Hi All I have some query regarding the serial number of the certificate.
Actually I am trying to get the Serial number of the der encoded certificate AOL_Member_CA.der. For the better understanding I am attaching my code I would be very very thankful if anyone could help me out. Regards Bhaarat.
#include <glib.h> #include <stdlib.h> #include <gck/gck.h> #include <sys/types.h> #include <dirent.h> #include <errno.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/rsa.h> #include <openssl/bn.h> #include <openssl/err.h> struct x509cert_info { unsigned char subject[256]; int subject_len; unsigned char issuer[256]; int issuer_len; unsigned char serialnum[128]; int serialnum_len; }; //static int find_cert(x509cert_info *, guchar *, gsize *, unsigned char *); #define PKCS_MODULE "/usr/local/lib/gnome-keyring/gnome-keyring-pkcs11.so" unsigned char sn[128]; static int i; gchar *wrt_file = NULL; gboolean do_list_objects = FALSE; gboolean do_obj_search = FALSE; gchar *object_type = NULL; GckModule *module; GError *pError = NULL; struct x509cert_info cert; guchar* test_data_read (const gchar *basename, gsize *n_result) { GError *error = NULL; gchar *result; gchar *file; file = g_strdup(basename); if (!g_file_get_contents (file, &result, n_result, &error)) { printf ("could not read test data file: %s: %s", file, error->message); g_assert_not_reached (); } else { printf("\nRead the file successfully\n"); } g_free (file); return (guchar*)result; } static int parse_certificate(struct x509cert_info *cert, unsigned char *data, int len) { X509 *x; unsigned char *p; const unsigned char *pp; int n; pp = data; x = d2i_X509(NULL, &pp, len); if (!x) { g_printerr ("OpenSSL error during X509 certificate parsing"); return -1; } p = cert->subject; n = i2d_X509_NAME(x->cert_info->subject, &p); if (n < 0) { g_printerr("OpenSSL error while encoding subject name"); return -1; } printf("\nThe Certificate Subject name is %s\n",p); if (n > (int)sizeof (cert->subject)) { g_printerr("subject name too long"); return -1; } cert->subject_len = n; p = cert->issuer; n = i2d_X509_NAME(x->cert_info->issuer, &p); if (n < 0) { g_printerr("OpenSSL error while encoding issuer name"); return -1; } if (n > (int)sizeof (cert->issuer)) { g_printerr("issuer name too long"); return -1; } cert->issuer_len = n; p = cert->serialnum; n = i2d_ASN1_INTEGER(x->cert_info->serialNumber, &p); if(i==0) { g_print("\nThe certificate serial number is copied in serialnumber\n"); if(g_strlcpy((gchar *)sn, (const gchar *)x->cert_info->serialNumber, sizeof(sn))) { i++; printf("\nSerial number copied successfully %s\n",sn); } } if (n < 0) { g_printerr("OpenSSL error while encoding serial number"); return -1; } if (n > (int)sizeof (cert->serialnum)) { g_printerr("serial number too long"); return -1; } cert->serialnum_len = n; return 0; } static int find_cert(struct x509cert_info *cert, unsigned char *data, int len, unsigned char *sn) { X509 *x; unsigned char *p; const unsigned char *pp; int n; pp = data; x = d2i_X509(NULL, &pp, len); if (!x) { g_printerr ("OpenSSL error during X509 certificate parsing"); return -1; } p = cert->subject; n = i2d_X509_NAME(x->cert_info->subject, &p); if (n < 0) { g_printerr("OpenSSL error while encoding subject name"); return -1; } printf("\nThe Certificate Subject name is %s\n",(unsigned char *)x->cert_info->subject); if (n > (int)sizeof (cert->subject)) { g_printerr("subject name too long"); return -1; } cert->subject_len = n; p = cert->issuer; n = i2d_X509_NAME(x->cert_info->issuer, &p); if (n < 0) { g_printerr("OpenSSL error while encoding issuer name"); return -1; } if (n > (int)sizeof (cert->issuer)) { g_printerr("issuer name too long"); return -1; } cert->issuer_len = n; p = cert->serialnum; n = i2d_ASN1_INTEGER(x->cert_info->serialNumber, &p); if(!(g_strcmp0((const char *)sn,(const char *)x->cert_info->serialNumber))) { g_print("\nThe certificate with serial number found\n"); return 1; } if (n < 0) { g_printerr("OpenSSL error while encoding serial number"); return -1; } if (n > (int)sizeof (cert->serialnum)) { g_printerr("serial number too long"); return -1; } cert->serialnum_len = n; return 0; } int main (int argc, char *argv[]) { DIR *dip; struct dirent *dit; g_type_init (); module = gck_module_initialize (PKCS_MODULE, NULL, 0, &pError); gsize cert_len; guchar *cert_data = test_data_read (argv[1], &cert_len); if (parse_certificate (&cert, cert_data, cert_len) == -1) { g_print ("Faild to parse the certificate: %s\n", wrt_file); } g_print ("Certificate Parsed successfully for SERIAL NUMBER!!\n"); if ((dip = opendir(argv[2])) == NULL) { perror("opendir"); return 0; } /* Traverse the directory and provide the file name to the gck module to read the data */ while ((dit = readdir(dip)) != NULL) { printf("\n%s", dit->d_name); printf("\nOpening directory to read the data\n"); int len = 0; guchar *data = test_data_read (dit->d_name, &cert_len); if(find_cert(&cert, (unsigned char *)&data, len, sn)) { printf("\n The certificate found is %s\n", dit->d_name); return 1; } } }