void __certificate_properties_fill_cert_ext_AuthorityKeyIdentifier (GtkTreeStore *store,
GtkTreeIter *parent,
gnutls_x509_crt_t *certificate)
{
gint result;
guint critical;
const gint BUFFER_SIZE_MAX = 256;
gchar buffer[BUFFER_SIZE_MAX];
gsize buffer_size = BUFFER_SIZE_MAX;
gchar *hex_buffer = NULL;
GtkTreeIter l;
result = gnutls_x509_crt_get_authority_key_id(*certificate, buffer, &buffer_size, &critical);
if (result < 0) {
fprintf(stderr, "Error: %s\n", gnutls_strerror(result));
return;
}
hex_buffer = __certificate_properties_dump_raw_data((guchar *) buffer, buffer_size);
gtk_tree_store_append(store, &l, parent);
gtk_tree_store_set(store, &l, CERTIFICATE_PROPERTIES_COL_NAME, _("Value"),
CERTIFICATE_PROPERTIES_COL_VALUE, hex_buffer, -1);
g_free(hex_buffer);
}
/* This function checks if cert's issuer is issuer.
* This does a straight (DER) compare of the issuer/subject DN fields in
* the given certificates, as well as check the authority key ID.
*
* Returns 1 if they match and (0) if they don't match.
*/
static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
{
uint8_t id1[MAX_KEY_ID_SIZE];
uint8_t id2[MAX_KEY_ID_SIZE];
size_t id1_size;
size_t id2_size;
int ret;
unsigned result;
if (_gnutls_x509_compare_raw_dn
(&cert->raw_issuer_dn, &issuer->raw_dn) != 0)
result = 1;
else
result = 0;
if (result != 0) {
/* check if the authority key identifier matches the subject key identifier
* of the issuer */
id1_size = sizeof(id1);
ret =
gnutls_x509_crt_get_authority_key_id(cert, id1,
&id1_size, NULL);
if (ret < 0) {
/* If there is no authority key identifier in the
* certificate, assume they match */
result = 1;
goto cleanup;
}
id2_size = sizeof(id2);
ret =
gnutls_x509_crt_get_subject_key_id(issuer, id2,
&id2_size, NULL);
if (ret < 0) {
/* If there is no subject key identifier in the
* issuer certificate, assume they match */
result = 1;
gnutls_assert();
goto cleanup;
}
if (id1_size == id2_size
&& memcmp(id1, id2, id1_size) == 0)
result = 1;
else
result = 0;
}
cleanup:
return result;
}
/* This function checks if 'certs' issuer is 'issuer_cert'.
* This does a straight (DER) compare of the issuer/subject fields in
* the given certificates.
*
* Returns 1 if they match and (0) if they don't match. Otherwise
* a negative error code is returned to indicate error.
*/
static int
is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert)
{
gnutls_datum_t dn1 = { NULL, 0 },
dn2 = { NULL, 0};
uint8_t id1[512];
uint8_t id2[512];
size_t id1_size;
size_t id2_size;
int ret;
ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
if (ret != 0)
{
/* check if the authority key identifier matches the subject key identifier
* of the issuer */
id1_size = sizeof(id1);
ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
if (ret < 0)
{
ret = 1;
goto cleanup;
}
id2_size = sizeof(id2);
ret = gnutls_x509_crt_get_subject_key_id(issuer_cert, id2, &id2_size, NULL);
if (ret < 0)
{
ret = 1;
gnutls_assert();
goto cleanup;
}
if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
ret = 1;
else
ret = 0;
}
cleanup:
_gnutls_free_datum (&dn1);
_gnutls_free_datum (&dn2);
return ret;
}
