Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | | - |
60 | | - |
61 | | - |
62 | | - |
63 | | - |
64 | #include <openssl/bio.h> | - |
65 | #include <openssl/err.h> | - |
66 | #include <openssl/ocsp.h> | - |
67 | #include <openssl/pem.h> | - |
68 | | - |
69 | static int | - |
70 | ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) | - |
71 | { | - |
72 | BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); | - |
73 | indent += 2; | - |
74 | BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); | - |
75 | i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); | - |
76 | BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); | - |
77 | i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); | - |
78 | BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); | - |
79 | i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); | - |
80 | BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); | - |
81 | i2a_ASN1_INTEGER(bp, a->serialNumber); | - |
82 | BIO_printf(bp, "\n"); | - |
83 | return 1; never executed: return 1; | 0 |
84 | } | - |
85 | | - |
86 | typedef struct { | - |
87 | long t; | - |
88 | const char *m; | - |
89 | } OCSP_TBLSTR; | - |
90 | | - |
91 | static const char * | - |
92 | table2string(long s, const OCSP_TBLSTR *ts, int len) | - |
93 | { | - |
94 | const OCSP_TBLSTR *p; | - |
95 | | - |
96 | for (p = ts; p < ts + len; p++)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
97 | if (p->t == s)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
98 | return p->m; never executed: return p->m; | 0 |
99 | return "(UNKNOWN)"; never executed: return "(UNKNOWN)"; | 0 |
100 | } | - |
101 | | - |
102 | const char * | - |
103 | OCSP_response_status_str(long s) | - |
104 | { | - |
105 | static const OCSP_TBLSTR rstat_tbl[] = { | - |
106 | { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, | - |
107 | { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, | - |
108 | { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, | - |
109 | { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, | - |
110 | { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, | - |
111 | { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } | - |
112 | }; | - |
113 | return table2string(s, rstat_tbl, 6); never executed: return table2string(s, rstat_tbl, 6); | 0 |
114 | } | - |
115 | | - |
116 | const char * | - |
117 | OCSP_cert_status_str(long s) | - |
118 | { | - |
119 | static const OCSP_TBLSTR cstat_tbl[] = { | - |
120 | { V_OCSP_CERTSTATUS_GOOD, "good" }, | - |
121 | { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, | - |
122 | { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } | - |
123 | }; | - |
124 | return table2string(s, cstat_tbl, 3); never executed: return table2string(s, cstat_tbl, 3); | 0 |
125 | } | - |
126 | | - |
127 | const char * | - |
128 | OCSP_crl_reason_str(long s) | - |
129 | { | - |
130 | static const OCSP_TBLSTR reason_tbl[] = { | - |
131 | { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, | - |
132 | { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, | - |
133 | { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, | - |
134 | { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, | - |
135 | { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, | - |
136 | { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, | - |
137 | { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, | - |
138 | { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } | - |
139 | }; | - |
140 | return table2string(s, reason_tbl, 8); never executed: return table2string(s, reason_tbl, 8); | 0 |
141 | } | - |
142 | | - |
143 | int | - |
144 | OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | - |
145 | { | - |
146 | int i; | - |
147 | long l; | - |
148 | OCSP_CERTID* cid = NULL; | - |
149 | OCSP_ONEREQ *one = NULL; | - |
150 | OCSP_REQINFO *inf = o->tbsRequest; | - |
151 | OCSP_SIGNATURE *sig = o->optionalSignature; | - |
152 | | - |
153 | if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
154 | goto err; never executed: goto err; | 0 |
155 | l = ASN1_INTEGER_get(inf->version); | - |
156 | if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
157 | goto err; never executed: goto err; | 0 |
158 | if (inf->requestorName != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
159 | if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
160 | goto err; never executed: goto err; | 0 |
161 | GENERAL_NAME_print(bp, inf->requestorName); | - |
162 | } never executed: end of block | 0 |
163 | if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
164 | goto err; never executed: goto err; | 0 |
165 | for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
166 | one = sk_OCSP_ONEREQ_value(inf->requestList, i); | - |
167 | cid = one->reqCert; | - |
168 | ocsp_certid_print(bp, cid, 8); | - |
169 | if (!X509V3_extensions_print(bp, "Request Single Extensions",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
170 | one->singleRequestExtensions, flags, 8))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
171 | goto err; never executed: goto err; | 0 |
172 | } never executed: end of block | 0 |
173 | if (!X509V3_extensions_print(bp, "Request Extensions",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
174 | inf->requestExtensions, flags, 4))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
175 | goto err; never executed: goto err; | 0 |
176 | if (sig) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
177 | if (X509_signature_print(bp, sig->signatureAlgorithm,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
178 | sig->signature) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
179 | goto err; never executed: goto err; | 0 |
180 | for (i = 0; i < sk_X509_num(sig->certs); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
181 | if (X509_print(bp, sk_X509_value(sig->certs, i)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
182 | goto err; never executed: goto err; | 0 |
183 | if (PEM_write_bio_X509(bp,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
184 | sk_X509_value(sig->certs, i)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
185 | goto err; never executed: goto err; | 0 |
186 | } never executed: end of block | 0 |
187 | } never executed: end of block | 0 |
188 | return 1; never executed: return 1; | 0 |
189 | | - |
190 | err: | - |
191 | return 0; never executed: return 0; | 0 |
192 | } | - |
193 | | - |
194 | int | - |
195 | OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | - |
196 | { | - |
197 | int i, ret = 0; | - |
198 | long l; | - |
199 | OCSP_CERTID *cid = NULL; | - |
200 | OCSP_BASICRESP *br = NULL; | - |
201 | OCSP_RESPID *rid = NULL; | - |
202 | OCSP_RESPDATA *rd = NULL; | - |
203 | OCSP_CERTSTATUS *cst = NULL; | - |
204 | OCSP_REVOKEDINFO *rev = NULL; | - |
205 | OCSP_SINGLERESP *single = NULL; | - |
206 | OCSP_RESPBYTES *rb = o->responseBytes; | - |
207 | | - |
208 | if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
209 | goto err; never executed: goto err; | 0 |
210 | l = ASN1_ENUMERATED_get(o->responseStatus); | - |
211 | if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
212 | OCSP_response_status_str(l), l) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
213 | goto err; never executed: goto err; | 0 |
214 | if (rb == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
215 | return 1; never executed: return 1; | 0 |
216 | if (BIO_puts(bp, " Response Type: ") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
217 | goto err; never executed: goto err; | 0 |
218 | if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
219 | goto err; never executed: goto err; | 0 |
220 | if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
221 | BIO_puts(bp, " (unknown response type)\n"); | - |
222 | return 1; never executed: return 1; | 0 |
223 | } | - |
224 | | - |
225 | i = ASN1_STRING_length(rb->response); | - |
226 | if (!(br = OCSP_response_get1_basic(o)))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
227 | goto err; never executed: goto err; | 0 |
228 | rd = br->tbsResponseData; | - |
229 | l = ASN1_INTEGER_get(rd->version); | - |
230 | if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
231 | goto err; never executed: goto err; | 0 |
232 | if (BIO_puts(bp, " Responder Id: ") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
233 | goto err; never executed: goto err; | 0 |
234 | | - |
235 | rid = rd->responderId; | - |
236 | switch (rid->type) { | - |
237 | case V_OCSP_RESPID_NAME: never executed: case 0: | 0 |
238 | X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); | - |
239 | break; never executed: break; | 0 |
240 | case V_OCSP_RESPID_KEY: never executed: case 1: | 0 |
241 | i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); | - |
242 | break; never executed: break; | 0 |
243 | } | - |
244 | | - |
245 | if (BIO_printf(bp, "\n Produced At: ")<=0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
246 | goto err; never executed: goto err; | 0 |
247 | if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
248 | goto err; never executed: goto err; | 0 |
249 | if (BIO_printf(bp, "\n Responses:\n") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
250 | goto err; never executed: goto err; | 0 |
251 | for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
252 | if (! sk_OCSP_SINGLERESP_value(rd->responses, i))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | continue; never executed: continue; | 0 |
254 | single = sk_OCSP_SINGLERESP_value(rd->responses, i); | - |
255 | cid = single->certId; | - |
256 | if (ocsp_certid_print(bp, cid, 4) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
257 | goto err; never executed: goto err; | 0 |
258 | cst = single->certStatus; | - |
259 | if (BIO_printf(bp, " Cert Status: %s",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
260 | OCSP_cert_status_str(cst->type)) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
261 | goto err; never executed: goto err; | 0 |
262 | if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
263 | rev = cst->value.revoked; | - |
264 | if (BIO_printf(bp, "\n Revocation Time: ") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
265 | goto err; never executed: goto err; | 0 |
266 | if (!ASN1_GENERALIZEDTIME_print(bp,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
267 | rev->revocationTime))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
268 | goto err; never executed: goto err; | 0 |
269 | if (rev->revocationReason) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
270 | l = ASN1_ENUMERATED_get(rev->revocationReason); | - |
271 | if (BIO_printf(bp,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
272 | "\n Revocation Reason: %s (0x%lx)",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
273 | OCSP_crl_reason_str(l), l) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
274 | goto err; never executed: goto err; | 0 |
275 | } never executed: end of block | 0 |
276 | } never executed: end of block | 0 |
277 | if (BIO_printf(bp, "\n This Update: ") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
278 | goto err; never executed: goto err; | 0 |
279 | if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
280 | goto err; never executed: goto err; | 0 |
281 | if (single->nextUpdate) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
282 | if (BIO_printf(bp, "\n Next Update: ") <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
283 | goto err; never executed: goto err; | 0 |
284 | if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
285 | goto err; never executed: goto err; | 0 |
286 | } never executed: end of block | 0 |
287 | if (BIO_write(bp, "\n", 1) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
288 | goto err; never executed: goto err; | 0 |
289 | if (!X509V3_extensions_print(bp, "Response Single Extensions",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
290 | single->singleExtensions, flags, 8))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
291 | goto err; never executed: goto err; | 0 |
292 | if (BIO_write(bp, "\n", 1) <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
293 | goto err; never executed: goto err; | 0 |
294 | } never executed: end of block | 0 |
295 | if (!X509V3_extensions_print(bp, "Response Extensions",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
296 | rd->responseExtensions, flags, 4))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
297 | goto err; never executed: goto err; | 0 |
298 | if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <=TRUE | never evaluated | FALSE | never evaluated |
| 0 |
299 | 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
300 | goto err; never executed: goto err; | 0 |
301 | | - |
302 | for (i = 0; i < sk_X509_num(br->certs); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
303 | X509_print(bp, sk_X509_value(br->certs, i)); | - |
304 | PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); | - |
305 | } never executed: end of block | 0 |
306 | | - |
307 | ret = 1; | - |
308 | | - |
309 | err: code before this statement never executed: err: | 0 |
310 | OCSP_BASICRESP_free(br); | - |
311 | return ret; never executed: return ret; | 0 |
312 | } | - |
| | |