virtual void execute(cmd_context& ctx) {
if (m_target == 0) {
throw cmd_exception("invalid query command, argument expected");
}
datalog::context& dlctx = m_dl_ctx->get_dl_context();
set_background(ctx);
dlctx.updt_params(m_params);
unsigned timeout = m_params.get_uint(":timeout", UINT_MAX);
cancel_eh<datalog::context> eh(dlctx);
lbool status = l_undef;
{
scoped_ctrl_c ctrlc(eh);
scoped_timer timer(timeout, &eh);
cmd_context::scoped_watch sw(ctx);
try {
status = dlctx.query(m_target);
}
catch (z3_error & ex) {
throw ex;
}
catch (z3_exception& ex) {
ctx.regular_stream() << "(error \"query failed: " << ex.msg() << "\")" << std::endl;
}
dlctx.cleanup();
}
switch (status) {
case l_false:
ctx.regular_stream() << "unsat\n";
print_certificate(ctx);
break;
case l_true:
ctx.regular_stream() << "sat\n";
print_answer(ctx);
print_certificate(ctx);
break;
case l_undef:
ctx.regular_stream() << "unknown\n";
switch(dlctx.get_status()) {
case datalog::INPUT_ERROR:
break;
case datalog::MEMOUT:
ctx.regular_stream() << "memory bounds exceeded\n";
break;
case datalog::TIMEOUT:
ctx.regular_stream() << "timeout\n";
break;
case datalog::OK:
break;
default:
UNREACHABLE();
}
break;
}
print_statistics(ctx);
m_target = 0;
}
static int parse_pkcs7_data(const options_t *options, const CRYPT_DATA_BLOB *blob)
{
int result = 0;
const cert_format_e input_fmt = CERT_FORMAT_DER;
PKCS7 *p7 = NULL;
BIO *in = NULL;
CRYPTO_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
in = BIO_new_mem_buf(blob->pbData, blob->cbData);
if (in == NULL) {
result = -2;
goto error;
}
switch (input_fmt) {
default: EXIT_ERROR("unhandled input format for certificate");
case CERT_FORMAT_DER:
p7 = d2i_PKCS7_bio(in, NULL);
break;
case CERT_FORMAT_PEM:
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
break;
}
if (p7 == NULL) {
ERR_print_errors_fp(stderr);
result = -3;
goto error;
}
STACK_OF(X509) *certs = NULL;
int type = OBJ_obj2nid(p7->type);
switch (type) {
default: break;
case NID_pkcs7_signed: // PKCS7_type_is_signed(p7)
certs = p7->d.sign->cert;
break;
case NID_pkcs7_signedAndEnveloped: // PKCS7_type_is_signedAndEnveloped(p7)
certs = p7->d.signed_and_enveloped->cert;
break;
}
const int numcerts = certs != NULL ? sk_X509_num(certs) : 0;
for (int i = 0; i < numcerts; i++) {
X509 *cert = sk_X509_value(certs, i);
print_certificate(options->certout, options->certoutform, cert);
// NOTE: Calling X509_free(cert) is unnecessary.
}
// Print whether certificate signature is valid
if (numcerts > 0) {
X509 *subject = sk_X509_value(certs, 0);
X509 *issuer = sk_X509_value(certs, numcerts - 1);
int valid_sig = X509_verify(subject, X509_get_pubkey(issuer));
output("Signature", valid_sig == 1 ? "valid" : "invalid");
}
// Print signers
if (numcerts > 0) {
output_open_scope("signers", OUTPUT_SCOPE_TYPE_ARRAY);
for (int i = 0; i < numcerts; i++) {
X509 *cert = sk_X509_value(certs, i);
X509_NAME *name = X509_get_subject_name(cert);
int issuer_name_len = X509_NAME_get_text_by_NID(name, NID_commonName, NULL, 0);
if (issuer_name_len > 0) {
output_open_scope("signer", OUTPUT_SCOPE_TYPE_OBJECT);
char issuer_name[issuer_name_len + 1];
X509_NAME_get_text_by_NID(name, NID_commonName, issuer_name, issuer_name_len + 1);
output("Issuer", issuer_name);
output_close_scope(); // signer
}
}
output_close_scope(); // signers
}
error:
if (p7 != NULL)
PKCS7_free(p7);
if (in != NULL)
BIO_free(in);
// Deallocate everything from OpenSSL_add_all_algorithms
EVP_cleanup();
// Deallocate everything from ERR_load_crypto_strings
ERR_free_strings();
return result;
}
