osptnepinit.c

mgcp协议源代码。支持多种编码：g711

            OSPM_DBGERRORLOG( 
                retVal, 
                "Unable to create CA retrieval request." );
        }
    }

    /* If ( the request could be created ) then
     *  o set the request message and its size for the MessageInfo:
     *  o add the MessageInfo to the queue; the request should be 
     *    transmitted to the enrollment server and a request received.
     *  o if ( sending the request failed ) then write an error message.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        certReqMsg->RequestMsg = caRequest;
        certReqMsg->RequestSz = OSPM_STRLEN( (const char *)caRequest );
        OSPM_STRCPY( (char *)(certReqMsg->ContentType) , OSPC_COMM_TEXT_MSG ); 

        OSPM_DBGMISC(( 
            "request msg: <%s>, <%d>\n", 
            certReqMsg->RequestMsg, certReqMsg->RequestSz ));

        retVal = OSPPCommAddTransaction( caCommMgr, certReqMsg ); 

        if ( retVal != OSPC_ERR_NO_ERROR )
        {
            OSPM_DBGERRORLOG( 
                retVal,
                 "Unable to retrieve CA certificate." );
        }
    }

    /* If ( sending the request was successful ) then
     *  o Get the CA certificate out of the response.
     *  o if ( there were problems getting it out ) then
     *      - print an error.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        if ( certReqMsg->ResponseMsg == OSPC_OSNULL )
        {
            retVal = OSPC_ERR_ENROLL_INVALID_RESPONSE;
            OSPM_DBGERRORLOG( 
                retVal, 
                "The response received for the CA certificate was empty.\n" );
        }
    }

    /* If ( the return value was ok ) then
     *  o check the error code returned as well; it's possible that the
     *    error code from the enrollment server ( at the HTTP level; this
     *    is not equivalent to the status of the enrollment request )
     *    didn't result in a bad return value. In this case, report an
     *    error.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        if ( certReqMsg->ErrorCode != OSPC_ERR_NO_ERROR )
        {
            retVal = OSPC_ERR_ENROLL_INVALID_RESPONSE;
            OSPM_DBGERRORLOG( 
                retVal, 
                "The error code received invalidates the CA's response.\n" );
            OSPM_DBGMISC(( 
                "Error code received from server: <%d>\n", 
                certReqMsg->ErrorCode ));
        }
    }

    /*
     * Copy the response into something that's null-terminated; that way,
     * we won't have to worry about overwriting or reading other memory:
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        OSPM_MALLOC( caCertResponse, unsigned char, certReqMsg->ResponseSz + 1 );
        if ( caCertResponse == OSPC_OSNULL )
        {
            retVal = OSPC_ERR_ENROLL_NO_MEMORY;
            OSPM_DBGERRORLOG(
                retVal,
                "No memory for the null-terminated response.\n" );
        }
    }

    /* 
     * Everything looks alright with the response so far, so now let's get
     * the CA certificate ( base64 decoded ) from the response:
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        OSPM_MEMSET( caCertResponse, 0, certReqMsg->ResponseSz + 1 );
        OSPM_STRNCPY( 
            caCertResponse, 
            certReqMsg->ResponseMsg, 
            certReqMsg->ResponseSz );

        retVal = 
            OSPPExtractCACertFromResponse( 
                caCertResponse,
                certReqMsg->ResponseSz,
                &(ospvEnrollParamsInOut->CACert),
                &(ospvEnrollParamsInOut->CACertLen),
                &(ospvEnrollParamsInOut->CACertB64),
                &(ospvEnrollParamsInOut->CACertB64Len) );

        if ( retVal != OSPC_ERR_NO_ERROR )
        {
            OSPM_DBGERRORLOG( 
                retVal, 
                "Unable to extract CA certificate from response." );
        }
    }

    /*
     * If we got the binary string for the CA certificate successfully,
     * then we'll have to validate it. Here we'll turn it into an ASN.1
     * object, check the structure, check the signature ( the CA certificate
     * should be self-signed ), and check the fingerprint. The enrollment
     * parameters structure should contain the CA certificate and the acceptable
     * fingerprint for the certificate prior to the validation stage.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        retVal = OSPPValidateCACertificate( ospvEnrollParamsInOut );
    }

    /* Now it's time to shutdown the communications manager: */
    if ( caCommMgr != OSPC_OSNULL )
    {
        OSPM_DBGMISC(( "Cleaning up communications manager...\n" ));
        OSPPEnrollCleanupCommMgr( &caCommMgr );
    }

    /* Destroy the memory for the enrollment request: */
    OSPPMsgInfoDelete( &certReqMsg );

    /* Destroy the null-terminated CA certificate response if necessary: */
    if ( caCertResponse != OSPC_OSNULL )
    {
        OSPM_FREE( caCertResponse );
    }

    OSPM_DBGEXIT(( "EXIT: OSPPRetrieveCACert\n" ));

    return retVal;
}

/*
 * Create the CA retrieval request. This function should create that
 * request and put it into the ospvCARequest that gets passed in. Note
 * that the memory alloced here for ospvCARequest will not be unmalloced
 * by this function; it will have to be freed by the calling function.
 *
 * Input: ospvCARequest ( also written to; should be empty initially. )
 *
 */
int OSPPCreateCARetrievalRequest (
    OSPTENROLLPARAMS* ospvEnrollParamsIn,
    unsigned char**   ospvCARequestOut
)
{
    int retVal        = OSPC_ERR_NO_ERROR;

    /* Length of the request being built: */
    int requestStrLen = -1;

    /* The request being built: */
    unsigned char* requestStr = OSPC_OSNULL;


    OSPM_DBGENTER(( "ENTER: OSPPCreateCARetrievalRequest\n" ));

    /* If ( the output request is null ) then
     *  o set an error code 
     */
    if ( ospvCARequestOut == OSPC_OSNULL )
    {
        retVal = OSPC_ERR_ENROLL_INVALID_ARG;
    }

    if ( retVal == OSPC_ERR_NO_ERROR ) 

    /* If ( everything has gone ok so far ) then
     *  o calculate the length of the request: the length of 
     *    "operation=GetCACert".
     *  o allocate that much memory, plus one byte ( for null )
     *  o if ( we couldn't malloc memory ) then
     *      o something really bad happened, so set the return value to
     *        an error code and get out.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        requestStrLen = OSPM_STRLEN( OSPC_ENROLL_OPERATION_REQ_PARAM ) +
                        OSPM_STRLEN( OSPC_ENROLL_NAME_VALUE_DELIMITER ) +
                        OSPM_STRLEN( OSPC_ENROLL_OP_CA_CERT_REQ_PARAM );

        OSPM_MALLOC( requestStr, unsigned char, requestStrLen + 1 ); 
        if ( requestStr == OSPC_OSNULL )
        {
            OSPM_DBGERRORLOG( 
                retVal, 
                "Unable to allocate space for request\n" );
        }
    }

    /* If ( the parameters and the memory setting were ok ) then
    *   o copy the request parameters into the request
    *   o set the CA certificate request to be the string that gets built.
    */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        OSPM_MEMSET( requestStr, 0, requestStrLen + 1 );
        OSPM_SPRINTF( 
            (char *)requestStr, 
            "%s%s%s", 
            OSPC_ENROLL_OPERATION_REQ_PARAM,
            OSPC_ENROLL_NAME_VALUE_DELIMITER,
            OSPC_ENROLL_OP_CA_CERT_REQ_PARAM );

        *ospvCARequestOut = requestStr;
        OSPM_DBGMISC(( "request string: <%s>\n", requestStr ));
    }
        
    OSPM_DBGEXIT(( "EXIT: OSPPCreateCARetrievalRequest\n" ));

    return retVal;
}

/* Extract the CA certificate from the response and base64-decode it.
 * We'll also use the base64-encoded certificate to be passed back to
 * the user so that they can use it again on input ( instead of having
 * to redo the base64 encoding. )
 *
 * Input: a character string representing the response to be scanned, 
 *        along with outgoing parameters for the binary BER-encoding
 *        of the CA certificate, its length, the base64 encoding of the
 *        certificate, and its length as well.
 *
 * Output: Along with the values of the outgoing parameters, a return value
 *         of OSPC_ERR_NO_ERROR is returned if the variables could be
 *         allocated and assigned properly. Otherwise, a return value of
 *         something other than OSPC_ERR_NO_ERROR is returned.
 */
int OSPPExtractCACertFromResponse( 
    unsigned char*  ospvResponseIn,
    unsigned        ospvResponseLenIn,
    unsigned char** ospvCACertOut,
    unsigned*       ospvCACertLenOut,
    unsigned char** ospvCACertB64Out,
    unsigned*       ospvCACertB64LenOut
)
{
    int            retVal       = OSPC_ERR_NO_ERROR;
    int            caCertB64Len = 0;
    unsigned char* caCertB64    = OSPC_OSNULL;


    OSPM_DBGENTER(( "ENTER: OSPPExtractCACertFromResponse\n" ));

    /* Check the input parameters first: */
    if ( ( ospvResponseIn == OSPC_OSNULL ) ||
         ( ospvCACertOut == OSPC_OSNULL ) ||
         ( ospvCACertLenOut == OSPC_OSNULL ) ||
         ( ospvCACertB64Out == OSPC_OSNULL ) ||
         ( ospvCACertB64LenOut == OSPC_OSNULL ) ) 
    {
        retVal = OSPC_ERR_ENROLL_INVALID_ARG;
        OSPM_DBGERRORLOG( 
            retVal, 
            "The arguments for extracting a CA certificate are invalid.\n" );
    }

    /* Retrieve the base64-encoded CA certificate from the response;
     * the memory should be allocated for the caCertB64 inside of 
     * OSPPExtractFieldFromResponse.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        retVal = 
            OSPPExtractFieldFromResponse( 
                ospvResponseIn, 
                ospvResponseLenIn,
                OSPC_ENROLL_CA_CERT_RSP_PARAM, 
                &caCertB64 ); 

        /* Complain if we couldn't find the CA certificate: */
        if ( retVal != OSPC_ERR_NO_ERROR )
        {
            OSPM_DBGERRORLOG( 
                retVal,
                 "Unable to find the base64-encoded CA certificate in the response.\n" );
        }

        /* Set an error code and complain if the return value was null: */
        else if ( caCertB64 == OSPC_OSNULL )
        {
            retVal = OSPC_ERR_ENROLL_NO_MEMORY;
            OSPM_DBGERRORLOG( 
                retVal,
                 "The base64-encoded CA certificate returned was null.\n" );
        }
    }

    /* If ( we could find the CA certificate ) then
     *  o get its length
     *  o set an error code and complain if it's empty
     */
    if ( retVal == OSPC_ERR_NO_ERROR ) 
    {
        caCertB64Len = OSPM_STRLEN( caCertB64 );
        if ( caCertB64Len <= 0 )
        {
            OSPM_DBGERRORLOG( 
                retVal, 
                "The CA certificate returned was empty.\n" );
        }
    }

    /* IF ( it looks like the CA certificate might be ok ) then
     *  o allocate memory for the BER-encoded CA certificate ( that is, the
     *    one that's been base64-decoded ); we'll use the pointer returned
     *    to caCertB64 for the outgoing base64-encoding of the cert, so we
     *    don't need any space for it here
     *  o complain if the space couldn't be allocated.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {
        OSPM_MALLOC( *ospvCACertOut, unsigned char, 2 * caCertB64Len + 1 ); 

        if ( *ospvCACertOut == OSPC_OSNULL )
             
        {
            retVal = OSPC_ERR_ENROLL_NO_MEMORY;
            OSPM_DBGERRORLOG( 
                retVal, 
                "Unable to allocate memory for the certificate buffers.\n" );
        }
    }

    /* If ( the memory could be allocated ) then
     *  o initialize it
     *  o set the maximum size of the base64-decoded cert to be twice the
     *    length of the base64-encoded cert. This isn't a very tight 
     *    space allocation ( in fact, the decoding of a base64-encoded message
     *    is 4 * ceil( caCertB64Len/3 ) ), but it's required for the 
     *    base64 decoding mechanism.
     *  o complain if we couldn't get it
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {    
        OSPM_MEMSET( *ospvCACertOut, 0, 2 * caCertB64Len + 1 );
        *ospvCACertLenOut = 2 * caCertB64Len;

        retVal = 
            OSPPBase64Decode( 
                caCertB64, 
                caCertB64Len, 
                *ospvCACertOut, 
                ospvCACertLenOut );

        if ( retVal != OSPC_ERR_NO_ERROR )
        {
            OSPM_DBGERRORLOG( 
                retVal,
                 "Bad base 64 encoding for CA certificate\n" );
        }

    }

    /* If ( we could successfully base64-decode the certificate ) then
     *  o copy the base64-encoded CA certificate and set its length.
     */
    if ( retVal == OSPC_ERR_NO_ERROR )
    {