void pki_evp::writePKCS8(const QString fname, const EVP_CIPHER *enc, pem_password_cb *cb, bool pem) { EVP_PKEY *pkey; pass_info p(XCA_TITLE, tr("Please enter the password protecting the PKCS#8 key '%1'").arg(getIntName())); FILE *fp = fopen(QString2filename(fname), "w"); if (fp != NULL) { if (key) { pkey = decryptKey(); if (pkey) { if (pem) PEM_write_PKCS8PrivateKey(fp, pkey, enc, NULL, 0, cb, &p); else i2d_PKCS8PrivateKey_fp(fp, pkey, enc, NULL, 0, cb, &p); EVP_PKEY_free(pkey); } } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_pkcs12::writePKCS12(const QString fname) { Passwd pass; pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file")); if (cert == NULL || key == NULL) { my_error(tr("No key or no Cert and no pkcs12")); } FILE *fp = fopen(QString2filename(fname), "wb"); if (fp != NULL) { if (PwDialog::execute(&p, &pass, true) != 1) { fclose(fp); return; } PKCS12 *pkcs12 = PKCS12_create(pass.data(), getIntName().toUtf8().data(), key->decryptKey(), cert->getCert(), certstack, 0, 0, 0, 0, 0); i2d_PKCS12_fp(fp, pkcs12); fclose (fp); openssl_error(); PKCS12_free(pkcs12); } else fopen_error(fname); }
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc, pem_password_cb *cb, bool pem) { EVP_PKEY *pkey; pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName())); if (isPubKey()) { writePublic(fname, pem); return; } FILE *fp = fopen(QString2filename(fname), "w"); if (!fp) { fopen_error(fname); return; } if (key){ pkey = decryptKey(); if (pkey) { if (pem) { PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p); } else { i2d_PrivateKey_fp(fp, pkey); } EVP_PKEY_free(pkey); } pki_openssl_error(); } fclose(fp); }
void pki_x509req::fload(const QString fname) { FILE *fp = fopen_read(fname); X509_REQ *_req; int ret = 0; if (fp != NULL) { _req = PEM_read_X509_REQ(fp, NULL, NULL, NULL); if (!_req) { pki_ign_openssl_error(); rewind(fp); _req = d2i_X509_REQ_fp(fp, NULL); } fclose(fp); if (ret || pki_ign_openssl_error()) { if (_req) X509_REQ_free(_req); throw errorEx(tr("Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.").arg(fname)); } } else { fopen_error(fname); return; } if (_req) { X509_REQ_free(request); request = _req; } autoIntName(); if (getIntName().isEmpty()) setIntName(rmslashdot(fname)); openssl_error(fname); }
void pki_crl::fload(const QString fname) { FILE *fp = fopen(QString2filename(fname), "r"); X509_CRL *_crl; if (fp != NULL) { _crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL); if (!_crl) { pki_ign_openssl_error(); rewind(fp); _crl = d2i_X509_CRL_fp(fp, NULL); } fclose(fp); if (pki_ign_openssl_error()) { if (_crl) X509_CRL_free(_crl); throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname)); } if (crl) X509_CRL_free(crl); crl = _crl; setIntName(rmslashdot(fname)); pki_openssl_error(); } else fopen_error(fname); }
pki_pkcs12::pki_pkcs12(const QString fname, pem_password_cb *cb) :pki_base(fname) { FILE *fp; char pass[MAX_PASS_LENGTH]; EVP_PKEY *mykey = NULL; X509 *mycert = NULL; key=NULL; cert=NULL; passcb = cb; class_name="pki_pkcs12"; certstack = sk_X509_new_null(); pass_info p(XCA_TITLE, tr("Please enter the password to decrypt the PKCS#12 file.") + "\n'" + fname + "'"); fp = fopen(QString2filename(fname), "rb"); if (fp) { PKCS12 *pkcs12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); if (ign_openssl_error()) { if (pkcs12) PKCS12_free(pkcs12); throw errorEx(tr("Unable to load the PKCS#12 (pfx) file %1.").arg(fname)); } if (PKCS12_verify_mac(pkcs12, "", 0) || PKCS12_verify_mac(pkcs12, NULL, 0)) pass[0] = '\0'; else if (passcb(pass, MAX_PASS_LENGTH, 0, &p) < 0) { /* cancel pressed */ PKCS12_free(pkcs12); throw errorEx("",""); } PKCS12_parse(pkcs12, pass, &mykey, &mycert, &certstack); int error = ERR_peek_error(); if (ERR_GET_REASON(error) == PKCS12_R_MAC_VERIFY_FAILURE) { ign_openssl_error(); PKCS12_free(pkcs12); throw errorEx(getClassName(), tr("The supplied password was wrong (%1)").arg(ERR_reason_error_string(error))); } ign_openssl_error(); if (mycert) { if (mycert->aux && mycert->aux->alias) { alias = asn1ToQString(mycert->aux->alias); alias = QString::fromUtf8(alias.toAscii()); } cert = new pki_x509(mycert); if (alias.isEmpty()) { cert->autoIntName(); } else { cert->setIntName(alias); } alias = cert->getIntName(); } if (mykey) { key = new pki_evp(mykey); key->setIntName(alias + "_key"); key->bogusEncryptKey(); } PKCS12_free(pkcs12); } else fopen_error(fname); }
void pki_multi::fload(const QString fname) { FILE * fp; BIO *bio = NULL; fp = fopen(QString2filename(fname), "r"); if (!fp) { fopen_error(fname); return; } bio = BIO_new_fp(fp, BIO_CLOSE); fromPEM_BIO(bio, fname); BIO_free(bio); };
void pki_x509req::writeReq(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp) { if (request){ if (pem) PEM_write_X509_REQ(fp, request); else i2d_X509_REQ_fp(fp, request); } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_key::writePublic(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp == NULL) { fopen_error(fname); return; } if (pem) PEM_write_PUBKEY(fp, key); else i2d_PUBKEY_fp(fp, key); fclose(fp); pki_openssl_error(); }
void pki_crl::writeCrl(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp != NULL) { if (crl){ if (pem) PEM_write_X509_CRL(fp, crl); else i2d_X509_CRL_fp(fp, crl); } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_pkcs12::writePKCS12(const QString fname) { char pass[MAX_PASS_LENGTH]; pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file")); if (cert == NULL || key == NULL) { my_error(tr("No key or no Cert and no pkcs12")); } FILE *fp = fopen(QString2filename(fname), "wb"); if (fp != NULL) { passcb(pass, MAX_PASS_LENGTH, 0, &p); PKCS12 *pkcs12 = PKCS12_create(pass, getIntName().toUtf8().data(), key->decryptKey(), cert->getCert(), certstack, 0, 0, 0, 0, 0); i2d_PKCS12_fp(fp, pkcs12); openssl_error(); fclose (fp); PKCS12_free(pkcs12); } else fopen_error(fname); }
void pki_evp::fload(const QString fname) { pass_info p(XCA_TITLE, qApp->translate("MainWindow", "Please enter the password to decrypt the private key: '%1'"). arg(fname)); pem_password_cb *cb = MainWindow::passRead; FILE *fp = fopen(QString2filename(fname), "r"); EVP_PKEY *pkey; pki_ign_openssl_error(); if (!fp) { fopen_error(fname); return; } pkey = PEM_read_PrivateKey(fp, NULL, cb, &p); if (!pkey) { if (ERR_get_error() == 0x06065064) { fclose(fp); pki_ign_openssl_error(); throw errorEx(tr("Failed to decrypt the key (bad password) ") + fname, class_name); } } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PrivateKey_fp(fp, NULL); } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, cb, &p); } if (!pkey) { PKCS8_PRIV_KEY_INFO *p8inf; pki_ign_openssl_error(); rewind(fp); p8inf = d2i_PKCS8_PRIV_KEY_INFO_fp(fp, NULL); if (p8inf) { pkey = EVP_PKCS82PKEY(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); } } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = PEM_read_PUBKEY(fp, NULL, cb, &p); } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PUBKEY_fp(fp, NULL); } fclose(fp); if (pki_ign_openssl_error()) { if (pkey) EVP_PKEY_free(pkey); throw errorEx(tr("Unable to load the private key in file %1. Tried PEM and DER private, public and PKCS#8 key types.").arg(fname)); } if (pkey){ if (pkey->type == EVP_PKEY_EC) search_ec_oid(pkey->pkey.ec); if (key) EVP_PKEY_free(key); key = pkey; if (EVP_PKEY_isPrivKey(key)) bogusEncryptKey(); setIntName(rmslashdot(fname)); } }