1 /* $OpenBSD: ocsp_prn.c,v 1.11 2024/08/28 06:18:44 tb Exp $ */
2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3 * project. */
4
5 /* History:
6 This file was originally part of ocsp.c and was transfered to Richard
7 Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
8 in OpenSSL or released as a patch kit. */
9
10 /* ====================================================================
11 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in
22 * the documentation and/or other materials provided with the
23 * distribution.
24 *
25 * 3. All advertising materials mentioning features or use of this
26 * software must display the following acknowledgment:
27 * "This product includes software developed by the OpenSSL Project
28 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
29 *
30 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
31 * endorse or promote products derived from this software without
32 * prior written permission. For written permission, please contact
33 * openssl-core@openssl.org.
34 *
35 * 5. Products derived from this software may not be called "OpenSSL"
36 * nor may "OpenSSL" appear in their names without prior written
37 * permission of the OpenSSL Project.
38 *
39 * 6. Redistributions of any form whatsoever must retain the following
40 * acknowledgment:
41 * "This product includes software developed by the OpenSSL Project
42 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
43 *
44 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
45 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
48 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55 * OF THE POSSIBILITY OF SUCH DAMAGE.
56 * ====================================================================
57 *
58 * This product includes cryptographic software written by Eric Young
59 * (eay@cryptsoft.com). This product includes software written by Tim
60 * Hudson (tjh@cryptsoft.com).
61 *
62 */
63
64 #include <openssl/bio.h>
65 #include <openssl/err.h>
66 #include <openssl/ocsp.h>
67 #include <openssl/pem.h>
68 #include <openssl/x509.h>
69
70 #include "ocsp_local.h"
71
72 static int
ocsp_certid_print(BIO * bp,OCSP_CERTID * a,int indent)73 ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
74 {
75 const ASN1_OBJECT *aobj;
76
77 BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
78 indent += 2;
79 BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
80 X509_ALGOR_get0(&aobj, NULL, NULL, a->hashAlgorithm);
81 i2a_ASN1_OBJECT(bp, aobj);
82 BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
83 i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
84 BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
85 i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
86 BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
87 i2a_ASN1_INTEGER(bp, a->serialNumber);
88 BIO_printf(bp, "\n");
89 return 1;
90 }
91
92 typedef struct {
93 long t;
94 const char *m;
95 } OCSP_TBLSTR;
96
97 static const char *
table2string(long s,const OCSP_TBLSTR * ts,int len)98 table2string(long s, const OCSP_TBLSTR *ts, int len)
99 {
100 const OCSP_TBLSTR *p;
101
102 for (p = ts; p < ts + len; p++)
103 if (p->t == s)
104 return p->m;
105 return "(UNKNOWN)";
106 }
107
108 const char *
OCSP_response_status_str(long s)109 OCSP_response_status_str(long s)
110 {
111 static const OCSP_TBLSTR rstat_tbl[] = {
112 { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
113 { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
114 { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
115 { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
116 { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
117 { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" }
118 };
119 return table2string(s, rstat_tbl, 6);
120 }
121 LCRYPTO_ALIAS(OCSP_response_status_str);
122
123 const char *
OCSP_cert_status_str(long s)124 OCSP_cert_status_str(long s)
125 {
126 static const OCSP_TBLSTR cstat_tbl[] = {
127 { V_OCSP_CERTSTATUS_GOOD, "good" },
128 { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
129 { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" }
130 };
131 return table2string(s, cstat_tbl, 3);
132 }
133 LCRYPTO_ALIAS(OCSP_cert_status_str);
134
135 const char *
OCSP_crl_reason_str(long s)136 OCSP_crl_reason_str(long s)
137 {
138 static const OCSP_TBLSTR reason_tbl[] = {
139 { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
140 { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
141 { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
142 { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
143 { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
144 { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
145 { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
146 { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" }
147 };
148 return table2string(s, reason_tbl, 8);
149 }
150 LCRYPTO_ALIAS(OCSP_crl_reason_str);
151
152 int
OCSP_REQUEST_print(BIO * bp,OCSP_REQUEST * o,unsigned long flags)153 OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
154 {
155 int i;
156 long l;
157 OCSP_CERTID* cid = NULL;
158 OCSP_ONEREQ *one = NULL;
159 OCSP_REQINFO *inf = o->tbsRequest;
160 OCSP_SIGNATURE *sig = o->optionalSignature;
161
162 if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
163 goto err;
164 l = ASN1_INTEGER_get(inf->version);
165 if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0)
166 goto err;
167 if (inf->requestorName != NULL) {
168 if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)
169 goto err;
170 GENERAL_NAME_print(bp, inf->requestorName);
171 }
172 if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)
173 goto err;
174 for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
175 one = sk_OCSP_ONEREQ_value(inf->requestList, i);
176 cid = one->reqCert;
177 ocsp_certid_print(bp, cid, 8);
178 if (!X509V3_extensions_print(bp, "Request Single Extensions",
179 one->singleRequestExtensions, flags, 8))
180 goto err;
181 }
182 if (!X509V3_extensions_print(bp, "Request Extensions",
183 inf->requestExtensions, flags, 4))
184 goto err;
185 if (sig) {
186 if (X509_signature_print(bp, sig->signatureAlgorithm,
187 sig->signature) == 0)
188 goto err;
189 for (i = 0; i < sk_X509_num(sig->certs); i++) {
190 if (X509_print(bp, sk_X509_value(sig->certs, i)) == 0)
191 goto err;
192 if (PEM_write_bio_X509(bp,
193 sk_X509_value(sig->certs, i)) == 0)
194 goto err;
195 }
196 }
197 return 1;
198
199 err:
200 return 0;
201 }
202 LCRYPTO_ALIAS(OCSP_REQUEST_print);
203
204 int
OCSP_RESPONSE_print(BIO * bp,OCSP_RESPONSE * o,unsigned long flags)205 OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
206 {
207 int i, ret = 0;
208 long l;
209 OCSP_CERTID *cid = NULL;
210 OCSP_BASICRESP *br = NULL;
211 OCSP_RESPID *rid = NULL;
212 OCSP_RESPDATA *rd = NULL;
213 OCSP_CERTSTATUS *cst = NULL;
214 OCSP_REVOKEDINFO *rev = NULL;
215 OCSP_SINGLERESP *single = NULL;
216 OCSP_RESPBYTES *rb = o->responseBytes;
217
218 if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
219 goto err;
220 l = ASN1_ENUMERATED_get(o->responseStatus);
221 if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",
222 OCSP_response_status_str(l), l) <= 0)
223 goto err;
224 if (rb == NULL)
225 return 1;
226 if (BIO_puts(bp, " Response Type: ") <= 0)
227 goto err;
228 if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
229 goto err;
230 if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
231 BIO_puts(bp, " (unknown response type)\n");
232 return 1;
233 }
234
235 i = ASN1_STRING_length(rb->response);
236 if (!(br = OCSP_response_get1_basic(o)))
237 goto err;
238 rd = br->tbsResponseData;
239 l = ASN1_INTEGER_get(rd->version);
240 if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0)
241 goto err;
242 if (BIO_puts(bp, " Responder Id: ") <= 0)
243 goto err;
244
245 rid = rd->responderId;
246 switch (rid->type) {
247 case V_OCSP_RESPID_NAME:
248 X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
249 break;
250 case V_OCSP_RESPID_KEY:
251 i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
252 break;
253 }
254
255 if (BIO_printf(bp, "\n Produced At: ")<=0)
256 goto err;
257 if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
258 goto err;
259 if (BIO_printf(bp, "\n Responses:\n") <= 0)
260 goto err;
261 for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
262 if (! sk_OCSP_SINGLERESP_value(rd->responses, i))
263 continue;
264 single = sk_OCSP_SINGLERESP_value(rd->responses, i);
265 cid = single->certId;
266 if (ocsp_certid_print(bp, cid, 4) <= 0)
267 goto err;
268 cst = single->certStatus;
269 if (BIO_printf(bp, " Cert Status: %s",
270 OCSP_cert_status_str(cst->type)) <= 0)
271 goto err;
272 if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
273 rev = cst->value.revoked;
274 if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
275 goto err;
276 if (!ASN1_GENERALIZEDTIME_print(bp,
277 rev->revocationTime))
278 goto err;
279 if (rev->revocationReason) {
280 l = ASN1_ENUMERATED_get(rev->revocationReason);
281 if (BIO_printf(bp,
282 "\n Revocation Reason: %s (0x%lx)",
283 OCSP_crl_reason_str(l), l) <= 0)
284 goto err;
285 }
286 }
287 if (BIO_printf(bp, "\n This Update: ") <= 0)
288 goto err;
289 if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
290 goto err;
291 if (single->nextUpdate) {
292 if (BIO_printf(bp, "\n Next Update: ") <= 0)
293 goto err;
294 if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
295 goto err;
296 }
297 if (BIO_write(bp, "\n", 1) <= 0)
298 goto err;
299 if (!X509V3_extensions_print(bp, "Response Single Extensions",
300 single->singleExtensions, flags, 8))
301 goto err;
302 if (BIO_write(bp, "\n", 1) <= 0)
303 goto err;
304 }
305 if (!X509V3_extensions_print(bp, "Response Extensions",
306 rd->responseExtensions, flags, 4))
307 goto err;
308 if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <=
309 0)
310 goto err;
311
312 for (i = 0; i < sk_X509_num(br->certs); i++) {
313 X509_print(bp, sk_X509_value(br->certs, i));
314 PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
315 }
316
317 ret = 1;
318
319 err:
320 OCSP_BASICRESP_free(br);
321 return ret;
322 }
323 LCRYPTO_ALIAS(OCSP_RESPONSE_print);
324