X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2FsimpleOpensslSigner.cpp;h=eb7d8b9e720232989b8a60c5b0bfc792a50d2fe0;hb=7a72391242e316a16992e0874a118999486afb87;hp=e38aeb1208c9986bd583b50b5ac41b5ec1c6bb83;hpb=858fcca3a53da84a306f55d1811bf119bf8d862f;p=cassiopeia.git

diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp
index e38aeb1..eb7d8b9 100644
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -1,6 +1,7 @@
 #include "simpleOpensslSigner.h"
 
 #include <iostream>
+#include <fstream>
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
@@ -11,6 +12,8 @@
 
 #include "X509.h"
 
+extern std::vector<Profile> profiles;
+
 std::shared_ptr<int> SimpleOpensslSigner::lib_ref(
     new int( SSL_library_init() ),
     []( int* ref ) {
@@ -62,16 +65,72 @@ std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
         } );
 }
 
-std::shared_ptr<X509> SimpleOpensslSigner::caCert = loadX509FromFile( "assured.crt" );
+SimpleOpensslSigner::SimpleOpensslSigner() {
+    caCert = loadX509FromFile( profiles[0].cert );
+    caKey = loadPkeyFromFile( profiles[0].key );
+}
+
+SimpleOpensslSigner::~SimpleOpensslSigner() {
+}
+
+std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial( uint16_t profile ) {
+    std::ifstream serialif( "serial" );
+    std::string res;
+    serialif >> res;
+    serialif.close();
+
+    BIGNUM* bn = 0;
 
-std::shared_ptr<EVP_PKEY> SimpleOpensslSigner::caKey = loadPkeyFromFile( "assured.key" );
+    if( res == "" ) {
+        bn = BN_new();
+
+        if( !bn ) {
+            throw "Initing serial failed";
+        }
+    } else {
+        if( !BN_hex2bn( &bn, res.c_str() + 1 ) ) {
+            throw "Parsing serial failed.";
+        }
+    }
+
+    std::shared_ptr<BIGNUM> serial = std::shared_ptr<BIGNUM>( bn, BN_free );
+
+    std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
+    int len = BN_bn2bin( serial.get(), data.get() );
+
+    data.get()[len] = 0x0;
+    data.get()[len + 1] = 0x0; // signer id
+
+    data.get()[len + 2] = profile >> 8;
+    data.get()[len + 3] = profile & 0xFF; // profile id
+
+    if( !RAND_bytes( data.get() + len + 4, 16 ) || !BN_add_word( serial.get(), 1 ) ) {
+        throw "Big number math failed while calcing serials.";
+    }
 
-void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+    char* serStr = BN_bn2hex( serial.get() );
+    std::ofstream serialf( "serial" );
+    serialf << serStr;
+    serialf.close();
+    OPENSSL_free( serStr );
+
+    return std::shared_ptr<BIGNUM>( BN_bin2bn( data.get(), len + 4 + 16 , 0 ), BN_free );
+}
+
+std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
     if( !caKey ) {
         throw "CA-key not found";
     }
 
-    std::shared_ptr<X509Req> req = X509Req::parse( cert->csr_content );
+    std::shared_ptr<X509Req> req;
+
+    if( cert->csr_type == "SPKAC" ) {
+        req = X509Req::parseSPKAC( cert->csr_content );
+    } else if( cert->csr_type == "CSR" ) {
+        req = X509Req::parse( cert->csr_content );
+    } else {
+        throw "Error, unknown REQ rype " + ( cert->csr_type );
+    }
 
     int i = req->verify();
 
@@ -92,13 +151,46 @@ void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
         throw "Creating X509 failed.";
     }
 
+    X509_NAME* subjectP = X509_NAME_new();
+
+    if( !subjectP ) {
+        throw "malloc failure";
+    }
+
+    for( std::shared_ptr<AVA> a : cert->AVAs ) {
+        if( a->name == "CN" ) {
+            c.addRDN( NID_commonName, a->value );
+        } else if( a->name == "EMAIL" ) {
+            c.addRDN( NID_pkcs9_emailAddress, a->value );
+        } else if( a->name == "C" ) {
+            c.addRDN( NID_countryName, a->value );
+        } else if( a->name == "L" ) {
+            c.addRDN( NID_localityName, a->value );
+        } else if( a->name == "ST" ) {
+            c.addRDN( NID_stateOrProvinceName, a->value );
+        } else if( a->name == "O" ) {
+            c.addRDN( NID_organizationName, a->value );
+        } else if( a->name == "OU" ) {
+            c.addRDN( NID_organizationalUnitName, a->value );
+        } else {
+            throw "unknown AVA-type";
+        }
+    }
+
     c.setIssuerNameFrom( caCert );
     c.setPubkeyFrom( req );
-    c.setSerialNumber( 4711 );
+    long int profile = strtol( cert->profile.c_str(), 0, 10 );
+
+    if( profile > 0xFFFF || profile < 0 || ( profile == 0 && cert->profile != "0" ) ) {
+        throw "invalid profile id";
+    }
+
+    std::shared_ptr<BIGNUM> ser = nextSerial( profile );
+    c.setSerialNumber( ser.get() );
     c.setTimes( 0, 60 * 60 * 24 * 10 );
     c.setExtensions( caCert, cert->SANs );
 
-    std::string output = c.sign( caKey );
+    std::shared_ptr<SignedCertificate> output = c.sign( caKey, cert->md );
 
-    std::cout << "Certificate:" << std::endl << output << std::endl;
+    return output;
 }