1 /* cert-basic.c - basic test for the certificate management.
2 * Copyright (C) 2001, 2002, 2004, 2005 g10 Code GmbH
4 * This file is part of KSBA.
6 * KSBA is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * KSBA is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "../src/ksba.h"
27 #define _KSBA_VISIBILITY_DEFAULT /* */
28 #include "../src/keyinfo.h"
30 #include "oidtranstbl.h"
34 #define getenv(a) (NULL)
37 #define digitp(p) (*(p) >= '0' && *(p) <= '9')
39 #define fail_if_err(a) do { if(a) { \
40 fprintf (stderr, "%s:%d: KSBA error: %s\n", \
41 __FILE__, __LINE__, gpg_strerror(a)); \
46 #define fail_if_err2(f, a) do { if(a) {\
47 fprintf (stderr, "%s:%d: KSBA error on file `%s': %s\n", \
48 __FILE__, __LINE__, (f), gpg_strerror(a)); \
52 #define xfree(a) ksba_free (a)
55 static int errorcount = 0;
59 print_names (int indent, ksba_name_t name)
65 if ((indent_all = (indent < 0)))
70 fputs ("none\n", stdout);
74 for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
76 char *p = ksba_name_get_uri (name, idx);
77 printf ("%*s%s\n", idx||indent_all?indent:0, "", p?p:s);
83 /* Return the description for OID; if no description is available
86 get_oid_desc (const char *oid)
91 for (i=0; oidtranstbl[i].oid; i++)
92 if (!strcmp (oidtranstbl[i].oid, oid))
93 return oidtranstbl[i].desc;
99 print_oid_and_desc (const char *oid, int with_lf)
101 const char *s = get_oid_desc (oid);
103 oid, s?" (":"", s?s:"", s?")":"");
110 print_oid_list (int indent, char *list)
116 if ((indent_all = (indent < 0)))
121 printf ("%*s", indent_all?indent:0, "");
124 if (!(lf = strchr (list, '\n')))
125 lf = list + strlen (list);
127 n = strspn (list, "0123456789.");
130 print_oid_and_desc (list, 0);
135 printf (" %s\n", list+n);
137 list = *lf? (lf+1):lf;
145 list_extensions (ksba_cert_t cert)
149 int idx, crit, is_ca, pathlen;
151 unsigned int usage, reason;
153 ksba_name_t name1, name2;
157 for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
158 &oid, &crit, &off, &len));idx++)
160 const char *s = get_oid_desc (oid);
161 printf ("Extn: %s%s%s%s at %d with length %d %s\n",
162 oid, s?" (":"", s?s:"", s?")":"",
163 (int)off, (int)len, crit? "(critical)":"");
165 if (err && gpg_err_code (err) != GPG_ERR_EOF )
168 "%s:%d: enumerating extensions failed: %s\n",
169 __FILE__, __LINE__, gpg_strerror (err));
173 /* subjectKeyIdentifier */
174 err = ksba_cert_get_subj_key_id (cert, NULL, &keyid);
175 if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
177 fputs ("SubjectKeyIdentifier: ", stdout);
178 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
179 fputs ("none", stdout);
189 /* authorityKeyIdentifier */
190 err = ksba_cert_get_auth_key_id (cert, &keyid, &name1, &serial);
191 if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
193 fputs ("AuthorityKeyIdentifier: ", stdout);
194 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
195 fputs ("none\n", stdout);
200 print_names (24, name1);
201 ksba_name_release (name1);
202 fputs (" serial: ", stdout);
209 fputs (" keyIdentifier: ", stdout);
218 fprintf (stderr, "%s:%d: ksba_cert_get_auth_key_id: %s\n",
219 __FILE__, __LINE__, gpg_strerror (err));
223 err = ksba_cert_is_ca (cert, &is_ca, &pathlen);
226 fprintf (stderr, "%s:%d: ksba_cert_is_ca failed: %s\n",
227 __FILE__, __LINE__, gpg_strerror (err));
231 printf ("This is a CA certificate with a path length of %d\n", pathlen);
233 err = ksba_cert_get_key_usage (cert, &usage);
234 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
235 printf ("KeyUsage: Not specified\n");
238 fprintf (stderr, "%s:%d: ksba_cert_get_key_usage failed: %s\n",
239 __FILE__, __LINE__, gpg_strerror (err));
244 fputs ("KeyUsage:", stdout);
245 if ( (usage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
246 fputs (" digitalSignature", stdout);
247 if ( (usage & KSBA_KEYUSAGE_NON_REPUDIATION))
248 fputs (" nonRepudiation", stdout);
249 if ( (usage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
250 fputs (" keyEncipherment", stdout);
251 if ( (usage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
252 fputs (" dataEncripherment", stdout);
253 if ( (usage & KSBA_KEYUSAGE_KEY_AGREEMENT))
254 fputs (" keyAgreement", stdout);
255 if ( (usage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
256 fputs (" certSign", stdout);
257 if ( (usage & KSBA_KEYUSAGE_CRL_SIGN))
258 fputs (" crlSign", stdout);
259 if ( (usage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
260 fputs (" encipherOnly", stdout);
261 if ( (usage & KSBA_KEYUSAGE_DECIPHER_ONLY))
262 fputs (" decipherOnly", stdout);
265 err = ksba_cert_get_ext_key_usages (cert, &string);
266 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
267 printf ("ExtKeyUsages: none\n");
270 fprintf (stderr, "%s:%d: ksba_cert_ext_key_usages failed: %s\n",
271 __FILE__, __LINE__, gpg_strerror (err));
276 fputs ("ExtKeyUsages: ", stdout);
277 print_oid_list (14, string);
282 err = ksba_cert_get_cert_policies (cert, &string);
283 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
284 printf ("CertificatePolicies: none\n");
287 fprintf (stderr, "%s:%d: ksba_cert_get_cert_policies failed: %s\n",
288 __FILE__, __LINE__, gpg_strerror (err));
293 /* for display purposes we replace the linefeeds by commas */
294 for (p=string; *p; p++)
299 fputs ("CertificatePolicies: ", stdout);
300 print_oid_list (21, string);
304 /* CRL distribution point */
305 for (idx=0; !(err=ksba_cert_get_crl_dist_point (cert, idx,
309 fputs ("CRLDistPoint: ", stdout);
310 print_names (14, name1);
311 fputs (" reasons:", stdout);
313 fputs (" none", stdout);
314 if ( (reason & KSBA_CRLREASON_UNSPECIFIED))
315 fputs (" unused", stdout);
316 if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))
317 fputs (" keyCompromise", stdout);
318 if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))
319 fputs (" caCompromise", stdout);
320 if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))
321 fputs (" affiliationChanged", stdout);
322 if ( (reason & KSBA_CRLREASON_SUPERSEDED))
323 fputs (" superseded", stdout);
324 if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))
325 fputs (" cessationOfOperation", stdout);
326 if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))
327 fputs (" certificateHold", stdout);
329 fputs (" issuer: ", stdout);
330 print_names (14, name2);
331 ksba_name_release (name1);
332 ksba_name_release (name2);
334 if (err && gpg_err_code (err) != GPG_ERR_EOF)
336 fprintf (stderr, "%s:%d: ksba_cert_get_crl_dist_point failed: %s\n",
337 __FILE__, __LINE__, gpg_strerror (err));
341 /* authorityInfoAccess. */
342 for (idx=0; !(err=ksba_cert_get_authority_info_access (cert, idx,
346 fputs ("authorityInfoAccess: ", stdout);
347 print_oid_and_desc (string, 1);
348 print_names (-21, name1);
349 ksba_name_release (name1);
352 if (err && gpg_err_code (err) != GPG_ERR_EOF)
354 fprintf (stderr, "%s:%d: "
355 "ksba_cert_get_authority_info_access failed: %s\n",
356 __FILE__, __LINE__, gpg_strerror (err));
360 /* subjectInfoAccess. */
361 for (idx=0; !(err=ksba_cert_get_subject_info_access (cert, idx,
365 fputs ("subjectInfoAccess: ", stdout);
366 print_oid_and_desc (string, 1);
367 print_names (-19, name1);
368 ksba_name_release (name1);
371 if (err && gpg_err_code (err) != GPG_ERR_EOF)
373 fprintf (stderr, "%s:%d: "
374 "ksba_cert_get_subject_info_access failed: %s\n",
375 __FILE__, __LINE__, gpg_strerror (err));
383 one_file (const char *fname)
395 fp = fopen (fname, "rb");
398 fprintf (stderr, "%s:%d: can't open `%s': %s\n",
399 __FILE__, __LINE__, fname, strerror (errno));
403 err = ksba_reader_new (&r);
406 err = ksba_reader_set_file (r, fp);
409 err = ksba_cert_new (&cert);
413 err = ksba_cert_read_der (cert, r);
414 fail_if_err2 (fname, err);
416 printf ("Certificate in `%s':\n", fname);
418 sexp = ksba_cert_get_serial (cert);
419 fputs (" serial....: ", stdout);
424 for (idx=0;(dn = ksba_cert_get_issuer (cert, idx));idx++)
426 fputs (idx?" aka: ":" issuer....: ", stdout);
432 for (idx=0;(dn = ksba_cert_get_subject (cert, idx));idx++)
434 fputs (idx?" aka: ":" subject...: ", stdout);
440 ksba_cert_get_validity (cert, 0, t);
441 fputs (" notBefore.: ", stdout);
444 ksba_cert_get_validity (cert, 1, t);
445 fputs (" notAfter..: ", stdout);
449 oid = ksba_cert_get_digest_algo (cert);
450 s = get_oid_desc (oid);
451 printf (" hash algo.: %s%s%s%s\n",
452 oid?oid:"(null)", s?" (":"",s?s:"",s?")":"");
454 /* Under Windows the _ksba_keyinfo_from_sexp are not exported. */
456 /* check that the sexp to keyinfo conversion works */
460 public = ksba_cert_get_public_key (cert);
463 fprintf (stderr, "%s:%d: public key not found\n",
474 fputs (" pubkey....: ", stdout);
479 err = _ksba_keyinfo_from_sexp (public, &der, &derlen);
482 fprintf (stderr, "%s:%d: converting public key failed: %s\n",
483 __FILE__, __LINE__, gpg_strerror (err));
492 fputs (" pubkey-DER: ", stdout);
493 print_hex (der, derlen);
496 err = _ksba_keyinfo_to_sexp (der, derlen, &tmp);
500 "%s:%d: re-converting public key failed: %s\n",
501 __FILE__, __LINE__, gpg_strerror (err));
509 err = _ksba_keyinfo_from_sexp (tmp, &der2, &derlen2);
512 fprintf (stderr, "%s:%d: re-re-converting "
513 "public key failed: %s\n",
514 __FILE__, __LINE__, gpg_strerror (err));
517 else if (derlen != derlen2 || memcmp (der, der2, derlen))
519 fprintf (stderr, "%s:%d: mismatch after "
520 "re-re-converting public key\n",
525 /* Don't leak memory if everything is ok. */
539 sexp = ksba_cert_get_sig_val (cert);
540 fputs (" sigval....: ", stdout);
546 list_extensions (cert);
548 ksba_cert_release (cert);
549 err = ksba_cert_new (&cert);
553 err = ksba_cert_read_der (cert, r);
554 if (err && gpg_err_code (err) != GPG_ERR_EOF)
556 fprintf (stderr, "%s:%d: expected EOF but got: %s\n",
557 __FILE__, __LINE__, gpg_strerror (err));
562 ksba_cert_release (cert);
563 ksba_reader_release (r);
571 main (int argc, char **argv)
573 const char *srcdir = getenv ("srcdir");
583 if (argc && !strcmp (*argv, "--verbose"))
592 for (; argc; argc--, argv++)
597 const char *files[] = {
598 "cert_dfn_pca01.der",
599 "cert_dfn_pca15.der",
600 "cert_g10code_test1.der",
605 for (idx=0; files[idx]; idx++)
609 fname = xmalloc (strlen (srcdir) + 1 + strlen (files[idx]) + 1);
610 strcpy (fname, srcdir);
612 strcat (fname, files[idx]);