/* This function does NOT expect a DER type and length. */
SECOidTag
SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
{
SECOidData *oiddata;
char *oidString = NULL;
oiddata = SECOID_FindOID(oid);
if (oiddata != NULL) {
const char *name = oiddata->desc;
SECU_Indent(out, level);
if (m != NULL)
fprintf(out, "%s: ", m);
fprintf(out, "%s\n", name);
return oiddata->offset;
}
oidString = CERT_GetOidString(oid);
if (oidString) {
SECU_Indent(out, level);
if (m != NULL)
fprintf(out, "%s: ", m);
fprintf(out, "%s\n", oidString);
PR_smprintf_free(oidString);
return SEC_OID_UNKNOWN;
}
SECU_PrintAsHex(out, oid, m, level);
return SEC_OID_UNKNOWN;
}
static void
print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level)
{
SECU_Indent (out_file, level);
fprintf (out_file, "Cert ID:\n");
level++;
SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm),
"Hash Algorithm", level);
SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash),
"Issuer Name Hash", level);
SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash),
"Issuer Key Hash", level);
SECU_PrintInteger (out_file, &(cert_id->serialNumber),
"Serial Number", level);
/* XXX lookup the cert; if found, print something nice (nickname?) */
}
static void
print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level)
{
SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime),
"Revocation Time", level);
if (revoked_info->revocationReason != NULL) {
SECU_PrintAsHex (out_file, revoked_info->revocationReason,
"Revocation Reason", level);
} else {
SECU_Indent (out_file, level);
fprintf (out_file, "No Revocation Reason.\n");
}
}
static
SECStatus
OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
SECItem *sig, SECAlgorithmID *sigAlgorithm)
{
SECStatus rv;
VFYContext *cx;
SECOidData *sigAlgOid, *oiddata;
SECOidTag sigAlgTag;
SECOidTag hashAlgTag;
int showDigestOid=0;
cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag,
NULL);
if (cx == NULL)
return SECFailure;
sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
if (sigAlgOid == 0)
return SECFailure;
sigAlgTag = sigAlgOid->offset;
if (showDigestOid) {
oiddata = SECOID_FindOIDByTag(hashAlgTag);
if ( oiddata ) {
printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
} else {
SECU_PrintAsHex(stdout,
&oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
}
}
rv = VFY_Begin(cx);
if (rv == SECSuccess) {
rv = VFY_Update(cx, buf, len);
if (rv == SECSuccess)
rv = VFY_End(cx);
}
VFY_DestroyContext(cx, PR_TRUE);
return rv;
}
static void
print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level)
{
SECItem rawsig;
SECU_Indent (out_file, level);
fprintf (out_file, "Basic OCSP Response:\n");
level++;
print_response_data (out_file, basic->tbsResponseData, level);
SECU_PrintAlgorithmID (out_file,
&(basic->responseSignature.signatureAlgorithm),
"Signature Algorithm", level);
rawsig = basic->responseSignature.signature;
DER_ConvertBitString (&rawsig);
SECU_PrintAsHex (out_file, &rawsig, "Signature", level);
print_raw_certificates (out_file, basic->responseSignature.derCerts, level);
}
static void
print_responder_id (FILE *out_file, ocspResponderID *responderID, int level)
{
SECU_Indent (out_file, level);
fprintf (out_file, "Responder ID ");
switch (responderID->responderIDType) {
case ocspResponderID_byName:
fprintf (out_file, "(byName):\n");
SECU_PrintName (out_file, &(responderID->responderIDValue.name),
"Name", level + 1);
break;
case ocspResponderID_byKey:
fprintf (out_file, "(byKey):\n");
SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash),
"Key Hash", level + 1);
break;
default:
fprintf (out_file, "Unrecognized Responder ID Type\n");
break;
}
}
/* This expents i->data[0] to be the MSB of the integer.
** if you want to print a DER-encoded integer (with the tag and length)
** call SECU_PrintEncodedInteger();
*/
void
SECU_PrintInteger(FILE *out, const SECItem *i, const char *m, int level)
{
int iv;
if (!i || !i->len || !i->data) {
SECU_Indent(out, level);
if (m) {
fprintf(out, "%s: (null)\n", m);
} else {
fprintf(out, "(null)\n");
}
} else if (i->len > 4) {
SECU_PrintAsHex(out, i, m, level);
} else {
if (i->type == siUnsignedInteger && *i->data & 0x80) {
/* Make sure i->data has zero in the highest bite
* if i->data is an unsigned integer */
SECItem tmpI;
char data[] = { 0, 0, 0, 0, 0 };
PORT_Memcpy(data + 1, i->data, i->len);
tmpI.len = i->len + 1;
tmpI.data = (void *)data;
iv = DER_GetInteger(&tmpI);
} else {
iv = DER_GetInteger(i);
}
SECU_Indent(out, level);
if (m) {
fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
} else {
fprintf(out, "%d (0x%x)\n", iv, iv);
}
}
}
/*
* Decode the DER/BER-encoded item "data" as an OCSP request
* and pretty-print the subfields.
*/
static SECStatus
print_request (FILE *out_file, SECItem *data)
{
CERTOCSPRequest *request;
ocspTBSRequest *tbsRequest;
int level = 0;
PORT_Assert (out_file != NULL);
PORT_Assert (data != NULL);
if (out_file == NULL || data == NULL) {
PORT_SetError (SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
request = CERT_DecodeOCSPRequest (data);
if (request == NULL || request->tbsRequest == NULL)
return SECFailure;
tbsRequest = request->tbsRequest;
fprintf (out_file, "TBS Request:\n");
level++;
print_ocsp_version (out_file, &(tbsRequest->version), level);
/*
* XXX Probably should be an interface to get the signer name
* without looking inside the tbsRequest at all.
*/
if (tbsRequest->requestorName != NULL) {
SECU_Indent (out_file, level);
fprintf (out_file, "XXX print the requestorName\n");
} else {
SECU_Indent (out_file, level);
fprintf (out_file, "No Requestor Name.\n");
}
if (tbsRequest->requestList != NULL) {
int i;
for (i = 0; tbsRequest->requestList[i] != NULL; i++) {
SECU_Indent (out_file, level);
fprintf (out_file, "Request %d:\n", i);
print_single_request (out_file, tbsRequest->requestList[i],
level + 1);
}
} else {
fprintf (out_file, "Request list is empty.\n");
}
print_ocsp_extensions (out_file, tbsRequest->requestExtensions,
"Request Extensions", level);
if (request->optionalSignature != NULL) {
ocspSignature *whole_sig;
SECItem rawsig;
fprintf (out_file, "Signature:\n");
whole_sig = request->optionalSignature;
SECU_PrintAlgorithmID (out_file, &(whole_sig->signatureAlgorithm),
"Signature Algorithm", level);
rawsig = whole_sig->signature;
DER_ConvertBitString (&rawsig);
SECU_PrintAsHex (out_file, &rawsig, "Signature", level);
print_raw_certificates (out_file, whole_sig->derCerts, level);
fprintf (out_file, "XXX verify the sig and print result\n");
} else {
fprintf (out_file, "No Signature\n");
}
CERT_DestroyOCSPRequest (request);
return SECSuccess;
}
