return major;
}
+static int stringEmpty(const char * s)
+{
+ if (s == NULL)
+ return 1;
+ if (strlen(s) > 0)
+ return 0;
+ return 1;
+}
+
OM_uint32
libMoonshotResolveInitiatorCred(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t targetName)
+ gss_const_name_t targetName)
{
OM_uint32 major, tmpMinor;
gss_OID nameMech = gssEapPrimaryMechForCred(cred);
MoonshotError *error = NULL;
if (cred->name != GSS_C_NO_NAME) {
- major = gssEapExportName(minor, cred->name, &initiator);
+ major = gssEapDisplayName(minor, cred->name, &initiator, NULL);
if (GSS_ERROR(major))
goto cleanup;
}
if (targetName != GSS_C_NO_NAME) {
- major = gssEapExportName(minor, targetName, &target);
+ major = gssEapDisplayName(minor, targetName, &target, NULL);
if (GSS_ERROR(major))
goto cleanup;
}
goto cleanup;
gss_release_buffer(&tmpMinor, &cred->caCertificate);
+ gss_release_buffer(&tmpMinor, &cred->caCertificateBlob);
gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint);
gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint);
- if (serverCertificateHash != NULL) {
+ if (!stringEmpty(serverCertificateHash)) {
size_t len = strlen(serverCertificateHash);
#define HASH_PREFIX "hash://server/sha256/"
((char *)cred->caCertificate.value)[HASH_PREFIX_LEN + len] = '\0';
cred->caCertificate.length = HASH_PREFIX_LEN + len;
- } else if (caCertificate != NULL) {
- makeStringBufferOrCleanup(caCertificate, &cred->caCertificate);
+ } else if (!stringEmpty(caCertificate)) {
+ void *blobData;
+ ssize_t blobLength;
+ ssize_t maxLength = ((strlen(caCertificate) + 3) / 4) * 3;
+ if (maxLength < 3) {
+ major = GSS_S_FAILURE;
+ *minor = GSSEAP_BAD_CACERTIFICATE;
+ goto cleanup;
+ }
+ blobData = GSSEAP_MALLOC(maxLength);
+ if (blobData == NULL) {
+ major = GSS_S_FAILURE;
+ *minor = ENOMEM;
+ goto cleanup;
+ }
+
+ blobLength = base64Decode(caCertificate, blobData);
+
+ if (blobLength <= 0) {
+ major = GSS_S_DEFECTIVE_CREDENTIAL;
+ *minor = GSSEAP_BAD_CACERTIFICATE;
+ GSSEAP_FREE(blobData);
+ goto cleanup;
+ }
+ cred->caCertificateBlob.value = blobData;
+ cred->caCertificateBlob.length = blobLength;
+ makeStringBufferOrCleanup("blob://ca-cert", &cred->caCertificate);
}
- if (subjectNameConstraint != NULL)
+ if (!stringEmpty(subjectNameConstraint))
makeStringBufferOrCleanup(subjectNameConstraint, &cred->subjectNameConstraint);
- if (subjectAltNameConstraint != NULL)
+ if (!stringEmpty(subjectAltNameConstraint))
makeStringBufferOrCleanup(subjectAltNameConstraint, &cred->subjectAltNameConstraint);
cleanup: