libgnutls: gnutls_x509_crt_print supports printing AIA fields. Support caIssuers.

6 files changed, 92 insertions, 10 deletions

diff --git a/.gitignore b/.gitignore
index 53b2c2c8d4..1d31f67823 100644
--- a/.gitignore
+++ b/.gitignore
@@ -517,3 +517,4 @@ doc/latex/gnutls.lot
 tests/x509cert-tl
 doc/enums.texi
 doc/enums/
+tests/infoaccess
diff --git a/NEWS b/NEWS
index 9826af1892..e89105ba1a 100644
--- a/NEWS
+++ b/NEWS
@@ -5,13 +5,16 @@ See the end for copying conditions.
 * Version 3.0.4 (unreleased)
 
 ** libgnutls: Added gnutls_x509_crt_get_authority_info_access.
-Used to get the PKIX Authority Information Access field.
+Used to get the PKIX Authority Information Access (AIA) field.
+
+** libgnutls: gnutls_x509_crt_print supports printing AIA fields.
 
 ** API and ABI modifications:
 gnutls_x509_crt_get_authority_info_access (x509.h): Added function.
 gnutls_info_access_what_t (x509.h): Added enum.
 GNUTLS_OID_AIA (x509.h): Added symbol.
 GNUTLS_OID_AD_OCSP (x509.h): Added symbol.
+GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol.
 
 * Version 3.0.3 (released 2011-09-18)
 
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 2c65448cda..55fdd317c9 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -80,6 +80,7 @@ extern "C"
 
 #define GNUTLS_OID_AIA				"1.3.6.1.5.5.7.1.1"
 #define GNUTLS_OID_AD_OCSP			"1.3.6.1.5.5.7.48.1"
+#define GNUTLS_OID_AD_CAISSUERS			"1.3.6.1.5.5.7.48.2"
 
 #define GNUTLS_FSAN_SET 0
 #define GNUTLS_FSAN_APPEND 1
@@ -171,6 +172,7 @@ extern "C"
    * @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name type.
    * @GNUTLS_IA_URI: Get accessLocation URI value.
    * @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP.
+   * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers.
    *
    * Enumeration of types for the @what parameter of
    * gnutls_x509_crt_get_authority_info_access().
@@ -182,7 +184,8 @@ extern "C"
       /* use 100-108 for the generalName types, populate as needed */
       GNUTLS_IA_URI = 106,
       /* quick-access variants that match both OID and name type. */
-      GNUTLS_IA_OCSP_URI = 10006
+      GNUTLS_IA_OCSP_URI = 10006,
+      GNUTLS_IA_CAISSUERS_URI = 10106
     } gnutls_info_access_what_t;
 
   int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 39b0ea7b52..78ac29d19f 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2007-2011 Free Software Foundation, Inc.
  *
  * Author: Simon Josefsson
  *
@@ -171,6 +171,63 @@ print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
 }
 
 static void
+print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+  int err;
+  int seq = 0;
+  gnutls_datum_t data;
+
+  for (;;)
+    {
+      err = gnutls_x509_crt_get_authority_info_access
+	(cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+      if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+	return;
+      if (err < 0)
+	{
+	  addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
+	  return;
+	}
+
+      addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data);
+      if (data.size == sizeof (GNUTLS_OID_AD_OCSP) &&
+	  memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
+	adds (str, " (id-ad-ocsp)\n");
+      else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) &&
+	       memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
+	adds (str, " (id-ad-caIssuers)\n");
+      else
+	adds (str, " (UNKNOWN)\n");
+
+      err = gnutls_x509_crt_get_authority_info_access
+	(cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
+      if (err < 0)
+	{
+	  addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
+	  return;
+	}
+
+      if (data.size == sizeof ("uniformResourceIdentifier") &&
+	  memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
+	{
+	  adds (str, "\t\t\tAccess Location URI: ");
+	  err = gnutls_x509_crt_get_authority_info_access
+	    (cert, seq, GNUTLS_IA_URI, &data, NULL);
+	  if (err < 0)
+	    {
+	      addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
+	      return;
+	    }
+	  addf (str, "%.*s\n", data.size, data.data);
+	}
+      else
+	adds (str, "\t\t\tUnsupported accessLocation type\n");
+
+      seq++;
+    }
+}
+
+static void
 print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
 {
   char *buffer = NULL;
@@ -958,6 +1015,15 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type,
 
           proxy_idx++;
         }
+      else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0)
+        {
+          addf (str, _("%s\t\tAuthority Information "
+		       "Access Information (%s):\n"), prefix,
+                critical ? _("critical") : _("not critical"));
+
+          if (type == TYPE_CRT)
+            print_aia (str, cert.crt);
+        }
       else
         {
           char *buffer;
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 611adcf835..25de5ae641 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3400,6 +3400,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
   char nptr[ASN1_MAX_NAME_SIZE];
   int result;
   gnutls_datum_t d;
+  const char *oid = NULL;
 
   seq++;                        /* 0->1, 1->2 etc */
   switch (what)
@@ -3412,7 +3413,13 @@ _gnutls_parse_aia (ASN1_TYPE src,
       snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq);
       break;
 
+    case GNUTLS_IA_CAISSUERS_URI:
+      oid = GNUTLS_OID_AD_CAISSUERS;
+      /* fall through */
+
     case GNUTLS_IA_OCSP_URI:
+      if (oid == NULL)
+	oid = GNUTLS_OID_AD_OCSP;
       {
 	char *tmpoid[20];
 	snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
@@ -3425,8 +3432,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
 	    gnutls_assert ();
 	    return _gnutls_asn2err (result);
 	  }
-	if (len != sizeof (GNUTLS_OID_AD_OCSP) ||
-	    memcmp (tmpoid, GNUTLS_OID_AD_OCSP, len) != 0)
+	if (len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0)
 	  return GNUTLS_E_UNKNOWN_ALGORITHM;
       }
       /* fall through */
@@ -3506,8 +3512,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
  * should be #gnutls_info_access_what_t values.
  *
  * If @what is %GNUTLS_IA_ACCESSMETHOD_OID then @data will hold the
- * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1" for id-ad-ocsp meaning
- * OCSP).
+ * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1").
  *
  * If @what is %GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, @data will
  * hold the accessLocation GeneralName type (e.g.,
@@ -3519,8 +3524,13 @@ _gnutls_parse_aia (ASN1_TYPE src,
  *
  * If @what is %GNUTLS_IA_OCSP_URI, @data will hold the OCSP URI.
  * Requesting this @what value leads to an error if the accessMethod
- * is not OSCP or accessLocation is not of the
- * "uniformResourceIdentifier" type.
+ * is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of
+ * the "uniformResourceIdentifier" type.
+ *
+ * If @what is %GNUTLS_IA_CAISSUERS_URI, @data will hold the caIssuers
+ * URI.  Requesting this @what value leads to an error if the
+ * accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if
+ * accessLocation is not of the "uniformResourceIdentifier" type.
  *
  * More @what values may be allocated in the future as needed.
  *
diff --git a/tests/infoaccess.c b/tests/infoaccess.c
index 242b33411c..f539e69553 100644
--- a/tests/infoaccess.c
+++ b/tests/infoaccess.c
@@ -218,7 +218,6 @@ doit (void)
   /* even more specific query */
   ret = gnutls_x509_crt_get_authority_info_access
     (crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
-  printf ("ret %d\n", ret);
   if (ret < 0)
     {
       fail ("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n");