467
483
if ( (p = gpgsm_get_keygrip_hexstring (cert)))
469
fprintf (fp, "grp:::::::::%s:\n", p);
485
es_fprintf (fp, "grp:::::::::%s:\n", p);
472
488
print_key_data (cert, fp);
475
492
for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++)
477
fprintf (fp, "uid:%s::::::::", truststring);
478
print_sanitized_string (fp, p, ':');
494
/* In the case that the same email address is in the subject DN
495
as well as in an alternate subject name we avoid printing it
497
if (kludge_uid && !strcmp (kludge_uid, p))
500
es_fprintf (fp, "uid:%s::::::::", truststring);
501
es_write_sanitized (fp, p, strlen (p), ":", NULL);
484
507
/* It would be better to get the faked email address from
485
508
the keydb. But as long as we don't have a way to pass
486
509
the meta data back, we just check it the same way as the
487
510
code used to create the keybox meta data does */
488
char *pp = email_kludge (p);
511
kludge_uid = email_kludge (p);
491
fprintf (fp, "uid:%s::::::::", truststring);
492
print_sanitized_string (fp, pp, ':');
514
es_fprintf (fp, "uid:%s::::::::", truststring);
515
es_write_sanitized (fp, kludge_uid, strlen (kludge_uid),
505
print_name_raw (FILE *fp, const char *string)
529
print_name_raw (estream_t fp, const char *string)
508
fputs ("[error]", fp);
532
es_fputs ("[error]", fp);
510
print_sanitized_string (fp, string, 0);
534
es_write_sanitized (fp, string, strlen (string), NULL, NULL);
514
print_names_raw (FILE *fp, int indent, ksba_name_t name)
538
print_names_raw (estream_t fp, int indent, ksba_name_t name)
556
582
ksba_name_t name, name2;
557
583
unsigned int reason;
585
es_fprintf (fp, " ID: 0x%08lX\n",
586
gpgsm_get_short_fingerprint (cert));
559
588
sexp = ksba_cert_get_serial (cert);
560
fputs ("Serial number: ", fp);
589
es_fputs (" S/N: ", fp);
561
590
gpgsm_print_serial (fp, sexp);
562
591
ksba_free (sexp);
565
594
dn = ksba_cert_get_issuer (cert, 0);
566
fputs (" Issuer: ", fp);
595
es_fputs (" Issuer: ", fp);
567
596
print_name_raw (fp, dn);
570
599
for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)
572
fputs (" aka: ", fp);
601
es_fputs (" aka: ", fp);
573
602
print_name_raw (fp, dn);
578
607
dn = ksba_cert_get_subject (cert, 0);
579
fputs (" Subject: ", fp);
608
es_fputs (" Subject: ", fp);
580
609
print_name_raw (fp, dn);
583
612
for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)
585
fputs (" aka: ", fp);
614
es_fputs (" aka: ", fp);
586
615
print_name_raw (fp, dn);
591
620
dn = gpgsm_get_fingerprint_string (cert, 0);
592
fprintf (fp, " sha1_fpr: %s\n", dn?dn:"error");
621
es_fprintf (fp, " sha1_fpr: %s\n", dn?dn:"error");
595
624
dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);
596
fprintf (fp, " md5_fpr: %s\n", dn?dn:"error");
625
es_fprintf (fp, " md5_fpr: %s\n", dn?dn:"error");
628
dn = gpgsm_get_certid (cert);
629
es_fprintf (fp, " certid: %s\n", dn?dn:"error");
599
632
dn = gpgsm_get_keygrip_hexstring (cert);
600
fprintf (fp, " keygrip: %s\n", dn?dn:"error");
633
es_fprintf (fp, " keygrip: %s\n", dn?dn:"error");
603
636
ksba_cert_get_validity (cert, 0, t);
604
fputs (" notBefore: ", fp);
637
es_fputs (" notBefore: ", fp);
605
638
gpgsm_print_time (fp, t);
607
fputs (" notAfter: ", fp);
640
es_fputs (" notAfter: ", fp);
608
641
ksba_cert_get_validity (cert, 1, t);
609
642
gpgsm_print_time (fp, t);
612
645
oid = ksba_cert_get_digest_algo (cert);
613
646
s = get_oid_desc (oid, NULL);
614
fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
647
es_fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
617
650
const char *algoname;
618
651
unsigned int nbits;
620
653
algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
621
fprintf (fp, " keyType: %u bit %s\n", nbits, algoname? algoname:"?");
654
es_fprintf (fp, " keyType: %u bit %s\n",
655
nbits, algoname? algoname:"?");
624
658
/* subjectKeyIdentifier */
625
fputs (" subjKeyId: ", fp);
659
es_fputs (" subjKeyId: ", fp);
626
660
err = ksba_cert_get_subj_key_id (cert, NULL, &keyid);
627
661
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
629
663
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
630
fputs ("[none]\n", fp);
664
es_fputs ("[none]\n", fp);
633
667
gpgsm_print_serial (fp, keyid);
634
668
ksba_free (keyid);
673
es_fputs ("[?]\n", fp);
642
676
/* authorityKeyIdentifier */
643
fputs (" authKeyId: ", fp);
677
es_fputs (" authKeyId: ", fp);
644
678
err = ksba_cert_get_auth_key_id (cert, &keyid, &name, &sexp);
645
679
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
647
681
if (gpg_err_code (err) == GPG_ERR_NO_DATA || !name)
648
fputs ("[none]\n", fp);
682
es_fputs ("[none]\n", fp);
651
685
gpgsm_print_serial (fp, sexp);
652
686
ksba_free (sexp);
654
688
print_names_raw (fp, -15, name);
655
689
ksba_name_release (name);
659
fputs (" authKeyId.ki: ", fp);
693
es_fputs (" authKeyId.ki: ", fp);
660
694
gpgsm_print_serial (fp, keyid);
661
695
ksba_free (keyid);
700
es_fputs ("[?]\n", fp);
668
fputs (" keyUsage:", fp);
702
es_fputs (" keyUsage:", fp);
669
703
err = ksba_cert_get_key_usage (cert, &kusage);
670
704
if (gpg_err_code (err) != GPG_ERR_NO_DATA)
673
fprintf (fp, " [error: %s]", gpg_strerror (err));
707
es_fprintf (fp, " [error: %s]", gpg_strerror (err));
676
710
if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
677
fputs (" digitalSignature", fp);
711
es_fputs (" digitalSignature", fp);
678
712
if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
679
fputs (" nonRepudiation", fp);
713
es_fputs (" nonRepudiation", fp);
680
714
if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
681
fputs (" keyEncipherment", fp);
715
es_fputs (" keyEncipherment", fp);
682
716
if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
683
fputs (" dataEncipherment", fp);
717
es_fputs (" dataEncipherment", fp);
684
718
if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
685
fputs (" keyAgreement", fp);
719
es_fputs (" keyAgreement", fp);
686
720
if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
687
fputs (" certSign", fp);
721
es_fputs (" certSign", fp);
688
722
if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
689
fputs (" crlSign", fp);
723
es_fputs (" crlSign", fp);
690
724
if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
691
fputs (" encipherOnly", fp);
725
es_fputs (" encipherOnly", fp);
692
726
if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
693
fputs (" decipherOnly", fp);
727
es_fputs (" decipherOnly", fp);
698
fputs ("[none]\n", fp);
732
es_fputs (" [none]\n", fp);
700
fputs (" extKeyUsage: ", fp);
734
es_fputs (" extKeyUsage: ", fp);
701
735
err = ksba_cert_get_ext_key_usages (cert, &string);
702
736
if (gpg_err_code (err) != GPG_ERR_NO_DATA)
705
fprintf (fp, "[error: %s]", gpg_strerror (err));
739
es_fprintf (fp, "[error: %s]", gpg_strerror (err));
745
779
for (i=0; key_purpose_map[i].oid; i++)
746
780
if ( !strcmp (key_purpose_map[i].oid, p) )
751
fputs (" (critical)", fp);
785
es_fputs (" (critical)", fp);
752
786
if ((p = strchr (p, '\n')))
789
es_fputs ("\n ", fp);
763
fputs ("[none]\n", fp);
797
es_fputs ("[none]\n", fp);
765
fputs (" chainLength: ", fp);
799
es_fputs (" chainLength: ", fp);
766
800
err = ksba_cert_is_ca (cert, &is_ca, &chainlen);
767
801
if (err || is_ca)
770
fprintf (fp, "[error: %s]", gpg_strerror (err));
803
if (gpg_err_code (err) == GPG_ERR_NO_VALUE )
804
es_fprintf (fp, "[none]");
806
es_fprintf (fp, "[error: %s]", gpg_strerror (err));
771
807
else if (chainlen == -1)
772
fputs ("unlimited", fp);
808
es_fputs ("unlimited", fp);
774
fprintf (fp, "%d", chainlen);
810
es_fprintf (fp, "%d", chainlen);
778
fputs ("not a CA\n", fp);
814
es_fputs ("not a CA\n", fp);
781
817
/* CRL distribution point */
782
818
for (idx=0; !(err=ksba_cert_get_crl_dist_point (cert, idx, &name, &name2,
783
819
&reason)) ;idx++)
785
fputs (" crlDP: ", fp);
821
es_fputs (" crlDP: ", fp);
786
822
print_names_raw (fp, 15, name);
789
fputs (" reason: ", fp);
825
es_fputs (" reason: ", fp);
790
826
if ( (reason & KSBA_CRLREASON_UNSPECIFIED))
791
fputs (" unused", stdout);
827
es_fputs (" unused", fp);
792
828
if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))
793
fputs (" keyCompromise", stdout);
829
es_fputs (" keyCompromise", fp);
794
830
if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))
795
fputs (" caCompromise", stdout);
831
es_fputs (" caCompromise", fp);
796
832
if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))
797
fputs (" affiliationChanged", stdout);
833
es_fputs (" affiliationChanged", fp);
798
834
if ( (reason & KSBA_CRLREASON_SUPERSEDED))
799
fputs (" superseded", stdout);
835
es_fputs (" superseded", fp);
800
836
if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))
801
fputs (" cessationOfOperation", stdout);
837
es_fputs (" cessationOfOperation", fp);
802
838
if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))
803
fputs (" certificateHold", stdout);
839
es_fputs (" certificateHold", fp);
806
fputs (" issuer: ", fp);
842
es_fputs (" issuer: ", fp);
807
843
print_names_raw (fp, 23, name2);
808
844
ksba_name_release (name);
809
845
ksba_name_release (name2);
811
if (err && gpg_err_code (err) != GPG_ERR_EOF)
812
fputs (" crlDP: [error]\n", fp);
847
if (err && gpg_err_code (err) != GPG_ERR_EOF
848
&& gpg_err_code (err) != GPG_ERR_NO_VALUE)
849
es_fputs (" crlDP: [error]\n", fp);
814
fputs (" crlDP: [none]\n", fp);
851
es_fputs (" crlDP: [none]\n", fp);
817
854
/* authorityInfoAccess. */
818
855
for (idx=0; !(err=ksba_cert_get_authority_info_access (cert, idx, &string,
821
fputs (" authInfo: ", fp);
858
es_fputs (" authInfo: ", fp);
822
859
s = get_oid_desc (string, NULL);
823
fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
860
es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
824
861
print_names_raw (fp, -15, name);
825
862
ksba_name_release (name);
826
863
ksba_free (string);
828
if (err && gpg_err_code (err) != GPG_ERR_EOF)
829
fputs (" authInfo: [error]\n", fp);
865
if (err && gpg_err_code (err) != GPG_ERR_EOF
866
&& gpg_err_code (err) != GPG_ERR_NO_VALUE)
867
es_fputs (" authInfo: [error]\n", fp);
831
fputs (" authInfo: [none]\n", fp);
869
es_fputs (" authInfo: [none]\n", fp);
833
871
/* subjectInfoAccess. */
834
872
for (idx=0; !(err=ksba_cert_get_subject_info_access (cert, idx, &string,
837
fputs (" subjectInfo: ", fp);
875
es_fputs (" subjectInfo: ", fp);
838
876
s = get_oid_desc (string, NULL);
839
fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
877
es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
840
878
print_names_raw (fp, -15, name);
841
879
ksba_name_release (name);
842
880
ksba_free (string);
844
if (err && gpg_err_code (err) != GPG_ERR_EOF)
845
fputs (" subjInfo: [error]\n", fp);
882
if (err && gpg_err_code (err) != GPG_ERR_EOF
883
&& gpg_err_code (err) != GPG_ERR_NO_VALUE)
884
es_fputs (" subjInfo: [error]\n", fp);
847
fputs (" subjInfo: [none]\n", fp);
886
es_fputs (" subjInfo: [none]\n", fp);
850
889
for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
900
939
unsigned int kusage;
901
940
char *string, *p, *pend;
942
es_fprintf (fp, " ID: 0x%08lX\n",
943
gpgsm_get_short_fingerprint (cert));
903
945
sexp = ksba_cert_get_serial (cert);
904
fputs ("Serial number: ", fp);
946
es_fputs (" S/N: ", fp);
905
947
gpgsm_print_serial (fp, sexp);
906
948
ksba_free (sexp);
909
951
dn = ksba_cert_get_issuer (cert, 0);
910
fputs (" Issuer: ", fp);
911
gpgsm_print_name (fp, dn);
952
es_fputs (" Issuer: ", fp);
953
gpgsm_es_print_name (fp, dn);
914
956
for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)
916
fputs (" aka: ", fp);
917
gpgsm_print_name (fp, dn);
958
es_fputs (" aka: ", fp);
959
gpgsm_es_print_name (fp, dn);
922
964
dn = ksba_cert_get_subject (cert, 0);
923
fputs (" Subject: ", fp);
924
gpgsm_print_name (fp, dn);
965
es_fputs (" Subject: ", fp);
966
gpgsm_es_print_name (fp, dn);
927
969
for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)
929
fputs (" aka: ", fp);
930
gpgsm_print_name (fp, dn);
971
es_fputs (" aka: ", fp);
972
gpgsm_es_print_name (fp, dn);
935
977
ksba_cert_get_validity (cert, 0, t);
936
fputs (" validity: ", fp);
978
es_fputs (" validity: ", fp);
937
979
gpgsm_print_time (fp, t);
938
fputs (" through ", fp);
980
es_fputs (" through ", fp);
939
981
ksba_cert_get_validity (cert, 1, t);
940
982
gpgsm_print_time (fp, t);
946
988
unsigned int nbits;
948
990
algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
949
fprintf (fp, " key type: %u bit %s\n", nbits, algoname? algoname:"?");
991
es_fprintf (fp, " key type: %u bit %s\n",
992
nbits, algoname? algoname:"?");
953
996
err = ksba_cert_get_key_usage (cert, &kusage);
954
997
if (gpg_err_code (err) != GPG_ERR_NO_DATA)
956
fputs (" key usage:", fp);
999
es_fputs (" key usage:", fp);
958
fprintf (fp, " [error: %s]", gpg_strerror (err));
1001
es_fprintf (fp, " [error: %s]", gpg_strerror (err));
961
1004
if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
962
fputs (" digitalSignature", fp);
1005
es_fputs (" digitalSignature", fp);
963
1006
if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
964
fputs (" nonRepudiation", fp);
1007
es_fputs (" nonRepudiation", fp);
965
1008
if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
966
fputs (" keyEncipherment", fp);
1009
es_fputs (" keyEncipherment", fp);
967
1010
if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
968
fputs (" dataEncipherment", fp);
1011
es_fputs (" dataEncipherment", fp);
969
1012
if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
970
fputs (" keyAgreement", fp);
1013
es_fputs (" keyAgreement", fp);
971
1014
if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
972
fputs (" certSign", fp);
1015
es_fputs (" certSign", fp);
973
1016
if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
974
fputs (" crlSign", fp);
1017
es_fputs (" crlSign", fp);
975
1018
if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
976
fputs (" encipherOnly", fp);
1019
es_fputs (" encipherOnly", fp);
977
1020
if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
978
fputs (" decipherOnly", fp);
1021
es_fputs (" decipherOnly", fp);
983
1026
err = ksba_cert_get_ext_key_usages (cert, &string);
984
1027
if (gpg_err_code (err) != GPG_ERR_NO_DATA)
986
fputs ("ext key usage: ", fp);
1029
es_fputs ("ext key usage: ", fp);
988
fprintf (fp, "[error: %s]", gpg_strerror (err));
1031
es_fprintf (fp, "[error: %s]", gpg_strerror (err));
1023
1066
if (*p == '\n')
1026
print_sanitized_string (fp, string, 0);
1069
es_write_sanitized (fp, string, strlen (string), NULL, NULL);
1027
1070
xfree (string);
1032
1075
err = ksba_cert_is_ca (cert, &is_ca, &chainlen);
1033
1076
if (err || is_ca)
1035
fputs (" chain length: ", fp);
1037
fprintf (fp, "[error: %s]", gpg_strerror (err));
1078
es_fputs (" chain length: ", fp);
1079
if (gpg_err_code (err) == GPG_ERR_NO_VALUE )
1080
es_fprintf (fp, "none");
1082
es_fprintf (fp, "[error: %s]", gpg_strerror (err));
1038
1083
else if (chainlen == -1)
1039
fputs ("unlimited", fp);
1084
es_fputs ("unlimited", fp);
1041
fprintf (fp, "%d", chainlen);
1086
es_fprintf (fp, "%d", chainlen);
1045
1090
if (opt.with_md5_fingerprint)
1047
1092
dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);
1048
fprintf (fp, " md5 fpr: %s\n", dn?dn:"error");
1093
es_fprintf (fp, " md5 fpr: %s\n", dn?dn:"error");
1052
1097
dn = gpgsm_get_fingerprint_string (cert, 0);
1053
fprintf (fp, " fingerprint: %s\n", dn?dn:"error");
1098
es_fprintf (fp, " fingerprint: %s\n", dn?dn:"error");