]> WPIA git - cassiopeia.git/commitdiff
projects / cassiopeia.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 96c9cb1)
add: Put the profile id into the serial
authorFelix Dörre <felix@dogcraft.de>
Tue, 4 Nov 2014 09:34:37 +0000 (10:34 +0100)
committerBenny Baumann <BenBE@geshi.org>
Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
src/simpleOpensslSigner.cpp patch | blob | history
src/simpleOpensslSigner.h patch | blob | history

diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp
index 21e5b949350d9664fcd01867292ddb04caf8ce30..8bed9c27553cc6c33e48b41777568c245f091720 100644 (file)
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -73,7 +73,7 @@ SimpleOpensslSigner::SimpleOpensslSigner() {
 SimpleOpensslSigner::~SimpleOpensslSigner() {
 }
 
-std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial() {
+std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial( uint16_t profile ) {
     std::ifstream serialif( "serial" );
     std::string res;
     serialif >> res;
@@ -97,8 +97,8 @@ std::shared_ptr<BIGNUM> SimpleOpensslSigner::nextSerial() {
 
     std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
     int len = BN_bn2bin( serial.get(), data.get() );
-    data.get()[len] = 0x0;
-    data.get()[len + 1] = 0x0; // profile id
+    data.get()[len] = profile >> 8;
+    data.get()[len + 1] = profile & 0xFF; // profile id
     data.get()[len + 2] = 0x0;
     data.get()[len + 3] = 0x0; // signer id
 
@@ -177,7 +177,13 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
 
     c.setIssuerNameFrom( caCert );
     c.setPubkeyFrom( req );
-    std::shared_ptr<BIGNUM> ser = nextSerial();
+    long int profile = strtol( cert->profile.c_str(), 0, 10 );
+
+    if( profile > 0xFFFF || profile < 0 || ( profile == 0 && cert->profile != "0" ) ) {
+        throw "invalid profile id";
+    }
+
+    std::shared_ptr<BIGNUM> ser = nextSerial( profile );
     c.setSerialNumber( ser.get() );
     c.setTimes( 0, 60 * 60 * 24 * 10 );
     c.setExtensions( caCert, cert->SANs );
diff --git a/src/simpleOpensslSigner.h b/src/simpleOpensslSigner.h
index 2b2774dc1579eb88f5e274d13d8ff602ea29cb1d..287f42ce5ee8db607c61000f68ecfb5f428b4ae2 100644 (file)
--- a/src/simpleOpensslSigner.h
+++ b/src/simpleOpensslSigner.h
@@ -10,7 +10,7 @@ private:
     static std::shared_ptr<int> lib_ref;
     std::shared_ptr<EVP_PKEY> caKey;
     std::shared_ptr<X509> caCert;
-    std::shared_ptr<BIGNUM> nextSerial();
+    std::shared_ptr<BIGNUM> nextSerial( uint16_t profile );
 public:
     SimpleOpensslSigner();
     ~SimpleOpensslSigner();
WPIA Certificate Signing Software