Пример #1
2
/*
This function take a user certificate and a private key in x509 format and
convert it into pkcs12 format. This function returns -1 if a problem occurs, 0 otherwise
*/
int convert_x509_to_p12(char *privkey, char *clicert, char *p12cert)
{
	X509      *cert;
        PKCS12    *p12;
        EVP_PKEY  *cert_privkey;
        FILE      *certfile, *keyfile, *p12file;
        int       bytes = 0;

	OpenSSL_add_all_algorithms();
        ERR_load_crypto_strings();

        /* Read the private key file */
        if ((cert_privkey = EVP_PKEY_new()) == NULL){
                printf("Error creating EVP_PKEY structure.\n");
		return -1;
	}
        if (! (keyfile = fopen(privkey, "r"))){
                printf("Error cant read certificate private key file.\n");
		return -1;
	}
        if (! (cert_privkey = PEM_read_PrivateKey(keyfile, NULL, NULL, NULL))){
                printf("Error loading certificate private key content.\n");
		return -1;
	}
        fclose(keyfile);

        /* Read the user certificate */
        if (! (certfile = fopen(clicert, "r"))){
                printf("Error cant read certificate file.\n");
		return -1;
	}
        if (! (cert = PEM_read_X509(certfile, NULL, NULL, NULL))){
                printf("Error loading cert into memory.\n");
		return -1;
	}
        fclose(certfile);

        /* Generate the p12 certificate */
        if ((p12 = PKCS12_new()) == NULL){
                printf("Error creating PKCS12 structure.\n");
		return -1;}
        p12 = PKCS12_create(NULL, NULL, cert_privkey, cert, NULL, 0, 0, 0, 0, 0);
        if ( p12 == NULL){
                printf("Error generating a valid PKCS12 certificate.\n");
		return -1;
	}
        if (! (p12file = fopen(p12cert, "w"))){
                printf("Error cant open pkcs12 certificate file for writing.\n");
		return -1;
	}
	bytes = i2d_PKCS12_fp(p12file, p12);
        if (bytes <= 0){
                printf("Error writing PKCS12 certificate.\n");
		return -1;
	}
        fclose(p12file);
        PKCS12_free(p12);
	X509_free(cert);
	EVP_PKEY_free(cert_privkey);

	return 0;
}
/*
 * 	Pass the key-size and the password and this function returns
 * 	the PKCS12 structure as a stream.
 */
PKCS12* create_PKCS12_stream(int keysize, const char *password)
{
     EVP_PKEY *privkey = NULL;
     X509 *x509_cert = NULL;
     STACK_OF(X509) *cacertstack = NULL;
     PKCS12 *pkcs12bundle = NULL;
     
     if(!keysize || !password)
     {
          fprintf(stderr,"Invalid key-size and/or password.\n");
          return NULL;
     }
     if(keysize > MAX_KEY_SIZE)
     {
          fprintf(stderr,"Limit the keysize to 4096 bits.\n");
          return NULL;
     }
     
     init_openssl();
     
     privkey = create_rsa_key(keysize);
     if(privkey == NULL)
     {
          return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
     }
     fprintf(stdout,"Successfully created rsa key.\n");
     
     x509_cert = create_x509_cert(privkey);
     if(x509_cert == NULL)
     {
          return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
     }
     fprintf(stdout,"Successfully created x509 certificate.\n");
     
     cacertstack = create_ca_cert_stack(x509_cert);
     if(cacertstack == NULL)
     {
          return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
     }
     fprintf(stdout,"Successfully created stack-of-x509.\n");
     
     if ((pkcs12bundle = PKCS12_new()) == NULL)
     {
          fprintf(stderr,"PKCS12_new failed.\n");
          return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
     }
	pkcs12bundle = PKCS12_create(
                         (char*)password,	// certbundle access password
                         "thali",	// friendly certname
                         privkey,	// the certificate private key
                         x509_cert,	// the main certificate
                         cacertstack,	// stack of CA cert chain
                         0,	// int nid_key (default 3DES)
                         0,	// int nid_cert (40bitRC2)
                         0,	// int iter (default 2048)
                         0,	// int mac_iter (default 1)
                         0	// int keytype (default no flag)
                         );
     if (pkcs12bundle == NULL)
     {
          fprintf(stderr,"PKCS12_create failed.\n");
          return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
     }
     fprintf(stdout,"Successfully created pkcs12 bundle.\n");
     
     free_openssl_resources(privkey, x509_cert, cacertstack);
     
     return pkcs12bundle; //TODO: Make this a stream (char *)
}
Пример #3
0
PKCS12 *
PKCS12_init(int mode)
{
	PKCS12 *pkcs12;

	if (!(pkcs12 = PKCS12_new())) {
		PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ASN1_INTEGER_set(pkcs12->version, 3);
	pkcs12->authsafes->type = OBJ_nid2obj(mode);
	switch (mode) {
	case NID_pkcs7_data:
		if (!(pkcs12->authsafes->d.data =
		    ASN1_OCTET_STRING_new())) {
			PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		break;
	default:
		PKCS12err(PKCS12_F_PKCS12_INIT,
		    PKCS12_R_UNSUPPORTED_PKCS12_MODE);
		goto err;
	}

	return pkcs12;

err:
	if (pkcs12 != NULL)
		PKCS12_free(pkcs12);
	return NULL;
}
Пример #4
0
/*
 * Private
 */
static VALUE
ossl_pkcs12_s_allocate(VALUE klass)
{
    PKCS12 *p12;
    VALUE obj;

    if(!(p12 = PKCS12_new())) ossl_raise(ePKCS12Error, NULL);
    WrapPKCS12(klass, obj, p12);

    return obj;
}
Пример #5
0
void openssl_pkcs12_cert()
{
	FILE *tmpfile;
	PKCS12 *pkcs12s;
	EVP_PKEY *certprk;
	X509 *cscert, *cacert;
	STACK_OF(X509) * cacerts;

	OpenSSL_add_all_algorithms();
	ERR_load_crypto_strings();

	certprk = EVP_PKEY_new();
	tmpfile = fopen(PKEYF, "r");
	certprk = PEM_read_PrivateKey(tmpfile, NULL, NULL, NULL);
	fclose(tmpfile);

	tmpfile = fopen(PCERTF, "r");
	cscert = PEM_read_X509(tmpfile, NULL, NULL, NULL);
	fclose(tmpfile);

	tmpfile = fopen(RCERTF, "r");
	cacert = PEM_read_X509(tmpfile, NULL, NULL, NULL);
	fclose(tmpfile);

	pkcs12s = PKCS12_new();
	cacerts = sk_X509_new_null();
	sk_X509_push(cacerts, cacert);
	pkcs12s = PKCS12_create("beike2012", "mypkcs12", certprk, cscert,
							cacerts, 0, 0, 0, 0, 0);
	tmpfile = fopen(PKCS12F, "w");
	if (i2d_PKCS12_fp(tmpfile, pkcs12s) <= 0)
		openssl_error_show("i2d_PKCS12_fp", 1);
	fclose(tmpfile);
	sk_X509_free(cacerts);
	PKCS12_free(pkcs12s);
}