Skip to content

Commit 2989ad0

Browse files
sandeepmistrysandeepmistry
committedAug 28, 2018
Add ability to add Authority Key Identifier to reconstructed SSL public cert
·
2.6.10.1.0
1 parent 226b7de commit 2989ad0

File tree

2 files changed

+74
-6
lines changed

2 files changed

+74
-6
lines changed
 

‎src/utility/ECCX08Cert.cpp

Lines changed: 66 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ ECCX08CertClass::ECCX08CertClass() :
7373
_keySlot(-1),
7474
_compressedCertSlot(-1),
7575
_serialNumberSlot(-1),
76+
_authorityKeyIdentifier(NULL),
7677
_bytes(NULL),
7778
_length(0)
7879
{
@@ -334,10 +335,19 @@ int ECCX08CertClass::endReconstruction()
334335

335336
int publicKeyLen = publicKeyLength();
336337

338+
int authorityKeyIdentifierLen = authorityKeyIdentifierLength(_authorityKeyIdentifier);
339+
337340
int signatureLen = signatureLength(compressedCert.signature);
338341

339342
int certInfoLen = 5 + serialNumberLen + 12 + issuerHeaderLen + issuerLen + 32 +
340-
subjectHeaderLen + subjectLen + publicKeyLen + 4;
343+
subjectHeaderLen + subjectLen + publicKeyLen;
344+
345+
if (authorityKeyIdentifierLen) {
346+
certInfoLen += authorityKeyIdentifierLen;
347+
} else {
348+
certInfoLen += 4;
349+
}
350+
341351
int certInfoHeaderLen = sequenceHeaderLength(certInfoLen);
342352

343353
int certDataLen = certInfoLen + certInfoHeaderLen + signatureLen;
@@ -411,11 +421,16 @@ int ECCX08CertClass::endReconstruction()
411421
appendPublicKey(publicKey, out);
412422
out += publicKeyLen;
413423

414-
// null sequence
415-
*out++ = 0xA3;
416-
*out++ = 0x02;
417-
*out++ = 0x30;
418-
*out++ = 0x00;
424+
if (authorityKeyIdentifierLen) {
425+
appendAuthorityKeyIdentifier(_authorityKeyIdentifier, out);
426+
out += authorityKeyIdentifierLen;
427+
} else {
428+
// null sequence
429+
*out++ = 0xA3;
430+
*out++ = 0x02;
431+
*out++ = 0x30;
432+
*out++ = 0x00;
433+
}
419434

420435
// signature
421436
appendSignature(compressedCert.signature, out);
@@ -494,6 +509,11 @@ void ECCX08CertClass::setSubjectCommonName(const String& commonName)
494509
_subjectCommonName = commonName;
495510
}
496511

512+
void ECCX08CertClass::setAuthorityKeyIdentifier(const byte authorityKeyIdentifier[])
513+
{
514+
_authorityKeyIdentifier = authorityKeyIdentifier;
515+
}
516+
497517
int ECCX08CertClass::versionLength()
498518
{
499519
return 3;
@@ -546,6 +566,11 @@ int ECCX08CertClass::publicKeyLength()
546566
return (2 + 2 + 9 + 10 + 4 + 64);
547567
}
548568

569+
int ECCX08CertClass::authorityKeyIdentifierLength(const byte authorityKeyIdentifier[])
570+
{
571+
return (authorityKeyIdentifier == NULL) ? 0 : 37;
572+
}
573+
549574
int ECCX08CertClass::signatureLength(const byte signature[])
550575
{
551576
const byte* r = &signature[0];
@@ -684,6 +709,41 @@ void ECCX08CertClass::appendPublicKey(const byte publicKey[], byte out[])
684709
memcpy(out, publicKey, 64);
685710
}
686711

712+
void ECCX08CertClass::appendAuthorityKeyIdentifier(const byte authorityKeyIdentifier[], byte out[])
713+
{
714+
// [3]
715+
*out++ = 0xa3;
716+
*out++ = 0x23;
717+
718+
// sequence
719+
*out++ = ASN1_SEQUENCE;
720+
*out++ = 0x21;
721+
722+
// sequence
723+
*out++ = ASN1_SEQUENCE;
724+
*out++ = 0x1f;
725+
726+
// 2.5.29.35 authorityKeyIdentifier(X.509 extension)
727+
*out++ = 0x06;
728+
*out++ = 0x03;
729+
*out++ = 0x55;
730+
*out++ = 0x1d;
731+
*out++ = 0x23;
732+
733+
// octet string
734+
*out++ = 0x04;
735+
*out++ = 0x18;
736+
737+
// sequence
738+
*out++ = ASN1_SEQUENCE;
739+
*out++ = 0x16;
740+
741+
*out++ = 0x80;
742+
*out++ = 0x14;
743+
744+
memcpy(out, authorityKeyIdentifier, 20);
745+
}
746+
687747
void ECCX08CertClass::appendSignature(const byte signature[], byte out[])
688748
{
689749
// signature algorithm

‎src/utility/ECCX08Cert.h

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,8 @@ class ECCX08CertClass {
4242
void setSubjectOrganizationalUnitName(const String& organizationalUnitName);
4343
void setSubjectCommonName(const String& commonName);
4444

45+
void setAuthorityKeyIdentifier(const byte authorityKeyIdentifier[]);
46+
4547
private:
4648
int versionLength();
4749

@@ -54,6 +56,8 @@ class ECCX08CertClass {
5456

5557
int publicKeyLength();
5658

59+
int authorityKeyIdentifierLength(const byte authorityKeyIdentifier[]);
60+
5761
int signatureLength(const byte signature[]);
5862

5963
int serialNumberLength(const byte serialNumber[]);
@@ -72,6 +76,8 @@ class ECCX08CertClass {
7276

7377
void appendPublicKey(const byte publicKey[], byte out[]);
7478

79+
void appendAuthorityKeyIdentifier(const byte authorityKeyIdentifier[], byte out[]);
80+
7581
void appendSignature(const byte signature[], byte out[]);
7682

7783
void appendSerialNumber(const byte serialNumber[], byte out[]);
@@ -103,6 +109,8 @@ class ECCX08CertClass {
103109
String _subjectOrganizationalUnitName;
104110
String _subjectCommonName;
105111

112+
const byte* _authorityKeyIdentifier;
113+
106114
byte _temp[88];
107115
byte* _bytes;
108116
int _length;

0 commit comments

Comments
 (0)
Please sign in to comment.