/*-
* gnutls_x509_extract_dn - This function parses an RDN sequence
* @idn: should contain a DER encoded RDN sequence
* @rdn: a pointer to a structure to hold the name
*
* This function will return the name of the given RDN sequence.
* The name will be returned as a gnutls_x509_dn structure.
* Returns a negative error code in case of an error.
*
-*/
int
gnutls_x509_extract_dn (const gnutls_datum_t * idn, gnutls_x509_dn * rdn)
{
ASN1_TYPE dn = ASN1_TYPE_EMPTY;
int result;
size_t len;
if ((result =
asn1_create_element (_gnutls_get_pkix (),
"PKIX1.Name", &dn)) != ASN1_SUCCESS)
{
return _gnutls_asn2err (result);
}
result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
if (result != ASN1_SUCCESS)
{
/* couldn't decode DER */
asn1_delete_structure (&dn);
return _gnutls_asn2err (result);
}
memset (rdn, 0, sizeof (gnutls_x509_dn));
len = sizeof (rdn->country);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
rdn->country, &len);
len = sizeof (rdn->organization);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
0, rdn->organization, &len);
len = sizeof (rdn->organizational_unit_name);
_gnutls_x509_parse_dn_oid (dn, "",
GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0,
0, rdn->organizational_unit_name, &len);
len = sizeof (rdn->common_name);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0,
rdn->common_name, &len);
len = sizeof (rdn->locality_name);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
rdn->locality_name, &len);
len = sizeof (rdn->state_or_province_name);
_gnutls_x509_parse_dn_oid (dn, "",
GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
rdn->state_or_province_name, &len);
len = sizeof (rdn->email);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0,
rdn->email, &len);
asn1_delete_structure (&dn);
return 0;
}
/**
* gnutls_x509_crq_get_dn_by_oid - This function returns the Certificate request subject's distinguished name
* @crq: should contain a gnutls_x509_crq_t structure
* @oid: holds an Object Identified in null terminated string
* @indx: In case multiple same OIDs exist in the RDN, this specifies
* which to send. Use zero to get the first one.
* @raw_flag: If non zero returns the raw DER data of the DN part.
* @buf: a pointer to a structure to hold the name (may be null)
* @sizeof_buf: initially holds the size of @buf
*
* This function will extract the part of the name of the Certificate
* request subject, specified by the given OID. The output will be
* encoded as described in RFC2253. The output string will be ASCII
* or UTF-8 encoded, depending on the certificate data.
*
* Some helper macros with popular OIDs can be found in gnutls/x509.h
* If raw flag is zero, this function will only return known OIDs as
* text. Other OIDs will be DER encoded, as described in RFC2253 --
* in hex format with a '\#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
* If @buf is null then only the size will be filled.
*
* Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
* long enough, and in that case the *sizeof_buf will be updated with
* the required size. On success 0 is returned.
*
**/
int
gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
int indx, unsigned int raw_flag,
void *buf, size_t * sizeof_buf)
{
if (crq == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_parse_dn_oid (crq->crq,
"certificationRequestInfo.subject.rdnSequence",
oid, indx, raw_flag, buf, sizeof_buf);
}
/**
* gnutls_x509_crl_get_issuer_dn_by_oid - return the CRL's issuer distinguished name
* @crl: should contain a gnutls_x509_crl_t structure
* @oid: holds an Object Identified in null terminated string
* @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
* @raw_flag: If non zero returns the raw DER data of the DN part.
* @buf: a pointer to a structure to hold the peer's name (may be null)
* @sizeof_buf: initially holds the size of @buf
*
* This function will extract the part of the name of the CRL issuer
* specified by the given OID. The output will be encoded as described
* in RFC2253. The output string will be ASCII or UTF-8 encoded,
* depending on the certificate data.
*
* Some helper macros with popular OIDs can be found in gnutls/x509.h
* If raw flag is zero, this function will only return known OIDs as
* text. Other OIDs will be DER encoded, as described in RFC2253 -- in
* hex format with a '\#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
* If buf is null then only the size will be filled.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
* not long enough, and in that case the sizeof_buf will be updated
* with the required size, and 0 on success.
**/
int
gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
const char *oid, int indx,
unsigned int raw_flag, void *buf,
size_t * sizeof_buf)
{
if (crl == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_parse_dn_oid (crl->crl,
"tbsCertList.issuer.rdnSequence",
oid, indx, raw_flag, buf, sizeof_buf);
}
/**
* gnutls_x509_crl_get_issuer_dn_by_oid:
* @crl: should contain a gnutls_x509_crl_t structure
* @oid: holds an Object Identified in null terminated string
* @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one.
* @raw_flag: If non-zero returns the raw DER data of the DN part.
* @buf: a pointer to a structure to hold the peer's name (may be null)
* @sizeof_buf: initially holds the size of @buf
*
* This function will extract the part of the name of the CRL issuer
* specified by the given OID. The output will be encoded as described
* in RFC4514. The output string will be ASCII or UTF-8 encoded,
* depending on the certificate data.
*
* Some helper macros with popular OIDs can be found in gnutls/x509.h
* If raw flag is (0), this function will only return known OIDs as
* text. Other OIDs will be DER encoded, as described in RFC4514 -- in
* hex format with a '#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
* If buf is null then only the size will be filled.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
* not long enough, and in that case the sizeof_buf will be updated
* with the required size, and 0 on success.
**/
int
gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl,
const char *oid, int indx,
unsigned int raw_flag, void *buf,
size_t * sizeof_buf)
{
gnutls_datum_t td;
int ret;
if (crl == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
ret = _gnutls_x509_parse_dn_oid(crl->crl,
"tbsCertList.issuer.rdnSequence",
oid, indx, raw_flag, &td);
if (ret < 0)
return gnutls_assert_val(ret);
return _gnutls_strdatum_to_buf(&td, buf, sizeof_buf);
}
/**
* gnutls_x509_rdn_get_by_oid:
* @idn: should contain a DER encoded RDN sequence
* @oid: an Object Identifier
* @indx: In case multiple same OIDs exist in the RDN indicates which
* to send. Use 0 for the first one.
* @raw_flag: If non-zero then the raw DER data are returned.
* @buf: a pointer to a structure to hold the peer's name
* @buf_size: holds the size of @buf
*
* This function will return the name of the given Object identifier,
* of the RDN sequence. The name will be encoded using the rules
* from RFC4514.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or
* %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@buf_size is
* updated if the provided buffer is not long enough, otherwise a
* negative error value.
**/
int
gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid,
int indx, unsigned int raw_flag,
void *buf, size_t * buf_size)
{
int result;
ASN1_TYPE dn = ASN1_TYPE_EMPTY;
gnutls_datum_t td;
if (buf_size == 0) {
return GNUTLS_E_INVALID_REQUEST;
}
if ((result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.Name", &dn)) != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
result = _asn1_strict_der_decode(&dn, idn->data, idn->size, NULL);
if (result != ASN1_SUCCESS) {
/* couldn't decode DER */
gnutls_assert();
asn1_delete_structure(&dn);
return _gnutls_asn2err(result);
}
result =
_gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx,
raw_flag, &td);
asn1_delete_structure(&dn);
if (result < 0)
return gnutls_assert_val(result);
return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
