add get extension set function

2019-03-04 16:35:16 -07:00 · 2019-03-04 16:35:16 -07:00 · cbfc90a1e0
parent c5286b83e4
commit cbfc90a1e0
5 changed files with 116 additions and 6 deletions
--- a/native/com_wolfssl_WolfSSLCertificate.c
+++ b/native/com_wolfssl_WolfSSLCertificate.c
@ -444,7 +444,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1verify
 /* getter function for WOLFSSL_ASN1_OBJECT element */
 static unsigned char* getOBJData(WOLFSSL_ASN1_OBJECT* obj)
 {
-    if (obj) return obj->obj;
+    if (obj) return (unsigned char*)obj->obj;
    return NULL;
 }

@ -507,13 +507,15 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k
 }

 JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension
-  (JNIEnv* jenv, jclass jcl, jlong x509, jstring oid)
+  (JNIEnv* jenv, jclass jcl, jlong x509, jstring oidIn)
 {
    int nid;
    WOLFSSL_STACK* sk;
    WOLFSSL_ASN1_OBJECT* obj;
    jbyteArray ret = NULL;
+    const char* oid;

+    oid = (*jenv)->GetStringUTFChars(jenv, oidIn, 0);
    nid = wolfSSL_OBJ_txt2nid(oid);
    if (nid == NID_undef) {
        return NULL;
@ -545,7 +547,35 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1exte
    }
    return ret;
 }
-//int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
+
+/* returns 2 if extension OID is set and is critical
+ * returns 1 if extension OID is set but not critical
+ * return  0 if not set
+ * return negative value on error
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1is_1extension_1set
+  (JNIEnv* jenv, jclass jcl, jlong x509, jstring oidIn)
+{
+    int nid;
+    const char* oid;
+
+    oid = (*jenv)->GetStringUTFChars(jenv, oidIn, 0);
+    nid = wolfSSL_OBJ_txt2nid(oid);
+    if (nid == NID_undef) {
+        return -1;
+    }
+
+    if (wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, nid)) {
+        if (wolfSSL_X509_ext_get_critical_by_NID((WOLFSSL_X509*)x509, nid)) {
+            return 2;
+        }
+        return 1;
+    }
+
+    return 0;
+}
+
+
+
 //wolfSSL_X509_get_subjectCN
-//wolfSSL_X509_ext_get_critical_by_NID
 //wolfSSL_X509_get_keyUsage
--- a/native/com_wolfssl_WolfSSLCertificate.h
+++ b/native/com_wolfssl_WolfSSLCertificate.h
@ -167,6 +167,14 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k
 JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension
  (JNIEnv *, jclass, jlong, jstring);

+/*
+ * Class:     com_wolfssl_WolfSSLCertificate
+ * Method:    X509_is_extension_set
+ * Signature: (JLjava/lang/String;)I
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1is_1extension_1set
+  (JNIEnv *, jclass, jlong, jstring);
+
 #ifdef __cplusplus
 }
 #endif
--- a/src/java/com/wolfssl/WolfSSLCertificate.java
+++ b/src/java/com/wolfssl/WolfSSLCertificate.java
@ -56,6 +56,7 @@ public class WolfSSLCertificate {
    static native int X509_verify(long x509, byte[] pubKey, int pubKeySz);
    static native boolean[] X509_get_key_usage(long x509);
    static native byte[] X509_get_extension(long x509, String oid);
+    static native int X509_is_extension_set(long x509, String oid);
    
    public WolfSSLCertificate(byte[] der) throws WolfSSLException {
        x509Ptr = d2i_X509(der, der.length);
@ -195,6 +196,15 @@ public class WolfSSLCertificate {
        return X509_get_extension(this.x509Ptr, oid);
    }
    
+    /* returns 1 if extension OID is set but not critical
+     * returns 2 if extension OID is set and is critical
+     * return  0 if not set
+     * return negative value on error
+     */
+    public int getExtensionSet(String oid) {
+        return X509_is_extension_set(this.x509Ptr, oid);
+    }
+    
    @Override
    public String toString() {
        return X509_print(this.x509Ptr);
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
@ -41,11 +41,19 @@ import com.wolfssl.WolfSSLException;
 import java.security.Provider;
 import java.security.Security;
 import java.security.Signature;
+import java.util.HashSet;
 import java.util.logging.Level;
 import java.util.logging.Logger;

 public class WolfSSLX509 extends X509Certificate {
    private WolfSSLCertificate cert;
+    private String[] extensionOid = {
+        "2.5.29.19", /* basic constraint */
+        "2.5.29.17", /* subject alt names */
+        "2.5.29.35", /* auth key ID */
+        "2.5.29.14", /* subject key ID */
+        "2.5.29.15"  /* key usage */
+    };
    
    public WolfSSLX509(byte[] der){
        try {
@ -225,16 +233,54 @@ public class WolfSSLX509 extends X509Certificate {
        return null;
    }

+    /* If unsupported critical extension is found then wolfSSL should not parse
+     * the certificate. */
    public boolean hasUnsupportedCriticalExtension() {
        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
    }

+    /* currently supports :
+     *  "2.5.29.19" basic constraint
+     *  "2.5.29.17",  subject alt names
+     *  "2.5.29.35",  auth key ID
+     *  "2.5.29.14",  subject key ID
+     *  "2.5.29.15"   key usage
+     */
    public Set<String> getCriticalExtensionOIDs() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        int i;
+        Set<String> ret = null;
+        
+        for (i = 0; i < this.extensionOid.length; i++) {
+            if (this.cert.getExtensionSet(this.extensionOid[i]) == 2) {
+                if (ret == null) {
+                    ret = new HashSet<String>();
+                }
+                ret.add(this.extensionOid[i]);
+            }
+        }
+        
+        return ret;
    }

+    /* currently supports :
+     *  "2.5.29.19" basic constraint
+     *  "2.5.29.17",  subject alt names
+     *  "2.5.29.35",  auth key ID
+     *  "2.5.29.14",  subject key ID
+     *  "2.5.29.15"   key usage
+     */
    public Set<String> getNonCriticalExtensionOIDs() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        int i;
+        Set<String> ret = null;
+        
+        for (i = 0; i < this.extensionOid.length; i++) {
+            if (ret == null) {
+                ret = new HashSet<String>();
+            }
+            ret.add(this.extensionOid[i]);
+        }
+        
+        return ret;
    }

    
--- a/src/test/com/wolfssl/WolfSSLCertificateTest.java
+++ b/src/test/com/wolfssl/WolfSSLCertificateTest.java
@ -65,6 +65,7 @@ public class WolfSSLCertificateTest {
        test_verify();
        test_getSignatureOID();
        test_getKeyUsage();
+        test_getExtensionSet();
        test_toString();
        test_free();
    }
@ -412,6 +413,21 @@ public class WolfSSLCertificateTest {
        System.out.println("\t\t\t... passed");
    }
    
+    public void test_getExtensionSet() {
+        System.out.print("\tgetExtensionSet");
+        
+        if (this.cert.getExtensionSet("2.5.29.19") != 1) {
+            System.out.println("\t\t\t... failed");
+            fail("Error with basic constraint extension");
+        }
+        
+        if (this.cert.getExtensionSet("2.5.29.14") != 1) {
+            System.out.println("\t\t\t... failed");
+            fail("Error with subject key ID extension");
+        }
+        System.out.println("\t\t\t... passed");
+    }
+    
    public void test_toString() {
        String s;
        System.out.print("\ttoString");