]>
git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/getcertsbyname.c
1 /* $KAME: getcertsbyname.c,v 1.6 2001/08/07 09:17:49 itojun Exp $ */
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/socket.h>
36 #include <netinet/in.h>
37 #include <arpa/nameser.h>
39 #ifdef HAVE_LWRES_GETRRSETBYNAME
40 #include <lwres/netdb.h>
41 #include <lwres/lwres.h>
54 #include "netdb_dnssec.h"
56 /* XXX should it use ci_errno to hold errno instead of h_errno ? */
59 static struct certinfo
*getnewci
__P((int, int, int, int, int, char *));
61 static struct certinfo
*
62 getnewci(qtype
, keytag
, algorithm
, flags
, certlen
, cert
)
63 int qtype
, keytag
, algorithm
, flags
, certlen
;
68 res
= malloc(sizeof(*res
));
72 memset(res
, 0, sizeof(*res
));
74 res
->ci_keytag
= keytag
;
75 res
->ci_algorithm
= algorithm
;
76 res
->ci_flags
= flags
;
77 res
->ci_certlen
= certlen
;
78 res
->ci_cert
= malloc(certlen
);
83 memcpy(res
->ci_cert
, cert
, certlen
);
92 struct certinfo
*next
;
104 * get CERT RR by FQDN and create certinfo structure chain.
106 #ifdef HAVE_LWRES_GETRRSETBYNAME
107 #define getrrsetbyname lwres_getrrsetbyname
108 #define freerrset lwres_freerrset
109 #define hstrerror lwres_hstrerror
111 #if defined(HAVE_LWRES_GETRRSETBYNAME) || defined(AHVE_GETRRSETBYNAME)
113 getcertsbyname(name
, res
)
115 struct certinfo
**res
;
119 int type
, keytag
, algorithm
;
120 struct certinfo head
, *cur
;
121 struct rrsetinfo
*rr
= NULL
;
128 memset(&head
, 0, sizeof(head
));
131 error
= getrrsetbyname(name
, C_IN
, T_CERT
, 0, &rr
);
134 printf("getrrsetbyname: %s\n", hstrerror(error
));
136 h_errno
= NO_RECOVERY
;
140 if (rr
->rri_rdclass
!= C_IN
141 || rr
->rri_rdtype
!= T_CERT
142 || rr
->rri_nrdatas
== 0) {
144 printf("getrrsetbyname: %s", hstrerror(error
));
146 h_errno
= NO_RECOVERY
;
150 if (!(rr
->rri_flags
& LWRDATA_VALIDATED
))
151 printf("rr is not valid");
154 for (i
= 0; i
< rr
->rri_nrdatas
; i
++) {
155 rdlength
= rr
->rri_rdatas
[i
].rdi_length
;
156 cp
= rr
->rri_rdatas
[i
].rdi_data
;
158 GETSHORT(type
, cp
); /* type */
160 GETSHORT(keytag
, cp
); /* key tag */
162 algorithm
= *cp
++; /* algorithm */
166 printf("type=%d keytag=%d alg=%d len=%d\n",
167 type
, keytag
, algorithm
, rdlength
);
170 /* create new certinfo */
171 cur
->ci_next
= getnewci(type
, keytag
, algorithm
,
172 rr
->rri_flags
, rdlength
, cp
);
175 printf("getnewci: %s", strerror(errno
));
177 h_errno
= NO_RECOVERY
;
189 if (error
&& head
.ci_next
)
190 freecertinfo(head
.ci_next
);
194 #else /*!HAVE_LWRES_GETRRSETBYNAME*/
196 getcertsbyname(name
, res
)
198 struct certinfo
**res
;
200 caddr_t answer
= NULL
, p
;
201 int buflen
, anslen
, len
;
203 int qdcount
, ancount
, rdlength
;
205 char hostbuf
[1024]; /* XXX */
206 int qtype
, qclass
, keytag
, algorithm
;
207 struct certinfo head
, *cur
;
213 memset(&head
, 0, sizeof(head
));
221 p
= realloc(answer
, buflen
);
224 printf("realloc: %s", strerror(errno
));
226 h_errno
= NO_RECOVERY
;
231 anslen
= res_query(name
, C_IN
, T_CERT
, answer
, buflen
);
235 } while (buflen
< anslen
);
238 printf("get a DNS packet len=%d\n", anslen
);
242 eom
= answer
+ anslen
;
244 hp
= (HEADER
*)answer
;
245 qdcount
= ntohs(hp
->qdcount
);
246 ancount
= ntohs(hp
->ancount
);
248 /* question section */
251 printf("query count is not 1.\n");
253 h_errno
= NO_RECOVERY
;
256 cp
= (char *)(hp
+ 1);
257 len
= dn_expand(answer
, eom
, cp
, hostbuf
, sizeof(hostbuf
));
260 printf("dn_expand failed.\n");
265 GETSHORT(qtype
, cp
); /* QTYPE */
266 GETSHORT(qclass
, cp
); /* QCLASS */
269 while (ancount
-- && cp
< eom
) {
270 len
= dn_expand(answer
, eom
, cp
, hostbuf
, sizeof(hostbuf
));
273 printf("dn_expand failed.\n");
278 GETSHORT(qtype
, cp
); /* TYPE */
279 GETSHORT(qclass
, cp
); /* CLASS */
280 cp
+= INT32SZ
; /* TTL */
281 GETSHORT(rdlength
, cp
); /* RDLENGTH */
284 if (qtype
!= T_CERT
) {
286 printf("not T_CERT\n");
288 h_errno
= NO_RECOVERY
;
291 GETSHORT(qtype
, cp
); /* type */
293 GETSHORT(keytag
, cp
); /* key tag */
295 algorithm
= *cp
++; /* algorithm */
297 if (cp
+ rdlength
> eom
) {
299 printf("rdlength is too long.\n");
301 h_errno
= NO_RECOVERY
;
305 printf("type=%d keytag=%d alg=%d len=%d\n",
306 qtype
, keytag
, algorithm
, rdlength
);
309 /* create new certinfo */
310 cur
->ci_next
= getnewci(qtype
, keytag
, algorithm
,
314 printf("getnewci: %s", strerror(errno
));
316 h_errno
= NO_RECOVERY
;
330 if (error
&& head
.ci_next
)
331 freecertinfo(head
.ci_next
);
343 static const char b64t
[] =
344 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
345 "abcdefghijklmnopqrstuvwxyz"
349 printf("%c", b64t
[(p
[0] >> 2) & 0x3f]);
350 printf("%c", b64t
[((p
[0] << 4) & 0x30) | ((p
[1] >> 4) & 0x0f)]);
351 printf("%c", b64t
[((p
[1] << 2) & 0x3c) | ((p
[2] >> 6) & 0x03)]);
352 printf("%c", b64t
[p
[2] & 0x3f]);
358 printf("%c", b64t
[(p
[0] >> 2) & 0x3f]);
359 printf("%c", b64t
[((p
[0] << 4) & 0x30)| ((p
[1] >> 4) & 0x0f)]);
360 printf("%c", b64t
[((p
[1] << 2) & 0x3c)]);
362 } else if (len
== 1) {
363 printf("%c", b64t
[(p
[0] >> 2) & 0x3f]);
364 printf("%c", b64t
[((p
[0] << 4) & 0x30)]);
377 struct certinfo
*res
, *p
;
381 printf("Usage: a.out (FQDN)\n");
385 i
= getcertsbyname(*(av
+ 1), &res
);
387 herror("getcertsbyname");
390 printf("getcertsbyname succeeded.\n");
393 for (p
= res
; p
; p
= p
->ci_next
) {
394 printf("certinfo[%d]:\n", i
);
395 printf("\tci_type=%d\n", p
->ci_type
);
396 printf("\tci_keytag=%d\n", p
->ci_keytag
);
397 printf("\tci_algorithm=%d\n", p
->ci_algorithm
);
398 printf("\tci_flags=%d\n", p
->ci_flags
);
399 printf("\tci_certlen=%d\n", p
->ci_certlen
);
400 printf("\tci_cert: ");
401 b64encode(p
->ci_cert
, p
->ci_certlen
);