#include "simpleOpensslSigner.h"
#include <iostream>
-#include <fstream>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
#include "X509.h"
+#include "util.h"
extern std::vector<Profile> profiles;
SimpleOpensslSigner::~SimpleOpensslSigner() {
}
-std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial() {
- std::ifstream serialif( "serial" );
- std::string res;
- serialif >> res;
- serialif.close();
+std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial( uint16_t profile ) {
+ std::string res = readFile( "serial" );
BIGNUM* bn = 0;
std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
int len = BN_bn2bin( serial.get(), data.get() );
+
data.get()[len] = 0x0;
- data.get()[len + 1] = 0x0; // profile id
- data.get()[len + 2] = 0x0;
- data.get()[len + 3] = 0x0; // signer id
+ data.get()[len + 1] = 0x0; // signer id
+
+ data.get()[len + 2] = profile >> 8;
+ data.get()[len + 3] = profile & 0xFF; // profile id
if( !RAND_bytes( data.get() + len + 4, 16 ) || !BN_add_word( serial.get(), 1 ) ) {
throw "Big number math failed while calcing serials.";
}
- char* serStr = BN_bn2hex( serial.get() );
- std::ofstream serialf( "serial" );
- serialf << serStr;
- serialf.close();
- OPENSSL_free( serStr );
+ std::shared_ptr<char> serStr = std::shared_ptr<char>(
+ BN_bn2hex( serial.get() ),
+ []( char* ref ) {
+ OPENSSL_free( ref );
+ } );
+ writeFile( "serial", serStr.get() );
return std::shared_ptr<BIGNUM>( BN_bin2bn( data.get(), len + 4 + 16 , 0 ), BN_free );
}
if( cert->csr_type == "SPKAC" ) {
req = X509Req::parseSPKAC( cert->csr_content );
} else if( cert->csr_type == "CSR" ) {
- req = X509Req::parse( cert->csr_content );
+ req = X509Req::parseCSR( cert->csr_content );
} else {
throw "Error, unknown REQ rype " + ( cert->csr_type );
}
throw "Creating X509 failed.";
}
+ X509_NAME* subjectP = X509_NAME_new();
+
+ if( !subjectP ) {
+ throw "malloc failure";
+ }
+
+ for( std::shared_ptr<AVA> a : cert->AVAs ) {
+ if( a->name == "CN" ) {
+ c.addRDN( NID_commonName, a->value );
+ } else if( a->name == "EMAIL" ) {
+ c.addRDN( NID_pkcs9_emailAddress, a->value );
+ } else if( a->name == "C" ) {
+ c.addRDN( NID_countryName, a->value );
+ } else if( a->name == "L" ) {
+ c.addRDN( NID_localityName, a->value );
+ } else if( a->name == "ST" ) {
+ c.addRDN( NID_stateOrProvinceName, a->value );
+ } else if( a->name == "O" ) {
+ c.addRDN( NID_organizationName, a->value );
+ } else if( a->name == "OU" ) {
+ c.addRDN( NID_organizationalUnitName, a->value );
+ } else {
+ throw "unknown AVA-type";
+ }
+ }
+
c.setIssuerNameFrom( caCert );
c.setPubkeyFrom( req );
- std::shared_ptr<BIGNUM> ser = nextSerial();
+ long int profile = strtol( cert->profile.c_str(), 0, 10 );
+
+ if( profile > 0xFFFF || profile < 0 || ( profile == 0 && cert->profile != "0" ) ) {
+ throw "invalid profile id";
+ }
+
+ std::shared_ptr<BIGNUM> ser = nextSerial( profile );
c.setSerialNumber( ser.get() );
c.setTimes( 0, 60 * 60 * 24 * 10 );
c.setExtensions( caCert, cert->SANs );
- std::shared_ptr<SignedCertificate> output = c.sign( caKey );
+ std::shared_ptr<SignedCertificate> output = c.sign( caKey, cert->md );
return output;
}
projects / cassiopeia.git / blobdiff