www.gitorious.org Git - gnutls:gnutls.git/blob

1 /*

3 *

4 * Author: Nikos Mavrogiannopoulos

5 *

6 * This file is part of GnuTLS-EXTRA.

7 *

8 * GnuTLS-extra is free software: you can redistribute it and/or modify

9 * it under the terms of the GNU General Public License as published by

10 * the Free Software Foundation, either version 3 of the License, or

11 * (at your option) any later version.

12 *

13 * GnuTLS-extra is distributed in the hope that it will be useful,

14 * but WITHOUT ANY WARRANTY; without even the implied warranty of

15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

16 * GNU General Public License for more details.

17 *

18 * You should have received a copy of the GNU General Public License

19 * along with this program. If not, see <http://www.gnu.org/licenses/>.

20 */

21

22 /* This file includes all functions that were in the 0.5.x and 0.8.x

23 * gnutls API. They are now implemented over the new certificate parsing

24 * API.

25 */

26

27 #include "gnutls_int.h"

28

29 #include <gnutls_global.h>

30 #include <gnutls_errors.h>

31 #include <string.h> /* memset */

32 #include <x509/x509_int.h>

33 #include <libtasn1.h>

34 #include <gnutls/x509.h>

35 #include <openssl_compat.h>

36

37 /*-

38 * gnutls_x509_extract_certificate_dn:

39 * @cert: should contain an X.509 DER encoded certificate

40 * @ret: a pointer to a structure to hold the peer's name

41 *

42 * This function will return the name of the certificate holder. The name is gnutls_x509_dn structure and

43 * is a obtained by the peer's certificate. If the certificate send by the

44 * peer is invalid, or in any other failure this function returns error.

45 * Returns a negative error code in case of an error.

46 -*/

47 int

48 gnutls_x509_extract_certificate_dn(const gnutls_datum_t * cert,

49 gnutls_x509_dn * ret)

50 {

51 gnutls_x509_crt_t xcert;

52 int result;

53 size_t len;

54

55 result = gnutls_x509_crt_init(&xcert);

56 if (result < 0)

57 return result;

58

59 result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);

60 if (result < 0) {

61 gnutls_x509_crt_deinit(xcert);

62 return result;

63 }

64

65 len = sizeof(ret->country);

66 gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_COUNTRY_NAME,

67 0, 0, ret->country, &len);

68

69 len = sizeof(ret->organization);

70 gnutls_x509_crt_get_dn_by_oid(xcert,

71 GNUTLS_OID_X520_ORGANIZATION_NAME, 0,

72 0, ret->organization, &len);

73

74 len = sizeof(ret->organizational_unit_name);

75 gnutls_x509_crt_get_dn_by_oid(xcert,

76 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,

77 0, 0, ret->organizational_unit_name,

78 &len);

79

80 len = sizeof(ret->common_name);

81 gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_COMMON_NAME,

82 0, 0, ret->common_name, &len);

83

84 len = sizeof(ret->locality_name);

85 gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_LOCALITY_NAME,

86 0, 0, ret->locality_name, &len);

87

88 len = sizeof(ret->state_or_province_name);

89 gnutls_x509_crt_get_dn_by_oid(xcert,

90 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,

91 0, 0, ret->state_or_province_name,

92 &len);

93

94 len = sizeof(ret->email);

95 gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,

96 ret->email, &len);

97

98 gnutls_x509_crt_deinit(xcert);

99

100 return 0;

101 }

102

103 /*-

104 * gnutls_x509_extract_certificate_issuer_dn:

105 * @cert: should contain an X.509 DER encoded certificate

106 * @ret: a pointer to a structure to hold the issuer's name

107 *

108 * This function will return the name of the issuer stated in the certificate. The name is a gnutls_x509_dn structure and

109 * is a obtained by the peer's certificate. If the certificate send by the

110 * peer is invalid, or in any other failure this function returns error.

111 * Returns a negative error code in case of an error.

112 -*/

113 int

114 gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum_t * cert,

115 gnutls_x509_dn * ret)

116 {

117 gnutls_x509_crt_t xcert;

118 int result;

119 size_t len;

120

121 result = gnutls_x509_crt_init(&xcert);

122 if (result < 0)

123 return result;

124

125 result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);

126 if (result < 0) {

127 gnutls_x509_crt_deinit(xcert);

128 return result;

129 }

130

131 len = sizeof(ret->country);

132 gnutls_x509_crt_get_issuer_dn_by_oid(xcert,

133 GNUTLS_OID_X520_COUNTRY_NAME,

134 0, 0, ret->country, &len);

135

136 len = sizeof(ret->organization);

137 gnutls_x509_crt_get_issuer_dn_by_oid(xcert,

138 GNUTLS_OID_X520_ORGANIZATION_NAME,

139 0, 0, ret->organization,

140 &len);

141

142 len = sizeof(ret->organizational_unit_name);

143 gnutls_x509_crt_get_issuer_dn_by_oid(xcert,

144 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,

145 0, 0,

146 ret->organizational_unit_name,

147 &len);

148

149 len = sizeof(ret->common_name);

150 gnutls_x509_crt_get_issuer_dn_by_oid(xcert,

151 GNUTLS_OID_X520_COMMON_NAME,

152 0, 0, ret->common_name, &len);

153

154 len = sizeof(ret->locality_name);

155 gnutls_x509_crt_get_issuer_dn_by_oid(xcert,

156 GNUTLS_OID_X520_LOCALITY_NAME,

157 0, 0, ret->locality_name,

158 &len);

159

160 len = sizeof(ret->state_or_province_name);

161 gnutls_x509_crt_get_issuer_dn_by_oid(xcert,

162 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,

163 0, 0,

164 ret->state_or_province_name,

165 &len);

166

167 len = sizeof(ret->email);

168 gnutls_x509_crt_get_issuer_dn_by_oid(xcert, GNUTLS_OID_PKCS9_EMAIL,

169 0, 0, ret->email, &len);

170

171 gnutls_x509_crt_deinit(xcert);

172

173 return 0;

174 }