doc/examples/ex-x509-info.c

   1 /* This example code is placed in the public domain. */
   2
   3 #ifdef HAVE_CONFIG_H
   4 #include <config.h>
   5 #endif
   6
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <gnutls/gnutls.h>
  10 #include <gnutls/x509.h>
  11
  12 #include "examples.h"
  13
  14 static const char *bin2hex(const void *bin, size_t bin_size)
  15 {
  16         static char printable[110];
  17         const unsigned char *_bin = bin;
  18         char *print;
  19         size_t i;
  20
  21         if (bin_size > 50)
  22                 bin_size = 50;
  23
  24         print = printable;
  25         for (i = 0; i < bin_size; i++) {
  26                 sprintf(print, "%.2x ", _bin[i]);
  27                 print += 2;
  28         }
  29
  30         return printable;
  31 }
  32
  33 /* This function will print information about this session's peer
  34  * certificate.
  35  */
  36 void print_x509_certificate_info(gnutls_session_t session)
  37 {
  38         char serial[40];
  39         char dn[256];
  40         size_t size;
  41         unsigned int algo, bits;
  42         time_t expiration_time, activation_time;
  43         const gnutls_datum_t *cert_list;
  44         unsigned int cert_list_size = 0;
  45         gnutls_x509_crt_t cert;
  46         gnutls_datum_t cinfo;
  47
  48         /* This function only works for X.509 certificates.
  49          */
  50         if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
  51                 return;
  52
  53         cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
  54
  55         printf("Peer provided %d certificates.\n", cert_list_size);
  56
  57         if (cert_list_size > 0) {
  58                 int ret;
  59
  60                 /* we only print information about the first certificate.
  61                  */
  62                 gnutls_x509_crt_init(&cert);
  63
  64                 gnutls_x509_crt_import(cert, &cert_list[0],
  65                                        GNUTLS_X509_FMT_DER);
  66
  67                 printf("Certificate info:\n");
  68
  69                 /* This is the preferred way of printing short information about
  70                    a certificate. */
  71
  72                 ret =
  73                     gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE,
  74                                           &cinfo);
  75                 if (ret == 0) {
  76                         printf("\t%s\n", cinfo.data);
  77                         gnutls_free(cinfo.data);
  78                 }
  79
  80                 /* If you want to extract fields manually for some other reason,
  81                    below are popular example calls. */
  82
  83                 expiration_time =
  84                     gnutls_x509_crt_get_expiration_time(cert);
  85                 activation_time =
  86                     gnutls_x509_crt_get_activation_time(cert);
  87
  88                 printf("\tCertificate is valid since: %s",
  89                        ctime(&activation_time));
  90                 printf("\tCertificate expires: %s",
  91                        ctime(&expiration_time));
  92
  93                 /* Print the serial number of the certificate.
  94                  */
  95                 size = sizeof(serial);
  96                 gnutls_x509_crt_get_serial(cert, serial, &size);
  97
  98                 printf("\tCertificate serial number: %s\n",
  99                        bin2hex(serial, size));
 100
 101                 /* Extract some of the public key algorithm's parameters
 102                  */
 103                 algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
 104
 105                 printf("Certificate public key: %s",
 106                        gnutls_pk_algorithm_get_name(algo));
 107
 108                 /* Print the version of the X.509
 109                  * certificate.
 110                  */
 111                 printf("\tCertificate version: #%d\n",
 112                        gnutls_x509_crt_get_version(cert));
 113
 114                 size = sizeof(dn);
 115                 gnutls_x509_crt_get_dn(cert, dn, &size);
 116                 printf("\tDN: %s\n", dn);
 117
 118                 size = sizeof(dn);
 119                 gnutls_x509_crt_get_issuer_dn(cert, dn, &size);
 120                 printf("\tIssuer's DN: %s\n", dn);
 121
 122                 gnutls_x509_crt_deinit(cert);
 123
 124         }
 125 }