111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
int n;
unsigned long flags;
char subject[BUFSIZ];
char issuer[BUFSIZ];
char serial[BUFSIZ];
char notBefore[BUFSIZ];
char notAfter[BUFSIZ];
char publicKey[BUFSIZ];
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
int nid, pknid, bits, num_of_exts, len;
|
|
|
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
int n;
unsigned long flags;
char subject[BUFSIZ];
char issuer[BUFSIZ];
char serial[BUFSIZ];
char notBefore[BUFSIZ];
char notAfter[BUFSIZ];
char buffer[BUFSIZ];
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
int nid, pknid, bits, num_of_exts, len;
|
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags));
/* Public key - X509_get0_pubkey */
key = X509_get0_pubkey_bitstr(cert);
len = String_to_Hex(key->data, key->length, publicKey, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
/* Check if cert was issued by CA cert issuer or self signed */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
}
/* Unique Ids */
|
|
|
|
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags));
/* Public key - X509_get0_pubkey */
key = X509_get0_pubkey_bitstr(cert);
len = String_to_Hex(key->data, key->length, buffer, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(buffer, len));
/* Check if cert was issued by CA cert issuer or self signed */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
}
/* Unique Ids */
|
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
|
if (suid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, suid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
}
/* Alias */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("alias", -1));
len = 0;
bstring = X509_alias_get0(cert, &len);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len));
/* Subject Key Identifier is a hash of the encoded public key. Required for
CA certs. CAs use SKI for Issuer Key Identifier (AKI) extension on issued certificates. */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectKeyIdentifier", -1));
len = 0;
bstring = X509_keyid_get0(cert, &len);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len));
/* SHA1 Fingerprint of cert - DER representation */
X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len);
len = String_to_Hex(sha1_hash_binary, len, sha1_hash_ascii, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, len));
/* SHA256 Fingerprint of cert - DER representation */
|
<
<
<
<
<
<
<
<
<
<
<
<
<
|
243
244
245
246
247
248
249
250
251
252
253
254
255
256
|
if (suid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, suid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
}
/* SHA1 Fingerprint of cert - DER representation */
X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len);
len = String_to_Hex(sha1_hash_binary, len, sha1_hash_ascii, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, len));
/* SHA256 Fingerprint of cert - DER representation */
|
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
}
}
sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1));
Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
}
/* Signature algorithm and value */
{
const X509_ALGOR *sig_alg;
const ASN1_BIT_STRING *sig;
int sig_nid;
X509_get0_signature(&sig, &sig_alg, cert);
/* sig_nid = X509_get_signature_nid(cert) */
sig_nid = OBJ_obj2nid(sig_alg->algorithm);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureAlgorithm", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(sig_nid),-1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureValue", -1));
if (sig_nid != NID_undef) {
len = String_to_Hex(sig->data, sig->length, publicKey, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
}
return certPtr;
}
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
|
}
}
sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1));
Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
}
/* Certificate Alias */
len = 0;
bstring = X509_alias_get0(cert, &len);
len = String_to_Hex(bstring, len, buffer, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("alias", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(buffer, len));
/* Get Subject Key id, Authority Key id */
{
ASN1_OCTET_STRING *astring;
/* X509_keyid_get0 */
astring = X509_get0_subject_key_id(cert);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectKeyIdentifier", -1));
if (astring != NULL) {
len = String_to_Hex((char *)ASN1_STRING_get0_data(astring), ASN1_STRING_length(astring), buffer, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(buffer, len));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
astring = X509_get0_authority_key_id(cert);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("authorityKeyIdentifier", -1));
if (astring != NULL) {
len = String_to_Hex((char *)ASN1_STRING_get0_data(astring), ASN1_STRING_length(astring), buffer, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(buffer, len));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
/* const GENERAL_NAMES *X509_get0_authority_issuer(cert);
const ASN1_INTEGER *X509_get0_authority_serial(cert); */
}
/* Get OSCP URL */
{
STACK_OF(OPENSSL_STRING) *str_stack = X509_get1_ocsp(cert);
Tcl_Obj *urlsPtr = Tcl_NewListObj(0, NULL);
for (int i = 0; i < sk_OPENSSL_STRING_num(str_stack); i++) {
Tcl_ListObjAppendElement(interp, urlsPtr,
Tcl_NewStringObj(sk_OPENSSL_STRING_value(str_stack, i), -1));
}
X509_email_free(str_stack);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("ocsp", -1));
Tcl_ListObjAppendElement(interp, certPtr, urlsPtr);
}
/* Signature algorithm and value */
{
const X509_ALGOR *sig_alg;
const ASN1_BIT_STRING *sig;
int sig_nid;
X509_get0_signature(&sig, &sig_alg, cert);
/* sig_nid = X509_get_signature_nid(cert) */
sig_nid = OBJ_obj2nid(sig_alg->algorithm);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureAlgorithm", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(sig_nid),-1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureValue", -1));
if (sig_nid != NID_undef) {
len = String_to_Hex(sig->data, sig->length, buffer, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(buffer, len));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
}
return certPtr;
}
|