Acasă Explorează Ajutor
Autentificare
OWEALs
/
openssl
oglindă de git://git.openssl.org/openssl.git
2
0
Bifurcare 0
Fisiere Probleme 1 Wiki
Arbore: 6594baf645
Ramuri Etichete
openssl
/
crypto
/
ocsp
/
ocsp_prn.c

ocsp_prn.c 8.4 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248 
  1. /*
    2. 

  2.  * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #include <openssl/bio.h>
    11. 

  11. #include <openssl/err.h>
    12. 

  12. #include <openssl/ocsp.h>
    13. 

  13. #include "ocsp_local.h"
    14. 

  14. #include "internal/cryptlib.h"
    15. 

  15. #include <openssl/pem.h>
    16. 

  16. 

  17. static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
    18. 

  18. {
    19. 

  19.     BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
    20. 

  20.     indent += 2;
    21. 

  21.     BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
    22. 

  22.     i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
    23. 

  23.     BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
    24. 

  24.     i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
    25. 

  25.     BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
    26. 

  26.     i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
    27. 

  27.     BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
    28. 

  28.     i2a_ASN1_INTEGER(bp, &a->serialNumber);
    29. 

  29.     BIO_printf(bp, "\n");
    30. 

  30.     return 1;
    31. 

  31. }
    32. 

  32. 

  33. typedef struct {
    34. 

  34.     long t;
    35. 

  35.     const char *m;
    36. 

  36. } OCSP_TBLSTR;
    37. 

  37. 

  38. static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
    39. 

  39. {
    40. 

  40.     size_t i;
    41. 

  41.     for (i = 0; i < len; i++, ts++)
    42. 

  42.         if (ts->t == s)
    43. 

  43.             return ts->m;
    44. 

  44.     return "(UNKNOWN)";
    45. 

  45. }
    46. 

  46. 

  47. #define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
    48. 

  48. 

  49. const char *OCSP_response_status_str(long s)
    50. 

  50. {
    51. 

  51.     static const OCSP_TBLSTR rstat_tbl[] = {
    52. 

  52.         {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
    53. 

  53.         {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
    54. 

  54.         {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
    55. 

  55.         {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
    56. 

  56.         {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
    57. 

  57.         {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
    58. 

  58.     };
    59. 

  59.     return table2string(s, rstat_tbl);
    60. 

  60. }
    61. 

  61. 

  62. const char *OCSP_cert_status_str(long s)
    63. 

  63. {
    64. 

  64.     static const OCSP_TBLSTR cstat_tbl[] = {
    65. 

  65.         {V_OCSP_CERTSTATUS_GOOD, "good"},
    66. 

  66.         {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
    67. 

  67.         {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
    68. 

  68.     };
    69. 

  69.     return table2string(s, cstat_tbl);
    70. 

  70. }
    71. 

  71. 

  72. const char *OCSP_crl_reason_str(long s)
    73. 

  73. {
    74. 

  74.     static const OCSP_TBLSTR reason_tbl[] = {
    75. 

  75.         {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
    76. 

  76.         {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
    77. 

  77.         {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
    78. 

  78.         {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
    79. 

  79.         {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
    80. 

  80.         {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
    81. 

  81.         {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
    82. 

  82.         {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"},
    83. 

  83.         {OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN, "privilegeWithdrawn"},
    84. 

  84.         {OCSP_REVOKED_STATUS_AACOMPROMISE, "aACompromise"}
    85. 

  85.     };
    86. 

  86.     return table2string(s, reason_tbl);
    87. 

  87. }
    88. 

  88. 

  89. int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
    90. 

  90. {
    91. 

  91.     int i;
    92. 

  92.     long l;
    93. 

  93.     OCSP_CERTID *cid = NULL;
    94. 

  94.     OCSP_ONEREQ *one = NULL;
    95. 

  95.     OCSP_REQINFO *inf = &o->tbsRequest;
    96. 

  96.     OCSP_SIGNATURE *sig = o->optionalSignature;
    97. 

  97. 

  98.     if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
    99. 

  99.         goto err;
    100. 

  100.     l = ASN1_INTEGER_get(inf->version);
    101. 

  101.     if (BIO_printf(bp, "    Version: %lu (0x%lx)", l + 1, l) <= 0)
    102. 

  102.         goto err;
    103. 

  103.     if (inf->requestorName != NULL) {
    104. 

  104.         if (BIO_write(bp, "\n    Requestor Name: ", 21) <= 0)
    105. 

  105.             goto err;
    106. 

  106.         GENERAL_NAME_print(bp, inf->requestorName);
    107. 

  107.     }
    108. 

  108.     if (BIO_write(bp, "\n    Requestor List:\n", 21) <= 0)
    109. 

  109.         goto err;
    110. 

  110.     for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
    111. 

  111.         one = sk_OCSP_ONEREQ_value(inf->requestList, i);
    112. 

  112.         cid = one->reqCert;
    113. 

  113.         ocsp_certid_print(bp, cid, 8);
    114. 

  114.         if (!X509V3_extensions_print(bp,
    115. 

  115.                                      "Request Single Extensions",
    116. 

  116.                                      one->singleRequestExtensions, flags, 8))
    117. 

  117.             goto err;
    118. 

  118.     }
    119. 

  119.     if (!X509V3_extensions_print(bp, "Request Extensions",
    120. 

  120.                                  inf->requestExtensions, flags, 4))
    121. 

  121.         goto err;
    122. 

  122.     if (sig) {
    123. 

  123.         X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
    124. 

  124.         for (i = 0; i < sk_X509_num(sig->certs); i++) {
    125. 

  125.             X509_print(bp, sk_X509_value(sig->certs, i));
    126. 

  126.             PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
    127. 

  127.         }
    128. 

  128.     }
    129. 

  129.     return 1;
    130. 

  130.  err:
    131. 

  131.     return 0;
    132. 

  132. }
    133. 

  133. 

  134. int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
    135. 

  135. {
    136. 

  136.     int i, ret = 0;
    137. 

  137.     long l;
    138. 

  138.     OCSP_CERTID *cid = NULL;
    139. 

  139.     OCSP_BASICRESP *br = NULL;
    140. 

  140.     OCSP_RESPID *rid = NULL;
    141. 

  141.     OCSP_RESPDATA *rd = NULL;
    142. 

  142.     OCSP_CERTSTATUS *cst = NULL;
    143. 

  143.     OCSP_REVOKEDINFO *rev = NULL;
    144. 

  144.     OCSP_SINGLERESP *single = NULL;
    145. 

  145.     OCSP_RESPBYTES *rb = o->responseBytes;
    146. 

  146. 

  147.     if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
    148. 

  148.         goto err;
    149. 

  149.     l = ASN1_ENUMERATED_get(o->responseStatus);
    150. 

  150.     if (BIO_printf(bp, "    OCSP Response Status: %s (0x%lx)\n",
    151. 

  151.                    OCSP_response_status_str(l), l) <= 0)
    152. 

  152.         goto err;
    153. 

  153.     if (rb == NULL)
    154. 

  154.         return 1;
    155. 

  155.     if (BIO_puts(bp, "    Response Type: ") <= 0)
    156. 

  156.         goto err;
    157. 

  157.     if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
    158. 

  158.         goto err;
    159. 

  159.     if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
    160. 

  160.         BIO_puts(bp, " (unknown response type)\n");
    161. 

  161.         return 1;
    162. 

  162.     }
    163. 

  163. 

  164.     if ((br = OCSP_response_get1_basic(o)) == NULL)
    165. 

  165.         goto err;
    166. 

  166.     rd = &br->tbsResponseData;
    167. 

  167.     l = ASN1_INTEGER_get(rd->version);
    168. 

  168.     if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
    169. 

  169.         goto err;
    170. 

  170.     if (BIO_puts(bp, "    Responder Id: ") <= 0)
    171. 

  171.         goto err;
    172. 

  172. 

  173.     rid = &rd->responderId;
    174. 

  174.     switch (rid->type) {
    175. 

  175.     case V_OCSP_RESPID_NAME:
    176. 

  176.         X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
    177. 

  177.         break;
    178. 

  178.     case V_OCSP_RESPID_KEY:
    179. 

  179.         i2a_ASN1_STRING(bp, rid->value.byKey, 0);
    180. 

  180.         break;
    181. 

  181.     }
    182. 

  182. 

  183.     if (BIO_printf(bp, "\n    Produced At: ") <= 0)
    184. 

  184.         goto err;
    185. 

  185.     if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
    186. 

  186.         goto err;
    187. 

  187.     if (BIO_printf(bp, "\n    Responses:\n") <= 0)
    188. 

  188.         goto err;
    189. 

  189.     for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
    190. 

  190.         if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
    191. 

  191.             continue;
    192. 

  192.         single = sk_OCSP_SINGLERESP_value(rd->responses, i);
    193. 

  193.         cid = single->certId;
    194. 

  194.         if (ocsp_certid_print(bp, cid, 4) <= 0)
    195. 

  195.             goto err;
    196. 

  196.         cst = single->certStatus;
    197. 

  197.         if (BIO_printf(bp, "    Cert Status: %s",
    198. 

  198.                        OCSP_cert_status_str(cst->type)) <= 0)
    199. 

  199.             goto err;
    200. 

  200.         if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
    201. 

  201.             rev = cst->value.revoked;
    202. 

  202.             if (BIO_printf(bp, "\n    Revocation Time: ") <= 0)
    203. 

  203.                 goto err;
    204. 

  204.             if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
    205. 

  205.                 goto err;
    206. 

  206.             if (rev->revocationReason) {
    207. 

  207.                 l = ASN1_ENUMERATED_get(rev->revocationReason);
    208. 

  208.                 if (BIO_printf(bp,
    209. 

  209.                                "\n    Revocation Reason: %s (0x%lx)",
    210. 

  210.                                OCSP_crl_reason_str(l), l) <= 0)
    211. 

  211.                     goto err;
    212. 

  212.             }
    213. 

  213.         }
    214. 

  214.         if (BIO_printf(bp, "\n    This Update: ") <= 0)
    215. 

  215.             goto err;
    216. 

  216.         if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
    217. 

  217.             goto err;
    218. 

  218.         if (single->nextUpdate) {
    219. 

  219.             if (BIO_printf(bp, "\n    Next Update: ") <= 0)
    220. 

  220.                 goto err;
    221. 

  221.             if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
    222. 

  222.                 goto err;
    223. 

  223.         }
    224. 

  224.         if (BIO_write(bp, "\n", 1) <= 0)
    225. 

  225.             goto err;
    226. 

  226.         if (!X509V3_extensions_print(bp,
    227. 

  227.                                      "Response Single Extensions",
    228. 

  228.                                      single->singleExtensions, flags, 8))
    229. 

  229.             goto err;
    230. 

  230.         if (BIO_write(bp, "\n", 1) <= 0)
    231. 

  231.             goto err;
    232. 

  232.     }
    233. 

  233.     if (!X509V3_extensions_print(bp, "Response Extensions",
    234. 

  234.                                  rd->responseExtensions, flags, 4))
    235. 

  235.         goto err;
    236. 

  236.     if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
    237. 

  237.         goto err;
    238. 

  238. 

  239.     for (i = 0; i < sk_X509_num(br->certs); i++) {
    240. 

  240.         X509_print(bp, sk_X509_value(br->certs, i));
    241. 

  241.         PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
    242. 

  242.     }
    243. 

  243. 

  244.     ret = 1;
    245. 

  245.  err:
    246. 

  246.     OCSP_BASICRESP_free(br);
    247. 

  247.     return ret;
    248. 

  248. }
    249.