/* Dump the serial number SERIALNO to the log stream. */ void dump_serial (ksba_sexp_t serialno) { char *p; p = serial_hex (serialno); log_printf ("%s", p?p:"?"); xfree (p); }
/* Dump an KSBA cert object to the log stream. Prefix the output with TEXT. This is used for debugging. */ void dump_cert (const char *text, ksba_cert_t cert) { ksba_sexp_t sexp; char *p; ksba_isotime_t t; log_debug ("BEGIN Certificate '%s':\n", text? text:""); if (cert) { sexp = ksba_cert_get_serial (cert); p = serial_hex (sexp); log_debug (" serial: %s\n", p?p:"?"); xfree (p); ksba_free (sexp); ksba_cert_get_validity (cert, 0, t); log_debug (" notBefore: "); dump_isotime (t); log_printf ("\n"); ksba_cert_get_validity (cert, 1, t); log_debug (" notAfter: "); dump_isotime (t); log_printf ("\n"); p = ksba_cert_get_issuer (cert, 0); log_debug (" issuer: "); dump_string (p); ksba_free (p); log_printf ("\n"); p = ksba_cert_get_subject (cert, 0); log_debug (" subject: "); dump_string (p); ksba_free (p); log_printf ("\n"); log_debug (" hash algo: %s\n", ksba_cert_get_digest_algo (cert)); p = get_fingerprint_hexstring (cert); log_debug (" SHA1 fingerprint: %s\n", p); xfree (p); } log_debug ("END Certificate\n"); }
/* Return the certificate matching ISSUER_DN and SERIALNO; if it is not already in the cache, try to find it from other resources. */ ksba_cert_t find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno) { gpg_error_t err; ksba_cert_t cert; cert_fetch_context_t context = NULL; char *hexsn, *buf; /* First check whether it has already been cached. */ cert = get_cert_bysn (issuer_dn, serialno); if (cert) return cert; /* Ask back to the service requester to return the certificate. This is because we can assume that he already used the certificate while checking for the CRL. */ hexsn = serial_hex (serialno); if (!hexsn) { log_error ("serial_hex() failed\n"); return NULL; } buf = xtrymalloc (1 + strlen (hexsn) + 1 + strlen (issuer_dn) + 1); if (!buf) { log_error ("can't allocate enough memory: %s\n", strerror (errno)); xfree (hexsn); return NULL; } strcpy (stpcpy (stpcpy (stpcpy (buf, "#"), hexsn),"/"), issuer_dn); xfree (hexsn); cert = get_cert_local (ctrl, buf); xfree (buf); if (cert) { cache_cert (cert); return cert; /* Done. */ } if (DBG_LOOKUP) log_debug ("find_cert_bysn: certificate not returned by caller" " - doing lookup\n"); /* Retrieve the certificate from external resources. */ while (!cert) { ksba_sexp_t sn; char *issdn; if (!context) { err = ca_cert_fetch (ctrl, &context, issuer_dn); if (err) { log_error (_("error fetching certificate by S/N: %s\n"), gpg_strerror (err)); break; } } err = fetch_next_ksba_cert (context, &cert); if (err) { log_error (_("error fetching certificate by S/N: %s\n"), gpg_strerror (err) ); break; } issdn = ksba_cert_get_issuer (cert, 0); if (strcmp (issuer_dn, issdn)) { log_debug ("find_cert_bysn: Ooops: issuer DN does not match\n"); ksba_cert_release (cert); cert = NULL; ksba_free (issdn); break; } sn = ksba_cert_get_serial (cert); if (DBG_LOOKUP) { log_debug (" considering certificate (#"); dump_serial (sn); log_printf ("/"); dump_string (issdn); log_printf (")\n"); } if (!compare_serialno (serialno, sn)) { ksba_free (sn); ksba_free (issdn); cache_cert (cert); if (DBG_LOOKUP) log_debug (" found\n"); break; /* Ready. */ } ksba_free (sn); ksba_free (issdn); ksba_cert_release (cert); cert = NULL; } end_cert_fetch (context); return cert; }