11cb0ef41Sopenharmony_ci/*
21cb0ef41Sopenharmony_ci * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
31cb0ef41Sopenharmony_ci *
41cb0ef41Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License").  You may not use
51cb0ef41Sopenharmony_ci * this file except in compliance with the License.  You can obtain a copy
61cb0ef41Sopenharmony_ci * in the file LICENSE in the source distribution or at
71cb0ef41Sopenharmony_ci * https://www.openssl.org/source/license.html
81cb0ef41Sopenharmony_ci */
91cb0ef41Sopenharmony_ci
101cb0ef41Sopenharmony_ci#include <stdio.h>
111cb0ef41Sopenharmony_ci#include "internal/cryptlib.h"
121cb0ef41Sopenharmony_ci#include <openssl/asn1.h>
131cb0ef41Sopenharmony_ci#include <openssl/asn1t.h>
141cb0ef41Sopenharmony_ci#include <openssl/conf.h>
151cb0ef41Sopenharmony_ci#include <openssl/x509v3.h>
161cb0ef41Sopenharmony_ci#include "ext_dat.h"
171cb0ef41Sopenharmony_ci
181cb0ef41Sopenharmony_cistatic STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
191cb0ef41Sopenharmony_ci                                                    *method, void *bcons, STACK_OF(CONF_VALUE)
201cb0ef41Sopenharmony_ci                                                    *extlist);
211cb0ef41Sopenharmony_cistatic void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
221cb0ef41Sopenharmony_ci                                    X509V3_CTX *ctx,
231cb0ef41Sopenharmony_ci                                    STACK_OF(CONF_VALUE) *values);
241cb0ef41Sopenharmony_ci
251cb0ef41Sopenharmony_ciconst X509V3_EXT_METHOD ossl_v3_policy_constraints = {
261cb0ef41Sopenharmony_ci    NID_policy_constraints, 0,
271cb0ef41Sopenharmony_ci    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
281cb0ef41Sopenharmony_ci    0, 0, 0, 0,
291cb0ef41Sopenharmony_ci    0, 0,
301cb0ef41Sopenharmony_ci    i2v_POLICY_CONSTRAINTS,
311cb0ef41Sopenharmony_ci    v2i_POLICY_CONSTRAINTS,
321cb0ef41Sopenharmony_ci    NULL, NULL,
331cb0ef41Sopenharmony_ci    NULL
341cb0ef41Sopenharmony_ci};
351cb0ef41Sopenharmony_ci
361cb0ef41Sopenharmony_ciASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
371cb0ef41Sopenharmony_ci        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
381cb0ef41Sopenharmony_ci        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
391cb0ef41Sopenharmony_ci} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
401cb0ef41Sopenharmony_ci
411cb0ef41Sopenharmony_ciIMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
421cb0ef41Sopenharmony_ci
431cb0ef41Sopenharmony_cistatic STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
441cb0ef41Sopenharmony_ci                                                    *method, void *a, STACK_OF(CONF_VALUE)
451cb0ef41Sopenharmony_ci                                                    *extlist)
461cb0ef41Sopenharmony_ci{
471cb0ef41Sopenharmony_ci    POLICY_CONSTRAINTS *pcons = a;
481cb0ef41Sopenharmony_ci    X509V3_add_value_int("Require Explicit Policy",
491cb0ef41Sopenharmony_ci                         pcons->requireExplicitPolicy, &extlist);
501cb0ef41Sopenharmony_ci    X509V3_add_value_int("Inhibit Policy Mapping",
511cb0ef41Sopenharmony_ci                         pcons->inhibitPolicyMapping, &extlist);
521cb0ef41Sopenharmony_ci    return extlist;
531cb0ef41Sopenharmony_ci}
541cb0ef41Sopenharmony_ci
551cb0ef41Sopenharmony_cistatic void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
561cb0ef41Sopenharmony_ci                                    X509V3_CTX *ctx,
571cb0ef41Sopenharmony_ci                                    STACK_OF(CONF_VALUE) *values)
581cb0ef41Sopenharmony_ci{
591cb0ef41Sopenharmony_ci    POLICY_CONSTRAINTS *pcons = NULL;
601cb0ef41Sopenharmony_ci    CONF_VALUE *val;
611cb0ef41Sopenharmony_ci    int i;
621cb0ef41Sopenharmony_ci
631cb0ef41Sopenharmony_ci    if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
641cb0ef41Sopenharmony_ci        ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
651cb0ef41Sopenharmony_ci        return NULL;
661cb0ef41Sopenharmony_ci    }
671cb0ef41Sopenharmony_ci    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
681cb0ef41Sopenharmony_ci        val = sk_CONF_VALUE_value(values, i);
691cb0ef41Sopenharmony_ci        if (strcmp(val->name, "requireExplicitPolicy") == 0) {
701cb0ef41Sopenharmony_ci            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
711cb0ef41Sopenharmony_ci                goto err;
721cb0ef41Sopenharmony_ci        } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
731cb0ef41Sopenharmony_ci            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
741cb0ef41Sopenharmony_ci                goto err;
751cb0ef41Sopenharmony_ci        } else {
761cb0ef41Sopenharmony_ci            ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_NAME,
771cb0ef41Sopenharmony_ci                           "%s", val->name);
781cb0ef41Sopenharmony_ci            goto err;
791cb0ef41Sopenharmony_ci        }
801cb0ef41Sopenharmony_ci    }
811cb0ef41Sopenharmony_ci    if (pcons->inhibitPolicyMapping == NULL
821cb0ef41Sopenharmony_ci            && pcons->requireExplicitPolicy == NULL) {
831cb0ef41Sopenharmony_ci        ERR_raise(ERR_LIB_X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
841cb0ef41Sopenharmony_ci        goto err;
851cb0ef41Sopenharmony_ci    }
861cb0ef41Sopenharmony_ci
871cb0ef41Sopenharmony_ci    return pcons;
881cb0ef41Sopenharmony_ci err:
891cb0ef41Sopenharmony_ci    POLICY_CONSTRAINTS_free(pcons);
901cb0ef41Sopenharmony_ci    return NULL;
911cb0ef41Sopenharmony_ci}
92