add: Makeing initialization of OpenSSL crypto work

author Felix Dörre <felix@dogcraft.de>

Sat, 1 Nov 2014 23:32:14 +0000 (00:32 +0100)

committer Benny Baumann <BenBE@geshi.org>

Fri, 7 Nov 2014 22:52:53 +0000 (23:52 +0100)
author Felix Dörre <felix@dogcraft.de>
Sat, 1 Nov 2014 23:32:14 +0000 (00:32 +0100)
committer Benny Baumann <BenBE@geshi.org>
Fri, 7 Nov 2014 22:52:53 +0000 (23:52 +0100)
diff --git a/Makefile b/Makefile

index 011da11564aef1e222125515a0362092f4eb840b..748800c276decbc232e224d7400612ec6d41af4d 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -36,7 +36,7 @@ LD=${LT_LD}
  
  CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11
  CXXFLAGS=$(CFLAGS)
-LDFLAGS=-O3 -g -flto -lmysqlclient
+LDFLAGS=-O3 -g -flto -lmysqlclient -lssl -lcrypto -ldl
  
  SRC_DIR=src
  OBJ_DIR=obj
diff --git a/debian/control b/debian/control

index a124076b61c8bcfa0994e40992b4cb6e3b7a0e66..cc91045dcb3d08225d0d7032ab262bb564c78d78 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: cassiopeia
  Section: unknown
  Priority: extra
  Maintainer: CAcert Software Team <cacert-devel@cacert.org>
-Build-Depends: debhelper (>= 8.0.0), libtool, libmysqlclient-dev (>= 5.5)
+Build-Depends: debhelper (>= 8.0.0), libtool, libmysqlclient-dev (>= 5.5), libssl-dev
  Standards-Version: 3.9.4
  Homepage: https://cacert.org/
  #Vcs-Git: git://git.debian.org/collab-maint/cassiopeia.git
diff --git a/src/database.h b/src/database.h

index e719df63628ba2923b6a7b3b0088eff0b56390e3..46aed6c012ba0fec675371e1fb4890347008359f 100644 (file)
--- a/src/database.h
+++ b/src/database.h
@@ -17,6 +17,7 @@ struct TBSCertificate {
      std::string profile;
      std::string csr;
      std::string csr_type;
+    std::string csr_content;
  };
  
  class JobProvider {
diff --git a/src/main.cpp b/src/main.cpp

index ce89594fdf51f72abe3a830f6b8215a2d952554f..6523166347e00e820a3337a85e61358c937846fc 100644 (file)
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -22,6 +22,7 @@
  
  #include "database.h"
  #include "mysql.h"
+#include "simpleOpensslSigner.h"
  
  int main( int argc, const char* argv[] ) {
      if( argc < 2 ) {
@@ -30,6 +31,7 @@ int main( int argc, const char* argv[] ) {
      }
  
      std::shared_ptr<JobProvider> jp( new MySQLJobProvider( "localhost", "cacert", argv[1], "cacert" ) );
+    std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
      std::shared_ptr<Job> job = jp->fetchJob();
  
      if( !job ) {
@@ -43,10 +45,9 @@ int main( int argc, const char* argv[] ) {
          std::cout << cert->CN << std::endl;
          std::cout << cert->md << std::endl;
          std::cout << cert->csr << std::endl;
-        std::cout << cert->csr_type << std::endl;
          std::ifstream t( cert->csr );
-        std::string str( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
-        std::cout << "CSR:  " << str << std::endl;
+        cert->csr_content = std::string( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
+        sign->sign( cert );
      }
  
      if( !jp->finishJob( job ) ) {
diff --git a/src/signer.h b/src/signer.h

new file mode 100644 (file)

index 0000000..f36cf48
--- /dev/null
+++ b/src/signer.h
@@ -0,0 +1,10 @@
+#pragma once
+
+#include <memory>
+
+#include "database.h"
+
+class Signer {
+public:
+    virtual void sign( std::shared_ptr<TBSCertificate> cert ) = 0;
+};
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp

new file mode 100644 (file)

index 0000000..08471bc
--- /dev/null
+++ b/src/simpleOpensslSigner.cpp
@@ -0,0 +1,46 @@
+#include "simpleOpensslSigner.h"
+
+#include <iostream>
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+    std::cout << cert->CN << std::endl;
+    BIO* in;
+    in = BIO_new_mem_buf( const_cast<char*>( cert->csr_content.c_str() ), -1 );
+    X509_REQ* req = PEM_read_bio_X509_REQ( in, NULL, NULL, NULL );
+
+    if( req == NULL ) {
+        std::cerr << "Error parsing CSR" << std::endl;
+        return;
+    }
+
+    EVP_PKEY* pktmp = X509_REQ_get_pubkey( req );
+
+    if( pktmp == NULL ) {
+        std::cerr << "Error extracting pubkey" << std::endl;
+        return;
+    }
+
+    std::cout << req << ";" << pktmp << std::endl;
+    SSL_library_init();
+    int i = X509_REQ_verify( req, pktmp );
+    ERR_load_crypto_strings();
+    ERR_print_errors_fp( stderr );
+    std::cout << ERR_get_error() << std::endl;
+
+    if( i < 0 ) {
+        std::cerr << "Signature problems ... " << i << std::endl;
+        return;
+    } else if( i == 0 ) {
+        std::cerr << "Signature did not match" << std::endl;
+        return;
+    } else {
+        std::cerr << "Signature ok" << std::endl;
+    }
+
+}
diff --git a/src/simpleOpensslSigner.h b/src/simpleOpensslSigner.h

new file mode 100644 (file)

index 0000000..2eb300d
--- /dev/null
+++ b/src/simpleOpensslSigner.h
@@ -0,0 +1,9 @@
+#pragma once
+
+#include "database.h"
+#include "signer.h"
+
+class SimpleOpensslSigner : public Signer {
+public:
+    void sign( std::shared_ptr<TBSCertificate> cert );
+};
author	Felix Dörre <felix@dogcraft.de>
	Sat, 1 Nov 2014 23:32:14 +0000 (00:32 +0100)
committer	Benny Baumann <BenBE@geshi.org>
	Fri, 7 Nov 2014 22:52:53 +0000 (23:52 +0100)
Makefile		patch \| blob \| history
debian/control		patch \| blob \| history
src/database.h		patch \| blob \| history
src/main.cpp		patch \| blob \| history
src/signer.h	[new file with mode: 0644]	patch \| blob
src/simpleOpensslSigner.cpp	[new file with mode: 0644]	patch \| blob
src/simpleOpensslSigner.h	[new file with mode: 0644]	patch \| blob