security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

(oidtranstbl): New. OIDs collected from several sources. 

(print_name_raw, print_names_raw, list_cert_raw): New.
(gpgsm_list_keys): Check the dump mode and pass it down as
necessary.
This commit is contained in:
Werner Koch 2004-04-23 10:34:25 +00:00
parent 99e00351a3
commit cbc5ce3ea4
2 changed files with 309 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sm/ChangeLog
View File

@ -1,3 +1,10 @@
2004-04-23 Werner Koch <wk@gnupg.org>
* keylist.c (oidtranstbl): New. OIDs collected from several sources.
(print_name_raw, print_names_raw, list_cert_raw): New.
(gpgsm_list_keys): Check the dump mode and pass it down as
necessary.
2004-04-22 Werner Koch <wk@gnupg.org> 2004-04-22 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New commands --dump-keys, --dump-external-keys, * gpgsm.c (main): New commands --dump-keys, --dump-external-keys,

323
sm/keylist.c
View File

@ -70,6 +70,121 @@ struct {
}; };
/* A table mapping OIDs to a descriptive string. */
static struct {
char *oid;
char *name;
unsigned int flag;
} oidtranstbl[] = {
/* Algorithms. */
{ "1.2.840.10040.4.1", "dsa" },
{ "1.2.840.10040.4.3", "dsaWithSha1" },
{ "1.2.840.113549.1.1.1", "rsaEncryption" },
{ "1.2.840.113549.1.1.2", "md2WithRSAEncryption" },
{ "1.2.840.113549.1.1.3", "md4WithRSAEncryption" },
{ "1.2.840.113549.1.1.4", "md5WithRSAEncryption" },
{ "1.2.840.113549.1.1.5", "sha1WithRSAEncryption" },
{ "1.2.840.113549.1.1.7", "rsaOAEP" },
{ "1.2.840.113549.1.1.8", "rsaOAEP-MGF" },
{ "1.2.840.113549.1.1.9", "rsaOAEP-pSpecified" },
{ "1.2.840.113549.1.1.10", "rsaPSS" },
{ "1.2.840.113549.1.1.11", "sha256WithRSAEncryption" },
{ "1.2.840.113549.1.1.12", "sha384WithRSAEncryption" },
{ "1.2.840.113549.1.1.13", "sha512WithRSAEncryption" },
{ "1.3.14.3.2.26", "sha1" },
{ "1.3.14.3.2.29", "sha-1WithRSAEncryption" },
{ "1.3.36.3.3.1.2", "rsaSignatureWithripemd160" },
/* Telesec extensions. */
{ "0.2.262.1.10.12.0", "certExtensionLiabilityLimitationExt" },
{ "0.2.262.1.10.12.1", "telesecCertIdExt" },
{ "0.2.262.1.10.12.2", "telesecPolicyIdentifier" },
{ "0.2.262.1.10.12.3", "telesecPolicyQualifierID" },
{ "0.2.262.1.10.12.4", "telesecCRLFilteredExt" },
{ "0.2.262.1.10.12.5", "telesecCRLFilterExt"},
{ "0.2.262.1.10.12.6", "telesecNamingAuthorityExt" },
/* PKIX private extensions. */
{ "1.3.6.1.5.5.7.1.1", "authorityInfoAccess" },
{ "1.3.6.1.5.5.7.1.2", "biometricInfo" },
{ "1.3.6.1.5.5.7.1.3", "qcStatements" },
{ "1.3.6.1.5.5.7.1.4", "acAuditIdentity" },
{ "1.3.6.1.5.5.7.1.5", "acTargeting" },
{ "1.3.6.1.5.5.7.1.6", "acAaControls" },
{ "1.3.6.1.5.5.7.1.7", "sbgp-ipAddrBlock" },
{ "1.3.6.1.5.5.7.1.8", "sbgp-autonomousSysNum" },
{ "1.3.6.1.5.5.7.1.9", "sbgp-routerIdentifier" },
{ "1.3.6.1.5.5.7.1.10", "acProxying" },
{ "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" },
/* X.509 id-ce */
{ "2.5.29.14", "subjectKeyIdentifier"},
{ "2.5.29.15", "keyUsage", 1 },
{ "2.5.29.16", "privateKeyUsagePeriod" },
{ "2.5.29.17", "subjectAltName", 1 },
{ "2.5.29.18", "issuerAltName", 1 },
{ "2.5.29.19", "basicConstraints", 1},
{ "2.5.29.20", "cRLNumber" },
{ "2.5.29.21", "cRLReason" },
{ "2.5.29.22", "expirationDate" },
{ "2.5.29.23", "instructionCode" },
{ "2.5.29.24", "invalidityDate" },
{ "2.5.29.27", "deltaCRLIndicator" },
{ "2.5.29.28", "issuingDistributionPoint" },
{ "2.5.29.29", "certificateIssuer" },
{ "2.5.29.30", "nameConstraints" },
{ "2.5.29.31", "cRLDistributionPoints", 1 },
{ "2.5.29.32", "certificatePolicies", 1 },
{ "2.5.29.32.0", "anyPolicy" },
{ "2.5.29.33", "policyMappings" },
{ "2.5.29.35", "authorityKeyIdentifier", 1 },
{ "2.5.29.36", "policyConstraints" },
{ "2.5.29.37", "extKeyUsage", 1 },
{ "2.5.29.46", "freshestCRL" },
{ "2.5.29.54", "inhibitAnyPolicy" },
/* Netscape certificate extensions. */
{ "2.16.840.1.113730.1.1", "netscape-cert-type" },
{ "2.16.840.1.113730.1.2", "netscape-base-url" },
{ "2.16.840.1.113730.1.3", "netscape-revocation-url" },
{ "2.16.840.1.113730.1.4", "netscape-ca-revocation-url" },
{ "2.16.840.1.113730.1.7", "netscape-cert-renewal-url" },
{ "2.16.840.1.113730.1.8", "netscape-ca-policy-url" },
{ "2.16.840.1.113730.1.9", "netscape-homePage-url" },
{ "2.16.840.1.113730.1.10", "netscape-entitylogo" },
{ "2.16.840.1.113730.1.11", "netscape-userPicture" },
{ "2.16.840.1.113730.1.12", "netscape-ssl-server-name" },
{ "2.16.840.1.113730.1.13", "netscape-comment" },
{ NULL }
};
/* Return the description for OID; if no description is available
NULL is returned. */
static const char *
get_oid_desc (const char *oid, unsigned int *flag)
{
int i;
if (oid)
for (i=0; oidtranstbl[i].oid; i++)
if (!strcmp (oidtranstbl[i].oid, oid))
{
if (flag)
*flag = oidtranstbl[i].flag;
return oidtranstbl[i].name;
}
if (flag)
*flag = 0;
return NULL;
}
static void static void
print_key_data (ksba_cert_t cert, FILE *fp) print_key_data (ksba_cert_t cert, FILE *fp)
{ {
@ -325,6 +440,40 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
} }
static void
print_name_raw (FILE *fp, const char *string)
{
if (!string)
fputs ("[error]", fp);
else
print_sanitized_string (fp, string, 0);
}
static void
print_names_raw (FILE *fp, int indent, ksba_name_t name)
{
int idx;
const char *s;
int indent_all;
if ((indent_all = (indent < 0)))
indent = - indent;
if (!name)
{
fputs ("none\n", fp);
return;
}
for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
{
char *p = ksba_name_get_uri (name, idx);
printf ("%*s%s\n", idx||indent_all?indent:0, "", p?p:s);
xfree (p);
}
}
/* List one certificate in raw mode useful to have a closer look at /* List one certificate in raw mode useful to have a closer look at
the certificate. This one does not beautification and only minimal the certificate. This one does not beautification and only minimal
output sanitation. It is mainly useful for debugging. */ output sanitation. It is mainly useful for debugging. */
@ -333,6 +482,7 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
int with_validation) int with_validation)
{ {
gpg_error_t err; gpg_error_t err;
size_t off, len;
ksba_sexp_t sexp; ksba_sexp_t sexp;
char *dn; char *dn;
ksba_isotime_t t; ksba_isotime_t t;
@ -340,6 +490,9 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
int is_ca, chainlen; int is_ca, chainlen;
unsigned int kusage; unsigned int kusage;
char *string, *p, *pend; char *string, *p, *pend;
const char *oid, *s;
ksba_name_t name, name2;
unsigned int reason;
sexp = ksba_cert_get_serial (cert); sexp = ksba_cert_get_serial (cert);
fputs ("Serial number: ", fp); fputs ("Serial number: ", fp);
@ -349,42 +502,74 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
dn = ksba_cert_get_issuer (cert, 0); dn = ksba_cert_get_issuer (cert, 0);
fputs (" Issuer: ", fp); fputs (" Issuer: ", fp);
gpgsm_print_name (fp, dn); print_name_raw (fp, dn);
ksba_free (dn); ksba_free (dn);
putc ('\n', fp); putc ('\n', fp);
for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++) for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)
{ {
fputs (" aka: ", fp); fputs (" aka: ", fp);
gpgsm_print_name (fp, dn); print_name_raw (fp, dn);
ksba_free (dn); ksba_free (dn);
putc ('\n', fp); putc ('\n', fp);
} }
dn = ksba_cert_get_subject (cert, 0); dn = ksba_cert_get_subject (cert, 0);
fputs (" Subject: ", fp); fputs (" Subject: ", fp);
gpgsm_print_name (fp, dn); print_name_raw (fp, dn);
ksba_free (dn); ksba_free (dn);
putc ('\n', fp); putc ('\n', fp);
for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++) for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)
{ {
fputs (" aka: ", fp); fputs (" aka: ", fp);
gpgsm_print_name (fp, dn); print_name_raw (fp, dn);
ksba_free (dn); ksba_free (dn);
putc ('\n', fp); putc ('\n', fp);
} }
dn = gpgsm_get_fingerprint_string (cert, 0);
fprintf (fp, " sha1_fpr: %s\n", dn?dn:"error");
xfree (dn);
dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);
fprintf (fp, " md5_fpr: %s\n", dn?dn:"error");
xfree (dn);
ksba_cert_get_validity (cert, 0, t); ksba_cert_get_validity (cert, 0, t);
fputs (" validity: ", fp); fputs (" notBefore: ", fp);
gpgsm_print_time (fp, t); gpgsm_print_time (fp, t);
fputs (" through ", fp); putc ('\n', fp);
fputs (" notAfter: ", fp);
ksba_cert_get_validity (cert, 1, t); ksba_cert_get_validity (cert, 1, t);
gpgsm_print_time (fp, t); gpgsm_print_time (fp, t);
putc ('\n', fp); putc ('\n', fp);
oid = ksba_cert_get_digest_algo (cert);
s = get_oid_desc (oid, NULL);
fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
/* authorityKeyIdentifier */
fputs (" authKeyId: ", fp);
err = ksba_cert_get_auth_key_id (cert, NULL, &name, &sexp);
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
{
if (gpg_err_code (err) == GPG_ERR_NO_DATA || !name)
fputs ("[none]\n", fp);
else
{
gpgsm_print_serial (fp, sexp);
ksba_free (sexp);
putc ('\n', fp);
print_names_raw (fp, -15, name);
ksba_name_release (name);
}
}
else
fputs ("[?]\n", fp);
fputs (" keyUsage:", fp);
err = ksba_cert_get_key_usage (cert, &kusage); err = ksba_cert_get_key_usage (cert, &kusage);
if (gpg_err_code (err) != GPG_ERR_NO_DATA) if (gpg_err_code (err) != GPG_ERR_NO_DATA)
{ {
fputs (" key usage:", fp);
if (err) if (err)
fprintf (fp, " [error: %s]", gpg_strerror (err)); fprintf (fp, " [error: %s]", gpg_strerror (err));
else else
@ -410,11 +595,13 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
} }
putc ('\n', fp); putc ('\n', fp);
} }
else
fputs ("[none]\n", fp);
fputs (" extKeyUsage: ", fp);
err = ksba_cert_get_ext_key_usages (cert, &string); err = ksba_cert_get_ext_key_usages (cert, &string);
if (gpg_err_code (err) != GPG_ERR_NO_DATA) if (gpg_err_code (err) != GPG_ERR_NO_DATA)
{ {
fputs ("ext key usage: ", fp);
if (err) if (err)
fprintf (fp, "[error: %s]", gpg_strerror (err)); fprintf (fp, "[error: %s]", gpg_strerror (err));
else else
@ -433,37 +620,53 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
if ((p = strchr (p, '\n'))) if ((p = strchr (p, '\n')))
{ {
p++; p++;
fputs (", ", fp); fputs ("\n ", fp);
} }
} }
xfree (string); xfree (string);
} }
putc ('\n', fp); putc ('\n', fp);
} }
else
fputs ("[none]\n", fp);
fputs (" policies: ", fp);
err = ksba_cert_get_cert_policies (cert, &string); err = ksba_cert_get_cert_policies (cert, &string);
if (gpg_err_code (err) != GPG_ERR_NO_DATA) if (gpg_err_code (err) != GPG_ERR_NO_DATA)
{ {
fputs (" policies: ", fp);
if (err) if (err)
fprintf (fp, "[error: %s]", gpg_strerror (err)); fprintf (fp, "[error: %s]", gpg_strerror (err));
else else
{ {
for (p=string; *p; p++) p = string;
while (p && (pend=strchr (p, ':')))
{ {
if (*p == '\n') *pend++ = 0;
*p = ','; for (i=0; key_purpose_map[i].oid; i++)
if ( !strcmp (key_purpose_map[i].oid, p) )
break;
fputs (p, fp);
p = pend;
if (*p == 'C')
fputs (" (critical)", fp);
if ((p = strchr (p, '\n')))
{
p++;
fputs ("\n ", fp);
}
} }
print_sanitized_string (fp, string, 0);
xfree (string); xfree (string);
} }
putc ('\n', fp); putc ('\n', fp);
} }
else
fputs ("[none]\n", fp);
fputs (" chainLength: ", fp);
err = ksba_cert_is_ca (cert, &is_ca, &chainlen); err = ksba_cert_is_ca (cert, &is_ca, &chainlen);
if (err || is_ca) if (err || is_ca)
{ {
fputs (" chain length: ", fp);
if (err) if (err)
fprintf (fp, "[error: %s]", gpg_strerror (err)); fprintf (fp, "[error: %s]", gpg_strerror (err));
else if (chainlen == -1) else if (chainlen == -1)
@ -472,14 +675,92 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
fprintf (fp, "%d", chainlen); fprintf (fp, "%d", chainlen);
putc ('\n', fp); putc ('\n', fp);
} }
else
fputs ("not a CA\n", fp);
dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);
fprintf (fp, " md5 fpr: %s\n", dn?dn:"error");
xfree (dn);
dn = gpgsm_get_fingerprint_string (cert, 0); /* CRL distribution point */
fprintf (fp, " fingerprint: %s\n", dn?dn:"error"); for (idx=0; !(err=ksba_cert_get_crl_dist_point (cert, idx, &name, &name2,
xfree (dn); &reason)) ;idx++)
{
fputs (" crlDP: ", fp);
print_names_raw (fp, 15, name);
if (reason)
{
fputs (" reason: ", fp);
if ( (reason & KSBA_CRLREASON_UNSPECIFIED))
fputs (" unused", stdout);
if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))
fputs (" keyCompromise", stdout);
if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))
fputs (" caCompromise", stdout);
if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))
fputs (" affiliationChanged", stdout);
if ( (reason & KSBA_CRLREASON_SUPERSEDED))
fputs (" superseded", stdout);
if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))
fputs (" cessationOfOperation", stdout);
if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))
fputs (" certificateHold", stdout);
putchar ('\n');
}
fputs (" issuer: ", fp);
print_names_raw (fp, 23, name2);
ksba_name_release (name);
ksba_name_release (name2);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF)
fputs (" crlDP: [error]\n", fp);
else if (!idx)
fputs (" crlDP: [none]\n", fp);
/* authorityInfoAccess. */
for (idx=0; !(err=ksba_cert_get_authority_info_access (cert, idx, &string,
&name)); idx++)
{
fputs (" authInfo: ", fp);
s = get_oid_desc (string, NULL);
fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
print_names_raw (fp, -15, name);
ksba_name_release (name);
ksba_free (string);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF)
fputs (" authInfo: [error]\n", fp);
else if (!idx)
fputs (" authInfo: [none]\n", fp);
/* subjectInfoAccess. */
for (idx=0; !(err=ksba_cert_get_subject_info_access (cert, idx, &string,
&name)); idx++)
{
fputs (" subjectInfo: ", fp);
s = get_oid_desc (string, NULL);
fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
print_names_raw (fp, -15, name);
ksba_name_release (name);
ksba_free (string);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF)
fputs (" subjInfo: [error]\n", fp);
else if (!idx)
fputs (" subjInfo: [none]\n", fp);
for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
&oid, &i, &off, &len));idx++)
{
unsigned int flag;
s = get_oid_desc (oid, &flag);
if (!(flag & 1))
fprintf (fp, " %s: %s%s%s%s [%d octets]\n",
i? "critExtn":" extn",
oid, s?" (":"", s?s:"", s?")":"", (int)len);
}
if (with_validation) if (with_validation)
{ {