# HG changeset patch # User Sascha Wilde # Date 1396359671 -7200 # Node ID 20d515604daa3a30e6a81d8a1609d0bd208e4235 # Parent bf8c7499272454c14a2911896c77ad58d7977c7b Added new module with helper functions to parse certs. Currently only stuff to get O and CN from Subject DN. diff -r bf8c74992724 -r 20d515604daa common/CMakeLists.txt --- a/common/CMakeLists.txt Tue Apr 01 14:34:24 2014 +0200 +++ b/common/CMakeLists.txt Tue Apr 01 15:41:11 2014 +0200 @@ -1,7 +1,8 @@ set (m13_common_src + certhelp.c listutil.c + portpath.c strhelp.c - portpath.c ) add_library(m13_common STATIC ${m13_common_src}) diff -r bf8c74992724 -r 20d515604daa common/certhelp.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/certhelp.c Tue Apr 01 15:41:11 2014 +0200 @@ -0,0 +1,45 @@ +#include + +#include "certhelp.h" +#include "debug.h" +#include "errorcodes.h" +#include "strhelp.h" + +char * +get_oid_valstr(x509_name *namebuf, unsigned char *oid) +{ + char *str = NULL; + size_t oid_len = strlen((char *)oid); + while ( namebuf != NULL ) + { + if ( (namebuf->oid.len == oid_len) && + (memcmp(namebuf->oid.p, oid, oid_len) == 0) ) + { + str = xstrndup((char *)namebuf->val.p, namebuf->val.len); + break; + } + namebuf = namebuf->next; + } + return str; +} + +char * +x509_parse_subject(unsigned char *derdata, size_t derlen, + unsigned char *oid) +{ + x509_crt chain; + char *str; + + x509_crt_init(&chain); + if (x509_crt_parse_der(&chain, derdata, derlen) != 0) + { + DEBUGPRINTF("FATAL: Could not parse certificate!"); + exit(ERR_INVALID_CERT); + } + else + { + str = get_oid_valstr(&(chain.subject), oid); + x509_crt_free(&chain); + } + return str; +} diff -r bf8c74992724 -r 20d515604daa common/certhelp.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/certhelp.h Tue Apr 01 15:41:11 2014 +0200 @@ -0,0 +1,46 @@ +#ifndef CERTHELP_H +#define CERTHELP_H + +/* Polarssl mh.h contains a conversion which gcc warns about */ +#pragma GCC diagnostic ignored "-Wsign-conversion" +#pragma GCC diagnostic ignored "-Wconversion" +#include +#include +#pragma GCC diagnostic pop +#pragma GCC diagnostic pop + +#define CERT_OID_CN (unsigned char *)OID_AT_CN "\0" +#define CERT_OID_O (unsigned char *)OID_AT_ORGANIZATION "\0" + +/** + * @file + * @brief Helper functinos to handle and parse X.509 certificates. + * + * Simple helper functions based on PolarSSL. + */ + +/** + * @brief Extracts value of an gieb OID from an x509_name object. + * + * The value is copyed to an bull byte terminated c-string. + * The caller should free it after use. + * @param[in] namebuf ponter to the x509_name object. + * @param[in] oid the oid to search for. + * @returns the extracted String, or NULL in failure. + */ +char *get_oid_valstr(x509_name *namebuf, unsigned char *oid); + +/** + * @brief Parse x509 certificate and retrieve specified OID from Subject. + * + * The value is copyed to an bull byte terminated c-string. + * The caller should free it after use. + * @param[in] derdata pointer to certificate in DER format. + * @param[in] derlen length of the DER data. + * @param[in] oid the OID to search for. + * @returns the extracted String, or NULL in failure. + */ +char *x509_parse_subject(unsigned char *derdata, size_t derlen, + unsigned char *oid); + +#endif diff -r bf8c74992724 -r 20d515604daa common/errorcodes.h --- a/common/errorcodes.h Tue Apr 01 14:34:24 2014 +0200 +++ b/common/errorcodes.h Tue Apr 01 15:41:11 2014 +0200 @@ -19,6 +19,8 @@ #define ERR_STORE_ADD_FAILURE 8 /* Generic invalid input */ #define ERR_INVALID_INPUT 9 +/* Generic invalid certificate */ +#define ERR_INVALID_CERT 10 /*********************************************************************** * mozilla specific errors and warnings