📄 vc2.txt
字号:
刀此函数用于判断新产生的OCSP请求是否合法,若合法则接收这个请求
OCSP REQUEST *OCSP request new(X509一 NAME- name, STACKes OF(X509es EXTENSION) -extensions)
{ OCSP REQUEST*req=NULL;
if ((req=OCSP一 REQUEST new())一NULL) goto err;
if (name) /* optional*/
f if (!(req->tbsRequest->requestorName=GENERAL-NAME_ new())) goto er;
req->tbsRequest->requestorName->type=GEN一 DIRNAME;
req->tbsRequest->requestorName->d.dim=X509一 NAM几dup(name);
}
if(!(req->tbsRequest->requestList=sk-OCSP ONEREQ_new(N〔几L))) goto er;
if(extensions && (!(req->tbsRequest->requestExtensions = ext dup(extensions)))) goto er;
return req;
if (req) OCSP REQUEST free(req);
return NULL;
)
刀此函数用于一个新的合法的OCSP请求加入列表中
int DCSP_request add(OCSP REQUEST *req, OCSP CERTID *cid, STACK OF(X509 EXTENSION) *extensions)
{OCSP ONEREQ-one=NULL;
if(!(one=OCSP ONEREQ_newU))gotoer,
if(one->regCert)OCSP-CERTID free(one->regCert);
if(!(one->regCert=OCSP_ CERTID一 dup(cid)))gotoerr;
if(cxtensions&&(!(one->singleRequestExtensions=ext dup(extensions))))gainer;
if (!sk_OCSP_ONEREQ_push(req->tbsRequesl->requestLisl, one)) goto er;
return I
第35页共44页
首都经济贸易大学硕士论文数字认证技术的研究与实施
if (onc) OCSP ONEREQ free(one);
return 0;
2
//it=ti,求解石马
OCSP_ REQUES丁中d2 _OCSP REQUEST(OCSP REQUEST **a, unsigned char **pp, long length)
{ M_ ASNI_ D21_ vars(a,OCSP_REQUEST*,OCSP REQUEST new);
M_ ASNI_ D21_ htit();
M一SN 1_021_ start sequence();
M ASNI_ D21_get(ret->tbsRequest,d2i OCSP REQINFO);
M ASNI_ D21_get EXP opt(ret->optionalSignature, d2 _OCSP SIGNATURE, 0);
M ASNI_ D21 Finish(a,OCSP_ REQUEST free,ASNI_ F D21_ OCSPes REQUEST);
}
//于巴CERTID解码
OCSP CERTID *d2i_ OCSP CERTID(OCSP CERTID **a, unsigned char **pp, long length)
M ASNI_ D21 vars(a,OCSP_ CERTID *,OCSP_CERTIDes new);
M ASNI_ D21_ Init();
M多SNl_ 1321es start sequence();
M_ ASNI_ D21_get(ret->hmhAlgorithm,d2七X509es ALGOR);
M ASNI夕21_get(ret->issuerNameHash,d2i ASNI一CTETes STRING);
M ASNI D21_get(ret->issuerKeyHash,d2i ASNI OCTET STRING);
Mes ASNI_ D21_get(ret->seriaJNumber,d2ies ASNI一 INTEGER);
if(ASNI_ STRING length(ret->issuerNameHash)一0(JASNI STRING Iength(ret->issuerKeyHmh)一011
ASNI_ STRING一 l ength(ret->serialNumber)= 0)
goto err,
M一SNl_ D21_ Finish(a,OCSPes CERTID_ free,ASNles Fes D21es OCSP_CERTID);
)
/把signature解码
OCSP SIGNATURE *d2仁OCSPes SIGNATURE(OCSP SIGNATURE "*a, unsigned char **pp, long length)
M ASNI D21 vars(a,OCSP SIGNATURE*,OCSPes SIGNATURE- new);
M- ASNI_ D2曰nit();
M~ ASNI夕21_ start-sequence();
M- ASNI夕2Uet(ret->signatureAlgorithm, d2i X509 ALGOR);
Mes ASNI_ D21get(ret->signature,d2i一SNl_ BIT STRING);
M ASNI_ D21_get_EXPes set opt_type(X509, ret->certs, d2i X509, X509 free, 0, Ves ASNI_ SEQUENCE);
M ASNI_ D21一inish(a,OCSP SIGNATUREes free,ASNles F- D21一CSP SIGNATURE);
}
//4巴请求信息解码
OCSP_ REQINFO *d2i OCSPse REQINFO(OCSP REQINFO **a, unsigned char **pp, long length)
M ASNI_ D21_ vars(a,OCSP_REQINFO-,OCSP REQINFOes new);
M ASNI_ D21_ Init();
M ASNI_ D21 start_sequenceo;
/" %ve have the optional version field*/
if(M_ ASNI_ ncNj一(V一SNI一ONTEX毛SPECIFIC I V ASNI一ONSTRUCfED 10))
{M ASNI_ D21_get,EXP opt(ret->version,d2i~ ASNI_ INTEGER,O);)
else( if (ret->Yersion !=NULL)
第36页共44页
首都经济贸易大学硕士论文数字认证技术的研究与实施
八sNI_!Nl印ER少州阶>ve巧ion);
ret)versioll喇ULL;
}
M少SNI_DZ互』。t_EXPesJ〕Pt(肥[争requesto例翻e、dZ吐GENERAI.esNAMEI);
州_AsN诬_DZI』e1esseq-yPe(0CSp~。NER叹,心一>代questList,
(int(*)()珍21一CS几0卜E妊Q.OCSp-0卜EREQes阮。);
/巾th吧reisnoM挤sNI夕21Je仁EXpjeq*code,sowe’reusingthesetv。污lon.1
M一产SNI一DZ】~吕e仁ExPes,沙p仁1月,以X509-EXT〔洲51〔)N
rel一>requ韶tExtension,,dZ几x50只少XTENS10N,X50夕JXTENSlmt斤ee,ZV,产SNI_5明U即CE);
M~产SNI_DZI少inish(民OCSp-REQ湘FoesfreeASNI~FesDZI夕CSPesREQ取FO);
奎
/新建一个CERTID
OCSPes〔ERTD*OCSP~〔:EI之TID口le州Noid)
{ASNI-〔月)c;
OCSP多ERT旧*ret=NULL;
M一八sNI一卜巴、少魂a]loC(re仁OCsPesC〔RTID);
M户SNI州ew(ret一hashAI即rithmxsoges产工GOR一new);
M_人sNI少ew(,℃t,>issue闹ameHashA翎1_oC庄月’-sT’R用0-new);
M产sNlesNe认,ret一5姚水e巧们ash 人测1-OC飞1汀一sTR例几”州;
M_ASNI州e、v(ret一serialNumber,ASNI-州TEGEResnew);
心。m〔心大
M多SNI州e认Jror(ASNI-F‘OCSp一CERTID-NEW);
}
/j新建一个51助a加此
OCsp多IGNATURE.OCSp甘多IGN八TURE刃e叫void)
{ASN纽多狱c;
OCS」J‘SICNA八J旺*比卜NOL;
M少洲1州e、犯Ma{loc(代仁OCS几SIGNATURE);
州户翎1少e呵代卜>51邵翻ureAI即riU价,,XSOges人」刀ORJ〕。叻;
M沪SNI卯ew(r以奋signature,ASN I多IT-STRING-ne叻氛
ret>certs=NULL;
比turn(旧);
M产SNI州ew角Erro代ASNI一Fes0CSP~SIGNATURf-NE哟;
、
,
/f从请求中得到CEI汀旧
OCSp_C〔盯]D呼OCSP夕nereq』et几id(OCSP-()NE旺Q币加e)
谧似umon夕叫众氏
}
j/得到请求
OCSp一ONEREQ橄OCS几代叼u。几onere‘J卿0(OCSpJ砚卫QUEST.roq,in宜1)
{ rc[urnskOCSP一NEREQ_value(req一>tbsRoquest一>requestLi我1);
}
/取出证书序列号
jnl0CS几ideget几111伪(AsNI夕亡陀T‘STR俐G.*piN田”eHashlASNI一BJECT .*pmd,
第〕7页共材页
首都经济贸易大学硕士论文数字认证技术的研究与实施
ASNI夕CTE1岁TRING "FpikeyHash, ASNI- INTEGER **pserial, OCSP- CERTID *cid)
( if(!cid) retum 0;
if (pmd) *pmd = cid->hasKAlgorithm->algorithm;
if(piNameliash) *piNamcHash二cid->issuerNameHash;
if (pikeyHash) "pikeyliash = cid->issuerKeyHmh;
if (pserial) *pserial = cid->serialNumber;
return 1;
}
/把单个请求解码
OCSPes ONEREQ *d2i OCSP ONEREQ(OCSP-ONEREQ **a, unsigned char -pp, long length)
{M_ ASNI D21_ vars(a,OCSP一 ONEREQ *,OCSP ONEREQ_new);
M~产SNI一21Jnit();
M-ASNI D21_start_sequence();
M-ASN 1一2i_get(ret->regCeM d2i OCSP~ CERTID);
1* there is no M~ ASNI夕21_get EXP一 seq* code, so we're using the set version -t
M_ASNI_ D21iget EX几set_opt_typc(X509一EXTENSION, ret->singleRequestExtensions,
d2i X509 EXTENSION, X509-EXTENSIONse free, 0, V ASN1_ SEQUENCE);
M ASNI D21 Finish(a,QCSP-ONEREQ_frec,ASNl~ F D21 OCSP-ONEREQ);
}
JIW1建一个CERTID
OCSP一ERTID *OCS几cent id-new(const EVP一 MD *dgst, X509-NAME *issuerNan,c,
ASNI多IT-STRING* issuerKey, ASN1-INTEGER *serialNumber)
fint nid;
unsigned int i;
X509一 ALGOR *alg;
OCSI飞CERTID *cid = NULL;
unsigned char and[EVP一 MAX_ MDes SIZE);
EVP MDes CTX etx;
if(!(cid=OCSP~ CERTID newQ))gotoerr,
alg=cid->hashAigorithm;
if (alg->algorithm !=NULL) ASNI一BTECT frce(alg->algorithm);
if((nid=EVP-MD- type(dgst))一NID~ undet) goto err;
if(!(algaalgorithm=0$7 nid2obj(nid)))gotoerr,
if((alg->parvneter-ASNI, TYPE ncw())一NULL) goto err;
“于g->parameter->type=V ASNI州ULL;
if (IXi04es NAME一 digest(issucrName, dgst, md, &i)) goto digerr;
if (!(ASN I_ OCTE几STRING_set(cid->issuerNamcHash, md, i))) goto err;
严计算issuerKe2的Hash值,包括标志位和长度*/
EVP_Digcstlnit(&cts,dgst);
EVP DigcstUpdate(&ctx,issuerKe) ->data, issuerKey->tength);
EV几Digcs[Pinal(&etx,md,&i);
f (!(ASN 1_ OCTET STRING set(cid->issuerKeyHash, md, i))) goto cm;
if (cid->seriaJNumber !=NUL功ASNI_ INTEGER free(cid->seria]Nmnber);
if (!(cid->serialNumber= ASN IJNTEGER~ dup(seria]Number))) goto err;
retum cid;
第38页共44页
首都经济贸易大学硕士论文数字认证技术的研究与实施
if (cid) OCS几CERTI几frec(cid);
returnNULL;
、
J
/把请求作DER编码
int i2d_OCSI'_ REQUEST(OCS几REQUEST "a, unsigned char **pp)
{int -0;
M_ ASNI_ 12D_ vars(a);
M ASN1_ 12D Ien(a->tbsRcquest,i2d-OCSP REQINFO);
M ASNI_ I2D len EXP opt(a->optionalSignature, i2d一 OCSP~ SIGNATURE, 0, v);
M_ ASN1_ 12D seq_total();
M.产SNi_ 12D_put(a->tbsRequcsi, i2d OCSPes REQINFO);
M ASN 1_12D_put- EXP opi(a->optionalSignature, i2des OCSP一 SIGNATURE, 0, v);
M ASNI 12D finisho;
}
/初Iln化一个响应器
B10 *init一 responder(char -port)
( BIO*acbio=NULL,"bufbio=NULL;
bufbio = BIO_new(BIO_仁bufer0);
if (bbufbio) goto err,
aebio-BIOes new accept(port);
if (!acbio)goto err;
BIO-set accep日sios(acbio,加几i好;
bufbio = NULL;
if(BIO_dc- accept(acbio)<=0)
{ print坟"Error seting up accept BIO\n");
goto err;
)
return aebio;
err二
B10-free _all(acbio);
BIO少ee(bufbio);
return NULL;
}
/找到响应器
int d几responder(OCSP-REQUEST **pmq, BIO *-pcbio, BIO *aebio, char *port)
{int have_post=0, len;
OCS几REQUEST *req=NULL;
char且。buf)1024];
BIO *cbio-NULL;
if(BIO do accept(acbi叮<=0)
{ print代"Error accepting connection\n");
return 0;
备
cbio = DIO_pop(aebio);
第34页共44页
首都经济贸易大学硕士论文数字认证技术的研究与实施
'pcbio = cbio;
for(;len二BIO_gets(cbio, inbuf, 1024);
if(len<=0) return 1;
/*Look for "POST" signalling start of query */
if (!have夕ost)
盖 iRstnranp(inbuf, "POS丁”,4))
{ print代"Invalid request\n");
return l;
}
have-post = I;
}
/* Look for end of headers */
if((inbu$0]= V)1(inbulj0J= 1d)) break;
)
/* "fry to read OCSP request */
req二d2i_ OCSPes REQUEST-bio(cbio, NULL);
if(!req) print坟"Error parsing OCSP request\n");
*preq = req;
return 1;
}
/查询证书信息
OCSP_ RESPONSE- MakeSearch(OCSPes REQUEST- Request)
{ /*首先判断请求证书的个数是否大于0./
OCSPes RESPONSE *Response= NULL;
OCSP一ASICRESP *bs=NULL;
ASNIes TIME *thisupd=NULL,*nextupd=NULL;
BIO *in =NULL;
int nmin = 0;
int ndays = 30;
intid count =OCSPes request onereq_count(Request);
inti=0;
I坎I走count<0)
( Response =OCSP response一 create(OCSP RESPONSE STATUSes MALFORMEDREQUEST,NULL);
goto end;
备
bs=OCSP_BASICRESP_ new();
in=B10 nevv(BIO s file());
/*从文件中获得CA根证书*/
if(BIO read_ filename(in,"e:\file\root.cei')<-0)
{ printt("trying to load OCSP certificate failed!\n");
}
X509 -x509;
x509=PEM~ read少io一 X509(in洲ULL,NULL,NULL);
第40页共44页
首都经济贸易大学硕士论文数字认证技术的研究与实施
OCSP RESPID *rid;
rid = bs->tbsResponseData->responderld;
rid->tag=V_ OCSP_ RESPID NAME;
rid->value.byName=X509 NAME dup(X509_get subject name(x509));
// setting product ume
Ume t L
lime(&t);
ASNI多ENERALIZEDTIME一 set(bs->tbsResponseData->producedAt, t);
thisupd=X509__gmtime- adj(NULL,0);
if(ndays!=一【) nextupd = X509_gmtime adj(NULL, nmin . 60 * ndays * 3600' 24 );
/*检RM certlD*/
for(i二0; i< id couat;i})
( OCSPes ONEREQ*oneReq;
ASNI INTEGER *serial;
ASN I_ OCTET_STRING *piNameHash;
ASNI分 OCTET STRING *pikeyHash;
OCS几CERTID *certlD;
oneReq二OCSP request onereq_getO(Request, j);
certlD=OCSPes onereq_getO_ id(oneReq);
OCSP_ id_getO info(&piNameHash, NULL, &pikeyHash, &serial, certl功;
long px=ASN I_ INTEGER_get(serial);
char serialnumber[20j;
_Itoa(px,serialnumbeg20);
CSearchlnfo objecteertinfo;
OCS几CERT INFO * certinfo=objecteertinfo.SearchCen(serialnumber);
if(certinfo!-NULL)
{ switch(certinfo->Status)
{case V一CSP一ERTSTATUS一 UNKNOWN:
(
OCSP basic addles status(bs, certID,V一 OCSP CERTSTATUS~ UNKNOWN,O, NULL,thisupd, nextupd);
break;
case V OCSP CERTSTATUS GOOD
OCSP一 basic一 addl status(bs, certlD, V一CSPes CERTSTATUSes GOOD,O, NULL,thisupd, nextupd);
break;
}
case V一CSPes CERTSTATUS_ REVOKED:
{ ASNI_ TIME*rcvTime=ASNIse TIME~ new();
ASNI TIME_set(revTime, certinfo->revokedate);
1*撤梢日期及原因*/
OCS几basice addl status(bs,certlD, V OCSP CERTSTATUS_ REVOKED,certinfo->remon.
revTime,thisupd, nextupd);
break;
}
第41页共44页
首都经济贸易大学硕士论文数字认证技术的研究与实施
飞
J
C上ld
Response =OCSP_ response create(OCSP_ RESPONSE STATUS_ SUCCESSFULL,bs);
return Response
}
I1发送响应
int send ocsp response(BIO "ebio, OCSP RESPONSE "resp)
{ char htp_ resp[j="HTP/1.02000K\r\nContent-type:application/ocsp-response\r\n
Convent-Length: %d\r\n\r\i‘’;
if(!cbio) return 0;
BIO_rr月ntf(cbio, htip resp, i2d OCSP一ESPONSE(resp, NULL));
12屯OCSP RESPONSE一 bio(cbio, resp工
BIO_ fush(cbio);
return I;
附录C
void CBOcspCIientDIg::OnButo⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -