You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2014/06/24 12:37:17 UTC
svn commit: r1605052 - in /subversion/branches/svn-auth-x509/subversion:
libsvn_subr/x509.h libsvn_subr/x509parse.c svn/auth-cmd.c
Author: stsp
Date: Tue Jun 24 10:37:17 2014
New Revision: 1605052
URL: http://svn.apache.org/r1605052
Log:
On the svn-auth-x509 branch, make the x509 parser return an APR hash table
containing cert information, instead of a custom x509 cert structure.
* subversion/libsvn_subr/x509.h
(SVN_X509_CERTINFO_KEY_ISSUER,
SVN_X509_CERTINFO_KEY_VALID_FROM,
SVN_X509_CERTINFO_KEY_VALID_TO): New hash key macros.
(svn_x509_parse_cert): Change output parameter to apr_hash_t **.
* subversion/libsvn_subr/x509parse.c
(): Include svn_hash.
(svn_x509_parse_cert): Return certificate information in a hash table.
For now, values are rendered just like 'svn auth' printed them.
* subversion/svn/auth-cmd.c
(show_cert): Adjust caller.
Modified:
subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h
subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c
Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h?rev=1605052&r1=1605051&r2=1605052&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h Tue Jun 24 10:37:17 2014
@@ -169,13 +169,19 @@ typedef struct _x509_cert {
} x509_cert;
+#define SVN_X509_CERTINFO_KEY_ISSUER "issuer"
+#define SVN_X509_CERTINFO_KEY_VALID_FROM "valid-from"
+#define SVN_X509_CERTINFO_KEY_VALID_TO "valid-to"
+
#ifdef __cplusplus
extern "C" {
#endif
- /* Parse x509 DER certificate data from BUF (with length BUFLEN),
- * returning a structured representation in *CERT, allocated in RESULT_POOL. */
- int svn_x509_parse_cert(x509_cert **cert,
+ /* Parse x509 DER certificate data from BUF with length BUFLEN
+ * and return certificate information in *CERT, allocated in
+ * RESULT_POOL. The certinfo hash contains values of type
+ * 'const char *' keyed by SVN_X509_CERTINFO_KEY_* macros. */
+ int svn_x509_parse_cert(apr_hash_t **certinfo,
const char *buf,
int buflen,
apr_pool_t *result_pool,
Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1605052&r1=1605051&r2=1605052&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Tue Jun 24 10:37:17 2014
@@ -45,6 +45,7 @@
*/
#include <apr_pools.h>
+#include <svn_hash.h>
#include "x509.h"
@@ -420,7 +421,7 @@ static int x509_get_uid(const unsigned c
* Parse one certificate.
*/
int
-svn_x509_parse_cert(x509_cert **cert,
+svn_x509_parse_cert(apr_hash_t **certinfo,
const char *buf,
int buflen,
apr_pool_t *result_pool,
@@ -430,8 +431,9 @@ svn_x509_parse_cert(x509_cert **cert,
const unsigned char *p;
const unsigned char *end;
x509_cert *crt;
+ char name[1024];
- crt = apr_pcalloc(result_pool, sizeof(*crt));
+ crt = apr_pcalloc(scratch_pool, sizeof(*crt));
p = (const unsigned char *)buf;
len = buflen;
end = p + len;
@@ -599,7 +601,31 @@ svn_x509_parse_cert(x509_cert **cert,
TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
}
- *cert = crt;
+ *certinfo = apr_hash_make(result_pool);
+
+ x509parse_dn_gets(name, name + sizeof(name), &crt->issuer);
+ svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_ISSUER,
+ apr_pstrdup(result_pool, name));
+
+ svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_VALID_FROM,
+ apr_psprintf(result_pool,
+ "%4d/%02d/%02d %02d:%02d:%02d",
+ crt->valid_from.year,
+ crt->valid_from.mon,
+ crt->valid_from.day,
+ crt->valid_from.hour,
+ crt->valid_from.min,
+ crt->valid_from.sec));
+
+ svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_VALID_TO,
+ apr_psprintf(result_pool,
+ "%4d/%02d/%02d %02d:%02d:%02d",
+ crt->valid_to.year,
+ crt->valid_to.mon,
+ crt->valid_to.day,
+ crt->valid_to.hour,
+ crt->valid_to.min,
+ crt->valid_to.sec));
return (0);
}
Modified: subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c?rev=1605052&r1=1605051&r2=1605052&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c (original)
+++ subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c Tue Jun 24 10:37:17 2014
@@ -174,42 +174,28 @@ show_cert(const svn_string_t *pem_cert,
{
const svn_string_t *der_cert;
int x509_err;
- x509_cert *cert;
- char name[1024];
+ apr_hash_t *certinfo;
/* Convert header-less PEM to DER by undoing base64 encoding. */
der_cert = svn_base64_decode_string(pem_cert, scratch_pool);
- x509_err = svn_x509_parse_cert(&cert, der_cert->data, der_cert->len,
- scratch_pool, scratch_pool);
+ x509_err = svn_x509_parse_cert(&certinfo, der_cert->data, der_cert->len,
+ scratch_pool, scratch_pool);
if (x509_err)
{
svn_cmdline_printf(scratch_pool, _("Error parsing certificate: 0x%x\n"), -x509_err);
return SVN_NO_ERROR;
}
- if (cert == NULL)
- {
- svn_cmdline_printf(scratch_pool, _("Error parsing certificate\n"));
- return SVN_NO_ERROR;
- }
-
- SVN_ERR(svn_cmdline_printf(scratch_pool, _("Valid from: %4d/%02d/%02d %02d:%02d:%02d\n"),
- cert->valid_from.year,
- cert->valid_from.mon,
- cert->valid_from.day,
- cert->valid_from.hour,
- cert->valid_from.min,
- cert->valid_from.sec));
- SVN_ERR(svn_cmdline_printf(scratch_pool, _("Valid until: %4d/%02d/%02d %02d:%02d:%02d\n"),
- cert->valid_to.year,
- cert->valid_to.mon,
- cert->valid_to.day,
- cert->valid_to.hour,
- cert->valid_to.min,
- cert->valid_to.sec));
- x509parse_dn_gets(name, name + sizeof(name), &cert->issuer);
- SVN_ERR(svn_cmdline_printf(scratch_pool, _("Issuer: %s\n"), name));
+ SVN_ERR(svn_cmdline_printf(scratch_pool, _("Valid from: %s\n"),
+ (const char *)svn_hash_gets(certinfo,
+ SVN_X509_CERTINFO_KEY_VALID_FROM)));
+ SVN_ERR(svn_cmdline_printf(scratch_pool, _("Valid until: %s\n"),
+ (const char *)svn_hash_gets(certinfo,
+ SVN_X509_CERTINFO_KEY_VALID_TO)));
+ SVN_ERR(svn_cmdline_printf(scratch_pool, _("Issuer: %s\n"),
+ (const char *)svn_hash_gets(certinfo,
+ SVN_X509_CERTINFO_KEY_ISSUER)));
#if 0
SVN_ERR(svn_cmdline_printf(scratch_pool, _("Subject: %s\n"), cert->subject_id.p));
SVN_ERR(svn_cmdline_printf(iterpool, _("Issuer: %s\n"), value->data));