RSA BSAFE Cert-C

Certificate Components for C

Crypto-C 6.2.1 Developer's Guide
Search

roleattrib.c

Most attributes, because they are strings, are added into an attributes object using C_AddStringAttribute(). Here, we use C_AddAttributeValueBER() 

/* $Id: roleattrib.c,v 1.4 2004/03/02 05:18:32 gsingh Exp $ */
/* roleattrib.c
** Copyright (c) 2001-2003, RSA Security Inc.
**
** This file is used to demonstrate how to interface to an RSA Security
** licensed development product.  You have a royalty-free right to use,
** modify, reproduce and distribute this demonstration file (including
** any modified version), provided that you agree that RSA Security has
** no warranty, implied or otherwise, or liability for this demonstration
** file or any modified version.
**
** This program demonstrates setting an attributes object with an
** attribute value which is not a string.  Most attributes, because
** they are strings, are added into an attributes object using
** C_AddStringAttribute.  Here, we use C_AddAttributeValueBER.
**
** In our example, we add an role attribute, which has the following
** ASN.1 definition taken from the X.509 v4 draft:
**
** role ATTRIBUTE ::= {
**   WITH SYNTAX  RoleSyntax
**   ID  id-at-role
** }
**
** RoleSyntax ::= SEQUENCE {
**   roleAuthority  [0]  GeneralNames    OPTIONAL,
**   roleName       [1]  GeneralName
** }
**
** Note that this will also give us a chance to demonstrate the
** C_DEREncodeGeneralName API.
*/

#include "certc.h"
#include "demoutil.h"

#ifdef _MSC_VER
# pragma warning (disable: 171) /* invalid type conversion (often of very similar ptrs) */
#endif

int main (int argc, char *argv[])
{
  int status = 0;

  CERTC_CTX ctx = NULL;
  ATTRIBUTES_OBJ attributes = NULL;

  unsigned char *attribDer = NULL;
  unsigned int attribDerLen = 0;

  status = RSA_SetOptions (NULL, argc, argv);
  if (status != 0)
    goto CLEANUP;

  RSA_PrintMessage ("Create Role Attribute Example\n");
  RSA_PrintMessage ("=============================\n");

  status = C_InitializeCertC (NULL, NULL, 0, &ctx);
  if (status != 0)
    goto CLEANUP;
  
  status = C_CreateAttributesObject (&attributes);
  if (status != 0)
    goto CLEANUP;

  /* for now, just do some simple RoleSyntax - one could replace this with
     a better routine that gives the user more options */
  {

#define AT_ROLE_LEN 3

    unsigned char AT_ROLE[AT_ROLE_LEN] = {
      0x55, 0x04, 0x48
    };

    GENERAL_NAME roleName;
    ITEM roleNameDer = {NULL, 0}, roleNameField = {NULL, 0};
    ITEM roleSyntaxDer = {NULL, 0};
    LIST_OBJ roleSyntax = NULL;

    char userInput[RSA_DEMO_MAX_LINE_LEN];

    T_memset ((POINTER)&roleName, 0, sizeof (roleName));

    status = RSA_GetCommand (userInput, sizeof (userInput),
                             "Enter an RFC 822 Name (email address)");
    if (status != 0)
      goto CLEANUP;

    roleName.altNameType = CN_RFC822_NAME;
    roleName.altName.rfc822Name.data = (POINTER)userInput;
    roleName.altName.rfc822Name.len = T_strlen (userInput);

    status = C_DEREncodeGeneralName (ctx, &roleName, &roleNameDer.data,
                                     &roleNameDer.len);
    if (status != 0)
      goto CLEANUP;

    /* the roleNameField is the roleName wrapped in the [1] tag */
    status = C_DEREncodeTagAndValue (ctx, 1, VTC_CONTEXT | VTC_CONSTRUCTED,
                                     roleNameDer.data, roleNameDer.len, 0,
                                     NULL, &roleNameField.len);
    if (status != 0)
      goto CLEANUP;

    roleNameField.data = T_malloc (roleNameField.len);
    if (roleNameField.data == NULL) {
      status = RSA_DEMO_E_ALLOC;
      goto CLEANUP;
    }

    status = C_DEREncodeTagAndValue (ctx, 1, VTC_CONTEXT | VTC_CONSTRUCTED,
                                     roleNameDer.data, roleNameDer.len,
                                     roleNameField.len, roleNameField.data,
                                     &roleNameField.len);
    if (status != 0)
      goto CLEANUP;

    /* wrap it in a SEQUENCE */
    status = C_CreateListObject (&roleSyntax);
    if (status != 0)
      goto CLEANUP;

    status = C_AddItemToList (roleSyntax, &roleNameField, NULL);
    if (status != 0)
      goto CLEANUP;

    status = C_DEREncodeList (ctx, VT_SEQUENCE, VTC_UNIVERSAL, roleSyntax,
                              &roleSyntaxDer.data, &roleSyntaxDer.len);
    if (status != 0)
      goto CLEANUP;

    /* now add our encoded role into the attributes object */
    status = C_AddAttributeValueBER (attributes, AT_ROLE, AT_ROLE_LEN,
                                     roleSyntaxDer.data, roleSyntaxDer.len);
    if (status != 0)
      goto CLEANUP;

    C_DestroyListObject (&roleSyntax);
    T_free (roleNameDer.data);
    T_free (roleNameField.data);
    T_free (roleSyntaxDer.data);
  }

  status = C_GetAttributesDER (attributes, &attribDer, &attribDerLen);
  if (status != 0)
    goto CLEANUP;

  status = RSA_WriteDataToFile
           (attribDer, attribDerLen,
            "Enter name of file to store attributes object");
  if (status != 0)
    goto CLEANUP;

CLEANUP:
  if (status != 0)
    RSA_PrintError ("roleattrib", status);

  C_DestroyAttributesObject (&attributes);
  C_FinalizeCertC (&ctx);
  
  return status;
}  /* end main */
Copyright (c) 1999-2005 RSA Security Inc. All rights reserved. 067-001001-2720-001-000 - 2.7.2