osptnepenroll.h

mgcp协议源代码。支持多种编码：g711

/*
*########################################################################
*########################################################################
*########################################################################
*                                                               
*   COPYRIGHT (c) 1998, 1999, 2000 by TransNexus, LLC                          
*                                                                    
*   This software contains proprietary and confidential information  
*   of TransNexus, LLC. Except as may be set forth in the license    
*   agreement under which this software is supplied, use, disclosure, 
*   or reproduction is prohibited without the prior, express, written
*   consent of TransNexus, LLC.                                      
*                                     
*
*
*
*
*
*
*#########################################################################
*#########################################################################
*#########################################################################
*/

#include "osposincl.h"
#include "openssl/ssl.h"
/*#include "asn1util.h"*/
#include "bsafe.h"
#include "algae.h"
#include "bswift.h"

/* This is the "operation" parameter that is sent in each request: */
#define OSPC_ENROLL_OPERATION_REQ_PARAM   "operation"

/* These are the possible values of the "operation" parameter: */
#define OSPC_ENROLL_OP_REQUEST_REQ_PARAM  "request"
#define OSPC_ENROLL_OP_RETRIEVE_REQ_PARAM "retrieve"
#define OSPC_ENROLL_OP_CA_CERT_REQ_PARAM  "getcacert"

/* These are the constants that may be returned in a response: */
#define OSPC_ENROLL_CA_CERT_RSP_PARAM     "certificate"

/* These are also the parameters that are sent in each certificate request
 * or retrieval: 
 */
#define OSPC_ENROLL_NONCE_REQ_PARAM       "nonce"
#define OSPC_ENROLL_USERNAME_REQ_PARAM    "username"
#define OSPC_ENROLL_PASSWORD_REQ_PARAM    "password"
#define OSPC_ENROLL_DEVICEID_REQ_PARAM    "device"
#define OSPC_ENROLL_CUSTOMERID_REQ_PARAM  "customer"
#define OSPC_ENROLL_CERT_REQ_PARAM        "request"

#define OSPC_ENROLL_CERT_RSP_PARAM        "cert"
#define OSPC_ENROLL_STATUS_RSP_PARAM      "status"

/* These signify successful and pending certificate requests, respectively: */
#define OSPC_ENROLL_STATUS_OK             0
#define OSPC_ENROLL_STATUS_PENDING        1

/* Denotes the failure of an enrollment request; this may happen even
 * if there aren't any problems with the enrollment client:
 */
#define OSPC_ENROLL_STATUS_FAILURE_DEFAULT 2


/* The possible field delimiters in a URL are an ampersand ( '&' ) and
 * a space, which would indicate some other field. Actually, this is true
 * for any whitespace character.
 */
#define OSPC_ENROLL_FIELD_DELIMITERS      "& "

/* The "normal" field delimiter for a url is an ampersand: */
#define OSPC_ENROLL_FIELD_DELIMITER       "&"

/* This separates names and values in an url. For example, 
 * in http://www.transnexus.com/some_path/enroll?name=value&another_name=x ,
 * the name and value in the HTTP get would be the '='.
 */
#define OSPC_ENROLL_NAME_VALUE_DELIMITER  "="

/* The content type of the message we post to the enrollment server: */
#define OSPC_ENROLL_CONTENT_TYPE          "text/html"

/* What is the maximum length of the request that could be transmitted?
 * This needs to take into account the maximum size of a 
 * RelativeDistinguishedName ( say, 2KB ), the size of a subjectPublicKeyInfo
 * and a signature ( 512 bytes, for 2 2048-bit values ), and the size
 * of the attributes and other cert request chaff ( say, less than 512 bytes ).
 * If we base64-encode this, then we get a max of about 4KB.
 */
#define OSPC_ENROLL_MAX_REQUEST_SIZE      4096

/* How long will the nonce be in bytes? */
#define OSPC_ENROLL_NONCE_LEN             16 

#ifdef __cplusplus
extern "C" 
{
#endif

/* 
 * Given the input parameters for enrollment, setup all of the communications
 * and structures for enrollment and then send a request to the enrollment
 * server. The results should be stored in the ospvEnrollStatusOUt
 * ( failed, pending, or success ) and ospvLocalCertOut ( if the request
 * was successful.
 */
int OSPPEnroll( 
    OSPTENROLLPARAMS* ospvEnrollParamsIn,
    OSPTCOMMPARAMS*   ospvCommParamsIn,
    unsigned char**   ospvLocalCertOut,
    unsigned*         ospvLocalCertLenOut,
    unsigned*         ospvEnrollStatusOut
);

/* Given the enrollment parameters, base64-decode the CACertB64 parameter
 * of the enrollment parmaeters and place the binary CA certificate in the
 * CACert field of the enrollment parameters instead.
 *
 * Input: pointer to the enrollment parameters, which should contain a pointer
 *        the base64-encoded CA certificate and its length, as well as pointers
 *        to the binary CA certificate and its length ( which will initially
 *        be NULL and 0. )
 *
 * Output: OSPC_ERR_NO_ERROR is returned if there are no problems,  or
 *         a non-OSPC_ERR_NO_ERROR value is returned. If everything is
 *         successful, then the CACertB64 field should be populated as well.
 */
int OSPPBase64DecodeCACert(
    OSPTENROLLPARAMS* ospvEnrollParamsIn
);

/*
 * Create an enrollment request for requesting or retrieving a certificate, 
 * send the request to the enrollment server ( using the communications 
 * manager passed in ); extract the status and certificate from the
 * response, validate the certificate, and return the certificate.
 */
int OSPPEnrollDevice (
    OSPTCOMM*       ospvCommMgr,
    OSPTMSGINFO*    ospvEnrollMsg,
    OSPTASN1OBJECT* ospvRequestPublicKeyIn,
    unsigned*       ospvEnrollStatusOut,
    unsigned char** ospvCertOut,
    unsigned*       ospvCertLenOut
);

/*
 * Given a certificate for a device that has been received, validate it
 * against the public key used ( to be added ), the CA certificate that
 * we expected to sign it, and its general construction. The certificate
 * is placed in *ospvCertOut.
 */
int OSPPValidateDeviceCert (
    OSPTSEC*        ospvSecIn,
    OSPTASN1OBJECT* ospvRequestPublicKeyIn,
    unsigned char*  ospvCertB64In,
    unsigned char** ospvCertOut,
    unsigned*       ospvCertLenOut 
);


int OSPPCreateEnrollmentRequestHeader(
    OSPTMSGINFO* ospvEnrollmentReqMsgInfo
);

int OSPPCreateEnrollmentRequestBody(
    unsigned char**   ospvRequestBfrOut,
    OSPTENROLLPARAMS* ospvEnrollParamsIn
);

/* 
 * Create a nonce value that will serve for both stronger encryption ( to
 * eliminate known-ciphertext attacks ) and for preventing flooding at the
 * server. This isn't required by an enrollment server, but it is recommended.
 *
 * Input: references to the nonce's character string and the nonce's length;
 *        both are set on output. 
 *
 * Output: success in generating the nonce: OSPC_ERR_NO_ERROR if successful,
 *         another value otherwise. *ospvNonce should be allocated a block
 *         of memory whose length is specified by ospvNonceLenIn. Note that
 *         existing memory will not be used.
 * 
 */
int OSPPFillBufWithRandomBytes( 
    unsigned char*  ospvNonce,
    unsigned*       ospvNonceLenOut,
    unsigned        ospvNonceLenIn
);

/* Check all of the enrollment parameters for any problems that might cause
 * it to be rejected by an enrollment server. We'll check that the
 * username and password are alphanumeric, that the customer and device ids
 * are numeric, and that the base64-encoded certificate request exists
 * ( the contents of the base64-encoded certificate request are validated 
 * elsewhere. ) We'll get an error if any of these values are empty or null.
 *
 * Input: reference to the enrollment parameters
 *
 * Output: OSPC_ERR_NO_ERROR if all of the parameters are non-null, non-empty,
 *         and have the appropriate type. Otherwise, an error code other
 *         than OSPC_ERR_NO_ERROR will be returned.
 */
int OSPPCheckEnrollmentParams (
    OSPTENROLLPARAMS* ospvEnrollParams
);

/* 
 * Given a pointer to some enrollment parameters, check the validity of each
 * parameter for requesting a certificate. This function returns an error
 * if any of the values are invalid.
 *
 * Input: pointer to an enrollment parameter list; there is only one structure,
 *        and the use of the reference is done for the sake of efficiency.
 *
 * Output: OSPC_ERR_NO_ERROR if all of the parameters can be used in a cert
 *         request; otherwise, an error is returned.
 */
int OSPPCheckEnrollmentRequestParams( 
    OSPTENROLLPARAMS* ospvEnrollParams 
);

/* Given a pointer to a string to write, and a pointer to its length, and
 * the length of a nonce to generate, generate a nonce and place it in the
 * output string and its referenced length. The nonce will be binary, not
 * ASCII.
 *
 * This function will use OSPPFillBufWithRandomBytes, which in turn