int
write_key_pem_private(FILE *fp, struct ndn_pkey *private_key_ndn, char *password)
{
unsigned long err;
int res = 0;
if (password) {
res = PEM_write_PKCS8PrivateKey (fp, (EVP_PKEY *) private_key_ndn, EVP_aes_256_cbc (), password, strlen(password), NULL, NULL);
}
else {
res = PEM_write_PrivateKey(fp, (EVP_PKEY *) private_key_ndn, NULL, NULL, 0, NULL, NULL);
}
if (!res) {
err = ERR_get_error();
PyErr_Format(g_PyExc_NDNKeyError, "Unable to write Private Key: %s",
ERR_reason_error_string(err));
return -1;
}
return 0;
}
int main(int argc, char *argv[])
{
FILE *fp = fopen("ecdsa.pem", "w");
FILE *fp1 = fopen("ecdsa_pub.pem", "w");
/*EVP_PKEY is a structure used by openssl to store private keys*/
EVP_PKEY *root_pkey;
initOpenSSL();
/*Generate a private key for root CA*/
root_pkey = generate_PrivateKey();
/*Printing it on the stdout*/
PEM_write_PrivateKey(stdout, root_pkey, NULL, NULL, 0, 0, NULL);
PEM_write_PUBKEY(stdout, root_pkey);
/*Copying private key on the file */
PEM_write_PrivateKey(fp, root_pkey, NULL, NULL, 0, 0, NULL);
/*Copying public key on the file */
PEM_write_PUBKEY(fp1, root_pkey);
/*Free the allocated EVP_PKEY structure*/
EVP_PKEY_free(root_pkey);
return 0;
}
int main(int argc, char **argv)
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509,&pkey,argv[1],1024,0,365);
FILE* file = fopen(argv[2], "w");
PEM_write_PrivateKey(file,pkey,NULL,NULL,0,NULL, NULL);
fclose(file);
printf("Private key written to: %s\n", argv[2]);
file = fopen(argv[3], "w");
X509_print_fp(file,x509);
PEM_write_X509(file,x509);
fclose(file);
printf("Certificate written to: %s\n", argv[3]);
X509_free(x509);
EVP_PKEY_free(pkey);
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
int main()
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509, &pkey, 512, 0, 365);
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifdef CUSTOM_EXT
/* Only needed if we add objects or custom extensions */
X509V3_EXT_cleanup();
OBJ_cleanup();
#endif
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
int
isns_dsa_store_private(const char *name, EVP_PKEY *key)
{
FILE *fp;
int rv, fd;
if ((fd = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) {
isns_error("Cannot save DSA key to %s: %m\n", name);
return 0;
}
if (!(fp = fdopen(fd, "w"))) {
isns_error("fdopen(%s): %m\n", name);
close(fd);
return 0;
}
rv = PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL);
fclose(fp);
if (rv == 0)
isns_dsasig_report_errors("Failed to store private key",
isns_error);
return rv;
}
int main(int argc, char **argv)
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509,&pkey,512,0,365);
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,x509);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,x509);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc,
pem_password_cb *cb, bool pem)
{
EVP_PKEY *pkey;
pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName()));
if (isPubKey()) {
writePublic(fname, pem);
return;
}
FILE *fp = fopen(QString2filename(fname), "w");
if (!fp) {
fopen_error(fname);
return;
}
if (key){
pkey = decryptKey();
if (pkey) {
if (pem) {
PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p);
} else {
i2d_PrivateKey_fp(fp, pkey);
}
EVP_PKEY_free(pkey);
}
pki_openssl_error();
}
fclose(fp);
}
int main(int argc, char **argv)
{
void *pkey;
pkey = EVP_PKEY_new();
FILE f = fopen(pem,"w");
if (!f)
return 0;
PEM_write_PrivateKey(f,pkey,EVP_des_ede3_cbc(),NULL,0,NULL,NULL);
fclose(f);
return 0;
}
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
int i;
if (argc != 4) {
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit (1);
}
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "rb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose (fp);
if (!p12) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit (1);
}
if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit (1);
}
PKCS12_free(p12);
if (!(fp = fopen(argv[3], "w"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
if (pkey) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca && sk_X509_num(ca)) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}
fclose(fp);
return 0;
}
gboolean
WritePemFile(EVP_PKEY *pkey, // IN
const gchar *keyFile, // IN
X509 *cert, // IN
const gchar *certFile) // IN
{
FILE *file;
gboolean ret = FALSE;
gchar *err = NULL;
mode_t mode;
mode = umask(066);
file = fopen(keyFile, "w");
if (!file) {
Error("Failed to open %s: %s.\n", keyFile, strerror(errno));
goto exit;
}
if (!PEM_write_PrivateKey(file, pkey, NULL, NULL, 0, NULL, NULL)) {
Error("Failed to write the private key file %s: %s.\n",
keyFile, GetSSLError(&err));
goto exit;
}
fclose(file);
umask(022);
file = fopen(certFile, "w");
if (!file) {
Error("Failed to open %s: %s.\n", certFile, strerror(errno));
goto exit;
}
if (!PEM_write_X509(file, cert)) {
Error("Failed to write the certificate file %s: %s.\n",
certFile, GetSSLError(&err));
goto exit;
}
ret = TRUE;
exit:
if (file) {
fclose(file);
}
g_free(err);
umask(mode);
return ret;
}
int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
EVP_PKEY *k;
int ret;
k = EVP_PKEY_new();
if (!k)
return 0;
EVP_PKEY_set1_DSA(k, x);
ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
EVP_PKEY_free(k);
return ret;
}
void saveCertKeyPair(const char* certFile, const char* p12File, const char* keyPairFile, CertKeyPair certKeyPair) {
FILE* certFilePtr = fopen(certFile, "w");
FILE* keyPairFilePtr = fopen(keyPairFile, "w");
FILE* p12FilePtr = fopen(p12File, "wb");
//TODO: error check
PEM_write_PrivateKey(keyPairFilePtr, certKeyPair.pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(certFilePtr, certKeyPair.x509);
i2d_PKCS12_fp(p12FilePtr, certKeyPair.p12);
fclose(p12FilePtr);
fclose(certFilePtr);
fclose(keyPairFilePtr);
}
int RSAprivKeyToFile(EVP_PKEY* privKey, char* fname, int* msglen){
FILE * f = NULL;
if(privKey == NULL || fname == NULL ||
strlen(fname)<1 || msglen == NULL)
return 0;
f = fopen(fname, "w");
if (f == NULL)
return 0;
*msglen = PEM_write_PrivateKey(f , privKey, NULL, NULL, 0, 0, NULL);
fclose(f);
if(*msglen < 1)
return 0;
return 1;
}
int main(int argc, char *argv[])
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
FILE *f;
#ifdef _WIN32
WSADATA data;
#endif
if(argc<2)
{
fprintf(stderr,"Usage: %s <filename>",argv[0]);
return -1;
}
#ifdef _WIN32
if(WSAStartup (MAKEWORD (1, 1), &data))
{
fprintf(stderr,"WSAStartup failed");
return -1;
}
#endif
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509,&pkey,1024,0,3650); /* Passing 100 years here causes buffer overrun!! */
f = fopen(argv[1],"w");
if(!f)
{
perror("Couldn't create key file");
return -1;
}
PEM_write_PrivateKey(f,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(f,x509);
fclose(f);
X509_free(x509);
EVP_PKEY_free(pkey);
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
/*
* Save Private Key with a hashed filename.
* Return: 0 on success, 1 on failure.
*/
static int savePKeyHome( X509* cert, EVP_PKEY * pkey)
{
char buf[4096];
FILE * fp = NULL;
unsigned int i = 0;
int retval = 1;
char *dir = get_current_dir_name();
if (dir) {
/*Attempt to create .dillo/certs blindly - check later*/
snprintf(buf,4096,"%s/.mDolphin/", dir);
if (opendir(buf)==NULL)
mkdir(buf, 01777);
snprintf(buf,4096,"%s/.mDolphin/certs/", dir);
if (opendir(buf)==NULL)
mkdir(buf, 01777);
do{
snprintf(buf,4096,"%s/.mDolphin/certs/%lx.%s",
dir, X509_issuer_name_hash(cert), "key");
fp=fopen(buf, "r");
if (fp == NULL){
/*File name doesn't exist so we can use it safely*/
fp=fopen(buf, "w");
if (fp == NULL){
printf("Unable to open key save file in home dir\n");
break;
} else {
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, 0, NULL);
fclose(fp);
retval = 0;
break;
}
} else {
fclose(fp);
}
i++;
/*Don't loop too many times - just give up*/
} while( i < 1024 );
free(dir);
}
return retval;
}
Try<Nothing> write_key_file(EVP_PKEY* private_key, const Path& path)
{
// We use 'FILE*' here because it is an API requirement by openssl.
FILE* file = fopen(path.value.c_str(), "wb");
if (file == NULL) {
return Error("Failed to open file '" + stringify(path) + "' for writing");
}
if (PEM_write_PrivateKey(file, private_key, NULL, NULL, 0, NULL, NULL) != 1) {
fclose(file);
return Error("Failed to write private key to file '" + stringify(path) +
"': PEM_write_PrivateKey");
}
fclose(file);
return Nothing();
}
void mkcert(X509_REQ* req, const char* rootkey, const char* rootcert, const char* passwd)
{
RSA* rsa_key = EVP_PKEY_get1_RSA(X509_PUBKEY_get(req->req_info->pubkey));
int key_length = RSA_size(rsa_key);
if (key_len != 128) {
fprintf(stderr, "CA::key length of req is %d, not long enough\n");
return NULL;
}
X509* cacert = X509_new();
assert(cacert != NULL);
load_cacert(&cacert, rootcert);
EVP_PKEY* cakey = EVP_PKEY_new();
load_cakey(&cakey, rootkey, passwd);
PEM_write_PrivateKey(stdout, cakey, NULL, NULL, 0, NULL, NULL);
PEM_write_PUBKEY(stdout, cakey);
X509* x = X509_new();
X509_set_version(x, 3);
ASN1_INTEGER_set(X509_get_serialNumber(x), 1024);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * 365);
X509_set_pubkey(x, X509_PUBKEY_get(req->req_info->pubkey));
X509_set_subject_name(x, X509_REQ_get_subject_name(req));
X509_set_issuer_name(x, X509_get_subject_name(cacert));
assert(X509_sign(x, cakey, EVP_sha1()) > 0);
FILE* f = fopen("usercert.pem", "wb");
PEM_write_X509(f, x);
fclose(f);
X509_print_fp(stdout, x);
PEM_write_X509(stdout, x);
X509_free(cacert);
EVP_PKEY_free(cakey);
}
int key_store(key_t *key)
{
FILE *fp = NULL;
if (key->fn) {
fp = fopen(key->fn, "w");
if (fp) {
PEM_write_PrivateKey(fp, key->key,
NULL, NULL, 0, NULL, NULL);
fclose(fp);
return 1;
} else {
ERROR("Cannot create file %s\n", key->fn);
}
} else {
ERROR("Key filename not specified\n");
}
return 0;
}
/* cr_load_certs : loads private key and certificates from files
* if cert_file and key_file are NULL , the function will generate
* a dynamic certificate and private key
*/
void cr_load_certs(SSL_CTX *ssl,u_char *cert_file,u_char *key_file)
{
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
if(cert_file == NULL || key_file == NULL) {
/* generate a public certificate and a private key */
cr_make_cert(&cert,&pkey,2048,0,365);
SSL_CTX_use_certificate(ssl, cert);
SSL_CTX_use_PrivateKey(ssl, pkey);
#ifdef CR_MK_CERT
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,cert);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,cert);
#endif
} else {
if (SSL_CTX_use_certificate_file(ssl, (const char*)cert_file,
SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_RSAPrivateKey_file(ssl, (const char*)key_file,
SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}
}
if (!SSL_CTX_check_private_key(ssl)) {
perrx("Private key does not match the certificate public key\n");
exit(5);
}
}
static void dump_cert(struct dtls_cert *cert) {
FILE *fp;
char *buf;
size_t len;
if (get_log_level() < LOG_DEBUG)
return;
/* cert */
fp = open_memstream(&buf, &len);
PEM_write_X509(fp, cert->x509);
fclose(fp);
ilog(LOG_DEBUG, "Dump of DTLS certificate:");
buf_dump_free(buf, len);
/* key */
fp = open_memstream(&buf, &len);
PEM_write_PrivateKey(fp, cert->pkey, NULL, NULL, 0, 0, NULL);
fclose(fp);
ilog(LOG_DEBUG, "Dump of DTLS private key:");
buf_dump_free(buf, len);
}
/*
* Create identity
*/
int build_identity(void)
{
EVP_PKEY * pkey ;
RSA * rsa ;
EC_KEY * ecc ;
X509 * cert ;
X509_NAME * name ;
identity ca ;
char filename[FIELD_SZ+5];
FILE * pem ;
/* Check before overwriting */
sprintf(filename, "%s.crt", certinfo.cn);
if (access(filename, F_OK)!=-1) {
fprintf(stderr, "identity named %s already exists in this directory. Exiting now\n", filename);
return -1 ;
}
sprintf(filename, "%s.key", certinfo.cn);
if (access(filename, F_OK)!=-1) {
fprintf(stderr, "identity named %s already exists in this directory. Exiting now\n", filename);
return -1 ;
}
switch (certinfo.profile) {
case PROFILE_ROOT_CA:
strcpy(certinfo.ou, "Root");
break;
case PROFILE_SUB_CA:
strcpy(certinfo.ou, "Sub");
break;
case PROFILE_SERVER:
strcpy(certinfo.ou, "Server");
break;
case PROFILE_CLIENT:
strcpy(certinfo.ou, "Client");
break;
case PROFILE_WWW:
strcpy(certinfo.ou, "Server");
break;
default:
fprintf(stderr, "Unknown profile: aborting\n");
return -1 ;
}
if (certinfo.ec_name[0] && certinfo.profile!=PROFILE_CLIENT) {
fprintf(stderr, "ECC keys are only supported for clients\n");
return -1 ;
}
if (certinfo.profile != PROFILE_ROOT_CA) {
/* Need to load signing CA */
if (load_ca(certinfo.signing_ca, &ca)!=0) {
fprintf(stderr, "Cannot find CA key or certificate\n");
return -1 ;
}
/* Organization is the same as root */
X509_NAME_get_text_by_NID(X509_get_subject_name(ca.cert),
NID_organizationName,
certinfo.o,
FIELD_SZ);
}
/* Generate key pair */
if (certinfo.ec_name[0]) {
printf("Generating EC key [%s]\n", certinfo.ec_name);
ecc = EC_KEY_new_by_curve_name(OBJ_txt2nid(certinfo.ec_name));
if (!ecc) {
fprintf(stderr, "Unknown curve: [%s]\n", certinfo.ec_name);
return -1 ;
}
EC_KEY_set_asn1_flag(ecc, OPENSSL_EC_NAMED_CURVE);
EC_KEY_generate_key(ecc);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(pkey, ecc);
} else {
printf("Generating RSA-%d key\n", certinfo.rsa_keysz);
pkey = EVP_PKEY_new();
rsa = RSA_generate_key(certinfo.rsa_keysz, RSA_F4, progress, 0);
EVP_PKEY_assign_RSA(pkey, rsa);
}
/* Assign all certificate fields */
cert = X509_new();
X509_set_version(cert, 2);
set_serial128(cert);
X509_gmtime_adj(X509_get_notBefore(cert), 0);
X509_gmtime_adj(X509_get_notAfter(cert), certinfo.days * 24*60*60);
X509_set_pubkey(cert, pkey);
name = X509_get_subject_name(cert);
if (certinfo.c[0]) {
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)certinfo.c, -1, -1, 0);
}
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)certinfo.o, -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)certinfo.cn, -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, (unsigned char*)certinfo.ou, -1, -1, 0);
if (certinfo.l[0]) {
X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC, (unsigned char *)certinfo.l, -1, -1, 0);
}
if (certinfo.st[0]) {
X509_NAME_add_entry_by_txt(name, "ST", MBSTRING_ASC, (unsigned char *)certinfo.st, -1, -1, 0);
}
/* Set extensions according to profile */
switch (certinfo.profile) {
case PROFILE_ROOT_CA:
/* CA profiles can issue certs and sign CRLS */
set_extension(cert, cert, NID_basic_constraints, "critical,CA:TRUE");
set_extension(cert, cert, NID_key_usage, "critical,keyCertSign,cRLSign");
set_extension(cert, cert, NID_subject_key_identifier, "hash");
set_extension(cert, cert, NID_authority_key_identifier, "keyid:always");
break ;
case PROFILE_SUB_CA:
/* CA profiles can issue certs and sign CRLS */
set_extension(ca.cert, cert, NID_basic_constraints, "critical,CA:TRUE");
set_extension(ca.cert, cert, NID_key_usage, "critical,keyCertSign,cRLSign");
set_extension(ca.cert, cert, NID_subject_key_identifier, "hash");
set_extension(ca.cert, cert, NID_authority_key_identifier, "keyid:always");
break;
case PROFILE_CLIENT:
if (certinfo.san[0]) {
set_extension(ca.cert, cert, NID_subject_alt_name, certinfo.san);
}
set_extension(ca.cert, cert, NID_basic_constraints, "CA:FALSE");
set_extension(ca.cert, cert, NID_anyExtendedKeyUsage, "clientAuth");
set_extension(ca.cert, cert, NID_key_usage, "digitalSignature");
set_extension(ca.cert, cert, NID_subject_key_identifier, "hash");
set_extension(ca.cert, cert, NID_authority_key_identifier, "issuer:always,keyid:always");
break ;
case PROFILE_SERVER:
if (certinfo.san[0]) {
set_extension(ca.cert, cert, NID_subject_alt_name, certinfo.san);
}
set_extension(ca.cert, cert, NID_basic_constraints, "CA:FALSE");
set_extension(ca.cert, cert, NID_netscape_cert_type, "server");
set_extension(ca.cert, cert, NID_anyExtendedKeyUsage, "serverAuth");
set_extension(ca.cert, cert, NID_key_usage, "digitalSignature,keyEncipherment");
set_extension(ca.cert, cert, NID_subject_key_identifier, "hash");
set_extension(ca.cert, cert, NID_authority_key_identifier, "issuer:always,keyid:always");
break ;
case PROFILE_WWW:
if (certinfo.san[0]) {
set_extension(ca.cert, cert, NID_subject_alt_name, certinfo.san);
}
set_extension(ca.cert, cert, NID_basic_constraints, "CA:FALSE");
set_extension(ca.cert, cert, NID_netscape_cert_type, "server");
set_extension(ca.cert, cert, NID_anyExtendedKeyUsage, "serverAuth,clientAuth");
set_extension(ca.cert, cert, NID_key_usage, "digitalSignature,keyEncipherment");
set_extension(ca.cert, cert, NID_subject_key_identifier, "hash");
set_extension(ca.cert, cert, NID_authority_key_identifier, "issuer:always,keyid:always");
break;
case PROFILE_UNKNOWN:
default:
break ;
}
/* Set issuer */
if (certinfo.profile==PROFILE_ROOT_CA) {
/* Self-signed */
X509_set_issuer_name(cert, name);
X509_sign(cert, pkey, EVP_sha256());
} else {
/* Signed by parent CA */
X509_set_issuer_name(cert, X509_get_subject_name(ca.cert));
X509_sign(cert, ca.key, EVP_sha256());
}
printf("Saving results to %s.[crt|key]\n", certinfo.cn);
pem = fopen(filename, "wb");
PEM_write_PrivateKey(pem, pkey, NULL, NULL, 0, NULL, NULL);
fclose(pem);
sprintf(filename, "%s.crt", certinfo.cn);
pem = fopen(filename, "wb");
PEM_write_X509(pem, cert);
fclose(pem);
X509_free(cert);
EVP_PKEY_free(pkey);
if (certinfo.profile!=PROFILE_ROOT_CA) {
X509_free(ca.cert);
EVP_PKEY_free(ca.key);
}
printf("done\n");
return 0;
}
int genrequest(char department[], char cname0[]) {
X509_REQ *webrequest = NULL;
EVP_PKEY *pubkey = NULL;
X509_NAME *reqname = NULL;
DSA *mydsa = NULL;
RSA *myrsa = NULL;
BIO *outbio = NULL;
X509_NAME_ENTRY *e;
int i;
FILE *fp, *fp2;
char buf[80] = "";
char country[81] = "UK";
char province[81] = "Gloucestershire";
char locality[81] = "Tetbury";
char organisation[81] = "TETBURY SOFTWARE SERVICES Ltd";
char email_addr[81] = "*****@*****.**";
char cname1[81] = "";
char cname2[81] = "";
char surname[81] = "";
char givenname[81] = "";
char keytype[81] = "rsa";
int rsastrength = 4096;
int dsastrength = 0;
/* we do not accept requests with no data, i.e. being empty with just a
public key. Although technically possible to sign and create a cert,
they don't make much sense. We require here at least one CN supplied. */
if(strlen(cname0) == 0 && strlen(cname1) == 0 && strlen(cname2) == 0)
printf("Error supply at least one CNAME in request subject");
/* -------------------------------------------------------------------------- *
* These function calls are essential to make many PEM + other openssl *
* functions work. It is not well documented, I found out after looking into *
* the openssl source directly. *
* needed by: PEM_read_PrivateKey(), X509_REQ_verify() ... *
* -------------------------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* ------------------------------------------------------------------------- *
* Generate the key pair based on the selected keytype *
* ------------------------------------------------------------------------- */
if ((pubkey=EVP_PKEY_new()) == NULL)
printf("Error creating EVP_PKEY structure.");
if(strcmp(keytype, "rsa") == 0) {
myrsa = RSA_new();
if (! (myrsa = RSA_generate_key(rsastrength, RSA_F4, NULL, NULL)))
printf("Error generating the RSA key.");
if (!EVP_PKEY_assign_RSA(pubkey,myrsa))
printf("Error assigning RSA key to EVP_PKEY structure.");
}
else if(strcmp(keytype, "dsa") == 0) {
mydsa = DSA_new();
mydsa = DSA_generate_parameters(dsastrength, NULL, 0, NULL, NULL,
NULL, NULL);
if (! (DSA_generate_key(mydsa)))
printf("Error generating the DSA key.");
if (!EVP_PKEY_assign_DSA(pubkey,mydsa))
printf("Error assigning DSA key to EVP_PKEY structure.");
}
else
printf("Error: Wrong keytype - choose either RSA or DSA.");
/* ------------------------------------------------------------------------- *
* Generate the certificate request from scratch *
* ------------------------------------------------------------------------- */
if ((webrequest=X509_REQ_new()) == NULL)
printf("Error creating new X509_REQ structure.");
if (X509_REQ_set_pubkey(webrequest, pubkey) == 0)
printf("Error setting public key for X509_REQ structure.");
if ((reqname=X509_REQ_get_subject_name(webrequest)) == NULL)
printf("Error setting public key for X509_REQ structure.");
/* The following functions create and add the entries, working out *
* the correct string type and performing checks on its length. *
* We also check the return value for errors... */
if(strlen(country) != 0)
X509_NAME_add_entry_by_txt(reqname,"C", MBSTRING_ASC,
(unsigned char*) country, -1, -1, 0);
if(strlen(province) != 0)
X509_NAME_add_entry_by_txt(reqname,"ST", MBSTRING_ASC,
(unsigned char *) province, -1, -1, 0);
if(strlen(locality) != 0)
X509_NAME_add_entry_by_txt(reqname,"L", MBSTRING_ASC,
(unsigned char *) locality, -1, -1, 0);
if(strlen(organisation) != 0)
X509_NAME_add_entry_by_txt(reqname,"O", MBSTRING_ASC,
(unsigned char *) organisation, -1, -1, 0);
if(strlen(department) != 0)
X509_NAME_add_entry_by_txt(reqname,"OU", MBSTRING_ASC,
(unsigned char *) department, -1, -1, 0);
if(strlen(email_addr) != 0)
X509_NAME_add_entry_by_txt(reqname,"emailAddress", MBSTRING_ASC,
(unsigned char *) email_addr, -1, -1, 0);
if(strlen(cname0) != 0)
X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC,
(unsigned char *) cname0, -1, -1, 0);
if(strlen(cname1) != 0)
X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC,
(unsigned char *) cname1, -1, -1, 0);
if(strlen(cname2) != 0)
X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC,
(unsigned char *) cname2, -1, -1, 0);
if(strlen(surname) != 0)
X509_NAME_add_entry_by_txt(reqname,"SN", MBSTRING_ASC,
(unsigned char *) surname, -1, -1, 0);
if(strlen(givenname) != 0)
X509_NAME_add_entry_by_txt(reqname,"GN", MBSTRING_ASC,
(unsigned char *) givenname, -1, -1, 0);
/* ------------------------------------------------------------------------- *
* Sign the certificate request: md5 for RSA keys, dss for DSA keys *
* ------------------------------------------------------------------------- */
if(strcmp(keytype, "rsa") == 0) {
if (!X509_REQ_sign(webrequest,pubkey,EVP_md5()))
printf("Error MD5 signing X509_REQ structure.");
}
else if(strcmp(keytype, "dsa") == 0) {
if (!X509_REQ_sign(webrequest,pubkey,EVP_dss()))
printf("Error DSS signing X509_REQ structure.");
}
/* ------------------------------------------------------------------------- *
* and sort out the content plus start the html output *
* ------------------------------------------------------------------------- */
if (! (fp=fopen("clave_publica.pem", "w")))
printf("No puedo crear el fichero de la request");
if (! (fp2=fopen("clave_privada.pem", "w")))
printf("No puedo crear el fichero de la clave privada");
outbio = BIO_new(BIO_s_file());
BIO_set_fp(outbio, fp, BIO_NOCLOSE);
if (! PEM_write_bio_X509_REQ(outbio, webrequest))
printf("Error printing the request");
for (i = 0; i < X509_NAME_entry_count(reqname); i++) {
e = X509_NAME_get_entry(reqname, i);
OBJ_obj2txt(buf, 80, e->object, 0);
}
PEM_write_PrivateKey(fp2,pubkey,NULL,NULL,0,0,NULL);
BIO_free(outbio);
fclose(fp);
fclose(fp2);
return(0);
}
/* ChangePasswordPEM() returns:
* -1 Wrong password
* 0 Changing password failed for unknown reason
* 1 Password changed successfully
*/
int ChangePasswordPEM(HWND hwndDlg)
{
char keyfile[MAX_PATH];
char oldpsw[50];
char newpsw[50];
WCHAR oldpsw_unicode[50];
WCHAR newpsw_unicode[50];
FILE *fp;
EVP_PKEY *privkey;
/* Get filename, old_psw and new_psw from Dialog */
GetDlgItemText(hwndDlg, TEXT_KEYFILE, keyfile, sizeof(keyfile) - 1);
GetDlgItemTextW(hwndDlg, EDIT_PSW_CURRENT, oldpsw_unicode, sizeof(oldpsw_unicode)/2 - 1);
GetDlgItemTextW(hwndDlg, EDIT_PSW_NEW, newpsw_unicode, sizeof(newpsw_unicode)/2 - 1);
/* Convert Unicode to ASCII (CP850) */
ConvertUnicode2Ascii(oldpsw_unicode, oldpsw, sizeof(oldpsw));
if (!ConvertUnicode2Ascii(newpsw_unicode, newpsw, sizeof(newpsw)))
{
ShowLocalizedMsg(GUI_NAME, ERR_INVALID_CHARS_IN_PSW, "");
return(-1);
}
privkey = EVP_PKEY_new();
/* Open old keyfile for reading */
if (! (fp = fopen (keyfile, "r")))
{
/* can't open key file */
ShowLocalizedMsg(GUI_NAME, ERR_OPEN_PRIVATE_KEY_FILE, keyfile);
return(0);
}
/* Import old key */
if (! (privkey = PEM_read_PrivateKey (fp, NULL, NULL, oldpsw)))
{
/* wrong password */
ShowLocalizedMsg(GUI_NAME, ERR_OLD_PWD_INCORRECT, "");
fclose(fp);
return(-1);
}
fclose(fp);
/* Open keyfile for writing */
if (! (fp = fopen (keyfile, "w")))
{
/* can't open file rw */
ShowLocalizedMsg(GUI_NAME, ERR_OPEN_WRITE_KEY, keyfile);
EVP_PKEY_free(privkey);
return(0);
}
/* Write new key to file */
if (strlen(newpsw) == 0)
{
/* No passphrase */
if ( !(PEM_write_PrivateKey(fp, privkey, \
NULL, NULL, /* Use NO encryption */
0, 0, NULL)))
{
/* error writing new key */
ShowLocalizedMsg(GUI_NAME, ERR_WRITE_NEW_KEY, keyfile);
EVP_PKEY_free(privkey);
fclose(fp);
return(0);
}
}
else
{
/* Use passphrase */
if ( !(PEM_write_PrivateKey(fp, privkey, \
EVP_des_ede3_cbc(), /* Use 3DES encryption */
newpsw, (int) strlen(newpsw), 0, NULL)))
{
/* can't write new key */
ShowLocalizedMsg(GUI_NAME, ERR_WRITE_NEW_KEY, keyfile);
EVP_PKEY_free(privkey);
fclose(fp);
return(0);
}
}
EVP_PKEY_free(privkey);
fclose(fp);
/* signal success to user */
ShowLocalizedMsg(GUI_NAME, INFO_PWD_CHANGED, "");
return(1);
}
int generate_rsa(void)
{
int iRet = EXIT_SUCCESS;
EVP_PKEY* pPrivKey = NULL;
EVP_PKEY* pPubKey = NULL;
FILE* pFile = NULL;
const EVP_CIPHER* pCipher = NULL;
init_openssl();
pPrivKey = create_rsa_key();
pPubKey = create_rsa_key();
if(pPrivKey && pPubKey)
{/* Save the keys */
if((pFile = fopen("privkey.pem","wt")) && (pCipher = EVP_aes_256_cbc()))
{
if(!PEM_write_PrivateKey(pFile,pPrivKey,pCipher,
(unsigned char*)pcszPassphrase,
(int)strlen(pcszPassphrase),NULL,NULL))
{
fprintf(stderr,"PEM_write_PrivateKey failed.\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
}
fclose(pFile);
pFile = NULL;
if(iRet == EXIT_SUCCESS)
{
if((pFile = fopen("pubkey.pem","wt")) && PEM_write_PUBKEY(pFile,pPubKey))
fprintf(stderr,"Both keys saved.\n");
else
{
handle_openssl_error();
iRet = EXIT_FAILURE;
}
if(pFile)
{
fclose(pFile);
pFile = NULL;
}
}
}
else
{
fprintf(stderr,"Cannot create \"privkey.pem\".\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
if(pFile)
{
fclose(pFile);
pFile = NULL;
}
}
if(iRet == EXIT_SUCCESS)
{/* Read the keys */
EVP_PKEY_free(pPrivKey);
pPrivKey = NULL;
EVP_PKEY_free(pPubKey);
pPubKey = NULL;
if((pFile = fopen("privkey.pem","rt")) &&
(pPrivKey = PEM_read_PrivateKey(pFile,NULL,passwd_callback,(void*)pcszPassphrase)))
{
fprintf(stderr,"Private key read.\n");
}
else
{
fprintf(stderr,"Cannot read \"privkey.pem\".\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
}
if(pFile)
{
fclose(pFile);
pFile = NULL;
}
if((pFile = fopen("pubkey.pem","rt")) &&
(pPubKey = PEM_read_PUBKEY(pFile,NULL,NULL,NULL)))
{
fprintf(stderr,"Public key read.\n");
}
else
{
fprintf(stderr,"Cannot read \"pubkey.pem\".\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
}
char msg[2048/8]; // Get rid of the newline
int session_seed = rand();
sprintf(msg, "%d", session_seed);
// Encrypt the message
}
}
if(pPrivKey)
{
EVP_PKEY_free(pPrivKey);
pPrivKey = NULL;
}
if(pPubKey)
{
EVP_PKEY_free(pPubKey);
pPubKey = NULL;
}
cleanup_openssl();
return iRet;
}
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12 = NULL;
char *name = NULL;
int i, ret = EXIT_FAILURE;
if (argc != 4) {
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit(EXIT_FAILURE);
}
if ((fp = fopen(argv[1], "rb")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(EXIT_FAILURE);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (p12 == NULL) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
goto err;
}
if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
goto err;
}
name = find_friendly_name(p12);
PKCS12_free(p12);
if ((fp = fopen(argv[3], "w")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
goto err;
}
if (name != NULL)
fprintf(fp, "***Friendly Name***\n%s\n", name);
if (pkey != NULL) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert != NULL) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca != NULL && sk_X509_num(ca) > 0) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}
fclose(fp);
ret = EXIT_SUCCESS;
err:
OPENSSL_free(name);
X509_free(cert);
EVP_PKEY_free(pkey);
sk_X509_pop_free(ca, X509_free);
return ret;
}
int
main(int argc, char **argv) {
FILE *fp = NULL;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12 = NULL;
char *pass = strdup("");
int i;
if (argc != 2) {
fprintf(stderr, "[!] Usage: %s certificate.p12\n", argv[0]);
exit(1);
}
printf("[+] Initializing OpenSSL\n");
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
printf("[+] Opening PKCS#12 certificate\n");
if (!(fp = fopen(argv[1], "r"))) {
fprintf(stderr, "[!] Unable to open certificate `%s'\n", argv[1]);
goto endpkcs12;
}
if (chdir(dirname(argv[1])) == -1) {
fprintf(stderr, "[!] Unable to change directory to `%s'\n",
dirname(argv[1]));
goto endpkcs12;
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp); fp = NULL;
if (!p12) {
fprintf(stderr, "[!] Unable to parse PKCS#12 certificate: %s\n",
ERR_reason_error_string(ERR_get_error()));
goto endpkcs12;
}
while (!PKCS12_parse(p12, pass, &pkey, &cert, &ca)) {
ca = NULL;
free(pass);
if (getpassword("[?] Password: "******"[!] PKCS#12 certificate is incomplete\n");
goto endpkcs12;
}
#define PEM_w(path, call) \
do { \
if (!(fp = fopen(path, "w"))) { \
fprintf(stderr, "[!] Unable to open `%s'\n", path); \
goto endpkcs12; \
} \
printf("[+] Write certificate to `%s'\n", path); \
call; \
fclose(fp); fp = NULL; \
} while(0)
PEM_w("user.pem", PEM_write_X509(fp, cert));
PEM_w("user.key", PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL));
PEM_w("cacert.pem",
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509(fp, sk_X509_value(ca, i)));
sk_free(ca); X509_free(cert); EVP_PKEY_free(pkey);
exit(0);
endpkcs12:
if (pass) free(pass);
if (ca) sk_free(ca);
if (cert) X509_free(cert);
if (pkey) EVP_PKEY_free(pkey);
if (p12) PKCS12_free(p12);
if (fp) fclose(fp);
exit(1);
}
SL::Remote_Access_Library::Crypto::CertSaveLocation SL::Remote_Access_Library::Crypto::CreateCertificate(const CertInfo& info) {
assert(INTERNAL::Started);//you must ensure proper startup of the encryption library!
CryptoKeys cry;
CertSaveLocation svloc;
SL_RAT_LOG(Utilities::Logging_Levels::INFO_log_level, "Starting to generate a certifiate and private key!");
if (!cry.x509Certificate || !cry.PrivateKey) {
SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to allocate space for the certificate and private key!");
return svloc;
}
auto rsa = RSA_generate_key(info.bits, RSA_F4, NULL, NULL);
if (!EVP_PKEY_assign_RSA(cry.PrivateKey, rsa)) {
SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed EVP_PKEY_assign_RSA");
return svloc;
}
X509_set_version(cry.x509Certificate, 2);
ASN1_INTEGER_set(X509_get_serialNumber(cry.x509Certificate), info.Serial);
X509_gmtime_adj(X509_get_notBefore(cry.x509Certificate), 0);
X509_gmtime_adj(X509_get_notAfter(cry.x509Certificate), (long)60 * 60 * 24 * info.DaysValid);
X509_set_pubkey(cry.x509Certificate, cry.PrivateKey);
auto name = X509_get_subject_name(cry.x509Certificate);
/* This function creates and adds the entry, working out the
* correct string type and performing checks on its length.
* Normally we'd check the return value for errors...
*/
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char*)info.country.c_str(), -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char*)info.companyname.c_str(), -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const unsigned char*)info.commonname.c_str(), -1, -1, 0);
/* Its self signed so set the issuer name to be the same as the
* subject.
*/
X509_set_issuer_name(cry.x509Certificate, name);
/* Add various extensions: standard extensions */
add_ext(cry.x509Certificate, NID_basic_constraints, (char*)"critical,CA:TRUE");
add_ext(cry.x509Certificate, NID_key_usage, (char*)"critical,keyCertSign,cRLSign");
add_ext(cry.x509Certificate, NID_subject_key_identifier, (char*)"hash");
/* Some Netscape specific extensions */
add_ext(cry.x509Certificate, NID_netscape_cert_type, (char*)"sslCA");
add_ext(cry.x509Certificate, NID_netscape_comment, (char*)"example comment extension");
if (!X509_sign(cry.x509Certificate, cry.PrivateKey, EVP_sha256())) {
SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to sign the certifiate!");
return svloc;
}
std::string saveloc = info.savelocation;
if (saveloc.back() != '/' && saveloc.back() != '\\') saveloc += '/';
assert(!saveloc.empty());
svloc.Private_Key = saveloc + info.filename + "_private.pem";
cry.priv_keyfile = fopen(svloc.Private_Key.c_str(), "wb");
if(cry.priv_keyfile!=NULL){
SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to open the Private Key File '" << svloc.Private_Key << "' for writing!");
svloc.Private_Key = "";
return svloc;
}
PEM_write_PrivateKey(
cry.priv_keyfile, /* write the key to the file we've opened */
cry.PrivateKey, /* our key from earlier */
EVP_des_ede3_cbc(), /* default cipher for encrypting the key on disk */
(unsigned char*)info.password.c_str(), /* passphrase required for decrypting the key on disk */
static_cast<int>(info.password.size()), /* length of the passphrase string */
NULL, /* callback for requesting a password */
NULL /* data to pass to the callback */
);
svloc.Certificate = saveloc + info.filename + "_cert.crt";
cry.certfile = fopen(svloc.Certificate.c_str(), "wb");
if(cry.certfile!=NULL){
SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to open the Certificate File '" << svloc.Certificate << "' for writing!");
svloc.Certificate = "";
return svloc;
}
return svloc;
}
int main()
{
EVP_PKEY *pKey;
RSA *rsa;
X509 *x509;
X509_NAME *name;
X509_EXTENSION *ex;
FILE *fp;
int KEY_SIZE = 2048;
int days = 365;
pKey = EVP_PKEY_new(); // Create a private key
rsa = RSA_generate_key(
KEY_SIZE, // Key length (bits)
RSA_F4, // Exponent
NULL, // Callback
NULL // Callback argument
);
EVP_PKEY_assign_RSA(pKey, rsa);
x509 = X509_new();
X509_set_version(x509, 3);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60 * 24 * days);
X509_set_pubkey(x509, pKey);
name = X509_get_subject_name(x509);
X509_NAME_add_entry_by_txt(name, "C",
MBSTRING_ASC, "Wnmp", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
MBSTRING_ASC, "Wnmp", -1, -1, 0);
X509_set_issuer_name(x509, name);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x509, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
"Wnmp by Kurt Cancemi");
X509_add_ext(x509, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
"localhost");
X509_add_ext(x509, ex, -1);
X509_EXTENSION_free(ex);
X509_sign(x509, pKey, EVP_sha1());
if (!(fp = fopen(KEY_PUB, "w"))) {
printf("Error writing to public key file");
return -1;
}
if (PEM_write_X509(fp, x509) != 1)
printf("Error while writing public key");
fclose(fp);
if (!(fp = fopen(KEY_PRV, "w"))) {
printf("Error writing to private key file");
return -1;
}
if (PEM_write_PrivateKey(fp, pKey, NULL, NULL, 0, NULL, NULL) != 1)
printf("Error while writing private key");
fclose(fp);
X509_free(x509);
EVP_PKEY_free(pKey);
return 0;
}
SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
{
//BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
char *rsa = NULL, *pvt = NULL;
FILE *fp;
char *pem = NULL;
if (switch_stristr(".pem", prefix)) {
if (switch_is_file_path(prefix)) {
pem = strdup(prefix);
} else {
pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
}
if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) {
goto end;
}
} else {
if (switch_is_file_path(prefix)) {
pvt = switch_mprintf("%s.key", prefix);
rsa = switch_mprintf("%s.crt", prefix);
} else {
pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
}
if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
goto end;
}
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
//bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509, &pkey, 1024, 0, 36500);
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
//X509_print_fp(stdout, x509);
if (pem) {
if ((fp = fopen(pem, "w"))) {
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(fp, x509);
fclose(fp);
}
} else {
if (pvt && (fp = fopen(pvt, "w"))) {
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
fclose(fp);
}
if (rsa && (fp = fopen(rsa, "w"))) {
PEM_write_X509(fp, x509);
fclose(fp);
}
}
X509_free(x509);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
//CRYPTO_mem_leaks(bio_err);
//BIO_free(bio_err);
end:
switch_safe_free(pvt);
switch_safe_free(rsa);
switch_safe_free(pem);
return(0);
}
