2 * certificate.c - ldap version of quipu certificate syntax handler
3 * donated by Eric Rosenquist and BNR
10 #include <sys/socket.h>
11 #include <netinet/in.h>
12 #include <quipu/commonarg.h>
13 #include <quipu/attrvalue.h>
14 #include <quipu/ds_error.h>
15 #include <quipu/ds_search.h>
16 #include <quipu/dap2.h>
17 #include <quipu/dua.h>
22 int ldap_certif_print( PS ps, struct certificate *parm, int format )
24 Debug( LDAP_DEBUG_TRACE, "ldap_certif_print()\n", 0, 0, 0 );
27 * An ldap certificate looks like this:
29 * <certificate> ::= <version> '#' <serial> '#' <signature-algorithm-id>
30 * '#' <issuer> '#' <validity> '#' <subject>
31 * '#' <public-key-info> '#' <encrypted-sign-value>
32 * <version> ::= <integervalue>
33 * <serial> ::= <integervalue>
34 * <signature-algorithm-id> ::= <algorithm-id>
35 * <issuer> ::= an encoded Distinguished Name
36 * <validity> ::= <not-before-time> '#' <not-after-time>
37 * <not-before-time> ::= <utc-time>
38 * <not-after-time> ::= <utc-time>
39 * <algorithm-parameters> ::= <null> | <integervalue> |
40 * '{ASN}' <hex-string>
41 * <subject> ::= an encoded Distinguished Name
42 * <public-key-info> ::= <algorithm-id> '#' <encrypted-sign-value>
43 * <encrypted-sign-value> ::= <hex-string> | <hex-string> '-' <d>
44 * <algorithm-id> ::= <oid> '#' <algorithm-parameters>
45 * <utc-time> ::= an encoded UTCTime value
46 * <hex-string> ::= <hex-digit> | <hex-digit> <hex-string>
49 ps_printf(ps, "%d#%d#", parm->version, parm->serial);
51 ldap_print_algid(ps, &(parm->sig.alg), format);
53 dn_print_real(ps, parm->issuer, format);
56 utcprint(ps, parm->valid.not_before, format);
58 utcprint(ps, parm->valid.not_after, format);
61 dn_print_real(ps, parm->subject, format);
64 ldap_print_algid(ps, &(parm->key.alg), format);
65 print_encrypted(ps, parm->key.value, parm->key.n_bits, format);
67 print_encrypted(ps, parm->sig.encrypted, parm->sig.n_bits, format);
71 ldap_print_algid( PS ps, struct alg_id *parm, int format )
73 ps_printf(ps, "%s#", oid2name (parm->algorithm, OIDPART));
75 switch(parm->p_type) {
77 if(parm->asn != NULLPE)
78 pe_print(ps, parm->asn, format);
81 case ALG_PARM_NUMERIC:
82 if (format == READOUT)
83 ps_printf(ps, "%d#", parm->un.numeric);
85 ps_printf(ps, "%d#", parm->un.numeric);
88 if (format == READOUT)
90 if ((parm->asn->pe_class == PE_CLASS_UNIV)
91 &&(parm->asn->pe_form == PE_FORM_PRIM)
92 &&(parm->asn->pe_id == PE_PRIM_INT))
93 ps_printf(ps, "%d", prim2num(parm->asn));
94 else if ((parm->asn->pe_class == PE_CLASS_UNIV)
95 &&(parm->asn->pe_form == PE_FORM_PRIM)
96 &&(parm->asn->pe_id == PE_PRIM_NULL))
97 ps_printf(ps, "NULL");
107 /* This routine will print a {ASN} prefix */
108 pe_print(ps, parm->asn, format);
114 struct certificate *ldap_str2cert( char *str )
116 struct certificate *result;
120 Debug( LDAP_DEBUG_TRACE, "ldap_str2cert(%s)\n", str, 0, 0 );
122 result = (struct certificate *) calloc(1, sizeof(*result));
125 ptr = strchr(str, '#');
128 parse_error("version not present",NULLCP);
130 return (struct certificate *) 0;
133 result->version = atoi(str);
137 ptr = strchr(str, '#');
140 parse_error("serial number not present",NULLCP);
142 return (struct certificate *) 0;
145 result->serial = atoi(str);
147 /* signature algorithm id - oid */
149 ptr = strchr(str, '#');
152 parse_error("signature algorithm id not present",NULLCP);
154 return (struct certificate *) 0;
157 oid = name2oid(SkipSpace(str));
160 parse_error("Bad algorithm identifier (SIGNED Value)",NULLCP);
162 return (struct certificate *) 0;
164 result->sig.alg.algorithm = oid;
165 result->alg.algorithm = oid_cpy(oid);
167 /* signature algorithm id - parameters */
169 ptr = strchr(str, '#');
172 parse_error("algorithm id parameters not present",NULLCP);
174 return (struct certificate *) 0;
177 ldap_str2alg(str, &(result->sig.alg));
178 ldap_str2alg(str, &(result->alg));
182 ptr = strchr(str, '#');
185 parse_error("Issuer not present",NULLCP);
187 return (struct certificate *) 0;
190 result->issuer = ldap_str2dn(str);
192 /* validity - not before */
194 ptr = strchr(str, '#');
197 parse_error("Start time not present",NULLCP);
199 return (struct certificate *) 0;
202 result->valid.not_before = strdup(str);
204 /* validity - not after */
206 ptr = strchr(str, '#');
209 parse_error("End time not present",NULLCP);
211 return (struct certificate *) 0;
214 result->valid.not_after = strdup(str);
218 ptr = strchr(str, '#');
221 parse_error("Subject not present",NULLCP);
223 return (struct certificate *) 0;
226 result->subject = ldap_str2dn(str);
228 /* public key info - algorithm id - oid */
230 ptr = strchr(str, '#');
233 parse_error("public key info algid oid not present",NULLCP);
235 return (struct certificate *) 0;
238 oid = name2oid(SkipSpace(str));
242 return (struct certificate *) 0;
244 result->key.alg.algorithm = oid;
246 /* public key info - algorithm id - parameters */
248 ptr = strchr(str, '#');
251 parse_error("Parameters not present (SIGNED Value)",NULLCP);
253 return (struct certificate *) 0;
256 ldap_str2alg(str, &(result->key.alg));
258 /* public key info - encrypted sign value */
260 ptr = strchr(str, '#');
263 parse_error("Signature not present",NULLCP);
265 return (struct certificate *) 0;
268 str2encrypted(str, &(result->key.value), &(result->key.n_bits));
270 /* encrypted sign value */
272 str2encrypted(str, &(result->sig.encrypted), &(result->sig.n_bits));
278 ldap_str2alg( char *str, struct alg_id *alg )
282 if ((str == NULLCP) || (*str == '\0'))
285 alg->p_type = ALG_PARM_ABSENT;
287 else if (strncmp(str,"{ASN}", 5) == 0)
289 alg->asn = asn2pe((char*)str+5);
290 alg->p_type = ALG_PARM_UNKNOWN;
292 else if (strncmp(str, "NULL", 4) == 0)
294 alg->asn = asn2pe((char*)"0500");
295 alg->p_type = ALG_PARM_UNKNOWN;
300 alg->p_type = ALG_PARM_NUMERIC;
301 alg->un.numeric = atoi(str);
307 extern short ldap_certif_syntax;
308 sntx_table *syntax_table;
309 extern sntx_table *get_syntax_table();
311 if (syntax_table = get_syntax_table(ldap_certif_syntax)) {
312 syntax_table->s_print = (void *) ldap_certif_print;
313 syntax_table->s_parse = (void *) ldap_str2cert;
315 fprintf(stderr, "error getting sntx table in certif_init()\n");