📄 utils.c
字号:
/* Print information on a certificate */
int printCertInfo( const CRYPT_CERTIFICATE certificate )
{
CRYPT_CERTTYPE_TYPE certType;
char buffer[ 1024 ];
int length, value, status;
CHK( cryptGetAttribute( certificate, CRYPT_CERTINFO_CERTTYPE, &value ) );
certType = value;
/* Display the issuer and subject DN */
if( certType != CRYPT_CERTTYPE_CERTREQUEST && \
certType != CRYPT_CERTTYPE_REQUEST_CERT && \
certType != CRYPT_CERTTYPE_REQUEST_REVOCATION && \
certType != CRYPT_CERTTYPE_RTCS_REQUEST && \
certType != CRYPT_CERTTYPE_RTCS_RESPONSE && \
certType != CRYPT_CERTTYPE_OCSP_REQUEST && \
certType != CRYPT_CERTTYPE_CMS_ATTRIBUTES && \
certType != CRYPT_CERTTYPE_PKIUSER )
{
puts( "Certificate object issuer name is:" );
CHK( cryptSetAttribute( certificate, CRYPT_CERTINFO_ISSUERNAME,
CRYPT_UNUSED ) );
printDN( certificate );
if( cryptStatusOK( \
cryptGetAttribute( certificate,
CRYPT_CERTINFO_ISSUERALTNAME, &value ) ) )
{
CHK( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT,
CRYPT_CERTINFO_ISSUERALTNAME ) );
printAltName( certificate );
}
}
if( certType != CRYPT_CERTTYPE_CRL && \
certType != CRYPT_CERTTYPE_REQUEST_REVOCATION && \
certType != CRYPT_CERTTYPE_CMS_ATTRIBUTES && \
certType != CRYPT_CERTTYPE_RTCS_REQUEST && \
certType != CRYPT_CERTTYPE_RTCS_RESPONSE && \
certType != CRYPT_CERTTYPE_OCSP_REQUEST && \
certType != CRYPT_CERTTYPE_OCSP_RESPONSE )
{
puts( "Certificate object subject name is:" );
CHK( cryptSetAttribute( certificate, CRYPT_CERTINFO_SUBJECTNAME,
CRYPT_UNUSED ) );
printDN( certificate );
if( cryptStatusOK( \
cryptGetAttribute( certificate,
CRYPT_CERTINFO_SUBJECTALTNAME, &value ) ) )
{
CHK( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT,
CRYPT_CERTINFO_SUBJECTALTNAME ) );
printAltName( certificate );
}
}
/* Display the validity information */
#ifndef _WIN32_WCE
if( certType == CRYPT_CERTTYPE_CERTCHAIN ||
certType == CRYPT_CERTTYPE_CERTIFICATE || \
certType == CRYPT_CERTTYPE_ATTRIBUTE_CERT )
{
time_t validFrom, validTo;
CHK( cryptGetAttributeString( certificate, CRYPT_CERTINFO_VALIDFROM,
&validFrom, &length ) );
CHK( cryptGetAttributeString( certificate, CRYPT_CERTINFO_VALIDTO,
&validTo, &length ) );
printf( "Certificate is valid from %s to %s",
getTimeString( validFrom, 0 ),
getTimeString( validTo, 1 ) );
}
if( certType == CRYPT_CERTTYPE_OCSP_RESPONSE )
{
time_t thisUpdate, nextUpdate;
status = cryptGetAttributeString( certificate, CRYPT_CERTINFO_THISUPDATE,
&thisUpdate, &length );
if( cryptStatusOK( status ) )
{
/* RTCS basic responses only return a minimal valid/not valid
status so failing to find a time isn't an error */
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_NEXTUPDATE,
&nextUpdate, &length );
if( cryptStatusOK( status ) )
{
printf( "OCSP source CRL time %s,\n next update %s.\n",
getTimeString( thisUpdate, 0 ),
getTimeString( nextUpdate, 1 ) );
}
else
{
printf( "OCSP source CRL time %s.\n",
getTimeString( thisUpdate, 0 ) );
}
}
}
if( certType == CRYPT_CERTTYPE_CRL )
{
time_t thisUpdate, nextUpdate;
CHK( cryptGetAttributeString( certificate, CRYPT_CERTINFO_THISUPDATE,
&thisUpdate, &length ) );
status = cryptGetAttributeString( certificate, CRYPT_CERTINFO_NEXTUPDATE,
&nextUpdate, &length );
if( cryptStatusOK( status ) )
{
printf( "CRL time %s,\n next update %s.\n",
getTimeString( thisUpdate, 0 ),
getTimeString( nextUpdate, 1 ) );
}
else
printf( "CRL time %s.\n", getTimeString( thisUpdate, 0 ) );
}
#endif /* _WIN32_WCE */
if( certType == CRYPT_CERTTYPE_CRL || \
certType == CRYPT_CERTTYPE_RTCS_RESPONSE || \
certType == CRYPT_CERTTYPE_OCSP_RESPONSE )
{
int noEntries = 0;
/* Count and display the entries */
if( cryptSetAttribute( certificate, CRYPT_CERTINFO_CURRENT_CERTIFICATE,
CRYPT_CURSOR_FIRST ) == CRYPT_OK )
{
puts( "Revocation/validity list information: " );
do
{
#ifndef _WIN32_WCE
time_t timeStamp = 0;
#endif /* _WIN32_WCE */
int revStatus, certStatus;
noEntries++;
/* Extract response-specific status information */
if( certType == CRYPT_CERTTYPE_RTCS_RESPONSE )
{
CHK( cryptGetAttribute( certificate,
CRYPT_CERTINFO_CERTSTATUS, &certStatus ) );
}
if( certType == CRYPT_CERTTYPE_OCSP_RESPONSE )
{
CHK( cryptGetAttribute( certificate,
CRYPT_CERTINFO_REVOCATIONSTATUS, &revStatus ) );
}
#ifndef _WIN32_WCE
if( certType == CRYPT_CERTTYPE_CRL || \
( certType == CRYPT_CERTTYPE_OCSP_RESPONSE && \
revStatus == CRYPT_OCSPSTATUS_REVOKED ) || \
( certType == CRYPT_CERTTYPE_RTCS_RESPONSE && \
certStatus == CRYPT_CERTSTATUS_NOTVALID ) )
{
CHK( cryptGetAttributeString( certificate,
CRYPT_CERTINFO_REVOCATIONDATE, &timeStamp,
&length ) );
}
#endif /* _WIN32_WCE */
/* Make sure we don't print excessive amounts of
information */
if( noEntries >= 20 )
{
if( noEntries == 20 )
puts( " (Further entries exist, but won't be printed)." );
continue;
}
/* Print details status info */
switch( certType )
{
case CRYPT_CERTTYPE_RTCS_RESPONSE:
printf( " Certificate status = %d (%s).\n",
certStatus,
( certStatus == CRYPT_CERTSTATUS_VALID ) ? \
"valid" : \
( certStatus == CRYPT_CERTSTATUS_NOTVALID ) ? \
"not valid" : \
( certStatus == CRYPT_CERTSTATUS_NONAUTHORITATIVE ) ? \
"only non-authoritative response available" : \
"unknown" );
break;
case CRYPT_CERTTYPE_OCSP_RESPONSE:
printf( " Entry %d, rev.status = %d (%s), rev.time "
"%s.\n", noEntries, revStatus,
( revStatus == CRYPT_OCSPSTATUS_NOTREVOKED ) ? \
"not revoked" : \
( revStatus == CRYPT_OCSPSTATUS_REVOKED ) ? \
"revoked" : "unknown",
getTimeString( timeStamp, 0 ) );
break;
case CRYPT_CERTTYPE_CRL:
printf( " Entry %d, revocation time %s.\n", noEntries,
getTimeString( timeStamp, 0 ) );
break;
default:
assert( 0 );
}
}
while( cryptSetAttribute( certificate,
CRYPT_CERTINFO_CURRENT_CERTIFICATE,
CRYPT_CURSOR_NEXT ) == CRYPT_OK );
}
printf( "Revocation/validity list has %d entr%s.\n", noEntries,
( noEntries == 1 ) ? "y" : "ies" );
}
/* Display the self-signed status and fingerprint */
if( cryptStatusOK( cryptGetAttribute( certificate,
CRYPT_CERTINFO_SELFSIGNED, &value ) ) )
printf( "Certificate object is %sself-signed.\n",
value ? "" : "not " );
if( certType == CRYPT_CERTTYPE_CERTIFICATE || \
certType == CRYPT_CERTTYPE_CERTCHAIN )
{
CHK( cryptGetAttributeString( certificate, CRYPT_CERTINFO_FINGERPRINT,
buffer, &length ) );
printf( "Certificate fingerprint = " );
printHex( buffer, length );
}
/* List the attribute types */
if( !displayAttributes( certificate ) )
return( FALSE );
/* Display common attributes */
if( cryptStatusError( \
cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT_GROUP,
CRYPT_CURSOR_FIRST ) ) )
{
puts( " (No extensions/attributes)." );
return( TRUE );
}
puts( "Some of the common extensions/attributes are:" );
if( certType == CRYPT_CERTTYPE_CRL )
{
time_t theTime;
CHK( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT_GROUP,
CRYPT_CURSOR_FIRST ) );
status = cryptGetAttribute( certificate, CRYPT_CERTINFO_CRLNUMBER,
&value );
if( cryptStatusOK( status ) && value )
printf( " crlNumber = %d.\n", value );
status = cryptGetAttribute( certificate, CRYPT_CERTINFO_DELTACRLINDICATOR,
&value );
if( cryptStatusOK( status ) && value )
printf( " deltaCRLIndicator = %d.\n", value );
status = cryptGetAttribute( certificate, CRYPT_CERTINFO_CRLREASON,
&value );
if( cryptStatusOK( status ) && value )
printf( " crlReason = %d.\n", value );
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_INVALIDITYDATE, &theTime, &length );
#ifndef _WIN32_WCE
if( cryptStatusOK( status ) )
printf( " invalidityDate = %s.\n",
getTimeString( theTime, 0 ) );
#endif /* _WIN32_WCE */
if( cryptStatusOK( \
cryptGetAttribute( certificate,
CRYPT_CERTINFO_ISSUINGDIST_FULLNAME, &value ) ) )
{
CHK( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT,
CRYPT_CERTINFO_ISSUINGDIST_FULLNAME ) );
puts( " issuingDistributionPoint is:" );
printDN( certificate );
printAltName( certificate );
}
return( TRUE );
}
#ifndef _WIN32_WCE
if( certType == CRYPT_CERTTYPE_CMS_ATTRIBUTES )
{
time_t signingTime;
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_CMS_SIGNINGTIME,
&signingTime, &length );
if( cryptStatusOK( status ) )
printf( "Signing time %s.\n", getTimeString( signingTime, 0 ) );
return( TRUE );
}
#endif /* _WIN32_WCE */
if( certType == CRYPT_CERTTYPE_PKIUSER )
{
CHK( cryptGetAttributeString( certificate, CRYPT_CERTINFO_PKIUSER_ID,
buffer, &length ) );
buffer[ length ] ='\0';
printf( " PKI user ID = %s.\n", buffer );
CHK( cryptGetAttributeString( certificate,
CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD,
buffer, &length ) );
buffer[ length ] ='\0';
printf( " PKI user issue password = %s.\n", buffer );
CHK( cryptGetAttributeString( certificate,
CRYPT_CERTINFO_PKIUSER_REVPASSWORD,
buffer, &length ) );
buffer[ length ] ='\0';
printf( " PKI user revocation password = %s.\n", buffer );
return( TRUE );
}
status = cryptGetAttribute( certificate,
CRYPT_CERTINFO_KEYUSAGE, &value );
if( cryptStatusOK( status ) && value )
{
static const struct { int flag; const char *name; } usageNames[] = {
{ CRYPT_KEYUSAGE_DIGITALSIGNATURE, "digSig" },
{ CRYPT_KEYUSAGE_NONREPUDIATION, "nonRep" },
{ CRYPT_KEYUSAGE_KEYENCIPHERMENT, "keyEnc" },
{ CRYPT_KEYUSAGE_DATAENCIPHERMENT, "dataEnc" },
{ CRYPT_KEYUSAGE_KEYAGREEMENT, "keyAgree" },
{ CRYPT_KEYUSAGE_KEYCERTSIGN, "certSign" },
{ CRYPT_KEYUSAGE_CRLSIGN, "crlSign" },
{ CRYPT_KEYUSAGE_ENCIPHERONLY, "encOnly" },
{ CRYPT_KEYUSAGE_DECIPHERONLY, "decOnly" },
{ CRYPT_KEYUSAGE_NONE, NULL }
};
BOOLEAN printedUsage = FALSE;
int i;
printf( " keyUsage = %02X (", value );
for( i = 0; usageNames[ i ].flag != CRYPT_KEYUSAGE_NONE; i++ )
{
if( usageNames[ i ].flag & value )
{
if( printedUsage )
printf( ", " );
printf( "%s", usageNames[ i ].name );
printedUsage = TRUE;
}
}
puts( ")." );
}
status = cryptGetAttribute( certificate,
CRYPT_CERTINFO_EXTKEYUSAGE, &value );
if( cryptStatusOK( status ) && value )
{
BOOLEAN firstTime = TRUE;
printf( " extKeyUsage types = " );
CHK( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT_GROUP,
CRYPT_CERTINFO_EXTKEYUSAGE ) );
do
{
CHK( cryptGetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT,
&value ) );
printf( "%s%d", firstTime ? "" : ", ", value );
firstTime = FALSE;
}
while( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT,
CRYPT_CURSOR_NEXT ) == CRYPT_OK );
printf( ".\n" );
}
status = cryptGetAttribute( certificate, CRYPT_CERTINFO_CA, &value );
if( cryptStatusOK( status ) && value )
printf( " basicConstraints.cA = %s.\n", value ? "True" : "False" );
status = cryptGetAttribute( certificate, CRYPT_CERTINFO_PATHLENCONSTRAINT,
&value );
if( cryptStatusOK( status ) && value )
printf( " basicConstraints.pathLenConstraint = %d.\n", value );
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER, buffer, &length );
if( cryptStatusOK( status ) )
{
printf( " subjectKeyIdentifier = " );
printHex( buffer, length );
}
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER, buffer, &length );
if( cryptStatusOK( status ) )
{
printf( " authorityKeyIdentifier = " );
printHex( buffer, length );
}
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_CERTPOLICYID, buffer, &length );
if( cryptStatusOK( status ) )
{
buffer[ length ] = '\0';
printf( " certificatePolicies.policyInformation.policyIdentifier = "
"%s.\n", buffer );
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_CERTPOLICY_CPSURI, buffer, &length );
if( cryptStatusOK( status ) )
{
buffer[ length ] = '\0';
printf( " certificatePolicies.policyInformation.cpsURI = "
"%s.\n", buffer );
}
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION, buffer, &length );
if( cryptStatusOK( status ) )
{
buffer[ length ] = '\0';
printf( " certificatePolicies.policyInformation.organisation = "
"%s.\n", buffer );
}
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT, buffer, &length );
if( cryptStatusOK( status ) )
{
buffer[ length ] = '\0';
printf( " certificatePolicies.policyInformation.explicitText = "
"%s.\n", buffer );
}
}
if( cryptStatusOK( \
cryptGetAttribute( certificate,
CRYPT_CERTINFO_CRLDIST_FULLNAME, &value ) ) )
{
CHK( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT,
CRYPT_CERTINFO_CRLDIST_FULLNAME ) );
puts( " crlDistributionPoint is/are:" );
do
{
printDN( certificate );
printAltName( certificate );
}
while( cryptSetAttribute( certificate, CRYPT_ATTRIBUTE_CURRENT_INSTANCE,
CRYPT_CURSOR_NEXT ) == CRYPT_OK );
}
return( TRUE );
}
int printCertChainInfo( const CRYPT_CERTIFICATE certChain )
{
int value, count, status;
/* Make sure it really is a cert chain */
CHK( cryptGetAttribute( certChain, CRYPT_CERTINFO_CERTTYPE, &value ) );
if( value != CRYPT_CERTTYPE_CERTCHAIN )
{
printCertInfo( certChain );
return( TRUE );
}
/* Display info on each cert in the chain. This uses the cursor
mechanism to select successive certs in the chain from the leaf up to
the root */
count = 0;
CHK( cryptSetAttribute( certChain, CRYPT_CERTINFO_CURRENT_CERTIFICATE,
CRYPT_CURSOR_FIRST ) );
do
{
printf( "Certificate %d\n-------------\n", count++ );
printCertInfo( certChain );
printf( "\n" );
}
while( cryptSetAttribute( certChain,
CRYPT_CERTINFO_CURRENT_CERTIFICATE, CRYPT_CURSOR_NEXT ) == CRYPT_OK );
/* Reset the cursor position in the chain */
CHK( cryptSetAttribute( certChain, CRYPT_CERTINFO_CURRENT_CERTIFICATE,
CRYPT_CURSOR_FIRST ) );
return( TRUE );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -