Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Compound Members   File Members   Related Pages  

Cert.cpp

Go to the documentation of this file.
00001 #include "headers.h"
00002 
00056 
00057 
00058 #ifdef __cplusplus
00059 //extern "C" {
00060 #endif
00061 int req_main(int, char**);
00062 int ca_main(int, char**);
00063 #ifdef __cplusplus
00064 //#}
00065 #endif
00066 
00067 #if defined(WIN32) && !defined(snprintf)
00068 #define snprintf _snprintf
00069 #endif
00070 
00071 
00072 // BIO *bio_err = NULL;
00073 
00074 
00075 Cert::Cert()
00076 {
00077     m_cert = NULL;
00078 }
00079 
00080 
00081 Cert::~Cert()
00082 {
00083     if (m_cert) {
00084         X509_free (m_cert);
00085     }
00086 }
00087 
00088 
00095 bool 
00096 Cert::load(char* file)
00097 {
00098     FUNCTION_INIT_VARS(bool);
00099 
00100     BIO  *in = NULL;
00101     
00102     FUNCTION_BODY {
00103 
00104         in = BIO_new(BIO_s_file_internal());
00105         if (in == NULL) {
00106             RETURN (false);
00107         }
00108 
00109         if (BIO_read_filename(in, file) <= 0) {
00110             RETURN (false);
00111         }
00112 
00113         m_cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
00114         if (m_cert == NULL) {
00115             RETURN (false);
00116         }
00117 
00118         RETURN (true);
00119     }
00120     
00121     FUNCTION_FINALIZE {
00122         if (in) {
00123             BIO_free (in);
00124         }
00125         
00126         if (!RETURN_VALUE) {
00127             if (m_cert) {
00128                 X509_free(m_cert);
00129                 m_cert = NULL;
00130             }
00131         }
00132     }
00133     
00134     FUNCTION_RETURN;
00135 } // fn load
00136 
00137 
00144 bool 
00145 Cert::verify(Cert &signed_cert)
00146 {
00147     FUNCTION_INIT_VARS(bool);
00148     
00149     EVP_PKEY *issuer_key = NULL;
00150     
00151     FUNCTION_BODY {
00152 
00153         if (!m_cert || !signed_cert.m_cert) {
00154             RETURN (false);
00155         }
00156 
00157         issuer_key = X509_get_pubkey(m_cert);
00158 
00159         if (X509_check_issued(m_cert, signed_cert.m_cert) != X509_V_OK) {
00160             RETURN (false);
00161         }
00162 
00163         if (!X509_verify(signed_cert.m_cert, issuer_key)) {
00164             RETURN (false);
00165         }
00166     
00167         RETURN (true);
00168     }
00169 
00170     FUNCTION_FINALIZE {
00171         if (issuer_key) {
00172             EVP_PKEY_free (issuer_key);
00173         }
00174     }
00175     
00176     FUNCTION_RETURN;
00177 } // fn verify
00178 
00179 
00183 X509* 
00184 Cert::getCert(void)
00185 { 
00186     return m_cert; 
00187 } // fn getCert
00188 
00189 
00201 bool 
00202 Cert::generateRandomCerts(char* working_dir,
00203                           char* openssl_conf,
00204                           char* client_cert,
00205                           char* client_private_key_file,
00206                           char* client_private_key_password)
00207 {
00208     bool returnValue = false; //FUNCTION_INIT_VARS(bool);
00209 
00210     // temporary files used to make certs. 
00211     char dbfile[1024]     = ""; // db file
00212     char serialfile[1024] = ""; // serial file
00213     char ca_key[1024]      = ""; // cakey file
00214     char ca_cert[1024]     = ""; // cacert file
00215     char certificate_request_file[1024]        = ""; // req file
00216 
00217     //FUNCTION_BODY {
00218         // arguments for req_main and ca_main 
00219         int   argc;
00220         char* argv[32];
00221         char  buff[128];
00222 
00223         // determine names of temporary files 
00224         snprintf(dbfile,     1024, "%s/__db.txt",     working_dir);
00225         snprintf(serialfile, 1024, "%s/__serial.txt", working_dir);
00226         snprintf(ca_key,     1024, "%s/__cakey.pem",  working_dir);
00227         snprintf(ca_cert,    1024, "%s/__cacert.pem", working_dir);
00228         snprintf(certificate_request_file,        1024, "%s/__req.pem",    working_dir);
00229 
00230         // craete db file 
00231         if (!createFile(dbfile, "")) {
00232             returnValue = false;
00233             goto finalize;
00234         }
00235 
00236         // create serial file 
00237         if (!createFile(serialfile, "01")) {
00238             returnValue = false;
00239             goto finalize;
00240         }
00241 
00242         // make CA's certs. 
00243         argc = 0;
00244         argv[argc++] = "req";              // openssl command
00245         //argv[argc++] = "-random";        // use randomly generated values.
00246         argv[argc++] = "-passout";         // the password of keyout file
00247         snprintf(buff, 128, "pass:%s", DEFAULT_SERVER_PRIVATE_KEY_PASSWORD);
00248         argv[argc++] = buff;               // is the default.
00249         argv[argc++] = "-config";          // OpenSSL config file
00250         argv[argc++] = openssl_conf;       // is openssl_conf.
00251         argv[argc++] = "-new";             // create a new certificate.
00252         argv[argc++] = "-x509";            // self-sign the certificate.
00253         argv[argc++] = "-keyout";          // private key file
00254         argv[argc++] = ca_key;             // is ca_key.
00255         argv[argc++] = "-out";             // cert file
00256         argv[argc++] = ca_cert;            // is ca_cert.
00257         argv[argc] = NULL;
00258     
00259         spawnv(_P_WAIT, "openssl", argv);
00260         //req_main(argc, argv);
00261 
00262         
00263         // make request form for random certs.
00264         //   req and priv are generated. 
00265         argc = 0;
00266         argv[argc++] = "req";             // openssl command
00267         //argv[argc++] = "-random";         // use randomly generated values.
00268         argv[argc++] = "-passout";        // the password of keyout file
00269         snprintf(buff, 128, "pass:%s", client_private_key_password);
00270         argv[argc++] = buff;              // is client_private_key_password.
00271         argv[argc++] = "-config";         // OpenSSL config file
00272         argv[argc++] = openssl_conf;      // is openssl_conf.
00273         argv[argc++] = "-new";            // create new certs.
00274         argv[argc++] = "-keyout";         // private key file
00275         argv[argc++] = client_private_key_file;              // is client_private_key_file.
00276         argv[argc++] = "-out";            // request file
00277         argv[argc++] = certificate_request_file;               // is req.
00278         argv[argc] = NULL;
00279 
00280         //req_main(argc, argv);
00281         spawnv(_P_WAIT, "openssl", argv);
00282 
00283        
00284         // sign the request form with CA's certs.
00285         //   cert is generated. 
00286         argc = 0;
00287         argv[argc++] = "ca";              // openssl command
00288         argv[argc++] = "-batch";          // run in batch mode.
00289         argv[argc++] = "-passin";         // the password of CA's key file
00290         snprintf(buff, 128, "pass:%s", DEFAULT_SERVER_PRIVATE_KEY_PASSWORD);
00291         argv[argc++] = buff;              // is the default.
00292         argv[argc++] = "-config";         // OpenSLL config file
00293         argv[argc++] = openssl_conf;      // is openssl_conf.
00294         argv[argc++] = "-policy";         // the policy
00295         argv[argc++] = "policy_anything"; // is "policy_anything".
00296         argv[argc++] = "-keyfile";        // CA's key file
00297         argv[argc++] = ca_key;             // is cakey.
00298         argv[argc++] = "-cert";           // CA's cert file
00299         argv[argc++] = ca_cert;            // is cacert.
00300         argv[argc++] = "-out";            // the out file - signed certs -
00301         argv[argc++] = client_cert;              // is client_cert.
00302         //argv[argc++] = "-serialfile";     // the serial file
00303         //argv[argc++] = serialfile;        // is serialfile.
00304         //argv[argc++] = "-dbfile";         // the db file
00305         //argv[argc++] = dbfile;            // is dbfile.
00306         argv[argc++] = "-in";             // the input file - request file -
00307         argv[argc++] = certificate_request_file;               // is req.
00308         argv[argc]   = NULL;
00309 
00310         //ca_main(argc, argv);
00311         spawnv(_P_WAIT, "openssl", argv);
00312         
00313 
00314         returnValue = true;
00315         goto finalize;
00316     //}
00317 finalize:
00318 
00319     //FUNCTION_FINALIZE {
00320         //  remove temporary files  
00321         if (*dbfile) {
00322             deleteFile(dbfile);
00323         }
00324         if (*serialfile) {
00325             deleteFile(serialfile);
00326         }
00327         if (*ca_key) {
00328             deleteFile(ca_key);
00329         }
00330         if (*ca_cert) {
00331             deleteFile(ca_cert);
00332         }
00333         if (*certificate_request_file) {
00334             deleteFile(certificate_request_file);
00335         }
00336     //}
00337 
00338         return returnValue;
00339     //FUNCTION_RETURN;
00340 } // fn generateRandomCerts
00341 
00342 
00350 bool 
00351 Cert::createFile(char* file_name, char* contents)
00352 {
00353     FILE* fp;
00354     
00355     fp = fopen(file_name, "w");
00356     if (!fp) {
00357         return false;
00358     }
00359 
00360     fprintf(fp, "%s", contents);
00361     
00362     fclose (fp);
00363 
00364     return true;
00365 }
00366 
00367 
00372 void 
00373 Cert::deleteFile(char* file_name)
00374 {
00375     unlink(file_name);
00376 }
00377 

Generated at Thu Jul 11 13:31:49 2002 for Peekabooty by doxygen1.2.9 written by Dimitri van Heesch, © 1997-2001