/********************************************************************
*
* c e r t _ t r a v _ c a l l b a c k
*/
static SECStatus
cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data)
{
int list_certs = 1;
char *name;
if (data) {
list_certs = *((int *)data);
}
#define LISTING_USER_SIGNING_CERTS (list_certs == 1)
#define LISTING_ALL_CERTS (list_certs == 2)
name = cert->nickname;
if (name) {
int isSigningCert;
isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
if (!isSigningCert && LISTING_USER_SIGNING_CERTS)
return (SECSuccess);
/* Display this name or email address */
num_trav_certs++;
if (LISTING_ALL_CERTS) {
PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
}
PR_fprintf(outputFD, "%s\n", name);
if (LISTING_USER_SIGNING_CERTS) {
int rv = SECFailure;
if (rv) {
CERTCertificate *issuerCert;
issuerCert = CERT_FindCertIssuer(cert, PR_Now(),
certUsageObjectSigner);
if (issuerCert) {
if (issuerCert->nickname && issuerCert->nickname[0]) {
PR_fprintf(outputFD, " Issued by: %s\n",
issuerCert->nickname);
rv = SECSuccess;
}
CERT_DestroyCertificate(issuerCert);
}
}
if (rv && cert->issuerName && cert->issuerName[0]) {
PR_fprintf(outputFD, " Issued by: %s \n", cert->issuerName);
}
{
char *expires;
expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter);
if (expires) {
PR_fprintf(outputFD, " Expires: %s\n", expires);
PORT_Free(expires);
}
}
rv = CERT_VerifyCertNow(cert->dbhandle, cert,
PR_TRUE, certUsageObjectSigner, &pwdata);
if (rv != SECSuccess) {
rv = PORT_GetError();
PR_fprintf(outputFD,
" ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
secErrorString(rv));
}
}
}
return (SECSuccess);
}
int
list_signatures(pesign_context *ctx)
{
cert_iter iter;
int rc = cert_iter_init(&iter, ctx->inpe);
if (rc < 0) {
printf("No certificate list found.\n");
return rc;
}
void *data;
ssize_t datalen;
int nsigs = 0;
rc = 0;
while (1) {
rc = next_cert(&iter, &data, &datalen);
if (rc <= 0)
break;
SEC_PKCS7DecoderContext *dc = NULL;
saw_content = 0;
dc = SEC_PKCS7DecoderStart(handle_bytes, NULL, NULL, NULL,
NULL, NULL, decryption_allowed);
if (dc == NULL) {
fprintf(stderr, "SEC_PKCS7DecoderStart failed\n");
exit(1);
}
SECStatus status = SEC_PKCS7DecoderUpdate(dc, data, datalen);
if (status != SECSuccess) {
fprintf(stderr, "Found invalid certificate\n");
continue;
}
SEC_PKCS7ContentInfo *cinfo = SEC_PKCS7DecoderFinish(dc);
if (cinfo == NULL) {
fprintf(stderr, "Found invalid certificate\n");
continue;
}
nsigs++;
printf("---------------------------------------------\n");
printf("Content was%s encrypted.\n",
SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
if (SEC_PKCS7ContentIsSigned(cinfo)) {
char *signer_cname, *signer_ename;
SECItem *signing_time;
if (saw_content) {
printf("Signature is ");
PORT_SetError(0);
if (SEC_PKCS7VerifySignature(cinfo,
certUsageEmailSigner,
PR_FALSE)) {
printf("valid.\n");
} else {
printf("invalid (Reason: 0x%08x).\n",
(uint32_t)PORT_GetError());
}
} else {
printf("Content is detached; signature cannot "
"be verified.\n");
}
signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
if (signer_cname != NULL) {
printf("The signer's common name is %s\n",
signer_cname);
PORT_Free(signer_cname);
} else {
printf("No signer common name.\n");
}
signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
if (signer_ename != NULL) {
printf("The signer's email address is %s\n",
signer_ename);
PORT_Free(signer_ename);
} else {
printf("No signer email address.\n");
}
signing_time = SEC_PKCS7GetSigningTime(cinfo);
if (signing_time != NULL) {
printf("Signing time: %s\n", DER_TimeChoiceDayToAscii(signing_time));
} else {
printf("No signing time included.\n");
}
printf("There were%s certs or crls included.\n",
SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
SEC_PKCS7DestroyContentInfo(cinfo);
}
}
if (nsigs) {
printf("---------------------------------------------\n");
} else {
printf("No signatures found.\n");
}
return rc;
}
