# Emacs
*~
+\#*#
+
+# Devel key files
+*.crt
+*.key
+*.csr
+config.txt
+serial
}
}
-void X509Cert::setSerialNumber( int num ) {
- ASN1_INTEGER_set( target.get()->cert_info->serialNumber, num );
+void X509Cert::setSerialNumber( BIGNUM* num ) {
+ BN_to_ASN1_INTEGER( num , target->cert_info->serialNumber );
}
void X509Cert::setTimes( uint32_t before, uint32_t after ) {
BIO_get_mem_ptr( mem.get(), &buf );
std::shared_ptr<SignedCertificate> res = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
res->certificate = std::string( buf->data, buf->data + buf->length );
- res->serial = ASN1_INTEGER_get( target.get()->cert_info->serialNumber );
+ BIGNUM* ser = ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL );
+ char* serStr = BN_bn2hex( ser );
+ res->serial = std::string( serStr );
+ OPENSSL_free( serStr );
+ BN_free( ser );
return res;
}
X509Cert();
void setIssuerNameFrom( std::shared_ptr<X509> ca );
void setPubkeyFrom( std::shared_ptr<X509Req> r );
- void setSerialNumber( int num );
+ void setSerialNumber( BIGNUM* num );
void setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans );
void setTimes( uint32_t before, uint32_t after );
std::shared_ptr<SignedCertificate> sign( std::shared_ptr<EVP_PKEY> caKey );
struct SignedCertificate {
std::string certificate;
- uint32_t serial;
+ std::string serial;
uint32_t before;
uint32_t after;
std::string pkHash;
file.open( filename.c_str() );
file << cert.c_str();
file.close();
+ std::cout << "wrote to " << filename << std::endl;
return filename;
}
throw "Error while writing back";
}
- std::string q = "UPDATE certs SET crt_name='" + this->escape_string( res->crt_name ) + "', serial='" + this->escape_string( std::to_string( res->serial ) ) + "', created=NOW() WHERE id='" + this->escape_string( job->id ) + "' LIMIT 1";
+ std::string q = "UPDATE certs SET crt_name='" + this->escape_string( res->crt_name ) + "', serial='" + this->escape_string( res->serial ) + "', created=NOW() WHERE id='" + this->escape_string( job->target ) + "' LIMIT 1";
// TODO write more thingies back
#include "simpleOpensslSigner.h"
#include <iostream>
+#include <fstream>
#include <openssl/ssl.h>
#include <openssl/err.h>
caKey = loadPkeyFromFile( profiles[0].key );
}
-int serial = 10;
+SimpleOpensslSigner::~SimpleOpensslSigner() {
+}
+
+std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial() {
+ std::ifstream serialif( "serial" );
+ std::string res;
+ serialif >> res;
+ serialif.close();
+
+ BIGNUM* bn = 0;
+
+ if( res == "" ) {
+ bn = BN_new();
+
+ if( !bn ) {
+ throw "Initing serial failed";
+ }
+ } else {
+ if( !BN_hex2bn( &bn, res.c_str() + 1 ) ) {
+ throw "Parsing serial failed.";
+ }
+ }
+
+ std::shared_ptr<BIGNUM> serial = std::shared_ptr<BIGNUM>( bn, BN_free );
+
+ std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
+ int len = BN_bn2bin( serial.get(), data.get() );
+ data.get()[len] = 0x0;
+ data.get()[len + 1] = 0x0; // profile id
+ data.get()[len + 2] = 0x0;
+ data.get()[len + 3] = 0x0; // signer id
+
+ if( !RAND_bytes( data.get() + len + 4, 16 ) || !BN_add_word( serial.get(), 1 ) ) {
+ throw "Big number math failed while calcing serials.";
+ }
+
+ char* serStr = BN_bn2hex( serial.get() );
+ std::ofstream serialf( "serial" );
+ serialf << serStr;
+ serialf.close();
+ OPENSSL_free( serStr );
+
+ return std::shared_ptr<BIGNUM>( BN_bin2bn( data.get(), len + 4 + 16 , 0 ), BN_free );
+}
std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
if( !caKey ) {
c.setIssuerNameFrom( caCert );
c.setPubkeyFrom( req );
- c.setSerialNumber( serial++ );
+ std::shared_ptr<BIGNUM> ser = nextSerial();
+ c.setSerialNumber( ser.get() );
c.setTimes( 0, 60 * 60 * 24 * 10 );
c.setExtensions( caCert, cert->SANs );
static std::shared_ptr<int> lib_ref;
std::shared_ptr<EVP_PKEY> caKey;
std::shared_ptr<X509> caCert;
+ std::shared_ptr<BIGNUM> nextSerial();
public:
SimpleOpensslSigner();
+ ~SimpleOpensslSigner();
std::shared_ptr<SignedCertificate> sign( std::shared_ptr<TBSCertificate> cert );
};