bool X509Certificate_OpenSSL::checkIssuer(ref <const X509Certificate> cert_) const
{
ref <const X509Certificate_OpenSSL> cert =
cert_.dynamicCast <const X509Certificate_OpenSSL>();
// Get issuer for this cert
BIO *out;
unsigned char *issuer;
out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, X509_get_issuer_name(m_data->cert), 0, XN_FLAG_RFC2253);
int n = BIO_get_mem_data(out, &issuer);
vmime::string thisIssuerName((char*)issuer, n);
BIO_free(out);
// Get subject of issuer
unsigned char *subject;
out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, X509_get_subject_name(cert->m_data->cert), 0, XN_FLAG_RFC2253);
n = BIO_get_mem_data(out, &subject);
vmime::string subjOfIssuer((char*)subject, n);
BIO_free(out);
return subjOfIssuer == thisIssuerName;
}
int
verify_callback(int ok, X509_STORE_CTX * ctx)
{
X509 *err_cert;
int err, depth;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) {
X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
} else
BIO_puts(bio_err, "<no cert>\n");
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
if (verify_depth >= depth) {
if (!verify_return_error)
ok = 1;
verify_error = X509_V_OK;
} else {
ok = 0;
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
BIO_puts(bio_err, "issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err, "notBefore=");
ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err, "notAfter=");
ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2)
policies_print(bio_err, ctx);
BIO_printf(bio_err, "verify return:%d\n", ok);
return (ok);
}
/* Appends information about an issued certificate to the index file. */
int add_to_index(X509 *cert)
{
FILE *fp = NULL;
BIO *bio = NULL;
X509_NAME *subject = X509_get_subject_name(cert);
long serial = ASN1_INTEGER_get(X509_get_serialNumber(cert));
fp = fopen(CA_PATH(caIni.indexFile), "a");
if (fp != NULL) {
bio = BIO_new_fp(fp, BIO_CLOSE);
/* Write serial */
BIO_printf(bio, "%ld\t", serial);
/* Write notBefore time */
ASN1_TIME_print(bio, X509_get_notBefore(cert));
BIO_printf(bio, "\t");
/* Write subject */
X509_NAME_print_ex(bio, subject, 0, 0);
BIO_printf(bio, "\n");
BIO_free(bio); /* Closes fp too */
return 1;
}
return 0;
}
static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp,
int ind)
{
int i;
OCSP_SERVICELOC *a = in;
ACCESS_DESCRIPTION *ad;
if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
goto err;
if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
goto err;
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
goto err;
if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
goto err;
if (BIO_puts(bp, " - ") <= 0)
goto err;
if (GENERAL_NAME_print(bp, ad->location) <= 0)
goto err;
}
return 1;
err:
return 0;
}
/**
* Converts X509_NAME struct to string.
*
* @param name X509_NAME struct that is converted to string.
* @return converted value of X509_NAME.
* @throws IOException throws exception if conversion failed.
*/
std::string digidoc::X509Cert::toString(X509_NAME* name) throw(IOException)
{
BIO* mem = BIO_new(BIO_s_mem()); BIO_scope memScope(&mem);
if(mem == NULL)
{
THROW_IOEXCEPTION("Failed to allocate memory for X509_NAME conversion: %s", ERR_reason_error_string(ERR_get_error()));
}
// Convert the X509_NAME struct to string.
if(X509_NAME_print_ex(mem, name, 0, XN_FLAG_RFC2253) < 0)
{
THROW_IOEXCEPTION("Failed to convert X509_NAME struct to string: %s", ERR_reason_error_string(ERR_get_error()));
}
// Read the converted string from buffer.
char buf[128];
int bytesRead;
std::string str;
while((bytesRead = BIO_gets(mem, &buf[0], sizeof(buf))) > 0)
{
str.append(buf);
}
return str;
}
static char *ssl_var_lookup_ssl_cert_dn_oneline(apr_pool_t *p, request_rec *r,
X509_NAME *xsname)
{
char *result = NULL;
SSLDirConfigRec *dc;
int legacy_format = 0;
if (r) {
dc = myDirConfig(r);
legacy_format = dc->nOptions & SSL_OPT_LEGACYDNFORMAT;
}
if (legacy_format) {
char *cp = X509_NAME_oneline(xsname, NULL, 0);
result = apr_pstrdup(p, cp);
OPENSSL_free(cp);
}
else {
BIO* bio;
int n;
unsigned long flags = XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
X509_NAME_print_ex(bio, xsname, 0, flags);
n = BIO_pending(bio);
if (n > 0) {
result = apr_palloc(p, n+1);
n = BIO_read(bio, result, n);
result[n] = NUL;
}
BIO_free(bio);
}
return result;
}
/*
* convert an X509_NAME to an RFC 2253 formatted string, optionally truncated
* to maxlen characters (specify a maxlen of 0 for no length limit)
*/
char *modssl_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen)
{
char *result = NULL;
BIO *bio;
int len;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
X509_NAME_print_ex(bio, dn, 0, XN_FLAG_RFC2253);
len = BIO_pending(bio);
if (len > 0) {
result = apr_palloc(p, (maxlen > 0) ? maxlen+1 : len+1);
if (maxlen > 0 && maxlen < len) {
len = BIO_read(bio, result, maxlen);
if (maxlen > 2) {
/* insert trailing ellipsis if there's enough space */
apr_snprintf(result + maxlen - 3, 4, "...");
}
} else {
len = BIO_read(bio, result, len);
}
result[len] = NUL;
}
BIO_free(bio);
return result;
}
static char*
GetSubjectFromCertificate_X509_NAME_print_ex(X509 *cert)
{
X509_NAME *subject;
char *ret = NULL;
BIO *out = NULL;
BUF_MEM *buf;
unsigned long flags = XN_FLAG_ONELINE;
if ((subject = X509_get_subject_name(cert)) == NULL){
return NULL;
}
if ((out = BIO_new(BIO_s_mem())) == NULL){
SSL_Error(_d("BIO_new failure:\n %s\n"), GetSSLErrorString());
goto err;
}
if (!X509_NAME_print_ex(out, subject, 0, flags)){
SSL_Error(_d("X509_NAME_print_ex failure:\n %s\n"),GetSSLErrorString());
goto err;
}
BIO_write(out, "\0", 1);
BIO_get_mem_ptr(out, &buf);
if ((ret = xmalloc(buf->length)) == NULL){
goto err;
}
memcpy(ret, buf->data, buf->length);
err:
BIO_free(out);
return ret;
}
void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
{
X509 *x;
unsigned char *p;
unsigned long flags = ctx->dump_flags;
if (flags & CAPI_DMP_FNAME)
{
char *fname;
fname = capi_cert_get_fname(ctx, cert);
if (fname)
{
BIO_printf(out, " Friendly Name \"%s\"\n", fname);
OPENSSL_free(fname);
}
else
BIO_printf(out, " <No Friendly Name>\n");
}
p = cert->pbCertEncoded;
x = d2i_X509(NULL, &p, cert->cbCertEncoded);
if (!x)
BIO_printf(out, " <Can't parse certificate>\n");
if (flags & CAPI_DMP_SUMMARY)
{
BIO_printf(out, " Subject: ");
X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
BIO_printf(out, "\n Issuer: ");
X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
BIO_printf(out, "\n");
}
if (flags & CAPI_DMP_FULL)
X509_print_ex(out, x, XN_FLAG_ONELINE,0);
if (flags & CAPI_DMP_PKEYINFO)
{
CRYPT_KEY_PROV_INFO *pinfo;
pinfo = capi_get_prov_info(ctx, cert);
capi_dump_prov_info(ctx, out, pinfo);
if (pinfo)
OPENSSL_free(pinfo);
}
if (flags & CAPI_DMP_PEM)
PEM_write_bio_X509(out, x);
X509_free(x);
}
DWORD
DirCliGetX509Name(
X509_NAME *pCertName,
DWORD dwFlags,
PSTR* ppszSubjectDN
)
{
DWORD dwError = 0;
size_t len = 0;
BIO* pBioMem = NULL;
PSTR pszSubjectName = NULL;
pBioMem = BIO_new(BIO_s_mem());
if (!pBioMem)
{
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_VMAFD_ERROR(dwError);
}
X509_NAME_print_ex(pBioMem, pCertName, 0, dwFlags);
len = BIO_pending(pBioMem);
if (len <= 0)
{
dwError = ERROR_INVALID_DATA;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VmAfdAllocateMemory(len + 1, (PVOID*)&pszSubjectName);
BAIL_ON_VMAFD_ERROR(dwError);
if (BIO_read(pBioMem, pszSubjectName, len) != len)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VMAFD_ERROR(dwError);
}
*ppszSubjectDN = pszSubjectName;
cleanup:
if (pBioMem)
{
BIO_free(pBioMem);
}
return dwError;
error:
*ppszSubjectDN = NULL;
goto cleanup;
}
int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
{
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
const X509_ALGOR *sig_alg;
const ASN1_BIT_STRING *sig;
long l;
int i;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
if (l >= 0 && l <= 1)
BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
else
BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
X509_CRL_get0_signature(x, &sig, &sig_alg);
BIO_puts(out, " ");
X509_signature_print(out, sig_alg, NULL);
BIO_printf(out, "%8sIssuer: ", "");
X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
BIO_puts(out, "\n");
BIO_printf(out, "%8sLast Update: ", "");
ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
BIO_printf(out, "\n%8sNext Update: ", "");
if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
else
BIO_printf(out, "NONE");
BIO_printf(out, "\n");
X509V3_extensions_print(out, "CRL extensions",
X509_CRL_get0_extensions(x), 0, 8);
rev = X509_CRL_get_REVOKED(x);
if (sk_X509_REVOKED_num(rev) > 0)
BIO_printf(out, "Revoked Certificates:\n");
else
BIO_printf(out, "No Revoked Certificates.\n");
for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
r = sk_X509_REVOKED_value(rev, i);
BIO_printf(out, " Serial Number: ");
i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));
BIO_printf(out, "\n Revocation Date: ");
ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));
BIO_printf(out, "\n");
X509V3_extensions_print(out, "CRL entry extensions",
X509_REVOKED_get0_extensions(r), 0, 8);
}
X509_signature_print(out, sig_alg, sig);
return 1;
}
// generate a single string containing the subject or issuer
// name of the cert.
std::string cert_string_name_from_X509_NAME(X509_NAME* name)
{
char * name_bio_chars = NULL;
// get a memory bio
BIO *name_bio = BIO_new(BIO_s_mem());
// stream the name into the bio. The name will be in the 'short name' format
X509_NAME_print_ex(name_bio, name, 0, XN_FLAG_RFC2253);
int length = BIO_get_mem_data(name_bio, &name_bio_chars);
std::string result = std::string(name_bio_chars, length);
BIO_free(name_bio);
return result;
}
void
tls_x509_format_dn(X509_NAME *name, GString *dn)
{
BIO *bio;
gchar *buf;
long len;
bio = BIO_new(BIO_s_mem());
X509_NAME_print_ex(bio, name, 0, ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_UTF8_CONVERT | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_DN_REV);
len = BIO_get_mem_data(bio, &buf);
g_string_assign_len(dn, buf, len);
BIO_free(bio);
}
const string X509Certificate_OpenSSL::getIssuerString() const
{
// Get issuer for this cert
BIO* out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, X509_get_issuer_name(m_data->cert), 0, XN_FLAG_RFC2253);
unsigned char* issuer;
const long n = BIO_get_mem_data(out, &issuer);
vmime::string name(reinterpret_cast <char*>(issuer), n);
BIO_free(out);
return name;
}
static int openssl_xname_print(lua_State*L)
{
X509_NAME* xname = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
BIO* bio = load_bio_object(L, 2);
int indent = luaL_optint(L, 3, 0);
unsigned long flags = luaL_optinteger(L, 4, 0);
int ret = X509_NAME_print_ex(bio, xname, indent, flags);
BIO_free(bio);
if (ret == 1)
lua_pushboolean(L, 1);
else
return openssl_pushresult(L, ret);
return 1;
};
/* Extract a human readable version of a X509_NAME and put the result
* into a nmalloc'd buffer.
* The X509_NAME structure is used for example in certificate subject
* and issuer names.
*
* You need to nfree() the returned pointer.
*/
static char *ssl_printname(X509_NAME *name)
{
int len;
char *data, *buf;
BIO *bio = BIO_new(BIO_s_mem());
/* X509_NAME_oneline() is easier and shorter, but is deprecated and
the manual discourages it's usage, so let's not be lazy ;) */
X509_NAME_print_ex(bio, name, 0, XN_FLAG_ONELINE & ~XN_FLAG_SPC_EQ);
len = BIO_get_mem_data(bio, &data) + 1;
buf = nmalloc(len);
strncpyz(buf, data, len);
BIO_free(bio);
return buf;
}
char *
_mongoc_ssl_extract_subject (const char *filename)
{
X509_NAME *subject = NULL;
X509 *cert = NULL;
BIO *certbio = NULL;
BIO *strbio = NULL;
char *str = NULL;
int ret;
if (!filename) {
return NULL;
}
certbio = BIO_new (BIO_s_file ());
strbio = BIO_new (BIO_s_mem ());;
BSON_ASSERT (certbio);
BSON_ASSERT (strbio);
BIO_read_filename (certbio, filename);
if ((cert = PEM_read_bio_X509 (certbio, NULL, 0, NULL))) {
if ((subject = X509_get_subject_name (cert))) {
ret = X509_NAME_print_ex (strbio, subject, 0, XN_FLAG_RFC2253);
if ((ret > 0) && (ret < INT_MAX)) {
str = bson_malloc (ret + 2);
BIO_gets (strbio, str, ret + 1);
str [ret] = '\0';
}
}
}
if (cert) {
X509_free (cert);
}
if (certbio) {
BIO_free (certbio);
}
if (strbio) {
BIO_free (strbio);
}
return str;
}
// VERIFY
int dummy_ssl_verify_callback(int ok, X509_STORE_CTX* store) {
char buf[256];
X509* err_cert;
err_cert = X509_STORE_CTX_get_current_cert(store);
int err = X509_STORE_CTX_get_error(store);
int depth = X509_STORE_CTX_get_error_depth(store);
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
BIO* outbio = BIO_new_fp(stdout, BIO_NOCLOSE);
X509_NAME* cert_name = X509_get_subject_name(err_cert);
X509_NAME_print_ex(outbio, cert_name, 0, XN_FLAG_MULTILINE);
BIO_free_all(outbio);
printf("\tssl_verify_callback(), ok: %d, error: %d, depth: %d, name: %s\n", ok, err, depth, buf);
return 1; // We always return 1, so no verification actually
}
char* crypto_print_name(X509_NAME* name)
{
char* buffer = NULL;
BIO* outBIO = BIO_new(BIO_s_mem());
if (X509_NAME_print_ex(outBIO, name, 0, XN_FLAG_ONELINE) > 0)
{
unsigned long size = BIO_number_written(outBIO);
buffer = xzalloc(size + 1);
memset(buffer, 0, size + 1);
BIO_read(outBIO, buffer, size);
}
BIO_free(outBIO);
return buffer;
}
static int
openssl_verify_callback (int preverify_ok, X509_STORE_CTX * x509_ctx)
{
GstDtlsConnection *self;
SSL *ssl;
BIO *bio;
gchar *pem = NULL;
gboolean accepted = FALSE;
ssl =
X509_STORE_CTX_get_ex_data (x509_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx ());
self = SSL_get_ex_data (ssl, connection_ex_index);
g_return_val_if_fail (GST_IS_DTLS_CONNECTION (self), FALSE);
pem = _gst_dtls_x509_to_pem (X509_STORE_CTX_get0_cert (x509_ctx));
if (!pem) {
GST_WARNING_OBJECT (self,
"failed to convert received certificate to pem format");
} else {
bio = BIO_new (BIO_s_mem ());
if (bio) {
gchar buffer[2048];
gint len;
len =
X509_NAME_print_ex (bio,
X509_get_subject_name (X509_STORE_CTX_get0_cert (x509_ctx)), 1,
XN_FLAG_MULTILINE);
BIO_read (bio, buffer, len);
buffer[len] = '\0';
GST_DEBUG_OBJECT (self, "Peer certificate received:\n%s", buffer);
BIO_free (bio);
} else {
GST_DEBUG_OBJECT (self, "failed to create certificate print membio");
}
g_signal_emit (self, signals[SIGNAL_ON_PEER_CERTIFICATE], 0, pem,
&accepted);
g_free (pem);
}
return accepted;
}
char *
x509_get_subject (X509 *cert, struct gc_arena *gc)
{
BIO *subject_bio = NULL;
BUF_MEM *subject_mem;
char *subject = NULL;
int maxlen = 0;
/*
* Generate the subject string in OpenSSL proprietary format,
* when in --compat-names mode
*/
if (compat_flag (COMPAT_FLAG_QUERY | COMPAT_NAMES))
{
subject = gc_malloc (256, false, gc);
X509_NAME_oneline (X509_get_subject_name (cert), subject, 256);
subject[255] = '\0';
return subject;
}
subject_bio = BIO_new (BIO_s_mem ());
if (subject_bio == NULL)
goto err;
X509_NAME_print_ex (subject_bio, X509_get_subject_name (cert),
0, XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN |
ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_ESC_CTRL);
if (BIO_eof (subject_bio))
goto err;
BIO_get_mem_ptr (subject_bio, &subject_mem);
maxlen = subject_mem->length + 1;
subject = gc_malloc (maxlen, false, gc);
memcpy (subject, subject_mem->data, maxlen);
subject[maxlen - 1] = '\0';
err:
if (subject_bio)
BIO_free (subject_bio);
return subject;
}
char *dn_oneline(X509_NAME *xn) {
BIO* bio;
int n;
char *result;
unsigned long flags = XN_FLAG_RFC2253;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
return NULL;
}
X509_NAME_print_ex(bio, xn, 0, flags);
n = BIO_pending(bio);
result = (char *)malloc(sizeof(char *) * (n+1));
n = BIO_read(bio, result, n);
result[n] = '\0';
BIO_free(bio);
return result;
}
const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl0)
{
pni_ssl_t *ssl = get_ssl_internal(ssl0);
if (!ssl || !ssl->ssl) return NULL;
if (!ssl->subject) {
X509 *cert = SSL_get_peer_certificate(ssl->ssl);
if (!cert) return NULL;
X509_NAME *subject = X509_get_subject_name(cert);
if (!subject) return NULL;
BIO *out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, subject, 0, XN_FLAG_RFC2253);
int len = BIO_number_written(out);
ssl->subject = (char*) malloc(len+1);
ssl->subject[len] = 0;
BIO_read(out, ssl->subject, len);
BIO_free(out);
}
return ssl->subject;
}
static char *_get_rfc2253_formatted (X509_NAME *name)
{
int len;
char *out = NULL;
BIO* b;
if ((b = BIO_new (BIO_s_mem ())))
{
if (X509_NAME_print_ex (b, name, 0, XN_FLAG_RFC2253) >= 0
&& (len = BIO_number_written (b)) > 0)
{
out = xmalloc (len + 1);
BIO_read (b, out, len);
out[len] = 0;
}
BIO_free (b);
}
return out ? out : xstrdup("");
}
/*
* Trivial utility function to extract the string
* value of the subject name from a cert.
*/
static void extract_sub_name (X509 *cert, char *name, int len)
{
X509_NAME *subject_nm;
BIO *out;
BUF_MEM *bm;
subject_nm = X509_get_subject_name(cert);
out = BIO_new(BIO_s_mem());
X509_NAME_print_ex(out, subject_nm, 0, XN_FLAG_SEP_SPLUS_SPC);
BIO_get_mem_ptr(out, &bm);
strncpy(name, bm->data, len);
if (bm->length < len) {
name[bm->length] = 0;
} else {
name[len] = 0;
}
BIO_free(out);
}
static bool test_name(const char *name, const char *expected) {
char buf[1024];
BIO *bio;
const char none[] = {0};
X509_NAME *parsed = parse_name(name);
if(parsed == NULL) {
return false;
}
bio = BIO_new(BIO_s_mem());
X509_NAME_print_ex(bio, parsed, 0, XN_FLAG_ONELINE);
BIO_write(bio, none, 1);
BIO_read(bio, buf, 1024);
BIO_free(bio);
X509_NAME_free(parsed);
if(strcmp(buf, expected) != 0) {
fprintf(stderr, "Names not matching: '%s' != '%s'\n", expected, buf);
return false;
}
return true;
}
std::string getCertificateSubjectName(X509* cert) {
std::string result;
BIO* out = BIO_new(BIO_s_mem());
uassert(16884, "unable to allocate BIO memory", NULL != out);
ON_BLOCK_EXIT(BIO_free, out);
if (X509_NAME_print_ex(out,
X509_get_subject_name(cert),
0,
XN_FLAG_RFC2253) >= 0) {
if (BIO_number_written(out) > 0) {
result.resize(BIO_number_written(out));
BIO_read(out, &result[0], result.size());
}
}
else {
log() << "failed to convert subject name to RFC2253 format" << endl;
}
return result;
}
char *X509_NAME2text(X509_NAME *name) {
char *text;
BIO *bio;
int n;
bio=BIO_new(BIO_s_mem());
if(!bio)
return str_dup("BIO_new() failed");
X509_NAME_print_ex(bio, name, 0,
XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB & ~XN_FLAG_SPC_EQ);
n=BIO_pending(bio);
text=str_alloc((size_t)n+1);
n=BIO_read(bio, text, n);
if(n<0) {
BIO_free(bio);
str_free(text);
return str_dup("BIO_read() failed");
}
text[n]='\0';
BIO_free(bio);
return text;
}
/* Return the Subject of an X509 Certificate by wrapping the OpenSSL X509_get_subject_name() function. */
SEXP PKI_get_subject(SEXP sCert) {
SEXP res;
X509 *cert;
BIO *mem = BIO_new(BIO_s_mem());
long len;
char *txt = 0;
PKI_init();
cert = retrieve_cert(sCert, "");
if (X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, (XN_FLAG_ONELINE | ASN1_STRFLGS_UTF8_CONVERT) & ~ASN1_STRFLGS_ESC_MSB) < 0) {
BIO_free(mem);
Rf_error("X509_NAME_print_ex failed with %s", ERR_error_string(ERR_get_error(), NULL));
}
len = BIO_get_mem_data(mem, &txt);
if (len < 0) {
BIO_free(mem);
Rf_error("cannot get memory buffer, %s", ERR_error_string(ERR_get_error(), NULL));
}
res = PROTECT(allocVector(STRSXP, 1));
SET_STRING_ELT(res, 0, mkCharLenCE(txt, len, CE_UTF8));
UNPROTECT(1);
BIO_free(mem);
return res;
}
char *
_openssl_get_subject (X509 *cert, char *buf, int size)
{
BIO *subject_bio = NULL;
BUF_MEM *subject_mem;
char *subject = buf;
int maxlen = size;
subject_bio = BIO_new (BIO_s_mem ());
if (subject_bio == NULL)
goto err;
X509_NAME_print_ex (subject_bio, X509_get_subject_name (cert),
0, XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN |
ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_ESC_CTRL);
if (BIO_eof (subject_bio))
goto err;
BIO_get_mem_ptr (subject_bio, &subject_mem);
if (subject == NULL)
{
maxlen = subject_mem->length + 1;
subject = malloc (maxlen);
check_malloc_return (subject);
}
memcpy (subject, subject_mem->data, maxlen);
subject[maxlen - 1] = '\0';
err:
if (subject_bio)
BIO_free (subject_bio);
return subject;
}
