void pki_evp::writePKCS8(const QString fname, const EVP_CIPHER *enc,
pem_password_cb *cb, bool pem)
{
EVP_PKEY *pkey;
pass_info p(XCA_TITLE, tr("Please enter the password protecting the PKCS#8 key '%1'").arg(getIntName()));
FILE *fp = fopen(QString2filename(fname), "w");
if (fp != NULL) {
if (key) {
pkey = decryptKey();
if (pkey) {
if (pem)
PEM_write_PKCS8PrivateKey(fp, pkey, enc, NULL, 0, cb, &p);
else
i2d_PKCS8PrivateKey_fp(fp, pkey, enc, NULL, 0, cb, &p);
EVP_PKEY_free(pkey);
}
}
fclose(fp);
pki_openssl_error();
} else
fopen_error(fname);
}
void pki_pkcs12::writePKCS12(const QString fname)
{
Passwd pass;
pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file"));
if (cert == NULL || key == NULL) {
my_error(tr("No key or no Cert and no pkcs12"));
}
FILE *fp = fopen(QString2filename(fname), "wb");
if (fp != NULL) {
if (PwDialog::execute(&p, &pass, true) != 1) {
fclose(fp);
return;
}
PKCS12 *pkcs12 = PKCS12_create(pass.data(),
getIntName().toUtf8().data(),
key->decryptKey(),
cert->getCert(), certstack, 0, 0, 0, 0, 0);
i2d_PKCS12_fp(fp, pkcs12);
fclose (fp);
openssl_error();
PKCS12_free(pkcs12);
}
else fopen_error(fname);
}
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc,
pem_password_cb *cb, bool pem)
{
EVP_PKEY *pkey;
pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName()));
if (isPubKey()) {
writePublic(fname, pem);
return;
}
FILE *fp = fopen(QString2filename(fname), "w");
if (!fp) {
fopen_error(fname);
return;
}
if (key){
pkey = decryptKey();
if (pkey) {
if (pem) {
PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p);
} else {
i2d_PrivateKey_fp(fp, pkey);
}
EVP_PKEY_free(pkey);
}
pki_openssl_error();
}
fclose(fp);
}
void pki_x509req::fload(const QString fname)
{
FILE *fp = fopen_read(fname);
X509_REQ *_req;
int ret = 0;
if (fp != NULL) {
_req = PEM_read_X509_REQ(fp, NULL, NULL, NULL);
if (!_req) {
pki_ign_openssl_error();
rewind(fp);
_req = d2i_X509_REQ_fp(fp, NULL);
}
fclose(fp);
if (ret || pki_ign_openssl_error()) {
if (_req)
X509_REQ_free(_req);
throw errorEx(tr("Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.").arg(fname));
}
} else {
fopen_error(fname);
return;
}
if (_req) {
X509_REQ_free(request);
request = _req;
}
autoIntName();
if (getIntName().isEmpty())
setIntName(rmslashdot(fname));
openssl_error(fname);
}
void pki_crl::fload(const QString fname)
{
FILE *fp = fopen(QString2filename(fname), "r");
X509_CRL *_crl;
if (fp != NULL) {
_crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
if (!_crl) {
pki_ign_openssl_error();
rewind(fp);
_crl = d2i_X509_CRL_fp(fp, NULL);
}
fclose(fp);
if (pki_ign_openssl_error()) {
if (_crl)
X509_CRL_free(_crl);
throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname));
}
if (crl)
X509_CRL_free(crl);
crl = _crl;
setIntName(rmslashdot(fname));
pki_openssl_error();
} else
fopen_error(fname);
}
pki_pkcs12::pki_pkcs12(const QString fname, pem_password_cb *cb)
:pki_base(fname)
{
FILE *fp;
char pass[MAX_PASS_LENGTH];
EVP_PKEY *mykey = NULL;
X509 *mycert = NULL;
key=NULL; cert=NULL;
passcb = cb;
class_name="pki_pkcs12";
certstack = sk_X509_new_null();
pass_info p(XCA_TITLE, tr("Please enter the password to decrypt the PKCS#12 file.")
+ "\n'" + fname + "'");
fp = fopen(QString2filename(fname), "rb");
if (fp) {
PKCS12 *pkcs12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (ign_openssl_error()) {
if (pkcs12)
PKCS12_free(pkcs12);
throw errorEx(tr("Unable to load the PKCS#12 (pfx) file %1.").arg(fname));
}
if (PKCS12_verify_mac(pkcs12, "", 0) || PKCS12_verify_mac(pkcs12, NULL, 0))
pass[0] = '\0';
else if (passcb(pass, MAX_PASS_LENGTH, 0, &p) < 0) {
/* cancel pressed */
PKCS12_free(pkcs12);
throw errorEx("","");
}
PKCS12_parse(pkcs12, pass, &mykey, &mycert, &certstack);
int error = ERR_peek_error();
if (ERR_GET_REASON(error) == PKCS12_R_MAC_VERIFY_FAILURE) {
ign_openssl_error();
PKCS12_free(pkcs12);
throw errorEx(getClassName(), tr("The supplied password was wrong (%1)").arg(ERR_reason_error_string(error)));
}
ign_openssl_error();
if (mycert) {
if (mycert->aux && mycert->aux->alias) {
alias = asn1ToQString(mycert->aux->alias);
alias = QString::fromUtf8(alias.toAscii());
}
cert = new pki_x509(mycert);
if (alias.isEmpty()) {
cert->autoIntName();
} else {
cert->setIntName(alias);
}
alias = cert->getIntName();
}
if (mykey) {
key = new pki_evp(mykey);
key->setIntName(alias + "_key");
key->bogusEncryptKey();
}
PKCS12_free(pkcs12);
} else
fopen_error(fname);
}
void pki_multi::fload(const QString fname)
{
FILE * fp;
BIO *bio = NULL;
fp = fopen(QString2filename(fname), "r");
if (!fp) {
fopen_error(fname);
return;
}
bio = BIO_new_fp(fp, BIO_CLOSE);
fromPEM_BIO(bio, fname);
BIO_free(bio);
};
void pki_x509req::writeReq(const QString fname, bool pem)
{
FILE *fp = fopen(QString2filename(fname), "w");
if (fp) {
if (request){
if (pem)
PEM_write_X509_REQ(fp, request);
else
i2d_X509_REQ_fp(fp, request);
}
fclose(fp);
pki_openssl_error();
} else
fopen_error(fname);
}
void pki_key::writePublic(const QString fname, bool pem)
{
FILE *fp = fopen(QString2filename(fname), "w");
if (fp == NULL) {
fopen_error(fname);
return;
}
if (pem)
PEM_write_PUBKEY(fp, key);
else
i2d_PUBKEY_fp(fp, key);
fclose(fp);
pki_openssl_error();
}
void pki_crl::writeCrl(const QString fname, bool pem)
{
FILE *fp = fopen(QString2filename(fname), "w");
if (fp != NULL) {
if (crl){
if (pem)
PEM_write_X509_CRL(fp, crl);
else
i2d_X509_CRL_fp(fp, crl);
}
fclose(fp);
pki_openssl_error();
} else
fopen_error(fname);
}
void pki_pkcs12::writePKCS12(const QString fname)
{
char pass[MAX_PASS_LENGTH];
pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file"));
if (cert == NULL || key == NULL) {
my_error(tr("No key or no Cert and no pkcs12"));
}
FILE *fp = fopen(QString2filename(fname), "wb");
if (fp != NULL) {
passcb(pass, MAX_PASS_LENGTH, 0, &p);
PKCS12 *pkcs12 = PKCS12_create(pass,
getIntName().toUtf8().data(),
key->decryptKey(),
cert->getCert(), certstack, 0, 0, 0, 0, 0);
i2d_PKCS12_fp(fp, pkcs12);
openssl_error();
fclose (fp);
PKCS12_free(pkcs12);
}
else fopen_error(fname);
}
void pki_evp::fload(const QString fname)
{
pass_info p(XCA_TITLE, qApp->translate("MainWindow",
"Please enter the password to decrypt the private key: '%1'").
arg(fname));
pem_password_cb *cb = MainWindow::passRead;
FILE *fp = fopen(QString2filename(fname), "r");
EVP_PKEY *pkey;
pki_ign_openssl_error();
if (!fp) {
fopen_error(fname);
return;
}
pkey = PEM_read_PrivateKey(fp, NULL, cb, &p);
if (!pkey) {
if (ERR_get_error() == 0x06065064) {
fclose(fp);
pki_ign_openssl_error();
throw errorEx(tr("Failed to decrypt the key (bad password) ") +
fname, class_name);
}
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = d2i_PrivateKey_fp(fp, NULL);
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, cb, &p);
}
if (!pkey) {
PKCS8_PRIV_KEY_INFO *p8inf;
pki_ign_openssl_error();
rewind(fp);
p8inf = d2i_PKCS8_PRIV_KEY_INFO_fp(fp, NULL);
if (p8inf) {
pkey = EVP_PKCS82PKEY(p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
}
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = PEM_read_PUBKEY(fp, NULL, cb, &p);
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = d2i_PUBKEY_fp(fp, NULL);
}
fclose(fp);
if (pki_ign_openssl_error()) {
if (pkey)
EVP_PKEY_free(pkey);
throw errorEx(tr("Unable to load the private key in file %1. Tried PEM and DER private, public and PKCS#8 key types.").arg(fname));
}
if (pkey){
if (pkey->type == EVP_PKEY_EC)
search_ec_oid(pkey->pkey.ec);
if (key)
EVP_PKEY_free(key);
key = pkey;
if (EVP_PKEY_isPrivKey(key))
bogusEncryptKey();
setIntName(rmslashdot(fname));
}
}
