Ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5ad0e4688e963d9de019557c78feed9)
ossl_x509crl.c
Go to the documentation of this file.
1/*
2 * 'OpenSSL for Ruby' project
3 * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4 * All rights reserved.
5 */
6/*
7 * This program is licensed under the same licence as Ruby.
8 * (See the file 'LICENCE'.)
9 */
10#include "ossl.h"
11
12#define NewX509CRL(klass) \
13 TypedData_Wrap_Struct((klass), &ossl_x509crl_type, 0)
14#define SetX509CRL(obj, crl) do { \
15 if (!(crl)) { \
16 ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
17 } \
18 RTYPEDDATA_DATA(obj) = (crl); \
19} while (0)
20#define GetX509CRL(obj, crl) do { \
21 TypedData_Get_Struct((obj), X509_CRL, &ossl_x509crl_type, (crl)); \
22 if (!(crl)) { \
23 ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
24 } \
25} while (0)
26
27/*
28 * Classes
29 */
32
33static void
34ossl_x509crl_free(void *ptr)
35{
36 X509_CRL_free(ptr);
37}
38
39static const rb_data_type_t ossl_x509crl_type = {
40 "OpenSSL/X509/CRL",
41 {
42 0, ossl_x509crl_free,
43 },
45};
46
47/*
48 * PUBLIC
49 */
50X509_CRL *
52{
53 X509_CRL *crl;
54
55 GetX509CRL(obj, crl);
56
57 return crl;
58}
59
61ossl_x509crl_new(X509_CRL *crl)
62{
63 X509_CRL *tmp;
64 VALUE obj;
65
67 tmp = crl ? X509_CRL_dup(crl) : X509_CRL_new();
68 if(!tmp) ossl_raise(eX509CRLError, NULL);
69 SetX509CRL(obj, tmp);
70
71 return obj;
72}
73
74/*
75 * PRIVATE
76 */
77static VALUE
78ossl_x509crl_alloc(VALUE klass)
79{
80 X509_CRL *crl;
81 VALUE obj;
82
84 if (!(crl = X509_CRL_new())) {
86 }
87 SetX509CRL(obj, crl);
88
89 return obj;
90}
91
92static VALUE
93ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
94{
95 BIO *in;
96 X509_CRL *crl, *x = DATA_PTR(self);
97 VALUE arg;
98
99 if (rb_scan_args(argc, argv, "01", &arg) == 0) {
100 return self;
101 }
103 in = ossl_obj2bio(&arg);
104 crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
105 DATA_PTR(self) = x;
106 if (!crl) {
107 OSSL_BIO_reset(in);
108 crl = d2i_X509_CRL_bio(in, &x);
109 DATA_PTR(self) = x;
110 }
111 BIO_free(in);
112 if (!crl) ossl_raise(eX509CRLError, NULL);
113
114 return self;
115}
116
117static VALUE
118ossl_x509crl_copy(VALUE self, VALUE other)
119{
120 X509_CRL *a, *b, *crl;
121
122 rb_check_frozen(self);
123 if (self == other) return self;
124 GetX509CRL(self, a);
125 GetX509CRL(other, b);
126 if (!(crl = X509_CRL_dup(b))) {
128 }
129 X509_CRL_free(a);
130 DATA_PTR(self) = crl;
131
132 return self;
133}
134
135static VALUE
136ossl_x509crl_get_version(VALUE self)
137{
138 X509_CRL *crl;
139 long ver;
140
141 GetX509CRL(self, crl);
142 ver = X509_CRL_get_version(crl);
143
144 return LONG2NUM(ver);
145}
146
147static VALUE
148ossl_x509crl_set_version(VALUE self, VALUE version)
149{
150 X509_CRL *crl;
151 long ver;
152
153 if ((ver = NUM2LONG(version)) < 0) {
154 ossl_raise(eX509CRLError, "version must be >= 0!");
155 }
156 GetX509CRL(self, crl);
157 if (!X509_CRL_set_version(crl, ver)) {
159 }
160
161 return version;
162}
163
164static VALUE
165ossl_x509crl_get_signature_algorithm(VALUE self)
166{
167 X509_CRL *crl;
168 const X509_ALGOR *alg;
169 BIO *out;
170
171 GetX509CRL(self, crl);
172 if (!(out = BIO_new(BIO_s_mem()))) {
174 }
175 X509_CRL_get0_signature(crl, NULL, &alg);
176 if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
177 BIO_free(out);
179 }
180
181 return ossl_membio2str(out);
182}
183
184static VALUE
185ossl_x509crl_get_issuer(VALUE self)
186{
187 X509_CRL *crl;
188
189 GetX509CRL(self, crl);
190
191 return ossl_x509name_new(X509_CRL_get_issuer(crl)); /* NO DUP - don't free */
192}
193
194static VALUE
195ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
196{
197 X509_CRL *crl;
198
199 GetX509CRL(self, crl);
200
201 if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */
203 }
204 return issuer;
205}
206
207static VALUE
208ossl_x509crl_get_last_update(VALUE self)
209{
210 X509_CRL *crl;
211 const ASN1_TIME *time;
212
213 GetX509CRL(self, crl);
215 if (!time)
216 return Qnil;
217
218 return asn1time_to_time(time);
219}
220
221static VALUE
222ossl_x509crl_set_last_update(VALUE self, VALUE time)
223{
224 X509_CRL *crl;
225 ASN1_TIME *asn1time;
226
227 GetX509CRL(self, crl);
228 asn1time = ossl_x509_time_adjust(NULL, time);
229 if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
230 ASN1_TIME_free(asn1time);
231 ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
232 }
233 ASN1_TIME_free(asn1time);
234
235 return time;
236}
237
238static VALUE
239ossl_x509crl_get_next_update(VALUE self)
240{
241 X509_CRL *crl;
242 const ASN1_TIME *time;
243
244 GetX509CRL(self, crl);
246 if (!time)
247 return Qnil;
248
249 return asn1time_to_time(time);
250}
251
252static VALUE
253ossl_x509crl_set_next_update(VALUE self, VALUE time)
254{
255 X509_CRL *crl;
256 ASN1_TIME *asn1time;
257
258 GetX509CRL(self, crl);
259 asn1time = ossl_x509_time_adjust(NULL, time);
260 if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
261 ASN1_TIME_free(asn1time);
262 ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
263 }
264 ASN1_TIME_free(asn1time);
265
266 return time;
267}
268
269static VALUE
270ossl_x509crl_get_revoked(VALUE self)
271{
272 X509_CRL *crl;
273 int i, num;
274 X509_REVOKED *rev;
275 VALUE ary, revoked;
276
277 GetX509CRL(self, crl);
278 num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
279 if (num < 0) {
280 OSSL_Debug("num < 0???");
281 return rb_ary_new();
282 }
283 ary = rb_ary_new2(num);
284 for(i=0; i<num; i++) {
285 /* NO DUP - don't free! */
286 rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
287 revoked = ossl_x509revoked_new(rev);
288 rb_ary_push(ary, revoked);
289 }
290
291 return ary;
292}
293
294static VALUE
295ossl_x509crl_set_revoked(VALUE self, VALUE ary)
296{
297 X509_CRL *crl;
298 X509_REVOKED *rev;
299 STACK_OF(X509_REVOKED) *sk;
300 long i;
301
302 Check_Type(ary, T_ARRAY);
303 /* All ary members should be X509 Revoked */
304 for (i=0; i<RARRAY_LEN(ary); i++) {
306 }
307 GetX509CRL(self, crl);
308 if ((sk = X509_CRL_get_REVOKED(crl))) {
309 while ((rev = sk_X509_REVOKED_pop(sk)))
310 X509_REVOKED_free(rev);
311 }
312 for (i=0; i<RARRAY_LEN(ary); i++) {
313 rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
314 if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
315 X509_REVOKED_free(rev);
316 ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
317 }
318 }
319 X509_CRL_sort(crl);
320
321 return ary;
322}
323
324static VALUE
325ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
326{
327 X509_CRL *crl;
328 X509_REVOKED *rev;
329
330 GetX509CRL(self, crl);
331 rev = DupX509RevokedPtr(revoked);
332 if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
333 X509_REVOKED_free(rev);
334 ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
335 }
336 X509_CRL_sort(crl);
337
338 return revoked;
339}
340
341static VALUE
342ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
343{
344 X509_CRL *crl;
345 EVP_PKEY *pkey;
346 const EVP_MD *md;
347
348 GetX509CRL(self, crl);
349 pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
350 md = ossl_evp_get_digestbyname(digest);
351 if (!X509_CRL_sign(crl, pkey, md)) {
353 }
354
355 return self;
356}
357
358static VALUE
359ossl_x509crl_verify(VALUE self, VALUE key)
360{
361 X509_CRL *crl;
362 EVP_PKEY *pkey;
363
364 GetX509CRL(self, crl);
365 pkey = GetPKeyPtr(key);
367 switch (X509_CRL_verify(crl, pkey)) {
368 case 1:
369 return Qtrue;
370 case 0:
372 return Qfalse;
373 default:
375 }
376}
377
378static VALUE
379ossl_x509crl_to_der(VALUE self)
380{
381 X509_CRL *crl;
382 BIO *out;
383
384 GetX509CRL(self, crl);
385 if (!(out = BIO_new(BIO_s_mem()))) {
387 }
388 if (!i2d_X509_CRL_bio(out, crl)) {
389 BIO_free(out);
391 }
392
393 return ossl_membio2str(out);
394}
395
396static VALUE
397ossl_x509crl_to_pem(VALUE self)
398{
399 X509_CRL *crl;
400 BIO *out;
401
402 GetX509CRL(self, crl);
403 if (!(out = BIO_new(BIO_s_mem()))) {
405 }
406 if (!PEM_write_bio_X509_CRL(out, crl)) {
407 BIO_free(out);
409 }
410
411 return ossl_membio2str(out);
412}
413
414static VALUE
415ossl_x509crl_to_text(VALUE self)
416{
417 X509_CRL *crl;
418 BIO *out;
419
420 GetX509CRL(self, crl);
421 if (!(out = BIO_new(BIO_s_mem()))) {
423 }
424 if (!X509_CRL_print(out, crl)) {
425 BIO_free(out);
427 }
428
429 return ossl_membio2str(out);
430}
431
432/*
433 * Gets X509v3 extensions as array of X509Ext objects
434 */
435static VALUE
436ossl_x509crl_get_extensions(VALUE self)
437{
438 X509_CRL *crl;
439 int count, i;
440 X509_EXTENSION *ext;
441 VALUE ary;
442
443 GetX509CRL(self, crl);
444 count = X509_CRL_get_ext_count(crl);
445 if (count < 0) {
446 OSSL_Debug("count < 0???");
447 return rb_ary_new();
448 }
449 ary = rb_ary_new2(count);
450 for (i=0; i<count; i++) {
451 ext = X509_CRL_get_ext(crl, i); /* NO DUP - don't free! */
452 rb_ary_push(ary, ossl_x509ext_new(ext));
453 }
454
455 return ary;
456}
457
458/*
459 * Sets X509_EXTENSIONs
460 */
461static VALUE
462ossl_x509crl_set_extensions(VALUE self, VALUE ary)
463{
464 X509_CRL *crl;
465 X509_EXTENSION *ext;
466 long i;
467
468 Check_Type(ary, T_ARRAY);
469 /* All ary members should be X509 Extensions */
470 for (i=0; i<RARRAY_LEN(ary); i++) {
472 }
473 GetX509CRL(self, crl);
474 while ((ext = X509_CRL_delete_ext(crl, 0)))
475 X509_EXTENSION_free(ext);
476 for (i=0; i<RARRAY_LEN(ary); i++) {
477 ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
478 if (!X509_CRL_add_ext(crl, ext, -1)) {
480 }
481 }
482
483 return ary;
484}
485
486static VALUE
487ossl_x509crl_add_extension(VALUE self, VALUE extension)
488{
489 X509_CRL *crl;
490 X509_EXTENSION *ext;
491
492 GetX509CRL(self, crl);
493 ext = GetX509ExtPtr(extension);
494 if (!X509_CRL_add_ext(crl, ext, -1)) {
496 }
497
498 return extension;
499}
500
501/*
502 * INIT
503 */
504void
506{
507#if 0
508 mOSSL = rb_define_module("OpenSSL");
511#endif
512
514
516
517 rb_define_alloc_func(cX509CRL, ossl_x509crl_alloc);
518 rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1);
519 rb_define_method(cX509CRL, "initialize_copy", ossl_x509crl_copy, 1);
520
521 rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0);
522 rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1);
523 rb_define_method(cX509CRL, "signature_algorithm", ossl_x509crl_get_signature_algorithm, 0);
524 rb_define_method(cX509CRL, "issuer", ossl_x509crl_get_issuer, 0);
525 rb_define_method(cX509CRL, "issuer=", ossl_x509crl_set_issuer, 1);
526 rb_define_method(cX509CRL, "last_update", ossl_x509crl_get_last_update, 0);
527 rb_define_method(cX509CRL, "last_update=", ossl_x509crl_set_last_update, 1);
528 rb_define_method(cX509CRL, "next_update", ossl_x509crl_get_next_update, 0);
529 rb_define_method(cX509CRL, "next_update=", ossl_x509crl_set_next_update, 1);
530 rb_define_method(cX509CRL, "revoked", ossl_x509crl_get_revoked, 0);
531 rb_define_method(cX509CRL, "revoked=", ossl_x509crl_set_revoked, 1);
532 rb_define_method(cX509CRL, "add_revoked", ossl_x509crl_add_revoked, 1);
533 rb_define_method(cX509CRL, "sign", ossl_x509crl_sign, 2);
534 rb_define_method(cX509CRL, "verify", ossl_x509crl_verify, 1);
535 rb_define_method(cX509CRL, "to_der", ossl_x509crl_to_der, 0);
536 rb_define_method(cX509CRL, "to_pem", ossl_x509crl_to_pem, 0);
537 rb_define_alias(cX509CRL, "to_s", "to_pem");
538 rb_define_method(cX509CRL, "to_text", ossl_x509crl_to_text, 0);
539 rb_define_method(cX509CRL, "extensions", ossl_x509crl_get_extensions, 0);
540 rb_define_method(cX509CRL, "extensions=", ossl_x509crl_set_extensions, 1);
541 rb_define_method(cX509CRL, "add_extension", ossl_x509crl_add_extension, 1);
542}
struct RIMemo * ptr
Definition: debug.c:65
int count
Definition: encoding.c:57
VALUE rb_define_class_under(VALUE, const char *, VALUE)
Defines a class under the namespace of outer.
Definition: class.c:711
VALUE rb_define_module(const char *)
Definition: class.c:785
VALUE rb_define_module_under(VALUE, const char *)
Definition: class.c:810
void rb_define_alias(VALUE, const char *, const char *)
Defines an alias of a method.
Definition: class.c:1818
VALUE rb_cObject
Object class.
Definition: ruby.h:2012
VALUE rb_eStandardError
Definition: error.c:921
#define X509_CRL_get0_signature
#define X509_CRL_get0_nextUpdate(x)
#define X509_CRL_set1_lastUpdate(x, t)
#define X509_CRL_set1_nextUpdate(x, t)
#define X509_CRL_get0_lastUpdate(x)
VALUE mOSSL
Definition: ossl.c:231
VALUE ossl_to_der_if_possible(VALUE obj)
Definition: ossl.c:255
void ossl_raise(VALUE exc, const char *fmt,...)
Definition: ossl.c:293
VALUE eOSSLError
Definition: ossl.c:236
void ossl_clear_error(void)
Definition: ossl.c:304
#define OSSL_BIO_reset(bio)
Definition: ossl.h:115
#define OSSL_Check_Kind(obj, klass)
Definition: ossl.h:57
STACK_OF(X509) *ossl_x509_ary2sk(VALUE)
#define OSSL_Debug
Definition: ossl.h:149
VALUE asn1time_to_time(const ASN1_TIME *time)
Definition: ossl_asn1.c:20
BIO * ossl_obj2bio(volatile VALUE *pobj)
Definition: ossl_bio.c:13
VALUE ossl_membio2str(BIO *bio)
Definition: ossl_bio.c:29
const EVP_MD * ossl_evp_get_digestbyname(VALUE obj)
Definition: ossl_digest.c:45
EVP_PKEY * GetPrivPKeyPtr(VALUE obj)
Definition: ossl_pkey.c:239
void ossl_pkey_check_public_key(const EVP_PKEY *pkey)
Definition: ossl_pkey.c:189
EVP_PKEY * GetPKeyPtr(VALUE obj)
Definition: ossl_pkey.c:229
ASN1_TIME * ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
Definition: ossl_x509.c:19
VALUE mX509
Definition: ossl_x509.c:12
VALUE ossl_x509name_new(X509_NAME *)
Definition: ossl_x509name.c:56
X509_NAME * GetX509NamePtr(VALUE)
Definition: ossl_x509name.c:76
X509_REVOKED * DupX509RevokedPtr(VALUE)
VALUE cX509Rev
VALUE cX509Ext
Definition: ossl_x509ext.c:43
VALUE ossl_x509ext_new(X509_EXTENSION *)
Definition: ossl_x509ext.c:65
VALUE ossl_x509revoked_new(X509_REVOKED *)
X509_EXTENSION * GetX509ExtPtr(VALUE)
Definition: ossl_x509ext.c:85
#define NewX509CRL(klass)
Definition: ossl_x509crl.c:12
VALUE eX509CRLError
Definition: ossl_x509crl.c:31
VALUE cX509CRL
Definition: ossl_x509crl.c:30
#define SetX509CRL(obj, crl)
Definition: ossl_x509crl.c:14
void Init_ossl_x509crl(void)
Definition: ossl_x509crl.c:505
#define GetX509CRL(obj, crl)
Definition: ossl_x509crl.c:20
X509_CRL * GetX509CRLPtr(VALUE obj)
Definition: ossl_x509crl.c:51
VALUE ossl_x509crl_new(X509_CRL *crl)
Definition: ossl_x509crl.c:61
#define RARRAY_LEN(a)
#define NULL
time_t time(time_t *_timer)
const VALUE VALUE obj
#define rb_check_frozen(obj)
VALUE rb_ary_push(VALUE, VALUE)
Definition: array.c:1195
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
uint32_t i
#define LONG2NUM(x)
#define RUBY_TYPED_FREE_IMMEDIATELY
VALUE rb_ary_new(void)
Definition: array.c:723
#define rb_scan_args(argc, argvp, fmt,...)
#define Qtrue
#define Qnil
#define Qfalse
#define DATA_PTR(dta)
#define T_ARRAY
const VALUE * argv
#define Check_Type(v, t)
#define NUM2LONG(x)
void rb_define_method(VALUE, const char *, VALUE(*)(), int)
#define rb_ary_new2
#define RARRAY_AREF(a, i)
unsigned long VALUE
Definition: ruby.h:102