︙ | | |
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
-
+
|
*/
Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) {
Tcl_Obj *resultPtr = NULL;
int len = 0;
unsigned char buffer[1024];
if (astring != NULL) {
len = String_to_Hex((unsigned char *)ASN1_STRING_get0_data(astring),
len = String_to_Hex((unsigned char *) ASN1_STRING_get0_data(astring),
ASN1_STRING_length(astring), buffer, 1024);
}
resultPtr = Tcl_NewStringObj((char *) &buffer[0], (Tcl_Size) len);
return resultPtr;
}
/*
|
︙ | | |
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
|
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
|
-
+
-
+
|
/* Subject identifies the entity associated with the public key stored in
the subject public key field. RFC 5280 section 4.1.2.6 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len);
/* SHA1 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha1(), md, &ulen)) {
len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen);
}
/* SHA256 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha256(), md, &ulen)) {
len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen);
}
/* Subject Public Key Info specifies the public key and identifies the
algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
ASN1_BIT_STRING *key;
|
︙ | | |
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
|
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
|
-
+
-
+
|
LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
/* Get extensions flags */
xflags = X509_get_extension_flags(cert);
LAPPEND_INT(interp, certPtr, "extFlags", xflags);
/* Check if cert was issued by CA cert issuer or self signed */
/* Check if cert was issued by CA cert issuer or self signed */
LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI);
LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS);
LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY);
LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID);
LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert));
/* The Unique Ids are used to handle the possibility of reuse of subject
and/or issuer names over time. RFC 5280 section 4.1.2.8 */
{
const ASN1_BIT_STRING *iuid, *suid;
X509_get0_uids(cert, &iuid, &suid);
X509_get0_uids(cert, &iuid, &suid);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
if (iuid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
|
︙ | | |
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
|
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
|
-
+
|
LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert));
/* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
Tls_x509Identifier(X509_get0_authority_key_id(cert)));
/* Subject Key Identifier (SKI) is used to identify certificates that contain
a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */
LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier",
Tls_x509Identifier(X509_get0_subject_key_id(cert)));
/* Key usage extension defines the purpose (e.g., encipherment, signature, certificate
signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */
|
︙ | | |
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
|
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
|
-
+
|
/* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
friendlyName attribute (RFC 2985). */
{
len = 0;
unsigned char *string = X509_alias_get0(cert, &len);
LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len);
string = X509_keyid_get0(cert, &len);
string = X509_keyid_get0 (cert, &len);
LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len);
}
/* Certificate and dump all data */
{
char certStr[CERT_STR_SIZE];
|
︙ | | |