2 * Copyright 2017-present Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 #include <folly/ssl/OpenSSLCertUtils.h>
17 #include <folly/String.h>
18 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
20 #include <openssl/x509.h>
21 #include <openssl/x509v3.h>
23 #include <folly/ScopeGuard.h>
28 Optional<std::string> OpenSSLCertUtils::getCommonName(X509& x509) {
29 auto subject = X509_get_subject_name(&x509);
34 auto cnLoc = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
39 auto cnEntry = X509_NAME_get_entry(subject, cnLoc);
44 auto cnAsn = X509_NAME_ENTRY_get_data(cnEntry);
49 auto cnData = reinterpret_cast<const char*>(ASN1_STRING_data(cnAsn));
50 auto cnLen = ASN1_STRING_length(cnAsn);
51 if (!cnData || cnLen <= 0) {
55 return Optional<std::string>(std::string(cnData, cnLen));
58 std::vector<std::string> OpenSSLCertUtils::getSubjectAltNames(X509& x509) {
59 auto names = reinterpret_cast<STACK_OF(GENERAL_NAME)*>(
60 X509_get_ext_d2i(&x509, NID_subject_alt_name, nullptr, nullptr));
65 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
68 std::vector<std::string> ret;
69 auto count = sk_GENERAL_NAME_num(names);
70 for (int i = 0; i < count; i++) {
71 auto genName = sk_GENERAL_NAME_value(names, i);
72 if (!genName || genName->type != GEN_DNS) {
76 reinterpret_cast<const char*>(ASN1_STRING_data(genName->d.dNSName));
77 auto nameLen = ASN1_STRING_length(genName->d.dNSName);
78 if (!nameData || nameLen <= 0) {
81 ret.emplace_back(nameData, nameLen);
86 Optional<std::string> OpenSSLCertUtils::getSubject(X509& x509) {
87 auto subject = X509_get_subject_name(&x509);
92 auto bio = BioUniquePtr(BIO_new(BIO_s_mem()));
94 throw std::runtime_error("Cannot allocate bio");
96 if (X509_NAME_print_ex(bio.get(), subject, 0, XN_FLAG_ONELINE) <= 0) {
100 char* bioData = nullptr;
101 size_t bioLen = BIO_get_mem_data(bio.get(), &bioData);
102 return std::string(bioData, bioLen);
105 Optional<std::string> OpenSSLCertUtils::getIssuer(X509& x509) {
106 auto issuer = X509_get_issuer_name(&x509);
111 auto bio = BioUniquePtr(BIO_new(BIO_s_mem()));
112 if (bio == nullptr) {
113 throw std::runtime_error("Cannot allocate bio");
116 if (X509_NAME_print_ex(bio.get(), issuer, 0, XN_FLAG_ONELINE) <= 0) {
120 char* bioData = nullptr;
121 size_t bioLen = BIO_get_mem_data(bio.get(), &bioData);
122 return std::string(bioData, bioLen);
125 folly::Optional<std::string> OpenSSLCertUtils::toString(X509& x509) {
126 auto in = BioUniquePtr(BIO_new(BIO_s_mem()));
128 throw std::runtime_error("Cannot allocate bio");
133 flags |= X509_FLAG_NO_HEADER | /* A few bytes of cert and data */
134 X509_FLAG_NO_PUBKEY | /* Public key */
135 X509_FLAG_NO_AUX | /* Auxiliary info? */
136 X509_FLAG_NO_SIGDUMP | /* Prints the signature */
137 X509_FLAG_NO_SIGNAME; /* Signature algorithms */
139 #ifdef X509_FLAG_NO_IDS
140 flags |= X509_FLAG_NO_IDS; /* Issuer/subject IDs */
143 if (X509_print_ex(in.get(), &x509, XN_FLAG_ONELINE, flags) > 0) {
144 char* bioData = nullptr;
145 size_t bioLen = BIO_get_mem_data(in.get(), &bioData);
146 return std::string(bioData, bioLen);
152 std::string OpenSSLCertUtils::getNotAfterTime(X509& x509) {
153 return getDateTimeStr(X509_get_notAfter(&x509));
156 std::string OpenSSLCertUtils::getNotBeforeTime(X509& x509) {
157 return getDateTimeStr(X509_get_notBefore(&x509));
160 std::string OpenSSLCertUtils::getDateTimeStr(const ASN1_TIME* time) {
165 std::array<char, 32> buf;
167 auto bio = BioUniquePtr(BIO_new(BIO_s_mem()));
168 if (bio == nullptr) {
169 throw std::runtime_error("Cannot allocate bio");
172 if (ASN1_TIME_print(bio.get(), time) <= 0) {
173 throw std::runtime_error("Cannot print ASN1_TIME");
176 char* bioData = nullptr;
177 size_t bioLen = BIO_get_mem_data(bio.get(), &bioData);
178 return std::string(bioData, bioLen);