Skip to content

adjust pkcs12 example to print out list of certificates found #366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

adjust pkcs12 example to print out list of certificates found #366

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ebe9173
adjust pkcs12 example to print out list of certificates found
JacobBarthelmeh Feb 3, 2023
e1e32e5
improvements to example print out
JacobBarthelmeh Feb 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 25 additions & 18 deletions crypto/pkcs12/pkcs12-example.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ int main(int argc, char** argv)
return -1;
}

printf("extracting private key and certificate from PKCS12 (test-servercert.p12)\n");

pkcs12 = wc_PKCS12_new();
if (pkcs12 == NULL) {
printf("issue creating pkcs12 object\n");
Expand All @@ -63,6 +61,7 @@ int main(int argc, char** argv)
else {
file = defaultFile;
}
printf("extracting private key and certificate from PKCS12 (%s)\n", file);

/* open PKCS12 file */
f = fopen(file, "rb");
Expand All @@ -87,42 +86,50 @@ int main(int argc, char** argv)
ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz,
&certDer, &certSz, &list);
printf("return value of parsing pkcs12 = %d %s\n", ret, (ret == 0)? "SUCCESS": "FAIL");
if (ret != 0 || keyDer == NULL || certDer == NULL) {
if (ret != 0) {
printf("\t error parsing pkcs12\n");
wc_PKCS12_free(pkcs12);
return -1;
}

/* print out key and cert found */
printf("HEX of Private Key Read (DER format) :\n");
for (i = 0; i < keySz; i++) {
if (i != 0 && !(i%16)) printf("\n");
printf("%02X", keyDer[i]);
}
printf("\n");

printf("\nHEX of Certificate Read (DER format) :\n");
for (i = 0; i < certSz; i++) {
if (i != 0 && !(i%16)) printf("\n");
printf("%02X", certDer[i]);
}
printf("\n");

if (keyDer != NULL) {
printf("HEX of Private Key Read (DER format) :\n");
for (i = 0; i < keySz; i++) {
if (i != 0 && !(i%16)) printf("\n");
Copy link
Contributor

@tim-weller-wolfssl tim-weller-wolfssl Feb 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A question: I don't see anything explicitly forbidding use of if without brackets in the coding standards (and I know you didn't create this code, just moved it)... There is an implicit mention of using "K&R" style and if as an example... Do we generally allow the "no-bracket" formatting for if statements? .. maybe only when there isn't an else statement?

printf("%02X", keyDer[i]);
}
printf("\n");
XFREE(keyDer, NULL, DYNAMIC_TYPE_PKCS);
}

if (certDer != NULL) {
printf("\nHEX of Certificate Read (DER format) :\n");
for (i = 0; i < certSz; i++) {
if (i != 0 && !(i%16)) printf("\n");
printf("%02X", certDer[i]);
}
printf("\n");
XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS);
}

/* itterate through list if was not passed as null and free each node */
Copy link
Contributor

@tim-weller-wolfssl tim-weller-wolfssl Feb 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest updating comment to mention display of certs in list as code is no longer just freeing each node

if (list != NULL) {
WC_DerCertList* current;
int certIdx = 0;

printf("\nHEX of Certificate LIST (DER format) :\n");
current = list;
while (current != NULL) {
WC_DerCertList* next = current->next;
WC_DerCertList* next;

next = current->next;
Copy link
Contributor

@tim-weller-wolfssl tim-weller-wolfssl Feb 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: there's an extra space between next and =.

if (current->buffer != NULL) {
printf("[CERT %d] :", certIdx++);
for (i = 0; i < current->bufferSz; i++)
printf("%02X", current->buffer[i]);
Copy link
Contributor

@tim-weller-wolfssl tim-weller-wolfssl Feb 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certificate HEX data is printed differently than the data for previous certificates. Specifically, the previous HEX data was displayed in 16-byte rows. The way the certificate list data is currently displayed makes the output look inconsistent, and there might also be some utility to having 16-byte rows, as it's easier to visually parse to a specific location (?).

I'd suggest modifying the certificate list HEX data print logic to match that used for other HEX data. I realize that the [CERT %d] : text printed prior to each certificate will push the first 16-byte row out of alignment with with subsequent rows... I'd suggest adding a newline to the end of the "CERT" text so the first row of HEX data for each certificate starts at column zero.

printf("\n");

XFREE(current->buffer, NULL, DYNAMIC_TYPE_PKCS);
}
XFREE(current, NULL, DYNAMIC_TYPE_PKCS);
Expand Down