Home | History | Annotate | Download | only in x509v3 
      1 /* pcy_map.c */
      2 /*
      3  * Written by Dr Stephen N Henson (steve (at) openssl.org) for the OpenSSL project
      4  * 2004.
      5  */
      6 /* ====================================================================
      7  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
      8  *
      9  * Redistribution and use in source and binary forms, with or without
     10  * modification, are permitted provided that the following conditions
     11  * are met:
     12  *
     13  * 1. Redistributions of source code must retain the above copyright
     14  *    notice, this list of conditions and the following disclaimer.
     15  *
     16  * 2. Redistributions in binary form must reproduce the above copyright
     17  *    notice, this list of conditions and the following disclaimer in
     18  *    the documentation and/or other materials provided with the
     19  *    distribution.
     20  *
     21  * 3. All advertising materials mentioning features or use of this
     22  *    software must display the following acknowledgment:
     23  *    "This product includes software developed by the OpenSSL Project
     24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
     25  *
     26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     27  *    endorse or promote products derived from this software without
     28  *    prior written permission. For written permission, please contact
     29  *    licensing (at) OpenSSL.org.
     30  *
     31  * 5. Products derived from this software may not be called "OpenSSL"
     32  *    nor may "OpenSSL" appear in their names without prior written
     33  *    permission of the OpenSSL Project.
     34  *
     35  * 6. Redistributions of any form whatsoever must retain the following
     36  *    acknowledgment:
     37  *    "This product includes software developed by the OpenSSL Project
     38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
     39  *
     40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     51  * OF THE POSSIBILITY OF SUCH DAMAGE.
     52  * ====================================================================
     53  *
     54  * This product includes cryptographic software written by Eric Young
     55  * (eay (at) cryptsoft.com).  This product includes software written by Tim
     56  * Hudson (tjh (at) cryptsoft.com).
     57  *
     58  */
     59 
     60 #include <openssl/obj.h>
     61 #include <openssl/x509.h>
     62 #include <openssl/x509v3.h>
     63 
     64 #include "pcy_int.h"
     65 
     66 /*
     67  * Set policy mapping entries in cache. Note: this modifies the passed
     68  * POLICY_MAPPINGS structure
     69  */
     70 
     71 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
     72 {
     73     POLICY_MAPPING *map;
     74     X509_POLICY_DATA *data;
     75     X509_POLICY_CACHE *cache = x->policy_cache;
     76     size_t i;
     77     int ret = 0;
     78     if (sk_POLICY_MAPPING_num(maps) == 0) {
     79         ret = -1;
     80         goto bad_mapping;
     81     }
     82     for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
     83         map = sk_POLICY_MAPPING_value(maps, i);
     84         /* Reject if map to or from anyPolicy */
     85         if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
     86             || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
     87             ret = -1;
     88             goto bad_mapping;
     89         }
     90 
     91         /* Attempt to find matching policy data */
     92         data = policy_cache_find_data(cache, map->issuerDomainPolicy);
     93         /* If we don't have anyPolicy can't map */
     94         if (!data && !cache->anyPolicy)
     95             continue;
     96 
     97         /* Create a NODE from anyPolicy */
     98         if (!data) {
     99             data = policy_data_new(NULL, map->issuerDomainPolicy,
    100                                    cache->anyPolicy->flags
    101                                    & POLICY_DATA_FLAG_CRITICAL);
    102             if (!data)
    103                 goto bad_mapping;
    104             data->qualifier_set = cache->anyPolicy->qualifier_set;
    105             /*
    106              * map->issuerDomainPolicy = NULL;
    107              */
    108             data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
    109             data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
    110             if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
    111                 policy_data_free(data);
    112                 goto bad_mapping;
    113             }
    114         } else
    115             data->flags |= POLICY_DATA_FLAG_MAPPED;
    116         if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
    117                                  map->subjectDomainPolicy))
    118             goto bad_mapping;
    119         map->subjectDomainPolicy = NULL;
    120 
    121     }
    122 
    123     ret = 1;
    124  bad_mapping:
    125     if (ret == -1)
    126         x->ex_flags |= EXFLAG_INVALID_POLICY;
    127     sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
    128     return ret;
    129 
    130 }
    131