CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11
CXXFLAGS=$(CFLAGS)
-LDFLAGS=-O3 -g -flto -lmysqlclient
+LDFLAGS=-O3 -g -flto -lmysqlclient -lssl -lcrypto -ldl
SRC_DIR=src
OBJ_DIR=obj
Section: unknown
Priority: extra
Maintainer: CAcert Software Team <cacert-devel@cacert.org>
-Build-Depends: debhelper (>= 8.0.0), libtool, libmysqlclient-dev (>= 5.5)
+Build-Depends: debhelper (>= 8.0.0), libtool, libmysqlclient-dev (>= 5.5), libssl-dev
Standards-Version: 3.9.4
Homepage: https://cacert.org/
#Vcs-Git: git://git.debian.org/collab-maint/cassiopeia.git
std::string profile;
std::string csr;
std::string csr_type;
+ std::string csr_content;
};
class JobProvider {
#include "database.h"
#include "mysql.h"
+#include "simpleOpensslSigner.h"
int main( int argc, const char* argv[] ) {
if( argc < 2 ) {
}
std::shared_ptr<JobProvider> jp( new MySQLJobProvider( "localhost", "cacert", argv[1], "cacert" ) );
+ std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
std::shared_ptr<Job> job = jp->fetchJob();
if( !job ) {
std::cout << cert->CN << std::endl;
std::cout << cert->md << std::endl;
std::cout << cert->csr << std::endl;
- std::cout << cert->csr_type << std::endl;
std::ifstream t( cert->csr );
- std::string str( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
- std::cout << "CSR: " << str << std::endl;
+ cert->csr_content = std::string( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
+ sign->sign( cert );
}
if( !jp->finishJob( job ) ) {
--- /dev/null
+#pragma once
+
+#include <memory>
+
+#include "database.h"
+
+class Signer {
+public:
+ virtual void sign( std::shared_ptr<TBSCertificate> cert ) = 0;
+};
--- /dev/null
+#include "simpleOpensslSigner.h"
+
+#include <iostream>
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+ std::cout << cert->CN << std::endl;
+ BIO* in;
+ in = BIO_new_mem_buf( const_cast<char*>( cert->csr_content.c_str() ), -1 );
+ X509_REQ* req = PEM_read_bio_X509_REQ( in, NULL, NULL, NULL );
+
+ if( req == NULL ) {
+ std::cerr << "Error parsing CSR" << std::endl;
+ return;
+ }
+
+ EVP_PKEY* pktmp = X509_REQ_get_pubkey( req );
+
+ if( pktmp == NULL ) {
+ std::cerr << "Error extracting pubkey" << std::endl;
+ return;
+ }
+
+ std::cout << req << ";" << pktmp << std::endl;
+ SSL_library_init();
+ int i = X509_REQ_verify( req, pktmp );
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp( stderr );
+ std::cout << ERR_get_error() << std::endl;
+
+ if( i < 0 ) {
+ std::cerr << "Signature problems ... " << i << std::endl;
+ return;
+ } else if( i == 0 ) {
+ std::cerr << "Signature did not match" << std::endl;
+ return;
+ } else {
+ std::cerr << "Signature ok" << std::endl;
+ }
+
+}
--- /dev/null
+#pragma once
+
+#include "database.h"
+#include "signer.h"
+
+class SimpleOpensslSigner : public Signer {
+public:
+ void sign( std::shared_ptr<TBSCertificate> cert );
+};