00001
00002
00003
00004
00005
00006
00007 #include "wvx509.h"
00008 #include "wvsslhacks.h"
00009 #include "wvdiriter.h"
00010 #include "wvcrypto.h"
00011 #include "wvstringlist.h"
00012 #include "strutils.h"
00013
00014 #include <openssl/pem.h>
00015 #include <openssl/x509v3.h>
00016 #include <openssl/err.h>
00017 #include <openssl/sha.h>
00018 #include <openssl/pkcs12.h>
00019
00020 static int ssl_init_count = 0;
00021
00022 void wvssl_init()
00023 {
00024 if (!ssl_init_count)
00025 {
00026 OpenSSL_add_all_algorithms();
00027 ERR_load_crypto_strings();
00028 }
00029
00030 ssl_init_count++;
00031 }
00032
00033
00034 void wvssl_free()
00035 {
00036
00037
00038 if (ssl_init_count >= 2)
00039 ssl_init_count--;
00040
00041 if (!ssl_init_count)
00042 {
00043 assert(0);
00044 ERR_free_strings();
00045 EVP_cleanup();
00046 }
00047 }
00048
00049
00050 WvString wvssl_errstr()
00051 {
00052 char buf[256];
00053 ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
00054 buf[sizeof(buf)-1] = 0;
00055 return buf;
00056 }
00057
00058
00059 WvX509Mgr::WvX509Mgr(X509 *_cert)
00060 : debug("X509", WvLog::Debug5), pkcs12pass(WvString::null)
00061 {
00062 wvssl_init();
00063 cert = _cert;
00064 rsa = NULL;
00065 if (cert)
00066 {
00067 char buffer[1024];
00068
00069 X509_NAME_oneline(X509_get_subject_name(cert), buffer, sizeof(buffer));
00070 buffer[sizeof(buffer)-1] = 0;
00071 dname = buffer;
00072
00073 EVP_PKEY *pk;
00074 pk = X509_get_pubkey(cert);
00075
00076 if ((pk = X509_get_pubkey(cert)) != NULL)
00077 {
00078 size_t size;
00079 unsigned char *keybuf, *iend;
00080 WvString tmppub;
00081
00082 size = i2d_RSAPublicKey(pk->pkey.rsa, NULL);
00083 iend = keybuf = new unsigned char[size];
00084 i2d_RSAPublicKey(pk->pkey.rsa, &iend);
00085
00086 tmppub.setsize(size * 2 + 1);
00087 ::hexify(tmppub.edit(), keybuf, size);
00088 rsa = new WvRSAKey(tmppub, false);
00089
00090 delete[] keybuf;
00091 }
00092 }
00093 }
00094
00095
00096 WvX509Mgr::WvX509Mgr(WvStringParm hexified_cert,
00097 WvStringParm hexified_rsa)
00098 : debug("X509", WvLog::Debug5), pkcs12pass(WvString::null)
00099 {
00100 wvssl_init();
00101
00102 cert = NULL;
00103 rsa = new WvRSAKey(hexified_rsa, true);
00104 if (!rsa->isok())
00105 {
00106 seterr("RSA Error: %s\n", rsa->errstr());
00107 return;
00108 }
00109
00110 unhexify(hexified_cert);
00111
00112 if (cert)
00113 {
00114 char buffer[1024];
00115
00116 X509_NAME_oneline(X509_get_subject_name(cert), buffer, sizeof(buffer));
00117 buffer[sizeof(buffer)-1] = 0;
00118 dname = buffer;
00119 }
00120 }
00121
00122
00123 WvX509Mgr::WvX509Mgr(WvStringParm _dname, WvRSAKey *_rsa)
00124 : dname(_dname), debug("X509", WvLog::Debug5), pkcs12pass(WvString::null)
00125 {
00126 assert(_rsa);
00127
00128 wvssl_init();
00129 debug("Creating new certificate for %s\n", dname);
00130 cert = NULL;
00131 rsa = _rsa;
00132 create_selfsigned();
00133 }
00134
00135
00136 WvX509Mgr::WvX509Mgr(WvStringParm _dname, int bits)
00137 : dname(_dname), debug("X509", WvLog::Debug5)
00138 {
00139 wvssl_init();
00140 debug("Creating new certificate for %s\n", dname);
00141 cert = NULL;
00142 rsa = new WvRSAKey(bits);
00143 create_selfsigned();
00144 }
00145
00146
00147 WvX509Mgr::~WvX509Mgr()
00148 {
00149 if (rsa)
00150 delete rsa;
00151 X509_free(cert);
00152 wvssl_free();
00153 }
00154
00155
00156
00157
00158 #ifndef NID_domainComponent
00159 #define NID_domainComponent 391
00160 #endif
00161
00162 #ifndef NID_Domain
00163 #define NID_Domain 392
00164 #endif
00165
00166
00167
00168 static WvString set_name_entry(X509_NAME *name, WvStringParm dn)
00169 {
00170 WvString fqdn(""), force_fqdn("");
00171 X509_NAME_ENTRY *ne = NULL;
00172 int count = 0, nid;
00173
00174 WvStringList l;
00175 l.split(dn, ",");
00176
00177
00178
00179 WvStringList::Iter i(l);
00180 for (i.rewind(); i.next(); )
00181 {
00182 WvString s(*i), sid;
00183 char *cptr, *value;
00184
00185 cptr = s.edit();
00186 value = strchr(cptr, '=');
00187 if (value)
00188 *value++ = 0;
00189 else
00190 value = "NULL";
00191
00192 sid = strlwr(trim_string(cptr));
00193
00194 if (sid == "c")
00195 nid = NID_countryName;
00196 else if (sid == "st")
00197 nid = NID_stateOrProvinceName;
00198 else if (sid == "l")
00199 nid = NID_localityName;
00200 else if (sid == "o")
00201 nid = NID_organizationName;
00202 else if (sid == "ou")
00203 nid = NID_organizationalUnitName;
00204 else if (sid == "cn")
00205 {
00206 nid = NID_commonName;
00207 force_fqdn = value;
00208 }
00209 else if (sid == "dc")
00210 {
00211 nid = NID_domainComponent;
00212 if (!!fqdn)
00213 fqdn.append(".");
00214 fqdn.append(value);
00215 }
00216 else if (sid == "domain")
00217 {
00218 nid = NID_Domain;
00219 force_fqdn = value;
00220 }
00221 else
00222 nid = NID_domainComponent;
00223
00224 if (!ne)
00225 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid,
00226 V_ASN1_APP_CHOOSE, (unsigned char *)value, -1);
00227 else
00228 X509_NAME_ENTRY_create_by_NID(&ne, nid,
00229 V_ASN1_APP_CHOOSE, (unsigned char *)value, -1);
00230 if (!ne)
00231 continue;
00232 X509_NAME_add_entry(name, ne, count++, 0);
00233 }
00234
00235 X509_NAME_ENTRY_free(ne);
00236
00237 if (!!force_fqdn)
00238 return force_fqdn;
00239
00240 return fqdn;
00241 }
00242
00243
00244 void WvX509Mgr::create_selfsigned()
00245 {
00246 EVP_PKEY *pk = NULL;
00247 X509_NAME *name = NULL;
00248 X509_EXTENSION *ex = NULL;
00249
00250
00251
00252
00253
00254 srand(time(NULL));
00255 int serial = rand();
00256
00257 WvString serverfqdn;
00258
00259 assert(rsa);
00260
00261
00262 if (RSA_check_key(rsa->rsa) == 1)
00263 debug("RSA Key is fine.\n");
00264 else
00265 {
00266 seterr("RSA Key is bad!\n");
00267 return;
00268 }
00269
00270 if ((pk=EVP_PKEY_new()) == NULL)
00271 {
00272 seterr("Error creating key handler for new certificate");
00273 return;
00274 }
00275 if ((cert=X509_new()) == NULL)
00276 {
00277 seterr("Error creating new X509 object");
00278 return;
00279 }
00280
00281
00282 if (!EVP_PKEY_assign_RSA(pk, rsa->rsa))
00283 {
00284 seterr("Error adding RSA keys to certificate");
00285 return;
00286 }
00287
00288
00289
00290 X509_set_version(cert, 0x2);
00291
00292
00293 ASN1_INTEGER_set(X509_get_serialNumber(cert), serial);
00294
00295
00296 X509_gmtime_adj(X509_get_notBefore(cert), 0);
00297
00298
00299
00300
00301 X509_gmtime_adj(X509_get_notAfter(cert), (long)60*60*24*3650);
00302 X509_set_pubkey(cert, pk);
00303
00304 name = X509_get_subject_name(cert);
00305 serverfqdn = set_name_entry(name, dname);
00306
00307 if (!serverfqdn)
00308 serverfqdn = "null.noname.null";
00309
00310 X509_set_issuer_name(cert, name);
00311 X509_set_subject_name(cert, name);
00312
00313
00314 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
00315 X509_add_ext(cert, ex, -1);
00316 X509_EXTENSION_free(ex);
00317
00318 debug("Setting Netscape SSL server name extension to %s\n", serverfqdn);
00319
00320
00321 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
00322 serverfqdn.edit());
00323 X509_add_ext(cert, ex, -1);
00324 X509_EXTENSION_free(ex);
00325
00326
00327
00328 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage,
00329 "critical,digitalSignature,keyEncipherment,keyCertSign");
00330 X509_add_ext(cert, ex, -1);
00331 X509_EXTENSION_free(ex);
00332
00333 #if 0
00334
00335 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
00336 "critical,CA:FALSE");
00337 X509_add_ext(cert, ex, -1);
00338 X509_EXTENSION_free(ex);
00339 #endif
00340
00341 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_ext_key_usage,
00342 "TLS Web Server Authentication,TLS Web Client Authentication");
00343 X509_add_ext(cert, ex, -1);
00344 X509_EXTENSION_free(ex);
00345
00346
00347 if (!X509_sign(cert, pk, EVP_sha1()))
00348 {
00349 seterr("Could not self sign the certificate");
00350 X509_free(cert);
00351 EVP_PKEY_free(pk);
00352 return;
00353 }
00354
00355 debug("Certificate for %s created\n", dname);
00356 }
00357
00358
00359 static FILE *file_hack_start()
00360 {
00361 return tmpfile();
00362 }
00363
00364
00365 static WvString file_hack_end(FILE *f)
00366 {
00367 WvDynBuf b;
00368 size_t len;
00369
00370 rewind(f);
00371 while ((len = fread(b.alloc(1024), 1, 1024, f)) > 0)
00372 b.unalloc(1024 - len);
00373 b.unalloc(1024 - len);
00374 fclose(f);
00375
00376 return b.getstr();
00377 }
00378
00379
00380 WvString WvX509Mgr::certreq()
00381 {
00382 EVP_PKEY *pk;
00383 X509_NAME *name = NULL;
00384 X509_REQ *certreq;
00385
00386 FILE *stupid = file_hack_start();
00387
00388 assert(rsa);
00389 assert(dname);
00390
00391
00392 if (RSA_check_key(rsa->rsa) == 1)
00393 debug("RSA Key is fine.\n");
00394 else
00395 {
00396 seterr("RSA Key is bad!\n");
00397 return WvString::null;
00398 }
00399
00400 if ((pk=EVP_PKEY_new()) == NULL)
00401 {
00402 seterr("Error creating key handler for new certificate");
00403 return WvString::null;
00404 }
00405
00406 if ((certreq=X509_REQ_new()) == NULL)
00407 {
00408 seterr("Error creating new PKCS#10 object");
00409 EVP_PKEY_free(pk);
00410 return WvString::null;
00411 }
00412
00413 WvRSAKey rsa2(*rsa);
00414 if (!EVP_PKEY_assign_RSA(pk, rsa2.rsa))
00415 {
00416 seterr("Error adding RSA keys to certificate");
00417 X509_REQ_free(certreq);
00418 EVP_PKEY_free(pk);
00419 return WvString::null;
00420 }
00421
00422 X509_REQ_set_version(certreq, 0);
00423
00424 X509_REQ_set_pubkey(certreq, pk);
00425
00426 name = X509_REQ_get_subject_name(certreq);
00427
00428 debug("Creating Certificate request for %s\n", dname);
00429 set_name_entry(name, dname);
00430 X509_REQ_set_subject_name(certreq, name);
00431 debug("SubjectDN: %s\n",
00432 X509_NAME_oneline(X509_REQ_get_subject_name(certreq), 0, 0));
00433
00434 if (!X509_REQ_sign(certreq, pk, EVP_sha1()))
00435 {
00436 seterr("Could not self sign the request");
00437 X509_REQ_free(certreq);
00438 EVP_PKEY_free(pk);
00439 return WvString::null;
00440 }
00441
00442 int verify_result = X509_REQ_verify(certreq, pk);
00443 if (verify_result == 0)
00444 {
00445 seterr("Self Signed Request failed!");
00446 X509_REQ_free(certreq);
00447 EVP_PKEY_free(pk);
00448 return WvString::null;
00449 }
00450 else
00451 {
00452 debug("Self Signed Certificate Request verifies OK!\n");
00453 }
00454
00455
00456
00457 rsa2.rsa = NULL;
00458
00459
00460
00461
00462 PEM_write_X509_REQ(stupid, certreq);
00463 X509_REQ_free(certreq);
00464 EVP_PKEY_free(pk);
00465
00466 return file_hack_end(stupid);
00467 }
00468
00469
00470 bool WvX509Mgr::test()
00471 {
00472 bool bad = false;
00473
00474 EVP_PKEY *pk = EVP_PKEY_new();
00475
00476 if (!cert)
00477 {
00478 seterr("no Certificate in X509 Manager!");
00479 bad = true;
00480 }
00481
00482 if (rsa && pk)
00483 {
00484 WvRSAKey tmpkey(*rsa);
00485
00486 if (!EVP_PKEY_assign_RSA(pk, tmpkey.rsa))
00487 {
00488 seterr("Error setting RSA keys");
00489 bad = true;
00490 }
00491 else if (!bad)
00492 {
00493 int verify_return = X509_verify(cert, pk);
00494 if (verify_return != 1)
00495 {
00496 seterr("Certificate test failed: %s\n", wvssl_errstr());
00497 bad = true;
00498 }
00499 }
00500
00501 tmpkey.rsa = NULL;
00502 }
00503 else
00504 {
00505 seterr("no RSA keypair in X509 manager");
00506 bad = true;
00507 }
00508
00509 if (pk)
00510 EVP_PKEY_free(pk);
00511
00512 return !bad;
00513 }
00514
00515
00516 void WvX509Mgr::unhexify(WvStringParm encodedcert)
00517 {
00518 int hexbytes = strlen(encodedcert.cstr());
00519 int bufsize = hexbytes/2;
00520 unsigned char *certbuf = new unsigned char[bufsize];
00521 unsigned char *cp = certbuf;
00522 X509 *tmpcert;
00523
00524 if (cert)
00525 X509_free(cert);
00526
00527 ::unhexify(certbuf, encodedcert);
00528 tmpcert = cert = X509_new();
00529 cert = wv_d2i_X509(&tmpcert, &cp, hexbytes/2);
00530
00531
00532 if (cert && !test())
00533 {
00534 X509_free(cert);
00535 cert = NULL;
00536 }
00537
00538 if (!cert)
00539 seterr("X.509 certificate decode failed!");
00540
00541 delete[] certbuf;
00542 }
00543
00544
00545 WvString WvX509Mgr::hexify()
00546 {
00547 size_t size;
00548 unsigned char *keybuf, *iend;
00549 WvString enccert;
00550
00551 size = i2d_X509(cert, NULL);
00552 iend = keybuf = new unsigned char[size];
00553 i2d_X509(cert, &iend);
00554
00555 enccert.setsize(size * 2 +1);
00556 ::hexify(enccert.edit(), keybuf, size);
00557
00558 delete[] keybuf;
00559 return enccert;
00560 }
00561
00562
00563 bool WvX509Mgr::validate()
00564 {
00565 if (cert != NULL)
00566 {
00567 debug("Peer Certificate:\n");
00568 debug("Issuer: %s\n",
00569 X509_NAME_oneline(X509_get_issuer_name(cert),0,0));
00570
00571
00572 if (X509_cmp_current_time(X509_get_notAfter(cert)) == -1)
00573 {
00574 seterr("Peer certificate has expired!");
00575 return false;
00576 }
00577
00578
00579
00580
00581
00582
00583 }
00584 else
00585 debug("Peer doesn't have a certificate.\n");
00586
00587 return true;
00588 }
00589
00590
00591 bool WvX509Mgr::signedbyCAinfile(WvStringParm certfile)
00592 {
00593 X509_STORE *cert_ctx = NULL;
00594 X509_STORE_CTX csc;
00595 X509_LOOKUP *lookup = NULL;
00596 int result = 0;
00597
00598 cert_ctx = X509_STORE_new();
00599 if (cert_ctx == NULL)
00600 {
00601 seterr("Unable to create Certificate Store Context");
00602 return false;
00603 }
00604
00605 lookup=X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
00606 if (lookup == NULL)
00607 {
00608 seterr("Can't add lookup method...\n");
00609 return false;
00610 }
00611
00612 if (!X509_LOOKUP_load_file(lookup, certfile, X509_FILETYPE_PEM))
00613 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
00614
00615 X509_STORE_CTX_init(&csc, cert_ctx, cert, NULL);
00616 result = X509_verify_cert(&csc);
00617 X509_STORE_CTX_cleanup(&csc);
00618
00619 X509_STORE_free(cert_ctx);
00620
00621 if (result == 1)
00622 return true;
00623 else
00624 return false;
00625 }
00626
00627
00628 bool WvX509Mgr::signedbyCAindir(WvStringParm certdir)
00629 {
00630 WvDirIter i(certdir,false);
00631 for (i.rewind(); i.next(); )
00632 {
00633 if (!signedbyCAinfile(i->fullname))
00634 return false;
00635 }
00636 return true;
00637 }
00638
00639
00640 bool WvX509Mgr::isinCRL()
00641 {
00642 return false;
00643 }
00644
00645
00646 WvString WvX509Mgr::encode(const DumpMode mode)
00647 {
00648 FILE *stupid;
00649 const EVP_CIPHER *enc;
00650 WvString nil;
00651
00652 stupid = file_hack_start();
00653
00654 if (stupid)
00655 {
00656 switch(mode)
00657 {
00658 case CertPEM:
00659 debug("Dumping X509 certificate.\n");
00660 PEM_write_X509(stupid, cert);
00661 break;
00662
00663 case RsaPEM:
00664 debug("Dumping RSA keypair.\n");
00665 enc = EVP_get_cipherbyname("rsa");
00666 PEM_write_RSAPrivateKey(stupid, rsa->rsa, enc,
00667 NULL, 0, NULL, NULL);
00668 break;
00669
00670 case RsaRaw:
00671 debug("Dumping raw RSA keypair.\n");
00672 RSA_print_fp(stupid, rsa->rsa, 0);
00673 break;
00674
00675 default:
00676 seterr("Unknown Mode\n");
00677 return nil;
00678 }
00679
00680 return file_hack_end(stupid);
00681 }
00682 else
00683 {
00684 debug(WvLog::Error, "Can't create temp file in WvX509Mgr::encode!\n");
00685 return nil;
00686 }
00687 }
00688
00689 void WvX509Mgr::decode(DumpMode mode, WvStringParm pemEncoded)
00690 {
00691
00692 FILE *stupid;
00693 const EVP_CIPHER *enc;
00694 WvString outstring = pemEncoded;
00695
00696 stupid = file_hack_start();
00697
00698 if (stupid)
00699 {
00700
00701 rewind(stupid);
00702 unsigned int written = fwrite(outstring.edit(), 1, outstring.len(), stupid);
00703 if (written != outstring.len())
00704 {
00705 debug(WvLog::Error,"Couldn't write full amount to temp file!\n");
00706 fclose(stupid);
00707 return;
00708 }
00709 rewind(stupid);
00710 switch(mode)
00711 {
00712 case CertPEM:
00713 debug("Importing X509 certificate.\n");
00714 if(cert)
00715 {
00716 X509_free(cert);
00717 cert = NULL;
00718 }
00719 cert = PEM_read_X509(stupid, NULL, NULL, NULL);
00720 break;
00721
00722 case RsaPEM:
00723 debug("Importing RSA keypair.\n");
00724 debug("Make sure that you load or generate a new Certificate!\n");
00725 enc = EVP_get_cipherbyname("rsa");
00726 rsa->rsa = PEM_read_RSAPrivateKey(stupid, NULL, NULL, NULL);
00727 break;
00728
00729 case RsaRaw:
00730 debug("Importing raw RSA keypair not supported.\n");
00731 break;
00732
00733 default:
00734 seterr("Unknown Mode\n");
00735 }
00736 fclose(stupid);
00737 }
00738 else
00739 {
00740 debug(WvLog::Error, "Can't create temp file in WvX509Mgr::decode!\n");
00741 return;
00742 }
00743 }
00744
00745 void WvX509Mgr::write_p12(WvStringParm filename)
00746 {
00747 debug("Dumping RSA Key and X509 Cert to PKCS12 structure.\n");
00748
00749 FILE *fp = fopen(filename, "w");
00750
00751 if (!fp)
00752 {
00753 seterr("Unable to create: %s\n", filename);
00754 return;
00755 }
00756
00757 if (!!pkcs12pass)
00758 {
00759 EVP_PKEY *pk = EVP_PKEY_new();
00760 if (!pk)
00761 {
00762 seterr("Unable to create PKEY object.\n");
00763 return;
00764 }
00765
00766 if (rsa && cert)
00767 {
00768 WvRSAKey tmpkey(*rsa);
00769
00770 if (!EVP_PKEY_assign_RSA(pk, tmpkey.rsa))
00771 {
00772 seterr("Error setting RSA keys.\n");
00773 return;
00774 }
00775 else
00776 {
00777 PKCS12 *pkg = PKCS12_create(pkcs12pass.edit(), "foo", pk,
00778 cert, NULL, 0, 0, 0, 0, 0);
00779 if (pkg)
00780 {
00781 debug("Write the PKCS12 object out...\n");
00782 i2d_PKCS12_fp(fp, pkg);
00783 PKCS12_free(pkg);
00784 }
00785 else
00786 {
00787 seterr("Unable to create PKCS12 object.\n");
00788 return;
00789 }
00790 }
00791 }
00792 else
00793 {
00794 seterr("Either the RSA key or the Certificate is not present\n");
00795 return;
00796 }
00797 }
00798 else
00799 {
00800 seterr("No Password specified for PKCS12 dump\n");
00801 return;
00802 }
00803 }
00804
00805 void WvX509Mgr::read_p12(WvStringParm filename)
00806 {
00807 debug("Reading Certificate and Private Key from PKCS12 file: %s\n", filename);
00808
00809 FILE *fp = fopen(filename, "r");
00810
00811 if (!fp)
00812 {
00813 seterr("Unable to read from: %s\n", filename);
00814 return;
00815 }
00816
00817 if (!!pkcs12pass)
00818 {
00819 PKCS12 *pkg = d2i_PKCS12_fp(fp, NULL);
00820 if (pkg)
00821 {
00822 EVP_PKEY *pk = EVP_PKEY_new();
00823 if (!pk)
00824 {
00825 seterr("Unable to create PKEY object.\n");
00826 return;
00827 }
00828
00829
00830 PKCS12_parse(pkg, pkcs12pass, &pk, &cert, NULL);
00831 PKCS12_free(pkg);
00832
00833
00834
00835
00836 rsa = new WvRSAKey(pk->pkey.rsa, true);
00837
00838
00839 if (!rsa || !cert || test())
00840 {
00841 seterr("Could not fill in RSA and Cert with matching values.\n");
00842 return;
00843 }
00844
00845
00846 }
00847 else
00848 {
00849 seterr("Read in of PKCS12 file '%s' failed - aborting!\n", filename);
00850 return;
00851 }
00852 }
00853 else
00854 {
00855 seterr("No Password specified for PKCS12 file - aborting!\n");
00856 return;
00857 }
00858 }
00859
00860
00861 WvString WvX509Mgr::get_issuer()
00862 {
00863 return WvString(X509_NAME_oneline(X509_get_issuer_name(cert),0,0));
00864 }
00865
00866
00867 WvString WvX509Mgr::get_subject()
00868 {
00869 return WvString(X509_NAME_oneline(X509_get_subject_name(cert),0,0));
00870 }
00871
00872
00873 WvString WvX509Mgr::get_crl_dp()
00874 {
00875 WvDynBuf *buf = get_extension(NID_crl_distribution_points);
00876 if (buf)
00877 {
00878 WvString retval(buf->getstr());
00879 delete buf;
00880 return retval;
00881 }
00882 else
00883 return WvString::null;
00884 }
00885
00886
00887 WvString WvX509Mgr::get_cp_oid()
00888 {
00889 WvDynBuf *buf = get_extension(NID_certificate_policies);
00890 if (buf)
00891 {
00892 WvString retval(buf->getstr());
00893 delete buf;
00894 return retval;
00895 }
00896 else
00897 return WvString::null;
00898 }
00899
00900
00901 WvString WvX509Mgr::get_altsubject()
00902 {
00903 WvDynBuf *buf = get_extension(NID_subject_alt_name);
00904 if (buf)
00905 {
00906 WvString retval(buf->getstr());
00907 delete buf;
00908 return retval;
00909 }
00910 else
00911 return WvString::null;
00912
00913 }
00914
00915 WvDynBuf *WvX509Mgr::get_extension(int nid)
00916 {
00917 int index = X509_get_ext_by_NID(cert, nid, -1);
00918 if (index >= 0)
00919 {
00920 X509_EXTENSION *ext = X509_get_ext(cert, index);
00921 if (ext)
00922 {
00923 WvDynBuf *buf = new WvDynBuf();
00924 buf->put(ext->value->data, ext->value->length);
00925 return buf;
00926 }
00927 }
00928 return NULL;
00929 }
00930