xref: /third_party/wpa_supplicant/wpa_supplicant-2.9/hs20/client/est.c

31 static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
52 		write_result(ctx, "Could not parse PKCS#7 object from EST");
60 		write_result(ctx, "Could not parse PKCS#7 object from EST");
79 		write_result(ctx, "No certificates found in PKCS#7 object");
121 int est_load_cacerts(struct hs20_osu_client *ctx, const char *url)
136 	write_summary(ctx, "Download EST cacerts from %s", buf);
137 	ctx->no_osu_cert_validation = 1;
138 	http_ocsp_set(ctx->http, 1);
139 	res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt",
140 				 ctx->ca_fname);
141 	http_ocsp_set(ctx->http,
142 		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
143 	ctx->no_osu_cert_validation = 0;
147 		write_result(ctx, "Failed to download EST cacerts from %s",
157 		write_result(ctx, "Could not read EST cacerts");
180 		write_result(ctx, "Could not fetch EST PKCS#7 cacerts");
184 	res = pkcs7_to_cert(ctx, pkcs7, pkcs7_len, "Cert/est-cacerts.pem",
189 		write_result(ctx, "Could not parse CA certs from EST PKCS#7 cacerts response");
249 static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid,
272 static void add_csrattrs_ext_req(struct hs20_osu_client *ctx,
303 static void add_csrattrs_attr(struct hs20_osu_client *ctx, Attribute *attr,
317 		add_csrattrs_ext_req(ctx, attr->values, exts);
335 static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
352 			add_csrattrs_oid(ctx, ao->d.oid, exts);
355 			add_csrattrs_attr(ctx, ao->d.attribute, exts);
373 			add_csrattrs_oid(ctx, ao->d.oid, exts);
376 			add_csrattrs_attr(ctx, ao->d.attribute, exts);
384 static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
402 	write_summary(ctx, "Generate RSA private key");
437 	write_summary(ctx, "Generate CSR");
499 	add_csrattrs(ctx, csrattrs, exts);
602 int est_build_csr(struct hs20_osu_client *ctx, const char *url)
618 	write_summary(ctx, "Download EST csrattrs from %s", buf);
619 	ctx->no_osu_cert_validation = 1;
620 	http_ocsp_set(ctx->http, 1);
621 	res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt",
622 				 ctx->ca_fname);
623 	http_ocsp_set(ctx->http,
624 		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
625 	ctx->no_osu_cert_validation = 0;
661 	if (ctx->client_cert_present) {
663 			    "SP/%s/client-cert.pem", ctx->fqdn);
667 	res = generate_csr(ctx, "Cert/privkey-plain.pem", "Cert/est-req.pem",
676 int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
708 	if (ctx->client_cert_present) {
711 			    "SP/%s/client-cert.pem", ctx->fqdn);
714 			    "SP/%s/client-key.pem", ctx->fqdn);
719 	write_summary(ctx, "EST simpleenroll URL: %s", buf);
720 	ctx->no_osu_cert_validation = 1;
721 	http_ocsp_set(ctx->http, 1);
722 	resp = http_post(ctx->http, buf, req, "application/pkcs10",
724 			 ctx->ca_fname, user, pw, client_cert, client_key,
726 	http_ocsp_set(ctx->http,
727 		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
728 	ctx->no_osu_cert_validation = 0;
732 		write_result(ctx, "EST certificate enrollment failed");
750 		write_result(ctx, "Failed to parse EST simpleenroll base64 response");
754 	res = pkcs7_to_cert(ctx, pkcs7, pkcs7_len, "Cert/est_cert.pem",
760 		write_result(ctx, "EST: Failed to extract certificate from EST PKCS7 file");
765 		   ctx->client_cert_present ? "re" : "");
766 	write_summary(ctx, "EST simple%senroll completed successfully",
767 		      ctx->client_cert_present ? "re" : "");

Indexes created Thu Nov 07 10:32:03 CST 2024