tlsutils.c File Reference
TLS certificate utilities. More...
Include dependency graph for tlsutils.c:
Go to the source code of this file.
Macros | |
| #define | G_LOG_DOMAIN "libgvm util" |
| GLib logging domain. | |
Functions | |
| gnutls_x509_crt_fmt_t | gvm_x509_format_from_data (const char *cert_data, size_t cert_len) |
| Try to determine the format (DER or PEM) of a x509 certificate. | |
| int | gvm_base64_to_gnutls_datum (const char *encoded, gnutls_datum_t *decoded_datum) |
| Decode a Base64 string to the contents of a gnutls_datum_t. | |
| void | gvm_x509_cert_list_free (gnutls_x509_crt_t *certs, unsigned int certs_count) |
| Frees a list of X509 certificates. | |
| gchar * | gvm_x509_privkey_to_pem (gnutls_x509_privkey_t privkey) |
| Export a GnuTLS x509 private key as a PEM formatted string. | |
| gchar * | gvm_x509_cert_list_to_pem (gnutls_x509_crt_t *certs, unsigned int certs_count) |
| Export a GnuTLS x509 cerificate list as a PEM formatted string. | |
| gchar * | gvm_x509_crl_to_pem (gnutls_x509_crl_t crl) |
| Export a GnuTLS x509 CRL as a PEM formatted string. | |
| int | gvm_pkcs12_to_pem (gnutls_pkcs12_t pkcs12, const char *passphrase, gchar **privkey_out, gchar **cert_chain_out, gchar **extra_certs_out, gchar **crl_out) |
| Convert GnuTLS PKCS12 data to a PEM formatted string. | |
Detailed Description
TLS certificate utilities.
Definition in file tlsutils.c.
Macro Definition Documentation
◆ G_LOG_DOMAIN
| #define G_LOG_DOMAIN "libgvm util" |
GLib logging domain.
Definition at line 19 of file tlsutils.c.
Function Documentation
◆ gvm_base64_to_gnutls_datum()
| int gvm_base64_to_gnutls_datum | ( | const char * | encoded, |
| gnutls_datum_t * | decoded_datum ) |
Decode a Base64 string to the contents of a gnutls_datum_t.
- Parameters
-
[in] encoded The Base64 data as a NUL-terminated string [in,out] decoded_datum The datum struct to decode to.
- Returns
- The return code from gnutls_base64_decode2
Definition at line 48 of file tlsutils.c.
49{
50 gnutls_datum_t encoded_datum;
51 decoded_datum->data = NULL;
52 decoded_datum->size = 0;
53 encoded_datum.data = (unsigned char *) encoded;
54 encoded_datum.size = strlen (encoded);
55
56 return gnutls_base64_decode2 (&encoded_datum, decoded_datum);
57}
◆ gvm_pkcs12_to_pem()
| int gvm_pkcs12_to_pem | ( | gnutls_pkcs12_t | pkcs12, |
| const char * | passphrase, | ||
| gchar ** | privkey_out, | ||
| gchar ** | cert_chain_out, | ||
| gchar ** | extra_certs_out, | ||
| gchar ** | crl_out ) |
Convert GnuTLS PKCS12 data to a PEM formatted string.
- Parameters
-
[in] pkcs12 PKCS12 data to get data from [in] passphrase Passphrase to decrypt PKCS12 data [out] privkey_out Optional private key output [out] cert_chain_out Optional certificate chain output [out] extra_certs_out Optional extra certificates output [out] crl_out Optional CRL output
- Returns
- 0 success or a GnuTLS error code if decryption or parsing fails.
Definition at line 175 of file tlsutils.c.
178{
179 gnutls_x509_privkey_t privkey;
180 gnutls_x509_crt_t *chain_certs, *extra_certs;
181 gnutls_x509_crl_t crl;
182 unsigned int chain_certs_count, extra_certs_count;
183 int ret;
184
185 if (privkey_out)
186 *privkey_out = NULL;
187 if (cert_chain_out)
188 *cert_chain_out = NULL;
189 if (extra_certs_out)
190 *extra_certs_out = NULL;
191 if (crl_out)
192 *crl_out = NULL;
193
194 chain_certs = extra_certs = NULL;
195
196 gnutls_x509_privkey_init (&privkey);
197 gnutls_x509_crl_init (&crl);
198 ret = gnutls_pkcs12_simple_parse (pkcs12, passphrase, &privkey, &chain_certs,
199 &chain_certs_count, &extra_certs,
200 &extra_certs_count, &crl, 0);
201 if (ret != GNUTLS_E_SUCCESS)
202 {
203 gnutls_x509_privkey_deinit (privkey);
204 gnutls_x509_crl_deinit (crl);
205 return ret;
206 }
207
208 if (privkey_out && privkey)
209 *privkey_out = gvm_x509_privkey_to_pem (privkey);
210
211 gnutls_x509_privkey_deinit (privkey);
212
213 if (cert_chain_out && chain_certs_count)
214 *cert_chain_out =
215 gvm_x509_cert_list_to_pem (chain_certs, chain_certs_count);
216
217 if (extra_certs_out && extra_certs_count)
218 *extra_certs_out =
219 gvm_x509_cert_list_to_pem (extra_certs, extra_certs_count);
220
221 if (crl_out && crl)
222 *crl_out = gvm_x509_crl_to_pem (crl);
223
224 gvm_x509_cert_list_free (chain_certs, chain_certs_count);
225 gvm_x509_cert_list_free (extra_certs, extra_certs_count);
226 gnutls_x509_crl_deinit (crl);
227
228 return GNUTLS_E_SUCCESS;
229}
gchar * gvm_x509_cert_list_to_pem(gnutls_x509_crt_t *certs, unsigned int certs_count)
Export a GnuTLS x509 cerificate list as a PEM formatted string.
Definition tlsutils.c:111
gchar * gvm_x509_crl_to_pem(gnutls_x509_crl_t crl)
Export a GnuTLS x509 CRL as a PEM formatted string.
Definition tlsutils.c:143
void gvm_x509_cert_list_free(gnutls_x509_crt_t *certs, unsigned int certs_count)
Frees a list of X509 certificates.
Definition tlsutils.c:66
gchar * gvm_x509_privkey_to_pem(gnutls_x509_privkey_t privkey)
Export a GnuTLS x509 private key as a PEM formatted string.
Definition tlsutils.c:83
References gvm_x509_cert_list_free(), gvm_x509_cert_list_to_pem(), gvm_x509_crl_to_pem(), and gvm_x509_privkey_to_pem().
Here is the call graph for this function:
◆ gvm_x509_cert_list_free()
| void gvm_x509_cert_list_free | ( | gnutls_x509_crt_t * | certs, |
| unsigned int | certs_count ) |
Frees a list of X509 certificates.
- Parameters
-
[in] certs The cerificate list to free. [in] certs_count The number of certificates in the list.
Definition at line 66 of file tlsutils.c.
67{
68 if (certs == NULL)
69 return;
70 for (unsigned int i = 0; i < certs_count; i++)
71 gnutls_x509_crt_deinit (certs[i]);
72 gnutls_free (certs);
73}
Referenced by gvm_pkcs12_to_pem().
Here is the caller graph for this function:
◆ gvm_x509_cert_list_to_pem()
| gchar * gvm_x509_cert_list_to_pem | ( | gnutls_x509_crt_t * | certs, |
| unsigned int | certs_count ) |
Export a GnuTLS x509 cerificate list as a PEM formatted string.
- Parameters
-
[in] certs The array of certificates to export [in] certs_count The number of certificates to export
- Returns
- The certificates as a PEM string, or NULL on error.
Definition at line 111 of file tlsutils.c.
112{
113 int ret;
114 GString *certs_string = g_string_new ("");
115 for (unsigned int i = 0; i < certs_count; i++)
116 {
117 gnutls_x509_crt_t cert;
118 gnutls_datum_t export_datum = {.data = NULL, .size = 0};
119
120 cert = certs[i];
121 ret = gnutls_x509_crt_export2 (cert, GNUTLS_X509_FMT_PEM, &export_datum);
122 if (ret)
123 {
124 g_warning ("%s: Error exporting certificate: %s", __func__,
125 gnutls_strerror (ret));
126 }
127 else
128 g_string_append_printf (certs_string, "%s\n",
129 (char *) export_datum.data);
130 gnutls_free (export_datum.data);
131 }
132 return g_string_free (certs_string, FALSE);
133}
Referenced by gvm_pkcs12_to_pem().
Here is the caller graph for this function:
◆ gvm_x509_crl_to_pem()
| gchar * gvm_x509_crl_to_pem | ( | gnutls_x509_crl_t | crl | ) |
Export a GnuTLS x509 CRL as a PEM formatted string.
- Parameters
-
[in] crl The certificate revocation list CRL
- Returns
- The certificates as a PEM string, or NULL on error.
Definition at line 143 of file tlsutils.c.
144{
145 gchar *crl_str = NULL;
146 int ret;
147 gnutls_datum_t export_datum = {.data = NULL, .size = 0};
148
149 ret = gnutls_x509_crl_export2 (crl, GNUTLS_X509_FMT_PEM, &export_datum);
150 if (ret)
151 {
152 g_warning ("%s: Error exporting CRL: %s", __func__,
153 gnutls_strerror (ret));
154 }
155 else
156 crl_str = g_strdup ((char *) export_datum.data);
157
158 gnutls_free (export_datum.data);
159 return crl_str;
160}
Referenced by gvm_pkcs12_to_pem().
Here is the caller graph for this function:
◆ gvm_x509_format_from_data()
| gnutls_x509_crt_fmt_t gvm_x509_format_from_data | ( | const char * | cert_data, |
| size_t | cert_len ) |
Try to determine the format (DER or PEM) of a x509 certificate.
- Parameters
-
[in] cert_data The certificate data. [in] cert_len Length of the certificate data.
- Returns
- The GnuTLS x509 certificate type.
Definition at line 30 of file tlsutils.c.
31{
32 static const gchar *begin_str = "-----BEGIN ";
33 if (g_strstr_len (cert_data, cert_len, begin_str))
34 return GNUTLS_X509_FMT_PEM;
35 else
36 return GNUTLS_X509_FMT_DER;
37}
◆ gvm_x509_privkey_to_pem()
| gchar * gvm_x509_privkey_to_pem | ( | gnutls_x509_privkey_t | privkey | ) |
Export a GnuTLS x509 private key as a PEM formatted string.
- Parameters
-
[in] privkey The private key to export.
- Returns
- The private key as a PEM string, or NULL on error.
Definition at line 83 of file tlsutils.c.
84{
85 gchar *pem_str = NULL;
86 int ret;
87 gnutls_datum_t export_datum = {.data = NULL, .size = 0};
88
89 ret =
90 gnutls_x509_privkey_export2 (privkey, GNUTLS_X509_FMT_PEM, &export_datum);
91 if (ret)
92 g_warning ("%s: Error exporting private key: %s", __func__,
93 gnutls_strerror (ret));
94 else
95 pem_str = g_strdup ((const char *) export_datum.data);
96
97 gnutls_free (export_datum.data);
98
99 return pem_str;
100}
Referenced by gvm_pkcs12_to_pem().
Here is the caller graph for this function:
