From cbfc90a1e079c1a24c57d202da02b6b62e23a1ca Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 4 Mar 2019 16:35:16 -0700 Subject: [PATCH] add get extension set function --- native/com_wolfssl_WolfSSLCertificate.c | 38 ++++++++++++-- native/com_wolfssl_WolfSSLCertificate.h | 8 +++ src/java/com/wolfssl/WolfSSLCertificate.java | 10 ++++ .../wolfssl/provider/jsse/WolfSSLX509.java | 50 ++++++++++++++++++- .../com/wolfssl/WolfSSLCertificateTest.java | 16 ++++++ 5 files changed, 116 insertions(+), 6 deletions(-) diff --git a/native/com_wolfssl_WolfSSLCertificate.c b/native/com_wolfssl_WolfSSLCertificate.c index cc1a072..31a87aa 100644 --- a/native/com_wolfssl_WolfSSLCertificate.c +++ b/native/com_wolfssl_WolfSSLCertificate.c @@ -444,7 +444,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1verify /* getter function for WOLFSSL_ASN1_OBJECT element */ static unsigned char* getOBJData(WOLFSSL_ASN1_OBJECT* obj) { - if (obj) return obj->obj; + if (obj) return (unsigned char*)obj->obj; return NULL; } @@ -507,13 +507,15 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k } JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension - (JNIEnv* jenv, jclass jcl, jlong x509, jstring oid) + (JNIEnv* jenv, jclass jcl, jlong x509, jstring oidIn) { int nid; WOLFSSL_STACK* sk; WOLFSSL_ASN1_OBJECT* obj; jbyteArray ret = NULL; + const char* oid; + oid = (*jenv)->GetStringUTFChars(jenv, oidIn, 0); nid = wolfSSL_OBJ_txt2nid(oid); if (nid == NID_undef) { return NULL; @@ -545,7 +547,35 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1exte } return ret; } -//int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid) + +/* returns 2 if extension OID is set and is critical + * returns 1 if extension OID is set but not critical + * return 0 if not set + * return negative value on error + */ +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1is_1extension_1set + (JNIEnv* jenv, jclass jcl, jlong x509, jstring oidIn) +{ + int nid; + const char* oid; + + oid = (*jenv)->GetStringUTFChars(jenv, oidIn, 0); + nid = wolfSSL_OBJ_txt2nid(oid); + if (nid == NID_undef) { + return -1; + } + + if (wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, nid)) { + if (wolfSSL_X509_ext_get_critical_by_NID((WOLFSSL_X509*)x509, nid)) { + return 2; + } + return 1; + } + + return 0; +} + + + //wolfSSL_X509_get_subjectCN -//wolfSSL_X509_ext_get_critical_by_NID //wolfSSL_X509_get_keyUsage diff --git a/native/com_wolfssl_WolfSSLCertificate.h b/native/com_wolfssl_WolfSSLCertificate.h index de13b35..3910214 100644 --- a/native/com_wolfssl_WolfSSLCertificate.h +++ b/native/com_wolfssl_WolfSSLCertificate.h @@ -167,6 +167,14 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension (JNIEnv *, jclass, jlong, jstring); +/* + * Class: com_wolfssl_WolfSSLCertificate + * Method: X509_is_extension_set + * Signature: (JLjava/lang/String;)I + */ +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1is_1extension_1set + (JNIEnv *, jclass, jlong, jstring); + #ifdef __cplusplus } #endif diff --git a/src/java/com/wolfssl/WolfSSLCertificate.java b/src/java/com/wolfssl/WolfSSLCertificate.java index 028c3ec..3df907d 100644 --- a/src/java/com/wolfssl/WolfSSLCertificate.java +++ b/src/java/com/wolfssl/WolfSSLCertificate.java @@ -56,6 +56,7 @@ public class WolfSSLCertificate { static native int X509_verify(long x509, byte[] pubKey, int pubKeySz); static native boolean[] X509_get_key_usage(long x509); static native byte[] X509_get_extension(long x509, String oid); + static native int X509_is_extension_set(long x509, String oid); public WolfSSLCertificate(byte[] der) throws WolfSSLException { x509Ptr = d2i_X509(der, der.length); @@ -195,6 +196,15 @@ public class WolfSSLCertificate { return X509_get_extension(this.x509Ptr, oid); } + /* returns 1 if extension OID is set but not critical + * returns 2 if extension OID is set and is critical + * return 0 if not set + * return negative value on error + */ + public int getExtensionSet(String oid) { + return X509_is_extension_set(this.x509Ptr, oid); + } + @Override public String toString() { return X509_print(this.x509Ptr); diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java index f6dd20c..14972a3 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java @@ -41,11 +41,19 @@ import com.wolfssl.WolfSSLException; import java.security.Provider; import java.security.Security; import java.security.Signature; +import java.util.HashSet; import java.util.logging.Level; import java.util.logging.Logger; public class WolfSSLX509 extends X509Certificate { private WolfSSLCertificate cert; + private String[] extensionOid = { + "2.5.29.19", /* basic constraint */ + "2.5.29.17", /* subject alt names */ + "2.5.29.35", /* auth key ID */ + "2.5.29.14", /* subject key ID */ + "2.5.29.15" /* key usage */ + }; public WolfSSLX509(byte[] der){ try { @@ -225,16 +233,54 @@ public class WolfSSLX509 extends X509Certificate { return null; } + /* If unsupported critical extension is found then wolfSSL should not parse + * the certificate. */ public boolean hasUnsupportedCriticalExtension() { throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } + /* currently supports : + * "2.5.29.19" basic constraint + * "2.5.29.17", subject alt names + * "2.5.29.35", auth key ID + * "2.5.29.14", subject key ID + * "2.5.29.15" key usage + */ public Set getCriticalExtensionOIDs() { - throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + int i; + Set ret = null; + + for (i = 0; i < this.extensionOid.length; i++) { + if (this.cert.getExtensionSet(this.extensionOid[i]) == 2) { + if (ret == null) { + ret = new HashSet(); + } + ret.add(this.extensionOid[i]); + } + } + + return ret; } + /* currently supports : + * "2.5.29.19" basic constraint + * "2.5.29.17", subject alt names + * "2.5.29.35", auth key ID + * "2.5.29.14", subject key ID + * "2.5.29.15" key usage + */ public Set getNonCriticalExtensionOIDs() { - throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + int i; + Set ret = null; + + for (i = 0; i < this.extensionOid.length; i++) { + if (ret == null) { + ret = new HashSet(); + } + ret.add(this.extensionOid[i]); + } + + return ret; } diff --git a/src/test/com/wolfssl/WolfSSLCertificateTest.java b/src/test/com/wolfssl/WolfSSLCertificateTest.java index 293d54c..bf80c9b 100644 --- a/src/test/com/wolfssl/WolfSSLCertificateTest.java +++ b/src/test/com/wolfssl/WolfSSLCertificateTest.java @@ -65,6 +65,7 @@ public class WolfSSLCertificateTest { test_verify(); test_getSignatureOID(); test_getKeyUsage(); + test_getExtensionSet(); test_toString(); test_free(); } @@ -412,6 +413,21 @@ public class WolfSSLCertificateTest { System.out.println("\t\t\t... passed"); } + public void test_getExtensionSet() { + System.out.print("\tgetExtensionSet"); + + if (this.cert.getExtensionSet("2.5.29.19") != 1) { + System.out.println("\t\t\t... failed"); + fail("Error with basic constraint extension"); + } + + if (this.cert.getExtensionSet("2.5.29.14") != 1) { + System.out.println("\t\t\t... failed"); + fail("Error with subject key ID extension"); + } + System.out.println("\t\t\t... passed"); + } + public void test_toString() { String s; System.out.print("\ttoString");