hx509: Add hx509_ca_tbs_get_name()

This is so we can check if a TBS gets an empty subject name, then refuse to issue the certificate if it doesn't also have at least one SAN.
2019-11-06 11:08:00 -06:00
parent 12826c9586
commit fce3f16859
3 changed files with 19 additions and 0 deletions
--- a/lib/hx509/ca.c
+++ b/lib/hx509/ca.c
@@ -997,6 +997,23 @@ hx509_ca_tbs_subject_expand(hx509_context context,
    return hx509_name_expand(context, tbs->subject, env);
 }

+/**
+ * Get the name of a to-be-signed certificate object.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ *
+ * @return An hx509 name.
+ *
+ * @ingroup hx509_ca
+ */
+
+HX509_LIB_FUNCTION hx509_name HX509_LIB_CALL
+hx509_ca_tbs_get_name(hx509_ca_tbs tbs)
+{
+    return tbs->subject;
+}
+
 /**
 * Set signature algorithm on the to be signed certificate
 *
--- a/lib/hx509/libhx509-exports.def
+++ b/lib/hx509/libhx509-exports.def
@@ -70,6 +70,7 @@ EXPORTS
 	hx509_ca_tbs_add_san_pkinit
 	hx509_ca_tbs_add_san_rfc822name
 	hx509_ca_tbs_free
+	hx509_ca_tbs_get_name
 	hx509_ca_tbs_init
 	hx509_ca_tbs_set_ca
 	hx509_ca_tbs_set_domaincontroller
--- a/lib/hx509/version-script.map
+++ b/lib/hx509/version-script.map
@@ -50,6 +50,7 @@ HEIMDAL_X509_1.2 {
 		hx509_ca_tbs_add_san_pkinit;
 		hx509_ca_tbs_add_san_rfc822name;
 		hx509_ca_tbs_free;
+		hx509_ca_tbs_get_name;
 		hx509_ca_tbs_init;
 		hx509_ca_tbs_set_ca;
 		hx509_ca_tbs_set_domaincontroller;