Lines Matching refs:cert
212 return impl->cert;
239 if (allow_short && !impl->cert && impl->shortname != NULL &&
299 return match_pattern_list("ssh-rsa-cert-v01@openssh.com",
301 match_pattern_list("rsa-sha2-256-cert-v01@openssh.com",
303 match_pattern_list("rsa-sha2-512-cert-v01@openssh.com",
322 if ((certs_only && !impl->cert) || (plain_only && impl->cert))
401 return !impl->cert;
426 /* Return the cert-less equivalent to a certified key type */
450 /* Return the cert equivalent to a plain key type */
645 cert_free(struct sshkey_cert *cert)
649 if (cert == NULL)
651 sshbuf_free(cert->certblob);
652 sshbuf_free(cert->critical);
653 sshbuf_free(cert->extensions);
654 free(cert->key_id);
655 for (i = 0; i < cert->nprincipals; i++)
656 free(cert->principals[i]);
657 free(cert->principals);
658 sshkey_free(cert->signature_key);
659 free(cert->signature_type);
660 freezero(cert, sizeof(*cert));
666 struct sshkey_cert *cert;
668 if ((cert = calloc(1, sizeof(*cert))) == NULL)
670 if ((cert->certblob = sshbuf_new()) == NULL ||
671 (cert->critical = sshbuf_new()) == NULL ||
672 (cert->extensions = sshbuf_new()) == NULL) {
673 cert_free(cert);
676 cert->key_id = NULL;
677 cert->principals = NULL;
678 cert->signature_key = NULL;
679 cert->signature_type = NULL;
680 return cert;
705 if ((k->cert = cert_new()) == NULL) {
757 cert_free(k->cert);
818 if (!cert_compare(a->cert, b->cert))
851 if (key->cert == NULL)
853 if (sshbuf_len(key->cert->certblob) == 0)
856 if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
1416 switch (k->cert->type) {
1498 if (to_key == NULL || (from = from_key->cert) == NULL)
1551 cert_free(to_key->cert);
1552 to_key->cert = to;
1836 if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0)
1840 if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
1841 (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
1842 (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
1844 (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
1845 (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
1856 signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b);
1863 if (key->cert->type != SSH2_CERT_TYPE_USER &&
1864 key->cert->type != SSH2_CERT_TYPE_HOST) {
1874 if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) {
1883 oprincipals = key->cert->principals;
1884 key->cert->principals = recallocarray(key->cert->principals,
1885 key->cert->nprincipals, key->cert->nprincipals + 1,
1886 sizeof(*key->cert->principals));
1887 if (key->cert->principals == NULL) {
1889 key->cert->principals = oprincipals;
1893 key->cert->principals[key->cert->nprincipals++] = principal;
1900 if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 ||
1902 (ret = sshbuf_putb(key->cert->extensions, exts)) != 0))
1911 sshbuf_reset(key->cert->critical);
1919 sshbuf_reset(key->cert->extensions);
1926 if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) {
1930 if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) {
1934 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
1935 sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0, NULL)) != 0)
1938 &key->cert->signature_type)) != 0)
2099 if (key->cert == NULL || key->cert->signature_type == NULL)
2101 if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)
2121 if (!impl->cert)
2218 if ((k->cert = cert_new()) == NULL)
2230 cert_free(k->cert);
2231 k->cert = NULL;
2247 struct sshbuf *cert = NULL;
2250 if (k == NULL || k->cert == NULL ||
2251 k->cert->certblob == NULL || ca == NULL)
2265 alg = k->cert->signature_type;
2266 else if (k->cert->signature_type != NULL &&
2267 strcmp(alg, k->cert->signature_type) != 0)
2280 cert = k->cert->certblob; /* for readability */
2281 sshbuf_reset(cert);
2282 if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0)
2287 if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)
2291 if ((ret = impl->funcs->serialize_public(k, cert,
2295 /* Then remaining cert fields */
2296 if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 ||
2297 (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 ||
2298 (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0)
2305 for (i = 0; i < k->cert->nprincipals; i++) {
2307 k->cert->principals[i])) != 0)
2310 if ((ret = sshbuf_put_stringb(cert, principals)) != 0 ||
2311 (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 ||
2312 (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 ||
2313 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 ||
2314 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 ||
2315 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */
2316 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0)
2320 if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
2321 sshbuf_len(cert), alg, sk_provider, sk_pin, 0, signer_ctx)) != 0)
2330 if (k->cert->signature_type == NULL) {
2331 k->cert->signature_type = sigtype;
2335 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
2340 sshbuf_reset(cert);
2382 if (k->cert->type != SSH2_CERT_TYPE_HOST) {
2387 if (k->cert->type != SSH2_CERT_TYPE_USER) {
2392 if (verify_time < k->cert->valid_after) {
2396 if (verify_time >= k->cert->valid_before) {
2400 if (k->cert->nprincipals == 0) {
2407 for (i = 0; i < k->cert->nprincipals; i++) {
2409 if (match_pattern(k->cert->principals[i],
2414 } else if (strcmp(name, k->cert->principals[i]) == 0) {
2454 if (sshbuf_len(key->cert->critical) != 0) {
2467 sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l)
2472 if (cert->valid_after == 0 &&
2473 cert->valid_before == 0xffffffffffffffffULL)
2476 if (cert->valid_after != 0)
2477 format_absolute_time(cert->valid_after, from, sizeof(from));
2478 if (cert->valid_before != 0xffffffffffffffffULL)
2479 format_absolute_time(cert->valid_before, to, sizeof(to));
2481 if (cert->valid_after == 0)
2483 else if (cert->valid_before == 0xffffffffffffffffULL)
2524 if (key->cert == NULL ||
2525 sshbuf_len(key->cert->certblob) == 0) {
2529 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0)