add get extension set function

native/com_wolfssl_WolfSSLCertificate.c

@@ -444,7 +444,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1verify
 /* getter function for WOLFSSL_ASN1_OBJECT element */
 static unsigned char* getOBJData(WOLFSSL_ASN1_OBJECT* obj)
 {
-    if (obj) return obj->obj;
+    if (obj) return (unsigned char*)obj->obj;
     return NULL;
 }
 
@@ -507,13 +507,15 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k
 }
 
 JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension
-  (JNIEnv* jenv, jclass jcl, jlong x509, jstring oid)
+  (JNIEnv* jenv, jclass jcl, jlong x509, jstring oidIn)
 {
     int nid;
     WOLFSSL_STACK* sk;
     WOLFSSL_ASN1_OBJECT* obj;
     jbyteArray ret = NULL;
+    const char* oid;
 
+    oid = (*jenv)->GetStringUTFChars(jenv, oidIn, 0);
     nid = wolfSSL_OBJ_txt2nid(oid);
     if (nid == NID_undef) {
         return NULL;
@@ -545,7 +547,35 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1exte
     }
     return ret;
 }
-//int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
+
+/* returns 2 if extension OID is set and is critical
+ * returns 1 if extension OID is set but not critical
+ * return  0 if not set
+ * return negative value on error
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1is_1extension_1set
+  (JNIEnv* jenv, jclass jcl, jlong x509, jstring oidIn)
+{
+    int nid;
+    const char* oid;
+
+    oid = (*jenv)->GetStringUTFChars(jenv, oidIn, 0);
+    nid = wolfSSL_OBJ_txt2nid(oid);
+    if (nid == NID_undef) {
+        return -1;
+    }
+
+    if (wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, nid)) {
+        if (wolfSSL_X509_ext_get_critical_by_NID((WOLFSSL_X509*)x509, nid)) {
+            return 2;
+        }
+        return 1;
+    }
+
+    return 0;
+}
+
+
+
 //wolfSSL_X509_get_subjectCN
-//wolfSSL_X509_ext_get_critical_by_NID
 //wolfSSL_X509_get_keyUsage

native/com_wolfssl_WolfSSLCertificate.h

@@ -167,6 +167,14 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k
 JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension
   (JNIEnv *, jclass, jlong, jstring);
 
+/*
+ * Class:     com_wolfssl_WolfSSLCertificate
+ * Method:    X509_is_extension_set
+ * Signature: (JLjava/lang/String;)I
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1is_1extension_1set
+  (JNIEnv *, jclass, jlong, jstring);
+
 #ifdef __cplusplus
 }
 #endif

src/java/com/wolfssl/WolfSSLCertificate.java

@@ -56,6 +56,7 @@ public class WolfSSLCertificate {
     static native int X509_verify(long x509, byte[] pubKey, int pubKeySz);
     static native boolean[] X509_get_key_usage(long x509);
     static native byte[] X509_get_extension(long x509, String oid);
+    static native int X509_is_extension_set(long x509, String oid);
     
     public WolfSSLCertificate(byte[] der) throws WolfSSLException {
         x509Ptr = d2i_X509(der, der.length);
@@ -195,6 +196,15 @@ public class WolfSSLCertificate {
         return X509_get_extension(this.x509Ptr, oid);
     }
     
+    /* returns 1 if extension OID is set but not critical
+     * returns 2 if extension OID is set and is critical
+     * return  0 if not set
+     * return negative value on error
+     */
+    public int getExtensionSet(String oid) {
+        return X509_is_extension_set(this.x509Ptr, oid);
+    }
+    
     @Override
     public String toString() {
         return X509_print(this.x509Ptr);

src/java/com/wolfssl/provider/jsse/WolfSSLX509.java

@@ -41,11 +41,19 @@ import com.wolfssl.WolfSSLException;
 import java.security.Provider;
 import java.security.Security;
 import java.security.Signature;
+import java.util.HashSet;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 public class WolfSSLX509 extends X509Certificate {
     private WolfSSLCertificate cert;
+    private String[] extensionOid = {
+        "2.5.29.19", /* basic constraint */
+        "2.5.29.17", /* subject alt names */
+        "2.5.29.35", /* auth key ID */
+        "2.5.29.14", /* subject key ID */
+        "2.5.29.15"  /* key usage */
+    };
     
     public WolfSSLX509(byte[] der){
         try {
@@ -225,16 +233,54 @@ public class WolfSSLX509 extends X509Certificate {
         return null;
     }
 
+    /* If unsupported critical extension is found then wolfSSL should not parse
+     * the certificate. */
     public boolean hasUnsupportedCriticalExtension() {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
 
+    /* currently supports :
+     *  "2.5.29.19" basic constraint
+     *  "2.5.29.17",  subject alt names
+     *  "2.5.29.35",  auth key ID
+     *  "2.5.29.14",  subject key ID
+     *  "2.5.29.15"   key usage
+     */
     public Set<String> getCriticalExtensionOIDs() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        int i;
+        Set<String> ret = null;
+        
+        for (i = 0; i < this.extensionOid.length; i++) {
+            if (this.cert.getExtensionSet(this.extensionOid[i]) == 2) {
+                if (ret == null) {
+                    ret = new HashSet<String>();
+                }
+                ret.add(this.extensionOid[i]);
+            }
         }
         
+        return ret;
+    }
+
+    /* currently supports :
+     *  "2.5.29.19" basic constraint
+     *  "2.5.29.17",  subject alt names
+     *  "2.5.29.35",  auth key ID
+     *  "2.5.29.14",  subject key ID
+     *  "2.5.29.15"   key usage
+     */
     public Set<String> getNonCriticalExtensionOIDs() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        int i;
+        Set<String> ret = null;
+        
+        for (i = 0; i < this.extensionOid.length; i++) {
+            if (ret == null) {
+                ret = new HashSet<String>();
+            }
+            ret.add(this.extensionOid[i]);
+        }
+        
+        return ret;
     }
 
     

src/test/com/wolfssl/WolfSSLCertificateTest.java

@@ -65,6 +65,7 @@ public class WolfSSLCertificateTest {
         test_verify();
         test_getSignatureOID();
         test_getKeyUsage();
+        test_getExtensionSet();
         test_toString();
         test_free();
     }
@@ -412,6 +413,21 @@ public class WolfSSLCertificateTest {
         System.out.println("\t\t\t... passed");
     }
     
+    public void test_getExtensionSet() {
+        System.out.print("\tgetExtensionSet");
+        
+        if (this.cert.getExtensionSet("2.5.29.19") != 1) {
+            System.out.println("\t\t\t... failed");
+            fail("Error with basic constraint extension");
+        }
+        
+        if (this.cert.getExtensionSet("2.5.29.14") != 1) {
+            System.out.println("\t\t\t... failed");
+            fail("Error with subject key ID extension");
+        }
+        System.out.println("\t\t\t... passed");
+    }
+    
     public void test_toString() {
         String s;
         System.out.print("\ttoString");