diff --git a/certexample b/certexample index d1746d435261cd0a4018b32bfe4e346b2ad4dafd..adcbba2d1dfb87c18b47852663885bcac745763a 100755 Binary files a/certexample and b/certexample differ diff --git a/certexample.c b/certexample.c index b9975030bb566c69550f064270bf3a6c1176fa74..2f40704b1ca1a02a5b346b361bbf1a292ec38f8d 100644 --- a/certexample.c +++ b/certexample.c @@ -15,7 +15,7 @@ #include <assert.h> #include <time.h> #include <openssl/asn1_mac.h> - +#define DEBUG 0 const ASN1_TIME *X509_get0_notBefore(const X509 *x); char** str_split(const char* a_str, const char a_delim); char* concat(char *s1, char *s2); @@ -43,12 +43,11 @@ char *str_slice_to_end(const char *str, int begin); int main(int argc, char **argv){ + int LINE_BUFFER=100; char line[LINE_BUFFER]; - - FILE *csv_input = fopen(concat("./sample_certs/",argv[1]), "r"); + FILE *csv_input = fopen(argv[1], "r"); FILE *csv_output = fopen("output_test.csv" ,"w"); - //for each line in the csv file, process each certificate OpenSSL_add_all_algorithms(); ERR_load_BIO_strings(); @@ -57,7 +56,10 @@ int main(int argc, char **argv){ int n = 0; while (fgets(line, LINE_BUFFER, csv_input) != NULL){ - printf("CSV LINE # %d\n", n); + if(DEBUG){ + printf("CSV LINE # %d\n", n); + } + BIO *certificate_bio = NULL; X509 *cert = NULL; X509_NAME *cert_issuer = NULL; @@ -65,16 +67,18 @@ int main(int argc, char **argv){ STACK_OF(X509_EXTENSION) * ext_list; certificate_bio = BIO_new(BIO_s_file()); //here we are able to access each line - line[strlen(line)-1] = '\0'; + //get rid of newline + line[strlen(line)-1] = '\0'; char **csv_row_elements = str_split(line, ','); - printf("\tFILE: %s\n",csv_row_elements[0]); - printf("\tURL: %s\n",csv_row_elements[1]); - + if(DEBUG){ + printf("\tFILE: %s\n",csv_row_elements[0]); + printf("\tURL: %s\n",csv_row_elements[1]); + } - char *certificate_file = concat("./sample_certs/", csv_row_elements[0]); + char *certificate_file = csv_row_elements[0]; const char *url = csv_row_elements[1]; //for some reason splitting keeps mututating the original string @@ -86,32 +90,30 @@ int main(int argc, char **argv){ fprintf(stderr, "Error in reading cert BIO filename"); exit(EXIT_FAILURE); } - //load certiifcate if (!(cert = PEM_read_bio_X509(certificate_bio, NULL, 0, NULL))){ fprintf(stderr, "Error in loading certificate"); exit(EXIT_FAILURE); } - // printf ("\tBASIC CONSTRAINT: %s\n",get_basic_constraints(cert)); - // printf ("\tBASIC CONSTRAINT VALIDATION: %d\n",validate_basic_constraints(get_basic_constraints(cert))); - // - // // printf ("\tKEY USAGE: %s\n",get_key_usage(cert)); - // printf ("\tKEY USAGE VALIDATION: %d\n",validate_key_usage(get_key_usage(cert))); - // - // // printf ("\tKEY LENGTH BITS: %d\n",get_public_key_length(cert)); - // - // printf ("\tKEY LENGTH VALIDATION: %d\n",validate_key_length(get_public_key_length(cert))); - // - // // printf ("\tNot Before compared to Current: %s\n",compare_not_before(cert)); - // // printf ("\tNot After compared to Current: %s\n",compare_not_after(cert)); - // printf("\tNOT BEFORE VALIDATION %d\n", validate_not_before(cert)); - // printf("\tNOT AFTER VALIDATION %d\n", validate_not_after(cert)); - // // printf ("\tCommon Name: %s\n",get_domain_name(cert)); - // - // printf("\tCOMMON NAME AND SAN VALIDATION %d\n", validate_CN_and_SAN(url, cert)); - // printf ("%d", 0 || 1); - // printf("FINAL VALIDATION %d\n", validate_certificate(url, cert)); - // printf("\t%s\n", unchanged_url); + + if(DEBUG){ + printf ("\tBASIC CONSTRAINT: %s\n",get_basic_constraints(cert)); + printf ("\tBASIC CONSTRAINT VALIDATION: %d\n",validate_basic_constraints(get_basic_constraints(cert))); + printf ("\tKEY USAGE: %s\n",get_key_usage(cert)); + printf ("\tKEY USAGE VALIDATION: %d\n",validate_key_usage(get_key_usage(cert))); + printf ("\tKEY LENGTH BITS: %d\n",get_public_key_length(cert)); + printf ("\tKEY LENGTH VALIDATION: %d\n",validate_key_length(get_public_key_length(cert))); + printf ("\tNot Before compared to Current: %s\n",compare_not_before(cert)); + printf ("\tNot After compared to Current: %s\n",compare_not_after(cert)); + printf("\tNOT BEFORE VALIDATION %d\n", validate_not_before(cert)); + printf("\tNOT AFTER VALIDATION %d\n", validate_not_after(cert)); + printf ("\tCommon Name: %s\n",get_domain_name(cert)); + printf("\tCOMMON NAME AND SAN VALIDATION %d\n", validate_CN_and_SAN(url, cert)); + printf ("%d", 0 || 1); + printf("FINAL VALIDATION %d\n", validate_certificate(url, cert)); + printf("\t%s\n", unchanged_url); + } + fprintf(csv_output,"%s,", csv_row_elements[0]); fprintf(csv_output,"%s,", unchanged_url); fprintf(csv_output,"%d\n", validate_certificate(url, cert)); @@ -376,7 +378,6 @@ int validate_basic_constraints(char* basic_constraints){ } return 0; } - int validate_wildcard_string(const char *hostname, char*hostname_with_wildcard){ @@ -467,7 +468,6 @@ int validate_certificate(const char *url, X509 *cert){ return 0; } } - int find_first_instanceof(const char *str, char delim){ int i; for (i=0;i<=strlen(str);i++){ @@ -478,13 +478,8 @@ int find_first_instanceof(const char *str, char delim){ } return -1; } - - char *str_slice_to_end(const char *str, int begin){ char *tmp = (char *)str; - tmp = (tmp+=begin+1); - - printf("\tSLICE: %s\n",tmp); return tmp; } diff --git a/sample_certs/sample_input.csv b/sample_input.csv similarity index 100% rename from sample_certs/sample_input.csv rename to sample_input.csv diff --git a/sample_certs/sample_input_single.csv b/sample_input_single.csv similarity index 100% rename from sample_certs/sample_input_single.csv rename to sample_input_single.csv diff --git a/sample_certs/sample_output.csv b/sample_output.csv similarity index 100% rename from sample_certs/sample_output.csv rename to sample_output.csv diff --git a/sample_certs/testeight.crt b/testeight.crt similarity index 100% rename from sample_certs/testeight.crt rename to testeight.crt diff --git a/sample_certs/testeleven.crt b/testeleven.crt similarity index 100% rename from sample_certs/testeleven.crt rename to testeleven.crt diff --git a/sample_certs/testfive.crt b/testfive.crt similarity index 100% rename from sample_certs/testfive.crt rename to testfive.crt diff --git a/sample_certs/testfour.crt b/testfour.crt similarity index 100% rename from sample_certs/testfour.crt rename to testfour.crt diff --git a/sample_certs/testnine.crt b/testnine.crt similarity index 100% rename from sample_certs/testnine.crt rename to testnine.crt diff --git a/sample_certs/testone.crt b/testone.crt similarity index 100% rename from sample_certs/testone.crt rename to testone.crt diff --git a/sample_certs/testseven.crt b/testseven.crt similarity index 100% rename from sample_certs/testseven.crt rename to testseven.crt diff --git a/sample_certs/testsix.crt b/testsix.crt similarity index 100% rename from sample_certs/testsix.crt rename to testsix.crt diff --git a/sample_certs/testten.crt b/testten.crt similarity index 100% rename from sample_certs/testten.crt rename to testten.crt diff --git a/sample_certs/testthree.crt b/testthree.crt similarity index 100% rename from sample_certs/testthree.crt rename to testthree.crt diff --git a/sample_certs/testtwo.crt b/testtwo.crt similarity index 100% rename from sample_certs/testtwo.crt rename to testtwo.crt