WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Extend certfields to output alt names and tie in w/ certgen example

pull/215/head
kaleb-himes 2020-06-25 14:24:01 -06:00
parent 9622943b6a
commit ee78caaeec
2 changed files with 96 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
certfields/README.md
View File

@ -18,7 +18,43 @@ Then, compile the example app:
``` ```
$ make $ make
$ ./app ```
Next, run the example app with a cert of your choice:
EXAMPLE A:
```
$ ./app ../certs/ca-cert.der RSA
PUBLIC KEY:
3082010A0282010100BF0CCA2D14B21E84425BCD381F4AF24D7510F1B6359FDFCA7D0398D3ACDE0366EE2AF1D8B07D6E07540B1098214D80CB1220E7CC4FDE457DC9727732EACA90BB695210032FA8F395C5F18B62561BEF676FA4104195AD0A9BE3A5C0B0D2707650305BA8E8082C7CEDA7A27A8D38291CACC7EDF27C95B095827D495C38CD7725EFBD807553943C3DCA635B9F15B5D31D132F19D13CDB763ACCB87DC9E5C2D7DA406FD821DC731B422D539CFE1AFC7DAB7A363F98DE847C0567CE6A143887A9F18CB568CB687F71202BF5A063F5562FA326D2B76FB15A17D7389908FE93586FFEC3134908160BA74D6700523167234E98ED51451DB904D90BECD828B34BBDED36790203010001
SIG TYPE = 655
CN = www.wolfssl.com (15)
COUNTRY = US (2)
LOCALITY = Bozeman (7)
STATE = Montana (7)
ORG = Sawtooth (8)
ORG UNIT = Consulting (10)
```
EXAMPLE B: (Assuming you've built and run the certgen_with_altnames example from
wolfssl-examples/certgen/ directory)
```
$ ./app ../certgen/newCert.der ECC
PUBLIC KEY:
3059301306072A8648CE3D020106082A8648CE3D03010703420004DC0E533A07160404DDA2D28685F8AB10880A1C17556443BE71C113BF5888268866187D976CB444CDE848C3AA6802251BF1FD2582FF1285BE869F5592ADD60C5D
SIG TYPE = 524
CN = www.yourDomain.com (18)
COUNTRY = US (2)
LOCALITY = Bozeman (7)
STATE = MT (2)
ORG = yourOrgNameHere (15)
ORG UNIT = yourUnitNameHere (16)
DNS:localhost
DNS:example.com
DNS:127.0.0.1
IP:127.0.0.1
``` ```
For support, please contact support@wolfssl.com For support, please contact support@wolfssl.com

65
certfields/main.c
View File

@ -31,6 +31,11 @@
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
enum {
RSA_KEY_TYPE = 2,
ECC_KEY_TYPE = 3,
};
static void err_sys(const char* msg, int ret) static void err_sys(const char* msg, int ret)
{ {
if (ret) { if (ret) {
@ -41,7 +46,7 @@ static void err_sys(const char* msg, int ret)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
int main(void) int main(int argc, char** argv)
{ {
int ret, i; int ret, i;
int sigType; int sigType;
@ -50,8 +55,11 @@ int main(void)
byte derCert[4096]; byte derCert[4096];
word32 idx; word32 idx;
FILE* file; FILE* file;
char* certFile;
int keyType;
RsaKey pubKey; RsaKey pubKeyRsa;
ecc_key pubKeyEcc;
WOLFSSL_X509* cert; WOLFSSL_X509* cert;
WOLFSSL_EVP_PKEY* pubKeyTmp; WOLFSSL_EVP_PKEY* pubKeyTmp;
WOLFSSL_X509_NAME* name; WOLFSSL_X509_NAME* name;
@ -63,10 +71,27 @@ int main(void)
char orgName[80]; char orgName[80];
char orgUnit[80]; char orgUnit[80];
STACK_OF(GENERAL_NAME)* sk;
/* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
if (argc < 3) {
printf("USAGE:\n"
"./app derCert keyType\n"
"EXAMPLE(s):\n"
" ./app myCert.der RSA\n"
" ./app myCert.der ECC\n");
err_sys("invalid input", -1);
}
certFile = argv[1]; /* certFile to check */
keyType = (XMEMCMP(argv[2], "RSA", 3) == 0) ? RSA_KEY_TYPE :
(XMEMCMP(argv[2], "ECC", 3) == 0) ? ECC_KEY_TYPE : 0; /* key */
if (keyType == 0)
err_sys("unsupported keyType", -1);
/* open and read DER-formatted cert into buffer */ /* open and read DER-formatted cert into buffer */
file = fopen("../certs/client-cert.der", "rb"); //file = fopen("../certs/client-cert.der", "rb");
file = fopen(certFile, "rb");
if (!file) if (!file)
err_sys("can't open client certificate", 0); err_sys("can't open client certificate", 0);
@ -85,10 +110,17 @@ int main(void)
if (pubKeyTmp == NULL) if (pubKeyTmp == NULL)
err_sys("wolfSSL_X509_get_pubkey failed", 0); err_sys("wolfSSL_X509_get_pubkey failed", 0);
wc_InitRsaKey(&pubKey, 0);
idx = 0; idx = 0;
ret = wc_RsaPublicKeyDecode((byte*)pubKeyTmp->pkey.ptr, &idx, &pubKey, if (keyType == RSA_KEY_TYPE) {
pubKeyTmp->pkey_sz); wc_InitRsaKey(&pubKeyRsa, 0);
ret = wc_RsaPublicKeyDecode((byte*)pubKeyTmp->pkey.ptr, &idx,
&pubKeyRsa, pubKeyTmp->pkey_sz);
} else {
wc_ecc_init(&pubKeyEcc);
ret = wc_EccPublicKeyDecode((byte*)pubKeyTmp->pkey.ptr, &idx,
&pubKeyEcc, pubKeyTmp->pkey_sz);
}
if (ret != 0) if (ret != 0)
err_sys("wc_RsaPublicKeyDecode failed", ret); err_sys("wc_RsaPublicKeyDecode failed", ret);
@ -132,6 +164,27 @@ int main(void)
orgUnit, sizeof(orgUnit)); orgUnit, sizeof(orgUnit));
printf("ORG UNIT = %s (%d)\n", orgUnit, nameSz); printf("ORG UNIT = %s (%d)\n", orgUnit, nameSz);
sk = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
GENERAL_NAME* gn = sk_GENERAL_NAME_value(sk, i);
if (gn->type == GEN_DNS) {
printf("DNS:%s\n", gn->d.dNSName->strData);
} else if (gn->type == GEN_IPADD) {
printf("IP:");
int j;
for (j = 0; j < gn->d.ip->length; j++) {
if (j < gn->d.ip->length - 1)
printf("%d.", (int) gn->d.ip->strData[j]);
else
printf("%d", (int) gn->d.ip->strData[j]);
}
printf("\n");
} else {
printf("Other type: %d\n", gn->type);
}
}
wolfSSL_EVP_PKEY_free(pubKeyTmp); wolfSSL_EVP_PKEY_free(pubKeyTmp);
wolfSSL_X509_free(cert); wolfSSL_X509_free(cert);