changeset 259:20d515604daa

Added new module with helper functions to parse certs. Currently only stuff to get O and CN from Subject DN.
author Sascha Wilde <wilde@intevation.de>
date Tue, 01 Apr 2014 15:41:11 +0200
parents bf8c74992724
children e7a8b70021b6
files common/CMakeLists.txt common/certhelp.c common/certhelp.h common/errorcodes.h
diffstat 4 files changed, 95 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/common/CMakeLists.txt	Tue Apr 01 14:34:24 2014 +0200
+++ b/common/CMakeLists.txt	Tue Apr 01 15:41:11 2014 +0200
@@ -1,7 +1,8 @@
 set (m13_common_src
+   certhelp.c
    listutil.c
+   portpath.c
    strhelp.c
-   portpath.c
 )
 
 add_library(m13_common STATIC ${m13_common_src})
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/certhelp.c	Tue Apr 01 15:41:11 2014 +0200
@@ -0,0 +1,45 @@
+#include <stdlib.h>
+
+#include "certhelp.h"
+#include "debug.h"
+#include "errorcodes.h"
+#include "strhelp.h"
+
+char *
+get_oid_valstr(x509_name *namebuf, unsigned char *oid)
+{
+  char *str = NULL;
+  size_t oid_len = strlen((char *)oid);
+  while ( namebuf != NULL )
+    {
+      if ( (namebuf->oid.len == oid_len) &&
+           (memcmp(namebuf->oid.p, oid, oid_len) == 0) )
+        {
+          str = xstrndup((char *)namebuf->val.p, namebuf->val.len);
+          break;
+        }
+      namebuf = namebuf->next;
+    }
+  return str;
+}
+
+char *
+x509_parse_subject(unsigned char *derdata, size_t derlen,
+                   unsigned char *oid)
+{
+  x509_crt chain;
+  char *str;
+
+  x509_crt_init(&chain);
+  if (x509_crt_parse_der(&chain, derdata, derlen) != 0)
+    {
+      DEBUGPRINTF("FATAL: Could not parse certificate!");
+      exit(ERR_INVALID_CERT);
+    }
+  else
+    {
+      str = get_oid_valstr(&(chain.subject), oid);
+      x509_crt_free(&chain);
+    }
+  return str;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/certhelp.h	Tue Apr 01 15:41:11 2014 +0200
@@ -0,0 +1,46 @@
+#ifndef CERTHELP_H
+#define CERTHELP_H
+
+/* Polarssl mh.h contains a conversion which gcc warns about */
+#pragma GCC diagnostic ignored "-Wsign-conversion"
+#pragma GCC diagnostic ignored "-Wconversion"
+#include <polarssl/oid.h>
+#include <polarssl/x509_crt.h>
+#pragma GCC diagnostic pop
+#pragma GCC diagnostic pop
+
+#define CERT_OID_CN     (unsigned char *)OID_AT_CN "\0"
+#define CERT_OID_O      (unsigned char *)OID_AT_ORGANIZATION "\0"
+
+/**
+ * @file
+ * @brief Helper functinos to handle and parse X.509 certificates.
+ *
+ * Simple helper functions based on PolarSSL.
+ */
+
+/**
+ * @brief Extracts value of an gieb OID from an x509_name object.
+ *
+ * The value is copyed to an bull byte terminated c-string.
+ * The caller should free it after use.
+ * @param[in] namebuf ponter to the x509_name object.
+ * @param[in] oid the oid to search for.
+ * @returns the extracted String, or NULL in failure.
+ */
+char *get_oid_valstr(x509_name *namebuf, unsigned char *oid);
+
+/**
+ * @brief Parse x509 certificate and retrieve specified OID from Subject.
+ *
+ * The value is copyed to an bull byte terminated c-string.
+ * The caller should free it after use.
+ * @param[in] derdata pointer to certificate in DER format.
+ * @param[in] derlen length of the DER data.
+ * @param[in] oid the OID to search for.
+ * @returns the extracted String, or NULL in failure.
+ */
+char *x509_parse_subject(unsigned char *derdata, size_t derlen,
+                         unsigned char *oid);
+
+#endif
--- a/common/errorcodes.h	Tue Apr 01 14:34:24 2014 +0200
+++ b/common/errorcodes.h	Tue Apr 01 15:41:11 2014 +0200
@@ -19,6 +19,8 @@
 #define ERR_STORE_ADD_FAILURE 8
 /* Generic invalid input */
 #define ERR_INVALID_INPUT 9
+/* Generic invalid certificate */
+#define ERR_INVALID_CERT 10
 
 /***********************************************************************
  * mozilla specific errors and warnings

http://wald.intevation.org/projects/trustbridge/