📄 osptnepenroll.c
字号:
unsigned char* certReqBinary = OSPC_OSNULL; /* This will store the length of that binary string: */ unsigned certReqBinaryLen = 0; /* This points to the description of the certificate's structure: */ OSPTASN1ELEMENTINFO* certReqElementInfo = OSPC_OSNULL; /* This is used for linking together all of the ElementInfos into * a tree-like structure and for validating the certificate request: */ OSPTASN1PARSERESULT* certReqParseResults = OSPC_OSNULL; /* This will be the union of the certReqElementInfo and certReqParseResults; * we'll need it for extracting the subjectPublicKeyInfo. */ OSPTASN1OBJECT certReqASN1; /* This points to the description of the public key's structure: */ OSPTASN1ELEMENTINFO* publicKeyInfoElementInfo = OSPC_OSNULL; /* These will be used for validating the structure of the * public key as well: */ OSPTASN1PARSERESULT* publicKeyInfoParseResults = OSPC_OSNULL; OSPM_DBGENTER(( "ENTER: OSPPGetPublicKeyInfoFromCertReq\n" )); /* See if any of the parameters are null: */ if ( ( ospvCertReqB64In == OSPC_OSNULL ) || ( OSPM_STRLEN( (const char *)ospvCertReqB64In) <= 0 ) || ( ospvPublicKeyOut == OSPC_OSNULL ) ) { retVal = OSPC_ERR_ENROLL_INVALID_ARG; if ( ospvCertReqB64In == OSPC_OSNULL ) { OSPM_DBGERRORLOG( retVal, "The cert request is null.\n" ); } else if ( OSPM_STRLEN( (const char *)ospvCertReqB64In ) <= 0 ) { OSPM_DBGERRORLOG( retVal, "The cert request is empty.\n" ); } if ( ospvPublicKeyOut == OSPC_OSNULL ) { OSPM_DBGERRORLOG( retVal, "The public key reference passed in is null.\n" ); } } /* The certificate request should be base64-encoded, so we'll need * to decode it. First, though, create the memory to store it: */ if ( retVal == OSPC_ERR_NO_ERROR ) { certReqB64LenIn = OSPM_STRLEN( (const char *)ospvCertReqB64In ); certReqBinaryLen = 2 * certReqB64LenIn; OSPM_MALLOC( certReqBinary, unsigned char, certReqBinaryLen + 1 ); if ( certReqBinary == OSPC_OSNULL ) { retVal = OSPC_ERR_ENROLL_NO_MEMORY; OSPM_DBGERRORLOG( retVal, "No memory available for the binary certificate request.\n" ); } } /* Now perform the base64 decoding: */ if ( retVal == OSPC_ERR_NO_ERROR ) { OSPM_MEMSET( certReqBinary, 0, certReqBinaryLen + 1 ); retVal = OSPPBase64Decode( (const char *)ospvCertReqB64In, certReqB64LenIn, certReqBinary, &certReqBinaryLen ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to base64-decode the certificate request.\n" ); } else if ( ( OSPM_STRLEN( (const char *)certReqBinary ) <= 0 ) || ( certReqBinaryLen <= 0 ) ) { retVal = OSPC_ERR_B64_DECODE_FAILED; OSPM_DBGERRORLOG( retVal, "Unable to base64-decode the certificate request.\n" ); } } /* Now we'll create a PKCS#10 request object from the ospvCertReqB64In. * If we can't do it, then the request is bad or misformulated and * we'll have to stop the enrollment process, anyway. This doesn't * guarantee that the enrollment server will accept the request, * but it should be a minimal check against what it's expecting, anyway. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPASN1ElementDecode( certReqBinary, &certReqElementInfo, OSPC_ASN1_DATAREFID_CERTREQ ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to decode the certificate request.\n" ); } } /* Now try to parse the contents of the certificate request to ensure * that at least a minimal subset of the required elements exist. If * not, then this function will catch it as it tries to find the * CertReqInfo, then the signatureAlgorithm, and finally the signature. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPASN1ElementParse( certReqElementInfo, OSPEPTID_CERTREQ, OSPC_OSNULL, &certReqParseResults, OSPC_ASN1_DATAREFID_CERTREQ ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to parse the contents of the certificate request.\n" ); } } /* Now parse the certificate request's contents for the * subjectPublicKeyInfo, using the formulation for a PKCS#10 * readily available in the OSP: */ if ( retVal == OSPC_ERR_NO_ERROR ) { certReqASN1.ElementInfo = certReqElementInfo; certReqASN1.ParseResults = certReqParseResults; retVal = OSPPASN1ObjectGetElementByDataRef ( &certReqASN1, &publicKeyInfoElementInfo, OSPEDRID_CERTREQINFO_SUBJPUBKEYINFO ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to find subjectPublicKeyInfo in cert request\n" ); retVal = OSPC_ERR_ENROLL_BAD_CERT_REQ; } } /* Now generate some parse results so that the element information can * be turned into a "complete" OSPTASN1OBJECT: */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = PTPResultsCreate( &publicKeyInfoParseResults, publicKeyInfoElementInfo, OSPEDRID_CERT_SUBJPUBKEYINFO ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to reverse-engineer parse results from the given subjectPublicKeyInfo\n" ); retVal = OSPC_ERR_ENROLL_ASN1_PARSE; } } /* If ( we could finish generating the ASN1 object for the * subjectPublicKeyInfo ) then * o finish the generation of the public key by assigning the * contents we created to the outgoing public key info: */ if ( retVal == OSPC_ERR_NO_ERROR ) { ospvPublicKeyOut->ElementInfo = publicKeyInfoElementInfo; ospvPublicKeyOut->ParseResults = publicKeyInfoParseResults; OSPM_DBGMISC(( "public key content: \n" )); OSPPDumpHex( ospvPublicKeyOut->ElementInfo->Element, ospvPublicKeyOut->ElementInfo->ElementLength ); } /* Else ( we ran into some problems ) so * o delete the publicKeyInfo, element info and parse results we created: */ else { if ( ospvPublicKeyOut != OSPC_OSNULL ) { ospvPublicKeyOut->ElementInfo = OSPC_OSNULL; ospvPublicKeyOut->ParseResults = OSPC_OSNULL; } if ( publicKeyInfoElementInfo != OSPC_OSNULL ) { OSPPASN1ElementDelete( &publicKeyInfoElementInfo, 0 ); } if ( publicKeyInfoParseResults != OSPC_OSNULL ) { PTPResultsDelete( &publicKeyInfoParseResults ); } } /* Delete the element info, since we won't need it any more: */ if ( certReqElementInfo != OSPC_OSNULL ) { OSPPASN1ElementDelete( &certReqElementInfo, 0 ); } /* Else ( the certificate request wasn't successfully parsed into an * ASN1 structure, so it may still be allocated ) so * o free up the memory that it would have pointed to ( if necessary ) */ else { if ( certReqBinary != OSPC_OSNULL ) { OSPM_FREE( certReqBinary ); } } /* Delete the parse results as well: */ if ( certReqParseResults != OSPC_OSNULL ) { PTPResultsDelete( &certReqParseResults ); } OSPM_DBGEXIT(( "EXIT: OSPPGetPublicKeyInfoFromCertReq\n" )); return retVal;} /* * This is for constructing the enrollment request that is sent to the * enrollment server; the output is an OSPTMSGINFO structure that * contains it. * * Input: A pointer to the enrollment parameters and to the MessageInfo that * contains the parameters for the enrollment request. * * Output: The OSPTMSGINFO should contain all of the information necessary * for transmitting a request to the enrollment server. In this case, * the return value will be OSPC_ERR_NO_ERROR. If something * goes wrong, then the return value will be something other than * OSPC_ERR_NO_ERROR. In that case, there is no guarantee about what * the OSPTMSGINFO* structure will contain. */int OSPPConstructEnrollmentRequest ( OSPTENROLLPARAMS* ospvEnrollParamsIn, OSPTMSGINFO* ospvMsgInfoOut){ int retVal = OSPC_ERR_NO_ERROR; /* This is the temporary storage for the enrollment request: */ unsigned char* requestBfr = OSPC_OSNULL; OSPM_DBGENTER(( "OSPPConstructEnrollmentRequest enter\n" )); /* set an error code and complain if there's something wrong with * the input parameters: */ if ( ( ospvEnrollParamsIn == NULL ) || ( ospvMsgInfoOut == NULL ) ) { retVal = OSPC_ERR_ENROLL_INVALID_ARG; OSPM_DBGERRORLOG( retVal, "At least one parameter passed in was null.\n" ); } /* If ( the parameters weren't null ) then * o check the enrollment request parameters for any null or invalid * values first. * o complain if there's something wrong. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPCheckEnrollmentParams( ospvEnrollParamsIn ); if ( retVal != OSPC_ERR_NO_ERROR ) { retVal = OSPC_ERR_ENROLL_INVALID_REQUEST_PARAMS; OSPM_DBGERRORLOG( retVal, "The cert request's construction parameters were invalid.\n" ); } } /* If ( the enrollment parameters are ok ) then * o Create the nonce if necessary. The method for creating this * nonce may not be random enough, so it's advisable to send this * value in on input. We'll free up any memory that was already * created for the nonce if it's not null. * o complain if we couldn't create the nonce. */ if ( retVal == OSPC_ERR_NO_ERROR ) { if ( ( ospvEnrollParamsIn->Nonce == OSPC_OSNULL ) || ( ospvEnrollParamsIn->NonceLen <= 0 ) ) { retVal = OSPPCreateNonce( &(ospvEnrollParamsIn->Nonce), &(ospvEnrollParamsIn->NonceLen), OSPC_ENROLL_NONCE_LEN ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to create nonce for the enrollment request.\n" ); } else if ( ( ospvEnrollParamsIn->Nonce == OSPC_OSNULL ) || ( ospvEnrollParamsIn->NonceLen <= 0 ) ) { retVal = OSPC_ERR_ENROLL_GEN_NONCE; OSPM_DBGERRORLOG( retVal, "Unable to generate nonce.\n" ); } } } /* If ( the enrollment parameters look ok ) then * o generate the body for the enrollment request * o complain if we had problems. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPCreateEnrollmentRequestBody( &requestBfr, ospvEnrollParamsIn ); if ( retVal != OSPC_ERR_NO_ERROR ) { OSPM_DBGERRORLOG( retVal, "Unable to create enrollment request's body.\n" ); } /* check the return values to make sure they're not invalid: */ else if ( ( requestBfr == OSPC_OSNULL ) || ( OSPM_STRLEN( (const char *)requestBfr ) <= 0 ) ) { retVal = OSPC_ERR_ENROLL_CREATE_REQUEST_BODY; OSPM_DBGERRORLOG( retVal, "The request body generated was invalid.\n" ); } } /* IF ( the request body could be generated ) then * o create the enrollment request header. * o complain if we had problems. */ if ( retVal == OSPC_ERR_NO_ERROR ) { retVal = OSPPCreateEnrollmentRequestHeader( ospvMsgInfoOut );⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -