certrevocatelist.cpp

完成数字证书加密

#include "CertRevocateList.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>

CRL::CRL()
{
	ca = NULL;
	ca = new CAService();
	assert( ca!=NULL );
	m_crlPath = (char*)calloc(1, 512);
	assert( m_crlPath!=NULL );
	string tmp = getAttribute("Directory", "CA")+
				"/"+
				getAttribute("Directory", "crl")+
				"/"+
				getAttribute("System", "Issuer");
	tmp.append(".pem");
	strcpy(m_crlPath, tmp.c_str());
	assert( m_crlPath!="");

	m_thirdPath = "";
	m_thirdPath = getAttribute("Directory", "CA") + 
				"/"+getAttribute("Directory", "crl")+"/";
}

CRL::~CRL()
{
	if (ca) delete ca, ca=NULL;
	if (m_crlPath) free(m_crlPath), m_crlPath=NULL;
}

void CRL::setObject(CAService* caservice)
{
/*	assert(caservice != NULL);
	ca = caservice;*/
}

bool CRL::checkCRL()
{
	char path[512];
	memset(path, 0, 512);
	strcpy(path, m_crlPath);

	return ca->locateFile(path);
}

void CRL::addNewRevocateList(string serialNumber)
{
	X509* x509 = ca->LoadCert(ca->m_rootCertPath);
	EVP_PKEY* pkey = ca->loadRootPriv(ca->m_rootPrivKeyPath);
	X509_CRL* crl= X509_CRL_new();

	assert(crl != NULL);
	assert(x509 != NULL);
	assert(pkey != NULL);

	if (!X509_check_private_key(x509, pkey)) {
		writelog("cert don't match with key .");
		return ;
	}
	X509_CRL_INFO *ci=NULL;
	ci = crl->crl;
	assert(ci != NULL);
	
	ci->issuer=X509_NAME_dup(x509->cert_info->subject);
	assert(ci->issuer != NULL);

	X509_gmtime_adj(ci->lastUpdate, 0);
	if (ci->nextUpdate == NULL) {
		ci->nextUpdate=ASN1_UTCTIME_new();
	}
	X509_gmtime_adj(ci->nextUpdate, CRL_ISSUE_SCHEDULE);

	ci->issuer = X509_NAME_dup(x509->cert_info->subject);

	if (!ci->revoked) {
		ci->revoked = sk_X509_REVOKED_new_null();
	}

	if (ci->version == NULL) {
		ci->version = ASN1_INTEGER_new();
	}

	long version = atol(getAttribute("CRL", "version").c_str());
	ASN1_INTEGER_set(ci->version, version);
	setAttribute("CRL", "version", ca->toString(++version));
	int year=0, month=0, day=0;
	ca->getCurrentTime(year, month, day);
	setAttribute("CRL", "time", toString(year)+"-"+toString(month)+"-"+toString(day));

	STACK_OF(X509_REVOKED)* revoked_crl = ci->revoked;
	X509_REVOKED *revoked=X509_REVOKED_new();	
	ASN1_INTEGER_set(revoked->serialNumber, atol(serialNumber.c_str()));
	assert( revoked!=NULL );
	time_t tm;
	time(&tm);
	ASN1_TIME_set(revoked->revocationDate, tm);
	
//	X509_REVOKED_set_serialNumber(revoked, );
//	X509_REVOKED_set_revocationDate(revoked, );
	sk_X509_REVOKED_push(revoked_crl, revoked);

	const EVP_MD* dgst = EVP_get_digestbyname("md5");
	if (!X509_CRL_sign(crl,pkey,dgst)) {
		return ;
	}

	BIO* io = BIO_new_file(m_crlPath, "w");
	assert(io != NULL);
	PEM_write_bio_X509_CRL(io, crl);
	
	BIO_free(io);
	X509_CRL_free(crl);
	sk_X509_REVOKED_free(revoked_crl);
	X509_free(x509);
	EVP_PKEY_free(pkey);
}

string CRL::getCRL(string serialNumber, string issuer)
{
	BIO* bi = NULL;
	if (issuer=="") {
		bi=BIO_new_file(m_crlPath, "r");
	}
	else {
		bi=BIO_new_file(issuer.c_str(), "r");
	}
	assert(bi != NULL);
	X509_CRL* crl = PEM_read_bio_X509_CRL(bi, NULL, NULL, NULL);
	assert(crl != NULL);
	STACK_OF(X509_REVOKEED)* revoked = crl->crl->revoked;
	string result = "";

	if (revoked!=NULL) {
		for(int i=0; i<sk_X509_CRL_num(revoked); i++) {
			X509_REVOKED* xr=NULL;
			xr = sk_X509_REVOKED_value(revoked, i);
			long number = ASN1_INTEGER_get(xr->serialNumber);
			if (serialNumber!="") {
				if (number == atol(serialNumber.c_str())) {
					result = "find";
					break;
				}
			}
			else {
				if (!i) {
					result = "";
				}
				result.append(toString(number)).append(";");
			}
		}
	}
	BIO_free(bi);
	X509_CRL_free(crl);
	bi = NULL;
	crl=NULL;
	revoked=NULL;
	
	return result;
}

void CRL::insertNewRevocationList(string serialNumber)
{
	if (getCRL(serialNumber, m_crlPath)=="find") {
		deleteFromCRL(serialNumber);
	}
	BIO* bi = BIO_new_file(m_crlPath, "r");
	assert(bi != NULL);
	X509_CRL* crl = PEM_read_bio_X509_CRL(bi, NULL, NULL, NULL);
	assert(crl != NULL);
	X509_CRL_INFO *ci = crl->crl;
	assert( ci!=NULL );
	STACK_OF(X509_REVOKED)* revoked=ci->revoked;
	X509_REVOKED* xr=NULL;
	time_t tm;
	time(&tm);

	xr = X509_REVOKED_new();
	ASN1_TIME_set(xr->revocationDate, tm);
	ASN1_INTEGER_set(xr->serialNumber, atol(serialNumber.c_str()));
	sk_X509_REVOKED_push(revoked, xr);
	BIO_free(bi);
	bi=NULL;
	
	BIO* bo = BIO_new_file(m_crlPath, "w");
	assert( bo!=NULL );
	PEM_write_bio_X509_CRL(bo, crl);
	BIO_free(bo);
	bo=NULL;
	
	X509_CRL_free(crl);
	crl=NULL;
}

void CRL::createCertificateRevocateList(string serialNumber)	
{
	if (checkCRL()) {
		insertNewRevocationList(serialNumber);
	}
	else {
		addNewRevocateList(serialNumber);
	}

	importCRL(m_crlPath, getAttribute("System", "Issuer"));
}

void CRL::setAttribute(string keyword, string objectName, string value)
{
	ca->setCAConfigItem(keyword, objectName, value);
}

string CRL::getAttribute(string keyword, string objectName)
{
	return ca->readCAconfig(keyword, objectName);
}

bool CRL::certInCRL(X509* x509)
{
	return false;
}

string CRL::toString(long num)
{
	return ca->toString(num);
}

bool CRL::deleteFromCRL(string serialNumber, char* result)
{
	BIO* bi = BIO_new_file(m_crlPath, "r");
	assert(bi != NULL);
	X509_CRL* crl = PEM_read_bio_X509_CRL(bi, NULL, NULL, NULL);
	assert(crl != NULL);
	STACK_OF(X509_REVOKED)* revoked=crl->crl->revoked;
	X509_REVOKED* xr=NULL;
	bool flag = false;

	for(int i=0; i<sk_X509_CRL_num(revoked); i++) {
		xr = sk_X509_REVOKED_value(revoked, i);
		if (atol(serialNumber.c_str())==ASN1_INTEGER_get(xr->serialNumber)) {
			sk_X509_REVOKED_delete(revoked, i);
			flag = true;
			break;
		}
	}

	BIO_free(bi);
	bi = NULL;
	xr = NULL;
	if (flag) {
		BIO* bo = BIO_new_file(m_crlPath, "w");
		assert( bo!=NULL );
		PEM_write_bio_X509_CRL(bo, crl);
		BIO_free(bo);
		bo = NULL;
	}
	else {
		writelog("There is not specific cert in CRL.");
		if (result != NULL) {
			strcpy(result, "There is not specific cert in CRL.");
		}
	}
	
	X509_CRL_free(crl);
	crl=NULL;
	
	if (flag) {
		importCRL(m_crlPath, getAttribute("System", "Issuer"));
	}
	return true;
}

void CRL::importCRL(const char* crl, string issuer)
{
	assert(crl!=NULL);
	CertDB db;
	db.initializeConnect();
	db.importCRLToDB(convertPEMtoChar(crl),"insert", issuer);
	db.closeConnection();
}

string CRL::exportCRL(string issuer)
{
	string filepath="";
	filepath.append(m_thirdPath).append(issuer).append(".pem");

	char path[512];
	memset(path, 0, 512);
	strcpy(path, filepath.c_str());
	if (!ca->locateFile(path)) {
		CertDB db;
		char* tmp = db.exportCRLFromDB(issuer);
		FILE* fp = fopen(filepath.c_str(), "w");
		assert(fp!=NULL);
		fwrite(tmp, strlen(tmp), 1, fp);
		fclose(fp);
	}

	string result = "";
	struct stat buf;
	stat(filepath.c_str(), &buf);
	if (buf.st_size>0) {
		result.append(getCRL("", filepath));
	}
	return result;
}

char* CRL::convertPEMtoChar(const char* filepath)
{
	char result[10*K];
	char* tmp   =(char*)calloc(1, 1*K);
	assert(tmp!=NULL);
	memset(result, 0, 10*K);
	FILE* fd=fopen(filepath, "rb");
	assert(fd!=NULL);
	while (!feof(fd)) {
		memset(tmp, 0, 1*K);
		fgets(tmp, 1*K, fd);
		strcat(result, tmp);
	}
	if (tmp) free(tmp), tmp=NULL;
	fclose(fd);
	return result;
}

void CRL::parseCRL(string data, string& issuer)
{
	char buf[2*K];
	memset(buf, 0, 2*K);
	strcpy(buf, data.c_str());
	BIO *io = BIO_new_mem_buf(buf, strlen(buf));
	assert(io!=NULL);
	X509_CRL* crlImported = PEM_read_bio_X509_CRL(io, NULL, NULL, NULL);
	assert(crlImported != NULL);

	X509_NAME* issuerName = crlImported->crl->issuer;
	BIO *out = BIO_new(BIO_s_mem());
	assert(out!=NULL);
	X509_NAME_print(out, issuerName, 80);
	char swap[80];
	memset(swap, 0, 80);
	BIO_read(out, swap, 80);
	BIO_free(out);
	if ((!strcmp(swap, ""))) {
		issuer="", issuer.append(swap);
	}
	
	X509_CRL_free(crlImported);
	BIO_free(io);
	io=NULL;
	crlImported = NULL;
	issuerName=NULL;
}

string CRL::importThirdCRL(char* data, string crlIssuer)
{
	string result = "";
	char swap[4*K];
	memset(swap, 0, 4*K);
	
	if (data!=NULL) {
		BIO *bio = BIO_new(BIO_s_mem());
		BIO_write(bio, data, strlen(data));
		X509_CRL *crl = NULL;
		if ((crl=d2i_X509_CRL_bio(bio, NULL))!=NULL){
			BIO *bp = BIO_new(BIO_s_mem());
			PEM_write_bio_X509_CRL(bp, crl);
			BIO_read(bp, swap, 4*K);
			BIO_free(bp);
			bp = NULL;
			X509_CRL_free(crl);
			data = NULL;
			data = swap;
		}		
		BIO_free(bio);
		bio=NULL;
	}
	
	string issuer="";
	parseCRL(data, issuer);
	if (issuer=="") {
		return result;
	}

	string object=issuer;
	issuer.append(".pem");
	issuer=m_thirdPath;
	issuer.append(object);
	FILE* fd = fopen(issuer.c_str(), "w");
	if (fd==NULL) {
		result.append("error : open file to fail, or ").
			append(issuer).
			append(" is not exist.");
		return result;
	}
	int len = fwrite(data, strlen(data), 1, fd);
	if (len ==0 || len < strlen(data)) {
		result = "import third crl to fail.";
	}
	else {
		result = "succeed to import third crl.";
	}
	fclose(fd);

	importCRL(issuer.c_str(), object);

	issuer = getAttribute("CRL", "third");
	issuer.append(object).append(";");
	setAttribute("CRL", "third", issuer);

	return result;

}