STACK_OF(X509_EXTENSION) * X509_REQ_get_extensions(X509_REQ *req) { X509_ATTRIBUTE *attr; ASN1_TYPE *ext = NULL; int idx, *pnid; const unsigned char *p; if ((req == NULL) || (req->req_info == NULL) || !ext_nids) return (NULL); for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); if (attr->single) ext = attr->value.single; else if (sk_ASN1_TYPE_num(attr->value.set)) ext = sk_ASN1_TYPE_value(attr->value.set, 0); break; } if (!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; p = ext->value.sequence->data; return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS)); }
static LUA_FUNCTION(openssl_csr_attribute) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); if (auxiliar_isclass(L, "openssl.x509_attribute", 2)) { X509_ATTRIBUTE *attr = CHECK_OBJECT(2, X509_ATTRIBUTE, "openssl.x509_attribute"); int ret = X509_REQ_add1_attr(csr, attr); return openssl_pushresult(L, ret); } else if (lua_isnumber(L, 2)) { int loc = luaL_checkint(L, 2); X509_ATTRIBUTE *attr = NULL; if (lua_isnone(L, 3)) { attr = X509_REQ_get_attr(csr, loc); attr = X509_ATTRIBUTE_dup(attr); } else if (lua_isnil(L, 3)) { attr = X509_REQ_delete_attr(csr, loc); } if (attr) { PUSH_OBJECT(attr, "openssl.x509_attribute"); } else lua_pushnil(L); return 1; } return 0; }
/*** add attribute to x509_req object @function attribute @tparam x509_attribute attribute attribute to add @treturn boolean result */ static LUA_FUNCTION(openssl_csr_attribute) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); if (auxiliar_getclassudata(L, "openssl.x509_attribute", 2)) { X509_ATTRIBUTE *attr = CHECK_OBJECT(2, X509_ATTRIBUTE, "openssl.x509_attribute"); int ret = X509_REQ_add1_attr(csr, attr); return openssl_pushresult(L, ret); } else if (lua_isnumber(L, 2)) { int loc = luaL_checkint(L, 2); X509_ATTRIBUTE *attr = NULL; if (lua_isnone(L, 3)) { attr = X509_REQ_get_attr(csr, loc); attr = X509_ATTRIBUTE_dup(attr); } else if (lua_isnil(L, 3)) { attr = X509_REQ_delete_attr(csr, loc); } if (attr) { PUSH_OBJECT(attr, "openssl.x509_attribute"); } else lua_pushnil(L); return 1; } else if (lua_istable(L, 2)) { int i; int ret = 1; int n = lua_rawlen(L, 2); for (i = 1; ret == 1 && i <= n; i++) { X509_ATTRIBUTE *attr; lua_rawgeti(L, 2, i); attr = NULL; if (lua_istable(L, -1)) { attr = openssl_new_xattribute(L, &attr, -1, NULL); ret = X509_REQ_add1_attr(csr, attr); X509_ATTRIBUTE_free(attr); } else { attr = CHECK_OBJECT(-1, X509_ATTRIBUTE, "openssl.x509_attribute"); ret = X509_REQ_add1_attr(csr, attr); } lua_pop(L, 1); } openssl_pushresult(L, ret); return 1; } return 0; }
static LUA_FUNCTION(openssl_csr_parse) { X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME * subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); openssl_push_x509_algor(L, csr->sig_alg); lua_setfield(L, -2, "sig_alg"); lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_REQ_INFO* ri = csr->req_info; int i, c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); openssl_push_asn1object(L, ri->pubkey->algor->algorithm); lua_setfield(L, -2, "algorithm"); AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }
QString pki_x509req::getAttribute(int nid) const { int n; int count; QStringList ret; n = X509_REQ_get_attr_by_NID(request, nid, -1); if (n == -1) return QString(""); X509_ATTRIBUTE *att = X509_REQ_get_attr(request, n); if (!att) return QString(""); count = X509_ATTRIBUTE_count(att); for (int j = 0; j < count; j++) ret << asn1ToQString(X509_ATTRIBUTE_get0_type(att, j)-> value.asn1_string); return ret.join(", "); }
static QString getAttribute(X509_REQ *req, int nid) { int n; n = X509_REQ_get_attr_by_NID(req, nid, -1); if (n == -1) return QString(""); X509_ATTRIBUTE *att = X509_REQ_get_attr(req, n); if (!att) return QString(""); if (att->single) return asn1ToQString(att->value.single->value.asn1_string); int count = sk_ASN1_TYPE_num(att->value.set); QStringList ret; for (int j=0; j<count; j++) { ret << asn1ToQString(sk_ASN1_TYPE_value(att->value.set, j)-> value.asn1_string); } return ret.join(", "); }
void CertDetail::setReq(pki_x509req *req) { image->setPixmap(*MainWindow::csrImg); headerLabel->setText(tr("Details of the certificate signing request")); try { setX509super(req); // No issuer tabwidget->removeTab(2); // verification if (!req->verify() ) { signature->setRed(); signature->setText("Failed"); } else { signature->setGreen(); if (req->isSpki()) { signature->setText("SPKAC"); } else { signature->setText("PKCS#10"); } } signature->disableToolTip(); trustState->hide(); fingerprints->hide(); validity->hide(); serialLabel->hide(); serialNr->hide(); // The non extension attributes int cnt = X509_REQ_get_attr_count(req->getReq()); int added = 0; QGridLayout *attrLayout = new QGridLayout(attributes); attrLayout->setAlignment(Qt::AlignTop); attrLayout->setSpacing(6); attrLayout->setMargin(11); for (int i = 0; i<cnt; i++) { int nid; QLabel *label; QString trans; X509_ATTRIBUTE *att = X509_REQ_get_attr(req->getReq(), i); nid = OBJ_obj2nid(att->object); if (X509_REQ_extension_nid(nid)) { continue; } label = new QLabel(this); trans = dn_translations[nid]; if (translate_dn && !trans.isEmpty()) { label->setText(trans); label->setToolTip(QString(OBJ_nid2sn(nid))); } else { label->setText(QString(OBJ_nid2ln(nid))); label->setToolTip(trans); } label->setText(QString(OBJ_nid2ln(nid))); label->setToolTip(QString(OBJ_nid2sn(nid))); attrLayout->addWidget(label, i, 0); added++; if (att->single) { label = labelFromAsn1String(att->value.single->value.asn1_string); attrLayout->addWidget(label, i, 1); continue; } int count = sk_ASN1_TYPE_num(att->value.set); for (int j=0; j<count; j++) { label = labelFromAsn1String(sk_ASN1_TYPE_value(att->value.set, j)->value.asn1_string); attrLayout->addWidget(label, i, j +1); } } ASN1_IA5STRING *chal = req->spki_challange(); if (chal) { QLabel *label; label = new QLabel(this); label->setText(QString("SPKI Challenge String")); attrLayout->addWidget(label, 0, 0); label = labelFromAsn1String(chal); attrLayout->addWidget(label, 0, 1); added++; } if (!added) { tabwidget->removeTab(2); } openssl_error(); } catch (errorEx &err) { XCA_WARN(err.getString()); } }
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag) { long l; int i; EVP_PKEY *pkey; STACK_OF(X509_EXTENSION) *exts; char mlch = ' '; int nmindent = 0; if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; nmindent = 12; } if (nmflags == X509_FLAG_COMPAT) nmindent = 16; if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) goto err; if (BIO_write(bp, " Data:\n", 10) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_VERSION)) { l = X509_REQ_get_version(x); if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_SUBJECT)) { if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), nmindent, nmflags) < 0) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_PUBKEY)) { X509_PUBKEY *xpkey; ASN1_OBJECT *koid; if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) goto err; if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) goto err; xpkey = X509_REQ_get_X509_PUBKEY(x); X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey); if (i2a_ASN1_OBJECT(bp, koid) <= 0) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; pkey = X509_REQ_get_pubkey(x); if (pkey == NULL) { BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ERR_print_errors(bp); } else { EVP_PKEY_print_public(bp, pkey, 16, NULL); EVP_PKEY_free(pkey); } } if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { /* may not be */ if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) goto err; if (X509_REQ_get_attr_count(x) == 0) { if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) goto err; } else { for (i = 0; i < X509_REQ_get_attr_count(x); i++) { ASN1_TYPE *at; X509_ATTRIBUTE *a; ASN1_BIT_STRING *bs = NULL; ASN1_OBJECT *aobj; int j, type = 0, count = 1, ii = 0; a = X509_REQ_get_attr(x, i); aobj = X509_ATTRIBUTE_get0_object(a); if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) continue; if (BIO_printf(bp, "%12s", "") <= 0) goto err; if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { ii = 0; count = X509_ATTRIBUTE_count(a); get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; bs = at->value.asn1_string; } for (j = 25 - j; j > 0; j--) if (BIO_write(bp, " ", 1) != 1) goto err; if (BIO_puts(bp, ":") <= 0) goto err; if ((type == V_ASN1_PRINTABLESTRING) || (type == V_ASN1_T61STRING) || (type == V_ASN1_IA5STRING)) { if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length) goto err; BIO_puts(bp, "\n"); } else { BIO_puts(bp, "unable to print attribute\n"); } if (++ii < count) goto get_next; } } } if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { exts = X509_REQ_get_extensions(x); if (exts) { BIO_printf(bp, "%8sRequested Extensions:\n", ""); for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; X509_EXTENSION *ex; int j; ex = sk_X509_EXTENSION_value(exts, i); if (BIO_printf(bp, "%12s", "") <= 0) goto err; obj = X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp, obj); j = X509_EXTENSION_get_critical(ex); if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) goto err; if (!X509V3_EXT_print(bp, ex, cflag, 16)) { BIO_printf(bp, "%16s", ""); ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); } if (BIO_write(bp, "\n", 1) <= 0) goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } } if (!(cflag & X509_FLAG_NO_SIGDUMP)) { X509_ALGOR *sig_alg; ASN1_BIT_STRING *sig; X509_REQ_get0_signature(&sig, &sig_alg, x); if (!X509_signature_print(bp, sig_alg, sig)) goto err; } return (1); err: X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); return (0); }
char *get_challenge(scep_t *scep) { int loc, type, n; X509_ATTRIBUTE *attr; X509_REQ *req; ASN1_TYPE *asn1; ASN1_IA5STRING *asn1_string; char *challenge; /* get our hands on the request */ req = scep->clientreq; if (debug) BIO_printf(bio_err, "%s:%d: getting challenge password from " "X.509 request %p\n", __FILE__, __LINE__, req); /* if the client req is not set, we have no chance of finding */ /* password */ if (NULL == req) { BIO_printf(bio_err, "%s:%d: no X.509 request available\n", __FILE__, __LINE__); goto err; } /* get the challengePassword attribute from the request */ n = X509_REQ_get_attr_count(req); if (debug) BIO_printf(bio_err, "%s%d: %d attributes found\n", __FILE__, __LINE__, n); loc = X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1); if (loc < 0) { if (debug) BIO_printf(bio_err, "%s:%d: challengePassword not " "found\n", __FILE__, __LINE__); return NULL; } if (debug) BIO_printf(bio_err, "%s:%d: challengePassword at offset %d\n", __FILE__, __LINE__, loc); attr = X509_REQ_get_attr(req, loc); /* retrieve the value of the challengePassword attribute */ if (NULL == (asn1 = X509_ATTRIBUTE_get0_type(attr, 0))) { BIO_printf(bio_err, "%s:%d: cannot retrieve value\n", __FILE__, __LINE__); goto err; } type = ASN1_TYPE_get(asn1); if (debug) BIO_printf(bio_err, "%s:%d: type of challengePassword is %d\n", __FILE__, __LINE__, type); if ((type != V_ASN1_IA5STRING) && (type != V_ASN1_PRINTABLESTRING)) { BIO_printf(bio_err, "%s:%d: challengePassword has wrong type\n", __FILE__, __LINE__, type); goto err; } asn1_string = (ASN1_STRING *)asn1->value.ptr; challenge = (char *)malloc(asn1_string->length + 1); memcpy(challenge, asn1_string->data, asn1_string->length); challenge[asn1_string->length] = '\0'; if (debug) BIO_printf(bio_err, "%s:%d: challenge Password '%s'\n", __FILE__, __LINE__, challenge); /* return the challenge password we have found */ return challenge; /* error return */ err: ERR_print_errors(bio_err); return NULL; }
/*** parse x509_req object as table @function parse @tparam[opt=true] shortname default will use short object name @treturn table result */ static LUA_FUNCTION(openssl_csr_parse) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME *subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); { const ASN1_BIT_STRING *sig = NULL; const X509_ALGOR *alg = NULL; X509_REQ_get0_signature(csr, &sig, &alg); openssl_push_asn1(L, sig, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); alg = X509_ALGOR_dup((X509_ALGOR *)alg); PUSH_OBJECT(alg, "openssl.x509_algor"); lua_setfield(L, -2, "sig_alg"); } lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr); ASN1_OBJECT *oalg = NULL; int c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { int i; lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub)) { openssl_push_asn1object(L, oalg); lua_setfield(L, -2, "algorithm"); } AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }