From a79c1b931c116bdda2559d31b14a509e16a8fd93 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Mon, 18 May 2020 00:13:34 +0300
Subject: x509: support commonName extension

Add support for Common Name certificate extension.

Fixes #989

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 lib/x509/output.c                    | 16 +++++++++++
 tests/cert-tests/Makefile.am         |  2 +-
 tests/cert-tests/certtool            | 12 +++++++++
 tests/cert-tests/data/commonName.cer | 52 ++++++++++++++++++++++++++++++++++++
 4 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 tests/cert-tests/data/commonName.cer

diff --git a/lib/x509/output.c b/lib/x509/output.c
index c8b0c66ddb..64cfade64d 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1259,6 +1259,22 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix,
 			 critical ? _("critical") : _("not critical"));
 
 		print_issuer_sign_tool(str, prefix, der);
+	} else if (strcmp(oid, "2.5.4.3") == 0) {
+		int ret;
+		gnutls_datum_t tmp = {NULL, 0};
+
+		addf(str, _("%s\t\tCommon Name (%s):\n"),
+				prefix,
+				critical ? _("critical") : _("not critical"));
+
+		ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, der->data, der->size, &tmp, 0);
+		if (ret < 0) {
+			addf(str, "error: x509_decode_string: %s\n",
+					gnutls_strerror(ret));
+		} else {
+			addf(str, "%s\t\t\t%s\n", prefix, tmp.data);
+			gnutls_free(tmp.data);
+		}
 	} else {
 		addf(str, _("%s\t\tUnknown extension %s (%s):\n"),
 		     prefix, oid,
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 87d9314363..17886ef7c5 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -101,7 +101,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \
 	data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \
 	templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \
-	data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem
+	data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer
 
 dist_check_SCRIPTS = pathlen aki invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool
index e604634678..3494aaacbe 100755
--- a/tests/cert-tests/certtool
+++ b/tests/cert-tests/certtool
@@ -153,6 +153,18 @@ if test $? = 0;then
 	exit 1
 fi
 
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/commonName.cer" | grep -v "Not After:" > ${TMPFILE1}
+if test $? != 0;then
+	echo "commonName cert output failed"
+	exit 1
+fi
+
+${DIFF} "${srcdir}/data/commonName.cer" ${TMPFILE1}
+if test $? != 0;then
+	exit 1
+fi
+
+
 rm -f ${TMPFILE1} ${TMPFILE2}
 
 export TZ="UTC"
diff --git a/tests/cert-tests/data/commonName.cer b/tests/cert-tests/data/commonName.cer
new file mode 100644
index 0000000000..91d02fdd85
--- /dev/null
+++ b/tests/cert-tests/data/commonName.cer
@@ -0,0 +1,52 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 06376c00aa00648a11cfb8d4aa5c35f4
+	Issuer: CN=Root Agency
+	Validity:
+		Not Before: Tue May 28 22:02:59 UTC 1996
+	Subject: CN=Root Agency
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Export (512 bits)
+		Modulus (bits 512):
+			00:81:55:22:b9:8a:a4:6f:ed:d6:e7:d9:66:0f:55:bc
+			d7:cd:d5:bc:4e:40:02:21:a2:b1:f7:87:30:85:5e:d2
+			f2:44:b9:dc:9b:75:b6:fb:46:5f:42:b6:9d:23:36:0b
+			de:54:0f:cd:bd:1f:99:2a:10:58:11:cb:40:cb:b5:a7
+			41
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Common Name (not critical):
+			For Testing Purposes Only Sample Software Publishing Credentials Agency
+		Unknown extension 2.5.29.1 (not critical):
+			ASCII: 0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5.
+			Hexdump: 303e801012e4092d061d1d4f008d6121dc166463a1183016311430120603550403130b526f6f74204167656e6379821006376c00aa00648a11cfb8d4aa5c35f4
+	Signature Algorithm: RSA-MD5
+warning: signed using a broken signature algorithm that can be forged.
+	Signature:
+		2d:2e:3e:7b:89:42:89:3f:a8:21:17:fa:f0:f5:c3:95
+		db:62:69:5b:c9:dc:c1:b3:fa:f0:c4:6f:6f:64:9a:bd
+		e7:1b:25:68:72:83:67:bd:56:b0:8d:01:bd:2a:f7:cc
+		4b:bd:87:a5:ba:87:20:4c:42:11:41:ad:10:17:3b:8c
+Other Information:
+	Fingerprint:
+		sha1:fee449ee0e3965a5246f000e87fde2a065fd89d4
+		sha256:8b13dbb25eb339a630c76c810d14b44b552e68dc10a93e82e754da23f858774a
+	Public Key ID:
+		sha1:38596dac2a46c9002309905e1f02c1fb5df724cd
+		sha256:73a97a992bfd29b91ef23175b367db9c561c516f634f759e3d430230a3d0695c
+	Public Key PIN:
+		pin-sha256:c6l6mSv9Kbke8jF1s2fbnFYcUW9jT3WePUMCMKPQaVw=
+
+-----BEGIN CERTIFICATE-----
+MIIByjCCAXSgAwIBAgIQBjdsAKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFADAW
+MRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw05NjA1MjgyMjAyNTlaFw0zOTEyMzEy
+MzU5NTlaMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MFswDQYJKoZIhvcNAQEBBQAD
+SgAwRwJAgVUiuYqkb+3W59lmD1W8183VvE5AAiGisfeHMIVe0vJEudybdbb7Rl9C
+tp0jNgveVA/NvR+ZKhBYEctAy7WnQQIDAQABo4GeMIGbMFAGA1UEAwRJE0dGb3Ig
+VGVzdGluZyBQdXJwb3NlcyBPbmx5IFNhbXBsZSBTb2Z0d2FyZSBQdWJsaXNoaW5n
+IENyZWRlbnRpYWxzIEFnZW5jeTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRj
+oRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJ
+KoZIhvcNAQEEBQADQQAtLj57iUKJP6ghF/rw9cOV22JpW8ncwbP68MRvb2Savecb
+JWhyg2e9VrCNAb0q98xLvYeluocgTEIRQa0QFzuM
+-----END CERTIFICATE-----
-- 
cgit v1.2.1