Check-in [f89918d4df]
Overview
Comment:Added function to convert X.509 DN to string representation
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f89918d4dfd6a3166523ef8f49c5d5bf68ebcf1f
User & Date: rkeene on 2010-05-14 20:49:59
Other Links: manifest | tags
Context
2010-05-14
20:50
Added support for reading label from CAC as string check-in: 2f0a97a3f1 user: rkeene tags: trunk
20:49
Added function to convert X.509 DN to string representation check-in: f89918d4df user: rkeene tags: trunk
06:08
Updated to decompress certificates

Updated to correctly process TLV elements -- fixes bug where iterated past them when processing

Updated to correclty process TLV element total length check-in: b9e3c7741b user: rkeene tags: trunk

Changes

Modified asn1-x509.c from [330bebdc8e] to [cf76aee3de].

12
13
14
15
16
17
18






19
20
21
22
23
24
25
#endif
#ifdef HAVE_STDLIB_H
#  include <stdlib.h>
#endif
#ifdef HAVE_STDARG_H
#  include <stdarg.h>
#endif







#include "asn1-x509.h"

struct asn1_object {
	unsigned long tag;
	unsigned long size;
	void *contents;







>
>
>
>
>
>







12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#endif
#ifdef HAVE_STDLIB_H
#  include <stdlib.h>
#endif
#ifdef HAVE_STDARG_H
#  include <stdarg.h>
#endif
#ifdef HAVE_STDIO_H
#  include <stdio.h>
#endif
#ifdef HAVE_STRING_H
#  include <string.h>
#endif

#include "asn1-x509.h"

struct asn1_object {
	unsigned long tag;
	unsigned long size;
	void *contents;
179
180
181
182
183
184
185
































































































































	if (outbuf) {
		*outbuf = x509.serial_number.asn1rep;
	}

	return(x509.serial_number.asn1rep_len);
}






































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

	if (outbuf) {
		*outbuf = x509.serial_number.asn1rep;
	}

	return(x509.serial_number.asn1rep_len);
}

/*
 * http://www.blackberry.com/developers/docs/4.6.0api/javax/microedition/pki/Certificate.html
 */
static const char *_x509_objectid_to_label_string(void *buf, size_t buflen) {
	switch (buflen) {
		case 3:
			if (memcmp(buf, "\x55\x04\x03", 3) == 0) {
				return("CN");
			}
			if (memcmp(buf, "\x55\x04\x04", 3) == 0) {
				return("SN");
			}
			if (memcmp(buf, "\x55\x04\x06", 3) == 0) {
				return("C");
			}
			if (memcmp(buf, "\x55\x04\x07", 3) == 0) {
				return("L");
			}
			if (memcmp(buf, "\x55\x04\x08", 3) == 0) {
				return("ST");
			}
			if (memcmp(buf, "\x55\x04\x09", 3) == 0) {
				return("STREET");
			}
			if (memcmp(buf, "\x55\x04\x0A", 3) == 0) {
				return("O");
			}
			if (memcmp(buf, "\x55\x04\x0B", 3) == 0) {
				return("OU");
			}
			break;
		case 9:
			if (memcmp(buf, "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01", 9) == 0) {
				return("EmailAddress");
			}
			break;
	}

	return("???");
}

ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel) {
	struct asn1_object whole_thing, current_set, current_seq;
	struct asn1_object label, value;
	const char *label_str;
	ssize_t snprintf_ret, retval;
	char *outbuf_s;
	int read_ret;
	int offset;

	if (outbuf == NULL) {
		return(-1);
	}

	if (outbuf_len == 0 || asn1_der_buf_len == 0 || asn1_der_buf == NULL) {
		return(0);
	}

	read_ret = asn1_x509_read_asn1_object(asn1_der_buf, asn1_der_buf_len, &whole_thing, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	/* Terminate string, in case no valid elements are found we still return a valid string */
	*outbuf = '\0';
	outbuf_s = outbuf;

	offset = 0;
	while (1) {
		read_ret = asn1_x509_read_asn1_object(whole_thing.contents + offset, whole_thing.size - offset, &current_set, NULL);
		if (read_ret != 0) {
			break;
		}

		offset += current_set.size + 2;

		read_ret = asn1_x509_read_asn1_object(current_set.contents, current_set.size, &current_seq, NULL);
		if (read_ret != 0) {
			break;
		}

		read_ret = asn1_x509_read_asn1_object(current_seq.contents, current_seq.size, &label, &value, NULL);

		label_str = _x509_objectid_to_label_string(label.contents, label.size);

		/* If the user requested only certain labels, exclude others */
		if (matchlabel) {
			if (strcmp(matchlabel, label_str) != 0) {
				continue;
			}
		}

		/* If the user requested only certain labels, don't include them in the reply */
		if (matchlabel) {
			snprintf_ret = snprintf(outbuf, outbuf_len, "%.*s, ", (unsigned int) value.size, (char *) value.contents);
		} else {
			snprintf_ret = snprintf(outbuf, outbuf_len, "%s=%.*s, ", label_str, (unsigned int) value.size, (char *) value.contents);
		}
		if (snprintf_ret < 0) {
			break;
		}

		if (snprintf_ret > outbuf_len) {
			snprintf_ret = outbuf_len;
		}

		outbuf += snprintf_ret;
		outbuf_len -= snprintf_ret;

		if (outbuf_len < 2) {
			break;
		}
	}

	retval = outbuf - outbuf_s;

	/* Remove trailing ", " added by cumulative process, if found. */
	if (retval > 2) {
		if (outbuf_s[retval - 2] == ',') {
			outbuf_s[retval - 2] = '\0';
			retval -= 2;
		}
	}

	return(retval);
}

Modified asn1-x509.h from [e7b70ba4d4] to [73df2a78e9].

11
12
13
14
15
16
17
18


19
#endif

ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);



#endif








>
>

11
12
13
14
15
16
17
18
19
20
21
#endif

ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);

#endif