openvpn3/mbedtls_2pki_2x509certinfo_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//

//


#pragma once


#include <cstring>

#include <string>

#include <vector>


#include <mbedtls/x509.h>

#include <mbedtls/x509_crt.h>

#include <mbedtls/oid.h>


#include "openvpn/common/hexstr.hpp"


#define MBEDTLS_MAX_SUBJECT_LENGTH 256


namespace openvpn::MbedTLSPKI {


static std::string x509_get_subject(const mbedtls_x509_crt *cert,

                                    bool new_format = false)

{

    if (!new_format)

    {

        // Try to return the x509 subject formatted like the OpenSSL

        // X509_NAME_oneline method.  Only attributes matched in the switch

        // statements below will be rendered.  All other attributes will be

        // ignored.


        std::string ret;

        for (const mbedtls_x509_name *name = &cert->subject;

             name != nullptr;

             name = name->next)

        {

            const char *key = nullptr;

            if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid))

                key = "CN";

            else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_COUNTRY, &name->oid))

                key = "C";

            else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_LOCALITY, &name->oid))

                key = "L";

            else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_STATE, &name->oid))

                key = "ST";

            else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_ORGANIZATION, &name->oid))

                key = "O";

            else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_ORG_UNIT, &name->oid))

                key = "OU";

            else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_EMAIL, &name->oid))

                key = "emailAddress";


            // make sure that key is defined and value has no embedded nulls

            if (key && !string::embedded_null((const char *)name->val.p, name->val.len))

                ret += "/" + std::string(key)

                       + "=" + std::string((const char *)name->val.p, name->val.len);

        }

        return ret;

    }


    char tmp_subj[MBEDTLS_MAX_SUBJECT_LENGTH] = {0};

    int ret = mbedtls_x509_dn_gets(tmp_subj,

                                   MBEDTLS_MAX_SUBJECT_LENGTH - 1,

                                   &cert->subject);

    return (ret > 0 ? std::string(tmp_subj) : std::string(""));

}


static std::string x509_get_common_name(const mbedtls_x509_crt *cert)

{

    const mbedtls_x509_name *name = &cert->subject;


    // find common name

    while (name != nullptr)

    {

        if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid))

        {

            break;

        }

        name = name->next;

    }


    return (name ? std::string((const char *)name->val.p, name->val.len)

                 : std::string(""));

}


} // namespace openvpn::MbedTLSPKI

hexstr.hpp

MBEDTLS_MAX_SUBJECT_LENGTH
#define MBEDTLS_MAX_SUBJECT_LENGTH
Definition x509certinfo.hpp:25

openvpn::MbedTLSPKI
Definition dh.hpp:28

openvpn::MbedTLSPKI::x509_get_common_name
static std::string x509_get_common_name(const mbedtls_x509_crt *cert)
Definition x509certinfo.hpp:112

openvpn::MbedTLSPKI::x509_get_subject
static std::string x509_get_subject(const mbedtls_x509_crt *cert, bool new_format=false)
Definition x509certinfo.hpp:56

openvpn::string::embedded_null
bool embedded_null(const char *str, size_t len)
Definition string.hpp:238

ret
std::string ret
Definition test_capture.cpp:268