对属性证书(x509v4)编码
以下是采用Openssl的asn.1库对属性证书编/解码的源代码:
/* x509v4.h */
/* valid time */
typedef struct X509V4_VALID_st
{
ASN1_GENERALIZEDTIME *notBefore;
ASN1_GENERALIZEDTIME *notAfter;
}X509V4_VALID;
DECLARE_ASN1_FUNCTIONS(X509V4_VALID)
/* issuer */
typedef struct ISSUERSERIAL_st
{
GENERAL_NAMES *issuer;
ASN1_INTEGER *subjectSN;
ASN1_BIT_STRING *issuerUID;
}ISSUERSERIAL;
DECLARE_ASN1_FUNCTIONS(ISSUERSERIAL)
/* objdigest */
typedef struct OBJDIGEST_st
{
ASN1_ENUMERATED *digestType;
ASN1_OBJECT *otherType;
X509_ALGOR *digestAlg;
ASN1_BIT_STRING *digestBit;
}OBJDIGEST;
DECLARE_ASN1_FUNCTIONS(OBJDIGEST)
/* holder */
typedef struct ACHOLDER_st
{
ISSUERSERIAL *baseCertificateID;
GENERAL_NAMES *entityName;
OBJDIGEST *objDigest;
}ACHOLDER;
DECLARE_ASN1_FUNCTIONS(ACHOLDER)
/* version 2 form */
typedef struct V2FORM_st
{
GENERAL_NAMES *entityName;
ISSUERSERIAL *baseCertificateID;
OBJDIGEST *objDigest;
}V2FORM;
DECLARE_ASN1_FUNCTIONS(V2FORM)
typedef struct ACISSUER_st
{
int type;
union
{
V2FORM *v2Form;
}form;
} ACISSUER;
DECLARE_ASN1_FUNCTIONS(ACISSUER)
/* X509V4_CINF */
typedef struct X509V4_CINF_st
{
ASN1_INTEGER *version;
ACHOLDER *holder;
ACISSUER *issuer;
X509_ALGOR *signature;
ASN1_INTEGER *serialNumber;
X509V4_VALID *valid;
STACK_OF(X509_ATTRIBUTE) *attributes;
ASN1_BIT_STRING *issuerUID;
STACK_OF(X509_EXTENSION *extensions;
}X509V4_CINF;
DECLARE_ASN1_FUNCTIONS(X509V4_CINF)
/* x509v4 */
typedef struct X509V4_st
{
X509V4_CINF *cert_info;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
}X509V4;
DECLARE_ASN1_FUNCTIONS(X509V4)
/* x509v4.c */
/* ACISSUER */
ASN1_CHOICE(ACISSUER) = {
ASN1_IMP(ACISSUER, form.v2Form, V2FORM,0)
} ASN1_CHOICE_END(ACISSUER)
IMPLEMENT_ASN1_FUNCTIONS(ACISSUER)
/* ACHOLDER */
ASN1_SEQUENCE(ACHOLDER) = {
ASN1_IMP_OPT(ACHOLDER, baseCertificateID, ISSUERSERIAL,0),
ASN1_IMP_SEQUENCE_OF_OPT(ACHOLDER, entityName, GENERAL_NAME,1),
ASN1_IMP_OPT(ACHOLDER, objDigest, OBJDIGEST,2)
} ASN1_SEQUENCE_END(ACHOLDER)
IMPLEMENT_ASN1_FUNCTIONS(ACHOLDER)
/* V2FORM */
ASN1_SEQUENCE(V2FORM) = {
ASN1_SEQUENCE_OF_OPT(V2FORM, entityName, GENERAL_NAME),
ASN1_IMP_OPT(V2FORM, baseCertificateID, ISSUERSERIAL,0),
ASN1_IMP_OPT(V2FORM, objDigest, OBJDIGEST,1)
} ASN1_SEQUENCE_END(V2FORM)
IMPLEMENT_ASN1_FUNCTIONS(V2FORM)
/* ISSUERSERIAL */
ASN1_SEQUENCE(ISSUERSERIAL) = {
ASN1_SIMPLE(ISSUERSERIAL, issuer,GENERAL_NAMES),
ASN1_SIMPLE(ISSUERSERIAL, subjectSN, ASN1_INTEGER),
ASN1_OPT(ISSUERSERIAL, issuerUID,ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(ISSUERSERIAL)
IMPLEMENT_ASN1_FUNCTIONS(ISSUERSERIAL)
/* OBJDIGEST */
ASN1_SEQUENCE(OBJDIGEST) = {
ASN1_SIMPLE(OBJDIGEST, digestType, ASN1_ENUMERATED),
ASN1_OPT(OBJDIGEST, otherType, ASN1_OBJECT),
ASN1_SIMPLE(OBJDIGEST, digestAlg, X509_ALGOR),
ASN1_SIMPLE(OBJDIGEST, digestBit, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(OBJDIGEST)
IMPLEMENT_ASN1_FUNCTIONS(OBJDIGEST)
/* X509V4_VALID */
ASN1_SEQUENCE(X509V4_VALID) = {
ASN1_SIMPLE(X509V4_VALID, notBefore, ASN1_GENERALIZEDTIME),
ASN1_SIMPLE(X509V4_VALID, notAfter, ASN1_GENERALIZEDTIME)
} ASN1_SEQUENCE_END(X509V4_VALID)
IMPLEMENT_ASN1_FUNCTIONS(X509V4_VALID)
/* X509V4_CINF */
ASN1_SEQUENCE(X509V4_CINF) = {
ASN1_SIMPLE(X509V4_CINF,version, ASN1_INTEGER),
ASN1_SIMPLE(X509V4_CINF, holder, ACHOLDER),
ASN1_SIMPLE(X509V4_CINF, issuer, ACISSUER),
ASN1_SIMPLE(X509V4_CINF, signature, X509_ALGOR),
ASN1_SIMPLE(X509V4_CINF, serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509V4_CINF, valid, X509V4_VALID),
ASN1_SEQUENCE_OF(X509V4_CINF, attributes, X509_ATTRIBUTE),
ASN1_OPT(X509V4_CINF, issuerUID, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF_OPT(X509V4_CINF, extensions, X509_EXTENSION)
} ASN1_SEQUENCE_END(X509V4_CINF)
IMPLEMENT_ASN1_FUNCTIONS(X509V4_CINF)
ASN1_SEQUENCE(X509V4) = {
ASN1_SIMPLE(X509V4, cert_info, X509V4_CINF),
ASN1_SIMPLE(X509V4, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509V4, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(X509V4)