static void print_dn(gnutls_buffer_st * str, const char *prefix,
const gnutls_datum_t * raw)
{
gnutls_x509_dn_t dn = NULL;
gnutls_datum_t output = { NULL, 0 };
int ret;
ret = gnutls_x509_dn_init(&dn);
if (ret < 0) {
addf(str, "%s: [error]\n", prefix);
return;
}
ret = gnutls_x509_dn_import(dn, raw);
if (ret < 0) {
addf(str, "%s: [error]\n", prefix);
goto cleanup;
}
ret = gnutls_x509_dn_get_str2(dn, &output, 0);
if (ret < 0) {
addf(str, "%s: [error]\n", prefix);
goto cleanup;
}
addf(str, "%s: %s\n", prefix, output.data);
cleanup:
gnutls_x509_dn_deinit(dn);
gnutls_free(output.data);
}
static void
print_key_usage(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
unsigned int idx)
{
unsigned int key_usage;
int err;
adds(str, _("\t\tKey Usage:\n"));
if (idx == (unsigned int) -1)
err = gnutls_openpgp_crt_get_key_usage(cert, &key_usage);
else
err =
gnutls_openpgp_crt_get_subkey_usage(cert, idx,
&key_usage);
if (err < 0) {
addf(str, _("error: get_key_usage: %s\n"),
gnutls_strerror(err));
return;
}
if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
adds(str, _("\t\t\tDigital signatures.\n"));
if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
adds(str, _("\t\t\tCommunications encipherment.\n"));
if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
adds(str, _("\t\t\tStorage data encipherment.\n"));
if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
adds(str, _("\t\t\tAuthentication.\n"));
if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
adds(str, _("\t\t\tCertificate signing.\n"));
}
unsigned int *
madd(unsigned int *a, unsigned int *b)
{
if (MSIGN(a) == MSIGN(b))
return addf(a, b); // same sign, add together
else
return subf(a, b); // opposite sign, find difference
}
/* idx == -1 indicates main key
* otherwise the subkey.
*/
static void
print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
char fpr[128];
size_t fpr_size = sizeof (fpr);
int err;
err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
if (err < 0)
addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
else
{
adds (str, _("\tFingerprint (hex): "));
hexprint (str, fpr, fpr_size);
addf (str, "\n");
}
}
static void print_raw(gnutls_buffer_st * str, const char *prefix,
const gnutls_datum_t * raw)
{
gnutls_datum_t result;
int ret;
if (raw->data == NULL || raw->size == 0)
return;
ret = gnutls_hex_encode2(raw, &result);
if (ret < 0) {
addf(str, "%s: [error]\n", prefix);
return;
}
addf(str, "%s: %s\n", prefix, result.data);
gnutls_free(result.data);
}
/* idx == -1 indicates main key
* otherwise the subkey.
*/
static void
print_key_id(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
gnutls_openpgp_keyid_t id;
int err;
if (idx < 0)
err = gnutls_openpgp_crt_get_key_id(cert, id);
else
err = gnutls_openpgp_crt_get_subkey_id(cert, idx, id);
if (err < 0)
addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
else {
adds(str, _("\tID (hex): "));
_gnutls_buffer_hexprint(str, id, sizeof(id));
addf(str, "\n");
}
}
/* idx == -1 indicates main key
* otherwise the subkey.
*/
static void
print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
uint8_t fpr[128];
size_t fpr_size = sizeof(fpr);
int err;
const char *name;
char *p;
unsigned int bits;
err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size);
if (err < 0)
addf(str, "error: get_fingerprint: %s\n",
gnutls_strerror(err));
else {
adds(str, _("\tFingerprint (hex): "));
_gnutls_buffer_hexprint(str, fpr, fpr_size);
addf(str, "\n");
}
err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
if (err < 0)
return;
name = gnutls_pk_get_name(err);
if (name == NULL)
return;
p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits,
"\t\t");
if (p == NULL)
return;
adds(str, _("\tFingerprint's random art:\n"));
adds(str, p);
adds(str, "\n");
gnutls_free(p);
}
static void
hexprint (gnutls_buffer_st * str, const char *data, size_t len)
{
size_t j;
if (len == 0)
adds (str, "00");
else
{
for (j = 0; j < len; j++)
addf (str, "%.2x", (unsigned char) data[j]);
}
}
static void
print_key_times(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
time_t tim;
adds(str, _("\tTime stamps:\n"));
if (idx == -1)
tim = gnutls_openpgp_crt_get_creation_time(cert);
else
tim =
gnutls_openpgp_crt_get_subkey_creation_time(cert, idx);
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (gmtime_r(&tim, &t) == NULL)
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long) tim);
else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
== 0)
addf(str, "error: strftime (%ld)\n",
(unsigned long) tim);
else
addf(str, _("\t\tCreation: %s\n"), s);
}
if (idx == -1)
tim = gnutls_openpgp_crt_get_expiration_time(cert);
else
tim =
gnutls_openpgp_crt_get_subkey_expiration_time(cert,
idx);
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (tim == 0) {
adds(str, _("\t\tExpiration: Never\n"));
} else {
if (gmtime_r(&tim, &t) == NULL)
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long) tim);
else if (strftime
(s, max, "%a %b %d %H:%M:%S UTC %Y",
&t) == 0)
addf(str, "error: strftime (%ld)\n",
(unsigned long) tim);
else
addf(str, _("\t\tExpiration: %s\n"), s);
}
}
}
static void
hexdump (gnutls_buffer_st * str, const char *data, size_t len,
const char *spc)
{
size_t j;
if (spc)
adds (str, spc);
for (j = 0; j < len; j++)
{
if (((j + 1) % 16) == 0)
{
addf (str, "%.2x\n", (unsigned char) data[j]);
if (spc && j != (len - 1))
adds (str, spc);
}
else if (j == (len - 1))
addf (str, "%.2x", (unsigned char) data[j]);
else
addf (str, "%.2x:", (unsigned char) data[j]);
}
if ((j % 16) != 0)
adds (str, "\n");
}
void main()
{
char in[100],r[101],*a,*b;
int i,j,c=0,cc=1;
gets(r);
while(gets(in))
{
if(in[0]=='0')
{
printf("%s",r);
break;
}
addf(in,r,r);
}
}
static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_t req)
{
int ret;
unsigned indx;
/* Version. */
{
int version = gnutls_ocsp_req_get_version(req);
if (version < 0)
addf(str, "error: get_version: %s\n",
gnutls_strerror(version));
else
addf(str, _("\tVersion: %d\n"), version);
}
/* XXX requestorName */
/* requestList */
addf(str, "\tRequest List:\n");
for (indx = 0;; indx++) {
gnutls_digest_algorithm_t digest;
gnutls_datum_t in, ik, sn;
ret =
gnutls_ocsp_req_get_cert_id(req, indx, &digest, &in,
&ik, &sn);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
addf(str, "\t\tCertificate ID:\n");
if (ret != GNUTLS_E_SUCCESS) {
addf(str, "error: get_cert_id: %s\n",
gnutls_strerror(ret));
continue;
}
addf(str, "\t\t\tHash Algorithm: %s\n",
_gnutls_digest_get_name(hash_to_entry(digest)));
adds(str, "\t\t\tIssuer Name Hash: ");
_gnutls_buffer_hexprint(str, in.data, in.size);
adds(str, "\n");
adds(str, "\t\t\tIssuer Key Hash: ");
_gnutls_buffer_hexprint(str, ik.data, ik.size);
adds(str, "\n");
adds(str, "\t\t\tSerial Number: ");
_gnutls_buffer_hexprint(str, sn.data, sn.size);
adds(str, "\n");
gnutls_free(in.data);
gnutls_free(ik.data);
gnutls_free(sn.data);
/* XXX singleRequestExtensions */
}
for (indx = 0;; indx++) {
gnutls_datum_t oid;
unsigned int critical;
gnutls_datum_t data;
ret =
gnutls_ocsp_req_get_extension(req, indx, &oid,
&critical, &data);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret != GNUTLS_E_SUCCESS) {
addf(str, "error: get_extension: %s\n",
gnutls_strerror(ret));
continue;
}
if (indx == 0)
adds(str, "\tExtensions:\n");
if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
gnutls_datum_t nonce;
unsigned int ncrit;
ret =
gnutls_ocsp_req_get_nonce(req, &ncrit,
&nonce);
if (ret != GNUTLS_E_SUCCESS) {
addf(str, "error: get_nonce: %s\n",
gnutls_strerror(ret));
} else {
addf(str, "\t\tNonce%s: ",
ncrit ? " (critical)" : "");
_gnutls_buffer_hexprint(str, nonce.data,
nonce.size);
adds(str, "\n");
gnutls_free(nonce.data);
}
} else {
addf(str, "\t\tUnknown extension %s (%s):\n",
oid.data,
critical ? "critical" : "not critical");
adds(str, _("\t\t\tASCII: "));
_gnutls_buffer_asciiprint(str, (char *) data.data,
data.size);
addf(str, "\n");
adds(str, _("\t\t\tHexdump: "));
_gnutls_buffer_hexprint(str, (char *) data.data,
data.size);
adds(str, "\n");
}
gnutls_free(oid.data);
gnutls_free(data.data);
}
/* XXX Signature */
}
static void
print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
gnutls_ocsp_print_formats_t format)
{
int ret;
unsigned indx;
ret = gnutls_ocsp_resp_get_status(resp);
if (ret < 0) {
addf(str, "error: ocsp_resp_get_status: %s\n",
gnutls_strerror(ret));
return;
}
adds(str, "\tResponse Status: ");
switch (ret) {
case GNUTLS_OCSP_RESP_SUCCESSFUL:
adds(str, "Successful\n");
break;
case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
adds(str, "malformedRequest\n");
return;
case GNUTLS_OCSP_RESP_INTERNALERROR:
adds(str, "internalError\n");
return;
case GNUTLS_OCSP_RESP_TRYLATER:
adds(str, "tryLater\n");
return;
case GNUTLS_OCSP_RESP_SIGREQUIRED:
adds(str, "sigRequired\n");
return;
case GNUTLS_OCSP_RESP_UNAUTHORIZED:
adds(str, "unauthorized\n");
return;
default:
adds(str, "unknown\n");
return;
}
{
gnutls_datum_t oid;
ret = gnutls_ocsp_resp_get_response(resp, &oid, NULL);
if (ret < 0) {
addf(str, "error: get_response: %s\n",
gnutls_strerror(ret));
return;
}
adds(str, "\tResponse Type: ");
#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
if (oid.size == sizeof(OCSP_BASIC)
&& memcmp(oid.data, OCSP_BASIC, oid.size) == 0) {
adds(str, "Basic OCSP Response\n");
gnutls_free(oid.data);
} else {
addf(str, "Unknown response type (%.*s)\n",
oid.size, oid.data);
gnutls_free(oid.data);
return;
}
}
/* Version. */
{
int version = gnutls_ocsp_resp_get_version(resp);
if (version < 0)
addf(str, "error: get_version: %s\n",
gnutls_strerror(version));
else
addf(str, _("\tVersion: %d\n"), version);
}
/* responderID */
{
gnutls_datum_t dn;
ret = gnutls_ocsp_resp_get_responder(resp, &dn);
if (ret < 0 || dn.data == NULL) {
if (dn.data == 0) {
ret = gnutls_ocsp_resp_get_responder_raw_id(resp, GNUTLS_OCSP_RESP_ID_KEY, &dn);
if (ret >= 0) {
addf(str, _("\tResponder Key ID: "));
_gnutls_buffer_hexprint(str, dn.data, dn.size);
adds(str, "\n");
}
gnutls_free(dn.data);
} else {
addf(str, "error: get_dn: %s\n",
gnutls_strerror(ret));
}
} else {
if (dn.data != NULL) {
addf(str, _("\tResponder ID: %.*s\n"), dn.size,
dn.data);
gnutls_free(dn.data);
}
}
}
{
char s[42];
size_t max = sizeof(s);
struct tm t;
time_t tim = gnutls_ocsp_resp_get_produced(resp);
if (tim == (time_t) - 1)
addf(str, "error: ocsp_resp_get_produced\n");
else if (gmtime_r(&tim, &t) == NULL)
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long) tim);
else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
== 0)
addf(str, "error: strftime (%ld)\n",
(unsigned long) tim);
else
addf(str, _("\tProduced At: %s\n"), s);
}
addf(str, "\tResponses:\n");
for (indx = 0;; indx++) {
gnutls_digest_algorithm_t digest;
gnutls_datum_t in, ik, sn;
unsigned int cert_status;
time_t this_update;
time_t next_update;
time_t revocation_time;
unsigned int revocation_reason;
ret = gnutls_ocsp_resp_get_single(resp,
indx,
&digest, &in, &ik, &sn,
&cert_status,
&this_update,
&next_update,
&revocation_time,
&revocation_reason);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
addf(str, "\t\tCertificate ID:\n");
if (ret != GNUTLS_E_SUCCESS) {
addf(str, "error: get_singleresponse: %s\n",
gnutls_strerror(ret));
continue;
}
addf(str, "\t\t\tHash Algorithm: %s\n",
_gnutls_digest_get_name(hash_to_entry(digest)));
adds(str, "\t\t\tIssuer Name Hash: ");
_gnutls_buffer_hexprint(str, in.data, in.size);
adds(str, "\n");
adds(str, "\t\t\tIssuer Key Hash: ");
_gnutls_buffer_hexprint(str, ik.data, ik.size);
adds(str, "\n");
adds(str, "\t\t\tSerial Number: ");
_gnutls_buffer_hexprint(str, sn.data, sn.size);
adds(str, "\n");
gnutls_free(in.data);
gnutls_free(ik.data);
gnutls_free(sn.data);
{
const char *p = NULL;
switch (cert_status) {
case GNUTLS_OCSP_CERT_GOOD:
p = "good";
break;
case GNUTLS_OCSP_CERT_REVOKED:
p = "revoked";
break;
case GNUTLS_OCSP_CERT_UNKNOWN:
p = "unknown";
break;
default:
addf(str,
"\t\tCertificate Status: unexpected value %d\n",
cert_status);
break;
}
if (p)
addf(str, "\t\tCertificate Status: %s\n",
p);
}
/* XXX revocation reason */
if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
char s[42];
size_t max = sizeof(s);
struct tm t;
if (revocation_time == (time_t) - 1)
addf(str, "error: revocation_time\n");
else if (gmtime_r(&revocation_time, &t) == NULL)
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long) revocation_time);
else if (strftime
(s, max, "%a %b %d %H:%M:%S UTC %Y",
&t) == 0)
addf(str, "error: strftime (%ld)\n",
(unsigned long) revocation_time);
else
addf(str, _("\t\tRevocation time: %s\n"),
s);
}
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (this_update == (time_t) - 1)
addf(str, "error: this_update\n");
else if (gmtime_r(&this_update, &t) == NULL)
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long) this_update);
else if (strftime
(s, max, "%a %b %d %H:%M:%S UTC %Y",
&t) == 0)
addf(str, "error: strftime (%ld)\n",
(unsigned long) this_update);
else
addf(str, _("\t\tThis Update: %s\n"), s);
}
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (next_update != (time_t) - 1) {
if (gmtime_r(&next_update, &t) == NULL)
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long) next_update);
else if (strftime
(s, max, "%a %b %d %H:%M:%S UTC %Y",
&t) == 0)
addf(str, "error: strftime (%ld)\n",
(unsigned long) next_update);
else
addf(str, _("\t\tNext Update: %s\n"), s);
}
}
/* XXX singleRequestExtensions */
}
adds(str, "\tExtensions:\n");
for (indx = 0;; indx++) {
gnutls_datum_t oid;
unsigned int critical;
gnutls_datum_t data;
ret =
gnutls_ocsp_resp_get_extension(resp, indx, &oid,
&critical, &data);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret != GNUTLS_E_SUCCESS) {
addf(str, "error: get_extension: %s\n",
gnutls_strerror(ret));
continue;
}
if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
gnutls_datum_t nonce;
unsigned int ncrit;
ret =
gnutls_ocsp_resp_get_nonce(resp, &ncrit,
&nonce);
if (ret != GNUTLS_E_SUCCESS) {
addf(str, "error: get_nonce: %s\n",
gnutls_strerror(ret));
} else {
addf(str, "\t\tNonce%s: ",
ncrit ? " (critical)" : "");
_gnutls_buffer_hexprint(str, nonce.data,
nonce.size);
adds(str, "\n");
gnutls_free(nonce.data);
}
} else {
addf(str, "\t\tUnknown extension %s (%s):\n",
oid.data,
critical ? "critical" : "not critical");
adds(str, _("\t\t\tASCII: "));
_gnutls_buffer_asciiprint(str, (char *) data.data,
data.size);
addf(str, "\n");
adds(str, _("\t\t\tHexdump: "));
_gnutls_buffer_hexprint(str, (char *) data.data,
data.size);
adds(str, "\n");
}
gnutls_free(oid.data);
gnutls_free(data.data);
}
/* Signature. */
if (format == GNUTLS_OCSP_PRINT_FULL) {
gnutls_datum_t sig;
ret = gnutls_ocsp_resp_get_signature_algorithm(resp);
if (ret < 0)
addf(str, "error: get_signature_algorithm: %s\n",
gnutls_strerror(ret));
else {
const char *name =
gnutls_sign_algorithm_get_name(ret);
if (name == NULL)
name = _("unknown");
addf(str, _("\tSignature Algorithm: %s\n"), name);
}
if (ret != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(ret) == 0) {
adds(str,
_("warning: signed using a broken signature "
"algorithm that can be forged.\n"));
}
ret = gnutls_ocsp_resp_get_signature(resp, &sig);
if (ret < 0)
addf(str, "error: get_signature: %s\n",
gnutls_strerror(ret));
else {
adds(str, _("\tSignature:\n"));
_gnutls_buffer_hexdump(str, sig.data, sig.size,
"\t\t");
gnutls_free(sig.data);
}
}
/* certs */
if (format == GNUTLS_OCSP_PRINT_FULL) {
gnutls_x509_crt_t *certs;
size_t ncerts, i;
gnutls_datum_t out;
ret = gnutls_ocsp_resp_get_certs(resp, &certs, &ncerts);
if (ret < 0)
addf(str, "error: get_certs: %s\n",
gnutls_strerror(ret));
else {
if (ncerts > 0)
addf(str, "\tAdditional certificates:\n");
for (i = 0; i < ncerts; i++) {
size_t s = 0;
ret =
gnutls_x509_crt_print(certs[i],
GNUTLS_CRT_PRINT_FULL,
&out);
if (ret < 0)
addf(str, "error: crt_print: %s\n",
gnutls_strerror(ret));
else {
addf(str, "%.*s", out.size,
out.data);
gnutls_free(out.data);
}
ret =
gnutls_x509_crt_export(certs[i],
GNUTLS_X509_FMT_PEM,
NULL, &s);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
addf(str,
"error: crt_export: %s\n",
gnutls_strerror(ret));
else {
out.data = gnutls_malloc(s);
if (out.data == NULL)
addf(str,
"error: malloc: %s\n",
gnutls_strerror
(GNUTLS_E_MEMORY_ERROR));
else {
ret =
gnutls_x509_crt_export
(certs[i],
GNUTLS_X509_FMT_PEM,
out.data, &s);
if (ret < 0)
addf(str,
"error: crt_export: %s\n",
gnutls_strerror
(ret));
else {
out.size = s;
addf(str, "%.*s",
out.size,
out.data);
}
gnutls_free(out.data);
}
}
gnutls_x509_crt_deinit(certs[i]);
}
gnutls_free(certs);
}
}
}
int Text::add(const std::vector<Font::ColoredString> &text, const Matrix4 &m)
{
return addf(text, -1.0f, Font::ALIGN_MAX_ENUM, m);
}
/**
* gnutls_pkcs7_crt_print:
* @pkcs7: The PKCS7 struct to be printed
* @format: Indicate the format to use
* @out: Newly allocated datum with null terminated string.
*
* This function will pretty print a signed PKCS #7 structure, suitable for
* display to a human.
*
* Currently the supported formats are %GNUTLS_CRT_PRINT_FULL and
* %GNUTLS_CRT_PRINT_COMPACT.
*
* The output @out needs to be deallocated using gnutls_free().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out)
{
int count, ret, i;
gnutls_pkcs7_signature_info_st info;
gnutls_buffer_st str;
const char *oid;
_gnutls_buffer_init(&str);
/* For backwards compatibility with structures using the default OID,
* we don't print the eContent Type explicitly */
oid = gnutls_pkcs7_get_embedded_data_oid(pkcs7);
if (oid) {
if (strcmp(oid, DATA_OID) != 0
&& strcmp(oid, DIGESTED_DATA_OID) != 0) {
addf(&str, "eContent Type: %s\n", oid);
}
}
for (i = 0;; i++) {
if (i == 0)
addf(&str, "Signers:\n");
ret = gnutls_pkcs7_get_signature_info(pkcs7, i, &info);
if (ret < 0)
break;
print_pkcs7_info(&info, &str, format);
gnutls_pkcs7_signature_info_deinit(&info);
}
if (format == GNUTLS_CRT_PRINT_FULL) {
gnutls_datum_t data, b64;
count = gnutls_pkcs7_get_crt_count(pkcs7);
if (count > 0) {
addf(&str, "Number of certificates: %u\n\n",
count);
for (i = 0; i < count; i++) {
ret =
gnutls_pkcs7_get_crt_raw2(pkcs7, i, &data);
if (ret < 0) {
addf(&str,
"Error: cannot print certificate %d\n",
i);
continue;
}
ret =
gnutls_pem_base64_encode_alloc
("CERTIFICATE", &data, &b64);
if (ret < 0) {
gnutls_free(data.data);
continue;
}
adds(&str, (char*)b64.data);
adds(&str, "\n");
gnutls_free(b64.data);
gnutls_free(data.data);
}
}
count = gnutls_pkcs7_get_crl_count(pkcs7);
if (count > 0) {
addf(&str, "Number of CRLs: %u\n\n", count);
for (i = 0; i < count; i++) {
ret =
gnutls_pkcs7_get_crl_raw2(pkcs7, i, &data);
if (ret < 0) {
addf(&str,
"Error: cannot print certificate %d\n",
i);
continue;
}
ret =
gnutls_pem_base64_encode_alloc("X509 CRL",
&data, &b64);
if (ret < 0) {
gnutls_free(data.data);
continue;
}
adds(&str, (char*)b64.data);
adds(&str, "\n");
gnutls_free(b64.data);
gnutls_free(data.data);
}
}
}
return _gnutls_buffer_to_datum(&str, out, 1);
}
static void
print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
int err, i;
i = 0;
do {
char *dn;
size_t dn_size = 0;
err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
&& err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "unknown name (%s), ",
gnutls_strerror(err));
else {
dn = gnutls_malloc(dn_size);
if (!dn)
addf(str, "unknown name (%s), ",
gnutls_strerror
(GNUTLS_E_MEMORY_ERROR));
else {
err =
gnutls_openpgp_crt_get_name(cert, i,
dn,
&dn_size);
if (err < 0
&& err !=
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "unknown name (%s), ",
gnutls_strerror(err));
else if (err >= 0)
addf(str, _("name[%d]: %s, "), i,
dn);
else if (err ==
GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str,
_("revoked name[%d]: %s, "),
i, dn);
gnutls_free(dn);
}
}
i++;
}
while (err >= 0);
{
char fpr[128];
size_t fpr_size = sizeof(fpr);
int err;
err =
gnutls_openpgp_crt_get_fingerprint(cert, fpr,
&fpr_size);
if (err < 0)
addf(str, "error: get_fingerprint: %s\n",
gnutls_strerror(err));
else {
adds(str, _("fingerprint: "));
_gnutls_buffer_hexprint(str, fpr, fpr_size);
addf(str, ", ");
}
}
{
time_t tim;
tim = gnutls_openpgp_crt_get_creation_time(cert);
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (gmtime_r(&tim, &t) == NULL)
addf(str, "error: gmtime_r (%ld), ",
(unsigned long) tim);
else if (strftime
(s, max, "%Y-%m-%d %H:%M:%S UTC",
&t) == 0)
addf(str, "error: strftime (%ld), ",
(unsigned long) tim);
else
addf(str, _("created: %s, "), s);
}
tim = gnutls_openpgp_crt_get_expiration_time(cert);
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (tim == 0)
adds(str, _("never expires, "));
else {
if (gmtime_r(&tim, &t) == NULL)
addf(str,
"error: gmtime_r (%ld), ",
(unsigned long) tim);
else if (strftime
(s, max, "%Y-%m-%d %H:%M:%S UTC",
&t) == 0)
addf(str,
"error: strftime (%ld), ",
(unsigned long) tim);
else
addf(str, _("expires: %s, "), s);
}
}
}
{
unsigned int bits = 0;
gnutls_pk_algorithm_t algo =
gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
const char *algostr = gnutls_pk_algorithm_get_name(algo);
if (algostr)
addf(str, _("key algorithm %s (%d bits)"), algostr,
bits);
else
addf(str, _("unknown key algorithm (%d)"), algo);
}
}
static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info,
gnutls_buffer_st * str,
gnutls_certificate_print_formats_t format)
{
unsigned i;
char *oid;
gnutls_datum_t data;
char prefix[128];
char s[42];
size_t max;
int ret;
if (info->issuer_dn.size > 0)
print_dn(str, "\tSigner's issuer DN", &info->issuer_dn);
print_raw(str, "\tSigner's serial", &info->signer_serial);
print_raw(str, "\tSigner's issuer key ID", &info->issuer_keyid);
if (info->signing_time != -1) {
struct tm t;
if (gmtime_r(&info->signing_time, &t) == NULL) {
addf(str, "error: gmtime_r (%ld)\n",
(unsigned long)info->signing_time);
} else {
max = sizeof(s);
if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) ==
0) {
addf(str, "error: strftime (%ld)\n",
(unsigned long)info->signing_time);
} else {
addf(str, "\tSigning time: %s\n", s);
}
}
}
addf(str, "\tSignature Algorithm: %s\n",
gnutls_sign_get_name(info->algo));
if (format == GNUTLS_CRT_PRINT_FULL) {
if (info->signed_attrs) {
for (i = 0;; i++) {
ret =
gnutls_pkcs7_get_attr(info->signed_attrs, i,
&oid, &data, 0);
if (ret < 0)
break;
if (i == 0)
addf(str, "\tSigned Attributes:\n");
snprintf(prefix, sizeof(prefix), "\t\t%s", oid);
print_raw(str, prefix, &data);
gnutls_free(data.data);
}
}
if (info->unsigned_attrs) {
for (i = 0;; i++) {
ret =
gnutls_pkcs7_get_attr(info->unsigned_attrs,
i, &oid, &data, 0);
if (ret < 0)
break;
if (i == 0)
addf(str, "\tUnsigned Attributes:\n");
snprintf(prefix, sizeof(prefix), "\t\t%s", oid);
print_raw(str, prefix, &data);
gnutls_free(data.data);
}
}
}
adds(str, "\n");
}
static void print_cert(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
int i, subkeys;
int err;
print_key_revoked(str, cert, -1);
/* Version. */
{
int version = gnutls_openpgp_crt_get_version(cert);
if (version < 0)
addf(str, "error: get_version: %s\n",
gnutls_strerror(version));
else
addf(str, _("\tVersion: %d\n"), version);
}
/* ID. */
print_key_id(str, cert, -1);
print_key_fingerprint(str, cert);
/* Names. */
i = 0;
do {
char *dn;
size_t dn_size = 0;
err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
&& err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "error: get_name: %s\n",
gnutls_strerror(err));
else {
dn = gnutls_malloc(dn_size);
if (!dn)
addf(str, "error: malloc (%d): %s\n",
(int) dn_size,
gnutls_strerror
(GNUTLS_E_MEMORY_ERROR));
else {
err =
gnutls_openpgp_crt_get_name(cert, i,
dn,
&dn_size);
if (err < 0
&& err !=
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "error: get_name: %s\n",
gnutls_strerror(err));
else if (err >= 0)
addf(str, _("\tName[%d]: %s\n"), i,
dn);
else if (err ==
GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str,
_("\tRevoked Name[%d]: %s\n"),
i, dn);
gnutls_free(dn);
}
}
i++;
}
while (err >= 0);
print_key_times(str, cert, -1);
print_key_info(str, cert, -1);
print_key_usage(str, cert, -1);
subkeys = gnutls_openpgp_crt_get_subkey_count(cert);
if (subkeys < 0)
return;
for (i = 0; i < subkeys; i++) {
addf(str, _("\n\tSubkey[%d]:\n"), i);
print_key_revoked(str, cert, i);
print_key_id(str, cert, i);
print_key_times(str, cert, i);
print_key_info(str, cert, i);
print_key_usage(str, cert, i);
}
}
static void
print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
int err;
unsigned int bits;
if (idx == -1)
err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
else
err =
gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx,
&bits);
if (err < 0)
addf(str, "error: get_pk_algorithm: %s\n",
gnutls_strerror(err));
else {
const char *name = gnutls_pk_algorithm_get_name(err);
if (name == NULL)
name = _("unknown");
addf(str, _("\tPublic Key Algorithm: %s\n"), name);
addf(str, _("\tKey Security Level: %s\n"),
gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
(err, bits)));
switch (err) {
case GNUTLS_PK_RSA:
{
gnutls_datum_t m, e;
if (idx == -1)
err =
gnutls_openpgp_crt_get_pk_rsa_raw
(cert, &m, &e);
else
err =
gnutls_openpgp_crt_get_subkey_pk_rsa_raw
(cert, idx, &m, &e);
if (err < 0)
addf(str,
"error: get_pk_rsa_raw: %s\n",
gnutls_strerror(err));
else {
addf(str,
_("\t\tModulus (bits %d):\n"),
bits);
_gnutls_buffer_hexdump(str, m.data,
m.size,
"\t\t\t");
adds(str, _("\t\tExponent:\n"));
_gnutls_buffer_hexdump(str, e.data,
e.size,
"\t\t\t");
gnutls_free(m.data);
gnutls_free(e.data);
}
}
break;
case GNUTLS_PK_DSA:
{
gnutls_datum_t p, q, g, y;
if (idx == -1)
err =
gnutls_openpgp_crt_get_pk_dsa_raw
(cert, &p, &q, &g, &y);
else
err =
gnutls_openpgp_crt_get_subkey_pk_dsa_raw
(cert, idx, &p, &q, &g, &y);
if (err < 0)
addf(str,
"error: get_pk_dsa_raw: %s\n",
gnutls_strerror(err));
else {
addf(str,
_
("\t\tPublic key (bits %d):\n"),
bits);
_gnutls_buffer_hexdump(str, y.data,
y.size,
"\t\t\t");
adds(str, _("\t\tP:\n"));
_gnutls_buffer_hexdump(str, p.data,
p.size,
"\t\t\t");
adds(str, _("\t\tQ:\n"));
_gnutls_buffer_hexdump(str, q.data,
q.size,
"\t\t\t");
adds(str, _("\t\tG:\n"));
_gnutls_buffer_hexdump(str, g.data,
g.size,
"\t\t\t");
gnutls_free(p.data);
gnutls_free(q.data);
gnutls_free(g.data);
gnutls_free(y.data);
}
}
break;
default:
break;
}
}
}
TEST_F(AddTest, add_float)
{
EXPECT_EQ(5.5, addf(2.25, 3.25));
EXPECT_NE(5.5, addf(2.25, 4.25));
}
