STACK_OF(X509_EXTENSION) *
X509_REQ_get_extensions(X509_REQ *req)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *ext = NULL;
int idx, *pnid;
const unsigned char *p;
if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
return (NULL);
for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
if (idx == -1)
continue;
attr = X509_REQ_get_attr(req, idx);
if (attr->single)
ext = attr->value.single;
else if (sk_ASN1_TYPE_num(attr->value.set))
ext = sk_ASN1_TYPE_value(attr->value.set, 0);
break;
}
if (!ext || (ext->type != V_ASN1_SEQUENCE))
return NULL;
p = ext->value.sequence->data;
return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));
}
static LUA_FUNCTION(openssl_csr_attribute)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
if (auxiliar_isclass(L, "openssl.x509_attribute", 2))
{
X509_ATTRIBUTE *attr = CHECK_OBJECT(2, X509_ATTRIBUTE, "openssl.x509_attribute");
int ret = X509_REQ_add1_attr(csr, attr);
return openssl_pushresult(L, ret);
}
else if (lua_isnumber(L, 2))
{
int loc = luaL_checkint(L, 2);
X509_ATTRIBUTE *attr = NULL;
if (lua_isnone(L, 3))
{
attr = X509_REQ_get_attr(csr, loc);
attr = X509_ATTRIBUTE_dup(attr);
}
else if (lua_isnil(L, 3))
{
attr = X509_REQ_delete_attr(csr, loc);
}
if (attr)
{
PUSH_OBJECT(attr, "openssl.x509_attribute");
}
else
lua_pushnil(L);
return 1;
}
return 0;
}
/***
add attribute to x509_req object
@function attribute
@tparam x509_attribute attribute attribute to add
@treturn boolean result
*/
static LUA_FUNCTION(openssl_csr_attribute)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
if (auxiliar_getclassudata(L, "openssl.x509_attribute", 2))
{
X509_ATTRIBUTE *attr = CHECK_OBJECT(2, X509_ATTRIBUTE, "openssl.x509_attribute");
int ret = X509_REQ_add1_attr(csr, attr);
return openssl_pushresult(L, ret);
}
else if (lua_isnumber(L, 2))
{
int loc = luaL_checkint(L, 2);
X509_ATTRIBUTE *attr = NULL;
if (lua_isnone(L, 3))
{
attr = X509_REQ_get_attr(csr, loc);
attr = X509_ATTRIBUTE_dup(attr);
}
else if (lua_isnil(L, 3))
{
attr = X509_REQ_delete_attr(csr, loc);
}
if (attr)
{
PUSH_OBJECT(attr, "openssl.x509_attribute");
}
else
lua_pushnil(L);
return 1;
}
else if (lua_istable(L, 2))
{
int i;
int ret = 1;
int n = lua_rawlen(L, 2);
for (i = 1; ret == 1 && i <= n; i++)
{
X509_ATTRIBUTE *attr;
lua_rawgeti(L, 2, i);
attr = NULL;
if (lua_istable(L, -1))
{
attr = openssl_new_xattribute(L, &attr, -1, NULL);
ret = X509_REQ_add1_attr(csr, attr);
X509_ATTRIBUTE_free(attr);
}
else
{
attr = CHECK_OBJECT(-1, X509_ATTRIBUTE, "openssl.x509_attribute");
ret = X509_REQ_add1_attr(csr, attr);
}
lua_pop(L, 1);
}
openssl_pushresult(L, ret);
return 1;
}
return 0;
}
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME * subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
openssl_push_x509_algor(L, csr->sig_alg);
lua_setfield(L, -2, "sig_alg");
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_REQ_INFO* ri = csr->req_info;
int i, c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
openssl_push_asn1object(L, ri->pubkey->algor->algorithm);
lua_setfield(L, -2, "algorithm");
AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
QString pki_x509req::getAttribute(int nid) const
{
int n;
int count;
QStringList ret;
n = X509_REQ_get_attr_by_NID(request, nid, -1);
if (n == -1)
return QString("");
X509_ATTRIBUTE *att = X509_REQ_get_attr(request, n);
if (!att)
return QString("");
count = X509_ATTRIBUTE_count(att);
for (int j = 0; j < count; j++)
ret << asn1ToQString(X509_ATTRIBUTE_get0_type(att, j)->
value.asn1_string);
return ret.join(", ");
}
static QString getAttribute(X509_REQ *req, int nid)
{
int n;
n = X509_REQ_get_attr_by_NID(req, nid, -1);
if (n == -1)
return QString("");
X509_ATTRIBUTE *att = X509_REQ_get_attr(req, n);
if (!att)
return QString("");
if (att->single)
return asn1ToQString(att->value.single->value.asn1_string);
int count = sk_ASN1_TYPE_num(att->value.set);
QStringList ret;
for (int j=0; j<count; j++) {
ret << asn1ToQString(sk_ASN1_TYPE_value(att->value.set, j)->
value.asn1_string);
}
return ret.join(", ");
}
void CertDetail::setReq(pki_x509req *req)
{
image->setPixmap(*MainWindow::csrImg);
headerLabel->setText(tr("Details of the certificate signing request"));
try {
setX509super(req);
// No issuer
tabwidget->removeTab(2);
// verification
if (!req->verify() ) {
signature->setRed();
signature->setText("Failed");
} else {
signature->setGreen();
if (req->isSpki()) {
signature->setText("SPKAC");
} else {
signature->setText("PKCS#10");
}
}
signature->disableToolTip();
trustState->hide();
fingerprints->hide();
validity->hide();
serialLabel->hide();
serialNr->hide();
// The non extension attributes
int cnt = X509_REQ_get_attr_count(req->getReq());
int added = 0;
QGridLayout *attrLayout = new QGridLayout(attributes);
attrLayout->setAlignment(Qt::AlignTop);
attrLayout->setSpacing(6);
attrLayout->setMargin(11);
for (int i = 0; i<cnt; i++) {
int nid;
QLabel *label;
QString trans;
X509_ATTRIBUTE *att = X509_REQ_get_attr(req->getReq(), i);
nid = OBJ_obj2nid(att->object);
if (X509_REQ_extension_nid(nid)) {
continue;
}
label = new QLabel(this);
trans = dn_translations[nid];
if (translate_dn && !trans.isEmpty()) {
label->setText(trans);
label->setToolTip(QString(OBJ_nid2sn(nid)));
} else {
label->setText(QString(OBJ_nid2ln(nid)));
label->setToolTip(trans);
}
label->setText(QString(OBJ_nid2ln(nid)));
label->setToolTip(QString(OBJ_nid2sn(nid)));
attrLayout->addWidget(label, i, 0);
added++;
if (att->single) {
label = labelFromAsn1String(att->value.single->value.asn1_string);
attrLayout->addWidget(label, i, 1);
continue;
}
int count = sk_ASN1_TYPE_num(att->value.set);
for (int j=0; j<count; j++) {
label = labelFromAsn1String(sk_ASN1_TYPE_value(att->value.set, j)->value.asn1_string);
attrLayout->addWidget(label, i, j +1);
}
}
ASN1_IA5STRING *chal = req->spki_challange();
if (chal) {
QLabel *label;
label = new QLabel(this);
label->setText(QString("SPKI Challenge String"));
attrLayout->addWidget(label, 0, 0);
label = labelFromAsn1String(chal);
attrLayout->addWidget(label, 0, 1);
added++;
}
if (!added) {
tabwidget->removeTab(2);
}
openssl_error();
} catch (errorEx &err) {
XCA_WARN(err.getString());
}
}
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
unsigned long cflag)
{
long l;
int i;
EVP_PKEY *pkey;
STACK_OF(X509_EXTENSION) *exts;
char mlch = ' ';
int nmindent = 0;
if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mlch = '\n';
nmindent = 12;
}
if (nmflags == X509_FLAG_COMPAT)
nmindent = 16;
if (!(cflag & X509_FLAG_NO_HEADER)) {
if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
goto err;
if (BIO_write(bp, " Data:\n", 10) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_VERSION)) {
l = X509_REQ_get_version(x);
if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_SUBJECT)) {
if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
goto err;
if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x),
nmindent, nmflags) < 0)
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_PUBKEY)) {
X509_PUBKEY *xpkey;
ASN1_OBJECT *koid;
if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
goto err;
if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
goto err;
xpkey = X509_REQ_get_X509_PUBKEY(x);
X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey);
if (i2a_ASN1_OBJECT(bp, koid) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
pkey = X509_REQ_get_pubkey(x);
if (pkey == NULL) {
BIO_printf(bp, "%12sUnable to load Public Key\n", "");
ERR_print_errors(bp);
} else {
EVP_PKEY_print_public(bp, pkey, 16, NULL);
EVP_PKEY_free(pkey);
}
}
if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
/* may not be */
if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
goto err;
if (X509_REQ_get_attr_count(x) == 0) {
if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
goto err;
} else {
for (i = 0; i < X509_REQ_get_attr_count(x); i++) {
ASN1_TYPE *at;
X509_ATTRIBUTE *a;
ASN1_BIT_STRING *bs = NULL;
ASN1_OBJECT *aobj;
int j, type = 0, count = 1, ii = 0;
a = X509_REQ_get_attr(x, i);
aobj = X509_ATTRIBUTE_get0_object(a);
if (X509_REQ_extension_nid(OBJ_obj2nid(aobj)))
continue;
if (BIO_printf(bp, "%12s", "") <= 0)
goto err;
if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
ii = 0;
count = X509_ATTRIBUTE_count(a);
get_next:
at = X509_ATTRIBUTE_get0_type(a, ii);
type = at->type;
bs = at->value.asn1_string;
}
for (j = 25 - j; j > 0; j--)
if (BIO_write(bp, " ", 1) != 1)
goto err;
if (BIO_puts(bp, ":") <= 0)
goto err;
if ((type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING)) {
if (BIO_write(bp, (char *)bs->data, bs->length)
!= bs->length)
goto err;
BIO_puts(bp, "\n");
} else {
BIO_puts(bp, "unable to print attribute\n");
}
if (++ii < count)
goto get_next;
}
}
}
if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
exts = X509_REQ_get_extensions(x);
if (exts) {
BIO_printf(bp, "%8sRequested Extensions:\n", "");
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
ASN1_OBJECT *obj;
X509_EXTENSION *ex;
int j;
ex = sk_X509_EXTENSION_value(exts, i);
if (BIO_printf(bp, "%12s", "") <= 0)
goto err;
obj = X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(bp, obj);
j = X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
goto err;
if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
BIO_printf(bp, "%16s", "");
ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
}
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
}
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *sig;
X509_REQ_get0_signature(&sig, &sig_alg, x);
if (!X509_signature_print(bp, sig_alg, sig))
goto err;
}
return (1);
err:
X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
return (0);
}
char *get_challenge(scep_t *scep) {
int loc, type, n;
X509_ATTRIBUTE *attr;
X509_REQ *req;
ASN1_TYPE *asn1;
ASN1_IA5STRING *asn1_string;
char *challenge;
/* get our hands on the request */
req = scep->clientreq;
if (debug)
BIO_printf(bio_err, "%s:%d: getting challenge password from "
"X.509 request %p\n", __FILE__, __LINE__, req);
/* if the client req is not set, we have no chance of finding */
/* password */
if (NULL == req) {
BIO_printf(bio_err, "%s:%d: no X.509 request available\n",
__FILE__, __LINE__);
goto err;
}
/* get the challengePassword attribute from the request */
n = X509_REQ_get_attr_count(req);
if (debug)
BIO_printf(bio_err, "%s%d: %d attributes found\n", __FILE__,
__LINE__, n);
loc = X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1);
if (loc < 0) {
if (debug)
BIO_printf(bio_err, "%s:%d: challengePassword not "
"found\n", __FILE__, __LINE__);
return NULL;
}
if (debug)
BIO_printf(bio_err, "%s:%d: challengePassword at offset %d\n",
__FILE__, __LINE__, loc);
attr = X509_REQ_get_attr(req, loc);
/* retrieve the value of the challengePassword attribute */
if (NULL == (asn1 = X509_ATTRIBUTE_get0_type(attr, 0))) {
BIO_printf(bio_err, "%s:%d: cannot retrieve value\n",
__FILE__, __LINE__);
goto err;
}
type = ASN1_TYPE_get(asn1);
if (debug)
BIO_printf(bio_err, "%s:%d: type of challengePassword is %d\n",
__FILE__, __LINE__, type);
if ((type != V_ASN1_IA5STRING) && (type != V_ASN1_PRINTABLESTRING)) {
BIO_printf(bio_err, "%s:%d: challengePassword has wrong type\n",
__FILE__, __LINE__, type);
goto err;
}
asn1_string = (ASN1_STRING *)asn1->value.ptr;
challenge = (char *)malloc(asn1_string->length + 1);
memcpy(challenge, asn1_string->data, asn1_string->length);
challenge[asn1_string->length] = '\0';
if (debug)
BIO_printf(bio_err, "%s:%d: challenge Password '%s'\n",
__FILE__, __LINE__, challenge);
/* return the challenge password we have found */
return challenge;
/* error return */
err:
ERR_print_errors(bio_err);
return NULL;
}
/***
parse x509_req object as table
@function parse
@tparam[opt=true] shortname default will use short object name
@treturn table result
*/
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME *subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
{
const ASN1_BIT_STRING *sig = NULL;
const X509_ALGOR *alg = NULL;
X509_REQ_get0_signature(csr, &sig, &alg);
openssl_push_asn1(L, sig, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
alg = X509_ALGOR_dup((X509_ALGOR *)alg);
PUSH_OBJECT(alg, "openssl.x509_algor");
lua_setfield(L, -2, "sig_alg");
}
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr);
ASN1_OBJECT *oalg = NULL;
int c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
int i;
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub))
{
openssl_push_asn1object(L, oalg);
lua_setfield(L, -2, "algorithm");
}
AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}