Line data Source code
1 : /*
2 : * Copyright © 2014 Nikos Mavrogiannopoulos
3 : *
4 : * Author: Nikos Mavrogiannopoulos
5 : *
6 : * GnuTLS is free software; you can redistribute it and/or
7 : * modify it under the terms of the GNU Lesser General Public License
8 : * as published by the Free Software Foundation; either version 2.1 of
9 : * the License, or (at your option) any later version.
10 : *
11 : * This library is distributed in the hope that it will be useful, but
12 : * WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 : * Lesser General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU Lesser General Public License
17 : * along with this program. If not, see <https://www.gnu.org/licenses/>
18 : *
19 : */
20 :
21 : #include "gnutls_int.h"
22 : #include "errors.h"
23 : #include "str.h"
24 : #include "urls.h"
25 : #include "system-keys.h"
26 : #include <c-strcase.h>
27 :
28 : #define MAX_CUSTOM_URLS 8
29 :
30 : gnutls_custom_url_st _gnutls_custom_urls[MAX_CUSTOM_URLS];
31 : unsigned _gnutls_custom_urls_size = 0;
32 :
33 : /**
34 : * gnutls_url_is_supported:
35 : * @url: A URI to be tested
36 : *
37 : * Check whether the provided @url is supported. Depending on the system libraries
38 : * GnuTLS may support pkcs11, tpmkey or other URLs.
39 : *
40 : * Returns: return non-zero if the given URL is supported, and zero if
41 : * it is not known.
42 : *
43 : * Since: 3.1.0
44 : **/
45 692 : unsigned gnutls_url_is_supported(const char *url)
46 : {
47 692 : unsigned i;
48 :
49 692 : for (i=0;i<_gnutls_custom_urls_size;i++) {
50 0 : if (c_strncasecmp(url, _gnutls_custom_urls[i].name, _gnutls_custom_urls[i].name_size) == 0)
51 : return 1;
52 : }
53 :
54 : #ifdef ENABLE_PKCS11
55 692 : if (c_strncasecmp(url, PKCS11_URL, sizeof(PKCS11_URL)-1) == 0)
56 : return 1;
57 : #endif
58 : #ifdef HAVE_TROUSERS
59 672 : if (c_strncasecmp(url, TPMKEY_URL, sizeof(TPMKEY_URL)-1) == 0)
60 : return 1;
61 : #endif
62 668 : if (c_strncasecmp(url, SYSTEM_URL, sizeof(SYSTEM_URL)-1) == 0)
63 : return _gnutls_system_url_is_supported(url);
64 :
65 : return 0;
66 : }
67 :
68 372 : int _gnutls_url_is_known(const char *url)
69 : {
70 372 : unsigned i;
71 :
72 372 : if (c_strncasecmp(url, PKCS11_URL, sizeof(PKCS11_URL)-1) == 0)
73 : return 1;
74 368 : else if (c_strncasecmp(url, TPMKEY_URL, sizeof(TPMKEY_URL)-1) == 0)
75 : return 1;
76 368 : else if (c_strncasecmp(url, SYSTEM_URL, sizeof(SYSTEM_URL)-1) == 0)
77 : return 1;
78 : else {
79 368 : for (i=0;i<_gnutls_custom_urls_size;i++) {
80 0 : if (c_strncasecmp(url, _gnutls_custom_urls[i].name, _gnutls_custom_urls[i].name_size) == 0)
81 : return 1;
82 : }
83 :
84 : return 0;
85 : }
86 : }
87 :
88 : /**
89 : * gnutls_register_custom_url:
90 : * @st: A %gnutls_custom_url_st structure
91 : *
92 : * Register a custom URL. This will affect the following functions:
93 : * gnutls_url_is_supported(), gnutls_privkey_import_url(),
94 : * gnutls_pubkey_import_url, gnutls_x509_crt_import_url()
95 : * and all functions that depend on
96 : * them, e.g., gnutls_certificate_set_x509_key_file2().
97 : *
98 : * The provided structure and callback functions must be valid throughout
99 : * the lifetime of the process. The registration of an existing URL type
100 : * will fail with %GNUTLS_E_INVALID_REQUEST. Since GnuTLS 3.5.0 this function
101 : * can be used to override the builtin URLs.
102 : *
103 : * This function is not thread safe.
104 : *
105 : * Returns: returns zero if the given structure was imported or a negative value otherwise.
106 : *
107 : * Since: 3.4.0
108 : **/
109 2 : int gnutls_register_custom_url(const gnutls_custom_url_st *st)
110 : {
111 2 : unsigned i;
112 :
113 2 : for (i=0;i<_gnutls_custom_urls_size;i++) {
114 0 : if (_gnutls_custom_urls[i].name_size == st->name_size &&
115 0 : strcmp(_gnutls_custom_urls[i].name, st->name) == 0) {
116 0 : return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
117 : }
118 : }
119 :
120 2 : if (_gnutls_custom_urls_size < MAX_CUSTOM_URLS-1) {
121 2 : memcpy(&_gnutls_custom_urls[_gnutls_custom_urls_size], st, sizeof(*st));
122 2 : _gnutls_custom_urls_size++;
123 2 : return 0;
124 : } else {
125 0 : return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
126 : }
127 : }
128 :
129 : /*-
130 : * _gnutls_get_raw_issuer:
131 : * @url: A PKCS 11 url identifying a token
132 : * @cert: is the certificate to find issuer for
133 : * @issuer: Will hold the issuer if any in an allocated buffer.
134 : * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
135 : *
136 : * This function will return the issuer of a given certificate in
137 : * DER format.
138 : *
139 : * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
140 : * negative error value.
141 : *
142 : * Since: 3.4.0
143 : -*/
144 19 : int _gnutls_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
145 : gnutls_datum_t * issuer,
146 : unsigned int flags)
147 : {
148 19 : unsigned i;
149 :
150 : #ifdef ENABLE_PKCS11
151 19 : if (c_strncasecmp(url, PKCS11_URL, PKCS11_URL_SIZE) == 0) {
152 19 : return gnutls_pkcs11_get_raw_issuer(url, cert, issuer, GNUTLS_X509_FMT_DER, flags);
153 : }
154 : #endif
155 0 : for (i=0;i<_gnutls_custom_urls_size;i++) {
156 0 : if (c_strncasecmp(url, _gnutls_custom_urls[i].name, _gnutls_custom_urls[i].name_size) == 0) {
157 0 : if (_gnutls_custom_urls[i].get_issuer) {
158 0 : return _gnutls_custom_urls[i].get_issuer(url, cert, issuer, flags);
159 : }
160 : break;
161 : }
162 : }
163 :
164 : return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
165 : }
|