1 #include "simpleOpensslSigner.h"
5 #include <openssl/ssl.h>
6 #include <openssl/err.h>
7 #include <openssl/bio.h>
8 #include <openssl/bn.h>
9 #include <openssl/engine.h>
10 #include <openssl/x509v3.h>
14 extern std::vector<Profile> profiles;
16 std::shared_ptr<int> SimpleOpensslSigner::lib_ref(
17 new int( SSL_library_init() ),
22 CRYPTO_cleanup_all_ex_data();
25 std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
26 FILE* f = fopen( filename.c_str(), "r" );
29 return std::shared_ptr<X509>();
32 X509* key = PEM_read_X509( f, NULL, NULL, 0 );
36 return std::shared_ptr<X509>();
39 return std::shared_ptr<X509>(
46 std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
47 FILE* f = fopen( filename.c_str(), "r" );
50 return std::shared_ptr<EVP_PKEY>();
53 EVP_PKEY* key = PEM_read_PrivateKey( f, NULL, NULL, 0 );
57 return std::shared_ptr<EVP_PKEY>();
60 return std::shared_ptr<EVP_PKEY>(
62 []( EVP_PKEY * ref ) {
67 SimpleOpensslSigner::SimpleOpensslSigner() {
68 caCert = loadX509FromFile( profiles[0].cert );
69 caKey = loadPkeyFromFile( profiles[0].key );
74 std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
76 throw "CA-key not found";
79 std::shared_ptr<X509Req> req;
81 if( cert->csr_type == "SPKAC" ) {
82 req = X509Req::parseSPKAC( cert->csr_content );
83 } else if( cert->csr_type == "CSR" ) {
84 req = X509Req::parse( cert->csr_content );
86 throw "Error, unknown REQ rype " + ( cert->csr_type );
89 int i = req->verify();
92 throw "Signature problems ... ";
94 throw "Signature did not match";
96 std::cerr << "Signature ok" << std::endl;
99 // Construct the Certificate
100 X509Cert c = X509Cert();
101 std::shared_ptr<X509> retsh = std::shared_ptr<X509>( X509_new(), X509_free );
102 X509* ret = retsh.get();
105 throw "Creating X509 failed.";
108 c.setIssuerNameFrom( caCert );
109 c.setPubkeyFrom( req );
110 c.setSerialNumber( serial++ );
111 c.setTimes( 0, 60 * 60 * 24 * 10 );
112 c.setExtensions( caCert, cert->SANs );
114 std::shared_ptr<SignedCertificate> output = c.sign( caKey );