📄 x509createcertificaterequest.c
字号:
}
PKIPackRSAKey (asnContext, *keyData, *keyDataSize, rsaKey, &asnError);
PKIFreeRSAKey (asnContext, rsaKey);
if (asnError)
return kPGPError_LazyProgrammer;
/* encoded as ASN.1 NULL value */
*paramDataSize = 2;
*paramData = PGPNewData (mgr, 2, 0);
(*paramData)[0] = 0x05;
(*paramData)[1] = 0x00;
return kPGPError_NoErr;
}
static PGPError
x509CompileRegInfo (
PKICONTEXT *context,
PGPAttributeValue *formatData,
PGPSize formatDataCount,
vri_ava_t **av)
{
int avCount = 0;
size_t i;
*av = PKIAlloc (context->memMgr, sizeof (vri_ava_t) * (formatDataCount + 1));
for (i = 0; i < formatDataCount; i++)
{
switch (formatData[i].attribute)
{
case kPGPAVAttribute_Challenge:
(*av)[avCount].type = "challenge";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_CertType:
(*av)[avCount].type = "cert_type";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_CommonName:
(*av)[avCount].type = "common_name";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_MailFirstName:
(*av)[avCount].type = "mail_firstName";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_MailMiddleName:
(*av)[avCount].type = "mail_middleName";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_MailLastName:
(*av)[avCount].type = "mail_lastName";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_EmployeeID:
(*av)[avCount].type = "employeeID";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_MailStop:
(*av)[avCount].type = "mailStop";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_AdditionalField4:
(*av)[avCount].type = "additional_field4";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_AdditionalField5:
(*av)[avCount].type = "additional_field5";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_AdditionalField6:
(*av)[avCount].type = "additional_field6";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_Authenticate:
(*av)[avCount].type = "authenticate";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_EmbedEmail:
(*av)[avCount].type = "embed_email";
(*av)[avCount].value = formatData[i].value.booleanvalue ?
"yes" : "no";
(*av)[avCount].size = strlen((*av)[avCount].value);
++avCount;
break;
/* stock X.500 attributes we also use here */
case kPGPAVAttribute_OrganizationName:
(*av)[avCount].type = "corp_company";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_OrganizationalUnitName:
(*av)[avCount].type = "org_unit";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_Title:
(*av)[avCount].type = "jobTitle";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_Email:
(*av)[avCount].type = "mail_email";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
case kPGPAVAttribute_SCEPChallenge:
(*av)[avCount].type = "onsite_token";
(*av)[avCount].size = formatData[i].size;
(*av)[avCount++].value = formatData[i].value.pointervalue;
break;
default:
break; /* do nothing */
}
}
/* add termination record */
(*av)[avCount].type = NULL;
(*av)[avCount].size = 0;
(*av)[avCount++].value = NULL;
/* resize to actual size used */
PKIRealloc (context->memMgr, (void **) av, sizeof (vri_ava_t) * avCount);
return kPGPError_NoErr;
}
static PGPError
x509CRSToPGPError (int err)
{
switch (err)
{
case VRI_E_MISSING_MANDATORY:
return kPGPError_CRSMissingRequiredAttribute;
case VRI_E_INVALID_CHAR:
return kPGPError_CRSInvalidCharacter;
case VRI_E_AVA_TYPE:
return kPGPError_CRSInvalidAttributeType;
case VRI_E_CERT_TYPE:
return kPGPError_CRSInvalidCertType;
case VRI_E_LENGTH:
return kPGPError_CRSInvalidAttributeValueLength;
case VRI_E_AUTHENTICATE:
return kPGPError_CRSInvalidAuthenticateValue;
default:
return kPGPError_LazyProgrammer;
}
}
#if 1
const PGPByte x509TestNameOid[] = { 0x2a, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7 };
#define x509TestNameOidLen 8
#endif
static PGPError
x509AddGeneralName (
PKICONTEXT *pki, /* [IN] */
PGPByte tag, /* [IN] */
const PGPByte *data, /* [IN] */
PGPSize datasize, /* [IN] */
PKIGeneralNames *gn) /* [OUT] */
{
PKIAnotherName *on = NULL;
PKIGeneralName *name;
name = PKINewGeneralName(pki);
name->CHOICE_field_type = 0xA0 | tag;
PKIAddOfElement (pki, name, gn);
if (tag == 0)
{
on = PKINewAnotherName (pki);
PKIPutOctVal (pki, &on->type_id, x509TestNameOid, x509TestNameOidLen);
PKIPutOctVal (pki, &on->value, data, datasize);
name->data = (void *) on;
}
else
{
PKIOCTET_STRING *os=PKINewOCTET_STRING(pki);
PKIPutOctVal(pki,os,data,datasize);
name->data = (void *) os;
}
return kPGPError_NoErr;
}
static PGPError
x509AddCertExtensions (
PGPAttributeValue const *format,/* [IN] */
PGPSize formatcount, /* [IN] */
TC_CONTEXT *ctx, /* [IN] */
PKIExtensions *ext) /* [OUT] */
{
int asnerr = 0;
PGPSize n;
PGPError err;
PGPByte *der = NULL;
PGPSize dersize;
PKICONTEXT *pki = ctx->certasnctx;
PKIGeneralNames *gn = PKINewGeneralNames (pki);
PKIExtension *extension;
/* see if RFC822Name, DNSName, IPAddress or AnotherName are specified */
for (n = 0; n < formatcount; n++)
{
/* skip empty fields since they are not valid in ASN.1 */
if (format[n].size > 0)
{
if (format[n].attribute == kPGPAVAttribute_RFC822Name)
x509AddGeneralName (pki, 1, format[n].value.pointervalue,
format[n].size, gn);
else if (format[n].attribute == kPGPAVAttribute_DNSName)
x509AddGeneralName (pki, 2, format[n].value.pointervalue,
format[n].size, gn);
#if 0 /* TODO: not finished */
else if (format[n].attribute == kPGPAVAttribute_AnotherName)
x509AddGeneralName (pki, 0, format[n].value.pointervalue,
format[n].size, gn);
#endif
else if (format[n].attribute == kPGPAVAttribute_IPAddress)
x509AddGeneralName (pki, 7, format[n].value.pointervalue,
format[n].size, gn);
else if (format[n].attribute == kPGPAVAttribute_CertificateExtension)
{
PKIExtension *t;
PKIUnpackExtension (pki, &t, format[n].value.pointervalue,
format[n].size, &asnerr);
if (asnerr)
{
err = kPGPError_InvalidCertificateExtension;
goto ERROR;
}
PKIAddOfElement (pki, t, ext);
}
}
}
if (gn->n)
{
dersize = PKISizeofGeneralNames (pki, gn, TRUE);
der = PKIAlloc (pki->memMgr, dersize);
if (!der)
{
err = kPGPError_OutOfMemory;
goto ERROR;
}
PKIPackGeneralNames (pki, der, dersize, gn, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto ERROR;
}
extension = PKINewExtension (pki);
PKIPutOctVal (pki, &extension->extnID,
PKIid_ce_subjectAltName_OID, PKIid_ce_subjectAltName_OID_LEN);
extension->extnValue.val = der;
extension->extnValue.len = dersize;
PKIAddOfElement (pki, extension, ext);
}
err = kPGPError_NoErr;
ERROR:
if (gn)
PKIFreeGeneralNames (pki, gn);
if (der && IsPGPError(err))
PGPFreeData (der);
return err;
}
/* (pkcs-9 7) or (1 2 840 113549 1 9 7) */
static unsigned char SCEPChallenge_OID[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x07
};
#define SCEPChallenge_OID_LEN 9
static PGPError
x509AddExtensionReq (
PGPExportFormat exportFormat,/* [IN] */
PGPAttributeValue *format,/* [IN] */
PGPSize formatcount, /* [IN] */
TC_CONTEXT *ctx, /* [IN] */
TC_Attributes *attr) /* [OUT] */
{
int asnerr = 0;
PGPError err;
PGPByte *der = NULL;
PGPSize dersize;
PKIExtensions *ext=NULL;
PGPSize n;
PKICONTEXT *pki = ctx->certasnctx;
ext = PKINewExtensions (pki);
err = x509AddCertExtensions( format, formatcount, ctx, ext );
if( IsPGPError( err ) )
goto ERROR;
if (ext->n)
{
dersize = PKISizeofExtensions (pki, ext, TRUE);
der = PKIAlloc (pki->memMgr, dersize);
if (!der)
{
err = kPGPError_OutOfMemory;
goto ERROR;
}
PKIPackExtensions (pki, der, dersize, ext, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto ERROR;
}
asnerr = tc_add_attribute (attr,
PKIid_ce_rsaExtensions_OID,
PKIid_ce_rsaExtensions_OID_LEN,
der,
dersize,
ctx);
if (asnerr)
{
err = kPGPError_LazyProgrammer;
goto ERROR;
}
if (der)
PGPFreeData (der);
der = NULL;
}
/* Handle SCEP challenge */
if( exportFormat != kPGPExportFormat_VerisignV1_CertReq )
{
for (n = 0; n < formatcount; n++)
{
/* skip empty fields since they are not valid in ASN.1 */
if (format[n].size > 0)
{
if (format[n].attribute == kPGPAVAttribute_SCEPChallenge)
{
PKIPrintableString *asnstruct;
asnstruct = PKINewPrintableString(pki);
if (asnstruct == NULL) {
err = kPGPError_OutOfMemory;
goto ERROR;
}
PKIPutOctVal(pki, asnstruct, format[n].value.pointervalue,
format[n].size);
dersize = PKISizeofPrintableString(pki, asnstruct, 1);
der = PKIAlloc(pki->memMgr, dersize);
if (!der)
{
err = kPGPError_OutOfMemory;
goto ERROR;
}
(void)PKIPackPrintableString(pki, der, dersize, asnstruct,
&asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto ERROR;
}
asnerr = tc_add_attribute (attr,
SCEPChallenge_OID,
SCEPChallenge_OID_LEN,
der,
dersize,
ctx);
if (asnerr)
{
err = kPGPError_LazyProgrammer;
goto ERROR;
}
if (der)
PGPFreeData (der);
der = NULL;
break;
}
}
}
}
err = kPGPError_NoErr;
ERROR:
if (ext)
PKIFreeExtensions (pki,ext);
if (der)
PGPFreeData (der);
return err;
}
PGPError x509CreateSubjectPublicKeyInfo (
PGPKeyDBObjRef keyref,
PKICONTEXT *asnContext,
X509SubjectPublicKeyInfo *info)
{
PGPError err;
PGPInt32 keyAlgID;
PGPMemoryMgrRef mem = PGPPeekContextMemoryMgr (PGPPeekKeyDBObjContext (keyref));
const PGPByte rsaparm[2] = { 0x05, 0x00 };
memset (info, 0, sizeof (X509SubjectPublicKeyInfo));
/* determine which type of key we have */
err = PGPGetKeyDBObjNumericProperty (keyref, kPGPKeyProperty_AlgorithmID, &keyAlgID);
if (IsPGPError (err))
return err;
/* format the key and any parameters for PKCS-10 */
if (keyAlgID == kPGPPublicKeyAlgorithm_DSA)
{
err = x509FormatDSAKey (mem,
asnContext,
keyref,
&info->keyData,
&info->keyDataSize,
&info->keyParm,
&info->keyParmSize);
info->keyAlg = TC_ALG_DSA;
info->keyAlgSize = TC_ALG_DSA_LEN;
info->sigAlg = TC_ALG_DSA_SHA1;
info->sigAlgSize = TC_ALG_DSA_SHA1_LEN;
}
else if (keyAlgID == kPGPPublicKeyAlgorithm_RSA ||
keyAlgID == kPGPPublicKeyAlgorithm_RSAEncryptOnly ||
keyAlgID == kPGPPublicKeyAlgorithm_RSASignOnly)
{
err = x509FormatRSAKey (mem,
asnContext,
keyref,
&info->keyData,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -