199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
-
+
-
+
|
int len;
char buffer[1024];
if (listPtr == NULL) {
return NULL;
}
if (names = X509_get_ext_d2i(cert, nid, NULL, NULL)) {
if ((names = X509_get_ext_d2i(cert, nid, NULL, NULL)) != NULL) {
for (int i=0; i < sk_GENERAL_NAME_num(names); i++) {
const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, name), bio, buffer, 1024);
len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, (GENERAL_NAME *) name), bio, buffer, 1024);
LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len);
}
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
return listPtr;
}
|
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
-
+
-
+
-
+
-
+
-
+
-
+
|
STACK_OF(DIST_POINT) *crl;
Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
if (listPtr == NULL) {
return NULL;
}
if (crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) {
if ((crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) != NULL) {
for (int i=0; i < sk_DIST_POINT_num(crl); i++) {
DIST_POINT *dp = sk_DIST_POINT_value(crl, i);
DIST_POINT_NAME *distpoint = dp->distpoint;
if (distpoint->type == 0) {
/* full-name GENERALIZEDNAME */
for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
int type;
ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
if (type == GEN_URI) {
LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
}
}
} else if (distpoint->type == 1) {
/* relative-name X509NAME */
STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
}
}
}
CRL_DIST_POINTS_free(crl);
}
return listPtr;
}
/*
* Get On-line Certificate Status Protocol (OSCP) URL
*/
Tcl_Obj *Tls_x509Oscp(Tcl_Interp *interp, X509 *cert) {
STACK_OF(OPENSSL_STRING) *ocsp;
Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
if (listPtr == NULL) {
return NULL;
}
if (ocsp = X509_get1_ocsp(cert)) {
if ((ocsp = X509_get1_ocsp(cert)) != NULL) {
for (int i = 0; i < sk_OPENSSL_STRING_num(ocsp); i++) {
LAPPEND_STR(interp, listPtr, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1);
}
X509_email_free(ocsp);
}
return listPtr;
}
/*
* Get Certificate Authority (CA) Issuers URL
*/
Tcl_Obj *Tls_x509CaIssuers(Tcl_Interp *interp, X509 *cert) {
STACK_OF(ACCESS_DESCRIPTION) *ads;
ACCESS_DESCRIPTION *ad;
Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
unsigned char *buf;
int len;
if (ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) {
if ((ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) != NULL) {
for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) {
ad = sk_ACCESS_DESCRIPTION_value(ads, i);
if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) {
if (ad->location->type == GEN_URI) {
len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, (Tcl_Size) len));
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj((char *) buf, (Tcl_Size) len));
OPENSSL_free(buf);
break;
}
}
}
/* sk_ACCESS_DESCRIPTION_pop_free(ads, ACCESS_DESCRIPTION_free); */
AUTHORITY_INFO_ACCESS_free(ads);
|
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
|
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
|
-
+
|
const ASN1_BIT_STRING *sig;
int sig_nid;
X509_get0_signature(&sig, &sig_alg, cert);
/* sig_nid = X509_get_signature_nid(cert) */
sig_nid = OBJ_obj2nid(sig_alg->algorithm);
LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1);
len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, buffer, BUFSIZ) : 0;
len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, (unsigned char *) buffer, BUFSIZ) : 0;
LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len);
}
/* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */
LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1);
/* Unique number assigned by CA to certificate - RFC 5280 section 4.1.2.2 */
|
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
|
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
|
-
-
-
+
+
+
-
-
-
+
+
+
-
+
-
+
-
+
|
/* Subject identifies the entity associated with the public key stored in
the subject public key field. RFC 5280 section 4.1.2.6 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len);
/* SHA1 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha1(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) len);
if (X509_digest(cert, EVP_sha1(), md, &ulen)) {
len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen);
}
/* SHA256 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha256(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) len);
if (X509_digest(cert, EVP_sha256(), md, &ulen)) {
len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen);
}
/* Subject Public Key Info specifies the public key and identifies the
algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
ASN1_BIT_STRING *key;
unsigned int n;
LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1);
LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1);
LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */
key = X509_get0_pubkey_bitstr(cert);
len = String_to_Hex(key->data, key->length, buffer, BUFSIZ);
len = String_to_Hex(key->data, key->length, (unsigned char *) buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len);
len = 0;
if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) {
len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ);
}
LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len);
/* digest of the DER representation of the certificate */
len = 0;
if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) {
len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ);
}
LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len);
}
/* Certificate Purpose. Call before checking for extensions. */
LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
|
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
|
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
|
-
+
-
+
|
and/or issuer names over time. RFC 5280 section 4.1.2.8 */
{
const ASN1_BIT_STRING *iuid, *suid;
X509_get0_uids(cert, &iuid, &suid);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
if (iuid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, (Tcl_Size) iuid->length));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1));
if (suid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, (Tcl_Size) suid->length));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
}
/* X509 v3 Extensions - RFC 5280 section 4.1.2.9 */
LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
|
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
|
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
|
-
-
+
+
+
+
|
/* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */
/* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
friendlyName attribute (RFC 2985). */
{
len = 0;
char *string = X509_alias_get0(cert, &len);
LAPPEND_STR(interp, certPtr, "alias", string, (Tcl_Size) len);
unsigned char *string = X509_alias_get0(cert, &len);
LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len);
string = X509_keyid_get0(cert, &len);
LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len);
}
/* Certificate and dump all data */
{
char certStr[CERT_STR_SIZE];
/* Get certificate */
|