You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by mi...@apache.org on 2008/04/20 07:35:05 UTC
svn commit: r649890 - in /webservices/rampart/scratch/c/pkcs/c: ./ include/
src/omxmlsec/ src/omxmlsec/openssl/ src/util/
Author: milinda
Date: Sat Apr 19 22:35:02 2008
New Revision: 649890
URL: http://svn.apache.org/viewvc?rev=649890&view=rev
Log:
Adding common name support to x509 certificate.
Modified:
webservices/rampart/scratch/c/pkcs/c/build.sh
webservices/rampart/scratch/c/pkcs/c/include/openssl_x509.h
webservices/rampart/scratch/c/pkcs/c/include/oxs_x509_cert.h
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/x509.c
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/x509_cert.c
webservices/rampart/scratch/c/pkcs/c/src/util/rampart_encryption.c
Modified: webservices/rampart/scratch/c/pkcs/c/build.sh
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/build.sh?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/build.sh (original)
+++ webservices/rampart/scratch/c/pkcs/c/build.sh Sat Apr 19 22:35:02 2008
@@ -1,6 +1,6 @@
#!/bin/bash
set -e
./autogen.sh
-./configure --prefix=${AXIS2C_HOME} --enable-static=no --with-axis2=${AXIS2C_HOME}/include/axis2-1.3.0
+./configure --prefix=${AXIS2C_HOME} --enable-static=no --with-axis2=${AXIS2C_HOME}/include/axis2-1.3.1
make
make install
Modified: webservices/rampart/scratch/c/pkcs/c/include/openssl_x509.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/openssl_x509.h?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/openssl_x509.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/openssl_x509.h Sat Apr 19 22:35:02 2008
@@ -111,6 +111,11 @@
openssl_x509_get_info(const axutil_env_t *env,
openssl_x509_info_type_t type,
X509 *cert);
+
+ AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+ openssl_x509_get_common_name(
+ const axutil_env_t *env,
+ X509 *cert);
AXIS2_EXTERN void AXIS2_CALL
openssl_x509_print(const axutil_env_t *env,
Modified: webservices/rampart/scratch/c/pkcs/c/include/oxs_x509_cert.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/oxs_x509_cert.h?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/oxs_x509_cert.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/oxs_x509_cert.h Sat Apr 19 22:35:02 2008
@@ -273,6 +273,15 @@
oxs_x509_cert_copy_to(oxs_x509_cert_t *x509_cert,
const axutil_env_t *env,
oxs_x509_cert_t *to);
+
+ AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+ oxs_x509_cert_get_common_name(oxs_x509_cert_t *x509_cert,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ oxs_x509_cert_set_common_name(oxs_x509_cert_t *x509_cert,
+ const axutil_env_t *env,
+ axis2_char_t *common_name);
/** @} */
#ifdef __cplusplus
}
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c Sat Apr 19 22:35:02 2008
@@ -200,8 +200,8 @@
oxs_key_mgr_t *key_mgr,
const axutil_env_t *env)
{
- void *key_buf = NULL;
- axis2_key_type_t type = 0;
+ /*void *key_buf = NULL;*/
+ /* axis2_key_type_t type = 0;*/
oxs_x509_cert_t *cert = NULL;
axis2_char_t *certificate_file = NULL;
@@ -341,39 +341,29 @@
oxs_key_mgr_t *key_mgr,
const axutil_env_t *env)
{
- axis2_char_t *filename = NULL;
- axis2_char_t *pem_buf = NULL;
- axis2_status_t status = AXIS2_FAILURE;
- openssl_x509_format_t format;
- openssl_pkey_t *open_prvkey = NULL;
- openssl_pkey_t *open_pubkey = NULL;
- oxs_x509_cert_t *oxs_cert = NULL;
-
- X509 *cert = NULL;
- STACK_OF(X509) *ca = NULL;
- EVP_PKEY *prvkey = NULL;
- EVP_PKEY *pubkey = NULL;
- if (key_mgr->receiver_certificate)
- {
- return key_mgr->receiver_certificate;
- }
- else
- {
- /* If user has specified the certificate/private key directly we will extract the information from it.
- * Else we will look for a file name to load the certificate/private key*/
- pem_buf = oxs_key_mgr_get_pem_buf(key_mgr, env);
- if(pem_buf)
- {
- /*load certificate from buf*/
- status = openssl_x509_load_from_buffer(env, pem_buf, &cert);
- }
+ axis2_char_t *pem_buf = NULL;
+ oxs_x509_cert_t *oxs_cert = NULL;
+
+ if (key_mgr->receiver_certificate)
+ {
+ return key_mgr->receiver_certificate;
+ }
else
{
- cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, key_mgr->reciever_certificate_file);
+ /* If user has specified the certificate/private key directly we will extract the information from it.
+ * Else we will look for a file name to load the certificate/private key*/
+ pem_buf = oxs_key_mgr_get_pem_buf(key_mgr, env);
+ if(pem_buf)
+ {
+ /*load certificate from buf*/
+ oxs_cert = oxs_key_mgr_load_x509_cert_from_string(env, pem_buf);
+ }
+ else
+ {
+ oxs_cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, key_mgr->reciever_certificate_file);
+ }
}
- }
- key_mgr->receiver_certificate = cert;
- return cert;
+ return oxs_cert;
}
AXIS2_EXTERN axis2_key_type_t AXIS2_CALL
@@ -613,6 +603,7 @@
axis2_char_t *x509_cert_subject = NULL;
axis2_char_t *x509_cert_finger = NULL;
axis2_char_t *x509_cert_key_id = NULL;
+ axis2_char_t *x509_common_name = NULL;
x509_cert_data = openssl_x509_get_cert_data(env, cert);
x509_cert_date = openssl_x509_get_info(env, OPENSSL_X509_INFO_VALID_TO ,cert);
@@ -620,6 +611,7 @@
x509_cert_subject = openssl_x509_get_info(env, OPENSSL_X509_INFO_SUBJECT ,cert);
x509_cert_finger = openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert);
x509_cert_key_id = openssl_x509_get_subject_key_identifier(env, cert);
+ x509_common_name = openssl_x509_get_common_name(env,cert);
/*Create certificate*/
oxs_cert = oxs_x509_cert_create(env);
@@ -632,6 +624,7 @@
oxs_x509_cert_set_fingerprint(oxs_cert, env, x509_cert_finger);
oxs_x509_cert_set_serial_number(oxs_cert, env, openssl_x509_get_serial(env, cert));
oxs_x509_cert_set_key_identifier(oxs_cert, env, x509_cert_key_id);
+ oxs_x509_cert_set_common_name(oxs_cert, env, x509_common_name);
/*Additionally we need to set the public key*/
openssl_x509_get_pubkey(env, cert, &pubkey);
@@ -655,6 +648,8 @@
x509_cert_finger = NULL;
AXIS2_FREE(env->allocator, x509_cert_key_id);
x509_cert_key_id = NULL;
+ AXIS2_FREE(env->allocator, x509_common_name);
+ x509_common_name = NULL;
X509_free(cert);
cert = NULL;
@@ -736,6 +731,7 @@
axis2_char_t *x509_cert_subject = NULL;
axis2_char_t *x509_cert_fingerprint = NULL;
axis2_char_t *x509_cert_key_id = NULL;
+ axis2_char_t *x509_common_name = NULL;
x509_cert_data = openssl_x509_get_cert_data(env, cert);
x509_cert_date = openssl_x509_get_info(env, OPENSSL_X509_INFO_VALID_TO ,cert);
@@ -743,6 +739,7 @@
x509_cert_subject = openssl_x509_get_info(env, OPENSSL_X509_INFO_SUBJECT ,cert);
x509_cert_fingerprint = openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert);
x509_cert_key_id = openssl_x509_get_subject_key_identifier(env, cert);
+ x509_common_name = openssl_x509_get_common_name(env,cert);
/*Create X509 certificate*/
oxs_cert = oxs_x509_cert_create(env);
@@ -753,6 +750,7 @@
oxs_x509_cert_set_fingerprint(oxs_cert, env, x509_cert_fingerprint);
oxs_x509_cert_set_serial_number(oxs_cert, env, openssl_x509_get_serial(env, cert));
oxs_x509_cert_set_key_identifier(oxs_cert, env, x509_cert_key_id);
+ oxs_x509_cert_set_common_name(oxs_cert, env, x509_common_name);
/*Additionally we need to set the public key*/
openssl_x509_get_pubkey(env, cert, &pubkey);
@@ -777,6 +775,8 @@
x509_cert_fingerprint = NULL;
AXIS2_FREE(env->allocator, x509_cert_key_id);
x509_cert_key_id = NULL;
+ AXIS2_FREE(env->allocator, x509_common_name);
+ x509_common_name = NULL;
/*Free the certificate*/
X509_free(cert);
cert = NULL;
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c Sat Apr 19 22:35:02 2008
@@ -129,6 +129,7 @@
axis2_char_t *x509_cert_subject = NULL;
axis2_char_t *x509_cert_finger = NULL;
axis2_char_t *x509_cert_key_id = NULL;
+ axis2_char_t *x509_common_name = NULL;
EVP_PKEY *pub_key = NULL;
openssl_pkey_t *open_pubkey = NULL;
oxs_x509_cert_t *cert_out = NULL;
@@ -139,6 +140,7 @@
x509_cert_subject = openssl_x509_get_info(env, OPENSSL_X509_INFO_SUBJECT ,cert_in);
x509_cert_finger = openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER, cert_in);
x509_cert_key_id = openssl_x509_get_subject_key_identifier(env, cert_in);
+ x509_common_name = openssl_x509_get_common_name(env,cert_in);
cert_out = oxs_x509_cert_create(env);
if(!cert_out)
@@ -153,6 +155,7 @@
oxs_x509_cert_set_fingerprint(cert_out, env, x509_cert_finger);
oxs_x509_cert_set_serial_number(cert_out, env, openssl_x509_get_serial(env, cert_in));
oxs_x509_cert_set_key_identifier(cert_out, env, x509_cert_key_id);
+ oxs_x509_cert_set_common_name(cert_out, env, x509_common_name);
openssl_x509_get_pubkey(env, cert_in, &pub_key);
open_pubkey = openssl_pkey_create(env);
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/x509.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/x509.c?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/x509.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/x509.c Sat Apr 19 22:35:02 2008
@@ -407,6 +407,61 @@
return result;
}
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+openssl_x509_get_common_name(
+ const axutil_env_t *env,
+ X509 *cert)
+{
+ X509_NAME *subject = NULL;
+ int pos = -1;
+ X509_NAME_ENTRY *entry = NULL;
+ ASN1_STRING *entry_str;
+ BIO *out = NULL;
+ unsigned char *data= NULL;
+ axis2_char_t *result = NULL;
+ int n = 0;
+
+ out = BIO_new(BIO_s_mem());
+ subject = X509_get_subject_name(cert);
+ pos = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
+
+ if(pos < 0)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "No Common Name in given X509 Certificate!");
+ return NULL;
+ }
+
+ if (X509_NAME_get_index_by_NID(subject, NID_commonName, pos) >= 0)
+ {
+ /* Handling multiple common names. */
+ }
+
+ if ((entry = X509_NAME_get_entry(subject, pos)) == 0)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error occured during when retrieving common name from X509_NAME!");
+ return NULL;
+ }
+
+ if ((entry_str = X509_NAME_ENTRY_get_data(entry)) == 0)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error occured during when retrieving common name from X509_NAME_ENTRY!");
+ return NULL;
+ }
+
+ ASN1_TIME_print(out, entry_str);
+ n = BIO_get_mem_data(out, &data);
+ result = axutil_strndup( env, data, n);
+
+ BIO_free(out);
+ out = NULL;
+
+ return result;
+}
+
+
AXIS2_EXTERN void AXIS2_CALL
openssl_x509_print(const axutil_env_t *env,
X509 *cert)
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/x509_cert.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/x509_cert.c?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/x509_cert.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/x509_cert.c Sat Apr 19 22:35:02 2008
@@ -31,6 +31,7 @@
axis2_char_t *date;
axis2_char_t *hash;
axis2_char_t *data;
+ axis2_char_t *common_name;
openssl_pkey_t *public_key;
};
@@ -61,6 +62,7 @@
x509_cert->hash =NULL;
x509_cert->data =NULL;
x509_cert->public_key =NULL;
+ x509_cert->common_name = NULL;
return x509_cert;
}
@@ -102,6 +104,11 @@
openssl_pkey_free(x509_cert->public_key, env);
x509_cert->public_key = NULL;
}
+
+ if(x509_cert->common_name){
+ AXIS2_FREE(env->allocator, x509_cert->common_name);
+ x509_cert->common_name = NULL;
+ }
AXIS2_FREE(env->allocator, x509_cert);
x509_cert = NULL;
@@ -123,6 +130,7 @@
oxs_x509_cert_set_hash(to, env, x509_cert->hash);
oxs_x509_cert_set_data(to, env, x509_cert->data);
oxs_x509_cert_set_public_key(to, env, x509_cert->public_key);
+ oxs_x509_cert_set_common_name(to, env, x509_cert->common_name);
return AXIS2_SUCCESS;
}
@@ -181,6 +189,27 @@
const axutil_env_t *env)
{
return x509_cert->public_key;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+oxs_x509_cert_get_common_name(oxs_x509_cert_t *x509_cert,
+ const axutil_env_t *env)
+{
+ return x509_cert->common_name;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_x509_cert_set_common_name(oxs_x509_cert_t *x509_cert,
+ const axutil_env_t *env,
+ axis2_char_t *common_name)
+{
+ if(x509_cert->common_name)
+ {
+ AXIS2_FREE(env->allocator, x509_cert->common_name);
+ x509_cert->common_name = NULL;
+ }
+ x509_cert->common_name = axutil_strdup(env,common_name);
+ return AXIS2_SUCCESS;
}
/*Setters*/
Modified: webservices/rampart/scratch/c/pkcs/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/util/rampart_encryption.c?rev=649890&r1=649889&r2=649890&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/util/rampart_encryption.c Sat Apr 19 22:35:02 2008
@@ -82,7 +82,6 @@
rp_property_t *token = NULL;
rp_property_type_t token_type;
axis2_char_t *eki = NULL;
- void *key_buf = NULL;
axis2_char_t *certificate_file = NULL;
oxs_key_mgr_t *key_mgr = NULL;
oxs_x509_cert_t *certificate = NULL;