Cryptography Reference
In-Depth Information
Parsing Distinguished Names
Following the signature algorithm identifi er is the issuer name. Name parsing
is by far the most involved part of X.509 certifi cate management. Recall that an
X.509 distinguished name is a list of components such as
CN
,
O
,
OU
, each of which
is identifi ed by its own OID and may or may not be present. None of them is
required, and any of them can appear more than once. However, for all practi-
cal purposes, the names you'll be looking at have exactly one each of a country
name, a state/province name, a city/locality name, an organization name, an
organizational unit name and, most importantly, a common name. As such the
structure for the name only contains pointers for this data and throws away any
additional information; a more robust implementation than the one shown in
Listing 5-17 would be much more complex.
Listing 5-17:
“x509.c” parse_name
static unsigned char OID_idAtCommonName[] = { 0x55, 0x04, 0x03 };
static unsigned char OID_idAtCountryName[] = { 0x55, 0x04, 0x06 };
static unsigned char OID_idAtLocalityName[] = { 0x55, 0x04, 0x07 };
static unsigned char OID_idAtStateOrProvinceName[] = { 0x55, 0x04, 0x08 };
static unsigned char OID_idAtOrganizationName[] = { 0x55, 0x04, 0x0A };
static unsigned char OID_idAtOrganizationalUnitName[] = { 0x55, 0x04, 0x0B };
/**
* Name parsing is a bit different. Loop through all of the
* children of the source, each of which is going to be a struct containing
* an OID and a value. If the OID is recognized, copy its contents
* to the correct spot in “target”. Otherwise, ignore it.
*/
static int parse_name( name *target, struct asn1struct *source )
{
struct asn1struct *typeValuePair;
struct asn1struct *typeValuePairSequence;
struct asn1struct *type;
struct asn1struct *value;
target->idAtCountryName = NULL;
target->idAtStateOrProvinceName = NULL;
target->idAtLocalityName = NULL;
target->idAtOrganizationName = NULL;
target->idAtOrganizationalUnitName = NULL;
target->idAtCommonName = NULL;
typeValuePair = source->children;
while ( typeValuePair )
{
typeValuePairSequence = ( struct asn1struct * ) typeValuePair->children;
type = ( struct asn1struct * ) typeValuePairSequence->children;
(Continued)
Search WWH ::
Custom Search