diff options
| author | Jeremy Barton <jbarton@microsoft.com> | 2015-06-29 13:24:20 -0700 |
|---|---|---|
| committer | Jeremy Barton <jbarton@microsoft.com> | 2015-06-29 13:24:20 -0700 |
| commit | 15465475b44219dff0a9fd00857ce9b1ff3aeda5 (patch) | |
| tree | 172df87d85ffb34621ce1da8a04d594b96f494a4 | |
| parent | f9ab5b953d79f05c511520c1888cf916bc292db2 (diff) | |
| parent | 96b790ceaf6fd1b0cf072eb0c28df56c47e2df6a (diff) | |
| download | coreclr-15465475b44219dff0a9fd00857ce9b1ff3aeda5.tar.gz coreclr-15465475b44219dff0a9fd00857ce9b1ff3aeda5.tar.bz2 coreclr-15465475b44219dff0a9fd00857ce9b1ff3aeda5.zip | |
Merge pull request #1185 from bartonjs/x509chain
Add wrapper functions for building X509Chains
| -rw-r--r-- | src/corefx/System.Security.Cryptography.Native/openssl.c | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/src/corefx/System.Security.Cryptography.Native/openssl.c b/src/corefx/System.Security.Cryptography.Native/openssl.c index 5dd64b23eb..c19c863d71 100644 --- a/src/corefx/System.Security.Cryptography.Native/openssl.c +++ b/src/corefx/System.Security.Cryptography.Native/openssl.c @@ -4,6 +4,7 @@ // #include <string.h> +#include <time.h> #include <openssl/asn1.h> #include <openssl/bio.h> #include <openssl/evp.h> @@ -25,6 +26,37 @@ /* Function: +_MakeTimeT + +Used to convert the constituent elements of a struct tm into a time_t. As time_t does not have +a guaranteed blitting size, this should never be p/invoked. It is here merely as a utility. + +Return values: +A time_t representation of the input date. See also man mktime(3). +*/ +time_t +_MakeTimeT( + int year, + int month, + int day, + int hour, + int minute, + int second, + int isDst) +{ + struct tm currentTm; + currentTm.tm_year = year - 1900; + currentTm.tm_mon = month; + currentTm.tm_mday = day; + currentTm.tm_hour = hour; + currentTm.tm_min = minute; + currentTm.tm_sec = second; + currentTm.tm_isdst = isDst; + return mktime(¤tTm); +} + +/* +Function: GetX509Thumbprint Used by System.Security.Cryptography.X509Certificates' OpenSslX509CertificateReader to copy the SHA1 @@ -623,3 +655,123 @@ GetX509NameInfo( return NULL; } + +/* +Function: +GetX509StackFieldCount + +Used by System.Security.Cryptography.X509Certificates' OpenSslX509ChainProcessor to identify the +number of certificates returned in the built chain. + +Return values: +0 if the field count cannot be determined, or the count of certificates in STACK_OF(X509) +Note that 0 does not always indicate an error, merely that GetX509StackField should not be called. +*/ +int +GetX509StackFieldCount( + STACK_OF(X509)* stack) +{ + return sk_X509_num(stack); +} + +/* +Function: +GetX509StackField + +Used by System.Security.Cryptography.X509Certificates' OpenSslX509ChainProcessor to get a pointer to +the indexed member of a chain. + +Return values: +NULL if stack is NULL or loc is out of bounds, otherwise a pointer to the X509 structure encoding +that particular element. +*/ +X509* +GetX509StackField( + STACK_OF(X509)* stack, + int loc) +{ + return sk_X509_value(stack, loc); +} + +/* +Function: +RecursiveFreeX509Stack + +Used by System.Security.Cryptography.X509Certificates' OpenSslX509ChainProcessor to free a stack +when done with it. +*/ +void +RecursiveFreeX509Stack( + STACK_OF(X509)* stack) +{ + sk_X509_pop_free(stack, X509_free); +} + +/* +Function: +SetX509ChainVerifyTime + +Used by System.Security.Cryptography.X509Certificates' OpenSslX509ChainProcessor to assign the +verification time to the chain building. The input is in LOCAL time, not UTC. + +Return values: +0 if ctx is NULL, if ctx has no X509_VERIFY_PARAM, or the date inputs don't produce a valid time_t; +1 on success. +*/ +int +SetX509ChainVerifyTime( + X509_STORE_CTX* ctx, + int year, + int month, + int day, + int hour, + int minute, + int second, + int isDst) +{ + if (!ctx) + { + return 0; + } + + time_t verifyTime = _MakeTimeT(year, month, day, hour, minute, second, isDst); + + if (verifyTime == (time_t)-1) + { + return 0; + } + + X509_VERIFY_PARAM* verifyParams = X509_STORE_CTX_get0_param(ctx); + + if (!verifyParams) + { + return 0; + } + + X509_VERIFY_PARAM_set_time(verifyParams, verifyTime); + return 1; +} + +/* +Function: +GetX509RootStorePath + +Used by System.Security.Cryptography.X509Certificates' Unix StorePal to determine the path to use +for the LocalMachine\Root X509 store. + +Return values: +The directory which would be applied for X509_LOOKUP_add_dir(ctx, NULL). That is, the value of the +SSL_CERT_DIR environment variable, or the value of the X509_CERT_DIR compile-time constant. +*/ +const char* +GetX509RootStorePath() +{ + const char* dir = getenv(X509_get_default_cert_dir_env()); + + if (!dir) + { + dir = X509_get_default_cert_dir(); + } + + return dir; +} |