X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FX509.cpp;h=caa2a9dfe0ff52435570faee628d9a7c8b88f1b0;hb=160ba9d844500d1e553a0dab21a4a2a7fabc60d5;hp=d340a184fbb3c9676734c878b70cfc65c02d7261;hpb=3ea4de25c712971a35dbad27d8834d75933daa08;p=cassiopeia.git diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp index d340a18..caa2a9d 100644 --- a/src/crypto/X509.cpp +++ b/src/crypto/X509.cpp @@ -59,7 +59,7 @@ std::shared_ptr X509Req::parseCSR( std::string content ) { throw "Error parsing CSR"; } - return std::shared_ptr( new X509Req( req ) ); + return std::shared_ptr( new X509Req( req )); // TODO ask } std::shared_ptr X509Req::parseSPKAC( std::string content ) { @@ -106,7 +106,7 @@ X509Cert::X509Cert() { X509_NAME* subjectP = X509_NAME_new(); if( !subjectP ) { - throw "malloc failure"; + throw "malloc failure in construct."; } subject = std::shared_ptr( subjectP, X509_NAME_free ); @@ -114,7 +114,7 @@ X509Cert::X509Cert() { void X509Cert::addRDN( int nid, std::string data ) { if( ! X509_NAME_add_entry_by_NID( subject.get(), nid, MBSTRING_UTF8, ( unsigned char* )const_cast( data.data() ), data.size(), -1, 0 ) ) { - throw "malloc failure"; + throw "malloc failure in RDN"; } } @@ -174,17 +174,17 @@ merr: throw "memerr"; } -void X509Cert::setExtensions( std::shared_ptr caCert, std::vector>& sans, Profile& prof ) { +void X509Cert::setExtensions( std::shared_ptr caCert, std::vector>& sans, Profile& prof, std::string crlURL, std::string crtURL ) { add_ext( caCert, target, NID_basic_constraints, "critical,CA:FALSE" ); add_ext( caCert, target, NID_subject_key_identifier, "hash" ); add_ext( caCert, target, NID_authority_key_identifier, "keyid,issuer:always" ); std::string ku = std::string( "critical," ) + prof.ku; add_ext( caCert, target, NID_key_usage, ku.c_str() ); add_ext( caCert, target, NID_ext_key_usage, prof.eku.c_str() ); - add_ext( caCert, target, NID_info_access, "OCSP;URI:http://ocsp.cacert.org" ); - add_ext( caCert, target, NID_crl_distribution_points, "URI:http://crl.cacert.org/class3-revoke.crl" ); + add_ext( caCert, target, NID_info_access, ("OCSP;URI:http://ocsp.cacert.org,caIssuers;URI:" + crtURL).c_str() ); + add_ext( caCert, target, NID_crl_distribution_points, ("URI:" + crlURL).c_str() ); - if( sans.size() == 0 ) { + if( sans.empty() ) { return; } @@ -247,15 +247,31 @@ std::shared_ptr X509Cert::sign( std::shared_ptr caK //X509_print_fp( stdout, target.get() ); std::shared_ptr mem = std::shared_ptr( BIO_new( BIO_s_mem() ), BIO_free ); + + if( !mem ) { + throw "Failed to allocate memory for the signed certificate."; + } + PEM_write_bio_X509( mem.get(), target.get() ); - BUF_MEM* buf; + + BUF_MEM* buf = NULL; BIO_get_mem_ptr( mem.get(), &buf ); - std::shared_ptr res = std::shared_ptr( new SignedCertificate() ); + + auto res = std::make_shared(); res->certificate = std::string( buf->data, buf->data + buf->length ); - BIGNUM* ser = ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ); - char* serStr = BN_bn2hex( ser ); - res->serial = std::string( serStr ); - OPENSSL_free( serStr ); - BN_free( ser ); + + std::shared_ptr ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free ); + + if( !ser ) { + throw "Failed to retrieve certificate serial of signed certificate."; + } + + std::shared_ptr serStr( + BN_bn2hex( ser.get() ), + []( char* p ) { + OPENSSL_free( p ); + } ); // OPENSSL_free is a macro... + res->serial = serStr ? std::string( serStr.get() ) : ""; + return res; }