tango-tfe/platform/src/ssl_fetch_cert.cpp

//
// Created by lwp on 2019/10/16.
//

#include "ssl_utils.h"
#include <assert.h>

typedef struct x509_object_st {
	int type;
	union {
		char *ptr;
		X509 *x509;
		X509_CRL *crl;
		EVP_PKEY *pkey;
	} data;
} X509_OBJECT;


// test use http://www.360.cn/
void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) *cert_chain, X509_STORE *trusted_store) {
	// 证书链中的证书下标为 [0, count - 1]，下标为 count - 1 的证书不一定在可信证书列表中
	int count = sk_X509_num(cert_chain);
	printf("------------------ max depth is : %d\n", count);

	// don`t need call X509_LOOKUP_free(lookup)
	X509_LOOKUP *lookup = X509_STORE_add_lookup(trusted_store, X509_LOOKUP_hash_dir());
	if (lookup == NULL) {
		return;
	}

	for (int i = 1; i < count; i++) {
		// don1t need call X509_FREE(cert)
		X509 *cert = sk_X509_value(cert_chain, i);
		assert(cert);

		X509_OBJECT stmp;
		stmp.type = X509_LU_NONE;
		stmp.data.ptr = NULL;
		int result = X509_LOOKUP_by_subject(lookup, X509_LU_X509, X509_get_issuer_name(cert), &stmp);
		char *subj = ssl_x509_subject(cert);
		char *issuer = ssl_x509_issuer(cert);
		if (result) {
			printf("[dep:%d] subject:%s; issure:%s; in_trusted_store:1\n", i, subj, issuer);
			// not use continue, case the intermediate certificate is exist and the root certificate is not exist.
			/* continue; */
		} else {
			printf("[dep:%d] subject:%s; issure:%s; in_trusted_store:0\n", i, subj, issuer);
			char *string = ssl_x509_to_str(cert);
			if (string) {
				// TODO log kafka
				printf("%s\n", string);
				free(string);
			}
		}
		free(subj);
		free(issuer);
	}
}