X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FX509.cpp;h=acc9dec358b528bd558e43cc5819c06e9d1bcd6d;hb=b256cf9c220e536efa2ad4bf62936336d5703a6b;hp=71060e99ebb143f73af05eb444fdd03851346438;hpb=9e866a1a2facc8cb1565cd660c6b6d482f18ecb1;p=cassiopeia.git

diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp
index 71060e9..acc9dec 100644
--- a/src/crypto/X509.cpp
+++ b/src/crypto/X509.cpp
@@ -7,8 +7,7 @@
 #include <openssl/bio.h>
 #include <openssl/x509v3.h>
 
-X509Req::X509Req( X509_REQ* csr ) {
-    req = std::shared_ptr<X509_REQ>( csr, X509_REQ_free );
+X509Req::X509Req( X509_REQ* csr ) : req( csr, X509_REQ_free ) {
     EVP_PKEY* pkt = X509_REQ_get_pubkey( req.get() );
 
     if( !pkt ) {
@@ -48,7 +47,7 @@ int X509Req::verify() {
     return X509_REQ_verify( req.get(), pk.get() );
 }
 
-std::shared_ptr<EVP_PKEY> X509Req::getPkey() {
+std::shared_ptr<EVP_PKEY> X509Req::getPkey() const {
     return pk;
 }
 
@@ -138,8 +137,8 @@ void X509Cert::setSerialNumber( BIGNUM* num ) {
 }
 
 void X509Cert::setTimes( uint32_t before, uint32_t after ) {
-    X509_gmtime_adj( X509_get_notBefore( target.get() ), before );
-    X509_gmtime_adj( X509_get_notAfter( target.get() ), after );
+    ASN1_TIME_set( X509_get_notBefore( target.get() ), before );
+    ASN1_TIME_set( X509_get_notAfter( target.get() ), after );
 }
 
 static X509_EXTENSION* do_ext_i2d( int ext_nid, int crit, ASN1_VALUE* ext_struc ) {
@@ -185,7 +184,7 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
     add_ext( caCert, target, NID_info_access, "OCSP;URI:http://ocsp.cacert.org" );
     add_ext( caCert, target, NID_crl_distribution_points, "URI:http://crl.cacert.org/class3-revoke.crl" );
 
-    if( sans.size() == 0 ) {
+    if( sans.empty() ) {
         return;
     }
 
@@ -248,15 +247,31 @@ std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caK
     //X509_print_fp( stdout, target.get() );
 
     std::shared_ptr<BIO> mem = std::shared_ptr<BIO>( BIO_new( BIO_s_mem() ), BIO_free );
+
+    if( !mem ) {
+        throw "Failed to allocate memory for the signed certificate.";
+    }
+
     PEM_write_bio_X509( mem.get(), target.get() );
-    BUF_MEM* buf;
+
+    BUF_MEM* buf = NULL;
     BIO_get_mem_ptr( mem.get(), &buf );
+
     std::shared_ptr<SignedCertificate> res = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
     res->certificate = std::string( buf->data, buf->data + buf->length );
-    BIGNUM* ser = ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL );
-    char* serStr = BN_bn2hex( ser );
-    res->serial = std::string( serStr );
-    OPENSSL_free( serStr );
-    BN_free( ser );
+
+    std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free );
+
+    if( !ser ) {
+        throw "Failed to retrieve certificate serial of signed certificate.";
+    }
+
+    std::shared_ptr<char> serStr(
+        BN_bn2hex( ser.get() ),
+        []( char *p ) {
+            OPENSSL_free(p);
+        } ); // OPENSSL_free is a macro...
+    res->serial = serStr ? std::string( serStr.get() ) : "";
+
     return res;
 }