[rs-commit] r98 - /redwax-tool/trunk/redwax_openssl.c

rs-commit at redwax.eu rs-commit at redwax.eu
Tue Nov 30 15:16:09 CET 2021


Author: minfrin at redwax.eu
Date: Tue Nov 30 15:16:07 2021
New Revision: 98

Log:
Output certificate data when the --text option is
specified.

Modified:
    redwax-tool/trunk/redwax_openssl.c

Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c	(original)
+++ redwax-tool/trunk/redwax_openssl.c	Tue Nov 30 15:16:07 2021
@@ -710,6 +710,17 @@
     return APR_SUCCESS;
 }
 
+#if 0
+static apr_status_t cleanup_bn(void *dummy)
+{
+    if (dummy) {
+        BN_free(dummy);
+    }
+
+    return APR_SUCCESS;
+}
+#endif
+
 static apr_status_t cleanup_bio(void *dummy)
 {
     if (dummy) {
@@ -2545,6 +2556,296 @@
     return apr_file_writev(ctx, vec, nvec, &nbytes);
 }
 
+static apr_status_t redwax_openssl_spki_metadata(redwax_tool_t *r,
+        redwax_metadata_t *m, const X509_PUBKEY *xpkey)
+{
+    EVP_PKEY *pkey = NULL;
+    ASN1_OBJECT *xpoid;
+    BIO *bio;
+    char *buf = NULL;
+    int len = 0;
+
+    X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
+
+    redwax_metadata_push_object(m, "SubjectPublicKeyInfo", 0);
+
+    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+        return 0;
+    }
+
+    i2a_ASN1_OBJECT(bio, xpoid);
+
+    len = BIO_get_mem_data(bio, &buf);
+
+    redwax_metadata_add_string(m, "PublicKeyAlgorithm",
+            apr_psprintf(m->pool, "%.*s", len, buf));
+
+    BIO_free(bio);
+
+    pkey = X509_PUBKEY_get(xpkey);
+    if (pkey) {
+#if 0
+//        EVP_PKEY_print_public(bp, pkey, 16, NULL);
+#endif
+    }
+
+    redwax_metadata_pop_object(m);
+
+    return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_extensions_metadata(redwax_tool_t *r,
+        redwax_metadata_t *m, const STACK_OF(X509_EXTENSION) *xe)
+{
+
+    return APR_ENOTIMPL;
+}
+
+static apr_status_t redwax_openssl_signature_metadata(redwax_tool_t *r,
+        redwax_metadata_t *m, const X509_ALGOR *sig_alg, const ASN1_BIT_STRING *sig)
+{
+
+    BIO *bio;
+    char *buf = NULL;
+    int len = 0;
+
+    if (sig_alg) {
+
+        if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+            return 0;
+        }
+
+        i2a_ASN1_OBJECT(bio, sig_alg->algorithm);
+
+        len = BIO_get_mem_data(bio, &buf);
+
+        redwax_metadata_add_string(m, "SignatureAlgorithm",
+                apr_psprintf(m->pool, "%.*s", len, buf));
+
+        BIO_free(bio);
+    }
+
+    if (sig) {
+
+        redwax_metadata_add_string(m, "SignatureValue",
+                redwax_pencode_base16_binary(m->pool,
+                        sig->data, sig->length,
+                        REDWAX_ENCODE_LOWER | REDWAX_ENCODE_COLON, NULL));
+    }
+
+    return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_cert_metadata(redwax_tool_t *r,
+        redwax_metadata_t *m, const redwax_certificate_t *cert)
+{
+
+    redwax_metadata_push_object(m, "Certificate", 0);
+    redwax_metadata_add_string(m, "Origin", cert->origin);
+    if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
+            cert->x509->id_der && cert->x509->id_len) {
+        redwax_metadata_add_string(m, "Id",
+                redwax_pencode_base16_binary(m->pool,
+                        cert->x509->id_der, cert->x509->id_len,
+                        REDWAX_ENCODE_LOWER, NULL));
+    }
+    if (cert->label && cert->label_len) {
+        redwax_metadata_add_string(m, "Label",
+                apr_pstrndup(m->pool, cert->label, cert->label_len));
+    }
+    if (cert->token && cert->token_len) {
+        redwax_metadata_add_string(m, "Token",
+                apr_pstrndup(m->pool, cert->token, cert->token_len));
+    }
+
+    if (r->text) {
+
+        const unsigned char *der = cert->der;
+
+        X509 *x = d2i_X509(NULL, &der, cert->len);
+
+        if (x) {
+
+            const STACK_OF(X509_EXTENSION) *xe;
+            const ASN1_BIT_STRING *iuid, *suid;
+            X509_PUBKEY *xpkey;
+            const X509_ALGOR *tsig_alg;
+            const ASN1_BIT_STRING *sig;
+            ASN1_INTEGER *bs;
+            const ASN1_TIME *tm;
+            long l;
+
+            redwax_metadata_push_object(m, "Data", 0);
+
+            /* version */
+            l = X509_get_version(x);
+            if (l >= 0 && l <= 2) {
+                redwax_metadata_add_string(m, "Version",
+                        apr_psprintf(m->pool, "%ld (0x%lx)", l + 1, (unsigned long)l));
+            } else {
+                redwax_metadata_add_string(m, "Version",
+                        apr_psprintf(m->pool, "Unknown (%ld)", l));
+            }
+
+            /* serial number */
+            bs = X509_get_serialNumber(x);
+
+            if (bs) {
+
+                redwax_metadata_add_string(m, "SerialNumber",
+                        redwax_pencode_base16_binary(m->pool,
+                                bs->data, bs->length,
+                                REDWAX_ENCODE_LOWER | REDWAX_ENCODE_COLON, NULL));
+            }
+
+            /* signature algorithm */
+            tsig_alg = X509_get0_tbs_sigalg(x);
+            if (tsig_alg) {
+
+                redwax_openssl_signature_metadata(r, m, tsig_alg, NULL);
+            }
+
+            /* issuer */
+            redwax_metadata_add_string(m, "Issuer",
+                    redwax_openssl_name(m->pool, X509_get_issuer_name(x)));
+
+            /* validity */
+            redwax_metadata_push_object(m, "Validity", 0);
+
+            tm = X509_get0_notBefore(x);
+            if (tm) {
+
+                BIO *bio;
+                char *buf = NULL;
+                int len = 0;
+
+                if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+                    return 0;
+                }
+
+                ASN1_TIME_print(bio, tm);
+
+                len = BIO_get_mem_data(bio, &buf);
+
+                redwax_metadata_add_string(m, "NotBefore",
+                        apr_psprintf(m->pool, "%.*s", len, buf));
+
+                BIO_free(bio);
+
+            }
+
+            tm = X509_get0_notAfter(x);
+            if (tm) {
+
+                BIO *bio;
+                char *buf = NULL;
+                int len = 0;
+
+                if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+                    return 0;
+                }
+
+                ASN1_TIME_print(bio, tm);
+
+                len = BIO_get_mem_data(bio, &buf);
+
+                redwax_metadata_add_string(m, "NotAfter",
+                        apr_psprintf(m->pool, "%.*s", len, buf));
+
+                BIO_free(bio);
+
+            }
+
+            redwax_metadata_pop_object(m);
+
+            /* subject */
+            redwax_metadata_add_string(m, "Subject",
+                    redwax_openssl_name(m->pool, X509_get_subject_name(x)));
+
+            /* public key */
+            xpkey = X509_get_X509_PUBKEY(x);
+            if (xpkey) {
+
+                redwax_openssl_spki_metadata(r, m, xpkey);
+            }
+
+            /* issuer unique id / subject unique id */
+            X509_get0_uids(x, &iuid, &suid);
+
+            if (iuid) {
+                redwax_metadata_add_string(m, "IssuerUniqueID",
+                        redwax_pencode_base16_binary(m->pool,
+                                iuid->data, iuid->length,
+                                REDWAX_ENCODE_LOWER, NULL));
+            }
+
+            if (suid) {
+                redwax_metadata_add_string(m, "SubjectUniqueID",
+                        redwax_pencode_base16_binary(m->pool,
+                                suid->data, suid->length,
+                                REDWAX_ENCODE_LOWER, NULL));
+            }
+
+            /* extensions */
+            xe = X509_get0_extensions(x);
+            if (xe) {
+
+                redwax_openssl_extensions_metadata(r, m, xe);
+            }
+
+            redwax_metadata_pop_object(m);
+
+            /* signature */
+            X509_get0_signature(&sig, &tsig_alg, x);
+            if (tsig_alg && sig) {
+
+                redwax_openssl_signature_metadata(r, m, tsig_alg, sig);
+            }
+
+        }
+
+        else {
+            redwax_openssl_print_errors(r);
+            X509_free(x);
+        }
+
+    }
+    else {
+        redwax_metadata_push_object(m, "Data", 0);
+        redwax_metadata_add_string(m, "Subject", cert->common.subject);
+        redwax_metadata_pop_object(m);
+    }
+
+    redwax_metadata_pop_object(m);
+
+    return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_key_metadata(redwax_tool_t *r,
+        redwax_metadata_t *m, const redwax_key_t *key)
+{
+
+    redwax_metadata_push_object(m, "Key", 0);
+    redwax_metadata_add_string(m, "Origin", key->origin);
+    if (key->common.id_der && key->common.id_len) {
+        redwax_metadata_add_string(m, "Id",
+                redwax_pencode_base16_binary(m->pool,
+                        key->common.id_der, key->common.id_len,
+                        REDWAX_ENCODE_LOWER, NULL));
+    }
+    if (key->label && key->label_len) {
+        redwax_metadata_add_string(m, "Label",
+                apr_pstrndup(m->pool, key->label, key->label_len));
+    }
+    if (key->token && key->token_len) {
+        redwax_metadata_add_string(m, "Token",
+                apr_pstrndup(m->pool, key->token, key->token_len));
+    }
+    redwax_metadata_pop_object(m);
+
+    return APR_SUCCESS;
+}
+
 static apr_status_t redwax_openssl_process_metadata_out(redwax_tool_t *r,
         const char *file)
 {
@@ -2581,6 +2882,24 @@
             const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->certs_out,
                     i, const redwax_certificate_t);
 
+            redwax_print_error(r, "metadata-out: certificate: %s\n",
+                    cert->common.subject);
+
+            redwax_openssl_cert_metadata(r, m, cert);
+        }
+
+        redwax_metadata_pop_array(m);
+
+    }
+
+    if (r->chain_out) {
+
+        redwax_metadata_push_array(m, "Chains", !r->intermediates_out->nelts);
+
+        for (i = 0; i < r->intermediates_out->nelts; i++)
+        {
+            const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->intermediates_out,
+                    i, const redwax_certificate_t);
 
 #if 0
             const unsigned char *der = cert->der;
@@ -2594,50 +2913,24 @@
             }
 #endif
 
-            redwax_print_error(r, "metadata-out: certificate: %s\n",
+            redwax_print_error(r, "metadata-out: intermediate: %s\n",
                     cert->common.subject);
 
-            redwax_metadata_push_object(m, "Certificate", 0);
-            redwax_metadata_add_string(m, "Origin", cert->origin);
-            if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
-                    cert->x509->id_der && cert->x509->id_len) {
-                redwax_metadata_add_string(m, "Id",
-                        redwax_pencode_base16_binary(m->pool,
-                                cert->x509->id_der, cert->x509->id_len,
-                                REDWAX_ENCODE_LOWER, NULL));
-            }
-            if (cert->label && cert->label_len) {
-                redwax_metadata_add_string(m, "Label",
-                        apr_pstrndup(m->pool, cert->label, cert->label_len));
-            }
-            if (cert->token && cert->token_len) {
-                redwax_metadata_add_string(m, "Token",
-                        apr_pstrndup(m->pool, cert->token, cert->token_len));
-            }
-            redwax_metadata_push_object(m, "Data", 0);
-            redwax_metadata_add_string(m, "Subject", cert->common.subject);
-            redwax_metadata_pop_object(m);
-            redwax_metadata_pop_object(m);
-
+            redwax_openssl_cert_metadata(r, m, cert);
         }
 
         redwax_metadata_pop_array(m);
-
-    }
-
-    if (r->chain_out) {
-
-        redwax_metadata_push_array(m, "Chains", !r->intermediates_out->nelts);
-
-        for (i = 0; i < r->intermediates_out->nelts; i++)
+    }
+
+    if (r->trust_out) {
+        for (i = 0; i < r->trusted_out->nelts; i++)
         {
-            const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->intermediates_out,
-                    i, const redwax_certificate_t);
+            const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->trusted_out, i, const redwax_certificate_t);
 
 #if 0
             const unsigned char *der = cert->der;
 
-            X509 *xi = d2i_X509(NULL, &der, cert->len);
+            X509 *xi = d2i_X509_AUX(NULL, &der, cert->len);
 
             if (!xi) {
                 redwax_openssl_print_errors(r);
@@ -2646,78 +2939,10 @@
             }
 #endif
 
-            redwax_print_error(r, "metadata-out: intermediate: %s\n",
-                    cert->common.subject);
-
-            redwax_metadata_push_object(m, "Certificate", 0);
-            redwax_metadata_add_string(m, "Origin", cert->origin);
-            if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
-                    cert->x509->id_der && cert->x509->id_len) {
-                redwax_metadata_add_string(m, "Id",
-                        redwax_pencode_base16_binary(m->pool,
-                                cert->x509->id_der, cert->x509->id_len,
-                                REDWAX_ENCODE_LOWER, NULL));
-            }
-            if (cert->label && cert->label_len) {
-                redwax_metadata_add_string(m, "Label",
-                        apr_pstrndup(m->pool, cert->label, cert->label_len));
-            }
-            if (cert->token && cert->token_len) {
-                redwax_metadata_add_string(m, "Token",
-                        apr_pstrndup(m->pool, cert->token, cert->token_len));
-            }
-            redwax_metadata_push_object(m, "Data", 0);
-            redwax_metadata_add_string(m, "Subject", cert->common.subject);
-            redwax_metadata_pop_object(m);
-            redwax_metadata_pop_object(m);
-
-        }
-
-        redwax_metadata_pop_array(m);
-    }
-
-    if (r->trust_out) {
-        for (i = 0; i < r->trusted_out->nelts; i++)
-        {
-            const redwax_certificate_t *cert = &APR_ARRAY_IDX(r->trusted_out, i, const redwax_certificate_t);
-
-#if 0
-            const unsigned char *der = cert->der;
-
-            X509 *xi = d2i_X509_AUX(NULL, &der, cert->len);
-
-            if (!xi) {
-                redwax_openssl_print_errors(r);
-                X509_free(x);
-                return APR_ENOENT;
-            }
-#endif
-
             redwax_print_error(r, "metadata-out: trusted: %s\n",
                     cert->common.subject);
 
-            redwax_metadata_push_object(m, "Certificate", 0);
-            redwax_metadata_add_string(m, "Origin", cert->origin);
-            if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
-                    cert->x509->id_der && cert->x509->id_len) {
-                redwax_metadata_add_string(m, "Id",
-                        redwax_pencode_base16_binary(m->pool,
-                                cert->x509->id_der, cert->x509->id_len,
-                                REDWAX_ENCODE_LOWER, NULL));
-            }
-            if (cert->label && cert->label_len) {
-                redwax_metadata_add_string(m, "Label",
-                        apr_pstrndup(m->pool, cert->label, cert->label_len));
-            }
-            if (cert->token && cert->token_len) {
-                redwax_metadata_add_string(m, "Token",
-                        apr_pstrndup(m->pool, cert->token, cert->token_len));
-            }
-            redwax_metadata_push_object(m, "Data", 0);
-            redwax_metadata_add_string(m, "Subject", cert->common.subject);
-            redwax_metadata_pop_object(m);
-            redwax_metadata_pop_object(m);
-
+            redwax_openssl_cert_metadata(r, m, cert);
         }
     }
 
@@ -2732,24 +2957,7 @@
 
             redwax_print_error(r, "metadata-out: key\n");
 
-            redwax_metadata_push_object(m, "Key", 0);
-            redwax_metadata_add_string(m, "Origin", key->origin);
-            if (key->common.id_der && key->common.id_len) {
-                redwax_metadata_add_string(m, "Id",
-                        redwax_pencode_base16_binary(m->pool,
-                                key->common.id_der, key->common.id_len,
-                                REDWAX_ENCODE_LOWER, NULL));
-            }
-            if (key->label && key->label_len) {
-                redwax_metadata_add_string(m, "Label",
-                        apr_pstrndup(m->pool, key->label, key->label_len));
-            }
-            if (key->token && key->token_len) {
-                redwax_metadata_add_string(m, "Token",
-                        apr_pstrndup(m->pool, key->token, key->token_len));
-            }
-            redwax_metadata_pop_object(m);
-
+            redwax_openssl_key_metadata(r, m, key);
         }
 
         redwax_metadata_pop_array(m);



More information about the rs-commit mailing list