certgen.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 729 行 · 第 1/2 页

C
729
字号
12
		 "CERTCertTrust\n");		errorCount++;		return SECFailure;	}	if( CERT_DecodeTrustString(trust, trusts) ) {		return SECFailure;	}	if( CERT_ChangeCertTrust(db, cert, trust) ) {		PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",		 cert->nickname ? cert->nickname : "");		errorCount++;		return SECFailure;	}	return SECSuccess;}/************************************************************************* * * s e t _ c e r t _ t y p e */static SECStatusset_cert_type(CERTCertificate *cert, unsigned int type){	void *context;	SECStatus status = SECSuccess;	SECItem certType;	char ctype;	context = CERT_StartCertExtensions(cert);	certType.type = siBuffer;	certType.data = (unsigned char*) &ctype;	certType.len = 1;	ctype = (unsigned char)type;	if(CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE,	 &certType, PR_TRUE /*critical*/) != SECSuccess) {		status = SECFailure;	}	if(CERT_FinishExtensions(context) != SECSuccess) {		status = SECFailure;	}	return status;}/******************************************************************** * * s i g n _ c e r t */static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk){  SECStatus rv;  SECItem der2;  SECItem *result2;  void *dummy;  SECOidTag alg;  switch (privk->keyType)     {    case rsaKey:      alg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;      break;    case dsaKey:      alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;      break;	default:		FatalError("Unknown key type");    }  rv = SECOID_SetAlgorithmID (cert->arena, &cert->signature, alg, 0);  if (rv != SECSuccess)     {    PR_fprintf(errorFD, "%s: unable to set signature alg id\n", PROGRAM_NAME);	errorCount++;    exit (ERRX);    }  der2.len = 0;  der2.data = NULL;  dummy = SEC_ASN1EncodeItem      (cert->arena, &der2, cert, CERT_CertificateTemplate);  if (rv != SECSuccess)    {    PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);	errorCount++;    exit (ERRX);    }  result2 = (SECItem *) PORT_ArenaZAlloc (cert->arena, sizeof (SECItem));  if (result2 == NULL)     out_of_memory();  rv = SEC_DerSignData      (cert->arena, result2, der2.data, der2.len, privk, alg);  if (rv != SECSuccess)     {    PR_fprintf(errorFD, "can't sign encoded certificate data\n");	errorCount++;    exit (ERRX);    }  else if(verbosity >= 0) {    PR_fprintf(outputFD, "certificate has been signed\n");	}	cert->derCert = *result2;	return result2;}/********************************************************************* * * i n s t a l l _ c e r t * * Installs the cert in the permanent database. */static CERTCertificate*install_cert(CERTCertDBHandle *db, PK11SlotInfo *slot, SECItem *derCert,        char *nickname){	CERTCertificate *newcert;	CERTCertTrust trust;    PK11SlotInfo *newSlot;	newcert = CERT_NewTempCertificate(db, derCert, NULL,	 /*isperm*/ PR_FALSE, /*copyDER*/ PR_TRUE);	if (newcert == NULL) {		PR_fprintf(errorFD, "%s: can't create new certificate\n", PROGRAM_NAME);		errorCount++;		exit (ERRX);	}    newSlot = PK11_ImportCertForKey(newcert, nickname, NULL /*wincx*/);    if( slot == NULL ) {        PR_fprintf(errorFD, "Unable to install certificate\n");        errorCount++;        exit(ERRX);    }	PORT_Memset ((void *) &trust, 0, sizeof(trust));	trust.objectSigningFlags |= CERTDB_USER;    if( newSlot == PK11_GetInternalKeySlot() ) {        /* newcert is now a permanent cert */        if( CERT_ChangeCertTrust(db, newcert, &trust) != SECSuccess) {            PR_fprintf(errorFD,                "Failed to change trust of generated certificate\n");            errorCount++;            exit(ERRX);        }    } else {	    if (CERT_AddTempCertToPerm (newcert, nickname, &trust) != SECSuccess) {		    PR_fprintf(errorFD, "%s: Failure adding \"%s\" certificate to "		        "permanent DB\n", PROGRAM_NAME, nickname);		    errorCount++;		    exit (ERRX);	    }     }    if(verbosity >= 0){	   PR_fprintf(outputFD, "certificate \"%s\" added to database\n", nickname);	}	return newcert;}/****************************************************************** * * G e n e r a t e K e y P a i r */static SECStatusGenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,	SECKEYPrivateKey **privk, int keysize){	PK11RSAGenParams rsaParams;    if( keysize == -1 ) {        rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;    } else {        rsaParams.keySizeInBits = keysize;    }    rsaParams.pe = 0x10001;	if(PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, NULL /*wincx*/)	 != SECSuccess) {		SECU_PrintError(progName, "failure authenticating to key database.\n");		exit(ERRX);	}    *privk = PK11_GenerateKeyPair (slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,         pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL /*wincx*/ );	if (*privk != NULL && *pubk != NULL) {		if(verbosity >= 0) {			PR_fprintf(outputFD, "generated public/private key pair\n");		}	} else {		SECU_PrintError(progName, "failure generating key pair\n");		exit (ERRX);	}	return SECSuccess;}  /****************************************************************** * * m a k e _ c e r t _ r e q u e s t */static CERTCertificateRequest*make_cert_request(char *subject, SECKEYPublicKey *pubk){	CERTName *subj;	CERTSubjectPublicKeyInfo *spki;	CERTCertificateRequest *req;	/* Create info about public key */	spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);	if (!spki) {		SECU_PrintError(progName, "unable to create subject public key");		exit (ERRX);	}	subj = CERT_AsciiToName (subject);    	if(subj == NULL) {		FatalError("Invalid data in certificate description");	}	/* Generate certificate request */	req = CERT_CreateCertificateRequest(subj, spki, 0);	if (!req) {		SECU_PrintError(progName, "unable to make certificate request");		exit (ERRX);	}  	if(verbosity >= 0) {		PR_fprintf(outputFD, "certificate request generated\n");	}	return req;}/****************************************************************** * * m a k e _ c e r t */static CERTCertificate *make_cert(CERTCertificateRequest *req, unsigned long serial,	CERTName *ca_subject){  CERTCertificate *cert;  CERTValidity *validity = NULL;  PRTime now, after;  PRExplodedTime printableTime;  now = PR_Now();  PR_ExplodeTime (now, PR_GMTParameters, &printableTime);  printableTime.tm_month += 3;  after = PR_ImplodeTime (&printableTime);  validity = CERT_CreateValidity (now, after);  if (validity == NULL)    {    PR_fprintf(errorFD, "%s: error creating certificate validity\n", PROGRAM_NAME);	errorCount++;    exit (ERRX);    }  cert = CERT_CreateCertificate        (serial, ca_subject, validity, req);  if (cert == NULL)    {    /* should probably be more precise here */    PR_fprintf(errorFD, "%s: error while generating certificate\n", PROGRAM_NAME);	errorCount++;    exit (ERRX);    }  return cert;  }/************************************************************************* * * o u t p u t _ c a _ c e r t */static voidoutput_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db)  {  FILE *out;   SECItem *encodedCertChain;   SEC_PKCS7ContentInfo *certChain;	char *filename;  /* the raw */	filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME)+8);	if(!filename) out_of_memory();	sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME);  if ((out = fopen (filename, "wb")) == NULL)    {    PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename);	errorCount++;    return;    }  certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, db);  encodedCertChain      = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, NULL);  if (encodedCertChain)     {    fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");    fwrite (encodedCertChain->data, 1, encodedCertChain->len, out);    }  else {    PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n", PROGRAM_NAME);	errorCount++;  }  fclose (out);  /* and the cooked */	sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME);  if ((out = fopen (filename, "wb")) == NULL)    {    PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename);	errorCount++;    return;    }  fprintf (out, "%s\n%s\n%s\n",       NS_CERT_HEADER,      BTOA_DataToAscii (cert->derCert.data, cert->derCert.len),       NS_CERT_TRAILER);  fclose (out);	if(verbosity >= 0) {		PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",			DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);	}}
12

certgen.c - 源码说明

本页面展示了「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509v3证书等安全协议或标准的开发库编译用到NSPR」中的 certgen.c 源码文件,采用 C语言 编程语言编写,共 729 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与PKCS相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?