Print OpenPGP cert info using libgnutls.

author: Simon Josefsson <simon@josefsson.org> 2009-02-11 15:33:28 +0100
committer: Simon Josefsson <simon@josefsson.org> 2009-02-11 15:33:28 +0100
commit: 30a18cb88647be1a0293f2ddf13314a0a6b4922a (patch)
tree: 56a0bad7417cf080d40a9ca9d2ba7b42b87f6608 /src
parent: 92f6ece1a2acbdeb9022d896dc234ba976329fea (diff)
download: gnutls-30a18cb88647be1a0293f2ddf13314a0a6b4922a.tar.gz
1 files changed, 35 insertions, 89 deletions
diff --git a/src/common.c b/src/common.c
index 15ba3c5b98..b0d9738475 100644
--- a/src/common.c
+++ b/src/common.c
@@ -43,9 +43,6 @@ extern int verbose;
 
 static char buffer[5 * 1024];
 
-#define PRINTX(x,y) if (y[0]!=0) printf(" #   %s %s\n", x, y)
-#define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
-
 const char str_unknown[] = "(unknown)";
 
 /* Hex encodes the given data.
@@ -71,20 +68,6 @@ raw_to_string (const unsigned char *raw, size_t raw_size)
   return buf;
 }
 
-static const char *
-my_ctime (const time_t * tv)
-{
-  static char buf[256];
-  struct tm *tp;
-
-  if (((tp = localtime (tv)) == NULL) ||
-      (!strftime (buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)))
-    strcpy (buf, str_unknown);	/* make sure buf text isn't garbage */
-
-  return buf;
-
-}
-
 static void
 print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
 {
@@ -180,116 +163,79 @@ print_openpgp_info (gnutls_session_t session, const char *hostname,
 		    int insecure)
 {
 
-  char digest[20];
-  size_t digest_size = sizeof (digest);
-  int ret;
-  const char *print;
-  const char *cstr;
-  char name[256];
-  size_t name_len = sizeof (name);
   gnutls_openpgp_crt_t crt;
   const gnutls_datum_t *cert_list;
   int cert_list_size = 0;
-  time_t expiret;
-  time_t activet;
+  int hostname_ok = 0;
+  int ret;
 
   cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
 
   if (cert_list_size > 0)
     {
-      unsigned int algo, bits;
+      gnutls_datum_t cinfo;
 
       gnutls_openpgp_crt_init (&crt);
-      ret =
-	gnutls_openpgp_crt_import (crt, &cert_list[0],
-				   GNUTLS_OPENPGP_FMT_RAW);
+      ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
+				       GNUTLS_OPENPGP_FMT_RAW);
       if (ret < 0)
 	{
 	  fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
 	  return;
 	}
 
+      if (verbose)
+	ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+      else
+	ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
+      if (ret == 0)
+	{
+	  printf ("  - %s\n", cinfo.data);
+	  gnutls_free (cinfo.data);
+	}
+
       if (print_cert)
 	{
 	  size_t size;
 
 	  size = sizeof (buffer);
 
-	  ret =
-	    gnutls_openpgp_crt_export (crt,
-				       GNUTLS_OPENPGP_FMT_BASE64,
-				       buffer, &size);
+	  ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
+					   buffer, &size);
 	  if (ret < 0)
 	    {
 	      fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
 	      return;
 	    }
-	  fputs ("\n", stdout);
 	  fputs (buffer, stdout);
 	  fputs ("\n", stdout);
 	}
 
       if (hostname != NULL)
-	{			/* Check the hostname of the first certificate
-				 * if it matches the name of the host we
-				 * connected to.
-				 */
-	  if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
-	    {
-	      printf
-		(" # The hostname in the certificate does NOT match '%s'.\n",
-		 hostname);
-	      if (!insecure)
-		exit (1);
-	    }
-	  else
-	    {
-	      printf (" # The hostname in the certificate matches '%s'.\n",
-		      hostname);
-	    }
-	}
-
-      activet = gnutls_openpgp_crt_get_creation_time (crt);
-      expiret = gnutls_openpgp_crt_get_expiration_time (crt);
-
-      printf (" # Key was created at: %s", my_ctime (&activet));
-      printf (" # Key expires: ");
-      if (expiret != 0)
-	printf ("%s", my_ctime (&expiret));
-      else
-	printf ("Never\n");
-
-      if (gnutls_openpgp_crt_get_fingerprint (crt, digest, &digest_size) >= 0)
 	{
-	  print = raw_to_string (digest, digest_size);
-
-	  printf (" # PGP Key version: %d\n",
-		  gnutls_openpgp_crt_get_version (crt));
-
-	  bits = 0;
-	  algo = gnutls_openpgp_crt_get_pk_algorithm (crt, &bits);
-
-	  printf (" # PGP Key public key algorithm: ");
-	  cstr = SU (gnutls_pk_algorithm_get_name (algo));
-	  printf ("%s (%d bits)\n", cstr, bits);
-
-	  if (print != NULL)
-	    printf (" # PGP Key fingerprint: %s\n", print);
-
-	  name_len = sizeof (name);
-	  if (gnutls_openpgp_crt_get_name (crt, 0, name, &name_len) < 0)
-	    {
-	      fprintf (stderr, "Could not extract name\n");
-	    }
+	  /* Check the hostname of the first certificate if it matches
+	   * the name of the host we connected to.
+	   */
+	  if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
+	    hostname_ok = 1;
 	  else
-	    {
-	      PRINT_PGP_NAME (name);
-	    }
-
+	    hostname_ok = 2;
 	}
 
       gnutls_openpgp_crt_deinit (crt);
+    }
 
+  if (hostname_ok == 1)
+    {
+      printf ("- The hostname in the certificate does NOT match '%s'\n",
+	      hostname);
+      if (!insecure)
+	exit (1);
+    }
+  else if (hostname_ok == 2)
+    {
+      printf ("- The hostname in the certificate matches '%s'.\n",
+	      hostname);
     }
 }
author	Simon Josefsson <simon@josefsson.org>	2009-02-11 15:33:28 +0100
committer	Simon Josefsson <simon@josefsson.org>	2009-02-11 15:33:28 +0100
commit	30a18cb88647be1a0293f2ddf13314a0a6b4922a (patch)
tree	56a0bad7417cf080d40a9ca9d2ba7b42b87f6608 /src
parent	92f6ece1a2acbdeb9022d896dc234ba976329fea (diff)
download	gnutls-30a18cb88647be1a0293f2ddf13314a0a6b4922a.tar.gz