search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update readme (#21797)
[mono-project.git] / mono / btls / btls-x509.c
blob27fc1c155f4f9110ff2bc21c6e26cabf81aae643
1 //
2 // btls-x509.c
3 // MonoBtls
4 //
5 // Created by Martin Baulig on 14/11/15.
6 // Copyright (c) 2015 Xamarin. All rights reserved.
7 //
8
9 #include "btls-x509.h"
10 #include <openssl/x509v3.h>
11 #include <openssl/pkcs12.h>
12
13 X509 *
14 mono_btls_x509_from_data (const void *buf, int len, MonoBtlsX509Format format)
15 {
16 BIO *bio;
17 X509 *cert = NULL;
18
19 bio = BIO_new_mem_buf ((void *)buf, len);
20 switch (format) {
21 case MONO_BTLS_X509_FORMAT_DER:
22 cert = d2i_X509_bio (bio, NULL);
23 break;
24 case MONO_BTLS_X509_FORMAT_PEM:
25 cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
26 break;
27 }
28 BIO_free (bio);
29 return cert;
30 }
31
32 X509 *
33 mono_btls_x509_up_ref (X509 *x509)
34 {
35 X509_up_ref (x509);
36 return x509;
37 }
38
39 void
40 mono_btls_x509_free (X509 *x509)
41 {
42 X509_free (x509);
43 }
44
45 X509 *
46 mono_btls_x509_dup (X509 *x509)
47 {
48 return X509_dup (x509);
49 }
50
51 MonoBtlsX509Name *
52 mono_btls_x509_get_subject_name (X509 *x509)
53 {
54 return mono_btls_x509_name_copy (X509_get_subject_name (x509));
55 }
56
57 MonoBtlsX509Name *
58 mono_btls_x509_get_issuer_name (X509 *x509)
59 {
60 return mono_btls_x509_name_copy (X509_get_issuer_name (x509));
61 }
62
63 int
64 mono_btls_x509_get_subject_name_string (X509 *name, char *buffer, int size)
65 {
66 *buffer = 0;
67 return X509_NAME_oneline (X509_get_subject_name (name), buffer, size) != NULL;
68 }
69
70 int
71 mono_btls_x509_get_issuer_name_string (X509 *name, char *buffer, int size)
72 {
73 *buffer = 0;
74 return X509_NAME_oneline (X509_get_issuer_name (name), buffer, size) != NULL;
75 }
76
77 int
78 mono_btls_x509_get_raw_data (X509 *x509, BIO *bio, MonoBtlsX509Format format)
79 {
80 switch (format) {
81 case MONO_BTLS_X509_FORMAT_DER:
82 return i2d_X509_bio (bio, x509);
83 case MONO_BTLS_X509_FORMAT_PEM:
84 return PEM_write_bio_X509 (bio, x509);
85 default:
86 return 0;
87 }
88 }
89
90 int
91 mono_btls_x509_cmp (const X509 *a, const X509 *b)
92 {
93 return X509_cmp (a, b);
94 }
95
96 int
97 mono_btls_x509_get_hash (X509 *x509, const void **data)
98 {
99 X509_check_purpose (x509, -1, 0);
100 *data = x509->sha1_hash;
101 return SHA_DIGEST_LENGTH;
102 }
103
104 int64_t
105 mono_btls_x509_get_not_before (X509 *x509)
106 {
107 return mono_btls_util_asn1_time_to_ticks (X509_get_notBefore (x509));
108 }
109
110 int64_t
111 mono_btls_x509_get_not_after (X509 *x509)
112 {
113 return mono_btls_util_asn1_time_to_ticks (X509_get_notAfter (x509));
114 }
115
116 int
117 mono_btls_x509_get_public_key (X509 *x509, BIO *bio)
118 {
119 ASN1_BIT_STRING *pkey;
120 int ret;
121
122 if (!x509 || !x509->cert_info || !x509->cert_info->key)
123 return -1;
124
125 pkey = x509->cert_info->key->public_key;
126 if (!pkey || !pkey->data)
127 return -1;
128
129 ret = BIO_write (bio, pkey->data, pkey->length);
130 if (ret != pkey->length)
131 return -1;
132
133 return ret;
134 }
135
136 int
137 mono_btls_x509_get_serial_number (X509 *x509, char *buffer, int size, int mono_style)
138 {
139 ASN1_INTEGER *serial;
140 unsigned char *temp, *p;
141 int len;
142
143 serial = X509_get_serialNumber (x509);
144 if (serial->length == 0 || serial->length+1 > size)
145 return 0;
146
147 if (!mono_style) {
148 memcpy (buffer, serial->data, serial->length);
149 return serial->length;
150 }
151
152 temp = OPENSSL_malloc (serial->length + 1);
153 if (!temp)
154 return 0;
155
156 p = temp;
157 len = i2c_ASN1_INTEGER (serial, &p);
158
159 if (!len) {
160 OPENSSL_free (temp);
161 return 0;
162 }
163
164 memcpy (buffer, temp, len);
165 buffer [len] = 0;
166
167 OPENSSL_free (temp);
168 return len;
169 }
170
171 int
172 mono_btls_x509_get_public_key_algorithm (X509 *x509, char *buffer, int size)
173 {
174 X509_PUBKEY *pkey;
175 ASN1_OBJECT *ppkalg;
176 int ret;
177
178 *buffer = 0;
179 pkey = X509_get_X509_PUBKEY (x509);
180 if (!pkey)
181 return 0;
182
183 ret = X509_PUBKEY_get0_param (&ppkalg, NULL, NULL, NULL, pkey);
184 if (!ret || !ppkalg)
185 return ret;
186
187 return OBJ_obj2txt (buffer, size, ppkalg, 1);
188 }
189
190 int
191 mono_btls_x509_get_version (X509 *x509)
192 {
193 return (int)X509_get_version (x509) + 1;
194 }
195
196 int
197 mono_btls_x509_get_signature_algorithm (X509 *x509, char *buffer, int size)
198 {
199 const ASN1_OBJECT *obj;
200 int nid;
201
202 *buffer = 0;
203
204 nid = X509_get_signature_nid (x509);
205
206 obj = OBJ_nid2obj (nid);
207 if (!obj)
208 return 0;
209
210 return OBJ_obj2txt (buffer, size, obj, 1);
211 }
212
213 int
214 mono_btls_x509_get_public_key_asn1 (X509 *x509, char *out_oid, int oid_len, uint8_t **buffer, int *size)
215 {
216 X509_PUBKEY *pkey;
217 ASN1_OBJECT *ppkalg;
218 const unsigned char *pk;
219 int pk_len;
220 int ret;
221
222 if (out_oid)
223 *out_oid = 0;
224
225 pkey = X509_get_X509_PUBKEY (x509);
226 if (!pkey || !pkey->public_key)
227 return 0;
228
229 ret = X509_PUBKEY_get0_param (&ppkalg, &pk, &pk_len, NULL, pkey);
230 if (ret != 1 || !ppkalg || !pk)
231 return 0;
232
233 if (out_oid) {
234 OBJ_obj2txt (out_oid, oid_len, ppkalg, 1);
235 }
236
237 if (buffer) {
238 *size = pk_len;
239 *buffer = OPENSSL_malloc (pk_len);
240 if (!*buffer)
241 return 0;
242
243 memcpy (*buffer, pk, pk_len);
244 }
245
246 return 1;
247
248 }
249
250 int
251 mono_btls_x509_get_public_key_parameters (X509 *x509, char *out_oid, int oid_len, uint8_t **buffer, int *size)
252 {
253 X509_PUBKEY *pkey;
254 X509_ALGOR *algor;
255 ASN1_OBJECT *paobj;
256 int ptype;
257 void *pval;
258 int ret;
259
260 if (out_oid)
261 *out_oid = 0;
262
263 pkey = X509_get_X509_PUBKEY (x509);
264
265 ret = X509_PUBKEY_get0_param (NULL, NULL, NULL, &algor, pkey);
266 if (ret != 1 || !algor)
267 return 0;
268
269 X509_ALGOR_get0 (&paobj, &ptype, &pval, algor);
270
271 if (ptype != V_ASN1_NULL && ptype != V_ASN1_SEQUENCE)
272 return 0;
273
274 if (ptype == V_ASN1_NULL) {
275 uint8_t *ptr;
276
277 *size = 2;
278 *buffer = OPENSSL_malloc (2);
279 if (!*buffer)
280 return 0;
281
282 ptr = *buffer;
283 *ptr++ = 0x05;
284 *ptr++ = 0x00;
285
286 if (out_oid)
287 OBJ_obj2txt (out_oid, oid_len, paobj, 1);
288
289 return 1;
290 } else if (ptype == V_ASN1_SEQUENCE) {
291 ASN1_STRING *pstr = pval;
292
293 *size = pstr->length;
294 *buffer = OPENSSL_malloc (pstr->length);
295 if (!*buffer)
296 return 0;
297
298 memcpy (*buffer, pstr->data, pstr->length);
299
300 if (out_oid)
301 OBJ_obj2txt (out_oid, oid_len, paobj, 1);
302
303 return 1;
304 } else {
305 return 0;
306 }
307 }
308
309 EVP_PKEY *
310 mono_btls_x509_get_pubkey (X509 *x509)
311 {
312 return X509_get_pubkey (x509);
313 }
314
315 int
316 mono_btls_x509_get_subject_key_identifier (X509 *x509, uint8_t **buffer, int *size)
317 {
318 ASN1_OCTET_STRING *skid;
319
320 *size = 0;
321 *buffer = NULL;
322
323 if (X509_get_version (x509) != 2)
324 return 0;
325
326 skid = X509_get_ext_d2i (x509, NID_subject_key_identifier, NULL, NULL);
327 if (!skid)
328 return 0;
329
330 *size = skid->length;
331 *buffer = OPENSSL_malloc (*size);
332 if (!*buffer)
333 return 0;
334
335 memcpy (*buffer, skid->data, *size);
336 return 1;
337 }
338
339 int
340 mono_btls_x509_print (X509 *x509, BIO *bio)
341 {
342 return X509_print_ex (bio, x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
343 }
344
345 static int
346 get_trust_nid (MonoBtlsX509Purpose purpose)
347 {
348 switch (purpose) {
349 case MONO_BTLS_X509_PURPOSE_SSL_CLIENT:
350 return NID_client_auth;
351 case MONO_BTLS_X509_PURPOSE_SSL_SERVER:
352 return NID_server_auth;
353 default:
354 return 0;
355 }
356 }
357
358 int
359 mono_btls_x509_add_trust_object (X509 *x509, MonoBtlsX509Purpose purpose)
360 {
361 ASN1_OBJECT *trust;
362 int nid;
363
364 nid = get_trust_nid (purpose);
365 if (!nid)
366 return 0;
367
368 trust = ASN1_OBJECT_new ();
369 if (!trust)
370 return 0;
371
372 trust->nid = nid;
373 return X509_add1_trust_object (x509, trust);
374 }
375
376 int
377 mono_btls_x509_add_reject_object (X509 *x509, MonoBtlsX509Purpose purpose)
378 {
379 ASN1_OBJECT *reject;
380 int nid;
381
382 nid = get_trust_nid (purpose);
383 if (!nid)
384 return 0;
385
386 reject = ASN1_OBJECT_new ();
387 if (!reject)
388 return 0;
389
390 reject->nid = nid;
391 return X509_add1_reject_object (x509, reject);
392 }
393
394 int
395 mono_btls_x509_add_explicit_trust (X509 *x509, MonoBtlsX509TrustKind kind)
396 {
397 int ret = 0;
398
399 if ((kind & MONO_BTLS_X509_TRUST_KIND_REJECT_ALL) != 0)
400 kind |= MONO_BTLS_X509_TRUST_KIND_REJECT_CLIENT | MONO_BTLS_X509_TRUST_KIND_REJECT_SERVER;
401
402 if ((kind & MONO_BTLS_X509_TRUST_KIND_TRUST_ALL) != 0)
403 kind |= MONO_BTLS_X509_TRUST_KIND_TRUST_CLIENT | MONO_BTLS_X509_TRUST_KIND_TRUST_SERVER;
404
405
406 if ((kind & MONO_BTLS_X509_TRUST_KIND_REJECT_CLIENT) != 0) {
407 ret = mono_btls_x509_add_reject_object (x509, MONO_BTLS_X509_PURPOSE_SSL_CLIENT);
408 if (!ret)
409 return ret;
410 }
411
412 if ((kind & MONO_BTLS_X509_TRUST_KIND_REJECT_SERVER) != 0) {
413 ret = mono_btls_x509_add_reject_object (x509, MONO_BTLS_X509_PURPOSE_SSL_SERVER);
414 if (!ret)
415 return ret;
416 }
417
418 if (ret) {
419 // Ignore any MONO_BTLS_X509_TRUST_KIND_TRUST_* settings if we added
420 // any kind of MONO_BTLS_X509_TRUST_KIND_REJECT_* before.
421 return ret;
422 }
423
424 if ((kind & MONO_BTLS_X509_TRUST_KIND_TRUST_CLIENT) != 0) {
425 ret = mono_btls_x509_add_trust_object (x509, MONO_BTLS_X509_PURPOSE_SSL_CLIENT);
426 if (!ret)
427 return ret;
428 }
429
430 if ((kind & MONO_BTLS_X509_TRUST_KIND_TRUST_SERVER) != 0) {
431 ret = mono_btls_x509_add_trust_object (x509, MONO_BTLS_X509_PURPOSE_SSL_SERVER);
432 if (!ret)
433 return ret;
434 }
435
436 return ret;
437 }
Mirror of the official Mono project git repository