search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wmbiff: Raise sleep interval to 20 secs
[dockapps.git] / wmbiff-0.4.27 / wmbiff / gnutls-common.c
bloba65a432ddf0bc621c74606a7a14efe6af0b50fa8
1 #include <config.h>
2 # include <sys/types.h>
3 #include <stdio.h>
4 #include <stdlib.h>
5 #include <string.h>
6 #include <gnutls/gnutls.h>
7 #include <gnutls/extra.h>
8 #include <gnutls/x509.h>
9 #include <gnutls/openpgp.h>
10 #include <time.h>
11 #include <gnutls-common.h>
12
13 #define TEST_STRING
14
15 int xml = 0;
16 int print_cert;
17
18 static char buffer[5*1024];
19
20 #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
21 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
22
23 const char str_unknown[] = "(unknown)";
24
25 static const char *my_ctime(const time_t * tv)
26 {
27 static char buf[256];
28 struct tm *tp;
29
30 if ( ( (tp = localtime(tv)) == NULL ) ||
31 (!strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)) )
32 strcpy(buf, str_unknown);/* make sure buf text isn't garbage */
33
34 return buf;
35
36 }
37
38 void print_x509_info(gnutls_session session, const char* hostname)
39 {
40 gnutls_x509_crt crt;
41 const gnutls_datum *cert_list;
42 int cert_list_size = 0, ret;
43 char digest[20];
44 char serial[40];
45 char dn[256];
46 size_t dn_size;
47 size_t digest_size = sizeof(digest);
48 unsigned int i, j;
49 size_t serial_size = sizeof(serial);
50 char printable[256];
51 char *print;
52 unsigned int bits, algo;
53 time_t expiret, activet;
54
55 cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
56
57
58 if (cert_list_size == 0) {
59 fprintf(stderr, "No certificates found!\n");
60 return;
61 }
62
63 printf(" - Got a certificate list of %d certificates.\n\n",
64 cert_list_size);
65
66 for (j = 0; j < (unsigned int)cert_list_size; j++) {
67
68 gnutls_x509_crt_init(&crt);
69 ret =
70 gnutls_x509_crt_import(crt, &cert_list[j],
71 GNUTLS_X509_FMT_DER);
72 if (ret < 0) {
73 const char* str = gnutls_strerror(ret);
74 if (str == NULL) str = str_unknown;
75 fprintf(stderr, "Decoding error: %s\n", str);
76 return;
77 }
78
79 printf(" - Certificate[%d] info:\n", j);
80
81 if (print_cert) {
82 size_t size;
83
84 size = sizeof(buffer);
85
86 ret = gnutls_x509_crt_export( crt, GNUTLS_X509_FMT_PEM, buffer, &size);
87 if (ret < 0) {
88 fprintf(stderr, "Encoding error: %s\n", gnutls_strerror(ret));
89 return;
90 }
91 fputs( "\n", stdout);
92 fputs( buffer, stdout);
93 fputs( "\n", stdout);
94 }
95
96 if (j==0 && hostname != NULL) { /* Check the hostname of the first certificate
97 * if it matches the name of the host we
98 * connected to.
99 */
100 if (gnutls_x509_crt_check_hostname( crt, hostname)==0) {
101 printf(" # The hostname in the certificate does NOT match '%s'.\n", hostname);
102 } else {
103 printf(" # The hostname in the certificate matches '%s'.\n", hostname);
104 }
105 }
106
107
108 if (xml) {
109 #ifdef ENABLE_PKI
110 gnutls_datum xml_data;
111
112 ret = gnutls_x509_crt_to_xml( crt, &xml_data, 0);
113 if (ret < 0) {
114 const char* str = gnutls_strerror(ret);
115 if (str == NULL) str = str_unknown;
116 fprintf(stderr, "XML encoding error: %s\n",
117 str);
118 return;
119 }
120
121 printf("%s", xml_data.data);
122 gnutls_free( xml_data.data);
123 #endif
124 } else {
125
126 expiret = gnutls_x509_crt_get_expiration_time(crt);
127 activet = gnutls_x509_crt_get_activation_time(crt);
128
129 printf(" # valid since: %s", my_ctime(&activet));
130 printf(" # expires at: %s", my_ctime(&expiret));
131
132
133 /* Print the serial number of the certificate.
134 */
135 if (gnutls_x509_crt_get_serial(crt, serial, &serial_size)
136 >= 0) {
137 print = printable;
138 for (i = 0; i < serial_size; i++) {
139 sprintf(print, "%.2x ",
140 (unsigned char) serial[i]);
141 print += 3;
142 }
143 printf(" # serial number: %s\n", printable);
144 }
145
146 /* Print the fingerprint of the certificate
147 */
148 digest_size = sizeof(digest);
149 if ((ret=gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_MD5, digest, &digest_size))
150 < 0) {
151 const char* str = gnutls_strerror(ret);
152 if (str == NULL) str = str_unknown;
153 fprintf(stderr, "Error in fingerprint calculation: %s\n", str);
154 } else {
155 print = printable;
156 for (i = 0; i < digest_size; i++) {
157 sprintf(print, "%.2x ",
158 (unsigned char) digest[i]);
159 print += 3;
160 }
161 printf(" # fingerprint: %s\n", printable);
162 }
163
164 /* Print the version of the X.509
165 * certificate.
166 */
167 printf(" # version: #%d\n",
168 gnutls_x509_crt_get_version(crt));
169
170 algo = gnutls_x509_crt_get_pk_algorithm(crt, &bits);
171 printf(" # public key algorithm: ");
172 if (algo == GNUTLS_PK_RSA) {
173 printf("RSA\n");
174 printf(" # Modulus: %d bits\n", bits);
175 } else if (algo == GNUTLS_PK_DSA) {
176 printf("DSA\n");
177 printf(" # Exponent: %d bits\n", bits);
178 } else {
179 printf("UNKNOWN\n");
180 }
181
182 dn_size = sizeof(dn);
183 ret = gnutls_x509_crt_get_dn(crt, dn, &dn_size);
184 if (ret >= 0)
185 printf(" # Subject's DN: %s\n", dn);
186
187 dn_size = sizeof(dn);
188 ret = gnutls_x509_crt_get_issuer_dn(crt, dn, &dn_size);
189 if (ret >= 0)
190 printf(" # Issuer's DN: %s\n", dn);
191 }
192
193 gnutls_x509_crt_deinit(crt);
194
195 printf("\n");
196
197 }
198
199 }
200
201 #ifdef HAVE_LIBOPENCDK
202
203 void print_openpgp_info(gnutls_session session, const char* hostname)
204 {
205
206 char digest[20];
207 size_t digest_size = sizeof(digest);
208 unsigned int i;
209 int ret;
210 char printable[120];
211 char *print;
212 char name[256];
213 size_t name_len = sizeof(name);
214 gnutls_openpgp_key crt;
215 const gnutls_datum *cert_list;
216 int cert_list_size = 0;
217 time_t expiret;
218 time_t activet;
219
220 cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
221
222 if (cert_list_size > 0) {
223 unsigned int algo, bits;
224
225 gnutls_openpgp_key_init(&crt);
226 ret =
227 gnutls_openpgp_key_import(crt, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
228 if (ret < 0) {
229 const char* str = gnutls_strerror(ret);
230 if (str == NULL) str = str_unknown;
231 fprintf(stderr, "Decoding error: %s\n", str);
232 return;
233 }
234
235 if (print_cert) {
236 size_t size;
237
238 size = sizeof(buffer);
239
240 ret = gnutls_openpgp_key_export( crt, GNUTLS_OPENPGP_FMT_BASE64, buffer, &size);
241 if (ret < 0) {
242 fprintf(stderr, "Encoding error: %s\n", gnutls_strerror(ret));
243 return;
244 }
245 fputs( "\n", stdout);
246 fputs( buffer, stdout);
247 fputs( "\n", stdout);
248 }
249
250 if (hostname != NULL) { /* Check the hostname of the first certificate
251 * if it matches the name of the host we
252 * connected to.
253 */
254 if (gnutls_openpgp_key_check_hostname( crt, hostname)==0) {
255 printf(" # The hostname in the key does NOT match '%s'.\n", hostname);
256 } else {
257 printf(" # The hostname in the key matches '%s'.\n", hostname);
258 }
259 }
260
261 if (xml) {
262 gnutls_datum xml_data;
263
264 ret = gnutls_openpgp_key_to_xml( crt, &xml_data, 0);
265 if (ret < 0) {
266 const char* str = gnutls_strerror(ret);
267 if (str == NULL) str = str_unknown;
268 fprintf(stderr, "XML encoding error: %s\n",
269 str);
270 return;
271 }
272
273 printf("%s", xml_data.data);
274 gnutls_free( xml_data.data);
275
276 return;
277 }
278
279 activet = gnutls_openpgp_key_get_creation_time( crt);
280 expiret = gnutls_openpgp_key_get_expiration_time( crt);
281
282 printf(" # Key was created at: %s", my_ctime(&activet));
283 printf(" # Key expires: ");
284 if (expiret != 0)
285 printf("%s", my_ctime(&expiret));
286 else
287 printf("Never\n");
288
289 if (gnutls_openpgp_key_get_fingerprint(crt, digest, &digest_size) >= 0)
290 {
291 print = printable;
292 for (i = 0; i < digest_size; i++) {
293 sprintf(print, "%.2x ",
294 (unsigned char) digest[i]);
295 print += 3;
296 }
297
298 printf(" # PGP Key version: %d\n",
299 gnutls_openpgp_key_get_version(crt));
300
301 algo =
302 gnutls_openpgp_key_get_pk_algorithm(crt, &bits);
303
304 printf(" # PGP Key public key algorithm: ");
305
306 if (algo == GNUTLS_PK_RSA) {
307 printf("RSA\n");
308 printf(" # Modulus: %d bits\n", bits);
309 } else if (algo == GNUTLS_PK_DSA) {
310 printf("DSA\n");
311 printf(" # Exponent: %d bits\n", bits);
312 } else {
313 printf("UNKNOWN\n");
314 }
315
316 printf(" # PGP Key fingerprint: %s\n", printable);
317
318 name_len = sizeof(name);
319 if (gnutls_openpgp_key_get_name(crt, 0, name, &name_len) < 0) {
320 fprintf(stderr,
321 "Could not extract name\n");
322 } else {
323 PRINT_PGP_NAME(name);
324 }
325
326 }
327
328 gnutls_openpgp_key_deinit( crt);
329
330 }
331 }
332
333 #endif
334
335 void print_cert_vrfy(gnutls_session session)
336 {
337
338 int status;
339 status = gnutls_certificate_verify_peers(session);
340 printf("\n");
341
342 if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) {
343 printf("- Peer did not send any certificate.\n");
344 return;
345 }
346 if (status < 0) {
347 printf("- Could not verify certificate (err: %s)\n",
348 gnutls_strerror(status));
349 return;
350 }
351
352 if (gnutls_certificate_type_get(session)==GNUTLS_CRT_X509) {
353 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
354 printf("- Peer's certificate issuer is unknown\n");
355 if (status & GNUTLS_CERT_INVALID)
356 printf("- Peer's certificate is NOT trusted\n");
357 else
358 printf("- Peer's certificate is trusted\n");
359 } else {
360 if (status & GNUTLS_CERT_INVALID)
361 printf("- Peer's key is invalid\n");
362 else
363 printf("- Peer's key is valid\n");
364 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
365 printf("- Could not find a signer of the peer's key\n");
366 }
367 }
368
369 int print_info(gnutls_session session, const char* hostname)
370 {
371 const char *tmp;
372 gnutls_credentials_type cred;
373 gnutls_kx_algorithm kx;
374
375
376 /* print the key exchange's algorithm name
377 */
378 kx = gnutls_kx_get(session);
379
380 cred = gnutls_auth_get_type(session);
381 switch (cred) {
382 #ifdef ENABLE_ANON
383 case GNUTLS_CRD_ANON:
384 printf("- Anonymous DH using prime of %d bits, secret key "
385 "of %d bits, and peer's public key is %d bits.\n",
386 gnutls_dh_get_prime_bits(session),
387 gnutls_dh_get_secret_bits(session),
388 gnutls_dh_get_peers_public_bits(session));
389 break;
390 #endif
391 #ifdef ENABLE_SRP
392 case GNUTLS_CRD_SRP:
393 /* This should be only called in server
394 * side.
395 */
396 if (gnutls_srp_server_get_username(session) != NULL)
397 printf("- SRP authentication. Connected as '%s'\n",
398 gnutls_srp_server_get_username(session));
399 break;
400 #endif
401 case GNUTLS_CRD_CERTIFICATE:
402 {
403 char dns[256];
404 size_t dns_size = sizeof(dns);
405 unsigned int type;
406
407 /* This fails in client side */
408 if (gnutls_server_name_get
409 (session, dns, &dns_size, &type, 0) == 0) {
410 printf("- Given server name[%d]: %s\n",
411 type, dns);
412 }
413 }
414
415 print_cert_info(session, hostname);
416
417 print_cert_vrfy(session);
418
419 /* Check if we have been using ephemeral Diffie Hellman.
420 */
421 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
422 printf
423 ("- Ephemeral DH using prime of %d bits, secret key "
424 "of %d bits, and peer's public key is %d bits.\n",
425 gnutls_dh_get_prime_bits(session),
426 gnutls_dh_get_secret_bits(session),
427 gnutls_dh_get_peers_public_bits(session));
428 }
429 default:
430 break;
431 }
432
433 tmp =
434 gnutls_protocol_get_name(gnutls_protocol_get_version(session));
435 if (tmp != NULL) printf("- Version: %s\n", tmp);
436
437 tmp = gnutls_kx_get_name(kx);
438 if (tmp != NULL) printf("- Key Exchange: %s\n", tmp);
439
440 tmp = gnutls_cipher_get_name(gnutls_cipher_get(session));
441 if (tmp != NULL) printf("- Cipher: %s\n", tmp);
442
443 tmp = gnutls_mac_get_name(gnutls_mac_get(session));
444 if (tmp != NULL) printf("- MAC: %s\n", tmp);
445
446 tmp = gnutls_compression_get_name(gnutls_compression_get(session));
447 if (tmp != NULL) printf("- Compression: %s\n", tmp);
448
449 fflush (stdout);
450
451 return 0;
452 }
453
454 void print_cert_info(gnutls_session session, const char* hostname)
455 {
456
457 printf("- Certificate type: ");
458 switch (gnutls_certificate_type_get(session)) {
459 case GNUTLS_CRT_X509:
460 printf("X.509\n");
461 print_x509_info(session, hostname);
462 break;
463 #ifdef HAVE_LIBOPENCDK
464 case GNUTLS_CRT_OPENPGP:
465 printf("OpenPGP\n");
466 print_openpgp_info(session, hostname);
467 break;
468 #endif
469 default:
470 break;
471 }
472
473 }
474
475 void print_list(void)
476 {
477 /* FIXME: This is hard coded. Make it print all the supported
478 * algorithms.
479 */
480 printf("\n");
481 printf("Certificate types:");
482 printf(" X.509");
483 printf(", OPENPGP\n");
484
485 printf("Protocols:");
486 printf(" TLS1.0");
487 printf(", SSL3.0\n");
488
489 printf("Ciphers:");
490 printf(" AES-128-CBC");
491 printf(", 3DES-CBC");
492 printf(", ARCFOUR");
493 printf(", ARCFOUR-40\n");
494
495 printf("MACs:");
496 printf(" MD5");
497 printf(", RMD160");
498 printf(", SHA1\n");
499
500 printf("Key exchange algorithms:");
501 printf(" RSA");
502 printf(", RSA-EXPORT");
503 printf(", DHE-DSS");
504 printf(", DHE-RSA");
505 printf(", SRP");
506 printf(", SRP-RSA");
507 printf(", SRP-DSS");
508 printf(", ANON-DH\n");
509
510 printf("Compression methods:");
511 printf(" ZLIB");
512 printf(", LZO");
513 printf(", NULL\n");
514 }
515
516 void print_license(void)
517 {
518 fprintf(stdout,
519 "\nCopyright (C) 2001-2003 Nikos Mavroyanopoulos\n"
520 "This program is free software; you can redistribute it and/or modify \n"
521 "it under the terms of the GNU General Public License as published by \n"
522 "the Free Software Foundation; either version 2 of the License, or \n"
523 "(at your option) any later version. \n" "\n"
524 "This program is distributed in the hope that it will be useful, \n"
525 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
526 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
527 "GNU General Public License for more details. \n" "\n"
528 "You should have received a copy of the GNU General Public License \n"
529 "along with this program; if not, write to the Free Software \n"
530 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
531 }
532
533 void parse_protocols(char **protocols, int protocols_size,
534 int *protocol_priority)
535 {
536 int i, j;
537
538 if (protocols != NULL && protocols_size > 0) {
539 for (j = i = 0; i < protocols_size; i++) {
540 if (strncasecmp(protocols[i], "SSL", 3) == 0)
541 protocol_priority[j++] = GNUTLS_SSL3;
542 if (strncasecmp(protocols[i], "TLS", 3) == 0)
543 protocol_priority[j++] = GNUTLS_TLS1;
544 }
545 protocol_priority[j] = 0;
546 }
547 }
548
549 void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority)
550 {
551 int j, i;
552
553 if (ciphers != NULL && nciphers > 0) {
554 for (j = i = 0; i < nciphers; i++) {
555 if (strncasecmp(ciphers[i], "AES", 3) == 0)
556 cipher_priority[j++] =
557 GNUTLS_CIPHER_AES_128_CBC;
558 if (strncasecmp(ciphers[i], "3DE", 3) == 0)
559 cipher_priority[j++] =
560 GNUTLS_CIPHER_3DES_CBC;
561 if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0)
562 cipher_priority[j++] =
563 GNUTLS_CIPHER_ARCFOUR_40;
564 if (strcasecmp(ciphers[i], "ARCFOUR") == 0)
565 cipher_priority[j++] =
566 GNUTLS_CIPHER_ARCFOUR_128;
567 if (strncasecmp(ciphers[i], "NUL", 3) == 0)
568 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
569 }
570 cipher_priority[j] = 0;
571 }
572 }
573
574 void parse_macs(char **macs, int nmacs, int *mac_priority)
575 {
576 int i, j;
577 if (macs != NULL && nmacs > 0) {
578 for (j = i = 0; i < nmacs; i++) {
579 if (strncasecmp(macs[i], "MD5", 3) == 0)
580 mac_priority[j++] = GNUTLS_MAC_MD5;
581 if (strncasecmp(macs[i], "RMD", 3) == 0)
582 mac_priority[j++] = GNUTLS_MAC_RMD160;
583 if (strncasecmp(macs[i], "SHA", 3) == 0)
584 mac_priority[j++] = GNUTLS_MAC_SHA;
585 }
586 mac_priority[j] = 0;
587 }
588 }
589
590 void parse_ctypes(char **ctype, int nctype, int *cert_type_priority)
591 {
592 int i, j;
593 if (ctype != NULL && nctype > 0) {
594 for (j = i = 0; i < nctype; i++) {
595 if (strncasecmp(ctype[i], "OPE", 3) == 0)
596 cert_type_priority[j++] =
597 GNUTLS_CRT_OPENPGP;
598 if (strncasecmp(ctype[i], "X", 1) == 0)
599 cert_type_priority[j++] = GNUTLS_CRT_X509;
600 }
601 cert_type_priority[j] = 0;
602 }
603 }
604
605 void parse_kx(char **kx, int nkx, int *kx_priority)
606 {
607 int i, j;
608 if (kx != NULL && nkx > 0) {
609 for (j = i = 0; i < nkx; i++) {
610 if (strcasecmp(kx[i], "SRP") == 0)
611 kx_priority[j++] = GNUTLS_KX_SRP;
612 if (strcasecmp(kx[i], "SRP-RSA") == 0)
613 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
614 if (strcasecmp(kx[i], "SRP-DSS") == 0)
615 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
616 if (strcasecmp(kx[i], "RSA") == 0)
617 kx_priority[j++] = GNUTLS_KX_RSA;
618 if (strcasecmp(kx[i], "RSA-EXPORT") == 0)
619 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
620 if (strncasecmp(kx[i], "DHE-RSA", 7) == 0)
621 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
622 if (strncasecmp(kx[i], "DHE-DSS", 7) == 0)
623 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
624 if (strncasecmp(kx[i], "ANON", 4) == 0)
625 kx_priority[j++] = GNUTLS_KX_ANON_DH;
626 }
627 kx_priority[j] = 0;
628 }
629 }
630
631 void parse_comp(char **comp, int ncomp, int *comp_priority)
632 {
633 int i, j;
634 if (comp != NULL && ncomp > 0) {
635 for (j = i = 0; i < ncomp; i++) {
636 if (strncasecmp(comp[i], "NUL", 3) == 0)
637 comp_priority[j++] = GNUTLS_COMP_NULL;
638 if (strncasecmp(comp[i], "ZLI", 3) == 0)
639 comp_priority[j++] = GNUTLS_COMP_ZLIB;
640 if (strncasecmp(comp[i], "LZO", 3) == 0)
641 comp_priority[j++] = GNUTLS_COMP_LZO;
642 }
643 comp_priority[j] = 0;
644 }
645
646 }
647
648 #ifndef HAVE_INET_NTOP
649
650 #ifdef _WIN32
651 # include <winsock.h>
652 #else
653 # include <sys/socket.h>
654 # include <netinet/in.h>
655 # include <arpa/inet.h>
656 #endif
657
658 const char *inet_ntop(int af __attribute__((unused)), const void *src,
659 char *dst, size_t cnt)
660 {
661 char* ret;
662
663 ret = inet_ntoa( *((struct in_addr*)src));
664
665 if (strlen(ret) > cnt) {
666 return NULL;
667 }
668 strcpy( dst, ret);
669
670 return dst;
671 }
672 #endif
673
674 void sockets_init( void)
675 {
676 #ifdef _WIN32
677 WORD wVersionRequested;
678 WSADATA wsaData;
679
680 wVersionRequested = MAKEWORD(1, 1);
681 if (WSAStartup(wVersionRequested, &wsaData) != 0) {
682 perror("WSA_STARTUP_ERROR");
683 }
684 #endif
685 }
Window Maker dockapps collection