/* Dump the serial number SERIALNO to the log stream. */
void
dump_serial (ksba_sexp_t serialno)
{
char *p;
p = serial_hex (serialno);
log_printf ("%s", p?p:"?");
xfree (p);
}
/* Dump an KSBA cert object to the log stream. Prefix the output with
TEXT. This is used for debugging. */
void
dump_cert (const char *text, ksba_cert_t cert)
{
ksba_sexp_t sexp;
char *p;
ksba_isotime_t t;
log_debug ("BEGIN Certificate '%s':\n", text? text:"");
if (cert)
{
sexp = ksba_cert_get_serial (cert);
p = serial_hex (sexp);
log_debug (" serial: %s\n", p?p:"?");
xfree (p);
ksba_free (sexp);
ksba_cert_get_validity (cert, 0, t);
log_debug (" notBefore: ");
dump_isotime (t);
log_printf ("\n");
ksba_cert_get_validity (cert, 1, t);
log_debug (" notAfter: ");
dump_isotime (t);
log_printf ("\n");
p = ksba_cert_get_issuer (cert, 0);
log_debug (" issuer: ");
dump_string (p);
ksba_free (p);
log_printf ("\n");
p = ksba_cert_get_subject (cert, 0);
log_debug (" subject: ");
dump_string (p);
ksba_free (p);
log_printf ("\n");
log_debug (" hash algo: %s\n", ksba_cert_get_digest_algo (cert));
p = get_fingerprint_hexstring (cert);
log_debug (" SHA1 fingerprint: %s\n", p);
xfree (p);
}
log_debug ("END Certificate\n");
}
/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
not already in the cache, try to find it from other resources. */
ksba_cert_t
find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
{
gpg_error_t err;
ksba_cert_t cert;
cert_fetch_context_t context = NULL;
char *hexsn, *buf;
/* First check whether it has already been cached. */
cert = get_cert_bysn (issuer_dn, serialno);
if (cert)
return cert;
/* Ask back to the service requester to return the certificate.
This is because we can assume that he already used the
certificate while checking for the CRL. */
hexsn = serial_hex (serialno);
if (!hexsn)
{
log_error ("serial_hex() failed\n");
return NULL;
}
buf = xtrymalloc (1 + strlen (hexsn) + 1 + strlen (issuer_dn) + 1);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexsn);
return NULL;
}
strcpy (stpcpy (stpcpy (stpcpy (buf, "#"), hexsn),"/"), issuer_dn);
xfree (hexsn);
cert = get_cert_local (ctrl, buf);
xfree (buf);
if (cert)
{
cache_cert (cert);
return cert; /* Done. */
}
if (DBG_LOOKUP)
log_debug ("find_cert_bysn: certificate not returned by caller"
" - doing lookup\n");
/* Retrieve the certificate from external resources. */
while (!cert)
{
ksba_sexp_t sn;
char *issdn;
if (!context)
{
err = ca_cert_fetch (ctrl, &context, issuer_dn);
if (err)
{
log_error (_("error fetching certificate by S/N: %s\n"),
gpg_strerror (err));
break;
}
}
err = fetch_next_ksba_cert (context, &cert);
if (err)
{
log_error (_("error fetching certificate by S/N: %s\n"),
gpg_strerror (err) );
break;
}
issdn = ksba_cert_get_issuer (cert, 0);
if (strcmp (issuer_dn, issdn))
{
log_debug ("find_cert_bysn: Ooops: issuer DN does not match\n");
ksba_cert_release (cert);
cert = NULL;
ksba_free (issdn);
break;
}
sn = ksba_cert_get_serial (cert);
if (DBG_LOOKUP)
{
log_debug (" considering certificate (#");
dump_serial (sn);
log_printf ("/");
dump_string (issdn);
log_printf (")\n");
}
if (!compare_serialno (serialno, sn))
{
ksba_free (sn);
ksba_free (issdn);
cache_cert (cert);
if (DBG_LOOKUP)
log_debug (" found\n");
break; /* Ready. */
}
ksba_free (sn);
ksba_free (issdn);
ksba_cert_release (cert);
cert = NULL;
}
end_cert_fetch (context);
return cert;
}
