Hi All
I have some query regarding the serial number of the certificate.
Actually I am trying to get the Serial number of the der encoded certificate
AOL_Member_CA.der. For the better understanding I am attaching my code
I would be very very thankful if anyone could help me out.
Regards
Bhaarat.
#include <glib.h>
#include <stdlib.h>
#include <gck/gck.h>
#include <sys/types.h>
#include <dirent.h>
#include <errno.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/err.h>
struct x509cert_info {
unsigned char subject[256];
int subject_len;
unsigned char issuer[256];
int issuer_len;
unsigned char serialnum[128];
int serialnum_len;
};
//static int find_cert(x509cert_info *, guchar *, gsize *, unsigned char *);
#define PKCS_MODULE "/usr/local/lib/gnome-keyring/gnome-keyring-pkcs11.so"
unsigned char sn[128];
static int i;
gchar *wrt_file = NULL;
gboolean do_list_objects = FALSE;
gboolean do_obj_search = FALSE;
gchar *object_type = NULL;
GckModule *module;
GError *pError = NULL;
struct x509cert_info cert;
guchar*
test_data_read (const gchar *basename, gsize *n_result)
{
GError *error = NULL;
gchar *result;
gchar *file;
file = g_strdup(basename);
if (!g_file_get_contents (file, &result, n_result, &error)) {
printf ("could not read test data file: %s: %s", file, error->message);
g_assert_not_reached ();
}
else
{
printf("\nRead the file successfully\n");
}
g_free (file);
return (guchar*)result;
}
static int parse_certificate(struct x509cert_info *cert,
unsigned char *data, int len)
{
X509 *x;
unsigned char *p;
const unsigned char *pp;
int n;
pp = data;
x = d2i_X509(NULL, &pp, len);
if (!x) {
g_printerr ("OpenSSL error during X509 certificate parsing");
return -1;
}
p = cert->subject;
n = i2d_X509_NAME(x->cert_info->subject, &p);
if (n < 0)
{
g_printerr("OpenSSL error while encoding subject name");
return -1;
}
printf("\nThe Certificate Subject name is %s\n",p);
if (n > (int)sizeof (cert->subject))
{
g_printerr("subject name too long");
return -1;
}
cert->subject_len = n;
p = cert->issuer;
n = i2d_X509_NAME(x->cert_info->issuer, &p);
if (n < 0)
{
g_printerr("OpenSSL error while encoding issuer name");
return -1;
}
if (n > (int)sizeof (cert->issuer))
{
g_printerr("issuer name too long");
return -1;
}
cert->issuer_len = n;
p = cert->serialnum;
n = i2d_ASN1_INTEGER(x->cert_info->serialNumber, &p);
if(i==0)
{
g_print("\nThe certificate serial number is copied in serialnumber\n");
if(g_strlcpy((gchar *)sn, (const gchar *)x->cert_info->serialNumber, sizeof(sn)))
{
i++;
printf("\nSerial number copied successfully %s\n",sn);
}
}
if (n < 0)
{
g_printerr("OpenSSL error while encoding serial number");
return -1;
}
if (n > (int)sizeof (cert->serialnum))
{
g_printerr("serial number too long");
return -1;
}
cert->serialnum_len = n;
return 0;
}
static int find_cert(struct x509cert_info *cert,
unsigned char *data, int len,
unsigned char *sn)
{
X509 *x;
unsigned char *p;
const unsigned char *pp;
int n;
pp = data;
x = d2i_X509(NULL, &pp, len);
if (!x) {
g_printerr ("OpenSSL error during X509 certificate parsing");
return -1;
}
p = cert->subject;
n = i2d_X509_NAME(x->cert_info->subject, &p);
if (n < 0)
{
g_printerr("OpenSSL error while encoding subject name");
return -1;
}
printf("\nThe Certificate Subject name is %s\n",(unsigned char *)x->cert_info->subject);
if (n > (int)sizeof (cert->subject))
{
g_printerr("subject name too long");
return -1;
}
cert->subject_len = n;
p = cert->issuer;
n = i2d_X509_NAME(x->cert_info->issuer, &p);
if (n < 0)
{
g_printerr("OpenSSL error while encoding issuer name");
return -1;
}
if (n > (int)sizeof (cert->issuer))
{
g_printerr("issuer name too long");
return -1;
}
cert->issuer_len = n;
p = cert->serialnum;
n = i2d_ASN1_INTEGER(x->cert_info->serialNumber, &p);
if(!(g_strcmp0((const char *)sn,(const char *)x->cert_info->serialNumber)))
{
g_print("\nThe certificate with serial number found\n");
return 1;
}
if (n < 0)
{
g_printerr("OpenSSL error while encoding serial number");
return -1;
}
if (n > (int)sizeof (cert->serialnum))
{
g_printerr("serial number too long");
return -1;
}
cert->serialnum_len = n;
return 0;
}
int main (int argc, char *argv[])
{
DIR *dip;
struct dirent *dit;
g_type_init ();
module = gck_module_initialize (PKCS_MODULE, NULL, 0, &pError);
gsize cert_len;
guchar *cert_data = test_data_read (argv[1], &cert_len);
if (parse_certificate (&cert, cert_data, cert_len) == -1)
{
g_print ("Faild to parse the certificate: %s\n", wrt_file);
}
g_print ("Certificate Parsed successfully for SERIAL NUMBER!!\n");
if ((dip = opendir(argv[2])) == NULL)
{
perror("opendir");
return 0;
}
/* Traverse the directory and provide the file name to the gck module to read the data */
while ((dit = readdir(dip)) != NULL)
{
printf("\n%s", dit->d_name);
printf("\nOpening directory to read the data\n");
int len = 0;
guchar *data = test_data_read (dit->d_name, &cert_len);
if(find_cert(&cert, (unsigned char *)&data, len, sn))
{
printf("\n The certificate found is %s\n", dit->d_name);
return 1;
}
}
}
