ospx509.c

mgcp协议源代码。支持多种编码：g711

int
OSPPX509CertValidateCertificate(
    OSPTASN1OBJECT *ospvTestCertificate,
    OSPTASN1OBJECT *ospvAuthorityCertificates[],
    unsigned int    ospvNumberOfAuthorityCertificates,
    int             *ospvParentCertificateIndex)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *publicKey = OSPC_OSNULL;
    unsigned int i = 0;


    /* Loop through Authority Certificates to find issuer for testCert */
    for (i = 0; 
        (errorcode == OSPC_ERR_NO_ERROR || errorcode == OSPC_ERR_X509_CA_NOT_FOUND) && 
        (i < ospvNumberOfAuthorityCertificates); i ++)
    {
        /* Test ca certificate against test certificate */ 
        errorcode = OSPPX509CertIsParentCertificate(
            ospvAuthorityCertificates[i], 
            ospvTestCertificate);

        if (errorcode != OSPC_ERR_X509_CA_NOT_FOUND)
        {
            /* Found the ca for the test certificate or a serious error */
            break; 
        }

    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the public key from certificate */
        errorcode = OSPPASN1ObjectCopyElementObject(&publicKey,
            ospvAuthorityCertificates[i], 
            OSPEDRID_CERT_SUBJPUBKEYINFO);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Check the test certificate to see if it is signed/not expired */
        errorcode = OSPPX509CertCheckCertificateData(ospvTestCertificate,
            publicKey);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Is authority certificate self signed? */
        if (OSPPX509CertIsParentCertificate(ospvAuthorityCertificates[i],
            ospvAuthorityCertificates[i]))
        {
            /* Yes - is is a Self Signed Certificate */
            /* Check ca certificate (self signed) to make sure it is valid */
            errorcode = OSPPX509CertCheckCertificateData(
                ospvAuthorityCertificates[i],
                publicKey);
        } 
        else
        {

            /* Nope, not self signed - continue down chain or return index
             of ca certificate */
            if (ospvParentCertificateIndex == OSPC_OSNULL)
            {
                /* Validate Certificate Chain */
                errorcode = OSPPX509CertValidateCertificate(
                    ospvAuthorityCertificates[i],
                    ospvAuthorityCertificates,
                    ospvNumberOfAuthorityCertificates,
                    OSPC_OSNULL);
            }
        }
    }
    if(OSPC_OSNULL!=publicKey)  /* !!! PS */
    {
        OSPPASN1ElementDelete(&(publicKey->ParseResults->ElementInfo),0);
        OSPPASN1ObjectDelete(&publicKey);
    }


    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* If supposed to return index, then set it here */
        if (ospvParentCertificateIndex != OSPC_OSNULL)
        {
            *ospvParentCertificateIndex = i;
        }
    }

    return errorcode;
}

int
OSPPX509CertIsParentCertificate(
    OSPTASN1OBJECT *ospvParentCertificate,
    OSPTASN1OBJECT *ospvTestCertificate)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1OBJECT *parentCertInfo = OSPC_OSNULL;
    OSPTASN1OBJECT *testCertInfo = OSPC_OSNULL;
    OSPTASN1ELEMENTINFO *elementInfo1 = OSPC_OSNULL;    /* !!! PS */
    OSPTASN1ELEMENTINFO *elementInfo2 = OSPC_OSNULL;    /* !!! PS */
    unsigned char *certificate = OSPC_OSNULL;
    unsigned int certificateLength = 0;
    unsigned char *subjectName = OSPC_OSNULL;
    unsigned int subjectNameLength = 0;
    unsigned char *issuerName = OSPC_OSNULL;
    unsigned int issuerNameLength = 0;

    /* Reparse the superior certificate */
    errorcode = OSPPASN1ObjectGetElementInfo(ospvParentCertificate, 
        &elementInfo1);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Reparse the certificate */
        errorcode = OSPPASN1ElementGetElementData(elementInfo1,
            &certificate, &certificateLength);

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            errorcode = OSPPX509CertCreate(certificate, &parentCertInfo);
        }

        /* Reparse the test certificate */
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            errorcode = OSPPASN1ObjectGetElementInfo(ospvTestCertificate, 
                &elementInfo1);
        }

        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            /* Reparse the certificate */
            errorcode = OSPPASN1ElementGetElementData(elementInfo1,
                &certificate, &certificateLength);

            if (errorcode == OSPC_ERR_NO_ERROR)
            {
                errorcode = OSPPX509CertCreate(certificate, &testCertInfo);
            }
        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the parent certificate subject name */
        errorcode = OSPPASN1ObjectGetElementByDataRef(parentCertInfo,
            &elementInfo1, 
            OSPEDRID_CERT_SUBJECT);
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            errorcode = OSPPASN1ElementGetElementData(elementInfo1,
                &subjectName, &subjectNameLength);

        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get the test certificate issuer name */
        errorcode = OSPPASN1ObjectGetElementByDataRef(testCertInfo,
            &elementInfo2, 
            OSPEDRID_CERT_ISSUER);
        if (errorcode == OSPC_ERR_NO_ERROR)
        {
            errorcode = OSPPASN1ElementGetElementData(elementInfo2,
                &issuerName, &issuerNameLength);

        }
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Now we have both Names.  For now, assume they are formatted
        exactly the same on both certificates.  Should be able to do a
        memcmp to make sure they are the same. If there is a possibility of
        encoding differences (possible?) then it might be necessary to
        add code to take each name apart and search and compare elements. */

        errorcode = OSPC_ERR_X509_CA_NOT_FOUND;
        if (issuerNameLength == subjectNameLength)
        {
            if (OSPM_MEMCMP(issuerName, subjectName, issuerNameLength) == 0)
            {
                errorcode = OSPC_ERR_NO_ERROR;
            }
        }
    }

    if(OSPC_OSNULL!=elementInfo1)   /* !!! PS */
    {
        OSPPASN1ElementDelete(&elementInfo1,0);
    }
    if(OSPC_OSNULL!=elementInfo2)   /* !!! PS */
    {
        OSPPASN1ElementDelete(&elementInfo2,0);
    }
    OSPPASN1ObjectDelete(&parentCertInfo);
    OSPPASN1ObjectDelete(&testCertInfo);
    return errorcode;
} /* OSPPX509CertIsParentCertificate */


int
OSPPX509CertGetCertificate(
    OSPTASN1OBJECT *ospvCertInfo,
    unsigned char **ospvCertificate,
    unsigned int  *ospvCertificateLength)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1ELEMENTINFO *eInfo = OSPC_OSNULL;

    *ospvCertificate = OSPC_OSNULL;
    *ospvCertificateLength = 0;

    errorcode = OSPPX509CertGetElement( ospvCertInfo, 
        OSPEDRID_CERTIFICATE, 
        &eInfo);
    if (eInfo != OSPC_OSNULL)
    {
        *ospvCertificate = eInfo->Element;
        *ospvCertificateLength = eInfo->ElementLength;
    }

    return errorcode;
}



int
OSPPX509CertGetElement(
    OSPTASN1OBJECT *ospvCertInfo,           /* In - X509 Cert Context */
    OSPEASN1DATAREFID ospvDataRefId,
    OSPTASN1ELEMENTINFO **ospvElementInfo)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1ELEMENTINFO *foundElement = OSPC_OSNULL;

    errorcode = OSPPX509CertTestContext(ospvCertInfo);
    if ( errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPASN1ElementGet(ospvDataRefId, 
            ospvCertInfo->ParseResults, &foundElement);
    }

    *ospvElementInfo = foundElement;

    return errorcode;
}


int
OSPPX509CertTestContext(
    OSPTASN1OBJECT *ospvCertInfo)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    if (ospvCertInfo == OSPC_OSNULL)
    {
        errorcode = OSPC_ERR_X509_INVALID_CONTEXT;
        OSPM_DBGERRORLOG(errorcode, "X509 CertInfo context is null pointer");
    }

    return errorcode;
}



int
OSPPX509CertCreate(
    unsigned char *ospvEncodedCertificate,
    OSPTASN1OBJECT **ospvCert)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    OSPM_MALLOC(*ospvCert, OSPTASN1OBJECT, sizeof(OSPTASN1OBJECT));
    if (*ospvCert == OSPC_OSNULL)
    {
        errorcode = OSPC_ERR_CERT_MALLOC_FAILED;
        OSPM_DBGERRORLOG(errorcode, 
            "malloc of new X509 Certificate failed");
    }
    else
    {
        OSPM_MEMSET(*ospvCert, 0, sizeof(OSPTASN1OBJECT));
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPX509CertSetCertificate(*ospvCert, 
            ospvEncodedCertificate);
    }

    return errorcode;
}


int
OSPPX509CertSetCertificate(
    OSPTASN1OBJECT *ospvCert,
    unsigned char *ospvEncodedCertificate)
{
    int errorcode = OSPC_ERR_NO_ERROR;
    OSPTASN1ELEMENTINFO *eInfo = OSPC_OSNULL;
    OSPTASN1PARSERESULT *parseResults = OSPC_OSNULL;

    errorcode = OSPPX509CertTestContext(ospvCert);

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get rid of the old certificate data */
        OSPPASN1ElementDelete(&(ospvCert->ElementInfo),0);
        OSPPASN1ElementParseDelete(&(ospvCert->ParseResults));
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPASN1ElementDecode(ospvEncodedCertificate, &eInfo, 0);
    }

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        errorcode = OSPPASN1ElementParse( eInfo, OSPEPTID_CERTIFICATE, 
            OSPC_OSNULL,
            &parseResults, 
            OSPC_ASN1_DATAREFID_CERTIFICATE);
    }   

    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        ospvCert->ElementInfo = eInfo;
        ospvCert->ParseResults = parseResults;
    }
    else
    {
        if (eInfo) 
        {
            OSPPASN1ElementDelete(&eInfo,0);
        }

        if (parseResults) 
        {
            PTPResultsDelete(&parseResults);
        }
    }


    return errorcode;
}

int
OSPPX509CertDelete(
    OSPTASN1OBJECT **ospvCert)
{
    int errorcode = OSPC_ERR_NO_ERROR;

    errorcode = OSPPX509CertTestContext(*ospvCert);
    if (errorcode == OSPC_ERR_NO_ERROR)
    {
        /* Get rid of the old certificate data */
        OSPPASN1ObjectDelete(ospvCert);
    }
    return(errorcode);
}