Пример #1
0
static void print_dn(gnutls_buffer_st * str, const char *prefix,
		     const gnutls_datum_t * raw)
{
	gnutls_x509_dn_t dn = NULL;
	gnutls_datum_t output = { NULL, 0 };
	int ret;

	ret = gnutls_x509_dn_init(&dn);
	if (ret < 0) {
		addf(str, "%s: [error]\n", prefix);
		return;
	}

	ret = gnutls_x509_dn_import(dn, raw);
	if (ret < 0) {
		addf(str, "%s: [error]\n", prefix);
		goto cleanup;
	}

	ret = gnutls_x509_dn_get_str2(dn, &output, 0);
	if (ret < 0) {
		addf(str, "%s: [error]\n", prefix);
		goto cleanup;
	}

	addf(str, "%s: %s\n", prefix, output.data);

 cleanup:
	gnutls_x509_dn_deinit(dn);
	gnutls_free(output.data);
}
Пример #2
0
static void
print_key_usage(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
		unsigned int idx)
{
	unsigned int key_usage;
	int err;

	adds(str, _("\t\tKey Usage:\n"));


	if (idx == (unsigned int) -1)
		err = gnutls_openpgp_crt_get_key_usage(cert, &key_usage);
	else
		err =
		    gnutls_openpgp_crt_get_subkey_usage(cert, idx,
							&key_usage);
	if (err < 0) {
		addf(str, _("error: get_key_usage: %s\n"),
		     gnutls_strerror(err));
		return;
	}

	if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
		adds(str, _("\t\t\tDigital signatures.\n"));
	if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
		adds(str, _("\t\t\tCommunications encipherment.\n"));
	if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
		adds(str, _("\t\t\tStorage data encipherment.\n"));
	if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
		adds(str, _("\t\t\tAuthentication.\n"));
	if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
		adds(str, _("\t\t\tCertificate signing.\n"));
}
Пример #3
0
unsigned int *
madd(unsigned int *a, unsigned int *b)
{
	if (MSIGN(a) == MSIGN(b))
		return addf(a, b);	// same sign, add together
	else
		return subf(a, b);	// opposite sign, find difference
}
Пример #4
0
/* idx == -1 indicates main key
 * otherwise the subkey.
 */
static void
print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
  char fpr[128];
  size_t fpr_size = sizeof (fpr);
  int err;

  err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
  if (err < 0)
    addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
  else
    {
      adds (str, _("\tFingerprint (hex): "));
      hexprint (str, fpr, fpr_size);
      addf (str, "\n");
    }
}
Пример #5
0
static void print_raw(gnutls_buffer_st * str, const char *prefix,
		      const gnutls_datum_t * raw)
{
	gnutls_datum_t result;
	int ret;

	if (raw->data == NULL || raw->size == 0)
		return;

	ret = gnutls_hex_encode2(raw, &result);
	if (ret < 0) {
		addf(str, "%s: [error]\n", prefix);
		return;
	}

	addf(str, "%s: %s\n", prefix, result.data);
	gnutls_free(result.data);
}
Пример #6
0
/* idx == -1 indicates main key
 * otherwise the subkey.
 */
static void
print_key_id(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
	gnutls_openpgp_keyid_t id;
	int err;

	if (idx < 0)
		err = gnutls_openpgp_crt_get_key_id(cert, id);
	else
		err = gnutls_openpgp_crt_get_subkey_id(cert, idx, id);

	if (err < 0)
		addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
	else {
		adds(str, _("\tID (hex): "));
		_gnutls_buffer_hexprint(str, id, sizeof(id));
		addf(str, "\n");
	}

}
Пример #7
0
/* idx == -1 indicates main key
 * otherwise the subkey.
 */
static void
print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
	uint8_t fpr[128];
	size_t fpr_size = sizeof(fpr);
	int err;
	const char *name;
	char *p;
	unsigned int bits;

	err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size);
	if (err < 0)
		addf(str, "error: get_fingerprint: %s\n",
		     gnutls_strerror(err));
	else {
		adds(str, _("\tFingerprint (hex): "));
		_gnutls_buffer_hexprint(str, fpr, fpr_size);
		addf(str, "\n");
	}

	err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
	if (err < 0)
		return;

	name = gnutls_pk_get_name(err);
	if (name == NULL)
		return;

	p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits,
					      "\t\t");
	if (p == NULL)
		return;

	adds(str, _("\tFingerprint's random art:\n"));
	adds(str, p);
	adds(str, "\n");

	gnutls_free(p);
}
Пример #8
0
static void
hexprint (gnutls_buffer_st * str, const char *data, size_t len)
{
  size_t j;

  if (len == 0)
    adds (str, "00");
  else
    {
      for (j = 0; j < len; j++)
        addf (str, "%.2x", (unsigned char) data[j]);
    }
}
Пример #9
0
static void
print_key_times(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
	time_t tim;

	adds(str, _("\tTime stamps:\n"));

	if (idx == -1)
		tim = gnutls_openpgp_crt_get_creation_time(cert);
	else
		tim =
		    gnutls_openpgp_crt_get_subkey_creation_time(cert, idx);

	{
		char s[42];
		size_t max = sizeof(s);
		struct tm t;

		if (gmtime_r(&tim, &t) == NULL)
			addf(str, "error: gmtime_r (%ld)\n",
			     (unsigned long) tim);
		else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
			 == 0)
			addf(str, "error: strftime (%ld)\n",
			     (unsigned long) tim);
		else
			addf(str, _("\t\tCreation: %s\n"), s);
	}

	if (idx == -1)
		tim = gnutls_openpgp_crt_get_expiration_time(cert);
	else
		tim =
		    gnutls_openpgp_crt_get_subkey_expiration_time(cert,
								  idx);
	{
		char s[42];
		size_t max = sizeof(s);
		struct tm t;

		if (tim == 0) {
			adds(str, _("\t\tExpiration: Never\n"));
		} else {
			if (gmtime_r(&tim, &t) == NULL)
				addf(str, "error: gmtime_r (%ld)\n",
				     (unsigned long) tim);
			else if (strftime
				 (s, max, "%a %b %d %H:%M:%S UTC %Y",
				  &t) == 0)
				addf(str, "error: strftime (%ld)\n",
				     (unsigned long) tim);
			else
				addf(str, _("\t\tExpiration: %s\n"), s);
		}
	}
}
Пример #10
0
static void
hexdump (gnutls_buffer_st * str, const char *data, size_t len,
         const char *spc)
{
  size_t j;

  if (spc)
    adds (str, spc);
  for (j = 0; j < len; j++)
    {
      if (((j + 1) % 16) == 0)
        {
          addf (str, "%.2x\n", (unsigned char) data[j]);
          if (spc && j != (len - 1))
            adds (str, spc);
        }
      else if (j == (len - 1))
        addf (str, "%.2x", (unsigned char) data[j]);
      else
        addf (str, "%.2x:", (unsigned char) data[j]);
    }
  if ((j % 16) != 0)
    adds (str, "\n");
}
Пример #11
0
void main()
{
 char in[100],r[101],*a,*b;
 int i,j,c=0,cc=1;
 gets(r);
 while(gets(in))
 {
    if(in[0]=='0')
    {
      printf("%s",r);
      break;
    }
    addf(in,r,r);


 }

}
Пример #12
0
static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_t req)
{
	int ret;
	unsigned indx;

	/* Version. */
	{
		int version = gnutls_ocsp_req_get_version(req);
		if (version < 0)
			addf(str, "error: get_version: %s\n",
			     gnutls_strerror(version));
		else
			addf(str, _("\tVersion: %d\n"), version);
	}

	/* XXX requestorName */

	/* requestList */
	addf(str, "\tRequest List:\n");
	for (indx = 0;; indx++) {
		gnutls_digest_algorithm_t digest;
		gnutls_datum_t in, ik, sn;

		ret =
		    gnutls_ocsp_req_get_cert_id(req, indx, &digest, &in,
						&ik, &sn);
		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
			break;
		addf(str, "\t\tCertificate ID:\n");
		if (ret != GNUTLS_E_SUCCESS) {
			addf(str, "error: get_cert_id: %s\n",
			     gnutls_strerror(ret));
			continue;
		}
		addf(str, "\t\t\tHash Algorithm: %s\n",
		     _gnutls_digest_get_name(hash_to_entry(digest)));

		adds(str, "\t\t\tIssuer Name Hash: ");
		_gnutls_buffer_hexprint(str, in.data, in.size);
		adds(str, "\n");

		adds(str, "\t\t\tIssuer Key Hash: ");
		_gnutls_buffer_hexprint(str, ik.data, ik.size);
		adds(str, "\n");

		adds(str, "\t\t\tSerial Number: ");
		_gnutls_buffer_hexprint(str, sn.data, sn.size);
		adds(str, "\n");

		gnutls_free(in.data);
		gnutls_free(ik.data);
		gnutls_free(sn.data);

		/* XXX singleRequestExtensions */
	}

	for (indx = 0;; indx++) {
		gnutls_datum_t oid;
		unsigned int critical;
		gnutls_datum_t data;

		ret =
		    gnutls_ocsp_req_get_extension(req, indx, &oid,
						  &critical, &data);
		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
			break;
		else if (ret != GNUTLS_E_SUCCESS) {
			addf(str, "error: get_extension: %s\n",
			     gnutls_strerror(ret));
			continue;
		}
		if (indx == 0)
			adds(str, "\tExtensions:\n");

		if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
		    memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
			gnutls_datum_t nonce;
			unsigned int ncrit;

			ret =
			    gnutls_ocsp_req_get_nonce(req, &ncrit,
						      &nonce);
			if (ret != GNUTLS_E_SUCCESS) {
				addf(str, "error: get_nonce: %s\n",
				     gnutls_strerror(ret));
			} else {
				addf(str, "\t\tNonce%s: ",
				     ncrit ? " (critical)" : "");
				_gnutls_buffer_hexprint(str, nonce.data,
							nonce.size);
				adds(str, "\n");
				gnutls_free(nonce.data);
			}
		} else {
			addf(str, "\t\tUnknown extension %s (%s):\n",
			     oid.data,
			     critical ? "critical" : "not critical");

			adds(str, _("\t\t\tASCII: "));
			_gnutls_buffer_asciiprint(str, (char *) data.data,
						  data.size);
			addf(str, "\n");

			adds(str, _("\t\t\tHexdump: "));
			_gnutls_buffer_hexprint(str, (char *) data.data,
						data.size);
			adds(str, "\n");
		}

		gnutls_free(oid.data);
		gnutls_free(data.data);
	}

	/* XXX Signature */
}
Пример #13
0
static void
print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
	   gnutls_ocsp_print_formats_t format)
{
	int ret;
	unsigned indx;

	ret = gnutls_ocsp_resp_get_status(resp);
	if (ret < 0) {
		addf(str, "error: ocsp_resp_get_status: %s\n",
		     gnutls_strerror(ret));
		return;
	}

	adds(str, "\tResponse Status: ");
	switch (ret) {
	case GNUTLS_OCSP_RESP_SUCCESSFUL:
		adds(str, "Successful\n");
		break;

	case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
		adds(str, "malformedRequest\n");
		return;

	case GNUTLS_OCSP_RESP_INTERNALERROR:
		adds(str, "internalError\n");
		return;

	case GNUTLS_OCSP_RESP_TRYLATER:
		adds(str, "tryLater\n");
		return;

	case GNUTLS_OCSP_RESP_SIGREQUIRED:
		adds(str, "sigRequired\n");
		return;

	case GNUTLS_OCSP_RESP_UNAUTHORIZED:
		adds(str, "unauthorized\n");
		return;

	default:
		adds(str, "unknown\n");
		return;
	}

	{
		gnutls_datum_t oid;

		ret = gnutls_ocsp_resp_get_response(resp, &oid, NULL);
		if (ret < 0) {
			addf(str, "error: get_response: %s\n",
			     gnutls_strerror(ret));
			return;
		}

		adds(str, "\tResponse Type: ");
#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"

		if (oid.size == sizeof(OCSP_BASIC)
		    && memcmp(oid.data, OCSP_BASIC, oid.size) == 0) {
			adds(str, "Basic OCSP Response\n");
			gnutls_free(oid.data);
		} else {
			addf(str, "Unknown response type (%.*s)\n",
			     oid.size, oid.data);
			gnutls_free(oid.data);
			return;
		}
	}

	/* Version. */
	{
		int version = gnutls_ocsp_resp_get_version(resp);
		if (version < 0)
			addf(str, "error: get_version: %s\n",
			     gnutls_strerror(version));
		else
			addf(str, _("\tVersion: %d\n"), version);
	}

	/* responderID */
	{
		gnutls_datum_t dn;

		ret = gnutls_ocsp_resp_get_responder(resp, &dn);
		if (ret < 0 || dn.data == NULL) {
			if (dn.data == 0) {
				ret = gnutls_ocsp_resp_get_responder_raw_id(resp, GNUTLS_OCSP_RESP_ID_KEY, &dn);

				if (ret >= 0) {
					addf(str, _("\tResponder Key ID: "));
					_gnutls_buffer_hexprint(str, dn.data, dn.size);
					adds(str, "\n");
				}
				gnutls_free(dn.data);
			} else {
				addf(str, "error: get_dn: %s\n",
				     gnutls_strerror(ret));
			}
		} else {
			if (dn.data != NULL) {
				addf(str, _("\tResponder ID: %.*s\n"), dn.size,
				     dn.data);
				gnutls_free(dn.data);
			}
		}
	}

	{
		char s[42];
		size_t max = sizeof(s);
		struct tm t;
		time_t tim = gnutls_ocsp_resp_get_produced(resp);

		if (tim == (time_t) - 1)
			addf(str, "error: ocsp_resp_get_produced\n");
		else if (gmtime_r(&tim, &t) == NULL)
			addf(str, "error: gmtime_r (%ld)\n",
			     (unsigned long) tim);
		else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
			 == 0)
			addf(str, "error: strftime (%ld)\n",
			     (unsigned long) tim);
		else
			addf(str, _("\tProduced At: %s\n"), s);
	}

	addf(str, "\tResponses:\n");
	for (indx = 0;; indx++) {
		gnutls_digest_algorithm_t digest;
		gnutls_datum_t in, ik, sn;
		unsigned int cert_status;
		time_t this_update;
		time_t next_update;
		time_t revocation_time;
		unsigned int revocation_reason;

		ret = gnutls_ocsp_resp_get_single(resp,
						  indx,
						  &digest, &in, &ik, &sn,
						  &cert_status,
						  &this_update,
						  &next_update,
						  &revocation_time,
						  &revocation_reason);
		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
			break;
		addf(str, "\t\tCertificate ID:\n");
		if (ret != GNUTLS_E_SUCCESS) {
			addf(str, "error: get_singleresponse: %s\n",
			     gnutls_strerror(ret));
			continue;
		}
		addf(str, "\t\t\tHash Algorithm: %s\n",
		     _gnutls_digest_get_name(hash_to_entry(digest)));

		adds(str, "\t\t\tIssuer Name Hash: ");
		_gnutls_buffer_hexprint(str, in.data, in.size);
		adds(str, "\n");

		adds(str, "\t\t\tIssuer Key Hash: ");
		_gnutls_buffer_hexprint(str, ik.data, ik.size);
		adds(str, "\n");

		adds(str, "\t\t\tSerial Number: ");
		_gnutls_buffer_hexprint(str, sn.data, sn.size);
		adds(str, "\n");

		gnutls_free(in.data);
		gnutls_free(ik.data);
		gnutls_free(sn.data);

		{
			const char *p = NULL;

			switch (cert_status) {
			case GNUTLS_OCSP_CERT_GOOD:
				p = "good";
				break;

			case GNUTLS_OCSP_CERT_REVOKED:
				p = "revoked";
				break;

			case GNUTLS_OCSP_CERT_UNKNOWN:
				p = "unknown";
				break;

			default:
				addf(str,
				     "\t\tCertificate Status: unexpected value %d\n",
				     cert_status);
				break;
			}

			if (p)
				addf(str, "\t\tCertificate Status: %s\n",
				     p);
		}

		/* XXX revocation reason */

		if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
			char s[42];
			size_t max = sizeof(s);
			struct tm t;

			if (revocation_time == (time_t) - 1)
				addf(str, "error: revocation_time\n");
			else if (gmtime_r(&revocation_time, &t) == NULL)
				addf(str, "error: gmtime_r (%ld)\n",
				     (unsigned long) revocation_time);
			else if (strftime
				 (s, max, "%a %b %d %H:%M:%S UTC %Y",
				  &t) == 0)
				addf(str, "error: strftime (%ld)\n",
				     (unsigned long) revocation_time);
			else
				addf(str, _("\t\tRevocation time: %s\n"),
				     s);
		}

		{
			char s[42];
			size_t max = sizeof(s);
			struct tm t;

			if (this_update == (time_t) - 1)
				addf(str, "error: this_update\n");
			else if (gmtime_r(&this_update, &t) == NULL)
				addf(str, "error: gmtime_r (%ld)\n",
				     (unsigned long) this_update);
			else if (strftime
				 (s, max, "%a %b %d %H:%M:%S UTC %Y",
				  &t) == 0)
				addf(str, "error: strftime (%ld)\n",
				     (unsigned long) this_update);
			else
				addf(str, _("\t\tThis Update: %s\n"), s);
		}

		{
			char s[42];
			size_t max = sizeof(s);
			struct tm t;

			if (next_update != (time_t) - 1) {
				if (gmtime_r(&next_update, &t) == NULL)
					addf(str, "error: gmtime_r (%ld)\n",
					     (unsigned long) next_update);
				else if (strftime
					 (s, max, "%a %b %d %H:%M:%S UTC %Y",
					  &t) == 0)
					addf(str, "error: strftime (%ld)\n",
					     (unsigned long) next_update);
				else
					addf(str, _("\t\tNext Update: %s\n"), s);
			}
		}

		/* XXX singleRequestExtensions */
	}

	adds(str, "\tExtensions:\n");
	for (indx = 0;; indx++) {
		gnutls_datum_t oid;
		unsigned int critical;
		gnutls_datum_t data;

		ret =
		    gnutls_ocsp_resp_get_extension(resp, indx, &oid,
						   &critical, &data);
		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
			break;
		else if (ret != GNUTLS_E_SUCCESS) {
			addf(str, "error: get_extension: %s\n",
			     gnutls_strerror(ret));
			continue;
		}

		if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
		    memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
			gnutls_datum_t nonce;
			unsigned int ncrit;

			ret =
			    gnutls_ocsp_resp_get_nonce(resp, &ncrit,
						       &nonce);
			if (ret != GNUTLS_E_SUCCESS) {
				addf(str, "error: get_nonce: %s\n",
				     gnutls_strerror(ret));
			} else {
				addf(str, "\t\tNonce%s: ",
				     ncrit ? " (critical)" : "");
				_gnutls_buffer_hexprint(str, nonce.data,
							nonce.size);
				adds(str, "\n");
				gnutls_free(nonce.data);
			}
		} else {
			addf(str, "\t\tUnknown extension %s (%s):\n",
			     oid.data,
			     critical ? "critical" : "not critical");

			adds(str, _("\t\t\tASCII: "));
			_gnutls_buffer_asciiprint(str, (char *) data.data,
						  data.size);
			addf(str, "\n");

			adds(str, _("\t\t\tHexdump: "));
			_gnutls_buffer_hexprint(str, (char *) data.data,
						data.size);
			adds(str, "\n");
		}

		gnutls_free(oid.data);
		gnutls_free(data.data);
	}

	/* Signature. */
	if (format == GNUTLS_OCSP_PRINT_FULL) {
		gnutls_datum_t sig;

		ret = gnutls_ocsp_resp_get_signature_algorithm(resp);
		if (ret < 0)
			addf(str, "error: get_signature_algorithm: %s\n",
			     gnutls_strerror(ret));
		else {
			const char *name =
			    gnutls_sign_algorithm_get_name(ret);
			if (name == NULL)
				name = _("unknown");
			addf(str, _("\tSignature Algorithm: %s\n"), name);
		}
		if (ret != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(ret) == 0) {
			adds(str,
			     _("warning: signed using a broken signature "
			       "algorithm that can be forged.\n"));
		}

		ret = gnutls_ocsp_resp_get_signature(resp, &sig);
		if (ret < 0)
			addf(str, "error: get_signature: %s\n",
			     gnutls_strerror(ret));
		else {
			adds(str, _("\tSignature:\n"));
			_gnutls_buffer_hexdump(str, sig.data, sig.size,
					       "\t\t");

			gnutls_free(sig.data);
		}
	}

	/* certs */
	if (format == GNUTLS_OCSP_PRINT_FULL) {
		gnutls_x509_crt_t *certs;
		size_t ncerts, i;
		gnutls_datum_t out;

		ret = gnutls_ocsp_resp_get_certs(resp, &certs, &ncerts);
		if (ret < 0)
			addf(str, "error: get_certs: %s\n",
			     gnutls_strerror(ret));
		else {
			if (ncerts > 0)
				addf(str, "\tAdditional certificates:\n");

			for (i = 0; i < ncerts; i++) {
				size_t s = 0;

				ret =
				    gnutls_x509_crt_print(certs[i],
							  GNUTLS_CRT_PRINT_FULL,
							  &out);
				if (ret < 0)
					addf(str, "error: crt_print: %s\n",
					     gnutls_strerror(ret));
				else {
					addf(str, "%.*s", out.size,
					     out.data);
					gnutls_free(out.data);
				}

				ret =
				    gnutls_x509_crt_export(certs[i],
							   GNUTLS_X509_FMT_PEM,
							   NULL, &s);
				if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
					addf(str,
					     "error: crt_export: %s\n",
					     gnutls_strerror(ret));
				else {
					out.data = gnutls_malloc(s);
					if (out.data == NULL)
						addf(str,
						     "error: malloc: %s\n",
						     gnutls_strerror
						     (GNUTLS_E_MEMORY_ERROR));
					else {
						ret =
						    gnutls_x509_crt_export
						    (certs[i],
						     GNUTLS_X509_FMT_PEM,
						     out.data, &s);
						if (ret < 0)
							addf(str,
							     "error: crt_export: %s\n",
							     gnutls_strerror
							     (ret));
						else {
							out.size = s;
							addf(str, "%.*s",
							     out.size,
							     out.data);
						}
						gnutls_free(out.data);
					}
				}

				gnutls_x509_crt_deinit(certs[i]);
			}
			gnutls_free(certs);
		}
	}
}
Пример #14
0
int Text::add(const std::vector<Font::ColoredString> &text, const Matrix4 &m)
{
	return addf(text, -1.0f, Font::ALIGN_MAX_ENUM, m);
}
Пример #15
0
/**
 * gnutls_pkcs7_crt_print:
 * @pkcs7: The PKCS7 struct to be printed
 * @format: Indicate the format to use
 * @out: Newly allocated datum with null terminated string.
 *
 * This function will pretty print a signed PKCS #7 structure, suitable for
 * display to a human.
 *
 * Currently the supported formats are %GNUTLS_CRT_PRINT_FULL and
 * %GNUTLS_CRT_PRINT_COMPACT.
 *
 * The output @out needs to be deallocated using gnutls_free().
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 **/
int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7,
		       gnutls_certificate_print_formats_t format,
		       gnutls_datum_t * out)
{
	int count, ret, i;
	gnutls_pkcs7_signature_info_st info;
	gnutls_buffer_st str;
	const char *oid;

	_gnutls_buffer_init(&str);

	/* For backwards compatibility with structures using the default OID,
	 * we don't print the eContent Type explicitly */
	oid = gnutls_pkcs7_get_embedded_data_oid(pkcs7);
	if (oid) {
		if (strcmp(oid, DATA_OID) != 0
		    && strcmp(oid, DIGESTED_DATA_OID) != 0) {
			addf(&str, "eContent Type: %s\n", oid);
		}
	}

	for (i = 0;; i++) {
		if (i == 0)
			addf(&str, "Signers:\n");

		ret = gnutls_pkcs7_get_signature_info(pkcs7, i, &info);
		if (ret < 0)
			break;

		print_pkcs7_info(&info, &str, format);
		gnutls_pkcs7_signature_info_deinit(&info);
	}

	if (format == GNUTLS_CRT_PRINT_FULL) {
		gnutls_datum_t data, b64;

		count = gnutls_pkcs7_get_crt_count(pkcs7);

		if (count > 0) {
			addf(&str, "Number of certificates: %u\n\n",
			     count);

			for (i = 0; i < count; i++) {
				ret =
				    gnutls_pkcs7_get_crt_raw2(pkcs7, i, &data);
				if (ret < 0) {
					addf(&str,
					     "Error: cannot print certificate %d\n",
					     i);
					continue;
				}

				ret =
				    gnutls_pem_base64_encode_alloc
				    ("CERTIFICATE", &data, &b64);
				if (ret < 0) {
					gnutls_free(data.data);
					continue;
				}

				adds(&str, (char*)b64.data);
				adds(&str, "\n");
				gnutls_free(b64.data);
				gnutls_free(data.data);
			}
		}

		count = gnutls_pkcs7_get_crl_count(pkcs7);
		if (count > 0) {
			addf(&str, "Number of CRLs: %u\n\n", count);

			for (i = 0; i < count; i++) {
				ret =
				    gnutls_pkcs7_get_crl_raw2(pkcs7, i, &data);
				if (ret < 0) {
					addf(&str,
					     "Error: cannot print certificate %d\n",
					     i);
					continue;
				}

				ret =
				    gnutls_pem_base64_encode_alloc("X509 CRL",
								   &data, &b64);
				if (ret < 0) {
					gnutls_free(data.data);
					continue;
				}

				adds(&str, (char*)b64.data);
				adds(&str, "\n");
				gnutls_free(b64.data);
				gnutls_free(data.data);
			}
		}
	}

	return _gnutls_buffer_to_datum(&str, out, 1);
}
Пример #16
0
static void
print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
	int err, i;

	i = 0;
	do {
		char *dn;
		size_t dn_size = 0;

		err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
		if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
		    && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
		    && err != GNUTLS_E_OPENPGP_UID_REVOKED)
			addf(str, "unknown name (%s), ",
			     gnutls_strerror(err));
		else {
			dn = gnutls_malloc(dn_size);
			if (!dn)
				addf(str, "unknown name (%s), ",
				     gnutls_strerror
				     (GNUTLS_E_MEMORY_ERROR));
			else {
				err =
				    gnutls_openpgp_crt_get_name(cert, i,
								dn,
								&dn_size);
				if (err < 0
				    && err !=
				    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
				    && err != GNUTLS_E_OPENPGP_UID_REVOKED)
					addf(str, "unknown name (%s), ",
					     gnutls_strerror(err));
				else if (err >= 0)
					addf(str, _("name[%d]: %s, "), i,
					     dn);
				else if (err ==
					 GNUTLS_E_OPENPGP_UID_REVOKED)
					addf(str,
					     _("revoked name[%d]: %s, "),
					     i, dn);

				gnutls_free(dn);
			}
		}

		i++;
	}
	while (err >= 0);

	{
		char fpr[128];
		size_t fpr_size = sizeof(fpr);
		int err;

		err =
		    gnutls_openpgp_crt_get_fingerprint(cert, fpr,
						       &fpr_size);
		if (err < 0)
			addf(str, "error: get_fingerprint: %s\n",
			     gnutls_strerror(err));
		else {
			adds(str, _("fingerprint: "));
			_gnutls_buffer_hexprint(str, fpr, fpr_size);
			addf(str, ", ");
		}
	}

	{
		time_t tim;

		tim = gnutls_openpgp_crt_get_creation_time(cert);
		{
			char s[42];
			size_t max = sizeof(s);
			struct tm t;

			if (gmtime_r(&tim, &t) == NULL)
				addf(str, "error: gmtime_r (%ld), ",
				     (unsigned long) tim);
			else if (strftime
				 (s, max, "%Y-%m-%d %H:%M:%S UTC",
				  &t) == 0)
				addf(str, "error: strftime (%ld), ",
				     (unsigned long) tim);
			else
				addf(str, _("created: %s, "), s);
		}

		tim = gnutls_openpgp_crt_get_expiration_time(cert);
		{
			char s[42];
			size_t max = sizeof(s);
			struct tm t;

			if (tim == 0)
				adds(str, _("never expires, "));
			else {
				if (gmtime_r(&tim, &t) == NULL)
					addf(str,
					     "error: gmtime_r (%ld), ",
					     (unsigned long) tim);
				else if (strftime
					 (s, max, "%Y-%m-%d %H:%M:%S UTC",
					  &t) == 0)
					addf(str,
					     "error: strftime (%ld), ",
					     (unsigned long) tim);
				else
					addf(str, _("expires: %s, "), s);
			}
		}
	}

	{
		unsigned int bits = 0;
		gnutls_pk_algorithm_t algo =
		    gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
		const char *algostr = gnutls_pk_algorithm_get_name(algo);

		if (algostr)
			addf(str, _("key algorithm %s (%d bits)"), algostr,
			     bits);
		else
			addf(str, _("unknown key algorithm (%d)"), algo);
	}
}
Пример #17
0
static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info,
			     gnutls_buffer_st * str,
			     gnutls_certificate_print_formats_t format)
{
	unsigned i;
	char *oid;
	gnutls_datum_t data;
	char prefix[128];
	char s[42];
	size_t max;
	int ret;

	if (info->issuer_dn.size > 0)
		print_dn(str, "\tSigner's issuer DN", &info->issuer_dn);
	print_raw(str, "\tSigner's serial", &info->signer_serial);
	print_raw(str, "\tSigner's issuer key ID", &info->issuer_keyid);
	if (info->signing_time != -1) {
		struct tm t;
		if (gmtime_r(&info->signing_time, &t) == NULL) {
			addf(str, "error: gmtime_r (%ld)\n",
			     (unsigned long)info->signing_time);
		} else {
			max = sizeof(s);
			if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) ==
			    0) {
				addf(str, "error: strftime (%ld)\n",
				     (unsigned long)info->signing_time);
			} else {
				addf(str, "\tSigning time: %s\n", s);
			}
		}
	}

	addf(str, "\tSignature Algorithm: %s\n",
	     gnutls_sign_get_name(info->algo));

	if (format == GNUTLS_CRT_PRINT_FULL) {
		if (info->signed_attrs) {
			for (i = 0;; i++) {
				ret =
				    gnutls_pkcs7_get_attr(info->signed_attrs, i,
							  &oid, &data, 0);
				if (ret < 0)
					break;
				if (i == 0)
					addf(str, "\tSigned Attributes:\n");

				snprintf(prefix, sizeof(prefix), "\t\t%s", oid);
				print_raw(str, prefix, &data);
				gnutls_free(data.data);
			}
		}
		if (info->unsigned_attrs) {
			for (i = 0;; i++) {
				ret =
				    gnutls_pkcs7_get_attr(info->unsigned_attrs,
							  i, &oid, &data, 0);
				if (ret < 0)
					break;
				if (i == 0)
					addf(str, "\tUnsigned Attributes:\n");

				snprintf(prefix, sizeof(prefix), "\t\t%s", oid);
				print_raw(str, prefix, &data);
				gnutls_free(data.data);
			}
		}
	}
	adds(str, "\n");
}
Пример #18
0
static void print_cert(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
	int i, subkeys;
	int err;

	print_key_revoked(str, cert, -1);

	/* Version. */
	{
		int version = gnutls_openpgp_crt_get_version(cert);
		if (version < 0)
			addf(str, "error: get_version: %s\n",
			     gnutls_strerror(version));
		else
			addf(str, _("\tVersion: %d\n"), version);
	}

	/* ID. */
	print_key_id(str, cert, -1);

	print_key_fingerprint(str, cert);

	/* Names. */
	i = 0;
	do {
		char *dn;
		size_t dn_size = 0;

		err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
		if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
		    && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
		    && err != GNUTLS_E_OPENPGP_UID_REVOKED)
			addf(str, "error: get_name: %s\n",
			     gnutls_strerror(err));
		else {
			dn = gnutls_malloc(dn_size);
			if (!dn)
				addf(str, "error: malloc (%d): %s\n",
				     (int) dn_size,
				     gnutls_strerror
				     (GNUTLS_E_MEMORY_ERROR));
			else {
				err =
				    gnutls_openpgp_crt_get_name(cert, i,
								dn,
								&dn_size);
				if (err < 0
				    && err !=
				    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
				    && err != GNUTLS_E_OPENPGP_UID_REVOKED)
					addf(str, "error: get_name: %s\n",
					     gnutls_strerror(err));
				else if (err >= 0)
					addf(str, _("\tName[%d]: %s\n"), i,
					     dn);
				else if (err ==
					 GNUTLS_E_OPENPGP_UID_REVOKED)
					addf(str,
					     _("\tRevoked Name[%d]: %s\n"),
					     i, dn);

				gnutls_free(dn);
			}
		}

		i++;
	}
	while (err >= 0);

	print_key_times(str, cert, -1);

	print_key_info(str, cert, -1);
	print_key_usage(str, cert, -1);

	subkeys = gnutls_openpgp_crt_get_subkey_count(cert);
	if (subkeys < 0)
		return;

	for (i = 0; i < subkeys; i++) {
		addf(str, _("\n\tSubkey[%d]:\n"), i);

		print_key_revoked(str, cert, i);
		print_key_id(str, cert, i);
		print_key_times(str, cert, i);
		print_key_info(str, cert, i);
		print_key_usage(str, cert, i);
	}

}
Пример #19
0
static void
print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
	int err;
	unsigned int bits;

	if (idx == -1)
		err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
	else
		err =
		    gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx,
							       &bits);

	if (err < 0)
		addf(str, "error: get_pk_algorithm: %s\n",
		     gnutls_strerror(err));
	else {
		const char *name = gnutls_pk_algorithm_get_name(err);
		if (name == NULL)
			name = _("unknown");

		addf(str, _("\tPublic Key Algorithm: %s\n"), name);
		addf(str, _("\tKey Security Level: %s\n"),
		     gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
					       (err, bits)));

		switch (err) {
		case GNUTLS_PK_RSA:
			{
				gnutls_datum_t m, e;

				if (idx == -1)
					err =
					    gnutls_openpgp_crt_get_pk_rsa_raw
					    (cert, &m, &e);
				else
					err =
					    gnutls_openpgp_crt_get_subkey_pk_rsa_raw
					    (cert, idx, &m, &e);

				if (err < 0)
					addf(str,
					     "error: get_pk_rsa_raw: %s\n",
					     gnutls_strerror(err));
				else {
					addf(str,
					     _("\t\tModulus (bits %d):\n"),
					     bits);
					_gnutls_buffer_hexdump(str, m.data,
							       m.size,
							       "\t\t\t");
					adds(str, _("\t\tExponent:\n"));
					_gnutls_buffer_hexdump(str, e.data,
							       e.size,
							       "\t\t\t");

					gnutls_free(m.data);
					gnutls_free(e.data);
				}

			}
			break;

		case GNUTLS_PK_DSA:
			{
				gnutls_datum_t p, q, g, y;

				if (idx == -1)
					err =
					    gnutls_openpgp_crt_get_pk_dsa_raw
					    (cert, &p, &q, &g, &y);
				else
					err =
					    gnutls_openpgp_crt_get_subkey_pk_dsa_raw
					    (cert, idx, &p, &q, &g, &y);
				if (err < 0)
					addf(str,
					     "error: get_pk_dsa_raw: %s\n",
					     gnutls_strerror(err));
				else {
					addf(str,
					     _
					     ("\t\tPublic key (bits %d):\n"),
					     bits);
					_gnutls_buffer_hexdump(str, y.data,
							       y.size,
							       "\t\t\t");
					adds(str, _("\t\tP:\n"));
					_gnutls_buffer_hexdump(str, p.data,
							       p.size,
							       "\t\t\t");
					adds(str, _("\t\tQ:\n"));
					_gnutls_buffer_hexdump(str, q.data,
							       q.size,
							       "\t\t\t");
					adds(str, _("\t\tG:\n"));
					_gnutls_buffer_hexdump(str, g.data,
							       g.size,
							       "\t\t\t");

					gnutls_free(p.data);
					gnutls_free(q.data);
					gnutls_free(g.data);
					gnutls_free(y.data);
				}
			}
			break;

		default:
			break;
		}
	}
}
Пример #20
0
TEST_F(AddTest, add_float)
{
  EXPECT_EQ(5.5, addf(2.25, 3.25));
  EXPECT_NE(5.5, addf(2.25, 4.25));
}