extra/openssl_compat.c

   1 /*
   2  * Copyright (C) 2002-2012 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS-EXTRA.
   7  *
   8  * GnuTLS-extra is free software: you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation, either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GnuTLS-extra is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20  */
  21
  22 /* This file includes all functions that were in the 0.5.x and 0.8.x
  23  * gnutls API. They are now implemented over the new certificate parsing
  24  * API.
  25  */
  26
  27 #include "gnutls_int.h"
  28
  29 #include <gnutls_global.h>
  30 #include <gnutls_errors.h>
  31 #include <string.h>             /* memset */
  32 #include <x509/x509_int.h>
  33 #include <libtasn1.h>
  34 #include <gnutls/x509.h>
  35 #include <openssl_compat.h>
  36
  37 /*-
  38  * gnutls_x509_extract_certificate_dn:
  39  * @cert: should contain an X.509 DER encoded certificate
  40  * @ret: a pointer to a structure to hold the peer's name
  41  *
  42  * This function will return the name of the certificate holder. The name is gnutls_x509_dn structure and
  43  * is a obtained by the peer's certificate. If the certificate send by the
  44  * peer is invalid, or in any other failure this function returns error.
  45  * Returns a negative error code in case of an error.
  46  -*/
  47 int
  48 gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert,
  49                                     gnutls_x509_dn * ret)
  50 {
  51   gnutls_x509_crt_t xcert;
  52   int result;
  53   size_t len;
  54
  55   result = gnutls_x509_crt_init (&xcert);
  56   if (result < 0)
  57     return result;
  58
  59   result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
  60   if (result < 0)
  61     {
  62       gnutls_x509_crt_deinit (xcert);
  63       return result;
  64     }
  65
  66   len = sizeof (ret->country);
  67   gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0,
  68                                  0, ret->country, &len);
  69
  70   len = sizeof (ret->organization);
  71   gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_ORGANIZATION_NAME,
  72                                  0, 0, ret->organization, &len);
  73
  74   len = sizeof (ret->organizational_unit_name);
  75   gnutls_x509_crt_get_dn_by_oid (xcert,
  76                                  GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
  77                                  0, 0, ret->organizational_unit_name, &len);
  78
  79   len = sizeof (ret->common_name);
  80   gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
  81                                  ret->common_name, &len);
  82
  83   len = sizeof (ret->locality_name);
  84   gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0,
  85                                  0, ret->locality_name, &len);
  86
  87   len = sizeof (ret->state_or_province_name);
  88   gnutls_x509_crt_get_dn_by_oid (xcert,
  89                                  GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
  90                                  0, 0, ret->state_or_province_name, &len);
  91
  92   len = sizeof (ret->email);
  93   gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
  94                                  ret->email, &len);
  95
  96   gnutls_x509_crt_deinit (xcert);
  97
  98   return 0;
  99 }
 100
 101 /*-
 102  * gnutls_x509_extract_certificate_issuer_dn:
 103  * @cert: should contain an X.509 DER encoded certificate
 104  * @ret: a pointer to a structure to hold the issuer's name
 105  *
 106  * This function will return the name of the issuer stated in the certificate. The name is a gnutls_x509_dn structure and
 107  * is a obtained by the peer's certificate. If the certificate send by the
 108  * peer is invalid, or in any other failure this function returns error.
 109  * Returns a negative error code in case of an error.
 110  -*/
 111 int
 112 gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert,
 113                                            gnutls_x509_dn * ret)
 114 {
 115   gnutls_x509_crt_t xcert;
 116   int result;
 117   size_t len;
 118
 119   result = gnutls_x509_crt_init (&xcert);
 120   if (result < 0)
 121     return result;
 122
 123   result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
 124   if (result < 0)
 125     {
 126       gnutls_x509_crt_deinit (xcert);
 127       return result;
 128     }
 129
 130   len = sizeof (ret->country);
 131   gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
 132                                         GNUTLS_OID_X520_COUNTRY_NAME, 0,
 133                                         0, ret->country, &len);
 134
 135   len = sizeof (ret->organization);
 136   gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
 137                                         GNUTLS_OID_X520_ORGANIZATION_NAME,
 138                                         0, 0, ret->organization, &len);
 139
 140   len = sizeof (ret->organizational_unit_name);
 141   gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
 142                                         GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
 143                                         0, 0,
 144                                         ret->organizational_unit_name, &len);
 145
 146   len = sizeof (ret->common_name);
 147   gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
 148                                         GNUTLS_OID_X520_COMMON_NAME, 0, 0,
 149                                         ret->common_name, &len);
 150
 151   len = sizeof (ret->locality_name);
 152   gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
 153                                         GNUTLS_OID_X520_LOCALITY_NAME, 0,
 154                                         0, ret->locality_name, &len);
 155
 156   len = sizeof (ret->state_or_province_name);
 157   gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
 158                                         GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
 159                                         0, 0, ret->state_or_province_name,
 160                                         &len);
 161
 162   len = sizeof (ret->email);
 163   gnutls_x509_crt_get_issuer_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0,
 164                                         0, ret->email, &len);
 165
 166   gnutls_x509_crt_deinit (xcert);
 167
 168   return 0;
 169 }
 170
 171