aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2007-10-16 16:21:48 +0000
committerlloyd <[email protected]>2007-10-16 16:21:48 +0000
commit2f92c34e3938641f7cc3e553953d676d2e95ea2d (patch)
treeffb5dab90dde2bb20bf6f4a7d9d9f9f7c0dd8011
parent19a5c9f4d223314dc5eb6c971f332171f3a85623 (diff)
Add support for IPv4 addresses in the X.509 alternative name extension.
Original patch from Yves Jerschow.
-rw-r--r--doc/credits.txt3
-rw-r--r--include/asn1_obj.h2
-rw-r--r--include/x509self.h2
-rw-r--r--src/asn1_alt.cpp29
-rw-r--r--src/x509cert.cpp2
-rw-r--r--src/x509self.cpp2
6 files changed, 32 insertions, 8 deletions
diff --git a/doc/credits.txt b/doc/credits.txt
index 2805b3ed6..3db695235 100644
--- a/doc/credits.txt
+++ b/doc/credits.txt
@@ -20,6 +20,7 @@ D: Windows porting
N: Yves Jerschow
D: Optimizations for memory load/store and HMAC
+D: Support for IPv4 addresses in X.509 alternative names
S: Germany
N: Matt Johnston
@@ -42,5 +43,5 @@ S: New York NY, USA
N: Luca Piccarreta
-D: x86/amd64 assembler, BigInt optimizations, Win32 mutex
+D: x86/amd64 assembler, BigInt optimizations, Win32 mutex module
S: Italy
diff --git a/include/asn1_obj.h b/include/asn1_obj.h
index 46ba5c678..99aefbca3 100644
--- a/include/asn1_obj.h
+++ b/include/asn1_obj.h
@@ -129,7 +129,7 @@ class AlternativeName : public ASN1_Object
bool has_items() const;
AlternativeName(const std::string& = "", const std::string& = "",
- const std::string& = "");
+ const std::string& = "", const std::string& = "");
private:
std::multimap<std::string, std::string> alt_info;
std::multimap<OID, ASN1_String> othernames;
diff --git a/include/x509self.h b/include/x509self.h
index 30acbdbaa..eb9628a0b 100644
--- a/include/x509self.h
+++ b/include/x509self.h
@@ -26,7 +26,7 @@ class X509_Cert_Options
std::string state;
std::string serial_number;
- std::string email, uri, dns, xmpp;
+ std::string email, uri, dns, ip, xmpp;
std::string challenge;
diff --git a/src/asn1_alt.cpp b/src/asn1_alt.cpp
index 3a1eca625..9941ef567 100644
--- a/src/asn1_alt.cpp
+++ b/src/asn1_alt.cpp
@@ -9,6 +9,8 @@
#include <botan/oids.h>
#include <botan/stl_util.h>
#include <botan/charset.h>
+#include <botan/parsing.h>
+#include <botan/loadstor.h>
namespace Botan {
@@ -17,11 +19,13 @@ namespace Botan {
*************************************************/
AlternativeName::AlternativeName(const std::string& email_addr,
const std::string& uri,
- const std::string& dns)
+ const std::string& dns,
+ const std::string& ip)
{
add_attribute("RFC822", email_addr);
add_attribute("DNS", dns);
add_attribute("URI", uri);
+ add_attribute("IP", ip);
}
/*************************************************
@@ -109,8 +113,18 @@ void encode_entries(DER_Encoder& encoder,
std::pair<iter, iter> range = attr.equal_range(type);
for(iter j = range.first; j != range.second; ++j)
{
- ASN1_String asn1_string(j->second, IA5_STRING);
- encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859());
+ if(type == "RFC822" || type == "DNS" || type == "URI")
+ {
+ ASN1_String asn1_string(j->second, IA5_STRING);
+ encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859());
+ }
+ else if(type == "IP")
+ {
+ u32bit ip = string_to_ipv4(j->second);
+ byte ip_buf[4] = { 0 };
+ store_be(ip, ip_buf);
+ encoder.add_object(tagging, CONTEXT_SPECIFIC, ip_buf, 4);
+ }
}
}
@@ -126,6 +140,7 @@ void AlternativeName::encode_into(DER_Encoder& der) const
encode_entries(der, alt_info, "RFC822", ASN1_Tag(1));
encode_entries(der, alt_info, "DNS", ASN1_Tag(2));
encode_entries(der, alt_info, "URI", ASN1_Tag(6));
+ encode_entries(der, alt_info, "IP", ASN1_Tag(7));
std::multimap<OID, ASN1_String>::const_iterator i;
for(i = othernames.begin(); i != othernames.end(); ++i)
@@ -195,6 +210,14 @@ void AlternativeName::decode_from(BER_Decoder& source)
if(tag == 2) add_attribute("DNS", value);
if(tag == 6) add_attribute("URI", value);
}
+ else if(tag == 7)
+ {
+ if(obj.value.size() == 4)
+ {
+ u32bit ip = load_be<u32bit>(obj.value.begin(), 0);
+ add_attribute("IP", ipv4_to_string(ip));
+ }
+ }
}
}
diff --git a/src/x509cert.cpp b/src/x509cert.cpp
index 404e56f29..549b916c5 100644
--- a/src/x509cert.cpp
+++ b/src/x509cert.cpp
@@ -350,7 +350,7 @@ AlternativeName create_alt_name(const Data_Store& info)
};
std::multimap<std::string, std::string> names =
- info.search_with(AltName_Matcher("RFC822/DNS/URI"));
+ info.search_with(AltName_Matcher("RFC822/DNS/URI/IP"));
AlternativeName alt_name;
diff --git a/src/x509self.cpp b/src/x509self.cpp
index 255ee6219..1c94324ed 100644
--- a/src/x509self.cpp
+++ b/src/x509self.cpp
@@ -50,7 +50,7 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn,
subject_dn.add_attribute("X520.Organization", opts.organization);
subject_dn.add_attribute("X520.OrganizationalUnit", opts.org_unit);
subject_dn.add_attribute("X520.SerialNumber", opts.serial_number);
- subject_alt = AlternativeName(opts.email, opts.uri, opts.dns);
+ subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip);
subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"),
opts.xmpp, UTF8_STRING);
}