14 #include <openssl/crypto.h>
15 #include <openssl/ssl.h>
17 #include <openssl/pem.h>
18 #include <openssl/conf.h>
19 #include <openssl/x509v3.h>
22 #include <openssl/bn.h>
25 #ifndef OPENSSL_NO_ENGINE
26 #include <openssl/engine.h>
37 int32_t
mkcert(X509** x509p, EVP_PKEY** pkeyp, int32_t bits, int32_t serial,
39 int32_t
add_ext(X509* cert, int32_t nid,
char* value);
41 static void callback(int32_t p, int32_t,
void*)
52 int32_t
mkcert(X509** x509p, EVP_PKEY** pkeyp, int32_t bits, int32_t serial,
55 bool bCreatedKey =
false;
56 bool bCreatedX509 =
false;
58 EVP_PKEY* pk =
nullptr;
60 X509_NAME* name =
nullptr;
62 if ((pkeyp ==
nullptr) || (*pkeyp ==
nullptr)) {
63 if ((pk = EVP_PKEY_new()) ==
nullptr) {
70 if ((x509p ==
nullptr) || (*x509p ==
nullptr)) {
71 if ((x = X509_new()) ==
nullptr) {
85 BIGNUM* e1 = BN_new();
87 if ((
nullptr == rsa) || (
nullptr == e1)) abort();
89 BN_set_word(e1, RSA_F4);
91 if (!RSA_generate_key_ex(rsa, bits, e1,
nullptr)) abort();
95 rsa = RSA_generate_key(bits, RSA_F4, callback,
nullptr);
97 if (!EVP_PKEY_assign_RSA(pk, rsa)) {
102 X509_set_version(x, 2);
103 ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
104 X509_gmtime_adj(X509_get_notBefore(x), 0);
105 X509_gmtime_adj(X509_get_notAfter(x),
106 static_cast<int64_t>(60 * 60 * 24 * days));
107 X509_set_pubkey(x, pk);
109 name = X509_get_subject_name(x);
115 X509_NAME_add_entry_by_txt(name,
"C", MBSTRING_ASC, (
const uint8_t*)
"UK",
117 X509_NAME_add_entry_by_txt(name,
"CN", MBSTRING_ASC,
118 (
const uint8_t*)
"OpenSSL Group", -1, -1, 0);
123 X509_set_issuer_name(x, name);
126 char* szConstraints =
new char[100]();
127 char* szKeyUsage =
new char[100]();
128 char* szSubjectKeyID =
new char[100]();
129 char* szCertType =
new char[100]();
130 char* szComment =
new char[100]();
137 add_ext(x, NID_basic_constraints, szConstraints);
138 add_ext(x, NID_key_usage, szKeyUsage);
139 add_ext(x, NID_subject_key_identifier, szSubjectKeyID);
140 add_ext(x, NID_netscape_cert_type,
142 add_ext(x, NID_netscape_comment,
144 delete[] szConstraints;
145 szConstraints =
nullptr;
147 szKeyUsage =
nullptr;
148 delete[] szSubjectKeyID;
149 szSubjectKeyID =
nullptr;
151 szCertType =
nullptr;
159 nid = OBJ_create(
"1.2.3.4",
"MyAlias",
"My Test Alias Extension");
160 X509V3_EXT_add_alias(nid, NID_netscape_comment);
161 add_ext(x, nid,
"example comment alias");
164 if (!X509_sign(x, pk, EVP_md5()) ||
165 (
nullptr == x509p) || (
nullptr == pkeyp)) {
168 if (bCreatedX509) X509_free(x);
192 int32_t
add_ext(X509* cert, int32_t nid,
char* value)
198 X509V3_set_ctx_nodb(&ctx);
202 X509V3_set_ctx(&ctx, cert, cert,
nullptr,
nullptr, 0);
203 ex = X509V3_EXT_conf_nid(
nullptr, &ctx, nid, value);
207 X509_add_ext(cert, ex, -1);
208 X509_EXTENSION_free(ex);
static EXPORT bool safe_strcpy(char *dest, const char *src, size_t destSize, bool zeroSource=false)
int32_t add_ext(X509 *cert, int32_t nid, char *value)
int32_t mkcert(X509 **x509p, EVP_PKEY **pkeyp, int32_t bits, int32_t serial, int32_t days)