/**
* gnutls_ocsp_req_print:
* @req: The data to be printed
* @format: Indicate the format to use
* @out: Newly allocated datum with (0) terminated string.
*
* This function will pretty print a OCSP request, suitable for
* display to a human.
*
* If the format is %GNUTLS_OCSP_PRINT_FULL then all fields of the
* request will be output, on multiple lines.
*
* The output @out->data needs to be deallocate using gnutls_free().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
gnutls_ocsp_print_formats_t format,
gnutls_datum_t * out)
{
gnutls_buffer_st str;
int rc;
if (format != GNUTLS_OCSP_PRINT_FULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
_gnutls_buffer_init(&str);
_gnutls_buffer_append_str(&str, _("OCSP Request Information:\n"));
print_req(&str, req);
rc = _gnutls_buffer_to_datum(&str, out, 1);
if (rc != GNUTLS_E_SUCCESS) {
gnutls_assert();
return rc;
}
return GNUTLS_E_SUCCESS;
}
/**
* gnutls_ocsp_resp_print:
* @resp: The structure to be printed
* @format: Indicate the format to use
* @out: Newly allocated datum with (0) terminated string.
*
* This function will pretty print a OCSP response, suitable for
* display to a human.
*
* If the format is %GNUTLS_OCSP_PRINT_FULL then all fields of the
* response will be output, on multiple lines.
*
* The output @out->data needs to be deallocate using gnutls_free().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp,
gnutls_ocsp_print_formats_t format,
gnutls_datum_t * out)
{
gnutls_buffer_st str;
int rc;
_gnutls_buffer_init (&str);
_gnutls_buffer_append_str (&str, _("OCSP Response Information:\n"));
print_resp (&str, resp, format);
_gnutls_buffer_append_data (&str, "\0", 1);
rc = _gnutls_buffer_to_datum (&str, out);
if (rc != GNUTLS_E_SUCCESS)
{
gnutls_assert ();
return rc;
}
return GNUTLS_E_SUCCESS;
}
/**
* gnutls_openpgp_crt_print:
* @cert: The structure to be printed
* @format: Indicate the format to use
* @out: Newly allocated datum with (0) terminated string.
*
* This function will pretty print an OpenPGP certificate, suitable
* for display to a human.
*
* The format should be (0) for future compatibility.
*
* The output @out needs to be deallocate using gnutls_free().
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out)
{
gnutls_buffer_st str;
int ret;
_gnutls_buffer_init(&str);
if (format == GNUTLS_CRT_PRINT_ONELINE)
print_oneline(&str, cert);
else if (format == GNUTLS_CRT_PRINT_COMPACT) {
print_oneline(&str, cert);
_gnutls_buffer_append_data(&str, "\n", 1);
print_key_fingerprint(&str, cert);
} else {
_gnutls_buffer_append_str(&str,
_
("OpenPGP Certificate Information:\n"));
print_cert(&str, cert);
}
_gnutls_buffer_append_data(&str, "\0", 1);
ret = _gnutls_buffer_to_datum(&str, out);
if (out->size > 0)
out->size--;
return ret;
}
/**
* gnutls_openpgp_crt_print:
* @cert: The structure to be printed
* @format: Indicate the format to use
* @out: Newly allocated datum with zero terminated string.
*
* This function will pretty print an OpenPGP certificate, suitable
* for display to a human.
*
* The format should be zero for future compatibility.
*
* The output @out needs to be deallocate using gnutls_free().
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out)
{
gnutls_buffer_st str;
_gnutls_buffer_init (&str);
if (format == GNUTLS_CRT_PRINT_ONELINE)
print_oneline (&str, cert);
else
{
_gnutls_buffer_append_str (&str,
_("OpenPGP Certificate Information:\n"));
print_cert (&str, cert);
}
_gnutls_buffer_append_data (&str, "\0", 1);
out->data = str.data;
out->size = strlen (str.data);
return 0;
}
void
_gnutls_buffer_hexprint (gnutls_buffer_st * str,
const char *data, size_t len)
{
size_t j;
if (len == 0)
_gnutls_buffer_append_str (str, "00");
else
{
for (j = 0; j < len; j++)
_gnutls_buffer_append_printf (str, "%.2x", (unsigned char) data[j]);
}
}
void
_gnutls_buffer_hexdump (gnutls_buffer_st * str, const char *data, size_t len,
const char *spc)
{
size_t j;
if (spc)
_gnutls_buffer_append_str (str, spc);
for (j = 0; j < len; j++)
{
if (((j + 1) % 16) == 0)
{
_gnutls_buffer_append_printf (str, "%.2x\n", (unsigned char) data[j]);
if (spc && j != (len - 1))
_gnutls_buffer_append_str (str, spc);
}
else if (j == (len - 1))
_gnutls_buffer_append_printf (str, "%.2x", (unsigned char) data[j]);
else
_gnutls_buffer_append_printf (str, "%.2x:", (unsigned char) data[j]);
}
if ((j % 16) != 0)
_gnutls_buffer_append_str (str, "\n");
}
int
_gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...)
{
va_list args;
int len;
char *str;
va_start (args, fmt);
len = vasprintf (&str, fmt, args);
va_end (args);
if (len < 0 || !str)
return -1;
len = _gnutls_buffer_append_str (dest, str);
free (str);
return len;
}
/**
* gnutls_certificate_verification_status_print:
* @status: The status flags to be printed
* @type: The certificate type
* @out: Newly allocated datum with (0) terminated string.
* @flags: should be zero
*
* This function will pretty print the status of a verification
* process -- eg. the one obtained by gnutls_certificate_verify_peers3().
*
* The output @out needs to be deallocated using gnutls_free().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.4
**/
int
gnutls_certificate_verification_status_print (unsigned int status,
gnutls_certificate_type_t type,
gnutls_datum_t * out, unsigned int flags)
{
gnutls_buffer_st str;
int ret;
_gnutls_buffer_init (&str);
if (status == 0)
_gnutls_buffer_append_str (&str, _("The certificate is trusted. "));
else
_gnutls_buffer_append_str (&str, _("The certificate is NOT trusted. "));
if (type == GNUTLS_CRT_X509)
{
if (status & GNUTLS_CERT_REVOKED)
_gnutls_buffer_append_str (&str, _("The certificate chain is revoked. "));
if (status & GNUTLS_CERT_MISMATCH)
_gnutls_buffer_append_str (&str, _("The certificate doesn't match the local copy (TOFU). "));
if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED)
_gnutls_buffer_append_str (&str, _("The revocation data are old and have been superseded. "));
if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE)
_gnutls_buffer_append_str (&str, _("The revocation data are issued with a future date. "));
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
_gnutls_buffer_append_str (&str, _("The certificate issuer is unknown. "));
if (status & GNUTLS_CERT_SIGNER_NOT_CA)
_gnutls_buffer_append_str (&str, _("The certificate issuer is not a CA. "));
}
else if (type == GNUTLS_CRT_OPENPGP)
{
_gnutls_buffer_append_str (&str, _("The certificate is not trusted. "));
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
_gnutls_buffer_append_str (&str, _("Could not find a signer of the certificate. "));
if (status & GNUTLS_CERT_REVOKED)
_gnutls_buffer_append_str (&str, _("The certificate is revoked. "));
}
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
_gnutls_buffer_append_str (&str, _("The certificate chain uses insecure algorithm. "));
if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE)
_gnutls_buffer_append_str (&str, _("The certificate chain violates the signer's constraints. "));
if (status & GNUTLS_CERT_NOT_ACTIVATED)
_gnutls_buffer_append_str (&str, _("The certificate chain uses not yet valid certificate. "));
if (status & GNUTLS_CERT_EXPIRED)
_gnutls_buffer_append_str (&str, _("The certificate chain uses expired certificate. "));
if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
_gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. "));
if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
_gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. "));
ret = _gnutls_buffer_to_datum( &str, out);
if (out->size > 0) out->size--;
return ret;
}
static int encode_tpmkey_url(char **url, const TSS_UUID * uuid,
TSS_FLAG storage)
{
size_t size = (UUID_SIZE * 2 + 4) * 2 + 32;
uint8_t u1[UUID_SIZE];
gnutls_buffer_st buf;
gnutls_datum_t dret;
int ret;
*url = gnutls_malloc(size);
if (*url == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
_gnutls_buffer_init(&buf);
memcpy(u1, &uuid->ulTimeLow, 4);
memcpy(&u1[4], &uuid->usTimeMid, 2);
memcpy(&u1[6], &uuid->usTimeHigh, 2);
u1[8] = uuid->bClockSeqHigh;
u1[9] = uuid->bClockSeqLow;
memcpy(&u1[10], uuid->rgbNode, 6);
ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid=");
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
_gnutls_buffer_append_printf(&buf,
"%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
(unsigned int) u1[0],
(unsigned int) u1[1],
(unsigned int) u1[2],
(unsigned int) u1[3],
(unsigned int) u1[4],
(unsigned int) u1[5],
(unsigned int) u1[6],
(unsigned int) u1[7],
(unsigned int) u1[8],
(unsigned int) u1[9],
(unsigned int) u1[10],
(unsigned int) u1[11],
(unsigned int) u1[12],
(unsigned int) u1[13],
(unsigned int) u1[14],
(unsigned int) u1[15]);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
_gnutls_buffer_append_printf(&buf, ";storage=%s",
(storage ==
TSS_PS_TYPE_USER) ? "user" :
"system");
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = _gnutls_buffer_to_datum(&buf, &dret);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
*url = (char *) dret.data;
return 0;
cleanup:
_gnutls_buffer_clear(&buf);
return ret;
}
static
int get_win_urls(const CERT_CONTEXT * cert, char **cert_url, char **key_url,
char **label, gnutls_datum_t * der)
{
BOOL r;
int ret;
DWORD tl_size;
gnutls_datum_t tmp_label = { NULL, 0 };
char name[MAX_CN * 2];
char hex[MAX_WID_SIZE * 2 + 1];
gnutls_buffer_st str;
#ifdef WORDS_BIGENDIAN
const unsigned bigendian = 1;
#else
const unsigned bigendian = 0;
#endif
if (cert == NULL)
return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
if (der) {
der->data = gnutls_malloc(cert->cbCertEncoded);
if (der->data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
memcpy(der->data, cert->pbCertEncoded, cert->cbCertEncoded);
der->size = cert->cbCertEncoded;
}
_gnutls_buffer_init(&str);
if (label)
*label = NULL;
if (key_url)
*key_url = NULL;
if (cert_url)
*cert_url = NULL;
tl_size = sizeof(name);
r = CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
name, &tl_size);
if (r != 0) { /* optional */
ret =
_gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (label)
*label = (char *)tmp_label.data;
}
tl_size = sizeof(name);
r = CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID,
name, &tl_size);
if (r == 0) {
gnutls_assert();
ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
goto fail;
}
if (_gnutls_bin2hex(name, tl_size, hex, sizeof(hex), 0) == NULL) {
ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
goto fail;
}
ret =
_gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=cert", hex);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (tmp_label.data) {
ret = _gnutls_buffer_append_str(&str, ";name=");
if (ret < 0) {
gnutls_assert();
goto fail;
}
ret =
_gnutls_buffer_append_escape(&str, tmp_label.data,
tmp_label.size, " ");
if (ret < 0) {
gnutls_assert();
goto fail;
}
}
ret = _gnutls_buffer_append_data(&str, "\x00", 1);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (cert_url)
*cert_url = (char *)str.data;
_gnutls_buffer_init(&str);
ret =
_gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=privkey",
hex);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (tmp_label.data) {
ret = _gnutls_buffer_append_str(&str, ";name=");
if (ret < 0) {
gnutls_assert();
goto fail;
}
ret =
_gnutls_buffer_append_escape(&str, tmp_label.data,
tmp_label.size, " ");
if (ret < 0) {
gnutls_assert();
goto fail;
}
}
ret = _gnutls_buffer_append_data(&str, "\x00", 1);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (key_url)
*key_url = (char *)str.data;
_gnutls_buffer_init(&str);
ret = 0;
goto cleanup;
fail:
if (der)
gnutls_free(der->data);
if (cert_url)
gnutls_free(*cert_url);
if (key_url)
gnutls_free(*key_url);
if (label)
gnutls_free(*label);
cleanup:
_gnutls_buffer_clear(&str);
return ret;
}
