-/*
- * Copyright (c) 2005-2007,2010-2011 Apple Inc. All Rights Reserved.
- *
- * parseCrl.c - parse a DER-encoded X509 CRL using libDER.
- */
-
-#include <stdlib.h>
-#include <strings.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <libDER/libDER.h>
-#include <libDER/asn1Types.h>
-#include <libDER/DER_CertCrl.h>
-#include <libDER/DER_Keys.h>
-#include <libDERUtils/fileIo.h>
-#include <libDERUtils/libDERUtils.h>
-#include <libDERUtils/printFields.h>
-
-static void usage(char **argv)
-{
- printf("usage: %s crlFile [options]\n", argv[0]);
- printf("Options:\n");
- printf(" -v -- verbose \n");
- /* etc. */
- exit(1);
-}
-
-/*
- * This is a SEQUENCE OF so we use the low-level DERDecodeSeq* routines to snag one entry
- * at a time.
- */
-static void printRevokedCerts(
- DERItem *revokedCerts,
- int verbose)
-{
- DERReturn drtn;
- DERDecodedInfo currItem;
- DERSequence seq;
- unsigned certNum;
- DERRevokedCert revoked;
-
- drtn = DERDecodeSeqContentInit(revokedCerts, &seq);
- if(drtn) {
- DERPerror("DERDecodeSeqContentInit(revokedCerts)", drtn);
- return;
- }
-
- for(certNum=0; ; certNum++) {
- drtn = DERDecodeSeqNext(&seq, &currItem);
- switch(drtn) {
- case DR_EndOfSequence:
- /* normal termination */
- return;
- default:
- DERPerror("DERDecodeSeqNext", drtn);
- return;
- case DR_Success:
- doIndent();
- printf("revoked cert %u\n", certNum);
- incrIndent();
- drtn = DERParseSequenceContent(&currItem.content,
- DERNumRevokedCertItemSpecs, DERRevokedCertItemSpecs,
- &revoked, sizeof(revoked));
- if(drtn) {
- DERPerror("DERParseSequenceContent(RevokedCert)", drtn);
- decrIndent();
- return;
- }
- printItem("serialNum", IT_Leaf, verbose, ASN1_INTEGER, &revoked.serialNum);
- decodePrintItem("revocationDate", IT_Leaf, verbose, &revoked.revocationDate);
- printItem("extensions", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &revoked.extensions);
- decrIndent();
- }
- }
-}
-
-int main(int argc, char **argv)
-{
- unsigned char *crlData = NULL;
- unsigned crlDataLen = 0;
- DERSignedCertCrl signedCrl;
- DERTBSCrl tbs;
- DERReturn drtn;
- DERItem item;
- int verbose = 0;
- extern char *optarg;
- int arg;
- extern int optind;
-
- if(argc < 2) {
- usage(argv);
- }
- if(readFile(argv[1], &crlData, &crlDataLen)) {
- printf("***Error reading CRL from %s. Aborting.\n", argv[1]);
- exit(1);
- }
-
- optind = 2;
- while ((arg = getopt(argc, argv, "vh")) != -1) {
- switch (arg) {
- case 'v':
- verbose = 1;
- break;
- case 'h':
- usage(argv);
- }
- }
- if(optind != argc) {
- usage(argv);
- }
-
- /* Top level decode of signed CRL into 3 components */
- item.data = crlData;
- item.length = crlDataLen;
- drtn = DERParseSequence(&item, DERNumSignedCertCrlItemSpecs, DERSignedCertCrlItemSpecs,
- &signedCrl, sizeof(signedCrl));
- if(drtn) {
- DERPerror("DERParseSequence(SignedCrl)", drtn);
- exit(1);
- }
- printItem("TBSCrl", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &signedCrl.tbs);
-
- incrIndent();
-
- /* decode the TBSCrl - it was saved in full DER form */
- drtn = DERParseSequence(&signedCrl.tbs,
- DERNumTBSCrlItemSpecs, DERTBSCrlItemSpecs,
- &tbs, sizeof(tbs));
- if(drtn) {
- DERPerror("DERParseSequenceContent(TBSCrl)", drtn);
- exit(1);
- }
- if(tbs.version.data) {
- printItem("version", IT_Leaf, verbose, ASN1_INTEGER, &tbs.version);
- }
-
- printItem("tbsSigAlg", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &tbs.tbsSigAlg);
- incrIndent();
- printAlgId(&tbs.tbsSigAlg, verbose);
- decrIndent();
-
- printItem("issuer", IT_Leaf, verbose, ASN1_CONSTR_SEQUENCE, &tbs.issuer);
-
- decodePrintItem("thisUpdate", IT_Leaf, verbose, &tbs.thisUpdate);
- decodePrintItem("nextUpdate", IT_Leaf, verbose, &tbs.nextUpdate);
-
- if(tbs.revokedCerts.data) {
- printItem("version", IT_Leaf, verbose, ASN1_CONSTR_SEQUENCE, &tbs.revokedCerts);
- incrIndent();
- printRevokedCerts(&tbs.revokedCerts, verbose);
- decrIndent();
- }
-
- if(tbs.extensions.data) {
- printItem("extensions", IT_Leaf, verbose, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 3,
- &tbs.extensions);
- }
-
- printItem("sigAlg", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &signedCrl.sigAlg);
- incrIndent();
- printAlgId(&signedCrl.sigAlg, verbose);
- decrIndent();
-
- printItem("sig", IT_Leaf, verbose, ASN1_BIT_STRING, &signedCrl.sig);
-
- return 0;
-}
projects / apple / security.git / blobdiff