x509info.c revision 299742
1/* 2 * x509info.c: Accessors for svn_x509_certinfo_t 3 * 4 * ==================================================================== 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file 9 * to you under the Apache License, Version 2.0 (the 10 * "License"); you may not use this file except in compliance 11 * with the License. You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, 16 * software distributed under the License is distributed on an 17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18 * KIND, either express or implied. See the License for the 19 * specific language governing permissions and limitations 20 * under the License. 21 * ==================================================================== 22 */ 23 24 25 26#include <string.h> 27 28#include <apr_pools.h> 29#include <apr_tables.h> 30 31#include "svn_string.h" 32#include "svn_hash.h" 33#include "x509.h" 34 35 36 37svn_x509_name_attr_t * 38svn_x509_name_attr_dup(const svn_x509_name_attr_t *attr, 39 apr_pool_t *result_pool, 40 apr_pool_t *scratch_pool) 41{ 42 svn_x509_name_attr_t *result = apr_palloc(result_pool, sizeof(*result)); 43 result->oid_len = attr->oid_len; 44 result->oid = apr_palloc(result_pool, result->oid_len); 45 memcpy(result->oid, attr->oid, result->oid_len); 46 result->utf8_value = apr_pstrdup(result_pool, attr->utf8_value); 47 48 return result; 49} 50 51const unsigned char * 52svn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len) 53{ 54 *len = attr->oid_len; 55 return attr->oid; 56} 57 58const char * 59svn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr) 60{ 61 return attr->utf8_value; 62} 63 64/* Array elements are assumed to be nul-terminated C strings. */ 65static apr_array_header_t * 66deep_copy_array(apr_array_header_t *s, apr_pool_t *result_pool) 67{ 68 int i; 69 apr_array_header_t *d; 70 71 if (!s) 72 return NULL; 73 74 d = apr_array_copy(result_pool, s); 75 76 /* Make a deep copy of the strings in the array. */ 77 for (i = 0; i < s->nelts; ++i) 78 { 79 APR_ARRAY_IDX(d, i, const char *) = 80 apr_pstrdup(result_pool, APR_ARRAY_IDX(s, i, const char *)); 81 } 82 83 return d; 84} 85 86/* Copy an array with elements that are svn_x509_name_attr_t's */ 87static apr_array_header_t * 88deep_copy_name_attrs(apr_array_header_t *s, apr_pool_t *result_pool) 89{ 90 int i; 91 apr_array_header_t *d; 92 93 if (!s) 94 return NULL; 95 96 d = apr_array_copy(result_pool, s); 97 98 /* Make a deep copy of the svn_x509_name_attr_t's in the array. */ 99 for (i = 0; i < s->nelts; ++i) 100 { 101 APR_ARRAY_IDX(d, i, const svn_x509_name_attr_t *) = 102 svn_x509_name_attr_dup(APR_ARRAY_IDX(s, i, svn_x509_name_attr_t *), 103 result_pool, result_pool); 104 } 105 106 return d; 107} 108 109svn_x509_certinfo_t * 110svn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo, 111 apr_pool_t *result_pool, 112 apr_pool_t *scratch_pool) 113{ 114 svn_x509_certinfo_t *result = apr_palloc(result_pool, sizeof(*result)); 115 result->subject = deep_copy_name_attrs(certinfo->subject, result_pool); 116 result->issuer = deep_copy_name_attrs(certinfo->issuer, result_pool); 117 result->valid_from = certinfo->valid_from; 118 result->valid_to = certinfo->valid_to; 119 result->digest = svn_checksum_dup(certinfo->digest, result_pool); 120 result->hostnames = deep_copy_array(certinfo->hostnames, result_pool); 121 122 return result; 123} 124 125typedef struct asn1_oid { 126 const unsigned char *oid; 127 const ptrdiff_t oid_len; 128 const char *short_label; 129 const char *long_label; 130} asn1_oid; 131 132#define CONSTANT_PAIR(c) (unsigned char *)(c), sizeof((c)) - 1 133 134static const asn1_oid asn1_oids[] = { 135 { CONSTANT_PAIR(SVN_X509_OID_COMMON_NAME), "CN", "commonName" }, 136 { CONSTANT_PAIR(SVN_X509_OID_COUNTRY), "C", "countryName" }, 137 { CONSTANT_PAIR(SVN_X509_OID_LOCALITY), "L", "localityName" }, 138 { CONSTANT_PAIR(SVN_X509_OID_STATE), "ST", "stateOrProvinceName" }, 139 { CONSTANT_PAIR(SVN_X509_OID_ORGANIZATION), "O", "organizationName" }, 140 { CONSTANT_PAIR(SVN_X509_OID_ORG_UNIT), "OU", "organizationalUnitName"}, 141 { CONSTANT_PAIR(SVN_X509_OID_EMAIL), NULL, "emailAddress" }, 142 { NULL }, 143}; 144 145/* Given an OID return a null-terminated C string representation. 146 * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" 147 * would be converted to the string "1.2.840.113549.1.9.1". */ 148const char * 149svn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len, 150 apr_pool_t *scratch_pool, apr_pool_t *result_pool) 151{ 152 svn_stringbuf_t *out = svn_stringbuf_create_empty(result_pool); 153 const unsigned char *p = oid; 154 const unsigned char *end = p + oid_len; 155 const char *temp; 156 157 while (p != end) { 158 if (p == oid) 159 { 160 /* Handle decoding the first two values of the OID. These values 161 * are encoded by taking the first value and adding 40 to it and 162 * adding the result to the second value, then placing this single 163 * value in the first byte of the output. This is unambiguous since 164 * the first value is apparently limited to 0, 1 or 2 and the second 165 * is limited to 0 to 39. */ 166 temp = apr_psprintf(scratch_pool, "%d.%d", *p / 40, *p % 40); 167 p++; 168 } 169 else if (*p < 128) 170 { 171 /* The remaining values if they're less than 128 are just 172 * the number one to one encoded */ 173 temp = apr_psprintf(scratch_pool, ".%d", *p); 174 p++; 175 } 176 else 177 { 178 /* Values greater than 128 are encoded as a series of 7 bit values 179 * with the left most bit set to indicate this encoding with the 180 * last octet missing the left most bit to finish out the series.. */ 181 unsigned int collector = 0; 182 svn_boolean_t dot = FALSE; 183 184 do { 185 if (collector == 0 && *p == 0x80) 186 { 187 /* include leading zeros in the string representation 188 technically not legal, but this seems nicer than just 189 returning NULL */ 190 if (!dot) 191 { 192 svn_stringbuf_appendbyte(out, '.'); 193 dot = TRUE; 194 } 195 svn_stringbuf_appendbyte(out, '0'); 196 } 197 else if (collector > UINT_MAX >> 7) 198 { 199 /* overflow */ 200 return NULL; 201 } 202 collector = collector << 7 | (*(p++) & 0x7f); 203 } while (p != end && *p > 127); 204 if (collector > UINT_MAX >> 7) 205 return NULL; /* overflow */ 206 collector = collector << 7 | *(p++); 207 temp = apr_psprintf(scratch_pool, "%s%d", dot ? "" : ".", collector); 208 } 209 svn_stringbuf_appendcstr(out, temp); 210 } 211 212 if (svn_stringbuf_isempty(out)) 213 return NULL; 214 215 return out->data; 216} 217 218static const asn1_oid *oid_to_asn1_oid(unsigned char *oid, apr_size_t oid_len) 219{ 220 const asn1_oid *entry; 221 222 for (entry = asn1_oids; entry->oid; entry++) 223 { 224 if (oid_len == entry->oid_len && 225 memcmp(oid, entry->oid, oid_len) == 0) 226 return entry; 227 } 228 229 return NULL; 230} 231 232static const char *oid_to_best_label(unsigned char *oid, apr_size_t oid_len, 233 apr_pool_t *result_pool) 234{ 235 const asn1_oid *entry = oid_to_asn1_oid(oid, oid_len); 236 237 if (entry) 238 { 239 if (entry->short_label) 240 return entry->short_label; 241 242 if (entry->long_label) 243 return entry->long_label; 244 } 245 else 246 { 247 const char *oid_string = svn_x509_oid_to_string(oid, oid_len, 248 result_pool, result_pool); 249 if (oid_string) 250 return oid_string; 251 } 252 253 return "??"; 254} 255 256/* 257 * Store the name from dn in printable form into buf, 258 * using scratch_pool for any temporary allocations. 259 * If CN is not NULL, return any common name in CN 260 */ 261static const char * 262get_dn(apr_array_header_t *name, 263 apr_pool_t *result_pool) 264{ 265 svn_stringbuf_t *buf = svn_stringbuf_create_empty(result_pool); 266 int n; 267 268 for (n = 0; n < name->nelts; n++) 269 { 270 const svn_x509_name_attr_t *attr = APR_ARRAY_IDX(name, n, svn_x509_name_attr_t *); 271 272 if (n > 0) 273 svn_stringbuf_appendcstr(buf, ", "); 274 275 svn_stringbuf_appendcstr(buf, oid_to_best_label(attr->oid, attr->oid_len, result_pool)); 276 svn_stringbuf_appendbyte(buf, '='); 277 svn_stringbuf_appendcstr(buf, attr->utf8_value); 278 } 279 280 return buf->data; 281} 282 283const char * 284svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo, 285 apr_pool_t *result_pool) 286{ 287 return get_dn(certinfo->subject, result_pool); 288} 289 290const apr_array_header_t * 291svn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo) 292{ 293 return certinfo->subject; 294} 295 296const char * 297svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo, 298 apr_pool_t *result_pool) 299{ 300 return get_dn(certinfo->issuer, result_pool); 301} 302 303const apr_array_header_t * 304svn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo) 305{ 306 return certinfo->issuer; 307} 308 309apr_time_t 310svn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo) 311{ 312 return certinfo->valid_from; 313} 314 315const apr_time_t 316svn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo) 317{ 318 return certinfo->valid_to; 319} 320 321const svn_checksum_t * 322svn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo) 323{ 324 return certinfo->digest; 325} 326 327const apr_array_header_t * 328svn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo) 329{ 330 return certinfo->hostnames; 331} 332 333