2 * certificate.c - ldap version of quipu certificate syntax handler
3 * donated by Eric Rosenquist and BNR
11 #include <ac/socket.h>
12 #include <ac/string.h>
14 #include <quipu/commonarg.h>
15 #include <quipu/attrvalue.h>
16 #include <quipu/ds_error.h>
17 #include <quipu/ds_search.h>
18 #include <quipu/dap2.h>
19 #include <quipu/dua.h>
25 int ldap_certif_print( PS ps, struct certificate *parm, int format )
27 Debug( LDAP_DEBUG_TRACE, "ldap_certif_print()\n", 0, 0, 0 );
30 * An ldap certificate looks like this:
32 * <certificate> ::= <version> '#' <serial> '#' <signature-algorithm-id>
33 * '#' <issuer> '#' <validity> '#' <subject>
34 * '#' <public-key-info> '#' <encrypted-sign-value>
35 * <version> ::= <integervalue>
36 * <serial> ::= <integervalue>
37 * <signature-algorithm-id> ::= <algorithm-id>
38 * <issuer> ::= an encoded Distinguished Name
39 * <validity> ::= <not-before-time> '#' <not-after-time>
40 * <not-before-time> ::= <utc-time>
41 * <not-after-time> ::= <utc-time>
42 * <algorithm-parameters> ::= <null> | <integervalue> |
43 * '{ASN}' <hex-string>
44 * <subject> ::= an encoded Distinguished Name
45 * <public-key-info> ::= <algorithm-id> '#' <encrypted-sign-value>
46 * <encrypted-sign-value> ::= <hex-string> | <hex-string> '-' <d>
47 * <algorithm-id> ::= <oid> '#' <algorithm-parameters>
48 * <utc-time> ::= an encoded UTCTime value
49 * <hex-string> ::= <hex-digit> | <hex-digit> <hex-string>
52 ps_printf(ps, "%d#%d#", parm->version, parm->serial);
54 ldap_print_algid(ps, &(parm->sig.alg), format);
56 dn_print_real(ps, parm->issuer, format);
59 utcprint(ps, parm->valid.not_before, format);
61 utcprint(ps, parm->valid.not_after, format);
64 dn_print_real(ps, parm->subject, format);
67 ldap_print_algid(ps, &(parm->key.alg), format);
68 print_encrypted(ps, parm->key.value, parm->key.n_bits, format);
70 print_encrypted(ps, parm->sig.encrypted, parm->sig.n_bits, format);
74 ldap_print_algid( PS ps, struct alg_id *parm, int format )
76 ps_printf(ps, "%s#", oid2name (parm->algorithm, OIDPART));
78 switch(parm->p_type) {
80 if(parm->asn != NULLPE)
81 pe_print(ps, parm->asn, format);
84 case ALG_PARM_NUMERIC:
85 if (format == READOUT)
86 ps_printf(ps, "%d#", parm->un.numeric);
88 ps_printf(ps, "%d#", parm->un.numeric);
91 if (format == READOUT)
93 if ((parm->asn->pe_class == PE_CLASS_UNIV)
94 &&(parm->asn->pe_form == PE_FORM_PRIM)
95 &&(parm->asn->pe_id == PE_PRIM_INT))
96 ps_printf(ps, "%d", prim2num(parm->asn));
97 else if ((parm->asn->pe_class == PE_CLASS_UNIV)
98 &&(parm->asn->pe_form == PE_FORM_PRIM)
99 &&(parm->asn->pe_id == PE_PRIM_NULL))
100 ps_printf(ps, "NULL");
110 /* This routine will print a {ASN} prefix */
111 pe_print(ps, parm->asn, format);
117 struct certificate *ldap_str2cert( char *str )
119 struct certificate *result;
123 Debug( LDAP_DEBUG_TRACE, "ldap_str2cert(%s)\n", str, 0, 0 );
125 result = (struct certificate *) calloc(1, sizeof(*result));
128 ptr = strchr(str, '#');
131 parse_error("version not present",NULLCP);
133 return (struct certificate *) 0;
136 result->version = atoi(str);
140 ptr = strchr(str, '#');
143 parse_error("serial number not present",NULLCP);
145 return (struct certificate *) 0;
148 result->serial = atoi(str);
150 /* signature algorithm id - oid */
152 ptr = strchr(str, '#');
155 parse_error("signature algorithm id not present",NULLCP);
157 return (struct certificate *) 0;
160 oid = name2oid(SkipSpace(str));
163 parse_error("Bad algorithm identifier (SIGNED Value)",NULLCP);
165 return (struct certificate *) 0;
167 result->sig.alg.algorithm = oid;
168 result->alg.algorithm = oid_cpy(oid);
170 /* signature algorithm id - parameters */
172 ptr = strchr(str, '#');
175 parse_error("algorithm id parameters not present",NULLCP);
177 return (struct certificate *) 0;
180 ldap_str2alg(str, &(result->sig.alg));
181 ldap_str2alg(str, &(result->alg));
185 ptr = strchr(str, '#');
188 parse_error("Issuer not present",NULLCP);
190 return (struct certificate *) 0;
193 result->issuer = ldap_str2dn(str);
195 /* validity - not before */
197 ptr = strchr(str, '#');
200 parse_error("Start time not present",NULLCP);
202 return (struct certificate *) 0;
205 result->valid.not_before = strdup(str);
207 /* validity - not after */
209 ptr = strchr(str, '#');
212 parse_error("End time not present",NULLCP);
214 return (struct certificate *) 0;
217 result->valid.not_after = strdup(str);
221 ptr = strchr(str, '#');
224 parse_error("Subject not present",NULLCP);
226 return (struct certificate *) 0;
229 result->subject = ldap_str2dn(str);
231 /* public key info - algorithm id - oid */
233 ptr = strchr(str, '#');
236 parse_error("public key info algid oid not present",NULLCP);
238 return (struct certificate *) 0;
241 oid = name2oid(SkipSpace(str));
245 return (struct certificate *) 0;
247 result->key.alg.algorithm = oid;
249 /* public key info - algorithm id - parameters */
251 ptr = strchr(str, '#');
254 parse_error("Parameters not present (SIGNED Value)",NULLCP);
256 return (struct certificate *) 0;
259 ldap_str2alg(str, &(result->key.alg));
261 /* public key info - encrypted sign value */
263 ptr = strchr(str, '#');
266 parse_error("Signature not present",NULLCP);
268 return (struct certificate *) 0;
271 str2encrypted(str, &(result->key.value), &(result->key.n_bits));
273 /* encrypted sign value */
275 str2encrypted(str, &(result->sig.encrypted), &(result->sig.n_bits));
281 ldap_str2alg( char *str, struct alg_id *alg )
285 if ((str == NULLCP) || (*str == '\0'))
288 alg->p_type = ALG_PARM_ABSENT;
290 else if (strncmp(str,"{ASN}", 5) == 0)
292 alg->asn = asn2pe((char*)str+5);
293 alg->p_type = ALG_PARM_UNKNOWN;
295 else if (strncmp(str, "NULL", 4) == 0)
297 alg->asn = asn2pe((char*)"0500");
298 alg->p_type = ALG_PARM_UNKNOWN;
303 alg->p_type = ALG_PARM_NUMERIC;
304 alg->un.numeric = atoi(str);
310 extern short ldap_certif_syntax;
311 sntx_table *syntax_table;
312 extern sntx_table *get_syntax_table( short int sntx );
314 if ((syntax_table = get_syntax_table(ldap_certif_syntax)) != NULL) {
315 syntax_table->s_print = (void *) ldap_certif_print;
316 syntax_table->s_parse = (void *) ldap_str2cert;
318 fprintf(stderr, "error getting sntx table in certif_init()\n");