From: Felix Dörre <felix@dogcraft.de>
Date: Sun, 2 Nov 2014 01:00:10 +0000 (+0100)
Subject: add: Include support for signing based on a SPKAC request
X-Git-Url: https://code.wpia.club/?a=commitdiff_plain;h=b51ce6dd5f8941c0f5d5670ac7ee2fed94eeb601;p=cassiopeia.git

add: Include support for signing based on a SPKAC request
---

diff --git a/src/X509.cpp b/src/X509.cpp
index 0278fb9..9219e39 100644
--- a/src/X509.cpp
+++ b/src/X509.cpp
@@ -1,5 +1,6 @@
 #include "X509.h"
 
+#include <fstream>
 #include <iostream>
 
 #include <openssl/ssl.h>
@@ -17,7 +18,33 @@ X509Req::X509Req( X509_REQ* csr ) {
     pk = std::shared_ptr<EVP_PKEY>( pkt, EVP_PKEY_free );
 }
 
+X509Req::X509Req( std::string spkac ) {
+    if( spkac.compare( 0, 6, "SPKAC=" ) != 0 ) {
+        throw "Error: not a SPKAC";
+    }
+
+    spkac = spkac.substr( 6 );
+    NETSCAPE_SPKI* spki_p = NETSCAPE_SPKI_b64_decode( spkac.c_str(), spkac.size() );
+
+    if( !spki_p ) {
+        throw "Error: decode failed";
+    }
+
+    spki = std::shared_ptr<NETSCAPE_SPKI>( spki_p, NETSCAPE_SPKI_free );
+    EVP_PKEY* pkt_p = NETSCAPE_SPKI_get_pubkey( spki.get() );
+
+    if( !pkt_p ) {
+        throw "Error: reading SPKAC Pubkey failed";
+    }
+
+    pk = std::shared_ptr<EVP_PKEY>( pkt_p, EVP_PKEY_free );
+}
+
 int X509Req::verify() {
+    if( !req ) {
+        return NETSCAPE_SPKI_verify( spki.get(), pk.get() );
+    }
+
     return X509_REQ_verify( req.get(), pk.get() );
 }
 
@@ -36,6 +63,10 @@ std::shared_ptr<X509Req> X509Req::parse( std::string filename ) {
     return std::shared_ptr<X509Req>( new X509Req( req ) );
 }
 
+std::shared_ptr<X509Req> X509Req::parseSPKAC( std::string content ) {
+    return std::shared_ptr<X509Req>( new X509Req( content ) );
+}
+
 int add_ext( std::shared_ptr<X509> issuer, std::shared_ptr<X509> subj, int nid, const char* value ) {
     X509_EXTENSION* ex;
     X509V3_CTX ctx;
diff --git a/src/X509.h b/src/X509.h
index db82daf..994c9d6 100644
--- a/src/X509.h
+++ b/src/X509.h
@@ -11,9 +11,12 @@ class X509Req {
 private:
     std::shared_ptr<EVP_PKEY> pk;
     std::shared_ptr<X509_REQ> req;
+    std::shared_ptr<NETSCAPE_SPKI> spki;
     X509Req( X509_REQ* csr );
+    X509Req( std::string spkac );
 public:
     static std::shared_ptr<X509Req> parse( std::string filename );
+    static std::shared_ptr<X509Req> parseSPKAC( std::string filename );
     int verify();
     std::shared_ptr<EVP_PKEY> getPkey();
 };
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp
index d10a23e..3a22a7c 100644
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -74,7 +74,15 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
         throw "CA-key not found";
     }
 
-    std::shared_ptr<X509Req> req = X509Req::parse( cert->csr_content );
+    std::shared_ptr<X509Req> req;
+
+    if( cert->csr_type == "SPKAC" ) {
+        req = X509Req::parseSPKAC( cert->csr_content );
+    } else if( cert->csr_type == "CSR" ) {
+        req = X509Req::parse( cert->csr_content );
+    } else {
+        throw "Error, unknown REQ rype " + ( cert->csr_type );
+    }
 
     int i = req->verify();