Greenbone Vulnerability Management Libraries 22.32.0
tlsutils.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2009-2023 Greenbone AG
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 */
5
10
11#include "tlsutils.h"
12
13#include <string.h>
14
15#undef G_LOG_DOMAIN
19#define G_LOG_DOMAIN "libgvm util"
20
29gnutls_x509_crt_fmt_t
30gvm_x509_format_from_data (const char *cert_data, size_t cert_len)
31{
32 static const gchar *begin_str = "-----BEGIN ";
33 if (g_strstr_len (cert_data, cert_len, begin_str))
34 return GNUTLS_X509_FMT_PEM;
35 else
36 return GNUTLS_X509_FMT_DER;
37}
38
47int
48gvm_base64_to_gnutls_datum (const char *encoded, gnutls_datum_t *decoded_datum)
49{
50 gnutls_datum_t encoded_datum;
51 decoded_datum->data = NULL;
52 decoded_datum->size = 0;
53 encoded_datum.data = (unsigned char *) encoded;
54 encoded_datum.size = strlen (encoded);
55
56 return gnutls_base64_decode2 (&encoded_datum, decoded_datum);
57}
58
65void
66gvm_x509_cert_list_free (gnutls_x509_crt_t *certs, unsigned int certs_count)
67{
68 if (certs == NULL)
69 return;
70 for (unsigned int i = 0; i < certs_count; i++)
71 gnutls_x509_crt_deinit (certs[i]);
72 gnutls_free (certs);
73}
74
82gchar *
83gvm_x509_privkey_to_pem (gnutls_x509_privkey_t privkey)
84{
85 gchar *pem_str = NULL;
86 int ret;
87 gnutls_datum_t export_datum = {.data = NULL, .size = 0};
88
89 ret =
90 gnutls_x509_privkey_export2 (privkey, GNUTLS_X509_FMT_PEM, &export_datum);
91 if (ret)
92 g_warning ("%s: Error exporting private key: %s", __func__,
93 gnutls_strerror (ret));
94 else
95 pem_str = g_strdup ((const char *) export_datum.data);
96
97 gnutls_free (export_datum.data);
98
99 return pem_str;
100}
101
110gchar *
111gvm_x509_cert_list_to_pem (gnutls_x509_crt_t *certs, unsigned int certs_count)
112{
113 int ret;
114 GString *certs_string = g_string_new ("");
115 for (unsigned int i = 0; i < certs_count; i++)
116 {
117 gnutls_x509_crt_t cert;
118 gnutls_datum_t export_datum = {.data = NULL, .size = 0};
119
120 cert = certs[i];
121 ret = gnutls_x509_crt_export2 (cert, GNUTLS_X509_FMT_PEM, &export_datum);
122 if (ret)
123 {
124 g_warning ("%s: Error exporting certificate: %s", __func__,
125 gnutls_strerror (ret));
126 }
127 else
128 g_string_append_printf (certs_string, "%s\n",
129 (char *) export_datum.data);
130 gnutls_free (export_datum.data);
131 }
132 return g_string_free (certs_string, FALSE);
133}
134
142gchar *
143gvm_x509_crl_to_pem (gnutls_x509_crl_t crl)
144{
145 gchar *crl_str = NULL;
146 int ret;
147 gnutls_datum_t export_datum = {.data = NULL, .size = 0};
148
149 ret = gnutls_x509_crl_export2 (crl, GNUTLS_X509_FMT_PEM, &export_datum);
150 if (ret)
151 {
152 g_warning ("%s: Error exporting CRL: %s", __func__,
153 gnutls_strerror (ret));
154 }
155 else
156 crl_str = g_strdup ((char *) export_datum.data);
157
158 gnutls_free (export_datum.data);
159 return crl_str;
160}
161
174int
175gvm_pkcs12_to_pem (gnutls_pkcs12_t pkcs12, const char *passphrase,
176 gchar **privkey_out, gchar **cert_chain_out,
177 gchar **extra_certs_out, gchar **crl_out)
178{
179 gnutls_x509_privkey_t privkey;
180 gnutls_x509_crt_t *chain_certs, *extra_certs;
181 gnutls_x509_crl_t crl;
182 unsigned int chain_certs_count, extra_certs_count;
183 int ret;
184
185 if (privkey_out)
186 *privkey_out = NULL;
187 if (cert_chain_out)
188 *cert_chain_out = NULL;
189 if (extra_certs_out)
190 *extra_certs_out = NULL;
191 if (crl_out)
192 *crl_out = NULL;
193
194 chain_certs = extra_certs = NULL;
195
196 gnutls_x509_privkey_init (&privkey);
197 gnutls_x509_crl_init (&crl);
198 ret = gnutls_pkcs12_simple_parse (pkcs12, passphrase, &privkey, &chain_certs,
199 &chain_certs_count, &extra_certs,
200 &extra_certs_count, &crl, 0);
201 if (ret != GNUTLS_E_SUCCESS)
202 {
203 gnutls_x509_privkey_deinit (privkey);
204 gnutls_x509_crl_deinit (crl);
205 return ret;
206 }
207
208 if (privkey_out && privkey)
209 *privkey_out = gvm_x509_privkey_to_pem (privkey);
210
211 gnutls_x509_privkey_deinit (privkey);
212
213 if (cert_chain_out && chain_certs_count)
214 *cert_chain_out =
215 gvm_x509_cert_list_to_pem (chain_certs, chain_certs_count);
216
217 if (extra_certs_out && extra_certs_count)
218 *extra_certs_out =
219 gvm_x509_cert_list_to_pem (extra_certs, extra_certs_count);
220
221 if (crl_out && crl)
222 *crl_out = gvm_x509_crl_to_pem (crl);
223
224 gvm_x509_cert_list_free (chain_certs, chain_certs_count);
225 gvm_x509_cert_list_free (extra_certs, extra_certs_count);
226 gnutls_x509_crl_deinit (crl);
227
228 return GNUTLS_E_SUCCESS;
229}
gvm_base64_to_gnutls_datum
int gvm_base64_to_gnutls_datum(const char *encoded, gnutls_datum_t *decoded_datum)
Decode a Base64 string to the contents of a gnutls_datum_t.
Definition tlsutils.c:48
gvm_x509_cert_list_to_pem
gchar * gvm_x509_cert_list_to_pem(gnutls_x509_crt_t *certs, unsigned int certs_count)
Export a GnuTLS x509 cerificate list as a PEM formatted string.
Definition tlsutils.c:111
gvm_x509_crl_to_pem
gchar * gvm_x509_crl_to_pem(gnutls_x509_crl_t crl)
Export a GnuTLS x509 CRL as a PEM formatted string.
Definition tlsutils.c:143
gvm_x509_cert_list_free
void gvm_x509_cert_list_free(gnutls_x509_crt_t *certs, unsigned int certs_count)
Frees a list of X509 certificates.
Definition tlsutils.c:66
gvm_pkcs12_to_pem
int gvm_pkcs12_to_pem(gnutls_pkcs12_t pkcs12, const char *passphrase, gchar **privkey_out, gchar **cert_chain_out, gchar **extra_certs_out, gchar **crl_out)
Convert GnuTLS PKCS12 data to a PEM formatted string.
Definition tlsutils.c:175
gvm_x509_privkey_to_pem
gchar * gvm_x509_privkey_to_pem(gnutls_x509_privkey_t privkey)
Export a GnuTLS x509 private key as a PEM formatted string.
Definition tlsutils.c:83
gvm_x509_format_from_data
gnutls_x509_crt_fmt_t gvm_x509_format_from_data(const char *cert_data, size_t cert_len)
Try to determine the format (DER or PEM) of a x509 certificate.
Definition tlsutils.c:30
tlsutils.h
TLS certificate utilities headers.