EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
BIO *bp;
EVP_PKEY *ret;
if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
OPENSSL_PUT_ERROR(PEM, d2i_PKCS8PrivateKey_fp, ERR_R_BUF_LIB);
return NULL;
}
ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
BIO_free(bp);
return ret;
}
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
BIO *bp;
EVP_PKEY *ret;
if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
return NULL;
}
ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
BIO_free(bp);
return ret;
}
Handle<Key> Provider_System::getKeyFromURI(Handle<std::string> uri, Handle<std::string> format, bool enc){
LOGGER_FN();
try{
if (enc){
THROW_EXCEPTION(0, Provider_System, NULL, "Encrypted key need password callback function. Unsupported now");
}
BIO *bioFile = NULL;
EVP_PKEY *hkey = NULL;
LOGGER_OPENSSL(BIO_new);
bioFile = BIO_new(BIO_s_file());
LOGGER_OPENSSL(BIO_read_filename);
if (BIO_read_filename(bioFile, uri->c_str()) > 0){
LOGGER_OPENSSL(BIO_seek);
BIO_seek(bioFile, 0);
if (strcmp(format->c_str(), "PEM") == 0){
LOGGER_OPENSSL(PEM_read_bio_PrivateKey);
hkey = PEM_read_bio_PrivateKey(bioFile, NULL, 0, NULL);
}
else if (strcmp(format->c_str(), "DER") == 0){
LOGGER_OPENSSL(d2i_PKCS8PrivateKey_bio);
hkey = d2i_PKCS8PrivateKey_bio(bioFile, NULL, 0, NULL);
}
else{
THROW_EXCEPTION(0, Provider_System, NULL, "Unsupported format. Only PEM | DER");
}
}
LOGGER_OPENSSL(BIO_free);
BIO_free(bioFile);
if (!hkey){
THROW_EXCEPTION(0, Provider_System, NULL, "Unable decode key from PEM/DER");
}
else{
return new Key(hkey);
}
}
catch (Handle<Exception> e){
THROW_EXCEPTION(0, Provider_System, e, "getCSRFromURI");
}
}
/**
* xmlSecOpenSSLAppKeyLoadBIO:
* @bio: the key BIO.
* @format: the key file format.
* @pwd: the key file password.
* @pwdCallback: the key password callback.
* @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the an OpenSSL BIO object.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format,
const char *pwd, void* pwdCallback,
void* pwdCallbackCtx) {
xmlSecKeyPtr key = NULL;
xmlSecKeyDataPtr data;
EVP_PKEY* pKey = NULL;
int ret;
xmlSecAssert2(bio != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
switch(format) {
case xmlSecKeyDataFormatPem:
/* try to read private key first */
if(pwd != NULL) {
pKey = PEM_read_bio_PrivateKey(bio, NULL,
xmlSecOpenSSLDummyPasswordCallback,
(void*)pwd);
} else {
pKey = PEM_read_bio_PrivateKey(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
}
if(pKey == NULL) {
/* go to start of the file and try to read public key */
(void)BIO_reset(bio);
pKey = PEM_read_bio_PUBKEY(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
break;
case xmlSecKeyDataFormatDer:
/* try to read private key first */
pKey = d2i_PrivateKey_bio(bio, NULL);
if(pKey == NULL) {
/* go to start of the file and try to read public key */
(void)BIO_reset(bio);
pKey = d2i_PUBKEY_bio(bio, NULL);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"d2i_PrivateKey_bio and d2i_PUBKEY_bio",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
break;
case xmlSecKeyDataFormatPkcs8Pem:
/* try to read private key first */
pKey = PEM_read_bio_PrivateKey(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PEM_read_bio_PrivateKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
break;
case xmlSecKeyDataFormatPkcs8Der:
/* try to read private key first */
pKey = d2i_PKCS8PrivateKey_bio(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"d2i_PrivateKey_bio and d2i_PUBKEY_bio",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
break;
#ifndef XMLSEC_NO_X509
case xmlSecKeyDataFormatPkcs12:
key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppPkcs12LoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(key);
case xmlSecKeyDataFormatCertPem:
case xmlSecKeyDataFormatCertDer:
key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppKeyFromCertLoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(key);
#endif /* XMLSEC_NO_X509 */
default:
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_FORMAT,
"format=%d", format);
return(NULL);
}
data = xmlSecOpenSSLEvpKeyAdopt(pKey);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLEvpKeyAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
EVP_PKEY_free(pKey);
return(NULL);
}
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(NULL);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
xmlSecKeyDestroy(key);
xmlSecKeyDataDestroy(data);
return(NULL);
}
return(key);
}
static int openssl_pkey_read(lua_State*L)
{
EVP_PKEY * key = NULL;
BIO* in = load_bio_object(L, 1);
int priv = lua_isnoneornil(L, 2) ? 0 : auxiliar_checkboolean(L, 2);
int fmt = luaL_checkoption(L, 3, "auto", format);
const char* passphrase = luaL_optstring(L, 4, NULL);
int type = -1;
if (passphrase)
{
if (strcmp(passphrase, "rsa") == 0 || strcmp(passphrase, "RSA") == 0)
type = EVP_PKEY_RSA;
else if (strcmp(passphrase, "dsa") == 0 || strcmp(passphrase, "DSA") == 0)
type = EVP_PKEY_DSA;
else if (strcmp(passphrase, "ec") == 0 || strcmp(passphrase, "EC") == 0)
type = EVP_PKEY_EC;
}
if (fmt == FORMAT_AUTO)
{
fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM;
}
if (!priv)
{
if (fmt == FORMAT_PEM)
{
key = PEM_read_bio_PUBKEY(in, NULL, NULL, (void*)passphrase);
BIO_reset(in);
if (key == NULL && type == EVP_PKEY_RSA)
{
RSA* rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
if (rsa)
{
key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key, rsa);
}
}
}else
if (fmt == FORMAT_DER)
{
key = d2i_PUBKEY_bio(in, NULL);
BIO_reset(in);
if (!key && type!=-1)
{
char * bio_mem_ptr;
long bio_mem_len;
bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr);
key = d2i_PublicKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len);
BIO_reset(in);
}
}
}
else
{
if (fmt == FORMAT_PEM)
{
key = PEM_read_bio_PrivateKey(in, NULL, NULL, (void*)passphrase);
BIO_reset(in);
}else
if (fmt == FORMAT_DER)
{
if (passphrase)
key = d2i_PKCS8PrivateKey_bio(in, NULL, NULL, (void*)passphrase);
else
key = d2i_PrivateKey_bio(in, NULL);
BIO_reset(in);
if (!key && type != -1)
{
char * bio_mem_ptr;
long bio_mem_len;
bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr);
key = d2i_PrivateKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len);
BIO_reset(in);
}
}
}
BIO_free(in);
if (key)
{
PUSH_OBJECT(key, "openssl.evp_pkey");
return 1;
}
return openssl_pushresult(L, 0);
}