sl@0: /* ocsp_prn.c */ sl@0: /* Written by Tom Titchener for the OpenSSL sl@0: * project. */ sl@0: sl@0: /* History: sl@0: This file was originally part of ocsp.c and was transfered to Richard sl@0: Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included sl@0: in OpenSSL or released as a patch kit. */ sl@0: sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: /* sl@0: © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. sl@0: */ sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) sl@0: #include "libcrypto_wsd_macros.h" sl@0: #include "libcrypto_wsd.h" sl@0: #endif sl@0: sl@0: static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) sl@0: { sl@0: BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); sl@0: indent += 2; sl@0: BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); sl@0: i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); sl@0: BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); sl@0: i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); sl@0: BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); sl@0: i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); sl@0: BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); sl@0: i2a_ASN1_INTEGER(bp, a->serialNumber); sl@0: BIO_printf(bp, "\n"); sl@0: return 1; sl@0: } sl@0: sl@0: typedef struct sl@0: { sl@0: long t; sl@0: char *m; sl@0: } OCSP_TBLSTR; sl@0: sl@0: static char *table2string(long s, OCSP_TBLSTR *ts, int len) sl@0: { sl@0: OCSP_TBLSTR *p; sl@0: for (p=ts; p < ts + len; p++) sl@0: if (p->t == s) sl@0: return p->m; sl@0: return "(UNKNOWN)"; sl@0: } sl@0: sl@0: sl@0: EXPORT_C char *OCSP_response_status_str(long s) sl@0: { sl@0: #ifndef EMULATOR sl@0: static OCSP_TBLSTR rstat_tbl[] = { sl@0: { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, sl@0: { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, sl@0: { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, sl@0: { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, sl@0: { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, sl@0: { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; sl@0: #else //EMULATOR sl@0: OCSP_TBLSTR rstat_tbl[] = { sl@0: { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, sl@0: { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, sl@0: { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, sl@0: { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, sl@0: { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, sl@0: { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; sl@0: sl@0: #endif sl@0: sl@0: return table2string(s, rstat_tbl, 6); sl@0: } sl@0: sl@0: EXPORT_C char *OCSP_cert_status_str(long s) sl@0: { sl@0: #ifndef EMULATOR sl@0: static OCSP_TBLSTR cstat_tbl[] = { sl@0: { V_OCSP_CERTSTATUS_GOOD, "good" }, sl@0: { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, sl@0: { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; sl@0: #else sl@0: OCSP_TBLSTR cstat_tbl[] = { sl@0: { V_OCSP_CERTSTATUS_GOOD, "good" }, sl@0: { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, sl@0: { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; sl@0: sl@0: #endif sl@0: return table2string(s, cstat_tbl, 3); sl@0: } sl@0: sl@0: EXPORT_C char *OCSP_crl_reason_str(long s) sl@0: { sl@0: OCSP_TBLSTR reason_tbl[] = { sl@0: { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, sl@0: { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, sl@0: { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, sl@0: { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, sl@0: { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, sl@0: { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, sl@0: { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, sl@0: { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; sl@0: return table2string(s, reason_tbl, 8); sl@0: } sl@0: sl@0: EXPORT_C int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) sl@0: { sl@0: int i; sl@0: long l; sl@0: OCSP_CERTID* cid = NULL; sl@0: OCSP_ONEREQ *one = NULL; sl@0: OCSP_REQINFO *inf = o->tbsRequest; sl@0: OCSP_SIGNATURE *sig = o->optionalSignature; sl@0: sl@0: if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err; sl@0: l=ASN1_INTEGER_get(inf->version); sl@0: if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err; sl@0: if (inf->requestorName != NULL) sl@0: { sl@0: if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) sl@0: goto err; sl@0: GENERAL_NAME_print(bp, inf->requestorName); sl@0: } sl@0: if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err; sl@0: for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) sl@0: { sl@0: one = sk_OCSP_ONEREQ_value(inf->requestList, i); sl@0: cid = one->reqCert; sl@0: ocsp_certid_print(bp, cid, 8); sl@0: if (!X509V3_extensions_print(bp, sl@0: "Request Single Extensions", sl@0: one->singleRequestExtensions, flags, 8)) sl@0: goto err; sl@0: } sl@0: if (!X509V3_extensions_print(bp, "Request Extensions", sl@0: inf->requestExtensions, flags, 4)) sl@0: goto err; sl@0: if (sig) sl@0: { sl@0: X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); sl@0: for (i=0; icerts); i++) sl@0: { sl@0: X509_print(bp, sk_X509_value(sig->certs,i)); sl@0: PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); sl@0: } sl@0: } sl@0: return 1; sl@0: err: sl@0: return 0; sl@0: } sl@0: sl@0: EXPORT_C int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) sl@0: { sl@0: int i, ret = 0; sl@0: long l; sl@0: unsigned char *p; sl@0: OCSP_CERTID *cid = NULL; sl@0: OCSP_BASICRESP *br = NULL; sl@0: OCSP_RESPID *rid = NULL; sl@0: OCSP_RESPDATA *rd = NULL; sl@0: OCSP_CERTSTATUS *cst = NULL; sl@0: OCSP_REVOKEDINFO *rev = NULL; sl@0: OCSP_SINGLERESP *single = NULL; sl@0: OCSP_RESPBYTES *rb = o->responseBytes; sl@0: sl@0: if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; sl@0: l=ASN1_ENUMERATED_get(o->responseStatus); sl@0: if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", sl@0: OCSP_response_status_str(l), l) <= 0) goto err; sl@0: if (rb == NULL) return 1; sl@0: if (BIO_puts(bp," Response Type: ") <= 0) sl@0: goto err; sl@0: if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) sl@0: goto err; sl@0: if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) sl@0: { sl@0: BIO_puts(bp," (unknown response type)\n"); sl@0: return 1; sl@0: } sl@0: sl@0: p = ASN1_STRING_data(rb->response); sl@0: i = ASN1_STRING_length(rb->response); sl@0: if (!(br = OCSP_response_get1_basic(o))) goto err; sl@0: rd = br->tbsResponseData; sl@0: l=ASN1_INTEGER_get(rd->version); sl@0: if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", sl@0: l+1,l) <= 0) goto err; sl@0: if (BIO_puts(bp," Responder Id: ") <= 0) goto err; sl@0: sl@0: rid = rd->responderId; sl@0: switch (rid->type) sl@0: { sl@0: case V_OCSP_RESPID_NAME: sl@0: X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); sl@0: break; sl@0: case V_OCSP_RESPID_KEY: sl@0: i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); sl@0: break; sl@0: } sl@0: sl@0: if (BIO_printf(bp,"\n Produced At: ")<=0) goto err; sl@0: if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; sl@0: if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err; sl@0: for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) sl@0: { sl@0: if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue; sl@0: single = sk_OCSP_SINGLERESP_value(rd->responses, i); sl@0: cid = single->certId; sl@0: if(ocsp_certid_print(bp, cid, 4) <= 0) goto err; sl@0: cst = single->certStatus; sl@0: if (BIO_printf(bp," Cert Status: %s", sl@0: OCSP_cert_status_str(cst->type)) <= 0) sl@0: goto err; sl@0: if (cst->type == V_OCSP_CERTSTATUS_REVOKED) sl@0: { sl@0: rev = cst->value.revoked; sl@0: if (BIO_printf(bp, "\n Revocation Time: ") <= 0) sl@0: goto err; sl@0: if (!ASN1_GENERALIZEDTIME_print(bp, sl@0: rev->revocationTime)) sl@0: goto err; sl@0: if (rev->revocationReason) sl@0: { sl@0: l=ASN1_ENUMERATED_get(rev->revocationReason); sl@0: if (BIO_printf(bp, sl@0: "\n Revocation Reason: %s (0x%lx)", sl@0: OCSP_crl_reason_str(l), l) <= 0) sl@0: goto err; sl@0: } sl@0: } sl@0: if (BIO_printf(bp,"\n This Update: ") <= 0) goto err; sl@0: if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) sl@0: goto err; sl@0: if (single->nextUpdate) sl@0: { sl@0: if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err; sl@0: if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) sl@0: goto err; sl@0: } sl@0: if (!BIO_write(bp,"\n",1)) goto err; sl@0: if (!X509V3_extensions_print(bp, sl@0: "Response Single Extensions", sl@0: single->singleExtensions, flags, 8)) sl@0: goto err; sl@0: if (!BIO_write(bp,"\n",1)) goto err; sl@0: } sl@0: if (!X509V3_extensions_print(bp, "Response Extensions", sl@0: rd->responseExtensions, flags, 4)) sl@0: if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) sl@0: goto err; sl@0: sl@0: for (i=0; icerts); i++) sl@0: { sl@0: X509_print(bp, sk_X509_value(br->certs,i)); sl@0: PEM_write_bio_X509(bp,sk_X509_value(br->certs,i)); sl@0: } sl@0: sl@0: ret = 1; sl@0: err: sl@0: OCSP_BASICRESP_free(br); sl@0: return ret; sl@0: }