ObjOpenSSL  Diff

Differences From Artifact [5edfa14c10]:

To Artifact [fc4aee8bfa]:


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
31
32
33
34
35
36
37

38
39
40
41
42
43
44







-








#if defined(__clang__)
# pragma clang diagnostic pop
#endif

#import "X509Certificate.h"

#import <ObjFW/OFAutoreleasePool.h>
#import <ObjFW/OFArray.h>
#import <ObjFW/OFData.h>
#import <ObjFW/OFDictionary.h>
#import <ObjFW/OFFile.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidEncodingException.h>
#import <ObjFW/OFList.h>
67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
83

84
85
86
87
88
89
90
66
67
68
69
70
71
72

73
74
75
76
77
78
79
80
81

82
83
84
85
86
87
88
89







-
+








-
+







}

- initWithFile: (OFString *)path
{
	self = [super init];

	@try {
		OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
		void *pool = objc_autoreleasePoolPush();
		OFData *data = [OFData dataWithContentsOfFile: path];
		const unsigned char *dataItems = data.items;

		_certificate = d2i_X509(NULL, &dataItems, data.count);
		if (_certificate == NULL)
			@throw [OFInitializationFailedException
			    exceptionWithClass: self.class];

		[pool release];
		objc_autoreleasePoolPop(pool);
	} @catch (id e) {
		[self release];
		@throw e;
	}

	return self;
}
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

177
178
179
180
181
182
183
156
157
158
159
160
161
162

163
164
165
166
167
168
169

170
171
172
173
174
175
176
177
178
179
180
181







-







-




+







	_subject = [[self X509_dictionaryFromX509Name: name] retain];

	return _subject;
}

- (OFDictionary *)subjectAlternativeName
{
	OFAutoreleasePool *pool;
	OFMutableDictionary *ret;
	int i;

	if (_subjectAlternativeName != nil)
		return [[_subjectAlternativeName copy] autorelease];

	ret = [OFMutableDictionary dictionary];
	pool = [[OFAutoreleasePool alloc] init];

	i = -1;
	while ((i = X509_get_ext_by_NID(_certificate,
	    NID_subject_alt_name, i)) != -1) {
		void *pool = objc_autoreleasePoolPush();
		X509_EXTENSION *extension;
		STACK_OF(GENERAL_NAME) *values;
		int j, count;

		if ((extension = X509_get_ext(_certificate, i)) == NULL)
			break;

267
268
269
270
271
272
273
274

275
276
277
278
279
280
281
282
283
284
285
286
287

288
289
290
291
292

293
294
295
296
297

298
299
300
301
302
303

304
305
306
307
308
309

310
311
312
313
314

315
316
317
318
319
320
321
322

323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340

341
342
343
344
345
346

347
348
349
350
351
352
353
265
266
267
268
269
270
271

272
273
274

275
276
277
278
279
280
281
282
283

284
285
286
287
288

289
290
291
292
293

294
295
296
297
298
299

300
301
302
303
304
305

306
307
308
309
310

311
312
313
314
315
316
317
318

319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336

337
338
339
340
341
342

343
344
345
346
347
348
349
350







-
+


-









-
+




-
+




-
+





-
+





-
+




-
+







-
+

















-
+





-
+







				break;
			default:
				break;
			}
		}

		i++; /* Next extension */
		[pool releaseObjects];
		objc_autoreleasePoolPop(pool);
	}

	[pool release];

	[ret makeImmutable];
	_subjectAlternativeName = [ret retain];

	return ret;
}

- (bool)hasCommonNameMatchingDomain: (OFString *)domain
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	void *pool = objc_autoreleasePoolPush();

	for (OFString *name in [[self subject] objectForKey: OID_commonName]) {
		if ([self X509_isAssertedDomain: name
				    equalDomain: domain]) {
			[pool release];
			objc_autoreleasePoolPop(pool);
			return true;
		}
	}

	[pool release];
	objc_autoreleasePoolPop(pool);
	return false;
}

- (bool)hasDNSNameMatchingDomain: (OFString *)domain
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	void *pool = objc_autoreleasePoolPush();

	for (OFString *name in
	    [[self subjectAlternativeName] objectForKey: @"dNSName"]) {
		if ([self X509_isAssertedDomain: name
				    equalDomain: domain]) {
			[pool release];
			objc_autoreleasePoolPop(pool);
			return true;
		}
	}

	[pool release];
	objc_autoreleasePoolPop(pool);
	return false;
}

- (bool)hasSRVNameMatchingDomain: (OFString *)domain
			 service: (OFString *)service
{
	size_t serviceLength;
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	void *pool = objc_autoreleasePoolPush();
	OFDictionary *SANs = self.subjectAlternativeName;
	OFList *assertedNames = [[SANs objectForKey: @"otherName"]
				       objectForKey: OID_SRVName];

	if (![service hasPrefix: @"_"])
		service = [service stringByPrependingString: @"_"];

	service = [service stringByAppendingString: @"."];
	serviceLength = service.length;

	for (OFString *name in assertedNames) {
		if ([name hasPrefix: service]) {
			OFString *asserted;
			asserted = [name substringWithRange: of_range(
			    serviceLength, name.length - serviceLength)];
			if ([self X509_isAssertedDomain: asserted
					    equalDomain: domain]) {
				[pool release];
				objc_autoreleasePoolPop(pool);
				return true;
			}
		}
	}

	[pool release];
	objc_autoreleasePoolPop(pool);
	return false;
}

- (bool)X509_isAssertedDomain: (OFString *)asserted
		  equalDomain: (OFString *)domain
{
	/*
380
381
382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405

406
407
408
409
410
411
412
413
414
415
416
377
378
379
380
381
382
383

384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401

402
403
404


405
406
407
408
409
410
411







-



+














-
+


-
-








	return false;
}

- (OFDictionary *)X509_dictionaryFromX509Name: (X509_NAME *)name
{
	OFMutableDictionary *dict = [OFMutableDictionary dictionary];
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	int i, count = X509_NAME_entry_count(name);

	for (i = 0; i < count; i++) {
		void *pool = objc_autoreleasePoolPush();
		X509OID *key;
		OFString *value;
		X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
		ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
		ASN1_STRING *str = X509_NAME_ENTRY_get_data(entry);
		key = [self X509_stringFromASN1Object: obj];

		if ([dict objectForKey: key] == nil)
			[dict setObject: [OFList list]
				 forKey: key];

		value = [self X509_stringFromASN1String: str];
		[[dict objectForKey: key] appendObject: value];

		[pool releaseObjects];
		objc_autoreleasePoolPop(pool);
	}

	[pool release];

	[dict makeImmutable];
	return dict;
}


- (X509OID *)X509_stringFromASN1Object: (ASN1_OBJECT *)object
{