1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** X.509 Digital Certificates */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_x509.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_x509_local_device_certificate_get PORTABLE C */
31 /* 6.1.6 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function searches a given certificate store for an device */
39 /* certificate. This is decided by searching the "local" certificate */
40 /* list in the given store for a certificate. If multiple certificates */
41 /* are in the store, the optional name is used to decide. */
42 /* */
43 /* INPUT */
44 /* */
45 /* store Pointer to certificate store */
46 /* name Optional name for selection */
47 /* certificate Pointer to cert pointer */
48 /* */
49 /* OUTPUT */
50 /* */
51 /* status Completion status */
52 /* */
53 /* CALLS */
54 /* */
55 /* _nx_secure_x509_certificate_list_find Find certificate by name */
56 /* */
57 /* CALLED BY */
58 /* */
59 /* _nx_secure_tls_process_certificate_request */
60 /* Process certificate request */
61 /* _nx_secure_tls_process_client_key_exchange */
62 /* Process ClientKeyExchange */
63 /* _nx_secure_tls_process_clienthello Process ClientHello */
64 /* _nx_secure_tls_send_certificate Send TLS certificate */
65 /* _nx_secure_tls_send_certificate_verify */
66 /* Send certificate verify */
67 /* _nx_secure_tls_send_server_key_exchange */
68 /* Send ServerKeyExchange */
69 /* */
70 /* RELEASE HISTORY */
71 /* */
72 /* DATE NAME DESCRIPTION */
73 /* */
74 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
75 /* 09-30-2020 Timothy Stapko Modified comment(s), */
76 /* resulting in version 6.1 */
77 /* 04-02-2021 Timothy Stapko Modified comment(s), */
78 /* removed dependency on TLS, */
79 /* resulting in version 6.1.6 */
80 /* */
81 /**************************************************************************/
_nx_secure_x509_local_device_certificate_get(NX_SECURE_X509_CERTIFICATE_STORE * store,NX_SECURE_X509_DISTINGUISHED_NAME * name,NX_SECURE_X509_CERT ** certificate)82 UINT _nx_secure_x509_local_device_certificate_get(NX_SECURE_X509_CERTIFICATE_STORE *store,
83 NX_SECURE_X509_DISTINGUISHED_NAME *name,
84 NX_SECURE_X509_CERT **certificate)
85 {
86 NX_SECURE_X509_CERT *list_head;
87 UINT status;
88 NX_SECURE_X509_CERT *current_cert;
89
90 /* Get the first certificate in the local store. */
91 list_head = store -> nx_secure_x509_local_certificates;
92
93 if (list_head == NX_CRYPTO_NULL)
94 {
95 /* No certificates in this store! */
96 return(NX_SECURE_X509_CERTIFICATE_NOT_FOUND);
97 }
98
99 /* If the name is NX_CRYPTO_NULL, search for identity certificates. */
100 if (name == NX_CRYPTO_NULL)
101 {
102 /* Walk the list until we find a certificate that is an identity certificate for this device
103 (it has a private RSA key). */
104 current_cert = list_head;
105
106 while (current_cert != NX_CRYPTO_NULL)
107 {
108 if (current_cert -> nx_secure_x509_certificate_is_identity_cert == NX_CRYPTO_TRUE)
109 {
110 /* We found a match, return it. */
111 if (certificate != NX_CRYPTO_NULL)
112 {
113 /* If certificate is NULL, just return that we found one. */
114 *certificate = current_cert;
115 }
116
117 /* We are OK to quit now, we found the certificate. */
118 return(NX_SECURE_X509_SUCCESS);
119 }
120
121 /* Advance our current certificate pointer. */
122 current_cert = current_cert -> nx_secure_x509_next_certificate;
123 }
124
125 /* No valid certificates in this store! */
126 return(NX_SECURE_X509_CERTIFICATE_NOT_FOUND);
127 }
128
129 /* At this point, we have a list and a name. Find the certificate with
130 the given name. */
131 status = _nx_secure_x509_certificate_list_find(&list_head, name, 0, certificate);
132
133 return(status);
134 }
135
136
