From 2f92c34e3938641f7cc3e553953d676d2e95ea2d Mon Sep 17 00:00:00 2001 From: lloyd Date: Tue, 16 Oct 2007 16:21:48 +0000 Subject: Add support for IPv4 addresses in the X.509 alternative name extension. Original patch from Yves Jerschow. --- src/asn1_alt.cpp | 29 ++++++++++++++++++++++++++--- src/x509cert.cpp | 2 +- src/x509self.cpp | 2 +- 3 files changed, 28 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/asn1_alt.cpp b/src/asn1_alt.cpp index 3a1eca625..9941ef567 100644 --- a/src/asn1_alt.cpp +++ b/src/asn1_alt.cpp @@ -9,6 +9,8 @@ #include #include #include +#include +#include namespace Botan { @@ -17,11 +19,13 @@ namespace Botan { *************************************************/ AlternativeName::AlternativeName(const std::string& email_addr, const std::string& uri, - const std::string& dns) + const std::string& dns, + const std::string& ip) { add_attribute("RFC822", email_addr); add_attribute("DNS", dns); add_attribute("URI", uri); + add_attribute("IP", ip); } /************************************************* @@ -109,8 +113,18 @@ void encode_entries(DER_Encoder& encoder, std::pair range = attr.equal_range(type); for(iter j = range.first; j != range.second; ++j) { - ASN1_String asn1_string(j->second, IA5_STRING); - encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859()); + if(type == "RFC822" || type == "DNS" || type == "URI") + { + ASN1_String asn1_string(j->second, IA5_STRING); + encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859()); + } + else if(type == "IP") + { + u32bit ip = string_to_ipv4(j->second); + byte ip_buf[4] = { 0 }; + store_be(ip, ip_buf); + encoder.add_object(tagging, CONTEXT_SPECIFIC, ip_buf, 4); + } } } @@ -126,6 +140,7 @@ void AlternativeName::encode_into(DER_Encoder& der) const encode_entries(der, alt_info, "RFC822", ASN1_Tag(1)); encode_entries(der, alt_info, "DNS", ASN1_Tag(2)); encode_entries(der, alt_info, "URI", ASN1_Tag(6)); + encode_entries(der, alt_info, "IP", ASN1_Tag(7)); std::multimap::const_iterator i; for(i = othernames.begin(); i != othernames.end(); ++i) @@ -195,6 +210,14 @@ void AlternativeName::decode_from(BER_Decoder& source) if(tag == 2) add_attribute("DNS", value); if(tag == 6) add_attribute("URI", value); } + else if(tag == 7) + { + if(obj.value.size() == 4) + { + u32bit ip = load_be(obj.value.begin(), 0); + add_attribute("IP", ipv4_to_string(ip)); + } + } } } diff --git a/src/x509cert.cpp b/src/x509cert.cpp index 404e56f29..549b916c5 100644 --- a/src/x509cert.cpp +++ b/src/x509cert.cpp @@ -350,7 +350,7 @@ AlternativeName create_alt_name(const Data_Store& info) }; std::multimap names = - info.search_with(AltName_Matcher("RFC822/DNS/URI")); + info.search_with(AltName_Matcher("RFC822/DNS/URI/IP")); AlternativeName alt_name; diff --git a/src/x509self.cpp b/src/x509self.cpp index 255ee6219..1c94324ed 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -50,7 +50,7 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, subject_dn.add_attribute("X520.Organization", opts.organization); subject_dn.add_attribute("X520.OrganizationalUnit", opts.org_unit); subject_dn.add_attribute("X520.SerialNumber", opts.serial_number); - subject_alt = AlternativeName(opts.email, opts.uri, opts.dns); + subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip); subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), opts.xmpp, UTF8_STRING); } -- cgit v1.2.3