/src/botan/src/lib/x509/asn1_alt_name.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * AlternativeName |
3 | | * (C) 1999-2007 Jack Lloyd |
4 | | * 2007 Yves Jerschow |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/asn1_alt_name.h> |
10 | | #include <botan/der_enc.h> |
11 | | #include <botan/ber_dec.h> |
12 | | #include <botan/oids.h> |
13 | | #include <botan/internal/stl_util.h> |
14 | | #include <botan/parsing.h> |
15 | | #include <botan/loadstor.h> |
16 | | #include <botan/x509_dn.h> |
17 | | |
18 | | #include <sstream> |
19 | | |
20 | | namespace Botan { |
21 | | |
22 | | /* |
23 | | * Create an AlternativeName |
24 | | */ |
25 | | AlternativeName::AlternativeName(const std::string& email_addr, |
26 | | const std::string& uri, |
27 | | const std::string& dns, |
28 | | const std::string& ip) |
29 | 34.3k | { |
30 | 34.3k | add_attribute("RFC822", email_addr); |
31 | 34.3k | add_attribute("DNS", dns); |
32 | 34.3k | add_attribute("URI", uri); |
33 | 34.3k | add_attribute("IP", ip); |
34 | 34.3k | } |
35 | | |
36 | | /* |
37 | | * Add an attribute to an alternative name |
38 | | */ |
39 | | void AlternativeName::add_attribute(const std::string& type, |
40 | | const std::string& value) |
41 | 156k | { |
42 | 156k | if(type.empty() || value.empty()) |
43 | 137k | return; |
44 | 18.3k | |
45 | 18.3k | auto range = m_alt_info.equal_range(type); |
46 | 155k | for(auto j = range.first; j != range.second; ++j) |
47 | 141k | if(j->second == value) |
48 | 4.67k | return; |
49 | 18.3k | |
50 | 13.6k | multimap_insert(m_alt_info, type, value); |
51 | 13.6k | } |
52 | | |
53 | | /* |
54 | | * Add an OtherName field |
55 | | */ |
56 | | void AlternativeName::add_othername(const OID& oid, const std::string& value, |
57 | | ASN1_Tag type) |
58 | 1.46k | { |
59 | 1.46k | if(value.empty()) |
60 | 112 | return; |
61 | 1.35k | multimap_insert(m_othernames, oid, ASN1_String(value, type)); |
62 | 1.35k | } |
63 | | |
64 | | /* |
65 | | * Return all of the alternative names |
66 | | */ |
67 | | std::multimap<std::string, std::string> AlternativeName::contents() const |
68 | 958 | { |
69 | 958 | std::multimap<std::string, std::string> names; |
70 | 958 | |
71 | 7.06k | for(auto i = m_alt_info.begin(); i != m_alt_info.end(); ++i) |
72 | 6.10k | { |
73 | 6.10k | multimap_insert(names, i->first, i->second); |
74 | 6.10k | } |
75 | 958 | |
76 | 1.72k | for(auto i = m_othernames.begin(); i != m_othernames.end(); ++i) |
77 | 771 | { |
78 | 771 | multimap_insert(names, i->first.to_formatted_string(), i->second.value()); |
79 | 771 | } |
80 | 958 | |
81 | 958 | return names; |
82 | 958 | } |
83 | | |
84 | | bool AlternativeName::has_field(const std::string& attr) const |
85 | 0 | { |
86 | 0 | auto range = m_alt_info.equal_range(attr); |
87 | 0 | return (range.first != range.second); |
88 | 0 | } |
89 | | |
90 | | std::string AlternativeName::get_first_attribute(const std::string& attr) const |
91 | 0 | { |
92 | 0 | auto i = m_alt_info.lower_bound(attr); |
93 | 0 | if(i != m_alt_info.end() && i->first == attr) |
94 | 0 | return i->second; |
95 | 0 | |
96 | 0 | return ""; |
97 | 0 | } |
98 | | |
99 | | std::vector<std::string> AlternativeName::get_attribute(const std::string& attr) const |
100 | 0 | { |
101 | 0 | std::vector<std::string> results; |
102 | 0 | auto range = m_alt_info.equal_range(attr); |
103 | 0 | for(auto i = range.first; i != range.second; ++i) |
104 | 0 | results.push_back(i->second); |
105 | 0 | return results; |
106 | 0 | } |
107 | | |
108 | | X509_DN AlternativeName::dn() const |
109 | 0 | { |
110 | 0 | X509_DN dn; |
111 | 0 | auto range = m_alt_info.equal_range("DN"); |
112 | 0 |
|
113 | 0 | for(auto i = range.first; i != range.second; ++i) |
114 | 0 | { |
115 | 0 | std::istringstream strm(i->second); |
116 | 0 | strm >> dn; |
117 | 0 | } |
118 | 0 |
|
119 | 0 | return dn; |
120 | 0 | } |
121 | | |
122 | | /* |
123 | | * Return if this object has anything useful |
124 | | */ |
125 | | bool AlternativeName::has_items() const |
126 | 0 | { |
127 | 0 | return (m_alt_info.size() > 0 || m_othernames.size() > 0); |
128 | 0 | } |
129 | | |
130 | | namespace { |
131 | | |
132 | | /* |
133 | | * DER encode an AlternativeName entry |
134 | | */ |
135 | | void encode_entries(DER_Encoder& encoder, |
136 | | const std::multimap<std::string, std::string>& attr, |
137 | | const std::string& type, ASN1_Tag tagging) |
138 | 0 | { |
139 | 0 | auto range = attr.equal_range(type); |
140 | 0 |
|
141 | 0 | for(auto i = range.first; i != range.second; ++i) |
142 | 0 | { |
143 | 0 | if(type == "RFC822" || type == "DNS" || type == "URI") |
144 | 0 | { |
145 | 0 | ASN1_String asn1_string(i->second, IA5_STRING); |
146 | 0 | encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.value()); |
147 | 0 | } |
148 | 0 | else if(type == "IP") |
149 | 0 | { |
150 | 0 | const uint32_t ip = string_to_ipv4(i->second); |
151 | 0 | uint8_t ip_buf[4] = { 0 }; |
152 | 0 | store_be(ip, ip_buf); |
153 | 0 | encoder.add_object(tagging, CONTEXT_SPECIFIC, ip_buf, 4); |
154 | 0 | } |
155 | 0 | else if (type == "DN") |
156 | 0 | { |
157 | 0 | std::stringstream ss(i->second); |
158 | 0 | X509_DN dn; |
159 | 0 | ss >> dn; |
160 | 0 | encoder.encode(dn); |
161 | 0 | } |
162 | 0 | } |
163 | 0 | } |
164 | | |
165 | | } |
166 | | |
167 | | /* |
168 | | * DER encode an AlternativeName extension |
169 | | */ |
170 | | void AlternativeName::encode_into(DER_Encoder& der) const |
171 | 0 | { |
172 | 0 | der.start_cons(SEQUENCE); |
173 | 0 |
|
174 | 0 | encode_entries(der, m_alt_info, "RFC822", ASN1_Tag(1)); |
175 | 0 | encode_entries(der, m_alt_info, "DNS", ASN1_Tag(2)); |
176 | 0 | encode_entries(der, m_alt_info, "DN", ASN1_Tag(4)); |
177 | 0 | encode_entries(der, m_alt_info, "URI", ASN1_Tag(6)); |
178 | 0 | encode_entries(der, m_alt_info, "IP", ASN1_Tag(7)); |
179 | 0 |
|
180 | 0 | for(auto i = m_othernames.begin(); i != m_othernames.end(); ++i) |
181 | 0 | { |
182 | 0 | der.start_explicit(0) |
183 | 0 | .encode(i->first) |
184 | 0 | .start_explicit(0) |
185 | 0 | .encode(i->second) |
186 | 0 | .end_explicit() |
187 | 0 | .end_explicit(); |
188 | 0 | } |
189 | 0 |
|
190 | 0 | der.end_cons(); |
191 | 0 | } |
192 | | |
193 | | /* |
194 | | * Decode a BER encoded AlternativeName |
195 | | */ |
196 | | void AlternativeName::decode_from(BER_Decoder& source) |
197 | 4.61k | { |
198 | 4.61k | BER_Decoder names = source.start_cons(SEQUENCE); |
199 | 4.61k | |
200 | | // FIXME this is largely a duplication of GeneralName::decode_from |
201 | 4.61k | |
202 | 44.1k | while(names.more_items()) |
203 | 39.6k | { |
204 | 39.6k | BER_Object obj = names.get_next_object(); |
205 | 39.6k | |
206 | 39.6k | if(obj.is_a(0, CONTEXT_SPECIFIC)) |
207 | 2.29k | { |
208 | 2.29k | BER_Decoder othername(obj); |
209 | 2.29k | |
210 | 2.29k | OID oid; |
211 | 2.29k | othername.decode(oid); |
212 | 2.29k | if(othername.more_items()) |
213 | 2.03k | { |
214 | 2.03k | BER_Object othername_value_outer = othername.get_next_object(); |
215 | 2.03k | othername.verify_end(); |
216 | 2.03k | |
217 | 2.03k | if(othername_value_outer.is_a(0, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) == false) |
218 | 33 | throw Decoding_Error("Invalid tags on otherName value"); |
219 | 2.00k | |
220 | 2.00k | BER_Decoder othername_value_inner(othername_value_outer); |
221 | 2.00k | |
222 | 2.00k | BER_Object value = othername_value_inner.get_next_object(); |
223 | 2.00k | othername_value_inner.verify_end(); |
224 | 2.00k | |
225 | 2.00k | if(ASN1_String::is_string_type(value.type()) && value.get_class() == UNIVERSAL) |
226 | 1.46k | { |
227 | 1.46k | add_othername(oid, ASN1::to_string(value), value.type()); |
228 | 1.46k | } |
229 | 2.00k | } |
230 | 2.29k | } |
231 | 39.5k | if(obj.is_a(1, CONTEXT_SPECIFIC)) |
232 | 6.43k | { |
233 | 6.43k | add_attribute("RFC822", ASN1::to_string(obj)); |
234 | 6.43k | } |
235 | 33.1k | else if(obj.is_a(2, CONTEXT_SPECIFIC)) |
236 | 2.84k | { |
237 | 2.84k | add_attribute("DNS", ASN1::to_string(obj)); |
238 | 2.84k | } |
239 | 30.2k | else if(obj.is_a(6, CONTEXT_SPECIFIC)) |
240 | 2.44k | { |
241 | 2.44k | add_attribute("URI", ASN1::to_string(obj)); |
242 | 2.44k | } |
243 | 27.8k | else if(obj.is_a(4, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))) |
244 | 4.10k | { |
245 | 4.10k | BER_Decoder dec(obj); |
246 | 4.10k | X509_DN dn; |
247 | 4.10k | std::stringstream ss; |
248 | 4.10k | |
249 | 4.10k | dec.decode(dn); |
250 | 4.10k | ss << dn; |
251 | 4.10k | |
252 | 4.10k | add_attribute("DN", ss.str()); |
253 | 4.10k | } |
254 | 23.7k | else if(obj.is_a(7, CONTEXT_SPECIFIC)) |
255 | 4.31k | { |
256 | 4.31k | if(obj.length() == 4) |
257 | 3.99k | { |
258 | 3.99k | const uint32_t ip = load_be<uint32_t>(obj.bits(), 0); |
259 | 3.99k | add_attribute("IP", ipv4_to_string(ip)); |
260 | 3.99k | } |
261 | 4.31k | } |
262 | 39.5k | |
263 | 39.5k | } |
264 | 4.61k | } |
265 | | |
266 | | } |