Re: C++ How to parse Subject Directory Attributes Extension?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here are nor some more details, which may help you to better understand.


My Certificate contains the SubjectDirectoryAttributes-Extension with the following Attributes:

OID                                       : Value
-------------------------------------------------------------------
(1.3.6.1.5.5.7.9.4) countryOfCitizenship  : DE
(1.3.6.1.5.5.7.9.3) gender                : F
(1.3.6.1.5.5.7.9.1) dateOfBirth           : 1971-10-14 12:00:00 UTC
(1.3.6.1.5.5.7.9.2) placeOfBirth          : Darmstadt

So i want to get these pairs of OID and Value.

I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can use. I got the Extension this way:

int loc = X509_get_ext_by_NID(certificate, NID_subject_directory_attributes, -1);
X509_EXTENSION *ex = X509_get_ext(certificate, loc);

But how can i get then all the data, which means all the OIDs and Values to the OIDs? The ASN.1 Structure is:

SubjectDirectoryAttributes ::= Attributes

Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute

Attribute ::= SEQUENCE 
{
    type AttributeType 
    values SET OF AttributeValue 
}

AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType

I found out that i get a custom extension with: X509_EXTENSION_get_object(ex) and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY).

Then i tried to get the number of attributes by calling the sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp. X509_NAME.entries, but i got not the right number. I expect to get the number 3 or 4 (don't know the exactly internal counting - but the example cert contains 4 Attributes, so the output should be 3 or 4 depending if the counting will start at 0 or 1). But instead of 3 or 4 i got a much larger number like 34335029 and this number is different every time i run the code. So i think there is a problem with the casting or i did not choose the right Data-Type(s).

I'm using OpenSSL 1.0.2j.

So what's wrong and how can i fix it? - Thanks in advice!

Here a short excerpt of my code:
X509_EXTENSION *ex = ....

STACK_OF(X509_NAME_ENTRY) *st = (STACK_OF(X509_NAME_ENTRY)*) X509_EXTENSION_get_data(ex);
printf(sk_X509_NAME_ENTRY_num(st));

// or alternative

X509_Name *name = (X509_Name*) X509_EXTENSION_get_data(ex);
printf(sk_X509_NAME_ENTRY_num(name.entries));

Here i append the certificate if you need it. It's from the RFC specification:

-----BEGIN CERTIFICATE-----
MIIDEDCCAnmgAwIBAgIESZYC0jANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJE
RTE5MDcGA1UECgwwR01EIC0gRm9yc2NodW5nc3plbnRydW0gSW5mb3JtYXRpb25z
dGVjaG5payBHbWJIMB4XDTA0MDIwMTEwMDAwMFoXDTA4MDIwMTEwMDAwMFowZTEL
MAkGA1UEBhMCREUxNzA1BgNVBAoMLkdNRCBGb3JzY2h1bmdzemVudHJ1bSBJbmZv
cm1hdGlvbnN0ZWNobmlrIEdtYkgxHTAMBgNVBCoMBVBldHJhMA0GA1UEBAwGQmFy
emluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc50zVodVa6wHPXswg88P8
p4fPy1caIaqKIK1d/wFRMN5yTl7T+VOS57sWxKcdDzGzqZJqjwjqAP3DqPK7AW3s
o7lBG6JZmiqMtlXG3+olv+3cc7WU+qDv5ZXGEqauW4x/DKGc7E/nq2BUZ2hLsjh9
Xy9+vbw+8KYE9rQEARdpJQIDAQABo4HpMIHmMGQGA1UdCQRdMFswEAYIKwYBBQUH
CQQxBBMCREUwDwYIKwYBBQUHCQMxAxMBRjAdBggrBgEFBQcJATERGA8xOTcxMTAx
NDEyMDAwMFowFwYIKwYBBQUHCQIxCwwJRGFybXN0YWR0MA4GA1UdDwEB/wQEAwIG
QDASBgNVHSAECzAJMAcGBSskCAEBMB8GA1UdIwQYMBaAFAABAgMEBQYHCAkKCwwN
Dg/+3LqYMDkGCCsGAQUFBwEDBC0wKzApBggrBgEFBQcLAjAdMBuBGW11bmljaXBh
bGl0eUBkYXJtc3RhZHQuZGUwDQYJKoZIhvcNAQEFBQADgYEAj4yAu7LYa3X04h+C
7+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep
z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU
uIKzn+GhapCuGoC4qWdlGLWqfpc=
-----END CERTIFICATE-----

Von: Matthias Ballreich <Matthias.Ballreich@xxxxxxxxxx>
Gesendet: Sonntag, 30. April 2017 13:44:48
An: openssl-users@xxxxxxxxxxx
Betreff: C++ How to parse Subject Directory Attributes Extension?
 

Hi there,


can anyone tell me how to parse a the Subject Directory Attribute Extension of a X509-Certificate in C++ with OpenSSL? I don't found any documentation or piece of code in the Github Repo of OpenSSL.


I read the Extension this way:

int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1);
X509_EXTENSION *ex = X509_get_ext(cert, loc);

But i stuck on how to continue and get the TypeValue-Stuff.
Would be very helpful if someone can help me.

thanks and best regards
Matthias

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux