Add demos to CMake

2026-05-06 16:36:16 +08:00 · 2023-02-06 22:14:34 +08:00
parent 895dbeee5b
commit d4d2f64aaa
68 changed files with 537 additions and 758 deletions
--- a/src/x509_ext.c
+++ b/src/x509_ext.c
@@ -18,11 +18,115 @@
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
 #include <gmssl/x509.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/error.h>


+
+static uint32_t oid_ce_subject_directory_attributes[] = { oid_ce,9 };
+static uint32_t oid_ce_subject_key_identifier[] = { oid_ce,14 };
+static uint32_t oid_ce_key_usage[] = { oid_ce,15 };
+static uint32_t oid_ce_subject_alt_name[] = { oid_ce,17 };
+static uint32_t oid_ce_issuer_alt_name[] = { oid_ce,18 };
+static uint32_t oid_ce_basic_constraints[] = { oid_ce,19 };
+static uint32_t oid_ce_name_constraints[] = { oid_ce,30 };
+static uint32_t oid_ce_crl_distribution_points[] = { oid_ce,31 };
+static uint32_t oid_ce_certificate_policies[] = { oid_ce,32 };
+static uint32_t oid_ce_policy_mappings[] = { oid_ce,33 };
+static uint32_t oid_ce_authority_key_identifier[] = { oid_ce,35 };
+static uint32_t oid_ce_policy_constraints[] = { oid_ce,36 };
+static uint32_t oid_ce_ext_key_usage[] = { oid_ce,37 };
+static uint32_t oid_ce_freshest_crl[] = { oid_ce,46 };
+static uint32_t oid_ce_inhibit_any_policy[] = { oid_ce,54 };
+static uint32_t oid_ce_crl_reasons[] = { oid_ce,21 }; // crl_entry_ext
+static uint32_t oid_ce_invalidity_date[] = { oid_ce,24 }; // crl_entry_ext
+static uint32_t oid_ce_certificate_issuer[] = { oid_ce,29 }; // crl_entry_ext
+#define OID_CE_CNT sizeof(oid_ce_subject_directory_attributes)/sizeof(int)
+static uint32_t oid_netscape_cert_type[] = { 2,16,840,1,113730,1,1 };
+static uint32_t oid_netscape_cert_comment[] = { 2,16,840,1,113730,1,13 };
+static uint32_t oid_pe_authority_info_access[] = { 1,3,6,1,5,5,7,1,1 };
+static uint32_t oid_ct_precertificate_scts[] = { 1,3,6,1,4,1,11129,2,4,2 };
+
+static const ASN1_OID_INFO x509_ext_ids[] = {
+	{ OID_ce_authority_key_identifier, "AuthorityKeyIdentifier", oid_ce_authority_key_identifier, OID_CE_CNT },
+	{ OID_ce_subject_key_identifier, "SubjectKeyIdentifier", oid_ce_subject_key_identifier, OID_CE_CNT },
+	{ OID_ce_key_usage, "KeyUsage", oid_ce_key_usage, OID_CE_CNT },
+	{ OID_ce_certificate_policies, "CertificatePolicies", oid_ce_certificate_policies, OID_CE_CNT },
+	{ OID_ce_policy_mappings, "PolicyMappings", oid_ce_policy_mappings, OID_CE_CNT },
+	{ OID_ce_subject_alt_name, "SubjectAltName", oid_ce_subject_alt_name, OID_CE_CNT },
+	{ OID_ce_issuer_alt_name, "IssuerAltName", oid_ce_issuer_alt_name, OID_CE_CNT },
+	{ OID_ce_subject_directory_attributes, "SubjectDirectoryAttributes", oid_ce_subject_directory_attributes, OID_CE_CNT },
+	{ OID_ce_basic_constraints, "BasicConstraints", oid_ce_basic_constraints, OID_CE_CNT },
+	{ OID_ce_name_constraints, "NameConstraints", oid_ce_name_constraints, OID_CE_CNT },
+	{ OID_ce_policy_constraints, "PolicyConstraints", oid_ce_policy_constraints, OID_CE_CNT },
+	{ OID_ce_ext_key_usage, "ExtKeyUsage", oid_ce_ext_key_usage, OID_CE_CNT },
+	{ OID_ce_crl_distribution_points, "CRLDistributionPoints", oid_ce_crl_distribution_points, OID_CE_CNT },
+	{ OID_ce_inhibit_any_policy, "InhibitAnyPolicy", oid_ce_inhibit_any_policy, OID_CE_CNT },
+	{ OID_ce_freshest_crl, "FreshestCRL", oid_ce_freshest_crl, OID_CE_CNT },
+	{ OID_ce_crl_reasons, "CRLReasons", oid_ce_crl_reasons, OID_CE_CNT },
+	{ OID_ce_invalidity_date, "InvalidityDate", oid_ce_invalidity_date, OID_CE_CNT },
+	{ OID_ce_certificate_issuer, "CertificateIssuer", oid_ce_certificate_issuer, OID_CE_CNT },
+	{ OID_netscape_cert_type, "NetscapeCertType", oid_netscape_cert_type, sizeof(oid_netscape_cert_type)/sizeof(int) },
+	{ OID_netscape_cert_comment, "NetscapeCertComment", oid_netscape_cert_comment, sizeof(oid_netscape_cert_comment)/sizeof(int) },
+	{ OID_pe_authority_info_access, "AuthorityInformationAccess", oid_pe_authority_info_access, sizeof(oid_pe_authority_info_access)/sizeof(int) },
+	{ OID_ct_precertificate_scts, "CT-PrecertificateSCTs", oid_ct_precertificate_scts, sizeof(oid_ct_precertificate_scts)/sizeof(int) },
+};
+
+static const int x509_ext_ids_count =
+	sizeof(x509_ext_ids)/sizeof(x509_ext_ids[0]);
+
+const char *x509_ext_id_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (oid == 0) {
+		return NULL;
+	}
+	if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+int x509_ext_id_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_ext_ids, x509_ext_ids_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+// 如果要支持未知的ext_id，应该提供一个callback
+int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+
+	if ((ret = asn1_oid_info_from_der_ex(&info, nodes, nodes_cnt, x509_ext_ids, x509_ext_ids_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info ? info->oid : 0;
+	return 1;
+}
+
 int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen)
 {
 	size_t len = 0;
@@ -1433,6 +1537,68 @@ err:
 	return -1;
 }

+
+
+
+static uint32_t oid_qt_cps[] = { oid_qt,1 };
+static uint32_t oid_qt_unotice[] = {oid_qt,2 };
+
+static const ASN1_OID_INFO x509_qt_ids[] = {
+	{ OID_qt_cps, "CPS", oid_qt_cps, sizeof(oid_qt_cps)/sizeof(int) },
+	{ OID_qt_unotice, "userNotice", oid_qt_unotice, sizeof(oid_qt_unotice)/sizeof(int) }
+};
+
+static const int x509_qt_ids_count =
+	sizeof(x509_qt_ids)/sizeof(x509_qt_ids[0]);
+
+int x509_qualifier_id_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_qt_ids, x509_qt_ids_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+const char *x509_qualifier_id_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_qt_ids, x509_qt_ids_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_qt_ids, x509_qt_ids_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+	if ((ret = asn1_oid_info_from_der(&info, x509_qt_ids, x509_qt_ids_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info->oid;
+	return 1;
+}
+
+
 int x509_policy_qualifier_info_to_der(
 	int oid,
 	const uint8_t *qualifier, size_t qualifier_len,
@@ -1513,6 +1679,61 @@ int x509_policy_qualifier_infos_print(FILE *fp, int fmt, int ind, const char *la
 	return 1;
 }

+
+int x509_cert_policy_id_from_name(const char *name)
+{
+	if (strcmp(name, "anyPolicy") == 0) {
+		return OID_any_policy;
+	}
+	return OID_undef;
+}
+
+char *x509_cert_policy_id_name(int oid)
+{
+	switch (oid) {
+	case OID_any_policy: return "anyPolicy";
+	}
+	return NULL;
+}
+
+static uint32_t oid_any_policy[] = { oid_ce,32,0 };
+
+int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen)
+{
+	switch (oid) {
+	case OID_any_policy:
+		if (asn1_object_identifier_to_der(oid_any_policy, sizeof(oid_any_policy)/sizeof(int), out, outlen) != 1) {
+			error_print();
+			return -1;
+		}
+		break;
+	case OID_undef:
+		if (asn1_object_identifier_to_der(nodes, nodes_cnt, out, outlen) != 1) {
+			error_print();
+			return -1;
+		}
+		break;
+	default:
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	if ((ret = asn1_object_identifier_from_der(nodes, nodes_cnt, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	if (asn1_object_identifier_equ(nodes, *nodes_cnt, oid_any_policy, oid_cnt(oid_any_policy)))
+		*oid = OID_any_policy;
+	else	*oid = 0;
+	return 1;
+}
+
 int x509_policy_information_to_der(
 	int oid, const uint32_t *nodes, size_t nodes_cnt,
 	const uint8_t *qualifiers, size_t qualifiers_len,
@@ -2105,6 +2326,90 @@ err:
 	return -1;
 }

+
+static uint32_t oid_any_extended_key_usage[] = { oid_ce,37,0 };
+
+#define oid_kp oid_pkix,3
+
+static uint32_t oid_kp_server_auth[] = { oid_kp,1 };
+static uint32_t oid_kp_client_auth[] = { oid_kp,2 };
+static uint32_t oid_kp_code_signing[] = { oid_kp,3 };
+static uint32_t oid_kp_email_protection[] = { oid_kp,4 };
+static uint32_t oid_kp_time_stamping[] = { oid_kp,8 };
+static uint32_t oid_kp_ocsp_signing[] = { oid_kp,9 };
+#define OID_KP_CNT sizeof(oid_kp_server_auth)/sizeof(int)
+
+static const ASN1_OID_INFO x509_key_purposes[] = {
+	{ OID_any_extended_key_usage, "anyExtendedKeyUsage", oid_any_extended_key_usage, sizeof(oid_any_extended_key_usage)/sizeof(uint32_t), 0, "Any Extended Key Usage" },
+	{ OID_kp_server_auth, "serverAuth", oid_kp_server_auth, OID_KP_CNT, 0, "TLS WWW server authentication" },
+	{ OID_kp_client_auth, "clientAuth", oid_kp_client_auth, OID_KP_CNT, 0, "TLS WWW client authentication" },
+	{ OID_kp_code_signing, "codeSigning", oid_kp_code_signing, OID_KP_CNT, 0, "Signing of downloadable executable code" },
+	{ OID_kp_email_protection, "emailProtection", oid_kp_email_protection, OID_KP_CNT, 0, "Email protection" },
+	{ OID_kp_time_stamping, "timeStamping", oid_kp_time_stamping, OID_KP_CNT, 0, "Binding the hash of an object to a time" },
+	{ OID_kp_ocsp_signing, "OCSPSigning", oid_kp_ocsp_signing, OID_KP_CNT, 0, "Signing OCSP responses" },
+};
+
+static const int x509_key_purposes_count =
+	sizeof(x509_key_purposes)/sizeof(x509_key_purposes[0]);
+
+int x509_key_purpose_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_key_purposes, x509_key_purposes_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+const char *x509_key_purpose_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+const char *x509_key_purpose_text(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->description;
+}
+
+int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+	if ((ret = asn1_oid_info_from_der(&info, x509_key_purposes, x509_key_purposes_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info->oid;
+	return 1;
+}
+
+
 int x509_ext_key_usage_to_der(const int *oids, size_t oids_cnt, uint8_t **out, size_t *outlen)
 {
 	size_t len = 0;