summaryrefslogtreecommitdiff
path: root/src/CrlExample.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/CrlExample.c')
-rw-r--r--src/CrlExample.c423
1 files changed, 423 insertions, 0 deletions
diff --git a/src/CrlExample.c b/src/CrlExample.c
new file mode 100644
index 0000000..c2a4635
--- /dev/null
+++ b/src/CrlExample.c
@@ -0,0 +1,423 @@
+/*
+ * Copyright (C) 2000,2001 Fabio Fiorina
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+/*****************************************************/
+/* File: CrlExample.c */
+/* Description: An example on how to use the ASN1 */
+/* parser with the Certificate.txt file */
+/*****************************************************/
+
+#include <stdio.h>
+#include <string.h>
+#include "../lib/asn1.h"
+#include "../lib/der.h"
+
+/******************************************************/
+/* Function : get_name_type */
+/* Description: analyze a structure of type Name */
+/* Parameters: */
+/* char *root: the structure identifier */
+/* char *answer: the string with elements like: */
+/* "C=US O=gov" */
+/******************************************************/
+void
+get_Name_type(node_asn *cert_def,node_asn *cert,char *root, char *answer)
+{
+ int k,k2,result,len;
+ char name[128],str[1024],str2[1024],name2[128],counter[5],name3[128];
+ node_asn *value;
+
+ answer[0]=0;
+ k=1;
+ do{
+ strcpy(name,root);
+ strcat(name,".rdnSequence.?");
+ _asn1_ltostr(k,counter);
+ strcat(name,counter);
+
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert,name,str,&len);
+ if(result==ASN_ELEMENT_NOT_FOUND) break;
+ k2=1;
+ do{
+ strcpy(name2,name);
+ strcat(name2,".?");
+ _asn1_ltostr(k2,counter);
+ strcat(name2,counter);
+
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert,name2,str,&len);
+ if(result==ASN_ELEMENT_NOT_FOUND) break;
+ strcpy(name3,name2);
+ strcat(name3,".type");
+
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert,name3,str,&len);
+ strcpy(name3,name2);
+ strcat(name3,".value");
+ if(result==ASN_OK){
+ len = sizeof(str2);
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-countryName",
+ str2,&len);
+ if(!strcmp(str,str2)){
+ asn1_create_structure(cert_def,"PKIX1Implicit88.X520OrganizationName",
+ &value,"certificate2-subject-C");
+ len = sizeof(str)-1;
+ asn1_read_value(cert,name3,str,&len);
+ asn1_get_der(value,str,len);
+ strcpy(name3,"certificate2-subject-C");
+
+ len = sizeof(str)-1;
+ asn1_read_value(value,name3,str,&len); /* CHOICE */
+ strcat(name3,".");
+ strcat(name3,str);
+
+ len = sizeof(str)-1;
+ asn1_read_value(value,name3,str,&len);
+ str[len]=0;
+ strcat(answer," C=");
+ strcat(answer,str);
+ asn1_delete_structure(value);
+ }
+ else{
+ len = sizeof(str2);
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationName"
+ ,str2,&len);
+ if(!strcmp(str,str2)){
+ asn1_create_structure(cert_def,"PKIX1Implicit88.X520OrganizationName"
+ ,&value,"certificate2-subject-O");
+
+ len = sizeof(str)-1;
+ asn1_read_value(cert,name3,str,&len);
+ asn1_get_der(value,str,len);
+ strcpy(name3,"certificate2-subject-O");
+ len = sizeof(str)-1;
+ asn1_read_value(value,name3,str,&len); /* CHOICE */
+ strcat(name3,".");
+ strcat(name3,str);
+ len = sizeof(str)-1;
+ asn1_read_value(value,name3,str,&len);
+ str[len]=0;
+ strcat(answer," O=");
+ strcat(answer,str);
+ asn1_delete_structure(value);
+ }
+ else{
+ len = sizeof(str2);
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationalUnitName",str2,&len);
+ if(!strcmp(str,str2)){
+ asn1_create_structure(cert_def,"PKIX1Implicit88.X520OrganizationalUnitName",&value,"certificate2-subject-OU");
+ len = sizeof(str)-1;
+ asn1_read_value(cert,name3,str,&len);
+ asn1_get_der(value,str,len);
+ strcpy(name3,"certificate2-subject-OU");
+ len = sizeof(str)-1;
+ asn1_read_value(value,name3,str,&len); /* CHOICE */
+ strcat(name3,".");
+ strcat(name3,str);
+ len = sizeof(str)-1;
+ asn1_read_value(value,name3,str,&len);
+ str[len]=0;
+ strcat(answer," OU=");
+ strcat(answer,str);
+ asn1_delete_structure(value);
+ }
+ }
+ }
+ }
+ k2++;
+ }while(1);
+ k++;
+ }while(1);
+}
+
+
+/******************************************************/
+/* Function : create_certificate */
+/* Description: creates a certificate named */
+/* "certificate1". Values are the same */
+/* as in rfc2459 Appendix D.1 */
+/* Parameters: */
+/* unsigned char *der: contains the der encoding */
+/* int *der_len: number of bytes of der string */
+/******************************************************/
+void
+create_CRL(node_asn *cert_def, unsigned char *der,int *der_len)
+{
+ int result,k,len;
+ unsigned char str[1024],*str2;
+ node_asn *crl,*value;
+
+ result=asn1_create_structure(cert_def,"PKIX1Implicit88.CertificateList",&crl,"crl1");
+
+ /* Use the next 3 lines to visit the empty certificate */
+ /* printf("-----------------\n");
+ asn1_visit_tree(crl,"crl1");
+ printf("-----------------\n"); */
+
+
+ /* version: v2(1) */
+ result=asn1_write_value(crl,"crl1.tbsCertList.version","v2",0);
+
+ /* signature: dsa-with-sha */
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-dsa-with-sha1",str,&len);
+ result=asn1_write_value(crl,"crl1.tbsCertList.signature.algorithm",str,1);
+
+ result=asn1_write_value(crl,"crl1.tbsCertList.signature.parameters",NULL,0);
+
+
+ /* issuer: Country="US" Organization="gov" OrganizationUnit="nist" */
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer","rdnSequence",1);
+
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence","NEW",1);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST","NEW",1);
+ /* C */
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-countryName",str,&len);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",str,1);
+ result=asn1_create_structure(cert_def,"PKIX1Implicit88.X520countryName",
+ &value,"countryName");
+ result=asn1_write_value(value,"countryName","US",2);
+ result=asn1_create_der(value,"countryName",der,der_len);
+ asn1_delete_structure(value);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",der,*der_len);
+
+
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence","NEW",4);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST","NEW",4);
+ /* O */
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationName",str,&len);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",str,8);
+ result=asn1_create_structure(cert_def,"PKIX1Implicit88.X520OrganizationName",
+ &value,"OrgName");
+ result=asn1_write_value(value,"OrgName","printableString",1);
+ result=asn1_write_value(value,"OrgName.printableString","gov",3);
+ result=asn1_create_der(value,"OrgName",der,der_len);
+ asn1_delete_structure(value);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",der,*der_len);
+
+
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence","NEW",1);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST","NEW",1);
+ /* OU */
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-at-organizationalUnitName",
+ str,&len);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",str,1);
+ result=asn1_create_structure(cert_def,"PKIX1Implicit88.X520OrganizationalUnitName",&value,"OrgUnitName");
+ result=asn1_write_value(value,"OrgUnitName","printableString",1);
+ result=asn1_write_value(value,"OrgUnitName.printableString","nist",4);
+ result=asn1_create_der(value,"OrgUnitName",der,der_len);
+ asn1_delete_structure(value);
+ result=asn1_write_value(crl,"crl1.tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",der,*der_len);
+
+
+ /* validity */
+ result=asn1_write_value(crl,"crl1.tbsCertList.thisUpdate","utcTime",1);
+ result=asn1_write_value(crl,"crl1.tbsCertList.thisUpdate.utcTime","970801000000Z",1);
+
+ result=asn1_write_value(crl,"crl1.tbsCertList.nextUpdate","utcTime",1);
+ result=asn1_write_value(crl,"crl1.tbsCertList.nextUpdate.utcTime","970808000000Z",1);
+
+
+ /* revokedCertificates */
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates","NEW",1);
+ str[0]=18;
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.userCertificate",str,1);
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.revocationDate","utcTime",1);
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.revocationDate.utcTime","970731000000Z",1);
+
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.crlEntryExtensions","NEW",1);
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-ce-cRLReasons",
+ str,&len);
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.extnID",str,1); /* reasonCode */
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.critical","FALSE",1);
+ str2="\x0a\x01\x01";
+ result=asn1_write_value(crl,"crl1.tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.extnValue",str2,3);
+
+
+ /* crlExtensions */
+ result=asn1_write_value(crl,"crl1.tbsCertList.crlExtensions",NULL,0);
+
+
+ /* signatureAlgorithm: dsa-with-sha */
+ len = sizeof(str)-1;
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-dsa-with-sha1",str,&len);
+ result=asn1_write_value(crl,"crl1.signatureAlgorithm.algorithm",str,1);
+ result=asn1_write_value(crl,"crl1.signatureAlgorithm.parameters",NULL,0); /* NO OPTION */
+
+ /* signature */
+ result=asn1_create_der(crl,"crl1.tbsCertList",der,der_len);
+ if(result!=ASN_OK){
+ printf("\n'tbsCertList' encoding creation: ERROR\n");
+ return;
+ }
+
+ /* add the lines for the signature on der[0]..der[der_len-1]: result in str2 */
+ result=asn1_write_value(crl,"crl1.signature",str2,46*8);
+
+
+ /* Use the next 3 lines to visit the certificate */
+ /* printf("-----------------\n");
+ asn1_visit_tree(crl,"crl1");
+ printf("-----------------\n"); */
+
+
+ result=asn1_create_der(crl,"crl1",der,der_len);
+ if(result!=ASN_OK){
+ printf("\n'crl1' encoding creation: ERROR\n");
+ return;
+ }
+
+ /* Print the 'Certificate1' DER encoding */
+ printf("-----------------\nCrl1 Encoding:\nNumber of bytes=%i\n",*der_len);
+ for(k=0;k<*der_len;k++) printf("%02x ",der[k]);
+ printf("\n-----------------\n");
+
+ /* Clear the "certificate1" structure */
+ asn1_delete_structure(crl);
+}
+
+
+
+/******************************************************/
+/* Function : get_certificate */
+/* Description: creates a certificate named */
+/* "certificate2" from a der encoding */
+/* string */
+/* Parameters: */
+/* unsigned char *der: the encoding string */
+/* int der_len: number of bytes of der string */
+/******************************************************/
+void
+get_CRL(node_asn *cert_def,unsigned char *der,int der_len)
+{
+ int result,len,start,end;
+ unsigned char str[1024],str2[1024];
+ node_asn *crl2;
+
+
+ asn1_create_structure(cert_def,"PKIX1Implicit88.CertificateList",&crl2,"crl2");
+
+ result=asn1_get_der(crl2,der,der_len);
+
+ if(result!=ASN_OK){
+ printf("Problems with DER encoding\n");
+ return;
+ }
+
+
+ /* issuer */
+ get_Name_type(cert_def,crl2,"crl2.tbsCertList.issuer",str);
+ printf("crl2:\nissuer =%s\n",str);
+
+
+ /* Verify sign */
+ len = sizeof(str)-1;
+ result=asn1_read_value(crl2,"crl2.signatureAlgorithm.algorithm",str,&len);
+
+ result=asn1_read_value(cert_def,"PKIX1Implicit88.id-dsa-with-sha1",str2,&len);
+ if(!strcmp(str,str2)){ /* dsa-with-sha */
+
+ result=asn1_get_start_end_der(crl2,der,der_len,
+ "crl2.tbsCertList",&start,&end);
+
+ /* add the lines to calculate the sha on der[start]..der[end] */
+
+ result=asn1_read_value(crl2,"crl2.signature",str,&len);
+
+ /* compare the previous value to signature ( with issuer public key) */
+ }
+
+ /* Use the next 3 lines to visit the certificate */
+ /* printf("-----------------\n");
+ asn1_visit_tree(crl2,"crl2");
+ printf("-----------------\n"); */
+
+
+ /* Clear the "crl2" structure */
+ asn1_delete_structure(crl2);
+}
+
+
+/********************************************************/
+/* Function : main */
+/* Description: reads the certificate description. */
+/* Creates a certificate and calculate */
+/* the der encoding. After that creates */
+/* another certificate from der string */
+/********************************************************/
+int
+main(int argc,char *argv[])
+{
+ int result,der_len;
+ unsigned char der[1024];
+ char file_name[128];
+ node_asn *PKIX1Implicit88;
+
+/* result=asn1_create_tree(pkix_asn1_tab,&PKIX1Implicit88);*/
+ if(argc==2) strcpy(file_name,argv[1]);
+ else file_name[0]=0;
+
+ strcat(file_name,"pkix.asn");
+ result=asn1_parser_asn1(file_name,&PKIX1Implicit88);
+
+ if(result==ASN_FILE_NOT_FOUND){
+ printf("FILE NOT FOUND\n");
+ return;
+ }
+ else if(result==ASN_SYNTAX_ERROR){
+ printf("PARSE ERROR\n");
+ return;
+ }
+ else if(result==ASN_IDENTIFIER_NOT_FOUND){
+ printf("IDENTIFIER NOT FOUND\n");
+ return;
+ }
+
+
+ /* Use the following 3 lines to visit the PKIX1Implicit structures */
+ /* printf("-----------------\n");
+ asn1_visit_tree(cert_def,"PKIX1Implicit88");
+ printf("-----------------\n"); */
+
+
+ create_CRL(PKIX1Implicit88,der,&der_len);
+
+ get_CRL(PKIX1Implicit88,der,der_len);
+
+ /* Clear the "PKIX1Implicit88" structures */
+ asn1_delete_structure(PKIX1Implicit88);
+
+ return;
+}
+
+
+
+
+
+
+
+
+