5 // Created by Martin Baulig on 14/11/15.
6 // Copyright (c) 2015 Xamarin. All rights reserved.
10 #include <openssl/x509v3.h>
11 #include <openssl/pkcs12.h>
14 mono_btls_x509_from_data (const void *buf
, int len
, MonoBtlsX509Format format
)
19 bio
= BIO_new_mem_buf ((void *)buf
, len
);
21 case MONO_BTLS_X509_FORMAT_DER
:
22 cert
= d2i_X509_bio (bio
, NULL
);
24 case MONO_BTLS_X509_FORMAT_PEM
:
25 cert
= PEM_read_bio_X509 (bio
, NULL
, NULL
, NULL
);
33 mono_btls_x509_up_ref (X509
*x509
)
40 mono_btls_x509_free (X509
*x509
)
46 mono_btls_x509_dup (X509
*x509
)
48 return X509_dup (x509
);
51 MONO_API MonoBtlsX509Name
*
52 mono_btls_x509_get_subject_name (X509
*x509
)
54 return mono_btls_x509_name_copy (X509_get_subject_name (x509
));
57 MONO_API MonoBtlsX509Name
*
58 mono_btls_x509_get_issuer_name (X509
*x509
)
60 return mono_btls_x509_name_copy (X509_get_issuer_name (x509
));
64 mono_btls_x509_get_subject_name_string (X509
*name
, char *buffer
, int size
)
67 return X509_NAME_oneline (X509_get_subject_name (name
), buffer
, size
) != NULL
;
71 mono_btls_x509_get_issuer_name_string (X509
*name
, char *buffer
, int size
)
74 return X509_NAME_oneline (X509_get_issuer_name (name
), buffer
, size
) != NULL
;
78 mono_btls_x509_get_raw_data (X509
*x509
, BIO
*bio
, MonoBtlsX509Format format
)
81 case MONO_BTLS_X509_FORMAT_DER
:
82 return i2d_X509_bio (bio
, x509
);
83 case MONO_BTLS_X509_FORMAT_PEM
:
84 return PEM_write_bio_X509 (bio
, x509
);
91 mono_btls_x509_cmp (const X509
*a
, const X509
*b
)
93 return X509_cmp (a
, b
);
97 mono_btls_x509_get_hash (X509
*x509
, const void **data
)
99 X509_check_purpose (x509
, -1, 0);
100 *data
= x509
->sha1_hash
;
101 return SHA_DIGEST_LENGTH
;
105 mono_btls_x509_get_not_before (X509
*x509
)
107 return mono_btls_util_asn1_time_to_ticks (X509_get_notBefore (x509
));
111 mono_btls_x509_get_not_after (X509
*x509
)
113 return mono_btls_util_asn1_time_to_ticks (X509_get_notAfter (x509
));
117 mono_btls_x509_get_public_key (X509
*x509
, BIO
*bio
)
120 uint8_t *data
= NULL
;
123 pkey
= X509_get_pubkey (x509
);
127 ret
= i2d_PublicKey (pkey
, &data
);
129 if (ret
> 0 && data
) {
130 ret
= BIO_write (bio
, data
, ret
);
134 EVP_PKEY_free (pkey
);
139 mono_btls_x509_get_serial_number (X509
*x509
, char *buffer
, int size
, int mono_style
)
141 ASN1_INTEGER
*serial
;
142 unsigned char *temp
, *p
;
145 serial
= X509_get_serialNumber (x509
);
146 if (serial
->length
== 0 || serial
->length
+1 > size
)
150 memcpy (buffer
, serial
->data
, serial
->length
);
151 return serial
->length
;
154 temp
= OPENSSL_malloc (serial
->length
+ 1);
159 len
= i2c_ASN1_INTEGER (serial
, &p
);
166 for (idx
= 0; idx
< len
; idx
++) {
167 buffer
[idx
] = *(--p
);
176 mono_btls_x509_get_public_key_algorithm (X509
*x509
, char *buffer
, int size
)
183 pkey
= X509_get_X509_PUBKEY (x509
);
187 ret
= X509_PUBKEY_get0_param (&ppkalg
, NULL
, NULL
, NULL
, pkey
);
191 return OBJ_obj2txt (buffer
, size
, ppkalg
, 1);
195 mono_btls_x509_get_version (X509
*x509
)
197 return (int)X509_get_version (x509
) + 1;
201 mono_btls_x509_get_signature_algorithm (X509
*x509
, char *buffer
, int size
)
203 const ASN1_OBJECT
*obj
;
208 nid
= X509_get_signature_nid (x509
);
210 obj
= OBJ_nid2obj (nid
);
214 return OBJ_obj2txt (buffer
, size
, obj
, 1);
218 mono_btls_x509_get_public_key_asn1 (X509
*x509
, char *out_oid
, int oid_len
, uint8_t **buffer
, int *size
)
222 const unsigned char *pk
;
229 pkey
= X509_get_X509_PUBKEY (x509
);
230 if (!pkey
|| !pkey
->public_key
)
233 ret
= X509_PUBKEY_get0_param (&ppkalg
, &pk
, &pk_len
, NULL
, pkey
);
234 if (ret
!= 1 || !ppkalg
|| !pk
)
238 OBJ_obj2txt (out_oid
, oid_len
, ppkalg
, 1);
243 *buffer
= OPENSSL_malloc (pk_len
);
247 memcpy (*buffer
, pk
, pk_len
);
255 mono_btls_x509_get_public_key_parameters (X509
*x509
, char *out_oid
, int oid_len
, uint8_t **buffer
, int *size
)
267 pkey
= X509_get_X509_PUBKEY (x509
);
269 ret
= X509_PUBKEY_get0_param (NULL
, NULL
, NULL
, &algor
, pkey
);
270 if (ret
!= 1 || !algor
)
273 X509_ALGOR_get0 (&paobj
, &ptype
, &pval
, algor
);
275 if (ptype
!= V_ASN1_NULL
&& ptype
!= V_ASN1_SEQUENCE
)
278 if (ptype
== V_ASN1_NULL
) {
282 *buffer
= OPENSSL_malloc (2);
291 OBJ_obj2txt (out_oid
, oid_len
, paobj
, 1);
294 } else if (ptype
== V_ASN1_SEQUENCE
) {
295 ASN1_STRING
*pstr
= pval
;
297 *size
= pstr
->length
;
298 *buffer
= OPENSSL_malloc (pstr
->length
);
302 memcpy (*buffer
, pstr
->data
, pstr
->length
);
305 OBJ_obj2txt (out_oid
, oid_len
, paobj
, 1);
314 mono_btls_x509_get_pubkey (X509
*x509
)
316 return X509_get_pubkey (x509
);
320 mono_btls_x509_get_subject_key_identifier (X509
*x509
, uint8_t **buffer
, int *size
)
322 ASN1_OCTET_STRING
*skid
;
327 if (X509_get_version (x509
) != 2)
330 skid
= X509_get_ext_d2i (x509
, NID_subject_key_identifier
, NULL
, NULL
);
334 *size
= skid
->length
;
335 *buffer
= OPENSSL_malloc (*size
);
339 memcpy (*buffer
, skid
->data
, *size
);
344 mono_btls_x509_print (X509
*x509
, BIO
*bio
)
346 return X509_print_ex (bio
, x509
, XN_FLAG_COMPAT
, X509_FLAG_COMPAT
);
350 get_trust_nid (MonoBtlsX509Purpose purpose
)
353 case MONO_BTLS_X509_PURPOSE_SSL_CLIENT
:
354 return NID_client_auth
;
355 case MONO_BTLS_X509_PURPOSE_SSL_SERVER
:
356 return NID_server_auth
;
363 mono_btls_x509_add_trust_object (X509
*x509
, MonoBtlsX509Purpose purpose
)
368 nid
= get_trust_nid (purpose
);
372 trust
= ASN1_OBJECT_new ();
377 return X509_add1_trust_object (x509
, trust
);
381 mono_btls_x509_add_reject_object (X509
*x509
, MonoBtlsX509Purpose purpose
)
386 nid
= get_trust_nid (purpose
);
390 reject
= ASN1_OBJECT_new ();
395 return X509_add1_reject_object (x509
, reject
);
399 mono_btls_x509_add_explicit_trust (X509
*x509
, MonoBtlsX509TrustKind kind
)
403 if ((kind
& MONO_BTLS_X509_TRUST_KIND_REJECT_ALL
) != 0)
404 kind
|= MONO_BTLS_X509_TRUST_KIND_REJECT_CLIENT
| MONO_BTLS_X509_TRUST_KIND_REJECT_SERVER
;
406 if ((kind
& MONO_BTLS_X509_TRUST_KIND_TRUST_ALL
) != 0)
407 kind
|= MONO_BTLS_X509_TRUST_KIND_TRUST_CLIENT
| MONO_BTLS_X509_TRUST_KIND_TRUST_SERVER
;
410 if ((kind
& MONO_BTLS_X509_TRUST_KIND_REJECT_CLIENT
) != 0) {
411 ret
= mono_btls_x509_add_reject_object (x509
, MONO_BTLS_X509_PURPOSE_SSL_CLIENT
);
416 if ((kind
& MONO_BTLS_X509_TRUST_KIND_REJECT_SERVER
) != 0) {
417 ret
= mono_btls_x509_add_reject_object (x509
, MONO_BTLS_X509_PURPOSE_SSL_SERVER
);
423 // Ignore any MONO_BTLS_X509_TRUST_KIND_TRUST_* settings if we added
424 // any kind of MONO_BTLS_X509_TRUST_KIND_REJECT_* before.
428 if ((kind
& MONO_BTLS_X509_TRUST_KIND_TRUST_CLIENT
) != 0) {
429 ret
= mono_btls_x509_add_trust_object (x509
, MONO_BTLS_X509_PURPOSE_SSL_CLIENT
);
434 if ((kind
& MONO_BTLS_X509_TRUST_KIND_TRUST_SERVER
) != 0) {
435 ret
= mono_btls_x509_add_trust_object (x509
, MONO_BTLS_X509_PURPOSE_SSL_SERVER
);