2 * certificate.c - ldap version of quipu certificate syntax handler
3 * donated by Eric Rosenquist and BNR
11 #include <ac/socket.h>
12 #include <ac/string.h>
14 #include <quipu/commonarg.h>
15 #include <quipu/attrvalue.h>
16 #include <quipu/ds_error.h>
17 #include <quipu/ds_search.h>
18 #include <quipu/dap2.h>
19 #include <quipu/dua.h>
20 extern sntx_table *get_syntax_table( short int sntx );
21 extern PE asn2pe( char * );
28 ldap_certif_print( PS ps, struct certificate *parm, int format )
30 Debug( LDAP_DEBUG_TRACE, "ldap_certif_print()\n", 0, 0, 0 );
33 * An ldap certificate looks like this:
35 * <certificate> ::= <version> '#' <serial> '#' <signature-algorithm-id>
36 * '#' <issuer> '#' <validity> '#' <subject>
37 * '#' <public-key-info> '#' <encrypted-sign-value>
38 * <version> ::= <integervalue>
39 * <serial> ::= <integervalue>
40 * <signature-algorithm-id> ::= <algorithm-id>
41 * <issuer> ::= an encoded Distinguished Name
42 * <validity> ::= <not-before-time> '#' <not-after-time>
43 * <not-before-time> ::= <utc-time>
44 * <not-after-time> ::= <utc-time>
45 * <algorithm-parameters> ::= <null> | <integervalue> |
46 * '{ASN}' <hex-string>
47 * <subject> ::= an encoded Distinguished Name
48 * <public-key-info> ::= <algorithm-id> '#' <encrypted-sign-value>
49 * <encrypted-sign-value> ::= <hex-string> | <hex-string> '-' <d>
50 * <algorithm-id> ::= <oid> '#' <algorithm-parameters>
51 * <utc-time> ::= an encoded UTCTime value
52 * <hex-string> ::= <hex-digit> | <hex-digit> <hex-string>
55 ps_printf(ps, "%d#%d#", parm->version, parm->serial);
57 ldap_print_algid(ps, &(parm->sig.alg), format);
59 dn_print_real(ps, parm->issuer, format);
62 utcprint(ps, parm->valid.not_before, format);
64 utcprint(ps, parm->valid.not_after, format);
67 dn_print_real(ps, parm->subject, format);
70 ldap_print_algid(ps, &(parm->key.alg), format);
71 print_encrypted(ps, parm->key.value, parm->key.n_bits, format);
73 print_encrypted(ps, parm->sig.encrypted, parm->sig.n_bits, format);
77 ldap_print_algid( PS ps, struct alg_id *parm, int format )
79 ps_printf(ps, "%s#", oid2name (parm->algorithm, OIDPART));
81 switch(parm->p_type) {
83 if(parm->asn != NULLPE)
84 pe_print(ps, parm->asn, format);
87 case ALG_PARM_NUMERIC:
88 if (format == READOUT)
89 ps_printf(ps, "%d#", parm->un.numeric);
91 ps_printf(ps, "%d#", parm->un.numeric);
94 if (format == READOUT)
96 if ((parm->asn->pe_class == PE_CLASS_UNIV)
97 &&(parm->asn->pe_form == PE_FORM_PRIM)
98 &&(parm->asn->pe_id == PE_PRIM_INT))
99 ps_printf(ps, "%d", prim2num(parm->asn));
100 else if ((parm->asn->pe_class == PE_CLASS_UNIV)
101 &&(parm->asn->pe_form == PE_FORM_PRIM)
102 &&(parm->asn->pe_id == PE_PRIM_NULL))
103 ps_printf(ps, "NULL");
113 /* This routine will print a {ASN} prefix */
114 pe_print(ps, parm->asn, format);
121 ldap_str2cert( char *str )
123 struct certificate *result;
127 Debug( LDAP_DEBUG_TRACE, "ldap_str2cert(%s)\n", str, 0, 0 );
129 result = (struct certificate *) calloc(1, sizeof(*result));
132 ptr = strchr(str, '#');
135 parse_error("version not present",NULLCP);
137 return (struct certificate *) 0;
140 result->version = atoi(str);
144 ptr = strchr(str, '#');
147 parse_error("serial number not present",NULLCP);
149 return (struct certificate *) 0;
152 result->serial = atoi(str);
154 /* signature algorithm id - oid */
156 ptr = strchr(str, '#');
159 parse_error("signature algorithm id not present",NULLCP);
161 return (struct certificate *) 0;
164 oid = name2oid(SkipSpace(str));
167 parse_error("Bad algorithm identifier (SIGNED Value)",NULLCP);
169 return (struct certificate *) 0;
171 result->sig.alg.algorithm = oid;
172 result->alg.algorithm = oid_cpy(oid);
174 /* signature algorithm id - parameters */
176 ptr = strchr(str, '#');
179 parse_error("algorithm id parameters not present",NULLCP);
181 return (struct certificate *) 0;
184 ldap_str2alg(str, &(result->sig.alg));
185 ldap_str2alg(str, &(result->alg));
189 ptr = strchr(str, '#');
192 parse_error("Issuer not present",NULLCP);
194 return (struct certificate *) 0;
197 result->issuer = ldap_str2dn(str);
199 /* validity - not before */
201 ptr = strchr(str, '#');
204 parse_error("Start time not present",NULLCP);
206 return (struct certificate *) 0;
209 result->valid.not_before = strdup(str);
211 /* validity - not after */
213 ptr = strchr(str, '#');
216 parse_error("End time not present",NULLCP);
218 return (struct certificate *) 0;
221 result->valid.not_after = strdup(str);
225 ptr = strchr(str, '#');
228 parse_error("Subject not present",NULLCP);
230 return (struct certificate *) 0;
233 result->subject = ldap_str2dn(str);
235 /* public key info - algorithm id - oid */
237 ptr = strchr(str, '#');
240 parse_error("public key info algid oid not present",NULLCP);
242 return (struct certificate *) 0;
245 oid = name2oid(SkipSpace(str));
249 return (struct certificate *) 0;
251 result->key.alg.algorithm = oid;
253 /* public key info - algorithm id - parameters */
255 ptr = strchr(str, '#');
258 parse_error("Parameters not present (SIGNED Value)",NULLCP);
260 return (struct certificate *) 0;
263 ldap_str2alg(str, &(result->key.alg));
265 /* public key info - encrypted sign value */
267 ptr = strchr(str, '#');
270 parse_error("Signature not present",NULLCP);
272 return (struct certificate *) 0;
275 str2encrypted(str, &(result->key.value), &(result->key.n_bits));
277 /* encrypted sign value */
279 str2encrypted(str, &(result->sig.encrypted), &(result->sig.n_bits));
285 ldap_str2alg( char *str, struct alg_id *alg )
287 if ((str == NULLCP) || (*str == '\0'))
290 alg->p_type = ALG_PARM_ABSENT;
292 else if (strncmp(str,"{ASN}", 5) == 0)
294 alg->asn = asn2pe((char*)str+5);
295 alg->p_type = ALG_PARM_UNKNOWN;
297 else if (strncmp(str, "NULL", 4) == 0)
299 alg->asn = asn2pe((char*)"0500");
300 alg->p_type = ALG_PARM_UNKNOWN;
305 alg->p_type = ALG_PARM_NUMERIC;
306 alg->un.numeric = atoi(str);
313 sntx_table *syntax_table;
315 if ((syntax_table = get_syntax_table(ldap_certif_syntax)) != NULL) {
316 syntax_table->s_print = (void *) ldap_certif_print;
317 syntax_table->s_parse = (void *) ldap_str2cert;
319 fprintf(stderr, "error getting sntx table in certif_init()\n");