From: Felix Dörre <felix@dogcraft.de>
Date: Sat, 1 Nov 2014 23:32:14 +0000 (+0100)
Subject: add: Makeing initialization of OpenSSL crypto work
X-Git-Url: https://code.wpia.club/?p=cassiopeia.git;a=commitdiff_plain;h=08f8da2e81d783d851e9d0a4bbaded420a665d6f

add: Makeing initialization of OpenSSL crypto work
---

diff --git a/Makefile b/Makefile
index 011da11..748800c 100644
--- a/Makefile
+++ b/Makefile
@@ -36,7 +36,7 @@ LD=${LT_LD}
 
 CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11
 CXXFLAGS=$(CFLAGS)
-LDFLAGS=-O3 -g -flto -lmysqlclient
+LDFLAGS=-O3 -g -flto -lmysqlclient -lssl -lcrypto -ldl
 
 SRC_DIR=src
 OBJ_DIR=obj
diff --git a/debian/control b/debian/control
index a124076..cc91045 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: cassiopeia
 Section: unknown
 Priority: extra
 Maintainer: CAcert Software Team <cacert-devel@cacert.org>
-Build-Depends: debhelper (>= 8.0.0), libtool, libmysqlclient-dev (>= 5.5)
+Build-Depends: debhelper (>= 8.0.0), libtool, libmysqlclient-dev (>= 5.5), libssl-dev
 Standards-Version: 3.9.4
 Homepage: https://cacert.org/
 #Vcs-Git: git://git.debian.org/collab-maint/cassiopeia.git
diff --git a/src/database.h b/src/database.h
index e719df6..46aed6c 100644
--- a/src/database.h
+++ b/src/database.h
@@ -17,6 +17,7 @@ struct TBSCertificate {
     std::string profile;
     std::string csr;
     std::string csr_type;
+    std::string csr_content;
 };
 
 class JobProvider {
diff --git a/src/main.cpp b/src/main.cpp
index ce89594..6523166 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -22,6 +22,7 @@
 
 #include "database.h"
 #include "mysql.h"
+#include "simpleOpensslSigner.h"
 
 int main( int argc, const char* argv[] ) {
     if( argc < 2 ) {
@@ -30,6 +31,7 @@ int main( int argc, const char* argv[] ) {
     }
 
     std::shared_ptr<JobProvider> jp( new MySQLJobProvider( "localhost", "cacert", argv[1], "cacert" ) );
+    std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
     std::shared_ptr<Job> job = jp->fetchJob();
 
     if( !job ) {
@@ -43,10 +45,9 @@ int main( int argc, const char* argv[] ) {
         std::cout << cert->CN << std::endl;
         std::cout << cert->md << std::endl;
         std::cout << cert->csr << std::endl;
-        std::cout << cert->csr_type << std::endl;
         std::ifstream t( cert->csr );
-        std::string str( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
-        std::cout << "CSR:  " << str << std::endl;
+        cert->csr_content = std::string( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
+        sign->sign( cert );
     }
 
     if( !jp->finishJob( job ) ) {
diff --git a/src/signer.h b/src/signer.h
new file mode 100644
index 0000000..f36cf48
--- /dev/null
+++ b/src/signer.h
@@ -0,0 +1,10 @@
+#pragma once
+
+#include <memory>
+
+#include "database.h"
+
+class Signer {
+public:
+    virtual void sign( std::shared_ptr<TBSCertificate> cert ) = 0;
+};
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp
new file mode 100644
index 0000000..08471bc
--- /dev/null
+++ b/src/simpleOpensslSigner.cpp
@@ -0,0 +1,46 @@
+#include "simpleOpensslSigner.h"
+
+#include <iostream>
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+    std::cout << cert->CN << std::endl;
+    BIO* in;
+    in = BIO_new_mem_buf( const_cast<char*>( cert->csr_content.c_str() ), -1 );
+    X509_REQ* req = PEM_read_bio_X509_REQ( in, NULL, NULL, NULL );
+
+    if( req == NULL ) {
+        std::cerr << "Error parsing CSR" << std::endl;
+        return;
+    }
+
+    EVP_PKEY* pktmp = X509_REQ_get_pubkey( req );
+
+    if( pktmp == NULL ) {
+        std::cerr << "Error extracting pubkey" << std::endl;
+        return;
+    }
+
+    std::cout << req << ";" << pktmp << std::endl;
+    SSL_library_init();
+    int i = X509_REQ_verify( req, pktmp );
+    ERR_load_crypto_strings();
+    ERR_print_errors_fp( stderr );
+    std::cout << ERR_get_error() << std::endl;
+
+    if( i < 0 ) {
+        std::cerr << "Signature problems ... " << i << std::endl;
+        return;
+    } else if( i == 0 ) {
+        std::cerr << "Signature did not match" << std::endl;
+        return;
+    } else {
+        std::cerr << "Signature ok" << std::endl;
+    }
+
+}
diff --git a/src/simpleOpensslSigner.h b/src/simpleOpensslSigner.h
new file mode 100644
index 0000000..2eb300d
--- /dev/null
+++ b/src/simpleOpensslSigner.h
@@ -0,0 +1,9 @@
+#pragma once
+
+#include "database.h"
+#include "signer.h"
+
+class SimpleOpensslSigner : public Signer {
+public:
+    void sign( std::shared_ptr<TBSCertificate> cert );
+};