1 # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
3 # Licensed under the Apache License 2.0 (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
10 package TLSProxy::Certificate;
13 push @ISA, 'TLSProxy::Message';
26 $message_frag_lens) = @_;
28 my $self = $class->SUPER::new(
31 TLSProxy::Message::MT_CERTIFICATE,
40 $self->{first_certificate} = "";
41 $self->{extension_data} = "";
42 $self->{remaining_certdata} = "";
51 if (TLSProxy::Proxy->is_tls13()) {
52 my $context_len = unpack('C', $self->data);
53 my $context = substr($self->data, 1, $context_len);
55 my $remdata = substr($self->data, 1 + $context_len);
57 my ($hicertlistlen, $certlistlen) = unpack('Cn', $remdata);
58 $certlistlen += ($hicertlistlen << 16);
60 $remdata = substr($remdata, 3);
62 die "Invalid Certificate List length"
63 if length($remdata) != $certlistlen;
65 my ($hicertlen, $certlen) = unpack('Cn', $remdata);
66 $certlen += ($hicertlen << 16);
68 die "Certificate too long" if ($certlen + 3) > $certlistlen;
70 $remdata = substr($remdata, 3);
72 my $certdata = substr($remdata, 0, $certlen);
74 $remdata = substr($remdata, $certlen);
76 my $extensions_len = unpack('n', $remdata);
77 $remdata = substr($remdata, 2);
79 die "Extensions too long"
80 if ($certlen + 3 + $extensions_len + 2) > $certlistlen;
82 my $extension_data = "";
83 if ($extensions_len != 0) {
84 $extension_data = substr($remdata, 0, $extensions_len);
86 if (length($extension_data) != $extensions_len) {
87 die "Invalid extension length\n";
91 while (length($extension_data) >= 4) {
92 my ($type, $size) = unpack("nn", $extension_data);
93 my $extdata = substr($extension_data, 4, $size);
94 $extension_data = substr($extension_data, 4 + $size);
95 $extensions{$type} = $extdata;
97 $remdata = substr($remdata, $extensions_len);
99 $self->context($context);
100 $self->first_certificate($certdata);
101 $self->extension_data(\%extensions);
102 $self->remaining_certdata($remdata);
104 print " Context:".$context."\n";
105 print " Certificate List Len:".$certlistlen."\n";
106 print " Certificate Len:".$certlen."\n";
107 print " Extensions Len:".$extensions_len."\n";
109 my ($hicertlistlen, $certlistlen) = unpack('Cn', $self->data);
110 $certlistlen += ($hicertlistlen << 16);
112 my $remdata = substr($self->data, 3);
114 die "Invalid Certificate List length"
115 if length($remdata) != $certlistlen;
117 my ($hicertlen, $certlen) = unpack('Cn', $remdata);
118 $certlen += ($hicertlen << 16);
120 die "Certificate too long" if ($certlen + 3) > $certlistlen;
122 $remdata = substr($remdata, 3);
124 my $certdata = substr($remdata, 0, $certlen);
126 $remdata = substr($remdata, $certlen);
128 $self->first_certificate($certdata);
129 $self->remaining_certdata($remdata);
131 print " Certificate List Len:".$certlistlen."\n";
132 print " Certificate Len:".$certlen."\n";
136 #Reconstruct the on-the-wire message data following changes
137 sub set_message_contents
143 if (TLSProxy::Proxy->is_tls13()) {
144 foreach my $key (keys %{$self->extension_data}) {
145 my $extdata = ${$self->extension_data}{$key};
146 $extensions .= pack("n", $key);
147 $extensions .= pack("n", length($extdata));
148 $extensions .= $extdata;
150 $data = pack('C', length($self->context()));
151 $data .= $self->context;
152 my $certlen = length($self->first_certificate);
153 my $certlistlen = $certlen + length($extensions)
154 + length($self->remaining_certdata);
155 my $hi = $certlistlen >> 16;
156 $certlistlen = $certlistlen & 0xffff;
157 $data .= pack('Cn', $hi, $certlistlen);
158 $hi = $certlen >> 16;
159 $certlen = $certlen & 0xffff;
160 $data .= pack('Cn', $hi, $certlen);
161 $data .= pack('n', length($extensions));
162 $data .= $extensions;
163 $data .= $self->remaining_certdata();
166 my $certlen = length($self->first_certificate);
167 my $certlistlen = $certlen + length($self->remaining_certdata);
168 my $hi = $certlistlen >> 16;
169 $certlistlen = $certlistlen & 0xffff;
170 $data .= pack('Cn', $hi, $certlistlen);
171 $hi = $certlen >> 16;
172 $certlen = $certlen & 0xffff;
173 $data .= pack('Cn', $hi, $certlen);
174 $data .= $self->remaining_certdata();
179 #Read/write accessors
184 $self->{context} = shift;
186 return $self->{context};
188 sub first_certificate
192 $self->{first_certificate} = shift;
194 return $self->{first_certificate};
196 sub remaining_certdata
200 $self->{remaining_certdata} = shift;
202 return $self->{remaining_certdata};
208 $self->{extension_data} = shift;
210 return $self->{extension_data};
214 my ($self, $ext_type, $ext_data) = @_;
215 $self->{extension_data}{$ext_type} = $ext_data;
219 my ($self, $ext_type) = @_;
220 delete $self->{extension_data}{$ext_type};