Beispiel #1
0
/* This function does NOT expect a DER type and length. */
SECOidTag
SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
{
    SECOidData *oiddata;
    char *oidString = NULL;
    
    oiddata = SECOID_FindOID(oid);
    if (oiddata != NULL) {
	    const char *name = oiddata->desc;
	    SECU_Indent(out, level);
	    if (m != NULL)
	        fprintf(out, "%s: ", m);
	    fprintf(out, "%s\n", name);
	    return oiddata->offset;
    } 
    oidString = CERT_GetOidString(oid);
    if (oidString) {
	    SECU_Indent(out, level);
	    if (m != NULL)
	        fprintf(out, "%s: ", m);
	    fprintf(out, "%s\n", oidString);
	    PR_smprintf_free(oidString);
	    return SEC_OID_UNKNOWN;
    }
    SECU_PrintAsHex(out, oid, m, level);
    return SEC_OID_UNKNOWN;
}
Beispiel #2
0
static void
print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level)
{
    SECU_Indent (out_file, level);
    fprintf (out_file, "Cert ID:\n");
    level++;

    SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm),
			   "Hash Algorithm", level);
    SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash),
		     "Issuer Name Hash", level);
    SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash),
		     "Issuer Key Hash", level);
    SECU_PrintInteger (out_file, &(cert_id->serialNumber),
		       "Serial Number", level);
    /* XXX lookup the cert; if found, print something nice (nickname?) */
}
Beispiel #3
0
static void
print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level)
{
    SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime),
			       "Revocation Time", level);

    if (revoked_info->revocationReason != NULL) {
	SECU_PrintAsHex (out_file, revoked_info->revocationReason,
			 "Revocation Reason", level);
    } else {
	SECU_Indent (out_file, level);
	fprintf (out_file, "No Revocation Reason.\n");
    }
}
static
SECStatus
OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
	      SECItem *sig, SECAlgorithmID *sigAlgorithm)
{
    SECStatus rv;
    VFYContext *cx;
    SECOidData *sigAlgOid, *oiddata;
    SECOidTag sigAlgTag;
    SECOidTag hashAlgTag;
    int showDigestOid=0;

    cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag, 
                                          NULL);
    if (cx == NULL)
	return SECFailure;

    sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
    if (sigAlgOid == 0)
	return SECFailure;
    sigAlgTag = sigAlgOid->offset;


    if (showDigestOid) {
	oiddata = SECOID_FindOIDByTag(hashAlgTag);
	if ( oiddata ) {
	    printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
	} else {
	    SECU_PrintAsHex(stdout,
			    &oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
	}
    }

    rv = VFY_Begin(cx);
    if (rv == SECSuccess) {
	rv = VFY_Update(cx, buf, len);
	if (rv == SECSuccess)
	    rv = VFY_End(cx);
    }

    VFY_DestroyContext(cx, PR_TRUE);
    return rv;
}
Beispiel #5
0
static void
print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level)
{
    SECItem rawsig;

    SECU_Indent (out_file, level);
    fprintf (out_file, "Basic OCSP Response:\n");
    level++;

    print_response_data (out_file, basic->tbsResponseData, level);

    SECU_PrintAlgorithmID (out_file,
			   &(basic->responseSignature.signatureAlgorithm),
			   "Signature Algorithm", level);

    rawsig = basic->responseSignature.signature;
    DER_ConvertBitString (&rawsig);
    SECU_PrintAsHex (out_file, &rawsig, "Signature", level);

    print_raw_certificates (out_file, basic->responseSignature.derCerts, level);
}
Beispiel #6
0
static void
print_responder_id (FILE *out_file, ocspResponderID *responderID, int level)
{
    SECU_Indent (out_file, level);
    fprintf (out_file, "Responder ID ");

    switch (responderID->responderIDType) {
      case ocspResponderID_byName:
	fprintf (out_file, "(byName):\n");
	SECU_PrintName (out_file, &(responderID->responderIDValue.name),
			"Name", level + 1);
	break;
      case ocspResponderID_byKey:
	fprintf (out_file, "(byKey):\n");
	SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash),
			 "Key Hash", level + 1);
	break;
      default:
	fprintf (out_file, "Unrecognized Responder ID Type\n");
	break;
    }
}
Beispiel #7
0
/* This expents i->data[0] to be the MSB of the integer.
** if you want to print a DER-encoded integer (with the tag and length)
** call SECU_PrintEncodedInteger();
*/
void
SECU_PrintInteger(FILE *out, const SECItem *i, const char *m, int level)
{
    int iv;

    if (!i || !i->len || !i->data) {
        SECU_Indent(out, level);
        if (m) {
            fprintf(out, "%s: (null)\n", m);
        } else {
            fprintf(out, "(null)\n");
        }
    } else if (i->len > 4) {
        SECU_PrintAsHex(out, i, m, level);
    } else {
        if (i->type == siUnsignedInteger && *i->data & 0x80) {
            /* Make sure i->data has zero in the highest bite
             * if i->data is an unsigned integer */
            SECItem tmpI;
            char data[] = { 0, 0, 0, 0, 0 };

            PORT_Memcpy(data + 1, i->data, i->len);
            tmpI.len = i->len + 1;
            tmpI.data = (void *)data;

            iv = DER_GetInteger(&tmpI);
        } else {
            iv = DER_GetInteger(i);
        }
        SECU_Indent(out, level);
        if (m) {
            fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
        } else {
            fprintf(out, "%d (0x%x)\n", iv, iv);
        }
    }
}
Beispiel #8
0
/*
 * Decode the DER/BER-encoded item "data" as an OCSP request
 * and pretty-print the subfields.
 */
static SECStatus
print_request (FILE *out_file, SECItem *data)
{
    CERTOCSPRequest *request;
    ocspTBSRequest *tbsRequest;
    int level = 0;

    PORT_Assert (out_file != NULL);
    PORT_Assert (data != NULL);
    if (out_file == NULL || data == NULL) {
	PORT_SetError (SEC_ERROR_INVALID_ARGS);
	return SECFailure;
    }

    request = CERT_DecodeOCSPRequest (data);
    if (request == NULL || request->tbsRequest == NULL)
	return SECFailure;

    tbsRequest = request->tbsRequest;

    fprintf (out_file, "TBS Request:\n");
    level++;

    print_ocsp_version (out_file, &(tbsRequest->version), level);

    /*
     * XXX Probably should be an interface to get the signer name
     * without looking inside the tbsRequest at all.
     */
    if (tbsRequest->requestorName != NULL) {
	SECU_Indent (out_file, level);
	fprintf (out_file, "XXX print the requestorName\n");
    } else {
	SECU_Indent (out_file, level);
	fprintf (out_file, "No Requestor Name.\n");
    }

    if (tbsRequest->requestList != NULL) {
	int i;

	for (i = 0; tbsRequest->requestList[i] != NULL; i++) {
	    SECU_Indent (out_file, level);
	    fprintf (out_file, "Request %d:\n", i);
	    print_single_request (out_file, tbsRequest->requestList[i],
				  level + 1);
	}
    } else {
	fprintf (out_file, "Request list is empty.\n");
    }

    print_ocsp_extensions (out_file, tbsRequest->requestExtensions,
			   "Request Extensions", level);

    if (request->optionalSignature != NULL) {
	ocspSignature *whole_sig;
	SECItem rawsig;

	fprintf (out_file, "Signature:\n");

	whole_sig = request->optionalSignature;
	SECU_PrintAlgorithmID (out_file, &(whole_sig->signatureAlgorithm),
			       "Signature Algorithm", level);

	rawsig = whole_sig->signature;
	DER_ConvertBitString (&rawsig);
	SECU_PrintAsHex (out_file, &rawsig, "Signature", level);

	print_raw_certificates (out_file, whole_sig->derCerts, level);

	fprintf (out_file, "XXX verify the sig and print result\n");
    } else {
	fprintf (out_file, "No Signature\n");
    }

    CERT_DestroyOCSPRequest (request);
    return SECSuccess;
}