void openssl_x509_info()
{
FILE *fp;
wchar_t *pUtf8;
X509 *x509Cert;
long Nid, Version;
ASN1_INTEGER *Serial;
X509_NAME *issuer, *subject;
X509_NAME_ENTRY *name_entry;
ASN1_TIME *timea, *timeb;
char msginfo[MAX1_LEN];
const unsigned char *uCert;
unsigned char tmp[MAX4_LEN];
int certLen, i, eNum, msgLen, nUtf8;
OpenSSL_add_all_algorithms();
printf("\nX509_Issuer info:\n");
fp = fopen(U2CERTF, "rb");
certLen = fread(tmp, 1, 4096, fp);
fclose(fp);
uCert = tmp;
x509Cert = d2i_X509(NULL, &uCert, certLen);
Version = X509_get_version(x509Cert);
printf("\tX509 Version: %ld\n", Version);
Serial = X509_get_serialNumber(x509Cert);
printf("\tserialNumber is: ");
for (i = 0; i < Serial->length; i++)
printf("%02x", Serial->data[i]);
printf("\n");
issuer = X509_get_issuer_name(x509Cert);
eNum = sk_X509_NAME_ENTRY_num(issuer->entries);
for (i = 0; i < eNum; i++) {
name_entry = sk_X509_NAME_ENTRY_value(issuer->entries, i);
if (name_entry->value->type == V_ASN1_UTF8STRING) {
nUtf8 = 2 * name_entry->value->length;
pUtf8 = (wchar_t *) malloc(nUtf8);
if (pUtf8 == NULL)
return;
memset(pUtf8, 0, nUtf8);
mbstowcs(pUtf8, (char *)name_entry->value->data,
name_entry->value->length);
wcstombs(msginfo, pUtf8, nUtf8);
msgLen = nUtf8;
msginfo[msgLen] = '\0';
free(pUtf8);
pUtf8 = NULL;
} else {
msgLen = name_entry->value->length;
memcpy(msginfo, name_entry->value->data, msgLen);
msginfo[msgLen] = '\0';
}
Nid = OBJ_obj2nid(name_entry->object);
switch (Nid) {
case NID_countryName:
printf("\tissuer's countryName: %s\n", msginfo);
break;
case NID_stateOrProvinceName:
printf("\tissuer's provinceName: %s\n", msginfo);
break;
case NID_localityName:
printf("\tissuer's localityName: %s\n", msginfo);
break;
case NID_organizationName:
printf("\tissuer's organizationName: %s\n", msginfo);
break;
case NID_organizationalUnitName:
printf("\tissuer's organizationalUnitName: %s\n", msginfo);
break;
case NID_commonName:
printf("\tissuer's commonName: %s\n", msginfo);
break;
case NID_pkcs9_emailAddress:
printf("\tissuer's emailAddress: %s\n", msginfo);
break;
default:
break;
}
}
subject = X509_get_subject_name(x509Cert);
eNum = sk_X509_NAME_ENTRY_num(subject->entries);
for (i = 0; i < eNum; i++) {
name_entry = sk_X509_NAME_ENTRY_value(subject->entries, i);
if (name_entry->value->type == V_ASN1_UTF8STRING) {
nUtf8 = 2 * name_entry->value->length;
pUtf8 = (wchar_t *) malloc(nUtf8);
if (pUtf8 == NULL)
return;
memset(pUtf8, 0, nUtf8);
mbstowcs(pUtf8, (char *)name_entry->value->data,
name_entry->value->length);
wcstombs(msginfo, pUtf8, nUtf8);
msgLen = nUtf8;
msginfo[msgLen] = '\0';
free(pUtf8);
pUtf8 = NULL;
} else {
msgLen = name_entry->value->length;
memcpy(msginfo, name_entry->value->data, msgLen);
msginfo[msgLen] = '\0';
}
Nid = OBJ_obj2nid(name_entry->object);
switch (Nid) {
case NID_countryName:
printf("\tsubject's countryName: %s\n", msginfo);
break;
case NID_stateOrProvinceName:
printf("\tsubject's ProvinceName: %s\n", msginfo);
break;
case NID_localityName:
printf("\tsubject's localityName: %s\n", msginfo);
break;
case NID_organizationName:
printf("\tsubject's organizationName: %s\n", msginfo);
break;
case NID_organizationalUnitName:
printf("\tsubject's organizationalUnitName: %s\n", msginfo);
break;
case NID_commonName:
printf("\tsubject's commonName: %s\n", msginfo);
break;
case NID_pkcs9_emailAddress:
printf("\tsubject's emailAddress: %s\n", msginfo);
break;
default:
break;
}
}
timea = X509_get_notAfter(x509Cert);
timeb = X509_get_notBefore(x509Cert);
printf("\tCert notAfter: %s, notBefore: %s\n", timea->data, timeb->data);
X509_free(x509Cert);
return;
}
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
{
X509_NAME_ENTRY *ret;
int i,n,set_prev,set_next;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
return(NULL);
sk=name->entries;
ret=sk_X509_NAME_ENTRY_delete(sk,loc);
n=sk_X509_NAME_ENTRY_num(sk);
name->modified=1;
if (loc == n) return(ret);
/* else we need to fixup the set field */
if (loc != 0)
set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
else
set_prev=ret->set-1;
set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
/* set_prev is the previous set
* set is the current set
* set_next is the following
* prev 1 1 1 1 1 1 1 1
* set 1 1 2 2
* next 1 1 2 2 2 2 3 2
* so basically only if prev and next differ by 2, then
* re-number down by 1 */
if (set_prev+1 < set_next)
for (i=loc; i<n; i++)
sk_X509_NAME_ENTRY_value(sk,i)->set--;
return(ret);
}
/*
* if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
* guy we are about to stomp on.
*/
int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
int set)
{
X509_NAME_ENTRY *new_name = NULL;
int n, i, inc;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL)
return (0);
sk = name->entries;
n = sk_X509_NAME_ENTRY_num(sk);
if (loc > n)
loc = n;
else if (loc < 0)
loc = n;
name->modified = 1;
if (set == -1) {
if (loc == 0) {
set = 0;
inc = 1;
} else {
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
inc = 0;
}
} else { /* if (set >= 0) */
if (loc >= n) {
if (loc != 0)
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
else
set = 0;
} else
set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
inc = (set == 0) ? 1 : 0;
}
if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
goto err;
new_name->set = set;
if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
goto err;
}
if (inc) {
n = sk_X509_NAME_ENTRY_num(sk);
for (i = loc + 1; i < n; i++)
sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
}
return (1);
err:
if (new_name != NULL)
X509_NAME_ENTRY_free(new_name);
return (0);
}
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
X509_NAME_ENTRY *na,*nb;
unsigned long nabit, nbbit;
j = sk_X509_NAME_ENTRY_num(a->entries)
- sk_X509_NAME_ENTRY_num(b->entries);
if (j)
return j;
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=na->value->type-nb->value->type;
if (j)
{
nabit = ASN1_tag2bit(na->value->type);
nbbit = ASN1_tag2bit(nb->value->type);
if (!(nabit & STR_TYPE_CMP) ||
!(nbbit & STR_TYPE_CMP))
return j;
if (!asn1_string_memcmp(na->value, nb->value))
j = 0;
}
else if (na->value->type == V_ASN1_PRINTABLESTRING)
j=nocase_spacenorm_cmp(na->value, nb->value);
else if (na->value->type == V_ASN1_IA5STRING
&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
j=nocase_cmp(na->value, nb->value);
else
j = asn1_string_memcmp(na->value, nb->value);
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
}
/* We will check the object types after checking the values
* since the values will more often be different than the object
* types. */
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=OBJ_cmp(na->object,nb->object);
if (j) return(j);
}
return(0);
}
static int
x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
{
const unsigned char *p = *in, *q;
union {
STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
ASN1_VALUE *a;
} intname = {NULL};
union {
X509_NAME *x;
ASN1_VALUE *a;
} nm = {NULL};
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
q = p;
/* Get internal representation of Name */
ret = ASN1_item_ex_d2i(&intname.a, &p, len,
ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx);
if (ret <= 0)
return ret;
if (*val)
x509_name_ex_free(val, NULL);
if (!x509_name_ex_new(&nm.a, NULL))
goto err;
/* We've decoded it: now cache encoding */
if (!BUF_MEM_grow(nm.x->bytes, p - q))
goto err;
memcpy(nm.x->bytes->data, q, p - q);
/* Convert internal representation to X509_NAME structure */
for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
entry = sk_X509_NAME_ENTRY_value(entries, j);
entry->set = i;
if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
goto err;
}
sk_X509_NAME_ENTRY_free(entries);
}
sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
ret = x509_name_canon(nm.x);
if (!ret)
goto err;
nm.x->modified = 0;
*val = nm.a;
*in = p;
return ret;
err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
std::string X509_NAME_oneline_ex(X509_NAME *a)
{
X509_NAME_ENTRY *ne;
std::string s("");
for (int i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
{
ne = sk_X509_NAME_ENTRY_value(a->entries, i);
int n = OBJ_obj2nid(ne->object);
char tmp_buf[80];
std::string sn(OBJ_nid2sn(n));
//if ((n == NID_undef) || (!sn.length()))
//{
int l = OBJ_obj2txt(tmp_buf, sizeof(tmp_buf), ne->object, 1);
sn = "";
sn += std::string(tmp_buf, l);
//}
s += "/"+sn+"=";
unsigned char *b;
int b_len = ASN1_STRING_to_UTF8(&b, ne->value);
if (b_len != -1){
s += std::string((char *)b, b_len);
OPENSSL_free(b);
}
else{
s += std::string((char *)ne->value->data, ne->value->length);
}
}
return s;
}
int
X509_NAME_entry_count(X509_NAME *name)
{
if (name == NULL)
return (0);
return (sk_X509_NAME_ENTRY_num(name->entries));
}
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
{
if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
return(NULL);
else
return(sk_X509_NAME_ENTRY_value(name->entries,loc));
}
void cacert_X509_NAME_oneline(X509_NAME *a, s8 *p)
{
X509_NAME_ENTRY *ne;
s32 i;
s32 n,l1;
const s8 *s;
s8 tmp_buf[80];
s32 utf8len = 0;
u8 mybuf[1024];
u8* myp=mybuf;
s32 first = 0;
if(a == NULL)
{
*p = '\0';
return;
}
for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
{
ne=sk_X509_NAME_ENTRY_value(a->entries,i);
n=OBJ_obj2nid(ne->object);
if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
{
i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
s=tmp_buf;
}
l1=strlen(s);
utf8len = ASN1_STRING_to_UTF8(&myp,ne->value);
if(utf8len < 0)
{
utf8len = 0;
}
if(first)
{
*(p++)=',';
*(p++)=' ';
}
else
{
first = 1;
}
memcpy(p,s,(u32)l1);
p+=l1;
*(p++)='=';
memcpy(p,myp,(u32)utf8len);
p+=utf8len;
}
*p = '\0';
return;
}
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
X509_NAME_ENTRY *na,*nb;
if (sk_X509_NAME_ENTRY_num(a->entries)
!= sk_X509_NAME_ENTRY_num(b->entries))
return sk_X509_NAME_ENTRY_num(a->entries)
-sk_X509_NAME_ENTRY_num(b->entries);
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=na->value->length-nb->value->length;
if (j) return(j);
j=memcmp(na->value->data,nb->value->data,
na->value->length);
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
}
/* We will check the object types after checking the values
* since the values will more often be different than the object
* types. */
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=OBJ_cmp(na->object,nb->object);
if (j) return(j);
}
return(0);
}
static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
X509_NAME_ENTRY *na,*nb;
if (sk_X509_NAME_ENTRY_num(a->entries)
!= sk_X509_NAME_ENTRY_num(b->entries))
return sk_X509_NAME_ENTRY_num(a->entries)
-sk_X509_NAME_ENTRY_num(b->entries);
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=OBJ_cmp(na->object,nb->object);
if (j) return(j);
if ((na->value->length == 1 && na->value->data[0] == '*')
|| (nb->value->length == 1 && nb->value->data[0] == '*'))
continue;
j=na->value->type-nb->value->type;
if (j) return(j);
if (na->value->type == V_ASN1_PRINTABLESTRING)
j=nocase_spacenorm_cmp(na->value, nb->value);
else if (na->value->type == V_ASN1_IA5STRING
&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
j=nocase_cmp(na->value, nb->value);
else
{
j=na->value->length-nb->value->length;
if (j) return(j);
j=memcmp(na->value->data,nb->value->data,
na->value->length);
}
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
}
return(0);
}
X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
{
int set=0,i;
int idx=0;
unsigned char *orig;
M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
orig= *pp;
if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
{
while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
X509_NAME_ENTRY_free(
sk_X509_NAME_ENTRY_pop(ret->entries));
}
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
for (;;)
{
if (M_ASN1_D2I_end_sequence()) break;
M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
d2i_X509_NAME_ENTRY,
X509_NAME_ENTRY_free);
for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
{
sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
}
set++;
}
i=(int)(c.p-orig);
if (!BUF_MEM_grow(ret->bytes,i)) goto err;
memcpy(ret->bytes->data,orig,i);
ret->bytes->length=i;
ret->modified=0;
M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
}
static int set_env_name_entry(X509_NAME *xname,const char *env,int nid) {
int m;
int n;
X509_NAME_ENTRY *xne;
if (!env) return 1;
for (m = 0;m < sk_X509_NAME_ENTRY_num(xname->entries);m++) {
xne = sk_X509_NAME_ENTRY_value(xname->entries,m);
n = OBJ_obj2nid(xne->object);
if (n == nid)
if (!env_val(env,xne->value->data,xne->value->length)) return 0;
}
return 1;
}
/* NOTE: you should be passsing -1, not 0 as lastpos */
int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
int lastpos)
{
int n;
X509_NAME_ENTRY *ne;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL) return(-1);
if (lastpos < 0)
lastpos= -1;
sk=name->entries;
n=sk_X509_NAME_ENTRY_num(sk);
for (lastpos++; lastpos < n; lastpos++)
{
ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
if (OBJ_cmp(ne->object,obj) == 0)
return(lastpos);
}
return(-1);
}
/* retrieve subject CommonName of certificate */
BOOL SSL_X509_getCN(pool *p, X509 *xs, char **cppCN)
{
X509_NAME *xsn;
X509_NAME_ENTRY *xsne;
int i, nid;
xsn = X509_get_subject_name(xs);
for (i = 0; i < sk_X509_NAME_ENTRY_num(xsn->entries); i++) {
xsne = sk_X509_NAME_ENTRY_value(xsn->entries, i);
nid = OBJ_obj2nid(xsne->object);
if (nid == NID_commonName) {
*cppCN = ap_palloc(p, xsne->value->length+1);
ap_cpystrn(*cppCN, (char *)xsne->value->data, xsne->value->length+1);
(*cppCN)[xsne->value->length] = NUL;
#ifdef CHARSET_EBCDIC
ascii2ebcdic(*cppCN, *cppCN, strlen(*cppCN));
#endif
return TRUE;
}
}
return FALSE;
}
u32 get_cert_field(X509_NAME *a, s32 fieldtype, u8 **pout)
{
X509_NAME_ENTRY *ne;
s32 i, utf8len;
u8 flag = 0;
if (NULL == a)
{
return PARSE_FAIL;
}
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
{
ne = sk_X509_NAME_ENTRY_value(a->entries, i);
if (fieldtype == OBJ_obj2nid(ne->object))
{
if (NULL != *pout)
{
OPENSSL_free(*pout);
*pout = NULL;
}
utf8len = ASN1_STRING_to_UTF8(pout, ne->value);
if (utf8len < 0)
{
return PARSE_FAIL;
}
*(*pout+utf8len) = '\0';
flag = 1;
}
}
if (flag)
{
return PARSE_SUCCESS;
}
return PARSE_FAIL;
}
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
X509_NAME_ENTRY *na,*nb;
if (sk_X509_NAME_ENTRY_num(a->entries)
!= sk_X509_NAME_ENTRY_num(b->entries))
return sk_X509_NAME_ENTRY_num(a->entries)
-sk_X509_NAME_ENTRY_num(b->entries);
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=na->value->type-nb->value->type;
if (j) return(j);
if (na->value->type == V_ASN1_PRINTABLESTRING)
j=nocase_spacenorm_cmp(na->value, nb->value);
else if (na->value->type == V_ASN1_IA5STRING
&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
j=nocase_cmp(na->value, nb->value);
else
{
j=na->value->length-nb->value->length;
if (j) return(j);
j=memcmp(na->value->data,nb->value->data,
na->value->length);
}
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
}
/* We will check the object types after checking the values
* since the values will more often be different than the object
* types. */
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=OBJ_cmp(na->object,nb->object);
if (j) return(j);
}
return(0);
}
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
int i;
int n, lold, l, l1, l2, num, j, type;
const char *s;
char *p;
unsigned char *q;
BUF_MEM *b = NULL;
static const char hex[17] = "0123456789ABCDEF";
int gs_doit[4];
char tmp_buf[80];
#ifdef CHARSET_EBCDIC
unsigned char ebcdic_buf[1024];
#endif
if (buf == NULL) {
if ((b = BUF_MEM_new()) == NULL)
goto err;
if (!BUF_MEM_grow(b, 200))
goto err;
b->data[0] = '\0';
len = 200;
} else if (len == 0) {
return NULL;
}
if (a == NULL) {
if (b) {
buf = b->data;
OPENSSL_free(b);
}
strncpy(buf, "NO X509_NAME", len);
buf[len - 1] = '\0';
return buf;
}
len--; /* space for '\0' */
l = 0;
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
ne = sk_X509_NAME_ENTRY_value(a->entries, i);
n = OBJ_obj2nid(ne->object);
if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
s = tmp_buf;
}
l1 = strlen(s);
type = ne->value->type;
num = ne->value->length;
if (num > NAME_ONELINE_MAX) {
X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
goto end;
}
q = ne->value->data;
#ifdef CHARSET_EBCDIC
if (type == V_ASN1_GENERALSTRING ||
type == V_ASN1_VISIBLESTRING ||
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_IA5STRING) {
if (num > (int)sizeof(ebcdic_buf))
num = sizeof(ebcdic_buf);
ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
for (j = 0; j < num; j++)
if (q[j] != 0)
gs_doit[j & 3] = 1;
if (gs_doit[0] | gs_doit[1] | gs_doit[2])
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
else {
gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
gs_doit[3] = 1;
}
} else
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
for (l2 = j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
l2++;
#ifndef CHARSET_EBCDIC
if ((q[j] < ' ') || (q[j] > '~'))
l2 += 3;
#else
if ((os_toascii[q[j]] < os_toascii[' ']) ||
(os_toascii[q[j]] > os_toascii['~']))
l2 += 3;
#endif
}
lold = l;
l += 1 + l1 + 1 + l2;
if (l > NAME_ONELINE_MAX) {
X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
goto end;
}
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
p = &(b->data[lold]);
} else if (l > len) {
break;
} else
p = &(buf[lold]);
*(p++) = '/';
memcpy(p, s, (unsigned int)l1);
p += l1;
*(p++) = '=';
#ifndef CHARSET_EBCDIC /* q was assigned above already. */
q = ne->value->data;
#endif
for (j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
#ifndef CHARSET_EBCDIC
n = q[j];
if ((n < ' ') || (n > '~')) {
*(p++) = '\\';
*(p++) = 'x';
*(p++) = hex[(n >> 4) & 0x0f];
*(p++) = hex[n & 0x0f];
} else
*(p++) = n;
#else
n = os_toascii[q[j]];
if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
*(p++) = '\\';
*(p++) = 'x';
*(p++) = hex[(n >> 4) & 0x0f];
*(p++) = hex[n & 0x0f];
} else
static char*
ldaplookup_filter(X509_NAME *name, const char *attribute) {
char *p = NULL;
int k;
BIO *mbio;
mbio = BIO_new(BIO_s_mem());
if (mbio == NULL) return(NULL);
BIO_puts(mbio, "(&");
k = sk_X509_NAME_ENTRY_num(name->entries);
for (--k; k >= 0; k--) {
X509_NAME_ENTRY *ne;
ASN1_STRING *nv;
int nid;
ne = sk_X509_NAME_ENTRY_value(name->entries, k);
nid = OBJ_obj2nid(ne->object);
if (
(nid != NID_organizationName) &&
(nid != NID_organizationalUnitName) &&
(nid != NID_commonName)
) continue;
BIO_puts(mbio, "(");
BIO_puts(mbio, OBJ_nid2sn(nid));
BIO_puts(mbio, "=");
nv = ne->value;
#if 0
/*
TODO:
we must escape '(' and ')' symbols and might to check for other symbols (>=128?)
BIO_puts(mbio, M_ASN1_STRING_data(nv));
*/
{ /* escape '(' and ')' */
p = (char*)M_ASN1_STRING_data(nv);
for (; *p; p++) {
if ((*p == '(') || (*p == ')'))
BIO_write(mbio, "\\", 1);
BIO_write(mbio, p, 1);
}
}
#else
{
char *q, *s;
q = ldaplookup_attr(nv);
if (q == NULL) goto done;
#ifdef TRACE_BY_LDAP
fprintf(stderr, "TRACE_BY_LDAP ldaplookup_filter: ldaplookup_attr(nv) return '%.512s'\n", q);
#endif
/* escape some charecters according to RFC2254 */
for (s=q; *s; s++) {
if ((*s == '*') ||
(*s == '(') ||
(*s == ')')
/* character '\' should be already escaped ! */
) {
/* RFC2254 recommendation */
BIO_printf(mbio, "\\%02X", (int)*s);
continue;
}
BIO_write(mbio, s, 1);
}
OPENSSL_free(q);
}
#endif
BIO_puts(mbio, ")");
}
BIO_puts(mbio, "(");
BIO_puts(mbio, attribute);
BIO_puts(mbio, "=*)");
BIO_puts(mbio, ")");
(void)BIO_flush(mbio);
k = BIO_pending(mbio);
p = OPENSSL_malloc(k + 1);
if (p == NULL) goto done;
k = BIO_read(mbio, p, k);
p[k] = '\0';
#ifdef TRACE_BY_LDAP
fprintf(stderr, "TRACE_BY_LDAP ldaplookup_filter: p=%.512s\n", p);
#endif
done:
BIO_free_all(mbio);
return(p);
}
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
size_t i;
int n, lold, l, l1, l2, num, j, type;
const char *s;
char *p;
unsigned char *q;
BUF_MEM *b = NULL;
static const char hex[17] = "0123456789ABCDEF";
int gs_doit[4];
char tmp_buf[80];
if (buf == NULL) {
if ((b = BUF_MEM_new()) == NULL)
goto err;
if (!BUF_MEM_grow(b, 200))
goto err;
b->data[0] = '\0';
len = 200;
} else if (len <= 0) {
return NULL;
}
if (a == NULL) {
if (b) {
buf = b->data;
OPENSSL_free(b);
}
BUF_strlcpy(buf, "NO X509_NAME", len);
return buf;
}
len--; /* space for '\0' */
l = 0;
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
ne = sk_X509_NAME_ENTRY_value(a->entries, i);
n = OBJ_obj2nid(ne->object);
if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
s = tmp_buf;
}
l1 = strlen(s);
type = ne->value->type;
num = ne->value->length;
if (num > NAME_ONELINE_MAX) {
OPENSSL_PUT_ERROR(X509, X509_R_NAME_TOO_LONG);
goto end;
}
q = ne->value->data;
if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
for (j = 0; j < num; j++)
if (q[j] != 0)
gs_doit[j & 3] = 1;
if (gs_doit[0] | gs_doit[1] | gs_doit[2])
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
else {
gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
gs_doit[3] = 1;
}
} else
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
for (l2 = j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
l2++;
if ((q[j] < ' ') || (q[j] > '~'))
l2 += 3;
}
lold = l;
l += 1 + l1 + 1 + l2;
if (l > NAME_ONELINE_MAX) {
OPENSSL_PUT_ERROR(X509, X509_R_NAME_TOO_LONG);
goto end;
}
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
p = &(b->data[lold]);
} else if (l > len) {
break;
} else
p = &(buf[lold]);
*(p++) = '/';
OPENSSL_memcpy(p, s, (unsigned int)l1);
p += l1;
*(p++) = '=';
q = ne->value->data;
for (j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
n = q[j];
if ((n < ' ') || (n > '~')) {
*(p++) = '\\';
*(p++) = 'x';
*(p++) = hex[(n >> 4) & 0x0f];
*(p++) = hex[n & 0x0f];
} else
*(p++) = n;
}
static int
set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
{
STACK_OF(GENERAL_NAME) *fnm = NULL;
STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
if (!strncmp(cnf->name, "fullname", 9)) {
fnm = gnames_from_sectname(ctx, cnf->value);
if (!fnm)
goto err;
} else if (!strcmp(cnf->name, "relativename")) {
int ret;
STACK_OF(CONF_VALUE) *dnsect;
X509_NAME *nm;
nm = X509_NAME_new();
if (!nm)
return -1;
dnsect = X509V3_get_section(ctx, cnf->value);
if (!dnsect) {
X509V3err(X509V3_F_SET_DIST_POINT_NAME,
X509V3_R_SECTION_NOT_FOUND);
return -1;
}
ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
X509V3_section_free(ctx, dnsect);
rnm = nm->entries;
nm->entries = NULL;
X509_NAME_free(nm);
if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
goto err;
/* Since its a name fragment can't have more than one
* RDNSequence
*/
if (sk_X509_NAME_ENTRY_value(rnm,
sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
X509V3err(X509V3_F_SET_DIST_POINT_NAME,
X509V3_R_INVALID_MULTIPLE_RDNS);
goto err;
}
} else
return 0;
if (*pdp) {
X509V3err(X509V3_F_SET_DIST_POINT_NAME,
X509V3_R_DISTPOINT_ALREADY_SET);
goto err;
}
*pdp = DIST_POINT_NAME_new();
if (!*pdp)
goto err;
if (fnm) {
(*pdp)->type = 0;
(*pdp)->name.fullname = fnm;
} else {
(*pdp)->type = 1;
(*pdp)->name.relativename = rnm;
}
return 1;
err:
if (fnm)
sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
if (rnm)
sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
return -1;
}
static int i2d_X509_NAME_entries(X509_NAME *a)
{
X509_NAME_ENTRY *ne,*fe=NULL;
STACK_OF(X509_NAME_ENTRY) *sk;
BUF_MEM *buf=NULL;
int set=0,r,ret=0;
int i;
unsigned char *p;
int size=0;
sk=a->entries;
for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
{
ne=sk_X509_NAME_ENTRY_value(sk,i);
if (fe == NULL)
{
fe=ne;
size=0;
}
if (ne->set != set)
{
ret+=ASN1_object_size(1,size,V_ASN1_SET);
fe->size=size;
fe=ne;
size=0;
set=ne->set;
}
size+=i2d_X509_NAME_ENTRY(ne,NULL);
}
if (fe != NULL)
{
/* SET OF needed only if entries is non empty */
ret+=ASN1_object_size(1,size,V_ASN1_SET);
fe->size=size;
}
r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
buf=a->bytes;
if (!BUF_MEM_grow(buf,r)) goto err;
p=(unsigned char *)buf->data;
ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
set= -1;
for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
{
ne=sk_X509_NAME_ENTRY_value(sk,i);
if (set != ne->set)
{
set=ne->set;
ASN1_put_object(&p,1,ne->size,
V_ASN1_SET,V_ASN1_UNIVERSAL);
}
i2d_X509_NAME_ENTRY(ne,&p);
}
a->modified=0;
return(r);
err:
return(-1);
}
