Mercurial > trustbridge
changeset 259:20d515604daa
Added new module with helper functions to parse certs.
Currently only stuff to get O and CN from Subject DN.
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Tue, 01 Apr 2014 15:41:11 +0200 |
parents | bf8c74992724 |
children | e7a8b70021b6 |
files | common/CMakeLists.txt common/certhelp.c common/certhelp.h common/errorcodes.h |
diffstat | 4 files changed, 95 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/common/CMakeLists.txt Tue Apr 01 14:34:24 2014 +0200 +++ b/common/CMakeLists.txt Tue Apr 01 15:41:11 2014 +0200 @@ -1,7 +1,8 @@ set (m13_common_src + certhelp.c listutil.c + portpath.c strhelp.c - portpath.c ) add_library(m13_common STATIC ${m13_common_src})
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/certhelp.c Tue Apr 01 15:41:11 2014 +0200 @@ -0,0 +1,45 @@ +#include <stdlib.h> + +#include "certhelp.h" +#include "debug.h" +#include "errorcodes.h" +#include "strhelp.h" + +char * +get_oid_valstr(x509_name *namebuf, unsigned char *oid) +{ + char *str = NULL; + size_t oid_len = strlen((char *)oid); + while ( namebuf != NULL ) + { + if ( (namebuf->oid.len == oid_len) && + (memcmp(namebuf->oid.p, oid, oid_len) == 0) ) + { + str = xstrndup((char *)namebuf->val.p, namebuf->val.len); + break; + } + namebuf = namebuf->next; + } + return str; +} + +char * +x509_parse_subject(unsigned char *derdata, size_t derlen, + unsigned char *oid) +{ + x509_crt chain; + char *str; + + x509_crt_init(&chain); + if (x509_crt_parse_der(&chain, derdata, derlen) != 0) + { + DEBUGPRINTF("FATAL: Could not parse certificate!"); + exit(ERR_INVALID_CERT); + } + else + { + str = get_oid_valstr(&(chain.subject), oid); + x509_crt_free(&chain); + } + return str; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/certhelp.h Tue Apr 01 15:41:11 2014 +0200 @@ -0,0 +1,46 @@ +#ifndef CERTHELP_H +#define CERTHELP_H + +/* Polarssl mh.h contains a conversion which gcc warns about */ +#pragma GCC diagnostic ignored "-Wsign-conversion" +#pragma GCC diagnostic ignored "-Wconversion" +#include <polarssl/oid.h> +#include <polarssl/x509_crt.h> +#pragma GCC diagnostic pop +#pragma GCC diagnostic pop + +#define CERT_OID_CN (unsigned char *)OID_AT_CN "\0" +#define CERT_OID_O (unsigned char *)OID_AT_ORGANIZATION "\0" + +/** + * @file + * @brief Helper functinos to handle and parse X.509 certificates. + * + * Simple helper functions based on PolarSSL. + */ + +/** + * @brief Extracts value of an gieb OID from an x509_name object. + * + * The value is copyed to an bull byte terminated c-string. + * The caller should free it after use. + * @param[in] namebuf ponter to the x509_name object. + * @param[in] oid the oid to search for. + * @returns the extracted String, or NULL in failure. + */ +char *get_oid_valstr(x509_name *namebuf, unsigned char *oid); + +/** + * @brief Parse x509 certificate and retrieve specified OID from Subject. + * + * The value is copyed to an bull byte terminated c-string. + * The caller should free it after use. + * @param[in] derdata pointer to certificate in DER format. + * @param[in] derlen length of the DER data. + * @param[in] oid the OID to search for. + * @returns the extracted String, or NULL in failure. + */ +char *x509_parse_subject(unsigned char *derdata, size_t derlen, + unsigned char *oid); + +#endif
--- a/common/errorcodes.h Tue Apr 01 14:34:24 2014 +0200 +++ b/common/errorcodes.h Tue Apr 01 15:41:11 2014 +0200 @@ -19,6 +19,8 @@ #define ERR_STORE_ADD_FAILURE 8 /* Generic invalid input */ #define ERR_INVALID_INPUT 9 +/* Generic invalid certificate */ +#define ERR_INVALID_CERT 10 /*********************************************************************** * mozilla specific errors and warnings