Mercurial > trustbridge
changeset 260:e7a8b70021b6
Merged
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Tue, 01 Apr 2014 15:46:40 +0200 |
parents | 20d515604daa (diff) 06089ba2614a (current diff) |
children | 7707191ddb01 |
files | common/CMakeLists.txt common/certhelp.c common/debug.h |
diffstat | 4 files changed, 98 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/common/CMakeLists.txt Tue Apr 01 10:59:06 2014 +0000 +++ b/common/CMakeLists.txt Tue Apr 01 15:46:40 2014 +0200 @@ -1,8 +1,9 @@ set (m13_common_src + certhelp.c listutil.c + logging.c + portpath.c strhelp.c - portpath.c - logging.c ) add_library(m13_common STATIC ${m13_common_src})
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/certhelp.c Tue Apr 01 15:46:40 2014 +0200 @@ -0,0 +1,45 @@ +#include <stdlib.h> + +#include "certhelp.h" +#include "logging.h" +#include "errorcodes.h" +#include "strhelp.h" + +char * +get_oid_valstr(x509_name *namebuf, unsigned char *oid) +{ + char *str = NULL; + size_t oid_len = strlen((char *)oid); + while ( namebuf != NULL ) + { + if ( (namebuf->oid.len == oid_len) && + (memcmp(namebuf->oid.p, oid, oid_len) == 0) ) + { + str = xstrndup((char *)namebuf->val.p, namebuf->val.len); + break; + } + namebuf = namebuf->next; + } + return str; +} + +char * +x509_parse_subject(unsigned char *derdata, size_t derlen, + unsigned char *oid) +{ + x509_crt chain; + char *str; + + x509_crt_init(&chain); + if (x509_crt_parse_der(&chain, derdata, derlen) != 0) + { + DEBUGPRINTF("FATAL: Could not parse certificate!"); + exit(ERR_INVALID_CERT); + } + else + { + str = get_oid_valstr(&(chain.subject), oid); + x509_crt_free(&chain); + } + return str; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/certhelp.h Tue Apr 01 15:46:40 2014 +0200 @@ -0,0 +1,46 @@ +#ifndef CERTHELP_H +#define CERTHELP_H + +/* Polarssl mh.h contains a conversion which gcc warns about */ +#pragma GCC diagnostic ignored "-Wsign-conversion" +#pragma GCC diagnostic ignored "-Wconversion" +#include <polarssl/oid.h> +#include <polarssl/x509_crt.h> +#pragma GCC diagnostic pop +#pragma GCC diagnostic pop + +#define CERT_OID_CN (unsigned char *)OID_AT_CN "\0" +#define CERT_OID_O (unsigned char *)OID_AT_ORGANIZATION "\0" + +/** + * @file + * @brief Helper functinos to handle and parse X.509 certificates. + * + * Simple helper functions based on PolarSSL. + */ + +/** + * @brief Extracts value of an gieb OID from an x509_name object. + * + * The value is copyed to an bull byte terminated c-string. + * The caller should free it after use. + * @param[in] namebuf ponter to the x509_name object. + * @param[in] oid the oid to search for. + * @returns the extracted String, or NULL in failure. + */ +char *get_oid_valstr(x509_name *namebuf, unsigned char *oid); + +/** + * @brief Parse x509 certificate and retrieve specified OID from Subject. + * + * The value is copyed to an bull byte terminated c-string. + * The caller should free it after use. + * @param[in] derdata pointer to certificate in DER format. + * @param[in] derlen length of the DER data. + * @param[in] oid the OID to search for. + * @returns the extracted String, or NULL in failure. + */ +char *x509_parse_subject(unsigned char *derdata, size_t derlen, + unsigned char *oid); + +#endif
--- a/common/errorcodes.h Tue Apr 01 10:59:06 2014 +0000 +++ b/common/errorcodes.h Tue Apr 01 15:46:40 2014 +0200 @@ -16,9 +16,11 @@ /* Failed to access specified store */ #define ERR_STORE_ACCESS_DENIED 7 /* Failed to add certificate to store */ -#define ERR_STORE_ADD_FAILURE 7 +#define ERR_STORE_ADD_FAILURE 8 /* Generic invalid input */ -#define ERR_INVALID_INPUT 8 +#define ERR_INVALID_INPUT 9 +/* Generic invalid certificate */ +#define ERR_INVALID_CERT 10 /*********************************************************************** * mozilla specific errors and warnings