/src/botan/src/lib/x509/asn1_alt_name.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * AlternativeName |
3 | | * (C) 1999-2007 Jack Lloyd |
4 | | * 2007 Yves Jerschow |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/pkix_types.h> |
10 | | #include <botan/der_enc.h> |
11 | | #include <botan/ber_dec.h> |
12 | | #include <botan/oids.h> |
13 | | #include <botan/internal/stl_util.h> |
14 | | #include <botan/internal/parsing.h> |
15 | | #include <botan/internal/loadstor.h> |
16 | | |
17 | | #include <sstream> |
18 | | |
19 | | namespace Botan { |
20 | | |
21 | | /* |
22 | | * Create an AlternativeName |
23 | | */ |
24 | | AlternativeName::AlternativeName(const std::string& email_addr, |
25 | | const std::string& uri, |
26 | | const std::string& dns, |
27 | | const std::string& ip) |
28 | 34.1k | { |
29 | 34.1k | add_attribute("RFC822", email_addr); |
30 | 34.1k | add_attribute("DNS", dns); |
31 | 34.1k | add_attribute("URI", uri); |
32 | 34.1k | add_attribute("IP", ip); |
33 | 34.1k | } |
34 | | |
35 | | /* |
36 | | * Add an attribute to an alternative name |
37 | | */ |
38 | | void AlternativeName::add_attribute(const std::string& type, |
39 | | const std::string& value) |
40 | 160k | { |
41 | 160k | if(type.empty() || value.empty()) |
42 | 141k | return; |
43 | | |
44 | 19.5k | auto range = m_alt_info.equal_range(type); |
45 | 119k | for(auto j = range.first; j != range.second; ++j) |
46 | 105k | if(j->second == value) |
47 | 5.34k | return; |
48 | | |
49 | 14.1k | multimap_insert(m_alt_info, type, value); |
50 | 14.1k | } |
51 | | |
52 | | /* |
53 | | * Add an OtherName field |
54 | | */ |
55 | | void AlternativeName::add_othername(const OID& oid, const std::string& value, |
56 | | ASN1_Type type) |
57 | 2.92k | { |
58 | 2.92k | if(value.empty()) |
59 | 188 | return; |
60 | 2.73k | multimap_insert(m_othernames, oid, ASN1_String(value, type)); |
61 | 2.73k | } |
62 | | |
63 | | /* |
64 | | * Return all of the alternative names |
65 | | */ |
66 | | std::multimap<std::string, std::string> AlternativeName::contents() const |
67 | 655 | { |
68 | 655 | std::multimap<std::string, std::string> names; |
69 | | |
70 | 655 | for(const auto& name : m_alt_info) |
71 | 2.26k | { |
72 | 2.26k | multimap_insert(names, name.first, name.second); |
73 | 2.26k | } |
74 | | |
75 | 655 | for(const auto& othername : m_othernames) |
76 | 900 | { |
77 | 900 | multimap_insert(names, |
78 | 900 | othername.first.to_formatted_string(), |
79 | 900 | othername.second.value()); |
80 | 900 | } |
81 | | |
82 | 655 | return names; |
83 | 655 | } |
84 | | |
85 | | bool AlternativeName::has_field(const std::string& attr) const |
86 | 0 | { |
87 | 0 | auto range = m_alt_info.equal_range(attr); |
88 | 0 | return (range.first != range.second); |
89 | 0 | } |
90 | | |
91 | | std::string AlternativeName::get_first_attribute(const std::string& attr) const |
92 | 0 | { |
93 | 0 | auto i = m_alt_info.lower_bound(attr); |
94 | 0 | if(i != m_alt_info.end() && i->first == attr) |
95 | 0 | return i->second; |
96 | | |
97 | 0 | return ""; |
98 | 0 | } |
99 | | |
100 | | std::vector<std::string> AlternativeName::get_attribute(const std::string& attr) const |
101 | 0 | { |
102 | 0 | std::vector<std::string> results; |
103 | 0 | auto range = m_alt_info.equal_range(attr); |
104 | 0 | for(auto i = range.first; i != range.second; ++i) |
105 | 0 | results.push_back(i->second); |
106 | 0 | return results; |
107 | 0 | } |
108 | | |
109 | | X509_DN AlternativeName::dn() const |
110 | 0 | { |
111 | 0 | X509_DN dn; |
112 | 0 | auto range = m_alt_info.equal_range("DN"); |
113 | |
|
114 | 0 | for(auto i = range.first; i != range.second; ++i) |
115 | 0 | { |
116 | 0 | std::istringstream strm(i->second); |
117 | 0 | strm >> dn; |
118 | 0 | } |
119 | |
|
120 | 0 | return dn; |
121 | 0 | } |
122 | | |
123 | | /* |
124 | | * Return if this object has anything useful |
125 | | */ |
126 | | bool AlternativeName::has_items() const |
127 | 0 | { |
128 | 0 | return (!m_alt_info.empty() || !m_othernames.empty()); |
129 | 0 | } |
130 | | |
131 | | namespace { |
132 | | |
133 | | /* |
134 | | * DER encode an AlternativeName entry |
135 | | */ |
136 | | void encode_entries(DER_Encoder& encoder, |
137 | | const std::multimap<std::string, std::string>& attr, |
138 | | const std::string& type, ASN1_Type tagging) |
139 | 0 | { |
140 | 0 | auto range = attr.equal_range(type); |
141 | |
|
142 | 0 | for(auto i = range.first; i != range.second; ++i) |
143 | 0 | { |
144 | 0 | if(type == "RFC822" || type == "DNS" || type == "URI") |
145 | 0 | { |
146 | 0 | ASN1_String asn1_string(i->second, ASN1_Type::Ia5String); |
147 | 0 | encoder.add_object(tagging, ASN1_Class::ContextSpecific, asn1_string.value()); |
148 | 0 | } |
149 | 0 | else if(type == "IP") |
150 | 0 | { |
151 | 0 | const uint32_t ip = string_to_ipv4(i->second); |
152 | 0 | uint8_t ip_buf[4] = { 0 }; |
153 | 0 | store_be(ip, ip_buf); |
154 | 0 | encoder.add_object(tagging, ASN1_Class::ContextSpecific, ip_buf, 4); |
155 | 0 | } |
156 | 0 | else if (type == "DN") |
157 | 0 | { |
158 | 0 | std::stringstream ss(i->second); |
159 | 0 | X509_DN dn; |
160 | 0 | ss >> dn; |
161 | 0 | encoder.encode(dn); |
162 | 0 | } |
163 | 0 | } |
164 | 0 | } |
165 | | |
166 | | } |
167 | | |
168 | | /* |
169 | | * DER encode an AlternativeName extension |
170 | | */ |
171 | | void AlternativeName::encode_into(DER_Encoder& der) const |
172 | 0 | { |
173 | 0 | der.start_sequence(); |
174 | |
|
175 | 0 | encode_entries(der, m_alt_info, "RFC822", ASN1_Type(1)); |
176 | 0 | encode_entries(der, m_alt_info, "DNS", ASN1_Type(2)); |
177 | 0 | encode_entries(der, m_alt_info, "DN", ASN1_Type(4)); |
178 | 0 | encode_entries(der, m_alt_info, "URI", ASN1_Type(6)); |
179 | 0 | encode_entries(der, m_alt_info, "IP", ASN1_Type(7)); |
180 | |
|
181 | 0 | for(const auto& othername : m_othernames) |
182 | 0 | { |
183 | 0 | der.start_explicit(0) |
184 | 0 | .encode(othername.first) |
185 | 0 | .start_explicit(0) |
186 | 0 | .encode(othername.second) |
187 | 0 | .end_explicit() |
188 | 0 | .end_explicit(); |
189 | 0 | } |
190 | |
|
191 | 0 | der.end_cons(); |
192 | 0 | } |
193 | | |
194 | | /* |
195 | | * Decode a BER encoded AlternativeName |
196 | | */ |
197 | | void AlternativeName::decode_from(BER_Decoder& source) |
198 | 5.27k | { |
199 | 5.27k | BER_Decoder names = source.start_sequence(); |
200 | | |
201 | | // FIXME this is largely a duplication of GeneralName::decode_from |
202 | | |
203 | 56.2k | while(names.more_items()) |
204 | 50.9k | { |
205 | 50.9k | BER_Object obj = names.get_next_object(); |
206 | | |
207 | 50.9k | if(obj.is_a(0, ASN1_Class::ContextSpecific)) |
208 | 4.55k | { |
209 | 4.55k | BER_Decoder othername(obj); |
210 | | |
211 | 4.55k | OID oid; |
212 | 4.55k | othername.decode(oid); |
213 | 4.55k | if(othername.more_items()) |
214 | 4.09k | { |
215 | 4.09k | BER_Object othername_value_outer = othername.get_next_object(); |
216 | 4.09k | othername.verify_end(); |
217 | | |
218 | 4.09k | if(othername_value_outer.is_a(0, ASN1_Class::ExplicitContextSpecific) == false) |
219 | 45 | throw Decoding_Error("Invalid tags on otherName value"); |
220 | | |
221 | 4.04k | BER_Decoder othername_value_inner(othername_value_outer); |
222 | | |
223 | 4.04k | BER_Object value = othername_value_inner.get_next_object(); |
224 | 4.04k | othername_value_inner.verify_end(); |
225 | | |
226 | 4.04k | if(ASN1_String::is_string_type(value.type()) && value.get_class() == ASN1_Class::Universal) |
227 | 2.92k | { |
228 | 2.92k | add_othername(oid, ASN1::to_string(value), value.type()); |
229 | 2.92k | } |
230 | 4.04k | } |
231 | 4.55k | } |
232 | 50.9k | if(obj.is_a(1, ASN1_Class::ContextSpecific)) |
233 | 9.28k | { |
234 | 9.28k | add_attribute("RFC822", ASN1::to_string(obj)); |
235 | 9.28k | } |
236 | 41.6k | else if(obj.is_a(2, ASN1_Class::ContextSpecific)) |
237 | 5.23k | { |
238 | 5.23k | add_attribute("DNS", ASN1::to_string(obj)); |
239 | 5.23k | } |
240 | 36.4k | else if(obj.is_a(6, ASN1_Class::ContextSpecific)) |
241 | 3.45k | { |
242 | 3.45k | add_attribute("URI", ASN1::to_string(obj)); |
243 | 3.45k | } |
244 | 32.9k | else if(obj.is_a(4, ASN1_Class::ContextSpecific | ASN1_Class::Constructed)) |
245 | 4.33k | { |
246 | 4.33k | BER_Decoder dec(obj); |
247 | 4.33k | X509_DN dn; |
248 | 4.33k | std::stringstream ss; |
249 | | |
250 | 4.33k | dec.decode(dn); |
251 | 4.33k | ss << dn; |
252 | | |
253 | 4.33k | add_attribute("DN", ss.str()); |
254 | 4.33k | } |
255 | 28.6k | else if(obj.is_a(7, ASN1_Class::ContextSpecific)) |
256 | 4.27k | { |
257 | 4.27k | if(obj.length() == 4) |
258 | 2.73k | { |
259 | 2.73k | const uint32_t ip = load_be<uint32_t>(obj.bits(), 0); |
260 | 2.73k | add_attribute("IP", ipv4_to_string(ip)); |
261 | 2.73k | } |
262 | 4.27k | } |
263 | | |
264 | 50.9k | } |
265 | 5.27k | } |
266 | | |
267 | | } |