/** * gnutls_ocsp_req_print: * @req: The data to be printed * @format: Indicate the format to use * @out: Newly allocated datum with (0) terminated string. * * This function will pretty print a OCSP request, suitable for * display to a human. * * If the format is %GNUTLS_OCSP_PRINT_FULL then all fields of the * request will be output, on multiple lines. * * The output @out->data needs to be deallocate using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_ocsp_req_print(gnutls_ocsp_req_t req, gnutls_ocsp_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; int rc; if (format != GNUTLS_OCSP_PRINT_FULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } _gnutls_buffer_init(&str); _gnutls_buffer_append_str(&str, _("OCSP Request Information:\n")); print_req(&str, req); rc = _gnutls_buffer_to_datum(&str, out, 1); if (rc != GNUTLS_E_SUCCESS) { gnutls_assert(); return rc; } return GNUTLS_E_SUCCESS; }
/** * gnutls_ocsp_resp_print: * @resp: The structure to be printed * @format: Indicate the format to use * @out: Newly allocated datum with (0) terminated string. * * This function will pretty print a OCSP response, suitable for * display to a human. * * If the format is %GNUTLS_OCSP_PRINT_FULL then all fields of the * response will be output, on multiple lines. * * The output @out->data needs to be deallocate using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp, gnutls_ocsp_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; int rc; _gnutls_buffer_init (&str); _gnutls_buffer_append_str (&str, _("OCSP Response Information:\n")); print_resp (&str, resp, format); _gnutls_buffer_append_data (&str, "\0", 1); rc = _gnutls_buffer_to_datum (&str, out); if (rc != GNUTLS_E_SUCCESS) { gnutls_assert (); return rc; } return GNUTLS_E_SUCCESS; }
/** * gnutls_openpgp_crt_print: * @cert: The structure to be printed * @format: Indicate the format to use * @out: Newly allocated datum with (0) terminated string. * * This function will pretty print an OpenPGP certificate, suitable * for display to a human. * * The format should be (0) for future compatibility. * * The output @out needs to be deallocate using gnutls_free(). * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert, gnutls_certificate_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; int ret; _gnutls_buffer_init(&str); if (format == GNUTLS_CRT_PRINT_ONELINE) print_oneline(&str, cert); else if (format == GNUTLS_CRT_PRINT_COMPACT) { print_oneline(&str, cert); _gnutls_buffer_append_data(&str, "\n", 1); print_key_fingerprint(&str, cert); } else { _gnutls_buffer_append_str(&str, _ ("OpenPGP Certificate Information:\n")); print_cert(&str, cert); } _gnutls_buffer_append_data(&str, "\0", 1); ret = _gnutls_buffer_to_datum(&str, out); if (out->size > 0) out->size--; return ret; }
/** * gnutls_openpgp_crt_print: * @cert: The structure to be printed * @format: Indicate the format to use * @out: Newly allocated datum with zero terminated string. * * This function will pretty print an OpenPGP certificate, suitable * for display to a human. * * The format should be zero for future compatibility. * * The output @out needs to be deallocate using gnutls_free(). * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, gnutls_certificate_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; _gnutls_buffer_init (&str); if (format == GNUTLS_CRT_PRINT_ONELINE) print_oneline (&str, cert); else { _gnutls_buffer_append_str (&str, _("OpenPGP Certificate Information:\n")); print_cert (&str, cert); } _gnutls_buffer_append_data (&str, "\0", 1); out->data = str.data; out->size = strlen (str.data); return 0; }
void _gnutls_buffer_hexprint (gnutls_buffer_st * str, const char *data, size_t len) { size_t j; if (len == 0) _gnutls_buffer_append_str (str, "00"); else { for (j = 0; j < len; j++) _gnutls_buffer_append_printf (str, "%.2x", (unsigned char) data[j]); } }
void _gnutls_buffer_hexdump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc) { size_t j; if (spc) _gnutls_buffer_append_str (str, spc); for (j = 0; j < len; j++) { if (((j + 1) % 16) == 0) { _gnutls_buffer_append_printf (str, "%.2x\n", (unsigned char) data[j]); if (spc && j != (len - 1)) _gnutls_buffer_append_str (str, spc); } else if (j == (len - 1)) _gnutls_buffer_append_printf (str, "%.2x", (unsigned char) data[j]); else _gnutls_buffer_append_printf (str, "%.2x:", (unsigned char) data[j]); } if ((j % 16) != 0) _gnutls_buffer_append_str (str, "\n"); }
int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...) { va_list args; int len; char *str; va_start (args, fmt); len = vasprintf (&str, fmt, args); va_end (args); if (len < 0 || !str) return -1; len = _gnutls_buffer_append_str (dest, str); free (str); return len; }
/** * gnutls_certificate_verification_status_print: * @status: The status flags to be printed * @type: The certificate type * @out: Newly allocated datum with (0) terminated string. * @flags: should be zero * * This function will pretty print the status of a verification * process -- eg. the one obtained by gnutls_certificate_verify_peers3(). * * The output @out needs to be deallocated using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.4 **/ int gnutls_certificate_verification_status_print (unsigned int status, gnutls_certificate_type_t type, gnutls_datum_t * out, unsigned int flags) { gnutls_buffer_st str; int ret; _gnutls_buffer_init (&str); if (status == 0) _gnutls_buffer_append_str (&str, _("The certificate is trusted. ")); else _gnutls_buffer_append_str (&str, _("The certificate is NOT trusted. ")); if (type == GNUTLS_CRT_X509) { if (status & GNUTLS_CERT_REVOKED) _gnutls_buffer_append_str (&str, _("The certificate chain is revoked. ")); if (status & GNUTLS_CERT_MISMATCH) _gnutls_buffer_append_str (&str, _("The certificate doesn't match the local copy (TOFU). ")); if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED) _gnutls_buffer_append_str (&str, _("The revocation data are old and have been superseded. ")); if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE) _gnutls_buffer_append_str (&str, _("The revocation data are issued with a future date. ")); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) _gnutls_buffer_append_str (&str, _("The certificate issuer is unknown. ")); if (status & GNUTLS_CERT_SIGNER_NOT_CA) _gnutls_buffer_append_str (&str, _("The certificate issuer is not a CA. ")); } else if (type == GNUTLS_CRT_OPENPGP) { _gnutls_buffer_append_str (&str, _("The certificate is not trusted. ")); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) _gnutls_buffer_append_str (&str, _("Could not find a signer of the certificate. ")); if (status & GNUTLS_CERT_REVOKED) _gnutls_buffer_append_str (&str, _("The certificate is revoked. ")); } if (status & GNUTLS_CERT_INSECURE_ALGORITHM) _gnutls_buffer_append_str (&str, _("The certificate chain uses insecure algorithm. ")); if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE) _gnutls_buffer_append_str (&str, _("The certificate chain violates the signer's constraints. ")); if (status & GNUTLS_CERT_NOT_ACTIVATED) _gnutls_buffer_append_str (&str, _("The certificate chain uses not yet valid certificate. ")); if (status & GNUTLS_CERT_EXPIRED) _gnutls_buffer_append_str (&str, _("The certificate chain uses expired certificate. ")); if (status & GNUTLS_CERT_SIGNATURE_FAILURE) _gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. ")); if (status & GNUTLS_CERT_UNEXPECTED_OWNER) _gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. ")); ret = _gnutls_buffer_to_datum( &str, out); if (out->size > 0) out->size--; return ret; }
static int encode_tpmkey_url(char **url, const TSS_UUID * uuid, TSS_FLAG storage) { size_t size = (UUID_SIZE * 2 + 4) * 2 + 32; uint8_t u1[UUID_SIZE]; gnutls_buffer_st buf; gnutls_datum_t dret; int ret; *url = gnutls_malloc(size); if (*url == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); _gnutls_buffer_init(&buf); memcpy(u1, &uuid->ulTimeLow, 4); memcpy(&u1[4], &uuid->usTimeMid, 2); memcpy(&u1[6], &uuid->usTimeHigh, 2); u1[8] = uuid->bClockSeqHigh; u1[9] = uuid->bClockSeqLow; memcpy(&u1[10], uuid->rgbNode, 6); ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid="); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_append_printf(&buf, "%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x", (unsigned int) u1[0], (unsigned int) u1[1], (unsigned int) u1[2], (unsigned int) u1[3], (unsigned int) u1[4], (unsigned int) u1[5], (unsigned int) u1[6], (unsigned int) u1[7], (unsigned int) u1[8], (unsigned int) u1[9], (unsigned int) u1[10], (unsigned int) u1[11], (unsigned int) u1[12], (unsigned int) u1[13], (unsigned int) u1[14], (unsigned int) u1[15]); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_append_printf(&buf, ";storage=%s", (storage == TSS_PS_TYPE_USER) ? "user" : "system"); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_to_datum(&buf, &dret); if (ret < 0) { gnutls_assert(); goto cleanup; } *url = (char *) dret.data; return 0; cleanup: _gnutls_buffer_clear(&buf); return ret; }
static int get_win_urls(const CERT_CONTEXT * cert, char **cert_url, char **key_url, char **label, gnutls_datum_t * der) { BOOL r; int ret; DWORD tl_size; gnutls_datum_t tmp_label = { NULL, 0 }; char name[MAX_CN * 2]; char hex[MAX_WID_SIZE * 2 + 1]; gnutls_buffer_st str; #ifdef WORDS_BIGENDIAN const unsigned bigendian = 1; #else const unsigned bigendian = 0; #endif if (cert == NULL) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); if (der) { der->data = gnutls_malloc(cert->cbCertEncoded); if (der->data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); memcpy(der->data, cert->pbCertEncoded, cert->cbCertEncoded); der->size = cert->cbCertEncoded; } _gnutls_buffer_init(&str); if (label) *label = NULL; if (key_url) *key_url = NULL; if (cert_url) *cert_url = NULL; tl_size = sizeof(name); r = CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, name, &tl_size); if (r != 0) { /* optional */ ret = _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian); if (ret < 0) { gnutls_assert(); goto fail; } if (label) *label = (char *)tmp_label.data; } tl_size = sizeof(name); r = CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, name, &tl_size); if (r == 0) { gnutls_assert(); ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; goto fail; } if (_gnutls_bin2hex(name, tl_size, hex, sizeof(hex), 0) == NULL) { ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR); goto fail; } ret = _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=cert", hex); if (ret < 0) { gnutls_assert(); goto fail; } if (tmp_label.data) { ret = _gnutls_buffer_append_str(&str, ";name="); if (ret < 0) { gnutls_assert(); goto fail; } ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " "); if (ret < 0) { gnutls_assert(); goto fail; } } ret = _gnutls_buffer_append_data(&str, "\x00", 1); if (ret < 0) { gnutls_assert(); goto fail; } if (cert_url) *cert_url = (char *)str.data; _gnutls_buffer_init(&str); ret = _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=privkey", hex); if (ret < 0) { gnutls_assert(); goto fail; } if (tmp_label.data) { ret = _gnutls_buffer_append_str(&str, ";name="); if (ret < 0) { gnutls_assert(); goto fail; } ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " "); if (ret < 0) { gnutls_assert(); goto fail; } } ret = _gnutls_buffer_append_data(&str, "\x00", 1); if (ret < 0) { gnutls_assert(); goto fail; } if (key_url) *key_url = (char *)str.data; _gnutls_buffer_init(&str); ret = 0; goto cleanup; fail: if (der) gnutls_free(der->data); if (cert_url) gnutls_free(*cert_url); if (key_url) gnutls_free(*key_url); if (label) gnutls_free(*label); cleanup: _gnutls_buffer_clear(&str); return ret; }