diff options
author | lloyd <[email protected]> | 2007-10-16 16:21:48 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2007-10-16 16:21:48 +0000 |
commit | 2f92c34e3938641f7cc3e553953d676d2e95ea2d (patch) | |
tree | ffb5dab90dde2bb20bf6f4a7d9d9f9f7c0dd8011 | |
parent | 19a5c9f4d223314dc5eb6c971f332171f3a85623 (diff) |
Add support for IPv4 addresses in the X.509 alternative name extension.
Original patch from Yves Jerschow.
-rw-r--r-- | doc/credits.txt | 3 | ||||
-rw-r--r-- | include/asn1_obj.h | 2 | ||||
-rw-r--r-- | include/x509self.h | 2 | ||||
-rw-r--r-- | src/asn1_alt.cpp | 29 | ||||
-rw-r--r-- | src/x509cert.cpp | 2 | ||||
-rw-r--r-- | src/x509self.cpp | 2 |
6 files changed, 32 insertions, 8 deletions
diff --git a/doc/credits.txt b/doc/credits.txt index 2805b3ed6..3db695235 100644 --- a/doc/credits.txt +++ b/doc/credits.txt @@ -20,6 +20,7 @@ D: Windows porting N: Yves Jerschow D: Optimizations for memory load/store and HMAC +D: Support for IPv4 addresses in X.509 alternative names S: Germany N: Matt Johnston @@ -42,5 +43,5 @@ S: New York NY, USA N: Luca Piccarreta -D: x86/amd64 assembler, BigInt optimizations, Win32 mutex +D: x86/amd64 assembler, BigInt optimizations, Win32 mutex module S: Italy diff --git a/include/asn1_obj.h b/include/asn1_obj.h index 46ba5c678..99aefbca3 100644 --- a/include/asn1_obj.h +++ b/include/asn1_obj.h @@ -129,7 +129,7 @@ class AlternativeName : public ASN1_Object bool has_items() const; AlternativeName(const std::string& = "", const std::string& = "", - const std::string& = ""); + const std::string& = "", const std::string& = ""); private: std::multimap<std::string, std::string> alt_info; std::multimap<OID, ASN1_String> othernames; diff --git a/include/x509self.h b/include/x509self.h index 30acbdbaa..eb9628a0b 100644 --- a/include/x509self.h +++ b/include/x509self.h @@ -26,7 +26,7 @@ class X509_Cert_Options std::string state; std::string serial_number; - std::string email, uri, dns, xmpp; + std::string email, uri, dns, ip, xmpp; std::string challenge; diff --git a/src/asn1_alt.cpp b/src/asn1_alt.cpp index 3a1eca625..9941ef567 100644 --- a/src/asn1_alt.cpp +++ b/src/asn1_alt.cpp @@ -9,6 +9,8 @@ #include <botan/oids.h> #include <botan/stl_util.h> #include <botan/charset.h> +#include <botan/parsing.h> +#include <botan/loadstor.h> namespace Botan { @@ -17,11 +19,13 @@ namespace Botan { *************************************************/ AlternativeName::AlternativeName(const std::string& email_addr, const std::string& uri, - const std::string& dns) + const std::string& dns, + const std::string& ip) { add_attribute("RFC822", email_addr); add_attribute("DNS", dns); add_attribute("URI", uri); + add_attribute("IP", ip); } /************************************************* @@ -109,8 +113,18 @@ void encode_entries(DER_Encoder& encoder, std::pair<iter, iter> range = attr.equal_range(type); for(iter j = range.first; j != range.second; ++j) { - ASN1_String asn1_string(j->second, IA5_STRING); - encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859()); + if(type == "RFC822" || type == "DNS" || type == "URI") + { + ASN1_String asn1_string(j->second, IA5_STRING); + encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859()); + } + else if(type == "IP") + { + u32bit ip = string_to_ipv4(j->second); + byte ip_buf[4] = { 0 }; + store_be(ip, ip_buf); + encoder.add_object(tagging, CONTEXT_SPECIFIC, ip_buf, 4); + } } } @@ -126,6 +140,7 @@ void AlternativeName::encode_into(DER_Encoder& der) const encode_entries(der, alt_info, "RFC822", ASN1_Tag(1)); encode_entries(der, alt_info, "DNS", ASN1_Tag(2)); encode_entries(der, alt_info, "URI", ASN1_Tag(6)); + encode_entries(der, alt_info, "IP", ASN1_Tag(7)); std::multimap<OID, ASN1_String>::const_iterator i; for(i = othernames.begin(); i != othernames.end(); ++i) @@ -195,6 +210,14 @@ void AlternativeName::decode_from(BER_Decoder& source) if(tag == 2) add_attribute("DNS", value); if(tag == 6) add_attribute("URI", value); } + else if(tag == 7) + { + if(obj.value.size() == 4) + { + u32bit ip = load_be<u32bit>(obj.value.begin(), 0); + add_attribute("IP", ipv4_to_string(ip)); + } + } } } diff --git a/src/x509cert.cpp b/src/x509cert.cpp index 404e56f29..549b916c5 100644 --- a/src/x509cert.cpp +++ b/src/x509cert.cpp @@ -350,7 +350,7 @@ AlternativeName create_alt_name(const Data_Store& info) }; std::multimap<std::string, std::string> names = - info.search_with(AltName_Matcher("RFC822/DNS/URI")); + info.search_with(AltName_Matcher("RFC822/DNS/URI/IP")); AlternativeName alt_name; diff --git a/src/x509self.cpp b/src/x509self.cpp index 255ee6219..1c94324ed 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -50,7 +50,7 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, subject_dn.add_attribute("X520.Organization", opts.organization); subject_dn.add_attribute("X520.OrganizationalUnit", opts.org_unit); subject_dn.add_attribute("X520.SerialNumber", opts.serial_number); - subject_alt = AlternativeName(opts.email, opts.uri, opts.dns); + subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip); subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), opts.xmpp, UTF8_STRING); } |