Mercurial > trustbridge

comparison common/logging.c @ 625:2303caf56dbb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add logging function for der data and add logging to NSS installation
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 20 Jun 2014 12:53:16 +0200
parents 5042ace08cba
children 698b6a9bd75e
comparison
equal deleted inserted replaced
624:736e95c63b86 625:2303caf56dbb
160 #endif /* WIN32 */ 160 #endif /* WIN32 */
161 161
162 void 162 void
163 log_certificate(const char* store, char *b64cert, bool install) 163 log_certificate(const char* store, char *b64cert, bool install)
164 { 164 {
165 char subject[MAX_LOG + 1], 165 char *der_data = NULL;
166 *der_data = NULL;
167 size_t der_size = 0; 166 size_t der_size = 0;
167 int ret = 0;
168
169 ret = str_base64_decode (&der_data, &der_size, b64cert, strlen(b64cert));
170
171 if (ret != 0)
172 {
173 ERRORPRINTF ("Error decoding certificate.\n");
174 return;
175 }
176
177 log_certificate_der (store, (unsigned char *) der_data, der_size, install);
178
179 xfree (der_data);
180 }
181
182 void
183 log_certificate_der(const char *store, unsigned char *der_data, size_t der_size, bool install)
184 {
185 char subject[MAX_LOG + 1];
168 int ret = 0, 186 int ret = 0,
169 i = 0; 187 i = 0;
170 x509_crt chain; 188 x509_crt chain;
171 unsigned char sha256sum[32]; 189 unsigned char sha256sum[32];
172 char fingerprint[32 * 3 + 1]; 190 char fingerprint[32 * 3 + 1];
173 191
174 ret = str_base64_decode (&der_data, &der_size, b64cert, strlen(b64cert));
175
176 if (ret != 0)
177 {
178 ERRORPRINTF ("Error decoding certificate.\n");
179 return;
180 }
181
182 x509_crt_init(&chain); 192 x509_crt_init(&chain);
183 if (x509_crt_parse_der(&chain, (const unsigned char *)der_data, 193 if (x509_crt_parse_der(&chain, (const unsigned char *)der_data,
184 der_size) != 0) 194 der_size) != 0)
185 { 195 {
186 ERRORPRINTF("Failed to parse cert.."); 196 ERRORPRINTF("Failed to parse cert..");
187 xfree (der_data);
188 return; 197 return;
189 } 198 }
190 199
191 ret = x509_dn_gets(subject, MAX_LOG, &(chain.subject)); 200 ret = x509_dn_gets(subject, MAX_LOG, &(chain.subject));
192 201
193 if (ret == -1) 202 if (ret == -1)
194 { 203 {
195 ERRORPRINTF("Failed to parse subject.."); 204 ERRORPRINTF("Failed to parse subject..");
196 xfree (der_data);
197 return; 205 return;
198 } 206 }
199 subject[MAX_LOG] = '\0'; 207 subject[MAX_LOG] = '\0';
200 208
201 sha256 (chain.raw.p, chain.raw.len, sha256sum, 0); 209 sha256 (chain.raw.p, chain.raw.len, sha256sum, 0);
202 210
203 for (i = 0; i < 31; i++) 211 for (i = 0; i < 31; i++)
204 { 212 {
205 snprintf (fingerprint + i * 3, 3, "%02X:", sha256sum[i]); 213 snprintf (fingerprint + (i * 3), 4, "%02X:", sha256sum[i]);
206 } 214 }
207 snprintf (fingerprint + 31 * 3, 2, "%02X", sha256sum[31]); 215 snprintf (fingerprint + (31 * 3), 3, "%02X", sha256sum[31]);
208 216
209 fingerprint[32*3] = '\0'; 217 fingerprint[32*3] = '\0';
210 218
211 #ifdef WIN32 219 #ifdef WIN32
212 { 220 {
225 xfree (wstrings[1]); 233 xfree (wstrings[1]);
226 xfree (wstrings[2]); 234 xfree (wstrings[2]);
227 } 235 }
228 #else 236 #else
229 /* Please keep the following line in line with message from events.mc */ 237 /* Please keep the following line in line with message from events.mc */
230 linux_log ("%s of root certificate: %s\nSha256 thumbprint:<%s>.\nCertificate store \"%s\"", 238 syslog_info_printf ("%s of root certificate: %s Sha256 thumbprint:<%s>. Certificate store \"%s\"",
231 install ? "Installation" : "Removal", 239 install ? "Installation" : "Removal",
232 subject, fingerprint, store); 240 subject, fingerprint, store);
233 #endif 241 #endif
234 x509_crt_free (&chain); 242 x509_crt_free (&chain);
235 xfree (der_data);
236 } 243 }
237 244
238 void 245 void
239 syslog_info_printf(const char *format, ...) 246 syslog_info_printf(const char *format, ...)
240 { 247 {
http://wald.intevation.org/projects/trustbridge/