chip-cert: Added Support for Multiple Subject Name Attributes in Oper…

…ational Certificates. (#22201)
project-chip · Sep 15, 2023 · 4927875 · 4927875
1 parent 40db20d
commit 4927875
Show file tree

Hide file tree

Showing 2 changed files with 356 additions and 21 deletions.
diff --git a/src/tools/chip-cert/CertUtils.cpp b/src/tools/chip-cert/CertUtils.cpp
@@ -51,6 +51,51 @@ bool ToolChipDN::SetCertName(X509_NAME * name) const
         case kOID_AttributeType_CommonName:
             attrNID = NID_commonName;
             break;
+        case kOID_AttributeType_Surname:
+            attrNID = NID_surname;
+            break;
+        case kOID_AttributeType_SerialNumber:
+            attrNID = NID_serialNumber;
+            break;
+        case kOID_AttributeType_CountryName:
+            attrNID = NID_countryName;
+            break;
+        case kOID_AttributeType_LocalityName:
+            attrNID = NID_localityName;
+            break;
+        case kOID_AttributeType_StateOrProvinceName:
+            attrNID = NID_stateOrProvinceName;
+            break;
+        case kOID_AttributeType_OrganizationName:
+            attrNID = NID_organizationName;
+            break;
+        case kOID_AttributeType_OrganizationalUnitName:
+            attrNID = NID_organizationalUnitName;
+            break;
+        case kOID_AttributeType_Title:
+            attrNID = NID_title;
+            break;
+        case kOID_AttributeType_Name:
+            attrNID = NID_name;
+            break;
+        case kOID_AttributeType_GivenName:
+            attrNID = NID_givenName;
+            break;
+        case kOID_AttributeType_Initials:
+            attrNID = NID_initials;
+            break;
+        case kOID_AttributeType_GenerationQualifier:
+            attrNID = NID_generationQualifier;
+            break;
+        case kOID_AttributeType_DNQualifier:
+            attrNID = NID_dnQualifier;
+            break;
+        case kOID_AttributeType_Pseudonym:
+            attrNID = NID_pseudonym;
+            break;
+        case kOID_AttributeType_DomainComponent:
+            attrNID = NID_domainComponent;
+            break;
         case kOID_AttributeType_MatterNodeId:
             attrNID = gNIDChipNodeId;
             break;
@@ -73,40 +118,42 @@ bool ToolChipDN::SetCertName(X509_NAME * name) const
             ExitNow(res = false);
         }
 
+        char chipAttrStr[std::max(kChip64bitAttrUTF8Length, kChip32bitAttrUTF8Length)] = { 0 };
+        int type                                                                       = V_ASN1_UTF8STRING;
+        uint8_t * attrStr                                                              = reinterpret_cast<uint8_t *>(chipAttrStr);
+        int attrLen                                                                    = 0;
+
         if (IsChip64bitDNAttr(rdn[i].mAttrOID))
         {
-            char chipAttrStr[kChip64bitAttrUTF8Length];
-            VerifyOrReturnError(Encoding::Uint64ToHex(rdn[i].mChipVal, chipAttrStr, sizeof(chipAttrStr),
+            VerifyOrReturnError(Encoding::Uint64ToHex(rdn[i].mChipVal, chipAttrStr, kChip64bitAttrUTF8Length,
                                                       Encoding::HexFlags::kUppercase) == CHIP_NO_ERROR,
                                 false);
-
-            if (!X509_NAME_add_entry_by_NID(name, attrNID, MBSTRING_UTF8, reinterpret_cast<uint8_t *>(chipAttrStr),
-                                            sizeof(chipAttrStr), -1, 0))
-            {
-                ReportOpenSSLErrorAndExit("X509_NAME_add_entry_by_NID", res = false);
-            }
+            attrLen = kChip64bitAttrUTF8Length;
         }
         else if (IsChip32bitDNAttr(rdn[i].mAttrOID))
         {
-            char chipAttrStr[kChip32bitAttrUTF8Length];
-            VerifyOrReturnError(Encoding::Uint32ToHex(static_cast<uint32_t>(rdn[i].mChipVal), chipAttrStr, sizeof(chipAttrStr),
+            VerifyOrReturnError(Encoding::Uint32ToHex(static_cast<uint32_t>(rdn[i].mChipVal), chipAttrStr, kChip32bitAttrUTF8Length,
                                                       Encoding::HexFlags::kUppercase) == CHIP_NO_ERROR,
                                 false);
-
-            if (!X509_NAME_add_entry_by_NID(name, attrNID, MBSTRING_UTF8, reinterpret_cast<uint8_t *>(chipAttrStr),
-                                            sizeof(chipAttrStr), -1, 0))
-            {
-                ReportOpenSSLErrorAndExit("X509_NAME_add_entry_by_NID", res = false);
-            }
+            attrLen = kChip32bitAttrUTF8Length;
         }
         else
         {
-            if (!X509_NAME_add_entry_by_NID(name, attrNID, MBSTRING_UTF8,
-                                            reinterpret_cast<uint8_t *>(const_cast<char *>(rdn[i].mString.data())),
-                                            static_cast<int>(rdn[i].mString.size()), -1, 0))
+            if (rdn[i].mAttrOID == kOID_AttributeType_DomainComponent)
             {
-                ReportOpenSSLErrorAndExit("X509_NAME_add_entry_by_NID", res = false);
+                type = V_ASN1_IA5STRING;
+            }
+            else if (rdn[i].mAttrIsPrintableString)
+            {
+                type = V_ASN1_PRINTABLESTRING;
             }
+            attrStr = reinterpret_cast<uint8_t *>(const_cast<char *>(rdn[i].mString.data()));
+            attrLen = static_cast<int>(rdn[i].mString.size());
+        }
+
+        if (!X509_NAME_add_entry_by_NID(name, attrNID, type, attrStr, attrLen, -1, 0))
+        {
+            ReportOpenSSLErrorAndExit("X509_NAME_add_entry_by_NID", res = false);
         }
     }