r3344 - in trunk/libmcrypto: include/libmcrypto include/libmcrypto/gnutls include/libmcrypto/openssl source/gnutls source/openssl
mikaelsv at minisip.org
mikaelsv at minisip.org
Fri Jun 29 11:18:59 CEST 2007
Author: mikaelsv
Date: 2007-06-29 11:18:58 +0200 (Fri, 29 Jun 2007)
New Revision: 3344
Modified:
trunk/libmcrypto/include/libmcrypto/cert.h
trunk/libmcrypto/include/libmcrypto/gnutls/cert.h
trunk/libmcrypto/include/libmcrypto/openssl/cert.h
trunk/libmcrypto/source/gnutls/cert.cxx
trunk/libmcrypto/source/openssl/cert.cxx
Log:
* Added getSubjectInfoAccess() function to Certificate class. Due to my
inability to understand (or have the endurance to learn) the GNU TLS
source code I have not implemented this function using GNU TLS. The
GNU TLS version of the function thus always returns an empty string vector.
* For some reason some end-of-line characters have been modified. I don't know why.
Modified: trunk/libmcrypto/include/libmcrypto/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/cert.h 2007-06-28 14:58:27 UTC (rev 3343)
+++ trunk/libmcrypto/include/libmcrypto/cert.h 2007-06-29 09:18:58 UTC (rev 3344)
@@ -1,7 +1,7 @@
/*
Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
Copyright (C) 2006 Mikael Magnusson
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
@@ -49,7 +49,7 @@
virtual ~CertificateSetItem();
bool operator ==(const CertificateSetItem item2){ return (
- item2.item == item &&
+ item2.item == item &&
item2.type == type);};
};
@@ -58,7 +58,7 @@
public:
virtual ~CertificateSet();
static CertificateSet *create();
-
+
virtual CertificateSet* clone();
virtual void addDirectory( std::string dir );
virtual void addFile( std::string file );
@@ -97,7 +97,7 @@
virtual bool checkCert( MRef<Certificate *> cert)=0;
- virtual int signData( unsigned char * data, int data_length,
+ virtual int signData( unsigned char * data, int data_length,
unsigned char * sign,
int * sign_length )=0;
@@ -135,8 +135,8 @@
// static Certificate *create();
virtual ~Certificate();
-
+
virtual int control( CertificateSet * cert_db )=0;
virtual int getDerLength()=0;
@@ -159,7 +159,7 @@
int enckeylgth,
unsigned char *iv);
- int signData( unsigned char * data, int data_length,
+ int signData( unsigned char * data, int data_length,
unsigned char * sign,
int * sign_length );
virtual int verifSign( unsigned char * data, int data_length,
@@ -174,12 +174,13 @@
virtual std::string getName()=0;
virtual std::string getCn()=0;
virtual std::vector<std::string> getAltName( SubjectAltName type )=0;
+ virtual std::vector<std::string> getSubjectInfoAccess()=0;
virtual std::string getIssuer()=0;
virtual std::string getIssuerCn()=0;
std::string getFile();
std::string getPkFile();
-
+
MRef<PrivateKey*> getPk();
void setPk( MRef<PrivateKey *> pk);
void setPk( const std::string &file );
Modified: trunk/libmcrypto/include/libmcrypto/gnutls/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/cert.h 2007-06-28 14:58:27 UTC (rev 3343)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/cert.h 2007-06-29 09:18:58 UTC (rev 3344)
@@ -3,18 +3,18 @@
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
-
+
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
-
+
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-/* Copyright (C) 2004
+/* Copyright (C) 2004
*
* Authors: Erik Eliasson <eliasson at it.kth.se>
* Johan Bilien <jobi at via.ecp.fr>
@@ -78,7 +78,7 @@
public:
GtlsCertificateSet();
virtual ~GtlsCertificateSet();
-
+
bool getDb(gnutls_x509_crt_t ** db, size_t * db_length );
virtual std::string getMemObjectType() const {return "GtlsCertificateSet";}
@@ -105,7 +105,7 @@
bool checkCert( MRef<Certificate*> cert );
- int signData( unsigned char * data, int data_length,
+ int signData( unsigned char * data, int data_length,
unsigned char * sign,
int * sign_length );
@@ -135,7 +135,7 @@
GtlsCertificate( unsigned char * der_cert, int length );
~GtlsCertificate();
virtual std::string getMemObjectType() const {return "GtlsCertificate";}
-
+
int control( CertificateSet * cert_db );
int getDerLength();
@@ -144,7 +144,7 @@
int envelopeData( unsigned char * data, int size, unsigned char *retdata, int *retsize,
unsigned char *enckey, int *enckeylgth, unsigned char** iv);
- int signData( unsigned char * data, int data_length,
+ int signData( unsigned char * data, int data_length,
unsigned char * sign, int * sign_length );
int verifSign( unsigned char * data, int data_length,
unsigned char * sign, int sign_length );
@@ -155,6 +155,7 @@
std::string getName();
std::string getCn();
std::vector<std::string> getAltName( SubjectAltName type );
+ std::vector<std::string> getSubjectInfoAccess();
std::string getIssuer();
std::string getIssuerCn();
@@ -174,9 +175,9 @@
GtlsCertificateChain();
GtlsCertificateChain( MRef<Certificate *> cert );
virtual ~GtlsCertificateChain();
-
+
virtual std::string getMemObjectType() const {return "GtlsCertificateChain";}
-
+
int control( MRef<CertificateSet *> cert_db );
};
Modified: trunk/libmcrypto/include/libmcrypto/openssl/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/cert.h 2007-06-28 14:58:27 UTC (rev 3343)
+++ trunk/libmcrypto/include/libmcrypto/openssl/cert.h 2007-06-29 09:18:58 UTC (rev 3344)
@@ -1,7 +1,7 @@
/*
Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
Copyright (C) 2006 Mikael Magnusson
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
@@ -30,7 +30,7 @@
#include <libmcrypto/config.h>
#include<libmcrypto/cert.h>
-/*Include openssl/err.h before any <list/map/hash/vector> ... it causes
+/*Include openssl/err.h before any <list/map/hash/vector> ... it causes
compilation under EVC 4.0 to fail, collision between STLPort and Openssl
.....\minisip.evc4\openssl098a\inc32\openssl\err.h(297) : error C2955: 'hash' : use of class template requires template argument list
....\minisip.evc4\stlport501\stlport\stl\_hash_fun.h(40) : see declaration of 'hash'
@@ -54,7 +54,7 @@
public:
OsslCertificateSet();
~OsslCertificateSet();
-
+
X509_STORE * getDb();
virtual std::string getMemObjectType() const {return "OsslCertificateSet";}
void addDirectory( std::string dir );
@@ -62,7 +62,7 @@
void addCertificate( MRef<Certificate *> cert );
private:
- X509_STORE * cert_db;
+ X509_STORE * cert_db;
};
class LIBMCRYPTO_API OsslPrivateKey: public PrivateKey{
@@ -78,7 +78,7 @@
bool checkCert( MRef<Certificate *> cert);
- int signData( unsigned char * data, int data_length,
+ int signData( unsigned char * data, int data_length,
unsigned char * sign,
int * sign_length );
@@ -109,7 +109,7 @@
OsslCertificate( unsigned char * certData, int length, std::string path );
~OsslCertificate();
virtual std::string getMemObjectType() const {return "Certificate";}
-
+
int control( CertificateSet * cert_db );
int getDerLength();
@@ -120,7 +120,7 @@
int denvelopeData(unsigned char * data, int size, unsigned char *retdata, int *retsize,
unsigned char *enckey, int enckeylgth, unsigned char *iv);
- int signData( unsigned char * data, int data_length,
+ int signData( unsigned char * data, int data_length,
unsigned char * sign, int * sign_length );
int verifSign( unsigned char * data, int data_length,
unsigned char * sign, int sign_length );
@@ -131,6 +131,7 @@
std::string getName();
std::string getCn();
std::vector<std::string> getAltName( SubjectAltName type );
+ std::vector<std::string> getSubjectInfoAccess();
std::string getIssuer();
std::string getIssuerCn();
@@ -144,9 +145,9 @@
OsslCertificateChain();
OsslCertificateChain( MRef<Certificate *> cert );
virtual ~OsslCertificateChain();
-
+
virtual std::string getMemObjectType() const {return "OsslCertificateChain";}
-
+
int control( MRef<CertificateSet *> cert_db );
};
Modified: trunk/libmcrypto/source/gnutls/cert.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/cert.cxx 2007-06-28 14:58:27 UTC (rev 3343)
+++ trunk/libmcrypto/source/gnutls/cert.cxx 2007-06-29 09:18:58 UTC (rev 3344)
@@ -3,18 +3,18 @@
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
-
+
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
-
+
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-/* Copyright (C) 2004
+/* Copyright (C) 2004
*
* Authors: Erik Eliasson <eliasson at it.kth.se>
* Johan Bilien <jobi at via.ecp.fr>
@@ -47,7 +47,7 @@
//
// Factory methods
-//
+//
CertificateSet *CertificateSet::create(){
return new GtlsCertificateSet();
@@ -103,9 +103,9 @@
}
-//
+//
// GtlsRsaPriv
-//
+//
GtlsRsaPriv::GtlsRsaPriv( gnutls_x509_privkey_t aKey ):m_key(NULL){
gcry_error_t err;
gnutls_datum_t n[6];
@@ -272,7 +272,7 @@
//
// Gtlsrsa_pub
-//
+//
Gtlsrsa_pub::Gtlsrsa_pub( gnutls_x509_crt_t aCert ):m_key(NULL){
gcry_error_t err;
gnutls_datum_t n;
@@ -310,7 +310,7 @@
}
size_t erroff = 0;
-
+
err = gcry_sexp_build( &m_key, &erroff,
"(key-data(public-key(rsa (n %m)(e %m))))",
n_mpi, e_mpi );
@@ -377,7 +377,7 @@
goto error;
}
- if( gcry_mpi_print( GCRYMPI_FMT_USG,
+ if( gcry_mpi_print( GCRYMPI_FMT_USG,
(unsigned char*)retdata,
*retsize, &len, datampi ) ){
goto error;
@@ -408,7 +408,7 @@
if( privateKey != NULL ){
gnutls_x509_privkey_deinit( privateKey );
}
-
+
privateKey = NULL;
if( rsaPriv ){
@@ -432,23 +432,23 @@
GtlsCertificate::GtlsCertificate( unsigned char * derCert, int length ):rsaKey(NULL){
int ret;
gnutls_datum certData;
-
+
gnutls_global_init();
-
+
ret = gnutls_x509_crt_init( (gnutls_x509_crt_t*)&cert );
if( ret != 0 ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not initialize the Certificate structure" );
}
certData.data = derCert;
certData.size = length;
-
+
ret = gnutls_x509_crt_import( cert, &certData, GNUTLS_X509_FMT_DER );
if( ret != 0 ){
- throw CertificateException(
+ throw CertificateException(
"Could not import the given Certificate" );
}
@@ -459,12 +459,12 @@
rsaKey = new Gtlsrsa_pub( cert );
}
-
+
GtlsCertificate::~GtlsCertificate(){
if( cert != NULL ){
gnutls_x509_crt_deinit( cert );
}
-
+
cert = NULL;
if( rsaKey ){
@@ -484,7 +484,7 @@
fd = open( fileName.c_str(), O_RDONLY );
if( fd == -1 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not open the given Certificate file" );
}
@@ -492,7 +492,7 @@
int ret = fstat( fd, &fileStat );
if( ret == -1 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not stat the given Certificate file" );
}
@@ -501,7 +501,7 @@
certBuf = mmap( 0, length, PROT_READ, MAP_SHARED, fd, 0 );
if( certBuf == NULL ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not mmap the Certificate file" );
}
@@ -512,14 +512,14 @@
ret = gnutls_x509_crt_init( (gnutls_x509_crt_t*)&cert );
if( ret != 0 ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not initialize the Certificate structure" );
}
ret = gnutls_x509_crt_import( cert, &certData, GNUTLS_X509_FMT_PEM );
if( ret != 0 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not import the given Certificate" );
}
@@ -540,7 +540,7 @@
unsigned char * sign, int * sign_length ){
int err;
size_t length = *sign_length;
-
+
if( privateKey == NULL ){
sign = NULL;
*sign_length = 0;
@@ -552,9 +552,9 @@
dataStruct.data = data;
dataStruct.size = dataLength;
-
- err = gnutls_x509_privkey_sign_data(
- privateKey,
+
+ err = gnutls_x509_privkey_sign_data(
+ privateKey,
GNUTLS_DIG_SHA1,
0,
&dataStruct,
@@ -585,15 +585,15 @@
dataStruct.data = data;
dataStruct.size = data_length;
-
+
signStruct.data = sign;
signStruct.size = sign_length;
-
+
if( cert == NULL ){
throw CertificateException(
"No Certificate open while verifying a signature" );
}
-
+
err = gnutls_x509_crt_verify_data( cert, 0, &dataStruct, &signStruct );
return err;
@@ -610,7 +610,7 @@
int GtlsCertificate::getDerLength(){
size_t size = 0;
- int ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER,
+ int ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER,
NULL, &size );
if( ret == GNUTLS_E_SHORT_MEMORY_BUFFER )
@@ -620,10 +620,10 @@
}
void GtlsCertificate::getDer( unsigned char * output, unsigned int * length ){
-
+
int ret;
- ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER,
+ ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER,
output, length );
if( ret == GNUTLS_E_SHORT_MEMORY_BUFFER ){
throw CertificateException(
@@ -646,7 +646,7 @@
throw CertificateExceptionInit(
"Not enough memory" );
}
-
+
ret = gnutls_x509_crt_get_dn( cert, buf, &size );
/* This should not happen very often */
@@ -683,8 +683,8 @@
throw CertificateExceptionInit(
"Not enough memory" );
}
-
- ret = gnutls_x509_crt_get_dn_by_oid( cert,
+
+ ret = gnutls_x509_crt_get_dn_by_oid( cert,
GNUTLS_OID_X520_COMMON_NAME,
0, 0, buf, &size );
@@ -692,7 +692,7 @@
if( ret == GNUTLS_E_SHORT_MEMORY_BUFFER ){
free( buf );
size = 0;
- gnutls_x509_crt_get_dn_by_oid( cert,
+ gnutls_x509_crt_get_dn_by_oid( cert,
GNUTLS_OID_X520_COMMON_NAME,
0, 0, NULL, &size );
buf = (char *) malloc( size );
@@ -700,7 +700,7 @@
throw CertificateExceptionInit(
"Not enough memory" );
}
- ret = gnutls_x509_crt_get_dn_by_oid( cert,
+ ret = gnutls_x509_crt_get_dn_by_oid( cert,
GNUTLS_OID_X520_COMMON_NAME,
0, 0, buf, &size );
}
@@ -714,7 +714,7 @@
free( buf );
return output;
-
+
}
std::vector<std::string> GtlsCertificate::getAltName( SubjectAltName type ){
@@ -780,6 +780,62 @@
return output;
}
+vector<string> GtlsCertificate::getSubjectInfoAccess() {
+
+ vector<string> output;
+ /*
+ string oid("1.3.6.1.5.5.7.1.11");
+ int ret;
+ char * buf;
+ size_t bufSize = 4096;
+
+ for (int i=0;; i++) {
+ size_t size = bufSize;
+ buf = new char[size];
+ unsigned int critical;
+ ret = gnutls_x509_crt_get_extension_oid(cert, i, buf, &size);
+ //ret = gnutls_x509_crt_get_extension_info(cert, i, buf, &bufSize, &critical);
+ //ret = gnutls_x509_crt_get_extension_by_oid (cert, oid.c_str(), i, buf, &bufSize, &critical);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ delete[] buf;
+ break;
+} else if (ret < 0) {
+ cerr << "GNUTLS error " << gnutls_strerror( ret ) << endl;
+ delete[] buf;
+ throw CertificateException(
+ "An error occured in getSubjectInfoAccess()" );
+}
+ string name( buf, size );
+ std::cerr << "GNUTLS: ext #" << i << ": " << name << std::endl;
+ delete[] buf;
+}
+ std::cerr << "TESTING" << std::endl;
+ for( int i = 0;;i++ ){
+ size_t size = bufSize;
+ buf = new char[size];
+ unsigned int critical;
+ gnutls_datum_t siaDatum;
+ //ret = gnutls_x509_crt_get_extension_data (cert, i, buf, &size);— Function: int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, const char * oid, int indx, void * buf, size_t * sizeof_buf, unsigned int * critical);
+ ret = gnutls_x509_crt_get_extension_by_oid (cert, oid.c_str(), i, &siaDatum, &size, &critical);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ delete[] buf;
+ break;
+} else if (ret < 0) {
+ cerr << "GNUTLS error " << gnutls_strerror( ret ) << endl;
+ delete[] buf;
+ throw CertificateException(
+ "An error occured in getSubjectInfoAccess()" );
+}
+
+ string name( buf, size );
+
+ output.push_back( name );
+ delete[] buf;
+}
+ */
+ return output;
+}
+
string GtlsCertificate::getIssuer(){
int ret;
char * buf;
@@ -790,7 +846,7 @@
throw CertificateExceptionInit(
"Not enough memory" );
}
-
+
ret = gnutls_x509_crt_get_issuer_dn( cert, buf, &size );
/* This should not happen very often */
@@ -827,8 +883,8 @@
throw CertificateExceptionInit(
"Not enough memory" );
}
-
- ret = gnutls_x509_crt_get_issuer_dn_by_oid( cert,
+
+ ret = gnutls_x509_crt_get_issuer_dn_by_oid( cert,
GNUTLS_OID_X520_COMMON_NAME,
0, 0, buf, &size );
@@ -836,7 +892,7 @@
if( ret == GNUTLS_E_SHORT_MEMORY_BUFFER ){
free( buf );
size = 0;
- gnutls_x509_crt_get_issuer_dn_by_oid( cert,
+ gnutls_x509_crt_get_issuer_dn_by_oid( cert,
GNUTLS_OID_X520_COMMON_NAME,
0, 0, NULL, &size );
buf = (char *) malloc( size );
@@ -844,7 +900,7 @@
throw CertificateExceptionInit(
"Not enough memory" );
}
- ret = gnutls_x509_crt_get_issuer_dn_by_oid( cert,
+ ret = gnutls_x509_crt_get_issuer_dn_by_oid( cert,
GNUTLS_OID_X520_COMMON_NAME,
0, 0, buf, &size );
}
@@ -871,7 +927,7 @@
fd = open( file.c_str(), O_RDONLY );
if( fd == -1 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not open the given private key file" );
}
@@ -879,7 +935,7 @@
int ret = fstat( fd, &fileStat );
if( ret == -1 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not stat the given private key file" );
}
@@ -888,7 +944,7 @@
pkBuf = mmap( 0, length, PROT_READ, MAP_SHARED, fd, 0 );
if( pkBuf == NULL ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not mmap the Certificate file" );
}
@@ -899,15 +955,15 @@
ret = gnutls_x509_privkey_init( (gnutls_x509_privkey_t*)&privateKey );
if( ret != 0 ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not initialize the private key structure" );
}
- ret = gnutls_x509_privkey_import( privateKey, &pkData,
+ ret = gnutls_x509_privkey_import( privateKey, &pkData,
GNUTLS_X509_FMT_PEM );
if( ret != 0 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not import the given private key" );
}
@@ -924,28 +980,28 @@
const string &path )
{
/*Not checked if working correctly*/
-
+
gnutls_datum pkData;
-
+
int ret = gnutls_x509_privkey_init( &privateKey );
-
+
if( ret != 0 )
- {
+ {
throw CertificateExceptionInit(
"Could not initialize the private key structure" );
}
-
+
pkData.data = (unsigned char*)pkInput;
pkData.size = length;
-
-
+
+
ret = gnutls_x509_privkey_import_pkcs8 (privateKey, &pkData, GNUTLS_X509_FMT_DER, password.c_str(), 0);
-
+
if( ret != 0 )
{
throw CertificateExceptionFile("Could not import the given private key" );
}
-
+
pk_file = path;
}
@@ -966,14 +1022,14 @@
idLength = 20;
int ret = gnutls_x509_crt_get_key_id( Gtlscert->getCertificate(),
0, publicKeyId, &idLength );
-
+
if( ret < 0 ){
throw CertificateException("An error occured when computing the key id" );
}
-
+
ret = gnutls_x509_privkey_get_key_id( privateKey, 0, privateKeyId, &idLength );
-
- if( ret < 0 ){
+
+ if( ret < 0 ){
throw CertificateException("An error occured when computing the key id" );
}
for( unsigned int i = 0; i < idLength; i++ ){
@@ -1034,13 +1090,13 @@
unsigned char *retdata, int *retsize){
if( !rsaPriv )
return false;
-
+
return rsaPriv->decrypt( data, size, retdata, retsize );
}
-//
+//
// End of GtlsCertificate
-//
+//
GtlsCertificateSetItem::GtlsCertificateSetItem(): certs(NULL), num_certs(0){
}
@@ -1110,20 +1166,20 @@
void GtlsCertificateSet::addDirectory( string dir ){
X509_LOOKUP * lookup = NULL;
CertificateSetItem * item = new CertificateSetItem();
-
- lookup = X509_STORE_add_lookup(
+
+ lookup = X509_STORE_add_lookup(
certDb, X509_LOOKUP_hash_dir() );
if( lookup == NULL )
throw CertificateExceptionInit(
string("Could not create a directory lookup") );
-
+
if( !X509_LOOKUP_add_dir( lookup, dir.c_str(), X509_FILETYPE_PEM ) )
throw CertificateExceptionFile(
"Could not open the directory "+dir );
item->item = dir;
item->type = CERT_DB_ITEM_TYPE_DIR;
-
+
items.push_back( item );
items_index = items.begin();
}
@@ -1192,14 +1248,14 @@
ret = gnutls_x509_crt_init( (gnutls_x509_crt_t*)&cert );
if( ret != 0 ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not initialize the Certificate structure" );
}
ret = gnutls_x509_crt_import( cert, &certData, GNUTLS_X509_FMT_PEM );
if( ret != 0 ){
- throw CertificateExceptionFile(
+ throw CertificateExceptionFile(
"Could not import the given Certificate" );
}
@@ -1212,7 +1268,7 @@
MRef<CertificateSetItem*> GtlsCertificateSet::createDirItem( std::string dir ){
CertificateSetItem * item = new GtlsCertificateSetItem();
-
+
item->item = dir;
item->type = CERT_DB_ITEM_TYPE_DIR;
return item;
@@ -1222,7 +1278,7 @@
gnutls_datum_t data;
memset(&data, 0, sizeof(data));
-
+
if( !readFile( file, &data ) ){
string msg = string("Can't find Certificate file ") + file;
throw CertificateException( msg.c_str() );
@@ -1267,7 +1323,7 @@
MRef<CertificateSetItem*> GtlsCertificateSet::createCertItem( MRef<Certificate*> cert ){
GtlsCertificateSetItem * item = new GtlsCertificateSetItem();
-
+
item->item = "";
item->type = CERT_DB_ITEM_TYPE_OTHER;
item->num_certs = 1;
@@ -1277,10 +1333,10 @@
int ret = gnutls_x509_crt_init( &item->certs[0] );
if( ret != 0 ){
- throw CertificateExceptionInit(
+ throw CertificateExceptionInit(
"Could not initialize the Certificate structure" );
}
-
+
gnutls_datum der;
der.size = cert->getDerLength();
@@ -1293,7 +1349,7 @@
der.data = NULL;
if( ret != 0 ){
- throw CertificateException(
+ throw CertificateException(
"Could not import the given Certificate" );
}
@@ -1353,7 +1409,7 @@
cerr << "Not a gtls cert" << endl;
return 0;
}
-
+
Gtlslist[j] = cert->getCertificate();
}
// unlock();
Modified: trunk/libmcrypto/source/openssl/cert.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/cert.cxx 2007-06-28 14:58:27 UTC (rev 3343)
+++ trunk/libmcrypto/source/openssl/cert.cxx 2007-06-29 09:18:58 UTC (rev 3344)
@@ -1,7 +1,7 @@
/*
Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
Copyright (C) 2006 Mikael Magnusson
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
@@ -61,7 +61,7 @@
//
// Factory methods
-//
+//
CertificateSet *CertificateSet::create(){
return new OsslCertificateSet();
@@ -107,7 +107,7 @@
//
// OsslPrivateKey
-//
+//
OsslPrivateKey::~OsslPrivateKey(){
if( private_key )
EVP_PKEY_free( private_key );
@@ -121,7 +121,7 @@
//
// OsslCertificate
-//
+//
OsslCertificate::OsslCertificate():cert(NULL){
@@ -131,7 +131,7 @@
if( Osslcert == NULL ){
throw CertificateException("X509 Certificate is NULL");
}
-
+
cert = Osslcert;
}
@@ -146,9 +146,9 @@
}
cert = PEM_read_X509( fp, NULL, NULL, NULL );
-
+
fclose( fp );
-
+
if( cert == NULL ){
cerr << "Invalid Certificate file" << endl;
throw CertificateExceptionFile(
@@ -166,17 +166,17 @@
if( cert == NULL )
throw CertificateExceptionInit(
"Could not create the Certificate" );
-
+
cert = PEM_read_bio_X509(mem, NULL, 0 , NULL);
if (cert == NULL)/*check if its a der encoded Certificate*/
{
cert = d2i_X509_bio(mem, NULL);/*FIX, for some reason
this does never succeed */
if(NULL == cert)
- {
+ {
cerr << "Invalid Certificate file" << endl;
throw CertificateExceptionFile("Invalid Certificate" );
- }
+ }
}
file = path;
}
@@ -189,18 +189,18 @@
throw CertificateExceptionInit(
"Could not create the Certificate" );
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
d2i_X509( &cert, (const unsigned char**)&der_cert, length );
#else
d2i_X509( &cert, (unsigned char**)&der_cert, length );
#endif
}
-
+
OsslCertificate::~OsslCertificate(){
if( cert )
X509_free( cert );
cert = NULL;
-
+
}
int OsslCertificate::envelopeData(unsigned char * data, int size, unsigned char *retdata, int *retsize,
@@ -221,18 +221,18 @@
}
public_key = X509_get_pubkey( cert );
-
+
if( public_key == NULL ){
#ifdef DEBUG_OUTPUT
cerr << "Cound not read public key from Certificate" << endl;
#endif
return -1;
}
-
+
/*inits*/
EVP_CIPHER_CTX_init(&ctx);
EVP_SealInit(&ctx, EVP_aes_128_cbc(), &enckey, enckeylgth, *iv, &public_key, 1);
-
+
/*encrypt*/
EVP_SealUpdate(&ctx, retdata, &temp, data, size);
err = EVP_SealFinal(&ctx, retdata + temp, &tmp);
@@ -257,7 +257,7 @@
EVP_OpenUpdate(&ctx, retdata, &temp, data, size);
err = EVP_OpenFinal(&ctx, retdata + temp , &tmp);
if(err != 1){
- cout<<"An error occurred when deenevolping the data"<<endl;
+ cout<<"An error occurred when deenevolping the data"<<endl;
return -1;
}
*retsize = temp +tmp;
@@ -272,7 +272,7 @@
int err;
ERR_load_crypto_strings();
-
+
if( private_key == NULL )
{
sign = NULL;
@@ -283,12 +283,12 @@
return 1;
}
-
+
// FIXME
EVP_SignInit( &ctx, EVP_sha1() );
EVP_SignUpdate( &ctx, data, data_length );
- err = EVP_SignFinal( &ctx, sign,
- (unsigned int*)sign_length,
+ err = EVP_SignFinal( &ctx, sign,
+ (unsigned int*)sign_length,
private_key );
//EVP_MD_CTX_cleanup( &ctx );
@@ -311,9 +311,9 @@
EVP_PKEY * public_key;
EVP_MD_CTX ctx;
int err;
-
+
ERR_load_crypto_strings();
-
+
if( cert == NULL )
{
#ifdef DEBUG_OUTPUT
@@ -348,7 +348,7 @@
}
return err;
}
-
+
bool OsslPrivateKey::privateDecrypt( const unsigned char *data, int size,
unsigned char *retdata, int *retsize ){
//adding PKE payload
@@ -424,7 +424,7 @@
throw CertificateException(
"Given buffer is to short" );
}
-
+
int temp = i2d_X509( cert, &output);
// don't want it to be incremented:
@@ -497,7 +497,7 @@
ASN1_IA5STRING * ia5 = NULL;
ia5 = name->d.ia5;
-
+
size_t len = ASN1_STRING_length( ia5 );
char buf[ len + 1 ];
strncpy( buf, (const char*)ASN1_STRING_data( ia5 ),
@@ -516,6 +516,83 @@
return output;
}
+/**
+ * @todo Verify that there are no memory leaks! getAltName() uses GENERAL_NAMES_free() after the main loop but this
+ * function uses ACCESS_DESCRIPTION_free() at each iteration instead. This may lead to leaks as the stack
+ * used to store the ACCESS_DESCRIPTIONs is never explicitly freed using OpenSSL functions.
+ */
+vector<string> OsslCertificate::getSubjectInfoAccess() {
+ vector<string> output;
+
+ /*
+ int genType = -1;
+ switch( type ){
+ case SAN_DNSNAME:
+ genType = GEN_DNS;
+ break;
+ case SAN_RFC822NAME:
+ genType = GEN_EMAIL;
+ break;
+ case SAN_URI:
+ genType = GEN_URI;
+ break;
+ case SAN_IPADDRESS:
+ // Unsupported
+// genType = GEN_IPADD;
+// break;
+ default:
+ return output;
+}
+ */
+ int pos = -1;
+ pos = X509_get_ext_by_NID(cert, NID_sinfo_access, -1);
+ if( pos == -1 ){
+ return output;
+ }
+
+ X509_EXTENSION * ext = X509_get_ext( cert, pos );
+ if( !ext ){
+ return output;
+ }
+
+
+ STACK_OF(ACCESS_DESCRIPTION) *adRecords = NULL;
+ adRecords = (STACK_OF(ACCESS_DESCRIPTION)*) X509V3_EXT_d2i( ext );
+
+ if( !adRecords ){
+ return output;
+ }
+
+ int adRecordsCount = sk_ACCESS_DESCRIPTION_num( adRecords );
+ for( int i=0; i < adRecordsCount; i++ ){
+ ACCESS_DESCRIPTION * ad = sk_ACCESS_DESCRIPTION_value(adRecords, i);
+ GENERAL_NAME * siaRecord = ad->location;
+
+ //if( siaRecord->type == genType ){
+ ASN1_IA5STRING * ia5 = NULL;
+
+ ia5 = siaRecord->d.ia5;
+
+ size_t len = ASN1_STRING_length( ia5 );
+
+ char buf[ len + 1 ];
+ strncpy( buf, (const char*)ASN1_STRING_data( ia5 ),
+ len );
+
+ string str( buf, len );
+
+ output.push_back( str );
+ //}
+
+ ACCESS_DESCRIPTION_free(ad);
+
+ }
+
+ adRecords = NULL;
+
+ return output;
+}
+
string OsslCertificate::getIssuer(){
return NAME_to_string( X509_get_issuer_name( cert ) );
}
@@ -538,7 +615,7 @@
OsslPrivateKey::OsslPrivateKey( const string &file ){
FILE * fp = NULL;
-
+
fp = fopen( file.c_str(), "r" );
if( fp == NULL ){
cerr << "Could not open the private key file" << endl;
@@ -548,7 +625,7 @@
private_key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose( fp );
-
+
if( private_key == NULL ){
cerr << "Invalid private key file" << endl;
throw CertificateExceptionFile(
@@ -583,23 +660,23 @@
const std::string &password,
const std::string &path )
{
- BIO *mem;
+ BIO *mem;
mem = BIO_new_mem_buf((void *)derEncPk, length);
-
+
if(mem == NULL )
{
cerr << "Couldn't initiate bio buffer" << endl;
throw CertificateExceptionPkey("Couldn't initiate bio buffer" );
}
-
+
private_key = PEM_read_bio_PrivateKey(mem, NULL, 0, (void*)password.c_str());
-
+
if(private_key == NULL )
{
cerr << "Invalid private key data or password" << endl;
throw CertificateExceptionPkey("The private key is invalid or wrong password was used" );
}
-
+
pk_file=path;
}
@@ -630,11 +707,11 @@
return result;
}
-
-//
+
+//
// OsslCertificateSet
-//
+//
OsslCertificateSet::OsslCertificateSet(){
cert_db = X509_STORE_new();
@@ -655,13 +732,13 @@
void OsslCertificateSet::addDirectory( string dir ){
X509_LOOKUP * lookup = NULL;
-
- lookup = X509_STORE_add_lookup(
+
+ lookup = X509_STORE_add_lookup(
cert_db, X509_LOOKUP_hash_dir() );
if( lookup == NULL )
throw CertificateExceptionInit(
"Could not create a directory lookup");
-
+
if( !X509_LOOKUP_add_dir( lookup, dir.c_str(), X509_FILETYPE_PEM ) )
throw CertificateExceptionFile(
(string("Could not open the directory ")+dir).c_str() );
@@ -671,13 +748,13 @@
void OsslCertificateSet::addFile( string file ){
X509_LOOKUP * lookup = NULL;
-
- lookup = X509_STORE_add_lookup(
+
+ lookup = X509_STORE_add_lookup(
cert_db, X509_LOOKUP_file() );
if( lookup == NULL )
throw CertificateExceptionInit(
"Could not create a file lookup" );
-
+
if( !X509_LOOKUP_load_file( lookup, file.c_str(), X509_FILETYPE_PEM ) )
throw CertificateExceptionFile(
("Could not open the file "+file).c_str() );
@@ -695,7 +772,7 @@
//
// OsslCertificateChain
-//
+//
OsslCertificateChain::OsslCertificateChain(){
}
More information about the Minisip-devel
mailing list