inline size_t certificate_request::write_der(void* buf) const
		{
			unsigned char* out = static_cast<unsigned char*>(buf);
			unsigned char** pout = out != NULL ? &out : NULL;

			int result = i2d_X509_REQ(ptr().get(), pout);

			error::throw_error_if(result < 0);

			return result;
		}
Esempio n. 2
0
main3()
	{
	FILE *in;
	unsigned char buf[10240],buf2[10240],*p;
	int num,i;

	X509_REQ *nx=NULL,*mx=NULL;

	in=fopen("req.der","r");
	if (in == NULL)
		{
		perror("req.der");
		exit(1);
		}
	num=fread(buf,1,10240,in);
	fclose(in);


		p=buf;
		if (d2i_X509_REQ(&nx,&p,num) == NULL) goto err;
		printf("num=%d p-buf=%d\n",num,p-buf);

		p=buf2;
		num=i2d_X509_REQ(nx,&p);
		printf("num=%d p-buf=%d\n",num,p-buf2);

		if (memcmp(buf,buf2,num) != 0)
			{
			fprintf(stderr,"data difference\n");
			for (i=0; i<num; i++)
				fprintf(stderr,"%c%03d <%02X-%02X>\n",
					(buf[i] == buf2[i])?' ':'*',i,
					buf[i],buf2[i]);
			fprintf(stderr,"\n");
			exit(1);
			}

	return(1);
err:
	ERR_load_crypto_strings();
	ERR_print_errors(stderr);
	return(0);
	}
unsigned long OPF_SM2SignCSR(OPT_HCONTAINER hContainer,
	const unsigned char *pbCSR, unsigned long ulCSR,unsigned long ulAlg,
	unsigned char * pbCSRSigned, unsigned long * pulCSRSignedLen)
{
	unsigned long rv = -1;
	X509_REQ * req =  NULL;
	unsigned char sig_value[BUFFER_LEN_1K] = {0};
	unsigned long sig_len = BUFFER_LEN_1K;
	unsigned long encode_len = BUFFER_LEN_1K;
	unsigned char encode_value[BUFFER_LEN_1K] = {0};
	unsigned char reg_info_value[BUFFER_LEN_1K * 4] = {0};
	unsigned long reg_info_len = BUFFER_LEN_1K * 4;

	const unsigned char * ptr_in = NULL;
	unsigned char * ptr_out = NULL;

	ptr_in = pbCSR;

	req = d2i_X509_REQ(NULL, &ptr_in, ulCSR);
	if (NULL == req)
	{
		goto err;
	}

	ptr_out = reg_info_value;

	reg_info_len = i2d_X509_REQ_INFO(req->req_info, &ptr_out);

	// sign req
	rv = PKCS11_SM2SignMSG(hContainer, reg_info_value,reg_info_len,ulAlg, sig_value, &sig_len);
	if(rv)
	{
		goto err;
	}

	rv = SM2SignAsn1Convert(sig_value,SM2_BYTES_LEN, sig_value + SM2_BYTES_LEN,SM2_BYTES_LEN, encode_value, &encode_len);
	FILE_LOG_STRING(file_log_name, "rv");
	FILE_LOG_NUMBER(file_log_name, rv);
	FILE_LOG_STRING(file_log_name, "encode_value");
	FILE_LOG_HEX(file_log_name, encode_value, encode_len);
	if (rv)
	{
		goto err;
	}

	ASN1_BIT_STRING_set(req->signature,encode_value, encode_len);
	req->signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
	req->signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;



	ptr_out = pbCSRSigned;

	*pulCSRSignedLen = i2d_X509_REQ(req, &ptr_out);

	rv = 0;
err:

	if(req)
	{
		X509_REQ_free(req);
	}

	return rv;
}
Esempio n. 4
0
int openssl_x509_cert()
{
	BIO *b;
	FILE *fp;
	RSA *rsa;
	EVP_PKEY *pkey;
	X509_NAME *name;
	const EVP_MD *md;
	X509_REQ *req, **req2;
	X509_NAME_ENTRY *entry;
	unsigned int len;
	char bytes[COMM_LEN];
	const unsigned char *pp;
	unsigned char *p, *der, *mdout, buf[MAX1_LEN];

	OpenSSL_add_all_algorithms();
	printf("\nX509_Cert info:\n");
	return -1;
	
	req = X509_REQ_new();
	X509_REQ_set_version(req, 1);

	name = X509_NAME_new();
	strcpy(bytes, "beike");
	entry = X509_NAME_ENTRY_create_by_txt(&entry, "commonName",
 		V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
	X509_NAME_add_entry(name, entry, 0, -1);
	strcpy(bytes, "BEIJING");
	entry = X509_NAME_ENTRY_create_by_txt(&entry, "countryName",
		V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
	X509_NAME_add_entry(name, entry, 1, -1);
	X509_REQ_set_subject_name(req, name);

	pkey = EVP_PKEY_new();
	rsa = RSA_generate_key(LINE_LEN, RSA_3, NULL, NULL);
	EVP_PKEY_assign_RSA(pkey, rsa);
	X509_REQ_set_pubkey(req, pkey);

	strcpy(bytes, "USTB");
	X509_REQ_add1_attr_by_txt(req, "organizationName",
		V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));
	strcpy(bytes, "TECH");
	X509_REQ_add1_attr_by_txt(req, "organizationalUnitName",
		V_ASN1_UTF8STRING, (unsigned char *)bytes, strlen(bytes));

	md = EVP_sha1();
	X509_REQ_digest(req, md, mdout, &len);
	X509_REQ_sign(req, pkey, md);
	b = BIO_new_file("/tmp/certreq.txt", "w");
	PEM_write_bio_X509_REQ(b, req);
	BIO_free(b);

	len = i2d_X509_REQ(req, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_X509_REQ(req, &p);
	X509_REQ_verify(req, pkey);
	fp = fopen("/tmp/certder.txt", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	free(der);
	X509_REQ_free(req);

	b = BIO_new_file("/tmp/certreq.txt", "r");
	PEM_read_bio_X509_REQ(b, NULL, NULL, NULL);

	fp = fopen("/tmp/certder.txt", "r");
	len = fread(buf, 1, MAX1_LEN, fp);
	fclose(fp);
	pp = buf;
	req2 = (X509_REQ **) malloc(sizeof(X509_REQ *));
	d2i_X509_REQ(req2, &pp, len);

	free(req2);
	X509_REQ_free(*req2);

	return 0;
}
Esempio n. 5
0
/* Creates an X509 certificate request (2nd stage). */
int MakeCertificateRequest2(unsigned char *reqbuf, int *reqlen, char *x500dn, EVP_PKEY *usrkey)
{
	X509 *racert = NULL;
	EVP_PKEY *rakey = NULL;
	X509_REQ *x = NULL;
	X509_NAME *subject = NULL;
	unsigned char *p = NULL;
	int ret, len;

	if (reqbuf == NULL || reqlen == NULL || x500dn == NULL || usrkey == NULL)
		return OPENSSLCA_ERR_ARGS;

	/* Create new request */
	if ((x = X509_REQ_new()) == NULL) {
		ret = OPENSSLCA_ERR_REQ_NEW;
		goto err;
	}

	/* Set public key in request */
	if (X509_REQ_set_pubkey(x, usrkey) != 1) {
		ret = OPENSSLCA_ERR_REQ_SET_PUBKEY;
		goto err;
	}

	/* Set subject name */
	subject = X509_REQ_get_subject_name(x);
	if (subject == NULL) {
		ret = OPENSSLCA_ERR_REQ_GET_SUBJECT;
		goto err;
	}
	ret = dn2subject(x500dn, subject);
	if (ret != OPENSSLCA_NO_ERR)
		goto err;

	if (caIni.signRequests) {
		/* Sign request with RA's private key */
		ret = read_key(&rakey, CA_PATH(caIni.raKeyFile), caIni.raKeyPasswd);
		if (ret != OPENSSLCA_NO_ERR)
			goto err;
		if (!X509_REQ_sign(x, rakey, EVP_sha1())) {
			ret = OPENSSLCA_ERR_REQ_SIGN;
			goto err;
		}

		if (caIni.verifyAfterSign) {
			/* Get RA's public key */
			/* TODO: Validate RA certificate */
			ret = read_cert(&racert, CA_PATH(caIni.raCertFile));
			if (ret != OPENSSLCA_NO_ERR)
				goto err;

			EVP_PKEY_free(rakey);
			if ((rakey = X509_get_pubkey(racert)) == NULL) {
				ret = OPENSSLCA_ERR_CERT_GET_PUBKEY;
				goto err;
			}

			/* Verify signature on request */
			if (X509_REQ_verify(x, rakey) != 1) {
				ret = OPENSSLCA_ERR_REQ_VERIFY;
				goto err;
			}
		}
	}

#ifdef _DEBUG /* Output request in PEM format */
	{
		FILE *fp = fopen(DBG_PATH("request.pem"), "w");
		if (fp != NULL) {
			X509_REQ_print_fp(fp, x);
			PEM_write_X509_REQ(fp, x);
			fclose(fp);
		}
	}
#endif

	/* Encode request into DER format */
	len = i2d_X509_REQ(x, NULL);
	if (len < 0) {
		ret = OPENSSLCA_ERR_REQ_ENCODE;
		goto err;
	}
	if (len > *reqlen) {
		ret = OPENSSLCA_ERR_BUF_TOO_SMALL;
		goto err;
	}
	*reqlen = len;
	p = reqbuf;
	i2d_X509_REQ(x, &p);

err:
	if (racert)
		X509_free(racert);
	if (rakey)
		EVP_PKEY_free(rakey);
	if (x)
		X509_REQ_free(x);

	return ret;
}
Esempio n. 6
0
bool avjackif::async_register_new_user(std::string user_name, boost::asio::yield_context yield_context)
{
	// 先发 client_hello
	if( m_shared_key.empty())
		async_client_hello(yield_context);

	auto digest = EVP_sha1();

	// 先生成 RSA 密钥
	_rsa.reset(RSA_generate_key(2048, 65537, 0, 0), RSA_free);

	// 然后生成 CSR
	boost::shared_ptr<X509_REQ> csr(X509_REQ_new(), X509_REQ_free);

	boost::shared_ptr<EVP_PKEY> pkey(EVP_PKEY_new(), EVP_PKEY_free);
	EVP_PKEY_set1_RSA(pkey.get(), _rsa.get());

	// 添加证书申请信息

	auto subj =X509_REQ_get_subject_name(csr.get());
/*	X509_NAME_add_entry_by_NID(subj, NID_countryName, "CN");
	X509_NAME_add_entry_by_NID(subj, NID_stateOrProvinceName, "Shanghai");
	X509_NAME_add_entry_by_NID(subj, NID_localityName, "Shanghai");
	X509_NAME_add_entry_by_NID(subj, NID_organizationName, "avplayer");
	X509_NAME_add_entry_by_NID(subj, NID_organizationalUnitName, "sales");
*/	X509_NAME_add_entry_by_NID(subj, NID_commonName, user_name);
//	X509_NAME_add_entry_by_NID(subj, NID_pkcs9_emailAddress, "test-client");

	X509_REQ_set_pubkey(csr.get(), pkey.get());

	// 签出 CSR
	X509_REQ_sign(csr.get(), pkey.get(), digest);

	unsigned char * out = NULL;
	auto csr_out_len = i2d_X509_REQ(csr.get(), &out);

	std::string csrout((char*)out, csr_out_len);

	OPENSSL_free(out);
	out = NULL;
	auto rsa_key_out_len = i2d_RSA_PUBKEY(_rsa.get(), &out);

	std::string rsa_key((char*)out, rsa_key_out_len);
	OPENSSL_free(out);

	PEM_write_X509_REQ(stderr, csr.get());

	// 然后发送 注册信息
	proto::user_register user_register;

	user_register.set_user_name(user_name);
	user_register.set_rsa_pubkey(rsa_key);
	user_register.set_csr(csrout);

	boost::asio::async_write(*m_sock, boost::asio::buffer(av_router::encode(user_register)), yield_context);

	// 读取应答
	std::unique_ptr<proto::user_register_result> user_register_result((proto::user_register_result*)async_read_protobuf_message(*m_sock, yield_context));

	return user_register_result->result() == proto::user_register_result::REGISTER_SUCCEED;
}