/* * Save X509 fields to environment, using the naming convention: * * X509_{cert_depth}_{name}={value} */ void x509_setenv (struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert) { int i, n; int fn_nid; ASN1_OBJECT *fn; ASN1_STRING *val; X509_NAME_ENTRY *ent; const char *objbuf; unsigned char *buf; char *name_expand; size_t name_expand_size; X509_NAME *x509 = X509_get_subject_name (peer_cert); n = X509_NAME_entry_count (x509); for (i = 0; i < n; ++i) { ent = X509_NAME_get_entry (x509, i); if (!ent) continue; fn = X509_NAME_ENTRY_get_object (ent); if (!fn) continue; val = X509_NAME_ENTRY_get_data (ent); if (!val) continue; fn_nid = OBJ_obj2nid (fn); if (fn_nid == NID_undef) continue; objbuf = OBJ_nid2sn (fn_nid); if (!objbuf) continue; buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) continue; name_expand_size = 64 + strlen (objbuf); name_expand = (char *) malloc (name_expand_size); check_malloc_return (name_expand); openvpn_snprintf (name_expand, name_expand_size, "X509_%d_%s", cert_depth, objbuf); string_mod (name_expand, CC_PRINT, CC_CRLF, '_'); string_mod ((char*)buf, CC_PRINT, CC_CRLF, '_'); setenv_str (es, name_expand, (char*)buf); free (name_expand); OPENSSL_free (buf); } }
int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len) { int i; ASN1_STRING *data; i = X509_NAME_get_index_by_OBJ(name, obj, -1); if (i < 0) return (-1); data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); i = (data->length > (len - 1)) ? (len - 1) : data->length; if (buf == NULL) return (data->length); OPENSSL_memcpy(buf, data->data, i); buf[i] = '\0'; return (i); }
//int EstEID_loadCertEntries(EstEID_Map cert, char *prefix, X509_NAME *x509Name) { int EstEID_loadCertEntries(EstEID_Map cert, char *prefix, struct X509_name_st *x509Name) { // todo: error handling of all openssl functions unsigned int count = X509_NAME_entry_count(x509Name); for (unsigned int i = 0; i < count; i++) { X509_NAME_ENTRY *entry = X509_NAME_get_entry(x509Name, i); char name[1024]; strcpy(name, prefix); OBJ_obj2txt(name + strlen(prefix), sizeof(name) - strlen(prefix), entry->object, 0); char *value; ASN1_STRING_to_UTF8((unsigned char **)&value, entry->value); EstEID_mapPutNoAlloc(cert, strdup(name), value); } return SUCCESS; }
/* * Equivalent of X509_NAME_oneline that respects encoding * * This function converts X509_NAME structure to the text variable * converting all textual data into current database encoding. * * Parameter: X509_NAME *name X509_NAME structure to be converted * * Returns: text datum which contains string representation of * X509_NAME */ datum_t X509_NAME_to_text(X509_NAME *name) { BIO *membuf = BIO_new(BIO_s_mem()); int i, nid, count = X509_NAME_entry_count(name); X509_NAME_ENTRY *e; ASN1_STRING *v; const char *field_name; size_t size; char nullterm; char *sp; char *dp; text *result; (void) BIO_set_close(membuf, BIO_CLOSE); for (i = 0; i < count; i++) { e = X509_NAME_get_entry(name, i); nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e)); v = X509_NAME_ENTRY_get_data(e); field_name = OBJ_nid2sn(nid); if (!field_name) field_name = OBJ_nid2ln(nid); BIO_printf(membuf, "/%s=", field_name); ASN1_STRING_print_ex(membuf, v, ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) | ASN1_STRFLGS_UTF8_CONVERT)); } /* ensure null termination of the BIO's content */ nullterm = '\0'; BIO_write(membuf, &nullterm, 1); size = BIO_get_mem_data(membuf, &sp); dp = (char *) pg_do_encoding_conversion((unsigned char *) sp, size - 1, PG_UTF8, get_db_encoding()); result = cstring_to_text(dp); if (dp != sp) pfree(dp); BIO_free(membuf); RET_TEXT_P(result); }
static void CheckDN(X509_NAME *dn) { for (int i = 0; i < X509_NAME_entry_count(dn); i++) { X509_NAME_ENTRY *ne = X509_NAME_get_entry(dn, i); ASN1_STRING *data = X509_NAME_ENTRY_get_data(ne); if (data->type != V_ASN1_SEQUENCE) { CheckNameEntryValid(ne); } else { /* TODO: It's a sequence, we should go over it's members */ SetInfo(INF_STRING_NOT_CHECKED); } } }
/* * 这个类呢,是用来实现和 JACK 实现的那个 AVROUTER 对接的。也就是 JACK 版本的 AV NETWORK SERVICE PROVIDER */ void avjackif::set_pki(boost::shared_ptr<RSA> _key, boost::shared_ptr<X509> cert) { _rsa = _key; _x509 = cert; unsigned char * CN = NULL; auto cert_name = X509_get_subject_name(cert.get()); auto cert_entry = X509_NAME_get_entry(cert_name, X509_NAME_get_index_by_NID(cert_name, NID_commonName, 0) ); ASN1_STRING *entryData = X509_NAME_ENTRY_get_data( cert_entry ); auto strlengh = ASN1_STRING_to_UTF8(&CN, entryData); printf("%s\n",CN); std::string commonname((char*)CN, strlengh); m_local_addr.reset(new proto::avAddress(av_address_from_string(commonname))); OPENSSL_free(CN); }
/* * Convert an X509 subject name to a cstring. * */ static char * X509_NAME_to_cstring(X509_NAME *name) { BIO *membuf = BIO_new(BIO_s_mem()); int i, nid, count = X509_NAME_entry_count(name); X509_NAME_ENTRY *e; ASN1_STRING *v; const char *field_name; size_t size; char nullterm; char *sp; char *dp; char *result; (void) BIO_set_close(membuf, BIO_CLOSE); for (i = 0; i < count; i++) { e = X509_NAME_get_entry(name, i); nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e)); v = X509_NAME_ENTRY_get_data(e); field_name = OBJ_nid2sn(nid); if (!field_name) field_name = OBJ_nid2ln(nid); BIO_printf(membuf, "/%s=", field_name); ASN1_STRING_print_ex(membuf, v, ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) | ASN1_STRFLGS_UTF8_CONVERT)); } /* ensure null termination of the BIO's content */ nullterm = '\0'; BIO_write(membuf, &nullterm, 1); size = BIO_get_mem_data(membuf, &sp); dp = pg_any_to_server(sp, size - 1, PG_UTF8); result = pstrdup(dp); if (dp != sp) pfree(dp); BIO_free(membuf); return result; }
static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, const char *var) { const char *ptr; char *result; X509_NAME_ENTRY *xsne; int i, j, n, idx = 0, raw = 0; apr_size_t varlen; ptr = ap_strrchr_c(var, '_'); if (ptr && ptr > var && strcmp(ptr + 1, "RAW") == 0) { var = apr_pstrmemdup(p, var, ptr - var); raw = 1; } /* if an _N suffix is used, find the Nth attribute of given name */ ptr = ap_strchr_c(var, '_'); if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) { idx = atoi(ptr + 1); varlen = ptr - var; } else { varlen = strlen(var); } result = NULL; for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) { if (strEQn(var, ssl_var_lookup_ssl_cert_dn_rec[i].name, varlen) && strlen(ssl_var_lookup_ssl_cert_dn_rec[i].name) == varlen) { for (j = 0; j < X509_NAME_entry_count(xsname); j++) { xsne = X509_NAME_get_entry(xsname, j); n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne)); if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) { result = modssl_X509_NAME_ENTRY_to_string(p, xsne, raw); break; } } break; } } return result; }
static PyObject * crypto_X509Name_get_components(crypto_X509NameObj *self, PyObject *args) { int n, i; X509_NAME *name = self->x509_name; PyObject *list; if (!PyArg_ParseTuple(args, ":get_components")) return NULL; n = X509_NAME_entry_count(name); list = PyList_New(n); for (i = 0; i < n; i++) { X509_NAME_ENTRY *ent; ASN1_OBJECT *fname; ASN1_STRING *fval; int nid; int l; unsigned char *str; PyObject *tuple; ent = X509_NAME_get_entry(name, i); fname = X509_NAME_ENTRY_get_object(ent); fval = X509_NAME_ENTRY_get_data(ent); l = ASN1_STRING_length(fval); str = ASN1_STRING_data(fval); nid = OBJ_obj2nid(fname); /* printf("fname is %s len=%d str=%s\n", OBJ_nid2sn(nid), l, str); */ tuple = PyTuple_New(2); PyTuple_SetItem(tuple, 0, PyBytes_FromString(OBJ_nid2sn(nid))); PyTuple_SetItem(tuple, 1, PyBytes_FromStringAndSize((char *)str, l)); PyList_SetItem(list, i, tuple); } return list; }
static char *__apn_ssl_cert_entry_string(X509_NAME *name) { char subject_entry_buffer[__APN_X509_ENTRY_BUF_SIZE] = {0}; int entry_count = X509_NAME_entry_count(name); for (int i = 0; i < entry_count; i++) { X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i); ASN1_OBJECT *entry_object = X509_NAME_ENTRY_get_object(entry); const char *entry_name = OBJ_nid2sn(OBJ_obj2nid(entry_object)); const unsigned char *entry_value = ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)); apn_strcat(subject_entry_buffer, entry_name, __APN_X509_ENTRY_BUF_SIZE, strlen(entry_name)); apn_strcat(subject_entry_buffer, "=", __APN_X509_ENTRY_BUF_SIZE, 1); apn_strcat(subject_entry_buffer, (const char *)entry_value, __APN_X509_ENTRY_BUF_SIZE, strlen((const char *)entry_value)); if(i + 1 < entry_count) { apn_strcat(subject_entry_buffer, ", ", __APN_X509_ENTRY_BUF_SIZE, 2); } } return apn_strndup(subject_entry_buffer, strlen(subject_entry_buffer)); }
/*** get text by given asn1_object or nid @function get_text @tparam string|integer|asn1_object identid for asn1_object @tparam[opt=-1] number lastpos retrieve the next index after lastpos @treturn string text and followed by lastpos */ static int openssl_xname_get_text(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); ASN1_OBJECT *obj = openssl_get_asn1object(L, 2, 0); int lastpos = luaL_optint(L, 3, -1); X509_NAME_ENTRY *e; ASN1_STRING *s; lastpos = X509_NAME_get_index_by_OBJ(xn, obj, lastpos); ASN1_OBJECT_free(obj); if (lastpos == -1) return 0; e = X509_NAME_get_entry(xn, lastpos); s = X509_NAME_ENTRY_get_data(e); lua_pushlstring(L, (const char *)ASN1_STRING_get0_data(s), ASN1_STRING_length(s)); lua_pushinteger(L, lastpos); return 2; };
MONO_API int mono_btls_x509_name_get_entry_oid (MonoBtlsX509Name *name, int index, char *buffer, int size) { X509_NAME_ENTRY *entry; ASN1_OBJECT *obj; if (index >= X509_NAME_entry_count (name->name)) return 0; entry = X509_NAME_get_entry (name->name, index); if (!entry) return 0; obj = X509_NAME_ENTRY_get_object (entry); if (!obj) return 0; return OBJ_obj2txt (buffer, size, obj, 1); }
MONO_API MonoBtlsX509NameEntryType mono_btls_x509_name_get_entry_type (MonoBtlsX509Name *name, int index) { X509_NAME_ENTRY *entry; ASN1_OBJECT *obj; if (index >= X509_NAME_entry_count (name->name)) return -1; entry = X509_NAME_get_entry (name->name, index); if (!entry) return -1; obj = X509_NAME_ENTRY_get_object (entry); if (!obj) return -1; return nid2mono (OBJ_obj2nid (obj)); }
static const char *get_cname(X509 *cert) { X509_NAME *name; X509_NAME_ENTRY *entry; ASN1_STRING *str; int cn_idx; name = X509_get_subject_name(cert); if (name == NULL) return ""; cn_idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); if (cn_idx == -1) return ""; entry = X509_NAME_get_entry(name, cn_idx); i_assert(entry != NULL); str = X509_NAME_ENTRY_get_data(entry); i_assert(str != NULL); return asn1_string_to_c(str); }
static void openssl_setenv_X509_add_entries(liVRequest *vr, X509 *x509, const gchar *prefix, guint prefix_len) { guint i, j; GString *k = vr->wrk->tmp_str; X509_NAME *xn = X509_get_subject_name(x509); X509_NAME_ENTRY *xe; const char * xobjsn; g_string_truncate(k, 0); g_string_append_len(k, prefix, prefix_len); for (i = 0, j = X509_NAME_entry_count(xn); i < j; ++i) { if (!(xe = X509_NAME_get_entry(xn, i)) || !(xobjsn = OBJ_nid2sn(OBJ_obj2nid((ASN1_OBJECT*)X509_NAME_ENTRY_get_object(xe))))) continue; g_string_truncate(k, prefix_len); g_string_append(k, xobjsn); li_environment_set(&vr->env, GSTR_LEN(k), (const gchar *)xe->value->data, xe->value->length); } }
static int GetCommonNameFromCertificate__(X509 *cert, char *name, size_t len) { X509_NAME *subject; X509_NAME_ENTRY *entry; int count, i; if ((subject = X509_get_subject_name(cert)) == NULL) return -1; count = X509_NAME_entry_count(subject); for (i = 0; i < count; i++){ if ((entry = X509_NAME_get_entry(subject, i)) == NULL) break; if (OBJ_obj2nid(entry->object) != NID_commonName) continue; if (name != NULL && len > 0) snprintf(name, len, "%s", entry->value->data); return entry->value->length; } return -1; }
// generate an LLSD from a certificate name (issuer or subject name). // the name will be strings indexed by the 'long form' LLSD cert_name_from_X509_NAME(X509_NAME* name) { LLSD result = LLSD::emptyMap(); int name_entries = X509_NAME_entry_count(name); for (int entry_index=0; entry_index < name_entries; entry_index++) { char buffer[32]; X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index); std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry); OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0); std::string obj_buffer_str = std::string(buffer); result[obj_buffer_str] = name_value; } return result; }
MONO_API int mono_btls_x509_name_get_entry_oid_data (MonoBtlsX509Name *name, int index, const void **data) { X509_NAME_ENTRY *entry; ASN1_OBJECT *obj; if (index >= X509_NAME_entry_count (name->name)) return -1; entry = X509_NAME_get_entry (name->name, index); if (!entry) return -1; obj = X509_NAME_ENTRY_get_object (entry); if (!obj) return -1; *data = obj->data; return obj->length; }
static int openssl_xname_get_text(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); int nid = openssl_get_nid(L, 2); int lastpos = luaL_optint(L, 3, -1); X509_NAME_ENTRY *e; ASN1_STRING *s; if (nid == NID_undef) return 0; lastpos = X509_NAME_get_index_by_NID(xn, nid, lastpos); if (lastpos == -1) return 0; e = X509_NAME_get_entry(xn, lastpos); s = X509_NAME_ENTRY_get_data(e); lua_pushlstring(L, (const char *)ASN1_STRING_data(s), ASN1_STRING_length(s)); lua_pushinteger(L, lastpos); return 2; };
/* * Extract a field from an X509 subject name. * * Example: * * /C=US/ST=CO/L=Denver/O=ORG/CN=First-CN/CN=Test-CA/[email protected] * * The common name is 'Test-CA' * * Return true on success, false on error (insufficient buffer size in 'out' * to contain result is grounds for error). */ static result_t extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out, int size) { int lastpos = -1; int tmp = -1; X509_NAME_ENTRY *x509ne = 0; ASN1_STRING *asn1 = 0; unsigned char *buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ int nid = OBJ_txt2nid((char *)field_name); ASSERT (size > 0); *out = '\0'; do { lastpos = tmp; tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos); } while (tmp > -1); /* Nothing found */ if (lastpos == -1) return FAILURE; x509ne = X509_NAME_get_entry(x509, lastpos); if (!x509ne) return FAILURE; asn1 = X509_NAME_ENTRY_get_data(x509ne); if (!asn1) return FAILURE; tmp = ASN1_STRING_to_UTF8(&buf, asn1); if (tmp <= 0) return FAILURE; strncpynt(out, (char *)buf, size); { const result_t ret = (strlen ((char *)buf) < size) ? SUCCESS: FAILURE; OPENSSL_free (buf); return ret; } }
void output_X509_NAME(X509_NAME *name, gf_io_t pc) { int i, c; char buf[256]; c = X509_NAME_entry_count(name); for(i=c-1; i>=0; i--){ X509_NAME_ENTRY *e; e = X509_NAME_get_entry(name,i); if(!e) continue; X509_NAME_get_text_by_OBJ(name, e->object, buf, sizeof(buf)); gf_puts(buf, pc); gf_puts(NEWLINE, pc); } }
bool PeerID::Certificate::checkCommonNames( const std::function<bool(char const*, std::size_t)> func) const { X509_NAME* name = X509_get_subject_name(x509_); int i = -1; ASN1_STRING* commonName = 0; while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) { X509_NAME_ENTRY* nameEntry = X509_NAME_get_entry(name, i); commonName = X509_NAME_ENTRY_get_data(nameEntry); if (commonName && commonName->data && commonName->length) { const char* host = reinterpret_cast<const char*>(commonName->data); std::size_t len = commonName->length; if (func(host, len)) return true; } } return false; }
/* Get the UID field from the certificate subject name. * The certificate is looked up using the socket of the connection. * * Return value: Pointer to the uid string or NULL if not found */ char *ssl_getuid(int sock) { int idx; X509 *cert; X509_NAME *subj; ASN1_STRING *name; if (!(cert = ssl_getcert(sock))) return NULL; /* Get the subject name */ if (!(subj = X509_get_subject_name(cert))) return NULL; /* Get the first UID */ idx = X509_NAME_get_index_by_NID(subj, NID_userId, -1); if (idx == -1) return NULL; name = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subj, idx)); /* Extract the contents, assuming null-terminated ASCII string */ return (char *) ASN1_STRING_data(name); }
/** * Tries to find a match for hostname in the certificate's Common Name field. * * Returns AMQP_HVR_MATCH_FOUND if a match was found. * Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found. * Returns AMQP_HVR_MALFORMED_CERTIFICATE if the Common Name had a NUL character embedded in it. * Returns AMQP_HVR_ERROR if the Common Name could not be extracted. */ static amqp_hostname_validation_result amqp_matches_common_name( const char *hostname, const X509 *server_cert) { int common_name_loc = -1; X509_NAME_ENTRY *common_name_entry = NULL; ASN1_STRING *common_name_asn1 = NULL; char *common_name_str = NULL; // Find the position of the CN field in the Subject field of the certificate common_name_loc = X509_NAME_get_index_by_NID( X509_get_subject_name((X509 *)server_cert), NID_commonName, -1); if (common_name_loc < 0) { return AMQP_HVR_ERROR; } // Extract the CN field common_name_entry = X509_NAME_get_entry( X509_get_subject_name((X509 *)server_cert), common_name_loc); if (common_name_entry == NULL) { return AMQP_HVR_ERROR; } // Convert the CN field to a C string common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); if (common_name_asn1 == NULL) { return AMQP_HVR_ERROR; } common_name_str = (char *)ASN1_STRING_data(common_name_asn1); // Make sure there isn't an embedded NUL character in the CN if ((size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) { return AMQP_HVR_MALFORMED_CERTIFICATE; } // Compare expected hostname with the CN if (amqp_hostcheck(common_name_str, hostname) == AMQP_HCR_MATCH) { return AMQP_HVR_MATCH_FOUND; } else { return AMQP_HVR_MATCH_NOT_FOUND; } }
/** * Tries to find a match for hostname in the certificate's Common Name field. * * Returns MatchFound if a match was found. * Returns MatchNotFound if no matches were found. * Returns MalformedCertificate if the Common Name had a NUL character embedded in it. * Returns Error if the Common Name could not be extracted. */ static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert) { int common_name_loc = -1; X509_NAME_ENTRY *common_name_entry = NULL; ASN1_STRING *common_name_asn1 = NULL; char *common_name_str = NULL; // Find the position of the CN field in the Subject field of the certificate common_name_loc = X509_NAME_get_index_by_NID( X509_get_subject_name((X509 *) server_cert), NID_commonName, -1); if (common_name_loc < 0) { return Error; } // Extract the CN field common_name_entry = X509_NAME_get_entry( X509_get_subject_name((X509 *) server_cert), common_name_loc); if (common_name_entry == NULL) { return Error; } // Convert the CN field to a C string common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); if (common_name_asn1 == NULL) { return Error; } common_name_str = (char *) ASN1_STRING_data(common_name_asn1); // Make sure there isn't an embedded NUL character in the CN if (ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) { return MalformedCertificate; } // Compare expected hostname with the CN if (hostmatch(hostname, common_name_str) == CURL_HOST_MATCH) { return MatchFound; } else { return MatchNotFound; } }
char* crypto_cert_subject_common_name(X509* xcert, int* length) { int index; BYTE* common_name_raw; char* common_name; X509_NAME* subject_name; X509_NAME_ENTRY* entry; ASN1_STRING* entry_data; subject_name = X509_get_subject_name(xcert); if (subject_name == NULL) return NULL; index = X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1); if (index < 0) return NULL; entry = X509_NAME_get_entry(subject_name, index); if (entry == NULL) return NULL; entry_data = X509_NAME_ENTRY_get_data(entry); if (entry_data == NULL) return NULL; *length = ASN1_STRING_to_UTF8(&common_name_raw, entry_data); if (*length < 0) return NULL; common_name = _strdup((char*)common_name_raw); OPENSSL_free(common_name_raw); return (char*) common_name; }
static void x509_print_info (X509 *x509crt) { int i, n; int fn_nid; ASN1_OBJECT *fn; ASN1_STRING *val; X509_NAME *x509_name; X509_NAME_ENTRY *ent; const char *objbuf; unsigned char *buf; x509_name = X509_get_subject_name (x509crt); n = X509_NAME_entry_count (x509_name); for (i = 0; i < n; ++i) { ent = X509_NAME_get_entry (x509_name, i); if (!ent) continue; fn = X509_NAME_ENTRY_get_object (ent); if (!fn) continue; val = X509_NAME_ENTRY_get_data (ent); if (!val) continue; fn_nid = OBJ_obj2nid (fn); if (fn_nid == NID_undef) continue; objbuf = OBJ_nid2sn (fn_nid); if (!objbuf) continue; buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) continue; printf("X509 %s: %s\n", objbuf, (char *)buf); OPENSSL_free (buf); } }
/* * Returns specified field of specified X509_NAME structure * * Common part of ssl_client_dn and ssl_issuer_dn functions. * * Parameter: X509_NAME *name - either subject or issuer of certificate * Parameter: text fieldName - field name string like 'CN' or commonName * to be looked up in the OpenSSL ASN1 OID database * * Returns result of ASN1_STRING_to_text applied to appropriate * part of name */ datum_t X509_NAME_field_to_text(X509_NAME *name, text *fieldName) { char *string_fieldname; int nid, index; ASN1_STRING *data; string_fieldname = text_to_cstring(fieldName); nid = OBJ_txt2nid(string_fieldname); if (nid == NID_undef) ereport(ERROR, (errcode(E_INVALID_PARAMETER_VALUE), errmsg("invalid X.509 field name: \"%s\"", string_fieldname))); pfree(string_fieldname); index = X509_NAME_get_index_by_NID(name, nid, -1); if (index < 0) return (datum_t) 0; data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, index)); return ASN1_STRING_to_text(data); }
/** * Retrive the general names from the object. */ static int push_x509_name(lua_State* L, X509_NAME *name) { int i; int n_entries; ASN1_OBJECT *object; X509_NAME_ENTRY *entry; lua_newtable(L); n_entries = X509_NAME_entry_count(name); for (i = 0; i < n_entries; i++) { entry = X509_NAME_get_entry(name, i); object = X509_NAME_ENTRY_get_object(entry); lua_newtable(L); push_asn1_objname(L, object, 1); lua_setfield(L, -2, "oid"); push_asn1_objname(L, object, 0); lua_setfield(L, -2, "name"); push_asn1_string(L, X509_NAME_ENTRY_get_data(entry)); lua_setfield(L, -2, "value"); lua_rawseti(L, -2, i+1); } return 1; }
/* * Return a name string given a X509_NAME object and a name identifier. Used * by the getattr function. * * Arguments: name - The X509_NAME object * nid - The name identifier * Returns: The name as a Python string object */ static int get_name_by_nid(X509_NAME *name, int nid, char **utf8string) { int entry_idx; X509_NAME_ENTRY *entry; ASN1_STRING *data; int len; if ((entry_idx = X509_NAME_get_index_by_NID(name, nid, -1)) == -1) { return 0; } entry = X509_NAME_get_entry(name, entry_idx); data = X509_NAME_ENTRY_get_data(entry); if ((len = ASN1_STRING_to_UTF8((unsigned char **)utf8string, data)) < 0) { exception_from_error_queue(crypto_Error); return -1; } return len; }