ObjOpenSSL  Diff

Differences From Artifact [5edfa14c10]:

To Artifact [fc4aee8bfa]:


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

#if defined(__clang__)
# pragma clang diagnostic pop
#endif

#import "X509Certificate.h"

#import <ObjFW/OFAutoreleasePool.h>
#import <ObjFW/OFArray.h>
#import <ObjFW/OFData.h>
#import <ObjFW/OFDictionary.h>
#import <ObjFW/OFFile.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidEncodingException.h>
#import <ObjFW/OFList.h>







<







31
32
33
34
35
36
37

38
39
40
41
42
43
44

#if defined(__clang__)
# pragma clang diagnostic pop
#endif

#import "X509Certificate.h"


#import <ObjFW/OFArray.h>
#import <ObjFW/OFData.h>
#import <ObjFW/OFDictionary.h>
#import <ObjFW/OFFile.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidEncodingException.h>
#import <ObjFW/OFList.h>
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
}

- initWithFile: (OFString *)path
{
	self = [super init];

	@try {
		OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
		OFData *data = [OFData dataWithContentsOfFile: path];
		const unsigned char *dataItems = data.items;

		_certificate = d2i_X509(NULL, &dataItems, data.count);
		if (_certificate == NULL)
			@throw [OFInitializationFailedException
			    exceptionWithClass: self.class];

		[pool release];
	} @catch (id e) {
		[self release];
		@throw e;
	}

	return self;
}







|








|







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
}

- initWithFile: (OFString *)path
{
	self = [super init];

	@try {
		void *pool = objc_autoreleasePoolPush();
		OFData *data = [OFData dataWithContentsOfFile: path];
		const unsigned char *dataItems = data.items;

		_certificate = d2i_X509(NULL, &dataItems, data.count);
		if (_certificate == NULL)
			@throw [OFInitializationFailedException
			    exceptionWithClass: self.class];

		objc_autoreleasePoolPop(pool);
	} @catch (id e) {
		[self release];
		@throw e;
	}

	return self;
}
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

177
178
179
180
181
182
183
	_subject = [[self X509_dictionaryFromX509Name: name] retain];

	return _subject;
}

- (OFDictionary *)subjectAlternativeName
{
	OFAutoreleasePool *pool;
	OFMutableDictionary *ret;
	int i;

	if (_subjectAlternativeName != nil)
		return [[_subjectAlternativeName copy] autorelease];

	ret = [OFMutableDictionary dictionary];
	pool = [[OFAutoreleasePool alloc] init];

	i = -1;
	while ((i = X509_get_ext_by_NID(_certificate,
	    NID_subject_alt_name, i)) != -1) {

		X509_EXTENSION *extension;
		STACK_OF(GENERAL_NAME) *values;
		int j, count;

		if ((extension = X509_get_ext(_certificate, i)) == NULL)
			break;








<







<




>







156
157
158
159
160
161
162

163
164
165
166
167
168
169

170
171
172
173
174
175
176
177
178
179
180
181
	_subject = [[self X509_dictionaryFromX509Name: name] retain];

	return _subject;
}

- (OFDictionary *)subjectAlternativeName
{

	OFMutableDictionary *ret;
	int i;

	if (_subjectAlternativeName != nil)
		return [[_subjectAlternativeName copy] autorelease];

	ret = [OFMutableDictionary dictionary];


	i = -1;
	while ((i = X509_get_ext_by_NID(_certificate,
	    NID_subject_alt_name, i)) != -1) {
		void *pool = objc_autoreleasePoolPush();
		X509_EXTENSION *extension;
		STACK_OF(GENERAL_NAME) *values;
		int j, count;

		if ((extension = X509_get_ext(_certificate, i)) == NULL)
			break;

267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
				break;
			default:
				break;
			}
		}

		i++; /* Next extension */
		[pool releaseObjects];
	}

	[pool release];

	[ret makeImmutable];
	_subjectAlternativeName = [ret retain];

	return ret;
}

- (bool)hasCommonNameMatchingDomain: (OFString *)domain
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];

	for (OFString *name in [[self subject] objectForKey: OID_commonName]) {
		if ([self X509_isAssertedDomain: name
				    equalDomain: domain]) {
			[pool release];
			return true;
		}
	}

	[pool release];
	return false;
}

- (bool)hasDNSNameMatchingDomain: (OFString *)domain
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];

	for (OFString *name in
	    [[self subjectAlternativeName] objectForKey: @"dNSName"]) {
		if ([self X509_isAssertedDomain: name
				    equalDomain: domain]) {
			[pool release];
			return true;
		}
	}

	[pool release];
	return false;
}

- (bool)hasSRVNameMatchingDomain: (OFString *)domain
			 service: (OFString *)service
{
	size_t serviceLength;
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	OFDictionary *SANs = self.subjectAlternativeName;
	OFList *assertedNames = [[SANs objectForKey: @"otherName"]
				       objectForKey: OID_SRVName];

	if (![service hasPrefix: @"_"])
		service = [service stringByPrependingString: @"_"];

	service = [service stringByAppendingString: @"."];
	serviceLength = service.length;

	for (OFString *name in assertedNames) {
		if ([name hasPrefix: service]) {
			OFString *asserted;
			asserted = [name substringWithRange: of_range(
			    serviceLength, name.length - serviceLength)];
			if ([self X509_isAssertedDomain: asserted
					    equalDomain: domain]) {
				[pool release];
				return true;
			}
		}
	}

	[pool release];
	return false;
}

- (bool)X509_isAssertedDomain: (OFString *)asserted
		  equalDomain: (OFString *)domain
{
	/*







|


<









|




|




|





|





|




|







|

















|





|







265
266
267
268
269
270
271
272
273
274

275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
				break;
			default:
				break;
			}
		}

		i++; /* Next extension */
		objc_autoreleasePoolPop(pool);
	}



	[ret makeImmutable];
	_subjectAlternativeName = [ret retain];

	return ret;
}

- (bool)hasCommonNameMatchingDomain: (OFString *)domain
{
	void *pool = objc_autoreleasePoolPush();

	for (OFString *name in [[self subject] objectForKey: OID_commonName]) {
		if ([self X509_isAssertedDomain: name
				    equalDomain: domain]) {
			objc_autoreleasePoolPop(pool);
			return true;
		}
	}

	objc_autoreleasePoolPop(pool);
	return false;
}

- (bool)hasDNSNameMatchingDomain: (OFString *)domain
{
	void *pool = objc_autoreleasePoolPush();

	for (OFString *name in
	    [[self subjectAlternativeName] objectForKey: @"dNSName"]) {
		if ([self X509_isAssertedDomain: name
				    equalDomain: domain]) {
			objc_autoreleasePoolPop(pool);
			return true;
		}
	}

	objc_autoreleasePoolPop(pool);
	return false;
}

- (bool)hasSRVNameMatchingDomain: (OFString *)domain
			 service: (OFString *)service
{
	size_t serviceLength;
	void *pool = objc_autoreleasePoolPush();
	OFDictionary *SANs = self.subjectAlternativeName;
	OFList *assertedNames = [[SANs objectForKey: @"otherName"]
				       objectForKey: OID_SRVName];

	if (![service hasPrefix: @"_"])
		service = [service stringByPrependingString: @"_"];

	service = [service stringByAppendingString: @"."];
	serviceLength = service.length;

	for (OFString *name in assertedNames) {
		if ([name hasPrefix: service]) {
			OFString *asserted;
			asserted = [name substringWithRange: of_range(
			    serviceLength, name.length - serviceLength)];
			if ([self X509_isAssertedDomain: asserted
					    equalDomain: domain]) {
				objc_autoreleasePoolPop(pool);
				return true;
			}
		}
	}

	objc_autoreleasePoolPop(pool);
	return false;
}

- (bool)X509_isAssertedDomain: (OFString *)asserted
		  equalDomain: (OFString *)domain
{
	/*
380
381
382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416

	return false;
}

- (OFDictionary *)X509_dictionaryFromX509Name: (X509_NAME *)name
{
	OFMutableDictionary *dict = [OFMutableDictionary dictionary];
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	int i, count = X509_NAME_entry_count(name);

	for (i = 0; i < count; i++) {

		X509OID *key;
		OFString *value;
		X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
		ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
		ASN1_STRING *str = X509_NAME_ENTRY_get_data(entry);
		key = [self X509_stringFromASN1Object: obj];

		if ([dict objectForKey: key] == nil)
			[dict setObject: [OFList list]
				 forKey: key];

		value = [self X509_stringFromASN1String: str];
		[[dict objectForKey: key] appendObject: value];

		[pool releaseObjects];
	}

	[pool release];

	[dict makeImmutable];
	return dict;
}


- (X509OID *)X509_stringFromASN1Object: (ASN1_OBJECT *)object
{







<



>














|


<
<







377
378
379
380
381
382
383

384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404


405
406
407
408
409
410
411

	return false;
}

- (OFDictionary *)X509_dictionaryFromX509Name: (X509_NAME *)name
{
	OFMutableDictionary *dict = [OFMutableDictionary dictionary];

	int i, count = X509_NAME_entry_count(name);

	for (i = 0; i < count; i++) {
		void *pool = objc_autoreleasePoolPush();
		X509OID *key;
		OFString *value;
		X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
		ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
		ASN1_STRING *str = X509_NAME_ENTRY_get_data(entry);
		key = [self X509_stringFromASN1Object: obj];

		if ([dict objectForKey: key] == nil)
			[dict setObject: [OFList list]
				 forKey: key];

		value = [self X509_stringFromASN1String: str];
		[[dict objectForKey: key] appendObject: value];

		objc_autoreleasePoolPop(pool);
	}



	[dict makeImmutable];
	return dict;
}


- (X509OID *)X509_stringFromASN1Object: (ASN1_OBJECT *)object
{