1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** X.509 Digital Certificates */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_x509.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_x509_store_certificate_add PORTABLE C */
31 /* 6.1.6 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function adds a certificate to an X509 certificate store in a */
39 /* caller-specified position (local device certificates, remote certs, */
40 /* or the trusted store). */
41 /* */
42 /* INPUT */
43 /* */
44 /* certificate Pointer to certificate */
45 /* store Pointer to certificate store */
46 /* location Location to put certificate */
47 /* */
48 /* OUTPUT */
49 /* */
50 /* status Completion status */
51 /* */
52 /* CALLS */
53 /* */
54 /* _nx_secure_x509_certificate_list_add Add certificate to list */
55 /* */
56 /* CALLED BY */
57 /* */
58 /* _nx_secure_tls_local_certificate_add Add local certificate to */
59 /* TLS session */
60 /* _nx_secure_tls_remote_certificate_allocate */
61 /* Allocate remote certificate */
62 /* _nx_secure_tls_remote_certificate_free */
63 /* Free remote certificate */
64 /* _nx_secure_tls_trusted_certificate_add */
65 /* Add trusted certificate to */
66 /* TLS session */
67 /* */
68 /* RELEASE HISTORY */
69 /* */
70 /* DATE NAME DESCRIPTION */
71 /* */
72 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
73 /* 09-30-2020 Timothy Stapko Modified comment(s), */
74 /* resulting in version 6.1 */
75 /* 04-02-2021 Timothy Stapko Modified comment(s), */
76 /* removed dependency on TLS, */
77 /* resulting in version 6.1.6 */
78 /* */
79 /**************************************************************************/
_nx_secure_x509_store_certificate_add(NX_SECURE_X509_CERT * certificate,NX_SECURE_X509_CERTIFICATE_STORE * store,UINT location)80 UINT _nx_secure_x509_store_certificate_add(NX_SECURE_X509_CERT *certificate,
81 NX_SECURE_X509_CERTIFICATE_STORE *store, UINT location)
82 {
83 UINT status;
84 NX_SECURE_X509_CERT **store_ptr = NX_CRYPTO_NULL;
85 UINT duplicates_ok = NX_CRYPTO_FALSE;
86
87 /* Certificate and store must be non-NULL. */
88 if (certificate == NX_CRYPTO_NULL || store == NX_CRYPTO_NULL)
89 {
90 #ifdef NX_CRYPTO_STANDALONE_ENABLE
91 return(NX_CRYPTO_PTR_ERROR);
92 #else
93 return(NX_PTR_ERROR);
94 #endif /* NX_CRYPTO_STANDALONE_ENABLE */
95 }
96
97 status = NX_SECURE_X509_SUCCESS;
98
99 /* Pick our store based on location. */
100 switch (location)
101 {
102 case NX_SECURE_X509_CERT_LOCATION_LOCAL:
103 store_ptr = &store -> nx_secure_x509_local_certificates;
104 break;
105 case NX_SECURE_X509_CERT_LOCATION_REMOTE:
106 store_ptr = &store -> nx_secure_x509_remote_certificates;
107 break;
108 case NX_SECURE_X509_CERT_LOCATION_TRUSTED:
109 store_ptr = &store -> nx_secure_x509_trusted_certificates;
110 break;
111 case NX_SECURE_X509_CERT_LOCATION_EXCEPTIONS:
112 store_ptr = &store -> nx_secure_x509_certificate_exceptions;
113 break;
114 case NX_SECURE_X509_CERT_LOCATION_FREE:
115 store_ptr = &store -> nx_secure_x509_free_certificates;
116 duplicates_ok = NX_CRYPTO_TRUE;
117 break;
118 case NX_SECURE_X509_CERT_LOCATION_NONE: /* Deliberate fall-through. */
119 default:
120 #ifdef NX_CRYPTO_STANDALONE_ENABLE
121 status = NX_CRYPTO_INVALID_PARAMETER;
122 #else
123 status = NX_INVALID_PARAMETERS;
124 #endif /* NX_CRYPTO_STANDALONE_ENABLE */
125 break;
126 }
127
128 /* If we are adding a certificate with a numeric identifier, it is OK to add duplicates. */
129 if (certificate -> nx_secure_x509_cert_identifier != 0)
130 {
131 duplicates_ok = NX_CRYPTO_TRUE;
132 }
133
134 /* Invalid certificate location or other issue. */
135 if (status)
136 {
137 return(status);
138 }
139
140 /* Add the certificate to the selected store. */
141 status = _nx_secure_x509_certificate_list_add(store_ptr, certificate, duplicates_ok);
142
143 return(status);
144 }
145
146
