Open-Transactions  0.93.0-ge03d287
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
Classes | Namespaces | Functions
OTAsymmetricKey_OpenSSLPrivdp.hpp File Reference
#include "OTAsymmetricKeyOpenSSL.hpp"
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/x509v3.h>
Include dependency graph for OTAsymmetricKey_OpenSSLPrivdp.hpp:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

class  opentxs::OTAsymmetricKey_OpenSSL::OTAsymmetricKey_OpenSSLPrivdp
 

Namespaces

 opentxs
 

Functions

int32_t mkcert (X509 **x509p, EVP_PKEY **pkeyp, int32_t bits, int32_t serial, int32_t days)
 

Function Documentation

int32_t mkcert ( X509 **  x509p,
EVP_PKEY **  pkeyp,
int32_t  bits,
int32_t  serial,
int32_t  days 
)

Definition at line 52 of file mkcert.cpp.

54 {
55  bool bCreatedKey = false;
56  bool bCreatedX509 = false;
57  X509* x = nullptr;
58  EVP_PKEY* pk = nullptr;
59  RSA* rsa = nullptr;
60  X509_NAME* name = nullptr;
61 
62  if ((pkeyp == nullptr) || (*pkeyp == nullptr)) {
63  if ((pk = EVP_PKEY_new()) == nullptr) {
64  abort();
65  }
66  bCreatedKey = true;
67  }
68  else
69  pk = *pkeyp;
70  if ((x509p == nullptr) || (*x509p == nullptr)) {
71  if ((x = X509_new()) == nullptr) {
72  if (bCreatedKey) {
73  EVP_PKEY_free(pk);
74  }
75  return (0);
76  }
77 
78  bCreatedX509 = true;
79  }
80  else
81  x = *x509p;
82 
83 #ifdef ANDROID
84  rsa = RSA_new();
85  BIGNUM* e1 = BN_new();
86 
87  if ((nullptr == rsa) || (nullptr == e1)) abort(); // todo
88 
89  BN_set_word(e1, RSA_F4);
90 
91  if (!RSA_generate_key_ex(rsa, bits, e1, nullptr)) abort(); // todo
92 
93  BN_free(e1);
94 #else
95  rsa = RSA_generate_key(bits, RSA_F4, callback, nullptr);
96 #endif
97  if (!EVP_PKEY_assign_RSA(pk, rsa)) {
98  abort();
99  }
100  rsa = nullptr;
101 
102  X509_set_version(x, 2);
103  ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
104  X509_gmtime_adj(X509_get_notBefore(x), 0);
105  X509_gmtime_adj(X509_get_notAfter(x),
106  static_cast<int64_t>(60 * 60 * 24 * days));
107  X509_set_pubkey(x, pk);
108 
109  name = X509_get_subject_name(x);
110 
111  /* This function creates and adds the entry, working out the
112  * correct string type and performing checks on its length.
113  * Normally we'd check the return value for errors...
114  */
115  X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const uint8_t*)"UK",
116  -1, -1, 0);
117  X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
118  (const uint8_t*)"OpenSSL Group", -1, -1, 0);
119 
120  /* Its self signed so set the issuer name to be the same as the
121  * subject.
122  */
123  X509_set_issuer_name(x, name);
124  /* Add various extensions: standard extensions */
125 
126  char* szConstraints = new char[100]();
127  char* szKeyUsage = new char[100]();
128  char* szSubjectKeyID = new char[100]();
129  char* szCertType = new char[100]();
130  char* szComment = new char[100]();
131  opentxs::OTString::safe_strcpy(szConstraints, "critical,CA:TRUE", 99);
132  opentxs::OTString::safe_strcpy(szKeyUsage, "critical,keyCertSign,cRLSign",
133  99);
134  opentxs::OTString::safe_strcpy(szSubjectKeyID, "hash", 99);
135  opentxs::OTString::safe_strcpy(szCertType, "sslCA", 99);
136  opentxs::OTString::safe_strcpy(szComment, "example comment extension", 99);
137  add_ext(x, NID_basic_constraints, szConstraints);
138  add_ext(x, NID_key_usage, szKeyUsage);
139  add_ext(x, NID_subject_key_identifier, szSubjectKeyID);
140  add_ext(x, NID_netscape_cert_type,
141  szCertType); // Some Netscape specific extensions
142  add_ext(x, NID_netscape_comment,
143  szComment); // Some Netscape specific extensions
144  delete[] szConstraints;
145  szConstraints = nullptr;
146  delete[] szKeyUsage;
147  szKeyUsage = nullptr;
148  delete[] szSubjectKeyID;
149  szSubjectKeyID = nullptr;
150  delete[] szCertType;
151  szCertType = nullptr;
152  delete[] szComment;
153  szComment = nullptr;
154 
155 #ifdef CUSTOM_EXT
156  // Maybe even add our own extension based on existing
157  {
158  int32_t nid;
159  nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
160  X509V3_EXT_add_alias(nid, NID_netscape_comment);
161  add_ext(x, nid, "example comment alias");
162  }
163 #endif
164  if (!X509_sign(x, pk, EVP_md5()) || // TODO security: md5 ???
165  (nullptr == x509p) || (nullptr == pkeyp)) {
166  // ERROR
167  //
168  if (bCreatedX509) X509_free(x);
169 
170  // NOTE: not sure if x owns pk, in which case pk is already freed above.
171  // Todo: find out and then determine whether or not to uncomment this.
172  // (Presumably this would be a rare occurrence anyway.)
173  //
174  // if (bCreatedKey)
175  // EVP_PKEY_free(pk);
176 
177  x = nullptr;
178  pk = nullptr;
179 
180  return 0;
181  }
182  *x509p = x;
183  *pkeyp = pk;
184 
185  return (1);
186 }
opentxs::OTString::safe_strcpy
static EXPORT bool safe_strcpy(char *dest, const char *src, size_t destSize, bool zeroSource=false)
Definition: OTString.cpp:353
add_ext
int32_t add_ext(X509 *cert, int32_t nid, char *value)
Definition: mkcert.cpp:192