ASN.1 Decoder UNIX Code Post: 302888614

Sponsored Content

Top Forums Programming ASN.1 Decoder UNIX Code Post 302888614 by fpmurphy on Sunday 16th of February 2014 01:15:15 AM

02-16-2014

Registered User

Given your apparent difficulties following my GNU_EFI ASN.1 X.509 parser code, here is an example of another way to parse X509 .pem files using the OpenSSL development library.

Code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>

#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>


int 
main(int argc, char *argv[])
{
    FILE *fp = NULL;
    char *filename;
    struct stat fstat;

    if (argc != 2) {
        fprintf(stdout, "ERROR - No filename provided\n");
        exit(1);
    }

    filename = argv[1];

    if ((stat(filename, &fstat) != 0) || (fp = fopen(filename, "r")) == NULL) {
        fprintf(stdout, "ERROR - File could not be opened\n");
        exit(1);
    }

    // parse certificate
    X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
    if (!cert) {
        fprintf(stderr, "ERROR - Unable to parse certificate\n");
        fclose(fp);
        exit(1);
    }
    
    // version number
    int version = ((int) X509_get_version(cert)) + 1;
    printf("Version: %d\n", version);

    // serial number
    ASN1_INTEGER *serial = X509_get_serialNumber(cert);
    
    BIGNUM *bn = ASN1_INTEGER_to_BN(serial, NULL);
    if (!bn) {
        fprintf(stderr, "ERROR - Unable to convert ASN1INTEGER to BN\n");
        exit(1);
    }
    
    char *tmp = BN_bn2dec(bn);
    if (!tmp) {
        fprintf(stderr, "ERROR - Unable to convert BN to decimal string\n");
        BN_free(bn);
        exit(1);
    }
    
    printf("Serial Number: %s\n", tmp);

    BN_free(bn);
    OPENSSL_free(tmp);

    // subject
    tmp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
    printf("Subject: %s\n", tmp);
    OPENSSL_free(tmp);

    // issuer
    tmp = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
    printf("Issuer: %s\n", tmp);
    OPENSSL_free(tmp);

    // signature algorithm
    int pkey_nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
    if (pkey_nid == NID_undef) {
        fprintf(stderr, "ERROR - Signature algorithm name\n");
        exit(1);
    }

    const char* buf  = OBJ_nid2ln(pkey_nid);
    printf("Algorithm: %s\n", buf);

    X509_free(cert);
    fclose(fp);
}

This User Gave Thanks to fpmurphy For This Post:

fpmurphy

View Public Profile for fpmurphy

Find all posts by fpmurphy

4 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

core file decoder needed

All, Remotely logged in to the UNIX server (HP B1000 Visual Server) (Version HP-UX 10.20) by using the program Xapplauncher. This is a application runs under Exceed. (Exceed "version 6.1" is a Windows application to communicate with UNIX servers) With no pre warnings the application was...

2. Programming

ASN.1 decoder

Hi All, I am fairly new to this so please forgive me, Currently I have an ASN.1 which I would like the ability to load this to my work server in order to enter a string of output decode and display the output. There are methods online as shown on ASN.1 JavaScript decoder however I have...

3. Solaris

ASN Binary to ASCII

Dears, I need help to convert the binary file into ASCII format. Actually we have CDRs which is generated by telecom switch at this is in ASN1 format or binary format, I need to convert those binary formatted file into ASCII format using Perl, or shell scripting. Is there any way to solve...

4. UNIX for Advanced & Expert Users

Python Programming for ASN.1 file

Hi. Has anyone here got an experience doing conversion from asn1 format to a readable format so that it can be processed by Oracle? I want to load the data into a table. This is a CDR file. Attached is the pairing file. Please remove the .txt at the end. Someone said that it is possible...

LEARN ABOUT CENTOS

ne_ssl_cert_signedby

NE_SSL_CERT_IDENTITY(3) 					neon API reference					   NE_SSL_CERT_IDENTITY(3)

NAME

       ne_ssl_cert_identity, ne_ssl_cert_signedby, ne_ssl_cert_issuer, ne_ssl_cert_subject - functions to access certificate properties

SYNOPSIS

       #include <ne_ssl.h>

       const char *ne_ssl_cert_identity(const ne_ssl_certificate *cert);

       const ne_ssl_certificate *ne_ssl_cert_signedby(const ne_ssl_certificate *cert);

       const ne_ssl_dname *ne_ssl_cert_subject(const ne_ssl_certificate *cert);

       const ne_ssl_dname *ne_ssl_cert_issuer(const ne_ssl_certificate *cert);

DESCRIPTION

       The function ne_ssl_cert_identity retrieves the "identity" of a certificate; for an SSL server certificate, this will be the hostname for
       which the certificate was issued. In PKI parlance, the identity is the common name attribute of the distinguished name of the certificate
       subject.

       The functions ne_ssl_cert_subject and ne_ssl_cert_issuer can be used to access the objects representing the distinguished name of the
       subject and of the issuer of a certificate, respectively.

       If a certificate object is part of a certificate chain, then ne_ssl_cert_signedby can be used to find the certificate which signed a
       particular certificate. For a self-signed certificate or a certificate for which the full chain is not available, this function will return
       NULL.

RETURN VALUE

       ne_ssl_cert_issuer and ne_ssl_cert_subject are guaranteed to never return NULL.	ne_ssl_cert_identity may return NULL if the certificate
       has no specific "identity".  ne_ssl_cert_signedby may return NULL as covered above.

EXAMPLES

       The following function could be used to display information about a given certificate:

	   void dump_cert(const ne_ssl_certificate *cert) {
	     const char *id = ne_ssl_cert_identity(cert);
	     char *dn;

	     if (id)
	       printf("Certificate was issued for '%s'.
", id);

	     dn = ne_ssl_readable_dname(ne_ssl_cert_subject(cert));
	     printf("Subject: %s
", dn);
	     free(dn);

	     dn = ne_ssl_readable_dname(ne_ssl_cert_issuer(cert));
	     printf("Issuer: %s
", dn);
	     free(dn);
	   }

SEE ALSO

       ne_ssl_cert_cmp, ne_ssl_readable_dname

AUTHOR

       Joe Orton <neon@lists.manyfish.co.uk>
	   Author.

COPYRIGHT

neon 0.30.0							   31 July 2013 					   NE_SSL_CERT_IDENTITY(3)