int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
{
int i, ret = 0;
long l;
OCSP_CERTID *cid = NULL;
OCSP_BASICRESP *br = NULL;
OCSP_RESPID *rid = NULL;
OCSP_RESPDATA *rd = NULL;
OCSP_CERTSTATUS *cst = NULL;
OCSP_REVOKEDINFO *rev = NULL;
OCSP_SINGLERESP *single = NULL;
OCSP_RESPBYTES *rb = o->responseBytes;
if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
l=ASN1_ENUMERATED_get(o->responseStatus);
if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n",
OCSP_response_status_str(l), l) <= 0) goto err;
if (rb == NULL) return 1;
if (BIO_puts(bp," Response Type: ") <= 0)
goto err;
if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
goto err;
if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
{
BIO_puts(bp," (unknown response type)\n");
return 1;
}
i = ASN1_STRING_length(rb->response);
if (!(br = OCSP_response_get1_basic(o))) goto err;
rd = br->tbsResponseData;
l=ASN1_INTEGER_get(rd->version);
if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n",
l+1,l) <= 0) goto err;
if (BIO_puts(bp," Responder Id: ") <= 0) goto err;
rid = rd->responderId;
switch (rid->type)
{
case V_OCSP_RESPID_NAME:
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break;
case V_OCSP_RESPID_KEY:
i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
break;
}
if (BIO_printf(bp,"\n Produced At: ")<=0) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err;
for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
{
if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
single = sk_OCSP_SINGLERESP_value(rd->responses, i);
cid = single->certId;
if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
cst = single->certStatus;
if (BIO_printf(bp," Cert Status: %s",
OCSP_cert_status_str(cst->type)) <= 0)
goto err;
if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
{
rev = cst->value.revoked;
if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,
rev->revocationTime))
goto err;
if (rev->revocationReason)
{
l=ASN1_ENUMERATED_get(rev->revocationReason);
if (BIO_printf(bp,
"\n Revocation Reason: %s (0x%lx)",
OCSP_crl_reason_str(l), l) <= 0)
goto err;
}
}
if (BIO_printf(bp,"\n This Update: ") <= 0) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
goto err;
if (single->nextUpdate)
{
if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
goto err;
}
if (BIO_write(bp,"\n",1) <= 0) goto err;
if (!X509V3_extensions_print(bp,
"Response Single Extensions",
single->singleExtensions, flags, 8))
goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if (!X509V3_extensions_print(bp, "Response Extensions",
rd->responseExtensions, flags, 4))
goto err;
if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
goto err;
for (i=0; i<sk_X509_num(br->certs); i++)
{
X509_print(bp, sk_X509_value(br->certs,i));
PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
}
ret = 1;
err:
OCSP_BASICRESP_free(br);
return ret;
}
//============================================================
// Initializes NotaryInfo object with data from OCSP object
// pSigDoc - digidoc main object pointer
// pNotary - NotaryInfo object to be initialized
// resp - OCSP response object
// notCert - Notary cert object
// return error code
//============================================================
int initializeNotaryInfoWithOCSP(SignedDoc *pSigDoc, NotaryInfo *pNotary,
OCSP_RESPONSE *resp, X509 *notCert, int initDigest)
{
int n, err = ERR_OK;
char buf[500];
OCSP_RESPBYTES *rb = NULL;
OCSP_BASICRESP *br = NULL;
OCSP_RESPDATA *rd = NULL;
OCSP_RESPID *rid = NULL;
// OCSP_CERTSTATUS *cst = NULL;
OCSP_SINGLERESP *single = NULL;
OCSP_CERTID *cid = NULL;
X509_EXTENSION *nonce;
//AM 26.09.08
DigiDocMemBuf mbuf1;
mbuf1.pMem = 0;
mbuf1.nLen = 0;
RETURN_IF_NULL_PARAM(pNotary);
RETURN_IF_NULL_PARAM(resp);
// check the OCSP Response validity
switch(OCSP_response_status(resp)) {
case OCSP_RESPONSE_STATUS_SUCCESSFUL: // OK
break;
case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_MALFORMED);
case OCSP_RESPONSE_STATUS_INTERNALERROR:
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_INTERNALERR);
case OCSP_RESPONSE_STATUS_TRYLATER:
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_TRYLATER);
case OCSP_RESPONSE_STATUS_SIGREQUIRED:
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_SIGREQUIRED);
case OCSP_RESPONSE_STATUS_UNAUTHORIZED:
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_UNAUTHORIZED);
default:
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_UNSUCCESSFUL);
}
RETURN_IF_NULL_PARAM(resp->responseBytes);;
rb = resp->responseBytes;
if(OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_UNKNOWN_TYPE);
if((br = OCSP_response_get1_basic(resp)) == NULL)
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_NO_BASIC_RESP);
rd = br->tbsResponseData;
if(ASN1_INTEGER_get(rd->version) != 0)
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_WRONG_VERSION);
n = sk_OCSP_SINGLERESP_num(rd->responses);
if(n != 1)
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_ONE_RESPONSE);
single = sk_OCSP_SINGLERESP_value(rd->responses, 0);
RETURN_IF_NULL(single);
cid = single->certId;
RETURN_IF_NULL(cid);
ddocDebug(4, "initializeNotaryInfoWithOCSP", "CertStatus-type: %d", single->certStatus->type);
//printf("TYPE: %d\n", single->certStatus->type);
if(single->certStatus->type != 0) {
ddocDebug(4, "initializeNotaryInfoWithOCSP", "errcode: %d", handleOCSPCertStatus(single->certStatus->type));
SET_LAST_ERROR_RETURN_CODE(handleOCSPCertStatus(single->certStatus->type));
}
//Removed 31.10.2003
//if(single->singleExtensions)
// SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_NO_SINGLE_EXT);
if(!rd->responseExtensions ||
(sk_X509_EXTENSION_num(rd->responseExtensions) != 1) ||
((nonce = sk_X509_EXTENSION_value(rd->responseExtensions, 0)) == NULL))
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_NO_NONCE);
i2t_ASN1_OBJECT(buf,sizeof(buf),nonce->object);
if(strcmp(buf, OCSP_NONCE_NAME))
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_NO_NONCE);
rid = rd->responderId;
if(rid->type == V_OCSP_RESPID_NAME) {
pNotary->nRespIdType = RESPID_NAME_TYPE;
} else if(rid->type == V_OCSP_RESPID_KEY) {
pNotary->nRespIdType = RESPID_KEY_TYPE;
} else {
SET_LAST_ERROR_RETURN_CODE(ERR_OCSP_WRONG_RESPID);
}
// producedAt
err = asn1time2str(pSigDoc, rd->producedAt, buf, sizeof(buf));
setString(&(pNotary->timeProduced), buf, -1);
n = sizeof(buf);
if(rid->type == V_OCSP_RESPID_NAME) {
//X509_NAME_oneline(rid->value.byName,buf,n);
//AM 26.09.08
err = ddocCertGetDNFromName(rid->value.byName, &mbuf1);
RETURN_IF_NOT(err == ERR_OK, err);
err = ddocNotInfo_SetResponderId(pNotary, (char*)mbuf1.pMem, -1);
ddocMemBuf_free(&mbuf1);
}
if(rid->type == V_OCSP_RESPID_KEY) {
err = ddocNotInfo_SetResponderId(pNotary, (const char*)rid->value.byKey->data, rid->value.byKey->length);
}
// digest type
i2t_ASN1_OBJECT(buf,sizeof(buf),cid->hashAlgorithm->algorithm);
setString(&(pNotary->szDigestType), buf, -1);
// signature algorithm
i2t_ASN1_OBJECT(buf,sizeof(buf),br->signatureAlgorithm->algorithm);
setString(&(pNotary->szSigType), buf, -1);
// notary cert
if(notCert && !err)
err = addNotaryInfoCert(pSigDoc, pNotary, notCert);
// save the response in memory
err = ddocNotInfo_SetOCSPResponse_Value(pNotary, resp);
// get the digest from original OCSP data
if(initDigest && notCert) {
err = calcNotaryDigest(pSigDoc, pNotary);
}
if(br != NULL)
OCSP_BASICRESP_free(br);
if (err != ERR_OK) SET_LAST_ERROR(err);
return err;
}
