1 #include "simpleOpensslSigner.h"
5 #include <openssl/ssl.h>
6 #include <openssl/err.h>
7 #include <openssl/bio.h>
8 #include <openssl/bn.h>
9 #include <openssl/engine.h>
10 #include <openssl/x509v3.h>
12 extern std::vector<Profile> profiles;
14 std::shared_ptr<int> SimpleOpensslSigner::lib_ref(
15 new int( SSL_library_init() ),
20 CRYPTO_cleanup_all_ex_data();
23 std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
24 FILE* f = fopen( filename.c_str(), "r" );
27 return std::shared_ptr<X509>();
30 X509* key = PEM_read_X509( f, NULL, NULL, 0 );
34 return std::shared_ptr<X509>();
37 return std::shared_ptr<X509>(
44 std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
45 FILE* f = fopen( filename.c_str(), "r" );
48 return std::shared_ptr<EVP_PKEY>();
51 EVP_PKEY* key = PEM_read_PrivateKey( f, NULL, NULL, 0 );
55 return std::shared_ptr<EVP_PKEY>();
58 return std::shared_ptr<EVP_PKEY>(
60 []( EVP_PKEY * ref ) {
65 SimpleOpensslSigner::SimpleOpensslSigner() {
66 caCert = loadX509FromFile( profiles[0].cert );
67 caKey = loadPkeyFromFile( profiles[0].key );
72 std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
74 throw "CA-key not found";
77 std::shared_ptr<X509Req> req;
79 if( cert->csr_type == "SPKAC" ) {
80 req = X509Req::parseSPKAC( cert->csr_content );
81 } else if( cert->csr_type == "CSR" ) {
82 req = X509Req::parse( cert->csr_content );
84 throw "Error, unknown REQ rype " + ( cert->csr_type );
87 int i = req->verify();
90 throw "Signature problems ... ";
92 throw "Signature did not match";
94 std::cerr << "Signature ok" << std::endl;
97 // Construct the Certificate
98 X509Cert c = X509Cert();
99 std::shared_ptr<X509> retsh = std::shared_ptr<X509>( X509_new(), X509_free );
100 X509* ret = retsh.get();
103 throw "Creating X509 failed.";
106 c.setIssuerNameFrom( caCert );
107 c.setPubkeyFrom( req );
108 c.setSerialNumber( serial++ );
109 c.setTimes( 0, 60 * 60 * 24 * 10 );
110 c.setExtensions( caCert, cert->SANs );
112 std::shared_ptr<SignedCertificate> output = c.sign( caKey );