]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added gnutls_x509_crt_get_signature_oid and gnutls_x509_crt_get_pk_oid
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 13 Apr 2016 07:17:08 +0000 (09:17 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 13 Apr 2016 09:30:28 +0000 (11:30 +0200)
These functions can directly provide the textual object identifier
of their corresponding fields.

lib/includes/gnutls/x509.h
lib/libgnutls.map
lib/x509/x509.c

index f0ebe964d33b48e8aac9316f2600898a50fdae56..7c60e99af9909081d9f2a9539ee08b35111bda9e 100644 (file)
@@ -192,6 +192,8 @@ int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
                                  char *sig, size_t * sizeof_sig);
 int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);
 
+int gnutls_x509_crt_get_pk_oid(gnutls_x509_crt_t cert, char *oid, size_t *oid_size);
+int gnutls_x509_crt_get_signature_oid(gnutls_x509_crt_t cert, char *oid, size_t *oid_size);
 
 /**
  * gnutls_keyid_flags_t:
index 1f266bc9d96dfd3ad8501e31ac3a8b46dcc7d8f1..6275279d3fc7db331d9c32ecdb8209350ce2ae44 100644 (file)
@@ -1079,6 +1079,8 @@ GNUTLS_3_4
        gnutls_session_get_flags;
        gnutls_session_get_master_secret;
        gnutls_handshake_set_false_start_function;
+       gnutls_x509_crt_get_signature_oid;
+       gnutls_x509_crt_get_pk_oid;
  local:
        *;
 };
index fae63e09d9a7721f1a46b182af8d78f06c021260..1011dd2b6c79cd89d8c74085c91120849e820ad7 100644 (file)
@@ -672,6 +672,8 @@ gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert,
  * enumeration that is the signature algorithm that has been used to
  * sign this certificate.
  *
+ * Unknown/unsupported signature algorithms are mapped to %GNUTLS_SIGN_UNKNOWN.
+ *
  * Returns: a #gnutls_sign_algorithm_t value, or a negative error code on
  *   error.
  **/
@@ -681,6 +683,86 @@ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert)
                                                    "signatureAlgorithm.algorithm");
 }
 
+/**
+ * gnutls_x509_crt_get_signature_oid:
+ * @cert: should contain a #gnutls_x509_crt_t type
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @oid_size: initially holds the size of @oid
+ *
+ * This function will return the OID of the signature algorithm
+ * that has been used to sign this certificate. This is function
+ * is useful in the case gnutls_x509_crt_get_signature_algorithm()
+ * returned %GNUTLS_SIGN_UNKNOWN.
+ *
+ * Returns: zero or a negative error code on error.
+ *
+ * Since: 3.5.0
+ **/
+int gnutls_x509_crt_get_signature_oid(gnutls_x509_crt_t cert, char *oid, size_t *oid_size)
+{
+       char str[MAX_OID_SIZE];
+       int len, result, ret;
+       gnutls_datum_t out;
+
+       len = sizeof(str);
+       result = asn1_read_value(cert->cert, "signatureAlgorithm.algorithm", str, &len);
+       if (result != ASN1_SUCCESS) {
+               gnutls_assert();
+               return _gnutls_asn2err(result);
+       }
+
+       out.data = (void*)str;
+       out.size = len;
+
+       ret = _gnutls_copy_string(&out, (void*)oid, oid_size);
+       if (ret < 0) {
+               gnutls_assert();
+               return ret;
+       }
+
+       return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_pk_oid:
+ * @cert: should contain a #gnutls_x509_crt_t type
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @oid_size: initially holds the size of @oid
+ *
+ * This function will return the OID of the public key algorithm
+ * on that certificate. This is function
+ * is useful in the case gnutls_x509_crt_get_pk_algorithm()
+ * returned %GNUTLS_PK_UNKNOWN.
+ *
+ * Returns: zero or a negative error code on error.
+ *
+ * Since: 3.5.0
+ **/
+int gnutls_x509_crt_get_pk_oid(gnutls_x509_crt_t cert, char *oid, size_t *oid_size)
+{
+       char str[MAX_OID_SIZE];
+       int len, result, ret;
+       gnutls_datum_t out;
+
+       len = sizeof(str);
+       result = asn1_read_value(cert->cert, "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm", str, &len);
+       if (result != ASN1_SUCCESS) {
+               gnutls_assert();
+               return _gnutls_asn2err(result);
+       }
+
+       out.data = (void*)str;
+       out.size = len;
+
+       ret = _gnutls_copy_string(&out, (void*)oid, oid_size);
+       if (ret < 0) {
+               gnutls_assert();
+               return ret;
+       }
+
+       return 0;
+}
+
 /**
  * gnutls_x509_crt_get_signature:
  * @cert: should contain a #gnutls_x509_crt_t type
@@ -1155,6 +1237,8 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id,
  * For DSA the bits returned are of the public
  * exponent.
  *
+ * Unknown/unsupported algorithms are mapped to %GNUTLS_PK_UNKNOWN.
+ *
  * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
  * success, or a negative error code on error.
  **/