOLICY_free(PROXYPOLICY * policy) {
00048   if(policy == NULL) return;
00049   ASN1_OBJECT_free(policy->policy_language);
00050   M_ASN1_OCTET_STRING_free(policy->policy);
00051   OPENSSL_free(policy);
00052 }
00053 
00054 /* duplicate */
00055 PROXYPOLICY * PROXYPOLICY_dup(PROXYPOLICY * policy) {
00056   return ((PROXYPOLICY *) ASN1_dup((int (*)(void*, unsigned char**))i2d_PROXYPOLICY,
00057                                (char *(*)(void**, const unsigned char**, long int))d2i_PROXYPOLICY,
00058                                (char *)policy));
00059 }
00060 
00061 int PROXYPOLICY_print(BIO* bp, PROXYPOLICY* policy) {
00062   STACK_OF(CONF_VALUE)* values = NULL;
00063   values = i2v_PROXYPOLICY(PROXYPOLICY_x509v3_ext_meth(), policy, values);
00064   X509V3_EXT_val_prn(bp, values, 0, 1);
00065   sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
00066   return 1;
00067 }
00068 
00069 /* set policy language */
00070 int PROXYPOLICY_set_policy_language(PROXYPOLICY * policy, ASN1_OBJECT * policy_language) {
00071   if(policy_language != NULL) {
00072     if(policy_language != policy->policy_language) {
00073       ASN1_OBJECT_free(policy->policy_language);
00074       policy->policy_language = OBJ_dup(policy_language);
00075     }
00076     return 1;
00077   }
00078   return 0;
00079 }
00080 
00081 /* get policy language */
00082 ASN1_OBJECT * PROXYPOLICY_get_policy_language(PROXYPOLICY * policy)
00083 {
00084   return policy->policy_language;
00085 }
00086 
00087 /* set policy */
00088 int PROXYPOLICY_set_policy(PROXYPOLICY * proxypolicy, unsigned char * policy, int length) {
00089   if(policy != NULL) {
00090     /* if member policy of proxypolicy non set */
00091     if(!proxypolicy->policy)
00092       proxypolicy->policy = ASN1_OCTET_STRING_new();
00093     /* set member policy of proxypolicy */
00094     ASN1_OCTET_STRING_set(proxypolicy->policy, policy, length);
00095   }
00096   else if(proxypolicy->policy) {
00097     ASN1_OCTET_STRING_free(proxypolicy->policy);
00098     proxypolicy->policy = NULL;
00099   }
00100   return 1;
00101 }
00102 
00103 /* get policy */
00104 unsigned char * PROXYPOLICY_get_policy(PROXYPOLICY * proxypolicy, int * length) {
00105   /* assure field policy is set */
00106   if(proxypolicy->policy) {
00107     *length = proxypolicy->policy->length;
00108     /* assure ASN1_OCTET_STRING is full */
00109     if (*length>0 && proxypolicy->policy->data) {
00110       unsigned char * copy = (unsigned char*) malloc(*length);
00111       if(copy) {
00112         memcpy(copy, proxypolicy->policy->data, *length);
00113         return copy;
00114       }
00115     }
00116   }
00117   /* else return NULL */
00118   return NULL;
00119 }
00120 
00121 /* internal to der conversion */
00122 int i2d_PROXYPOLICY(PROXYPOLICY * policy, unsigned char ** pp)  {
00123 #if 0
00124   int  v1 = 0;
00125     
00126   M_ASN1_I2D_vars(policy);
00127 
00128   M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT);
00129   M_ASN1_I2D_len_EXP_opt(policy->policy, i2d_ASN1_OCTET_STRING, 0, v1);
00130   M_ASN1_I2D_seq_total();
00131   M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT);
00132   M_ASN1_I2D_put_EXP_opt(policy->policy, i2d_ASN1_OCTET_STRING, 0, v1);
00133 
00134   M_ASN1_I2D_finish();
00135 #endif
00136 
00137   M_ASN1_I2D_vars(policy);
00138 
00139   M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT);
00140 
00141   if(policy->policy) { 
00142     M_ASN1_I2D_len(policy->policy, i2d_ASN1_OCTET_STRING);
00143   }
00144     
00145   M_ASN1_I2D_seq_total();
00146   M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT);
00147   if(policy->policy) { 
00148     M_ASN1_I2D_put(policy->policy, i2d_ASN1_OCTET_STRING);
00149   }
00150   M_ASN1_I2D_finish();
00151 }
00152 
00153 PROXYPOLICY * d2i_PROXYPOLICY(PROXYPOLICY ** a, unsigned char ** pp, long length) {
00154   M_ASN1_D2I_vars(a, PROXYPOLICY *, PROXYPOLICY_new);
00155   M_ASN1_D2I_Init();
00156   M_ASN1_D2I_start_sequence();
00157   M_ASN1_D2I_get(ret->policy_language, d2i_ASN1_OBJECT);
00158 
00159   /* need to try getting the policy using
00160    *     a) a call expecting no tags
00161    *     b) a call expecting tags
00162    * one of which should succeed
00163    */
00164     
00165   M_ASN1_D2I_get_opt(ret->policy, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
00166   M_ASN1_D2I_get_IMP_opt(ret->policy, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING);
00167   M_ASN1_D2I_Finish(a, PROXYPOLICY_free, ASN1_F_D2I_PROXYPOLICY);
00168 }
00169 
00170 STACK_OF(CONF_VALUE) * i2v_PROXYPOLICY( struct v3_ext_method* /* method */, PROXYPOLICY*  ext, STACK_OF(CONF_VALUE)* extlist) {
00171   char* policy = NULL;
00172   char  policy_lang[128];
00173   char* tmp_string = NULL;
00174   char* index = NULL;
00175   int   nid;
00176   int   policy_length;
00177 
00178   X509V3_add_value("Proxy Policy:", NULL, &extlist);
00179   nid = OBJ_obj2nid(PROXYPOLICY_get_policy_language(ext));
00180   if(nid != NID_undef) { BIO_snprintf(policy_lang, 128, " %s", OBJ_nid2ln(nid)); }
00181   else {
00182     policy_lang[0] = ' ';
00183     i2t_ASN1_OBJECT(&policy_lang[1], 127, PROXYPOLICY_get_policy_language(ext));
00184   }
00185    
00186   X509V3_add_value("    Policy Language",  policy_lang, &extlist);    
00187   policy = (char *) PROXYPOLICY_get_policy(ext, &policy_length);
00188   if(!policy) {
00189     X509V3_add_value("    Policy", " EMPTY", &extlist);
00190   }
00191   else {
00192     X509V3_add_value("    Policy:", NULL, &extlist);
00193     tmp_string = policy;
00194     while(1) {
00195       index = strchr(tmp_string, '\n');
00196       if(!index) {
00197         int length;
00198         unsigned char* last_string;
00199         length = (policy_length - (tmp_string - policy)) + 9;
00200         last_string = (unsigned char*)  malloc(length);
00201         BIO_snprintf((char*)last_string, length, "%8s%s", "", tmp_string);
00202         X509V3_add_value(NULL, (const char*)last_string, &extlist);
00203         free(last_string);
00204         break;
00205       }      
00206       *index = '\0';
00207             
00208       X509V3_add_value(NULL, tmp_string, &extlist);
00209             
00210       tmp_string = index + 1;
00211     }      
00212     free(policy);
00213   }
00214   return extlist;
00215 }
00216 
00217 X509V3_EXT_METHOD * PROXYPOLICY_x509v3_ext_meth() {
00218   static X509V3_EXT_METHOD proxypolicy_x509v3_ext_meth =
00219   {
00220     -1,
00221     X509V3_EXT_MULTILINE,
00222     NULL,
00223     (X509V3_EXT_NEW) PROXYPOLICY_new,
00224     (X509V3_EXT_FREE) PROXYPOLICY_free,
00225     (X509V3_EXT_D2I) d2i_PROXYPOLICY,
00226     (X509V3_EXT_I2D) i2d_PROXYPOLICY,
00227     NULL, NULL,
00228     (X509V3_EXT_I2V) i2v_PROXYPOLICY,
00229     NULL,
00230     NULL, NULL,
00231     NULL
00232   };
00233   return (&proxypolicy_x509v3_ext_meth);
00234 }
00235 
00236 
00239 PROXYCERTINFO * PROXYCERTINFO_new() {
00240   PROXYCERTINFO *                     ret;
00241   ASN1_CTX                            c;
00242   ret = NULL;
00243   M_ASN1_New_Malloc(ret, PROXYCERTINFO);
00244   memset(ret, 0, sizeof(PROXYCERTINFO));
00245   ret->path_length      = NULL;
00246   ret->proxypolicy      = PROXYPOLICY_new();
00247   return (ret);
00248   M_ASN1_New_Error(ASN1_F_PROXYCERTINFO_NEW);
00249 }
00250 
00251 void PROXYCERTINFO_free(PROXYCERTINFO * proxycertinfo) {
00252   if(proxycertinfo == NULL) return;
00253   ASN1_INTEGER_free(proxycertinfo->path_length);
00254   PROXYPOLICY_free(proxycertinfo->proxypolicy);
00255   OPENSSL_free(proxycertinfo);
00256 }
00257 
00258 PROXYCERTINFO * PROXYCERTINFO_dup(PROXYCERTINFO * proxycertinfo) {
00259   PROXYCERTINFO * new_proxycertinfo = NULL;
00260   if(proxycertinfo == NULL) return NULL;
00261   new_proxycertinfo = PROXYCERTINFO_new();
00262   if(new_proxycertinfo == NULL) return NULL;
00263   if(proxycertinfo->path_length) {
00264     new_proxycertinfo->path_length =
00265             ASN1_INTEGER_dup(proxycertinfo->path_length);
00266   }
00267   new_proxycertinfo->version = proxycertinfo->version;
00268   PROXYCERTINFO_set_proxypolicy(new_proxycertinfo,proxycertinfo->proxypolicy);
00269 }
00270 
00271 int PROXYCERTINFO_print(BIO* bp, PROXYCERTINFO* cert_info) {
00272   STACK_OF(CONF_VALUE)* values = NULL;
00273   values = i2v_PROXYCERTINFO(PROXYCERTINFO_v4_x509v3_ext_meth(), cert_info, NULL);
00274   X509V3_EXT_val_prn(bp, values, 0, 1);
00275   sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
00276   return 1;
00277 }
00278 
00279 int PROXYCERTINFO_print_fp(FILE* fp, PROXYCERTINFO* cert_info) {
00280   int ret;
00281   BIO* bp;
00282   bp = BIO_new(BIO_s_file());  
00283   BIO_set_fp(bp, fp, BIO_NOCLOSE);
00284   ret =  PROXYCERTINFO_print(bp, cert_info);
00285   BIO_free(bp);
00286   return (ret);
00287 }   
00288 
00289 /* set path_length */
00290 int PROXYCERTINFO_set_path_length(PROXYCERTINFO * proxycertinfo, long path_length) {
00291   /* assure proxycertinfo is not empty */
00292   if(proxycertinfo != NULL) {
00293     if(path_length != -1) {
00294       /* if member path_length is empty allocate memory the set */
00295       if(proxycertinfo->path_length == NULL)
00296        proxycertinfo->path_length = ASN1_INTEGER_new();
00297       return ASN1_INTEGER_set(proxycertinfo->path_length, path_length);
00298     }
00299     else 
00300       if(proxycertinfo->path_length != NULL) {
00301        ASN1_INTEGER_free(proxycertinfo->path_length);
00302        proxycertinfo->path_length = NULL;
00303       }
00304     return 1;
00305   }
00306   return 0;
00307 }
00308 
00309 int PROXYCERTINFO_set_version(PROXYCERTINFO * proxycertinfo, int version) {
00310   if (proxycertinfo != NULL) {
00311     proxycertinfo->version = version;
00312     return 1;
00313   }
00314   return 0;
00315 }
00316 
00317 int PROXYCERTINFO_get_version(PROXYCERTINFO * proxycertinfo) {
00318   if (proxycertinfo)
00319     return proxycertinfo->version;
00320   return -1;
00321 }
00322 
00323 /* get path length */
00324 long PROXYCERTINFO_get_path_length(PROXYCERTINFO * proxycertinfo) {
00325   if(proxycertinfo && proxycertinfo->path_length)
00326     return ASN1_INTEGER_get(proxycertinfo->path_length);
00327   else return -1;
00328 }
00329 
00330 /* set policy */
00331 int PROXYCERTINFO_set_proxypolicy(PROXYCERTINFO * proxycertinfo, PROXYPOLICY * proxypolicy) {
00332   if(proxypolicy != proxycertinfo->proxypolicy) {
00333     PROXYPOLICY_free(proxycertinfo->proxypolicy);
00334     if(proxypolicy != NULL)
00335       proxycertinfo->proxypolicy = PROXYPOLICY_dup(proxypolicy);
00336     else
00337       proxycertinfo->proxypolicy = NULL;
00338   }
00339   return 1;
00340 }
00341 
00342 /* get policy */
00343 PROXYPOLICY * PROXYCERTINFO_get_proxypolicy(PROXYCERTINFO * proxycertinfo) {
00344   if(proxycertinfo)
00345     return proxycertinfo->proxypolicy;
00346   return NULL;
00347 }
00348 
00349 /* internal to der conversion */
00350 int i2d_PROXYCERTINFO_v3(PROXYCERTINFO * proxycertinfo, unsigned char ** pp) {
00351   int v1;
00352   M_ASN1_I2D_vars(proxycertinfo);
00353   v1 = 0;
00354   M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
00355   M_ASN1_I2D_len_EXP_opt(proxycertinfo->path_length,i2d_ASN1_INTEGER, 1, v1);
00356   M_ASN1_I2D_seq_total();
00357   M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
00358   M_ASN1_I2D_put_EXP_opt(proxycertinfo->path_length, i2d_ASN1_INTEGER, 1, v1);
00359   M_ASN1_I2D_finish();
00360 }
00361 
00362 int i2d_PROXYCERTINFO_v4(PROXYCERTINFO * proxycertinfo, unsigned char ** pp) {
00363   M_ASN1_I2D_vars(proxycertinfo);
00364   if(proxycertinfo->path_length) { 
00365     M_ASN1_I2D_len(proxycertinfo->path_length, i2d_ASN1_INTEGER);
00366   }
00367   M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
00368   M_ASN1_I2D_seq_total();
00369   if(proxycertinfo->path_length) { 
00370     M_ASN1_I2D_put(proxycertinfo->path_length, i2d_ASN1_INTEGER);
00371   }
00372   M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
00373   M_ASN1_I2D_finish();
00374 }
00375 
00376 int i2d_PROXYCERTINFO(PROXYCERTINFO * proxycertinfo, unsigned char ** pp) {
00377   switch(proxycertinfo->version) {
00378   case 3:
00379     return i2d_PROXYCERTINFO_v3(proxycertinfo, pp);
00380     break;
00381 
00382   case 4:
00383     return i2d_PROXYCERTINFO_v4(proxycertinfo, pp);
00384     break;
00385 
00386   default:
00387     return -1;
00388     break;
00389   }
00390 }
00391 
00392 PROXYCERTINFO * d2i_PROXYCERTINFO_v3(PROXYCERTINFO ** cert_info, unsigned char ** pp, long length) {
00393   M_ASN1_D2I_vars(cert_info, PROXYCERTINFO *, PROXYCERTINFO_new);
00394   M_ASN1_D2I_Init();
00395   M_ASN1_D2I_start_sequence();
00396   //M_ASN1_D2I_get(ret->proxypolicy, (unsigned char**)d2i_PROXYPOLICY);
00397   c.q=c.p;
00398   if (d2i_PROXYPOLICY(&(ret->proxypolicy),(unsigned char**)&c.p,c.slen) == NULL)
00399    {c.line=__LINE__; goto err; } 
00400   c.slen-=(c.p-c.q);
00401 
00402   M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1);
00403   ret->version = 3;
00404   M_ASN1_D2I_Finish(cert_info, PROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO);
00405 }
00406 
00407 PROXYCERTINFO * d2i_PROXYCERTINFO_v4(PROXYCERTINFO ** cert_info, unsigned char ** pp, long length) {
00408   M_ASN1_D2I_vars(cert_info, PROXYCERTINFO *, PROXYCERTINFO_new);
00409   M_ASN1_D2I_Init();
00410   M_ASN1_D2I_start_sequence();
00411   M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1);
00412   M_ASN1_D2I_get_opt(ret->path_length, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
00413   //M_ASN1_D2I_get(ret->proxypolicy, (unsigned char**)d2i_PROXYPOLICY);
00414   c.q=c.p;
00415   if (d2i_PROXYPOLICY(&(ret->proxypolicy),(unsigned char**)&c.p,c.slen) == NULL)
00416    {c.line=__LINE__; goto err; }
00417   c.slen-=(c.p-c.q);
00418 
00419   ret->version = 4;
00420   M_ASN1_D2I_Finish(cert_info, PROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO);
00421 }
00422 
00423 PROXYCERTINFO * d2i_PROXYCERTINFO(PROXYCERTINFO ** cert_info, unsigned char ** pp, long length) {
00424   PROXYCERTINFO *info = d2i_PROXYCERTINFO_v3(cert_info, pp, length);
00425   if (!info)
00426     info = d2i_PROXYCERTINFO_v4(cert_info, pp, length);
00427   return info;
00428 }
00429 
00430 STACK_OF(CONF_VALUE) * i2v_PROXYCERTINFO(struct v3_ext_method* /* method */, 
00431     PROXYCERTINFO* ext, STACK_OF(CONF_VALUE)* extlist) {
00432   int     len = 128;
00433   char    tmp_string[128];
00434   if(!ext) {
00435     extlist = NULL;
00436     return extlist;
00437   }
00438   if(extlist == NULL) {
00439     extlist = sk_CONF_VALUE_new_null();
00440     if(extlist == NULL) { 
00441       return NULL;
00442     }
00443   }
00444   if(PROXYCERTINFO_get_path_length(ext) > -1) {
00445     memset(tmp_string, 0, len);
00446     BIO_snprintf(tmp_string, len, " %lu (0x%lx)",
00447         PROXYCERTINFO_get_path_length(ext),
00448         PROXYCERTINFO_get_path_length(ext));
00449     X509V3_add_value("Path Length", tmp_string, &extlist);
00450   }
00451   if(PROXYCERTINFO_get_proxypolicy(ext)) {
00452     i2v_PROXYPOLICY(PROXYPOLICY_x509v3_ext_meth(), PROXYCERTINFO_get_proxypolicy(ext), extlist);
00453   }
00454   return extlist;
00455 }
00456 
00457 /*
00458 //The i2r_PROXYCERTINFO and r2i_PROXYCERTINFO are introduced 
00459 //from openssl-0.9.8e (crypto/x509v3/V3_pci.c)
00460 int i2r_PROXYCERTINFO(X509V3_EXT_METHOD *method, PROXYCERTINFO *ext, BIO *out, int indent) {
00461   BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
00462   if (ext->path_length)
00463     i2a_ASN1_INTEGER(out, ext->path_length);
00464   else 
00465     BIO_printf(out, "infinite");
00466   BIO_puts(out, "\n");
00467   BIO_printf(out, "%*sPolicy Language: ", indent, "");
00468   i2a_ASN1_OBJECT(out, ext->proxypolicy->policy_language);
00469   BIO_puts(out, "\n");
00470   if (ext->proxypolicy->policy && ext->proxypolicy->policy->data)
00471     BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", ext->proxypolicy->policy->data);
00472   return 1;
00473 }
00474 
00475 static int process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language, 
00476     ASN1_INTEGER **pathlen, ASN1_OCTET_STRING **policy) {
00477   int free_policy = 0;
00478 
00479   if (strcmp(val->name, "language") == 0) {
00480     if (*language) {
00481       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
00482       X509V3_conf_err(val);
00483       return 0;
00484     }
00485     if (!(*language = OBJ_txt2obj(val->value, 0))) {
00486       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
00487       X509V3_conf_err(val);
00488       return 0;
00489     }
00490   }
00491   else if (strcmp(val->name, "pathlen") == 0) {
00492     if (*pathlen) {
00493       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
00494       X509V3_conf_err(val);
00495       return 0;
00496     }
00497     if (!X509V3_get_value_int(val, pathlen)) {
00498       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
00499       X509V3_conf_err(val);
00500       return 0;
00501     }
00502   }
00503   else if (strcmp(val->name, "policy") == 0) {
00504     unsigned char *tmp_data = NULL;
00505     long val_len;
00506     if (!*policy) {
00507       *policy = ASN1_OCTET_STRING_new();
00508       if (!*policy) {
00509         X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
00510        X509V3_conf_err(val);
00511        return 0;
00512       }
00513       free_policy = 1;
00514     }
00515     if (strncmp(val->value, "hex:", 4) == 0) {
00516       unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len);
00517       if (!tmp_data2) goto err;
00518 
00519       tmp_data = (unsigned char*) OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1);
00520       if (tmp_data) {
00521         (*policy)->data = tmp_data;
00522        memcpy(&(*policy)->data[(*policy)->length], tmp_data2, val_len);
00523        (*policy)->length += val_len;
00524        (*policy)->data[(*policy)->length] = '\0';
00525       }
00526     }
00527     else if (strncmp(val->value, "file:", 5) == 0) {
00528       unsigned char buf[2048];
00529       int n;
00530       BIO *b = BIO_new_file(val->value + 5, "r");
00531       if (!b) {
00532         X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
00533         X509V3_conf_err(val);
00534         goto err;
00535       }
00536       while((n = BIO_read(b, buf, sizeof(buf))) > 0 || (n == 0 && BIO_should_retry(b))){ 
00537         if (!n) continue;
00538         tmp_data = (unsigned char*) OPENSSL_realloc((*policy)->data, (*policy)->length + n + 1);
00539         if (!tmp_data) break;
00540         (*policy)->data = tmp_data;
00541         memcpy(&(*policy)->data[(*policy)->length], buf, n);
00542         (*policy)->length += n;
00543         (*policy)->data[(*policy)->length] = '\0';
00544       }
00545 
00546       if (n < 0) {
00547         X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
00548         X509V3_conf_err(val);
00549         goto err;
00550       }
00551     }
00552     else if (strncmp(val->value, "text:", 5) == 0) {
00553       val_len = strlen(val->value + 5);
00554       tmp_data = (unsigned char*) OPENSSL_realloc((*policy)->data,
00555       (*policy)->length + val_len + 1);
00556       if (tmp_data) {
00557         (*policy)->data = tmp_data;
00558         memcpy(&(*policy)->data[(*policy)->length], val->value + 5, val_len);
00559         (*policy)->length += val_len;
00560         (*policy)->data[(*policy)->length] = '\0';
00561       }
00562     }
00563     else {
00564       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
00565       X509V3_conf_err(val);
00566       goto err;
00567     }
00568     if (!tmp_data) {
00569       X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
00570       X509V3_conf_err(val);
00571       goto err;
00572     }
00573   }
00574   return 1;
00575 err:
00576   if (free_policy) {
00577     ASN1_OCTET_STRING_free(*policy);
00578     *policy = NULL;
00579   }
00580   return 0;
00581 }
00582 */
00583 
00584 /*
00585 PROXYCERTINFO *r2i_PROXYCERTINFO(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) {
00586   PROXYCERTINFO *ext = NULL;
00587   STACK_OF(CONF_VALUE) *vals;
00588   ASN1_OBJECT *language = NULL;
00589   ASN1_INTEGER *pathlen = NULL;
00590   ASN1_OCTET_STRING *policy = NULL;
00591   int i, j;
00592 
00593   vals = X509V3_parse_list(value);
00594   for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
00595     CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
00596     if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
00597       X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
00598       X509V3_conf_err(cnf);
00599       goto err;
00600     }
00601     if (*cnf->name == '@') {
00602       STACK_OF(CONF_VALUE) *sect;
00603       int success_p = 1;
00604       sect = X509V3_get_section(ctx, cnf->name + 1);
00605       if (!sect) {
00606         X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
00607        X509V3_conf_err(cnf);
00608        goto err;
00609       }
00610       for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
00611         success_p = process_pci_value(sk_CONF_VALUE_value(sect, j), &language, &pathlen, &policy);
00612       }
00613       X509V3_section_free(ctx, sect);
00614       if (!success_p) goto err;
00615     }
00616     else {
00617       if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
00618         X509V3_conf_err(cnf);
00619         goto err;
00620       }
00621     }
00622   }
00623 
00624   // Language is mandatory 
00625   if (!language) {
00626     X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
00627     goto err;
00628   }
00629   i = OBJ_obj2nid(language);
00630   if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
00631     X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
00632     goto err;
00633   }
00634   ext = PROXYCERTINFO_new();
00635   if (!ext) {
00636     X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
00637     goto err;
00638   }
00639   ext->proxypolicy = PROXYPOLICY_new();
00640   if (!ext->proxypolicy) {
00641     X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
00642     goto err;
00643   }
00644 
00645   ext->proxypolicy->policy_language = language; language = NULL;
00646   ext->proxypolicy->policy = policy; policy = NULL;
00647   ext->path_length = pathlen; pathlen = NULL;
00648   goto end;
00649 err:
00650   if (language) { ASN1_OBJECT_free(language); language = NULL; }
00651   if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
00652   if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
00653   if (ext && ext->proxypolicy) {
00654     PROXYPOLICY_free(ext->proxypolicy);
00655     ext->proxypolicy = NULL;
00656   }
00657   if (ext) { PROXYCERTINFO_free(ext); ext = NULL; }
00658 end:
00659   sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
00660   return ext;
00661 }
00662 */
00663 
00664 X509V3_EXT_METHOD * PROXYCERTINFO_v4_x509v3_ext_meth() {
00665     static X509V3_EXT_METHOD proxycertinfo_v4_x509v3_ext_meth =
00666     {
00667         -1,
00668         X509V3_EXT_MULTILINE,
00669         NULL,
00670         (X509V3_EXT_NEW) PROXYCERTINFO_new,
00671         (X509V3_EXT_FREE) PROXYCERTINFO_free,
00672         (X509V3_EXT_D2I) d2i_PROXYCERTINFO_v4,
00673         (X509V3_EXT_I2D) i2d_PROXYCERTINFO_v4,
00674         NULL, NULL,
00675         (X509V3_EXT_I2V) i2v_PROXYCERTINFO,
00676         NULL,
00677         NULL, //(X509V3_EXT_I2R) i2r_PROXYCERTINFO,
00678         NULL, //(X509V3_EXT_R2I) r2i_PROXYCERTINFO,
00679         NULL
00680     };
00681     return (&proxycertinfo_v4_x509v3_ext_meth);
00682 }
00683 
00684 X509V3_EXT_METHOD * PROXYCERTINFO_v3_x509v3_ext_meth() {
00685   static X509V3_EXT_METHOD proxycertinfo_v3_x509v3_ext_meth =
00686   {
00687     -1,
00688     X509V3_EXT_MULTILINE,
00689     NULL,
00690     (X509V3_EXT_NEW) PROXYCERTINFO_new,
00691     (X509V3_EXT_FREE) PROXYCERTINFO_free,
00692     (X509V3_EXT_D2I) d2i_PROXYCERTINFO_v3,
00693     (X509V3_EXT_I2D) i2d_PROXYCERTINFO_v3,
00694     NULL, NULL,
00695     (X509V3_EXT_I2V) i2v_PROXYCERTINFO,
00696     NULL,
00697     NULL, //(X509V3_EXT_I2R) i2r_PROXYCERTINFO,
00698     NULL, //(X509V3_EXT_R2I) r2i_PROXYCERTINFO,
00699     NULL
00700   };
00701   return (&proxycertinfo_v3_x509v3_ext_meth);
00702 }
00703 
00704 } //namespace ArcCredential