X-Git-Url: https://git.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Fcertificate.cc;h=a83d800d3f934e78c70e0f61aadf1e837efb5d0c;hb=201b6fdf572c04424d870ac4d07d1d1a8725b24c;hp=18249a58aa26595f1ffcbd29e69424ce8a77128e;hpb=89d5fe15b399eae5afad0b856f2d7b267a1c86c0;p=libdcp.git

diff --git a/src/certificate.cc b/src/certificate.cc
index 18249a58..a83d800d 100644
--- a/src/certificate.cc
+++ b/src/certificate.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2012-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2012-2016 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -55,7 +55,6 @@ using std::list;
 using std::string;
 using std::ostream;
 using std::min;
-using std::stringstream;
 using namespace dcp;
 
 static string const begin_certificate = "-----BEGIN CERTIFICATE-----";
@@ -65,7 +64,6 @@ static string const end_certificate = "-----END CERTIFICATE-----";
 Certificate::Certificate (X509* c)
 	: _certificate (c)
 	, _public_key (0)
-	, _extra_data (false)
 {
 
 }
@@ -77,7 +75,10 @@ Certificate::Certificate (string cert)
 	: _certificate (0)
 	, _public_key (0)
 {
-	_extra_data = read_string (cert);
+	string const s = read_string (cert);
+	if (!s.empty ()) {
+		throw MiscError ("unexpected data after certificate");
+	}
 }
 
 /** Copy constructor.
@@ -86,7 +87,6 @@ Certificate::Certificate (string cert)
 Certificate::Certificate (Certificate const & other)
 	: _certificate (0)
 	, _public_key (0)
-	, _extra_data (other._extra_data)
 {
 	if (other._certificate) {
 		read_string (other.certificate (true));
@@ -95,44 +95,65 @@ Certificate::Certificate (Certificate const & other)
 
 /** Read a certificate from a string.
  *  @param cert String to read.
- *  @return true if there is extra stuff after the end of the certificate, false if not.
+ *  @return remaining part of the input string after the certificate which was read.
  */
-bool
+string
 Certificate::read_string (string cert)
 {
 	/* Reformat cert so that it has line breaks every 64 characters.
 	   See http://comments.gmane.org/gmane.comp.encryption.openssl.user/55593
 	*/
 
-	stringstream s (cert);
+	list<string> lines;
 	string line;
 
-	/* BEGIN */
-	do {
-		getline (s, line);
+	for (size_t i = 0; i < cert.length(); ++i) {
+		line += cert[i];
+		if (cert[i] == '\r' || cert[i] == '\n') {
+			boost::algorithm::trim (line);
+			lines.push_back (line);
+			line = "";
+		}
+	}
+
+	if (!line.empty()) {
 		boost::algorithm::trim (line);
-	} while (s.good() && line != begin_certificate);
+		lines.push_back (line);
+	}
+
+	list<string>::iterator i = lines.begin ();
 
-	if (line != begin_certificate) {
+	/* BEGIN */
+	while (i != lines.end() && *i != begin_certificate) {
+		++i;
+	}
+
+	if (i == lines.end()) {
 		throw MiscError ("missing BEGIN line in certificate");
 	}
 
+	/* Skip over the BEGIN line */
+	++i;
+
 	/* The base64 data */
 	bool got_end = false;
 	string base64 = "";
-	while (getline (s, line)) {
-		boost::algorithm::trim (line);
-		if (line == end_certificate) {
+	while (i != lines.end()) {
+		if (*i == end_certificate) {
 			got_end = true;
 			break;
 		}
-		base64 += line;
+		base64 += *i;
+		++i;
 	}
 
 	if (!got_end) {
 		throw MiscError ("missing END line in certificate");
 	}
 
+	/* Skip over the END line */
+	++i;
+
 	/* Make up the fixed version */
 
 	string fixed = begin_certificate + "\n";
@@ -156,12 +177,16 @@ Certificate::read_string (string cert)
 
 	BIO_free (bio);
 
-	/* See if there are any non-blank lines after the certificate that we read */
-	line.clear ();
-	while (s.good() && line.empty()) {
-		getline (s, line);
+	string extra;
+
+	while (i != lines.end()) {
+		if (!i->empty()) {
+			extra += *i + "\n";
+		}
+		++i;
 	}
-	return (s.good() && !line.empty());
+
+	return extra;
 }
 
 /** Destructor */
@@ -185,7 +210,6 @@ Certificate::operator= (Certificate const & other)
 	_certificate = 0;
 	RSA_free (_public_key);
 	_public_key = 0;
-	_extra_data = other._extra_data;
 
 	read_string (other.certificate (true));
 
@@ -331,6 +355,7 @@ Certificate::serial () const
 	return st;
 }
 
+/** @return thumbprint of the to-be-signed portion of this certificate */
 string
 Certificate::thumbprint () const
 {
@@ -338,7 +363,12 @@ Certificate::thumbprint () const
 
 	uint8_t buffer[8192];
 	uint8_t* p = buffer;
+
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+	i2d_re_X509_tbs(_certificate, &p);
+#else
 	i2d_X509_CINF (_certificate->cert_info, &p);
+#endif
 	unsigned int const length = p - buffer;
 	if (length > sizeof (buffer)) {
 		throw MiscError ("buffer too small to generate thumbprint");
@@ -377,6 +407,22 @@ Certificate::public_key () const
 	return _public_key;
 }
 
+static bool string_is_utf8 (X509_NAME* n, int nid)
+{
+	int p = -1;
+	p = X509_NAME_get_index_by_NID (n, nid, p);
+	return p != -1 && X509_NAME_ENTRY_get_data(X509_NAME_get_entry(n, p))->type == V_ASN1_UTF8STRING;
+}
+
+bool
+Certificate::has_utf8_strings () const
+{
+	X509_NAME* n = X509_get_subject_name (_certificate);
+	return string_is_utf8(n, NID_commonName) ||
+		string_is_utf8(n, NID_organizationName) ||
+		string_is_utf8(n, NID_organizationalUnitName);
+}
+
 bool
 dcp::operator== (Certificate const & a, Certificate const & b)
 {