Exemple #1
0
static int
test_compare(hx509_context context)
{
    int ret;
    hx509_cert c1, c2, c3;
    int l0, l1, l2, l3;

    /* check transative properties of name compare function */

    ret = hx509_cert_init_data(context, certdata1, sizeof(certdata1) - 1, &c1);
    if (ret) return 1;

    ret = hx509_cert_init_data(context, certdata2, sizeof(certdata2) - 1, &c2);
    if (ret) return 1;

    ret = hx509_cert_init_data(context, certdata3, sizeof(certdata3) - 1, &c3);
    if (ret) return 1;

    ret = compare_subject(c1, c1, &l0);
    if (ret) return 1;
    ret = compare_subject(c1, c2, &l1);
    if (ret) return 1;
    ret = compare_subject(c1, c3, &l2);
    if (ret) return 1;
    ret = compare_subject(c2, c3, &l3);
    if (ret) return 1;

    if (l0 != 0) return 1;
    if (l2 < l1) return 1;
    if (l3 < l2) return 1;
    if (l3 < l1) return 1;

    hx509_cert_free(c1);
    hx509_cert_free(c2);
    hx509_cert_free(c3);

    return 0;
}
Exemple #2
0
/* Open the inner, decrypted PKCS7 and try to write cert.  */ 
void
write_local_cert(struct scep *s) {
	PKCS7			*p7;
	STACK_OF(X509)		*certs;
	X509			*cert = NULL;
	FILE			*fp;
	int			i;

	localcert = NULL;

	/* Get certs */
	p7 = s->reply_p7;
	certs = p7->d.sign->cert;
       
        if (v_flag) {
		printf ("write_local_cert(): found %d cert(s)\n", sk_X509_num(certs));
        }

	/* Find cert */
	for (i = 0; i < sk_X509_num(certs); i++) {
		char buffer[1024];
		cert = sk_X509_value(certs, i);
		if (v_flag) {
			printf("%s: found certificate with\n"
				"  subject: '%s'\n", pname,
				X509_NAME_oneline(X509_get_subject_name(cert),
					buffer, sizeof(buffer)));
			printf("  issuer: %s\n", 
				X509_NAME_oneline(X509_get_issuer_name(cert),
					buffer, sizeof(buffer)));
			printf("  request_subject: '%s'\n", 
				X509_NAME_oneline(X509_REQ_get_subject_name(request),
                                        buffer, sizeof(buffer)));
		}
		/* The subject has to match that of our request */
		if (!compare_subject(cert)) {
			
			if (v_flag)
				printf ("CN's of request and certificate matched!\n");

			/* The subject cannot be the issuer (selfsigned) */
			if (X509_NAME_cmp(X509_get_subject_name(cert),
				X509_get_issuer_name(cert))) {
					localcert = cert;
					break;
			}
		}	
	}
	if (localcert == NULL) {
		fprintf(stderr, "%s: cannot find requested certificate\n",
				pname);
		exit (SCEP_PKISTATUS_FILE);

	}
	/* Write PEM-formatted file: */
	if (!(fp = fopen(l_char, "w"))) {
		fprintf(stderr, "%s: cannot open cert file for writing\n",
				pname);
		exit (SCEP_PKISTATUS_FILE);
	}
	if (v_flag)
		printf("%s: writing cert\n", pname);
	if (d_flag)
		PEM_write_X509(stdout, localcert);
	if (PEM_write_X509(fp, localcert) != 1) {
		fprintf(stderr, "%s: error while writing certificate "
			"file\n", pname);
		ERR_print_errors_fp(stderr);
		exit (SCEP_PKISTATUS_FILE);
	}
	printf("%s: certificate written as %s\n", pname, l_char);
	(void)fclose(fp);
}