Commit 8a352623 authored by Niels Möller's avatar Niels Möller

Moved in CVS tree. Converted to plain autoconf.

Rev: spki/.bootstrap:1.1
Rev: spki/.c-style:1.1
Rev: spki/.cvsignore:1.1
Rev: spki/AUTHORS:1.1
Rev: spki/ChangeLog:1.1
Rev: spki/Makefile.in:1.1
Rev: spki/NEWS:1.1
Rev: spki/README:1.1
Rev: spki/TODO:1.1
Rev: spki/certificate.c:1.1
Rev: spki/certificate.h:1.1
Rev: spki/config.make.in:1.1
Rev: spki/configure.ac:1.1
Rev: spki/index.css:1.1
Rev: spki/index.html:1.1
Rev: spki/names.c:1.1
Rev: spki/parse-transport.c:1.1
Rev: spki/parse.c:1.1
Rev: spki/parse.h:1.1
Rev: spki/process-types:1.1
Rev: spki/reduce.c:1.1
Rev: spki/spki-types.in:1.1
Rev: spki/tag.c:1.1
Rev: spki/tag.h:1.1
Rev: spki/testsuite/.c-style:1.1
Rev: spki/testsuite/.cvsignore:1.1
Rev: spki/testsuite/.gdbinit:1.1
Rev: spki/testsuite/.test-rules.make:1.1
Rev: spki/testsuite/Makefile.in:1.1
Rev: spki/testsuite/cdsa-cases/1.in:1.1
Rev: spki/testsuite/cdsa-cases/1.out:1.1
Rev: spki/testsuite/cdsa-cases/10.in:1.1
Rev: spki/testsuite/cdsa-cases/10.out:1.1
Rev: spki/testsuite/cdsa-cases/1000.in:1.1
Rev: spki/testsuite/cdsa-cases/11.in:1.1
Rev: spki/testsuite/cdsa-cases/11.out:1.1
Rev: spki/testsuite/cdsa-cases/12.in:1.1
Rev: spki/testsuite/cdsa-cases/12.out:1.1
Rev: spki/testsuite/cdsa-cases/13.in:1.1
Rev: spki/testsuite/cdsa-cases/13.out:1.1
Rev: spki/testsuite/cdsa-cases/14.in:1.1
Rev: spki/testsuite/cdsa-cases/14.out:1.1
Rev: spki/testsuite/cdsa-cases/15.in:1.1
Rev: spki/testsuite/cdsa-cases/15.out:1.1
Rev: spki/testsuite/cdsa-cases/16.in:1.1
Rev: spki/testsuite/cdsa-cases/16.out:1.1
Rev: spki/testsuite/cdsa-cases/17.in:1.1
Rev: spki/testsuite/cdsa-cases/17.out:1.1
Rev: spki/testsuite/cdsa-cases/18.in:1.1
Rev: spki/testsuite/cdsa-cases/18.out:1.1
Rev: spki/testsuite/cdsa-cases/19.in:1.1
Rev: spki/testsuite/cdsa-cases/19.out:1.1
Rev: spki/testsuite/cdsa-cases/2.in:1.1
Rev: spki/testsuite/cdsa-cases/2.out:1.1
Rev: spki/testsuite/cdsa-cases/20.in:1.1
Rev: spki/testsuite/cdsa-cases/20.out:1.1
Rev: spki/testsuite/cdsa-cases/21.in:1.1
Rev: spki/testsuite/cdsa-cases/21.out:1.1
Rev: spki/testsuite/cdsa-cases/22.in:1.1
Rev: spki/testsuite/cdsa-cases/22.out:1.1
Rev: spki/testsuite/cdsa-cases/23.in:1.1
Rev: spki/testsuite/cdsa-cases/23.ou1:1.1
Rev: spki/testsuite/cdsa-cases/23.out:1.1
Rev: spki/testsuite/cdsa-cases/24.in:1.1
Rev: spki/testsuite/cdsa-cases/24.out:1.1
Rev: spki/testsuite/cdsa-cases/25.in:1.1
Rev: spki/testsuite/cdsa-cases/25.out:1.1
Rev: spki/testsuite/cdsa-cases/26.in:1.1
Rev: spki/testsuite/cdsa-cases/26.out:1.1
Rev: spki/testsuite/cdsa-cases/27.in:1.1
Rev: spki/testsuite/cdsa-cases/27.out:1.1
Rev: spki/testsuite/cdsa-cases/28.in:1.1
Rev: spki/testsuite/cdsa-cases/28.out:1.1
Rev: spki/testsuite/cdsa-cases/29.in:1.1
Rev: spki/testsuite/cdsa-cases/29.ou1:1.1
Rev: spki/testsuite/cdsa-cases/29.out:1.1
Rev: spki/testsuite/cdsa-cases/3.in:1.1
Rev: spki/testsuite/cdsa-cases/3.out:1.1
Rev: spki/testsuite/cdsa-cases/30.in:1.1
Rev: spki/testsuite/cdsa-cases/30.out:1.1
Rev: spki/testsuite/cdsa-cases/31.in:1.1
Rev: spki/testsuite/cdsa-cases/31.out:1.1
Rev: spki/testsuite/cdsa-cases/32.in:1.1
Rev: spki/testsuite/cdsa-cases/32.ou1:1.1
Rev: spki/testsuite/cdsa-cases/32.out:1.1
Rev: spki/testsuite/cdsa-cases/33.in:1.1
Rev: spki/testsuite/cdsa-cases/33.out:1.1
Rev: spki/testsuite/cdsa-cases/34.in:1.1
Rev: spki/testsuite/cdsa-cases/34.out:1.1
Rev: spki/testsuite/cdsa-cases/35.in:1.1
Rev: spki/testsuite/cdsa-cases/35.out:1.1
Rev: spki/testsuite/cdsa-cases/36.in:1.1
Rev: spki/testsuite/cdsa-cases/36.out:1.1
Rev: spki/testsuite/cdsa-cases/37.in:1.1
Rev: spki/testsuite/cdsa-cases/37.out:1.1
Rev: spki/testsuite/cdsa-cases/38.in:1.1
Rev: spki/testsuite/cdsa-cases/38.out:1.1
Rev: spki/testsuite/cdsa-cases/39.in:1.1
Rev: spki/testsuite/cdsa-cases/39.out:1.1
Rev: spki/testsuite/cdsa-cases/4.in:1.1
Rev: spki/testsuite/cdsa-cases/4.out:1.1
Rev: spki/testsuite/cdsa-cases/40.in:1.1
Rev: spki/testsuite/cdsa-cases/40.out:1.1
Rev: spki/testsuite/cdsa-cases/41.in:1.1
Rev: spki/testsuite/cdsa-cases/41.out:1.1
Rev: spki/testsuite/cdsa-cases/42.in:1.1
Rev: spki/testsuite/cdsa-cases/42.out:1.1
Rev: spki/testsuite/cdsa-cases/43.in:1.1
Rev: spki/testsuite/cdsa-cases/43.ou1:1.1
Rev: spki/testsuite/cdsa-cases/43.out:1.1
Rev: spki/testsuite/cdsa-cases/44.in:1.1
Rev: spki/testsuite/cdsa-cases/44.out:1.1
Rev: spki/testsuite/cdsa-cases/45.in:1.1
Rev: spki/testsuite/cdsa-cases/45.out:1.1
Rev: spki/testsuite/cdsa-cases/46.in:1.1
Rev: spki/testsuite/cdsa-cases/46.out:1.1
Rev: spki/testsuite/cdsa-cases/47.in:1.1
Rev: spki/testsuite/cdsa-cases/47.out:1.1
Rev: spki/testsuite/cdsa-cases/48.in:1.1
Rev: spki/testsuite/cdsa-cases/48.out:1.1
Rev: spki/testsuite/cdsa-cases/49.in:1.1
Rev: spki/testsuite/cdsa-cases/49.out:1.1
Rev: spki/testsuite/cdsa-cases/5.in:1.1
Rev: spki/testsuite/cdsa-cases/5.out:1.1
Rev: spki/testsuite/cdsa-cases/50.in:1.1
Rev: spki/testsuite/cdsa-cases/50.out:1.1
Rev: spki/testsuite/cdsa-cases/51.in:1.1
Rev: spki/testsuite/cdsa-cases/51.out:1.1
Rev: spki/testsuite/cdsa-cases/52.in:1.1
Rev: spki/testsuite/cdsa-cases/52.out:1.1
Rev: spki/testsuite/cdsa-cases/53.in:1.1
Rev: spki/testsuite/cdsa-cases/53.out:1.1
Rev: spki/testsuite/cdsa-cases/54.in:1.1
Rev: spki/testsuite/cdsa-cases/54.out:1.1
Rev: spki/testsuite/cdsa-cases/55.in:1.1
Rev: spki/testsuite/cdsa-cases/55.out:1.1
Rev: spki/testsuite/cdsa-cases/56.in:1.1
Rev: spki/testsuite/cdsa-cases/56.out:1.1
Rev: spki/testsuite/cdsa-cases/57.in:1.1
Rev: spki/testsuite/cdsa-cases/57.out:1.1
Rev: spki/testsuite/cdsa-cases/58.in:1.1
Rev: spki/testsuite/cdsa-cases/58.out:1.1
Rev: spki/testsuite/cdsa-cases/59.in:1.1
Rev: spki/testsuite/cdsa-cases/59.out:1.1
Rev: spki/testsuite/cdsa-cases/6.in:1.1
Rev: spki/testsuite/cdsa-cases/6.out:1.1
Rev: spki/testsuite/cdsa-cases/60.in:1.1
Rev: spki/testsuite/cdsa-cases/60.out:1.1
Rev: spki/testsuite/cdsa-cases/61.in:1.1
Rev: spki/testsuite/cdsa-cases/61.out:1.1
Rev: spki/testsuite/cdsa-cases/62.in:1.1
Rev: spki/testsuite/cdsa-cases/62.out:1.1
Rev: spki/testsuite/cdsa-cases/63.in:1.1
Rev: spki/testsuite/cdsa-cases/63.out:1.1
Rev: spki/testsuite/cdsa-cases/64.in:1.1
Rev: spki/testsuite/cdsa-cases/64.out:1.1
Rev: spki/testsuite/cdsa-cases/65.in:1.1
Rev: spki/testsuite/cdsa-cases/65.out:1.1
Rev: spki/testsuite/cdsa-cases/66.in:1.1
Rev: spki/testsuite/cdsa-cases/66.out:1.1
Rev: spki/testsuite/cdsa-cases/67.in:1.1
Rev: spki/testsuite/cdsa-cases/67.out:1.1
Rev: spki/testsuite/cdsa-cases/68.in:1.1
Rev: spki/testsuite/cdsa-cases/68.out:1.1
Rev: spki/testsuite/cdsa-cases/69.in:1.1
Rev: spki/testsuite/cdsa-cases/69.out:1.1
Rev: spki/testsuite/cdsa-cases/7.in:1.1
Rev: spki/testsuite/cdsa-cases/7.out:1.1
Rev: spki/testsuite/cdsa-cases/70.in:1.1
Rev: spki/testsuite/cdsa-cases/70.out:1.1
Rev: spki/testsuite/cdsa-cases/71.in:1.1
Rev: spki/testsuite/cdsa-cases/71.out:1.1
Rev: spki/testsuite/cdsa-cases/72.in:1.1
Rev: spki/testsuite/cdsa-cases/72.out:1.1
Rev: spki/testsuite/cdsa-cases/73.in:1.1
Rev: spki/testsuite/cdsa-cases/73.out:1.1
Rev: spki/testsuite/cdsa-cases/74.in:1.1
Rev: spki/testsuite/cdsa-cases/74.out:1.1
Rev: spki/testsuite/cdsa-cases/75.in:1.1
Rev: spki/testsuite/cdsa-cases/75.out:1.1
Rev: spki/testsuite/cdsa-cases/76.in:1.1
Rev: spki/testsuite/cdsa-cases/76.out:1.1
Rev: spki/testsuite/cdsa-cases/77.in:1.1
Rev: spki/testsuite/cdsa-cases/77.out:1.1
Rev: spki/testsuite/cdsa-cases/78.in:1.1
Rev: spki/testsuite/cdsa-cases/78.out:1.1
Rev: spki/testsuite/cdsa-cases/79.in:1.1
Rev: spki/testsuite/cdsa-cases/79.out:1.1
Rev: spki/testsuite/cdsa-cases/8.in:1.1
Rev: spki/testsuite/cdsa-cases/8.out:1.1
Rev: spki/testsuite/cdsa-cases/80.in:1.1
Rev: spki/testsuite/cdsa-cases/80.out:1.1
Rev: spki/testsuite/cdsa-cases/81.in:1.1
Rev: spki/testsuite/cdsa-cases/81.out:1.1
Rev: spki/testsuite/cdsa-cases/82.in:1.1
Rev: spki/testsuite/cdsa-cases/82.out:1.1
Rev: spki/testsuite/cdsa-cases/83.in:1.1
Rev: spki/testsuite/cdsa-cases/83.out:1.1
Rev: spki/testsuite/cdsa-cases/84.in:1.1
Rev: spki/testsuite/cdsa-cases/84.out:1.1
Rev: spki/testsuite/cdsa-cases/85.in:1.1
Rev: spki/testsuite/cdsa-cases/85.out:1.1
Rev: spki/testsuite/cdsa-cases/86.in:1.1
Rev: spki/testsuite/cdsa-cases/86.out:1.1
Rev: spki/testsuite/cdsa-cases/87.in:1.1
Rev: spki/testsuite/cdsa-cases/87.out:1.1
Rev: spki/testsuite/cdsa-cases/88.in:1.1
Rev: spki/testsuite/cdsa-cases/88.out:1.1
Rev: spki/testsuite/cdsa-cases/89.in:1.1
Rev: spki/testsuite/cdsa-cases/89.out:1.1
Rev: spki/testsuite/cdsa-cases/9.in:1.1
Rev: spki/testsuite/cdsa-cases/9.out:1.1
Rev: spki/testsuite/cdsa-cases/90.in:1.1
Rev: spki/testsuite/cdsa-cases/90.out:1.1
Rev: spki/testsuite/cdsa-cases/91.in:1.1
Rev: spki/testsuite/cdsa-cases/91.out:1.1
Rev: spki/testsuite/cdsa-reduce-test.c:1.1
Rev: spki/testsuite/check-signature-test:1.1
Rev: spki/testsuite/date-test.c:1.1
Rev: spki/testsuite/delegate-test:1.1
Rev: spki/testsuite/key-1:1.1
Rev: spki/testsuite/key-1.pub:1.1
Rev: spki/testsuite/key-2:1.1
Rev: spki/testsuite/key-2.pub:1.1
Rev: spki/testsuite/lookup-acl-test.c:1.1
Rev: spki/testsuite/make-signature-test:1.1
Rev: spki/testsuite/principal-test.c:1.1
Rev: spki/testsuite/read-acl-test.c:1.1
Rev: spki/testsuite/read-cert-test.c:1.1
Rev: spki/testsuite/reduce-test:1.1
Rev: spki/testsuite/setup-env:1.1
Rev: spki/testsuite/tag-test.c:1.1
Rev: spki/testsuite/testutils.c:1.1
Rev: spki/testsuite/testutils.h:1.1
Rev: spki/tools/.c-style:1.1
Rev: spki/tools/.cvsignore:1.1
Rev: spki/tools/.gdbinit:1.1
Rev: spki/tools/Makefile.in:1.1
Rev: spki/tools/misc.c:1.1
Rev: spki/tools/misc.h:1.1
Rev: spki/tools/sign.c:1.1
Rev: spki/tools/sign.h:1.1
Rev: spki/tools/spki-check-signature.c:1.1
Rev: spki/tools/spki-delegate.c:1.1
Rev: spki/tools/spki-make-signature.c:1.1
Rev: spki/tools/spki-reduce.c:1.1
Rev: spki/verify.c:1.1
parent 122c0f76
#! /bin/sh
autoconf && autoheader
*.d
Makefile
aclocal.m4
autom4te.cache
config.h
config.h.in
config.log
config.make
config.status
configure
spki-gperf.h
spki-gperf.in
spki-type-names.h
spki-types.h
stamp-h
stamp-h.in
/*.d
/Makefile
/aclocal.m4
/autom4te.cache
/config.h
/config.h.in
/config.log
/config.make
/config.status
/configure
/spki-gperf.h
/spki-gperf.in
/spki-type-names.h
/spki-types.h
/stamp-h
/stamp-h.in
This diff is collapsed.
# Libspki Makefile
@SET_MAKE@
srcdir = @srcdir@
VPATH = @srcdir@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = $(INSTALL_PROGRAM) -s
MKDIR_P = @MKDIR_P@
SUBDIRS = tools testsuite
PRE_CPPFLAGS = -I. -I$(srcdir)
include config.make
TARGETS = libspki.a
SOURCES = certificate.c parse.c parse-transport.c names.c \
tag.c reduce.c verify.c
HEADERS = certificate.h parse.h tag.h
INSTALL_HEADERS = $(HEADERS) spki-types.h
DISTFILES = $(HEADERS) $(SOURCES) .bootstrap aclocal.m4 configure.ac \
configure stamp-h.in \
config.guess install-sh texinfo.tex \
config.h.in config.make.in Makefile.in \
README AUTHORS COPYING.LIB INSTALL NEWS TODO ChangeLog \
process-types spki-types.in spki-types.h spki-gperf.h spki-type-names.h
all check install uninstall:
$(MAKE) $@-here
set -e; for d in $(SUBDIRS); do \
echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
clean distclean mostlyclean maintainer-clean tags:
set -e; for d in $(SUBDIRS); do \
echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
$(MAKE) $@-here
check-here:
true
all-here: spki-types.h $(TARGETS)
# Does this get $(srcdir) right?
spki-types.h: spki-types.in process-types
$(srcdir)/process-types header < $< > $(srcdir)/spki-types.hT
test -s $(srcdir)/spki-types.hT \
&& mv -f $(srcdir)/spki-types.hT $(srcdir)/spki-types.h
spki-type-names.h: spki-types.in process-types
$(srcdir)/process-types names < $< > $(srcdir)/spki-type-names.hT
test -s $(srcdir)/spki-type-names.hT \
&& mv -f $(srcdir)/spki-type-names.hT $(srcdir)/spki-type-names.h
GPERF_FLAGS = -LANSI-C -t -c -C -l -E -o -k1,$$ -N spki_gperf
spki-gperf.h: spki-types.in process-types
$(srcdir)/process-types gperf < $< | tee spki-gperf.in \
| gperf $(GPERF_FLAGS) | sed 's/{""}/{"", 0}/g' \
> $(srcdir)/spki-gperf.hT
test -s $(srcdir)/spki-gperf.hT \
&& mv -f $(srcdir)/spki-gperf.hT $(srcdir)/spki-gperf.h
.c.$(OBJEXT):
$(COMPILE) -c $< \
&& $(DEP_PROCESS)
OBJS = $(SOURCES:.c=.$(OBJEXT))
libspki.a: $(OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(OBJS)
$(RANLIB) $@
# Configure-related rules, mostly copied from the autoconf manual. No
# $(srcdir) prefixes on the targets, though.
configure: configure.ac aclocal.m4
cd $(srcdir) && $(AUTOCONF)
# autoheader might not change config.h.in, so touch a stamp file.
config.h.in: stamp-h.in
stamp-h.in: configure.ac aclocal.m4
cd $(srcdir) && autoheader
echo timestamp > $(srcdir)/stamp-h.in
config.status: configure
./config.status --recheck
config.h: stamp-h
stamp-h: config.h.in config.status
./config.status config.h
echo timestamp > stamp-h
Makefile: Makefile.in config.status
./config.status $@
config.make: config.make.in config.status
./config.status $@
config.m4: config.m4.in config.status
./config.status $@
EXTRA_DIST = process-types \
spki-types.in spki-types.h spki-gperf.h spki-type-names.h
.PHONY: bootstrap
bootstrap: spki-types.h spki-gperf.h spki-type-names.h
install-here: $(TARGETS) install-headers
$(MKDIR_P) $(DESTDIR)$(libdir)
$(INSTALL_DATA) libspki.a $(DESTDIR)$(libdir)
install-headers: $(HEADERS)
$(MKDIR_P) $(DESTDIR)$(includedir)/spki
for f in $(HEADERS) ; do \
if [ -f "$$f" ] ; then \
$(INSTALL_DATA) "$$f" $(DESTDIR)$(includedir)/spki ; \
else \
$(INSTALL_DATA) "$(srcdir)/$$f" $(DESTDIR)$(includedir)/spki ; \
fi ; done
# Uninstall
uninstall-here: uninstall-headers
rm -f $(DESTDIR)$(libdir)/libspki.a
uninstall-headers:
for f in $(HEADERS) ; do \
rm -f $(DESTDIR)$(includedir)/spki/$$f ; \
done
# Distribution
distdir = $(PACKAGE_NAME)-$(PACKAGE_VERSION)
top_distdir = $(distdir)
# NOTE: Depending on the automake version in the parent dir,
# we must handle both absolute and relative $destdir.
distdir: $(DISTFILES)
rm -rf "$(distdir)"
mkdir "$(distdir)"
set -e; for f in $(DISTFILES) ; do \
if [ -f "$$f" ] ; then cp "$$f" "$(distdir)" ; \
else cp "$(srcdir)/$$f" "$(distdir)" ; \
fi ; \
done
set -e; for d in $(SUBDIRS); do \
sd="$(distdir)/$$d" ; \
mkdir "$$sd" && $(MAKE) -C $$d distdir="`cd $$sd && pwd`" $@ ; \
done
dist: distdir
tar cf - $(distdir) | gzip -c >$(distdir).tar.gz
rm -rf $(distdir)
rm_distcheck = test ! -d distcheck-tmp \
|| { find distcheck-tmp -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr distcheck-tmp; };
distcheck: dist
$(rm_distcheck)
mkdir distcheck-tmp
gzip -d < $(distdir).tar.gz \
| { cd distcheck-tmp && tar xf - && chmod -R a-w $(distdir) ; }
mkdir distcheck-tmp/build
mkdir distcheck-tmp/install
cd distcheck-tmp/build && ../$(distdir)/configure --prefix="`cd ../install && pwd`"
cd distcheck-tmp/build && $(MAKE)
cd distcheck-tmp/build && $(MAKE) check
cd distcheck-tmp/build && $(MAKE) install
cd distcheck-tmp/build && $(MAKE) uninstall
cd distcheck-tmp && find install -type f -print > leftover-install-files
@test `cat distcheck-tmp/leftover-install-files | wc -l` -le 1 \
|| { echo "ERROR: files left after uninstall:" ; \
cat distcheck-tmp/leftover-install-files ; \
exit 1; }
chmod -R a-w distcheck-tmp/install
mkdir distcheck-tmp/destdir
destdir="`cd distcheck-tmp/destdir && pwd`" \
&& cd distcheck-tmp/build \
&& $(MAKE) install DESTDIR="$$destdir" \
&& $(MAKE) uninstall DESTDIR="$$destdir"
cd distcheck-tmp && find destdir -type f -print > leftover-destdir-files
@test `cat distcheck-tmp/leftover-destdir-files | wc -l` -le 1 \
|| { echo "ERROR: destdir files left after uninstall:" ; \
cat distcheck-tmp/leftover-destdir-files ; \
exit 1; }
cd distcheck-tmp/build && $(MAKE) dist
cd distcheck-tmp/build && rm *.gz
cd distcheck-tmp/build && $(MAKE) distclean
cd distcheck-tmp && find build -type f -print > leftover-build-files
@test `cat distcheck-tmp/leftover-build-files | wc -l` -eq 0 \
|| { echo "ERROR: files left in build directory after distclean:" ; \
cat distcheck-tmp/leftover-build-files ; \
exit 1; }
$(rm_distcheck)
clean-here:
-rm -f $(TARGETS) *.$(OBJEXT)
-rm -rf .lib
distclean-here: clean-here
-rm -f config.h stamp-h config.log config.status \
config.make Makefile
maintainer-clean-here:
-rm -f spki-types.h spki-gperf.h spki-type-names.h
tags-here:
etags $(srcdir)/*.c $(srcdir)/*.h
parse.$(OBJEXT): spki-gperf.h
names.$(OBJEXT): spki-type-names.h
DEP_FILES = $(SOURCES:.c=.$(OBJEXT).d)
@DEP_INCLUDE@ $(DEP_FILES)
LIBSPKI
Libspki is a library and a set of tools for handling Simple Public Key
Infrastructure certificates and other objects.
OVERVIEW
This section gives an overview of the SPKI model of authorization.
Owners and ACLSs
The owner of a resource writes Access Control Lists (ACLs) specifying
who can access the resource. User's are identified by their public
key. A user will contact the server controlling the resource, and
provide a certificate chain and some proof of knowledge of a his or
her private key. The server checks the signatures, and then matches
the certificate chain, the requested access, and the owners ACL, to
make an access decision.
The root of authorization
The owner can write one ACL for each user that should have access to
the resource, or a single ACL giving full access to one of her own
keys. She can then use that key to sign certificates that delegate
some or all of her rights to other users.
There's no need for a trusted third party, because all valid
certificate chains will be rooted at a key listed in the owner's ACL.
Delegation
Delegation is a central issue in SPKI. Any user that has access rights
to some resource, via the owner's ACL and a certificate chain, and
which has the delegation flag set in her certificate, can sign new
certificates delegating some or all of her rights further. When
delegating, giving somebody a new certifon a new certificate, one will
usually provide a complete certificate chain, i.e. the chain that
gives oneself the right to use and delegate the right, extended with
the newly signed certificate.
LIMITATIONS OF LIBSPKI
Libspki doesn't yet implement all aspects of SPKI. In particular, it
doesn't yet implement SPKI names, online validity checks, and the
"range" type in tag expressions.
STORAGE
The information that SPKI users and applications need is organized as
follows. ACL:s are stored anywhere the software controling a resource
finds it convenient. The rest of the information is stored in a
directory, for users it would be located in files ad directories under
~/.spki.
~/.spki/keys/foo
A private key. Should contain the public information in
cleartext, and the private information in cleartext or encrypted
by a password.
~/.spki/keys/foo.pub
The corresponding public key. Redundant, but may be useful.
~/.spki/sha1-keys/{xxxx...} --> ../keys/foo
A symlink from the public-key hash to the corresponding key file.
~/.spki/certificates
A big file containing all the user's certificate chains. To find
a relevant certificate, one has to read the file and filter out
interesting certificates, usually by looking at the SPKI tags.
~/.spki/log/delegations
A log file containing information about all the user's own
delegations. Not strictly necessary, but it seems desirable to
keep a log of created certificates. The log file can be rotated
if it gets large.
TOOLS
Plain signatures can be created and verified with
spki-make-signature PRIVATE-KEY-FILE <message
and verified with
spki-check-signature {SIGNATURE} < data
where `{SIGNATURE}' is the transport encoded spki signature.
Certificates are created with
spki-delegate --issuer={ISSUER} --subject={SUBJECT} \
--tag={RESOURCE} --chain={CERTIFICATE} \
[--key-file=PRIVATE] [--propagate] \
[--no-signature]
where --subject specifies an spki principal (currently a public key or
hash), --tag specifies the resource to which access is delegated. If
--chain is used, a certificate chain is created by adding the
certificate at the end of the given certificate chain, otherwise, if
--issuer is given, a certificate chain with a single certificate is
created. --key-file specifies the private key to use (by default, it
is looked up in ~/.spki/sha1-keys). --propgate creates a delegation
that can be delegated further.
FIXME: Change terminology, we could talk of the source of the
delegation (--issuer or --chain).
Some questions: Computing intersections and inclusions between sets
and ranges seems tricky. For instance, do one need to handle
(* set (* range numeric (ge #00#) (le #20#)))
includes
(* range numeric (ge #05#) (le #15#))
What if certificate reduction ends up with more than one reduced 5
tuple? I think the function spki_process_sequence_no_signatures (and
spki_process_sequence, when that is implemented) should return a list
of 5-tuples, *and* a principal that is the ultimate subject of the
sequence. I.e. either the final expression of the sequence, if that is
a public-key or a hash, or the subject of the final certificate in the
sequence.
Next, the spki_5_tuple_reduce function should return a set of acl:s,
that all have the principal in question as subject. It could also be
restricted further, by giving it a date and/or a tag as argument.
All this implies that we need reference counts and cons-lists to handle
acl lists, as a single acl may be on more than one list.
Implement range, and figure out if and how to support all the
different range types.
This diff is collapsed.
/* certificate.h */
/* libspki
*
* Copyright (C) 2002 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef LIBSPKI_CERTIFICATE_H_INCLUDED
#define LIBSPKI_CERTIFICATE_H_INCLUDED
#include "nettle/md5.h"
#include "nettle/sha.h"
#include "nettle/realloc.h"
#include "nettle/buffer.h"
/* This should be the only file ever including spki-types.h
* directly. */
#include "spki-types.h"
/* Move this to a separate file? */
struct spki_type_name
{
unsigned length;
const uint8_t *name;
};
extern const struct spki_type_name
spki_type_names[];
#include <time.h>
/* Real declarations in parse.h */
struct spki_iterator;
struct spki_hash_value;
/* Real declaration in tag.c */
struct spki_tag;
/* Forward declaration */
struct spki_acl_db;
struct spki_hashes
{
/* Include the flags in this struct? */
uint8_t md5[MD5_DIGEST_SIZE];
uint8_t sha1[SHA1_DIGEST_SIZE];
};
enum spki_principal_flags
{
SPKI_PRINCIPAL_MD5 = 1,
SPKI_PRINCIPAL_SHA1 = 2
};
struct spki_principal
{
/* Principals linked into a list. */
struct spki_principal *next;
/* An s-expression */
unsigned key_length;
/* NULL if only hash is known */
uint8_t *key;
/* A flag is set iff the corresponding hash value is known. */
enum spki_principal_flags flags;
struct spki_hashes hashes;
/* If the lookup code sees hashes and keys in an unfortunate order,
* it may create several principal structs that represent the same
* key. In this case, we install an alias pointer when the mistake
* is discovered. This means that one should call
* spki_principal_normalize before comparing two principals. */
struct spki_principal *alias;
/* Information needed to verify signatures for this key. For now,
* details are up to the application. */
void *verifier;
};
enum spki_5_tuple_flags
{
SPKI_PROPAGATE = 1,
/* These redundant flags are kept for convenience. */
SPKI_NOT_BEFORE = 2,
SPKI_NOT_AFTER = 4,
};
/* Dates are represented as 19-character strings of the form
* "1997-07-26_23:15:10". Note that dates can be compared by
* memcmp. */
#define SPKI_DATE_SIZE 19
struct spki_date {
uint8_t date[SPKI_DATE_SIZE];
};
extern const struct spki_date spki_date_since_ever;
extern const struct spki_date spki_date_for_ever;
#define SPKI_DATE_CMP(a,b) memcmp((a).date, (b).date, SPKI_DATE_SIZE)
void
spki_date_from_time_t(struct spki_date *d, time_t t);
/* Return value < 0, == 0 or > 0 if d < t, d == t or d > t */
int
spki_date_cmp_time_t(struct spki_date *d, time_t t);
/* Lists of 5-tuples is a fundamental type. We use referens counts and
* cons-cells to keep track of them. */
struct spki_5_tuple
{
/* This is usually the number of lists that the 5-tuple is on. */
unsigned refs;
/* NULL for ACL:s */
struct spki_principal *issuer;
/* For now, support only subjects that are principals (i.e. no
* names) */