📄 osptnepenroll.c
字号:
/**########################################################################*########################################################################*########################################################################* * COPYRIGHT (c) 1998, 1999, 2000 by TransNexus, LLC * * This software contains proprietary and confidential information * of TransNexus, LLC. Except as may be set forth in the license * agreement under which this software is supplied, use, disclosure, * or reproduction is prohibited without the prior, express, written* consent of TransNexus, LLC. * *******#########################################################################*#########################################################################*#########################################################################*/#include "ospmsginfo.h"#include "osp.h"#include "ospssl.h"#include "osputils.h"#include "ospcomm.h"#include "ospsecurity.h"#include "ospb64.h"#include "osptnep.h"#include "osptnepenroll.h"/* * Perform all of the operations for starting up a communications manager, * retrieving a CA certificate, formulating requests, and sending requests. * * Input: a pointer to the enrollment and communications parameters, as * well as a pointer to the certificate that is being requested and * the status of the request. * * Output: The success for creating an enrollment request, starting up the * communications manager, and parsing the response. Note that an * error code will not be generated if the response fails; an error * could be due to the enrollment server, so any failed requests * will be recorded in the ospvEnrollStatusOut parameter. */int OSPPEnroll( OSPTENROLLPARAMS* ospvEnrollParamsIn, OSPTCOMMPARAMS* ospvCommParamsIn, unsigned char** ospvLocalCertOut, unsigned* ospvLocalCertLenOut, unsigned* ospvEnrollStatusOut){ int retVal = OSPC_ERR_NO_ERROR; /* This is for any warnings that may pop up; it should only be * used for errors that occur while cleaning up or other non-fatal errors. */ int warnVal = OSPC_ERR_NO_ERROR; /* This is the structure whose request is transmitted to the enrollment * server and whose Response field is scanned for the response. */ OSPTMSGINFO* enrollMsg = OSPC_OSNULL; /* This is the communications manager that will handle all of the * requests to the enrollment server: */ OSPTCOMM* commMgr = OSPC_OSNULL; /* This is used for comparison against the public key that is returned. */ OSPTASN1OBJECT requestPublicKey; OSPM_DBGENTER(( "ENTER: OSPPEnroll\n" )); /* IF ( the parameters passed in are ok ) then * o proceed with initialization and enrollment... */ if ( ( ospvEnrollParamsIn == OSPC_OSNULL ) || ( ospvLocalCertOut == OSPC_OSNULL ) || ( ospvLocalCertLenOut == OSPC_OSNULL ) || ( ospvEnrollStatusOut == OSPC_OSNULL ) ) { retVal = OSPC_ERR_ENROLL_INVALID_ARG; OSPM_DBGERRORLOG ( retVal, "The parameters passed in for enrollment were invalid. )\n" ); } /* If ( the input parameters were ok ) then * o decode the base64-encoded certificate in the enrollment parameters * o complain if we can't do it */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPBase64DecodeCACert( ospvEnrollParamsIn ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG ( retVal, "Unable to base64-decode the CA certificate passed in.\n" ); } } /* Create the structure that will be used for transmitting the * enrollment request: */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPMsgInfoNew( &enrollMsg ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG ( retVal, "Unable to initialize MessageInfo for enrollment request.\n" ); } } /* If ( the initialization was successful ) then: * - initialize the response message to be empty * - retrieve the subject public key info from the certificate * request ( so that we can compare it to what we receive. ) */ if ( retVal == OSPC_ERR_NO_ERROR ) { enrollMsg->ResponseMsg = OSPC_OSNULL; retVal = OSPPGetPublicKeyInfoFromCertReq( ospvEnrollParamsIn->CertReq, &requestPublicKey ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG ( retVal, "Cannot find public key info in PKCS#10 cert request.\n" ); } } /* Initialize the request for the enrollMsg using the input parameters: */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPConstructEnrollmentRequest( ospvEnrollParamsIn, enrollMsg ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to construct enrollment request for transmission.\n" ); } } /* If ( we could initialize the MsgInfo's Request ) then * o Initialize the comm mgr. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPInitSecureCommMgr( ospvEnrollParamsIn, ospvCommParamsIn, &commMgr ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to initialize secure enrollment communications.\n" ); } } /* If ( there's a comm mgr that works ) then * o try enrolling the device. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPEnrollDevice( commMgr, enrollMsg, &requestPublicKey, ospvEnrollStatusOut, ospvLocalCertOut, ospvLocalCertLenOut ); if ( retVal == OSPC_ERR_NO_ERROR ) { OSPM_DBGMISC(( "Message successfully received from enrollment server.\n" )); if ( *ospvEnrollStatusOut == OSPC_ENROLL_STATUS_OK ) { OSPM_DBGMISC(( "Certificate request successful.\n" )); } else if ( *ospvEnrollStatusOut == OSPC_ENROLL_STATUS_PENDING ) { OSPM_DBGMISC(( "Certificate requeest pending approval.\n" )); } else { OSPM_DBGMISC(( "Request rejected: <%d>\n", *ospvEnrollStatusOut )); } } else { OSPM_DBGERRORLOG( retVal, "Unable to retrieve certificate from enrollment server.\n" ); } } /* Cleanup the comm mgr: */ if ( commMgr != OSPC_OSNULL ) { warnVal = OSPPEnrollCleanupCommMgr( &commMgr ); if ( warnVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGMISC(( "Warning: error while cleaning up comm manager: <%d>\n", warnVal )); } } /* Cleanup the message info: */ if ( enrollMsg != OSPC_OSNULL ) { OSPPMsgInfoDelete( &enrollMsg ); } /* Cleanup the public key info's element info: */ if ( requestPublicKey.ElementInfo != OSPC_OSNULL ) { OSPPASN1ElementDelete( &(requestPublicKey.ElementInfo), 0 ); } /* Now cleanup the public key info's parse results ( which links the * whole ASN1 structure together ): */ if ( requestPublicKey.ParseResults != OSPC_OSNULL ) { PTPResultsDelete( &(requestPublicKey.ParseResults) ); } OSPM_DBGEXIT(( "EXIT: OSPPEnroll\n" )); return retVal;}/* Given the enrollment parameters, base64-decode the CACertB64 parameter * of the enrollment parmaeters and place the binary CA certificate in the * CACert field of the enrollment parameters instead. * * Input: pointer to the enrollment parameters, which should contain a pointer * the base64-encoded CA certificate and its length, as well as pointers * to the binary CA certificate and its length ( which will initially * be NULL and 0. ) * * Output: OSPC_ERR_NO_ERROR is returned if there are no problems, or * a non-OSPC_ERR_NO_ERROR value is returned. If everything is * successful, then the CACertB64 field should be populated as well. */int OSPPBase64DecodeCACert( OSPTENROLLPARAMS* ospvEnrollParamsIn){ int retVal = OSPC_ERR_NO_ERROR; /* The base64-decoded certificate, if it can be determined: */ unsigned char* caCert = OSPC_OSNULL; /* The length of the binary ( base64-decoded ) certificate: */ unsigned caCertLen = 0; /* Check the pointer to the enrollment parameters and the base64-encoded * certificate. If they're not quite right, then set an error code and * complain. */ if ( ( ospvEnrollParamsIn == OSPC_OSNULL ) || ( ospvEnrollParamsIn->CACertB64 == OSPC_OSNULL ) || ( ospvEnrollParamsIn->CACertB64Len <= 0 ) ) { retVal = OSPC_ERR_ENROLL_INVALID_ARG; OSPM_DBGERRORLOG( retVal, "Invalid arguments passed in for decoding the CA certificate.\n" ); } /* If ( the input parameters look ok ) then * o set the maximum length of the output CA certificate to be twice * that of the base64-encoded cert. * o allocate the memory for the binary cert. * o set an error code if we couldn't allocate it. */ if ( retVal == OSPC_ERR_NO_ERROR ) { caCertLen = 2 * ospvEnrollParamsIn->CACertB64Len; OSPM_MALLOC( caCert, unsigned char, caCertLen + 1 ); if ( caCert == OSPC_OSNULL ) { retVal = OSPC_ERR_ENROLL_NO_MEMORY; OSPM_DBGERRORLOG( retVal, "Unable to allocate memory for the CA cert.\n" ); } } /* If ( we could allocate the memory ) then * o initialize its contents * o try base64 decoding the certificate into the newly-allocated memory * o complain if the decoding didn't work. */ if ( retVal == OSPC_ERR_NO_ERROR ) { OSPM_MEMSET( caCert, 0, caCertLen + 1 ); retVal = OSPPBase64Decode( (const char *)ospvEnrollParamsIn->CACertB64, ospvEnrollParamsIn->CACertB64Len, caCert, &caCertLen ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to base64-decode CA cert.\n" ); } } /* Assign the certificates to the outgoing enrollment parameters if * the decoding worked. */ if ( retVal == OSPC_ERR_NO_ERROR ) { ospvEnrollParamsIn->CACert = caCert; ospvEnrollParamsIn->CACertLen = caCertLen; } /* Free up the memory allocated ( if it was allocated ) if anything * went wrong. A better approach might be to allocate fresh memory for * the outgoing CACert and then deallocate the memory for the caCert * regardless of the return value. */ if ( retVal != OSPC_ERR_NO_ERROR ) { if ( caCert != OSPC_OSNULL ) { OSPM_FREE( caCert ); } } return retVal;}/* * Create an enrollment request for requesting or retrieving a certificate, * send the request to the enrollment server ( using the communications * manager passed in ); extract the status and certificate from the * response, validate the certificate, and return the certificate. * * Input: pointer to a communications manager for transmitting the request; * a pointer to a MessageInfo ( OSPTMSGINFO* ) that should contain * the request; a pointer to the subjectPublicKeyInfo of the * request ( for validation ); a pointer to an integer for returning * the status of the request; and a pointer to a (null) string for * returning the certificate. * * Output: *ospvEnrollStatusOut and *ospvCertOut may contain the status * and certificate for the device if everything went ok. That is, * if the enrollment server could be contacted and it serviced the * request, the the status and possibly the certificate should⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -