[rs-commit] r98 - /redwax-tool/trunk/redwax_openssl.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Nov 30 15:16:09 CET 2021
Author: minfrin at redwax.eu
Date: Tue Nov 30 15:16:07 2021
New Revision: 98
Log:
Output certificate data when the --text option is
specified.
Modified:
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Tue Nov 30 15:16:07 2021
@@ -710,6 +710,17 @@
return APR_SUCCESS;
}
+#if 0
+static apr_status_t cleanup_bn(void *dummy)
+{
+ if (dummy) {
+ BN_free(dummy);
+ }
+
+ return APR_SUCCESS;
+}
+#endif
+
static apr_status_t cleanup_bio(void *dummy)
{
if (dummy) {
@@ -2545,6 +2556,296 @@
return apr_file_writev(ctx, vec, nvec, &nbytes);
}
+static apr_status_t redwax_openssl_spki_metadata(redwax_tool_t *r,
+ redwax_metadata_t *m, const X509_PUBKEY *xpkey)
+{
+ EVP_PKEY *pkey = NULL;
+ ASN1_OBJECT *xpoid;
+ BIO *bio;
+ char *buf = NULL;
+ int len = 0;
+
+ X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
+
+ redwax_metadata_push_object(m, "SubjectPublicKeyInfo", 0);
+
+ if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+ return 0;
+ }
+
+ i2a_ASN1_OBJECT(bio, xpoid);
+
+ len = BIO_get_mem_data(bio, &buf);
+
+ redwax_metadata_add_string(m, "PublicKeyAlgorithm",
+ apr_psprintf(m->pool, "%.*s", len, buf));
+
+ BIO_free(bio);
+
+ pkey = X509_PUBKEY_get(xpkey);
+ if (pkey) {
+#if 0
+// EVP_PKEY_print_public(bp, pkey, 16, NULL);
+#endif
+ }
+
+ redwax_metadata_pop_object(m);
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_extensions_metadata(redwax_tool_t *r,
+ redwax_metadata_t *m, const STACK_OF(X509_EXTENSION) *xe)
+{
+
+ return APR_ENOTIMPL;
+}
+
+static apr_status_t redwax_openssl_signature_metadata(redwax_tool_t *r,
+ redwax_metadata_t *m, const X509_ALGOR *sig_alg, const ASN1_BIT_STRING *sig)
+{
+
+ BIO *bio;
+ char *buf = NULL;
+ int len = 0;
+
+ if (sig_alg) {
+
+ if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+ return 0;
+ }
+
+ i2a_ASN1_OBJECT(bio, sig_alg->algorithm);
+
+ len = BIO_get_mem_data(bio, &buf);
+
+ redwax_metadata_add_string(m, "SignatureAlgorithm",
+ apr_psprintf(m->pool, "%.*s", len, buf));
+
+ BIO_free(bio);
+ }
+
+ if (sig) {
+
+ redwax_metadata_add_string(m, "SignatureValue",
+ redwax_pencode_base16_binary(m->pool,
+ sig->data, sig->length,
+ REDWAX_ENCODE_LOWER | REDWAX_ENCODE_COLON, NULL));
+ }
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_cert_metadata(redwax_tool_t *r,
+ redwax_metadata_t *m, const redwax_certificate_t *cert)
+{
+
+ redwax_metadata_push_object(m, "Certificate", 0);
+ redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
+ cert->x509->id_der && cert->x509->id_len) {
+ redwax_metadata_add_string(m, "Id",
+ redwax_pencode_base16_binary(m->pool,
+ cert->x509->id_der, cert->x509->id_len,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
+ if (cert->label && cert->label_len) {
+ redwax_metadata_add_string(m, "Label",
+ apr_pstrndup(m->pool, cert->label, cert->label_len));
+ }
+ if (cert->token && cert->token_len) {
+ redwax_metadata_add_string(m, "Token",
+ apr_pstrndup(m->pool, cert->token, cert->token_len));
+ }
+
+ if (r->text) {
+
+ const unsigned char *der = cert->der;
+
+ X509 *x = d2i_X509(NULL, &der, cert->len);
+
+ if (x) {
+
+ const STACK_OF(X509_EXTENSION) *xe;
+ const ASN1_BIT_STRING *iuid, *suid;
+ X509_PUBKEY *xpkey;
+ const X509_ALGOR *tsig_alg;
+ const ASN1_BIT_STRING *sig;
+ ASN1_INTEGER *bs;
+ const ASN1_TIME *tm;
+ long l;
+
+ redwax_metadata_push_object(m, "Data", 0);
+
+ /* version */
+ l = X509_get_version(x);
+ if (l >= 0 && l <= 2) {
+ redwax_metadata_add_string(m, "Version",
+ apr_psprintf(m->pool, "%ld (0x%lx)", l + 1, (unsigned long)l));
+ } else {
+ redwax_metadata_add_string(m, "Version",
+ apr_psprintf(m->pool, "Unknown (%ld)", l));
+ }
+
+ /* serial number */
+ bs = X509_get_serialNumber(x);
+
+ if (bs) {
+
+ redwax_metadata_add_string(m, "SerialNumber",
+ redwax_pencode_base16_binary(m->pool,
+ bs->data, bs->length,
+ REDWAX_ENCODE_LOWER | REDWAX_ENCODE_COLON, NULL));
+ }
+
+ /* signature algorithm */
+ tsig_alg = X509_get0_tbs_sigalg(x);
+ if (tsig_alg) {
+
+ redwax_openssl_signature_metadata(r, m, tsig_alg, NULL);
+ }
+
+ /* issuer */
+ redwax_metadata_add_string(m, "Issuer",
+ redwax_openssl_name(m->pool, X509_get_issuer_name(x)));
+
+ /* validity */
+ redwax_metadata_push_object(m, "Validity", 0);
+
+ tm = X509_get0_notBefore(x);
+ if (tm) {
+
+ BIO *bio;
+ char *buf = NULL;
+ int len = 0;
+
+ if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+ return 0;
+ }
+
+ ASN1_TIME_print(bio, tm);
+
+ len = BIO_get_mem_data(bio, &buf);
+
+ redwax_metadata_add_string(m, "NotBefore",
+ apr_psprintf(m->pool, "%.*s", len, buf));
+
+ BIO_free(bio);
+
+ }
+
+ tm = X509_get0_notAfter(x);
+ if (tm) {
+
+ BIO *bio;
+ char *buf = NULL;
+ int len = 0;
+
+ if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+ return 0;
+ }
+
+ ASN1_TIME_print(bio, tm);
+
+ len = BIO_get_mem_data(bio, &buf);
+
+ redwax_metadata_add_string(m, "NotAfter",
+ apr_psprintf(m->pool, "%.*s", len, buf));
+
+ BIO_free(bio);
+
+ }
+
+ redwax_metadata_pop_object(m);
+
+ /* subject */
+ redwax_metadata_add_string(m, "Subject",
+ redwax_openssl_name(m->pool, X509_get_subject_name(x)));
+
+ /* public key */
+ xpkey = X509_get_X509_PUBKEY(x);
+ if (xpkey) {
+
+ redwax_openssl_spki_metadata(r, m, xpkey);
+ }
+
+ /* issuer unique id / subject unique id */
+ X509_get0_uids(x, &iuid, &suid);
+
+ if (iuid) {
+ redwax_metadata_add_string(m, "IssuerUniqueID",
+ redwax_pencode_base16_binary(m->pool,
+ iuid->data, iuid->length,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
+
+ if (suid) {
+ redwax_metadata_add_string(m, "SubjectUniqueID",
+ redwax_pencode_base16_binary(m->pool,
+ suid->data, suid->length,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
+
+ /* extensions */
+ xe = X509_get0_extensions(x);
+ if (xe) {
+
+ redwax_openssl_extensions_metadata(r, m, xe);
+ }
+
+ redwax_metadata_pop_object(m);
+
+ /* signature */
+ X509_get0_signature(&sig, &tsig_alg, x);
+ if (tsig_alg && sig) {
+
+ redwax_openssl_signature_metadata(r, m, tsig_alg, sig);
+ }
+
+ }
+
+ else {
+ redwax_openssl_print_errors(r);
+ X509_free(x);
+ }
+
+ }
+ else {
+ redwax_metadata_push_object(m, "Data", 0);
+ redwax_metadata_add_string(m, "Subject", cert->common.subject);
+ redwax_metadata_pop_object(m);
+ }
+
+ redwax_metadata_pop_object(m);
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_key_metadata(redwax_tool_t *r,
+ redwax_metadata_t *m, const redwax_key_t *key)
+{
+
+ redwax_metadata_push_object(m, "Key", 0);
+ redwax_metadata_add_string(m, "Origin", key->origin);
+ if (key->common.id_der && key->common.id_len) {
+ redwax_metadata_add_string(m, "Id",
+ redwax_pencode_base16_binary(m->pool,
+ key->common.id_der, key->common.id_len,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
+ if (key->label && key->label_len) {
+ redwax_metadata_add_string(m, "Label",
+ apr_pstrndup(m->pool, key->label, key->label_len));
+ }
+ if (key->token && key->token_len) {
+ redwax_metadata_add_string(m, "Token",
+ apr_pstrndup(m->pool, key->token, key->token_len));
+ }
+ redwax_metadata_pop_object(m);
+
+ return APR_SUCCESS;
+}
+
static apr_status_t redwax_openssl_process_metadata_out(redwax_tool_t *r,
const char *file)
{
@@ -2581,6 +2882,24 @@
const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->certs_out,
i, const redwax_certificate_t);
+ redwax_print_error(r, "metadata-out: certificate: %s\n",
+ cert->common.subject);
+
+ redwax_openssl_cert_metadata(r, m, cert);
+ }
+
+ redwax_metadata_pop_array(m);
+
+ }
+
+ if (r->chain_out) {
+
+ redwax_metadata_push_array(m, "Chains", !r->intermediates_out->nelts);
+
+ for (i = 0; i < r->intermediates_out->nelts; i++)
+ {
+ const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->intermediates_out,
+ i, const redwax_certificate_t);
#if 0
const unsigned char *der = cert->der;
@@ -2594,50 +2913,24 @@
}
#endif
- redwax_print_error(r, "metadata-out: certificate: %s\n",
+ redwax_print_error(r, "metadata-out: intermediate: %s\n",
cert->common.subject);
- redwax_metadata_push_object(m, "Certificate", 0);
- redwax_metadata_add_string(m, "Origin", cert->origin);
- if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
- cert->x509->id_der && cert->x509->id_len) {
- redwax_metadata_add_string(m, "Id",
- redwax_pencode_base16_binary(m->pool,
- cert->x509->id_der, cert->x509->id_len,
- REDWAX_ENCODE_LOWER, NULL));
- }
- if (cert->label && cert->label_len) {
- redwax_metadata_add_string(m, "Label",
- apr_pstrndup(m->pool, cert->label, cert->label_len));
- }
- if (cert->token && cert->token_len) {
- redwax_metadata_add_string(m, "Token",
- apr_pstrndup(m->pool, cert->token, cert->token_len));
- }
- redwax_metadata_push_object(m, "Data", 0);
- redwax_metadata_add_string(m, "Subject", cert->common.subject);
- redwax_metadata_pop_object(m);
- redwax_metadata_pop_object(m);
-
+ redwax_openssl_cert_metadata(r, m, cert);
}
redwax_metadata_pop_array(m);
-
- }
-
- if (r->chain_out) {
-
- redwax_metadata_push_array(m, "Chains", !r->intermediates_out->nelts);
-
- for (i = 0; i < r->intermediates_out->nelts; i++)
+ }
+
+ if (r->trust_out) {
+ for (i = 0; i < r->trusted_out->nelts; i++)
{
- const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->intermediates_out,
- i, const redwax_certificate_t);
+ const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->trusted_out, i, const redwax_certificate_t);
#if 0
const unsigned char *der = cert->der;
- X509 *xi = d2i_X509(NULL, &der, cert->len);
+ X509 *xi = d2i_X509_AUX(NULL, &der, cert->len);
if (!xi) {
redwax_openssl_print_errors(r);
@@ -2646,78 +2939,10 @@
}
#endif
- redwax_print_error(r, "metadata-out: intermediate: %s\n",
- cert->common.subject);
-
- redwax_metadata_push_object(m, "Certificate", 0);
- redwax_metadata_add_string(m, "Origin", cert->origin);
- if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
- cert->x509->id_der && cert->x509->id_len) {
- redwax_metadata_add_string(m, "Id",
- redwax_pencode_base16_binary(m->pool,
- cert->x509->id_der, cert->x509->id_len,
- REDWAX_ENCODE_LOWER, NULL));
- }
- if (cert->label && cert->label_len) {
- redwax_metadata_add_string(m, "Label",
- apr_pstrndup(m->pool, cert->label, cert->label_len));
- }
- if (cert->token && cert->token_len) {
- redwax_metadata_add_string(m, "Token",
- apr_pstrndup(m->pool, cert->token, cert->token_len));
- }
- redwax_metadata_push_object(m, "Data", 0);
- redwax_metadata_add_string(m, "Subject", cert->common.subject);
- redwax_metadata_pop_object(m);
- redwax_metadata_pop_object(m);
-
- }
-
- redwax_metadata_pop_array(m);
- }
-
- if (r->trust_out) {
- for (i = 0; i < r->trusted_out->nelts; i++)
- {
- const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->trusted_out, i, const redwax_certificate_t);
-
-#if 0
- const unsigned char *der = cert->der;
-
- X509 *xi = d2i_X509_AUX(NULL, &der, cert->len);
-
- if (!xi) {
- redwax_openssl_print_errors(r);
- X509_free(x);
- return APR_ENOENT;
- }
-#endif
-
redwax_print_error(r, "metadata-out: trusted: %s\n",
cert->common.subject);
- redwax_metadata_push_object(m, "Certificate", 0);
- redwax_metadata_add_string(m, "Origin", cert->origin);
- if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
- cert->x509->id_der && cert->x509->id_len) {
- redwax_metadata_add_string(m, "Id",
- redwax_pencode_base16_binary(m->pool,
- cert->x509->id_der, cert->x509->id_len,
- REDWAX_ENCODE_LOWER, NULL));
- }
- if (cert->label && cert->label_len) {
- redwax_metadata_add_string(m, "Label",
- apr_pstrndup(m->pool, cert->label, cert->label_len));
- }
- if (cert->token && cert->token_len) {
- redwax_metadata_add_string(m, "Token",
- apr_pstrndup(m->pool, cert->token, cert->token_len));
- }
- redwax_metadata_push_object(m, "Data", 0);
- redwax_metadata_add_string(m, "Subject", cert->common.subject);
- redwax_metadata_pop_object(m);
- redwax_metadata_pop_object(m);
-
+ redwax_openssl_cert_metadata(r, m, cert);
}
}
@@ -2732,24 +2957,7 @@
redwax_print_error(r, "metadata-out: key\n");
- redwax_metadata_push_object(m, "Key", 0);
- redwax_metadata_add_string(m, "Origin", key->origin);
- if (key->common.id_der && key->common.id_len) {
- redwax_metadata_add_string(m, "Id",
- redwax_pencode_base16_binary(m->pool,
- key->common.id_der, key->common.id_len,
- REDWAX_ENCODE_LOWER, NULL));
- }
- if (key->label && key->label_len) {
- redwax_metadata_add_string(m, "Label",
- apr_pstrndup(m->pool, key->label, key->label_len));
- }
- if (key->token && key->token_len) {
- redwax_metadata_add_string(m, "Token",
- apr_pstrndup(m->pool, key->token, key->token_len));
- }
- redwax_metadata_pop_object(m);
-
+ redwax_openssl_key_metadata(r, m, key);
}
redwax_metadata_pop_array(m);
More information about the rs-commit
mailing list