2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 RCSID("$Id: name.c 20891 2007-06-04 22:51:41Z lha $");
38 * name parsing from rfc2253
39 * fix so parsing rfc1779 works too
45 const heim_oid *(*o)(void);
47 { "C", oid_id_at_countryName },
48 { "CN", oid_id_at_commonName },
49 { "DC", oid_id_domainComponent },
50 { "L", oid_id_at_localityName },
51 { "O", oid_id_at_organizationName },
52 { "OU", oid_id_at_organizationalUnitName },
53 { "S", oid_id_at_stateOrProvinceName },
54 { "STREET", oid_id_at_streetAddress },
55 { "UID", oid_id_Userid },
56 { "emailAddress", oid_id_pkcs9_emailAddress },
57 { "serialNumber", oid_id_at_serialNumber }
61 quote_string(const char *f, size_t len, size_t *rlen)
72 for (i = 0, j = 0; i < len; i++) {
73 if (from[i] == ' ' && i + 1 < len)
75 else if (from[i] == ',' || from[i] == '=' || from[i] == '+' ||
76 from[i] == '<' || from[i] == '>' || from[i] == '#' ||
77 from[i] == ';' || from[i] == ' ')
81 } else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) {
84 int l = snprintf(&to[j], tolen - j - 1,
85 "#%02x", (unsigned char)from[i]);
97 append_string(char **str, size_t *total_len, const char *ss,
98 size_t len, int quote)
103 qs = quote_string(ss, len, &len);
107 s = realloc(*str, len + *total_len + 1);
109 _hx509_abort("allocation failure"); /* XXX */
110 memcpy(s + *total_len, qs, len);
113 s[*total_len + len] = '\0';
120 oidtostring(const heim_oid *type)
125 for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
126 if (der_heim_oid_cmp((*no[i].o)(), type) == 0)
127 return strdup(no[i].n);
129 if (der_print_heim_oid(type, '.', &s) != 0)
135 stringtooid(const char *name, size_t len, heim_oid *oid)
140 memset(oid, 0, sizeof(*oid));
142 for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
143 if (strncasecmp(no[i].n, name, len) == 0)
144 return der_copy_oid((*no[i].o)(), oid);
149 memcpy(s, name, len);
151 ret = der_parse_heim_oid(s, ".", oid);
157 hx509_name_to_string(const hx509_name name, char **str)
159 return _hx509_Name_to_string(&name->der_name, str);
163 _hx509_Name_to_string(const Name *n, char **str)
165 size_t total_len = 0;
172 for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
175 for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
176 DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
180 oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
182 switch(ds->element) {
183 case choice_DirectoryString_ia5String:
184 ss = ds->u.ia5String;
186 case choice_DirectoryString_printableString:
187 ss = ds->u.printableString;
189 case choice_DirectoryString_utf8String:
190 ss = ds->u.utf8String;
192 case choice_DirectoryString_bmpString: {
193 uint16_t *bmp = ds->u.bmpString.data;
194 size_t bmplen = ds->u.bmpString.length;
197 ss = malloc(bmplen + 1);
199 _hx509_abort("allocation failure"); /* XXX */
200 for (k = 0; k < bmplen; k++)
201 ss[k] = bmp[k] & 0xff; /* XXX */
205 case choice_DirectoryString_teletexString:
206 ss = malloc(ds->u.teletexString.length + 1);
208 _hx509_abort("allocation failure"); /* XXX */
209 memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length);
210 ss[ds->u.teletexString.length] = '\0';
212 case choice_DirectoryString_universalString: {
213 uint32_t *uni = ds->u.universalString.data;
214 size_t unilen = ds->u.universalString.length;
217 ss = malloc(unilen + 1);
219 _hx509_abort("allocation failure"); /* XXX */
220 for (k = 0; k < unilen; k++)
221 ss[k] = uni[k] & 0xff; /* XXX */
226 _hx509_abort("unknown directory type: %d", ds->element);
229 append_string(str, &total_len, oidname, strlen(oidname), 0);
231 append_string(str, &total_len, "=", 1, 0);
233 append_string(str, &total_len, ss, len, 1);
234 if (ds->element == choice_DirectoryString_universalString ||
235 ds->element == choice_DirectoryString_bmpString ||
236 ds->element == choice_DirectoryString_teletexString)
240 if (j + 1 < n->u.rdnSequence.val[i].len)
241 append_string(str, &total_len, "+", 1, 0);
245 append_string(str, &total_len, ",", 1, 0);
251 * XXX this function is broken, it needs to compare code points, not
256 _hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2)
260 c = ds1->element - ds2->element;
264 switch(ds1->element) {
265 case choice_DirectoryString_ia5String:
266 c = strcmp(ds1->u.ia5String, ds2->u.ia5String);
268 case choice_DirectoryString_teletexString:
269 c = der_heim_octet_string_cmp(&ds1->u.teletexString,
270 &ds2->u.teletexString);
272 case choice_DirectoryString_printableString:
273 c = strcasecmp(ds1->u.printableString, ds2->u.printableString);
275 case choice_DirectoryString_utf8String:
276 c = strcmp(ds1->u.utf8String, ds2->u.utf8String);
278 case choice_DirectoryString_universalString:
279 c = der_heim_universal_string_cmp(&ds1->u.universalString,
280 &ds2->u.universalString);
282 case choice_DirectoryString_bmpString:
283 c = der_heim_bmp_string_cmp(&ds1->u.bmpString,
294 _hx509_name_cmp(const Name *n1, const Name *n2)
298 c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
302 for (i = 0 ; i < n1->u.rdnSequence.len; i++) {
303 c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len;
307 for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) {
308 c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type,
309 &n1->u.rdnSequence.val[i].val[j].type);
313 c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
314 &n2->u.rdnSequence.val[i].val[j].value);
323 hx509_name_cmp(hx509_name n1, hx509_name n2)
325 return _hx509_name_cmp(&n1->der_name, &n2->der_name);
330 _hx509_name_from_Name(const Name *n, hx509_name *name)
333 *name = calloc(1, sizeof(**name));
336 ret = copy_Name(n, &(*name)->der_name);
345 hx509_der_parse_name(const void *data, size_t length, hx509_name *name)
351 ret = decode_Name(data, length, &n, NULL);
354 return _hx509_name_from_Name(&n, name);
358 _hx509_name_modify(hx509_context context,
364 RelativeDistinguishedName *rdn;
368 ptr = realloc(name->u.rdnSequence.val,
369 sizeof(name->u.rdnSequence.val[0]) *
370 (name->u.rdnSequence.len + 1));
372 hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
375 name->u.rdnSequence.val = ptr;
378 rdn = &name->u.rdnSequence.val[name->u.rdnSequence.len];
380 memmove(&name->u.rdnSequence.val[1],
381 &name->u.rdnSequence.val[0],
382 name->u.rdnSequence.len *
383 sizeof(name->u.rdnSequence.val[0]));
385 rdn = &name->u.rdnSequence.val[0];
387 rdn->val = malloc(sizeof(rdn->val[0]));
388 if (rdn->val == NULL)
391 ret = der_copy_oid(oid, &rdn->val[0].type);
394 rdn->val[0].value.element = choice_DirectoryString_utf8String;
395 rdn->val[0].value.u.utf8String = strdup(str);
396 if (rdn->val[0].value.u.utf8String == NULL)
398 name->u.rdnSequence.len += 1;
404 hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
413 n = calloc(1, sizeof(*n));
415 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
419 n->der_name.element = choice_Name_rdnSequence;
423 while (p != NULL && *p != '\0') {
438 ret = HX509_PARSING_NAME_FAILED;
439 hx509_set_error_string(context, 0, ret, "missing = in %s", p);
443 ret = HX509_PARSING_NAME_FAILED;
444 hx509_set_error_string(context, 0, ret,
445 "missing name before = in %s", p);
450 ret = HX509_PARSING_NAME_FAILED;
451 hx509_set_error_string(context, 0, ret, " = after , in %s", p);
455 ret = stringtooid(p, q - p, &oid);
457 ret = HX509_PARSING_NAME_FAILED;
458 hx509_set_error_string(context, 0, ret,
459 "unknown type: %.*s", (int)(q - p), p);
464 size_t pstr_len = len - (q - p) - 1;
465 const char *pstr = p + (q - p) + 1;
468 r = malloc(pstr_len + 1);
472 hx509_set_error_string(context, 0, ret, "out of memory");
475 memcpy(r, pstr, pstr_len);
478 ret = _hx509_name_modify(context, &n->der_name, 0, &oid, r);
492 return HX509_NAME_MALFORMED;
496 hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to)
500 *to = calloc(1, sizeof(**to));
503 ret = copy_Name(&from->der_name, &(*to)->der_name);
513 hx509_name_to_Name(const hx509_name from, Name *to)
515 return copy_Name(&from->der_name, to);
519 hx509_name_normalize(hx509_context context, hx509_name name)
525 hx509_name_expand(hx509_context context,
529 Name *n = &name->der_name;
535 if (n->element != choice_Name_rdnSequence) {
536 hx509_set_error_string(context, 0, EINVAL, "RDN not of supported type");
540 for (i = 0 ; i < n->u.rdnSequence.len; i++) {
541 for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
543 THIS SHOULD REALLY BE:
544 COMP = n->u.rdnSequence.val[i].val[j];
545 normalize COMP to utf8
546 check if there are variables
548 convert back to orignal format, store in COMP
549 free normalized utf8 string
551 DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
553 struct rk_strpool *strpool = NULL;
555 if (ds->element != choice_DirectoryString_utf8String) {
556 hx509_set_error_string(context, 0, EINVAL, "unsupported type");
559 p = strstr(ds->u.utf8String, "${");
561 strpool = rk_strpoolprintf(strpool, "%.*s",
562 (int)(p - ds->u.utf8String),
564 if (strpool == NULL) {
565 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
570 /* expand variables */
574 hx509_set_error_string(context, 0, EINVAL, "missing }");
575 rk_strpoolfree(strpool);
579 value = hx509_env_lfind(context, env, p, p2 - p);
581 hx509_set_error_string(context, 0, EINVAL,
582 "variable %.*s missing",
584 rk_strpoolfree(strpool);
587 strpool = rk_strpoolprintf(strpool, "%s", value);
588 if (strpool == NULL) {
589 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
594 p = strstr(p2, "${");
596 strpool = rk_strpoolprintf(strpool, "%.*s",
599 strpool = rk_strpoolprintf(strpool, "%s", p2);
600 if (strpool == NULL) {
601 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
606 free(ds->u.utf8String);
607 ds->u.utf8String = rk_strpoolcollect(strpool);
608 if (ds->u.utf8String == NULL) {
609 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
620 hx509_name_free(hx509_name *name)
622 free_Name(&(*name)->der_name);
623 memset(*name, 0, sizeof(**name));
629 hx509_unparse_der_name(const void *data, size_t length, char **str)
634 ret = hx509_der_parse_name(data, length, &name);
638 ret = hx509_name_to_string(name, str);
639 hx509_name_free(&name);
644 hx509_name_to_der_name(const hx509_name name, void **data, size_t *length)
649 ASN1_MALLOC_ENCODE(Name, *data, *length, &name->der_name, &size, ret);
653 _hx509_abort("internal ASN.1 encoder error");
660 _hx509_unparse_Name(const Name *aname, char **str)
665 ret = _hx509_name_from_Name(aname, &name);
669 ret = hx509_name_to_string(name, str);
670 hx509_name_free(&name);
675 hx509_name_is_null_p(const hx509_name name)
677 return name->der_name.u.rdnSequence.len == 0;
681 hx509_general_name_unparse(GeneralName *name, char **str)
683 struct rk_strpool *strpool = NULL;
687 switch (name->element) {
688 case choice_GeneralName_otherName: {
690 hx509_oid_sprint(&name->u.otherName.type_id, &str);
693 strpool = rk_strpoolprintf(strpool, "otherName: %s", str);
697 case choice_GeneralName_rfc822Name:
698 strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n",
701 case choice_GeneralName_dNSName:
702 strpool = rk_strpoolprintf(strpool, "dNSName: %s\n",
705 case choice_GeneralName_directoryName: {
709 memset(&dir, 0, sizeof(dir));
710 dir.element = name->u.directoryName.element;
711 dir.u.rdnSequence = name->u.directoryName.u.rdnSequence;
712 ret = _hx509_unparse_Name(&dir, &s);
715 strpool = rk_strpoolprintf(strpool, "directoryName: %s", s);
719 case choice_GeneralName_uniformResourceIdentifier:
720 strpool = rk_strpoolprintf(strpool, "URI: %s",
721 name->u.uniformResourceIdentifier);
723 case choice_GeneralName_iPAddress: {
724 unsigned char *a = name->u.iPAddress.data;
726 strpool = rk_strpoolprintf(strpool, "IPAddress: ");
729 if (name->u.iPAddress.length == 4)
730 strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d",
731 a[0], a[1], a[2], a[3]);
732 else if (name->u.iPAddress.length == 16)
733 strpool = rk_strpoolprintf(strpool,
734 "%02X:%02X:%02X:%02X:"
735 "%02X:%02X:%02X:%02X:"
736 "%02X:%02X:%02X:%02X:"
737 "%02X:%02X:%02X:%02X",
738 a[0], a[1], a[2], a[3],
739 a[4], a[5], a[6], a[7],
740 a[8], a[9], a[10], a[11],
741 a[12], a[13], a[14], a[15]);
743 strpool = rk_strpoolprintf(strpool,
744 "unknown IP address of length %lu",
745 (unsigned long)name->u.iPAddress.length);
748 case choice_GeneralName_registeredID: {
750 hx509_oid_sprint(&name->u.registeredID, &str);
753 strpool = rk_strpoolprintf(strpool, "registeredID: %s", str);
763 *str = rk_strpoolcollect(strpool);