int
hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
{
Certificate *cert;
hx509_name n;
char *s, *i;
cert = _hx509_get_cert(c);
_hx509_name_from_Name(&cert->tbsCertificate.subject, &n);
hx509_name_to_string(n, &s);
hx509_name_free(&n);
_hx509_name_from_Name(&cert->tbsCertificate.issuer, &n);
hx509_name_to_string(n, &i);
hx509_name_free(&n);
fprintf(ctx, "subject: %s\nissuer: %s\n", s, i);
free(s);
free(i);
return 0;
}
int
_hx509_unparse_Name(const Name *aname, char **str)
{
hx509_name name;
int ret;
ret = _hx509_name_from_Name(aname, &name);
if (ret)
return ret;
ret = hx509_name_to_string(name, str);
hx509_name_free(&name);
return ret;
}
int
_hx509_request_parse(hx509_context context,
const char *path,
hx509_request *req)
{
CertificationRequest r;
CertificationRequestInfo *rinfo;
hx509_name subject;
size_t len, size;
void *p;
int ret;
if (strncmp(path, "PKCS10:", 7) != 0) {
hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
"unsupport type in %s", path);
return HX509_UNSUPPORTED_OPERATION;
}
path += 7;
/* XXX PEM request */
ret = rk_undumpdata(path, &p, &len);
if (ret) {
hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
return ret;
}
ret = decode_CertificationRequest(p, len, &r, &size);
rk_xfree(p);
if (ret) {
hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
return ret;
}
ret = _hx509_request_init(context, req);
if (ret) {
free_CertificationRequest(&r);
return ret;
}
rinfo = &r.certificationRequestInfo;
ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
&rinfo->subjectPKInfo);
if (ret) {
free_CertificationRequest(&r);
_hx509_request_free(req);
return ret;
}
ret = _hx509_name_from_Name(&rinfo->subject, &subject);
if (ret) {
free_CertificationRequest(&r);
_hx509_request_free(req);
return ret;
}
ret = _hx509_request_set_name(context, *req, subject);
hx509_name_free(&subject);
free_CertificationRequest(&r);
if (ret) {
_hx509_request_free(req);
return ret;
}
return 0;
}
int
hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
{
struct revoke_ocsp ocsp;
int ret;
size_t i;
if (out == NULL)
out = stdout;
memset(&ocsp, 0, sizeof(ocsp));
ocsp.path = strdup(path);
if (ocsp.path == NULL)
return ENOMEM;
ret = load_ocsp(context, &ocsp);
if (ret) {
free_ocsp(&ocsp);
return ret;
}
fprintf(out, "signer: ");
switch(ocsp.ocsp.tbsResponseData.responderID.element) {
case choice_OCSPResponderID_byName: {
hx509_name n;
char *s;
_hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n);
hx509_name_to_string(n, &s);
hx509_name_free(&n);
fprintf(out, " byName: %s\n", s);
free(s);
break;
}
case choice_OCSPResponderID_byKey: {
char *s;
hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data,
ocsp.ocsp.tbsResponseData.responderID.u.byKey.length,
&s);
fprintf(out, " byKey: %s\n", s);
free(s);
break;
}
default:
_hx509_abort("choice_OCSPResponderID unknown");
break;
}
fprintf(out, "producedAt: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.producedAt));
fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) {
const char *status;
switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) {
case choice_OCSPCertStatus_good:
status = "good";
break;
case choice_OCSPCertStatus_revoked:
status = "revoked";
break;
case choice_OCSPCertStatus_unknown:
status = "unknown";
break;
default:
status = "element unknown";
}
fprintf(out, "\t%zu. status: %s\n", i, status);
fprintf(out, "\tthisUpdate: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
fprintf(out, "\tproducedAt: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
}
fprintf(out, "appended certs:\n");
if (ocsp.certs)
ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
free_ocsp(&ocsp);
return ret;
}
