3 * certificate.c - ldap version of quipu certificate syntax handler
4 * donated by Eric Rosenquist and BNR
12 #include <ac/socket.h>
13 #include <ac/string.h>
15 #include <quipu/commonarg.h>
16 #include <quipu/attrvalue.h>
17 #include <quipu/ds_error.h>
18 #include <quipu/ds_search.h>
19 #include <quipu/dap2.h>
20 #include <quipu/dua.h>
21 extern sntx_table *get_syntax_table( short int sntx );
22 extern PE asn2pe( char * );
29 ldap_certif_print( PS ps, struct certificate *parm, int format )
31 Debug( LDAP_DEBUG_TRACE, "ldap_certif_print()\n", 0, 0, 0 );
34 * An ldap certificate looks like this:
36 * <certificate> ::= <version> '#' <serial> '#' <signature-algorithm-id>
37 * '#' <issuer> '#' <validity> '#' <subject>
38 * '#' <public-key-info> '#' <encrypted-sign-value>
39 * <version> ::= <integervalue>
40 * <serial> ::= <integervalue>
41 * <signature-algorithm-id> ::= <algorithm-id>
42 * <issuer> ::= an encoded Distinguished Name
43 * <validity> ::= <not-before-time> '#' <not-after-time>
44 * <not-before-time> ::= <utc-time>
45 * <not-after-time> ::= <utc-time>
46 * <algorithm-parameters> ::= <null> | <integervalue> |
47 * '{ASN}' <hex-string>
48 * <subject> ::= an encoded Distinguished Name
49 * <public-key-info> ::= <algorithm-id> '#' <encrypted-sign-value>
50 * <encrypted-sign-value> ::= <hex-string> | <hex-string> '-' <d>
51 * <algorithm-id> ::= <oid> '#' <algorithm-parameters>
52 * <utc-time> ::= an encoded UTCTime value
53 * <hex-string> ::= <hex-digit> | <hex-digit> <hex-string>
56 ps_printf(ps, "%d#%d#", parm->version, parm->serial);
58 ldap_print_algid(ps, &(parm->sig.alg), format);
60 dn_print_real(ps, parm->issuer, format);
63 utcprint(ps, parm->valid.not_before, format);
65 utcprint(ps, parm->valid.not_after, format);
68 dn_print_real(ps, parm->subject, format);
71 ldap_print_algid(ps, &(parm->key.alg), format);
72 print_encrypted(ps, parm->key.value, parm->key.n_bits, format);
74 print_encrypted(ps, parm->sig.encrypted, parm->sig.n_bits, format);
78 ldap_print_algid( PS ps, struct alg_id *parm, int format )
80 ps_printf(ps, "%s#", oid2name (parm->algorithm, OIDPART));
82 switch(parm->p_type) {
84 if(parm->asn != NULLPE)
85 pe_print(ps, parm->asn, format);
88 case ALG_PARM_NUMERIC:
89 if (format == READOUT)
90 ps_printf(ps, "%d#", parm->un.numeric);
92 ps_printf(ps, "%d#", parm->un.numeric);
95 if (format == READOUT)
97 if ((parm->asn->pe_class == PE_CLASS_UNIV)
98 &&(parm->asn->pe_form == PE_FORM_PRIM)
99 &&(parm->asn->pe_id == PE_PRIM_INT))
100 ps_printf(ps, "%d", prim2num(parm->asn));
101 else if ((parm->asn->pe_class == PE_CLASS_UNIV)
102 &&(parm->asn->pe_form == PE_FORM_PRIM)
103 &&(parm->asn->pe_id == PE_PRIM_NULL))
104 ps_printf(ps, "NULL");
114 /* This routine will print a {ASN} prefix */
115 pe_print(ps, parm->asn, format);
122 ldap_str2cert( char *str )
124 struct certificate *result;
128 Debug( LDAP_DEBUG_TRACE, "ldap_str2cert(%s)\n", str, 0, 0 );
130 result = (struct certificate *) calloc(1, sizeof(*result));
133 ptr = strchr(str, '#');
136 parse_error("version not present",NULLCP);
138 return (struct certificate *) 0;
141 result->version = atoi(str);
145 ptr = strchr(str, '#');
148 parse_error("serial number not present",NULLCP);
150 return (struct certificate *) 0;
153 result->serial = atoi(str);
155 /* signature algorithm id - oid */
157 ptr = strchr(str, '#');
160 parse_error("signature algorithm id not present",NULLCP);
162 return (struct certificate *) 0;
165 oid = name2oid(SkipSpace(str));
168 parse_error("Bad algorithm identifier (SIGNED Value)",NULLCP);
170 return (struct certificate *) 0;
172 result->sig.alg.algorithm = oid;
173 result->alg.algorithm = oid_cpy(oid);
175 /* signature algorithm id - parameters */
177 ptr = strchr(str, '#');
180 parse_error("algorithm id parameters not present",NULLCP);
182 return (struct certificate *) 0;
185 ldap_str2alg(str, &(result->sig.alg));
186 ldap_str2alg(str, &(result->alg));
190 ptr = strchr(str, '#');
193 parse_error("Issuer not present",NULLCP);
195 return (struct certificate *) 0;
198 result->issuer = ldap_str2dn(str);
200 /* validity - not before */
202 ptr = strchr(str, '#');
205 parse_error("Start time not present",NULLCP);
207 return (struct certificate *) 0;
210 result->valid.not_before = strdup(str);
212 /* validity - not after */
214 ptr = strchr(str, '#');
217 parse_error("End time not present",NULLCP);
219 return (struct certificate *) 0;
222 result->valid.not_after = strdup(str);
226 ptr = strchr(str, '#');
229 parse_error("Subject not present",NULLCP);
231 return (struct certificate *) 0;
234 result->subject = ldap_str2dn(str);
236 /* public key info - algorithm id - oid */
238 ptr = strchr(str, '#');
241 parse_error("public key info algid oid not present",NULLCP);
243 return (struct certificate *) 0;
246 oid = name2oid(SkipSpace(str));
250 return (struct certificate *) 0;
252 result->key.alg.algorithm = oid;
254 /* public key info - algorithm id - parameters */
256 ptr = strchr(str, '#');
259 parse_error("Parameters not present (SIGNED Value)",NULLCP);
261 return (struct certificate *) 0;
264 ldap_str2alg(str, &(result->key.alg));
266 /* public key info - encrypted sign value */
268 ptr = strchr(str, '#');
271 parse_error("Signature not present",NULLCP);
273 return (struct certificate *) 0;
276 str2encrypted(str, &(result->key.value), &(result->key.n_bits));
278 /* encrypted sign value */
280 str2encrypted(str, &(result->sig.encrypted), &(result->sig.n_bits));
286 ldap_str2alg( char *str, struct alg_id *alg )
288 if ((str == NULLCP) || (*str == '\0'))
291 alg->p_type = ALG_PARM_ABSENT;
293 else if (strncmp(str,"{ASN}", 5) == 0)
295 alg->asn = asn2pe((char*)str+5);
296 alg->p_type = ALG_PARM_UNKNOWN;
298 else if (strncmp(str, "NULL", 4) == 0)
300 alg->asn = asn2pe((char*)"0500");
301 alg->p_type = ALG_PARM_UNKNOWN;
306 alg->p_type = ALG_PARM_NUMERIC;
307 alg->un.numeric = atoi(str);
314 sntx_table *syntax_table;
316 if ((syntax_table = get_syntax_table(ldap_certif_syntax)) != NULL) {
317 syntax_table->s_print = (void *) ldap_certif_print;
318 syntax_table->s_parse = (void *) ldap_str2cert;
320 fprintf(stderr, "error getting sntx table in certif_init()\n");