From 8499fb3a9a069b35ff352f1f6253bc0ebd03ba96 Mon Sep 17 00:00:00 2001 From: Richard Moore Date: Mon, 11 Jul 2011 16:15:12 +0200 Subject: SSL: Store x509 name entries that have no short name as their OID. Previously, x509 name entries that didn't have a shortname would all be (accidentally) stored with the tag 'UNDEF'. This commit changes things so that they are stored using the string form of their OID. Change-Id: I667306cc4f91b1ca84f29b986bc21daadeb089b6 Merge-request: 18 Reviewed-by: Peter Hartmann Reviewed-on: http://codereview.qt.nokia.com/1449 Reviewed-by: Qt Sanity Bot --- src/network/ssl/qsslcertificate.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src/network/ssl/qsslcertificate.cpp') diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 7403590f8c..4f7c86ef4f 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -711,12 +711,24 @@ static QMap _q_mapFromX509Name(X509_NAME *name) QMap info; for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) { X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i); - const char *obj = q_OBJ_nid2sn(q_OBJ_obj2nid(q_X509_NAME_ENTRY_get_object(e))); + + int nid = q_OBJ_obj2nid(q_X509_NAME_ENTRY_get_object(e)); + const char *obj=0; + char buf[80]; + if (nid != NID_undef) { + obj = q_OBJ_nid2sn(nid); + } + else { + // This is used for unknown info so we get the OID as text + q_i2t_ASN1_OBJECT(buf,sizeof(buf),e->object); + } unsigned char *data = 0; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); - info.insertMulti(QString::fromUtf8(obj), QString::fromUtf8((char*)data, size)); + info.insertMulti(QString::fromUtf8(obj ? obj : reinterpret_cast(&buf)), + QString::fromUtf8((char*)data, size)); q_CRYPTO_free(data); } + return info; } -- cgit v1.2.3 From 14b56b2be40fc6290e096116edad979982eb83dd Mon Sep 17 00:00:00 2001 From: Richard Moore Date: Mon, 11 Jul 2011 16:15:13 +0200 Subject: SSL: Make the internals of certificate name info match the externals. The internals of QSslCertificate were using QString but the API used QByteArray, this commit unifies the code. This means that we don't keep converting things. Change-Id: I29fc149a85b77e786a6e90e5154c62f713476599 Merge-request: 18 Reviewed-by: Peter Hartmann Reviewed-on: http://codereview.qt.nokia.com/1450 Reviewed-by: Qt Sanity Bot --- src/network/ssl/qsslcertificate.cpp | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'src/network/ssl/qsslcertificate.cpp') diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 4f7c86ef4f..2e5b313d4e 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -128,7 +128,7 @@ QT_BEGIN_NAMESPACE // forward declaration -static QMap _q_mapFromX509Name(X509_NAME *name); +static QMap _q_mapFromX509Name(X509_NAME *name); /*! Constructs a QSslCertificate by reading \a format encoded data @@ -297,19 +297,19 @@ QByteArray QSslCertificate::digest(QCryptographicHash::Algorithm algorithm) cons return QCryptographicHash::hash(toDer(), algorithm); } -static QString _q_SubjectInfoToString(QSslCertificate::SubjectInfo info) +static QByteArray _q_SubjectInfoToString(QSslCertificate::SubjectInfo info) { - QString str; + QByteArray str; switch (info) { - case QSslCertificate::Organization: str = QLatin1String("O"); break; - case QSslCertificate::CommonName: str = QLatin1String("CN"); break; - case QSslCertificate::LocalityName: str = QLatin1String("L"); break; - case QSslCertificate::OrganizationalUnitName: str = QLatin1String("OU"); break; - case QSslCertificate::CountryName: str = QLatin1String("C"); break; - case QSslCertificate::StateOrProvinceName: str = QLatin1String("ST"); break; - case QSslCertificate::DistinguishedNameQualifier: str = QLatin1String("dnQualifier"); break; - case QSslCertificate::SerialNumber: str = QLatin1String("serialNumber"); break; - case QSslCertificate::EmailAddress: str = QLatin1String("emailAddress"); break; + case QSslCertificate::Organization: str = QByteArray("O"); break; + case QSslCertificate::CommonName: str = QByteArray("CN"); break; + case QSslCertificate::LocalityName: str = QByteArray("L"); break; + case QSslCertificate::OrganizationalUnitName: str = QByteArray("OU"); break; + case QSslCertificate::CountryName: str = QByteArray("C"); break; + case QSslCertificate::StateOrProvinceName: str = QByteArray("ST"); break; + case QSslCertificate::DistinguishedNameQualifier: str = QByteArray("dnQualifier"); break; + case QSslCertificate::SerialNumber: str = QByteArray("serialNumber"); break; + case QSslCertificate::EmailAddress: str = QByteArray("emailAddress"); break; } return str; } @@ -347,7 +347,7 @@ QStringList QSslCertificate::issuerInfo(const QByteArray &tag) const d->issuerInfo = _q_mapFromX509Name(q_X509_get_issuer_name(d->x509)); - return d->issuerInfo.values(QString::fromLatin1(tag)); + return d->issuerInfo.values(tag); } /*! @@ -382,7 +382,7 @@ QStringList QSslCertificate::subjectInfo(const QByteArray &tag) const d->subjectInfo = _q_mapFromX509Name(q_X509_get_subject_name(d->x509)); - return d->subjectInfo.values(QString::fromLatin1(tag)); + return d->subjectInfo.values(tag); } /*! @@ -706,9 +706,9 @@ QByteArray QSslCertificatePrivate::text_from_X509(X509 *x509) return result; } -static QMap _q_mapFromX509Name(X509_NAME *name) +static QMap _q_mapFromX509Name(X509_NAME *name) { - QMap info; + QMap info; for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) { X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i); @@ -724,7 +724,7 @@ static QMap _q_mapFromX509Name(X509_NAME *name) } unsigned char *data = 0; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); - info.insertMulti(QString::fromUtf8(obj ? obj : reinterpret_cast(&buf)), + info.insertMulti(QByteArray(obj ? obj : reinterpret_cast(&buf)), QString::fromUtf8((char*)data, size)); q_CRYPTO_free(data); } -- cgit v1.2.3 From 852d4b03f612748fb16f592dda884e9634b468cf Mon Sep 17 00:00:00 2001 From: Richard Moore Date: Mon, 11 Jul 2011 16:15:14 +0200 Subject: SSL: Add methods to access the tags of the subject and issuer of a cert Add methods that return a list of the tags in use in a certificate issuer or subject. This means that unknown elements of these fields can be accessed. Change-Id: I588989e34f541b1d31cc9e97f5a85d1624ece1b1 Merge-request: 18 Reviewed-by: Peter Hartmann Reviewed-on: http://codereview.qt.nokia.com/1451 --- src/network/ssl/qsslcertificate.cpp | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'src/network/ssl/qsslcertificate.cpp') diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 2e5b313d4e..9cc74c633c 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -385,6 +385,44 @@ QStringList QSslCertificate::subjectInfo(const QByteArray &tag) const return d->subjectInfo.values(tag); } +/*! + Returns a list of the tags that have values in the subject + information of this certificate. The information associated + with a given tag can be accessed using the subjectInfo() + method. Note that this list may include the OIDs for any + elements that are not known by the SSL backend. + + \sa subjectInfo() +*/ +QList QSslCertificate::subjectInfoTags() const +{ + // lazy init + if (d->subjectInfo.isEmpty() && d->x509) + d->subjectInfo = + _q_mapFromX509Name(q_X509_get_subject_name(d->x509)); + + return d->subjectInfo.uniqueKeys(); +} + +/*! + Returns a list of the tags that have values in the issuer + information of this certificate. The information associated + with a given tag can be accessed using the issuerInfo() + method. Note that this list may include the OIDs for any + elements that are not known by the SSL backend. + + \sa subjectInfo() +*/ +QList QSslCertificate::issuerInfoTags() const +{ + // lazy init + if (d->issuerInfo.isEmpty() && d->x509) + d->issuerInfo = + _q_mapFromX509Name(q_X509_get_issuer_name(d->x509)); + + return d->issuerInfo.uniqueKeys(); +} + /*! Returns the list of alternative subject names for this certificate. The alternate subject names typically contain host -- cgit v1.2.3 From eab215070efb43867dd53279759b4f2c9b348567 Mon Sep 17 00:00:00 2001 From: Richard Moore Date: Mon, 11 Jul 2011 16:15:15 +0200 Subject: SSL: Move the code for extracting the name of an ASN1_OBJECT Moves the code for extracting the name of an ASN1_OBJECT to a function. We're going to need this again for implementing support for X509 extensions. Change-Id: I43276eb375b37f5fef0d981f4003220d7e7b81ba Merge-request: 18 Reviewed-by: Peter Hartmann Reviewed-on: http://codereview.qt.nokia.com/1452 Reviewed-by: Qt Sanity Bot --- src/network/ssl/qsslcertificate.cpp | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'src/network/ssl/qsslcertificate.cpp') diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 9cc74c633c..06a2071161 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -744,26 +744,29 @@ QByteArray QSslCertificatePrivate::text_from_X509(X509 *x509) return result; } +QByteArray QSslCertificatePrivate::asn1ObjectName(ASN1_OBJECT *object) +{ + int nid = q_OBJ_obj2nid(object); + if (nid != NID_undef) + return QByteArray(q_OBJ_nid2sn(nid)); + + // This is used for unknown info so we get the OID as text + char buf[80]; + q_i2t_ASN1_OBJECT(buf, sizeof(buf), object); + + return QByteArray(buf); +} + static QMap _q_mapFromX509Name(X509_NAME *name) { QMap info; for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) { X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i); - int nid = q_OBJ_obj2nid(q_X509_NAME_ENTRY_get_object(e)); - const char *obj=0; - char buf[80]; - if (nid != NID_undef) { - obj = q_OBJ_nid2sn(nid); - } - else { - // This is used for unknown info so we get the OID as text - q_i2t_ASN1_OBJECT(buf,sizeof(buf),e->object); - } + QByteArray name = QSslCertificatePrivate::asn1ObjectName(q_X509_NAME_ENTRY_get_object(e)); unsigned char *data = 0; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); - info.insertMulti(QByteArray(obj ? obj : reinterpret_cast(&buf)), - QString::fromUtf8((char*)data, size)); + info.insertMulti(name, QString::fromUtf8((char*)data, size)); q_CRYPTO_free(data); } -- cgit v1.2.3 From 94e110ca5f70f61bb7f6a99be121e5d78670a22a Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Mon, 11 Jul 2011 16:39:14 +0200 Subject: QSslCertificate: rename "tag" to "attribute", as in the RFC RFC 2459 "Internet X.509 Public Key Infrastructure" uses the word "attribute" for fields in a certificate like common name, organization etc. Change-Id: I51e595acbe3e146acf81af21cf48e554fa9490e4 Reviewed-on: http://codereview.qt.nokia.com/1453 Reviewed-by: Qt Sanity Bot Reviewed-by: Martin Petersson --- src/network/ssl/qsslcertificate.cpp | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'src/network/ssl/qsslcertificate.cpp') diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 06a2071161..839a253b99 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -334,20 +334,20 @@ QStringList QSslCertificate::issuerInfo(SubjectInfo info) const } /*! - Returns the issuer information for \a tag from the certificate, - or an empty string if there is no information for \a tag in the + Returns the issuer information for \a attribute from the certificate, + or an empty string if there is no information for \a attribute in the certificate. \sa subjectInfo() */ -QStringList QSslCertificate::issuerInfo(const QByteArray &tag) const +QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const { // lazy init if (d->issuerInfo.isEmpty() && d->x509) d->issuerInfo = _q_mapFromX509Name(q_X509_get_issuer_name(d->x509)); - return d->issuerInfo.values(tag); + return d->issuerInfo.values(attribute); } /*! @@ -370,31 +370,31 @@ QStringList QSslCertificate::subjectInfo(SubjectInfo info) const } /*! - Returns the subject information for \a tag, or an empty string if - there is no information for \a tag in the certificate. + Returns the subject information for \a attribute, or an empty string if + there is no information for \a attribute in the certificate. \sa issuerInfo() */ -QStringList QSslCertificate::subjectInfo(const QByteArray &tag) const +QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const { // lazy init if (d->subjectInfo.isEmpty() && d->x509) d->subjectInfo = _q_mapFromX509Name(q_X509_get_subject_name(d->x509)); - return d->subjectInfo.values(tag); + return d->subjectInfo.values(attribute); } /*! - Returns a list of the tags that have values in the subject + Returns a list of the attributes that have values in the subject information of this certificate. The information associated - with a given tag can be accessed using the subjectInfo() + with a given attribute can be accessed using the subjectInfo() method. Note that this list may include the OIDs for any elements that are not known by the SSL backend. \sa subjectInfo() */ -QList QSslCertificate::subjectInfoTags() const +QList QSslCertificate::subjectInfoAttributes() const { // lazy init if (d->subjectInfo.isEmpty() && d->x509) @@ -405,15 +405,15 @@ QList QSslCertificate::subjectInfoTags() const } /*! - Returns a list of the tags that have values in the issuer + Returns a list of the attributes that have values in the issuer information of this certificate. The information associated - with a given tag can be accessed using the issuerInfo() + with a given attribute can be accessed using the issuerInfo() method. Note that this list may include the OIDs for any elements that are not known by the SSL backend. \sa subjectInfo() */ -QList QSslCertificate::issuerInfoTags() const +QList QSslCertificate::issuerInfoAttributes() const { // lazy init if (d->issuerInfo.isEmpty() && d->x509) -- cgit v1.2.3