Ruby  2.7.2p137(2020-10-01revision5445e0435260b449decf2ac16f9d09bae3cafe72)
ossl_x509crl.c
Go to the documentation of this file.
1 /*
2  * 'OpenSSL for Ruby' project
3  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4  * All rights reserved.
5  */
6 /*
7  * This program is licensed under the same licence as Ruby.
8  * (See the file 'LICENCE'.)
9  */
10 #include "ossl.h"
11 
12 #define NewX509CRL(klass) \
13  TypedData_Wrap_Struct((klass), &ossl_x509crl_type, 0)
14 #define SetX509CRL(obj, crl) do { \
15  if (!(crl)) { \
16  ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
17  } \
18  RTYPEDDATA_DATA(obj) = (crl); \
19 } while (0)
20 #define GetX509CRL(obj, crl) do { \
21  TypedData_Get_Struct((obj), X509_CRL, &ossl_x509crl_type, (crl)); \
22  if (!(crl)) { \
23  ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
24  } \
25 } while (0)
26 
27 /*
28  * Classes
29  */
32 
33 static void
34 ossl_x509crl_free(void *ptr)
35 {
36  X509_CRL_free(ptr);
37 }
38 
39 static const rb_data_type_t ossl_x509crl_type = {
40  "OpenSSL/X509/CRL",
41  {
42  0, ossl_x509crl_free,
43  },
45 };
46 
47 /*
48  * PUBLIC
49  */
50 X509_CRL *
52 {
53  X509_CRL *crl;
54 
55  GetX509CRL(obj, crl);
56 
57  return crl;
58 }
59 
60 VALUE
61 ossl_x509crl_new(X509_CRL *crl)
62 {
63  X509_CRL *tmp;
64  VALUE obj;
65 
67  tmp = crl ? X509_CRL_dup(crl) : X509_CRL_new();
68  if(!tmp) ossl_raise(eX509CRLError, NULL);
69  SetX509CRL(obj, tmp);
70 
71  return obj;
72 }
73 
74 /*
75  * PRIVATE
76  */
77 static VALUE
78 ossl_x509crl_alloc(VALUE klass)
79 {
80  X509_CRL *crl;
81  VALUE obj;
82 
83  obj = NewX509CRL(klass);
84  if (!(crl = X509_CRL_new())) {
86  }
87  SetX509CRL(obj, crl);
88 
89  return obj;
90 }
91 
92 static VALUE
93 ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
94 {
95  BIO *in;
96  X509_CRL *crl, *x = DATA_PTR(self);
97  VALUE arg;
98 
99  if (rb_scan_args(argc, argv, "01", &arg) == 0) {
100  return self;
101  }
103  in = ossl_obj2bio(&arg);
104  crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
105  DATA_PTR(self) = x;
106  if (!crl) {
108  crl = d2i_X509_CRL_bio(in, &x);
109  DATA_PTR(self) = x;
110  }
111  BIO_free(in);
112  if (!crl) ossl_raise(eX509CRLError, NULL);
113 
114  return self;
115 }
116 
117 static VALUE
118 ossl_x509crl_copy(VALUE self, VALUE other)
119 {
120  X509_CRL *a, *b, *crl;
121 
122  rb_check_frozen(self);
123  if (self == other) return self;
124  GetX509CRL(self, a);
125  GetX509CRL(other, b);
126  if (!(crl = X509_CRL_dup(b))) {
128  }
129  X509_CRL_free(a);
130  DATA_PTR(self) = crl;
131 
132  return self;
133 }
134 
135 static VALUE
136 ossl_x509crl_get_version(VALUE self)
137 {
138  X509_CRL *crl;
139  long ver;
140 
141  GetX509CRL(self, crl);
142  ver = X509_CRL_get_version(crl);
143 
144  return LONG2NUM(ver);
145 }
146 
147 static VALUE
148 ossl_x509crl_set_version(VALUE self, VALUE version)
149 {
150  X509_CRL *crl;
151  long ver;
152 
153  if ((ver = NUM2LONG(version)) < 0) {
154  ossl_raise(eX509CRLError, "version must be >= 0!");
155  }
156  GetX509CRL(self, crl);
157  if (!X509_CRL_set_version(crl, ver)) {
159  }
160 
161  return version;
162 }
163 
164 static VALUE
165 ossl_x509crl_get_signature_algorithm(VALUE self)
166 {
167  X509_CRL *crl;
168  const X509_ALGOR *alg;
169  BIO *out;
170 
171  GetX509CRL(self, crl);
172  if (!(out = BIO_new(BIO_s_mem()))) {
174  }
175  X509_CRL_get0_signature(crl, NULL, &alg);
176  if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
177  BIO_free(out);
179  }
180 
181  return ossl_membio2str(out);
182 }
183 
184 static VALUE
185 ossl_x509crl_get_issuer(VALUE self)
186 {
187  X509_CRL *crl;
188 
189  GetX509CRL(self, crl);
190 
191  return ossl_x509name_new(X509_CRL_get_issuer(crl)); /* NO DUP - don't free */
192 }
193 
194 static VALUE
195 ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
196 {
197  X509_CRL *crl;
198 
199  GetX509CRL(self, crl);
200 
201  if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */
203  }
204  return issuer;
205 }
206 
207 static VALUE
208 ossl_x509crl_get_last_update(VALUE self)
209 {
210  X509_CRL *crl;
211  const ASN1_TIME *time;
212 
213  GetX509CRL(self, crl);
215  if (!time)
216  return Qnil;
217 
218  return asn1time_to_time(time);
219 }
220 
221 static VALUE
222 ossl_x509crl_set_last_update(VALUE self, VALUE time)
223 {
224  X509_CRL *crl;
225  ASN1_TIME *asn1time;
226 
227  GetX509CRL(self, crl);
228  asn1time = ossl_x509_time_adjust(NULL, time);
229  if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
230  ASN1_TIME_free(asn1time);
231  ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
232  }
233  ASN1_TIME_free(asn1time);
234 
235  return time;
236 }
237 
238 static VALUE
239 ossl_x509crl_get_next_update(VALUE self)
240 {
241  X509_CRL *crl;
242  const ASN1_TIME *time;
243 
244  GetX509CRL(self, crl);
246  if (!time)
247  return Qnil;
248 
249  return asn1time_to_time(time);
250 }
251 
252 static VALUE
253 ossl_x509crl_set_next_update(VALUE self, VALUE time)
254 {
255  X509_CRL *crl;
256  ASN1_TIME *asn1time;
257 
258  GetX509CRL(self, crl);
259  asn1time = ossl_x509_time_adjust(NULL, time);
260  if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
261  ASN1_TIME_free(asn1time);
262  ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
263  }
264  ASN1_TIME_free(asn1time);
265 
266  return time;
267 }
268 
269 static VALUE
270 ossl_x509crl_get_revoked(VALUE self)
271 {
272  X509_CRL *crl;
273  int i, num;
274  X509_REVOKED *rev;
275  VALUE ary, revoked;
276 
277  GetX509CRL(self, crl);
278  num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
279  if (num < 0) {
280  OSSL_Debug("num < 0???");
281  return rb_ary_new();
282  }
283  ary = rb_ary_new2(num);
284  for(i=0; i<num; i++) {
285  /* NO DUP - don't free! */
286  rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
287  revoked = ossl_x509revoked_new(rev);
288  rb_ary_push(ary, revoked);
289  }
290 
291  return ary;
292 }
293 
294 static VALUE
295 ossl_x509crl_set_revoked(VALUE self, VALUE ary)
296 {
297  X509_CRL *crl;
298  X509_REVOKED *rev;
299  STACK_OF(X509_REVOKED) *sk;
300  long i;
301 
302  Check_Type(ary, T_ARRAY);
303  /* All ary members should be X509 Revoked */
304  for (i=0; i<RARRAY_LEN(ary); i++) {
306  }
307  GetX509CRL(self, crl);
308  if ((sk = X509_CRL_get_REVOKED(crl))) {
309  while ((rev = sk_X509_REVOKED_pop(sk)))
310  X509_REVOKED_free(rev);
311  }
312  for (i=0; i<RARRAY_LEN(ary); i++) {
313  rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
314  if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
315  X509_REVOKED_free(rev);
316  ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
317  }
318  }
319  X509_CRL_sort(crl);
320 
321  return ary;
322 }
323 
324 static VALUE
325 ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
326 {
327  X509_CRL *crl;
328  X509_REVOKED *rev;
329 
330  GetX509CRL(self, crl);
331  rev = DupX509RevokedPtr(revoked);
332  if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
333  X509_REVOKED_free(rev);
334  ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
335  }
336  X509_CRL_sort(crl);
337 
338  return revoked;
339 }
340 
341 static VALUE
342 ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
343 {
344  X509_CRL *crl;
345  EVP_PKEY *pkey;
346  const EVP_MD *md;
347 
348  GetX509CRL(self, crl);
349  pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
350  md = ossl_evp_get_digestbyname(digest);
351  if (!X509_CRL_sign(crl, pkey, md)) {
353  }
354 
355  return self;
356 }
357 
358 static VALUE
359 ossl_x509crl_verify(VALUE self, VALUE key)
360 {
361  X509_CRL *crl;
362  EVP_PKEY *pkey;
363 
364  GetX509CRL(self, crl);
365  pkey = GetPKeyPtr(key);
367  switch (X509_CRL_verify(crl, pkey)) {
368  case 1:
369  return Qtrue;
370  case 0:
372  return Qfalse;
373  default:
375  }
376 }
377 
378 static VALUE
379 ossl_x509crl_to_der(VALUE self)
380 {
381  X509_CRL *crl;
382  BIO *out;
383 
384  GetX509CRL(self, crl);
385  if (!(out = BIO_new(BIO_s_mem()))) {
387  }
388  if (!i2d_X509_CRL_bio(out, crl)) {
389  BIO_free(out);
391  }
392 
393  return ossl_membio2str(out);
394 }
395 
396 static VALUE
397 ossl_x509crl_to_pem(VALUE self)
398 {
399  X509_CRL *crl;
400  BIO *out;
401 
402  GetX509CRL(self, crl);
403  if (!(out = BIO_new(BIO_s_mem()))) {
405  }
406  if (!PEM_write_bio_X509_CRL(out, crl)) {
407  BIO_free(out);
409  }
410 
411  return ossl_membio2str(out);
412 }
413 
414 static VALUE
415 ossl_x509crl_to_text(VALUE self)
416 {
417  X509_CRL *crl;
418  BIO *out;
419 
420  GetX509CRL(self, crl);
421  if (!(out = BIO_new(BIO_s_mem()))) {
423  }
424  if (!X509_CRL_print(out, crl)) {
425  BIO_free(out);
427  }
428 
429  return ossl_membio2str(out);
430 }
431 
432 /*
433  * Gets X509v3 extensions as array of X509Ext objects
434  */
435 static VALUE
436 ossl_x509crl_get_extensions(VALUE self)
437 {
438  X509_CRL *crl;
439  int count, i;
440  X509_EXTENSION *ext;
441  VALUE ary;
442 
443  GetX509CRL(self, crl);
444  count = X509_CRL_get_ext_count(crl);
445  if (count < 0) {
446  OSSL_Debug("count < 0???");
447  return rb_ary_new();
448  }
449  ary = rb_ary_new2(count);
450  for (i=0; i<count; i++) {
451  ext = X509_CRL_get_ext(crl, i); /* NO DUP - don't free! */
452  rb_ary_push(ary, ossl_x509ext_new(ext));
453  }
454 
455  return ary;
456 }
457 
458 /*
459  * Sets X509_EXTENSIONs
460  */
461 static VALUE
462 ossl_x509crl_set_extensions(VALUE self, VALUE ary)
463 {
464  X509_CRL *crl;
465  X509_EXTENSION *ext;
466  long i;
467 
468  Check_Type(ary, T_ARRAY);
469  /* All ary members should be X509 Extensions */
470  for (i=0; i<RARRAY_LEN(ary); i++) {
472  }
473  GetX509CRL(self, crl);
474  while ((ext = X509_CRL_delete_ext(crl, 0)))
475  X509_EXTENSION_free(ext);
476  for (i=0; i<RARRAY_LEN(ary); i++) {
477  ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
478  if (!X509_CRL_add_ext(crl, ext, -1)) {
480  }
481  }
482 
483  return ary;
484 }
485 
486 static VALUE
487 ossl_x509crl_add_extension(VALUE self, VALUE extension)
488 {
489  X509_CRL *crl;
490  X509_EXTENSION *ext;
491 
492  GetX509CRL(self, crl);
493  ext = GetX509ExtPtr(extension);
494  if (!X509_CRL_add_ext(crl, ext, -1)) {
496  }
497 
498  return extension;
499 }
500 
501 /*
502  * INIT
503  */
504 void
506 {
507 #if 0
508  mOSSL = rb_define_module("OpenSSL");
511 #endif
512 
514 
516 
517  rb_define_alloc_func(cX509CRL, ossl_x509crl_alloc);
518  rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1);
519  rb_define_method(cX509CRL, "initialize_copy", ossl_x509crl_copy, 1);
520 
521  rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0);
522  rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1);
523  rb_define_method(cX509CRL, "signature_algorithm", ossl_x509crl_get_signature_algorithm, 0);
524  rb_define_method(cX509CRL, "issuer", ossl_x509crl_get_issuer, 0);
525  rb_define_method(cX509CRL, "issuer=", ossl_x509crl_set_issuer, 1);
526  rb_define_method(cX509CRL, "last_update", ossl_x509crl_get_last_update, 0);
527  rb_define_method(cX509CRL, "last_update=", ossl_x509crl_set_last_update, 1);
528  rb_define_method(cX509CRL, "next_update", ossl_x509crl_get_next_update, 0);
529  rb_define_method(cX509CRL, "next_update=", ossl_x509crl_set_next_update, 1);
530  rb_define_method(cX509CRL, "revoked", ossl_x509crl_get_revoked, 0);
531  rb_define_method(cX509CRL, "revoked=", ossl_x509crl_set_revoked, 1);
532  rb_define_method(cX509CRL, "add_revoked", ossl_x509crl_add_revoked, 1);
533  rb_define_method(cX509CRL, "sign", ossl_x509crl_sign, 2);
534  rb_define_method(cX509CRL, "verify", ossl_x509crl_verify, 1);
535  rb_define_method(cX509CRL, "to_der", ossl_x509crl_to_der, 0);
536  rb_define_method(cX509CRL, "to_pem", ossl_x509crl_to_pem, 0);
537  rb_define_alias(cX509CRL, "to_s", "to_pem");
538  rb_define_method(cX509CRL, "to_text", ossl_x509crl_to_text, 0);
539  rb_define_method(cX509CRL, "extensions", ossl_x509crl_get_extensions, 0);
540  rb_define_method(cX509CRL, "extensions=", ossl_x509crl_set_extensions, 1);
541  rb_define_method(cX509CRL, "add_extension", ossl_x509crl_add_extension, 1);
542 }
Check_Type
#define Check_Type(v, t)
Definition: ruby.h:595
GetPKeyPtr
EVP_PKEY * GetPKeyPtr(VALUE obj)
Definition: ossl_pkey.c:229
GetX509CRLPtr
X509_CRL * GetX509CRLPtr(VALUE obj)
Definition: ossl_x509crl.c:51
rb_define_module_under
VALUE rb_define_module_under(VALUE outer, const char *name)
Definition: class.c:797
X509_CRL_get0_lastUpdate
#define X509_CRL_get0_lastUpdate(x)
ossl_x509name_new
VALUE ossl_x509name_new(X509_NAME *)
Definition: ossl_x509name.c:56
eX509CRLError
VALUE eX509CRLError
Definition: ossl_x509crl.c:31
GetX509ExtPtr
X509_EXTENSION * GetX509ExtPtr(VALUE)
Definition: ossl_x509ext.c:85
ossl_to_der_if_possible
VALUE ossl_to_der_if_possible(VALUE obj)
Definition: ossl.c:255
i
uint32_t i
Definition: rb_mjit_min_header-2.7.2.h:5460
NUM2LONG
#define NUM2LONG(x)
Definition: ruby.h:679
ossl_membio2str
VALUE ossl_membio2str(BIO *bio)
Definition: ossl_bio.c:29
ossl_x509_time_adjust
ASN1_TIME * ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
Definition: ossl_x509.c:19
VALUE
unsigned long VALUE
Definition: ruby.h:102
asn1time_to_time
VALUE asn1time_to_time(const ASN1_TIME *time)
Definition: ossl_asn1.c:20
ossl_obj2bio
BIO * ossl_obj2bio(volatile VALUE *pobj)
Definition: ossl_bio.c:13
OSSL_Check_Kind
#define OSSL_Check_Kind(obj, klass)
Definition: ossl.h:56
OSSL_BIO_reset
#define OSSL_BIO_reset(bio)
Definition: ossl.h:114
rb_define_module
VALUE rb_define_module(const char *name)
Definition: class.c:772
mX509
VALUE mX509
Definition: ossl_x509.c:12
ossl.h
ossl_x509revoked_new
VALUE ossl_x509revoked_new(X509_REVOKED *)
Definition: ossl_x509revoked.c:51
ossl_clear_error
void ossl_clear_error(void)
Definition: ossl.c:304
DupX509RevokedPtr
X509_REVOKED * DupX509RevokedPtr(VALUE)
Definition: ossl_x509revoked.c:71
rb_define_method
void rb_define_method(VALUE klass, const char *name, VALUE(*func)(ANYARGS), int argc)
Definition: class.c:1551
ptr
struct RIMemo * ptr
Definition: debug.c:65
Qfalse
#define Qfalse
Definition: ruby.h:467
NULL
#define NULL
Definition: _sdbm.c:101
NewX509CRL
#define NewX509CRL(klass)
Definition: ossl_x509crl.c:12
rb_define_alias
void rb_define_alias(VALUE klass, const char *name1, const char *name2)
Defines an alias of a method.
Definition: class.c:1800
ossl_pkey_check_public_key
void ossl_pkey_check_public_key(const EVP_PKEY *pkey)
Definition: ossl_pkey.c:189
X509_CRL_get0_nextUpdate
#define X509_CRL_get0_nextUpdate(x)
LONG2NUM
#define LONG2NUM(x)
Definition: ruby.h:1644
cX509Ext
VALUE cX509Ext
Definition: ossl_x509ext.c:43
mOSSL
VALUE mOSSL
Definition: ossl.c:231
DATA_PTR
#define DATA_PTR(dta)
Definition: ruby.h:1175
klass
VALUE klass
Definition: rb_mjit_min_header-2.7.2.h:13222
time
time_t time(time_t *_timer)
rb_check_frozen
#define rb_check_frozen(obj)
Definition: intern.h:319
rb_ary_push
VALUE rb_ary_push(VALUE ary, VALUE item)
Definition: array.c:1195
OSSL_Debug
#define OSSL_Debug
Definition: ossl.h:148
ossl_raise
void ossl_raise(VALUE exc, const char *fmt,...)
Definition: ossl.c:293
RARRAY_AREF
#define RARRAY_AREF(a, i)
Definition: psych_emitter.c:7
cX509CRL
VALUE cX509CRL
Definition: ossl_x509crl.c:30
GetX509CRL
#define GetX509CRL(obj, crl)
Definition: ossl_x509crl.c:20
ossl_x509crl_new
VALUE ossl_x509crl_new(X509_CRL *crl)
Definition: ossl_x509crl.c:61
arg
VALUE arg
Definition: rb_mjit_min_header-2.7.2.h:5597
key
key
Definition: openssl_missing.h:181
X509_CRL_set1_nextUpdate
#define X509_CRL_set1_nextUpdate(x, t)
rb_scan_args
#define rb_scan_args(argc, argvp, fmt,...)
Definition: rb_mjit_min_header-2.7.2.h:6368
RARRAY_LEN
#define RARRAY_LEN(a)
Definition: ruby.h:1070
SetX509CRL
#define SetX509CRL(obj, crl)
Definition: ossl_x509crl.c:14
npn_select_cb_common_args::in
const unsigned char * in
Definition: ossl_ssl.c:618
rb_cObject
RUBY_EXTERN VALUE rb_cObject
Definition: ruby.h:2010
rb_ary_new2
#define rb_ary_new2
Definition: intern.h:103
X509_CRL_set1_lastUpdate
#define X509_CRL_set1_lastUpdate(x, t)
obj
const VALUE VALUE obj
Definition: rb_mjit_min_header-2.7.2.h:5738
T_ARRAY
#define T_ARRAY
Definition: ruby.h:530
argv
char ** argv
Definition: ruby.c:223
STACK_OF
STACK_OF(X509) *ossl_x509_ary2sk(VALUE)
ossl_x509ext_new
VALUE ossl_x509ext_new(X509_EXTENSION *)
Definition: ossl_x509ext.c:65
GetX509NamePtr
X509_NAME * GetX509NamePtr(VALUE)
Definition: ossl_x509name.c:76
RUBY_TYPED_FREE_IMMEDIATELY
#define RUBY_TYPED_FREE_IMMEDIATELY
Definition: ruby.h:1207
argc
int argc
Definition: ruby.c:222
cX509Rev
VALUE cX509Rev
Definition: ossl_x509revoked.c:30
rb_data_type_struct
Definition: ruby.h:1148
count
int count
Definition: encoding.c:57
Qtrue
#define Qtrue
Definition: ruby.h:468
eOSSLError
VALUE eOSSLError
Definition: ossl.c:236
rb_define_class_under
VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)
Defines a class under the namespace of outer.
Definition: class.c:698
rb_ary_new
VALUE rb_ary_new(void)
Definition: array.c:723
Qnil
#define Qnil
Definition: ruby.h:469
GetPrivPKeyPtr
EVP_PKEY * GetPrivPKeyPtr(VALUE obj)
Definition: ossl_pkey.c:239
ossl_evp_get_digestbyname
const EVP_MD * ossl_evp_get_digestbyname(VALUE obj)
Definition: ossl_digest.c:45
rb_eStandardError
VALUE rb_eStandardError
Definition: error.c:921
Init_ossl_x509crl
void Init_ossl_x509crl(void)
Definition: ossl_x509crl.c:505
rb_define_alloc_func
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
X509_CRL_get0_signature
#define X509_CRL_get0_signature
Definition: openssl_missing.h:82