1
/*
2
 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
/**
35
 * @page page_revoke Revocation methods
36
 *
37
 * There are two revocation method for PKIX/X.509: CRL and OCSP.
38
 * Revocation is needed if the private key is lost and
39
 * stolen. Depending on how picky you are, you might want to make
40
 * revocation for destroyed private keys too (smartcard broken), but
41
 * that should not be a problem.
42
 *
43
 * CRL is a list of certifiates that have expired.
44
 *
45
 * OCSP is an online checking method where the requestor sends a list
46
 * of certificates to the OCSP server to return a signed reply if they
47
 * are valid or not. Some services sends a OCSP reply as part of the
48
 * hand-shake to make the revoktion decision simpler/faster for the
49
 * client.
50
 */
51

52
#include "hx_locl.h"
53

54
struct revoke_crl {
55
    char *path;
56
    time_t last_modfied;
57
    CRLCertificateList crl;
58
    int verified;
59
    int failed_verify;
60
};
61

62
struct revoke_ocsp {
63
    char *path;
64
    time_t last_modfied;
65
    OCSPBasicOCSPResponse ocsp;
66
    hx509_certs certs;
67
    hx509_cert signer;
68
};
69

70

71
struct hx509_revoke_ctx_data {
72
    unsigned int ref;
73
    struct {
74
	struct revoke_crl *val;
75
	size_t len;
76
    } crls;
77
    struct {
78
	struct revoke_ocsp *val;
79
	size_t len;
80
    } ocsps;
81
};
82

83
/**
84
 * Allocate a revokation context. Free with hx509_revoke_free().
85
 *
86
 * @param context A hx509 context.
87
 * @param ctx returns a newly allocated revokation context.
88
 *
89
 * @return An hx509 error code, see hx509_get_error_string().
90
 *
91
 * @ingroup hx509_revoke
92
 */
93

94
int
95
hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx)
96
{
97
    *ctx = calloc(1, sizeof(**ctx));
98
    if (*ctx == NULL)
99
	return ENOMEM;
100

101
    (*ctx)->ref = 1;
102
    (*ctx)->crls.len = 0;
103
    (*ctx)->crls.val = NULL;
104
    (*ctx)->ocsps.len = 0;
105
    (*ctx)->ocsps.val = NULL;
106

107
    return 0;
108
}
109

110
hx509_revoke_ctx
111
_hx509_revoke_ref(hx509_revoke_ctx ctx)
112
{
113
    if (ctx == NULL)
114
	return NULL;
115
    if (ctx->ref == 0)
116
	_hx509_abort("revoke ctx refcount == 0 on ref");
117
    ctx->ref++;
118
    if (ctx->ref == UINT_MAX)
119
	_hx509_abort("revoke ctx refcount == UINT_MAX on ref");
120
    return ctx;
121
}
122

123
static void
124
free_ocsp(struct revoke_ocsp *ocsp)
125
{
126
    free(ocsp->path);
127
    free_OCSPBasicOCSPResponse(&ocsp->ocsp);
128
    hx509_certs_free(&ocsp->certs);
129
    hx509_cert_free(ocsp->signer);
130
}
131

132
/**
133
 * Free a hx509 revokation context.
134
 *
135
 * @param ctx context to be freed
136
 *
137
 * @ingroup hx509_revoke
138
 */
139

140
void
141
hx509_revoke_free(hx509_revoke_ctx *ctx)
142
{
143
    size_t i ;
144

145
    if (ctx == NULL || *ctx == NULL)
146
	return;
147

148
    if ((*ctx)->ref == 0)
149
	_hx509_abort("revoke ctx refcount == 0 on free");
150
    if (--(*ctx)->ref > 0)
151
	return;
152

153
    for (i = 0; i < (*ctx)->crls.len; i++) {
154
	free((*ctx)->crls.val[i].path);
155
	free_CRLCertificateList(&(*ctx)->crls.val[i].crl);
156
    }
157

158
    for (i = 0; i < (*ctx)->ocsps.len; i++)
159
	free_ocsp(&(*ctx)->ocsps.val[i]);
160
    free((*ctx)->ocsps.val);
161

162
    free((*ctx)->crls.val);
163

164
    memset(*ctx, 0, sizeof(**ctx));
165
    free(*ctx);
166
    *ctx = NULL;
167
}
168

169
static int
170
verify_ocsp(hx509_context context,
171
	    struct revoke_ocsp *ocsp,
172
	    time_t time_now,
173
	    hx509_certs certs,
174
	    hx509_cert parent)
175
{
176
    hx509_cert signer = NULL;
177
    hx509_query q;
178
    int ret;
179

180
    _hx509_query_clear(&q);
181

182
    /*
183
     * Need to match on issuer too in case there are two CA that have
184
     * issued the same name to a certificate. One example of this is
185
     * the www.openvalidation.org test's ocsp validator.
186
     */
187

188
    q.match = HX509_QUERY_MATCH_ISSUER_NAME;
189
    q.issuer_name = &_hx509_get_cert(parent)->tbsCertificate.issuer;
190

191
    switch(ocsp->ocsp.tbsResponseData.responderID.element) {
192
    case choice_OCSPResponderID_byName:
193
	q.match |= HX509_QUERY_MATCH_SUBJECT_NAME;
194
	q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName;
195
	break;
196
    case choice_OCSPResponderID_byKey:
197
	q.match |= HX509_QUERY_MATCH_KEY_HASH_SHA1;
198
	q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
199
	break;
200
    }
201

202
    ret = hx509_certs_find(context, certs, &q, &signer);
203
    if (ret && ocsp->certs)
204
	ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
205
    if (ret)
206
	goto out;
207

208
    /*
209
     * If signer certificate isn't the CA certificate, lets check the
210
     * it is the CA that signed the signer certificate and the OCSP EKU
211
     * is set.
212
     */
213
    if (hx509_cert_cmp(signer, parent) != 0) {
214
	Certificate *p = _hx509_get_cert(parent);
215
	Certificate *s = _hx509_get_cert(signer);
216

217
	ret = _hx509_cert_is_parent_cmp(s, p, 0);
218
	if (ret != 0) {
219
	    ret = HX509_PARENT_NOT_CA;
220
	    hx509_set_error_string(context, 0, ret, "Revoke OCSP signer is "
221
				   "doesn't have CA as signer certificate");
222
	    goto out;
223
	}
224

225
	ret = _hx509_verify_signature_bitstring(context,
226
						parent,
227
						&s->signatureAlgorithm,
228
						&s->tbsCertificate._save,
229
						&s->signatureValue);
230
	if (ret) {
231
	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
232
				   "OCSP signer signature invalid");
233
	    goto out;
234
	}
235

236
	ret = hx509_cert_check_eku(context, signer,
237
				   &asn1_oid_id_pkix_kp_OCSPSigning, 0);
238
	if (ret)
239
	    goto out;
240
    }
241

242
    ret = _hx509_verify_signature_bitstring(context,
243
					    signer,
244
					    &ocsp->ocsp.signatureAlgorithm,
245
					    &ocsp->ocsp.tbsResponseData._save,
246
					    &ocsp->ocsp.signature);
247
    if (ret) {
248
	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
249
			       "OCSP signature invalid");
250
	goto out;
251
    }
252

253
    ocsp->signer = signer;
254
    signer = NULL;
255
out:
256
    if (signer)
257
	hx509_cert_free(signer);
258

259
    return ret;
260
}
261

262
/*
263
 *
264
 */
265

266
static int
267
parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
268
{
269
    OCSPResponse resp;
270
    size_t size;
271
    int ret;
272

273
    memset(basic, 0, sizeof(*basic));
274

275
    ret = decode_OCSPResponse(data, length, &resp, &size);
276
    if (ret)
277
	return ret;
278
    if (length != size) {
279
	free_OCSPResponse(&resp);
280
	return ASN1_EXTRA_DATA;
281
    }
282

283
    switch (resp.responseStatus) {
284
    case successful:
285
	break;
286
    default:
287
	free_OCSPResponse(&resp);
288
	return HX509_REVOKE_WRONG_DATA;
289
    }
290

291
    if (resp.responseBytes == NULL) {
292
	free_OCSPResponse(&resp);
293
	return EINVAL;
294
    }
295

296
    ret = der_heim_oid_cmp(&resp.responseBytes->responseType,
297
			   &asn1_oid_id_pkix_ocsp_basic);
298
    if (ret != 0) {
299
	free_OCSPResponse(&resp);
300
	return HX509_REVOKE_WRONG_DATA;
301
    }
302

303
    ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data,
304
				       resp.responseBytes->response.length,
305
				       basic,
306
				       &size);
307
    if (ret) {
308
	free_OCSPResponse(&resp);
309
	return ret;
310
    }
311
    if (size != resp.responseBytes->response.length) {
312
	free_OCSPResponse(&resp);
313
	free_OCSPBasicOCSPResponse(basic);
314
	return ASN1_EXTRA_DATA;
315
    }
316
    free_OCSPResponse(&resp);
317

318
    return 0;
319
}
320

321
/*
322
 *
323
 */
324

325
static int
326
load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
327
{
328
    OCSPBasicOCSPResponse basic;
329
    hx509_certs certs = NULL;
330
    size_t length;
331
    struct stat sb;
332
    void *data;
333
    int ret;
334

335
    ret = rk_undumpdata(ocsp->path, &data, &length);
336
    if (ret)
337
	return ret;
338

339
    ret = stat(ocsp->path, &sb);
340
    if (ret)
341
	return errno;
342

343
    ret = parse_ocsp_basic(data, length, &basic);
344
    rk_xfree(data);
345
    if (ret) {
346
	hx509_set_error_string(context, 0, ret,
347
			       "Failed to parse OCSP response");
348
	return ret;
349
    }
350

351
    if (basic.certs) {
352
	size_t i;
353

354
	ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
355
			       NULL, &certs);
356
	if (ret) {
357
	    free_OCSPBasicOCSPResponse(&basic);
358
	    return ret;
359
	}
360

361
	for (i = 0; i < basic.certs->len; i++) {
362
	    hx509_cert c;
363

364
	    ret = hx509_cert_init(context, &basic.certs->val[i], &c);
365
	    if (ret)
366
		continue;
367

368
	    ret = hx509_certs_add(context, certs, c);
369
	    hx509_cert_free(c);
370
	    if (ret)
371
		continue;
372
	}
373
    }
374

375
    ocsp->last_modfied = sb.st_mtime;
376

377
    free_OCSPBasicOCSPResponse(&ocsp->ocsp);
378
    hx509_certs_free(&ocsp->certs);
379
    hx509_cert_free(ocsp->signer);
380

381
    ocsp->ocsp = basic;
382
    ocsp->certs = certs;
383
    ocsp->signer = NULL;
384

385
    return 0;
386
}
387

388
/**
389
 * Add a OCSP file to the revokation context.
390
 *
391
 * @param context hx509 context
392
 * @param ctx hx509 revokation context
393
 * @param path path to file that is going to be added to the context.
394
 *
395
 * @return An hx509 error code, see hx509_get_error_string().
396
 *
397
 * @ingroup hx509_revoke
398
 */
399

400
int
401
hx509_revoke_add_ocsp(hx509_context context,
402
		      hx509_revoke_ctx ctx,
403
		      const char *path)
404
{
405
    void *data;
406
    int ret;
407
    size_t i;
408

409
    if (strncmp(path, "FILE:", 5) != 0) {
410
	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
411
			       "unsupport type in %s", path);
412
	return HX509_UNSUPPORTED_OPERATION;
413
    }
414

415
    path += 5;
416

417
    for (i = 0; i < ctx->ocsps.len; i++) {
418
	if (strcmp(ctx->ocsps.val[0].path, path) == 0)
419
	    return 0;
420
    }
421

422
    data = realloc(ctx->ocsps.val,
423
		   (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0]));
424
    if (data == NULL) {
425
	hx509_clear_error_string(context);
426
	return ENOMEM;
427
    }
428

429
    ctx->ocsps.val = data;
430

431
    memset(&ctx->ocsps.val[ctx->ocsps.len], 0,
432
	   sizeof(ctx->ocsps.val[0]));
433

434
    ctx->ocsps.val[ctx->ocsps.len].path = strdup(path);
435
    if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) {
436
	hx509_clear_error_string(context);
437
	return ENOMEM;
438
    }
439

440
    ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]);
441
    if (ret) {
442
	free(ctx->ocsps.val[ctx->ocsps.len].path);
443
	return ret;
444
    }
445
    ctx->ocsps.len++;
446

447
    return ret;
448
}
449

450
/*
451
 *
452
 */
453

454
static int
455
verify_crl(hx509_context context,
456
	   hx509_revoke_ctx ctx,
457
	   CRLCertificateList *crl,
458
	   time_t time_now,
459
	   hx509_certs certs,
460
	   hx509_cert parent)
461
{
462
    hx509_cert signer;
463
    hx509_query q;
464
    time_t t;
465
    int ret;
466

467
    t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate);
468
    if (t > time_now) {
469
	hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME,
470
			       "CRL used before time");
471
	return HX509_CRL_USED_BEFORE_TIME;
472
    }
473

474
    if (crl->tbsCertList.nextUpdate == NULL) {
475
	hx509_set_error_string(context, 0, HX509_CRL_INVALID_FORMAT,
476
			       "CRL missing nextUpdate");
477
	return HX509_CRL_INVALID_FORMAT;
478
    }
479

480
    t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate);
481
    if (t < time_now) {
482
	hx509_set_error_string(context, 0, HX509_CRL_USED_AFTER_TIME,
483
			       "CRL used after time");
484
	return HX509_CRL_USED_AFTER_TIME;
485
    }
486

487
    _hx509_query_clear(&q);
488

489
    /*
490
     * If it's the signer have CRLSIGN bit set, use that as the signer
491
     * cert for the certificate, otherwise, search for a certificate.
492
     */
493
    if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) {
494
	signer = hx509_cert_ref(parent);
495
    } else {
496
	q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
497
	q.match |= HX509_QUERY_KU_CRLSIGN;
498
	q.subject_name = &crl->tbsCertList.issuer;
499

500
	ret = hx509_certs_find(context, certs, &q, &signer);
501
	if (ret) {
502
	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
503
				   "Failed to find certificate for CRL");
504
	    return ret;
505
	}
506
    }
507

508
    ret = _hx509_verify_signature_bitstring(context,
509
					    signer,
510
					    &crl->signatureAlgorithm,
511
					    &crl->tbsCertList._save,
512
					    &crl->signatureValue);
513
    if (ret) {
514
	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
515
			       "CRL signature invalid");
516
	goto out;
517
    }
518

519
    /*
520
     * If signer is not CA cert, need to check revoke status of this
521
     * CRL signing cert too, this include all parent CRL signer cert
522
     * up to the root *sigh*, assume root at least hve CERTSIGN flag
523
     * set.
524
     */
525
    while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) {
526
	hx509_cert crl_parent;
527

528
	_hx509_query_clear(&q);
529

530
	q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
531
	q.match |= HX509_QUERY_KU_CRLSIGN;
532
	q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer;
533

534
	ret = hx509_certs_find(context, certs, &q, &crl_parent);
535
	if (ret) {
536
	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
537
				   "Failed to find parent of CRL signer");
538
	    goto out;
539
	}
540

541
	ret = hx509_revoke_verify(context,
542
				  ctx,
543
				  certs,
544
				  time_now,
545
				  signer,
546
				  crl_parent);
547
	hx509_cert_free(signer);
548
	signer = crl_parent;
549
	if (ret) {
550
	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
551
				   "Failed to verify revoke "
552
				   "status of CRL signer");
553
	    goto out;
554
	}
555
    }
556

557
out:
558
    hx509_cert_free(signer);
559

560
    return ret;
561
}
562

563
static int
564
load_crl(const char *path, time_t *t, CRLCertificateList *crl)
565
{
566
    size_t length, size;
567
    struct stat sb;
568
    void *data;
569
    int ret;
570

571
    memset(crl, 0, sizeof(*crl));
572

573
    ret = rk_undumpdata(path, &data, &length);
574
    if (ret)
575
	return ret;
576

577
    ret = stat(path, &sb);
578
    if (ret)
579
	return errno;
580

581
    *t = sb.st_mtime;
582

583
    ret = decode_CRLCertificateList(data, length, crl, &size);
584
    rk_xfree(data);
585
    if (ret)
586
	return ret;
587

588
    /* check signature is aligned */
589
    if (crl->signatureValue.length & 7) {
590
	free_CRLCertificateList(crl);
591
	return HX509_CRYPTO_SIG_INVALID_FORMAT;
592
    }
593
    return 0;
594
}
595

596
/**
597
 * Add a CRL file to the revokation context.
598
 *
599
 * @param context hx509 context
600
 * @param ctx hx509 revokation context
601
 * @param path path to file that is going to be added to the context.
602
 *
603
 * @return An hx509 error code, see hx509_get_error_string().
604
 *
605
 * @ingroup hx509_revoke
606
 */
607

608
int
609
hx509_revoke_add_crl(hx509_context context,
610
		     hx509_revoke_ctx ctx,
611
		     const char *path)
612
{
613
    void *data;
614
    size_t i;
615
    int ret;
616

617
    if (strncmp(path, "FILE:", 5) != 0) {
618
	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
619
			       "unsupport type in %s", path);
620
	return HX509_UNSUPPORTED_OPERATION;
621
    }
622

623

624
    path += 5;
625

626
    for (i = 0; i < ctx->crls.len; i++) {
627
	if (strcmp(ctx->crls.val[0].path, path) == 0)
628
	    return 0;
629
    }
630

631
    data = realloc(ctx->crls.val,
632
		   (ctx->crls.len + 1) * sizeof(ctx->crls.val[0]));
633
    if (data == NULL) {
634
	hx509_clear_error_string(context);
635
	return ENOMEM;
636
    }
637
    ctx->crls.val = data;
638

639
    memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0]));
640

641
    ctx->crls.val[ctx->crls.len].path = strdup(path);
642
    if (ctx->crls.val[ctx->crls.len].path == NULL) {
643
	hx509_clear_error_string(context);
644
	return ENOMEM;
645
    }
646

647
    ret = load_crl(path,
648
		   &ctx->crls.val[ctx->crls.len].last_modfied,
649
		   &ctx->crls.val[ctx->crls.len].crl);
650
    if (ret) {
651
	free(ctx->crls.val[ctx->crls.len].path);
652
	return ret;
653
    }
654

655
    ctx->crls.len++;
656

657
    return ret;
658
}
659

660
/**
661
 * Check that a certificate is not expired according to a revokation
662
 * context. Also need the parent certificte to the check OCSP
663
 * parent identifier.
664
 *
665
 * @param context hx509 context
666
 * @param ctx hx509 revokation context
667
 * @param certs
668
 * @param now
669
 * @param cert
670
 * @param parent_cert
671
 *
672
 * @return An hx509 error code, see hx509_get_error_string().
673
 *
674
 * @ingroup hx509_revoke
675
 */
676

677

678
int
679
hx509_revoke_verify(hx509_context context,
680
		    hx509_revoke_ctx ctx,
681
		    hx509_certs certs,
682
		    time_t now,
683
		    hx509_cert cert,
684
		    hx509_cert parent_cert)
685
{
686
    const Certificate *c = _hx509_get_cert(cert);
687
    const Certificate *p = _hx509_get_cert(parent_cert);
688
    unsigned long i, j, k;
689
    int ret;
690

691
    hx509_clear_error_string(context);
692

693
    for (i = 0; i < ctx->ocsps.len; i++) {
694
	struct revoke_ocsp *ocsp = &ctx->ocsps.val[i];
695
	struct stat sb;
696

697
	/* check this ocsp apply to this cert */
698

699
	/* check if there is a newer version of the file */
700
	ret = stat(ocsp->path, &sb);
701
	if (ret == 0 && ocsp->last_modfied != sb.st_mtime) {
702
	    ret = load_ocsp(context, ocsp);
703
	    if (ret)
704
		continue;
705
	}
706

707
	/* verify signature in ocsp if not already done */
708
	if (ocsp->signer == NULL) {
709
	    ret = verify_ocsp(context, ocsp, now, certs, parent_cert);
710
	    if (ret)
711
		continue;
712
	}
713

714
	for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) {
715
	    heim_octet_string os;
716

717
	    ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber,
718
				   &c->tbsCertificate.serialNumber);
719
	    if (ret != 0)
720
		continue;
721

722
	    /* verify issuer hashes hash */
723
	    ret = _hx509_verify_signature(context,
724
					  NULL,
725
					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
726
					  &c->tbsCertificate.issuer._save,
727
					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
728
	    if (ret != 0)
729
		continue;
730

731
	    os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
732
	    os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
733

734
	    ret = _hx509_verify_signature(context,
735
					  NULL,
736
					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm,
737
					  &os,
738
					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash);
739
	    if (ret != 0)
740
		continue;
741

742
	    switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) {
743
	    case choice_OCSPCertStatus_good:
744
		break;
745
	    case choice_OCSPCertStatus_revoked:
746
		hx509_set_error_string(context, 0,
747
				       HX509_CERT_REVOKED,
748
				       "Certificate revoked by issuer in OCSP");
749
		return HX509_CERT_REVOKED;
750
	    case choice_OCSPCertStatus_unknown:
751
		continue;
752
	    }
753

754
	    /* don't allow the update to be in the future */
755
	    if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate >
756
		now + context->ocsp_time_diff)
757
		continue;
758

759
	    /* don't allow the next update to be in the past */
760
	    if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
761
		if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
762
		    continue;
763
	    } /* else should force a refetch, but can we ? */
764

765
	    return 0;
766
	}
767
    }
768

769
    for (i = 0; i < ctx->crls.len; i++) {
770
	struct revoke_crl *crl = &ctx->crls.val[i];
771
	struct stat sb;
772
	int diff;
773

774
	/* check if cert.issuer == crls.val[i].crl.issuer */
775
	ret = _hx509_name_cmp(&c->tbsCertificate.issuer,
776
			      &crl->crl.tbsCertList.issuer, &diff);
777
	if (ret || diff)
778
	    continue;
779

780
	ret = stat(crl->path, &sb);
781
	if (ret == 0 && crl->last_modfied != sb.st_mtime) {
782
	    CRLCertificateList cl;
783

784
	    ret = load_crl(crl->path, &crl->last_modfied, &cl);
785
	    if (ret == 0) {
786
		free_CRLCertificateList(&crl->crl);
787
		crl->crl = cl;
788
		crl->verified = 0;
789
		crl->failed_verify = 0;
790
	    }
791
	}
792
	if (crl->failed_verify)
793
	    continue;
794

795
	/* verify signature in crl if not already done */
796
	if (crl->verified == 0) {
797
	    ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert);
798
	    if (ret) {
799
		crl->failed_verify = 1;
800
		continue;
801
	    }
802
	    crl->verified = 1;
803
	}
804

805
	if (crl->crl.tbsCertList.crlExtensions) {
806
	    for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) {
807
		if (crl->crl.tbsCertList.crlExtensions->val[j].critical) {
808
		    hx509_set_error_string(context, 0,
809
					   HX509_CRL_UNKNOWN_EXTENSION,
810
					   "Unknown CRL extension");
811
		    return HX509_CRL_UNKNOWN_EXTENSION;
812
		}
813
	    }
814
	}
815

816
	if (crl->crl.tbsCertList.revokedCertificates == NULL)
817
	    return 0;
818

819
	/* check if cert is in crl */
820
	for (j = 0; j < crl->crl.tbsCertList.revokedCertificates->len; j++) {
821
	    time_t t;
822

823
	    ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate,
824
				       &c->tbsCertificate.serialNumber);
825
	    if (ret != 0)
826
		continue;
827

828
	    t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
829
	    if (t > now)
830
		continue;
831

832
	    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
833
		for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
834
		    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
835
			return HX509_CRL_UNKNOWN_EXTENSION;
836

837
	    hx509_set_error_string(context, 0,
838
				   HX509_CERT_REVOKED,
839
				   "Certificate revoked by issuer in CRL");
840
	    return HX509_CERT_REVOKED;
841
	}
842

843
	return 0;
844
    }
845

846

847
    if (context->flags & HX509_CTX_VERIFY_MISSING_OK)
848
	return 0;
849
    hx509_set_error_string(context, HX509_ERROR_APPEND,
850
			   HX509_REVOKE_STATUS_MISSING,
851
			   "No revoke status found for "
852
			   "certificates");
853
    return HX509_REVOKE_STATUS_MISSING;
854
}
855

856
struct ocsp_add_ctx {
857
    OCSPTBSRequest *req;
858
    hx509_certs certs;
859
    const AlgorithmIdentifier *digest;
860
    hx509_cert parent;
861
};
862

863
static int
864
add_to_req(hx509_context context, void *ptr, hx509_cert cert)
865
{
866
    struct ocsp_add_ctx *ctx = ptr;
867
    OCSPInnerRequest *one;
868
    hx509_cert parent = NULL;
869
    Certificate *p, *c = _hx509_get_cert(cert);
870
    heim_octet_string os;
871
    int ret;
872
    hx509_query q;
873
    void *d;
874

875
    d = realloc(ctx->req->requestList.val,
876
		sizeof(ctx->req->requestList.val[0]) *
877
		(ctx->req->requestList.len + 1));
878
    if (d == NULL)
879
	return ENOMEM;
880
    ctx->req->requestList.val = d;
881

882
    one = &ctx->req->requestList.val[ctx->req->requestList.len];
883
    memset(one, 0, sizeof(*one));
884

885
    _hx509_query_clear(&q);
886

887
    q.match |= HX509_QUERY_FIND_ISSUER_CERT;
888
    q.subject = c;
889

890
    ret = hx509_certs_find(context, ctx->certs, &q, &parent);
891
    if (ret)
892
	goto out;
893

894
    if (ctx->parent) {
895
	if (hx509_cert_cmp(ctx->parent, parent) != 0) {
896
	    ret = HX509_REVOKE_NOT_SAME_PARENT;
897
	    hx509_set_error_string(context, 0, ret,
898
				   "Not same parent certifate as "
899
				   "last certificate in request");
900
	    goto out;
901
	}
902
    } else
903
	ctx->parent = hx509_cert_ref(parent);
904

905
    p = _hx509_get_cert(parent);
906

907
    ret = copy_AlgorithmIdentifier(ctx->digest, &one->reqCert.hashAlgorithm);
908
    if (ret)
909
	goto out;
910

911
    ret = _hx509_create_signature(context,
912
				  NULL,
913
				  &one->reqCert.hashAlgorithm,
914
				  &c->tbsCertificate.issuer._save,
915
				  NULL,
916
				  &one->reqCert.issuerNameHash);
917
    if (ret)
918
	goto out;
919

920
    os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
921
    os.length =
922
	p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
923

924
    ret = _hx509_create_signature(context,
925
				  NULL,
926
				  &one->reqCert.hashAlgorithm,
927
				  &os,
928
				  NULL,
929
				  &one->reqCert.issuerKeyHash);
930
    if (ret)
931
	goto out;
932

933
    ret = copy_CertificateSerialNumber(&c->tbsCertificate.serialNumber,
934
				       &one->reqCert.serialNumber);
935
    if (ret)
936
	goto out;
937

938
    ctx->req->requestList.len++;
939
out:
940
    hx509_cert_free(parent);
941
    if (ret) {
942
	free_OCSPInnerRequest(one);
943
	memset(one, 0, sizeof(*one));
944
    }
945

946
    return ret;
947
}
948

949
/**
950
 * Create an OCSP request for a set of certificates.
951
 *
952
 * @param context a hx509 context
953
 * @param reqcerts list of certificates to request ocsp data for
954
 * @param pool certificate pool to use when signing
955
 * @param signer certificate to use to sign the request
956
 * @param digest the signing algorithm in the request, if NULL use the
957
 * default signature algorithm,
958
 * @param request the encoded request, free with free_heim_octet_string().
959
 * @param nonce nonce in the request, free with free_heim_octet_string().
960
 *
961
 * @return An hx509 error code, see hx509_get_error_string().
962
 *
963
 * @ingroup hx509_revoke
964
 */
965

966
int
967
hx509_ocsp_request(hx509_context context,
968
		   hx509_certs reqcerts,
969
		   hx509_certs pool,
970
		   hx509_cert signer,
971
		   const AlgorithmIdentifier *digest,
972
		   heim_octet_string *request,
973
		   heim_octet_string *nonce)
974
{
975
    OCSPRequest req;
976
    size_t size;
977
    int ret;
978
    struct ocsp_add_ctx ctx;
979
    Extensions *es;
980

981
    memset(&req, 0, sizeof(req));
982

983
    if (digest == NULL)
984
	digest = _hx509_crypto_default_digest_alg;
985

986
    ctx.req = &req.tbsRequest;
987
    ctx.certs = pool;
988
    ctx.digest = digest;
989
    ctx.parent = NULL;
990

991
    ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx);
992
    hx509_cert_free(ctx.parent);
993
    if (ret)
994
	goto out;
995

996
    if (nonce) {
997
	req.tbsRequest.requestExtensions =
998
	    calloc(1, sizeof(*req.tbsRequest.requestExtensions));
999
	if (req.tbsRequest.requestExtensions == NULL) {
1000
	    ret = ENOMEM;
1001
	    goto out;
1002
	}
1003

1004
	es = req.tbsRequest.requestExtensions;
1005

1006
	es->val = calloc(es->len, sizeof(es->val[0]));
1007
	if (es->val == NULL) {
1008
	    ret = ENOMEM;
1009
	    goto out;
1010
	}
1011
	es->len = 1;
1012
	ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
1013
	if (ret) {
1014
	    free_OCSPRequest(&req);
1015
	    return ret;
1016
	}
1017

1018
	es->val[0].extnValue.data = malloc(10);
1019
	if (es->val[0].extnValue.data == NULL) {
1020
	    ret = ENOMEM;
1021
	    goto out;
1022
	}
1023
	es->val[0].extnValue.length = 10;
1024

1025
	ret = RAND_bytes(es->val[0].extnValue.data,
1026
			 es->val[0].extnValue.length);
1027
	if (ret != 1) {
1028
	    ret = HX509_CRYPTO_INTERNAL_ERROR;
1029
	    goto out;
1030
	}
1031
	ret = der_copy_octet_string(nonce, &es->val[0].extnValue);
1032
	if (ret) {
1033
	    ret = ENOMEM;
1034
	    goto out;
1035
	}
1036
    }
1037

1038
    ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length,
1039
		       &req, &size, ret);
1040
    free_OCSPRequest(&req);
1041
    if (ret)
1042
	goto out;
1043
    if (size != request->length)
1044
	_hx509_abort("internal ASN.1 encoder error");
1045

1046
    return 0;
1047

1048
out:
1049
    free_OCSPRequest(&req);
1050
    return ret;
1051
}
1052

1053
static char *
1054
printable_time(time_t t)
1055
{
1056
    static char s[128];
1057
    char *p;
1058
    if ((p = ctime(&t)) == NULL)
1059
       strlcpy(s, "?", sizeof(s));
1060
    else {
1061
       strlcpy(s, p + 4, sizeof(s));
1062
       s[20] = 0;
1063
    }
1064
    return s;
1065
}
1066

1067
/**
1068
 * Print the OCSP reply stored in a file.
1069
 *
1070
 * @param context a hx509 context
1071
 * @param path path to a file with a OCSP reply
1072
 * @param out the out FILE descriptor to print the reply on
1073
 *
1074
 * @return An hx509 error code, see hx509_get_error_string().
1075
 *
1076
 * @ingroup hx509_revoke
1077
 */
1078

1079
int
1080
hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
1081
{
1082
    struct revoke_ocsp ocsp;
1083
    int ret;
1084
    size_t i;
1085

1086
    if (out == NULL)
1087
	out = stdout;
1088

1089
    memset(&ocsp, 0, sizeof(ocsp));
1090

1091
    ocsp.path = strdup(path);
1092
    if (ocsp.path == NULL)
1093
	return ENOMEM;
1094

1095
    ret = load_ocsp(context, &ocsp);
1096
    if (ret) {
1097
	free_ocsp(&ocsp);
1098
	return ret;
1099
    }
1100

1101
    fprintf(out, "signer: ");
1102

1103
    switch(ocsp.ocsp.tbsResponseData.responderID.element) {
1104
    case choice_OCSPResponderID_byName: {
1105
	hx509_name n;
1106
	char *s;
1107
	_hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n);
1108
	hx509_name_to_string(n, &s);
1109
	hx509_name_free(&n);
1110
	fprintf(out, " byName: %s\n", s);
1111
	free(s);
1112
	break;
1113
    }
1114
    case choice_OCSPResponderID_byKey: {
1115
	char *s;
1116
	hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data,
1117
		   ocsp.ocsp.tbsResponseData.responderID.u.byKey.length,
1118
		   &s);
1119
	fprintf(out, " byKey: %s\n", s);
1120
	free(s);
1121
	break;
1122
    }
1123
    default:
1124
	_hx509_abort("choice_OCSPResponderID unknown");
1125
	break;
1126
    }
1127

1128
    fprintf(out, "producedAt: %s\n",
1129
	    printable_time(ocsp.ocsp.tbsResponseData.producedAt));
1130

1131
    fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
1132

1133
    for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) {
1134
	const char *status;
1135
	switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) {
1136
	case choice_OCSPCertStatus_good:
1137
	    status = "good";
1138
	    break;
1139
	case choice_OCSPCertStatus_revoked:
1140
	    status = "revoked";
1141
	    break;
1142
	case choice_OCSPCertStatus_unknown:
1143
	    status = "unknown";
1144
	    break;
1145
	default:
1146
	    status = "element unknown";
1147
	}
1148

1149
	fprintf(out, "\t%zu. status: %s\n", i, status);
1150

1151
	fprintf(out, "\tthisUpdate: %s\n",
1152
		printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
1153
	if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
1154
	    fprintf(out, "\tproducedAt: %s\n",
1155
		    printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
1156

1157
    }
1158

1159
    fprintf(out, "appended certs:\n");
1160
    if (ocsp.certs)
1161
	ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
1162

1163
    free_ocsp(&ocsp);
1164
    return ret;
1165
}
1166

1167
/**
1168
 * Verify that the certificate is part of the OCSP reply and it's not
1169
 * expired. Doesn't verify signature the OCSP reply or it's done by a
1170
 * authorized sender, that is assumed to be already done.
1171
 *
1172
 * @param context a hx509 context
1173
 * @param now the time right now, if 0, use the current time.
1174
 * @param cert the certificate to verify
1175
 * @param flags flags control the behavior
1176
 * @param data pointer to the encode ocsp reply
1177
 * @param length the length of the encode ocsp reply
1178
 * @param expiration return the time the OCSP will expire and need to
1179
 * be rechecked.
1180
 *
1181
 * @return An hx509 error code, see hx509_get_error_string().
1182
 *
1183
 * @ingroup hx509_verify
1184
 */
1185

1186
int
1187
hx509_ocsp_verify(hx509_context context,
1188
		  time_t now,
1189
		  hx509_cert cert,
1190
		  int flags,
1191
		  const void *data, size_t length,
1192
		  time_t *expiration)
1193
{
1194
    const Certificate *c = _hx509_get_cert(cert);
1195
    OCSPBasicOCSPResponse basic;
1196
    int ret;
1197
    size_t i;
1198

1199
    if (now == 0)
1200
	now = time(NULL);
1201

1202
    *expiration = 0;
1203

1204
    ret = parse_ocsp_basic(data, length, &basic);
1205
    if (ret) {
1206
	hx509_set_error_string(context, 0, ret,
1207
			       "Failed to parse OCSP response");
1208
	return ret;
1209
    }
1210

1211
    for (i = 0; i < basic.tbsResponseData.responses.len; i++) {
1212

1213
	ret = der_heim_integer_cmp(&basic.tbsResponseData.responses.val[i].certID.serialNumber,
1214
			       &c->tbsCertificate.serialNumber);
1215
	if (ret != 0)
1216
	    continue;
1217

1218
	/* verify issuer hashes hash */
1219
	ret = _hx509_verify_signature(context,
1220
				      NULL,
1221
				      &basic.tbsResponseData.responses.val[i].certID.hashAlgorithm,
1222
				      &c->tbsCertificate.issuer._save,
1223
				      &basic.tbsResponseData.responses.val[i].certID.issuerNameHash);
1224
	if (ret != 0)
1225
	    continue;
1226

1227
	switch (basic.tbsResponseData.responses.val[i].certStatus.element) {
1228
	case choice_OCSPCertStatus_good:
1229
	    break;
1230
	case choice_OCSPCertStatus_revoked:
1231
	case choice_OCSPCertStatus_unknown:
1232
	    continue;
1233
	}
1234

1235
	/* don't allow the update to be in the future */
1236
	if (basic.tbsResponseData.responses.val[i].thisUpdate >
1237
	    now + context->ocsp_time_diff)
1238
	    continue;
1239

1240
	/* don't allow the next update to be in the past */
1241
	if (basic.tbsResponseData.responses.val[i].nextUpdate) {
1242
	    if (*basic.tbsResponseData.responses.val[i].nextUpdate < now)
1243
		continue;
1244
	    *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate;
1245
	} else
1246
	    *expiration = now;
1247

1248
	free_OCSPBasicOCSPResponse(&basic);
1249
	return 0;
1250
    }
1251

1252
    free_OCSPBasicOCSPResponse(&basic);
1253

1254
    {
1255
	hx509_name name;
1256
	char *subject;
1257

1258
	ret = hx509_cert_get_subject(cert, &name);
1259
	if (ret) {
1260
	    hx509_clear_error_string(context);
1261
	    goto out;
1262
	}
1263
	ret = hx509_name_to_string(name, &subject);
1264
	hx509_name_free(&name);
1265
	if (ret) {
1266
	    hx509_clear_error_string(context);
1267
	    goto out;
1268
	}
1269
	hx509_set_error_string(context, 0, HX509_CERT_NOT_IN_OCSP,
1270
			       "Certificate %s not in OCSP response "
1271
			       "or not good",
1272
			       subject);
1273
	free(subject);
1274
    }
1275
out:
1276
    return HX509_CERT_NOT_IN_OCSP;
1277
}
1278

1279
struct hx509_crl {
1280
    hx509_certs revoked;
1281
    time_t expire;
1282
};
1283

1284
/**
1285
 * Create a CRL context. Use hx509_crl_free() to free the CRL context.
1286
 *
1287
 * @param context a hx509 context.
1288
 * @param crl return pointer to a newly allocated CRL context.
1289
 *
1290
 * @return An hx509 error code, see hx509_get_error_string().
1291
 *
1292
 * @ingroup hx509_verify
1293
 */
1294

1295
int
1296
hx509_crl_alloc(hx509_context context, hx509_crl *crl)
1297
{
1298
    int ret;
1299

1300
    *crl = calloc(1, sizeof(**crl));
1301
    if (*crl == NULL) {
1302
	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1303
	return ENOMEM;
1304
    }
1305

1306
    ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked);
1307
    if (ret) {
1308
	free(*crl);
1309
	*crl = NULL;
1310
	return ret;
1311
    }
1312
    (*crl)->expire = 0;
1313
    return ret;
1314
}
1315

1316
/**
1317
 * Add revoked certificate to an CRL context.
1318
 *
1319
 * @param context a hx509 context.
1320
 * @param crl the CRL to add the revoked certificate to.
1321
 * @param certs keyset of certificate to revoke.
1322
 *
1323
 * @return An hx509 error code, see hx509_get_error_string().
1324
 *
1325
 * @ingroup hx509_verify
1326
 */
1327

1328
int
1329
hx509_crl_add_revoked_certs(hx509_context context,
1330
			    hx509_crl crl,
1331
			    hx509_certs certs)
1332
{
1333
    return hx509_certs_merge(context, crl->revoked, certs);
1334
}
1335

1336
/**
1337
 * Set the lifetime of a CRL context.
1338
 *
1339
 * @param context a hx509 context.
1340
 * @param crl a CRL context
1341
 * @param delta delta time the certificate is valid, library adds the
1342
 * current time to this.
1343
 *
1344
 * @return An hx509 error code, see hx509_get_error_string().
1345
 *
1346
 * @ingroup hx509_verify
1347
 */
1348

1349
int
1350
hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta)
1351
{
1352
    crl->expire = time(NULL) + delta;
1353
    return 0;
1354
}
1355

1356
/**
1357
 * Free a CRL context.
1358
 *
1359
 * @param context a hx509 context.
1360
 * @param crl a CRL context to free.
1361
 *
1362
 * @ingroup hx509_verify
1363
 */
1364

1365
void
1366
hx509_crl_free(hx509_context context, hx509_crl *crl)
1367
{
1368
    if (*crl == NULL)
1369
	return;
1370
    hx509_certs_free(&(*crl)->revoked);
1371
    memset(*crl, 0, sizeof(**crl));
1372
    free(*crl);
1373
    *crl = NULL;
1374
}
1375

1376
static int
1377
add_revoked(hx509_context context, void *ctx, hx509_cert cert)
1378
{
1379
    TBSCRLCertList *c = ctx;
1380
    unsigned int num;
1381
    void *ptr;
1382
    int ret;
1383

1384
    num = c->revokedCertificates->len;
1385
    ptr = realloc(c->revokedCertificates->val,
1386
		  (num + 1) * sizeof(c->revokedCertificates->val[0]));
1387
    if (ptr == NULL) {
1388
	hx509_clear_error_string(context);
1389
	return ENOMEM;
1390
    }
1391
    c->revokedCertificates->val = ptr;
1392

1393
    ret = hx509_cert_get_serialnumber(cert,
1394
				      &c->revokedCertificates->val[num].userCertificate);
1395
    if (ret) {
1396
	hx509_clear_error_string(context);
1397
	return ret;
1398
    }
1399
    c->revokedCertificates->val[num].revocationDate.element =
1400
	choice_Time_generalTime;
1401
    c->revokedCertificates->val[num].revocationDate.u.generalTime =
1402
	time(NULL) - 3600 * 24;
1403
    c->revokedCertificates->val[num].crlEntryExtensions = NULL;
1404

1405
    c->revokedCertificates->len++;
1406

1407
    return 0;
1408
}
1409

1410
/**
1411
 * Sign a CRL and return an encode certificate.
1412
 *
1413
 * @param context a hx509 context.
1414
 * @param signer certificate to sign the CRL with
1415
 * @param crl the CRL to sign
1416
 * @param os return the signed and encoded CRL, free with
1417
 * free_heim_octet_string()
1418
 *
1419
 * @return An hx509 error code, see hx509_get_error_string().
1420
 *
1421
 * @ingroup hx509_verify
1422
 */
1423

1424
int
1425
hx509_crl_sign(hx509_context context,
1426
	       hx509_cert signer,
1427
	       hx509_crl crl,
1428
	       heim_octet_string *os)
1429
{
1430
    const AlgorithmIdentifier *sigalg = _hx509_crypto_default_sig_alg;
1431
    CRLCertificateList c;
1432
    size_t size;
1433
    int ret;
1434
    hx509_private_key signerkey;
1435

1436
    memset(&c, 0, sizeof(c));
1437

1438
    signerkey = _hx509_cert_private_key(signer);
1439
    if (signerkey == NULL) {
1440
	ret = HX509_PRIVATE_KEY_MISSING;
1441
	hx509_set_error_string(context, 0, ret,
1442
			       "Private key missing for CRL signing");
1443
	return ret;
1444
    }
1445

1446
    c.tbsCertList.version = malloc(sizeof(*c.tbsCertList.version));
1447
    if (c.tbsCertList.version == NULL) {
1448
	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1449
	return ENOMEM;
1450
    }
1451

1452
    *c.tbsCertList.version = 1;
1453

1454
    ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature);
1455
    if (ret) {
1456
	hx509_clear_error_string(context);
1457
	goto out;
1458
    }
1459

1460
    ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer,
1461
		    &c.tbsCertList.issuer);
1462
    if (ret) {
1463
	hx509_clear_error_string(context);
1464
	goto out;
1465
    }
1466

1467
    c.tbsCertList.thisUpdate.element = choice_Time_generalTime;
1468
    c.tbsCertList.thisUpdate.u.generalTime = time(NULL) - 24 * 3600;
1469

1470
    c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate));
1471
    if (c.tbsCertList.nextUpdate == NULL) {
1472
	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1473
	ret = ENOMEM;
1474
	goto out;
1475
    }
1476

1477
    {
1478
	time_t next = crl->expire;
1479
	if (next == 0)
1480
	    next = time(NULL) + 24 * 3600 * 365;
1481

1482
	c.tbsCertList.nextUpdate->element = choice_Time_generalTime;
1483
	c.tbsCertList.nextUpdate->u.generalTime = next;
1484
    }
1485

1486
    c.tbsCertList.revokedCertificates =
1487
	calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
1488
    if (c.tbsCertList.revokedCertificates == NULL) {
1489
	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1490
	ret = ENOMEM;
1491
	goto out;
1492
    }
1493
    c.tbsCertList.crlExtensions = NULL;
1494

1495
    ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList);
1496
    if (ret)
1497
	goto out;
1498

1499
    /* if not revoked certs, remove OPTIONAL entry */
1500
    if (c.tbsCertList.revokedCertificates->len == 0) {
1501
	free(c.tbsCertList.revokedCertificates);
1502
	c.tbsCertList.revokedCertificates = NULL;
1503
    }
1504

1505
    ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length,
1506
		       &c.tbsCertList, &size, ret);
1507
    if (ret) {
1508
	hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL");
1509
	goto out;
1510
    }
1511
    if (size != os->length)
1512
	_hx509_abort("internal ASN.1 encoder error");
1513

1514

1515
    ret = _hx509_create_signature_bitstring(context,
1516
					    signerkey,
1517
					    sigalg,
1518
					    os,
1519
					    &c.signatureAlgorithm,
1520
					    &c.signatureValue);
1521
    free(os->data);
1522
    if (ret) {
1523
	hx509_set_error_string(context, 0, ret, "Failed to sign CRL");
1524
	goto out;
1525
    }
1526

1527
    ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length,
1528
		       &c, &size, ret);
1529
    if (ret) {
1530
	hx509_set_error_string(context, 0, ret, "failed to encode CRL");
1531
	goto out;
1532
    }
1533
    if (size != os->length)
1534
	_hx509_abort("internal ASN.1 encoder error");
1535

1536
    free_CRLCertificateList(&c);
1537

1538
    return 0;
1539

1540
out:
1541
    free_CRLCertificateList(&c);
1542
    return ret;
1543
}
1544

1545