result_t X509Req::create(const char *subject, PKey_base *key, int32_t hash)
{
clear();
x509write_csr csr;
int ret;
x509write_csr_init(&csr);
if (hash < POLARSSL_MD_MD2 || hash > POLARSSL_MD_RIPEMD160)
return CHECK_ERROR(CALL_E_INVALIDARG);
x509write_csr_set_md_alg(&csr, (md_type_t)hash);
x509write_csr_set_subject_name(&csr, subject);
pk_context *k = &((PKey *)(PKey_base *)key)->m_key;
x509write_csr_set_key(&csr, k);
std::string buf;
buf.resize(pk_get_size(k) * 8 + 128);
ret = x509write_csr_pem(&csr, (unsigned char *)&buf[0], buf.length(),
ctr_drbg_random, &g_ssl.ctr_drbg);
x509write_csr_free(&csr);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = x509_csr_parse(&m_csr, (const unsigned char *)buf.c_str(), qstrlen(buf.c_str()));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
/*
* Return an informational string about the CSR.
*/
int x509_csr_info( char *buf, size_t size, const char *prefix,
const x509_csr *csr )
{
int ret;
size_t n;
char *p;
const char *desc;
char key_size_str[BEFORE_COLON];
p = buf;
n = size;
ret = snprintf( p, n, "%sCSR version : %d",
prefix, csr->version );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%ssubject name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &csr->subject );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = oid_get_sig_alg_desc( &csr->sig_oid, &desc );
if( ret != 0 )
ret = snprintf( p, n, "???" );
else
ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
pk_get_name( &csr->pk ) ) ) != 0 )
{
return( ret );
}
ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
(int) pk_get_size( &csr->pk ) );
SAFE_SNPRINTF();
return( (int) ( size - n ) );
}
result_t PKey::get_keySize(int32_t &retVal)
{
retVal = (int32_t)pk_get_size(&m_key);
return 0;
}
int x509_crt_info( char *buf, size_t size, const char *prefix,
const x509_crt *crt )
{
int ret;
size_t n;
char *p;
const char *desc = NULL;
char key_size_str[BEFORE_COLON];
p = buf;
n = size;
ret = snprintf( p, n, "%scert. version : %d\n",
prefix, crt->version );
SAFE_SNPRINTF();
ret = snprintf( p, n, "%sserial number : ",
prefix );
SAFE_SNPRINTF();
ret = x509_serial_gets( p, n, &crt->serial);
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%sissuer name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &crt->issuer );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%ssubject name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &crt->subject );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%sissued on : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crt->valid_from.year, crt->valid_from.mon,
crt->valid_from.day, crt->valid_from.hour,
crt->valid_from.min, crt->valid_from.sec );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%sexpires on : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crt->valid_to.year, crt->valid_to.mon,
crt->valid_to.day, crt->valid_to.hour,
crt->valid_to.min, crt->valid_to.sec );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = oid_get_sig_alg_desc( &crt->sig_oid1, &desc );
if( ret != 0 )
ret = snprintf( p, n, "???" );
else
ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
pk_get_name( &crt->pk ) ) ) != 0 )
{
return( ret );
}
ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
(int) pk_get_size( &crt->pk ) );
SAFE_SNPRINTF();
return( (int) ( size - n ) );
}
result_t X509Req::sign(const char *issuer, PKey_base *key,
v8::Local<v8::Object> opts, obj_ptr<X509Cert_base> &retVal,
exlib::AsyncEvent *ac)
{
result_t hr;
bool priv;
hr = key->isPrivate(priv);
if (hr < 0)
return hr;
if (!priv)
return CHECK_ERROR(CALL_E_INVALIDARG);
int ret;
std::string subject;
pk_context *pk;
int32_t hash;
std::string buf;
obj_ptr<X509Cert> cert;
if (!ac)
{
mpi serial;
v8::Local<v8::Value> v;
x509write_crt_init(&m_crt);
hr = GetConfigValue(opts, "hash", hash);
if (hr == CALL_E_PARAMNOTOPTIONAL)
hash = m_csr.sig_md;
else if (hr < 0)
goto exit;
if (hash < POLARSSL_MD_MD2 || hash > POLARSSL_MD_RIPEMD160)
{
hr = CALL_E_INVALIDARG;
goto exit;
}
x509write_crt_set_md_alg(&m_crt, POLARSSL_MD_SHA1);
v = opts->Get(v8::String::NewFromUtf8(isolate, "serial",
v8::String::kNormalString, 6));
if (!IsEmpty(v))
{
v8::String::Utf8Value str(v);
if (!*str)
{
hr = CHECK_ERROR(_ssl::setError(POLARSSL_ERR_MPI_BAD_INPUT_DATA));
goto exit;
}
mpi_init(&serial);
ret = mpi_read_string(&serial, 10, *str);
if (ret != 0)
{
mpi_free(&serial);
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
}
else
{
mpi_init(&serial);
mpi_lset(&serial, 1);
}
ret = x509write_crt_set_serial(&m_crt, &serial);
if (ret != 0)
{
mpi_free(&serial);
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
mpi_free(&serial);
date_t d1, d2;
std::string s1, s2;
hr = GetConfigValue(opts, "notBefore", d1);
if (hr == CALL_E_PARAMNOTOPTIONAL)
d1.now();
else if (hr < 0)
goto exit;
d1.toX509String(s1);
hr = GetConfigValue(opts, "notAfter", d2);
if (hr == CALL_E_PARAMNOTOPTIONAL)
{
d2 = d1;
d2.add(1, date_t::_YEAR);
}
else if (hr < 0)
goto exit;
d2.toX509String(s2);
ret = x509write_crt_set_validity(&m_crt, s1.c_str(), s2.c_str());
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
bool is_ca = false;
hr = GetConfigValue(opts, "ca", is_ca);
if (hr < 0 && hr != CALL_E_PARAMNOTOPTIONAL)
goto exit;
int32_t pathlen = -1;
hr = GetConfigValue(opts, "pathlen", pathlen);
if (hr < 0 && hr != CALL_E_PARAMNOTOPTIONAL)
goto exit;
if (pathlen < -1 || pathlen > 127)
{
hr = CALL_E_INVALIDARG;
goto exit;
}
ret = x509write_crt_set_basic_constraints(&m_crt, is_ca ? 1 : 0, pathlen);
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
int key_usage = parseString(opts->Get(v8::String::NewFromUtf8(isolate, "usage",
v8::String::kNormalString, 5)), X509Cert::g_usages);
if (key_usage < 0)
{
hr = key_usage;
goto exit;
}
else if (key_usage)
{
ret = x509write_crt_set_key_usage(&m_crt, key_usage);
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
}
int cert_type = parseString(opts->Get(v8::String::NewFromUtf8(isolate, "type",
v8::String::kNormalString, 4)), X509Cert::g_types);
if (cert_type < 0)
{
hr = cert_type;
goto exit;
}
else if (cert_type)
{
ret = x509write_crt_set_ns_cert_type(&m_crt, cert_type);
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
}
return CHECK_ERROR(CALL_E_NOSYNC);
}
pk = &((PKey *)key)->m_key;
x509write_crt_set_subject_key(&m_crt, &m_csr.pk);
x509write_crt_set_issuer_key(&m_crt, pk);
hr = X509Req::get_subject(subject);
if (hr < 0)
goto exit;
ret = x509write_crt_set_subject_name(&m_crt, subject.c_str());
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
ret = x509write_crt_set_issuer_name(&m_crt, issuer);
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
ret = x509write_crt_set_subject_key_identifier(&m_crt);
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
ret = x509write_crt_set_authority_key_identifier(&m_crt);
if (ret != 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
buf.resize(pk_get_size(pk) * 8 + 128);
ret = x509write_crt_pem(&m_crt, (unsigned char *)&buf[0], buf.length(),
ctr_drbg_random, &g_ssl.ctr_drbg);
if (ret < 0)
{
hr = CHECK_ERROR(_ssl::setError(ret));
goto exit;
}
cert = new X509Cert();
hr = cert->load(buf.c_str());
if (hr < 0)
goto exit;
retVal = cert;
exit:
x509write_crt_free(&m_crt);
return hr;
}
