2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
35 read_file(const char *fname
, size_t *len
)
37 bvector vbuf
= VEC_INIT
;
41 f
= fopen(fname
, "rb");
44 "ERROR: could not open file '%s' for reading\n", fname
);
48 unsigned char tmp
[1024];
51 rlen
= fread(tmp
, 1, sizeof tmp
, f
);
57 "ERROR: read error on file '%s'\n",
62 buf
= VEC_TOARRAY(vbuf
);
68 VEC_ADDMANY(vbuf
, tmp
, rlen
);
74 write_file(const char *fname
, const void *data
, size_t len
)
77 const unsigned char *buf
;
79 f
= fopen(fname
, "wb");
82 "ERROR: could not open file '%s' for reading\n", fname
);
89 wlen
= fwrite(buf
, 1, len
, f
);
92 "ERROR: could not write all bytes to '%s'\n",
101 fprintf(stderr
, "ERROR: write error on file '%s'\n", fname
);
111 looks_like_DER(const unsigned char *buf
, size_t len
)
119 if (*buf
++ != 0x30) {
125 return (size_t)fb
== len
;
126 } else if (fb
== 0x80) {
130 if (len
< (size_t)fb
+ 2) {
136 if (dlen
> (len
>> 8)) {
139 dlen
= (dlen
<< 8) + (size_t)*buf
++;
146 vblob_append(void *cc
, const void *data
, size_t len
)
151 VEC_ADDMANY(*bv
, data
, len
);
156 free_pem_object_contents(pem_object
*po
)
166 decode_pem(const void *src
, size_t len
, size_t *num
)
168 VECTOR(pem_object
) pem_list
= VEC_INIT
;
169 br_pem_decoder_context pc
;
171 const unsigned char *buf
;
172 bvector bv
= VEC_INIT
;
176 br_pem_decoder_init(&pc
);
185 tlen
= br_pem_decoder_push(&pc
, buf
, len
);
188 switch (br_pem_decoder_event(&pc
)) {
190 case BR_PEM_BEGIN_OBJ
:
191 po
.name
= xstrdup(br_pem_decoder_name(&pc
));
192 br_pem_decoder_setdest(&pc
, vblob_append
, &bv
);
198 po
.data
= VEC_TOARRAY(bv
);
199 po
.data_len
= VEC_LEN(bv
);
200 VEC_ADD(pem_list
, po
);
213 "ERROR: invalid PEM encoding\n");
214 VEC_CLEAREXT(pem_list
, &free_pem_object_contents
);
219 fprintf(stderr
, "ERROR: unfinished PEM object\n");
222 VEC_CLEAREXT(pem_list
, &free_pem_object_contents
);
226 *num
= VEC_LEN(pem_list
);
227 VEC_ADD(pem_list
, po
);
228 pos
= VEC_TOARRAY(pem_list
);
234 br_x509_certificate
*
235 read_certificates(const char *fname
, size_t *num
)
237 VECTOR(br_x509_certificate
) cert_list
= VEC_INIT
;
242 br_x509_certificate
*xcs
;
243 br_x509_certificate dummy
;
248 * TODO: reading the whole file is crude; we could parse them
249 * in a streamed fashion. But it does not matter much in practice.
251 buf
= read_file(fname
, &len
);
257 * Check for a DER-encoded certificate.
259 if (looks_like_DER(buf
, len
)) {
260 xcs
= xmalloc(2 * sizeof *xcs
);
262 xcs
[0].data_len
= len
;
269 pos
= decode_pem(buf
, len
, &num_pos
);
274 for (u
= 0; u
< num_pos
; u
++) {
275 if (eqstr(pos
[u
].name
, "CERTIFICATE")
276 || eqstr(pos
[u
].name
, "X509 CERTIFICATE"))
278 br_x509_certificate xc
;
280 xc
.data
= pos
[u
].data
;
281 xc
.data_len
= pos
[u
].data_len
;
283 VEC_ADD(cert_list
, xc
);
286 for (u
= 0; u
< num_pos
; u
++) {
287 free_pem_object_contents(&pos
[u
]);
291 if (VEC_LEN(cert_list
) == 0) {
292 fprintf(stderr
, "ERROR: no certificate in file '%s'\n", fname
);
295 *num
= VEC_LEN(cert_list
);
298 VEC_ADD(cert_list
, dummy
);
299 xcs
= VEC_TOARRAY(cert_list
);
300 VEC_CLEAR(cert_list
);
306 free_certificates(br_x509_certificate
*certs
, size_t num
)
310 for (u
= 0; u
< num
; u
++) {
311 xfree(certs
[u
].data
);