项目简介:
打算先做AA/ARA:
1、实现AC的签发
2、AC申请的申核
3、AC吊销
4、ARA实现AC的申请与吊销。
提供的API大概如下:
(1)基本项目的读取与设置
(2)属性的操作
(3)扩展项的操作。
(4)其它的一些铺助API。
/* MACROS define */
#define X509_AC_dup(ac) (X509_AC *)ASN1_dup((int (*)())i2d_X509_AC, \
(char *(*)())d2i_X509_AC,(char *)ac)
/* declare operation functions */
int X509_AC_setVersion(X509_AC *ac,int ver);
int X509_AC_setHolder (X509_AC *ac,HOLDER* holder);
/* 1. holder */
/* 1.1 holder.baseCertificateID operate */
int X509_AC_setHolder_issuer_X509(X509_AC *ac,X509* cert,long sn);
int X509_AC_setHolder_issuer_X509_NAME(X509_AC *ac,X509_NAME *name,long sn);
int X509_AC_setHolder_issuer_PEM_fp(X509_AC *ac,FILE* fp,long sn);
int X509_AC_setHolder_issuer_PEM_BIO(X509_AC *ac,BIO* in,long sn);
int X509_AC_setHolder_issuer_DER_fp(X509_AC *ac,FILE* fp,long sn);
int X509_AC_setHolder_issuer_DER_BIO(X509_AC *ac,BIO* in,long sn);
int X509_AC_setHolder_issuer_from_cert(X509_AC *ac,char *fullname,int format,long sn);/* format: DER-0 PEM-1*/
int X509_AC_setHolder_issuer_uid(X509_AC *ac,char* uid,int len);
/* 1.2 holder.entityName operate */
int X509_AC_setHolder_entityName_X509_NAME(X509_AC *ac,X509_NAME *name);
int X509_AC_setHolder_entityName_X509(X509_AC *ac,X509* cert);
int X509_AC_setHolder_entityName_PEM_fp(X509_AC *ac,FILE* fp);
int X509_AC_setHolder_entityName_PEM_BIO(X509_AC *ac,BIO* in);
int X509_AC_setHolder_entityName_DER_fp(X509_AC *ac,FILE* fp);
int X509_AC_setHolder_entityName_DER_BIO(X509_AC *ac,BIO* in);
int X509_AC_setHolder_entityName_from_cert(X509_AC *ac,char *fullname,int format);
/* 1.3 holder.objectDigestInfo operate [not require]*/
/* may be PK(DER format required) or PKC(DER format required) hash
parameter mean:
object -PK(DER format required) or PKC(DER format required)
obtype -PK(0) or PKC(1)
len -object length
nid_hash - hash algorithm
*/
int X509_AC_setHolder_objectDigestInfo(X509_AC *ac,int nid_hash,unsigned char *object,int obtype,int len);
/* 2. issuer */
int X509_AC_setIssuer(X509_AC *ac,ATTCERT_ISSUER* issuer);
int X509_AC_setIssuer_issuerName_X509_NAME(X509_AC *ac,X509_NAME *name);
int X509_AC_setIssuer_baseCertID_X509_NAME(X509_AC *ac,X509_NAME *name,long sn);
int X509_AC_setIssuer_baseCertID_issuerUID(X509_AC *ac,unsigned char* uid,int len);
int X509_AC_setIssuer_objectDigestInfo(X509_AC *ac,int nid_hash,unsigned char *object,int obtype,int len);
/* 3. others */
int X509_AC_setSerailNumber(X509_AC *ac,ASN1_INTEGER *sn);
int X509_AC_setSerailNumber_long(X509_AC *ac,long sn);
int X509_AC_setNotBefore(X509_AC *ac,int adj);
int X509_AC_setNotAfter (X509_AC *ac,int adj);
int X509_AC_setIssuerUID(X509_AC *ac,unsigned char *uid,int len);
int X509_AC_setAttributes(X509_AC *ac,STACK_OF(X509_ATTRIBUTE) *attrs);
int X509_AC_setExtensions(X509_AC *ac,STACK_OF(X509_EXTENSION) *exts);
int getVersion(X509_AC *ac);
HOLDER* X509_AC_getHolder (X509_AC *ac);
ATTCERT_ISSUER* X509_AC_getIssuer (X509_AC *ac);
ASN1_INTEGER* X509_AC_getSerailNumber(X509_AC *ac);
ASN1_GENERALIZEDTIME* X509_AC_getNotBefore(X509_AC *ac);
ASN1_GENERALIZEDTIME* X509_AC_getNotAfter(X509_AC *ac);
ASN1_BIT_STRING* X509_AC_getIssuerUID(X509_AC *ac);
STACK_OF(X509_ATTRIBUTE)* X509_AC_getAttributes(X509_AC *ac);
STACK_OF(X509_EXTENSION)* X509_AC_getExtensions(X509_AC *ac);
/* AC operation functions */
int X509_AC_sign(X509_AC *ac,EVP_PKEY *pkey,const EVP_MD *md);
int x509_AC_verify(X509_AC *ac,EVP_PKEY *r);
/* x509v4 attribute certificate input/output functions */
void *d2i_X509_AC_fp(FILE *fp, X509_AC **ac);
int i2d_X509_AC_fp(FILE *fp, X509_AC *ac);
void *d2i_X509_AC_bio(BIO *bp, X509_AC **ac);
int i2d_X509_AC_bio(BIO *bp, X509_AC *ac);
int X509_AC_print(BIO *bp,X509_AC *x);
/* attribute operation functions */
int X509_AC_get_attr_count(const X509_AC *ac);
int X509_AC_get_attr_by_NID(const X509_AC *ac, int nid,int lastpos);
int X509_AC_get_attr_by_OBJ(const X509_AC *ac, ASN1_OBJECT *obj,int lastpos);
X509_ATTRIBUTE *X509_AC_get_attr(const X509_AC *ac, int loc);
X509_ATTRIBUTE *X509_AC_delete_attr(X509_AC *ac, int loc);
int X509_AC_add1_attr(X509_AC *req, X509_ATTRIBUTE *attr);
int X509_AC_add1_attr_by_OBJ(X509_AC *AC,const ASN1_OBJECT *obj, int type,const unsigned char *bytes, int len);
int X509_AC_add1_attr_by_NID(X509_AC *ac,int nid, int type,const unsigned char *bytes, int len);
int X509_AC_add1_attr_by_txt(X509_AC *ac,const char *attrname, int type,const unsigned char *bytes, int len);
/* AC extension operation functions */
// int X509v4_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
#define X509v4_get_ext_count(x) X509v3_get_ext_count(x)
// int X509v4_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,int nid, int lastpos);
#define X509v4_get_ext_by_NID(x,nid,lastpos) X509v3_get_ext_by_NID(x,nid,lastpos)
//int X509v4_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,ASN1_OBJECT *obj,int lastpos);
#define X509v4_get_ext_by_OBJ X509v3_get_ext_by_OBJ(x,obj,lastpos)
//int X509v4_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,int crit, int lastpos);
#define X509v4_get_ext_by_critical X509v3_get_ext_by_critical(x,crit,lastpos)
//X509_EXTENSION *X509v4_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
#define X509v4_get_ext X509v3_get_ext(x,loc)
//X509_EXTENSION *X509v4_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
#define X509v4_delete_ext X509v3_delete_ext(x,loc)
//STACK_OF(X509_EXTENSION) *X509v4_add_ext(STACK_OF(X509_EXTENSION) **x,X509_EXTENSION *ex, int loc);
#define X509v4_add_ext X509v3_add_ext(x,ex,loc)
int X509_AC_get_ext_count(X509_AC *x);
int X509_AC_get_ext_by_NID(X509_AC *x, int nid, int lastpos);
int X509_AC_get_ext_by_OBJ(X509_AC *x,ASN1_OBJECT *obj,int lastpos);
int X509_AC_get_ext_by_critical(X509_AC *x, int crit, int lastpos);
int X509_AC_add_ext(X509_AC *x, X509_EXTENSION *ex, int loc);
void* X509_AC_get_ext_d2i(X509_AC *x, int nid, int *crit, int *idx);
int X509_AC_add1_ext_i2d(X509_AC *x, int nid, void *value, int crit,unsigned long flags);
X509_EXTENSION *X509_AC_get_ext(X509_AC *x, int loc);
X509_EXTENSION *X509_AC_delete_ext(X509_AC *x, int loc);
//X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,int nid, int crit, ASN1_OCTET_STRING *data);
#define X509_AC_EXTENSION_create_by_NID(ex,nid,crit,data) X509_EXTENSION_create_by_NID(ex,nid,crit,data)
//X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
#define X509_AC_EXTENSION_create_by_OBJ(ex,obj,crit,data) X509_EXTENSION_create_by_OBJ(ex,obj,crit,data)
//int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
#define X509_AC_EXTENSION_set_object X509_EXTENSION_set_object(ex,obj)
//int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
#define X509_AC_EXTENSION_set_critical(ex,crit) X509_EXTENSION_set_critical(ex,crit)
//int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
#define X509_AC_EXTENSION_set_data(ex,data) X509_EXTENSION_set_data(ex,data)
//ASN1_OBJECT* X509_EXTENSION_get_object(X509_EXTENSION *ex);
#define X509_AC_EXTENSION_get_object(ex) X509_EXTENSION_get_object(ex)
//ASN1_OCTET_STRING* X509_EXTENSION_get_data(X509_EXTENSION *ne);
#define X509_AC_XTENSION_get_data(ne) X509_EXTENSION_get_data(ne)
//int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
#define X509_AC_EXTENSION_get_critical(ex) X509_EXTENSION_get_critical(ex)
/* util functions */
int add_name_entry(X509_NAME *name,char *key, char *value);
int get_private_key(EVP_PKEY* key,char *strFileName,char* strPwd,int FileFormat=0);
int get_certificate(X509 *cert, char* strFileName,int FileFormat=0);
四大类,做一个类似OpenSSL的二次开发包。
进展情况:
2004/05/01:开始开发。
2005/06/04 0.1版本发布,但里面还有很多错误。
下载:OpenPMI-0.1.zip
1、简介:基于OpenSSL的CA中心,第一期开发完成。
2、CisoCA认证中心目标:
设计一个基于X.509数字证书的网络安全身份认证机构,具有证书发放、吊销、申请及发布吊销列表的功能。
3、CisoCA的整体结构:
多线程日志记录模块,证书管理模块、文档视图的MVC框架、配置控制的模块、权限控制模块共同构成整体架构。
4、主要设计思路及涉及的技术:
遵循MVC架构及构件化的开发思想,将显示、控制与逻辑分开,将具有独立功能的模块封装成构件、暴露接口,供上层调用。
5、进展情况
(1)2004/05/01 第一版发布 数据库支持ACCESS
(2)2004/10/01 FOR mysql版发布 数据库支持mysql
6、下载:
(1)cisoca for mysql 1.1M
(2)cisoca_for_Access 3.6M
|
