1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** X.509 Digital Certificates */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_x509.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_x509_store_certificate_find PORTABLE C */
31 /* 6.1.6 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function finds a certificate in an X509 certificate store */
39 /* based on the Distinguished Name only. The actual position of the */
40 /* certificate is returned along with the certificate itself. */
41 /* */
42 /* INPUT */
43 /* */
44 /* store Pointer to certificate store */
45 /* name Distinguished name of cert */
46 /* cert_id Certificate ID */
47 /* certificate (Return) Pointer to cert */
48 /* location (Return) Location of cert */
49 /* */
50 /* OUTPUT */
51 /* */
52 /* status Completion status */
53 /* */
54 /* CALLS */
55 /* */
56 /* _nx_secure_x509_certificate_list_find Find certificate in list */
57 /* */
58 /* CALLED BY */
59 /* */
60 /* _nx_secure_x509_certificate_chain_verify */
61 /* Verify cert against stores */
62 /* _nx_secure_x509_crl_revocation_check Check revocation in crl */
63 /* */
64 /* RELEASE HISTORY */
65 /* */
66 /* DATE NAME DESCRIPTION */
67 /* */
68 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
69 /* 09-30-2020 Timothy Stapko Modified comment(s), */
70 /* resulting in version 6.1 */
71 /* 04-02-2021 Timothy Stapko Modified comment(s), */
72 /* removed dependency on TLS, */
73 /* resulting in version 6.1.6 */
74 /* */
75 /**************************************************************************/
_nx_secure_x509_store_certificate_find(NX_SECURE_X509_CERTIFICATE_STORE * store,NX_SECURE_X509_DISTINGUISHED_NAME * name,UINT cert_id,NX_SECURE_X509_CERT ** certificate,UINT * location)76 UINT _nx_secure_x509_store_certificate_find(NX_SECURE_X509_CERTIFICATE_STORE *store,
77 NX_SECURE_X509_DISTINGUISHED_NAME *name,
78 UINT cert_id,
79 NX_SECURE_X509_CERT **certificate, UINT *location)
80 {
81 UINT status;
82
83 /* Name and store must be non-NULL. */
84 if (name == NX_CRYPTO_NULL || store == NX_CRYPTO_NULL || certificate == NX_CRYPTO_NULL || location == NX_CRYPTO_NULL)
85 {
86 #ifdef NX_CRYPTO_STANDALONE_ENABLE
87 return(NX_CRYPTO_PTR_ERROR);
88 #else
89 return(NX_PTR_ERROR);
90 #endif /* NX_CRYPTO_STANDALONE_ENABLE */
91 }
92
93 /* Search each location in turn. */
94
95 /* Start with trusted certificates - if we find one, we are probably done! */
96 status = _nx_secure_x509_certificate_list_find(&store -> nx_secure_x509_trusted_certificates, name, cert_id, certificate);
97 if (status == NX_SECURE_X509_SUCCESS)
98 {
99 *location = NX_SECURE_X509_CERT_LOCATION_TRUSTED;
100 return(NX_SECURE_X509_SUCCESS);
101 }
102
103 /* Next, local certificates. */
104 status = _nx_secure_x509_certificate_list_find(&store -> nx_secure_x509_local_certificates, name, cert_id, certificate);
105 if (status == NX_SECURE_X509_SUCCESS)
106 {
107 *location = NX_SECURE_X509_CERT_LOCATION_LOCAL;
108 return(NX_SECURE_X509_SUCCESS);
109 }
110
111 /* Finally, check remote certs. */
112 status = _nx_secure_x509_certificate_list_find(&store -> nx_secure_x509_remote_certificates, name, cert_id, certificate);
113 if (status == NX_SECURE_X509_SUCCESS)
114 {
115 *location = NX_SECURE_X509_CERT_LOCATION_REMOTE;
116 return(NX_SECURE_X509_SUCCESS);
117 }
118
119
120 /* If we get here, the certificate was not found in any of the stores. */
121 *location = NX_SECURE_X509_CERT_LOCATION_NONE;
122
123 return(NX_SECURE_X509_CERTIFICATE_NOT_FOUND);
124 }
125
126
