patrickpr
diff --git a/‎src/app/sslcertificates.cpp‎
Lines changed: 85 additions & 5 deletions b/‎src/app/sslcertificates.cpp‎
Lines changed: 85 additions & 5 deletions
diff --git a/‎src/app/sslcertificates.h‎
Lines changed: 88 additions & 11 deletions b/‎src/app/sslcertificates.h‎
Lines changed: 88 additions & 11 deletions
@@ -764,23 +764,23 @@ int SSLCertificates::get_cert_HUM(char* Skey,size_t maxlength) {
     return 0;
 }
 
-int SSLCertificates::get_CN_from_name(char* CN,size_t maxlength, X509_NAME2* certname)
+int SSLCertificates::get_DN_Elmt_from_name(char *CN, size_t maxlength, X509_NAME2 *certname, int NID)
 {
   int common_name_loc = -1;
    X509_NAME_ENTRY *common_name_entry = nullptr;
    ASN1_STRING *common_name_asn1 = nullptr;
 
-   // Find the position of the CN field in the Subject field of the certificate
-   common_name_loc = X509_NAME_get_index_by_NID(certname, NID_commonName, -1);
+   // Find the position of the field in the Subject field of the certificate
+   common_name_loc = X509_NAME_get_index_by_NID(certname, NID, -1);
    if (common_name_loc < 0) {
            return 1;
    }
-   // Extract the CN field
+   // Extract the field
    common_name_entry = X509_NAME_get_entry(certname, common_name_loc);
    if (common_name_entry == nullptr) {
            return 1;
    }
-   // Convert the CN field to a C string
+   // Convert the field to a C string
    common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
    if (common_name_asn1 == nullptr) {
            return 1;
@@ -803,6 +803,59 @@ int SSLCertificates::get_CN_from_name(char* CN,size_t maxlength, X509_NAME2* cer
    return 0;
 }
 
+int SSLCertificates::get_CN_from_name(char* CN,size_t maxlength, X509_NAME2* certname)
+{
+  return this->get_DN_Elmt_from_name(CN,maxlength,certname,NID_commonName);
+}
+
+int SSLCertificates::get_cert_subject_from_name(certType certORcsr, std::string *oCN, std::string *oC, std::string *oS,
+                                                std::string *oL, std::string *oO, std::string *oOU,
+                                                std::string *omail)
+{
+  size_t maxlength=this->subjectElmntMaxSize;
+  char buffer[this->subjectElmntMaxSize];
+  X509_NAME2* certname;
+  switch(certORcsr)
+  {
+    case Certificate: certname=X509_get_subject_name(this->x509);break;
+    case CSR: certname=X509_REQ_get_subject_name(this->csr);break;
+    case NoCert: return 1;
+  }
+  *omail="";
+  if (this->get_DN_Elmt_from_name(buffer,maxlength,certname,CN_NID) == 0)
+  {
+    std::string CN(buffer);
+    size_t index = CN.find("/emailAddress=");
+    if (index == std::string::npos)
+    { // not found
+      oCN->assign(buffer);
+      *omail="";
+    }
+    else
+    {
+      *oCN=CN.substr(0,index);
+      *omail=CN.substr(index+14); // remove "/emailAddress"
+    }
+  }
+  else *oCN="";
+  if (this->get_DN_Elmt_from_name(buffer,maxlength,certname,C_NID) == 0)
+    oC->assign(buffer);
+  else *oC="";
+  if (this->get_DN_Elmt_from_name(buffer,maxlength,certname,S_NID) == 0)
+    oS->assign(buffer);
+  else *oS="";
+  if (this->get_DN_Elmt_from_name(buffer,maxlength,certname,L_NID) == 0)
+    oL->assign(buffer);
+  else *oL="";
+  if (this->get_DN_Elmt_from_name(buffer,maxlength,certname,O_NID) == 0)
+    oO->assign(buffer);
+  else *oO="";
+  if (this->get_DN_Elmt_from_name(buffer,maxlength,certname,OU_NID) == 0)
+    oOU->assign(buffer);
+  else *oOU="";
+  return 0;
+}
+
 int SSLCertificates::get_cert_CN(char* CN,size_t maxlength, X509* cert)
 {
    if (cert == nullptr) // TODO : check if cert is defined (checking nullptr ids not enough as the structure is defined in constructor). if not, the program crash
@@ -1302,6 +1355,33 @@ int SSLCertificates::x509_extension_add(std::string extensionNameI, std::string
     return 0;
 }
 
+int SSLCertificates::x509_extension_get(std::vector<SSLCertificates::x509Extension> *extensions)
+{
+  X509_EXTENSION * ext;
+  int extNID;
+  ASN1_OCTET_STRING * extValue;
+  int numExt=X509_get_ext_count(this->x509);
+  for (int i=0;i<numExt;i++)
+  {
+    x509Extension extVal;
+    ext=X509_get_ext(this->x509,i);
+    if (ext==nullptr) continue;
+
+    if (X509_EXTENSION_get_critical(ext)==1) extVal.critical=true;
+    else extVal.critical=false;
+    extValue=X509_EXTENSION_get_data(ext);
+    extNID=OBJ_obj2nid(X509_EXTENSION_get_object(ext));
+    BASIC_CONSTRAINTS* test;
+    AUTHORITY_KEYID *test2;
+    // TODO : get extensions and put it in the GUI. Seems every extension type has to be get by specific methods....
+    test=nullptr;
+    test2=nullptr;
+    extensions=nullptr;
+    // END TODO
+  }
+  return 0;
+}
+
 int SSLCertificates::add_ext(X509 *cert, int nid, const char *value)
 {
     X509_EXTENSION *ex;
 
@@ -43,6 +43,15 @@ class SSLCertificates
 
     enum keyTypes { KeyNone=-1, KeyRSA=1, KeyDSA=2 , KeyEC = 3};
     enum certType { NoCert=-1, Certificate=0, CSR=1};
+    static const size_t subjectElmntMaxSize=100;
+    enum certSubjectList {
+      CN_NID = NID_commonName,
+      C_NID = NID_countryName,
+      S_NID = NID_stateOrProvinceName,
+      L_NID = NID_localityName,
+      O_NID = NID_organizationName,
+      OU_NID = NID_organizationalUnitName,
+      email_NID = 0};
 
     /**
      * @brief set_key_params : set parameters for all keys
@@ -118,6 +127,15 @@ class SSLCertificates
      * check ssl errors
      */
     int get_cert_HUM(char* Skey,size_t maxlength);
+    /**
+     * @brief get_DN_Elmt_from_name
+     * @param char * CN : returned element name
+     * @param size_t maxlength
+     * @param  X509_NAME_st* certname
+     * @param NID int : NID of name element
+     * @return 0 = OK, 2 overflow, 1 error/not found.
+     */
+    int get_DN_Elmt_from_name(char* CN,size_t maxlength, X509_NAME2* certname, int NID);
     /**
      * @brief get_CN_from_name
      * @param char * CN
@@ -126,6 +144,10 @@ class SSLCertificates
      * @return 0 = OK, 2 overflow, 1 error.
      */
     int get_CN_from_name(char* CN,size_t maxlength, X509_NAME2* certname);
+
+    int get_cert_subject_from_name(certType certORcsr,std::string* oCN, std::string* oC, std::string* oS,
+                                   std::string* oL, std::string* oO, std::string* oOU,
+                                   std::string* omail);
     /**
      * @brief get_cert_CN : get CN of certificate (copy of openssl wiki)
      * @param CN : CN of certificate
@@ -318,20 +340,70 @@ class SSLCertificates
     typedef struct x509Extension {
         char name[50]; //!< Name of extension
         int NID; //!< NID of extension
-        char values[200]; //!< possible values, comma separated
+        char values[500]; //!< possible values, comma separated
+        bool critical; //!< used to get extensions
     } x509Extension; //!< Structure for x509 extension array
     /* not declared as static if it can be read from openssl in future release */
     x509Extension X509ExtensionHelp[9] = {
-        {"basicConstraints",NID_basic_constraints,"CA:TRUE,CA:FALSE,pathlen:<num>"},
-        {"keyUsage",NID_key_usage,"digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly"},
-        {"subjectAltName",NID_subject_alt_name,"URI:http://<site>,email:<mail>,IP:<IP4/6>"},
-        {"crlDistributionPoints",NID_crl_distribution_points,"URI:http://<site>"},
-        {"extendedKeyUsage",NID_ext_key_usage,"serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning,ipsecIKE,msCodeInd,msCodeCom,msCTLSign,msEFS"},
-        {"subjectKeyIdentifier",NID_subject_key_identifier,"<key>"},
-        {SN_authority_key_identifier,NID_authority_key_identifier,"keyid:<key>"},
-        {"certificatePolicies",NID_certificate_policies,"1.2.4.5"},
-        {"policyConstraints",NID_policy_constraints,"requireExplicitPolicy:<num>,inhibitPolicyMapping:<num>"} //!<list of common X509v3 extensions
+        {"basicConstraints",NID_basic_constraints,"CA:TRUE,CA:FALSE,pathlen:<num>",false},
+        {"keyUsage",NID_key_usage,"digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly",false},
+        {"subjectAltName",NID_subject_alt_name,"URI:http://<site>,email:<mail>,IP:<IP4/6>",false},
+        {"crlDistributionPoints",NID_crl_distribution_points,"URI:http://<site>",false},
+        {"extendedKeyUsage",NID_ext_key_usage,"serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning,ipsecIKE,msCodeInd,msCodeCom,msCTLSign,msEFS",false},
+        {"subjectKeyIdentifier",NID_subject_key_identifier,"<key>",false},
+        {SN_authority_key_identifier,NID_authority_key_identifier,"keyid:<key>",false},
+        {"certificatePolicies",NID_certificate_policies,"1.2.4.5",false},
+        {"policyConstraints",NID_policy_constraints,"requireExplicitPolicy:<num>,inhibitPolicyMapping:<num>",false} //!<list of common X509v3 extensions
     };
+/* From : https://www.openssl.org/docs/man1.1.0/man3/X509V3_EXT_d2i.html
+
+ RFC5280
+ Basic Constraints                  NID_basic_constraints
+ Key Usage                          NID_key_usage
+ Extended Key Usage                 NID_ext_key_usage
+
+ Subject Key Identifier             NID_subject_key_identifier
+ Authority Key Identifier           NID_authority_key_identifier
+
+ Private Key Usage Period           NID_private_key_usage_period
+
+ Subject Alternative Name           NID_subject_alt_name
+ Issuer Alternative Name            NID_issuer_alt_name
+
+ Authority Information Access       NID_info_access
+ Subject Information Access         NID_sinfo_access
+
+ Name Constraints                   NID_name_constraints
+
+ Certificate Policies               NID_certificate_policies
+ Policy Mappings                    NID_policy_mappings
+ Policy Constraints                 NID_policy_constraints
+ Inhibit Any Policy                 NID_inhibit_any_policy
+
+ TLS Feature                        NID_tlsfeature
+
+ RFC5280
+ CRL Number                         NID_crl_number
+ CRL Distribution Points            NID_crl_distribution_points
+ Delta CRL Indicator                NID_delta_crl
+ Freshest CRL                       NID_freshest_crl
+ Invalidity Date                    NID_invalidity_date
+ Issuing Distribution Point         NID_issuing_distribution_point
+
+ OSCP
+ OCSP Nonce                         NID_id_pkix_OCSP_Nonce
+ OCSP CRL ID                        NID_id_pkix_OCSP_CrlID
+ Acceptable OCSP Responses          NID_id_pkix_OCSP_acceptableResponses
+ OCSP No Check                      NID_id_pkix_OCSP_noCheck
+ OCSP Archive Cutoff                NID_id_pkix_OCSP_archiveCutoff
+ OCSP Service Locator               NID_id_pkix_OCSP_serviceLocator
+ Hold Instruction Code              NID_hold_instruction_code
+
+RFC6962
+ CT Precertificate SCTs             NID_ct_precert_scts
+ CT Certificate SCTs                NID_ct_cert_scts
+*/
+
     int X509ExtensionHelpNum=8; //!< Number of X509ExtensionHelp
 
     /**
@@ -343,7 +415,12 @@ class SSLCertificates
      */
     int x509_extension_add(std::string extensionNameI, std::string extensionValI, int extensionCriticalI);
 
-
+    /**
+     * @brief x509_extension_get : get all X509v3 extensions from cert
+     * @param extensions vector<x509Extension> * : values returned
+     * @return 0 : success, 1 : error
+     */
+    int x509_extension_get(std::vector<x509Extension>* extensions);
 private:
 
     EVP_MD* useDigest; //!< Digest to use