2 * Copyright (C) 2000-2014 Free Software Foundation, Inc.
4 * This file is part of LIBTASN1.
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 /*****************************************************/
22 /* File: CrlExample.c */
23 /* Description: An example on how to use the ASN1 */
24 /* parser with the Certificate.txt file */
25 /*****************************************************/
35 my_ltostr (long v, char *str)
55 temp[start + count] = '0' + (char) r;
61 for (k = 0; k < count; k++)
62 str[k + start] = temp[start + count - k - 1];
63 str[count + start] = 0;
68 /******************************************************/
69 /* Function : get_name_type */
70 /* Description: analyze a structure of type Name */
72 /* char *root: the structure identifier */
73 /* char *answer: the string with elements like: */
75 /******************************************************/
77 get_Name_type (ASN1_TYPE cert_def, ASN1_TYPE cert, const char *root,
80 int k, k2, result, len;
81 char name[128], str[1024], str2[1024], name2[128], counter[5], name3[128];
82 ASN1_TYPE value = ASN1_TYPE_EMPTY;
83 char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
84 char *answer = (char *) ans;
91 strcat (name, ".rdnSequence.?");
92 my_ltostr (k, counter);
93 strcat (name, counter);
95 len = sizeof (str) - 1;
96 result = asn1_read_value (cert, name, str, &len);
97 if (result == ASN1_ELEMENT_NOT_FOUND)
102 strcpy (name2, name);
103 strcat (name2, ".?");
104 my_ltostr (k2, counter);
105 strcat (name2, counter);
107 len = sizeof (str) - 1;
108 result = asn1_read_value (cert, name2, str, &len);
109 if (result == ASN1_ELEMENT_NOT_FOUND)
111 strcpy (name3, name2);
112 strcat (name3, ".type");
114 len = sizeof (str) - 1;
115 result = asn1_read_value (cert, name3, str, &len);
116 strcpy (name3, name2);
117 strcat (name3, ".value");
118 if (result == ASN1_SUCCESS)
122 asn1_read_value (cert_def,
123 "PKIX1Implicit88.id-at-countryName", str2,
125 if (!strcmp (str, str2))
127 asn1_create_element (cert_def,
128 "PKIX1Implicit88.X520OrganizationName",
130 len = sizeof (str) - 1;
131 asn1_read_value (cert, name3, str, &len);
133 asn1_der_decoding (&value, str, len, errorDescription);
135 len = sizeof (str) - 1;
136 asn1_read_value (value, "", str, &len); /* CHOICE */
140 len = sizeof (str) - 1;
141 asn1_read_value (value, name3, str, &len);
143 strcat (answer, " C=");
144 strcat (answer, str);
146 asn1_delete_structure (&value);
152 asn1_read_value (cert_def,
153 "PKIX1Implicit88.id-at-organizationName",
155 if (!strcmp (str, str2))
157 asn1_create_element (cert_def,
158 "PKIX1Implicit88.X520OrganizationName",
161 len = sizeof (str) - 1;
162 asn1_read_value (cert, name3, str, &len);
163 asn1_der_decoding (&value, str, len, errorDescription);
164 len = sizeof (str) - 1;
165 asn1_read_value (value, "", str, &len); /* CHOICE */
167 len = sizeof (str) - 1;
168 asn1_read_value (value, name3, str, &len);
170 strcat (answer, " O=");
171 strcat (answer, str);
172 asn1_delete_structure (&value);
178 asn1_read_value (cert_def,
179 "PKIX1Implicit88.id-at-organizationalUnitName",
181 if (!strcmp (str, str2))
183 asn1_create_element (cert_def,
184 "PKIX1Implicit88.X520OrganizationalUnitName",
186 len = sizeof (str) - 1;
187 asn1_read_value (cert, name3, str, &len);
188 asn1_der_decoding (&value, str, len,
190 len = sizeof (str) - 1;
191 asn1_read_value (value, "", str, &len); /* CHOICE */
193 len = sizeof (str) - 1;
194 asn1_read_value (value, name3, str, &len);
196 strcat (answer, " OU=");
197 strcat (answer, str);
198 asn1_delete_structure (&value);
212 /******************************************************/
213 /* Function : create_certificate */
214 /* Description: creates a certificate named */
215 /* "certificate1". Values are the same */
216 /* as in rfc2459 Appendix D.1 */
218 /* unsigned char *der: contains the der encoding */
219 /* int *der_len: number of bytes of der string */
220 /******************************************************/
222 create_CRL (ASN1_TYPE cert_def, unsigned char *der, int *der_len)
225 unsigned char str[1024];
226 const unsigned char *str2;
227 ASN1_TYPE crl = ASN1_TYPE_EMPTY;
228 ASN1_TYPE value = ASN1_TYPE_EMPTY;
229 char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
235 asn1_create_element (cert_def, "PKIX1Implicit88.CertificateList", &crl);
237 /* Use the next 3 lines to visit the empty certificate */
238 /* printf("-----------------\n");
239 asn1_visit_tree(crl,"");
240 printf("-----------------\n"); */
244 result = asn1_write_value (crl, "tbsCertList.version", "v2", 0);
247 /* signature: dsa-with-sha */
248 len = sizeof (str) - 1;
250 asn1_read_value (cert_def, "PKIX1Implicit88.id-dsa-with-sha1", str, &len);
251 result = asn1_write_value (crl, "tbsCertList.signature.algorithm", str, 1);
253 asn1_write_value (crl, "tbsCertList.signature.parameters", NULL, 0);
256 /* issuer: Country="US" Organization="gov" OrganizationUnit="nist" */
257 result = asn1_write_value (crl, "tbsCertList.issuer", "rdnSequence", 1);
259 result = asn1_write_value (crl, "tbsCertList.issuer.rdnSequence", "NEW", 1);
261 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST", "NEW", 1);
263 len = sizeof (str) - 1;
265 asn1_read_value (cert_def, "PKIX1Implicit88.id-at-countryName", str,
268 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",
271 asn1_create_element (cert_def, "PKIX1Implicit88.X520countryName", &value);
272 result = asn1_write_value (value, "", "US", 2);
274 result = asn1_der_coding (value, "", der, der_len, errorDescription);
276 asn1_delete_structure (&value);
278 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",
282 result = asn1_write_value (crl, "tbsCertList.issuer.rdnSequence", "NEW", 4);
284 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST", "NEW", 4);
286 len = sizeof (str) - 1;
288 asn1_read_value (cert_def, "PKIX1Implicit88.id-at-organizationName", str,
291 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",
294 asn1_create_element (cert_def, "PKIX1Implicit88.X520OrganizationName",
296 result = asn1_write_value (value, "", "printableString", 1);
297 result = asn1_write_value (value, "printableString", "gov", 3);
299 result = asn1_der_coding (value, "", der, der_len, errorDescription);
300 asn1_delete_structure (&value);
302 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",
306 result = asn1_write_value (crl, "tbsCertList.issuer.rdnSequence", "NEW", 1);
308 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST", "NEW", 1);
310 len = sizeof (str) - 1;
312 asn1_read_value (cert_def, "PKIX1Implicit88.id-at-organizationalUnitName",
315 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST.?LAST.type",
318 asn1_create_element (cert_def,
319 "PKIX1Implicit88.X520OrganizationalUnitName",
321 result = asn1_write_value (value, "", "printableString", 1);
322 result = asn1_write_value (value, "printableString", "nist", 4);
324 result = asn1_der_coding (value, "", der, der_len, errorDescription);
325 asn1_delete_structure (&value);
327 asn1_write_value (crl, "tbsCertList.issuer.rdnSequence.?LAST.?LAST.value",
332 result = asn1_write_value (crl, "tbsCertList.thisUpdate", "utcTime", 1);
334 asn1_write_value (crl, "tbsCertList.thisUpdate.utcTime", "970801000000Z",
337 result = asn1_write_value (crl, "tbsCertList.nextUpdate", "utcTime", 1);
339 asn1_write_value (crl, "tbsCertList.nextUpdate.utcTime", "970808000000Z",
343 /* revokedCertificates */
345 asn1_write_value (crl, "tbsCertList.revokedCertificates", "NEW", 1);
348 asn1_write_value (crl,
349 "tbsCertList.revokedCertificates.?LAST.userCertificate",
352 asn1_write_value (crl,
353 "tbsCertList.revokedCertificates.?LAST.revocationDate",
356 asn1_write_value (crl,
357 "tbsCertList.revokedCertificates.?LAST.revocationDate.utcTime",
361 asn1_write_value (crl,
362 "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
364 len = sizeof (str) - 1;
365 result = asn1_read_value (cert_def, "PKIX1Implicit88.id-ce-cRLReasons",
367 result = asn1_write_value (crl, "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.extnID", str, 1); /* reasonCode */
369 asn1_write_value (crl,
370 "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.critical",
372 str2 = (const unsigned char *) "\x0a\x01\x01";
374 asn1_write_value (crl,
375 "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions.?LAST.extnValue",
380 result = asn1_write_value (crl, "tbsCertList.crlExtensions", NULL, 0);
383 /* signatureAlgorithm: dsa-with-sha */
384 len = sizeof (str) - 1;
386 asn1_read_value (cert_def, "PKIX1Implicit88.id-dsa-with-sha1", str, &len);
387 result = asn1_write_value (crl, "signatureAlgorithm.algorithm", str, 1);
388 result = asn1_write_value (crl, "signatureAlgorithm.parameters", NULL, 0); /* NO OPTION */
393 asn1_der_coding (crl, "tbsCertList", der, der_len, errorDescription);
394 if (result != ASN1_SUCCESS)
396 printf ("\n'tbsCertList' encoding creation: ERROR\n");
400 /* add the lines for the signature on der[0]..der[der_len-1]: result in str2 */
401 result = asn1_write_value (crl, "signature", str2, 46 * 8);
404 /* Use the next 3 lines to visit the certificate */
405 /* printf("-----------------\n");
406 asn1_visit_tree(crl,"");
407 printf("-----------------\n"); */
410 result = asn1_der_coding (crl, "", der, der_len, errorDescription);
411 if (result != ASN1_SUCCESS)
413 printf ("\n'crl1' encoding creation: ERROR\n");
417 /* Print the 'Certificate1' DER encoding */
418 printf ("-----------------\nCrl1 Encoding:\nNumber of bytes=%i\n",
420 for (k = 0; k < *der_len; k++)
421 printf ("%02x ", der[k]);
422 printf ("\n-----------------\n");
424 /* Clear the "certificate1" structure */
425 asn1_delete_structure (&crl);
430 /******************************************************/
431 /* Function : get_certificate */
432 /* Description: creates a certificate named */
433 /* "certificate2" from a der encoding */
436 /* unsigned char *der: the encoding string */
437 /* int der_len: number of bytes of der string */
438 /******************************************************/
440 get_CRL (ASN1_TYPE cert_def, unsigned char *der, int der_len)
442 int result, len, start, end;
443 unsigned char str[1024], str2[1024];
444 ASN1_TYPE crl2 = ASN1_TYPE_EMPTY;
445 char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
448 asn1_create_element (cert_def, "PKIX1Implicit88.CertificateList", &crl2);
450 result = asn1_der_decoding (&crl2, der, der_len, errorDescription);
452 if (result != ASN1_SUCCESS)
454 printf ("Problems with DER encoding\n");
460 get_Name_type (cert_def, crl2, "tbsCertList.issuer", str);
461 printf ("crl2:\nissuer: %s\n", str);
465 len = sizeof (str) - 1;
466 result = asn1_read_value (crl2, "signatureAlgorithm.algorithm", str, &len);
469 asn1_read_value (cert_def, "PKIX1Implicit88.id-dsa-with-sha1", str2,
471 if (!strcmp ((char *) str, (char *) str2))
474 result = asn1_der_decoding_startEnd (crl2, der, der_len,
475 "tbsCertList", &start, &end);
477 /* add the lines to calculate the sha on der[start]..der[end] */
479 result = asn1_read_value (crl2, "signature", str, &len);
481 /* compare the previous value to signature ( with issuer public key) */
484 /* Use the next 3 lines to visit the certificate */
485 /* printf("-----------------\n");
486 asn1_visit_tree(crl2,"");
487 printf("-----------------\n"); */
490 /* Clear the "crl2" structure */
491 asn1_delete_structure (&crl2);
494 extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
496 /********************************************************/
497 /* Function : main */
498 /* Description: reads the certificate description. */
499 /* Creates a certificate and calculate */
500 /* the der encoding. After that creates */
501 /* another certificate from der string */
502 /********************************************************/
504 main (int argc, char *argv[])
507 unsigned char der[1024];
508 ASN1_TYPE PKIX1Implicit88 = ASN1_TYPE_EMPTY;
509 char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
513 asn1_array2tree (pkix_asn1_tab, &PKIX1Implicit88, errorDescription);
516 asn1_parser2tree ("pkix.asn", &PKIX1Implicit88, errorDescription);
518 if (result != ASN1_SUCCESS)
520 asn1_perror (result);
521 printf ("%s\n", errorDescription);
525 /* Use the following 3 lines to visit the PKIX1Implicit structures */
526 /* printf("-----------------\n");
527 asn1_visit_tree(cert_def,"PKIX1Implicit88");
528 printf("-----------------\n"); */
531 create_CRL (PKIX1Implicit88, der, &der_len);
534 get_CRL (PKIX1Implicit88, der, der_len);
536 /* Clear the "PKIX1Implicit88" structures */
537 asn1_delete_structure (&PKIX1Implicit88);