doc/tex/ex-x509-info.tex


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

\begin{verbatim}

#include <stdio.h>
#include <stdlib.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>

static const char* bin2hex( const void* bin, size_t bin_size)
{
static char printable[120];
unsigned char *_bin;
char* print;

   print = printable;
   for (i = 0; i < bin_size; i++) {
      sprintf(print, "%.2x ", _bin[i]);
      print += 2;
   }

   return printable;
}

/* This function will print information about this session's peer
 * certificate. 
 */
static void print_x509_certificate_info(gnutls_session session)
{
   char serial[40];
   char dn[128];
   int i;
   size_t size;
   unsigned int algo, bits;
   time_t expiration_time, activation_time;
   const gnutls_datum *cert_list;
   int cert_list_size = 0;
   gnutls_x509_crt cert;

   cert_list = gnutls_certificate_get_peers(session, &cert_list_size);

   if (cert_list_size > 0
       && gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) {

      /* no error checking
       */
      gnutls_x509_crt_init( &cert);

      gnutls_x509_crt_import( cert, &cert_list[0]);

      printf(" - Certificate info:\n");

      expiration_time = gnutls_x509_crt_get_expiration_time( cert);
      activation_time = gnutls_x509_crt_get_activation_time( cert);

      printf(" - Certificate is valid since: %s", ctime(&activation_time));
      printf(" - Certificate expires: %s", ctime(&expiration_time));

      /* Print the serial number of the certificate.
       */
      size = sizeof(serial);
      gnutls_x509_crt_get_serial(cert, serial, &size);

      printf(" - Certificate serial number: %s\n", 
         bin2hex( serial, serial_size));

      /* Extract some of the public key algorithm's parameters
       */
      algo =
          gnutls_x509_crt_get_pk_algorithm(cert, &bits);

      printf("Certificate public key: ");

      if (algo == GNUTLS_PK_RSA) {
         printf("RSA\n");
         printf(" Modulus: %d bits\n", bits);
      } else if (algo == GNUTLS_PK_DSA) {
         printf("DSA\n");
         printf(" Exponent: %d bits\n", bits);
      } else {
         printf("UNKNOWN\n");
      }

      /* Print the version of the X.509 
       * certificate.
       */
      printf(" - Certificate version: #%d\n",
             gnutls_x509_crt_get_version( cert));

      size = sizeof(dn);
      gnutls_x509_crt_get_dn( cert, dn, &size);
      printf(" - DN: %s\n", dn);

      size = sizeof(dn);
      gnutls_x509_crt_get_issuer_dn( cert, dn, &size);
      printf(" - Certificate Issuer's DN: %s\n", dn);

      gnutls_x509_crt_deinit( cert);

   }
}

\end{verbatim}