Query a certificate object.
Takes a cert identifier as first unnamed argument and a command string as second argument. That command is used to select specific information from the certificate. For certain commands the named argument idx is used as well. Depending on this command the return value may be a number, a string, or an array of strings. Supported commands are:
772 ksba_isotime_t isotime;
783 for (obj = object_list; obj; obj = obj->
next)
805 if (!strcmp (command,
"serial"))
807 const unsigned char *s;
811 sexp = ksba_cert_get_serial (obj->
cert);
816 n = strtoul ((
const char*)s, &endp, 10);
817 s = (
const unsigned char *)endp;
821 retc = make_hexstring (s, n);
825 else if (!strcmp (command,
"issuer"))
827 result = ksba_cert_get_issuer (obj->
cert, cmdidx);
831 retc = get_name (result);
834 else if (!strcmp (command,
"subject"))
836 result = ksba_cert_get_subject (obj->
cert, cmdidx);
840 retc = get_name (result);
843 else if (!strcmp (command,
"not-before"))
845 ksba_cert_get_validity (obj->
cert, 0, isotime);
847 retc->
x.
str_val = g_strdup (isotime);
848 retc->
size = strlen (isotime);
850 else if (!strcmp (command,
"not-after"))
852 ksba_cert_get_validity (obj->
cert, 1, isotime);
854 retc->
x.
str_val = g_strdup (isotime);
855 retc->
size = strlen (isotime);
857 else if (!strcmp (command,
"fpr-sha-256"))
859 retc = get_fingerprint (obj->
cert, GCRY_MD_SHA256);
861 else if (!strcmp (command,
"fpr-sha-1"))
863 retc = get_fingerprint (obj->
cert, GCRY_MD_SHA1);
865 else if (!strcmp (command,
"all"))
869 else if (!strcmp (command,
"hostnames"))
871 retc = build_hostname_list (obj->
cert);
873 else if (!strcmp (command,
"image"))
875 const unsigned char *der;
878 der = ksba_cert_get_image (obj->
cert, &derlen);
883 retc->
x.
str_val = g_malloc0 (derlen);
884 memcpy (retc->
x.
str_val, der, derlen);
887 else if (!strcmp (command,
"algorithm-name"))
889 const char *digest = ksba_cert_get_digest_algo (obj->
cert);
892 const char *
name = get_oid_name (digest);
900 else if (!strcmp (command,
"modulus"))
902 gnutls_datum_t datum, m, e;
903 gnutls_x509_crt_t cert = NULL;
905 datum.data = (
void *) ksba_cert_get_image (obj->
cert, (
size_t *)
909 if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS)
911 if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER)
914 if (gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e) != GNUTLS_E_SUCCESS)
919 retc->
x.
str_val = g_memdup (m.data, m.size);
920 gnutls_free (m.data);
921 gnutls_free (e.data);
922 gnutls_x509_crt_deinit (cert);
924 else if (!strcmp (command,
"exponent"))
926 gnutls_datum_t datum, m, e;
927 gnutls_x509_crt_t cert = NULL;
929 datum.data = (
void *) ksba_cert_get_image (obj->
cert, (
size_t *)
933 if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS)
935 if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER)
938 if (gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e) != GNUTLS_E_SUCCESS)
943 retc->
x.
str_val = g_memdup (e.data, e.size);
944 gnutls_free (m.data);
945 gnutls_free (e.data);
946 gnutls_x509_crt_deinit (cert);
948 else if (!strcmp (command,
"key-size"))
950 gnutls_datum_t datum;
951 gnutls_x509_crt_t cert = NULL;
952 unsigned int bits = 0;
954 datum.data = (
void *) ksba_cert_get_image (obj->
cert, (
size_t *)
958 if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS)
960 if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER)
963 gnutls_x509_crt_get_pk_algorithm (cert, &bits);
964 gnutls_free (datum.data);
965 gnutls_x509_crt_deinit (cert);
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
long int get_int_local_var_by_name(lex_ctxt *, const char *, int)
tree_cell * alloc_typed_cell(int typ)
long int get_int_var_by_num(lex_ctxt *, int, int)
char * get_str_var_by_num(lex_ctxt *, int)
int get_var_type_by_num(lex_ctxt *, int)
Returns NASL variable/cell type, VAR2_UNDEF if value is NULL.