/* This function does NOT expect a DER type and length. */ SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level) { SECOidData *oiddata; char *oidString = NULL; oiddata = SECOID_FindOID(oid); if (oiddata != NULL) { const char *name = oiddata->desc; SECU_Indent(out, level); if (m != NULL) fprintf(out, "%s: ", m); fprintf(out, "%s\n", name); return oiddata->offset; } oidString = CERT_GetOidString(oid); if (oidString) { SECU_Indent(out, level); if (m != NULL) fprintf(out, "%s: ", m); fprintf(out, "%s\n", oidString); PR_smprintf_free(oidString); return SEC_OID_UNKNOWN; } SECU_PrintAsHex(out, oid, m, level); return SEC_OID_UNKNOWN; }
static void print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level) { SECU_Indent (out_file, level); fprintf (out_file, "Cert ID:\n"); level++; SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm), "Hash Algorithm", level); SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash), "Issuer Name Hash", level); SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash), "Issuer Key Hash", level); SECU_PrintInteger (out_file, &(cert_id->serialNumber), "Serial Number", level); /* XXX lookup the cert; if found, print something nice (nickname?) */ }
static void print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level) { SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime), "Revocation Time", level); if (revoked_info->revocationReason != NULL) { SECU_PrintAsHex (out_file, revoked_info->revocationReason, "Revocation Reason", level); } else { SECU_Indent (out_file, level); fprintf (out_file, "No Revocation Reason.\n"); } }
static SECStatus OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECItem *sig, SECAlgorithmID *sigAlgorithm) { SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag, NULL); if (cx == NULL) return SECFailure; sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; sigAlgTag = sigAlgOid->offset; if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); if ( oiddata ) { printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); } else { SECU_PrintAsHex(stdout, &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); } } rv = VFY_Begin(cx); if (rv == SECSuccess) { rv = VFY_Update(cx, buf, len); if (rv == SECSuccess) rv = VFY_End(cx); } VFY_DestroyContext(cx, PR_TRUE); return rv; }
static void print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level) { SECItem rawsig; SECU_Indent (out_file, level); fprintf (out_file, "Basic OCSP Response:\n"); level++; print_response_data (out_file, basic->tbsResponseData, level); SECU_PrintAlgorithmID (out_file, &(basic->responseSignature.signatureAlgorithm), "Signature Algorithm", level); rawsig = basic->responseSignature.signature; DER_ConvertBitString (&rawsig); SECU_PrintAsHex (out_file, &rawsig, "Signature", level); print_raw_certificates (out_file, basic->responseSignature.derCerts, level); }
static void print_responder_id (FILE *out_file, ocspResponderID *responderID, int level) { SECU_Indent (out_file, level); fprintf (out_file, "Responder ID "); switch (responderID->responderIDType) { case ocspResponderID_byName: fprintf (out_file, "(byName):\n"); SECU_PrintName (out_file, &(responderID->responderIDValue.name), "Name", level + 1); break; case ocspResponderID_byKey: fprintf (out_file, "(byKey):\n"); SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash), "Key Hash", level + 1); break; default: fprintf (out_file, "Unrecognized Responder ID Type\n"); break; } }
/* This expents i->data[0] to be the MSB of the integer. ** if you want to print a DER-encoded integer (with the tag and length) ** call SECU_PrintEncodedInteger(); */ void SECU_PrintInteger(FILE *out, const SECItem *i, const char *m, int level) { int iv; if (!i || !i->len || !i->data) { SECU_Indent(out, level); if (m) { fprintf(out, "%s: (null)\n", m); } else { fprintf(out, "(null)\n"); } } else if (i->len > 4) { SECU_PrintAsHex(out, i, m, level); } else { if (i->type == siUnsignedInteger && *i->data & 0x80) { /* Make sure i->data has zero in the highest bite * if i->data is an unsigned integer */ SECItem tmpI; char data[] = { 0, 0, 0, 0, 0 }; PORT_Memcpy(data + 1, i->data, i->len); tmpI.len = i->len + 1; tmpI.data = (void *)data; iv = DER_GetInteger(&tmpI); } else { iv = DER_GetInteger(i); } SECU_Indent(out, level); if (m) { fprintf(out, "%s: %d (0x%x)\n", m, iv, iv); } else { fprintf(out, "%d (0x%x)\n", iv, iv); } } }
/* * Decode the DER/BER-encoded item "data" as an OCSP request * and pretty-print the subfields. */ static SECStatus print_request (FILE *out_file, SECItem *data) { CERTOCSPRequest *request; ocspTBSRequest *tbsRequest; int level = 0; PORT_Assert (out_file != NULL); PORT_Assert (data != NULL); if (out_file == NULL || data == NULL) { PORT_SetError (SEC_ERROR_INVALID_ARGS); return SECFailure; } request = CERT_DecodeOCSPRequest (data); if (request == NULL || request->tbsRequest == NULL) return SECFailure; tbsRequest = request->tbsRequest; fprintf (out_file, "TBS Request:\n"); level++; print_ocsp_version (out_file, &(tbsRequest->version), level); /* * XXX Probably should be an interface to get the signer name * without looking inside the tbsRequest at all. */ if (tbsRequest->requestorName != NULL) { SECU_Indent (out_file, level); fprintf (out_file, "XXX print the requestorName\n"); } else { SECU_Indent (out_file, level); fprintf (out_file, "No Requestor Name.\n"); } if (tbsRequest->requestList != NULL) { int i; for (i = 0; tbsRequest->requestList[i] != NULL; i++) { SECU_Indent (out_file, level); fprintf (out_file, "Request %d:\n", i); print_single_request (out_file, tbsRequest->requestList[i], level + 1); } } else { fprintf (out_file, "Request list is empty.\n"); } print_ocsp_extensions (out_file, tbsRequest->requestExtensions, "Request Extensions", level); if (request->optionalSignature != NULL) { ocspSignature *whole_sig; SECItem rawsig; fprintf (out_file, "Signature:\n"); whole_sig = request->optionalSignature; SECU_PrintAlgorithmID (out_file, &(whole_sig->signatureAlgorithm), "Signature Algorithm", level); rawsig = whole_sig->signature; DER_ConvertBitString (&rawsig); SECU_PrintAsHex (out_file, &rawsig, "Signature", level); print_raw_certificates (out_file, whole_sig->derCerts, level); fprintf (out_file, "XXX verify the sig and print result\n"); } else { fprintf (out_file, "No Signature\n"); } CERT_DestroyOCSPRequest (request); return SECSuccess; }