1 /*
2 * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/buffer.h>
13 #include <openssl/bn.h>
14 #include <openssl/objects.h>
15 #include <openssl/x509_acert.h>
16
print_attribute(BIO * bp,X509_ATTRIBUTE * a)17 static int print_attribute(BIO *bp, X509_ATTRIBUTE *a)
18 {
19 ASN1_OBJECT *aobj;
20 int i, j, count;
21 int ret = 0;
22
23 aobj = X509_ATTRIBUTE_get0_object(a);
24 if (BIO_printf(bp, "%12s", "") <= 0)
25 goto err;
26
27 if ((j = i2a_ASN1_OBJECT(bp, aobj)) <= 0)
28 goto err;
29
30 count = X509_ATTRIBUTE_count(a);
31 if (count == 0) {
32 ERR_raise(ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES);
33 goto err;
34 }
35
36 if (j < 25 && (BIO_printf(bp, "%*s", 25 - j, " ") <= 0))
37 goto err;
38
39 if (BIO_puts(bp, ":") <= 0)
40 goto err;
41
42 for (i = 0; i < count; i++) {
43 ASN1_TYPE *at;
44 int type;
45 ASN1_BIT_STRING *bs;
46
47 at = X509_ATTRIBUTE_get0_type(a, i);
48 type = at->type;
49
50 switch (type) {
51 case V_ASN1_PRINTABLESTRING:
52 case V_ASN1_T61STRING:
53 case V_ASN1_NUMERICSTRING:
54 case V_ASN1_UTF8STRING:
55 case V_ASN1_IA5STRING:
56 bs = at->value.asn1_string;
57 if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length)
58 goto err;
59 if (BIO_puts(bp, "\n") <= 0)
60 goto err;
61 break;
62 case V_ASN1_SEQUENCE:
63 if (BIO_puts(bp, "\n") <= 0)
64 goto err;
65 if (ASN1_parse_dump(bp, at->value.sequence->data,
66 at->value.sequence->length, i, 1)
67 <= 0)
68 goto err;
69 break;
70 default:
71 if (BIO_printf(bp, "unable to print attribute of type 0x%X\n",
72 type)
73 < 0)
74 goto err;
75 break;
76 }
77 }
78 ret = 1;
79 err:
80 return ret;
81 }
82
X509_ACERT_print_ex(BIO * bp,X509_ACERT * x,unsigned long nmflags,unsigned long cflag)83 int X509_ACERT_print_ex(BIO *bp, X509_ACERT *x, unsigned long nmflags,
84 unsigned long cflag)
85 {
86 int i;
87 char mlch = ' ';
88
89 if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
90 mlch = '\n';
91 }
92
93 if ((cflag & X509_FLAG_NO_HEADER) == 0) {
94 if (BIO_printf(bp, "Attribute Certificate:\n") <= 0)
95 goto err;
96 if (BIO_printf(bp, "%4sData:\n", "") <= 0)
97 goto err;
98 }
99
100 if ((cflag & X509_FLAG_NO_VERSION) == 0) {
101 long l;
102
103 l = X509_ACERT_get_version(x);
104 if (l == X509_ACERT_VERSION_2) {
105 if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1,
106 (unsigned long)l)
107 <= 0)
108 goto err;
109 } else {
110 if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
111 goto err;
112 }
113 }
114
115 if ((cflag & X509_FLAG_NO_SERIAL) == 0) {
116 const ASN1_INTEGER *serial;
117
118 serial = X509_ACERT_get0_serialNumber(x);
119
120 if (BIO_printf(bp, "%8sSerial Number: ", "") <= 0)
121 goto err;
122
123 if (i2a_ASN1_INTEGER(bp, serial) <= 0)
124 goto err;
125
126 if (BIO_write(bp, "\n", 1) <= 0)
127 goto err;
128 }
129
130 if ((cflag & X509_FLAG_NO_SUBJECT) == 0) {
131 const GENERAL_NAMES *holderEntities;
132 const OSSL_ISSUER_SERIAL *holder_bcid;
133 const X509_NAME *holderIssuer = NULL;
134
135 if (BIO_printf(bp, "%8sHolder:\n", "") <= 0)
136 goto err;
137
138 holderEntities = X509_ACERT_get0_holder_entityName(x);
139 if (holderEntities != NULL) {
140 for (i = 0; i < sk_GENERAL_NAME_num(holderEntities); i++) {
141 GENERAL_NAME *entity;
142
143 entity = sk_GENERAL_NAME_value(holderEntities, i);
144
145 if (BIO_printf(bp, "%12sName:%c", "", mlch) <= 0)
146 goto err;
147 if (GENERAL_NAME_print(bp, entity) <= 0)
148 goto err;
149 if (BIO_write(bp, "\n", 1) <= 0)
150 goto err;
151 }
152 }
153
154 if ((holder_bcid = X509_ACERT_get0_holder_baseCertId(x)) != NULL)
155 holderIssuer = OSSL_ISSUER_SERIAL_get0_issuer(holder_bcid);
156
157 if (holderIssuer != NULL) {
158 const ASN1_INTEGER *holder_serial;
159 const ASN1_BIT_STRING *iuid;
160
161 if (BIO_printf(bp, "%12sIssuer:%c", "", mlch) <= 0)
162 goto err;
163
164 if (X509_NAME_print_ex(bp, holderIssuer, 0, nmflags) <= 0)
165 goto err;
166
167 if (BIO_write(bp, "\n", 1) <= 0)
168 goto err;
169
170 if (BIO_printf(bp, "%12sSerial: ", "") <= 0)
171 goto err;
172
173 holder_serial = OSSL_ISSUER_SERIAL_get0_serial(holder_bcid);
174
175 if (i2a_ASN1_INTEGER(bp, holder_serial) <= 0)
176 goto err;
177
178 iuid = OSSL_ISSUER_SERIAL_get0_issuerUID(holder_bcid);
179 if (iuid != NULL) {
180 if (BIO_printf(bp, "%12sIssuer UID: ", "") <= 0)
181 goto err;
182 if (X509_signature_dump(bp, iuid, 24) <= 0)
183 goto err;
184 }
185 if (BIO_write(bp, "\n", 1) <= 0)
186 goto err;
187 }
188 }
189
190 if ((cflag & X509_FLAG_NO_ISSUER) == 0) {
191 const X509_NAME *issuer;
192
193 if (BIO_printf(bp, "%8sIssuer:%c", "", mlch) <= 0)
194 goto err;
195 issuer = X509_ACERT_get0_issuerName(x);
196 if (issuer) {
197 if (X509_NAME_print_ex(bp, issuer, 0, nmflags) < 0)
198 goto err;
199 } else {
200 if (BIO_printf(bp, "Unsupported Issuer Type") <= 0)
201 goto err;
202 }
203 if (BIO_write(bp, "\n", 1) <= 0)
204 goto err;
205 }
206
207 if ((cflag & X509_FLAG_NO_VALIDITY) == 0) {
208 if (BIO_printf(bp, "%8sValidity\n", "") <= 0)
209 goto err;
210 if (BIO_printf(bp, "%12sNot Before: ", "") <= 0)
211 goto err;
212 if (ASN1_GENERALIZEDTIME_print(bp, X509_ACERT_get0_notBefore(x)) == 0)
213 goto err;
214 if (BIO_printf(bp, "\n%12sNot After : ", "") <= 0)
215 goto err;
216 if (ASN1_GENERALIZEDTIME_print(bp, X509_ACERT_get0_notAfter(x)) == 0)
217 goto err;
218 if (BIO_write(bp, "\n", 1) <= 0)
219 goto err;
220 }
221
222 if ((cflag & X509_FLAG_NO_ATTRIBUTES) == 0) {
223 if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
224 goto err;
225
226 if (X509_ACERT_get_attr_count(x) == 0) {
227 if (BIO_printf(bp, "%12s(none)\n", "") <= 0)
228 goto err;
229 } else {
230 for (i = 0; i < X509_ACERT_get_attr_count(x); i++) {
231 if (print_attribute(bp, X509_ACERT_get_attr(x, i)) == 0)
232 goto err;
233 }
234 }
235 }
236
237 if ((cflag & X509_FLAG_NO_EXTENSIONS) == 0) {
238 const STACK_OF(X509_EXTENSION) *exts;
239
240 exts = X509_ACERT_get0_extensions(x);
241 if (exts != NULL) {
242 if (BIO_printf(bp, "%8sExtensions:\n", "") <= 0)
243 goto err;
244 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
245 ASN1_OBJECT *obj;
246 X509_EXTENSION *ex;
247 int critical;
248
249 ex = sk_X509_EXTENSION_value(exts, i);
250 if (BIO_printf(bp, "%12s", "") <= 0)
251 goto err;
252 obj = X509_EXTENSION_get_object(ex);
253 if (i2a_ASN1_OBJECT(bp, obj) <= 0)
254 goto err;
255 critical = X509_EXTENSION_get_critical(ex);
256 if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
257 goto err;
258 if (X509V3_EXT_print(bp, ex, cflag, 20) <= 0) {
259 if (BIO_printf(bp, "%16s", "") <= 0)
260 goto err;
261 if (ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)) <= 0)
262 goto err;
263 }
264 if (BIO_write(bp, "\n", 1) <= 0)
265 goto err;
266 }
267 }
268 }
269
270 if ((cflag & X509_FLAG_NO_SIGDUMP) == 0) {
271 const X509_ALGOR *sig_alg;
272 const ASN1_BIT_STRING *sig;
273
274 X509_ACERT_get0_signature(x, &sig, &sig_alg);
275 if (X509_signature_print(bp, sig_alg, sig) <= 0)
276 return 0;
277 }
278
279 return 1;
280
281 err:
282 ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
283 return 0;
284 }
285
X509_ACERT_print(BIO * bp,X509_ACERT * x)286 int X509_ACERT_print(BIO *bp, X509_ACERT *x)
287 {
288 return X509_ACERT_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
289 }
290