ca.c

小型ca.命令行方式.可以生成ca .请求,发放证书,crl等.

	X509_REQ * req=NULL;
	EVP_PKEY * pkey=NULL, * prkey=NULL;
	X509 * x509=NULL,* x=NULL;
	BIO * memcert=NULL, * memkey=NULL;
	BUF_MEM *bptrcert=NULL,*bptrkey=NULL;
	int ret=1;
	char * md=NULL;
	int i=0,j=0,ok=0;
	const EVP_MD *dgst=NULL;

	OpenSSL_add_all_digests();
	memcert= BIO_new(BIO_s_mem());
	memkey= BIO_new(BIO_s_mem());
	BIO_set_close(memcert, BIO_CLOSE); /*  BIO_free() free BUF_MEM  */
	BIO_set_close(memkey, BIO_CLOSE); /*  BIO_free() free BUF_MEM  */

	prkey=LoadKey(keyfile,keylen,pwd);//RAND_bytes
	if (prkey == NULL)
	{
		ret = 0;
		goto err;
	}


	x509=LoadCert(certfile,certlen);
	if (x509 == NULL)
	{
		ret = 0;
		goto err;
	}
	


	if (!X509_check_private_key(x509,prkey))
	{
	
		ret = 0;
		goto err;
	}
		
	if(!mkReq(&(sCERT->SUBJECT),&req,&pkey, bits))
	{
	
		ret = 0;
		goto err;
	}

	md="sha1";
	if ((dgst=EVP_get_digestbyname(md)) == NULL)
	{
	
		ret = 0;
		goto err;
	}
	ok=certify(&x,req,prkey,x509,dgst,
		serial,"today",enddate,days,&(sCERT->KUSAGE),&(sCERT->EKUSAGE));
	if (ok <= 0) 
	{
		ret=0;
		goto err;
	}
/*	if (type==DER)
	{
		i=i2d_X509_bio(memcert,x);
		j=i2d_PrivateKey_bio(memkey,pkey);
	}
	else if(type==PEM)

*/	


		i=PEM_write_bio_X509(memcert,x);
//		j=PEM_write_bio_PrivateKey(memkey,pkey,NULL,NULL,0,NULL, NULL);
	
		
	
  if(enc_key)
  {
   
    j=PEM_write_bio_PrivateKey(memkey, pkey, EVP_des_ede3_cbc(), 
     NULL,0, NULL, enc_key);
  }
  else
   j=PEM_write_bio_PrivateKey(memkey,pkey,NULL,NULL,0,NULL, NULL);
	
	if(!i||!j)
	{
	
		ret=0;
		goto err;
	}

	BIO_get_mem_ptr(memcert, &bptrcert);
	*certl=bptrcert->length;
	memcpy(cert,bptrcert->data,*certl);
	
	BIO_get_mem_ptr(memkey, &bptrkey);
	*keyl=bptrkey->length;
	memcpy(key,bptrkey->data,*keyl);
//	printf("*\n");
//	return 0;
err:
	BIO_free_all(memcert);
	BIO_free_all(memkey);
	EVP_PKEY_free(pkey);
	EVP_PKEY_free(prkey);
	X509_free(x509);
	X509_free(x);
	if (req != NULL) X509_REQ_free(req);
	EVP_cleanup();
	//frees all three stacks and sets their pointers to NULL ---- EVP_CIPHER
	
	return ret;
}

int AddRevoke(stuREVOKE *& Head,int index,time_t time)
{
	stuREVOKE * End=NULL;
    End=(stuREVOKE *)malloc(sizeof(stuREVOKE));
    if(End==NULL) return 0;
    End->time= time;
    End->Index=index;
    End->Link=NULL;
 
	if(Head==NULL)
	{
		Head=End;
	}
	else 
	{
		stuREVOKE * p=Head;
		while(p->Link!=NULL)  
			p=p->Link;
		p->Link=End; 
	}

	return 1;
}

int Add_ExtCrl(X509_CRL *crl,X509 * root, 
			   int nid, char *value)
{
	X509V3_CTX ctx;
	X509_EXTENSION *ex;

	/* This sets the 'context' of the extensions. */
	/* No configuration database */
//	X509V3_set_ctx_nodb(&ctx);
    X509V3_set_ctx(&ctx, root, NULL, NULL, crl, 0);
//	issuerAltName  authorityKeyIdentifier
	ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
	if (!ex)
		return 0;
	X509_CRL_add_ext(crl,ex,-1);
	X509_EXTENSION_free(ex);
	return 1;
}


long MakeCrl(char *certfile,int certlen,
			  char *keyfile ,int keylen,
			  stuREVOKE * Head,PNewCrlMem NewCrlMem,char *& outCrl,int * crll,char * outfile,char * pwd,int days)
{
	X509_CRL_INFO *ci = NULL;
	X509_CRL *crl = NULL;
	int ret=1,i=0;
	char *key=NULL;
	char *md=NULL;
	EVP_PKEY *pkey=NULL;
	X509 *x509=NULL;
	BIO *in=NULL,*out=NULL;
	const EVP_MD *dgst=NULL;
	X509_REVOKED *r=NULL;
	long crldays=days;
	long crlhours=0;
	stuREVOKE * temp =NULL;
	BIO * memcrl=NULL;
	BUF_MEM *bptrcrl=NULL;
	char index[100]={0};
	OpenSSL_add_all_algorithms();

	pkey=LoadKey(keyfile,keylen,pwd);
	if (pkey == NULL)
	{
		ret = 0;
		goto err;
	}
	x509=LoadCert(certfile,certlen);
	if (x509 == NULL)
	{
		ret = 0;
		goto err;
	}
	
	if (!X509_check_private_key(x509,pkey))
	{
		
		ret = 0;
		goto err;
	}
	md="md5";//////////!!!!!!!!!!!!!!!!!////////////////////////////
	if ((dgst=EVP_get_digestbyname(md)) == NULL)//return an EVP_MD structure when passed a digest name
	{
		
		ret = 0;
		goto err;
	}
	
	if ((crl=X509_CRL_new()) == NULL)
	{
		ret = 0;
		goto err;
	}
	ci=crl->crl;
	X509_NAME_free(ci->issuer);
	ci->issuer=X509_NAME_dup(x509->cert_info->subject);
	if (ci->issuer == NULL)
	{
		ret = 0;
		goto err;
	}
	X509_gmtime_adj(ci->lastUpdate,0);
	if (ci->nextUpdate == NULL)
		ci->nextUpdate=ASN1_UTCTIME_new();
	X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);

	if(!ci->revoked)
		ci->revoked = sk_X509_REVOKED_new_null();

	
	while(Head!=NULL)
	{
	    temp=Head;
		X509_REVOKED *r = NULL;
        BIGNUM *serial_bn = NULL;
        r = X509_REVOKED_new();
		ASN1_TIME_set(r->revocationDate,Head->time);
	 sprintf(index,"%d",Head->Index);
        BN_hex2bn(&serial_bn,index);
        BN_to_ASN1_INTEGER(serial_bn,r->serialNumber);
        sk_X509_REVOKED_push(ci->revoked,r);
		Head=Head->Link;
		free(temp);
	}
//	sk_X509_REVOKED_sort(ci->revoked);
	for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
	{
		r=sk_X509_REVOKED_value(ci->revoked,i);
		r->sequence=i;
	}

    if (ci->version == NULL)
    if ((ci->version=ASN1_INTEGER_new()) == NULL)
	{
		ret = 0;
		goto err;
	}
    ASN1_INTEGER_set(ci->version,1);
	//	issuerAltName  authorityKeyIdentifier
//	Add_ExtCrl(crl,x509,NID_subject_alt_name,"DNS:hpxs,email:hpxs@hotmail.com,RID:1.2.3.4,URI:https://hpxs,IP:192.168.0.22");
#if(0)
	Add_ExtCrl(crl,x509,NID_issuer_alt_name, "DNS:harbour,email:jianglei@hotmail.com,RID:1.2.3.4,URIhttps://192.168.19.219,IP:192.168.0.22");
	Add_ExtCrl(crl,x509,NID_authority_key_identifier, "keyid,issuer:always");
#endif
	if (!X509_CRL_sign(crl,pkey,dgst))
	{
		ret = 0;
		goto err;
	}
	if(NewCrlMem)
	{
		memcrl= BIO_new(BIO_s_mem());
		BIO_set_close(memcrl, BIO_CLOSE); /*  BIO_free() free BUF_MEM  */
		PEM_write_bio_X509_CRL(memcrl,crl);
		BIO_get_mem_ptr(memcrl, &bptrcrl);
		*crll=bptrcrl->length;
		outCrl=NewCrlMem(*crll);
		memcpy(outCrl,bptrcrl->data,*crll);
	}
	if(outfile)
	{
		out=BIO_new_file(outfile, "w");
		if(out==NULL)
		{
		
			ret = 0;
			goto err;
		}
		PEM_write_bio_X509_CRL(out,crl);
	}

	X509V3_EXT_cleanup();//cleanup the extension code if any custom extensions have been added
err:
	if(out)
		BIO_free_all(out);
	if(memcrl)
		BIO_free_all(memcrl);
	BIO_free(in);
	EVP_PKEY_free(pkey);
	X509_CRL_free(crl);
	X509_free(x509);
	EVP_cleanup();//frees all three stacks and sets their pointers to NULL ---- EVP_CIPHER
	
	return ret;
	
}

long CertFormatConver(char * buf,int len,
			  char * pwd,char * pem,
			  int outformat)
{
	EVP_PKEY *key=NULL;
	X509 *cert=NULL;
	BIO *biout=NULL;
	int i=0;

	if ((biout=BIO_new_file(pem, "w")) == NULL)
	{
		return 0;
	}		
	cert = LoadCert(buf,len);
	if(cert)
	{

		if 	(outformat == DER)
			i=i2d_X509_bio(biout,cert);
		else if (outformat == PEM)
		{
		//	if (trustout) i=PEM_write_bio_X509_AUX(biout,x);
			i=PEM_write_bio_X509(biout,cert);
		}
	
		
	}

	else
	{
		key=LoadKey(buf,len,pwd);
		if(!key) 
		{
		
			return 0;
		}
		if(outformat==PEM)
		{	
			PEM_write_bio_PrivateKey(biout, key, NULL, NULL, 0, 0, NULL);
		}
		if(outformat==DER)
		{
			i2d_PrivateKey_bio(biout,key);
		}
		
	
	}
	
	if (biout != NULL) BIO_free(biout);
	X509_free(cert);
	EVP_PKEY_free(key);

	return  1 ;
}


long ParseDB(char * strP12,char * strPwd,char * strCert,
			 char * strkey,int outformat)
{
	EVP_PKEY *key=NULL;
	X509 *cert=NULL;
	STACK_OF(X509) *ca = NULL;
	BIO * bio=NULL,*bioCert=NULL,*bioKey=NULL;
	PKCS12 *p12=NULL;
	int i=0,j=0;
	
	if((bio=BIO_new_file(strP12, "r")) == NULL)
	{
	
		return 0;
	}
	SSLeay_add_all_algorithms();
	p12 = d2i_PKCS12_bio(bio, NULL);
	if (!PKCS12_parse(p12, strPwd, &key, &cert/*PEM*/, &ca)) 
	{
	
		return 0;
	}
	PKCS12_free(p12);


	if ((bioCert=BIO_new_file(strCert, "w")) == NULL)
	{
		return 0;
	}
	if ((bioKey=BIO_new_file(strkey, "w")) == NULL)
	{
		return 0;
	}
	
	if(outformat == DER)
	{
		i=i2d_X509_bio(bioCert,cert);
		j=i2d_PrivateKey_bio(bioKey,key);
	}
	else if (outformat == PEM)
	{
		i=PEM_write_bio_X509(bioCert,cert);
		j=PEM_write_bio_PrivateKey(bioKey, key, NULL, NULL, 0, 0, NULL);
	}

	if (bio != NULL) BIO_free(bio);
	if (bioCert != NULL) BIO_free(bioCert);
	if (bioKey != NULL) BIO_free(bioKey);
	X509_free(cert);
	EVP_PKEY_free(key);

	EVP_cleanup();//frees all three stacks and sets their pointers to NULL ---- EVP_CIPHER
	if(i!=0&&j!=0)
	{

		return  1 ;
	}
	return 0;
}


long CreateDB(char * strP12,char * strPwd,char * strCert,
			  char * strkey)
{
	FILE *fp=NULL;
	EVP_PKEY *key=NULL;
	X509 *cert=NULL;
	PKCS12 *p12;
	cert =LoadCert(strCert,0);
	if(!cert) 
	{
	
		return 0;
	}
	key=LoadKey(strkey,0,NULL);
	if(!key) 
	{
	
		return 0;
	}
   	SSLeay_add_all_algorithms();
	p12 = PKCS12_create(strPwd,"(hpxs)", key, cert, NULL, 0,0,0,0,0);
	if(!p12)
	{
	
		return 0;
	}
	fp = fopen(strP12, "wb") ;
	
	i2d_PKCS12_fp(fp, p12);
	PKCS12_free(p12);
	fclose(fp);

	X509_free(cert);
	EVP_PKEY_free(key);
	EVP_cleanup();//frees all three stacks and sets their pointers to NULL ---- EVP_CIPHER
	return  1 ;
}


long ChangePB(char * strP12,char * strPwd,char * strPwd2,
			  char * strOutP12)
{
	FILE *fp=NULL;
	EVP_PKEY *key=NULL;
	X509 *cert=NULL;
	STACK_OF(X509) *ca = NULL;
	PKCS12 *p12=NULL;
	int len=0,wlen=0;

	SSLeay_add_all_algorithms();
	if (!(fp = fopen(strP12, "rb")))
	{
	
		return 0;
	}
	p12 = d2i_PKCS12_fp(fp, NULL);
	fclose (fp);
	if (!p12) 
	{
	
		return 0;
	}
	if (!PKCS12_parse(p12, strPwd, &key, &cert, &ca)) 
	{
		
		return 0;
	}
	PKCS12_free(p12);
	fclose(fp);
	p12=NULL;
	///////////////////////////////////////
	p12 = PKCS12_create(strPwd2,"(null)", key, cert, NULL, 0,0,0,0,0);
	if(!p12)
	{
	
		return 0;
	}
	fp = fopen(strOutP12, "wb");

	i2d_PKCS12_fp(fp, p12);
	PKCS12_free(p12);
	fclose(fp);

	X509_free(cert);
	EVP_PKEY_free(key);
	return  1 ;
}

long CertPairCheck(char * cert,char * key)//检验公钥、私钥是否配对
{
	EVP_PKEY *pkey=NULL;
	X509 *x509=NULL;
	x509=LoadCert(cert,0);
	if(x509==NULL)
	{
	
		return 0;
	}
	pkey=LoadKey(key,0,NULL);
	if(pkey==NULL)
	{
	
		X509_free(x509);
		return 0;
	}
	if(X509_check_private_key(x509,pkey))
	{
		X509_free(x509);
		EVP_PKEY_free(pkey);
		return 1;
	}
	else
	{
	
		X509_free(x509);
		EVP_PKEY_free(pkey);
		return 0;
	}

}