|
|
@ -15,6 +15,7 @@ |
|
|
|
#include <openssl/err.h> |
|
|
|
#include <openssl/err.h> |
|
|
|
#include <vector> |
|
|
|
#include <vector> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <openssl/x509v3.h> // BASIC_CONSTRAINTS |
|
|
|
#include <cryptaux.hxx> |
|
|
|
#include <cryptaux.hxx> |
|
|
|
#include <cstdio> |
|
|
|
#include <cstdio> |
|
|
|
|
|
|
|
|
|
|
@ -338,19 +339,15 @@ namespace openssl { |
|
|
|
return std::string((char*)M_ASN1_STRING_data(cn), |
|
|
|
return std::string((char*)M_ASN1_STRING_data(cn), |
|
|
|
M_ASN1_STRING_length(cn)); |
|
|
|
M_ASN1_STRING_length(cn)); |
|
|
|
} |
|
|
|
} |
|
|
|
//! Check for basic constraints.
|
|
|
|
//! Check whether it's a CA certificate.
|
|
|
|
/*! e.g. check for CA certificate:
|
|
|
|
bool isCa() { |
|
|
|
@code |
|
|
|
|
|
|
|
if (x509.basicConstraints() && x509.basicConstraints()->ca) [...] |
|
|
|
|
|
|
|
@endcode |
|
|
|
|
|
|
|
@return 0 if there are no basic constraints */ |
|
|
|
|
|
|
|
BASIC_CONSTRAINTS* basicConstraints() { |
|
|
|
|
|
|
|
static BASIC_CONSTRAINTS* bc(0); |
|
|
|
static BASIC_CONSTRAINTS* bc(0); |
|
|
|
if (!bc) { |
|
|
|
if (!bc) { |
|
|
|
int pos(X509_get_ext_by_NID(_x509, NID_basic_constraints, -1)); |
|
|
|
int pos(X509_get_ext_by_NID(_x509, NID_basic_constraints, -1)); |
|
|
|
if (pos>=0) bc = X509V3_EXT_d2i(X509_get_ext(_x509, pos)); |
|
|
|
if (pos>=0) |
|
|
|
|
|
|
|
bc = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(X509_get_ext(_x509, pos)); |
|
|
|
} |
|
|
|
} |
|
|
|
return bc; |
|
|
|
return bc&&bc->ca; |
|
|
|
} |
|
|
|
} |
|
|
|
//! Get organizational unit name.
|
|
|
|
//! Get organizational unit name.
|
|
|
|
std::string organizationalUnitName() const { |
|
|
|
std::string organizationalUnitName() const { |
|
|
@ -367,11 +364,11 @@ namespace openssl { |
|
|
|
std::string keyUsageFlags() const { |
|
|
|
std::string keyUsageFlags() const { |
|
|
|
int pos(X509_get_ext_by_NID(_x509, NID_key_usage, -1)); |
|
|
|
int pos(X509_get_ext_by_NID(_x509, NID_key_usage, -1)); |
|
|
|
if (pos>=0) { |
|
|
|
if (pos>=0) { |
|
|
|
ASN1_BIT_STRING ku(d2i(X509_get_ext(_x509, pos))); |
|
|
|
ASN1_BIT_STRING* ku((ASN1_BIT_STRING*)X509V3_EXT_d2i |
|
|
|
|
|
|
|
(X509_get_ext(_x509, pos))); |
|
|
|
return std::string((char*)M_ASN1_STRING_data(ku), |
|
|
|
return std::string((char*)M_ASN1_STRING_data(ku), |
|
|
|
M_ASN1_STRING_lengthku)); |
|
|
|
M_ASN1_STRING_length(ku)); |
|
|
|
else |
|
|
|
} else return std::string(); //! @todo better throw exception?
|
|
|
|
return std::string(); //! @todo better throw exception?
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
private: |
|
|
|
private: |
|
|
|
::X509* _x509; |
|
|
|
::X509* _x509; |
|
|
|