const void * PKI_X509_CERT_get_data(const PKI_X509_CERT * x,
PKI_X509_DATA type) {
const void *ret = NULL;
LIBPKI_X509_CERT *tmp_x = NULL;
if (!x || !x->value) {
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return (NULL);
}
tmp_x = x->value;
switch (type)
{
case PKI_X509_DATA_VERSION:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
if (tmp_x->cert_info) ret = (tmp_x)->cert_info->version;
#else
ret = (tmp_x)->cert_info.version;
#endif
break;
case PKI_X509_DATA_SERIAL:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
if (tmp_x->cert_info) ret = tmp_x->cert_info->serialNumber;
#else
ret = &((tmp_x)->cert_info.serialNumber);
#endif
// ret = X509_get_serialNumber ( (X509 *) x->value );
break;
case PKI_X509_DATA_SUBJECT:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
if (tmp_x->cert_info) ret = tmp_x->cert_info->subject;
#else
ret = tmp_x->cert_info.subject;
#endif
// ret = X509_get_subject_name( (X509 *) x->value );
break;
case PKI_X509_DATA_ISSUER:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
if (tmp_x->cert_info) ret = tmp_x->cert_info->issuer;
#else
ret = tmp_x->cert_info.issuer;
#endif
// ret = X509_get_issuer_name( (X509 *) x->value );
break;
case PKI_X509_DATA_NOTBEFORE:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
ret = tmp_x->cert_info->validity->notBefore;
#else
ret = X509_get0_notBefore((X509 *)tmp_x);
#endif
break;
case PKI_X509_DATA_NOTAFTER:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
ret = tmp_x->cert_info->validity->notAfter;
#else
ret = X509_get0_notAfter((X509 *)tmp_x);
#endif
break;
case PKI_X509_DATA_KEYPAIR_VALUE:
case PKI_X509_DATA_PUBKEY:
ret = X509_get_pubkey((X509 *)tmp_x);
break;
case PKI_X509_DATA_PUBKEY_BITSTRING:
ret = X509_get0_pubkey_bitstr((X509 *)tmp_x);
break;
case PKI_X509_DATA_SIGNATURE:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
ret = (tmp_x)->signature;
#else
ret = &(tmp_x)->signature;
#endif
break;
// Signature Algorithm within the certInfo structure
case PKI_X509_DATA_ALGORITHM:
case PKI_X509_DATA_SIGNATURE_ALG1:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
if (tmp_x->cert_info && tmp_x->cert_info->signature)
ret = tmp_x->cert_info->signature;
#else
ret = X509_get0_tbs_sigalg((const X509 *)x->value);
#endif
break;
case PKI_X509_DATA_SIGNATURE_ALG2:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
if (tmp_x->sig_alg) ret = tmp_x->sig_alg;
#else
ret = &tmp_x->sig_alg;
#endif
break;
case PKI_X509_DATA_KEYSIZE:
case PKI_X509_DATA_CERT_TYPE:
PKI_ERROR(PKI_ERR_PARAM_TYPE, "Deprecated Cert Datatype");
break;
/*
case PKI_X509_DATA_KEYSIZE:
tmp_int = PKI_Malloc ( sizeof( int ));
*tmp_int = EVP_PKEY_size(X509_get_pubkey((X509 *)x->value));
ret = tmp_int;
break;
case PKI_X509_DATA_CERT_TYPE:
tmp_int = PKI_Malloc ( sizeof ( int ));
*tmp_int = PKI_X509_CERT_get_type( x );
break;
*/
case PKI_X509_DATA_EXTENSIONS:
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
ret = tmp_x->cert_info->extensions;
#else
ret = tmp_x->cert_info.extensions;
#endif
break;
default:
/* Not Recognized/Supported DATATYPE */
return (NULL);
}
return (ret);
}
int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
unsigned long cflag)
{
long l;
int ret = 0, i;
char *m = NULL, mlch = ' ';
int nmindent = 0;
ASN1_INTEGER *bs;
EVP_PKEY *pkey = NULL;
const char *neg;
if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mlch = '\n';
nmindent = 12;
}
if (nmflags == X509_FLAG_COMPAT)
nmindent = 16;
if (!(cflag & X509_FLAG_NO_HEADER)) {
if (BIO_write(bp, "Certificate:\n", 13) <= 0)
goto err;
if (BIO_write(bp, " Data:\n", 10) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_VERSION)) {
l = X509_get_version(x);
if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_SERIAL)) {
if (BIO_write(bp, " Serial Number:", 22) <= 0)
goto err;
bs = X509_get_serialNumber(x);
if (bs->length <= (int)sizeof(long)) {
ERR_set_mark();
l = ASN1_INTEGER_get(bs);
ERR_pop_to_mark();
} else {
l = -1;
}
if (l != -1) {
if (bs->type == V_ASN1_NEG_INTEGER) {
l = -l;
neg = "-";
} else
neg = "";
if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
goto err;
} else {
neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
goto err;
for (i = 0; i < bs->length; i++) {
if (BIO_printf(bp, "%02x%c", bs->data[i],
((i + 1 == bs->length) ? '\n' : ':')) <= 0)
goto err;
}
}
}
if (!(cflag & X509_FLAG_NO_SIGNAME)) {
X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_ISSUER)) {
if (BIO_printf(bp, " Issuer:%c", mlch) <= 0)
goto err;
if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
< 0)
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_VALIDITY)) {
if (BIO_write(bp, " Validity\n", 17) <= 0)
goto err;
if (BIO_write(bp, " Not Before: ", 24) <= 0)
goto err;
if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
goto err;
if (BIO_write(bp, "\n Not After : ", 25) <= 0)
goto err;
if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_SUBJECT)) {
if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
goto err;
if (X509_NAME_print_ex
(bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_PUBKEY)) {
X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
ASN1_OBJECT *xpoid;
X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
goto err;
if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
goto err;
if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
pkey = X509_get_pubkey(x);
if (pkey == NULL) {
BIO_printf(bp, "%12sUnable to load Public Key\n", "");
ERR_print_errors(bp);
} else {
EVP_PKEY_print_public(bp, pkey, 16, NULL);
EVP_PKEY_free(pkey);
}
}
if (!(cflag & X509_FLAG_NO_IDS)) {
ASN1_BIT_STRING *iuid, *suid;
X509_get0_uids(&iuid, &suid, x);
if (iuid != NULL) {
if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
goto err;
if (!X509_signature_dump(bp, iuid, 12))
goto err;
}
if (suid != NULL) {
if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
goto err;
if (!X509_signature_dump(bp, suid, 12))
goto err;
}
}
if (!(cflag & X509_FLAG_NO_EXTENSIONS))
X509V3_extensions_print(bp, "X509v3 extensions",
X509_get0_extensions(x), cflag, 8);
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *sig;
X509_get0_signature(&sig, &sig_alg, x);
if (X509_signature_print(bp, sig_alg, sig) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_AUX)) {
if (!X509_aux_print(bp, x, 0))
goto err;
}
ret = 1;
err:
OPENSSL_free(m);
return (ret);
}
static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs,
char *var)
{
char *result;
BOOL resdup;
X509_NAME *xsname;
int nid;
result = NULL;
resdup = TRUE;
if (strcEQ(var, "M_VERSION")) {
result = apr_psprintf(p, "%lu", X509_get_version(xs)+1);
resdup = FALSE;
}
else if (strcEQ(var, "M_SERIAL")) {
result = ssl_var_lookup_ssl_cert_serial(p, xs);
}
else if (strcEQ(var, "V_START")) {
result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
}
else if (strcEQ(var, "V_END")) {
result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
}
else if (strcEQ(var, "V_REMAIN")) {
result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
resdup = FALSE;
}
else if (*var && strcEQ(var+1, "_DN")) {
if (*var == 'S')
xsname = X509_get_subject_name(xs);
else if (*var == 'I')
xsname = X509_get_issuer_name(xs);
else
return NULL;
result = ssl_var_lookup_ssl_cert_dn_oneline(p, r, xsname);
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var+1, "_DN_", 4)) {
if (*var == 'S')
xsname = X509_get_subject_name(xs);
else if (*var == 'I')
xsname = X509_get_issuer_name(xs);
else
return NULL;
result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
resdup = FALSE;
}
else if (strlen(var) > 4 && strcEQn(var, "SAN_", 4)) {
result = ssl_var_lookup_ssl_cert_san(p, xs, var+4);
resdup = FALSE;
}
else if (strcEQ(var, "A_SIG")) {
#if MODSSL_USE_OPENSSL_PRE_1_1_API
nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
#else
const ASN1_OBJECT *paobj;
X509_ALGOR_get0(&paobj, NULL, NULL, X509_get0_tbs_sigalg(xs));
nid = OBJ_obj2nid(paobj);
#endif
result = apr_pstrdup(p,
(nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
resdup = FALSE;
}
else if (strcEQ(var, "A_KEY")) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->key->algor->algorithm));
#else
ASN1_OBJECT *paobj;
X509_PUBKEY_get0_param(&paobj, NULL, 0, NULL, X509_get_X509_PUBKEY(xs));
nid = OBJ_obj2nid(paobj);
#endif
result = apr_pstrdup(p,
(nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
resdup = FALSE;
}
else if (strcEQ(var, "CERT")) {
result = ssl_var_lookup_ssl_cert_PEM(p, xs);
}
if (resdup)
result = apr_pstrdup(p, result);
return result;
}
