[apple/ipsec.git] / ipsec-tools / racoon / getcertsbyname.c

/*	$KAME: getcertsbyname.c,v 1.7 2001/11/16 04:12:59 sakane Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

//%%%HWR Do we need this?
#define BIND_8_COMPAT

#include "config.h"

#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>

#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#ifdef HAVE_LWRES_GETRRSETBYNAME
#include <lwres/netdb.h>
#include <lwres/lwres.h>
#else
#include <netdb.h>
#endif
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#ifdef DNSSEC_DEBUG
#include <stdio.h>
#include <strings.h>
#endif

#include "netdb_dnssec.h"

/* XXX should it use ci_errno to hold errno instead of h_errno ? */
extern int h_errno;

static struct certinfo *getnewci __P((int, int, int, int, int, 
			unsigned char *));

static struct certinfo *
getnewci(qtype, keytag, algorithm, flags, certlen, cert)
	int qtype, keytag, algorithm, flags, certlen;
	unsigned char *cert;
{
	struct certinfo *res;

	res = malloc(sizeof(*res));
	if (!res)
		return NULL;

	memset(res, 0, sizeof(*res));
	res->ci_type = qtype;
	res->ci_keytag = keytag;
	res->ci_algorithm = algorithm;
	res->ci_flags = flags;
	res->ci_certlen = certlen;
	res->ci_cert = malloc(certlen);
	if (!res->ci_cert) {
		free(res);
		return NULL;
	}
	memcpy(res->ci_cert, cert, certlen);

	return res;
}

void
freecertinfo(ci)
	struct certinfo *ci;
{
	struct certinfo *next;

	do {
		next = ci->ci_next;
		if (ci->ci_cert)
			free(ci->ci_cert);
		free(ci);
		ci = next;
	} while (ci);
}

/*
 * get CERT RR by FQDN and create certinfo structure chain.
 */
#ifdef HAVE_LWRES_GETRRSETBYNAME
#define getrrsetbyname lwres_getrrsetbyname
#define freerrset lwres_freerrset
#define hstrerror lwres_hstrerror
#endif
#if defined(HAVE_LWRES_GETRRSETBYNAME) || defined(HAVE_GETRRSETBYNAME) 	//%%% BUG FIX - HAVE misspelled
int
getcertsbyname(name, res)
	char *name;
	struct certinfo **res;
{
	int rdlength;
	char *cp;
	int type, keytag, algorithm;
	struct certinfo head, *cur;
	struct rrsetinfo *rr = NULL;
	int i;
	int error = -1;

	/* initialize res */
	*res = NULL;

	memset(&head, 0, sizeof(head));
	cur = &head;

	error = getrrsetbyname(name, C_IN, T_CERT, 0, &rr);
	if (error) {
#ifdef DNSSEC_DEBUG
		printf("getrrsetbyname: %s\n", hstrerror(error));
#endif
		h_errno = NO_RECOVERY;
		goto end;
	}

	if (rr->rri_rdclass != C_IN
	 || rr->rri_rdtype != T_CERT
	 || rr->rri_nrdatas == 0) {
#ifdef DNSSEC_DEBUG
		printf("getrrsetbyname: %s", hstrerror(error));
#endif
		h_errno = NO_RECOVERY;
		goto end;
	}
#ifdef DNSSEC_DEBUG
	if (!(rr->rri_flags & LWRDATA_VALIDATED))
		printf("rr is not valid");
#endif

	for (i = 0; i < rr->rri_nrdatas; i++) {
		rdlength = rr->rri_rdatas[i].rdi_length;
		cp = rr->rri_rdatas[i].rdi_data;

		GETSHORT(type, cp);	/* type */
		rdlength -= INT16SZ;
		GETSHORT(keytag, cp);	/* key tag */
		rdlength -= INT16SZ;
		algorithm = *cp++;	/* algorithm */
		rdlength -= 1;

#ifdef DNSSEC_DEBUG
		printf("type=%d keytag=%d alg=%d len=%d\n",
			type, keytag, algorithm, rdlength);
#endif

		/* create new certinfo */
		cur->ci_next = getnewci(type, keytag, algorithm,
					rr->rri_flags, rdlength, cp);
		if (!cur->ci_next) {
#ifdef DNSSEC_DEBUG
			printf("getnewci: %s", strerror(errno));
#endif
			h_errno = NO_RECOVERY;
			goto end;
		}
		cur = cur->ci_next;
	}

	*res = head.ci_next;
	error = 0;

end:
	if (rr)
		freerrset(rr);
	if (error && head.ci_next)
		freecertinfo(head.ci_next);

	return error;
}
#else	/*!HAVE_LWRES_GETRRSETBYNAME*/
int
getcertsbyname(name, res)
	char *name;
	struct certinfo **res;
{
	unsigned char *answer = NULL, *p;
	int buflen, anslen, len;
	HEADER *hp;
	int qdcount, ancount, rdlength;
	unsigned char *cp, *eom;
	char hostbuf[1024];	/* XXX */
	int qtype, qclass, keytag, algorithm;
	struct certinfo head, *cur;
	int error = -1;

	/* initialize res */
	*res = NULL;

	memset(&head, 0, sizeof(head));
	cur = &head;

	/* get CERT RR */
	buflen = 512;
	do {

		buflen *= 2;
		p = realloc(answer, buflen);
		if (!p) {
#ifdef DNSSEC_DEBUG
			printf("realloc: %s", strerror(errno));
#endif
			h_errno = NO_RECOVERY;
			goto end;
		}
		answer = p;

		anslen = res_query(name,  C_IN, T_CERT, answer, buflen);
		if (anslen == -1)
			goto end;

	} while (buflen < anslen);

#ifdef DNSSEC_DEBUG
	printf("get a DNS packet len=%d\n", anslen);
#endif

	/* parse CERT RR */
	eom = answer + anslen;

	hp = (HEADER *)answer;
	qdcount = ntohs(hp->qdcount);
	ancount = ntohs(hp->ancount);

	/* question section */
	if (qdcount != 1) {
#ifdef DNSSEC_DEBUG
		printf("query count is not 1.\n");
#endif
		h_errno = NO_RECOVERY;
		goto end;
	}
	cp = (unsigned char *)(hp + 1);
	len = dn_expand(answer, eom, cp, hostbuf, sizeof(hostbuf));
	if (len < 0) {
#ifdef DNSSEC_DEBUG
		printf("dn_expand failed.\n");
#endif
		goto end;
	}
	cp += len;
	GETSHORT(qtype, cp);		/* QTYPE */
	GETSHORT(qclass, cp);		/* QCLASS */

	/* answer section */
	while (ancount-- && cp < eom) {
		len = dn_expand(answer, eom, cp, hostbuf, sizeof(hostbuf));
		if (len < 0) {
#ifdef DNSSEC_DEBUG
			printf("dn_expand failed.\n");
#endif
			goto end;
		}
		cp += len;
		GETSHORT(qtype, cp);	/* TYPE */
		GETSHORT(qclass, cp);	/* CLASS */
		cp += INT32SZ;		/* TTL */
		GETSHORT(rdlength, cp);	/* RDLENGTH */

		/* CERT RR */
		if (qtype != T_CERT) {
#ifdef DNSSEC_DEBUG
			printf("not T_CERT\n");
#endif
			h_errno = NO_RECOVERY;
			goto end;
		}
		GETSHORT(qtype, cp);	/* type */
		rdlength -= INT16SZ;
		GETSHORT(keytag, cp);	/* key tag */
		rdlength -= INT16SZ;
		algorithm = *cp++;	/* algorithm */
		rdlength -= 1;
		if (cp + rdlength > eom) {
#ifdef DNSSEC_DEBUG
			printf("rdlength is too long.\n");
#endif
			h_errno = NO_RECOVERY;
			goto end;
		}
#ifdef DNSSEC_DEBUG
		printf("type=%d keytag=%d alg=%d len=%d\n",
			qtype, keytag, algorithm, rdlength);
#endif

		/* create new certinfo */
		cur->ci_next = getnewci(qtype, keytag, algorithm,
					0, rdlength, cp);
		if (!cur->ci_next) {
#ifdef DNSSEC_DEBUG
			printf("getnewci: %s", strerror(errno));
#endif
			h_errno = NO_RECOVERY;
			goto end;
		}
		cur = cur->ci_next;

		cp += rdlength;
	}

	*res = head.ci_next;
	error = 0;

end:
	if (answer)
		free(answer);
	if (error && head.ci_next)
		freecertinfo(head.ci_next);

	return error;
}
#endif

#ifdef DNSSEC_DEBUG
int
b64encode(p, len)
	char *p;
	int len;
{
	static const char b64t[] =
		"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
		"abcdefghijklmnopqrstuvwxyz"
		"0123456789+/=";

	while (len > 2) {
                printf("%c", b64t[(p[0] >> 2) & 0x3f]);
                printf("%c", b64t[((p[0] << 4) & 0x30) | ((p[1] >> 4) & 0x0f)]);
                printf("%c", b64t[((p[1] << 2) & 0x3c) | ((p[2] >> 6) & 0x03)]);
                printf("%c", b64t[p[2] & 0x3f]);
		len -= 3;
		p += 3;
	}

	if (len == 2) {
                printf("%c", b64t[(p[0] >> 2) & 0x3f]);
                printf("%c", b64t[((p[0] << 4) & 0x30)| ((p[1] >> 4) & 0x0f)]);
                printf("%c", b64t[((p[1] << 2) & 0x3c)]);
                printf("%c", '=');
        } else if (len == 1) {
                printf("%c", b64t[(p[0] >> 2) & 0x3f]);
                printf("%c", b64t[((p[0] << 4) & 0x30)]);
                printf("%c", '=');
                printf("%c", '=');
	}

	return 0;
}

int
main(ac, av)
	int ac;
	char **av;
{
	struct certinfo *res, *p;
	int i;

	if (ac < 2) {
		printf("Usage: a.out (FQDN)\n");
		exit(1);
	}

	i = getcertsbyname(*(av + 1), &res);
	if (i != 0) {
		herror("getcertsbyname");
		exit(1);
	}
	printf("getcertsbyname succeeded.\n");

	i = 0;
	for (p = res; p; p = p->ci_next) {
		printf("certinfo[%d]:\n", i);
		printf("\tci_type=%d\n", p->ci_type);
		printf("\tci_keytag=%d\n", p->ci_keytag);
		printf("\tci_algorithm=%d\n", p->ci_algorithm);
		printf("\tci_flags=%d\n", p->ci_flags);
		printf("\tci_certlen=%d\n", p->ci_certlen);
		printf("\tci_cert: ");
		b64encode(p->ci_cert, p->ci_certlen);
		printf("\n");
		i++;
	}

	freecertinfo(res);

	exit(0);
}
#endif
Commit	Line	Data
52b7d2ce A	1	/* $KAME: getcertsbyname.c,v 1.7 2001/11/16 04:12:59 sakane Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	//%%%HWR Do we need this?
	33	#define BIND_8_COMPAT
	34
	35	#include "config.h"
	36
	37	#include <sys/types.h>
	38	#include <sys/param.h>
	39	#include <sys/socket.h>
	40
	41	#include <netinet/in.h>
	42	#include <arpa/nameser.h>
	43	#include <resolv.h>
	44	#ifdef HAVE_LWRES_GETRRSETBYNAME
	45	#include <lwres/netdb.h>
	46	#include <lwres/lwres.h>
	47	#else
	48	#include <netdb.h>
	49	#endif
	50	#include <stdlib.h>
	51	#include <string.h>
	52	#include <errno.h>
	53
	54	#ifdef DNSSEC_DEBUG
	55	#include <stdio.h>
	56	#include <strings.h>
	57	#endif
	58
	59	#include "netdb_dnssec.h"
	60
	61	/* XXX should it use ci_errno to hold errno instead of h_errno ? */
	62	extern int h_errno;
	63
	64	static struct certinfo *getnewci __P((int, int, int, int, int,
65	unsigned char *));
66
67	static struct certinfo *
68	getnewci(qtype, keytag, algorithm, flags, certlen, cert)
69	int qtype, keytag, algorithm, flags, certlen;
70	unsigned char *cert;
71	{
72	struct certinfo *res;
73
74	res = malloc(sizeof(*res));
75	if (!res)
76	return NULL;
77
78	memset(res, 0, sizeof(*res));
79	res->ci_type = qtype;
80	res->ci_keytag = keytag;
81	res->ci_algorithm = algorithm;
82	res->ci_flags = flags;
83	res->ci_certlen = certlen;
84	res->ci_cert = malloc(certlen);
85	if (!res->ci_cert) {
86	free(res);
87	return NULL;
88	}
89	memcpy(res->ci_cert, cert, certlen);
90
91	return res;
92	}
93
94	void
95	freecertinfo(ci)
96	struct certinfo *ci;
97	{
98	struct certinfo *next;
99
100	do {
101	next = ci->ci_next;
102	if (ci->ci_cert)
103	free(ci->ci_cert);
104	free(ci);
105	ci = next;
106	} while (ci);
107	}
108
109	/*
110	* get CERT RR by FQDN and create certinfo structure chain.
111	*/
112	#ifdef HAVE_LWRES_GETRRSETBYNAME
113	#define getrrsetbyname lwres_getrrsetbyname
114	#define freerrset lwres_freerrset
115	#define hstrerror lwres_hstrerror
116	#endif
117	#if defined(HAVE_LWRES_GETRRSETBYNAME) \|\| defined(HAVE_GETRRSETBYNAME) //%%% BUG FIX - HAVE misspelled
118	int
119	getcertsbyname(name, res)
120	char *name;
121	struct certinfo **res;
122	{
123	int rdlength;
124	char *cp;
125	int type, keytag, algorithm;
126	struct certinfo head, *cur;
127	struct rrsetinfo *rr = NULL;
128	int i;
129	int error = -1;
130
131	/* initialize res */
132	*res = NULL;
133
134	memset(&head, 0, sizeof(head));
135	cur = &head;
136
137	error = getrrsetbyname(name, C_IN, T_CERT, 0, &rr);
138	if (error) {
139	#ifdef DNSSEC_DEBUG
140	printf("getrrsetbyname: %s\n", hstrerror(error));
141	#endif
142	h_errno = NO_RECOVERY;
143	goto end;
144	}
145
146	if (rr->rri_rdclass != C_IN
147	\|\| rr->rri_rdtype != T_CERT
148	\|\| rr->rri_nrdatas == 0) {
149	#ifdef DNSSEC_DEBUG
150	printf("getrrsetbyname: %s", hstrerror(error));
151	#endif
152	h_errno = NO_RECOVERY;
153	goto end;
154	}
155	#ifdef DNSSEC_DEBUG
156	if (!(rr->rri_flags & LWRDATA_VALIDATED))
157	printf("rr is not valid");
158	#endif
159
160	for (i = 0; i < rr->rri_nrdatas; i++) {
161	rdlength = rr->rri_rdatas[i].rdi_length;
162	cp = rr->rri_rdatas[i].rdi_data;
163
164	GETSHORT(type, cp); /* type */
165	rdlength -= INT16SZ;
166	GETSHORT(keytag, cp); /* key tag */
167	rdlength -= INT16SZ;
168	algorithm = cp++; / algorithm */
169	rdlength -= 1;
170
171	#ifdef DNSSEC_DEBUG
172	printf("type=%d keytag=%d alg=%d len=%d\n",
173	type, keytag, algorithm, rdlength);
174	#endif
175
176	/* create new certinfo */
177	cur->ci_next = getnewci(type, keytag, algorithm,
178	rr->rri_flags, rdlength, cp);
179	if (!cur->ci_next) {
180	#ifdef DNSSEC_DEBUG
181	printf("getnewci: %s", strerror(errno));
182	#endif
183	h_errno = NO_RECOVERY;
184	goto end;
185	}
186	cur = cur->ci_next;
187	}
188
189	*res = head.ci_next;
190	error = 0;
191
192	end:
193	if (rr)
194	freerrset(rr);
195	if (error && head.ci_next)
196	freecertinfo(head.ci_next);
197
198	return error;
199	}
200	#else /!HAVE_LWRES_GETRRSETBYNAME/
201	int
202	getcertsbyname(name, res)
203	char *name;
204	struct certinfo **res;
205	{
206	unsigned char answer = NULL, p;
207	int buflen, anslen, len;
208	HEADER *hp;
209	int qdcount, ancount, rdlength;
210	unsigned char cp, eom;
211	char hostbuf[1024]; /* XXX */
212	int qtype, qclass, keytag, algorithm;
213	struct certinfo head, *cur;
214	int error = -1;
215
216	/* initialize res */
217	*res = NULL;
218
219	memset(&head, 0, sizeof(head));
220	cur = &head;
221
222	/* get CERT RR */
223	buflen = 512;
224	do {
225
226	buflen *= 2;
227	p = realloc(answer, buflen);
228	if (!p) {
229	#ifdef DNSSEC_DEBUG
230	printf("realloc: %s", strerror(errno));
231	#endif
232	h_errno = NO_RECOVERY;
233	goto end;
234	}
235	answer = p;
236
237	anslen = res_query(name, C_IN, T_CERT, answer, buflen);
238	if (anslen == -1)
239	goto end;
240
241	} while (buflen < anslen);
242
243	#ifdef DNSSEC_DEBUG
244	printf("get a DNS packet len=%d\n", anslen);
245	#endif
246
247	/* parse CERT RR */
248	eom = answer + anslen;
249
250	hp = (HEADER *)answer;
251	qdcount = ntohs(hp->qdcount);
252	ancount = ntohs(hp->ancount);
253
254	/* question section */
255	if (qdcount != 1) {
256	#ifdef DNSSEC_DEBUG
257	printf("query count is not 1.\n");
258	#endif
259	h_errno = NO_RECOVERY;
260	goto end;
261	}
262	cp = (unsigned char *)(hp + 1);
263	len = dn_expand(answer, eom, cp, hostbuf, sizeof(hostbuf));
264	if (len < 0) {
265	#ifdef DNSSEC_DEBUG
266	printf("dn_expand failed.\n");
267	#endif
268	goto end;
269	}
270	cp += len;
271	GETSHORT(qtype, cp); /* QTYPE */
272	GETSHORT(qclass, cp); /* QCLASS */
273
274	/* answer section */
275	while (ancount-- && cp < eom) {
276	len = dn_expand(answer, eom, cp, hostbuf, sizeof(hostbuf));
277	if (len < 0) {
278	#ifdef DNSSEC_DEBUG
279	printf("dn_expand failed.\n");
280	#endif
281	goto end;
282	}
283	cp += len;
284	GETSHORT(qtype, cp); /* TYPE */
285	GETSHORT(qclass, cp); /* CLASS */
286	cp += INT32SZ; /* TTL */
287	GETSHORT(rdlength, cp); /* RDLENGTH */
288
289	/* CERT RR */
290	if (qtype != T_CERT) {
291	#ifdef DNSSEC_DEBUG
292	printf("not T_CERT\n");
293	#endif
294	h_errno = NO_RECOVERY;
295	goto end;
296	}
297	GETSHORT(qtype, cp); /* type */
298	rdlength -= INT16SZ;
299	GETSHORT(keytag, cp); /* key tag */
300	rdlength -= INT16SZ;
301	algorithm = cp++; / algorithm */
302	rdlength -= 1;
303	if (cp + rdlength > eom) {
304	#ifdef DNSSEC_DEBUG
305	printf("rdlength is too long.\n");
306	#endif
307	h_errno = NO_RECOVERY;
308	goto end;
309	}
310	#ifdef DNSSEC_DEBUG
311	printf("type=%d keytag=%d alg=%d len=%d\n",
312	qtype, keytag, algorithm, rdlength);
313	#endif
314
315	/* create new certinfo */
316	cur->ci_next = getnewci(qtype, keytag, algorithm,
317	0, rdlength, cp);
318	if (!cur->ci_next) {
319	#ifdef DNSSEC_DEBUG
320	printf("getnewci: %s", strerror(errno));
321	#endif
322	h_errno = NO_RECOVERY;
323	goto end;
324	}
325	cur = cur->ci_next;
326
327	cp += rdlength;
328	}
329
330	*res = head.ci_next;
331	error = 0;
332
333	end:
334	if (answer)
335	free(answer);
336	if (error && head.ci_next)
337	freecertinfo(head.ci_next);
338
339	return error;
340	}
341	#endif
342
343	#ifdef DNSSEC_DEBUG
344	int
345	b64encode(p, len)
346	char *p;
347	int len;
348	{
349	static const char b64t[] =
350	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
351	"abcdefghijklmnopqrstuvwxyz"
352	"0123456789+/=";
353
354	while (len > 2) {
355	printf("%c", b64t[(p[0] >> 2) & 0x3f]);
356	printf("%c", b64t[((p[0] << 4) & 0x30) \| ((p[1] >> 4) & 0x0f)]);
357	printf("%c", b64t[((p[1] << 2) & 0x3c) \| ((p[2] >> 6) & 0x03)]);
358	printf("%c", b64t[p[2] & 0x3f]);
359	len -= 3;
360	p += 3;
361	}
362
363	if (len == 2) {
364	printf("%c", b64t[(p[0] >> 2) & 0x3f]);
365	printf("%c", b64t[((p[0] << 4) & 0x30)\| ((p[1] >> 4) & 0x0f)]);
366	printf("%c", b64t[((p[1] << 2) & 0x3c)]);
367	printf("%c", '=');
368	} else if (len == 1) {
369	printf("%c", b64t[(p[0] >> 2) & 0x3f]);
370	printf("%c", b64t[((p[0] << 4) & 0x30)]);
371	printf("%c", '=');
372	printf("%c", '=');
373	}
374
375	return 0;
376	}
377
378	int
379	main(ac, av)
380	int ac;
381	char **av;
382	{
383	struct certinfo res, p;
384	int i;
385
386	if (ac < 2) {
387	printf("Usage: a.out (FQDN)\n");
388	exit(1);
389	}
390
391	i = getcertsbyname(*(av + 1), &res);
392	if (i != 0) {
393	herror("getcertsbyname");
394	exit(1);
395	}
396	printf("getcertsbyname succeeded.\n");
397
398	i = 0;
399	for (p = res; p; p = p->ci_next) {
400	printf("certinfo[%d]:\n", i);
401	printf("\tci_type=%d\n", p->ci_type);
402	printf("\tci_keytag=%d\n", p->ci_keytag);
403	printf("\tci_algorithm=%d\n", p->ci_algorithm);
404	printf("\tci_flags=%d\n", p->ci_flags);
405	printf("\tci_certlen=%d\n", p->ci_certlen);
406	printf("\tci_cert: ");
407	b64encode(p->ci_cert, p->ci_certlen);
408	printf("\n");
409	i++;
410	}
411
412	freecertinfo(res);
413
414	exit(0);
415	}
416	#endif