void __certificate_properties_fill_cert_ext_AuthorityKeyIdentifier (GtkTreeStore *store, GtkTreeIter *parent, gnutls_x509_crt_t *certificate) { gint result; guint critical; const gint BUFFER_SIZE_MAX = 256; gchar buffer[BUFFER_SIZE_MAX]; gsize buffer_size = BUFFER_SIZE_MAX; gchar *hex_buffer = NULL; GtkTreeIter l; result = gnutls_x509_crt_get_authority_key_id(*certificate, buffer, &buffer_size, &critical); if (result < 0) { fprintf(stderr, "Error: %s\n", gnutls_strerror(result)); return; } hex_buffer = __certificate_properties_dump_raw_data((guchar *) buffer, buffer_size); gtk_tree_store_append(store, &l, parent); gtk_tree_store_set(store, &l, CERTIFICATE_PROPERTIES_COL_NAME, _("Value"), CERTIFICATE_PROPERTIES_COL_VALUE, hex_buffer, -1); g_free(hex_buffer); }
/* This function checks if cert's issuer is issuer. * This does a straight (DER) compare of the issuer/subject DN fields in * the given certificates, as well as check the authority key ID. * * Returns 1 if they match and (0) if they don't match. */ static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) { uint8_t id1[MAX_KEY_ID_SIZE]; uint8_t id2[MAX_KEY_ID_SIZE]; size_t id1_size; size_t id2_size; int ret; unsigned result; if (_gnutls_x509_compare_raw_dn (&cert->raw_issuer_dn, &issuer->raw_dn) != 0) result = 1; else result = 0; if (result != 0) { /* check if the authority key identifier matches the subject key identifier * of the issuer */ id1_size = sizeof(id1); ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL); if (ret < 0) { /* If there is no authority key identifier in the * certificate, assume they match */ result = 1; goto cleanup; } id2_size = sizeof(id2); ret = gnutls_x509_crt_get_subject_key_id(issuer, id2, &id2_size, NULL); if (ret < 0) { /* If there is no subject key identifier in the * issuer certificate, assume they match */ result = 1; gnutls_assert(); goto cleanup; } if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0) result = 1; else result = 0; } cleanup: return result; }
/* This function checks if 'certs' issuer is 'issuer_cert'. * This does a straight (DER) compare of the issuer/subject fields in * the given certificates. * * Returns 1 if they match and (0) if they don't match. Otherwise * a negative error code is returned to indicate error. */ static int is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert) { gnutls_datum_t dn1 = { NULL, 0 }, dn2 = { NULL, 0}; uint8_t id1[512]; uint8_t id2[512]; size_t id1_size; size_t id2_size; int ret; ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1); if (ret < 0) { gnutls_assert (); goto cleanup; } ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2); if (ret < 0) { gnutls_assert (); goto cleanup; } ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2); if (ret != 0) { /* check if the authority key identifier matches the subject key identifier * of the issuer */ id1_size = sizeof(id1); ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL); if (ret < 0) { ret = 1; goto cleanup; } id2_size = sizeof(id2); ret = gnutls_x509_crt_get_subject_key_id(issuer_cert, id2, &id2_size, NULL); if (ret < 0) { ret = 1; gnutls_assert(); goto cleanup; } if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0) ret = 1; else ret = 0; } cleanup: _gnutls_free_datum (&dn1); _gnutls_free_datum (&dn2); return ret; }