/src/openssl/crypto/x509/t_acert.c

Source
/*
 * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/bn.h>
#include <openssl/objects.h>
#include <openssl/x509_acert.h>

#include <crypto/asn1.h>

static int print_attribute(BIO *bp, X509_ATTRIBUTE *a)
{
    const ASN1_OBJECT *aobj;
    int i, j, count;
    int ret = 0;

    aobj = X509_ATTRIBUTE_get0_object(a);
    if (BIO_printf(bp, "%12s", "") <= 0)
        goto err;

    if ((j = i2a_ASN1_OBJECT(bp, aobj)) <= 0)
        goto err;

    count = X509_ATTRIBUTE_count(a);
    if (count == 0) {
        ERR_raise(ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES);
        goto err;
    }

    if (j < 25 && (BIO_printf(bp, "%*s", 25 - j, " ") <= 0))
        goto err;

    if (BIO_puts(bp, ":") <= 0)
        goto err;

    for (i = 0; i < count; i++) {
        const ASN1_TYPE *at;
        int type;
        ASN1_BIT_STRING *bs;

        at = X509_ATTRIBUTE_get0_type(a, i);
        type = at->type;

        switch (type) {
        case V_ASN1_PRINTABLESTRING:
        case V_ASN1_T61STRING:
        case V_ASN1_NUMERICSTRING:
        case V_ASN1_UTF8STRING:
        case V_ASN1_IA5STRING:
            bs = at->value.asn1_string;
            if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length)
                goto err;
            if (BIO_puts(bp, "\n") <= 0)
                goto err;
            break;
        case V_ASN1_SEQUENCE:
            if (BIO_puts(bp, "\n") <= 0)
                goto err;
            if (ASN1_parse_dump(bp, at->value.sequence->data,
                    at->value.sequence->length, i, 1)
                <= 0)
                goto err;
            break;
        default:
            if (BIO_printf(bp, "unable to print attribute of type 0x%X\n",
                    type)
                < 0)
                goto err;
            break;
        }
    }
    ret = 1;
err:
    return ret;
}

int X509_ACERT_print_ex(BIO *bp, X509_ACERT *x, unsigned long nmflags,
    unsigned long cflag)
{
    int i;
    char mlch = ' ';

    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
        mlch = '\n';
    }

    if ((cflag & X509_FLAG_NO_HEADER) == 0) {
        if (BIO_printf(bp, "Attribute Certificate:\n") <= 0)
            goto err;
        if (BIO_printf(bp, "%4sData:\n", "") <= 0)
            goto err;
    }

    if ((cflag & X509_FLAG_NO_VERSION) == 0) {
        long l;

        l = X509_ACERT_get_version(x);
        if (l == X509_ACERT_VERSION_2) {
            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1,
                    (unsigned long)l)
                <= 0)
                goto err;
        } else {
            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
                goto err;
        }
    }

    if ((cflag & X509_FLAG_NO_SERIAL) == 0) {
        const ASN1_INTEGER *serial;

        serial = X509_ACERT_get0_serialNumber(x);

        if (BIO_printf(bp, "%8sSerial Number: ", "") <= 0)
            goto err;

        if (i2a_ASN1_INTEGER(bp, serial) <= 0)
            goto err;

        if (BIO_write(bp, "\n", 1) <= 0)
            goto err;
    }

    if ((cflag & X509_FLAG_NO_SUBJECT) == 0) {
        const GENERAL_NAMES *holderEntities;
        const OSSL_ISSUER_SERIAL *holder_bcid;
        const X509_NAME *holderIssuer = NULL;

        if (BIO_printf(bp, "%8sHolder:\n", "") <= 0)
            goto err;

        holderEntities = X509_ACERT_get0_holder_entityName(x);
        if (holderEntities != NULL) {
            for (i = 0; i < sk_GENERAL_NAME_num(holderEntities); i++) {
                GENERAL_NAME *entity;

                entity = sk_GENERAL_NAME_value(holderEntities, i);

                if (BIO_printf(bp, "%12sName:%c", "", mlch) <= 0)
                    goto err;
                if (GENERAL_NAME_print(bp, entity) <= 0)
                    goto err;
                if (BIO_write(bp, "\n", 1) <= 0)
                    goto err;
            }
        }

        if ((holder_bcid = X509_ACERT_get0_holder_baseCertId(x)) != NULL)
            holderIssuer = OSSL_ISSUER_SERIAL_get0_issuer(holder_bcid);

        if (holderIssuer != NULL) {
            const ASN1_INTEGER *holder_serial;
            const ASN1_BIT_STRING *iuid;

            if (BIO_printf(bp, "%12sIssuer:%c", "", mlch) <= 0)
                goto err;

            if (X509_NAME_print_ex(bp, holderIssuer, 0, nmflags) <= 0)
                goto err;

            if (BIO_write(bp, "\n", 1) <= 0)
                goto err;

            if (BIO_printf(bp, "%12sSerial: ", "") <= 0)
                goto err;

            holder_serial = OSSL_ISSUER_SERIAL_get0_serial(holder_bcid);

            if (i2a_ASN1_INTEGER(bp, holder_serial) <= 0)
                goto err;

            iuid = OSSL_ISSUER_SERIAL_get0_issuerUID(holder_bcid);
            if (iuid != NULL) {
                if (BIO_printf(bp, "%12sIssuer UID: ", "") <= 0)
                    goto err;
                if (X509_signature_dump(bp, iuid, 24) <= 0)
                    goto err;
            }
            if (BIO_write(bp, "\n", 1) <= 0)
                goto err;
        }
    }

    if ((cflag & X509_FLAG_NO_ISSUER) == 0) {
        const X509_NAME *issuer;

        if (BIO_printf(bp, "%8sIssuer:%c", "", mlch) <= 0)
            goto err;
        issuer = X509_ACERT_get0_issuerName(x);
        if (issuer) {
            if (X509_NAME_print_ex(bp, issuer, 0, nmflags) < 0)
                goto err;
        } else {
            if (BIO_printf(bp, "Unsupported Issuer Type") <= 0)
                goto err;
        }
        if (BIO_write(bp, "\n", 1) <= 0)
            goto err;
    }

    if ((cflag & X509_FLAG_NO_VALIDITY) == 0) {
        if (BIO_printf(bp, "%8sValidity\n", "") <= 0)
            goto err;
        if (BIO_printf(bp, "%12sNot Before: ", "") <= 0)
            goto err;
        if (ASN1_GENERALIZEDTIME_print(bp, X509_ACERT_get0_notBefore(x)) == 0)
            goto err;
        if (BIO_printf(bp, "\n%12sNot After : ", "") <= 0)
            goto err;
        if (ASN1_GENERALIZEDTIME_print(bp, X509_ACERT_get0_notAfter(x)) == 0)
            goto err;
        if (BIO_write(bp, "\n", 1) <= 0)
            goto err;
    }

    if ((cflag & X509_FLAG_NO_ATTRIBUTES) == 0) {
        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
            goto err;

        if (X509_ACERT_get_attr_count(x) == 0) {
            if (BIO_printf(bp, "%12s(none)\n", "") <= 0)
                goto err;
        } else {
            for (i = 0; i < X509_ACERT_get_attr_count(x); i++) {
                if (print_attribute(bp, X509_ACERT_get_attr(x, i)) == 0)
                    goto err;
            }
        }
    }

    if ((cflag & X509_FLAG_NO_EXTENSIONS) == 0) {
        const STACK_OF(X509_EXTENSION) *exts;

        exts = X509_ACERT_get0_extensions(x);
        if (exts != NULL) {
            if (BIO_printf(bp, "%8sExtensions:\n", "") <= 0)
                goto err;
            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
                const ASN1_OBJECT *obj;
                const X509_EXTENSION *ex;
                int critical;

                ex = sk_X509_EXTENSION_value(exts, i);
                if (BIO_printf(bp, "%12s", "") <= 0)
                    goto err;
                obj = X509_EXTENSION_get_object(ex);
                if (i2a_ASN1_OBJECT(bp, obj) <= 0)
                    goto err;
                critical = X509_EXTENSION_get_critical(ex);
                if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
                    goto err;
                if (X509V3_EXT_print(bp, ex, cflag, 20) <= 0) {
                    if (BIO_printf(bp, "%16s", "") <= 0)
                        goto err;
                    if (ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)) <= 0)
                        goto err;
                }
                if (BIO_write(bp, "\n", 1) <= 0)
                    goto err;
            }
        }
    }

    if ((cflag & X509_FLAG_NO_SIGDUMP) == 0) {
        const X509_ALGOR *sig_alg;
        const ASN1_BIT_STRING *sig;

        X509_ACERT_get0_signature(x, &sig, &sig_alg);
        if (X509_signature_print(bp, sig_alg, sig) <= 0)
            return 0;
    }

    return 1;

err:
    ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
    return 0;
}

int X509_ACERT_print(BIO *bp, X509_ACERT *x)
{
    return X509_ACERT_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
}

Coverage Report

Created: 2026-05-24 07:14

Line	Count	Source
1		/*
2		* Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include <openssl/buffer.h>
13		#include <openssl/bn.h>
14		#include <openssl/objects.h>
15		#include <openssl/x509_acert.h>
16
17		#include <crypto/asn1.h>
18
19		static int print_attribute(BIO bp, X509_ATTRIBUTE a)
20	134k	{
21	134k	const ASN1_OBJECT *aobj;
22	134k	int i, j, count;
23	134k	int ret = 0;
24
25	134k	aobj = X509_ATTRIBUTE_get0_object(a);
26	134k	if (BIO_printf(bp, "%12s", "") <= 0)
27	0	goto err;
28
29	134k	if ((j = i2a_ASN1_OBJECT(bp, aobj)) <= 0)
30	0	goto err;
31
32	134k	count = X509_ATTRIBUTE_count(a);
33	134k	if (count == 0) {
34	174	ERR_raise(ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES);
35	174	goto err;
36	174	}
37
38	134k	if (j < 25 && (BIO_printf(bp, "%*s", 25 - j, " ") <= 0))
39	0	goto err;
40
41	134k	if (BIO_puts(bp, ":") <= 0)
42	0	goto err;
43
44	4.33M	for (i = 0; i < count; i++) {
45	4.20M	const ASN1_TYPE *at;
46	4.20M	int type;
47	4.20M	ASN1_BIT_STRING *bs;
48
49	4.20M	at = X509_ATTRIBUTE_get0_type(a, i);
50	4.20M	type = at->type;
51
52	4.20M	switch (type) {
53	1.16k	case V_ASN1_PRINTABLESTRING:
54	240k	case V_ASN1_T61STRING:
55	856k	case V_ASN1_NUMERICSTRING:
56	858k	case V_ASN1_UTF8STRING:
57	874k	case V_ASN1_IA5STRING:
58	874k	bs = at->value.asn1_string;
59	874k	if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length)
60	0	goto err;
61	874k	if (BIO_puts(bp, "\n") <= 0)
62	0	goto err;
63	874k	break;
64	874k	case V_ASN1_SEQUENCE:
65	57.1k	if (BIO_puts(bp, "\n") <= 0)
66	0	goto err;
67	57.1k	if (ASN1_parse_dump(bp, at->value.sequence->data,
68	57.1k	at->value.sequence->length, i, 1)
69	57.1k	<= 0)
70	697	goto err;
71	56.4k	break;
72	3.27M	default:
73	3.27M	if (BIO_printf(bp, "unable to print attribute of type 0x%X\n",
74	3.27M	type)
75	3.27M	< 0)
76	0	goto err;
77	3.27M	break;
78	4.20M	}
79	4.20M	}
80	133k	ret = 1;
81	134k	err:
82	134k	return ret;
83	133k	}
84
85		int X509_ACERT_print_ex(BIO bp, X509_ACERT x, unsigned long nmflags,
86		unsigned long cflag)
87	16.3k	{
88	16.3k	int i;
89	16.3k	char mlch = ' ';
90
91	16.3k	if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
92	0	mlch = '\n';
93	0	}
94
95	16.3k	if ((cflag & X509_FLAG_NO_HEADER) == 0) {
96	16.3k	if (BIO_printf(bp, "Attribute Certificate:\n") <= 0)
97	0	goto err;
98	16.3k	if (BIO_printf(bp, "%4sData:\n", "") <= 0)
99	0	goto err;
100	16.3k	}
101
102	16.3k	if ((cflag & X509_FLAG_NO_VERSION) == 0) {
103	16.3k	long l;
104
105	16.3k	l = X509_ACERT_get_version(x);
106	16.3k	if (l == X509_ACERT_VERSION_2) {
107	882	if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1,
108	882	(unsigned long)l)
109	882	<= 0)
110	0	goto err;
111	15.4k	} else {
112	15.4k	if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
113	0	goto err;
114	15.4k	}
115	16.3k	}
116
117	16.3k	if ((cflag & X509_FLAG_NO_SERIAL) == 0) {
118	16.3k	const ASN1_INTEGER *serial;
119
120	16.3k	serial = X509_ACERT_get0_serialNumber(x);
121
122	16.3k	if (BIO_printf(bp, "%8sSerial Number: ", "") <= 0)
123	0	goto err;
124
125	16.3k	if (i2a_ASN1_INTEGER(bp, serial) <= 0)
126	0	goto err;
127
128	16.3k	if (BIO_write(bp, "\n", 1) <= 0)
129	0	goto err;
130	16.3k	}
131
132	16.3k	if ((cflag & X509_FLAG_NO_SUBJECT) == 0) {
133	16.3k	const GENERAL_NAMES *holderEntities;
134	16.3k	const OSSL_ISSUER_SERIAL *holder_bcid;
135	16.3k	const X509_NAME *holderIssuer = NULL;
136
137	16.3k	if (BIO_printf(bp, "%8sHolder:\n", "") <= 0)
138	0	goto err;
139
140	16.3k	holderEntities = X509_ACERT_get0_holder_entityName(x);
141	16.3k	if (holderEntities != NULL) {
142	6.30k	for (i = 0; i < sk_GENERAL_NAME_num(holderEntities); i++) {
143	3.86k	GENERAL_NAME *entity;
144
145	3.86k	entity = sk_GENERAL_NAME_value(holderEntities, i);
146
147	3.86k	if (BIO_printf(bp, "%12sName:%c", "", mlch) <= 0)
148	0	goto err;
149	3.86k	if (GENERAL_NAME_print(bp, entity) <= 0)
150	0	goto err;
151	3.86k	if (BIO_write(bp, "\n", 1) <= 0)
152	0	goto err;
153	3.86k	}
154	2.44k	}
155
156	16.3k	if ((holder_bcid = X509_ACERT_get0_holder_baseCertId(x)) != NULL)
157	2.82k	holderIssuer = OSSL_ISSUER_SERIAL_get0_issuer(holder_bcid);
158
159	16.3k	if (holderIssuer != NULL) {
160	1.15k	const ASN1_INTEGER *holder_serial;
161	1.15k	const ASN1_BIT_STRING *iuid;
162
163	1.15k	if (BIO_printf(bp, "%12sIssuer:%c", "", mlch) <= 0)
164	0	goto err;
165
166	1.15k	if (X509_NAME_print_ex(bp, holderIssuer, 0, nmflags) <= 0)
167	0	goto err;
168
169	1.15k	if (BIO_write(bp, "\n", 1) <= 0)
170	0	goto err;
171
172	1.15k	if (BIO_printf(bp, "%12sSerial: ", "") <= 0)
173	0	goto err;
174
175	1.15k	holder_serial = OSSL_ISSUER_SERIAL_get0_serial(holder_bcid);
176
177	1.15k	if (i2a_ASN1_INTEGER(bp, holder_serial) <= 0)
178	0	goto err;
179
180	1.15k	iuid = OSSL_ISSUER_SERIAL_get0_issuerUID(holder_bcid);
181	1.15k	if (iuid != NULL) {
182	1	if (BIO_printf(bp, "%12sIssuer UID: ", "") <= 0)
183	0	goto err;
184	1	if (X509_signature_dump(bp, iuid, 24) <= 0)
185	0	goto err;
186	1	}
187	1.15k	if (BIO_write(bp, "\n", 1) <= 0)
188	0	goto err;
189	1.15k	}
190	16.3k	}
191
192	16.3k	if ((cflag & X509_FLAG_NO_ISSUER) == 0) {
193	16.3k	const X509_NAME *issuer;
194
195	16.3k	if (BIO_printf(bp, "%8sIssuer:%c", "", mlch) <= 0)
196	0	goto err;
197	16.3k	issuer = X509_ACERT_get0_issuerName(x);
198	16.3k	if (issuer) {
199	2.06k	if (X509_NAME_print_ex(bp, issuer, 0, nmflags) < 0)
200	0	goto err;
201	14.2k	} else {
202	14.2k	if (BIO_printf(bp, "Unsupported Issuer Type") <= 0)
203	0	goto err;
204	14.2k	}
205	16.3k	if (BIO_write(bp, "\n", 1) <= 0)
206	0	goto err;
207	16.3k	}
208
209	16.3k	if ((cflag & X509_FLAG_NO_VALIDITY) == 0) {
210	16.3k	if (BIO_printf(bp, "%8sValidity\n", "") <= 0)
211	0	goto err;
212	16.3k	if (BIO_printf(bp, "%12sNot Before: ", "") <= 0)
213	0	goto err;
214	16.3k	if (ASN1_GENERALIZEDTIME_print(bp, X509_ACERT_get0_notBefore(x)) == 0)
215	3.82k	goto err;
216	12.5k	if (BIO_printf(bp, "\n%12sNot After : ", "") <= 0)
217	0	goto err;
218	12.5k	if (ASN1_GENERALIZEDTIME_print(bp, X509_ACERT_get0_notAfter(x)) == 0)
219	431	goto err;
220	12.0k	if (BIO_write(bp, "\n", 1) <= 0)
221	0	goto err;
222	12.0k	}
223
224	12.0k	if ((cflag & X509_FLAG_NO_ATTRIBUTES) == 0) {
225	12.0k	if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
226	0	goto err;
227
228	12.0k	if (X509_ACERT_get_attr_count(x) == 0) {
229	3.18k	if (BIO_printf(bp, "%12s(none)\n", "") <= 0)
230	0	goto err;
231	8.90k	} else {
232	142k	for (i = 0; i < X509_ACERT_get_attr_count(x); i++) {
233	134k	if (print_attribute(bp, X509_ACERT_get_attr(x, i)) == 0)
234	871	goto err;
235	134k	}
236	8.90k	}
237	12.0k	}
238
239	11.2k	if ((cflag & X509_FLAG_NO_EXTENSIONS) == 0) {
240	11.2k	const STACK_OF(X509_EXTENSION) *exts;
241
242	11.2k	exts = X509_ACERT_get0_extensions(x);
243	11.2k	if (exts != NULL) {
244	4.20k	if (BIO_printf(bp, "%8sExtensions:\n", "") <= 0)
245	0	goto err;
246	90.9k	for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
247	86.7k	const ASN1_OBJECT *obj;
248	86.7k	const X509_EXTENSION *ex;
249	86.7k	int critical;
250
251	86.7k	ex = sk_X509_EXTENSION_value(exts, i);
252	86.7k	if (BIO_printf(bp, "%12s", "") <= 0)
253	0	goto err;
254	86.7k	obj = X509_EXTENSION_get_object(ex);
255	86.7k	if (i2a_ASN1_OBJECT(bp, obj) <= 0)
256	0	goto err;
257	86.7k	critical = X509_EXTENSION_get_critical(ex);
258	86.7k	if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
259	0	goto err;
260	86.7k	if (X509V3_EXT_print(bp, ex, cflag, 20) <= 0) {
261	55.5k	if (BIO_printf(bp, "%16s", "") <= 0)
262	0	goto err;
263	55.5k	if (ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)) <= 0)
264	0	goto err;
265	55.5k	}
266	86.7k	if (BIO_write(bp, "\n", 1) <= 0)
267	0	goto err;
268	86.7k	}
269	4.20k	}
270	11.2k	}
271
272	11.2k	if ((cflag & X509_FLAG_NO_SIGDUMP) == 0) {
273	11.2k	const X509_ALGOR *sig_alg;
274	11.2k	const ASN1_BIT_STRING *sig;
275
276	11.2k	X509_ACERT_get0_signature(x, &sig, &sig_alg);
277	11.2k	if (X509_signature_print(bp, sig_alg, sig) <= 0)
278	0	return 0;
279	11.2k	}
280
281	11.2k	return 1;
282
283	5.12k	err:
284	5.12k	ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
285	5.12k	return 0;
286	11.2k	}
287
288		int X509_ACERT_print(BIO bp, X509_ACERT x)
289	16.3k	{
290	16.3k	return X509_ACERT_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
291	16.3k	}