#include "X509.h"
+#include <fstream>
#include <iostream>
#include <openssl/ssl.h>
pk = std::shared_ptr<EVP_PKEY>( pkt, EVP_PKEY_free );
}
+X509Req::X509Req( std::string spkac ) {
+ if( spkac.compare( 0, 6, "SPKAC=" ) != 0 ) {
+ throw "Error: not a SPKAC";
+ }
+
+ spkac = spkac.substr( 6 );
+ NETSCAPE_SPKI* spki_p = NETSCAPE_SPKI_b64_decode( spkac.c_str(), spkac.size() );
+
+ if( !spki_p ) {
+ throw "Error: decode failed";
+ }
+
+ spki = std::shared_ptr<NETSCAPE_SPKI>( spki_p, NETSCAPE_SPKI_free );
+ EVP_PKEY* pkt_p = NETSCAPE_SPKI_get_pubkey( spki.get() );
+
+ if( !pkt_p ) {
+ throw "Error: reading SPKAC Pubkey failed";
+ }
+
+ pk = std::shared_ptr<EVP_PKEY>( pkt_p, EVP_PKEY_free );
+}
+
int X509Req::verify() {
+ if( !req ) {
+ return NETSCAPE_SPKI_verify( spki.get(), pk.get() );
+ }
+
return X509_REQ_verify( req.get(), pk.get() );
}
return std::shared_ptr<X509Req>( new X509Req( req ) );
}
+std::shared_ptr<X509Req> X509Req::parseSPKAC( std::string content ) {
+ return std::shared_ptr<X509Req>( new X509Req( content ) );
+}
+
int add_ext( std::shared_ptr<X509> issuer, std::shared_ptr<X509> subj, int nid, const char* value ) {
X509_EXTENSION* ex;
X509V3_CTX ctx;
private:
std::shared_ptr<EVP_PKEY> pk;
std::shared_ptr<X509_REQ> req;
+ std::shared_ptr<NETSCAPE_SPKI> spki;
X509Req( X509_REQ* csr );
+ X509Req( std::string spkac );
public:
static std::shared_ptr<X509Req> parse( std::string filename );
+ static std::shared_ptr<X509Req> parseSPKAC( std::string filename );
int verify();
std::shared_ptr<EVP_PKEY> getPkey();
};
throw "CA-key not found";
}
- std::shared_ptr<X509Req> req = X509Req::parse( cert->csr_content );
+ std::shared_ptr<X509Req> req;
+
+ if( cert->csr_type == "SPKAC" ) {
+ req = X509Req::parseSPKAC( cert->csr_content );
+ } else if( cert->csr_type == "CSR" ) {
+ req = X509Req::parse( cert->csr_content );
+ } else {
+ throw "Error, unknown REQ rype " + ( cert->csr_type );
+ }
int i = req->verify();