x509parse.c

brane Wed, 30 Jul 2014 05:54:14 -0700

Author: brane
Date: Wed Jul 30 12:53:33 2014
New Revision: 1614643

URL: http://svn.apache.org/r1614643
Log:
On the svn-auth-x509 branch: Teach the cert parser to return the subject CN
as well as the whole subject DN. Will use this later in JavaHL to restruct
the matching range for the subject patterin in SVNUtil.searchCredentials.


* subversion/include/svn_x509.h
  (svn_x509_certinfo_get_subject,
   svn_x509_certinfo_get_issuer): Clarify in docs that these functions
   return the whole Distinguished Name.
  (svn_x509_certinfo_get_subject_cn): New prototype.
* subversion/libsvn_subr/x509.h
  (svn_x509_certinfo_t): New member subject_cn.
* subversion/libsvn_subr/x509info.c
  (svn_x509_certinfo_dup): Copy the subject_cn.
  (svn_x509_certinfo_get_subject_cn): Implement.
* subversion/libsvn_subr/x509parse.c
  (x509parse_dn_gets): Optionally return the CN in a separate stringbuf.
  (svn_x509_parse_cert): Retreive and return the subject CN.

Modified:
    subversion/branches/svn-auth-x509/subversion/include/svn_x509.h
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509info.c
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c

Modified: subversion/branches/svn-auth-x509/subversion/include/svn_x509.h
URL: 
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/include/svn_x509.h?rev=1614643&r1=1614642&r2=1614643&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/include/svn_x509.h (original)
+++ subversion/branches/svn-auth-x509/subversion/include/svn_x509.h Wed Jul 30 
12:53:33 2014
@@ -70,14 +70,21 @@ svn_x509_certinfo_dup(const svn_x509_cer
                       apr_pool_t *scratch_pool);
 
 /**
- * Returns the subject name from @a certinfo.
+ * Returns the subject DN from @a certinfo.
  * @since New in 1.9.
  */
 const char *
 svn_x509_certinfo_get_subject(const svn_x509_certinfo_t *certinfo);
 
 /**
- * Returns the cerficiate issuer name from @a certinfo.
+ * Returns the subject CN from @a certinfo.
+ * @since New in 1.9.
+ */
+const char *
+svn_x509_certinfo_get_subject_cn(const svn_x509_certinfo_t *certinfo);
+
+/**
+ * Returns the cerficiate issuer DN from @a certinfo.
  * @since New in 1.9.
  */
 const char *

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h
URL: 
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h?rev=1614643&r1=1614642&r2=1614643&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h Wed Jul 30 
12:53:33 2014
@@ -121,6 +121,7 @@ typedef struct _x509_cert {
 struct svn_x509_certinfo_t
 {
   const char *subject;
+  const char *subject_cn;
   const char *issuer;
   apr_time_t valid_from;
   apr_time_t valid_to;

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509info.c
URL: 
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509info.c?rev=1614643&r1=1614642&r2=1614643&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509info.c 
(original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509info.c Wed Jul 
30 12:53:33 2014
@@ -40,6 +40,7 @@ svn_x509_certinfo_dup(const svn_x509_cer
 {
   svn_x509_certinfo_t *result = apr_palloc(result_pool, sizeof(*result));
   result->subject = apr_pstrdup(result_pool, certinfo->subject);
+  result->subject_cn = apr_pstrdup(result_pool, certinfo->subject_cn);
   result->issuer = apr_pstrdup(result_pool, certinfo->issuer);
   result->valid_from = certinfo->valid_from;
   result->valid_to = certinfo->valid_to;
@@ -69,6 +70,12 @@ svn_x509_certinfo_get_subject(const svn_
 }
 
 const char *
+svn_x509_certinfo_get_subject_cn(const svn_x509_certinfo_t *certinfo)
+{
+  return certinfo->subject_cn;
+}
+
+const char *
 svn_x509_certinfo_get_issuer(const svn_x509_certinfo_t *certinfo)
 {
   return certinfo->issuer;

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
URL: 
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1614643&r1=1614642&r2=1614643&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c 
(original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Wed 
Jul 30 12:53:33 2014
@@ -859,10 +859,11 @@ x509name_to_utf8_string(const x509_name 
 /*
  * Store the name from dn in printable form into buf,
  * using scratch_pool for any temporary allocations.
+ * If CN is not NULL, return any common name in CN
  */
 static void
-x509parse_dn_gets(svn_stringbuf_t *buf, const x509_name * dn,
-                  apr_pool_t *scratch_pool)
+x509parse_dn_gets(svn_stringbuf_t *buf, svn_stringbuf_t *cn,
+                  const x509_name * dn, apr_pool_t *scratch_pool)
 {
   const x509_name *name;
   const char *temp;
@@ -871,6 +872,7 @@ x509parse_dn_gets(svn_stringbuf_t *buf, 
 
   while (name != NULL) {
     const svn_string_t *utf8_value;
+    svn_boolean_t return_cn = FALSE;
 
     if (name != dn)
       svn_stringbuf_appendcstr(buf, ", ");
@@ -879,6 +881,8 @@ x509parse_dn_gets(svn_stringbuf_t *buf, 
       switch (name->oid.p[2]) {
       case X520_COMMON_NAME:
         svn_stringbuf_appendcstr(buf, "CN=");
+        if (cn)
+          return_cn = TRUE;
         break;
 
       case X520_COUNTRY:
@@ -922,7 +926,11 @@ x509parse_dn_gets(svn_stringbuf_t *buf, 
 
     utf8_value = x509name_to_utf8_string(name, scratch_pool);
     if (utf8_value)
-      svn_stringbuf_appendbytes(buf, utf8_value->data, utf8_value->len);
+      {
+        svn_stringbuf_appendbytes(buf, utf8_value->data, utf8_value->len);
+        if (return_cn)
+          svn_stringbuf_appendbytes(cn, utf8_value->data, utf8_value->len);
+      }
     else
       /* this should never happen */
       svn_stringbuf_appendfill(buf, '?', 2);
@@ -1035,6 +1043,7 @@ svn_x509_parse_cert(svn_x509_certinfo_t 
   x509_cert *crt;
   svn_x509_certinfo_t *ci;
   svn_stringbuf_t *namebuf;
+  svn_stringbuf_t *cnbuf;
 
   crt = apr_pcalloc(scratch_pool, sizeof(*crt));
   p = (const unsigned char *)buf;
@@ -1170,12 +1179,14 @@ svn_x509_parse_cert(svn_x509_certinfo_t 
 
   /* Get the subject name */
   namebuf = svn_stringbuf_create_empty(result_pool);
-  x509parse_dn_gets(namebuf, &crt->subject, scratch_pool);
+  cnbuf = svn_stringbuf_create_empty(result_pool);
+  x509parse_dn_gets(namebuf, cnbuf, &crt->subject, scratch_pool);
   ci->subject = namebuf->data;
+  ci->subject_cn = (svn_stringbuf_isempty(cnbuf) ? NULL : cnbuf->data);
 
   /* Get the issuer name */
   namebuf = svn_stringbuf_create_empty(result_pool);
-  x509parse_dn_gets(namebuf, &crt->issuer, scratch_pool);
+  x509parse_dn_gets(namebuf, NULL, &crt->issuer, scratch_pool);
   ci->issuer = namebuf->data;
 
   /* Copy the validity range */

svn commit: r1614643 - in /subversion/branches/svn-auth-x509/subversion: include/svn_x509.h libsvn_subr/x509.h libsvn_subr/x509info.c libsvn_subr/x509parse.c

Reply via email to