ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL



	Location\| Personnel\| Teaching\| Research\| News\| Intranet

ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL

Contact:

Daniel Díaz-Sánchez
dds ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL

it.uc3m.es

Andrés Marín López
amarin ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL

it.uc3m.es

Florina Almenarez
florina ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL

it.uc3m.es

Universidad Carlos III de Madrid
Escuela Politécnica Superior
Edificio Torres Quevedo
Avda de la Universidad, 30
28911 Leganés (Madrid) SPAIN

This work has received the support of the European Commission through the IST programme, as part of the IST Ubisec project and ITEA EasyWireless.

Overview

This source code provides a toolkit to issue attribute certificates as defined in ITU X.509 Recommendation and RFC3281 The library has been tested with OpenSSL 0.9.8a and some earlier versions and it works. The Zip files of section Downloads contains also a test program that demonstrates the library. Note that this is a BETA version and any help and collaboration is welcomed. Thanks to OpenSSL people for the answers in the mailing list. Now we are working on a Privilege verifier that will be available soon!

License

Please read OpenSSL license.

Downloads

Attribute Certificates Toolkit Windows Version (Visual Studio 2005) (version 0.1)
Attribute Certificates Toolkit (Zip file)	v0.1 Beta	AC.PMI.it.uc3m.es.zip
Attribute Certificates Toolkit for Linux
Attribute Certificates Toolkit (tar.gz) (version 0.1)	v0.1 Beta	openSSLAC.tar.gz
Attribute Certificates Toolkit Windows Version 0.2 (Visual Studio 2005) Includes ISSUING PROGRAM
Attribute Certificates Toolkit and issuing program (zip) (version 0.2). API changes not covered in documentation yet	v0.2 Beta	AC.PMI.it.uc3m.es.v.0.2.zip

ChangeLog

09/10/2006

Released v.0.1

Documentation

The code has been developed under Windows using Visual Studio 2005. But it can be used in Linux also.

	API Documentation
	Functions to get information
	#define PEM_read_X509AC(fp,x,cb,u) (X509AC )PEM_ASN1_read( \ (char ()())d2i_X509AC,PEM_STRING_X509AC,fp,(char *)x,cb,u)
	Reads an attribute certificate in PEM format from a file pointer.

	X509AC_ISSUER_SERIAL* X509_get_basecertID(X509 *x)
	Takes a X509 certificate and extracts the X509AC_ISSUER_SERIAL structure (or base cert ID)

	X509_NAME X509AC_get_issuer_name(X509AC a)
	Obtains the X509_NAME of the issuer placed in a-info->issuer->d.v1Form when the attribute certificate is version 1, and from a->info->issuer->d.v2Form->issuer when the attribute certificate is version 2.

	X509_NAME X509AC_get_holder_entity_name(X509AC a)
	Searches a-info->holder->entity (stack of GENERAL_NAME) for a valid Directory Name

	X509AC_ISSUER_SERIAL X509AC_get_holder_baseCertID(X509AC a)
	Returns a->info->holder->baseCertID structure of type X509AC_ISSUER_SERIAL.

	ASN1_BIT_STRING X509AC_get_holder_objectDigestInfo(X509AC a)
	Returns a->info->holder->objectDigestInfo structure of type ASN1_BIT_STRING.

	X509AC_ISSUER_SERIAL X509AC_get_issuer_baseCertID(X509AC a)
	Returns a->info->issuer->d.v2Form->baseCertID. This parameter is only available when the certificate is of version 2. For version 1 this parameter is not present.

	ASN1_BIT_STRING X509AC_get_issuer_objectDigestInfo(X509AC a)
	Returns a->info->issuer->d.v2Form->digest. This parameter is only available when the certificate is of version 2. For version 1 this parameter is not present.

	long X509AC_get_version(X509AC a); int X509AC_set_version(X509AC a, long version)
	Get and set the version of the certificate.

	Functions to set information
	int X509AC_set_holder_entity_name(X509AC* a, X509_NAME *name)
	Places a X509_NAME into a->info->holder->entity.

	int X509AC_set_holder_serialNumber(X509AC x, ASN1_INTEGER serial)
	Sets the serial number in x->info->holder->baseCertID->serial.

	int X509AC_set_holder_name(X509AC* a, X509_NAME *name)
	Sets the name into a->info->holder->baseCertID->issuer structure.

	int X509AC_set_holder_objectDigestInfo(X509AC a, X509AC_OBJECT_DIGESTINFO odig)
	Sets the object digest info of the basecertID structure for the holder of the attribute certificate.

	int X509AC_set_holder_baseCertID(X509AC* a, X509AC_ISSUER_SERIAL *bci)
	Sets the whole Base Cert ID structure.

	int X509AC_set_issuer_baseCertID(X509AC* a, X509AC_ISSUER_SERIAL *bci)
	Takes a baseCertID structure and sets the issuer info of the attribute certificate.

	int X509AC_set_issuer_name(X509AC* a, X509_NAME *name)
	Sets the name into the issuer information space. Depending on the version of the certificate it will be inserted in v1Form or in v2From->issuer.

	General tools to fill up some of the necessary structures:
	int X509AC_set_GENERAL_NAME_name(GENERAL_NAMES gens, X509_NAME name)
	Puts a X509_NAME into a GENERAL_NAMES structure.

	int X509AC_set_baseCertID_name(X509AC_ISSUER_SERIAL bci, X509_NAME name)
	Puts a X509_NAME into a BaseCertId structure.

	int X509AC_set_baseCertID_serial(X509AC_ISSUER_SERIAL bci, ASN1_INTEGER serial)
	Puts the serial number into a BaseCertId structure.

	int X509AC_set_baseCertID_issuerUniqueID(X509AC_ISSUER_SERIAL bci, ASN1_BIT_STRING uid)
	Sets an unique id into a BaseCertId structure.

	Attribute functions
	X509_ATTRIBUTE * X509AC_get_attr( X509AC *a, int idx )
	Gets the X509_ATTRIBUTE that occupies the position idx in the stack.

	int X509AC_add_attribute_by_NID(X509AC a, int nid, int atrtype, void value)
	Creates and add an attribute based in its NID.

	int X509AC_add_attribute(X509AC a, X509_ATTRIBUTE attr); int X509AC_add_X509_ATTRIBUTE(X509AC a, X509_ATTRIBUTE attr)
	Adds an attribute to the stack in the attribute certificate.

	ASN1_TYPE X509AC_ATTRIBUTE_get0_type(X509_ATTRIBUTE attr, int idx)
	Get a pointer to the ASN1_TYPE structure of the first attribute value of the attribute placed in the position idx.

	void X509AC_ATTRIBUTE_get0_data(X509_ATTRIBUTE attr, int idx, int atrtype, void *data)
	Gets a pointer to the data of the first attribute value of the attribute placed in the position idx.

	int X509AC_get_attributecount(X509AC *a)
	Gets the number of attributes present in a attribute certificate.

	Extensions
	int X509AC_add_extension(X509AC a, X509_EXTENSION ex, int loc)
	Adds a X509_EXTENSION to the certificate X509_EXTENSION stack.

	Signature
	int X509AC_sign_rsa(X509AC a, RSA rsa, EVP_MD md); int X509AC_sign_pkey(X509AC a, EVP_PKEY pkey, EVP_MD md)
	These functions sign the attribute certificate using a RSA key or a EVP_PKEY.

	Presentation
	void X509AC_print(X509AC *ac)
	Prints to stdout the information present in a attribute certificate.

	int GENERAL_NAMES_print(FILE out, GENERAL_NAMES gens)
	Prints GENERAL_NAMES structures.

	int GENERAL_NAME_print(FILE out, GENERAL_NAME gen)
	Prints GENERAL_NAME structures.

	Misc
	int X509AC_X509_NAME_dup(X509_NAME *xn, X509_NAME name)
	Duplicates a X509_NAME structure.

	Support for RFC3281 attributes
	xxx* xxx_new(); xxx* xxx_dup(xxx); void xxx_free(xxx); d2i_xxx(...); i2d_xxx(...);
	General functions to alloc, free... attributes described in RFC3281. With xxx: SvceAuthInfo (for Service Authentication Information [id-aca-authenticationInfo] and Acess Identity [id-aca-accessIdentity]) , IetfAttrSyntax (for Charging Identity [id-aca-chargingIdentity] and Group [id-aca-group]) and RoleSyntax (for Role [id-at-role])

	X509attr_xxx_add_value(...)
	Functions to add values to attributes. With xxx: SvceAuthInfo, IetfAttrSyntax, RoleSyntax and attribute (GENERAL).

Links

OpenSSL project

inicio| mapa del web| contacta