1 # Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 # Licensed under the OpenSSL license (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
10 package TLSProxy::Certificate;
13 push @ISA, 'TLSProxy::Message';
22 $message_frag_lens) = @_;
24 my $self = $class->SUPER::new(
26 TLSProxy::Message::MT_CERTIFICATE,
32 $self->{first_certificate} = "";
33 $self->{extension_data} = "";
34 $self->{remaining_certdata} = "";
43 if (TLSProxy::Proxy->is_tls13()) {
44 my $context_len = unpack('C', $self->data);
45 my $context = substr($self->data, 1, $context_len);
47 my $remdata = substr($self->data, 1 + $context_len);
49 my ($hicertlistlen, $certlistlen) = unpack('Cn', $remdata);
50 $certlistlen += ($hicertlistlen << 16);
52 $remdata = substr($remdata, 3);
54 die "Invalid Certificate List length"
55 if length($remdata) != $certlistlen;
57 my ($hicertlen, $certlen) = unpack('Cn', $remdata);
58 $certlen += ($hicertlen << 16);
60 die "Certificate too long" if ($certlen + 3) > $certlistlen;
62 $remdata = substr($remdata, 3);
64 my $certdata = substr($remdata, 0, $certlen);
66 $remdata = substr($remdata, $certlen);
68 my $extensions_len = unpack('n', $remdata);
69 $remdata = substr($remdata, 2);
71 die "Extensions too long"
72 if ($certlen + 3 + $extensions_len + 2) > $certlistlen;
74 my $extension_data = "";
75 if ($extensions_len != 0) {
76 $extension_data = substr($remdata, 0, $extensions_len);
78 if (length($extension_data) != $extensions_len) {
79 die "Invalid extension length\n";
83 while (length($extension_data) >= 4) {
84 my ($type, $size) = unpack("nn", $extension_data);
85 my $extdata = substr($extension_data, 4, $size);
86 $extension_data = substr($extension_data, 4 + $size);
87 $extensions{$type} = $extdata;
89 $remdata = substr($remdata, $extensions_len);
91 $self->context($context);
92 $self->first_certificate($certdata);
93 $self->extension_data(\%extensions);
94 $self->remaining_certdata($remdata);
96 print " Context:".$context."\n";
97 print " Certificate List Len:".$certlistlen."\n";
98 print " Certificate Len:".$certlen."\n";
99 print " Extensions Len:".$extensions_len."\n";
101 my ($hicertlistlen, $certlistlen) = unpack('Cn', $self->data);
102 $certlistlen += ($hicertlistlen << 16);
104 my $remdata = substr($self->data, 3);
106 die "Invalid Certificate List length"
107 if length($remdata) != $certlistlen;
109 my ($hicertlen, $certlen) = unpack('Cn', $remdata);
110 $certlen += ($hicertlen << 16);
112 die "Certificate too long" if ($certlen + 3) > $certlistlen;
114 $remdata = substr($remdata, 3);
116 my $certdata = substr($remdata, 0, $certlen);
118 $remdata = substr($remdata, $certlen);
120 $self->first_certificate($certdata);
121 $self->remaining_certdata($remdata);
123 print " Certificate List Len:".$certlistlen."\n";
124 print " Certificate Len:".$certlen."\n";
128 #Reconstruct the on-the-wire message data following changes
129 sub set_message_contents
135 if (TLSProxy::Proxy->is_tls13()) {
136 foreach my $key (keys %{$self->extension_data}) {
137 my $extdata = ${$self->extension_data}{$key};
138 $extensions .= pack("n", $key);
139 $extensions .= pack("n", length($extdata));
140 $extensions .= $extdata;
141 if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
142 $extensions .= pack("n", $key);
143 $extensions .= pack("n", length($extdata));
144 $extensions .= $extdata;
147 $data = pack('C', length($self->context()));
148 $data .= $self->context;
149 my $certlen = length($self->first_certificate);
150 my $certlistlen = $certlen + length($extensions)
151 + length($self->remaining_certdata);
152 my $hi = $certlistlen >> 16;
153 $certlistlen = $certlistlen & 0xffff;
154 $data .= pack('Cn', $hi, $certlistlen);
155 $hi = $certlen >> 16;
156 $certlen = $certlen & 0xffff;
157 $data .= pack('Cn', $hi, $certlen);
158 $data .= pack('n', length($extensions));
159 $data .= $extensions;
160 $data .= $self->remaining_certdata();
163 my $certlen = length($self->first_certificate);
164 my $certlistlen = $certlen + length($self->remaining_certdata);
165 my $hi = $certlistlen >> 16;
166 $certlistlen = $certlistlen & 0xffff;
167 $data .= pack('Cn', $hi, $certlistlen);
168 $hi = $certlen >> 16;
169 $certlen = $certlen & 0xffff;
170 $data .= pack('Cn', $hi, $certlen);
171 $data .= $self->remaining_certdata();
176 #Read/write accessors
181 $self->{context} = shift;
183 return $self->{context};
185 sub first_certificate
189 $self->{first_certificate} = shift;
191 return $self->{first_certificate};
193 sub remaining_certdata
197 $self->{remaining_certdata} = shift;
199 return $self->{remaining_certdata};
205 $self->{extension_data} = shift;
207 return $self->{extension_data};
211 my ($self, $ext_type, $ext_data) = @_;
212 $self->{extension_data}{$ext_type} = $ext_data;
216 my ($self, $ext_type) = @_;
217 delete $self->{extension_data}{$ext_type};