Commit b41ca6b5 authored by Simon Morlat's avatar Simon Morlat

add method to return the list of main subjects of a certificate...

add method to return the list of main subjects of a certificate (subjectAltNames.DNS, subjectAltNames.URI and subjet's CN)
parent 312f1e41
......@@ -19,7 +19,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#ifndef BCTBX_CRYPTO_H
#define BCTBX_CRYPTO_H
#include <bctoolbox/port.h>
#include "bctoolbox/port.h"
#include "bctoolbox/list.h"
/* key agreements settings defines */
/* Each algo is defined as a bit toggled in a 32 bits integer,
......@@ -388,7 +389,15 @@ BCTBX_PUBLIC int32_t bctbx_x509_certificate_get_der(bctbx_x509_certificate_t *ce
*
* @return The length of the string written (not including the terminated nul byte), or a negative error code
*/
BCTBX_PUBLIC int32_t bctbx_x509_certificate_get_subject_dn(bctbx_x509_certificate_t *cert, char *dn, size_t dn_length);
BCTBX_PUBLIC int32_t bctbx_x509_certificate_get_subject_dn(const bctbx_x509_certificate_t *cert, char *dn, size_t dn_length);
/**
* @brief Obtain the certificate subjects (all subjectAltName URIS and DNS + subject CN)
*
* @param[in] cert The x509 certificate
* @return a list of allocated strings (char*), to be freed with bctbx_free()
*/
BCTBX_PUBLIC bctbx_list_t *bctbx_x509_certificate_get_subjects(const bctbx_x509_certificate_t *cert);
/**
* @brief Generate certificate fingerprint (hash of the DER format certificate) hexadecimal format in a null terminated string
......
......@@ -45,10 +45,11 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#include <mbedtls/net.h>
#endif
#include <bctoolbox/crypto.h>
#include "bctoolbox/crypto.h"
#include "bctoolbox/logging.h"
static int bctbx_ssl_sendrecv_callback_return_remap(int32_t ret_code) {
switch (ret_code) {
case BCTBX_ERROR_NET_WANT_READ:
......@@ -235,7 +236,7 @@ int32_t bctbx_x509_certificate_get_der(bctbx_x509_certificate_t *cert, unsigned
return 0;
}
int32_t bctbx_x509_certificate_get_subject_dn(bctbx_x509_certificate_t *cert, char *dn, size_t dn_length) {
int32_t bctbx_x509_certificate_get_subject_dn(const bctbx_x509_certificate_t *cert, char *dn, size_t dn_length) {
if (cert==NULL) {
return BCTBX_ERROR_INVALID_CERTIFICATE;
}
......@@ -243,6 +244,32 @@ int32_t bctbx_x509_certificate_get_subject_dn(bctbx_x509_certificate_t *cert, ch
return mbedtls_x509_dn_gets(dn, dn_length, &(((mbedtls_x509_crt *)cert)->subject));
}
bctbx_list_t *bctbx_x509_certificate_get_subjects(const bctbx_x509_certificate_t *cert){
bctbx_list_t *ret = NULL;
char subject[1024]={0};
const mbedtls_x509_sequence *subjectAltNames = &((mbedtls_x509_crt *)cert)->subject_alt_names;
for (; subjectAltNames != NULL; subjectAltNames = subjectAltNames->next){
const mbedtls_asn1_buf *buf = &subjectAltNames->buf;
if (buf->tag == ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) || buf->tag == ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 )){
ret = bctbx_list_append(ret, bctbx_strndup((char*)buf->p, buf->len));
}
}
if (bctbx_x509_certificate_get_subject_dn(cert, subject, sizeof(subject)-1) > 0){
char *cn = strstr(subject, "CN=");
if (cn){
char *end;
cn += 3;
end = strchr(cn, ',');
if (end) *end = '\0';
ret = bctbx_list_append(ret, bctbx_strdup(cn));
}
}
return ret;
}
int32_t bctbx_x509_certificate_generate_selfsigned(const char *subject, bctbx_x509_certificate_t *certificate, bctbx_signing_key_t *pkey, char * pem, size_t pem_length) {
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
......
......@@ -242,6 +242,11 @@ int32_t bctbx_x509_certificate_get_subject_dn(bctbx_x509_certificate_t *cert, ch
return x509_dn_gets(dn, dn_length, &(((x509_crt *)cert)->subject));
}
bctbx_list_t *bctbx_x509_certificate_get_subjects(const bctbx_x509_certificate_t *cert){
bctbx_error("bctbx_x509_certificate_get_subjects(): not implemented for polarssl.");
return NULL;
}
int32_t bctbx_x509_certificate_generate_selfsigned(const char *subject, bctbx_x509_certificate_t *certificate, bctbx_signing_key_t *pkey, char * pem, size_t pem_length) {
entropy_context entropy;
ctr_drbg_context ctr_drbg;
......
......@@ -221,6 +221,11 @@ int32_t bctbx_x509_certificate_get_subject_dn(bctbx_x509_certificate_t *cert, ch
return x509parse_dn_gets(dn, dn_length, &(((x509_cert *)cert)->subject));
}
bctbx_list_t *bctbx_x509_certificate_get_subjects(const bctbx_x509_certificate_t *cert){
bctbx_error("bctbx_x509_certificate_get_subjects(): not implemented for polarssl 1.2.");
return NULL;
}
int32_t bctbx_x509_certificate_generate_selfsigned(const char *subject, bctbx_x509_certificate_t *certificate, bctbx_signing_key_t *pkey, char * pem, size_t pem_length) {
return BCTBX_ERROR_UNAVAILABLE_FUNCTION;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment