ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL

	Location| Personnel| Teaching| Research| News| Intranet

ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL

Contact: Daniel Díaz-Sánchez ddsit.uc3m.es Andrés Marín López amarinit.uc3m.es Florina Almenarez florinait.uc3m.es

Universidad Carlos III de Madrid Escuela Politécnica Superior Edificio Torres Quevedo Avda de la Universidad, 30 28911 Leganés (Madrid) SPAIN

• 
  
• Overview
• License
• Downloads
• Documentation
• Links

This work has received the support of the European Commission through the IST programme, as part of the IST Ubisec project and ITEA EasyWireless.

Overview

This source code provides a toolkit to issue attribute certificates as defined in ITU X.509 Recommendation and RFC3281

The library has been tested with OpenSSL 0.9.8a and some earlier versions and it works. The Zip files of section Downloads contains also a test program that demonstrates the library.

Note that this is a BETA version and any help and collaboration is welcomed. Thanks to OpenSSL people for the answers in the mailing list.

Now we are working on a Privilege verifier that will be available soon!

License

Please read OpenSSL license.

Downloads

Attribute Certificates Toolkit Windows Version (Visual Studio 2005) (version 0.1)
Attribute Certificates Toolkit (Zip file)	v0.1 Beta	AC.PMI.it.uc3m.es.zip
Attribute Certificates Toolkit for Linux
Attribute Certificates Toolkit (tar.gz) (version 0.1)	v0.1 Beta	openSSLAC.tar.gz
Attribute Certificates Toolkit Windows Version 0.2 (Visual Studio 2005) Includes ISSUING PROGRAM
Attribute Certificates Toolkit and issuing program (zip) (version 0.2). API changes not covered in documentation yet	v0.2 Beta	AC.PMI.it.uc3m.es.v.0.2.zip

ChangeLog

09/10/2006

Released v.0.1

Documentation

The code has been developed under Windows using Visual Studio 2005. But it can be used in Linux also.

	API Documentation
	Functions to get information
	#define PEM_read_X509AC(fp,x,cb,u) (X509AC *)PEM_ASN1_read( \ (char *(*)())d2i_X509AC,PEM_STRING_X509AC,fp,(char **)x,cb,u)
	Reads an attribute certificate in PEM format from a file pointer.
	X509AC_ISSUER_SERIAL* X509_get_basecertID(X509 *x)
	Takes a X509 certificate and extracts the X509AC_ISSUER_SERIAL structure (or base cert ID)
	X509_NAME *X509AC_get_issuer_name(X509AC *a)
	Obtains the X509_NAME of the issuer placed in a-info->issuer->d.v1Form when the attribute certificate is version 1, and from a->info->issuer->d.v2Form->issuer when the attribute certificate is version 2.
	X509_NAME *X509AC_get_holder_entity_name(X509AC *a)
	Searches a-info->holder->entity (stack of GENERAL_NAME) for a valid Directory Name
	X509AC_ISSUER_SERIAL *X509AC_get_holder_baseCertID(X509AC *a)
	Returns a->info->holder->baseCertID structure of type X509AC_ISSUER_SERIAL.
	ASN1_BIT_STRING *X509AC_get_holder_objectDigestInfo(X509AC *a)
	Returns a->info->holder->objectDigestInfo structure of type ASN1_BIT_STRING.
	X509AC_ISSUER_SERIAL *X509AC_get_issuer_baseCertID(X509AC *a)
	Returns a->info->issuer->d.v2Form->baseCertID. This parameter is only available when the certificate is of version 2. For version 1 this parameter is not present.
	ASN1_BIT_STRING *X509AC_get_issuer_objectDigestInfo(X509AC *a)
	Returns a->info->issuer->d.v2Form->digest. This parameter is only available when the certificate is of version 2. For version 1 this parameter is not present.
	long X509AC_get_version(X509AC *a); int X509AC_set_version(X509AC *a, long version)
	Get and set the version of the certificate.
	Functions to set information
	int X509AC_set_holder_entity_name(X509AC* a, X509_NAME *name)
	Places a X509_NAME into a->info->holder->entity.
	int X509AC_set_holder_serialNumber(X509AC *x, ASN1_INTEGER *serial)
	Sets the serial number in x->info->holder->baseCertID->serial.
	int X509AC_set_holder_name(X509AC* a, X509_NAME *name)
	Sets the name into a->info->holder->baseCertID->issuer structure.
	int X509AC_set_holder_objectDigestInfo(X509AC *a, X509AC_OBJECT_DIGESTINFO *odig)
	Sets the object digest info of the basecertID structure for the holder of the attribute certificate.
	int X509AC_set_holder_baseCertID(X509AC* a, X509AC_ISSUER_SERIAL *bci)
	Sets the whole Base Cert ID structure.
	int X509AC_set_issuer_baseCertID(X509AC* a, X509AC_ISSUER_SERIAL *bci)
	Takes a baseCertID structure and sets the issuer info of the attribute certificate.
	int X509AC_set_issuer_name(X509AC* a, X509_NAME *name)
	Sets the name into the issuer information space. Depending on the version of the certificate it will be inserted in v1Form or in v2From->issuer.
	General tools to fill up some of the necessary structures:
	int X509AC_set_GENERAL_NAME_name(GENERAL_NAMES *gens, X509_NAME *name)
	Puts a X509_NAME into a GENERAL_NAMES structure.
	int X509AC_set_baseCertID_name(X509AC_ISSUER_SERIAL *bci, X509_NAME *name)
	Puts a X509_NAME into a BaseCertId structure.
	int X509AC_set_baseCertID_serial(X509AC_ISSUER_SERIAL *bci, ASN1_INTEGER *serial)
	Puts the serial number into a BaseCertId structure.
	int X509AC_set_baseCertID_issuerUniqueID(X509AC_ISSUER_SERIAL *bci, ASN1_BIT_STRING *uid)
	Sets an unique id into a BaseCertId structure.
	Attribute functions
	X509_ATTRIBUTE * X509AC_get_attr( X509AC *a, int idx )
	Gets the X509_ATTRIBUTE that occupies the position idx in the stack.
	int X509AC_add_attribute_by_NID(X509AC *a, int nid, int atrtype, void *value)
	Creates and add an attribute based in its NID.
	int X509AC_add_attribute(X509AC *a, X509_ATTRIBUTE *attr); int X509AC_add_X509_ATTRIBUTE(X509AC *a, X509_ATTRIBUTE *attr)
	Adds an attribute to the stack in the attribute certificate.
	ASN1_TYPE *X509AC_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
	Get a pointer to the ASN1_TYPE structure of the first attribute value of the attribute placed in the position idx.
	void *X509AC_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data)
	Gets a pointer to the data of the first attribute value of the attribute placed in the position idx.
	int X509AC_get_attributecount(X509AC *a)
	Gets the number of attributes present in a attribute certificate.
	Extensions
	int X509AC_add_extension(X509AC *a, X509_EXTENSION *ex, int loc)
	Adds a X509_EXTENSION to the certificate X509_EXTENSION stack.
	Signature
	int X509AC_sign_rsa(X509AC *a, RSA *rsa, EVP_MD *md); int X509AC_sign_pkey(X509AC *a, EVP_PKEY *pkey, EVP_MD *md)
	These functions sign the attribute certificate using a RSA key or a EVP_PKEY.
	Presentation
	void X509AC_print(X509AC *ac)
	Prints to stdout the information present in a attribute certificate.
	int GENERAL_NAMES_print(FILE *out, GENERAL_NAMES *gens)
	Prints GENERAL_NAMES structures.
	int GENERAL_NAME_print(FILE *out, GENERAL_NAME *gen)
	Prints GENERAL_NAME structures.
	Misc
	int X509AC_X509_NAME_dup(X509_NAME **xn, X509_NAME *name)
	Duplicates a X509_NAME structure.
	Support for RFC3281 attributes
	xxx* xxx_new(); xxx* xxx_dup(xxx*); void xxx_free(xxx*); d2i_xxx(...); i2d_xxx(...);
	General functions to alloc, free... attributes described in RFC3281. With xxx: SvceAuthInfo (for Service Authentication Information [id-aca-authenticationInfo] and Acess Identity [id-aca-accessIdentity]) , IetfAttrSyntax (for Charging Identity [id-aca-chargingIdentity] and Group [id-aca-group]) and RoleSyntax (for Role [id-at-role])
	X509attr_xxx_add_value(...)
	Functions to add values to attributes. With xxx: SvceAuthInfo, IetfAttrSyntax, RoleSyntax and attribute (GENERAL).

Links

OpenSSL project

Location| Personnel| Teaching| Research| News| Intranet

inicio| mapa del web| contacta