int crl2pkcs7_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
STACK_OF(OPENSSL_STRING) *certflst = NULL;
STACK_OF(X509) *cert_stack = NULL;
STACK_OF(X509_CRL) *crl_stack = NULL;
X509_CRL *crl = NULL;
char *infile = NULL, *outfile = NULL, *prog, *certfile;
int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, crl2pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl2pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOCRL:
nocrl = 1;
break;
case OPT_CERTFILE:
if ((certflst == NULL)
&& (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
sk_OPENSSL_STRING_free(certflst);
goto end;
}
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (!nocrl) {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7 = PKCS7_new()) == NULL)
goto end;
if ((p7s = PKCS7_SIGNED_new()) == NULL)
goto end;
p7->type = OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign = p7s;
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
if (crl != NULL) {
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst)
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
sk_OPENSSL_STRING_free(certflst);
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
X509_CRL_free(crl);
return (ret);
}
int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
{
int ret=0;
BIO *in=NULL;
int i,count=0;
X509_CRL *x=NULL;
if (file == NULL) return(1);
in=BIO_new(BIO_s_file_internal());
if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
{
X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
goto err;
}
if (type == X509_FILETYPE_PEM)
{
for (;;)
{
x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
if (x == NULL)
{
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0))
{
ERR_clear_error();
break;
}
else
{
X509err(X509_F_X509_LOAD_CRL_FILE,
ERR_R_PEM_LIB);
goto err;
}
}
i=X509_STORE_add_crl(ctx->store_ctx,x);
if (!i) goto err;
count++;
X509_CRL_free(x);
x=NULL;
}
ret=count;
}
else if (type == X509_FILETYPE_ASN1)
{
x=d2i_X509_CRL_bio(in,NULL);
if (x == NULL)
{
X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
goto err;
}
i=X509_STORE_add_crl(ctx->store_ctx,x);
if (!i) goto err;
ret=i;
}
else
{
X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
goto err;
}
err:
if (x != NULL) X509_CRL_free(x);
if (in != NULL) BIO_free(in);
return(ret);
}
/**
*失効リストチェック関数
* @author University of Tsukuba
* @param *pInData 証明書データ
* @param lInLen 証明書データ長
* @param *data CRLファイルデータ
* @param len CRLファイルデータレングス
* @return long 0:未失効 1:失効中 -1:異常
* @since 2008.02
* @version 1.0
*/
long IDMan_CmCheckCRL(void *pInData, long lInLen, void * data,unsigned long int len )
{
long lRet=-1L;
/*FILE *fp;*/
X509 *x509=0x00;
X509_CRL *x509crl=0x00;
X509_NAME *x509crlissuer = 0x00;
int iRet=0;
int idx;
X509_REVOKED rtmp;
char *p,*p2;
char szErrBuff[1024];
BIO * BIOptr;
ERR_load_crypto_strings();
IDMan_StMemset(szErrBuff, 0x00, sizeof(szErrBuff));
/** 証明書データパラメータチェックを行う。 */
/** エラー発生した場合、 */
if (pInData == 0x00)
{
/** −処理を中断する。 */
return lRet;
}
/** 証明書長データパラメータチェックを行う。 */
/** エラー発生した場合、 */
if (lInLen == 0)
{
/** −処理を中断する。 */
return lRet;
}
/** 失効データパラメータチェックを行う。 */
/** 失効データが存在しない場合、 */
if (data==0x00 || len == 0)
{
/** −正常終了する。 */
lRet =0;
return lRet;
}
/** X509構造体の初期化を行う。 */
/** エラー発生した場合、 */
if((x509 = X509_new())== 0x00)
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
return lRet;
}
/** DERファイルから、X509構造体にデータを読み込む。 */
/** BIO構造の作成を行う。 */
BIOptr = BIO_new(BIO_s_mem());
/** BIO構造のリセットを行う。 */
iRet = BIO_reset(BIOptr);
/** エラー発生した場合、 */
if(iRet != 1)
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
BIO_free(BIOptr);
return lRet;
}
/** BIO構造へ公開鍵証明書データの設定を行う。 */
iRet = BIO_write(BIOptr,pInData,lInLen);
/** エラー発生した場合、 */
if( iRet != lInLen )
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
BIO_free(BIOptr);
return lRet;
}
/** X509構造体の作成を行う。 */
x509 =(X509 *) d2i_X509_bio(BIOptr,0x00);
/** エラー発生した場合、 */
if((x509 == 0x00))
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
if(x509 !=0x00) X509_free(x509);
BIO_free(BIOptr);
return lRet;
}
/** BIO構造の解放を行う。 */
BIO_free(BIOptr);
/** issuerDNの取得を行う。 */
X509_NAME *x509issuer = X509_get_issuer_name(x509);
p = X509_NAME_oneline(x509issuer, 0, 0);
/** CRL情報の取得を行う。 */
x509crl = X509_CRL_new();
/** BIO構造の作成を行う。 */
BIOptr = BIO_new(BIO_s_mem());
/** BIO構造のリセットを行う。 */
iRet = BIO_reset(BIOptr);
/** エラー発生した場合、 */
if(iRet != 1)
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
BIO_free(BIOptr);
return lRet;
}
/** BIO構造へ失効リストデータの設定を行う。 */
iRet = BIO_write(BIOptr,data,len);
/** エラー発生した場合、 */
if( iRet != (int)len )
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
BIO_free(BIOptr);
return lRet;
}
/** x509crl構造へ失効リストデータの設定を行う。 */
x509crl = (X509_CRL *) d2i_X509_CRL_bio(BIOptr,0x00);
/** エラー発生した場合、 */
if(x509crl==0x00)
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
if(x509 !=0x00) X509_free(x509);
if(x509crl !=0x00) X509_CRL_free(x509crl);
BIO_free(BIOptr);
return lRet;
}
/** BIO構造の解放を行う。 */
BIO_free(BIOptr);
/** シリアル番号の取得を行う。 */
rtmp.serialNumber = X509_get_serialNumber(x509);
/** CRLのissuerDNの取得を行う。 */
/** エラー発生した場合、 */
x509crlissuer = X509_CRL_get_issuer(x509crl);
if ( x509crlissuer == 0x00 )
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
if(x509 !=0x00) X509_free(x509);
if(x509crl !=0x00) X509_CRL_free(x509crl);
return lRet;
}
/** 証明書とCRLのissuerDNの比較を行う。 */
p2 = X509_NAME_oneline(x509crlissuer, 0, 0);
/** エラー発生した場合、 */
if( strcmp(p, p2) != 0)
{
/** −処理を中断する。 */
ERR_error_string(ERR_get_error(), szErrBuff);
if(x509 !=0x00) X509_free(x509);
if(x509crl !=0x00) X509_CRL_free(x509crl);
return lRet;
}
/** CRLのシリアル番号をソートする。 */
if (!sk_is_sorted(x509crl->crl->revoked))
{
sk_sort(x509crl->crl->revoked);
}
/** CRLのシリアル番号を検索する。 */
idx = sk_X509_REVOKED_find(x509crl->crl->revoked, &rtmp);
/** 該当シリアル番号が存在する場合、 */
if (idx >= 0)
{
/** −戻り値に1を設定する。 */
lRet =1;
}
/** 該当シリアル番号が存在しない場合、 */
else
{
/** −戻り値に0を設定する。 */
lRet =0;
}
/** X509の開放を行う。 */
if(x509 !=0x00) X509_free(x509);
/** X509CRLの開放を行う。 */
if(x509crl !=0x00) X509_CRL_free(x509crl);
return lRet;
}
Handle<PkiItem> Provider_System::objectToPKIItem(Handle<std::string> uri){
LOGGER_FN();
Handle<PkiItem> item;
Handle<Bio> in = new Bio(BIO_TYPE_FILE, uri->c_str(), "rb");
try{
item = new PkiItem();
X509_REQ *xreq = NULL;
X509 *xcert = NULL;
X509_CRL *xcrl = NULL;
Handle<Certificate> hcert = NULL;
Handle<CRL> hcrl = NULL;
std::string listCertStore[] = {
"MY",
"OTHERS",
"TRUST",
"CRL"
};
std::string strTrust = (uri->substr(0, (uri->find_last_of(CROSSPLATFORM_SLASH))));
strTrust = strTrust.substr(strTrust.find_last_of(CROSSPLATFORM_SLASH) + 1, strTrust.length());
bool trueTrust = false;
for (int i = 0, c = sizeof(listCertStore) / sizeof(*listCertStore); i < c; i++){
if (strcmp(listCertStore[i].c_str(), strTrust.c_str()) == 0){
trueTrust = true;
break;
}
}
if (!trueTrust){
THROW_EXCEPTION(0, Provider_System, NULL, "Category of object is uncorrect");
}
int enc;
if (itPrivateKey(uri, &enc)){
item->type = new std::string("KEY");
item->uri = uri;
item->provider = new std::string("SYSTEM");
item->category = new std::string(strTrust);
item->keyEncrypted = enc;
item->format = new std::string("PEM");
Handle<std::string> keyHash = new std::string(uri->c_str());
const size_t last_slash_idx = keyHash->find_last_of(CROSSPLATFORM_SLASH);
if (std::string::npos != last_slash_idx){
keyHash->erase(0, last_slash_idx + 1);
}
const size_t period_idx = keyHash->rfind('.');
if (std::string::npos != period_idx){
keyHash->erase(period_idx);
}
if (keyHash->length() == 40){
item->hash = keyHash;
}
else{
THROW_EXCEPTION(0, Provider_System, NULL, "Error length hash (need 40 for sha1). Hash is privatekey filename");
}
return item;
}
in->seek(0);
LOGGER_OPENSSL(PEM_read_bio_X509);
xcert = PEM_read_bio_X509(in->internal(), NULL, NULL, NULL);
if (xcert){
hcert = new Certificate(xcert);
item->format = new std::string("PEM");
}
else{
in->seek(0);
LOGGER_OPENSSL(d2i_X509_bio);
xcert = d2i_X509_bio(in->internal(), NULL);
if (xcert){
hcert = new Certificate(xcert);
item->format = new std::string("DER");
}
}
if (!hcert.isEmpty()){
item->type = new std::string("CERTIFICATE");
item->uri = uri;
item->provider = new std::string("SYSTEM");
item->category = new std::string(strTrust);
char * hexHash;
Handle<std::string> hhash = hcert->getThumbprint();
PkiStore::bin_to_strhex((unsigned char *)hhash->c_str(), hhash->length(), &hexHash);
item->hash = new std::string(hexHash);
item->certSubjectName = hcert->getSubjectName();
item->certSubjectFriendlyName = hcert->getSubjectFriendlyName();
item->certIssuerName = hcert->getIssuerName();
item->certIssuerFriendlyName = hcert->getIssuerFriendlyName();
item->certSerial = hcert->getSerialNumber();
item->certOrganizationName = hcert->getOrganizationName();
item->certSignatureAlgorithm = hcert->getSignatureAlgorithm();
item->certNotBefore = hcert->getNotBefore();
item->certNotAfter = hcert->getNotAfter();
item->certKey = getKey(uri);
return item;
}
in->seek(0);
LOGGER_OPENSSL(PEM_read_bio_X509_REQ);
xreq = PEM_read_bio_X509_REQ(in->internal(), NULL, NULL, NULL);
if (xreq){
item->format = new std::string("PEM");
}
else{
in->seek(0);
LOGGER_OPENSSL(d2i_X509_REQ_bio);
xreq = d2i_X509_REQ_bio(in->internal(), NULL);
if (xreq){
item->format = new std::string("DER");
}
}
if (xreq){
item->type = new std::string("REQUEST");
item->uri = uri;
item->provider = new std::string("SYSTEM");
item->category = new std::string(strTrust);
/* SHA-1 hash */
unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
unsigned int hashlen = 0;
LOGGER_OPENSSL(X509_digest);
if (!X509_REQ_digest(xreq, EVP_sha1(), hash, &hashlen)) {
THROW_OPENSSL_EXCEPTION(0, Provider_System, NULL, "X509_REQ_digest");
}
Handle<std::string> hhash = new std::string((char *)hash, hashlen);
char * hexHash;
PkiStore::bin_to_strhex((unsigned char *)hhash->c_str(), hhash->length(), &hexHash);
item->hash = new std::string(hexHash);
/* Request subject name */
LOGGER_OPENSSL(X509_REQ_get_subject_name);
X509_NAME *name = X509_REQ_get_subject_name(xreq);
if (!name){
THROW_EXCEPTION(0, Provider_System, NULL, "X509_NAME is NULL");
}
LOGGER_OPENSSL(X509_NAME_oneline_ex);
std::string str_name = X509_NAME_oneline_ex(name);
Handle<std::string> nameRes = new std::string(str_name.c_str(), str_name.length());
item->csrSubjectName = nameRes;
/* Request subject friendly name */
Handle<std::string> friendlyName = new std::string("");
int nid = NID_commonName;
LOGGER_OPENSSL(X509_NAME_get_index_by_NID);
int index = X509_NAME_get_index_by_NID(name, nid, -1);
if (index >= 0) {
LOGGER_OPENSSL(X509_NAME_get_entry);
X509_NAME_ENTRY *issuerNameCommonName = X509_NAME_get_entry(name, index);
if (issuerNameCommonName) {
LOGGER_OPENSSL(X509_NAME_ENTRY_get_data);
ASN1_STRING *issuerCNASN1 = X509_NAME_ENTRY_get_data(issuerNameCommonName);
if (issuerCNASN1 != NULL) {
unsigned char *utf = NULL;
LOGGER_OPENSSL(ASN1_STRING_to_UTF8);
ASN1_STRING_to_UTF8(&utf, issuerCNASN1);
friendlyName = new std::string((char *)utf);
OPENSSL_free(utf);
}
}
}
else {
friendlyName = new std::string("No common name");
}
item->csrSubjectFriendlyName = friendlyName;
item->csrKey = getKey(uri);
return item;
}
in->seek(0);
LOGGER_OPENSSL(PEM_read_bio_X509_CRL);
xcrl = PEM_read_bio_X509_CRL(in->internal(), NULL, NULL, NULL);
if (xcrl){
hcrl = new CRL(xcrl);
item->format = new std::string("PEM");
}
else{
in->seek(0);
LOGGER_OPENSSL(d2i_X509_CRL_bio);
xcrl = d2i_X509_CRL_bio(in->internal(), NULL);
if (xcrl){
hcrl = new CRL(xcrl);
item->format = new std::string("DER");
}
}
if (!hcrl.isEmpty()){
item->type = new std::string("CRL");
item->uri = uri;
item->provider = new std::string("SYSTEM");
item->category = new std::string(strTrust);
char * hexHash;
Handle<std::string> hhash = hcrl->getThumbprint();
PkiStore::bin_to_strhex((unsigned char *)hhash->c_str(), hhash->length(), &hexHash);
item->hash = new std::string(hexHash);
item->crlIssuerName = hcrl->issuerName();
item->crlIssuerFriendlyName = hcrl->issuerFriendlyName();
item->crlLastUpdate = hcrl->getThisUpdate();
item->crlNextUpdate = hcrl->getNextUpdate();
return item;
}
}
catch (Handle<Exception> e){
THROW_EXCEPTION(0, Provider_System, e, "Object type not supported");
}
if (item->type->length() == 0){
return NULL;
}
}
int MAIN(int argc, char **argv)
{
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog,*certfile;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL;
STACK_OF(OPENSSL_STRING) *certflst=NULL;
STACK_OF(X509_CRL) *crl_stack=NULL;
STACK_OF(X509) *cert_stack=NULL;
int ret=1,nocrl=0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-nocrl") == 0)
{
nocrl=1;
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(certflst,*(++argv));
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
ret = 1;
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (!nocrl)
{
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (informat == FORMAT_ASN1)
crl=d2i_X509_CRL_bio(in,NULL);
else if (informat == FORMAT_PEM)
crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
else {
BIO_printf(bio_err,"bad input format specified for input crl\n");
goto end;
}
if (crl == NULL)
{
BIO_printf(bio_err,"unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7=PKCS7_new()) == NULL) goto end;
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
p7->type=OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign=p7s;
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
p7s->crl=crl_stack;
if (crl != NULL)
{
sk_X509_CRL_push(crl_stack,crl);
crl=NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
p7s->cert=cert_stack;
if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack,certfile) < 0)
{
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
apps_shutdown();
OPENSSL_EXIT(ret);
}
unsigned char *SCEP_MSG_decrypt( SCEP_MSG *msg, EVP_PKEY *ppkey,
X509 *cert, long *len ) {
char *ret = NULL;
char *data = NULL;
BIO *bio = NULL;
BIO *bio_err = NULL;
BIO *bio_dup = NULL;
X509 *foo_cert = NULL;
EVP_PKEY *pkey = NULL;
SCEP_RECIP_INFO *rinfo;
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
/* Get the recipient information to build the fake
* certificate needed into the PKCS7_decrypt function */
rinfo = &(msg->env_data.recip_info);
/* We need a private key */
if( ppkey )
pkey = ppkey;
else
pkey = msg->signer_pkey;
if( !pkey ) return (NULL);
if( cert ) {
foo_cert = cert;
} else {
if( (foo_cert = X509_new()) == NULL ) {
BIO_printf(bio_err, "%s:%d: foo_cert not alloc\n", __FILE__,
__LINE__);
goto err;
};
X509_set_issuer_name(foo_cert,rinfo->ias->issuer);
X509_set_subject_name(foo_cert,rinfo->ias->issuer);
X509_set_serialNumber(foo_cert,rinfo->ias->serial);
X509_set_pubkey(foo_cert, pkey);
}
bio = BIO_new(BIO_s_mem());
if (PKCS7_decrypt( msg->env_data.p7env, pkey, foo_cert, bio, 0) == 0) {
// printf("%s:%d: decryption failed\n", __FILE__,
// __LINE__);
goto err;
}
BIO_flush(bio);
if( len ) *len = BIO_get_mem_data(bio, &data);
switch ( msg->messageType ) {
case MSG_CERTREP:
if( msg->env_data.crl = d2i_X509_CRL_bio(bio,NULL) ) {
/* There is a CRL */
ret = (char *) msg->env_data.crl;
}
// p7 = d2i_PKCS7_bio(bio, NULL);
break;
case MSG_PKCSREQ:
msg->env_data.content.req = d2i_X509_REQ_bio(bio, NULL);
ret = (char *) msg->env_data.content.req;
break;
case MSG_GETCERTINITIAL:
// req->rd.is = d2i_issuer_and_subject_bio(bio, NULL);
break;
case MSG_GETCERT:
case MSG_GETCRL:
msg->env_data.content.ias = d2i_PKCS7_ias_bio(NULL, bio);
ret = (char *) msg->env_data.content.ias;
break;
case MSG_V2PROXY: // unsupported
case MSG_V2REQUEST: // unsupported
default:
// BIO_printf(bio_err, "%s:%d: unknown message type: %s\n",
// __FILE__, __LINE__, msg->messageType);
break;
}
err:
if( foo_cert && !cert ) X509_free( foo_cert );
if( bio ) BIO_free(bio);
ERR_clear_error();
return ret;
}
