1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_dtls_server_trusted_certificate_remove PORTABLE C */
31 /* 6.2.1 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function removes a trusted certificate from a DTLS server */
39 /* using either the Common Name or the numeric ID assigned when the */
40 /* certificate was added. */
41 /* */
42 /* INPUT */
43 /* */
44 /* server_ptr DTLS server control block */
45 /* common_name Certificate common name */
46 /* common_name_length Length of common name string */
47 /* cert_id Numeric ID for certificate */
48 /* */
49 /* OUTPUT */
50 /* */
51 /* status Completion status */
52 /* */
53 /* CALLS */
54 /* */
55 /* _nx_secure_x509_store_certificate_remove */
56 /* Remove certificate using */
57 /* certificate ID */
58 /* _nx_secure_tls_trusted_certificate_remove */
59 /* Remove certificate from store */
60 /* */
61 /* CALLED BY */
62 /* */
63 /* Application Code */
64 /* */
65 /* RELEASE HISTORY */
66 /* */
67 /* DATE NAME DESCRIPTION */
68 /* */
69 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
70 /* 09-30-2020 Timothy Stapko Modified comment(s), and */
71 /* fixed compiler warnings, */
72 /* resulting in version 6.1 */
73 /* 03-08-2023 Yanwu Cai Modified comment(s), */
74 /* fixed compiler errors when */
75 /* x509 is disabled, */
76 /* resulting in version 6.2.1 */
77 /* */
78 /**************************************************************************/
_nx_secure_dtls_server_trusted_certificate_remove(NX_SECURE_DTLS_SERVER * server_ptr,UCHAR * common_name,UINT common_name_length,UINT cert_id)79 UINT _nx_secure_dtls_server_trusted_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr,
80 UCHAR *common_name, UINT common_name_length, UINT cert_id)
81 {
82 #if defined(NX_SECURE_ENABLE_DTLS) && !defined(NX_SECURE_DISABLE_X509)
83 UINT status;
84 UINT i;
85 NX_SECURE_DTLS_SESSION *current_session;
86 NX_SECURE_TLS_SESSION *tls_session;
87 NX_SECURE_X509_CERT *list_head = NX_NULL;
88 UINT num_sessions;
89
90
91 /* Figure out number of sessions. */
92 num_sessions = server_ptr -> nx_dtls_server_sessions_count;
93
94 /* Remove certificate from the first session. */
95 if (num_sessions > 0)
96 {
97 /* Get the first session. */
98 current_session = &(server_ptr -> nx_dtls_server_sessions[0]);
99
100 /* Get the internal TLS session instance. */
101 tls_session = &(current_session -> nx_secure_dtls_tls_session);
102
103 if(cert_id != 0)
104 {
105 /* Remove certificate using certificate ID. */
106 status = _nx_secure_x509_store_certificate_remove(&tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store,
107 NX_NULL, NX_SECURE_X509_CERT_LOCATION_TRUSTED, cert_id);
108 }
109 else
110 {
111 /* Remove the trusted certificate with the given common name. */
112 status = _nx_secure_tls_trusted_certificate_remove(tls_session, common_name, common_name_length);
113 }
114
115 if(status != NX_SUCCESS)
116 {
117 return(status);
118 }
119
120 /* Store the certificates list head for other sessions. */
121 list_head = tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store.nx_secure_x509_trusted_certificates;
122 }
123
124 /* Remove certificate from the remaining sessions. */
125 for(i = 1; i < num_sessions; ++i)
126 {
127 /* Get the current session. */
128 current_session = &(server_ptr -> nx_dtls_server_sessions[i]);
129
130 /* Get the internal TLS session instance. */
131 tls_session = &(current_session -> nx_secure_dtls_tls_session);
132
133 /* Set the trusted certificates list to the same as the first session. */
134 tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store.nx_secure_x509_trusted_certificates = list_head;
135 }
136
137
138 return(NX_SUCCESS);
139 #else
140 NX_PARAMETER_NOT_USED(server_ptr);
141 NX_PARAMETER_NOT_USED(common_name);
142 NX_PARAMETER_NOT_USED(common_name_length);
143 NX_PARAMETER_NOT_USED(cert_id);
144
145 return(NX_NOT_SUPPORTED);
146 #endif /* NX_SECURE_ENABLE_DTLS && !NX_SECURE_DISABLE_X509 */
147 }
148
149
