2 * Copyright (C) 2007-2012 Free Software Foundation, Inc.
4 * Author: Simon Josefsson
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Functions for printing X.509 Certificate structures
26 #include <gnutls_int.h>
28 #include <gnutls_x509.h>
30 #include <gnutls_num.h>
31 #include <gnutls_errors.h>
32 #include <extras/randomart.h>
34 /* I18n of error codes. */
36 #define _(String) dgettext (PACKAGE, String)
38 #define addf _gnutls_buffer_append_printf
39 #define adds _gnutls_buffer_append_str
41 #define ERROR_STR (char*) "(error)"
44 ip_to_string (void *_ip
, int ip_size
, char *string
, int string_size
)
48 if (ip_size
!= 4 && ip_size
!= 16)
54 if (ip_size
== 4 && string_size
< 16)
60 if (ip_size
== 16 && string_size
< 48)
70 snprintf (string
, string_size
, "%u.%u.%u.%u", ip
[0], ip
[1], ip
[2], ip
[3]);
73 snprintf (string
, string_size
, "%x:%x:%x:%x:%x:%x:%x:%x",
74 (ip
[0] << 8) | ip
[1], (ip
[2] << 8) | ip
[3],
75 (ip
[4] << 8) | ip
[5], (ip
[6] << 8) | ip
[7],
76 (ip
[8] << 8) | ip
[9], (ip
[10] << 8) | ip
[11],
77 (ip
[12] << 8) | ip
[13], (ip
[14] << 8) | ip
[15]);
84 static void add_altname(gnutls_buffer_st
* str
, const char* prefix
, unsigned int alt_type
,
85 char* name
, size_t name_size
)
90 if ((alt_type
== GNUTLS_SAN_DNSNAME
91 || alt_type
== GNUTLS_SAN_RFC822NAME
92 || alt_type
== GNUTLS_SAN_URI
) && strlen (name
) != name_size
)
94 adds (str
, _("warning: altname contains an embedded NUL, "
95 "replacing with '!'\n"));
96 while (strlen (name
) < name_size
)
97 name
[strlen (name
)] = '!';
102 case GNUTLS_SAN_DNSNAME
:
103 addf (str
, "%s\t\t\tDNSname: %.*s\n", prefix
, (int) name_size
, name
);
106 case GNUTLS_SAN_RFC822NAME
:
107 addf (str
, "%s\t\t\tRFC822name: %.*s\n", prefix
, (int) name_size
,
112 addf (str
, "%s\t\t\tURI: %.*s\n", prefix
, (int) name_size
, name
);
115 case GNUTLS_SAN_IPADDRESS
:
116 p
= ip_to_string (name
, name_size
, str_ip
, sizeof (str_ip
));
119 addf (str
, "%s\t\t\tIPAddress: %s\n", prefix
, p
);
123 addf (str
, "%s\t\t\tdirectoryName: %.*s\n", prefix
,
124 (int) name_size
, name
);
127 addf (str
, "error: unknown altname\n");
133 print_proxy (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
)
136 char *policyLanguage
;
141 err
= gnutls_x509_crt_get_proxy (cert
, NULL
,
142 &pathlen
, &policyLanguage
,
146 addf (str
, "error: get_proxy: %s\n", gnutls_strerror (err
));
151 addf (str
, _("\t\t\tPath Length Constraint: %d\n"), pathlen
);
152 addf (str
, _("\t\t\tPolicy Language: %s"), policyLanguage
);
153 if (strcmp (policyLanguage
, "1.3.6.1.5.5.7.21.1") == 0)
154 adds (str
, " (id-ppl-inheritALL)\n");
155 else if (strcmp (policyLanguage
, "1.3.6.1.5.5.7.21.2") == 0)
156 adds (str
, " (id-ppl-independent)\n");
161 adds (str
, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
162 _gnutls_buffer_asciiprint (str
, policy
, npolicy
);
163 adds (str
, _("\n\t\t\t\tHexdump: "));
164 _gnutls_buffer_hexprint (str
, policy
, npolicy
);
170 print_aia (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
)
178 err
= gnutls_x509_crt_get_authority_info_access
179 (cert
, seq
, GNUTLS_IA_ACCESSMETHOD_OID
, &data
, NULL
);
180 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
184 addf (str
, "error: get_aia: %s\n", gnutls_strerror (err
));
188 addf (str
, _("\t\t\tAccess Method: %.*s"), data
.size
, data
.data
);
189 if (data
.size
== sizeof (GNUTLS_OID_AD_OCSP
) &&
190 memcmp (data
.data
, GNUTLS_OID_AD_OCSP
, data
.size
) == 0)
191 adds (str
, " (id-ad-ocsp)\n");
192 else if (data
.size
== sizeof (GNUTLS_OID_AD_CAISSUERS
) &&
193 memcmp (data
.data
, GNUTLS_OID_AD_CAISSUERS
, data
.size
) == 0)
194 adds (str
, " (id-ad-caIssuers)\n");
196 adds (str
, " (UNKNOWN)\n");
198 err
= gnutls_x509_crt_get_authority_info_access
199 (cert
, seq
, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE
, &data
, NULL
);
202 addf (str
, "error: get_aia type: %s\n", gnutls_strerror (err
));
206 if (data
.size
== sizeof ("uniformResourceIdentifier") &&
207 memcmp (data
.data
, "uniformResourceIdentifier", data
.size
) == 0)
209 adds (str
, "\t\t\tAccess Location URI: ");
210 err
= gnutls_x509_crt_get_authority_info_access
211 (cert
, seq
, GNUTLS_IA_URI
, &data
, NULL
);
214 addf (str
, "error: get_aia uri: %s\n", gnutls_strerror (err
));
217 addf (str
, "%.*s\n", data
.size
, data
.data
);
220 adds (str
, "\t\t\tUnsupported accessLocation type\n");
227 print_ski (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
)
233 err
= gnutls_x509_crt_get_subject_key_id (cert
, buffer
, &size
, NULL
);
234 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
236 addf (str
, "error: get_subject_key_id: %s\n", gnutls_strerror (err
));
240 buffer
= gnutls_malloc (size
);
243 addf (str
, "error: malloc: %s\n",
244 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
248 err
= gnutls_x509_crt_get_subject_key_id (cert
, buffer
, &size
, NULL
);
251 gnutls_free (buffer
);
252 addf (str
, "error: get_subject_key_id2: %s\n", gnutls_strerror (err
));
256 adds (str
, "\t\t\t");
257 _gnutls_buffer_hexprint (str
, buffer
, size
);
260 gnutls_free (buffer
);
267 #define TYPE_CRT_SAN TYPE_CRT
268 #define TYPE_CRQ_SAN TYPE_CRQ
269 #define TYPE_CRT_IAN 4
273 gnutls_x509_crt_t crt
;
274 gnutls_x509_crq_t crq
;
275 gnutls_x509_crl_t crl
;
279 print_aki_gn_serial (gnutls_buffer_st
* str
, int type
, cert_type_t cert
)
283 size_t size
= 0, serial_size
= sizeof(serial
);
284 unsigned int alt_type
;
287 if (type
== TYPE_CRT
)
289 gnutls_x509_crt_get_authority_key_gn_serial(cert
.crt
, 0, NULL
, &size
,
290 &alt_type
, serial
, &serial_size
, NULL
);
291 else if (type
== TYPE_CRL
)
293 gnutls_x509_crl_get_authority_key_gn_serial(cert
.crl
, 0, NULL
, &size
,
294 &alt_type
, serial
, &serial_size
, NULL
);
301 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
303 addf (str
, "error: get_authority_key_gn_serial: %s\n", gnutls_strerror (err
));
307 buffer
= gnutls_malloc (size
);
310 addf (str
, "error: malloc: %s\n",
311 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
315 if (type
== TYPE_CRT
)
317 gnutls_x509_crt_get_authority_key_gn_serial(cert
.crt
, 0, buffer
, &size
,
318 &alt_type
, serial
, &serial_size
, NULL
);
321 gnutls_x509_crl_get_authority_key_gn_serial(cert
.crl
, 0, buffer
, &size
,
322 &alt_type
, serial
, &serial_size
, NULL
);
326 gnutls_free (buffer
);
327 addf (str
, "error: get_authority_key_gn_serial2: %s\n", gnutls_strerror (err
));
331 add_altname(str
, "", alt_type
, buffer
, size
);
332 adds (str
, "\t\t\tserial: ");
333 _gnutls_buffer_hexprint (str
, serial
, serial_size
);
336 gnutls_free (buffer
);
340 print_aki (gnutls_buffer_st
* str
, int type
, cert_type_t cert
)
346 if (type
== TYPE_CRT
)
348 gnutls_x509_crt_get_authority_key_id (cert
.crt
, buffer
, &size
, NULL
);
349 else if (type
== TYPE_CRL
)
351 gnutls_x509_crl_get_authority_key_id (cert
.crl
, buffer
, &size
, NULL
);
358 if (err
== GNUTLS_E_X509_UNSUPPORTED_EXTENSION
)
360 /* Check if an alternative name is there */
361 print_aki_gn_serial(str
, type
, cert
);
365 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
367 addf (str
, "error: get_authority_key_id: %s\n", gnutls_strerror (err
));
371 buffer
= gnutls_malloc (size
);
374 addf (str
, "error: malloc: %s\n",
375 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
379 if (type
== TYPE_CRT
)
381 gnutls_x509_crt_get_authority_key_id (cert
.crt
, buffer
, &size
, NULL
);
384 gnutls_x509_crl_get_authority_key_id (cert
.crl
, buffer
, &size
, NULL
);
388 gnutls_free (buffer
);
389 addf (str
, "error: get_authority_key_id2: %s\n", gnutls_strerror (err
));
393 adds (str
, "\t\t\t");
394 _gnutls_buffer_hexprint (str
, buffer
, size
);
397 gnutls_free (buffer
);
401 print_key_usage (gnutls_buffer_st
* str
, const char *prefix
, int type
,
404 unsigned int key_usage
;
407 if (type
== TYPE_CRT
)
408 err
= gnutls_x509_crt_get_key_usage (cert
.crt
, &key_usage
, NULL
);
409 else if (type
== TYPE_CRQ
)
410 err
= gnutls_x509_crq_get_key_usage (cert
.crq
, &key_usage
, NULL
);
416 addf (str
, "error: get_key_usage: %s\n", gnutls_strerror (err
));
420 if (key_usage
& GNUTLS_KEY_DIGITAL_SIGNATURE
)
421 addf (str
, _("%s\t\t\tDigital signature.\n"), prefix
);
422 if (key_usage
& GNUTLS_KEY_NON_REPUDIATION
)
423 addf (str
, _("%s\t\t\tNon repudiation.\n"), prefix
);
424 if (key_usage
& GNUTLS_KEY_KEY_ENCIPHERMENT
)
425 addf (str
, _("%s\t\t\tKey encipherment.\n"), prefix
);
426 if (key_usage
& GNUTLS_KEY_DATA_ENCIPHERMENT
)
427 addf (str
, _("%s\t\t\tData encipherment.\n"), prefix
);
428 if (key_usage
& GNUTLS_KEY_KEY_AGREEMENT
)
429 addf (str
, _("%s\t\t\tKey agreement.\n"), prefix
);
430 if (key_usage
& GNUTLS_KEY_KEY_CERT_SIGN
)
431 addf (str
, _("%s\t\t\tCertificate signing.\n"), prefix
);
432 if (key_usage
& GNUTLS_KEY_CRL_SIGN
)
433 addf (str
, _("%s\t\t\tCRL signing.\n"), prefix
);
434 if (key_usage
& GNUTLS_KEY_ENCIPHER_ONLY
)
435 addf (str
, _("%s\t\t\tKey encipher only.\n"), prefix
);
436 if (key_usage
& GNUTLS_KEY_DECIPHER_ONLY
)
437 addf (str
, _("%s\t\t\tKey decipher only.\n"), prefix
);
441 print_private_key_usage_period (gnutls_buffer_st
* str
, const char *prefix
, int type
,
444 time_t activation
, expiration
;
450 if (type
== TYPE_CRT
)
451 err
= gnutls_x509_crt_get_private_key_usage_period (cert
.crt
, &activation
, &expiration
, NULL
);
452 else if (type
== TYPE_CRQ
)
453 err
= gnutls_x509_crq_get_private_key_usage_period (cert
.crq
, &activation
, &expiration
, NULL
);
459 addf (str
, "error: get_private_key_usage_period: %s\n", gnutls_strerror (err
));
465 if (gmtime_r (&activation
, &t
) == NULL
)
466 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) activation
);
467 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
468 addf (str
, "error: strftime (%ld)\n", (unsigned long) activation
);
470 addf (str
, _("\t\t\tNot Before: %s\n"), s
);
472 if (gmtime_r (&expiration
, &t
) == NULL
)
473 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) expiration
);
474 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
475 addf (str
, "error: strftime (%ld)\n", (unsigned long) expiration
);
477 addf (str
, _("\t\t\tNot After: %s\n"), s
);
482 print_crldist (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
)
491 for (indx
= 0;; indx
++)
494 err
= gnutls_x509_crt_get_crl_dist_points (cert
, indx
, buffer
, &size
,
496 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
498 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
500 addf (str
, "error: get_crl_dist_points: %s\n",
501 gnutls_strerror (err
));
505 buffer
= gnutls_malloc (size
);
508 addf (str
, "error: malloc: %s\n",
509 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
513 err
= gnutls_x509_crt_get_crl_dist_points (cert
, indx
, buffer
, &size
,
517 gnutls_free (buffer
);
518 addf (str
, "error: get_crl_dist_points2: %s\n",
519 gnutls_strerror (err
));
523 if ((err
== GNUTLS_SAN_DNSNAME
524 || err
== GNUTLS_SAN_RFC822NAME
525 || err
== GNUTLS_SAN_URI
) && strlen (buffer
) != size
)
527 adds (str
, _("warning: distributionPoint contains an embedded NUL, "
528 "replacing with '!'\n"));
529 while (strlen (buffer
) < size
)
530 buffer
[strlen (buffer
)] = '!';
535 case GNUTLS_SAN_DNSNAME
:
536 addf (str
, "\t\t\tDNSname: %.*s\n", (int) size
, buffer
);
539 case GNUTLS_SAN_RFC822NAME
:
540 addf (str
, "\t\t\tRFC822name: %.*s\n", (int) size
, buffer
);
544 addf (str
, "\t\t\tURI: %.*s\n", (int) size
, buffer
);
547 case GNUTLS_SAN_IPADDRESS
:
548 p
= ip_to_string (buffer
, size
, str_ip
, sizeof (str_ip
));
551 addf (str
, "\t\t\tIPAddress: %s\n", p
);
555 addf (str
, "\t\t\tdirectoryName: %.*s\n", (int) size
, buffer
);
559 addf (str
, "error: unknown SAN\n");
562 gnutls_free (buffer
);
567 print_key_purpose (gnutls_buffer_st
* str
, const char *prefix
, int type
,
575 for (indx
= 0;; indx
++)
578 if (type
== TYPE_CRT
)
579 err
= gnutls_x509_crt_get_key_purpose_oid (cert
.crt
, indx
, buffer
,
581 else if (type
== TYPE_CRQ
)
582 err
= gnutls_x509_crq_get_key_purpose_oid (cert
.crq
, indx
, buffer
,
587 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
589 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
591 addf (str
, "error: get_key_purpose_oid: %s\n",
592 gnutls_strerror (err
));
596 buffer
= gnutls_malloc (size
);
599 addf (str
, "error: malloc: %s\n",
600 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
604 if (type
== TYPE_CRT
)
605 err
= gnutls_x509_crt_get_key_purpose_oid (cert
.crt
, indx
, buffer
,
608 err
= gnutls_x509_crq_get_key_purpose_oid (cert
.crq
, indx
, buffer
,
613 gnutls_free (buffer
);
614 addf (str
, "error: get_key_purpose_oid2: %s\n",
615 gnutls_strerror (err
));
619 if (strcmp (buffer
, GNUTLS_KP_TLS_WWW_SERVER
) == 0)
620 addf (str
, _("%s\t\t\tTLS WWW Server.\n"), prefix
);
621 else if (strcmp (buffer
, GNUTLS_KP_TLS_WWW_CLIENT
) == 0)
622 addf (str
, _("%s\t\t\tTLS WWW Client.\n"), prefix
);
623 else if (strcmp (buffer
, GNUTLS_KP_CODE_SIGNING
) == 0)
624 addf (str
, _("%s\t\t\tCode signing.\n"), prefix
);
625 else if (strcmp (buffer
, GNUTLS_KP_EMAIL_PROTECTION
) == 0)
626 addf (str
, _("%s\t\t\tEmail protection.\n"), prefix
);
627 else if (strcmp (buffer
, GNUTLS_KP_TIME_STAMPING
) == 0)
628 addf (str
, _("%s\t\t\tTime stamping.\n"), prefix
);
629 else if (strcmp (buffer
, GNUTLS_KP_OCSP_SIGNING
) == 0)
630 addf (str
, _("%s\t\t\tOCSP signing.\n"), prefix
);
631 else if (strcmp (buffer
, GNUTLS_KP_IPSEC_IKE
) == 0)
632 addf (str
, _("%s\t\t\tIpsec IKE.\n"), prefix
);
633 else if (strcmp (buffer
, GNUTLS_KP_ANY
) == 0)
634 addf (str
, _("%s\t\t\tAny purpose.\n"), prefix
);
636 addf (str
, "%s\t\t\t%s\n", prefix
, buffer
);
638 gnutls_free (buffer
);
643 print_basic (gnutls_buffer_st
* str
, const char *prefix
, int type
,
649 if (type
== TYPE_CRT
)
651 gnutls_x509_crt_get_basic_constraints (cert
.crt
, NULL
, NULL
, &pathlen
);
652 else if (type
== TYPE_CRQ
)
654 gnutls_x509_crq_get_basic_constraints (cert
.crq
, NULL
, NULL
, &pathlen
);
660 addf (str
, "error: get_basic_constraints: %s\n", gnutls_strerror (err
));
665 addf (str
, _("%s\t\t\tCertificate Authority (CA): FALSE\n"), prefix
);
667 addf (str
, _("%s\t\t\tCertificate Authority (CA): TRUE\n"), prefix
);
670 addf (str
, _("%s\t\t\tPath Length Constraint: %d\n"), prefix
, pathlen
);
675 print_altname (gnutls_buffer_st
* str
, const char *prefix
, unsigned int altname_type
,
678 unsigned int altname_idx
;
680 for (altname_idx
= 0;; altname_idx
++)
686 if (altname_type
== TYPE_CRT_SAN
)
688 gnutls_x509_crt_get_subject_alt_name (cert
.crt
, altname_idx
, buffer
,
690 else if (altname_type
== TYPE_CRQ_SAN
)
692 gnutls_x509_crq_get_subject_alt_name (cert
.crq
, altname_idx
, buffer
,
694 else if (altname_type
== TYPE_CRT_IAN
)
696 gnutls_x509_crt_get_issuer_alt_name (cert
.crt
, altname_idx
, buffer
,
701 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
703 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
705 addf (str
, "error: get_subject/issuer_alt_name: %s\n",
706 gnutls_strerror (err
));
710 buffer
= gnutls_malloc (size
);
713 addf (str
, "error: malloc: %s\n",
714 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
718 if (altname_type
== TYPE_CRT_SAN
)
720 gnutls_x509_crt_get_subject_alt_name (cert
.crt
, altname_idx
, buffer
,
722 else if (altname_type
== TYPE_CRQ_SAN
)
724 gnutls_x509_crq_get_subject_alt_name (cert
.crq
, altname_idx
, buffer
,
726 else if (altname_type
== TYPE_CRT_IAN
)
727 err
= gnutls_x509_crt_get_issuer_alt_name (cert
.crt
, altname_idx
,
728 buffer
, &size
, NULL
);
732 gnutls_free (buffer
);
733 addf (str
, "error: get_subject/issuer_alt_name2: %s\n",
734 gnutls_strerror (err
));
739 if (err
== GNUTLS_SAN_OTHERNAME
)
745 if (altname_type
== TYPE_CRT_SAN
)
746 err
= gnutls_x509_crt_get_subject_alt_othername_oid
747 (cert
.crt
, altname_idx
, oid
, &oidsize
);
748 else if (altname_type
== TYPE_CRQ_SAN
)
749 err
= gnutls_x509_crq_get_subject_alt_othername_oid
750 (cert
.crq
, altname_idx
, oid
, &oidsize
);
751 else if (altname_type
== TYPE_CRT_IAN
)
752 err
= gnutls_x509_crt_get_issuer_alt_othername_oid
753 (cert
.crt
, altname_idx
, oid
, &oidsize
);
755 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
757 gnutls_free (buffer
);
759 "error: get_subject/issuer_alt_othername_oid: %s\n",
760 gnutls_strerror (err
));
764 oid
= gnutls_malloc (oidsize
);
767 gnutls_free (buffer
);
768 addf (str
, "error: malloc: %s\n",
769 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
773 if (altname_type
== TYPE_CRT_SAN
)
774 err
= gnutls_x509_crt_get_subject_alt_othername_oid
775 (cert
.crt
, altname_idx
, oid
, &oidsize
);
776 else if (altname_type
== TYPE_CRQ_SAN
)
777 err
= gnutls_x509_crq_get_subject_alt_othername_oid
778 (cert
.crq
, altname_idx
, oid
, &oidsize
);
779 else if (altname_type
== TYPE_CRT_IAN
)
780 err
= gnutls_x509_crt_get_issuer_alt_othername_oid
781 (cert
.crt
, altname_idx
, oid
, &oidsize
);
785 gnutls_free (buffer
);
787 addf (str
, "error: get_subject_alt_othername_oid2: %s\n",
788 gnutls_strerror (err
));
792 if (err
== GNUTLS_SAN_OTHERNAME_XMPP
)
794 if (strlen (buffer
) != size
)
796 adds (str
, _("warning: altname contains an embedded NUL, "
797 "replacing with '!'\n"));
798 while (strlen (buffer
) < size
)
799 buffer
[strlen (buffer
)] = '!';
802 addf (str
, _("%s\t\t\tXMPP Address: %.*s\n"), prefix
,
807 addf (str
, _("%s\t\t\totherName OID: %.*s\n"), prefix
,
809 addf (str
, _("%s\t\t\totherName DER: "), prefix
);
810 _gnutls_buffer_hexprint (str
, buffer
, size
);
811 addf (str
, _("\n%s\t\t\totherName ASCII: "), prefix
);
812 _gnutls_buffer_asciiprint (str
, buffer
, size
);
818 add_altname(str
, prefix
, err
, buffer
, size
);
820 gnutls_free (buffer
);
825 guiddump (gnutls_buffer_st
* str
, const char *data
, size_t len
,
833 addf (str
, "%.2X", (unsigned char) data
[3]);
834 addf (str
, "%.2X", (unsigned char) data
[2]);
835 addf (str
, "%.2X", (unsigned char) data
[1]);
836 addf (str
, "%.2X", (unsigned char) data
[0]);
838 addf (str
, "%.2X", (unsigned char) data
[5]);
839 addf (str
, "%.2X", (unsigned char) data
[4]);
841 addf (str
, "%.2X", (unsigned char) data
[7]);
842 addf (str
, "%.2X", (unsigned char) data
[6]);
844 addf (str
, "%.2X", (unsigned char) data
[8]);
845 addf (str
, "%.2X", (unsigned char) data
[9]);
847 for (j
= 10; j
< 16; j
++)
849 addf (str
, "%.2X", (unsigned char) data
[j
]);
855 print_unique_ids (gnutls_buffer_st
* str
, const gnutls_x509_crt_t cert
)
858 char buf
[256]; /* if its longer, we won't bother to print it */
859 size_t buf_size
= 256;
861 result
= gnutls_x509_crt_get_issuer_unique_id (cert
, buf
, &buf_size
);
864 addf (str
, ("\t\tIssuer Unique ID:\n"));
865 _gnutls_buffer_hexdump (str
, buf
, buf_size
, "\t\t\t");
867 { /* this could be a GUID */
868 guiddump (str
, buf
, buf_size
, "\t\t\t");
873 result
= gnutls_x509_crt_get_subject_unique_id (cert
, buf
, &buf_size
);
876 addf (str
, ("\t\tSubject Unique ID:\n"));
877 _gnutls_buffer_hexdump (str
, buf
, buf_size
, "\t\t\t");
879 { /* this could be a GUID */
880 guiddump (str
, buf
, buf_size
, "\t\t\t");
886 print_extensions (gnutls_buffer_st
* str
, const char *prefix
, int type
,
894 int keyusage_idx
= 0;
895 int keypurpose_idx
= 0;
898 int crldist_idx
= 0, pkey_usage_period_idx
= 0;
902 char oid
[MAX_OID_SIZE
] = "";
903 size_t sizeof_oid
= sizeof (oid
);
904 unsigned int critical
;
906 if (type
== TYPE_CRT
)
907 err
= gnutls_x509_crt_get_extension_info (cert
.crt
, i
,
911 else if (type
== TYPE_CRQ
)
912 err
= gnutls_x509_crq_get_extension_info (cert
.crq
, i
,
923 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
925 addf (str
, "error: get_extension_info: %s\n",
926 gnutls_strerror (err
));
931 addf (str
, _("%s\tExtensions:\n"), prefix
);
933 if (strcmp (oid
, "2.5.29.19") == 0)
937 addf (str
, "error: more than one basic constraint\n");
941 addf (str
, _("%s\t\tBasic Constraints (%s):\n"), prefix
,
942 critical
? _("critical") : _("not critical"));
944 print_basic (str
, prefix
, type
, cert
);
948 else if (strcmp (oid
, "2.5.29.14") == 0)
952 addf (str
, "error: more than one SKI extension\n");
956 addf (str
, _("%s\t\tSubject Key Identifier (%s):\n"), prefix
,
957 critical
? _("critical") : _("not critical"));
959 if (type
== TYPE_CRT
)
960 print_ski (str
, cert
.crt
);
964 else if (strcmp (oid
, "2.5.29.35") == 0)
969 addf (str
, "error: more than one AKI extension\n");
973 addf (str
, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix
,
974 critical
? _("critical") : _("not critical"));
976 if (type
== TYPE_CRT
)
977 print_aki (str
, TYPE_CRT
, cert
);
981 else if (strcmp (oid
, "2.5.29.15") == 0)
985 addf (str
, "error: more than one key usage extension\n");
989 addf (str
, _("%s\t\tKey Usage (%s):\n"), prefix
,
990 critical
? _("critical") : _("not critical"));
992 print_key_usage (str
, prefix
, type
, cert
);
996 else if (strcmp (oid
, "2.5.29.16") == 0)
998 if (pkey_usage_period_idx
)
1000 addf (str
, "error: more than one private key usage period extension\n");
1004 addf (str
, _("%s\t\tPrivate Key Usage Period (%s):\n"), prefix
,
1005 critical
? _("critical") : _("not critical"));
1007 print_private_key_usage_period (str
, prefix
, type
, cert
);
1009 pkey_usage_period_idx
++;
1011 else if (strcmp (oid
, "2.5.29.37") == 0)
1015 addf (str
, "error: more than one key purpose extension\n");
1019 addf (str
, _("%s\t\tKey Purpose (%s):\n"), prefix
,
1020 critical
? _("critical") : _("not critical"));
1022 print_key_purpose (str
, prefix
, type
, cert
);
1025 else if (strcmp (oid
, "2.5.29.17") == 0)
1029 addf (str
, "error: more than one SKI extension\n");
1033 addf (str
, _("%s\t\tSubject Alternative Name (%s):\n"), prefix
,
1034 critical
? _("critical") : _("not critical"));
1036 print_altname (str
, prefix
, type
, cert
);
1040 else if (strcmp (oid
, "2.5.29.18") == 0)
1044 addf (str
, "error: more than one Issuer AltName extension\n");
1048 addf (str
, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix
,
1049 critical
? _("critical") : _("not critical"));
1051 print_altname (str
, prefix
, TYPE_CRT_IAN
, cert
);
1055 else if (strcmp (oid
, "2.5.29.31") == 0)
1059 addf (str
, "error: more than one CRL distribution point\n");
1063 addf (str
, _("%s\t\tCRL Distribution points (%s):\n"), prefix
,
1064 critical
? _("critical") : _("not critical"));
1066 if (type
== TYPE_CRT
)
1067 print_crldist (str
, cert
.crt
);
1070 else if (strcmp (oid
, "1.3.6.1.5.5.7.1.14") == 0)
1074 addf (str
, "error: more than one proxy extension\n");
1078 addf (str
, _("%s\t\tProxy Certificate Information (%s):\n"), prefix
,
1079 critical
? _("critical") : _("not critical"));
1081 if (type
== TYPE_CRT
)
1082 print_proxy (str
, cert
.crt
);
1086 else if (strcmp (oid
, "1.3.6.1.5.5.7.1.1") == 0)
1088 addf (str
, _("%s\t\tAuthority Information "
1089 "Access (%s):\n"), prefix
,
1090 critical
? _("critical") : _("not critical"));
1092 if (type
== TYPE_CRT
)
1093 print_aia (str
, cert
.crt
);
1100 addf (str
, _("%s\t\tUnknown extension %s (%s):\n"), prefix
, oid
,
1101 critical
? _("critical") : _("not critical"));
1103 if (type
== TYPE_CRT
)
1105 gnutls_x509_crt_get_extension_data (cert
.crt
, i
, NULL
, &extlen
);
1106 else if (type
== TYPE_CRQ
)
1108 gnutls_x509_crq_get_extension_data (cert
.crq
, i
, NULL
, &extlen
);
1117 addf (str
, "error: get_extension_data: %s\n",
1118 gnutls_strerror (err
));
1122 buffer
= gnutls_malloc (extlen
);
1125 addf (str
, "error: malloc: %s\n",
1126 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1130 if (type
== TYPE_CRT
)
1132 gnutls_x509_crt_get_extension_data (cert
.crt
, i
, buffer
,
1134 else if (type
== TYPE_CRQ
)
1136 gnutls_x509_crq_get_extension_data (cert
.crq
, i
, buffer
,
1141 gnutls_free (buffer
);
1142 addf (str
, "error: get_extension_data2: %s\n",
1143 gnutls_strerror (err
));
1147 addf (str
, _("%s\t\t\tASCII: "), prefix
);
1148 _gnutls_buffer_asciiprint (str
, buffer
, extlen
);
1151 addf (str
, _("%s\t\t\tHexdump: "), prefix
);
1152 _gnutls_buffer_hexprint (str
, buffer
, extlen
);
1155 gnutls_free (buffer
);
1161 print_cert (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
, int notsigned
)
1165 int version
= gnutls_x509_crt_get_version (cert
);
1167 addf (str
, "error: get_version: %s\n", gnutls_strerror (version
));
1169 addf (str
, _("\tVersion: %d\n"), version
);
1175 size_t serial_size
= sizeof (serial
);
1178 err
= gnutls_x509_crt_get_serial (cert
, serial
, &serial_size
);
1180 addf (str
, "error: get_serial: %s\n", gnutls_strerror (err
));
1183 adds (str
, _("\tSerial Number (hex): "));
1184 _gnutls_buffer_hexprint (str
, serial
, serial_size
);
1196 err
= gnutls_x509_crt_get_issuer_dn (cert
, NULL
, &dn_size
);
1197 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
1198 addf (str
, "error: get_issuer_dn: %s\n", gnutls_strerror (err
));
1201 dn
= gnutls_malloc (dn_size
);
1203 addf (str
, "error: malloc (%d): %s\n", (int) dn_size
,
1204 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1207 err
= gnutls_x509_crt_get_issuer_dn (cert
, dn
, &dn_size
);
1209 addf (str
, "error: get_issuer_dn: %s\n",
1210 gnutls_strerror (err
));
1212 addf (str
, _("\tIssuer: %s\n"), dn
);
1222 adds (str
, _("\tValidity:\n"));
1224 tim
= gnutls_x509_crt_get_activation_time (cert
);
1227 size_t max
= sizeof (s
);
1230 if (gmtime_r (&tim
, &t
) == NULL
)
1231 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) tim
);
1232 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
1233 addf (str
, "error: strftime (%ld)\n", (unsigned long) tim
);
1235 addf (str
, _("\t\tNot Before: %s\n"), s
);
1238 tim
= gnutls_x509_crt_get_expiration_time (cert
);
1241 size_t max
= sizeof (s
);
1244 if (gmtime_r (&tim
, &t
) == NULL
)
1245 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) tim
);
1246 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
1247 addf (str
, "error: strftime (%ld)\n", (unsigned long) tim
);
1249 addf (str
, _("\t\tNot After: %s\n"), s
);
1259 err
= gnutls_x509_crt_get_dn (cert
, NULL
, &dn_size
);
1260 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
1261 addf (str
, "error: get_dn: %s\n", gnutls_strerror (err
));
1264 dn
= gnutls_malloc (dn_size
);
1266 addf (str
, "error: malloc (%d): %s\n", (int) dn_size
,
1267 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1270 err
= gnutls_x509_crt_get_dn (cert
, dn
, &dn_size
);
1272 addf (str
, "error: get_dn: %s\n", gnutls_strerror (err
));
1274 addf (str
, _("\tSubject: %s\n"), dn
);
1280 /* SubjectPublicKeyInfo. */
1285 err
= gnutls_x509_crt_get_pk_algorithm (cert
, &bits
);
1287 addf (str
, "error: get_pk_algorithm: %s\n", gnutls_strerror (err
));
1290 gnutls_pubkey_t pubkey
;
1291 const char *name
= gnutls_pk_algorithm_get_name (err
);
1293 name
= _("unknown");
1297 addf (str
, _("\tSubject Public Key Algorithm: %s\n"), name
);
1298 addf (str
, _("\tCertificate Security Level: %s (%d bits)\n"),
1299 gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
1300 (err
, bits
)), bits
);
1301 err
= gnutls_pubkey_init(&pubkey
);
1304 addf (str
, "error: gnutls_pubkey_init: %s\n", gnutls_strerror (err
));
1308 err
= gnutls_pubkey_import_x509(pubkey
, cert
, 0);
1311 addf (str
, "error: gnutls_pubkey_import_x509: %s\n", gnutls_strerror (err
));
1319 gnutls_datum_t m
, e
;
1321 err
= gnutls_pubkey_get_pk_rsa_raw (pubkey
, &m
, &e
);
1323 addf (str
, "error: get_pk_rsa_raw: %s\n",
1324 gnutls_strerror (err
));
1327 addf (str
, _("\t\tModulus (bits %d):\n"), bits
);
1328 _gnutls_buffer_hexdump (str
, m
.data
, m
.size
, "\t\t\t");
1329 addf (str
, _("\t\tExponent (bits %d):\n"), e
.size
* 8);
1330 _gnutls_buffer_hexdump (str
, e
.data
, e
.size
, "\t\t\t");
1332 gnutls_free (m
.data
);
1333 gnutls_free (e
.data
);
1341 gnutls_datum_t x
, y
;
1342 gnutls_ecc_curve_t curve
;
1344 err
= gnutls_pubkey_get_pk_ecc_raw (pubkey
, &curve
, &x
, &y
);
1346 addf (str
, "error: get_pk_ecc_raw: %s\n",
1347 gnutls_strerror (err
));
1350 addf (str
, _("\t\tCurve:\t%s\n"), gnutls_ecc_curve_get_name(curve
));
1351 addf (str
, _("\t\tX:\n"));
1352 _gnutls_buffer_hexdump (str
, x
.data
, x
.size
, "\t\t\t");
1353 adds (str
, _("\t\tY:\n"));
1354 _gnutls_buffer_hexdump (str
, y
.data
, y
.size
, "\t\t\t");
1356 gnutls_free (x
.data
);
1357 gnutls_free (y
.data
);
1364 gnutls_datum_t p
, q
, g
, y
;
1366 err
= gnutls_pubkey_get_pk_dsa_raw (pubkey
, &p
, &q
, &g
, &y
);
1368 addf (str
, "error: get_pk_dsa_raw: %s\n",
1369 gnutls_strerror (err
));
1372 addf (str
, _("\t\tPublic key (bits %d):\n"), bits
);
1373 _gnutls_buffer_hexdump (str
, y
.data
, y
.size
, "\t\t\t");
1374 adds (str
, _("\t\tP:\n"));
1375 _gnutls_buffer_hexdump (str
, p
.data
, p
.size
, "\t\t\t");
1376 adds (str
, _("\t\tQ:\n"));
1377 _gnutls_buffer_hexdump (str
, q
.data
, q
.size
, "\t\t\t");
1378 adds (str
, _("\t\tG:\n"));
1379 _gnutls_buffer_hexdump (str
, g
.data
, g
.size
, "\t\t\t");
1381 gnutls_free (p
.data
);
1382 gnutls_free (q
.data
);
1383 gnutls_free (g
.data
);
1384 gnutls_free (y
.data
);
1394 gnutls_pubkey_deinit(pubkey
);
1398 print_unique_ids (str
, cert
);
1401 if (gnutls_x509_crt_get_version (cert
) >= 3)
1406 print_extensions (str
, "", TYPE_CRT
, ccert
);
1414 char *buffer
= NULL
;
1416 err
= gnutls_x509_crt_get_signature_algorithm (cert
);
1418 addf (str
, "error: get_signature_algorithm: %s\n",
1419 gnutls_strerror (err
));
1422 const char *name
= gnutls_sign_algorithm_get_name (err
);
1424 name
= _("unknown");
1425 addf (str
, _("\tSignature Algorithm: %s\n"), name
);
1427 if (err
== GNUTLS_SIGN_RSA_MD5
|| err
== GNUTLS_SIGN_RSA_MD2
)
1429 adds (str
, _("warning: signed using a broken signature "
1430 "algorithm that can be forged.\n"));
1433 err
= gnutls_x509_crt_get_signature (cert
, buffer
, &size
);
1434 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
1436 addf (str
, "error: get_signature: %s\n", gnutls_strerror (err
));
1440 buffer
= gnutls_malloc (size
);
1443 addf (str
, "error: malloc: %s\n",
1444 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1448 err
= gnutls_x509_crt_get_signature (cert
, buffer
, &size
);
1451 gnutls_free (buffer
);
1452 addf (str
, "error: get_signature2: %s\n", gnutls_strerror (err
));
1456 adds (str
, _("\tSignature:\n"));
1457 _gnutls_buffer_hexdump (str
, buffer
, size
, "\t\t");
1459 gnutls_free (buffer
);
1464 print_fingerprint (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
,
1465 gnutls_digest_algorithm_t algo
)
1468 char buffer
[MAX_HASH_SIZE
];
1469 size_t size
= sizeof (buffer
);
1471 err
= gnutls_x509_crt_get_fingerprint (cert
, algo
, buffer
, &size
);
1474 addf (str
, "error: get_fingerprint: %s\n", gnutls_strerror (err
));
1478 if (algo
== GNUTLS_DIG_MD5
)
1479 adds (str
, _("\tMD5 fingerprint:\n\t\t"));
1481 adds (str
, _("\tSHA-1 fingerprint:\n\t\t"));
1482 _gnutls_buffer_hexprint (str
, buffer
, size
);
1487 print_keyid (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
)
1490 unsigned char buffer
[32];
1491 size_t size
= sizeof(buffer
);
1496 err
= gnutls_x509_crt_get_key_id (cert
, 0, buffer
, &size
);
1499 addf (str
, "error: get_key_id: %s\n", gnutls_strerror (err
));
1503 adds (str
, _("\tPublic Key Id:\n\t\t"));
1504 _gnutls_buffer_hexprint (str
, buffer
, size
);
1507 err
= gnutls_x509_crt_get_pk_algorithm (cert
, &bits
);
1511 name
= gnutls_pk_get_name(err
);
1515 p
= _gnutls_key_fingerprint_randomart(buffer
, size
, name
, bits
, "\t\t");
1519 adds (str
, _("\tPublic key's random art:\n"));
1527 print_other (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
, int notsigned
)
1531 print_fingerprint (str
, cert
, GNUTLS_DIG_SHA1
);
1533 print_keyid (str
, cert
);
1537 print_oneline (gnutls_buffer_st
* str
, gnutls_x509_crt_t cert
)
1545 err
= gnutls_x509_crt_get_dn (cert
, NULL
, &dn_size
);
1546 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
1547 addf (str
, "unknown subject (%s), ", gnutls_strerror (err
));
1550 dn
= gnutls_malloc (dn_size
);
1552 addf (str
, "unknown subject (%s), ",
1553 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1556 err
= gnutls_x509_crt_get_dn (cert
, dn
, &dn_size
);
1558 addf (str
, "unknown subject (%s), ", gnutls_strerror (err
));
1560 addf (str
, "subject `%s', ", dn
);
1572 err
= gnutls_x509_crt_get_issuer_dn (cert
, NULL
, &dn_size
);
1573 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
1574 addf (str
, "unknown issuer (%s), ", gnutls_strerror (err
));
1577 dn
= gnutls_malloc (dn_size
);
1579 addf (str
, "unknown issuer (%s), ",
1580 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1583 err
= gnutls_x509_crt_get_issuer_dn (cert
, dn
, &dn_size
);
1585 addf (str
, "unknown issuer (%s), ", gnutls_strerror (err
));
1587 addf (str
, "issuer `%s', ", dn
);
1593 /* Key algorithm and size. */
1596 const char *name
= gnutls_pk_algorithm_get_name
1597 (gnutls_x509_crt_get_pk_algorithm (cert
, &bits
));
1600 addf (str
, "%s key %d bits, ", name
, bits
);
1603 /* Signature Algorithm. */
1607 err
= gnutls_x509_crt_get_signature_algorithm (cert
);
1609 addf (str
, "unknown signature algorithm (%s), ", gnutls_strerror (err
));
1612 const char *name
= gnutls_sign_algorithm_get_name (err
);
1614 name
= _("unknown");
1615 if (err
== GNUTLS_SIGN_RSA_MD5
|| err
== GNUTLS_SIGN_RSA_MD2
)
1616 addf (str
, _("signed using %s (broken!), "), name
);
1618 addf (str
, _("signed using %s, "), name
);
1626 tim
= gnutls_x509_crt_get_activation_time (cert
);
1629 size_t max
= sizeof (s
);
1632 if (gmtime_r (&tim
, &t
) == NULL
)
1633 addf (str
, "unknown activation (%ld), ", (unsigned long) tim
);
1634 else if (strftime (s
, max
, "%Y-%m-%d %H:%M:%S UTC", &t
) == 0)
1635 addf (str
, "failed activation (%ld), ", (unsigned long) tim
);
1637 addf (str
, "activated `%s', ", s
);
1640 tim
= gnutls_x509_crt_get_expiration_time (cert
);
1643 size_t max
= sizeof (s
);
1646 if (gmtime_r (&tim
, &t
) == NULL
)
1647 addf (str
, "unknown expiry (%ld), ", (unsigned long) tim
);
1648 else if (strftime (s
, max
, "%Y-%m-%d %H:%M:%S UTC", &t
) == 0)
1649 addf (str
, "failed expiry (%ld), ", (unsigned long) tim
);
1651 addf (str
, "expires `%s', ", s
);
1657 char *policyLanguage
;
1660 err
= gnutls_x509_crt_get_proxy (cert
, NULL
,
1661 &pathlen
, &policyLanguage
, NULL
, NULL
);
1664 addf (str
, "proxy certificate (policy=");
1665 if (strcmp (policyLanguage
, "1.3.6.1.5.5.7.21.1") == 0)
1666 addf (str
, "id-ppl-inheritALL");
1667 else if (strcmp (policyLanguage
, "1.3.6.1.5.5.7.21.2") == 0)
1668 addf (str
, "id-ppl-independent");
1670 addf (str
, "%s", policyLanguage
);
1672 addf (str
, ", pathlen=%d), ", pathlen
);
1675 gnutls_free (policyLanguage
);
1681 size_t size
= sizeof (buffer
);
1684 err
= gnutls_x509_crt_get_fingerprint (cert
, GNUTLS_DIG_SHA1
,
1688 addf (str
, "unknown fingerprint (%s)", gnutls_strerror (err
));
1692 addf (str
, "SHA-1 fingerprint `");
1693 _gnutls_buffer_hexprint (str
, buffer
, size
);
1701 * gnutls_x509_crt_print:
1702 * @cert: The structure to be printed
1703 * @format: Indicate the format to use
1704 * @out: Newly allocated datum with (0) terminated string.
1706 * This function will pretty print a X.509 certificate, suitable for
1707 * display to a human.
1709 * If the format is %GNUTLS_CRT_PRINT_FULL then all fields of the
1710 * certificate will be output, on multiple lines. The
1711 * %GNUTLS_CRT_PRINT_ONELINE format will generate one line with some
1712 * selected fields, which is useful for logging purposes.
1714 * The output @out needs to be deallocate using gnutls_free().
1716 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1717 * negative error value.
1720 gnutls_x509_crt_print (gnutls_x509_crt_t cert
,
1721 gnutls_certificate_print_formats_t format
,
1722 gnutls_datum_t
* out
)
1724 gnutls_buffer_st str
;
1727 if (format
== GNUTLS_CRT_PRINT_FULL
1728 || format
== GNUTLS_CRT_PRINT_UNSIGNED_FULL
)
1730 _gnutls_buffer_init (&str
);
1732 _gnutls_buffer_append_str (&str
, _("X.509 Certificate Information:\n"));
1734 print_cert (&str
, cert
, format
== GNUTLS_CRT_PRINT_UNSIGNED_FULL
);
1736 _gnutls_buffer_append_str (&str
, _("Other Information:\n"));
1738 print_other (&str
, cert
, format
== GNUTLS_CRT_PRINT_UNSIGNED_FULL
);
1740 _gnutls_buffer_append_data (&str
, "\0", 1);
1742 ret
= _gnutls_buffer_to_datum( &str
, out
);
1743 if (out
->size
> 0) out
->size
--;
1747 else if (format
== GNUTLS_CRT_PRINT_COMPACT
)
1749 _gnutls_buffer_init (&str
);
1751 print_oneline (&str
, cert
);
1753 _gnutls_buffer_append_data (&str
, "\n", 1);
1754 print_keyid (&str
, cert
);
1756 _gnutls_buffer_append_data (&str
, "\0", 1);
1758 ret
= _gnutls_buffer_to_datum( &str
, out
);
1759 if (out
->size
> 0) out
->size
--;
1763 else if (format
== GNUTLS_CRT_PRINT_ONELINE
)
1765 _gnutls_buffer_init (&str
);
1767 print_oneline (&str
, cert
);
1769 _gnutls_buffer_append_data (&str
, "\0", 1);
1771 ret
= _gnutls_buffer_to_datum( &str
, out
);
1772 if (out
->size
> 0) out
->size
--;
1779 return GNUTLS_E_INVALID_REQUEST
;
1784 print_crl (gnutls_buffer_st
* str
, gnutls_x509_crl_t crl
, int notsigned
)
1788 int version
= gnutls_x509_crl_get_version (crl
);
1789 if (version
== GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
)
1790 adds (str
, _("\tVersion: 1 (default)\n"));
1791 else if (version
< 0)
1792 addf (str
, "error: get_version: %s\n", gnutls_strerror (version
));
1794 addf (str
, _("\tVersion: %d\n"), version
);
1804 err
= gnutls_x509_crl_get_issuer_dn (crl
, NULL
, &dn_size
);
1805 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
1806 addf (str
, "error: get_issuer_dn: %s\n", gnutls_strerror (err
));
1809 dn
= gnutls_malloc (dn_size
);
1811 addf (str
, "error: malloc (%d): %s\n", (int) dn_size
,
1812 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1815 err
= gnutls_x509_crl_get_issuer_dn (crl
, dn
, &dn_size
);
1817 addf (str
, "error: get_issuer_dn: %s\n",
1818 gnutls_strerror (err
));
1820 addf (str
, _("\tIssuer: %s\n"), dn
);
1830 adds (str
, _("\tUpdate dates:\n"));
1832 tim
= gnutls_x509_crl_get_this_update (crl
);
1835 size_t max
= sizeof (s
);
1838 if (gmtime_r (&tim
, &t
) == NULL
)
1839 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) tim
);
1840 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
1841 addf (str
, "error: strftime (%ld)\n", (unsigned long) tim
);
1843 addf (str
, _("\t\tIssued: %s\n"), s
);
1846 tim
= gnutls_x509_crl_get_next_update (crl
);
1849 size_t max
= sizeof (s
);
1853 addf (str
, "\t\tNo next update time.\n");
1854 else if (gmtime_r (&tim
, &t
) == NULL
)
1855 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) tim
);
1856 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
1857 addf (str
, "error: strftime (%ld)\n", (unsigned long) tim
);
1859 addf (str
, _("\t\tNext at: %s\n"), s
);
1864 if (gnutls_x509_crl_get_version (crl
) >= 2)
1873 char oid
[MAX_OID_SIZE
] = "";
1874 size_t sizeof_oid
= sizeof (oid
);
1875 unsigned int critical
;
1877 err
= gnutls_x509_crl_get_extension_info (crl
, i
,
1882 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
1884 addf (str
, "error: get_extension_info: %s\n",
1885 gnutls_strerror (err
));
1890 adds (str
, _("\tExtensions:\n"));
1892 if (strcmp (oid
, "2.5.29.20") == 0)
1895 size_t nr_size
= sizeof (nr
);
1899 addf (str
, "error: more than one CRL number\n");
1903 err
= gnutls_x509_crl_get_number (crl
, nr
, &nr_size
, &critical
);
1905 addf (str
, _("\t\tCRL Number (%s): "),
1906 critical
? _("critical") : _("not critical"));
1909 addf (str
, "error: get_number: %s\n", gnutls_strerror (err
));
1912 _gnutls_buffer_hexprint (str
, nr
, nr_size
);
1918 else if (strcmp (oid
, "2.5.29.35") == 0)
1924 addf (str
, "error: more than one AKI extension\n");
1928 addf (str
, _("\t\tAuthority Key Identifier (%s):\n"),
1929 critical
? _("critical") : _("not critical"));
1932 print_aki (str
, TYPE_CRL
, ccert
);
1941 addf (str
, _("\t\tUnknown extension %s (%s):\n"), oid
,
1942 critical
? _("critical") : _("not critical"));
1944 err
= gnutls_x509_crl_get_extension_data (crl
, i
,
1948 addf (str
, "error: get_extension_data: %s\n",
1949 gnutls_strerror (err
));
1953 buffer
= gnutls_malloc (extlen
);
1956 addf (str
, "error: malloc: %s\n",
1957 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
1961 err
= gnutls_x509_crl_get_extension_data (crl
, i
,
1965 gnutls_free (buffer
);
1966 addf (str
, "error: get_extension_data2: %s\n",
1967 gnutls_strerror (err
));
1971 adds (str
, _("\t\t\tASCII: "));
1972 _gnutls_buffer_asciiprint (str
, buffer
, extlen
);
1975 adds (str
, _("\t\t\tHexdump: "));
1976 _gnutls_buffer_hexprint (str
, buffer
, extlen
);
1979 gnutls_free (buffer
);
1985 /* Revoked certificates. */
1987 int num
= gnutls_x509_crl_get_crt_count (crl
);
1991 addf (str
, _("\tRevoked certificates (%d):\n"), num
);
1993 adds (str
, _("\tNo revoked certificates.\n"));
1995 for (j
= 0; j
< num
; j
++)
1997 unsigned char serial
[128];
1998 size_t serial_size
= sizeof (serial
);
2002 err
= gnutls_x509_crl_get_crt_serial (crl
, j
, serial
,
2003 &serial_size
, &tim
);
2005 addf (str
, "error: get_crt_serial: %s\n", gnutls_strerror (err
));
2009 size_t max
= sizeof (s
);
2012 adds (str
, _("\t\tSerial Number (hex): "));
2013 _gnutls_buffer_hexprint (str
, serial
, serial_size
);
2016 if (gmtime_r (&tim
, &t
) == NULL
)
2017 addf (str
, "error: gmtime_r (%ld)\n", (unsigned long) tim
);
2018 else if (strftime (s
, max
, "%a %b %d %H:%M:%S UTC %Y", &t
) == 0)
2019 addf (str
, "error: strftime (%ld)\n", (unsigned long) tim
);
2021 addf (str
, _("\t\tRevoked at: %s\n"), s
);
2031 char *buffer
= NULL
;
2033 err
= gnutls_x509_crl_get_signature_algorithm (crl
);
2035 addf (str
, "error: get_signature_algorithm: %s\n",
2036 gnutls_strerror (err
));
2039 const char *name
= gnutls_sign_algorithm_get_name (err
);
2041 name
= _("unknown");
2042 addf (str
, _("\tSignature Algorithm: %s\n"), name
);
2044 if (err
== GNUTLS_SIGN_RSA_MD5
|| err
== GNUTLS_SIGN_RSA_MD2
)
2046 adds (str
, _("warning: signed using a broken signature "
2047 "algorithm that can be forged.\n"));
2050 err
= gnutls_x509_crl_get_signature (crl
, buffer
, &size
);
2051 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
2053 addf (str
, "error: get_signature: %s\n", gnutls_strerror (err
));
2057 buffer
= gnutls_malloc (size
);
2060 addf (str
, "error: malloc: %s\n",
2061 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
2065 err
= gnutls_x509_crl_get_signature (crl
, buffer
, &size
);
2068 gnutls_free (buffer
);
2069 addf (str
, "error: get_signature2: %s\n", gnutls_strerror (err
));
2073 adds (str
, _("\tSignature:\n"));
2074 _gnutls_buffer_hexdump (str
, buffer
, size
, "\t\t");
2076 gnutls_free (buffer
);
2081 * gnutls_x509_crl_print:
2082 * @crl: The structure to be printed
2083 * @format: Indicate the format to use
2084 * @out: Newly allocated datum with (0) terminated string.
2086 * This function will pretty print a X.509 certificate revocation
2087 * list, suitable for display to a human.
2089 * The output @out needs to be deallocate using gnutls_free().
2091 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
2092 * negative error value.
2095 gnutls_x509_crl_print (gnutls_x509_crl_t crl
,
2096 gnutls_certificate_print_formats_t format
,
2097 gnutls_datum_t
* out
)
2099 gnutls_buffer_st str
;
2102 _gnutls_buffer_init (&str
);
2104 _gnutls_buffer_append_str
2105 (&str
, _("X.509 Certificate Revocation List Information:\n"));
2107 print_crl (&str
, crl
, format
== GNUTLS_CRT_PRINT_UNSIGNED_FULL
);
2109 _gnutls_buffer_append_data (&str
, "\0", 1);
2111 ret
= _gnutls_buffer_to_datum( &str
, out
);
2112 if (out
->size
> 0) out
->size
--;
2118 print_crq (gnutls_buffer_st
* str
, gnutls_x509_crq_t cert
)
2122 int version
= gnutls_x509_crq_get_version (cert
);
2124 addf (str
, "error: get_version: %s\n", gnutls_strerror (version
));
2126 addf (str
, _("\tVersion: %d\n"), version
);
2135 err
= gnutls_x509_crq_get_dn (cert
, NULL
, &dn_size
);
2136 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
2137 addf (str
, "error: get_dn: %s\n", gnutls_strerror (err
));
2140 dn
= gnutls_malloc (dn_size
);
2142 addf (str
, "error: malloc (%d): %s\n", (int) dn_size
,
2143 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
2146 err
= gnutls_x509_crq_get_dn (cert
, dn
, &dn_size
);
2148 addf (str
, "error: get_dn: %s\n", gnutls_strerror (err
));
2150 addf (str
, _("\tSubject: %s\n"), dn
);
2156 /* SubjectPublicKeyInfo. */
2161 err
= gnutls_x509_crq_get_pk_algorithm (cert
, &bits
);
2163 addf (str
, "error: get_pk_algorithm: %s\n", gnutls_strerror (err
));
2166 const char *name
= gnutls_pk_algorithm_get_name (err
);
2168 name
= _("unknown");
2170 addf (str
, _("\tSubject Public Key Algorithm: %s\n"), name
);
2175 gnutls_datum_t m
, e
;
2177 err
= gnutls_x509_crq_get_key_rsa_raw (cert
, &m
, &e
);
2179 addf (str
, "error: get_pk_rsa_raw: %s\n",
2180 gnutls_strerror (err
));
2183 addf (str
, _("\t\tModulus (bits %d):\n"), bits
);
2184 _gnutls_buffer_hexdump (str
, m
.data
, m
.size
, "\t\t\t");
2185 adds (str
, _("\t\tExponent:\n"));
2186 _gnutls_buffer_hexdump (str
, e
.data
, e
.size
, "\t\t\t");
2188 gnutls_free (m
.data
);
2189 gnutls_free (e
.data
);
2194 #if 0 /* not implemented yet */
2197 gnutls_datum_t p
, q
, g
, y
;
2199 err
= gnutls_x509_crq_get_key_dsa_raw (cert
, &p
, &q
, &g
, &y
);
2201 addf (str
, "error: get_pk_dsa_raw: %s\n",
2202 gnutls_strerror (err
));
2205 addf (str
, _("\t\tPublic key (bits %d):\n"), bits
);
2206 _gnutls_buffer_hexdump (str
, y
.data
, y
.size
, "\t\t\t");
2207 addf (str
, _("\t\tP:\n"));
2208 _gnutls_buffer_hexdump (str
, p
.data
, p
.size
, "\t\t\t");
2209 addf (str
, _("\t\tQ:\n"));
2210 _gnutls_buffer_hexdump (str
, q
.data
, q
.size
, "\t\t\t");
2211 addf (str
, _("\t\tG:\n"));
2212 _gnutls_buffer_hexdump (str
, g
.data
, g
.size
, "\t\t\t");
2214 gnutls_free (p
.data
);
2215 gnutls_free (q
.data
);
2216 gnutls_free (g
.data
);
2217 gnutls_free (y
.data
);
2229 /* parse attributes */
2238 char oid
[MAX_OID_SIZE
] = "";
2239 size_t sizeof_oid
= sizeof (oid
);
2241 err
= gnutls_x509_crq_get_attribute_info (cert
, i
, oid
, &sizeof_oid
);
2244 if (err
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
2246 addf (str
, "error: get_extension_info: %s\n",
2247 gnutls_strerror (err
));
2252 adds (str
, _("\tAttributes:\n"));
2254 if (strcmp (oid
, "1.2.840.113549.1.9.14") == 0)
2260 addf (str
, "error: more than one extensionsRequest\n");
2265 print_extensions (str
, "\t", TYPE_CRQ
, ccert
);
2269 else if (strcmp (oid
, "1.2.840.113549.1.9.7") == 0)
2277 "error: more than one Challenge password attribute\n");
2281 err
= gnutls_x509_crq_get_challenge_password (cert
, NULL
, &size
);
2284 addf (str
, "error: get_challenge_password: %s\n",
2285 gnutls_strerror (err
));
2291 pass
= gnutls_malloc (size
);
2294 addf (str
, "error: malloc: %s\n",
2295 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
2299 err
= gnutls_x509_crq_get_challenge_password (cert
, pass
, &size
);
2301 addf (str
, "error: get_challenge_password: %s\n",
2302 gnutls_strerror (err
));
2304 addf (str
, _("\t\tChallenge password: %s\n"), pass
);
2315 addf (str
, _("\t\tUnknown attribute %s:\n"), oid
);
2317 err
= gnutls_x509_crq_get_attribute_data (cert
, i
, NULL
, &extlen
);
2320 addf (str
, "error: get_attribute_data: %s\n",
2321 gnutls_strerror (err
));
2325 buffer
= gnutls_malloc (extlen
);
2328 addf (str
, "error: malloc: %s\n",
2329 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
2333 err
= gnutls_x509_crq_get_attribute_data (cert
, i
,
2337 gnutls_free (buffer
);
2338 addf (str
, "error: get_attribute_data2: %s\n",
2339 gnutls_strerror (err
));
2343 adds (str
, _("\t\t\tASCII: "));
2344 _gnutls_buffer_asciiprint (str
, buffer
, extlen
);
2347 adds (str
, _("\t\t\tHexdump: "));
2348 _gnutls_buffer_hexprint (str
, buffer
, extlen
);
2351 gnutls_free (buffer
);
2358 print_crq_other (gnutls_buffer_st
* str
, gnutls_x509_crq_t crq
)
2362 unsigned char *buffer
= NULL
;
2364 err
= gnutls_x509_crq_get_key_id (crq
, 0, buffer
, &size
);
2365 if (err
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
2367 addf (str
, "error: get_key_id: %s\n", gnutls_strerror (err
));
2371 buffer
= gnutls_malloc (size
);
2374 addf (str
, "error: malloc: %s\n",
2375 gnutls_strerror (GNUTLS_E_MEMORY_ERROR
));
2379 err
= gnutls_x509_crq_get_key_id (crq
, 0, buffer
, &size
);
2382 gnutls_free (buffer
);
2383 addf (str
, "error: get_key_id2: %s\n", gnutls_strerror (err
));
2387 adds (str
, _("\tPublic Key Id:\n\t\t"));
2388 _gnutls_buffer_hexprint (str
, buffer
, size
);
2391 gnutls_free (buffer
);
2395 * gnutls_x509_crq_print:
2396 * @crq: The structure to be printed
2397 * @format: Indicate the format to use
2398 * @out: Newly allocated datum with (0) terminated string.
2400 * This function will pretty print a certificate request, suitable for
2401 * display to a human.
2403 * The output @out needs to be deallocate using gnutls_free().
2405 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
2406 * negative error value.
2411 gnutls_x509_crq_print (gnutls_x509_crq_t crq
,
2412 gnutls_certificate_print_formats_t format
,
2413 gnutls_datum_t
* out
)
2415 gnutls_buffer_st str
;
2418 _gnutls_buffer_init (&str
);
2420 _gnutls_buffer_append_str
2421 (&str
, _("PKCS #10 Certificate Request Information:\n"));
2423 print_crq (&str
, crq
);
2425 _gnutls_buffer_append_str (&str
, _("Other Information:\n"));
2427 print_crq_other (&str
, crq
);
2429 _gnutls_buffer_append_data (&str
, "\0", 1);
2431 ret
= _gnutls_buffer_to_datum( &str
, out
);
2432 if (out
->size
> 0) out
->size
--;