add OpenSSLCertUtils::getIssuerCommonName()

Reviewed By: AjanthanAsogamoorthy Differential Revision: D66775050 fbshipit-source-id: 4884c64eb79ff7dcdc52adb5a8ebdb74fd2f5eb1
facebook · Feb 14, 2025 · 7bde3a1 · 7bde3a1
1 parent 6b1b26c
commit 7bde3a1
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/folly/ssl/OpenSSLCertUtils.cpp b/folly/ssl/OpenSSLCertUtils.cpp
@@ -72,20 +72,17 @@ std::string getExtData(X509_EXTENSION* extension) {
   return asnValue ? asn1ToString(asnValue) : std::string();
 }
 
-} // namespace
-
-Optional<std::string> OpenSSLCertUtils::getCommonName(X509& x509) {
-  auto subject = X509_get_subject_name(&x509);
-  if (!subject) {
+Optional<std::string> commonName(X509_NAME* name) {
+  if (!name) {
     return none;
   }
 
-  auto cnLoc = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
+  auto cnLoc = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
   if (cnLoc < 0) {
     return none;
   }
 
-  auto cnEntry = X509_NAME_get_entry(subject, cnLoc);
+  auto cnEntry = X509_NAME_get_entry(name, cnLoc);
   if (!cnEntry) {
     return none;
   }
@@ -104,6 +101,16 @@ Optional<std::string> OpenSSLCertUtils::getCommonName(X509& x509) {
   return Optional<std::string>(std::string(cnData, cnLen));
 }
 
+} // namespace
+
+Optional<std::string> OpenSSLCertUtils::getCommonName(X509& x509) {
+  return commonName(X509_get_subject_name(&x509));
+}
+
+Optional<std::string> OpenSSLCertUtils::getIssuerCommonName(X509& x509) {
+  return commonName(X509_get_issuer_name(&x509));
+}
+
 std::vector<std::string> OpenSSLCertUtils::getSubjectAltNames(X509& x509) {
   auto names = reinterpret_cast<STACK_OF(GENERAL_NAME)*>(
       X509_get_ext_d2i(&x509, NID_subject_alt_name, nullptr, nullptr));

diff --git a/folly/ssl/OpenSSLCertUtils.h b/folly/ssl/OpenSSLCertUtils.h
@@ -35,6 +35,8 @@ class OpenSSLCertUtils {
   // Note: non-const until OpenSSL 1.1.0
   static Optional<std::string> getCommonName(X509& x509);
 
+  static Optional<std::string> getIssuerCommonName(X509& x509);
+
   static std::vector<std::string> getSubjectAltNames(X509& x509);
 
   /*

diff --git a/folly/ssl/test/OpenSSLCertUtilsTest.cpp b/folly/ssl/test/OpenSSLCertUtilsTest.cpp
@@ -233,6 +233,8 @@ TEST_P(OpenSSLCertUtilsTest, TestX509CN) {
   EXPECT_NE(x509, nullptr);
   auto cn = folly::ssl::OpenSSLCertUtils::getCommonName(*x509);
   EXPECT_EQ(cn.value(), "Asox Company");
+  auto issuerCn = folly::ssl::OpenSSLCertUtils::getIssuerCommonName(*x509);
+  EXPECT_EQ(issuerCn.value(), "Thrift Certificate Authority");
   auto sans = folly::ssl::OpenSSLCertUtils::getSubjectAltNames(*x509);
   EXPECT_EQ(sans.size(), 0);
 }