📄 pkcs12.c

📁 pkcs12格式文件的编解码软件
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12
	CRYPTO_push_info("building chain");#endif	/* If chaining get chain from user cert */	if (chain) {        	int vret;		STACK_OF(X509) *chain2;		X509_STORE *store = X509_STORE_new();		if (!store)			{			BIO_printf (bio_err, "Memory allocation error\n");			goto export_end;			}		if (!X509_STORE_load_locations(store, CAfile, CApath))			X509_STORE_set_default_paths (store);		vret = get_cert_chain (ucert, store, &chain2);		X509_STORE_free(store);		if (!vret) {		    /* Exclude verified certificate */		    for (i = 1; i < sk_X509_num (chain2) ; i++) 			sk_X509_push(certs, sk_X509_value (chain2, i));		    /* Free first certificate */		    X509_free(sk_X509_value(chain2, 0));		    sk_X509_free(chain2);		} else {			BIO_printf (bio_err, "Error %s getting chain.\n",					X509_verify_cert_error_string(vret));			goto export_end;		}			    	}#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_push_info("building bags");#endif	/* We now have loads of certificates: include them all */	for(i = 0; i < sk_X509_num(certs); i++) {		X509 *cert = NULL;		cert = sk_X509_value(certs, i);		bag = M_PKCS12_x5092certbag(cert);		/* If it matches private key set id */		if(cert == ucert) {			if(name) PKCS12_add_friendlyname(bag, name, -1);			PKCS12_add_localkeyid(bag, keyid, keyidlen);		} else if((catmp = sk_shift(canames))) 				PKCS12_add_friendlyname(bag, catmp, -1);		sk_PKCS12_SAFEBAG_push(bags, bag);	}	sk_X509_pop_free(certs, X509_free);	certs = NULL;#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_push_info("encrypting bags");#endif	if(!noprompt &&		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {	    BIO_printf (bio_err, "Can't read Password\n");	    goto export_end;        }	if (!twopass) strcpy(macpass, pass);	/* Turn certbags into encrypted authsafe */	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,								 iter, bags);	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);	bags = NULL;	if (!authsafe) {		ERR_print_errors (bio_err);		goto export_end;	}	safes = sk_PKCS7_new_null ();	sk_PKCS7_push (safes, authsafe);#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_push_info("building shrouded key bag");#endif	/* Make a shrouded key bag */	p8 = EVP_PKEY2PKCS8 (key);	if(keytype) PKCS8_add_keyusage(p8, keytype);	bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);	PKCS8_PRIV_KEY_INFO_free(p8);	p8 = NULL;        if (name) PKCS12_add_friendlyname (bag, name, -1);	PKCS12_add_localkeyid (bag, keyid, keyidlen);	bags = sk_PKCS12_SAFEBAG_new_null();	sk_PKCS12_SAFEBAG_push (bags, bag);#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_push_info("encrypting shrouded key bag");#endif	/* Turn it into unencrypted safe bag */	authsafe = PKCS12_pack_p7data (bags);	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);	bags = NULL;	sk_PKCS7_push (safes, authsafe);#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_push_info("building pkcs12");#endif	p12 = PKCS12_init (NID_pkcs7_data);	M_PKCS12_pack_authsafes (p12, safes);	sk_PKCS7_pop_free(safes, PKCS7_free);	safes = NULL;	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_push_info("writing pkcs12");#endif	i2d_PKCS12_bio (out, p12);	ret = 0;    export_end:#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();	CRYPTO_pop_info();	CRYPTO_push_info("process -export_cert: freeing");#endif	if (key) EVP_PKEY_free(key);	if (certs) sk_X509_pop_free(certs, X509_free);	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();#endif	goto end;	    }    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {	ERR_print_errors(bio_err);	goto end;    }#ifdef CRYPTO_MDEBUG    CRYPTO_push_info("read import password");#endif    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {	BIO_printf (bio_err, "Can't read Password\n");	goto end;    }#ifdef CRYPTO_MDEBUG    CRYPTO_pop_info();#endif    if (!twopass) strcpy(macpass, pass);    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);    if(macver) {#ifdef CRYPTO_MDEBUG    CRYPTO_push_info("verify MAC");#endif	/* If we enter empty password try no password first */	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {		/* If mac and crypto pass the same set it to NULL too */		if(!twopass) cpass = NULL;	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");	    ERR_print_errors (bio_err);	    goto end;	}	BIO_printf (bio_err, "MAC verified OK\n");#ifdef CRYPTO_MDEBUG    CRYPTO_pop_info();#endif    }#ifdef CRYPTO_MDEBUG    CRYPTO_push_info("output keys and certificates");#endif    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {	BIO_printf(bio_err, "Error outputting keys and certificates\n");	ERR_print_errors (bio_err);	goto end;    }#ifdef CRYPTO_MDEBUG    CRYPTO_pop_info();#endif    ret = 0; end:    if (p12) PKCS12_free(p12);    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);#ifdef CRYPTO_MDEBUG    CRYPTO_remove_all_info();#endif    BIO_free(in);    BIO_free_all(out);    if (canames) sk_free(canames);    if(passin) OPENSSL_free(passin);    if(passout) OPENSSL_free(passout);    OPENSSL_EXIT(ret);}int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,	     int passlen, int options, char *pempass){	STACK_OF(PKCS7) *asafes;	STACK_OF(PKCS12_SAFEBAG) *bags;	int i, bagnid;	PKCS7 *p7;	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;	for (i = 0; i < sk_PKCS7_num (asafes); i++) {		p7 = sk_PKCS7_value (asafes, i);		bagnid = OBJ_obj2nid (p7->type);		if (bagnid == NID_pkcs7_data) {			bags = M_PKCS12_unpack_p7data (p7);			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");		} else if (bagnid == NID_pkcs7_encrypted) {			if (options & INFO) {				BIO_printf (bio_err, "PKCS7 Encrypted data: ");				alg_print (bio_err, 					p7->d.encrypted->enc_data->algorithm);			}			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);		} else continue;		if (!bags) return 0;	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 						 options, pempass)) {			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);			return 0;		}		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);	}	sk_PKCS7_pop_free (asafes, PKCS7_free);	return 1;}int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,			   char *pass, int passlen, int options, char *pempass){	int i;	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {		if (!dump_certs_pkeys_bag (out,					   sk_PKCS12_SAFEBAG_value (bags, i),					   pass, passlen,					   options, pempass))		    return 0;	}	return 1;}int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,	     int passlen, int options, char *pempass){	EVP_PKEY *pkey;	PKCS8_PRIV_KEY_INFO *p8;	X509 *x509;		switch (M_PKCS12_bag_type(bag))	{	case NID_keyBag:		if (options & INFO) BIO_printf (bio_err, "Key bag\n");		if (options & NOKEYS) return 1;		print_attribs (out, bag->attrib, "Bag Attributes");		p8 = bag->value.keybag;		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;		print_attribs (out, p8->attributes, "Key Attributes");		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);		EVP_PKEY_free(pkey);	break;	case NID_pkcs8ShroudedKeyBag:		if (options & INFO) {			BIO_printf (bio_err, "Shrouded Keybag: ");			alg_print (bio_err, bag->value.shkeybag->algor);		}		if (options & NOKEYS) return 1;		print_attribs (out, bag->attrib, "Bag Attributes");		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))				return 0;		if (!(pkey = EVP_PKCS82PKEY (p8))) {			PKCS8_PRIV_KEY_INFO_free(p8);			return 0;		}		print_attribs (out, p8->attributes, "Key Attributes");		PKCS8_PRIV_KEY_INFO_free(p8);		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);		EVP_PKEY_free(pkey);	break;	case NID_certBag:		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");		if (options & NOCERTS) return 1;                if (PKCS12_get_attr(bag, NID_localKeyID)) {			if (options & CACERTS) return 1;		} else if (options & CLCERTS) return 1;		print_attribs (out, bag->attrib, "Bag Attributes");		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )								 return 1;		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;		dump_cert_text (out, x509);		PEM_write_bio_X509 (out, x509);		X509_free(x509);	break;	case NID_safeContentsBag:		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");		print_attribs (out, bag->attrib, "Bag Attributes");		return dump_certs_pkeys_bags (out, bag->value.safes, pass,							    passlen, options, pempass);						default:		BIO_printf (bio_err, "Warning unsupported bag type: ");		i2a_ASN1_OBJECT (bio_err, bag->type);		BIO_printf (bio_err, "\n");		return 1;	break;	}	return 1;}/* Given a single certificate return a verified chain or NULL if error *//* Hope this is OK .... */int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain){	X509_STORE_CTX store_ctx;	STACK_OF(X509) *chn;	int i;	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);	if (X509_verify_cert(&store_ctx) <= 0) {		i = X509_STORE_CTX_get_error (&store_ctx);		goto err;	}	chn =  X509_STORE_CTX_get1_chain(&store_ctx);	i = 0;	*chain = chn;err:	X509_STORE_CTX_cleanup(&store_ctx);		return i;}	int alg_print (BIO *x, X509_ALGOR *alg){	PBEPARAM *pbe;	unsigned char *p;	p = alg->parameter->value.sequence->data;	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);	BIO_printf (bio_err, "%s, Iteration %d\n", 	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));	PBEPARAM_free (pbe);	return 0;}/* Load all certificates from a given file */int cert_load(BIO *in, STACK_OF(X509) *sk){	int ret;	X509 *cert;	ret = 0;#ifdef CRYPTO_MDEBUG	CRYPTO_push_info("cert_load(): reading one cert");#endif	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {#ifdef CRYPTO_MDEBUG		CRYPTO_pop_info();#endif		ret = 1;		sk_X509_push(sk, cert);#ifdef CRYPTO_MDEBUG		CRYPTO_push_info("cert_load(): reading one cert");#endif	}#ifdef CRYPTO_MDEBUG	CRYPTO_pop_info();#endif	if(ret) ERR_clear_error();	return ret;}/* Generalised attribute print: handle PKCS#8 and bag attributes */int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name){	X509_ATTRIBUTE *attr;	ASN1_TYPE *av;	char *value;	int i, attr_nid;	if(!attrlst) {		BIO_printf(out, "%s: <No Attributes>\n", name);		return 1;	}	if(!sk_X509_ATTRIBUTE_num(attrlst)) {		BIO_printf(out, "%s: <Empty Attributes>\n", name);		return 1;	}	BIO_printf(out, "%s\n", name);	for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {		attr = sk_X509_ATTRIBUTE_value(attrlst, i);		attr_nid = OBJ_obj2nid(attr->object);		BIO_printf(out, "    ");		if(attr_nid == NID_undef) {			i2a_ASN1_OBJECT (out, attr->object);			BIO_printf(out, ": ");		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));		if(sk_ASN1_TYPE_num(attr->value.set)) {			av = sk_ASN1_TYPE_value(attr->value.set, 0);			switch(av->type) {				case V_ASN1_BMPSTRING:        			value = uni2asc(av->value.bmpstring->data,                                	       av->value.bmpstring->length);				BIO_printf(out, "%s\n", value);				OPENSSL_free(value);				break;				case V_ASN1_OCTET_STRING:				hex_prin(out, av->value.octet_string->data,					av->value.octet_string->length);				BIO_printf(out, "\n");					break;				case V_ASN1_BIT_STRING:				hex_prin(out, av->value.bit_string->data,					av->value.bit_string->length);				BIO_printf(out, "\n");					break;				default:					BIO_printf(out, "<Unsupported tag %d>\n", av->type);				break;			}		} else BIO_printf(out, "<No Values>\n");	}	return 1;}void hex_prin(BIO *out, unsigned char *buf, int len){	int i;	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);}#endif
上一页 12
💿 文件大小 24 K
👤 上传用户 princessmeng
📂 所属分类 CA认证
🏷️ 相关标签

#pkcs #12 #格式文件 #编解码
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -