From 033b204722973ef855c55589d7dd63927395f158 Mon Sep 17 00:00:00 2001 From: Sergey Abramchuk Date: Tue, 15 May 2018 08:45:13 +0300 Subject: [PATCH 1/3] Return certificate serial --- OpenVPN Adapter/OpenVPNCertificate.h | 2 ++ OpenVPN Adapter/OpenVPNCertificate.m | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/OpenVPN Adapter/OpenVPNCertificate.h b/OpenVPN Adapter/OpenVPNCertificate.h index 57d2f9c..22408d0 100644 --- a/OpenVPN Adapter/OpenVPNCertificate.h +++ b/OpenVPN Adapter/OpenVPNCertificate.h @@ -15,6 +15,8 @@ NS_ASSUME_NONNULL_BEGIN + (nullable OpenVPNCertificate *)certificateWithPEM:(NSData *)pemData error:(NSError **)error; + (nullable OpenVPNCertificate *)certificateWithDER:(NSData *)derData error:(NSError **)error; +@property (readonly, nonatomic) NSData *serial; + - (instancetype) init NS_UNAVAILABLE; - (nullable NSData *)pemData:(NSError **)error; diff --git a/OpenVPN Adapter/OpenVPNCertificate.m b/OpenVPN Adapter/OpenVPNCertificate.m index 907843c..1400f77 100644 --- a/OpenVPN Adapter/OpenVPNCertificate.m +++ b/OpenVPN Adapter/OpenVPNCertificate.m @@ -9,6 +9,7 @@ #include #include +#include #import "NSError+OpenVPNError.h" @@ -52,6 +53,10 @@ return certificate; } +- (NSData *)serial { + return [NSData dataWithBytes:self.crt->serial.p length:self.crt->serial.len]; +} + - (instancetype)init { if (self = [super init]) { From e08f85b801f59933445cfcd7d7662a6d8bb05fe5 Mon Sep 17 00:00:00 2001 From: Sergey Abramchuk Date: Tue, 15 May 2018 08:45:29 +0300 Subject: [PATCH 2/3] Test reading certificate serial --- .../OpenVPNCertificateTests.swift | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift b/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift index 46a71a4..2f47570 100644 --- a/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift +++ b/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift @@ -76,5 +76,25 @@ class OpenVPNCertificateTests: XCTestCase { XCTFail("Initialization with empty PEM data should fail") } + + func testReadSerial() { + guard + let caURL = Bundle.current.url(forResource: "test-ca", withExtension: "crt"), + let caOriginalPEMData = try? Data(contentsOf: caURL) + else { + XCTFail() + return + } + + let certificateFromPEM: OpenVPNCertificate + do { + certificateFromPEM = try OpenVPNCertificate(pem: caOriginalPEMData) + } catch { + XCTFail(error.localizedDescription) + return + } + + XCTAssert(!certificateFromPEM.serial.isEmpty) + } } From 660a65989d7c244e99ead4a2171193687a01f742 Mon Sep 17 00:00:00 2001 From: Sergey Abramchuk Date: Tue, 15 May 2018 09:37:49 +0300 Subject: [PATCH 3/3] Add issuer, subject, version properties --- OpenVPN Adapter/OpenVPNCertificate.h | 4 ++++ OpenVPN Adapter/OpenVPNCertificate.m | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/OpenVPN Adapter/OpenVPNCertificate.h b/OpenVPN Adapter/OpenVPNCertificate.h index 22408d0..e799778 100644 --- a/OpenVPN Adapter/OpenVPNCertificate.h +++ b/OpenVPN Adapter/OpenVPNCertificate.h @@ -15,8 +15,12 @@ NS_ASSUME_NONNULL_BEGIN + (nullable OpenVPNCertificate *)certificateWithPEM:(NSData *)pemData error:(NSError **)error; + (nullable OpenVPNCertificate *)certificateWithDER:(NSData *)derData error:(NSError **)error; +@property (readonly, nonatomic) NSInteger version; @property (readonly, nonatomic) NSData *serial; +@property (readonly, nonatomic) NSData *issuer; +@property (readonly, nonatomic) NSData *subject; + - (instancetype) init NS_UNAVAILABLE; - (nullable NSData *)pemData:(NSError **)error; diff --git a/OpenVPN Adapter/OpenVPNCertificate.m b/OpenVPN Adapter/OpenVPNCertificate.m index 1400f77..8e40725 100644 --- a/OpenVPN Adapter/OpenVPNCertificate.m +++ b/OpenVPN Adapter/OpenVPNCertificate.m @@ -53,10 +53,22 @@ return certificate; } +- (NSInteger)version { + return self.crt->version; +} + - (NSData *)serial { return [NSData dataWithBytes:self.crt->serial.p length:self.crt->serial.len]; } +- (NSData *)issuer { + return [NSData dataWithBytes:self.crt->issuer_raw.p length:self.crt->issuer_raw.len]; +} + +- (NSData *)subject { + return [NSData dataWithBytes:self.crt->subject_raw.p length:self.crt->subject_raw.len]; +} + - (instancetype)init { if (self = [super init]) {