Esempio n. 1
0
DVT_STATUS CERTIFICATE_FILE_CLASS::importPem(const char* filename, bool certificatesOnly,
											 const char* password)

//  DESCRIPTION     : Import certificates from a PEM formated file.
//  PRECONDITIONS   :
//  POSTCONDITIONS  :
//  EXCEPTIONS      : 
//  NOTES           : Returns MSG_OK, MSG_ERROR, MSG_FILE_NOT_EXIST, MSG_NO_VALUE, MSG_INVALID_PASSWORD
//<<===========================================================================
{
	DVT_STATUS status = MSG_ERROR;
	STACK_OF(X509_INFO)* infoList_ptr = NULL;
	X509_INFO* x509Info_ptr;
	int count = 0;


	// read the file
	status = openSslM_ptr->readPemFile(filename, &infoList_ptr, 
					OPENSSL_CLASS::openSslPasswordCallback, (void *)password, loggerM_ptr);
	switch (status)
	{
	case MSG_FILE_NOT_EXIST:
	case MSG_ERROR:
	case MSG_INVALID_PASSWORD:
		goto end;
	}

	// for each certificate in the import file, add the certificate to this file's list
	while ((x509Info_ptr = sk_X509_INFO_shift(infoList_ptr)) != NULL)
	{
		if ((x509Info_ptr->x509 == NULL) && certificatesOnly)
		{
			// not a certificate and only intested in certificates, just free it
			X509_INFO_free(x509Info_ptr);
		}
		else
		{
			// add to the certificate list
			sk_X509_INFO_push(x509InfoListM_ptr, x509Info_ptr);
			count++;
		}
	}

	if (count == 0)
	{
		status = MSG_NO_VALUE;
	}
	else
	{
		status = MSG_OK;
	}

end:
	if (infoList_ptr != NULL) sk_X509_INFO_pop_free(infoList_ptr, X509_INFO_free);

	return status;
}
Esempio n. 2
0
/*
 * This function is used to load an X509_STORE using raw
 * data from a buffer.  The data is expected to be PEM
 * encoded.
 *
 * Returns the number of certs added to the store
 */
static int ossl_init_cert_store_from_raw (X509_STORE *store,
                                           unsigned char *raw, int size)
{
    STACK_OF(X509_INFO) * sk = NULL;
    X509_INFO *xi;
    BIO *in;
    int cert_cnt = 0;

    in = BIO_new_mem_buf(raw, size);
    if (in == NULL) {
        EST_LOG_ERR("Unable to open the raw CA cert buffer");
        return 0;
    }

    /* This loads from a file, a stack of x509/crl/pkey sets */
    sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
    if (sk == NULL) {
        EST_LOG_ERR("Unable to read PEM encoded certs from BIO");
        BIO_free(in);
        return 0;
    }
    BIO_free(in);

    /* scan over it and pull out the CRL's */
    while (sk_X509_INFO_num(sk)) {
        xi = sk_X509_INFO_shift(sk);
        if (xi->x509 != NULL) {
            EST_LOG_INFO("Adding cert to store (%s)", xi->x509->name);
            X509_STORE_add_cert(store, xi->x509);
	    cert_cnt++;
        }
        if (xi->crl != NULL) {
            EST_LOG_INFO("Adding CRL to store");
            X509_STORE_add_crl(store, xi->crl);
        }
        X509_INFO_free(xi);
    }

    if (sk != NULL) {
        sk_X509_INFO_pop_free(sk, X509_INFO_free);
    }
    return (cert_cnt);
}