Sourcecode and documentation for libtasn1-2 version 0.2.10-3sarge1
show bar | Show file versions
Search packages:
| Sourcecode archive home

CrlExample.c

00001 /*
00002  *      Copyright (C) 2000,2001 Fabio Fiorina
00003  *
00004  * This file is part of GNUTLS.
00005  *
00006  * GNUTLS is free software; you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License as published by
00008  * the Free Software Foundation; either version 2 of the License, or
00009  * (at your option) any later version.
00010  *
00011  * GNUTLS is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  * GNU General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU General Public License
00017  * along with this program; if not, write to the Free Software
00018  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
00019  */
00020 
00021 
00022 /*****************************************************/
00023 /* File: CrlExample.c                                */
00024 /* Description: An example on how to use the ASN1    */
00025 /*              parser with the Certificate.txt file */   
00026 /*****************************************************/
00027 
00028 #include <stdio.h>
00029 #include <string.h>
00030 #include <stdlib.h>
00031 #include "libtasn1.h"
00032 
00033 
00034 
00035 char *
00036 my_ltostr(long v,char *str)
00037 {
00038   long d,r;
00039   char temp[20];
00040   int count,k,start;
00041 
00042   if(v<0){
00043     str[0]='-';
00044     start=1;
00045     v=-v;
00046   }
00047   else start=0;
00048 
00049   count=0;
00050   do{
00051     d=v/10;
00052     r=v-d*10;
00053     temp[start+count]='0'+(char)r;
00054     count++;
00055     v=d;
00056   }while(v);
00057 
00058   for(k=0;k<count;k++) str[k+start]=temp[start+count-k-1];
00059   str[count+start]=0;
00060   return str;
00061 }
00062 
00063 
00064 /******************************************************/
00065 /* Function : get_name_type                           */
00066 /* Description: analyze a structure of type Name      */
00067 /* Parameters:                                        */
00068 /*   char *root: the structure identifier             */
00069 /*   char *answer: the string with elements like:     */
00070 /*                 "C=US O=gov"                       */ 
00071 /******************************************************/
00072 void
00073 get_Name_type(node_asn *cert_def,node_asn *cert,char *root, char *answer)
00074 {
00075   int k,k2,result,len;
00076   char name[128],str[1024],str2[1024],name2[128],counter[5],name3[128];
00077   ASN1_TYPE value=ASN1_TYPE_EMPTY;
00078   char errorDescription[MAX_ERROR_DESCRIPTION_SIZE];
00079 
00080   answer[0]=0;
00081   k=1;
00082   do{
00083     strcpy(name,root);
00084     strcat(name,".rdnSequence.?");
00085     my_ltostr(k,counter);
00086     strcat(name,counter);
00087     
00088     len = sizeof(str)-1;
00089     result=asn1_read_value(cert,name,str,&len);
00090     if(result==ASN1_ELEMENT_NOT_FOUND) break;
00091     k2=1;
00092     do{
00093       strcpy(name2,name);
00094       strcat(name2,".?");
00095       my_ltostr(k2,counter);
00096       strcat(name2,counter);
00097       
00098       len = sizeof(str)-1;
00099       result=asn1_read_value(cert,name2,str,&len);
00100       if(result==ASN1_ELEMENT_NOT_FOUND) break;
00101       strcpy(name3,name2);
00102       strcat(name3,".type");
00103       
00104       len = sizeof(str)-1;
00105       result=asn1_read_value(cert,name3,str,&len);
00106       strcpy(name3,name2);
00107       strcat(name3,".value");
00108       if(result==ASN1_SUCCESS){
00109       len = sizeof(str2);
00110       result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-countryName",
00111                     str2,&len);
00112       if(!strcmp(str,str2)){
00113         asn1_create_element(cert_def,"PKIX1Implicit88.X520OrganizationName",
00114                         &value);
00115         len = sizeof(str)-1;
00116         asn1_read_value(cert,name3,str,&len);
00117               result=asn1_der_decoding(&value,str,len,errorDescription);
00118 
00119         len = sizeof(str)-1;
00120         asn1_read_value(value,"",str,&len);  /* CHOICE */     
00121 
00122         strcpy(name3,str);
00123         
00124         len = sizeof(str)-1;
00125         asn1_read_value(value,name3,str,&len);
00126         str[len]=0;
00127         strcat(answer," C=");
00128         strcat(answer,str);
00129 
00130         asn1_delete_structure(&value);
00131       }
00132       else{
00133         len = sizeof(str2);
00134         result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationName"
00135                       ,str2,&len);
00136         if(!strcmp(str,str2)){
00137           asn1_create_element(cert_def,"PKIX1Implicit88.X520OrganizationName"
00138                        ,&value);
00139           
00140           len = sizeof(str)-1;
00141           asn1_read_value(cert,name3,str,&len);   
00142           asn1_der_decoding(&value,str,len,errorDescription);
00143           len = sizeof(str)-1;
00144           asn1_read_value(value,"",str,&len);  /* CHOICE */
00145           strcpy(name3,str);
00146           len = sizeof(str)-1;
00147           asn1_read_value(value,name3,str,&len);
00148           str[len]=0;
00149           strcat(answer," O=");
00150           strcat(answer,str);
00151           asn1_delete_structure(&value);
00152         }
00153         else{
00154           len = sizeof(str2);
00155           result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationalUnitName",str2,&len);
00156           if(!strcmp(str,str2)){
00157             asn1_create_element(cert_def,"PKIX1Implicit88.X520OrganizationalUnitName",&value);
00158             len = sizeof(str)-1;
00159             asn1_read_value(cert,name3,str,&len);
00160             asn1_der_decoding(&value,str,len,errorDescription);
00161             len = sizeof(str)-1;
00162             asn1_read_value(value,"",str,&len);  /* CHOICE */
00163             strcpy(name3,str);
00164             len = sizeof(str)-1;
00165             asn1_read_value(value,name3,str,&len);
00166             str[len]=0;
00167             strcat(answer," OU=");
00168             strcat(answer,str);
00169             asn1_delete_structure(&value);
00170           }
00171         }
00172       }
00173       }
00174       k2++;
00175     }while(1);
00176     k++;
00177   }while(1);
00178 }
00179 
00180 
00181 /******************************************************/
00182 /* Function : create_certificate                      */
00183 /* Description: creates a certificate named           */
00184 /*              "certificate1". Values are the same   */
00185 /*              as in rfc2459 Appendix D.1            */
00186 /* Parameters:                                        */
00187 /*   unsigned char *der: contains the der encoding    */
00188 /*   int *der_len: number of bytes of der string      */ 
00189 /******************************************************/
00190 void
00191 create_CRL(node_asn *cert_def, unsigned char *der,int *der_len)
00192 {
00193   int result,k,len;
00194   unsigned char str[1024],*str2;
00195   ASN1_TYPE crl=ASN1_TYPE_EMPTY;
00196   ASN1_TYPE value=ASN1_TYPE_EMPTY;
00197   char errorDescription[MAX_ERROR_DESCRIPTION_SIZE];
00198   int max_len;
00199 
00200   max_len=*der_len;
00201 
00202   result=asn1_create_element(cert_def,"PKIX1Implicit88.CertificateList",&crl);
00203  
00204   /* Use the next 3 lines to visit the empty certificate */ 
00205   /*  printf("-----------------\n");
00206    asn1_visit_tree(crl,"");   
00207    printf("-----------------\n"); */
00208    
00209 
00210   /* version: v2(1) */  
00211   result=asn1_write_value(crl,"tbsCertList.version","v2",0); 
00212 
00213 
00214   /* signature: dsa-with-sha */
00215   len = sizeof(str)-1;
00216   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-dsa-with-sha1",str,&len);
00217   result=asn1_write_value(crl,"tbsCertList.signature.algorithm",str,1);   
00218   result=asn1_write_value(crl,"tbsCertList.signature.parameters",NULL,0);
00219 
00220 
00221   /* issuer: Country="US" Organization="gov" OrganizationUnit="nist" */
00222   result=asn1_write_value(crl,"tbsCertList.issuer","rdnSequence",1);
00223 
00224   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence","NEW",1);
00225   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST","NEW",1);
00226   /* C */
00227   len = sizeof(str)-1;
00228   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-countryName",str,&len);
00229   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",str,1);
00230   result=asn1_create_element(cert_def,"PKIX1Implicit88.X520countryName",
00231                     &value);
00232   result=asn1_write_value(value,"","US",2);
00233   *der_len=max_len;
00234   result=asn1_der_coding(value,"",der,der_len,errorDescription);
00235 
00236   asn1_delete_structure(&value);
00237   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",der,*der_len);
00238 
00239 
00240   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence","NEW",4);
00241   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST","NEW",4);
00242   /* O */
00243   len = sizeof(str)-1;
00244   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationName",str,&len);
00245   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",str,8);
00246   result=asn1_create_element(cert_def,"PKIX1Implicit88.X520OrganizationName",
00247                     &value);
00248   result=asn1_write_value(value,"","printableString",1);
00249   result=asn1_write_value(value,"printableString","gov",3);
00250   *der_len=max_len;
00251   result=asn1_der_coding(value,"",der,der_len,errorDescription);
00252   asn1_delete_structure(&value);
00253   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",der,*der_len);
00254 
00255 
00256   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence","NEW",1);
00257   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST","NEW",1);
00258   /* OU */
00259   len = sizeof(str)-1;
00260   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationalUnitName",
00261                 str,&len);
00262   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",str,1);
00263   result=asn1_create_element(cert_def,"PKIX1Implicit88.X520OrganizationalUnitName",&value);
00264   result=asn1_write_value(value,"","printableString",1);
00265   result=asn1_write_value(value,"printableString","nist",4);
00266   *der_len=max_len;
00267   result=asn1_der_coding(value,"",der,der_len,errorDescription);
00268   asn1_delete_structure(&value);
00269   result=asn1_write_value(crl,"tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",der,*der_len);
00270 
00271 
00272   /* validity */
00273   result=asn1_write_value(crl,"tbsCertList.thisUpdate","utcTime",1);
00274   result=asn1_write_value(crl,"tbsCertList.thisUpdate.utcTime","970801000000Z",1);
00275 
00276   result=asn1_write_value(crl,"tbsCertList.nextUpdate","utcTime",1);
00277   result=asn1_write_value(crl,"tbsCertList.nextUpdate.utcTime","970808000000Z",1);
00278 
00279 
00280   /* revokedCertificates */
00281   result=asn1_write_value(crl,"tbsCertList.revokedCertificates","NEW",1);
00282   str[0]=18;
00283   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.userCertificate",str,1);
00284   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.revocationDate","utcTime",1);
00285   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.revocationDate.utcTime","970731000000Z",1);
00286 
00287   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions","NEW",1);
00288   len = sizeof(str)-1;
00289   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-ce-cRLReasons",
00290                 str,&len);
00291   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.extnID",str,1); /* reasonCode */
00292   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.critical","FALSE",1); 
00293   str2="\x0a\x01\x01";
00294   result=asn1_write_value(crl,"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.extnValue",str2,3); 
00295 
00296 
00297   /* crlExtensions */
00298   result=asn1_write_value(crl,"tbsCertList.crlExtensions",NULL,0);
00299 
00300 
00301   /* signatureAlgorithm: dsa-with-sha  */
00302   len = sizeof(str)-1;
00303   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-dsa-with-sha1",str,&len);
00304   result=asn1_write_value(crl,"signatureAlgorithm.algorithm",str,1);  
00305   result=asn1_write_value(crl,"signatureAlgorithm.parameters",NULL,0); /* NO OPTION */  
00306 
00307   /* signature */
00308   *der_len=max_len;
00309   result=asn1_der_coding(crl,"tbsCertList",der,der_len,errorDescription);
00310   if(result!=ASN1_SUCCESS){
00311     printf("\n'tbsCertList' encoding creation: ERROR\n");
00312     return;
00313   }
00314 
00315   /* add the lines for the signature on der[0]..der[der_len-1]: result in str2 */
00316   result=asn1_write_value(crl,"signature",str2,46*8);  
00317   
00318 
00319   /* Use the next 3 lines to visit the certificate */
00320   /* printf("-----------------\n");   
00321      asn1_visit_tree(crl,"");  
00322      printf("-----------------\n"); */
00323 
00324   *der_len=max_len;
00325   result=asn1_der_coding(crl,"",der,der_len,errorDescription);
00326   if(result!=ASN1_SUCCESS){
00327     printf("\n'crl1' encoding creation: ERROR\n");
00328     return;
00329   }
00330 
00331   /* Print the 'Certificate1' DER encoding */ 
00332   printf("-----------------\nCrl1 Encoding:\nNumber of bytes=%i\n",*der_len);
00333   for(k=0;k<*der_len;k++) printf("%02x ",der[k]);  
00334   printf("\n-----------------\n");
00335 
00336   /* Clear the "certificate1" structure */
00337   asn1_delete_structure(&crl);
00338 }
00339 
00340 
00341 
00342 /******************************************************/
00343 /* Function : get_certificate                         */
00344 /* Description: creates a certificate named           */
00345 /*              "certificate2" from a der encoding    */
00346 /*              string                                */
00347 /* Parameters:                                        */
00348 /*   unsigned char *der: the encoding string          */
00349 /*   int der_len: number of bytes of der string      */ 
00350 /******************************************************/
00351 void
00352 get_CRL(node_asn *cert_def,unsigned char *der,int der_len)
00353 {
00354   int result,len,start,end;
00355   unsigned char str[1024],str2[1024];
00356   ASN1_TYPE crl2=ASN1_TYPE_EMPTY;
00357   char errorDescription[MAX_ERROR_DESCRIPTION_SIZE];
00358 
00359 
00360   asn1_create_element(cert_def,"PKIX1Implicit88.CertificateList",&crl2);
00361 
00362   result=asn1_der_decoding(&crl2,der,der_len,errorDescription);
00363  
00364   if(result!=ASN1_SUCCESS){
00365     printf("Problems with DER encoding\n");
00366     return;
00367   }
00368    
00369 
00370   /* issuer */
00371   get_Name_type(cert_def,crl2,"tbsCertList.issuer",str);
00372   printf("crl2:\nissuer: %s\n",str);
00373 
00374 
00375   /* Verify sign */
00376   len = sizeof(str)-1;
00377   result=asn1_read_value(crl2,"signatureAlgorithm.algorithm",str,&len);
00378 
00379   result=asn1_read_value(cert_def,"PKIX1Implicit88.id-dsa-with-sha1",str2,&len);
00380   if(!strcmp(str,str2)){  /* dsa-with-sha */
00381 
00382     result=asn1_der_decoding_startEnd(crl2,der,der_len,
00383                        "tbsCertList",&start,&end);
00384 
00385     /* add the lines to calculate the sha on der[start]..der[end] */
00386 
00387     result=asn1_read_value(crl2,"signature",str,&len);
00388 
00389     /* compare the previous value to signature ( with issuer public key) */ 
00390   }
00391 
00392   /* Use the next 3 lines to visit the certificate */
00393   /* printf("-----------------\n");   
00394      asn1_visit_tree(crl2,"");  
00395      printf("-----------------\n"); */
00396 
00397 
00398   /* Clear the "crl2" structure */
00399   asn1_delete_structure(&crl2);
00400 }
00401 
00402 #include "pkix_asn1_tab.c"
00403 
00404 /********************************************************/
00405 /* Function : main                                      */
00406 /* Description: reads the certificate description.      */
00407 /*              Creates a certificate and calculate     */
00408 /*              the der encoding. After that creates    */  
00409 /*              another certificate from der string     */
00410 /********************************************************/
00411 int
00412 main(int argc,char *argv[])
00413 {
00414   int result,der_len;
00415   unsigned char der[1024];
00416   ASN1_TYPE PKIX1Implicit88=ASN1_TYPE_EMPTY;
00417   char errorDescription[MAX_ERROR_DESCRIPTION_SIZE];
00418 
00419   if(1)
00420     result=asn1_array2tree(pkix_asn1_tab,&PKIX1Implicit88,errorDescription);   
00421   else
00422     result=asn1_parser2tree("pkix.asn",&PKIX1Implicit88,errorDescription);
00423 
00424   if(result != ASN1_SUCCESS){
00425     libtasn1_perror(result);
00426     printf("%s\n",errorDescription);
00427     exit(1);
00428   }
00429   
00430   /* Use the following 3 lines to visit the PKIX1Implicit structures */
00431   /* printf("-----------------\n");
00432      asn1_visit_tree(cert_def,"PKIX1Implicit88");   
00433      printf("-----------------\n"); */
00434 
00435   der_len=1024;
00436   create_CRL(PKIX1Implicit88,der,&der_len);
00437 
00438 
00439   get_CRL(PKIX1Implicit88,der,der_len);
00440 
00441   /* Clear the "PKIX1Implicit88" structures */
00442   asn1_delete_structure(&PKIX1Implicit88);
00443 
00444   return 0;
00445 }
00446 
00447 
00448 
00449 
00450 
00451 
00452 
00453 
00454
Generated by  Doxygen 1.5.1