Add certificate policy of type any policy id

Add a function for getting the certificate policy. Currently only
"Any Policy" is supported.
This commit is contained in:
Ron Eldor 2019-03-25 18:22:52 +02:00
parent a96f4fe94e
commit 11ee07191f
5 changed files with 67 additions and 0 deletions

View file

@ -167,6 +167,11 @@
#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* Certificate policies
*/
#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
/*
* Netscape certificate extensions
*/
@ -576,6 +581,16 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_
*/
int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
/**
* \brief Translate certificate policies OID into description
*
* \param oid OID to use
* \param desc place to store string pointer
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
/**
* \brief Translate md_type into hash algorithm OID
*

View file

@ -296,6 +296,15 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
{
{ ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" },
{ NULL, 0, NULL, NULL },
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
#if defined(MBEDTLS_MD_C)
/*
* For SignatureAlgorithmIdentifier

View file

@ -116,6 +116,7 @@ add_test_suite(mdx)
add_test_suite(memory_buffer_alloc)
add_test_suite(mpi)
add_test_suite(nist_kw)
add_test_suite(oid)
add_test_suite(pem)
add_test_suite(pkcs1_v15)
add_test_suite(pkcs1_v21)

View file

@ -0,0 +1,8 @@
OID get Any Policy certificate policy
oid_get_certificate_policies:"551D2000":"Any Policy"
OID get certificate policy invalid oid
oid_get_certificate_policies:"5533445566":""
OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
oid_get_certificate_policies:"551D23":""

View file

@ -0,0 +1,34 @@
/* BEGIN_HEADER */
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "string.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_OID_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C*/
void oid_get_certificate_policies( data_t * oid, char * result_str )
{
mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
int ret;
const char *desc;
asn1_buf.tag = MBEDTLS_ASN1_OID;
asn1_buf.p = oid->x;
asn1_buf.len = oid->len;
ret = mbedtls_oid_get_certificate_policies( &asn1_buf, &desc );
if( strlen( result_str ) == 0 )
{
TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
}
else
{
TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 );
}
}
/* END_CASE */