pk7print.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 919 行 · 第 1/2 页

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
** secutil.c - various functions used by security stuff
**
*/
 
/* pkcs #7 -related functions */
 
 
#include "secutil.h"
#include "secpkcs7.h"
#include "secoid.h"
#include <sys/stat.h>
#include <stdarg.h>
 
#ifdef XP_UNIX
#include <unistd.h>
#endif
 
/* for SEC_TraverseNames */
#include "cert.h"
#include "prtypes.h"
#include "prtime.h"
 
#include "prlong.h"
#include "secmod.h"
#include "pk11func.h"
#include "prerror.h"
 



/*
** PKCS7 Support
*/

/* forward declaration */
int
sv_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *);


void
sv_PrintAsHex(FILE *out, SECItem *data, char *m)
{
    unsigned i;

    if (m) fprintf(out, m);
    
    for (i = 0; i < data->len; i++) {
        if (i < data->len - 1) {
            fprintf(out, "%02x:", data->data[i]);
        } else {
            fprintf(out, "%02x\n", data->data[i]);
            break;
        }
    }
}

void
sv_PrintInteger(FILE *out, SECItem *i, char *m)
{
    int iv;

    if (i->len > 4) {
        sv_PrintAsHex(out, i, m);
    } else {
        iv = DER_GetInteger(i);
        fprintf(out, "%s%d (0x%x)\n", m, iv, iv);
    }
}


int
sv_PrintUTCTime(FILE *out, SECItem *t, char *m)
{
    PRExplodedTime printableTime; 
    int64 time;
    char *timeString;
    int rv;

    rv = DER_UTCTimeToTime(&time, t);
    if (rv) return rv;

    /* Converse to local time */
    PR_ExplodeTime(time, PR_GMTParameters, &printableTime);

    timeString = (char *)PORT_Alloc(100);

    if ( timeString ) {
        PR_FormatTime( timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime );
        fprintf(out, "%s%s\n", m, timeString);
        PORT_Free(timeString);
        return 0;
    }
    return SECFailure;
}


int
sv_PrintValidity(FILE *out, CERTValidity *v, char *m)
{
    int rv;

    fprintf(out, m);
    rv = sv_PrintUTCTime(out, &v->notBefore, "notBefore=");
    if (rv) return rv;
    fprintf(out, m);
    sv_PrintUTCTime(out, &v->notAfter, "notAfter=");
    return rv;
}

void
sv_PrintObjectID(FILE *out, SECItem *oid, char *m)
{
    char *name;
    SECOidData *oiddata;
    
    oiddata = SECOID_FindOID(oid);
    if (oiddata == NULL) {
        sv_PrintAsHex(out, oid, m);
        return;
    }
    name = oiddata->desc;

    if (m != NULL)
        fprintf(out, "%s", m);
    fprintf(out, "%s\n", name);
}

void
sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m)
{
    sv_PrintObjectID(out, &a->algorithm, m);

    if ((a->parameters.len != 2) ||
        (PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) {
        /* Print args to algorithm */
        sv_PrintAsHex(out, &a->parameters, "Args=");
    }
}

void
sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m)
{
    SECItem *value;
    int i;
    char om[100];

    fprintf(out, m);

    /*
     * XXX Make this smarter; look at the type field and then decode
     * and print the value(s) appropriately!
     */
    sv_PrintObjectID(out, &(attr->type), "type=");
    if (attr->values != NULL) {
        i = 0;
        while ((value = attr->values[i]) != NULL) {
            sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : ""); 
            if (attr->encoded || attr->typeTag == NULL) {
                sv_PrintAsHex(out, value, om);
            } else {
                switch (attr->typeTag->offset) {
                    default:
                        sv_PrintAsHex(out, value, om);
                        break;
                    case SEC_OID_PKCS9_CONTENT_TYPE:
                        sv_PrintObjectID(out, value, om);
                        break;
                    case SEC_OID_PKCS9_SIGNING_TIME:
                        sv_PrintUTCTime(out, value, om);
                        break;
                }
            }
        }
    }
}

void
sv_PrintName(FILE *out, CERTName *name, char *msg)
{
    char *str;

    str = CERT_NameToAscii(name);
    fprintf(out, "%s%s\n", msg, str);
}


#if 0
/*
** secu_PrintPKCS7EncContent
**   Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
*/
void
secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, 
			  char *m, int level)
{
    if (src->contentTypeTag == NULL)
	src->contentTypeTag = SECOID_FindOID(&(src->contentType));

    secu_Indent(out, level);
    fprintf(out, "%s:\n", m);
    secu_Indent(out, level + 1); 
    fprintf(out, "Content Type: %s\n",
	    (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
					  : "Unknown");
    sv_PrintAlgorithmID(out, &(src->contentEncAlg),
			  "Content Encryption Algorithm");
    sv_PrintAsHex(out, &(src->encContent), 
		    "Encrypted Content", level+1);
}

/*
** secu_PrintRecipientInfo
**   Prints a PKCS7RecipientInfo type
*/
void
secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, 
			int level)
{
    secu_Indent(out, level); fprintf(out, "%s:\n", m);
    sv_PrintInteger(out, &(info->version), "Version");	

    sv_PrintName(out, &(info->issuerAndSN->issuer), "Issuer");
    sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), 
		      "Serial Number");

    /* Parse and display encrypted key */
    sv_PrintAlgorithmID(out, &(info->keyEncAlg), 
			"Key Encryption Algorithm");
    sv_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
}
#endif

/* 
** secu_PrintSignerInfo
**   Prints a PKCS7SingerInfo type
*/
void
sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m)
{
    SEC_PKCS7Attribute *attr;
    int iv;
    
    fprintf(out, m);
    sv_PrintInteger(out, &(info->version), "version=");

    fprintf(out, m);
    sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName=");
    fprintf(out, m);
    sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), 
                        "serialNumber=");
  
    fprintf(out, m);
    sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm=");
    
    if (info->authAttr != NULL) {
        char mm[120];

        iv = 0;
        while (info->authAttr[iv] != NULL) iv++;
        fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv);
        iv = 0;
        while ((attr = info->authAttr[iv]) != NULL) {
            sprintf(mm, "%sattribute[%d].", m, iv++); 
            sv_PrintAttribute(out, attr, mm);
        }
    }
    
    /* Parse and display signature */
    fprintf(out, m);
    sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm=");
    fprintf(out, m);
    sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest=");
    
    if (info->unAuthAttr != NULL) {
        char mm[120];

        iv = 0;
        while (info->unAuthAttr[iv] != NULL) iv++;
        fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv);
        iv = 0;
        while ((attr = info->unAuthAttr[iv]) != NULL) {
            sprintf(mm, "%sattribute[%d].", m, iv++); 
            sv_PrintAttribute(out, attr, mm);
        }
    }
}

void
sv_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
{
    fprintf(out, m);
    sv_PrintInteger(out, &pk->u.rsa.modulus, "modulus=");
    fprintf(out, m);
    sv_PrintInteger(out, &pk->u.rsa.publicExponent, "exponent=");
}

void
sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
{
    fprintf(out, m);
    sv_PrintInteger(out, &pk->u.dsa.params.prime, "prime=");
    fprintf(out, m);
    sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime=");
    fprintf(out, m);
    sv_PrintInteger(out, &pk->u.dsa.params.base, "base=");
    fprintf(out, m);
    sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
}

int
sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
                             CERTSubjectPublicKeyInfo *i,  char *msg)
{
    SECKEYPublicKey *pk;
    int rv;
    char mm[200];

    sprintf(mm, "%s.publicKeyAlgorithm=", msg);
    sv_PrintAlgorithmID(out, &i->algorithm, mm);

    pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey));
    if (!pk) return PORT_GetError();

    DER_ConvertBitString(&i->subjectPublicKey);
    switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
        case SEC_OID_PKCS1_RSA_ENCRYPTION:
            rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate,
                                    &i->subjectPublicKey);
            if (rv) return rv;
            sprintf(mm, "%s.rsaPublicKey.", msg);
            sv_PrintRSAPublicKey(out, pk, mm);
            break;
        case SEC_OID_ANSIX9_DSA_SIGNATURE:
            rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate,
                                    &i->subjectPublicKey);
            if (rv) return rv;
            sprintf(mm, "%s.dsaPublicKey.", msg);
            sv_PrintDSAPublicKey(out, pk, mm);
            break;
        default:
            fprintf(out, "%s=bad SPKI algorithm type\n", msg);
            return 0;
    }

    return 0;
}

SECStatus
sv_PrintInvalidDateExten  (FILE *out, SECItem *value, char *msg)
{
    SECItem decodedValue;
    SECStatus rv;
    int64 invalidTime;
    char *formattedTime = NULL;

    decodedValue.data = NULL;
    rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate,
                             value);
    if (rv == SECSuccess) {
        rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
        if (rv == SECSuccess) {
            formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y");
            fprintf (out, "%s: %s\n", msg, formattedTime);
            PORT_Free (formattedTime);
        }
    }
    PORT_Free (decodedValue.data);

    return (rv);
}

int
sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg)
{
    SECOidTag oidTag;

    if (extensions) {

        while ( *extensions ) {
            SECItem *tmpitem;

            fprintf(out, "%sname=", msg);

            tmpitem = &(*extensions)->id;
            sv_PrintObjectID(out, tmpitem, NULL);

            tmpitem = &(*extensions)->critical;
            if ( tmpitem->len )
                fprintf(out, "%scritical=%s\n", msg,
                        (tmpitem->data && tmpitem->data[0])? "True": "False");

            oidTag = SECOID_FindOIDTag (&((*extensions)->id));

            fprintf(out, msg);
            tmpitem = &((*extensions)->value);
            if (oidTag == SEC_OID_X509_INVALID_DATE) 
                sv_PrintInvalidDateExten (out, tmpitem,"invalidExt");
            else			    
                sv_PrintAsHex(out,tmpitem, "data=");

            /*fprintf(out, "\n");*/
            extensions++;
        }
    }

    return 0;
}

void
sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
{
    CERTCrlEntry *entry;
    int iv;
    char om[100];
    
    fprintf(out, m);
    sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm=");
    fprintf(out, m);
    sv_PrintName(out, &(crl->name), "name=");
    fprintf(out, m);
    sv_PrintUTCTime(out, &(crl->lastUpdate), "lastUpdate=");
    fprintf(out, m);
    sv_PrintUTCTime(out, &(crl->nextUpdate), "nextUpdate=");
    
    if (crl->entries != NULL) {
        iv = 0;