search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
corrected copyright notices
[gnutls.git] / lib / openpgp / output.c
blobcc253420bafef62ee04fe5578b2366cc410857cf
1 /*
2 * Copyright (C) 2007-2012 Free Software Foundation, Inc.
3 *
4 * Author: Simon Josefsson, Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* Functions for printing X.509 Certificate structures
24 */
25
26 #include <gnutls_int.h>
27 #include <gnutls/openpgp.h>
28 #include <gnutls_errors.h>
29 #include <extras/randomart.h>
30
31 #define addf _gnutls_buffer_append_printf
32 #define adds _gnutls_buffer_append_str
33
34 static void
35 print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
36 unsigned int idx)
37 {
38 unsigned int key_usage;
39 int err;
40
41 adds (str, _("\t\tKey Usage:\n"));
42
43
44 if (idx == (unsigned int) -1)
45 err = gnutls_openpgp_crt_get_key_usage (cert, &key_usage);
46 else
47 err = gnutls_openpgp_crt_get_subkey_usage (cert, idx, &key_usage);
48 if (err < 0)
49 {
50 addf (str, _("error: get_key_usage: %s\n"), gnutls_strerror (err));
51 return;
52 }
53
54 if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
55 adds (str, _("\t\t\tDigital signatures.\n"));
56 if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
57 adds (str, _("\t\t\tCommunications encipherment.\n"));
58 if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
59 adds (str, _("\t\t\tStorage data encipherment.\n"));
60 if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
61 adds (str, _("\t\t\tAuthentication.\n"));
62 if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
63 adds (str, _("\t\t\tCertificate signing.\n"));
64 }
65
66 /* idx == -1 indicates main key
67 * otherwise the subkey.
68 */
69 static void
70 print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
71 {
72 gnutls_openpgp_keyid_t id;
73 int err;
74
75 if (idx < 0)
76 err = gnutls_openpgp_crt_get_key_id (cert, id);
77 else
78 err = gnutls_openpgp_crt_get_subkey_id (cert, idx, id);
79
80 if (err < 0)
81 addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
82 else
83 {
84 adds (str, _("\tID (hex): "));
85 _gnutls_buffer_hexprint (str, id, sizeof (id));
86 addf (str, "\n");
87 }
88
89 }
90
91 /* idx == -1 indicates main key
92 * otherwise the subkey.
93 */
94 static void
95 print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
96 {
97 uint8_t fpr[128];
98 size_t fpr_size = sizeof (fpr);
99 int err;
100 const char* name;
101 char* p;
102 unsigned int bits;
103
104 err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
105 if (err < 0)
106 addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
107 else
108 {
109 adds (str, _("\tFingerprint (hex): "));
110 _gnutls_buffer_hexprint (str, fpr, fpr_size);
111 addf (str, "\n");
112 }
113
114 err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
115 if (err < 0)
116 return;
117
118 name = gnutls_pk_get_name(err);
119 if (name == NULL)
120 return;
121
122 p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits, "\t\t");
123 if (p == NULL)
124 return;
125
126 adds (str, _("\tFingerprint's random art:\n"));
127 adds (str, p);
128 adds (str, "\n");
129
130 gnutls_free(p);
131 }
132
133 static void
134 print_key_revoked (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
135 {
136 int err;
137
138 if (idx < 0)
139 err = gnutls_openpgp_crt_get_revoked_status (cert);
140 else
141 err = gnutls_openpgp_crt_get_subkey_revoked_status (cert, idx);
142
143 if (err != 0)
144 adds (str, _("\tRevoked: True\n"));
145 else
146 adds (str, _("\tRevoked: False\n"));
147 }
148
149 static void
150 print_key_times (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
151 {
152 time_t tim;
153
154 adds (str, _("\tTime stamps:\n"));
155
156 if (idx == -1)
157 tim = gnutls_openpgp_crt_get_creation_time (cert);
158 else
159 tim = gnutls_openpgp_crt_get_subkey_creation_time (cert, idx);
160
161 {
162 char s[42];
163 size_t max = sizeof (s);
164 struct tm t;
165
166 if (gmtime_r (&tim, &t) == NULL)
167 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
168 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
169 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
170 else
171 addf (str, _("\t\tCreation: %s\n"), s);
172 }
173
174 if (idx == -1)
175 tim = gnutls_openpgp_crt_get_expiration_time (cert);
176 else
177 tim = gnutls_openpgp_crt_get_subkey_expiration_time (cert, idx);
178 {
179 char s[42];
180 size_t max = sizeof (s);
181 struct tm t;
182
183 if (tim == 0)
184 {
185 adds (str, _("\t\tExpiration: Never\n"));
186 }
187 else
188 {
189 if (gmtime_r (&tim, &t) == NULL)
190 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
191 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
192 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
193 else
194 addf (str, _("\t\tExpiration: %s\n"), s);
195 }
196 }
197 }
198
199 static void
200 print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
201 {
202 int err;
203 unsigned int bits;
204
205 if (idx == -1)
206 err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
207 else
208 err = gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, &bits);
209
210 if (err < 0)
211 addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
212 else
213 {
214 const char *name = gnutls_pk_algorithm_get_name (err);
215 if (name == NULL)
216 name = _("unknown");
217
218 addf (str, _("\tPublic Key Algorithm: %s\n"), name);
219 addf (str, _("\tKey Security Level: %s\n"),
220 gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
221 (err, bits)));
222
223 switch (err)
224 {
225 case GNUTLS_PK_RSA:
226 {
227 gnutls_datum_t m, e;
228
229 if (idx == -1)
230 err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e);
231 else
232 err =
233 gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e);
234
235 if (err < 0)
236 addf (str, "error: get_pk_rsa_raw: %s\n",
237 gnutls_strerror (err));
238 else
239 {
240 addf (str, _("\t\tModulus (bits %d):\n"), bits);
241 _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
242 adds (str, _("\t\tExponent:\n"));
243 _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
244
245 gnutls_free (m.data);
246 gnutls_free (e.data);
247 }
248
249 }
250 break;
251
252 case GNUTLS_PK_DSA:
253 {
254 gnutls_datum_t p, q, g, y;
255
256 if (idx == -1)
257 err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
258 else
259 err =
260 gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q,
261 &g, &y);
262 if (err < 0)
263 addf (str, "error: get_pk_dsa_raw: %s\n",
264 gnutls_strerror (err));
265 else
266 {
267 addf (str, _("\t\tPublic key (bits %d):\n"), bits);
268 _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
269 adds (str, _("\t\tP:\n"));
270 _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
271 adds (str, _("\t\tQ:\n"));
272 _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
273 adds (str, _("\t\tG:\n"));
274 _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
275
276 gnutls_free (p.data);
277 gnutls_free (q.data);
278 gnutls_free (g.data);
279 gnutls_free (y.data);
280 }
281 }
282 break;
283
284 default:
285 break;
286 }
287 }
288 }
289
290 static void
291 print_cert (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
292 {
293 int i, subkeys;
294 int err;
295
296 print_key_revoked (str, cert, -1);
297
298 /* Version. */
299 {
300 int version = gnutls_openpgp_crt_get_version (cert);
301 if (version < 0)
302 addf (str, "error: get_version: %s\n", gnutls_strerror (version));
303 else
304 addf (str, _("\tVersion: %d\n"), version);
305 }
306
307 /* ID. */
308 print_key_id (str, cert, -1);
309
310 print_key_fingerprint (str, cert);
311
312 /* Names. */
313 i = 0;
314 do
315 {
316 char *dn;
317 size_t dn_size = 0;
318
319 err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
320 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
321 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
322 && err != GNUTLS_E_OPENPGP_UID_REVOKED)
323 addf (str, "error: get_name: %s\n", gnutls_strerror (err));
324 else
325 {
326 dn = gnutls_malloc (dn_size);
327 if (!dn)
328 addf (str, "error: malloc (%d): %s\n", (int) dn_size,
329 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
330 else
331 {
332 err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
333 if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
334 err != GNUTLS_E_OPENPGP_UID_REVOKED)
335 addf (str, "error: get_name: %s\n", gnutls_strerror (err));
336 else if (err >= 0)
337 addf (str, _("\tName[%d]: %s\n"), i, dn);
338 else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
339 addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn);
340
341 gnutls_free (dn);
342 }
343 }
344
345 i++;
346 }
347 while (err >= 0);
348
349 print_key_times (str, cert, -1);
350
351 print_key_info (str, cert, -1);
352 print_key_usage (str, cert, -1);
353
354 subkeys = gnutls_openpgp_crt_get_subkey_count (cert);
355 if (subkeys < 0)
356 return;
357
358 for (i = 0; i < subkeys; i++)
359 {
360 addf (str, _("\n\tSubkey[%d]:\n"), i);
361
362 print_key_revoked (str, cert, i);
363 print_key_id (str, cert, i);
364 print_key_times (str, cert, i);
365 print_key_info (str, cert, i);
366 print_key_usage (str, cert, i);
367 }
368
369 }
370
371 static void
372 print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
373 {
374 int err, i;
375
376 i = 0;
377 do
378 {
379 char *dn;
380 size_t dn_size = 0;
381
382 err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
383 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
384 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
385 && err != GNUTLS_E_OPENPGP_UID_REVOKED)
386 addf (str, "unknown name (%s), ", gnutls_strerror (err));
387 else
388 {
389 dn = gnutls_malloc (dn_size);
390 if (!dn)
391 addf (str, "unknown name (%s), ",
392 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
393 else
394 {
395 err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
396 if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
397 err != GNUTLS_E_OPENPGP_UID_REVOKED)
398 addf (str, "unknown name (%s), ", gnutls_strerror (err));
399 else if (err >= 0)
400 addf (str, _("name[%d]: %s, "), i, dn);
401 else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
402 addf (str, _("revoked name[%d]: %s, "), i, dn);
403
404 gnutls_free (dn);
405 }
406 }
407
408 i++;
409 }
410 while (err >= 0);
411
412 {
413 char fpr[128];
414 size_t fpr_size = sizeof (fpr);
415 int err;
416
417 err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
418 if (err < 0)
419 addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
420 else
421 {
422 adds (str, _("fingerprint: "));
423 _gnutls_buffer_hexprint (str, fpr, fpr_size);
424 addf (str, ", ");
425 }
426 }
427
428 {
429 time_t tim;
430
431 tim = gnutls_openpgp_crt_get_creation_time (cert);
432 {
433 char s[42];
434 size_t max = sizeof (s);
435 struct tm t;
436
437 if (gmtime_r (&tim, &t) == NULL)
438 addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
439 else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
440 addf (str, "error: strftime (%ld), ", (unsigned long) tim);
441 else
442 addf (str, _("created: %s, "), s);
443 }
444
445 tim = gnutls_openpgp_crt_get_expiration_time (cert);
446 {
447 char s[42];
448 size_t max = sizeof (s);
449 struct tm t;
450
451 if (tim == 0)
452 adds (str, _("never expires, "));
453 else
454 {
455 if (gmtime_r (&tim, &t) == NULL)
456 addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
457 else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
458 addf (str, "error: strftime (%ld), ", (unsigned long) tim);
459 else
460 addf (str, _("expires: %s, "), s);
461 }
462 }
463 }
464
465 {
466 unsigned int bits = 0;
467 gnutls_pk_algorithm_t algo =
468 gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
469 const char *algostr = gnutls_pk_algorithm_get_name (algo);
470
471 if (algostr)
472 addf (str, _("key algorithm %s (%d bits)"), algostr, bits);
473 else
474 addf (str, _("unknown key algorithm (%d)"), algo);
475 }
476 }
477
478 /**
479 * gnutls_openpgp_crt_print:
480 * @cert: The structure to be printed
481 * @format: Indicate the format to use
482 * @out: Newly allocated datum with (0) terminated string.
483 *
484 * This function will pretty print an OpenPGP certificate, suitable
485 * for display to a human.
486 *
487 * The format should be (0) for future compatibility.
488 *
489 * The output @out needs to be deallocate using gnutls_free().
490 *
491 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
492 **/
493 int
494 gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
495 gnutls_certificate_print_formats_t format,
496 gnutls_datum_t * out)
497 {
498 gnutls_buffer_st str;
499 int ret;
500
501 _gnutls_buffer_init (&str);
502
503 if (format == GNUTLS_CRT_PRINT_ONELINE)
504 print_oneline (&str, cert);
505 else if (format == GNUTLS_CRT_PRINT_COMPACT)
506 {
507 print_oneline (&str, cert);
508
509 _gnutls_buffer_append_data (&str, "\n", 1);
510 print_key_fingerprint (&str, cert);
511 }
512 else
513 {
514 _gnutls_buffer_append_str (&str,
515 _("OpenPGP Certificate Information:\n"));
516 print_cert (&str, cert);
517 }
518
519 _gnutls_buffer_append_data (&str, "\0", 1);
520
521 ret = _gnutls_buffer_to_datum( &str, out);
522 if (out->size > 0) out->size--;
523
524 return ret;
525 }
Implementation of the SSL/TLS protocol