rewrite .traverse in ruby

Author: HoneyryderChuck

lib/openssl/asn1.rb

@@ -537,11 +537,24 @@ def decode_all(data)
       objs
     end
 
+    def traverse(der, &blk)
+      raise LocalJumpError unless blk
+
+      _, remaining = decode0(der, &blk)
+
+      unless remaining.nil? || remaining.empty?
+        total_read = der.size - remaining.size
+        raise ASN1Error, "Type mismatch. Total bytes read: #{total_read} Bytes available: #{remaining.size} Offset: #{total_read}"
+      end
+
+      nil
+    end
+
     def decode(data)
       decode0(data).first
     end
 
-    def decode0(data)
+    def decode0(data, depth = 0, offset = 0, &block)
       data = data.to_der if data.respond_to?(:to_der)
 
       first_byte, length = data.unpack('CC')
@@ -582,33 +595,53 @@ def decode0(data)
         data[no_id_idx + 1..-1]
       end
 
+      hlength = no_id_idx + length_bytes
+
       if is_constructed
-        decode_cons(tag_class, id, length, value, is_indefinite_length)
+        decode_cons(tag_class, id, hlength, length, value, is_indefinite_length, depth, offset, &block)
       else
         if is_indefinite_length
           raise ASN1Error, "invalid length" if PRIMITIVE_TAG_IDS.include?(id)
         end
-        decode_prim(tag_class, id, length, value)
+        decode_prim(tag_class, id, hlength, length, value, depth, offset, &block)
       end
     end
 
-    def decode_cons(tag_class, id, length, data, is_indefinite_length)
-      remaining = data[length..-1]
-      data = data[0, length]
+    def decode_cons(tag_class, id, hlength, length, data, is_indefinite_length, depth, offset, &block)
+      datalen = data.size
+
+      if is_indefinite_length
+        remaining = nil
+
+      else
+        remaining = data[length..-1]
+        data = data[0, length]
+
+        if length > datalen
+          raise ASN1Error, "too long"
+        end
+      end
+
+      traverse0(depth, offset, hlength, length == 0x80 ? 0 : length, true, tag_class, id, &block) if block
+
+      offset += hlength
 
       objs = []
       has_eoc = false
-      until data.empty?
-        obj, data = decode0(data)
+      until data.nil? || data.empty?
+        datalen = data.size
+
+        obj, data = decode0(data, depth + 1, offset, &block)
+
+        offset += datalen
+        offset -= data.size if data
 
         case obj
         when EndOfContent
           has_eoc = true
 
           break if is_indefinite_length
 
-          # next if is_indefinite_length
-
           objs << obj
 
           break
@@ -646,10 +679,14 @@ def decode_cons(tag_class, id, length, data, is_indefinite_length)
       return obj, remaining
     end
 
-    def decode_prim(tag_class, id, length, data)
+    def decode_prim(tag_class, id, hlength, length, data, depth, offset, &block)
       remaining = data[length..-1]
       data = data[0, length]
 
+      traverse0(depth, offset, hlength, length, false, tag_class, id, &block) if block
+
+      offset += hlength
+
       obj = if tag_class == :UNIVERSAL
         case id
         when 0 # EOC
@@ -764,5 +801,26 @@ def decode_prim(tag_class, id, length, data)
 
       return obj, remaining
     end
+
+    def traverse0(depth, offset, hlength, length, is_constructed, tag_class, id, &block)
+      elems = [
+        depth, offset,
+        hlength, length,
+        is_constructed,
+        tag_class,
+        id
+      ]
+
+      arity = block.arity
+      if arity == 1
+        block.call(elems)
+      else
+        if arity < elems.size
+          elems = elems[0, arity]
+        end
+
+        block.call(*elems)
+      end
+    end
   end
 end

test/openssl/test_asn1.rb

@@ -203,6 +203,62 @@ def test_decode_all
     end
   end
 
+  def test_traverse
+    assert_raise(LocalJumpError) {
+      OpenSSL::ASN1.traverse(B(%w{ 00 00 }))
+    }
+    # primitive
+    expected = [[0, 0, 2, 1, false, :UNIVERSAL, 2]]
+    received = []
+    OpenSSL::ASN1.traverse(B((%w{ 02 01 00 }))) do |args|
+      received << args
+    end
+    assert_equal expected, received
+
+    # asn1data
+    expected = [[0, 0, 2, 0, false, :APPLICATION, 1]]
+    received = []
+    OpenSSL::ASN1.traverse(B((%w{ 41 00 }))) do |args|
+       received << args
+    end
+    assert_equal expected, received
+    #constructed
+    expected = [
+      [0, 0, 2, 7, true, :UNIVERSAL, 16],
+      [1, 2, 2, 0, false, :UNIVERSAL, 5],
+      [1, 4, 2, 0, true, :UNIVERSAL, 16],
+      [1, 6, 2, 1, false, :UNIVERSAL, 4]
+    ]
+    received = []
+    OpenSSL::ASN1.traverse(B(%w{ 30 07 05 00 30 00 04 01 00 })) do |args|
+      received << args
+    end
+    assert_equal expected, received
+    # indefinite length
+    expected = [
+      [0, 0, 2, 7, true, :UNIVERSAL, 16],
+      [1, 2, 2, 0, false, :UNIVERSAL, 5],
+      [1, 4, 2, 0, true, :UNIVERSAL, 16],
+      [1, 6, 2, 1, false, :UNIVERSAL, 4]
+    ]
+    received = []
+    OpenSSL::ASN1.traverse(B(%w{ 30 07 05 00 30 00 04 01 00 })) do |args|
+      received << args
+    end
+    # multiple ders
+    # it yields while traversing, and fails if there's more data beyond the first DER
+    expected = [
+      [0, 0, 2, 1, false, :UNIVERSAL, 2]
+    ]
+    received = []
+    assert_raise(OpenSSL::ASN1::ASN1Error) do
+      OpenSSL::ASN1.traverse(B(%w{ 02 01 01 02 01 02 02 01 03 })) do |args|
+        received << args
+      end
+    end
+    assert_equal expected, received
+  end
+
   def test_object_id_register
     oid = "1.2.34.56789"
     pend "OID 1.2.34.56789 is already registered" if OpenSSL::ASN1::ObjectId(oid).sn