You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
283 lines
8.2 KiB
283 lines
8.2 KiB
// X509Cert.cpp - Implementation of X509Cert class
|
|
//
|
|
// (c) Copyright Schlumberger Technology Corp., unpublished work, created
|
|
// 1999. This computer program includes Confidential, Proprietary
|
|
// Information and is a Trade Secret of Schlumberger Technology Corp. All
|
|
// use, disclosure, and/or reproduction is prohibited unless authorized
|
|
// in writing. All Rights Reserved.
|
|
|
|
|
|
#include "pkiX509Cert.h"
|
|
|
|
using namespace pki;
|
|
|
|
X509Cert::X509Cert()
|
|
{
|
|
}
|
|
|
|
X509Cert::X509Cert(const X509Cert &cert)
|
|
{
|
|
*this = cert;
|
|
}
|
|
|
|
X509Cert::X509Cert(const std::string &buffer)
|
|
{
|
|
*this = buffer;
|
|
}
|
|
|
|
X509Cert::X509Cert(const unsigned char *buffer, const unsigned long size)
|
|
{
|
|
m_Cert = BEROctet(buffer,size);
|
|
Decode();
|
|
}
|
|
|
|
X509Cert& X509Cert::operator=(const X509Cert &cert)
|
|
{
|
|
m_Cert = cert.m_Cert;
|
|
Decode();
|
|
|
|
return *this;
|
|
}
|
|
|
|
X509Cert& X509Cert::operator=(const std::string &buffer)
|
|
{
|
|
m_Cert = BEROctet((unsigned char*)buffer.data(),buffer.size());
|
|
Decode();
|
|
|
|
return *this;
|
|
}
|
|
|
|
// Returns Serial Number (long) integer value.
|
|
|
|
std::string X509Cert::SerialNumber() const
|
|
{
|
|
std::string RetVal((char*)m_SerialNumber.Data(),m_SerialNumber.DataSize());
|
|
return RetVal;
|
|
}
|
|
|
|
// Returns whole DER string of Issuer
|
|
|
|
std::string X509Cert::Issuer() const
|
|
{
|
|
std::string RetVal((char*)m_Issuer.Octet(),m_Issuer.OctetSize());
|
|
return RetVal;
|
|
}
|
|
|
|
// Returns list of attributes in Issuer matching id-at-organizationName.
|
|
// List will be invalidated when object changes.
|
|
|
|
std::vector<std::string> X509Cert::IssuerOrg() const
|
|
{
|
|
|
|
std::vector<std::string> orgNames;
|
|
std::vector<BEROctet const*> orgOcts;
|
|
|
|
m_Issuer.SearchOIDNext("2 5 4 10",orgOcts); // Issuer's id-at-organizationName
|
|
|
|
for(long i=0; i<orgOcts.size(); i++) {
|
|
|
|
std::string oName((char*)orgOcts[i]->Data(), orgOcts[i]->DataSize());
|
|
orgNames.push_back(oName);
|
|
}
|
|
|
|
return orgNames;
|
|
|
|
}
|
|
|
|
// Returns whole DER string of Subject
|
|
|
|
std::string X509Cert::Subject() const
|
|
{
|
|
std::string RetVal((char*)m_Subject.Octet(),m_Subject.OctetSize());
|
|
return RetVal;
|
|
}
|
|
|
|
// Returns list of attributes in Subject matching id-at-commonName
|
|
// List will be invalidated when object changes.
|
|
|
|
std::vector<std::string> X509Cert::SubjectCommonName() const
|
|
{
|
|
|
|
std::vector<std::string> cnNames;
|
|
std::vector<BEROctet const*> cnOcts;
|
|
|
|
m_Subject.SearchOIDNext("2 5 4 3",cnOcts); // Subject's id-at-commonName
|
|
|
|
for(long i=0; i<cnOcts.size(); i++) {
|
|
|
|
std::string cnName((char*)cnOcts[i]->Data(), cnOcts[i]->DataSize());
|
|
cnNames.push_back(cnName);
|
|
|
|
}
|
|
|
|
return cnNames;
|
|
|
|
}
|
|
|
|
// Returns modulus from SubjectPublicKeyInfo, stripped for any leading zero(s).
|
|
|
|
std::string X509Cert::Modulus() const
|
|
{
|
|
|
|
std::string RawMod = RawModulus();
|
|
|
|
unsigned long i = 0;
|
|
while(!RawMod[i] && i<RawMod.size()) i++; // Skip leading zero(s).
|
|
|
|
return std::string(&RawMod[i],RawMod.size()-i);
|
|
|
|
}
|
|
|
|
// Returns public exponent from SubjectPublicKeyInfo, possibly with leading zero(s).
|
|
|
|
std::string X509Cert::RawModulus() const
|
|
{
|
|
|
|
if(m_SubjectPublicKeyInfo.SubOctetList().size()!=2) throw Exception(ccX509CertFormatError);
|
|
|
|
BEROctet PubKeyString = *(m_SubjectPublicKeyInfo.SubOctetList()[1]);
|
|
|
|
unsigned char *KeyBlob = PubKeyString.Data();
|
|
unsigned long KeyBlobSize = PubKeyString.DataSize();
|
|
|
|
if(KeyBlob[0]) throw Exception(ccX509CertFormatError); // Expect number of unused bits in
|
|
// last octet to be zero.
|
|
KeyBlob++;
|
|
KeyBlobSize--;
|
|
|
|
BEROctet PubKeyOct(KeyBlob,KeyBlobSize);
|
|
|
|
if(PubKeyOct.SubOctetList().size()!=2) throw Exception(ccX509CertFormatError);
|
|
|
|
unsigned char *Mod = PubKeyOct.SubOctetList()[0]->Data();
|
|
unsigned long ModSize = PubKeyOct.SubOctetList()[0]->DataSize();
|
|
|
|
return std::string((char*)Mod,ModSize);
|
|
|
|
}
|
|
|
|
// Returns public exponent from SubjectPublicKeyInfo, stripped for any leading zero(s).
|
|
|
|
std::string X509Cert::PublicExponent() const
|
|
{
|
|
|
|
std::string RawPubExp = RawPublicExponent();
|
|
|
|
unsigned long i = 0;
|
|
while(!RawPubExp[i] && i<RawPubExp.size()) i++; // Skip leading zero(s).
|
|
|
|
return std::string(&RawPubExp[i],RawPubExp.size()-i);
|
|
|
|
}
|
|
// Returns public exponent from SubjectPublicKeyInfo, possibly with leading zero(s).
|
|
|
|
std::string X509Cert::RawPublicExponent() const
|
|
{
|
|
|
|
if(m_SubjectPublicKeyInfo.SubOctetList().size()!=2) throw Exception(ccX509CertFormatError);
|
|
|
|
BEROctet PubKeyString = *(m_SubjectPublicKeyInfo.SubOctetList()[1]);
|
|
|
|
unsigned char *KeyBlob = PubKeyString.Data();
|
|
unsigned long KeyBlobSize = PubKeyString.DataSize();
|
|
|
|
if(KeyBlob[0]) throw Exception(ccX509CertFormatError); // Expect number of unused bits
|
|
// in last octet to be zero.
|
|
KeyBlob++;
|
|
KeyBlobSize--;
|
|
|
|
BEROctet PubKeyOct(KeyBlob,KeyBlobSize);
|
|
|
|
if(PubKeyOct.SubOctetList().size()!=2) throw Exception(ccX509CertFormatError);
|
|
|
|
unsigned char *PubExp = PubKeyOct.SubOctetList()[1]->Data();
|
|
unsigned long PubExpSize = PubKeyOct.SubOctetList()[1]->DataSize();
|
|
|
|
return std::string((char*)PubExp,PubExpSize);
|
|
|
|
}
|
|
|
|
// Returns KeyUsage attribute, left justified with most significant bit as first bit (BER convention)
|
|
|
|
unsigned long X509Cert::KeyUsage() const
|
|
{
|
|
|
|
if(!m_Extensions.Octet()) throw Exception(ccX509CertExtensionNotPresent);
|
|
|
|
unsigned long ReturnKeyUsage = 0;
|
|
|
|
const unsigned char UnusedBitsMask[] = {0xFF,0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80};
|
|
|
|
std::vector<BEROctet const*> ExtensionList;
|
|
|
|
m_Extensions.SearchOID("2 5 29 15",ExtensionList); // "Extensions" octets containing id-ce-keyUsage
|
|
|
|
if(ExtensionList.size()!=1) throw Exception(ccX509CertExtensionNotPresent); // One and only one instance
|
|
|
|
BEROctet const* Extension = ExtensionList[0];
|
|
BEROctet* extnValue = 0;
|
|
if(Extension->SubOctetList().size()==2) extnValue = Extension->SubOctetList()[1]; // No "critical" attribute present
|
|
else if(Extension->SubOctetList().size()==3) extnValue = Extension->SubOctetList()[2]; // A "critical" attribute present
|
|
else throw Exception(ccX509CertFormatError); // "Extensions" must contain either 2 or 3 octets
|
|
|
|
unsigned char *KeyUsageBlob = extnValue->Data();
|
|
unsigned long KeyUsageBlobSize = extnValue->DataSize();
|
|
|
|
BEROctet KeyUsage(KeyUsageBlob,KeyUsageBlobSize);
|
|
unsigned char *KeyUsageBitString = KeyUsage.Data();
|
|
unsigned long KeyUsageBitStringSize = KeyUsage.DataSize();
|
|
|
|
|
|
unsigned char UnusedBits = KeyUsageBitString[0];
|
|
unsigned long NumBytes = KeyUsageBitStringSize-1;
|
|
if(NumBytes>4) {
|
|
NumBytes = 4; // Truncate to fit the ulong, should be plenty though
|
|
UnusedBits = 0;
|
|
}
|
|
|
|
unsigned long Shift = 24;
|
|
for(unsigned long i=0; i<NumBytes-1; i++) {
|
|
ReturnKeyUsage |= (KeyUsageBitString[i+1] << Shift);
|
|
Shift -= 8;
|
|
}
|
|
|
|
ReturnKeyUsage |= ( (KeyUsageBitString[NumBytes] & UnusedBitsMask[UnusedBits]) << Shift );
|
|
|
|
return ReturnKeyUsage;
|
|
|
|
}
|
|
|
|
void X509Cert::Decode()
|
|
{
|
|
|
|
if(m_Cert.SubOctetList().size()!=3) throw Exception(ccX509CertFormatError);
|
|
|
|
BEROctet *tbsCert = m_Cert.SubOctetList()[0];
|
|
unsigned long Size = tbsCert->SubOctetList().size();
|
|
if(!Size) throw Exception(ccX509CertFormatError);
|
|
|
|
int i = 0;
|
|
BEROctet *first = tbsCert->SubOctetList()[i];
|
|
if((first->Class()==2) && (first->Tag()==0)) i++; // Version
|
|
|
|
if(Size < (6+i)) throw Exception(ccX509CertFormatError);
|
|
|
|
m_SerialNumber = *(tbsCert->SubOctetList()[i]); i++; // SerialNumber
|
|
i++; // Signature (algorithm)
|
|
m_Issuer = *(tbsCert->SubOctetList()[i]); i++; // Issuer
|
|
i++; // Validity
|
|
m_Subject = *(tbsCert->SubOctetList()[i]); i++; // Subject
|
|
m_SubjectPublicKeyInfo = *(tbsCert->SubOctetList()[i]); i++; // SubjectPublicKeyInfo
|
|
|
|
m_Extensions = BEROctet();
|
|
while(i<Size) {
|
|
BEROctet *oct = tbsCert->SubOctetList()[i];
|
|
if((oct->Class()==2) && (oct->Tag()==3)) {
|
|
m_Extensions = *oct;
|
|
break;
|
|
}
|
|
i++;
|
|
}
|
|
|
|
}
|
|
|