/******************************************************************** * * c e r t _ t r a v _ c a l l b a c k */ static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data) { int list_certs = 1; char *name; if (data) { list_certs = *((int *)data); } #define LISTING_USER_SIGNING_CERTS (list_certs == 1) #define LISTING_ALL_CERTS (list_certs == 2) name = cert->nickname; if (name) { int isSigningCert; isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING; if (!isSigningCert && LISTING_USER_SIGNING_CERTS) return (SECSuccess); /* Display this name or email address */ num_trav_certs++; if (LISTING_ALL_CERTS) { PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " "); } PR_fprintf(outputFD, "%s\n", name); if (LISTING_USER_SIGNING_CERTS) { int rv = SECFailure; if (rv) { CERTCertificate *issuerCert; issuerCert = CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner); if (issuerCert) { if (issuerCert->nickname && issuerCert->nickname[0]) { PR_fprintf(outputFD, " Issued by: %s\n", issuerCert->nickname); rv = SECSuccess; } CERT_DestroyCertificate(issuerCert); } } if (rv && cert->issuerName && cert->issuerName[0]) { PR_fprintf(outputFD, " Issued by: %s \n", cert->issuerName); } { char *expires; expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter); if (expires) { PR_fprintf(outputFD, " Expires: %s\n", expires); PORT_Free(expires); } } rv = CERT_VerifyCertNow(cert->dbhandle, cert, PR_TRUE, certUsageObjectSigner, &pwdata); if (rv != SECSuccess) { rv = PORT_GetError(); PR_fprintf(outputFD, " ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n", secErrorString(rv)); } } } return (SECSuccess); }
int list_signatures(pesign_context *ctx) { cert_iter iter; int rc = cert_iter_init(&iter, ctx->inpe); if (rc < 0) { printf("No certificate list found.\n"); return rc; } void *data; ssize_t datalen; int nsigs = 0; rc = 0; while (1) { rc = next_cert(&iter, &data, &datalen); if (rc <= 0) break; SEC_PKCS7DecoderContext *dc = NULL; saw_content = 0; dc = SEC_PKCS7DecoderStart(handle_bytes, NULL, NULL, NULL, NULL, NULL, decryption_allowed); if (dc == NULL) { fprintf(stderr, "SEC_PKCS7DecoderStart failed\n"); exit(1); } SECStatus status = SEC_PKCS7DecoderUpdate(dc, data, datalen); if (status != SECSuccess) { fprintf(stderr, "Found invalid certificate\n"); continue; } SEC_PKCS7ContentInfo *cinfo = SEC_PKCS7DecoderFinish(dc); if (cinfo == NULL) { fprintf(stderr, "Found invalid certificate\n"); continue; } nsigs++; printf("---------------------------------------------\n"); printf("Content was%s encrypted.\n", SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not"); if (SEC_PKCS7ContentIsSigned(cinfo)) { char *signer_cname, *signer_ename; SECItem *signing_time; if (saw_content) { printf("Signature is "); PORT_SetError(0); if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE)) { printf("valid.\n"); } else { printf("invalid (Reason: 0x%08x).\n", (uint32_t)PORT_GetError()); } } else { printf("Content is detached; signature cannot " "be verified.\n"); } signer_cname = SEC_PKCS7GetSignerCommonName(cinfo); if (signer_cname != NULL) { printf("The signer's common name is %s\n", signer_cname); PORT_Free(signer_cname); } else { printf("No signer common name.\n"); } signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo); if (signer_ename != NULL) { printf("The signer's email address is %s\n", signer_ename); PORT_Free(signer_ename); } else { printf("No signer email address.\n"); } signing_time = SEC_PKCS7GetSigningTime(cinfo); if (signing_time != NULL) { printf("Signing time: %s\n", DER_TimeChoiceDayToAscii(signing_time)); } else { printf("No signing time included.\n"); } printf("There were%s certs or crls included.\n", SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no"); SEC_PKCS7DestroyContentInfo(cinfo); } } if (nsigs) { printf("---------------------------------------------\n"); } else { printf("No signatures found.\n"); } return rc; }