/*
- Copyright (C) 2012-2015 Carl Hetherington <cth@carlh.net>
+ Copyright (C) 2012-2016 Carl Hetherington <cth@carlh.net>
This file is part of libdcp.
Certificate::Certificate (X509* c)
: _certificate (c)
, _public_key (0)
- , _extra_data (false)
{
}
: _certificate (0)
, _public_key (0)
{
- _extra_data = read_string (cert);
+ string const s = read_string (cert);
+ if (!s.empty ()) {
+ throw MiscError ("unexpected data after certificate");
+ }
}
/** Copy constructor.
Certificate::Certificate (Certificate const & other)
: _certificate (0)
, _public_key (0)
- , _extra_data (other._extra_data)
{
if (other._certificate) {
read_string (other.certificate (true));
/** Read a certificate from a string.
* @param cert String to read.
- * @return true if there is extra stuff after the end of the certificate, false if not.
+ * @return remaining part of the input string after the certificate which was read.
*/
-bool
+string
Certificate::read_string (string cert)
{
/* Reformat cert so that it has line breaks every 64 characters.
See http://comments.gmane.org/gmane.comp.encryption.openssl.user/55593
*/
- locked_stringstream s (cert);
+ list<string> lines;
string line;
- /* BEGIN */
- do {
- getline (s, line);
+ for (size_t i = 0; i < cert.length(); ++i) {
+ line += cert[i];
+ if (cert[i] == '\r' || cert[i] == '\n') {
+ boost::algorithm::trim (line);
+ lines.push_back (line);
+ line = "";
+ }
+ }
+
+ if (!line.empty()) {
boost::algorithm::trim (line);
- } while (s.good() && line != begin_certificate);
+ lines.push_back (line);
+ }
+
+ list<string>::iterator i = lines.begin ();
+
+ /* BEGIN */
+ while (i != lines.end() && *i != begin_certificate) {
+ ++i;
+ }
- if (line != begin_certificate) {
+ if (i == lines.end()) {
throw MiscError ("missing BEGIN line in certificate");
}
+ /* Skip over the BEGIN line */
+ ++i;
+
/* The base64 data */
bool got_end = false;
string base64 = "";
- while (getline (s, line)) {
- boost::algorithm::trim (line);
- if (line == end_certificate) {
+ while (i != lines.end()) {
+ if (*i == end_certificate) {
got_end = true;
break;
}
- base64 += line;
+ base64 += *i;
+ ++i;
}
if (!got_end) {
throw MiscError ("missing END line in certificate");
}
+ /* Skip over the END line */
+ ++i;
+
/* Make up the fixed version */
string fixed = begin_certificate + "\n";
BIO_free (bio);
- /* See if there are any non-blank lines after the certificate that we read */
- line.clear ();
- while (s.good() && line.empty()) {
- getline (s, line);
+ string extra;
+
+ while (i != lines.end()) {
+ if (!i->empty()) {
+ extra += *i + "\n";
+ }
+ ++i;
}
- return (s.good() && !line.empty());
+
+ return extra;
}
/** Destructor */
_certificate = 0;
RSA_free (_public_key);
_public_key = 0;
- _extra_data = other._extra_data;
read_string (other.certificate (true));
return get_name_part (X509_get_subject_name (_certificate), NID_organizationalUnitName);
}
+static
+struct tm
+convert_time (ASN1_TIME const * time)
+{
+ struct tm t;
+ char const * s = (char const *) time->data;
+
+ if (time->type == V_ASN1_UTCTIME) {
+ sscanf(s, "%2d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+ if (t.tm_year < 70) {
+ t.tm_year += 100;
+ }
+ } else if (time->type == V_ASN1_GENERALIZEDTIME) {
+ sscanf(s, "%4d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+ t.tm_year -= 1900;
+ }
+
+ t.tm_mon--;
+
+ return t;
+}
+
+struct tm
+Certificate::not_before () const
+{
+ DCP_ASSERT (_certificate);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ return convert_time(X509_get0_notBefore(_certificate));
+#else
+ return convert_time(X509_get_notBefore(_certificate));
+#endif
+}
+
+struct tm
+Certificate::not_after () const
+{
+ DCP_ASSERT (_certificate);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ return convert_time(X509_get0_notAfter(_certificate));
+#else
+ return convert_time(X509_get_notAfter(_certificate));
+#endif
+}
+
string
Certificate::serial () const
{
return st;
}
+/** @return thumbprint of the to-be-signed portion of this certificate */
string
Certificate::thumbprint () const
{
uint8_t buffer[8192];
uint8_t* p = buffer;
+
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ i2d_re_X509_tbs(_certificate, &p);
+#else
i2d_X509_CINF (_certificate->cert_info, &p);
+#endif
unsigned int const length = p - buffer;
if (length > sizeof (buffer)) {
throw MiscError ("buffer too small to generate thumbprint");
return _public_key;
}
+static bool string_is_utf8 (X509_NAME* n, int nid)
+{
+ int p = -1;
+ p = X509_NAME_get_index_by_NID (n, nid, p);
+ return p != -1 && X509_NAME_ENTRY_get_data(X509_NAME_get_entry(n, p))->type == V_ASN1_UTF8STRING;
+}
+
+bool
+Certificate::has_utf8_strings () const
+{
+ X509_NAME* n = X509_get_subject_name (_certificate);
+ return string_is_utf8(n, NID_commonName) ||
+ string_is_utf8(n, NID_organizationName) ||
+ string_is_utf8(n, NID_organizationalUnitName);
+}
+
bool
dcp::operator== (Certificate const & a, Certificate const & b)
{
projects / libdcp.git / blobdiff