ocsp_prn.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300
  1. /* ocsp_prn.c */
  2. /*
  3. * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  4. * project.
  5. */
  6. /*
  7. * History: This file was originally part of ocsp.c and was transfered to
  8. * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
  9. * included in OpenSSL or released as a patch kit.
  10. */
  11. /* ====================================================================
  12. * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * 1. Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * 2. Redistributions in binary form must reproduce the above copyright
  22. * notice, this list of conditions and the following disclaimer in
  23. * the documentation and/or other materials provided with the
  24. * distribution.
  25. *
  26. * 3. All advertising materials mentioning features or use of this
  27. * software must display the following acknowledgment:
  28. * "This product includes software developed by the OpenSSL Project
  29. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  30. *
  31. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  32. * endorse or promote products derived from this software without
  33. * prior written permission. For written permission, please contact
  34. * openssl-core@openssl.org.
  35. *
  36. * 5. Products derived from this software may not be called "OpenSSL"
  37. * nor may "OpenSSL" appear in their names without prior written
  38. * permission of the OpenSSL Project.
  39. *
  40. * 6. Redistributions of any form whatsoever must retain the following
  41. * acknowledgment:
  42. * "This product includes software developed by the OpenSSL Project
  43. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  44. *
  45. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  46. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  47. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  48. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  49. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  50. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  51. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  52. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  53. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  54. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  55. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  56. * OF THE POSSIBILITY OF SUCH DAMAGE.
  57. * ====================================================================
  58. *
  59. * This product includes cryptographic software written by Eric Young
  60. * (eay@cryptsoft.com). This product includes software written by Tim
  61. * Hudson (tjh@cryptsoft.com).
  62. *
  63. */
  64. #include <openssl/bio.h>
  65. #include <openssl/err.h>
  66. #include <openssl/ocsp.h>
  67. #include <openssl/pem.h>
  68. static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
  69. {
  70. BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
  71. indent += 2;
  72. BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
  73. i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
  74. BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
  75. i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
  76. BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
  77. i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
  78. BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
  79. i2a_ASN1_INTEGER(bp, a->serialNumber);
  80. BIO_printf(bp, "\n");
  81. return 1;
  82. }
  83. typedef struct {
  84. long t;
  85. char *m;
  86. } OCSP_TBLSTR;
  87. static char *table2string(long s, OCSP_TBLSTR *ts, int len)
  88. {
  89. OCSP_TBLSTR *p;
  90. for (p = ts; p < ts + len; p++)
  91. if (p->t == s)
  92. return p->m;
  93. return "(UNKNOWN)";
  94. }
  95. char *OCSP_response_status_str(long s)
  96. {
  97. static OCSP_TBLSTR rstat_tbl[] = {
  98. {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
  99. {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
  100. {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
  101. {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
  102. {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
  103. {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
  104. };
  105. return table2string(s, rstat_tbl, 6);
  106. }
  107. char *OCSP_cert_status_str(long s)
  108. {
  109. static OCSP_TBLSTR cstat_tbl[] = {
  110. {V_OCSP_CERTSTATUS_GOOD, "good"},
  111. {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
  112. {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
  113. };
  114. return table2string(s, cstat_tbl, 3);
  115. }
  116. char *OCSP_crl_reason_str(long s)
  117. {
  118. OCSP_TBLSTR reason_tbl[] = {
  119. {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
  120. {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
  121. {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
  122. {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
  123. {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
  124. {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
  125. {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
  126. {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
  127. };
  128. return table2string(s, reason_tbl, 8);
  129. }
  130. int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
  131. {
  132. int i;
  133. long l;
  134. OCSP_CERTID *cid = NULL;
  135. OCSP_ONEREQ *one = NULL;
  136. OCSP_REQINFO *inf = o->tbsRequest;
  137. OCSP_SIGNATURE *sig = o->optionalSignature;
  138. if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
  139. goto err;
  140. l = ASN1_INTEGER_get(inf->version);
  141. if (BIO_printf(bp, " Version: %lu (0x%lx)", l + 1, l) <= 0)
  142. goto err;
  143. if (inf->requestorName != NULL) {
  144. if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)
  145. goto err;
  146. GENERAL_NAME_print(bp, inf->requestorName);
  147. }
  148. if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)
  149. goto err;
  150. for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
  151. one = sk_OCSP_ONEREQ_value(inf->requestList, i);
  152. cid = one->reqCert;
  153. ocsp_certid_print(bp, cid, 8);
  154. if (!X509V3_extensions_print(bp,
  155. "Request Single Extensions",
  156. one->singleRequestExtensions, flags, 8))
  157. goto err;
  158. }
  159. if (!X509V3_extensions_print(bp, "Request Extensions",
  160. inf->requestExtensions, flags, 4))
  161. goto err;
  162. if (sig) {
  163. X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
  164. for (i = 0; i < sk_X509_num(sig->certs); i++) {
  165. X509_print(bp, sk_X509_value(sig->certs, i));
  166. PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
  167. }
  168. }
  169. return 1;
  170. err:
  171. return 0;
  172. }
  173. int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
  174. {
  175. int i, ret = 0;
  176. long l;
  177. OCSP_CERTID *cid = NULL;
  178. OCSP_BASICRESP *br = NULL;
  179. OCSP_RESPID *rid = NULL;
  180. OCSP_RESPDATA *rd = NULL;
  181. OCSP_CERTSTATUS *cst = NULL;
  182. OCSP_REVOKEDINFO *rev = NULL;
  183. OCSP_SINGLERESP *single = NULL;
  184. OCSP_RESPBYTES *rb = o->responseBytes;
  185. if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
  186. goto err;
  187. l = ASN1_ENUMERATED_get(o->responseStatus);
  188. if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",
  189. OCSP_response_status_str(l), l) <= 0)
  190. goto err;
  191. if (rb == NULL)
  192. return 1;
  193. if (BIO_puts(bp, " Response Type: ") <= 0)
  194. goto err;
  195. if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
  196. goto err;
  197. if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
  198. BIO_puts(bp, " (unknown response type)\n");
  199. return 1;
  200. }
  201. i = ASN1_STRING_length(rb->response);
  202. if (!(br = OCSP_response_get1_basic(o)))
  203. goto err;
  204. rd = br->tbsResponseData;
  205. l = ASN1_INTEGER_get(rd->version);
  206. if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0)
  207. goto err;
  208. if (BIO_puts(bp, " Responder Id: ") <= 0)
  209. goto err;
  210. rid = rd->responderId;
  211. switch (rid->type) {
  212. case V_OCSP_RESPID_NAME:
  213. X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
  214. break;
  215. case V_OCSP_RESPID_KEY:
  216. i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
  217. break;
  218. }
  219. if (BIO_printf(bp, "\n Produced At: ") <= 0)
  220. goto err;
  221. if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
  222. goto err;
  223. if (BIO_printf(bp, "\n Responses:\n") <= 0)
  224. goto err;
  225. for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
  226. if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
  227. continue;
  228. single = sk_OCSP_SINGLERESP_value(rd->responses, i);
  229. cid = single->certId;
  230. if (ocsp_certid_print(bp, cid, 4) <= 0)
  231. goto err;
  232. cst = single->certStatus;
  233. if (BIO_printf(bp, " Cert Status: %s",
  234. OCSP_cert_status_str(cst->type)) <= 0)
  235. goto err;
  236. if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
  237. rev = cst->value.revoked;
  238. if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
  239. goto err;
  240. if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
  241. goto err;
  242. if (rev->revocationReason) {
  243. l = ASN1_ENUMERATED_get(rev->revocationReason);
  244. if (BIO_printf(bp,
  245. "\n Revocation Reason: %s (0x%lx)",
  246. OCSP_crl_reason_str(l), l) <= 0)
  247. goto err;
  248. }
  249. }
  250. if (BIO_printf(bp, "\n This Update: ") <= 0)
  251. goto err;
  252. if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
  253. goto err;
  254. if (single->nextUpdate) {
  255. if (BIO_printf(bp, "\n Next Update: ") <= 0)
  256. goto err;
  257. if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
  258. goto err;
  259. }
  260. if (BIO_write(bp, "\n", 1) <= 0)
  261. goto err;
  262. if (!X509V3_extensions_print(bp,
  263. "Response Single Extensions",
  264. single->singleExtensions, flags, 8))
  265. goto err;
  266. if (BIO_write(bp, "\n", 1) <= 0)
  267. goto err;
  268. }
  269. if (!X509V3_extensions_print(bp, "Response Extensions",
  270. rd->responseExtensions, flags, 4))
  271. goto err;
  272. if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
  273. goto err;
  274. for (i = 0; i < sk_X509_num(br->certs); i++) {
  275. X509_print(bp, sk_X509_value(br->certs, i));
  276. PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
  277. }
  278. ret = 1;
  279. err:
  280. OCSP_BASICRESP_free(br);
  281. return ret;
  282. }