]> WPIA git - cassiopeia.git/blobdiff - src/simpleOpensslSigner.cpp
projects / cassiopeia.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'libs/openssl/local'
[cassiopeia.git] / src / simpleOpensslSigner.cpp
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp
index 5ff46307fcd57db30e88fa4c4bd2bf62d49b20f8..eb7d8b9e720232989b8a60c5b0bfc792a50d2fe0 100644 (file)
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -73,7 +73,7 @@ SimpleOpensslSigner::SimpleOpensslSigner() {
 SimpleOpensslSigner::~SimpleOpensslSigner() {
 }
 
-std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial() {
+std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial( uint16_t profile ) {
     std::ifstream serialif( "serial" );
     std::string res;
     serialif >> res;
@@ -97,10 +97,12 @@ std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial() {
 
     std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
     int len = BN_bn2bin( serial.get(), data.get() );
+
     data.get()[len] = 0x0;
-    data.get()[len + 1] = 0x0; // profile id
-    data.get()[len + 2] = 0x0;
-    data.get()[len + 3] = 0x0; // signer id
+    data.get()[len + 1] = 0x0; // signer id
+
+    data.get()[len + 2] = profile >> 8;
+    data.get()[len + 3] = profile & 0xFF; // profile id
 
     if( !RAND_bytes( data.get() + len + 4, 16 ) || !BN_add_word( serial.get(), 1 ) ) {
         throw "Big number math failed while calcing serials.";
@@ -155,18 +157,40 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
         throw "malloc failure";
     }
 
-    std::shared_ptr<X509_NAME> subject = std::shared_ptr<X509_NAME>( subjectP, X509_NAME_free );
-    const char* strdata = "commonName";
-    X509_NAME_add_entry_by_NID( subject.get(), NID_commonName, MBSTRING_UTF8, ( unsigned char* )const_cast<char*>( strdata ), 10, -1, 0 ); // guard
-    c.addRDN( NID_commonName, "common-Content" );
+    for( std::shared_ptr<AVA> a : cert->AVAs ) {
+        if( a->name == "CN" ) {
+            c.addRDN( NID_commonName, a->value );
+        } else if( a->name == "EMAIL" ) {
+            c.addRDN( NID_pkcs9_emailAddress, a->value );
+        } else if( a->name == "C" ) {
+            c.addRDN( NID_countryName, a->value );
+        } else if( a->name == "L" ) {
+            c.addRDN( NID_localityName, a->value );
+        } else if( a->name == "ST" ) {
+            c.addRDN( NID_stateOrProvinceName, a->value );
+        } else if( a->name == "O" ) {
+            c.addRDN( NID_organizationName, a->value );
+        } else if( a->name == "OU" ) {
+            c.addRDN( NID_organizationalUnitName, a->value );
+        } else {
+            throw "unknown AVA-type";
+        }
+    }
+
     c.setIssuerNameFrom( caCert );
     c.setPubkeyFrom( req );
-    std::shared_ptr<BIGNUM> ser = nextSerial();
+    long int profile = strtol( cert->profile.c_str(), 0, 10 );
+
+    if( profile > 0xFFFF || profile < 0 || ( profile == 0 && cert->profile != "0" ) ) {
+        throw "invalid profile id";
+    }
+
+    std::shared_ptr<BIGNUM> ser = nextSerial( profile );
     c.setSerialNumber( ser.get() );
     c.setTimes( 0, 60 * 60 * 24 * 10 );
     c.setExtensions( caCert, cert->SANs );
 
-    std::shared_ptr<SignedCertificate> output = c.sign( caKey );
+    std::shared_ptr<SignedCertificate> output = c.sign( caKey, cert->md );
 
     return output;
 }
WPIA Certificate Signing Software