inline size_t certificate_request::write_der(void* buf) const
{
unsigned char* out = static_cast<unsigned char*>(buf);
unsigned char** pout = out != NULL ? &out : NULL;
int result = i2d_X509_REQ(ptr().get(), pout);
error::throw_error_if(result < 0);
return result;
}
main3()
{
FILE *in;
unsigned char buf[10240],buf2[10240],*p;
int num,i;
X509_REQ *nx=NULL,*mx=NULL;
in=fopen("req.der","r");
if (in == NULL)
{
perror("req.der");
exit(1);
}
num=fread(buf,1,10240,in);
fclose(in);
p=buf;
if (d2i_X509_REQ(&nx,&p,num) == NULL) goto err;
printf("num=%d p-buf=%d\n",num,p-buf);
p=buf2;
num=i2d_X509_REQ(nx,&p);
printf("num=%d p-buf=%d\n",num,p-buf2);
if (memcmp(buf,buf2,num) != 0)
{
fprintf(stderr,"data difference\n");
for (i=0; i<num; i++)
fprintf(stderr,"%c%03d <%02X-%02X>\n",
(buf[i] == buf2[i])?' ':'*',i,
buf[i],buf2[i]);
fprintf(stderr,"\n");
exit(1);
}
return(1);
err:
ERR_load_crypto_strings();
ERR_print_errors(stderr);
return(0);
}
unsigned long OPF_SM2SignCSR(OPT_HCONTAINER hContainer,
const unsigned char *pbCSR, unsigned long ulCSR,unsigned long ulAlg,
unsigned char * pbCSRSigned, unsigned long * pulCSRSignedLen)
{
unsigned long rv = -1;
X509_REQ * req = NULL;
unsigned char sig_value[BUFFER_LEN_1K] = {0};
unsigned long sig_len = BUFFER_LEN_1K;
unsigned long encode_len = BUFFER_LEN_1K;
unsigned char encode_value[BUFFER_LEN_1K] = {0};
unsigned char reg_info_value[BUFFER_LEN_1K * 4] = {0};
unsigned long reg_info_len = BUFFER_LEN_1K * 4;
const unsigned char * ptr_in = NULL;
unsigned char * ptr_out = NULL;
ptr_in = pbCSR;
req = d2i_X509_REQ(NULL, &ptr_in, ulCSR);
if (NULL == req)
{
goto err;
}
ptr_out = reg_info_value;
reg_info_len = i2d_X509_REQ_INFO(req->req_info, &ptr_out);
// sign req
rv = PKCS11_SM2SignMSG(hContainer, reg_info_value,reg_info_len,ulAlg, sig_value, &sig_len);
if(rv)
{
goto err;
}
rv = SM2SignAsn1Convert(sig_value,SM2_BYTES_LEN, sig_value + SM2_BYTES_LEN,SM2_BYTES_LEN, encode_value, &encode_len);
FILE_LOG_STRING(file_log_name, "rv");
FILE_LOG_NUMBER(file_log_name, rv);
FILE_LOG_STRING(file_log_name, "encode_value");
FILE_LOG_HEX(file_log_name, encode_value, encode_len);
if (rv)
{
goto err;
}
ASN1_BIT_STRING_set(req->signature,encode_value, encode_len);
req->signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
req->signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
ptr_out = pbCSRSigned;
*pulCSRSignedLen = i2d_X509_REQ(req, &ptr_out);
rv = 0;
err:
if(req)
{
X509_REQ_free(req);
}
return rv;
}
int openssl_x509_cert()
{
BIO *b;
FILE *fp;
RSA *rsa;
EVP_PKEY *pkey;
X509_NAME *name;
const EVP_MD *md;
X509_REQ *req, **req2;
X509_NAME_ENTRY *entry;
unsigned int len;
char bytes[COMM_LEN];
const unsigned char *pp;
unsigned char *p, *der, *mdout, buf[MAX1_LEN];
OpenSSL_add_all_algorithms();
printf("\nX509_Cert info:\n");
return -1;
req = X509_REQ_new();
X509_REQ_set_version(req, 1);
name = X509_NAME_new();
strcpy(bytes, "beike");
entry = X509_NAME_ENTRY_create_by_txt(&entry, "commonName",
V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
X509_NAME_add_entry(name, entry, 0, -1);
strcpy(bytes, "BEIJING");
entry = X509_NAME_ENTRY_create_by_txt(&entry, "countryName",
V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
X509_NAME_add_entry(name, entry, 1, -1);
X509_REQ_set_subject_name(req, name);
pkey = EVP_PKEY_new();
rsa = RSA_generate_key(LINE_LEN, RSA_3, NULL, NULL);
EVP_PKEY_assign_RSA(pkey, rsa);
X509_REQ_set_pubkey(req, pkey);
strcpy(bytes, "USTB");
X509_REQ_add1_attr_by_txt(req, "organizationName",
V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
strcpy(bytes, "TECH");
X509_REQ_add1_attr_by_txt(req, "organizationalUnitName",
V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
md = EVP_sha1();
X509_REQ_digest(req, md, mdout, &len);
X509_REQ_sign(req, pkey, md);
b = BIO_new_file("/tmp/certreq.txt", "w");
PEM_write_bio_X509_REQ(b, req);
BIO_free(b);
len = i2d_X509_REQ(req, NULL);
der = (unsigned char *)malloc(len);
p = der;
len = i2d_X509_REQ(req, &p);
X509_REQ_verify(req, pkey);
fp = fopen("/tmp/certder.txt", "wb");
fwrite(der, 1, len, fp);
fclose(fp);
free(der);
X509_REQ_free(req);
b = BIO_new_file("/tmp/certreq.txt", "r");
PEM_read_bio_X509_REQ(b, NULL, NULL, NULL);
fp = fopen("/tmp/certder.txt", "r");
len = fread(buf, 1, MAX1_LEN, fp);
fclose(fp);
pp = buf;
req2 = (X509_REQ **) malloc(sizeof(X509_REQ *));
d2i_X509_REQ(req2, &pp, len);
free(req2);
X509_REQ_free(*req2);
return 0;
}
/* Creates an X509 certificate request (2nd stage). */
int MakeCertificateRequest2(unsigned char *reqbuf, int *reqlen, char *x500dn, EVP_PKEY *usrkey)
{
X509 *racert = NULL;
EVP_PKEY *rakey = NULL;
X509_REQ *x = NULL;
X509_NAME *subject = NULL;
unsigned char *p = NULL;
int ret, len;
if (reqbuf == NULL || reqlen == NULL || x500dn == NULL || usrkey == NULL)
return OPENSSLCA_ERR_ARGS;
/* Create new request */
if ((x = X509_REQ_new()) == NULL) {
ret = OPENSSLCA_ERR_REQ_NEW;
goto err;
}
/* Set public key in request */
if (X509_REQ_set_pubkey(x, usrkey) != 1) {
ret = OPENSSLCA_ERR_REQ_SET_PUBKEY;
goto err;
}
/* Set subject name */
subject = X509_REQ_get_subject_name(x);
if (subject == NULL) {
ret = OPENSSLCA_ERR_REQ_GET_SUBJECT;
goto err;
}
ret = dn2subject(x500dn, subject);
if (ret != OPENSSLCA_NO_ERR)
goto err;
if (caIni.signRequests) {
/* Sign request with RA's private key */
ret = read_key(&rakey, CA_PATH(caIni.raKeyFile), caIni.raKeyPasswd);
if (ret != OPENSSLCA_NO_ERR)
goto err;
if (!X509_REQ_sign(x, rakey, EVP_sha1())) {
ret = OPENSSLCA_ERR_REQ_SIGN;
goto err;
}
if (caIni.verifyAfterSign) {
/* Get RA's public key */
/* TODO: Validate RA certificate */
ret = read_cert(&racert, CA_PATH(caIni.raCertFile));
if (ret != OPENSSLCA_NO_ERR)
goto err;
EVP_PKEY_free(rakey);
if ((rakey = X509_get_pubkey(racert)) == NULL) {
ret = OPENSSLCA_ERR_CERT_GET_PUBKEY;
goto err;
}
/* Verify signature on request */
if (X509_REQ_verify(x, rakey) != 1) {
ret = OPENSSLCA_ERR_REQ_VERIFY;
goto err;
}
}
}
#ifdef _DEBUG /* Output request in PEM format */
{
FILE *fp = fopen(DBG_PATH("request.pem"), "w");
if (fp != NULL) {
X509_REQ_print_fp(fp, x);
PEM_write_X509_REQ(fp, x);
fclose(fp);
}
}
#endif
/* Encode request into DER format */
len = i2d_X509_REQ(x, NULL);
if (len < 0) {
ret = OPENSSLCA_ERR_REQ_ENCODE;
goto err;
}
if (len > *reqlen) {
ret = OPENSSLCA_ERR_BUF_TOO_SMALL;
goto err;
}
*reqlen = len;
p = reqbuf;
i2d_X509_REQ(x, &p);
err:
if (racert)
X509_free(racert);
if (rakey)
EVP_PKEY_free(rakey);
if (x)
X509_REQ_free(x);
return ret;
}
bool avjackif::async_register_new_user(std::string user_name, boost::asio::yield_context yield_context)
{
// 先发 client_hello
if( m_shared_key.empty())
async_client_hello(yield_context);
auto digest = EVP_sha1();
// 先生成 RSA 密钥
_rsa.reset(RSA_generate_key(2048, 65537, 0, 0), RSA_free);
// 然后生成 CSR
boost::shared_ptr<X509_REQ> csr(X509_REQ_new(), X509_REQ_free);
boost::shared_ptr<EVP_PKEY> pkey(EVP_PKEY_new(), EVP_PKEY_free);
EVP_PKEY_set1_RSA(pkey.get(), _rsa.get());
// 添加证书申请信息
auto subj =X509_REQ_get_subject_name(csr.get());
/* X509_NAME_add_entry_by_NID(subj, NID_countryName, "CN");
X509_NAME_add_entry_by_NID(subj, NID_stateOrProvinceName, "Shanghai");
X509_NAME_add_entry_by_NID(subj, NID_localityName, "Shanghai");
X509_NAME_add_entry_by_NID(subj, NID_organizationName, "avplayer");
X509_NAME_add_entry_by_NID(subj, NID_organizationalUnitName, "sales");
*/ X509_NAME_add_entry_by_NID(subj, NID_commonName, user_name);
// X509_NAME_add_entry_by_NID(subj, NID_pkcs9_emailAddress, "test-client");
X509_REQ_set_pubkey(csr.get(), pkey.get());
// 签出 CSR
X509_REQ_sign(csr.get(), pkey.get(), digest);
unsigned char * out = NULL;
auto csr_out_len = i2d_X509_REQ(csr.get(), &out);
std::string csrout((char*)out, csr_out_len);
OPENSSL_free(out);
out = NULL;
auto rsa_key_out_len = i2d_RSA_PUBKEY(_rsa.get(), &out);
std::string rsa_key((char*)out, rsa_key_out_len);
OPENSSL_free(out);
PEM_write_X509_REQ(stderr, csr.get());
// 然后发送 注册信息
proto::user_register user_register;
user_register.set_user_name(user_name);
user_register.set_rsa_pubkey(rsa_key);
user_register.set_csr(csrout);
boost::asio::async_write(*m_sock, boost::asio::buffer(av_router::encode(user_register)), yield_context);
// 读取应答
std::unique_ptr<proto::user_register_result> user_register_result((proto::user_register_result*)async_read_protobuf_message(*m_sock, yield_context));
return user_register_result->result() == proto::user_register_result::REGISTER_SUCCEED;
}