diff options
| author | lloyd <[email protected]> | 2006-06-23 04:20:30 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2006-06-23 04:20:30 +0000 |
| commit | 96277a37c3b7125f2c79cb9c2df19d4811379a36 (patch) | |
| tree | 3dfb9ffc2736a20b90303abb8e6189f7c680f82c /src | |
| parent | 4fa62dc075426f8503f485cc1eeffc59ad95b2a3 (diff) | |
Make Alternative_Name an abstract base, from which the subject
and issuer forms are derived.
Add Extensions::contents_to, which iterates over the set and
adds each extension's contents.
Add a new explicit info field for is_ca
Implement Authority_Key_Id::decode_inner (incomplete, only handles
the keyid form).
Diffstat (limited to 'src')
| -rw-r--r-- | src/x509_ca.cpp | 10 | ||||
| -rw-r--r-- | src/x509_ext.cpp | 63 | ||||
| -rw-r--r-- | src/x509cert.cpp | 29 | ||||
| -rw-r--r-- | src/x509self.cpp | 5 |
4 files changed, 68 insertions, 39 deletions
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index 3600843d3..1799de4f6 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -130,16 +130,10 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, new Cert_Extension::Extended_Key_Usage(ex_constraints)); extensions.add( - new Cert_Extension::Alternative_Name(subject_alt, - "X509v3.SubjectAlternativeName", - "subject_alternative_name") - ); + new Cert_Extension::Subject_Alternative_Name(subject_alt)); extensions.add( - new Cert_Extension::Alternative_Name(issuer_alt, - "X509v3.IssuerAlternativeName", - "issuer_alternative_name") - ); + new Cert_Extension::Issuer_Alternative_Name(issuer_alt)); const u32bit X509_CERT_VERSION = 3; const u32bit SERIAL_BITS = 128; diff --git a/src/x509_ext.cpp b/src/x509_ext.cpp index 55c8405c0..6f5e76645 100644 --- a/src/x509_ext.cpp +++ b/src/x509_ext.cpp @@ -85,6 +85,16 @@ void Extensions::decode_from(BER_Decoder& from_source) } /************************************************* +* Write the extensions to an info store * +*************************************************/ +void Extensions::contents_to(Data_Store& subject_info, + Data_Store& issuer_info) const + { + for(u32bit j = 0; j != extensions.size(); ++j) + extensions[j]->contents_to(subject_info, issuer_info); + } + +/************************************************* * Copy another extensions list * *************************************************/ Extensions& Extensions::copy_this(const Extensions& other) @@ -125,11 +135,17 @@ Certificate_Extension* Extensions::make_extension(const OID& oid) return new Cert_Extension::Authority_Key_ID(); else if(oid_name == "X509v3.ExtendedKeyUsage") return new Cert_Extension::Extended_Key_Usage(); + else if(oid_name == "X509v3.IssuerAlternativeName") + return new Cert_Extension::Issuer_Alternative_Name(); + else if(oid_name == "X509v3.SubjectAlternativeName") + return new Cert_Extension::Subject_Alternative_Name(); else if(oid_name == "X509v3.CRLNumber") return new Cert_Extension::CRL_Number(); else if(oid_name == "X509v3.CertificatePolicies") return new Cert_Extension::Certificate_Policies(); + printf("%s\n", oid_name.c_str()); + return 0; } @@ -182,8 +198,8 @@ void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in) *************************************************/ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const { - subject.add("X509v3.BasicConstraints.path_constraint", - (is_ca ? path_limit : 0)); + subject.add("X509v3.BasicConstraints.is_ca", (is_ca ? 1 : 0)); + subject.add("X509v3.BasicConstraints.path_constraint", path_limit); } /************************************************* @@ -293,8 +309,8 @@ MemoryVector<byte> Authority_Key_ID::encode_inner() const *************************************************/ void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in) { - BER_Decoder ber(in); - // FIXME + BER_Decoder(in).start_cons(SEQUENCE). + decode_optional_string(key_id, OCTET_STRING, 0); } /************************************************* @@ -307,14 +323,6 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const } /************************************************* -* Copy this extension * -*************************************************/ -Alternative_Name* Alternative_Name::copy() const - { - return new Alternative_Name(alt_name, oid_name_str, config_name_str); - } - -/************************************************* * Encode the extension * *************************************************/ MemoryVector<byte> Alternative_Name::encode_inner() const @@ -333,9 +341,16 @@ void Alternative_Name::decode_inner(const MemoryRegion<byte>& in) /************************************************* * Return a textual representation * *************************************************/ -void Alternative_Name::contents_to(Data_Store& info, Data_Store&) const +void Alternative_Name::contents_to(Data_Store& subject_info, + Data_Store& issuer_info) const { - info.add(alt_name.contents()); + std::multimap<std::string, std::string> contents = + get_alt_name().contents(); + + if(oid_name_str == "subject_alternative_name") + subject_info.add(contents); + else + issuer_info.add(contents); } /************************************************* @@ -351,6 +366,26 @@ Alternative_Name::Alternative_Name(const AlternativeName& alt_name, } /************************************************* +* Subject_Alternative_Name Constructor * +*************************************************/ +Subject_Alternative_Name::Subject_Alternative_Name( + const AlternativeName& name) : + + Alternative_Name(name, "X509v3.SubjectAlternativeName", + "subject_alternative_name") + { + } + +/************************************************* +* Issuer_Alternative_Name Constructor * +*************************************************/ +Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : + Alternative_Name(name, "X509v3.IssuerAlternativeName", + "issuer_alternative_name") + { + } + +/************************************************* * Encode the extension * *************************************************/ MemoryVector<byte> Extended_Key_Usage::encode_inner() const diff --git a/src/x509cert.cpp b/src/x509cert.cpp index 26de29748..8f0a167f5 100644 --- a/src/x509cert.cpp +++ b/src/x509cert.cpp @@ -53,7 +53,7 @@ X509_DN create_dn(const Data_Store& info) X509_Certificate::X509_Certificate(DataSource& in) : X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { - is_ca = self_signed = false; + self_signed = false; do_decode(); } @@ -63,7 +63,7 @@ X509_Certificate::X509_Certificate(DataSource& in) : X509_Certificate::X509_Certificate(const std::string& in) : X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { - is_ca = self_signed = false; + self_signed = false; do_decode(); } @@ -118,11 +118,11 @@ void X509_Certificate::force_decode() { BER_Decoder v3_exts_decoder(v3_exts_data.value); -#if 0 +#if 1 Extensions extensions; v3_exts_decoder.decode(extensions); - extensions.contents(subject, issuer); + extensions.contents_to(subject, issuer); #else BER_Decoder sequence = v3_exts_decoder.start_cons(SEQUENCE); @@ -158,7 +158,8 @@ void X509_Certificate::force_decode() ) ); - if(!subject.has_value("X509v3.BasicConstraints.path_constraint")) + if(is_CA_cert() && + !subject.has_value("X509v3.BasicConstraints.path_constraint")) { u32bit limit = (x509_version() < 3) ? NO_CERT_PATH_LIMIT : 0; subject.add("X509v3.BasicConstraints.path_constraint", limit); @@ -193,7 +194,7 @@ void X509_Certificate::handle_v3_extension(const Extension& extn) else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints")) { u32bit max_path_len = 0; - is_ca = false; + bool is_ca = false; value.start_cons(SEQUENCE) .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false) @@ -202,8 +203,8 @@ void X509_Certificate::handle_v3_extension(const Extension& extn) .verify_end() .end_cons(); - subject.add("X509v3.BasicConstraints.path_constraint", - (is_ca ? max_path_len : 0)); + subject.add("X509v3.BasicConstraints.is_ca", (is_ca ? 1 : 0)); + subject.add("X509v3.BasicConstraints.path_constraint", max_path_len); } else if(extn.oid == OIDS::lookup("X509v3.SubjectKeyIdentifier")) { @@ -313,7 +314,7 @@ X509_PublicKey* X509_Certificate::subject_public_key() const *************************************************/ bool X509_Certificate::is_CA_cert() const { - if(!is_ca) + if(!subject.get1_u32bit("X509v3.BasicConstraints.is_ca")) return false; if((constraints() & KEY_CERT_SIGN) || (constraints() == NO_CONSTRAINTS)) return true; @@ -325,7 +326,7 @@ bool X509_Certificate::is_CA_cert() const *************************************************/ u32bit X509_Certificate::path_limit() const { - return subject.get1_u32bit("X509v3.BasicConstraints.path_constraint"); + return subject.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); } /************************************************* @@ -333,7 +334,7 @@ u32bit X509_Certificate::path_limit() const *************************************************/ Key_Constraints X509_Certificate::constraints() const { - return Key_Constraints(subject.get1_u32bit("X509v3.KeyUsage")); + return Key_Constraints(subject.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); } /************************************************* @@ -397,8 +398,10 @@ X509_DN X509_Certificate::subject_dn() const *************************************************/ bool X509_Certificate::operator==(const X509_Certificate& other) const { - return (sig == other.sig && sig_algo == other.sig_algo && - issuer == other.issuer && subject == other.subject); + return (sig == other.sig && + sig_algo == other.sig_algo && + issuer == other.issuer && + subject == other.subject); } /************************************************* diff --git a/src/x509self.cpp b/src/x509self.cpp index f107e005b..d047f37a6 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -134,10 +134,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, extensions.add( new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); extensions.add( - new Cert_Extension::Alternative_Name(subject_alt, - "X509v3.SubjectAlternativeName", - "subject_alternative_name") - ); + new Cert_Extension::Subject_Alternative_Name(subject_alt)); DER_Encoder tbs_req; |