/* * call-seq: * spki.public_key => pkey * * Returns the public key associated with the SPKI, an instance of * OpenSSL::PKey. */ static VALUE ossl_spki_get_public_key(VALUE self) { NETSCAPE_SPKI *spki; EVP_PKEY *pkey; GetSPKI(self, spki); if (!(pkey = NETSCAPE_SPKI_get_pubkey(spki))) { /* adds an reference */ ossl_raise(eSPKIError, NULL); } return ossl_pkey_new(pkey); /* NO DUP - OK */ }
/* * read requestor data * * for version 2 requests, the requestor and the SCEP client can be different * and the request does not need to be a PKCS#10 */ static int read_requestorstuff(scep_t *scep, int type, char *filename) { BIO *bio; NETSCAPE_SPKI *spki = NULL; X509_REQ *req = NULL; bio = BIO_new(BIO_s_file()); if (BIO_read_filename(bio, filename) < 0) { BIO_printf(bio_err, "%s:%d: cannot read request file '%s'\n", __FILE__, __LINE__, filename); goto err; } switch (type) { case 0: scep->requestorreq = d2i_X509_REQ_bio(bio, &req); if (scep->requestorreq == NULL) { BIO_printf(bio_err, "%s:%d: cannot decode X509_REQ\n", __FILE__, __LINE__); goto err; } scep->requestorpubkey = X509_REQ_get_pubkey(scep->requestorreq); break; case 1: scep->requestorspki = d2i_NETSCAPE_SPKI_bio(bio, &spki); if (scep->requestorspki == NULL) { BIO_printf(bio_err, "%s:%d: cannot decode SPKI\n", __FILE__, __LINE__); goto err; } scep->requestorpubkey = NETSCAPE_SPKI_get_pubkey(scep->requestorspki); break; default: goto err; } return 0; err: ERR_print_errors(bio_err); return -1; }
/*! Load a spkac FILE into this request structure. The file format follows the conventions understood by the 'openssl ca' command. (see: 'man ca') */ int pki_x509req::load_spkac(const QString filename) { QFile file; x509name subject; EVP_PKEY *pktmp = NULL; pki_ign_openssl_error(); file.setFileName(filename); if (!file.open(QIODevice::ReadOnly)) return 1; while (!file.atEnd()) { int idx, nid; QByteArray line = file.readLine(); if (line.size() == 0) continue; idx = line.indexOf('='); if (idx == -1) goto err; QString type = line.left(idx).trimmed(); line = line.mid(idx+1).trimmed(); idx = type.lastIndexOf(QRegExp("[:,\\.]")); if (idx != -1) type = type.mid(idx+1); if ((nid = OBJ_txt2nid(CCHAR(type))) == NID_undef) { if (type != "SPKAC") goto err; pki_ign_openssl_error(); spki = NETSCAPE_SPKI_b64_decode(line, line.size()); if (!spki) goto err; /* Now extract the key from the SPKI structure and check the signature. */ pktmp = NETSCAPE_SPKI_get_pubkey(spki); if (pktmp == NULL) goto err; if (NETSCAPE_SPKI_verify(spki, pktmp) != 1) goto err; } else { // gather all values in the x509name subject. subject.addEntryByNid(nid, filename2QString(line.constData())); } } if (!pktmp) goto err; setSubject(subject); X509_REQ_set_pubkey(request, pktmp); EVP_PKEY_free(pktmp); return 0; err: if (pktmp) EVP_PKEY_free(pktmp); if (spki) { NETSCAPE_SPKI_free(spki); spki = NULL; } return 1; }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int i,badops=0, ret = 1; BIO *in = NULL,*out = NULL; int verify=0,noout=0,pubkey=0; char *infile = NULL,*outfile = NULL,*prog; char *passargin = NULL, *passin = NULL; const char *spkac = "SPKAC", *spksect = "default"; char *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (!bio_err) bio_err = BIO_new_fp(OPENSSL_TYPE__FILE_STDERR, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-key") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-challenge") == 0) { if (--argc < 1) goto bad; challenge= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-spkac") == 0) { if (--argc < 1) goto bad; spkac= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-spksect") == 0) { if (--argc < 1) goto bad; spksect= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0) noout=1; else if (TINYCLR_SSL_STRCMP(*argv,"-pubkey") == 0) pubkey=1; else if (TINYCLR_SSL_STRCMP(*argv,"-verify") == 0) verify=1; else badops = 1; argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options]\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -key arg create SPKAC using private key\n"); BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -challenge arg challenge string\n"); BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif goto end; } ERR_load_crypto_strings(); if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if(keyfile) { pkey = load_key(bio_err, TINYCLR_SSL_STRCMP(keyfile, "-") ? keyfile : NULL, FORMAT_PEM, 1, passin, e, "private key"); if(!pkey) { goto end; } spki = NETSCAPE_SPKI_new(); if(challenge) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)TINYCLR_SSL_STRLEN(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(OPENSSL_TYPE__FILE_STDOUT, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if(!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(out, "SPKAC=%s\n", spkstr); OPENSSL_free(spkstr); ret = 0; goto end; } if (infile) in = BIO_new_file(infile, "r"); else in = BIO_new_fp(OPENSSL_TYPE__FILE_STDIN, BIO_NOCLOSE); if(!in) { BIO_printf(bio_err, "Error opening input file\n"); ERR_print_errors(bio_err); goto end; } conf = NCONF_new(NULL); i = NCONF_load_bio(conf, in, NULL); if(!i) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } spkstr = NCONF_get_string(conf, spksect, spkac); if(!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); if(!spki) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; } if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(OPENSSL_TYPE__FILE_STDOUT, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if(!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } if(!noout) NETSCAPE_SPKI_print(out, spki); pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; } } if(pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; end: NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); apps_shutdown(); OPENSSL_EXIT(ret); }
int spkac_main(int argc, char **argv) { BIO *out = NULL; CONF *conf = NULL; ENGINE *e = NULL; EVP_PKEY *pkey = NULL; NETSCAPE_SPKI *spki = NULL; char *challenge = NULL, *keyfile = NULL; char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL; char *spkstr = NULL, *prog; const char *spkac = "SPKAC", *spksect = "default"; int i, ret = 1, verify = 0, noout = 0, pubkey = 0; OPTION_CHOICE o; prog = opt_init(argc, argv, spkac_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(spkac_options); ret = 0; goto end; case OPT_IN: infile = opt_arg(); break; case OPT_OUT: outfile = opt_arg(); break; case OPT_NOOUT: noout = 1; break; case OPT_PUBKEY: pubkey = 1; break; case OPT_VERIFY: verify = 1; break; case OPT_PASSIN: passinarg = opt_arg(); break; case OPT_KEY: keyfile = opt_arg(); break; case OPT_CHALLENGE: challenge = opt_arg(); break; case OPT_SPKAC: spkac = opt_arg(); break; case OPT_SPKSECT: spksect = opt_arg(); break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; } } argc = opt_num_rest(); if (argc != 0) goto opthelp; if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (keyfile) { pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, FORMAT_PEM, 1, passin, e, "private key"); if (!pkey) { goto end; } spki = NETSCAPE_SPKI_new(); if (challenge) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); out = bio_open_default(outfile, 'w', FORMAT_TEXT); if (out == NULL) goto end; BIO_printf(out, "SPKAC=%s\n", spkstr); OPENSSL_free(spkstr); ret = 0; goto end; } if ((conf = app_load_config(infile)) == NULL) goto end; spkstr = NCONF_get_string(conf, spksect, spkac); if (spkstr == NULL) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); if (!spki) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; } out = bio_open_default(outfile, 'w', FORMAT_TEXT); if (out == NULL) goto end; if (!noout) NETSCAPE_SPKI_print(out, spki); pkey = NETSCAPE_SPKI_get_pubkey(spki); if (verify) { i = NETSCAPE_SPKI_verify(spki, pkey); if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; } } if (pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; end: NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free_all(out); EVP_PKEY_free(pkey); OPENSSL_free(passin); return (ret); }
int spkac_main(int argc, char **argv) { int i, ret = 1; BIO *in = NULL, *out = NULL; char *passin = NULL; char *spkstr = NULL; CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; if (single_execution) { if (pledge("stdio rpath wpath cpath tty", NULL) == -1) { perror("pledge"); exit(1); } } memset(&spkac_config, 0, sizeof(spkac_config)); spkac_config.spkac = "SPKAC"; spkac_config.spksect = "default"; if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { spkac_usage(); return (1); } if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (spkac_config.keyfile) { pkey = load_key(bio_err, strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile : NULL, FORMAT_PEM, 1, passin, "private key"); if (!pkey) { goto end; } spki = NETSCAPE_SPKI_new(); if (spkac_config.challenge) ASN1_STRING_set(spki->spkac->challenge, spkac_config.challenge, (int) strlen(spkac_config.challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); if (spkstr == NULL) { BIO_printf(bio_err, "Error encoding SPKAC\n"); ERR_print_errors(bio_err); goto end; } if (spkac_config.outfile) out = BIO_new_file(spkac_config.outfile, "w"); else out = BIO_new_fp(stdout, BIO_NOCLOSE); if (!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); } else { BIO_printf(out, "SPKAC=%s\n", spkstr); ret = 0; } free(spkstr); goto end; } if (spkac_config.infile) in = BIO_new_file(spkac_config.infile, "r"); else in = BIO_new_fp(stdin, BIO_NOCLOSE); if (!in) { BIO_printf(bio_err, "Error opening input file\n"); ERR_print_errors(bio_err); goto end; } conf = NCONF_new(NULL); i = NCONF_load_bio(conf, in, NULL); if (!i) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } spkstr = NCONF_get_string(conf, spkac_config.spksect, spkac_config.spkac); if (!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac_config.spkac); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); if (!spki) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; } if (spkac_config.outfile) out = BIO_new_file(spkac_config.outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } if (!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } if (!spkac_config.noout) NETSCAPE_SPKI_print(out, spki); pkey = NETSCAPE_SPKI_get_pubkey(spki); if (spkac_config.verify) { i = NETSCAPE_SPKI_verify(spki, pkey); if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; } } if (spkac_config.pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; end: NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); free(passin); return (ret); }
int MAIN(int argc, char **argv) { int i,badops=0, ret = 1; BIO *in = NULL,*out = NULL, *key = NULL; int verify=0,noout=0,pubkey=0; char *infile = NULL,*outfile = NULL,*prog; char *passargin = NULL, *passin = NULL; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; LHASH *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; apps_startup(); if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); prog=argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); } else if (strcmp(*argv,"-challenge") == 0) { if (--argc < 1) goto bad; challenge= *(++argv); } else if (strcmp(*argv,"-spkac") == 0) { if (--argc < 1) goto bad; spkac= *(++argv); } else if (strcmp(*argv,"-spksect") == 0) { if (--argc < 1) goto bad; spksect= *(++argv); } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) pubkey=1; else if (strcmp(*argv,"-verify") == 0) verify=1; else badops = 1; argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options]\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -key arg create SPKAC using private key\n"); BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -challenge arg challenge string\n"); BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); goto end; } ERR_load_crypto_strings(); if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if(keyfile) { if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r"); else key = BIO_new_fp(stdin, BIO_NOCLOSE); if(!key) { BIO_printf(bio_err, "Error opening key file\n"); ERR_print_errors(bio_err); goto end; } pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin); if(!pkey) { BIO_printf(bio_err, "Error reading private key\n"); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_new(); if(challenge) ASN1_STRING_set(spki->spkac->challenge, challenge, strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if(!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(out, "SPKAC=%s\n", spkstr); OPENSSL_free(spkstr); ret = 0; goto end; } if (infile) in = BIO_new_file(infile, "r"); else in = BIO_new_fp(stdin, BIO_NOCLOSE); if(!in) { BIO_printf(bio_err, "Error opening input file\n"); ERR_print_errors(bio_err); goto end; } conf = CONF_load_bio(NULL, in, NULL); if(!conf) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } spkstr = CONF_get_string(conf, spksect, spkac); if(!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); if(!spki) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; } if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if(!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } if(!noout) NETSCAPE_SPKI_print(out, spki); pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); if(i) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; } } if(pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; end: CONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); BIO_free(key); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); EXIT(ret); }
CertificateRequestSPKAC* CertificateRequestFactory::fromSPKAC(std::string &path) throw (EncodeException, RandomException, NetscapeSPKIException) { STACK_OF(CONF_VALUE) *sk=NULL; LHASH_OF(CONF_VALUE) *parms=NULL; X509_REQ *req=NULL; CONF_VALUE *cv=NULL; NETSCAPE_SPKI *spki = NULL; X509_REQ_INFO *ri; char *type,*buf; EVP_PKEY *pktmp=NULL; X509_NAME *n=NULL; unsigned long chtype = MBSTRING_ASC; int i; long errline; int nid; CertificateRequestSPKAC* ret=NULL; /* * Load input file into a hash table. (This is just an easy * way to read and parse the file, then put it into a convenient * STACK format). */ parms=CONF_load(NULL,path.c_str(),&errline); if (parms == NULL) { throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } sk=CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } /* * Now create a dummy X509 request structure. We don't actually * have an X509 request, but we have many of the components * (a public key, various DN components). The idea is that we * put these components into the right X509 request structure * and we can use the same code as if you had a real X509 request. */ req=X509_REQ_new(); if (req == NULL) { if (parms != NULL) CONF_free(parms); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } /* * Build up the subject name set. */ ri=req->req_info; n = ri->subject; for (i = 0; ; i++) { if (sk_CONF_VALUE_num(sk) <= i) break; cv=sk_CONF_VALUE_value(sk,i); type=cv->name; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for (buf = cv->name; *buf ; buf++) if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { buf++; if (*buf) type = buf; break; } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) { if (strcmp(type, "SPKAC") == 0) { spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BASE64_DECODE, "CertificateRequestFactory::fromSPKAC"); } } continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *)buf, -1, -1, 0)) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } } if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } /* * Now extract the key from the SPKI structure. */ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); ret = new CertificateRequestSPKAC(req, spki); return ret; }