xref: /freebsd-src/crypto/openssl/util/perl/TLSProxy/Certificate.pm (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6)

# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;

package TLSProxy::Certificate;

use vars '@ISA';
push @ISA, 'TLSProxy::Message';

sub new
{
    my $class = shift;
    my ($server,
        $data,
        $records,
        $startoffset,
        $message_frag_lens) = @_;

    my $self = $class->SUPER::new(
        $server,
        TLSProxy::Message::MT_CERTIFICATE,
        $data,
        $records,
        $startoffset,
        $message_frag_lens);

    $self->{first_certificate} = "";
    $self->{extension_data} = "";
    $self->{remaining_certdata} = "";

    return $self;
}

sub parse
{
    my $self = shift;

    if (TLSProxy::Proxy->is_tls13()) {
        my $context_len = unpack('C', $self->data);
        my $context = substr($self->data, 1, $context_len);

        my $remdata = substr($self->data, 1 + $context_len);

        my ($hicertlistlen, $certlistlen) = unpack('Cn', $remdata);
        $certlistlen += ($hicertlistlen << 16);

        $remdata = substr($remdata, 3);

        die "Invalid Certificate List length"
            if length($remdata) != $certlistlen;

        my ($hicertlen, $certlen) = unpack('Cn', $remdata);
        $certlen += ($hicertlen << 16);

        die "Certificate too long" if ($certlen + 3) > $certlistlen;

        $remdata = substr($remdata, 3);

        my $certdata = substr($remdata, 0, $certlen);

        $remdata = substr($remdata, $certlen);

        my $extensions_len = unpack('n', $remdata);
        $remdata = substr($remdata, 2);

        die "Extensions too long"
            if ($certlen + 3 + $extensions_len + 2) > $certlistlen;

        my $extension_data = "";
        if ($extensions_len != 0) {
            $extension_data = substr($remdata, 0, $extensions_len);

            if (length($extension_data) != $extensions_len) {
                die "Invalid extension length\n";
            }
        }
        my %extensions = ();
        while (length($extension_data) >= 4) {
            my ($type, $size) = unpack("nn", $extension_data);
            my $extdata = substr($extension_data, 4, $size);
            $extension_data = substr($extension_data, 4 + $size);
            $extensions{$type} = $extdata;
        }
        $remdata = substr($remdata, $extensions_len);

        $self->context($context);
        $self->first_certificate($certdata);
        $self->extension_data(\%extensions);
        $self->remaining_certdata($remdata);

        print "    Context:".$context."\n";
        print "    Certificate List Len:".$certlistlen."\n";
        print "    Certificate Len:".$certlen."\n";
        print "    Extensions Len:".$extensions_len."\n";
    } else {
        my ($hicertlistlen, $certlistlen) = unpack('Cn', $self->data);
        $certlistlen += ($hicertlistlen << 16);

        my $remdata = substr($self->data, 3);

        die "Invalid Certificate List length"
            if length($remdata) != $certlistlen;

        my ($hicertlen, $certlen) = unpack('Cn', $remdata);
        $certlen += ($hicertlen << 16);

        die "Certificate too long" if ($certlen + 3) > $certlistlen;

        $remdata = substr($remdata, 3);

        my $certdata = substr($remdata, 0, $certlen);

        $remdata = substr($remdata, $certlen);

        $self->first_certificate($certdata);
        $self->remaining_certdata($remdata);

        print "    Certificate List Len:".$certlistlen."\n";
        print "    Certificate Len:".$certlen."\n";
    }
}

#Reconstruct the on-the-wire message data following changes
sub set_message_contents
{
    my $self = shift;
    my $data;
    my $extensions = "";

    if (TLSProxy::Proxy->is_tls13()) {
        foreach my $key (keys %{$self->extension_data}) {
            my $extdata = ${$self->extension_data}{$key};
            $extensions .= pack("n", $key);
            $extensions .= pack("n", length($extdata));
            $extensions .= $extdata;
        }
        $data = pack('C', length($self->context()));
        $data .= $self->context;
        my $certlen = length($self->first_certificate);
        my $certlistlen = $certlen + length($extensions)
                          + length($self->remaining_certdata);
        my $hi = $certlistlen >> 16;
        $certlistlen = $certlistlen & 0xffff;
        $data .= pack('Cn', $hi, $certlistlen);
        $hi = $certlen >> 16;
        $certlen = $certlen & 0xffff;
        $data .= pack('Cn', $hi, $certlen);
        $data .= pack('n', length($extensions));
        $data .= $extensions;
        $data .= $self->remaining_certdata();
        $self->data($data);
    } else {
        my $certlen = length($self->first_certificate);
        my $certlistlen = $certlen + length($self->remaining_certdata);
        my $hi = $certlistlen >> 16;
        $certlistlen = $certlistlen & 0xffff;
        $data .= pack('Cn', $hi, $certlistlen);
        $hi = $certlen >> 16;
        $certlen = $certlen & 0xffff;
        $data .= pack('Cn', $hi, $certlen);
        $data .= $self->remaining_certdata();
        $self->data($data);
    }
}

#Read/write accessors
sub context
{
    my $self = shift;
    if (@_) {
      $self->{context} = shift;
    }
    return $self->{context};
}
sub first_certificate
{
    my $self = shift;
    if (@_) {
      $self->{first_certificate} = shift;
    }
    return $self->{first_certificate};
}
sub remaining_certdata
{
    my $self = shift;
    if (@_) {
      $self->{remaining_certdata} = shift;
    }
    return $self->{remaining_certdata};
}
sub extension_data
{
    my $self = shift;
    if (@_) {
      $self->{extension_data} = shift;
    }
    return $self->{extension_data};
}
sub set_extension
{
    my ($self, $ext_type, $ext_data) = @_;
    $self->{extension_data}{$ext_type} = $ext_data;
}
sub delete_extension
{
    my ($self, $ext_type) = @_;
    delete $self->{extension_data}{$ext_type};
}
1;