const void * PKI_X509_CERT_get_data(const PKI_X509_CERT * x, PKI_X509_DATA type) { const void *ret = NULL; LIBPKI_X509_CERT *tmp_x = NULL; if (!x || !x->value) { PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); return (NULL); } tmp_x = x->value; switch (type) { case PKI_X509_DATA_VERSION: #if OPENSSL_VERSION_NUMBER < 0x1010000fL if (tmp_x->cert_info) ret = (tmp_x)->cert_info->version; #else ret = (tmp_x)->cert_info.version; #endif break; case PKI_X509_DATA_SERIAL: #if OPENSSL_VERSION_NUMBER < 0x1010000fL if (tmp_x->cert_info) ret = tmp_x->cert_info->serialNumber; #else ret = &((tmp_x)->cert_info.serialNumber); #endif // ret = X509_get_serialNumber ( (X509 *) x->value ); break; case PKI_X509_DATA_SUBJECT: #if OPENSSL_VERSION_NUMBER < 0x1010000fL if (tmp_x->cert_info) ret = tmp_x->cert_info->subject; #else ret = tmp_x->cert_info.subject; #endif // ret = X509_get_subject_name( (X509 *) x->value ); break; case PKI_X509_DATA_ISSUER: #if OPENSSL_VERSION_NUMBER < 0x1010000fL if (tmp_x->cert_info) ret = tmp_x->cert_info->issuer; #else ret = tmp_x->cert_info.issuer; #endif // ret = X509_get_issuer_name( (X509 *) x->value ); break; case PKI_X509_DATA_NOTBEFORE: #if OPENSSL_VERSION_NUMBER < 0x1010000fL ret = tmp_x->cert_info->validity->notBefore; #else ret = X509_get0_notBefore((X509 *)tmp_x); #endif break; case PKI_X509_DATA_NOTAFTER: #if OPENSSL_VERSION_NUMBER < 0x1010000fL ret = tmp_x->cert_info->validity->notAfter; #else ret = X509_get0_notAfter((X509 *)tmp_x); #endif break; case PKI_X509_DATA_KEYPAIR_VALUE: case PKI_X509_DATA_PUBKEY: ret = X509_get_pubkey((X509 *)tmp_x); break; case PKI_X509_DATA_PUBKEY_BITSTRING: ret = X509_get0_pubkey_bitstr((X509 *)tmp_x); break; case PKI_X509_DATA_SIGNATURE: #if OPENSSL_VERSION_NUMBER < 0x1010000fL ret = (tmp_x)->signature; #else ret = &(tmp_x)->signature; #endif break; // Signature Algorithm within the certInfo structure case PKI_X509_DATA_ALGORITHM: case PKI_X509_DATA_SIGNATURE_ALG1: #if OPENSSL_VERSION_NUMBER < 0x1010000fL if (tmp_x->cert_info && tmp_x->cert_info->signature) ret = tmp_x->cert_info->signature; #else ret = X509_get0_tbs_sigalg((const X509 *)x->value); #endif break; case PKI_X509_DATA_SIGNATURE_ALG2: #if OPENSSL_VERSION_NUMBER < 0x1010000fL if (tmp_x->sig_alg) ret = tmp_x->sig_alg; #else ret = &tmp_x->sig_alg; #endif break; case PKI_X509_DATA_KEYSIZE: case PKI_X509_DATA_CERT_TYPE: PKI_ERROR(PKI_ERR_PARAM_TYPE, "Deprecated Cert Datatype"); break; /* case PKI_X509_DATA_KEYSIZE: tmp_int = PKI_Malloc ( sizeof( int )); *tmp_int = EVP_PKEY_size(X509_get_pubkey((X509 *)x->value)); ret = tmp_int; break; case PKI_X509_DATA_CERT_TYPE: tmp_int = PKI_Malloc ( sizeof ( int )); *tmp_int = PKI_X509_CERT_get_type( x ); break; */ case PKI_X509_DATA_EXTENSIONS: #if OPENSSL_VERSION_NUMBER < 0x1010000fL ret = tmp_x->cert_info->extensions; #else ret = tmp_x->cert_info.extensions; #endif break; default: /* Not Recognized/Supported DATATYPE */ return (NULL); } return (ret); }
int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { long l; int ret = 0, i; char *m = NULL, mlch = ' '; int nmindent = 0; ASN1_INTEGER *bs; EVP_PKEY *pkey = NULL; const char *neg; if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; nmindent = 12; } if (nmflags == X509_FLAG_COMPAT) nmindent = 16; if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate:\n", 13) <= 0) goto err; if (BIO_write(bp, " Data:\n", 10) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_VERSION)) { l = X509_get_version(x); if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_SERIAL)) { if (BIO_write(bp, " Serial Number:", 22) <= 0) goto err; bs = X509_get_serialNumber(x); if (bs->length <= (int)sizeof(long)) { ERR_set_mark(); l = ASN1_INTEGER_get(bs); ERR_pop_to_mark(); } else { l = -1; } if (l != -1) { if (bs->type == V_ASN1_NEG_INTEGER) { l = -l; neg = "-"; } else neg = ""; if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) goto err; } else { neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) goto err; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02x%c", bs->data[i], ((i + 1 == bs->length) ? '\n' : ':')) <= 0) goto err; } } } if (!(cflag & X509_FLAG_NO_SIGNAME)) { X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); if (X509_signature_print(bp, tsig_alg, NULL) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_ISSUER)) { if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) < 0) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_VALIDITY)) { if (BIO_write(bp, " Validity\n", 17) <= 0) goto err; if (BIO_write(bp, " Not Before: ", 24) <= 0) goto err; if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) goto err; if (BIO_write(bp, "\n Not After : ", 25) <= 0) goto err; if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_SUBJECT)) { if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_PUBKEY)) { X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); ASN1_OBJECT *xpoid; X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) goto err; if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) goto err; if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; pkey = X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ERR_print_errors(bp); } else { EVP_PKEY_print_public(bp, pkey, 16, NULL); EVP_PKEY_free(pkey); } } if (!(cflag & X509_FLAG_NO_IDS)) { ASN1_BIT_STRING *iuid, *suid; X509_get0_uids(&iuid, &suid, x); if (iuid != NULL) { if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) goto err; if (!X509_signature_dump(bp, iuid, 12)) goto err; } if (suid != NULL) { if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) goto err; if (!X509_signature_dump(bp, suid, 12)) goto err; } } if (!(cflag & X509_FLAG_NO_EXTENSIONS)) X509V3_extensions_print(bp, "X509v3 extensions", X509_get0_extensions(x), cflag, 8); if (!(cflag & X509_FLAG_NO_SIGDUMP)) { X509_ALGOR *sig_alg; ASN1_BIT_STRING *sig; X509_get0_signature(&sig, &sig_alg, x); if (X509_signature_print(bp, sig_alg, sig) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_AUX)) { if (!X509_aux_print(bp, x, 0)) goto err; } ret = 1; err: OPENSSL_free(m); return (ret); }
static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs, char *var) { char *result; BOOL resdup; X509_NAME *xsname; int nid; result = NULL; resdup = TRUE; if (strcEQ(var, "M_VERSION")) { result = apr_psprintf(p, "%lu", X509_get_version(xs)+1); resdup = FALSE; } else if (strcEQ(var, "M_SERIAL")) { result = ssl_var_lookup_ssl_cert_serial(p, xs); } else if (strcEQ(var, "V_START")) { result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs)); } else if (strcEQ(var, "V_END")) { result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs)); } else if (strcEQ(var, "V_REMAIN")) { result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs)); resdup = FALSE; } else if (*var && strcEQ(var+1, "_DN")) { if (*var == 'S') xsname = X509_get_subject_name(xs); else if (*var == 'I') xsname = X509_get_issuer_name(xs); else return NULL; result = ssl_var_lookup_ssl_cert_dn_oneline(p, r, xsname); resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var+1, "_DN_", 4)) { if (*var == 'S') xsname = X509_get_subject_name(xs); else if (*var == 'I') xsname = X509_get_issuer_name(xs); else return NULL; result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5); resdup = FALSE; } else if (strlen(var) > 4 && strcEQn(var, "SAN_", 4)) { result = ssl_var_lookup_ssl_cert_san(p, xs, var+4); resdup = FALSE; } else if (strcEQ(var, "A_SIG")) { #if MODSSL_USE_OPENSSL_PRE_1_1_API nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm)); #else const ASN1_OBJECT *paobj; X509_ALGOR_get0(&paobj, NULL, NULL, X509_get0_tbs_sigalg(xs)); nid = OBJ_obj2nid(paobj); #endif result = apr_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid)); resdup = FALSE; } else if (strcEQ(var, "A_KEY")) { #if OPENSSL_VERSION_NUMBER < 0x10100000L nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->key->algor->algorithm)); #else ASN1_OBJECT *paobj; X509_PUBKEY_get0_param(&paobj, NULL, 0, NULL, X509_get_X509_PUBKEY(xs)); nid = OBJ_obj2nid(paobj); #endif result = apr_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid)); resdup = FALSE; } else if (strcEQ(var, "CERT")) { result = ssl_var_lookup_ssl_cert_PEM(p, xs); } if (resdup) result = apr_pstrdup(p, result); return result; }