Ruby: ext/openssl/ossl_x509name.c Source File

00001 /*
00002  * $Id: ossl_x509name.c 38268 2012-12-08 00:26:56Z drbrain $
00003  * 'OpenSSL for Ruby' project
00004  * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
00005  * All rights reserved.
00006  */
00007 /*
00008  * This program is licenced under the same licence as Ruby.
00009  * (See the file 'LICENCE'.)
00010  */
00011 #include "ossl.h"
00012 
00013 #define WrapX509Name(klass, obj, name) do { \
00014     if (!(name)) { \
00015         ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \
00016     } \
00017     (obj) = Data_Wrap_Struct((klass), 0, X509_NAME_free, (name)); \
00018 } while (0)
00019 #define GetX509Name(obj, name) do { \
00020     Data_Get_Struct((obj), X509_NAME, (name)); \
00021     if (!(name)) { \
00022         ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \
00023     } \
00024 } while (0)
00025 #define SafeGetX509Name(obj, name) do { \
00026     OSSL_Check_Kind((obj), cX509Name); \
00027     GetX509Name((obj), (name)); \
00028 } while (0)
00029 
00030 #define OBJECT_TYPE_TEMPLATE \
00031   rb_const_get(cX509Name, rb_intern("OBJECT_TYPE_TEMPLATE"))
00032 #define DEFAULT_OBJECT_TYPE \
00033   rb_const_get(cX509Name, rb_intern("DEFAULT_OBJECT_TYPE"))
00034 
00035 /*
00036  * Classes
00037  */
00038 VALUE cX509Name;
00039 VALUE eX509NameError;
00040 
00041 /*
00042  * Public
00043  */
00044 VALUE
00045 ossl_x509name_new(X509_NAME *name)
00046 {
00047     X509_NAME *new;
00048     VALUE obj;
00049 
00050     if (!name) {
00051         new = X509_NAME_new();
00052     } else {
00053         new = X509_NAME_dup(name);
00054     }
00055     if (!new) {
00056         ossl_raise(eX509NameError, NULL);
00057     }
00058     WrapX509Name(cX509Name, obj, new);
00059 
00060     return obj;
00061 }
00062 
00063 X509_NAME *
00064 GetX509NamePtr(VALUE obj)
00065 {
00066     X509_NAME *name;
00067 
00068     SafeGetX509Name(obj, name);
00069 
00070     return name;
00071 }
00072 
00073 /*
00074  * Private
00075  */
00076 static VALUE
00077 ossl_x509name_alloc(VALUE klass)
00078 {
00079     X509_NAME *name;
00080     VALUE obj;
00081 
00082     if (!(name = X509_NAME_new())) {
00083         ossl_raise(eX509NameError, NULL);
00084     }
00085     WrapX509Name(klass, obj, name);
00086 
00087     return obj;
00088 }
00089 
00090 static ID id_aref;
00091 static VALUE ossl_x509name_add_entry(int, VALUE*, VALUE);
00092 #define rb_aref(obj, key) rb_funcall((obj), id_aref, 1, (key))
00093 
00094 static VALUE
00095 ossl_x509name_init_i(VALUE i, VALUE args)
00096 {
00097     VALUE self = rb_ary_entry(args, 0);
00098     VALUE template = rb_ary_entry(args, 1);
00099     VALUE entry[3];
00100 
00101     Check_Type(i, T_ARRAY);
00102     entry[0] = rb_ary_entry(i, 0);
00103     entry[1] = rb_ary_entry(i, 1);
00104     entry[2] = rb_ary_entry(i, 2);
00105     if(NIL_P(entry[2])) entry[2] = rb_aref(template, entry[0]);
00106     if(NIL_P(entry[2])) entry[2] = DEFAULT_OBJECT_TYPE;
00107     ossl_x509name_add_entry(3, entry, self);
00108 
00109     return Qnil;
00110 }
00111 
00112 /*
00113  * call-seq:
00114  *    X509::Name.new                               => name
00115  *    X509::Name.new(der)                          => name
00116  *    X509::Name.new(distinguished_name)           => name
00117  *    X509::Name.new(distinguished_name, template) => name
00118  *
00119  * Creates a new Name.
00120  *
00121  * A name may be created from a DER encoded string +der+, an Array
00122  * representing a +distinguished_name+ or a +distinguished_name+ along with a
00123  * +template+.
00124  *
00125  *   name = OpenSSL::X509::Name.new [['CN', 'nobody'], ['DC', 'example']]
00126  *
00127  *   name = OpenSSL::X509::Name.new name.to_der
00128  *
00129  * See add_entry for a description of the +distinguished_name+ Array's
00130  * contents
00131  */
00132 static VALUE
00133 ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
00134 {
00135     X509_NAME *name;
00136     VALUE arg, template;
00137 
00138     GetX509Name(self, name);
00139     if (rb_scan_args(argc, argv, "02", &arg, &template) == 0) {
00140         return self;
00141     }
00142     else {
00143         VALUE tmp = rb_check_array_type(arg);
00144         if (!NIL_P(tmp)) {
00145             VALUE args;
00146             if(NIL_P(template)) template = OBJECT_TYPE_TEMPLATE;
00147             args = rb_ary_new3(2, self, template);
00148             rb_block_call(tmp, rb_intern("each"), 0, 0, ossl_x509name_init_i, args);
00149         }
00150         else{
00151             const unsigned char *p;
00152             VALUE str = ossl_to_der_if_possible(arg);
00153             X509_NAME *x;
00154             StringValue(str);
00155             p = (unsigned char *)RSTRING_PTR(str);
00156             x = d2i_X509_NAME(&name, &p, RSTRING_LEN(str));
00157             DATA_PTR(self) = name;
00158             if(!x){
00159                 ossl_raise(eX509NameError, NULL);
00160             }
00161         }
00162     }
00163 
00164     return self;
00165 }
00166 
00167 /*
00168  * call-seq:
00169  *    name.add_entry(oid, value [, type]) => self
00170  *
00171  * Adds a new entry with the given +oid+ and +value+ to this name.  The +oid+
00172  * is an object identifier defined in ASN.1.  Some common OIDs are:
00173  *
00174  * C::  Country Name
00175  * CN:: Common Name
00176  * DC:: Domain Component
00177  * O::  Organization Name
00178  * OU:: Organizational Unit Name
00179  * ST:: State or Province Name
00180  */
00181 static
00182 VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
00183 {
00184     X509_NAME *name;
00185     VALUE oid, value, type;
00186 
00187     rb_scan_args(argc, argv, "21", &oid, &value, &type);
00188     StringValue(oid);
00189     StringValue(value);
00190     if(NIL_P(type)) type = rb_aref(OBJECT_TYPE_TEMPLATE, oid);
00191     GetX509Name(self, name);
00192     if (!X509_NAME_add_entry_by_txt(name, RSTRING_PTR(oid), NUM2INT(type),
00193                 (const unsigned char *)RSTRING_PTR(value), RSTRING_LENINT(value), -1, 0)) {
00194         ossl_raise(eX509NameError, NULL);
00195     }
00196 
00197     return self;
00198 }
00199 
00200 static VALUE
00201 ossl_x509name_to_s_old(VALUE self)
00202 {
00203     X509_NAME *name;
00204     char *buf;
00205     VALUE str;
00206 
00207     GetX509Name(self, name);
00208     buf = X509_NAME_oneline(name, NULL, 0);
00209     str = rb_str_new2(buf);
00210     OPENSSL_free(buf);
00211 
00212     return str;
00213 }
00214 
00215 /*
00216  * call-seq:
00217  *    name.to_s => string
00218  *    name.to_s(flags) => string
00219  *
00220  * Returns this name as a Distinguished Name string.  +flags+ may be one of:
00221  *
00222  * * OpenSSL::X509::Name::COMPAT
00223  * * OpenSSL::X509::Name::RFC2253
00224  * * OpenSSL::X509::Name::ONELINE
00225  * * OpenSSL::X509::Name::MULTILINE
00226  */
00227 static VALUE
00228 ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
00229 {
00230     X509_NAME *name;
00231     VALUE flag, str;
00232     BIO *out;
00233     unsigned long iflag;
00234 
00235     rb_scan_args(argc, argv, "01", &flag);
00236     if (NIL_P(flag))
00237         return ossl_x509name_to_s_old(self);
00238     else iflag = NUM2ULONG(flag);
00239     if (!(out = BIO_new(BIO_s_mem())))
00240         ossl_raise(eX509NameError, NULL);
00241     GetX509Name(self, name);
00242     if (!X509_NAME_print_ex(out, name, 0, iflag)){
00243         BIO_free(out);
00244         ossl_raise(eX509NameError, NULL);
00245     }
00246     str = ossl_membio2str(out);
00247 
00248     return str;
00249 }
00250 
00251 /*
00252  * call-seq:
00253  *    name.to_a => [[name, data, type], ...]
00254  *
00255  * Returns an Array representation of the distinguished name suitable for
00256  * passing to ::new
00257  */
00258 static VALUE
00259 ossl_x509name_to_a(VALUE self)
00260 {
00261     X509_NAME *name;
00262     X509_NAME_ENTRY *entry;
00263     int i,entries,nid;
00264     char long_name[512];
00265     const char *short_name;
00266     VALUE ary, vname, ret;
00267 
00268     GetX509Name(self, name);
00269     entries = X509_NAME_entry_count(name);
00270     if (entries < 0) {
00271         OSSL_Debug("name entries < 0!");
00272         return rb_ary_new();
00273     }
00274     ret = rb_ary_new2(entries);
00275     for (i=0; i<entries; i++) {
00276         if (!(entry = X509_NAME_get_entry(name, i))) {
00277             ossl_raise(eX509NameError, NULL);
00278         }
00279         if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
00280             ossl_raise(eX509NameError, NULL);
00281         }
00282         nid = OBJ_ln2nid(long_name);
00283         if (nid == NID_undef) {
00284             vname = rb_str_new2((const char *) &long_name);
00285         } else {
00286             short_name = OBJ_nid2sn(nid);
00287             vname = rb_str_new2(short_name); /*do not free*/
00288         }
00289         ary = rb_ary_new3(3,
00290                           vname,
00291                           rb_str_new((const char *)entry->value->data, entry->value->length),
00292                           INT2FIX(entry->value->type));
00293         rb_ary_push(ret, ary);
00294     }
00295     return ret;
00296 }
00297 
00298 static int
00299 ossl_x509name_cmp0(VALUE self, VALUE other)
00300 {
00301     X509_NAME *name1, *name2;
00302 
00303     GetX509Name(self, name1);
00304     SafeGetX509Name(other, name2);
00305 
00306     return X509_NAME_cmp(name1, name2);
00307 }
00308 
00309 /*
00310  * call-seq:
00311  *    name.cmp other => integer
00312  *    name.<=> other => integer
00313  *
00314  * Compares this Name with +other+ and returns 0 if they are the same and -1 or
00315  * +1 if they are greater or less than each other respectively.
00316  */
00317 static VALUE
00318 ossl_x509name_cmp(VALUE self, VALUE other)
00319 {
00320     int result;
00321 
00322     result = ossl_x509name_cmp0(self, other);
00323     if (result < 0) return INT2FIX(-1);
00324     if (result > 1) return INT2FIX(1);
00325 
00326     return INT2FIX(0);
00327 }
00328 
00329 /*
00330  * call-seq:
00331  *   name.eql? other => boolean
00332  *
00333  * Returns true if +name+ and +other+ refer to the same hash key.
00334  */
00335 static VALUE
00336 ossl_x509name_eql(VALUE self, VALUE other)
00337 {
00338     int result;
00339 
00340     if(CLASS_OF(other) != cX509Name) return Qfalse;
00341     result = ossl_x509name_cmp0(self, other);
00342 
00343     return (result == 0) ? Qtrue : Qfalse;
00344 }
00345 
00346 /*
00347  * call-seq:
00348  *    name.hash => integer
00349  *
00350  * The hash value returned is suitable for use as a certificate's filename in
00351  * a CA path.
00352  */
00353 static VALUE
00354 ossl_x509name_hash(VALUE self)
00355 {
00356     X509_NAME *name;
00357     unsigned long hash;
00358 
00359     GetX509Name(self, name);
00360 
00361     hash = X509_NAME_hash(name);
00362 
00363     return ULONG2NUM(hash);
00364 }
00365 
00366 #ifdef HAVE_X509_NAME_HASH_OLD
00367 /*
00368  * call-seq:
00369  *    name.hash_old => integer
00370  *
00371  * Returns an MD5 based hash used in OpenSSL 0.9.X.
00372  */
00373 static VALUE
00374 ossl_x509name_hash_old(VALUE self)
00375 {
00376     X509_NAME *name;
00377     unsigned long hash;
00378 
00379     GetX509Name(self, name);
00380 
00381     hash = X509_NAME_hash_old(name);
00382 
00383     return ULONG2NUM(hash);
00384 }
00385 #endif
00386 
00387 /*
00388  * call-seq:
00389  *    name.to_der => string
00390  *
00391  * Converts the name to DER encoding
00392  */
00393 static VALUE
00394 ossl_x509name_to_der(VALUE self)
00395 {
00396     X509_NAME *name;
00397     VALUE str;
00398     long len;
00399     unsigned char *p;
00400 
00401     GetX509Name(self, name);
00402     if((len = i2d_X509_NAME(name, NULL)) <= 0)
00403         ossl_raise(eX509NameError, NULL);
00404     str = rb_str_new(0, len);
00405     p = (unsigned char *)RSTRING_PTR(str);
00406     if(i2d_X509_NAME(name, &p) <= 0)
00407         ossl_raise(eX509NameError, NULL);
00408     ossl_str_adjust(str, p);
00409 
00410     return str;
00411 }
00412 
00413 /*
00414  * Document-class: OpenSSL::X509::Name
00415  *
00416  * An X.509 name represents a hostname, email address or other entity
00417  * associated with a public key.
00418  *
00419  * You can create a Name by parsing a distinguished name String or by
00420  * supplying the distinguished name as an Array.
00421  *
00422  *   name = OpenSSL::X509::Name.parse 'CN=nobody/DC=example'
00423  *
00424  *   name = OpenSSL::X509::Name.new [['CN', 'nobody'], ['DC', 'example']]
00425  */
00426 
00427 void
00428 Init_ossl_x509name()
00429 {
00430     VALUE utf8str, ptrstr, ia5str, hash;
00431 
00432     id_aref = rb_intern("[]");
00433     eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError);
00434     cX509Name = rb_define_class_under(mX509, "Name", rb_cObject);
00435 
00436     rb_include_module(cX509Name, rb_mComparable);
00437 
00438     rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
00439     rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
00440     rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
00441     rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
00442     rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
00443     rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
00444     rb_define_alias(cX509Name, "<=>", "cmp");
00445     rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1);
00446     rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0);
00447 #ifdef HAVE_X509_NAME_HASH_OLD
00448     rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0);
00449 #endif
00450     rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0);
00451 
00452     utf8str = INT2NUM(V_ASN1_UTF8STRING);
00453     ptrstr = INT2NUM(V_ASN1_PRINTABLESTRING);
00454     ia5str = INT2NUM(V_ASN1_IA5STRING);
00455 
00456     /* Document-const: DEFAULT_OBJECT_TYPE
00457      *
00458      * The default object type for name entries.
00459      */
00460     rb_define_const(cX509Name, "DEFAULT_OBJECT_TYPE", utf8str);
00461     hash = rb_hash_new();
00462     RHASH(hash)->ifnone = utf8str;
00463     rb_hash_aset(hash, rb_str_new2("C"), ptrstr);
00464     rb_hash_aset(hash, rb_str_new2("countryName"), ptrstr);
00465     rb_hash_aset(hash, rb_str_new2("serialNumber"), ptrstr);
00466     rb_hash_aset(hash, rb_str_new2("dnQualifier"), ptrstr);
00467     rb_hash_aset(hash, rb_str_new2("DC"), ia5str);
00468     rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
00469     rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
00470 
00471     /* Document-const: OBJECT_TYPE_TEMPLATE
00472      *
00473      * The default object type template for name entries.
00474      */
00475     rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
00476 
00477     /* Document-const: COMPAT
00478      *
00479      * A flag for #to_s.
00480      *
00481      * Breaks the name returned into multiple lines if longer than 80
00482      * characters.
00483      */
00484     rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
00485 
00486     /* Document-const: RFC2253
00487      *
00488      * A flag for #to_s.
00489      *
00490      * Returns an RFC2253 format name.
00491      */
00492     rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
00493 
00494     /* Document-const: ONELINE
00495      *
00496      * A flag for #to_s.
00497      *
00498      * Returns a more readable format than RFC2253.
00499      */
00500     rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
00501 
00502     /* Document-const: MULTILINE
00503      *
00504      * A flag for #to_s.
00505      *
00506      * Returns a multiline format.
00507      */
00508     rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE));
00509 }
00510