2 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/objects.h>
13 #include <openssl/x509.h>
14 #include <openssl/pem.h>
15 #include <openssl/x509v3.h>
16 #include <openssl/ocsp.h>
18 #include <openssl/asn1t.h>
20 /* Convert a certificate and its issuer to an OCSP_CERTID */
22 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
26 const ASN1_INTEGER *serial;
27 ASN1_BIT_STRING *ikey;
31 iname = X509_get_issuer_name(subject);
32 serial = X509_get0_serialNumber(subject);
34 iname = X509_get_subject_name(issuer);
37 ikey = X509_get0_pubkey_bitstr(issuer);
38 return OCSP_cert_id_new(dgst, iname, ikey, serial);
41 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
42 const X509_NAME *issuerName,
43 const ASN1_BIT_STRING *issuerKey,
44 const ASN1_INTEGER *serialNumber)
49 OCSP_CERTID *cid = NULL;
50 unsigned char md[EVP_MAX_MD_SIZE];
52 if ((cid = OCSP_CERTID_new()) == NULL)
55 alg = &cid->hashAlgorithm;
56 ASN1_OBJECT_free(alg->algorithm);
57 if ((nid = EVP_MD_type(dgst)) == NID_undef) {
58 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
61 if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
63 if ((alg->parameter = ASN1_TYPE_new()) == NULL)
65 alg->parameter->type = V_ASN1_NULL;
67 if (!X509_NAME_digest(issuerName, dgst, md, &i))
69 if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
72 /* Calculate the issuerKey hash, excluding tag and length */
73 if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
76 if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
80 if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
85 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
87 OCSP_CERTID_free(cid);
91 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
94 ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
97 ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
100 return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
103 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
106 ret = OCSP_id_issuer_cmp(a, b);
109 return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
113 * Parse a URL and split it up into host, port and path components and
117 int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
128 /* dup the buffer since we are going to mess with it */
129 buf = OPENSSL_strdup(url);
133 /* Check for initial colon */
134 p = strchr(buf, ':');
141 if (strcmp(buf, "http") == 0) {
144 } else if (strcmp(buf, "https") == 0) {
150 /* Check for double slash */
151 if ((p[0] != '/') || (p[1] != '/'))
158 /* Check for trailing part of path */
163 *ppath = OPENSSL_strdup("/");
165 *ppath = OPENSSL_strdup(p);
166 /* Set start of path to 0 so hostname is valid */
174 if (host[0] == '[') {
177 p = strchr(host, ']');
184 /* Look for optional ':' for port number */
185 if ((p = strchr(p, ':'))) {
190 *pport = OPENSSL_strdup(port);
194 *phost = OPENSSL_strdup(host);
204 OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
208 OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
212 OPENSSL_free(*ppath);
214 OPENSSL_free(*pport);
216 OPENSSL_free(*phost);
222 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)