diff options
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/common.c | 58 | ||||
-rw-r--r-- | lib/x509/common.h | 12 | ||||
-rw-r--r-- | lib/x509/pkcs7-output.c | 65 |
3 files changed, 90 insertions, 45 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index c8ea6657c7..a1f6d62e13 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -39,19 +39,9 @@ static int data2hex(const void *data, size_t data_size, gnutls_datum_t *out); -struct oid_to_string { - const char *oid; - unsigned oid_size; - const char *ldap_desc; - unsigned ldap_desc_size; - const char *asn_desc; /* description in the pkix file if complex type */ - unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID - * if cannot be simply parsed */ -}; - #define ENTRY(oid, ldap, asn, etype) {oid, sizeof(oid)-1, ldap, sizeof(ldap)-1, asn, etype} -/* when there is no ldap description */ +/* when there is no name description */ #define ENTRY_ND(oid, asn, etype) {oid, sizeof(oid)-1, NULL, 0, asn, etype} /* This list contains all the OIDs that may be @@ -144,18 +134,18 @@ static const struct oid_to_string _oid2str[] = { {NULL, 0, NULL, 0, NULL, 0} }; -static const struct oid_to_string *get_oid_entry(const char *oid) +const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid) { unsigned int i = 0; unsigned len = strlen(oid); do { - if (len == _oid2str[i].oid_size && - strcmp(_oid2str[i].oid, oid) == 0) - return &_oid2str[i]; + if (len == ots[i].oid_size && + strcmp(ots[i].oid, oid) == 0) + return &ots[i]; i++; } - while (_oid2str[i].oid != NULL); + while (ots[i].oid != NULL); return NULL; } @@ -165,9 +155,9 @@ const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len) unsigned int i = 0; do { - if ((_oid2str[i].ldap_desc != NULL) && - (str_len == _oid2str[i].ldap_desc_size) && - (c_strncasecmp(_oid2str[i].ldap_desc, str, str_len) == + if ((_oid2str[i].name_desc != NULL) && + (str_len == _oid2str[i].name_desc_size) && + (c_strncasecmp(_oid2str[i].name_desc, str, str_len) == 0)) return _oid2str[i].oid; i++; @@ -242,18 +232,7 @@ static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped) **/ int gnutls_x509_dn_oid_known(const char *oid) { - unsigned int i = 0; - unsigned len = strlen(oid); - - do { - if (len == _oid2str[i].oid_size && - strcmp(_oid2str[i].oid, oid) == 0) - return 1; - i++; - } - while (_oid2str[i].oid != NULL); - - return 0; + return _gnutls_oid_get_entry(_oid2str, oid) != NULL; } /** @@ -272,17 +251,10 @@ int gnutls_x509_dn_oid_known(const char *oid) **/ const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags) { - unsigned int i = 0; - unsigned len = strlen(oid); - - do { - if ((_oid2str[i].oid_size == len) && - strcmp(_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL) - return _oid2str[i].ldap_desc; - i++; - } - while (_oid2str[i].oid != NULL); + const struct oid_to_string *entry =_gnutls_oid_get_entry(_oid2str, oid); + if (entry && entry->name_desc) + return entry->name_desc; if (flags & GNUTLS_X509_DN_OID_RETURN_OID) return oid; else @@ -450,7 +422,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, return GNUTLS_E_INVALID_REQUEST; } - oentry = get_oid_entry(oid); + oentry = _gnutls_oid_get_entry(_oid2str, oid); if (oentry == NULL) { /* unknown OID -> hex */ unknown_oid: ret = data2hex(value, value_size, str); @@ -1469,7 +1441,7 @@ _gnutls_x509_encode_and_write_attribute(const char *given_oid, int result; const struct oid_to_string *oentry; - oentry = get_oid_entry(given_oid); + oentry = _gnutls_oid_get_entry(_oid2str, given_oid); if (oentry == NULL) { gnutls_assert(); _gnutls_debug_log("Cannot find OID: %s\n", given_oid); diff --git a/lib/x509/common.h b/lib/x509/common.h index 54ded21188..483bd1de6c 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -114,6 +114,18 @@ #define ASN1_NULL "\x05\x00" #define ASN1_NULL_SIZE 2 +struct oid_to_string { + const char *oid; + unsigned oid_size; + const char *name_desc; + unsigned name_desc_size; + const char *asn_desc; /* description in the pkix file if complex type */ + unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID + * if cannot be simply parsed */ +}; + +const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid); + int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim, int force_general); int diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c index bf5dbac837..3d686df228 100644 --- a/lib/x509/pkcs7-output.c +++ b/lib/x509/pkcs7-output.c @@ -64,6 +64,31 @@ static void print_dn(gnutls_buffer_st * str, const char *prefix, gnutls_free(output.data); } +/* Do not encode ASN1 and type for now */ +#define ENTRY(oid, name, type) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, type} +#define ENTRY2(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, ASN1_ETYPE_INVALID} + +static const struct oid_to_string pkcs7_attrs[] = { + ENTRY ("1.2.840.113549.1.9.3", "contentType", ASN1_ETYPE_OBJECT_ID), + ENTRY ("1.2.840.113549.1.9.4", "messageDigest", ASN1_ETYPE_OCTET_STRING), + ENTRY ("1.2.840.113549.1.9.5", "signingTime", ASN1_ETYPE_INVALID), + ENTRY2("1.2.840.113549.1.9.6", "countersignature"), + ENTRY2("1.2.840.113549.1.9.15", "smimeCapabilities"), + + ENTRY2("1.2.840.113549.1.9.16.2.1", "aa-receiptRequest"), + ENTRY2("1.2.840.113549.1.9.16.2.2", "aa-securityLabel"), + ENTRY2("1.2.840.113549.1.9.16.2.3", "aa-mlExpandHistory"), + ENTRY2("1.2.840.113549.1.9.16.2.4", "aa-contentHint"), + ENTRY2("1.2.840.113549.1.9.16.2.9", "aa-equivalentLabels"), + ENTRY2("1.2.840.113549.1.9.16.2.10", "aa-contentReference"), + ENTRY2("1.2.840.113549.1.9.16.2.11", "aa-encrypKeyPref"), + ENTRY2("1.2.840.113549.1.9.16.2.12", "aa-signingCertificate"), + ENTRY2("1.2.840.113549.1.9.16.2.19", "aa-ets-otherSigCert"), + ENTRY2("1.2.840.113549.1.9.16.2.47", "aa-signingCertificateV2"), + + {NULL, 0, NULL, 0, NULL, 0} +}; + static void print_raw(gnutls_buffer_st * str, const char *prefix, const gnutls_datum_t * raw) { @@ -94,6 +119,7 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, char s[42]; size_t max; int ret; + const struct oid_to_string * entry; if (info->issuer_dn.size > 0) print_dn(str, "\tSigner's issuer DN", &info->issuer_dn); @@ -130,7 +156,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, if (i == 0) addf(str, "\tSigned Attributes:\n"); - snprintf(prefix, sizeof(prefix), "\t\t%s", oid); + entry = _gnutls_oid_get_entry(pkcs7_attrs, oid); + snprintf(prefix, sizeof(prefix), "\t\t%s", + (entry && entry->name_desc) ? entry->name_desc : oid); print_raw(str, prefix, &data); gnutls_free(data.data); } @@ -145,7 +173,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, if (i == 0) addf(str, "\tUnsigned Attributes:\n"); - snprintf(prefix, sizeof(prefix), "\t\t%s", oid); + entry = _gnutls_oid_get_entry(pkcs7_attrs, oid); + snprintf(prefix, sizeof(prefix), "\t\t%s", + (entry && entry->name_desc) ? entry->name_desc : oid); print_raw(str, prefix, &data); gnutls_free(data.data); } @@ -155,6 +185,37 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, } /** + * gnutls_pkcs7_print_signature_info: + * @info: The PKCS7 signature info struct to be printed + * @format: Indicate the format to use + * @out: Newly allocated datum with null terminated string. + * + * This function will pretty print a PKCS #7 signature info structure, suitable + * for display to a human. + * + * Currently the supported formats are %GNUTLS_CRT_PRINT_FULL and + * %GNUTLS_CRT_PRINT_COMPACT. + * + * The output @out needs to be deallocated using gnutls_free(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.6.14 + **/ +int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st * info, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) +{ + gnutls_buffer_st str; + + _gnutls_buffer_init(&str); + print_pkcs7_info(info, &str, format); + + return _gnutls_buffer_to_datum(&str, out, 1); +} + +/** * gnutls_pkcs7_crt_print: * @pkcs7: The PKCS7 struct to be printed * @format: Indicate the format to use |