Add initial support for Thawte strong extranet certificate extensions and
authorDr. Stephen Henson <steve@openssl.org>
Sat, 27 Mar 1999 14:06:25 +0000 (14:06 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 27 Mar 1999 14:06:25 +0000 (14:06 +0000)
include an 'indent' option to V3 stuff.

15 files changed:
CHANGES
crypto/asn1/asn1.err
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/t_crl.c
crypto/asn1/t_x509.c
crypto/objects/obj_dat.h
crypto/objects/objects.h
crypto/x509v3/Makefile.ssl
crypto/x509v3/v3_akey.c
crypto/x509v3/v3_lib.c
crypto/x509v3/v3_pku.c
crypto/x509v3/v3_prn.c
crypto/x509v3/v3prin.c
crypto/x509v3/x509v3.h

diff --git a/CHANGES b/CHANGES
index 13e41f3..e02e748 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
   *) Add LinuxPPC support.
      [Jeff Dubrule <igor@pobox.org>]
 
index 92acb0a..3146d47 100644 (file)
@@ -75,6 +75,8 @@
 #define ASN1_F_D2I_PUBLICKEY                            156
 #define ASN1_F_D2I_RSAPRIVATEKEY                        157
 #define ASN1_F_D2I_RSAPUBLICKEY                                 158
+#define ASN1_F_D2I_SXNET                                241
+#define ASN1_F_D2I_SXNETID                              243
 #define ASN1_F_D2I_X509                                         159
 #define ASN1_F_D2I_X509_ALGOR                           160
 #define ASN1_F_D2I_X509_ATTRIBUTE                       161
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW                    200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                  201
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW                    240
+#define ASN1_F_SXNETID_NEW                              244
+#define ASN1_F_SXNET_NEW                                242
 #define ASN1_F_X509_ALGOR_NEW                           202
 #define ASN1_F_X509_ATTRIBUTE_NEW                       203
 #define ASN1_F_X509_CINF_NEW                            204
index d2f81e5..7e605c8 100644 (file)
@@ -768,6 +768,8 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_D2I_PUBLICKEY                            156
 #define ASN1_F_D2I_RSAPRIVATEKEY                        157
 #define ASN1_F_D2I_RSAPUBLICKEY                                 158
+#define ASN1_F_D2I_SXNET                                241
+#define ASN1_F_D2I_SXNETID                              243
 #define ASN1_F_D2I_X509                                         159
 #define ASN1_F_D2I_X509_ALGOR                           160
 #define ASN1_F_D2I_X509_ATTRIBUTE                       161
@@ -815,6 +817,8 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW                    200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                  201
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW                    240
+#define ASN1_F_SXNETID_NEW                              244
+#define ASN1_F_SXNET_NEW                                242
 #define ASN1_F_X509_ALGOR_NEW                           202
 #define ASN1_F_X509_ATTRIBUTE_NEW                       203
 #define ASN1_F_X509_CINF_NEW                            204
index aead312..9003582 100644 (file)
@@ -137,6 +137,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),   "D2I_PUBLICKEY"},
 {ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),       "D2I_RSAPRIVATEKEY"},
 {ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),        "D2I_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_SXNET,0),       "D2I_SXNET"},
+{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),     "D2I_SXNETID"},
 {ERR_PACK(0,ASN1_F_D2I_X509,0),        "D2I_X509"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),  "D2I_X509_ALGOR"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),      "D2I_X509_ATTRIBUTE"},
@@ -184,6 +186,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),   "PKCS7_SIGNER_INFO_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"},
 {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),   "PKEY_USAGE_PERIOD_NEW"},
+{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),     "SXNETID_NEW"},
+{ERR_PACK(0,ASN1_F_SXNET_NEW,0),       "SXNET_NEW"},
 {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),  "X509_ALGOR_NEW"},
 {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),      "X509_ATTRIBUTE_NEW"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),   "X509_CINF_NEW"},
index d36b0c2..eb0ab2e 100644 (file)
@@ -167,8 +167,10 @@ X509_EXTENSION *ex;
        obj=X509_EXTENSION_get_object(ex);
        i2a_ASN1_OBJECT(out,obj);
        j=X509_EXTENSION_get_critical(ex);
-       BIO_printf(out, ": %s\n%16s", j ? "critical":"","");
-       if(!X509V3_EXT_print(out, ex, 0))
-                                ASN1_OCTET_STRING_print(out,ex->value);
+       BIO_printf(out, ": %s\n", j ? "critical":"","");
+       if(!X509V3_EXT_print(out, ex, 0, 16)) {
+               BIO_printf(out, "%16s", "");
+               ASN1_OCTET_STRING_print(out,ex->value);
+       }
        BIO_write(out,"\n",1);
 }
index f0534ef..12e1704 100644 (file)
@@ -201,42 +201,11 @@ X509 *x;
                        obj=X509_EXTENSION_get_object(ex);
                        i2a_ASN1_OBJECT(bp,obj);
                        j=X509_EXTENSION_get_critical(ex);
-                       if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0)
+                       if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
                                goto err;
-#if 0
-                       pack_type=X509v3_pack_type_by_OBJ(obj);
-                       data_type=X509v3_data_type_by_OBJ(obj);
-                       
-                       if (pack_type == X509_EXT_PACK_STRING)
-                               {
-                               if (X509v3_unpack_string(
-                                       &str,data_type,
-                                       X509_EXTENSION_get_data(ex)) == NULL)
-                                       {
-                                       /* hmm... */
-                                       goto err;
-                                       }
-                               if (    (data_type == V_ASN1_IA5STRING) ||
-                                       (data_type == V_ASN1_PRINTABLESTRING) ||
-                                       (data_type == V_ASN1_T61STRING))
-                                       {
-                                       if (BIO_write(bp,(char *)str->data,
-                                                       str->length) <= 0)
-                                               goto err;
-                                       }
-                               else if (data_type == V_ASN1_BIT_STRING)
-                                       {
-                                       BIO_printf(bp,"0x");
-                                       for (j=0; j<str->length; j++)
-                                               {
-                                               BIO_printf(bp,"%02X",
-                                                       str->data[j]);
-                                               }
-                                       }
-                               }
-#endif
-                       if(!X509V3_EXT_print(bp, ex, 0))
+                       if(!X509V3_EXT_print(bp, ex, 0, 16))
                                {
+                               BIO_printf(bp, "%16s", "");
                                ASN1_OCTET_STRING_print(bp,ex->value);
                                }
                        if (BIO_write(bp,"\n",1) <= 0) goto err;
index 5362bad..b5dd338 100644 (file)
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 143
-#define NUM_SN 114
-#define NUM_LN 139
-#define NUM_OBJ 115
+#define NUM_NID 144
+#define NUM_SN 115
+#define NUM_LN 140
+#define NUM_OBJ 116
 
-static unsigned char lvalues[735]={
+static unsigned char lvalues[740]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -182,6 +182,7 @@ static unsigned char lvalues[735]={
 0x55,0x1D,0x1B,                              /* [725] OBJ_delta_crl */
 0x55,0x1D,0x15,                              /* [728] OBJ_crl_reason */
 0x55,0x1D,0x18,                              /* [731] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [734] OBJ_sxnet */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -380,6 +381,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
 {"invalidityDate","Invalidity Date",NID_invalidity_date,3,
        &(lvalues[731]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[734]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -456,6 +458,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[64]),/* "SHA1" */
 &(nid_objs[105]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
+&(nid_objs[143]),/* "SXNetID" */
 &(nid_objs[106]),/* "T" */
 &(nid_objs[102]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
@@ -522,6 +525,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
 &(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[143]),/* "Strong Extranet ID" */
 &(nid_objs[130]),/* "TLS Web Client Authentication" */
 &(nid_objs[129]),/* "TLS Web Server Authentication" */
 &(nid_objs[133]),/* "Time Stamping" */
@@ -692,6 +696,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
 &(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
 &(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
 &(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
 &(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
index 6ee2d4f..bc140ee 100644 (file)
@@ -754,6 +754,11 @@ extern "C" {
 #define NID_invalidity_date            142
 #define OBJ_invalidity_date            OBJ_ld_ce,24L
 
+#define SN_sxnet                       "SXNetID"
+#define LN_sxnet                       "Strong Extranet ID"
+#define NID_sxnet                      143
+#define OBJ_sxnet                      1L,3L,101L,1L,4L,1L
+
 #include "bio.h"
 #include "asn1.h"
 
index 6b5399c..5c27afc 100644 (file)
@@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=        v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o
+v3_int.o v3_enum.o v3_sxnet.o
 
 SRC= $(LIBSRC)
 
index 8bee98c..016a6a8 100644 (file)
@@ -75,7 +75,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID();
 #endif
 
 X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, 0,
+NID_authority_key_identifier, X509V3_EXT_MULTILINE,
 (X509V3_EXT_NEW)AUTHORITY_KEYID_new,
 AUTHORITY_KEYID_free,
 (X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
index 2686173..7abac29 100644 (file)
@@ -146,7 +146,7 @@ X509V3_EXT_METHOD *ext;
 }
 
 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason;
@@ -163,6 +163,7 @@ int X509V3_add_standard_extensions()
        X509V3_EXT_add(&v3_akey_id);
        X509V3_EXT_add(&v3_pkey_usage_period);
        X509V3_EXT_add(&v3_crl_num);
+       X509V3_EXT_add(&v3_sxnet);
        X509V3_EXT_add(&v3_crl_reason);
        return 1;
 }
index a602191..23a7152 100644 (file)
@@ -63,7 +63,7 @@
 #include "x509v3.h"
 
 #ifndef NOPROTO
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out);
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
 /*
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
 */
@@ -143,11 +143,13 @@ PKEY_USAGE_PERIOD *a;
        Free ((char *)a);
 }
 
-static int i2r_PKEY_USAGE_PERIOD(method, usage, out)
+static int i2r_PKEY_USAGE_PERIOD(method, usage, out, indent)
 X509V3_EXT_METHOD *method;
 PKEY_USAGE_PERIOD *usage;
 BIO *out;
+int indent;
 {
+       BIO_printf(out, "%*s", indent, "");
        if(usage->notBefore) {
                BIO_write(out, "Not Before: ", 12);
                ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
index f3cca7a..34bc9c8 100644 (file)
 
 /* Print out a name+value stack */
 
-void X509V3_EXT_val_prn(out, val)
+void X509V3_EXT_val_prn(out, val, indent, ml)
 BIO *out;
 STACK *val;
+int indent;
+int ml;
 {
        int i;
        CONF_VALUE *nval;
        if(!val) return;
+       if(!ml) BIO_printf(out, "%*s", indent, "");
        for(i = 0; i < sk_num(val); i++) {
-               if(i > 0) BIO_printf(out, ", ");
+               if(ml) BIO_printf(out, "%*s", indent, "");
+               else if(i > 0) BIO_printf(out, ", ");
                nval = (CONF_VALUE *)sk_value(val, i);
                if(!nval->name) BIO_printf(out, "%s", nval->value);
                else if(!nval->value) BIO_printf(out, "%s", nval->name);
                else BIO_printf(out, "%s:%s", nval->name, nval->value);
+               if(ml) BIO_puts(out, "\n");
        }
 }
 
 /* Main routine: print out a general extension */
 
-int X509V3_EXT_print(out, ext, flag)
+int X509V3_EXT_print(out, ext, flag, indent)
 BIO *out;
 X509_EXTENSION *ext;
 int flag;
+int indent;
 {
        char *ext_str = NULL, *p, *value = NULL;
        X509V3_EXT_METHOD *method;      
@@ -101,15 +107,16 @@ int flag;
                        ok = 0;
                        goto err;
                }
-               BIO_printf(out, value);
+               BIO_printf(out, "%*s%s", indent, "", value);
        } else if(method->i2v) {
                if(!(nval = method->i2v(method, ext_str, NULL))) {
                        ok = 0;
                        goto err;
                }
-               X509V3_EXT_val_prn(out, nval);
+               X509V3_EXT_val_prn(out, nval, indent,
+                                method->ext_flags & X509V3_EXT_MULTILINE);
        } else if(method->i2r) {
-               if(!method->i2r(method, ext_str, out)) ok = 0;
+               if(!method->i2r(method, ext_str, out, indent)) ok = 0;
        } else ok = 0;
 
        err:
@@ -119,15 +126,16 @@ int flag;
                return ok;
 }
 
-int X509V3_EXT_print_fp(fp, ext, flag)
+int X509V3_EXT_print_fp(fp, ext, flag, indent)
 FILE *fp;
 X509_EXTENSION *ext;
 int flag;
+int indent;
 {
        BIO *bio_tmp;
        int ret;
        if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
-       ret = X509V3_EXT_print(bio_tmp, ext, flag);
+       ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
        BIO_free(bio_tmp);
        return ret;
 }
index 3a8ce93..36f78b2 100644 (file)
@@ -95,7 +95,7 @@ char **argv;
        for(i = 0; i < count; i++) {
                ext = X509_get_ext(cert, i);
                printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-               if(!X509V3_EXT_print_fp(stdout, ext, 0)) ERR_print_errors_fp(stderr);
+               if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
                printf("\n");
                
        }
index 0d1b340..89147cf 100644 (file)
@@ -79,7 +79,7 @@ typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext, STACK
 typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
 typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent);
 typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value);
 
 /* V3 extension structure */
@@ -123,8 +123,9 @@ typedef struct v3_ext_method X509V3_EXT_METHOD;
 typedef struct v3_ext_ctx X509V3_CTX;
 
 /* ext_flags values */
-#define X509V3_EXT_DYNAMIC 0x1
-#define X509V3_EXT_CTX_DEP 0x2
+#define X509V3_EXT_DYNAMIC     0x1
+#define X509V3_EXT_CTX_DEP     0x2
+#define X509V3_EXT_MULTILINE   0x4
 
 typedef struct {
 int bitnum;
@@ -173,8 +174,17 @@ union {
 } d;
 } GENERAL_NAME;
 
+/* Strong extranet structures */
 
+typedef struct {
+       ASN1_INTEGER *version;
+       STACK /* SXNETID */ *ids;
+} SXNET;
 
+typedef struct {
+       ASN1_INTEGER *zone;
+       ASN1_OCTET_STRING *user;
+} SXNETID;
 
 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
 ",name:", val->name, ",value:", val->value);
@@ -215,6 +225,16 @@ GENERAL_NAME *GENERAL_NAME_new(void);
 void GENERAL_NAME_free(GENERAL_NAME *a);
 STACK *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK *ret);
 
+int i2d_SXNET(SXNET *a, unsigned char **pp);
+SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
+SXNET *SXNET_new(void);
+void SXNET_free(SXNET *a);
+
+int i2d_SXNETID(SXNETID *a, unsigned char **pp);
+SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
+SXNETID *SXNETID_new(void);
+void SXNETID_free(SXNETID *a);
+
 int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
 AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
 AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
@@ -272,8 +292,8 @@ char *hex_to_string(unsigned char *buffer, long len);
 unsigned char *string_to_hex(char *str, long *len);
 int name_cmp(char *name, char *cmp);
 
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 
 #else
 
@@ -290,6 +310,16 @@ void GENERAL_NAME_free();
 STACK *i2v_GENERAL_NAME();
 GENERAL_NAME *v2i_GENERAL_NAME();
 
+int i2d_SXNET();
+SXNET *d2i_SXNET();
+SXNET *SXNET_new();
+void SXNET_free();
+
+int i2d_SXNETID();
+SXNETID *d2i_SXNETID();
+SXNETID *SXNETID_new();
+void SXNETID_free();
+
 int i2d_AUTHORITY_KEYID();
 AUTHORITY_KEYID *d2i_AUTHORITY_KEYID();
 AUTHORITY_KEYID *AUTHORITY_KEYID_new();