static SECStatus
secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier,
char *msg,int level)
{
SECStatus rv;
SECItem * qualifierValue = &policyQualifier->qualifierValue;
SECU_PrintObjectID(out, &policyQualifier->qualifierID ,
"Policy Qualifier Name", level);
if (!qualifierValue->data) {
SECU_Indent(out, level);
fprintf(out,"Error: missing qualifier\n");
} else
switch (policyQualifier->oid) {
case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level);
if (SECSuccess == rv)
break;
/* fall through on error */
case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
default:
SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level);
break;
}
return SECSuccess;
}
static SECStatus
secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level)
{
CERTPolicyQualifier **policyQualifiers;
policyQualifiers = policyInfo->policyQualifiers;
SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level);
while (policyQualifiers && *policyQualifiers != NULL) {
secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1);
policyQualifiers++;
}
return SECSuccess;
}
/*
* Decode the DER/BER-encoded item "data" as an OCSP response
* and pretty-print the subfields.
*/
static SECStatus
print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
{
CERTOCSPResponse *response;
int level = 0;
PORT_Assert (out_file != NULL);
PORT_Assert (data != NULL);
if (out_file == NULL || data == NULL) {
PORT_SetError (SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
response = CERT_DecodeOCSPResponse (data);
if (response == NULL)
return SECFailure;
if (response->statusValue >= ocspResponse_min &&
response->statusValue <= ocspResponse_max) {
fprintf (out_file, "Response Status: %s\n",
responseStatusNames[response->statusValue]);
} else {
fprintf (out_file,
"Response Status: other (Status value %d out of defined range)\n",
(int)response->statusValue);
}
if (response->statusValue == ocspResponse_successful) {
ocspResponseBytes *responseBytes = response->responseBytes;
SECStatus sigStatus;
CERTCertificate *signerCert = NULL;
PORT_Assert (responseBytes != NULL);
level++;
fprintf (out_file, "Response Bytes:\n");
SECU_PrintObjectID (out_file, &(responseBytes->responseType),
"Response Type", level);
switch (response->responseBytes->responseTypeTag) {
case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
print_basic_response (out_file,
responseBytes->decodedResponse.basic,
level);
break;
default:
SECU_Indent (out_file, level);
fprintf (out_file, "Unknown response syntax\n");
break;
}
sigStatus = CERT_VerifyOCSPResponseSignature (response, handle,
NULL, &signerCert, NULL);
SECU_Indent (out_file, level);
fprintf (out_file, "Signature verification ");
if (sigStatus != SECSuccess) {
fprintf (out_file, "failed: %s\n", SECU_Strerror (PORT_GetError()));
} else {
fprintf (out_file, "succeeded.\n");
if (signerCert != NULL) {
SECU_PrintName (out_file, &signerCert->subject, "Signer",
level);
CERT_DestroyCertificate (signerCert);
} else {
SECU_Indent (out_file, level);
fprintf (out_file, "No signer cert returned?\n");
}
}
} else {
SECU_Indent (out_file, level);
fprintf (out_file, "Unsuccessful response, no more information.\n");
}
CERT_DestroyOCSPResponse (response);
return SECSuccess;
}
