std::string genAlgProperty(const X509* cert) { int nid = 0; OSX_OPENSSL(nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm)); if (nid == NID_undef) { // Unknown algorithm OID. return ""; } std::string property; OSX_OPENSSL(property = std::string(OBJ_nid2ln(nid))); return property; }
std::string genCommonName(X509* cert) { if (cert == nullptr) { return ""; } X509_NAME* subject_name = nullptr; OSX_OPENSSL(subject_name = X509_get_subject_name(cert)); if (subject_name == nullptr) { return ""; } int nid = 0; OSX_OPENSSL(nid = OBJ_txt2nid("CN")); int index = 0; OSX_OPENSSL(index = X509_NAME_get_index_by_NID(subject_name, nid, -1)); if (index == -1) { return ""; } X509_NAME_ENTRY* commonNameEntry = nullptr; OSX_OPENSSL(commonNameEntry = X509_NAME_get_entry(subject_name, index)); if (commonNameEntry == nullptr) { return ""; } ASN1_STRING* commonNameData = nullptr; OSX_OPENSSL(commonNameData = X509_NAME_ENTRY_get_data(commonNameEntry)); unsigned char* data = nullptr; OSX_OPENSSL(data = ASN1_STRING_data(commonNameData)); return std::string(reinterpret_cast<char*>(data)); }
TEST_F(CACertsTests, test_certificate_properties) { std::string subject, common_name, issuer; genCommonName(x_cert, subject, common_name, issuer); EXPECT_EQ("localhost.localdomain", common_name); OSX_OPENSSL(X509_check_ca(x_cert)); auto skid = genKIDProperty(x_cert->skid->data, x_cert->skid->length); EXPECT_EQ("f2b99b00e0ee60d57c426ce3e64e3fdc6f6411c0", skid); auto not_before = std::to_string(genEpoch(X509_get_notBefore(x_cert))); EXPECT_EQ("1408475536", not_before); auto ca = (CertificateIsCA(x_cert)) ? "1" : "0"; EXPECT_EQ("1", ca); }
std::string genHumanReadableDateTime(ASN1_TIME* time) { BIO* bio_stream = nullptr; OSX_OPENSSL(bio_stream = BIO_new(BIO_s_mem())); if (bio_stream == nullptr) { return ""; } // ANS1_TIME_print's format is: Mon DD HH:MM:SS YYYY GMT // e.g. Jan 1 00:00:00 1970 GMT (always GMT) auto buffer_size = 32; char buffer[32] = {0}; OSX_OPENSSL(if (!ASN1_TIME_print(bio_stream, time)) { BIO_free(bio_stream); return ""; });
bool CertificateIsCA(X509* cert) { int ca = 0; OSX_OPENSSL(ca = X509_check_ca(cert)); return (ca > 0); }