2 * x509info.c: Accessors for svn_x509_certinfo_t
4 * ====================================================================
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
21 * ====================================================================
28 #include <apr_pools.h>
29 #include <apr_tables.h>
31 #include "svn_string.h"
37 svn_x509_name_attr_t *
38 svn_x509_name_attr_dup(const svn_x509_name_attr_t *attr,
39 apr_pool_t *result_pool,
40 apr_pool_t *scratch_pool)
42 svn_x509_name_attr_t *result = apr_palloc(result_pool, sizeof(*result));
43 result->oid_len = attr->oid_len;
44 result->oid = apr_pmemdup(result_pool, attr->oid, attr->oid_len);
45 result->utf8_value = apr_pstrdup(result_pool, attr->utf8_value);
51 svn_x509_name_attr_get_oid(const svn_x509_name_attr_t *attr, apr_size_t *len)
58 svn_x509_name_attr_get_value(const svn_x509_name_attr_t *attr)
60 return attr->utf8_value;
63 /* Array elements are assumed to be nul-terminated C strings. */
64 static apr_array_header_t *
65 deep_copy_array(apr_array_header_t *s, apr_pool_t *result_pool)
68 apr_array_header_t *d;
73 d = apr_array_copy(result_pool, s);
75 /* Make a deep copy of the strings in the array. */
76 for (i = 0; i < s->nelts; ++i)
78 APR_ARRAY_IDX(d, i, const char *) =
79 apr_pstrdup(result_pool, APR_ARRAY_IDX(s, i, const char *));
85 /* Copy an array with elements that are svn_x509_name_attr_t's */
86 static apr_array_header_t *
87 deep_copy_name_attrs(apr_array_header_t *s, apr_pool_t *result_pool)
90 apr_array_header_t *d;
95 d = apr_array_copy(result_pool, s);
97 /* Make a deep copy of the svn_x509_name_attr_t's in the array. */
98 for (i = 0; i < s->nelts; ++i)
100 APR_ARRAY_IDX(d, i, const svn_x509_name_attr_t *) =
101 svn_x509_name_attr_dup(APR_ARRAY_IDX(s, i, svn_x509_name_attr_t *),
102 result_pool, result_pool);
108 svn_x509_certinfo_t *
109 svn_x509_certinfo_dup(const svn_x509_certinfo_t *certinfo,
110 apr_pool_t *result_pool,
111 apr_pool_t *scratch_pool)
113 svn_x509_certinfo_t *result = apr_palloc(result_pool, sizeof(*result));
114 result->subject = deep_copy_name_attrs(certinfo->subject, result_pool);
115 result->issuer = deep_copy_name_attrs(certinfo->issuer, result_pool);
116 result->valid_from = certinfo->valid_from;
117 result->valid_to = certinfo->valid_to;
118 result->digest = svn_checksum_dup(certinfo->digest, result_pool);
119 result->hostnames = deep_copy_array(certinfo->hostnames, result_pool);
124 typedef struct asn1_oid {
125 const unsigned char *oid;
126 const apr_size_t oid_len;
127 const char *short_label;
128 const char *long_label;
131 #define CONSTANT_PAIR(c) (unsigned char *)(c), sizeof((c)) - 1
133 static const asn1_oid asn1_oids[] = {
134 { CONSTANT_PAIR(SVN_X509_OID_COMMON_NAME), "CN", "commonName" },
135 { CONSTANT_PAIR(SVN_X509_OID_COUNTRY), "C", "countryName" },
136 { CONSTANT_PAIR(SVN_X509_OID_LOCALITY), "L", "localityName" },
137 { CONSTANT_PAIR(SVN_X509_OID_STATE), "ST", "stateOrProvinceName" },
138 { CONSTANT_PAIR(SVN_X509_OID_ORGANIZATION), "O", "organizationName" },
139 { CONSTANT_PAIR(SVN_X509_OID_ORG_UNIT), "OU", "organizationalUnitName"},
140 { CONSTANT_PAIR(SVN_X509_OID_EMAIL), NULL, "emailAddress" },
144 /* Given an OID return a null-terminated C string representation.
145 * For example an OID with the bytes "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
146 * would be converted to the string "1.2.840.113549.1.9.1". */
148 svn_x509_oid_to_string(const unsigned char *oid, apr_size_t oid_len,
149 apr_pool_t *scratch_pool, apr_pool_t *result_pool)
151 svn_stringbuf_t *out = svn_stringbuf_create_empty(result_pool);
152 const unsigned char *p = oid;
153 const unsigned char *end = p + oid_len;
159 /* Handle decoding the first two values of the OID. These values
160 * are encoded by taking the first value and adding 40 to it and
161 * adding the result to the second value, then placing this single
162 * value in the first byte of the output. This is unambiguous since
163 * the first value is apparently limited to 0, 1 or 2 and the second
164 * is limited to 0 to 39. */
165 temp = apr_psprintf(scratch_pool, "%d.%d", *p / 40, *p % 40);
170 /* The remaining values if they're less than 128 are just
171 * the number one to one encoded */
172 temp = apr_psprintf(scratch_pool, ".%d", *p);
177 /* Values greater than 128 are encoded as a series of 7 bit values
178 * with the left most bit set to indicate this encoding with the
179 * last octet missing the left most bit to finish out the series.. */
180 unsigned int collector = 0;
181 svn_boolean_t dot = FALSE;
184 if (collector == 0 && *p == 0x80)
186 /* include leading zeros in the string representation
187 technically not legal, but this seems nicer than just
191 svn_stringbuf_appendbyte(out, '.');
194 svn_stringbuf_appendbyte(out, '0');
196 else if (collector > UINT_MAX >> 7)
201 collector = collector << 7 | (*(p++) & 0x7f);
202 } while (p != end && *p > 127);
203 if (collector > UINT_MAX >> 7)
204 return NULL; /* overflow */
205 collector = collector << 7 | *(p++);
206 temp = apr_psprintf(scratch_pool, "%s%d", dot ? "" : ".", collector);
208 svn_stringbuf_appendcstr(out, temp);
211 if (svn_stringbuf_isempty(out))
217 static const asn1_oid *oid_to_asn1_oid(unsigned char *oid, apr_size_t oid_len)
219 const asn1_oid *entry;
221 for (entry = asn1_oids; entry->oid; entry++)
223 if (oid_len == entry->oid_len &&
224 memcmp(oid, entry->oid, oid_len) == 0)
231 static const char *oid_to_best_label(unsigned char *oid, apr_size_t oid_len,
232 apr_pool_t *result_pool)
234 const asn1_oid *entry = oid_to_asn1_oid(oid, oid_len);
238 if (entry->short_label)
239 return entry->short_label;
241 if (entry->long_label)
242 return entry->long_label;
246 const char *oid_string = svn_x509_oid_to_string(oid, oid_len,
247 result_pool, result_pool);
256 * Store the name from dn in printable form into buf,
257 * using scratch_pool for any temporary allocations.
258 * If CN is not NULL, return any common name in CN
261 get_dn(apr_array_header_t *name,
262 apr_pool_t *result_pool)
264 svn_stringbuf_t *buf = svn_stringbuf_create_empty(result_pool);
267 for (n = 0; n < name->nelts; n++)
269 const svn_x509_name_attr_t *attr = APR_ARRAY_IDX(name, n, svn_x509_name_attr_t *);
272 svn_stringbuf_appendcstr(buf, ", ");
274 svn_stringbuf_appendcstr(buf, oid_to_best_label(attr->oid, attr->oid_len, result_pool));
275 svn_stringbuf_appendbyte(buf, '=');
276 svn_stringbuf_appendcstr(buf, attr->utf8_value);
283 svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo,
284 apr_pool_t *result_pool)
286 return get_dn(certinfo->subject, result_pool);
289 const apr_array_header_t *
290 svn_x509_certinfo_get_subject_attrs(const svn_x509_certinfo_t *certinfo)
292 return certinfo->subject;
296 svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo,
297 apr_pool_t *result_pool)
299 return get_dn(certinfo->issuer, result_pool);
302 const apr_array_header_t *
303 svn_x509_certinfo_get_issuer_attrs(const svn_x509_certinfo_t *certinfo)
305 return certinfo->issuer;
309 svn_x509_certinfo_get_valid_from(const svn_x509_certinfo_t *certinfo)
311 return certinfo->valid_from;
315 svn_x509_certinfo_get_valid_to(const svn_x509_certinfo_t *certinfo)
317 return certinfo->valid_to;
320 const svn_checksum_t *
321 svn_x509_certinfo_get_digest(const svn_x509_certinfo_t *certinfo)
323 return certinfo->digest;
326 const apr_array_header_t *
327 svn_x509_certinfo_get_hostnames(const svn_x509_certinfo_t *certinfo)
329 return certinfo->hostnames;