--- /dev/null
+/*
+ * Copyright (c) 2000,2002,2005-2006 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * The contents of this file constitute Original Code as defined in and
+ * are subject to the Apple Public Source License Version 1.1 (the
+ * "License"). You may not use this file except in compliance with the
+ * License. Please obtain a copy of the License at
+ * http://www.apple.com/publicsource and read it before using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
+ * License for the specific language governing rights and limitations
+ * under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * ocspdNetwork.cpp - Network support for ocspd and CRL/cert fetch
+ */
+
+#include <security_ocspd/ocspdDebug.h>
+#include "ocspNetwork.h"
+#include <security_ocspd/ocspdUtils.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <CoreServices/CoreServices.h>
+#include <security_cdsa_utils/cuEnc64.h>
+#include <stdlib.h>
+#include <Security/cssmapple.h>
+#include <LDAP/ldap.h>
+
+#pragma mark ----- OCSP support -----
+
+/* POST method has Content-Type header line equal to "application/ocsp-request" */
+static CFStringRef kContentType = CFSTR("Content-Type");
+static CFStringRef kAppOcspRequest = CFSTR("application/ocsp-request");
+
+#ifndef NDEBUG
+#define DUMP_BLOBS 0
+#else
+#define DUMP_BLOBS 0
+#endif
+
+#define OCSP_GET_FILE "/tmp/ocspGet"
+#define OCSP_RESP_FILE "/tmp/ocspResp"
+
+#if DUMP_BLOBS
+
+#include <security_cdsa_utils/cuFileIo.h>
+
+static void writeBlob(
+ const char *fileName,
+ const char *whatIsIt,
+ const unsigned char *data,
+ unsigned dataLen)
+{
+ if(writeFile(fileName, data, dataLen)) {
+ printf("***Error writing %s to %s\n", whatIsIt, fileName);
+ }
+ else {
+ printf("...wrote %u bytes of %s to %s\n", dataLen, whatIsIt, fileName);
+ }
+}
+
+#else
+
+#define writeBlob(f,w,d,l)
+
+#endif /* DUMP_BLOBS */
+
+/* fetch via HTTP POST */
+
+#define POST_BUFSIZE 1024
+
+CSSM_RETURN ocspdHttpPost(
+ SecAsn1CoderRef coder,
+ const CSSM_DATA &url,
+ const CSSM_DATA &ocspReq, // DER encoded
+ CSSM_DATA &fetched) // mallocd in coder space and RETURNED
+{
+ CSSM_RETURN ourRtn = CSSM_OK;
+ CFIndex thisMove;
+ UInt8 inBuf[POST_BUFSIZE];
+ /* resources to release on exit */
+ CFMutableDataRef inData = NULL;
+ CFReadStreamRef cfStream = NULL;
+ CFHTTPMessageRef request = NULL;
+ CFDataRef postData = NULL;
+ CFURLRef cfUrl = NULL;
+
+ /* trim off possible NULL terminator from incoming URL */
+ uint32 urlLen = url.Length;
+ if(url.Data[urlLen - 1] == '\0') {
+ urlLen--;
+ }
+
+ cfUrl = CFURLCreateWithBytes(NULL,
+ url.Data, urlLen,
+ kCFStringEncodingUTF8, // right?
+ NULL); // this is absolute path
+ if(cfUrl == NULL) {
+ ocspdErrorLog("CFURLCreateWithBytes returned NULL\n");
+ /* FIXME..? */
+ return CSSMERR_APPLETP_CRL_BAD_URI;
+ }
+ /* subsequent errors to errOut: */
+
+ #ifndef NDEBUG
+ {
+ char *ustr = (char *)malloc(urlLen + 1);
+ memmove(ustr, url.Data, urlLen);
+ ustr[urlLen] = '\0';
+ ocspdDebug("ocspdHttpPost: posting to URI %s", ustr);
+ free(ustr);
+ }
+ #endif
+
+ writeBlob(OCSP_GET_FILE, "OCSP Request as POST data", ocspReq.Data, ocspReq.Length);
+ postData = CFDataCreate(NULL, ocspReq.Data, ocspReq.Length);
+
+ /* Create a new HTTP request. */
+ request = CFHTTPMessageCreateRequest(kCFAllocatorDefault, CFSTR("POST"), cfUrl,
+ kCFHTTPVersion1_1);
+ if (request == NULL) {
+ ocspdErrorLog("ocspdHttpPost: error creating CFHTTPMessage\n");
+ ourRtn = CSSMERR_TP_INTERNAL_ERROR;
+ goto errOut;
+ }
+
+ // Set the body and required header fields.
+ CFHTTPMessageSetBody(request, postData);
+ CFHTTPMessageSetHeaderFieldValue(request, kContentType, kAppOcspRequest);
+
+ // Create the stream for the request.
+ cfStream = CFReadStreamCreateForHTTPRequest(kCFAllocatorDefault, request);
+ if (cfStream == NULL) {
+ ocspdErrorLog("ocspdHttpPost: error creating CFReadStream\n");
+ ourRtn = CSSMERR_TP_INTERNAL_ERROR;
+ goto errOut;
+ }
+
+ /* go, synchronously */
+ if(!CFReadStreamOpen(cfStream)) {
+ ocspdErrorLog("ocspdHttpPost: error opening CFReadStream\n");
+ ourRtn = CSSMERR_TP_INTERNAL_ERROR;
+ goto errOut;
+ }
+ inData = CFDataCreateMutable(NULL, 0);
+ for(;;) {
+ thisMove = CFReadStreamRead(cfStream, inBuf, POST_BUFSIZE);
+ if(thisMove < 0) {
+ CFStreamError error = CFReadStreamGetError(cfStream);
+ ocspdErrorLog("ocspdHttpPost: error on CFReadStreamRead: domain "
+ "%ld error %ld\n", (long)error.domain, (long)error.error);
+ ourRtn = CSSMERR_APPLETP_NETWORK_FAILURE;
+ break;
+ }
+ else if(thisMove == 0) {
+ ocspdDebug("ocspdHttpPost: transfer complete, moved %ld bytes",
+ CFDataGetLength(inData));
+ ourRtn = CSSM_OK;
+ break;
+ }
+ else {
+ CFDataAppendBytes(inData, inBuf, thisMove);
+ }
+ }
+ if(ourRtn == CSSM_OK) {
+ SecAsn1AllocCopy(coder, CFDataGetBytePtr(inData), CFDataGetLength(inData),
+ &fetched);
+ writeBlob(OCSP_RESP_FILE, "OCSP Response", fetched.Data, fetched.Length);
+ }
+
+errOut:
+ CFRELEASE(inData);
+ CFRELEASE(cfStream);
+ CFRELEASE(request);
+ CFRELEASE(postData);
+ CFRELEASE(cfUrl);
+ return ourRtn;
+}
+
projects / apple / security.git / blobdiff