free(this);
return NULL;
}
- this->data = cert->get_encoding(cert);
+ if (!cert->get_encoding(cert, CERT_ASN1_DER, &this->data))
+ {
+ DBG1(DBG_ENC, "encoding certificate for cert payload failed");
+ free(this);
+ return NULL;
+ }
this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len;
return &this->public;
}
{
if (section->certuribase && cert->issued_by(cert, section->cert))
{
- chunk_t hash, encoded = cert->get_encoding(cert);
- hasher->allocate_hash(hasher, encoded, &hash);
- section->hashes->insert_last(section->hashes,
- identification_create_from_encoding(ID_KEY_ID, hash));
- chunk_free(&hash);
- chunk_free(&encoded);
+ chunk_t hash, encoded;
+
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
+ {
+ hasher->allocate_hash(hasher, encoded, &hash);
+ section->hashes->insert_last(section->hashes,
+ identification_create_from_encoding(ID_KEY_ID, hash));
+ chunk_free(&hash);
+ chunk_free(&encoded);
+ }
break;
}
}
snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex);
free(hex.ptr);
- chunk = cert->get_encoding(cert);
- chunk_write(chunk, buf, "crl", 022, TRUE);
- free(chunk.ptr);
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
+ {
+ chunk_write(chunk, buf, "crl", 022, TRUE);
+ free(chunk.ptr);
+ }
}
}
}
return cert_payload_create_from_cert(cert);
}
- encoded = cert->get_encoding(cert);
+ if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
+ {
+ DBG1(DBG_IKE, "encoding certificate for cert payload failed");
+ hasher->destroy(hasher);
+ return NULL;
+ }
hasher->allocate_hash(hasher, encoded, &hash);
chunk_free(&encoded);
hasher->destroy(hasher);
#include <library.h>
#include <utils/identification.h>
#include <credentials/keys/public_key.h>
+#include <credentials/cred_encoding.h>
/**
* Kind of a certificate_t
time_t *not_before, time_t *not_after);
/**
- * Get the certificate in an encoded form.
+ * Get the certificate in an encoded form as a chunk.
*
- * @return allocated chunk of encoded cert
+ * @param type type of the encoding, one of CERT_*
+ * @param encoding encoding of the key, allocated
+ * @return TRUE if encoding supported
*/
- chunk_t (*get_encoding)(certificate_t *this);
+ bool (*get_encoding)(certificate_t *this, cred_encoding_type_t type,
+ chunk_t *encoding);
/**
* Check if two certificates are equal.
PUBKEY_PGP,
PRIVKEY_PGP,
+ /** ASN.1 DER encoded certificate */
+ CERT_ASN1_DER,
+ /** PEM encoded certificate */
+ CERT_PEM,
+ /** PGP Packet encoded certificate */
+ CERT_PGP_PKT,
+
CRED_ENCODING_MAX,
};
CRED_PART_ECDSA_PUB_ASN1_DER,
/** a DER encoded ECDSA private key */
CRED_PART_ECDSA_PRIV_ASN1_DER,
+ /** a DER encoded X509 certificate */
+ CRED_PART_X509_ASN1_DER,
+ /** a DER encoded X509 CRL */
+ CRED_PART_X509_CRL_ASN1_DER,
+ /** a DER encoded X509 OCSP request */
+ CRED_PART_X509_OCSP_REQ_ASN1_DER,
+ /** a DER encoded X509 OCSP response */
+ CRED_PART_X509_OCSP_RES_ASN1_DER,
+ /** a DER encoded X509 attribute certificate */
+ CRED_PART_X509_AC_ASN1_DER,
+ /** a DER encoded PKCS10 certificate request */
+ CRED_PART_PKCS10_ASN1_DER,
+ /** a PGP encoded certificate */
+ CRED_PART_PGP_CERT,
CRED_PART_END,
};
return t <= this->nextUpdate;
}
-METHOD(certificate_t, get_encoding, chunk_t,
- private_openssl_crl_t *this)
+METHOD(certificate_t, get_encoding, bool,
+ private_openssl_crl_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_CRL_ASN1_DER, this->encoding, CRED_PART_END);
}
METHOD(certificate_t, equals, bool,
return chunk_equals(this->encoding,
((private_openssl_crl_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
return (t >= this->notBefore && t <= this->notAfter);
}
-METHOD(certificate_t, get_encoding, chunk_t,
- private_openssl_x509_t *this)
+METHOD(certificate_t, get_encoding, bool,
+ private_openssl_x509_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_ASN1_DER, this->encoding, CRED_PART_END);
}
+
METHOD(certificate_t, equals, bool,
private_openssl_x509_t *this, certificate_t *other)
{
encoding = ((private_openssl_x509_t*)other)->encoding;
return chunk_equals(this->encoding, encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_pgp_cert_t *this)
+static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_PGP_PKT)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_PGP_CERT, this->encoding, CRED_PART_END);
}
/**
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_pgp_cert_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_PGP_PKT, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
+ this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_pubkey_cert_t *this)
+static bool get_encoding(private_pubkey_cert_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
- chunk_t encoding;
-
- if (this->key->get_encoding(this->key, PUBKEY_ASN1_DER, &encoding))
- {
- return encoding;
- }
- return chunk_empty;
+ return this->key->get_encoding(this->key, PUBKEY_ASN1_DER, encoding);
}
/**
this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
+ this->public.interface.get_encoding = (bool (*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
this->public.interface.destroy = (void (*)(certificate_t *this))destroy;
return NULL;
}
- send = request->get_encoding(request);
+ if (!request->get_encoding(request, CERT_ASN1_DER, &send))
+ {
+ DBG1(DBG_CFG, "encoding ocsp request failed");
+ request->destroy(request);
+ return NULL;
+ }
request->destroy(request);
DBG1(DBG_CFG, " requesting ocsp status from '%s' ...", url);
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_x509_ac_t *this)
+static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_AC_ASN1_DER, this->encoding, CRED_PART_END);
}
/**
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
+ this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy;
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_x509_cert_t *this)
+static bool get_encoding(private_x509_cert_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_ASN1_DER, this->encoding, CRED_PART_END);
}
/**
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
+ this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
return (t <= this->nextUpdate);
}
-METHOD(certificate_t, get_encoding, chunk_t,
- private_x509_crl_t *this)
+METHOD(certificate_t, get_encoding, bool,
+ private_x509_crl_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_CRL_ASN1_DER, this->encoding, CRED_PART_END);
}
METHOD(certificate_t, equals, bool,
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
{
int oid;
signature_scheme_t scheme;
- chunk_t certs, signature;
+ chunk_t certs, signature, encoding;
switch (this->key->get_type(this->key))
{
DBG1(DBG_LIB, "creating OCSP signature failed, skipped");
return chunk_empty;
}
- if (this->cert)
+ if (this->cert &&
+ this->cert->get_encoding(this->cert, CERT_ASN1_DER, &encoding))
{
certs = asn1_wrap(ASN1_CONTEXT_C_0, "m",
- asn1_wrap(ASN1_SEQUENCE, "m",
- this->cert->get_encoding(this->cert)));
+ asn1_wrap(ASN1_SEQUENCE, "m", encoding));
}
return asn1_wrap(ASN1_CONTEXT_C_0, "m",
asn1_wrap(ASN1_SEQUENCE, "cmm",
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_x509_ocsp_request_t *this)
+static bool get_encoding(private_x509_ocsp_request_t *this,
+ cred_encoding_type_t type, chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_OCSP_REQ_ASN1_DER, this->encoding, CRED_PART_END);
}
/**
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.interface.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
+ this->public.interface.interface.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.interface.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_x509_ocsp_response_t *this)
+static bool get_encoding(private_x509_ocsp_response_t *this,
+ cred_encoding_type_t type, chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_X509_OCSP_RES_ASN1_DER, this->encoding, CRED_PART_END);
}
/**
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
+ this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy;
/**
* Implementation of certificate_t.get_encoding.
*/
-static chunk_t get_encoding(private_x509_pkcs10_t *this)
+static bool get_encoding(private_x509_pkcs10_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
- return chunk_clone(this->encoding);
+ if (type == CERT_ASN1_DER)
+ {
+ *encoding = chunk_clone(this->encoding);
+ return TRUE;
+ }
+ return lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_PKCS10_ASN1_DER, this->encoding, CRED_PART_END);
}
/**
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_pkcs10_t*)other)->encoding);
}
- encoding = other->get_encoding(other);
+ if (!other->get_encoding(other, CERT_ASN1_DER, &encoding))
+ {
+ return FALSE;
+ }
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
+ this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
}
/* write the attribute certificate to file */
- attr_chunk = attr_cert->get_encoding(attr_cert);
- if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE))
+ if (attr_cert->get_encoding(attr_cert, CERT_ASN1_DER, &attr_chunk))
{
- write_serial(serial);
- status = 0;
+ if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE))
+ {
+ write_serial(serial);
+ status = 0;
+ }
}
}
else
error = "generating certificate failed";
goto end;
}
- encoding = cert->get_encoding(cert);
- if (!encoding.ptr)
+ if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
{
error = "encoding certificate failed";
goto end;
error = "generating certificate request failed";
goto end;
}
- encoding = cert->get_encoding(cert);
- if (!encoding.ptr)
+ if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
{
error = "encoding certificate request failed";
goto end;
error = "generating certificate failed";
goto end;
}
- encoding = cert->get_encoding(cert);
- if (!encoding.ptr)
+ if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
{
error = "encoding certificate failed";
goto end;
error = "generating CRL failed";
goto error;
}
- encoding = crl->get_encoding(crl);
- if (!encoding.ptr)
+ if (!crl->get_encoding(crl, CERT_ASN1_DER, &encoding))
{
error = "encoding CRL failed";
goto error;
snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_PATH, hex);
free(hex.ptr);
- encoding = cert_crl->get_encoding(cert_crl);
- chunk_write(encoding, buf, "crl", 022, TRUE);
- free(encoding.ptr);
+ if (cert_crl->get_encoding(cert_crl, CERT_ASN1_DER, &encoding))
+ {
+ chunk_write(encoding, buf, "crl", 022, TRUE);
+ free(encoding.ptr);
+ }
}
/* is the fetched crl valid? */
}
if (send_cert)
{
- bool success;
+ bool success = FALSE;
chunk_t cert_encoding;
pb_stream cert_pbs;
{
return STF_INTERNAL_ERROR;
}
- cert_encoding = mycert->cert->get_encoding(mycert->cert);
- success = out_chunk(cert_encoding, &cert_pbs, "CERT");
- free(cert_encoding.ptr);
+ if (mycert->cert->get_encoding(mycert->cert, CERT_ASN1_DER,
+ &cert_encoding))
+ {
+ success = out_chunk(cert_encoding, &cert_pbs, "CERT");
+ free(cert_encoding.ptr);
+ }
if (!success)
{
return STF_INTERNAL_ERROR;
}
if (send_cert)
{
- bool success;
+ bool success = FALSE;
chunk_t cert_encoding;
pb_stream cert_pbs;
struct isakmp_cert cert_hd;
{
return STF_INTERNAL_ERROR;
}
- cert_encoding = mycert->cert->get_encoding(mycert->cert);
- success = out_chunk(cert_encoding, &cert_pbs, "CERT");
- free(cert_encoding.ptr);
+ if (mycert->cert->get_encoding(mycert->cert, CERT_ASN1_DER,
+ &cert_encoding))
+ {
+ success = out_chunk(cert_encoding, &cert_pbs, "CERT");
+ free(cert_encoding.ptr);
+ }
if (!success)
{
return STF_INTERNAL_ERROR;
}
else
{
- whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s",
+ whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s",
&certinfo->serialNumber,
cert_status_names[certinfo->status],
&certinfo->nextUpdate, utc,
*/
static chunk_t build_signature(chunk_t tbsRequest)
{
- chunk_t sigdata, cert, certs;
+ chunk_t sigdata, cert, certs = chunk_empty;
if (ocsp_requestor_sc)
{
}
/* include our certificate */
- cert = ocsp_requestor_cert->cert->get_encoding(ocsp_requestor_cert->cert);
- certs = asn1_wrap(ASN1_CONTEXT_C_0, "m",
- asn1_wrap(ASN1_SEQUENCE, "m", cert));
-
+ if (ocsp_requestor_cert->cert->get_encoding(ocsp_requestor_cert->cert,
+ CERT_ASN1_DER, &cert))
+ {
+ certs = asn1_wrap(ASN1_CONTEXT_C_0, "m",
+ asn1_wrap(ASN1_SEQUENCE, "m", cert));
+ }
/* build signature comprising algorithm, signature and cert */
return asn1_wrap(ASN1_CONTEXT_C_0, "m"
, asn1_wrap(ASN1_SEQUENCE, "mmm"
{
plog("certificate is invalid (valid from %T to %T)",
¬_before, FALSE, ¬_after, FALSE);
-
+
unlock_authcert_list("valid_ocsp_response");
return FALSE;
}
break;
}
x509 = (x509_t*)cert->cert;
-
+
if ((x509->get_flags(x509) & X509_OCSP_SIGNER) &&
trust_authcert_candidate(cert, NULL))
{
contentInfo_t pkcs7Data, signedData;
chunk_t authenticatedAttributes = chunk_empty;
chunk_t encryptedDigest = chunk_empty;
- chunk_t signerInfo, cInfo, signature;
+ chunk_t signerInfo, cInfo, signature, encoding = chunk_empty;;
signature_scheme_t scheme = signature_scheme_from_oid(digest_alg);
if (attributes.ptr)
pkcs7Data.content = (data.ptr == NULL)? chunk_empty
: asn1_simple_object(ASN1_OCTET_STRING, data);
+ cert->get_encoding(cert, CERT_ASN1_DER, &encoding);
signedData.type = OID_PKCS7_SIGNED_DATA;
signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm"
, ASN1_INTEGER_1
, asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_alg))
, pkcs7_build_contentInfo(&pkcs7Data)
- , asn1_wrap(ASN1_CONTEXT_C_0, "m", cert->get_encoding(cert))
+ , asn1_wrap(ASN1_CONTEXT_C_0, "m", encoding)
, asn1_wrap(ASN1_SET, "m", signerInfo));
cInfo = pkcs7_build_contentInfo(&signedData);
{
exit_scepclient("generating pkcs10 request failed");
}
- pkcs10_encoding = pkcs10_req->get_encoding(pkcs10_req);
+ pkcs10_req->get_encoding(pkcs10_req, CERT_ASN1_DER, &pkcs10_encoding);
fingerprint = scep_generate_pkcs10_fingerprint(pkcs10_encoding);
plog(" fingerprint: %s", fingerprint.ptr);
}
{
char *path = concatenate_paths(HOST_CERT_PATH, file_out_cert_self);
- encoding = x509_signer->get_encoding(x509_signer);
- if (!encoding.ptr)
+ if (!x509_signer->get_encoding(x509_signer, CERT_ASN1_DER, &encoding))
{
exit_scepclient("encoding certificate failed");
}
{
exit_scepclient("multiple certs received, only first stored");
}
- encoding = cert->get_encoding(cert);
- if (!chunk_write(encoding, path, "requested cert", 0022, force))
+ if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) ||
+ !chunk_write(encoding, path, "requested cert", 0022, force))
{
exit_scepclient("could not write cert file '%s'", path);
}