📄 caservice.cpp

📁 完成数字证书加密
💻 CPP
📖 第 1 页 / 共 3 页
字号:
上一页 1 23
		if (len<=0) {			writelog("convey cert to fail.");			return false;		}		else {			successlog("handle cert request to succeed");		//	printCert(x509);					}		BIO_free(out);*/		if (outfile) {			cout << outfile<<endl;		}	}	writelog("handle cert request to succeed");	return true;}string CAService::createCertList(char* outlist, X509* x509){	CertList* cl = new CertList();	assert( cl!=NULL );	char result[10*K];   	strcpy(result, cl->packCertToList(outlist,x509));	string certlist="";	certlist.append(result);	if (cl) delete cl, cl=NULL;	return certlist;}string CAService::makeCertRevocateList(string serialNumber){	CRL* crl = new CRL();	assert(crl != NULL);	crl->setObject(this);	string result = "ok";	string tmp = readCAconfig("SerialNumber");	if (atol(tmp.c_str()) < atol(serialNumber.c_str())) {		result =  "SerialNumber is invalid, the cert has been applied by now.";		cout  << result << endl;		return result;	}	crl->createCertificateRevocateList(serialNumber);		if (crl) {		delete crl;		crl = NULL;	}	return result;}bool CAService::checkParameter(char* first,...){	va_list marked;	va_start(marked, first);	char* tmp = first;	while (!strcmp(tmp, "-1")) {		tmp = va_arg(marked, char*);		if (tmp == NULL) {			writelog("illegical datum ");		}	}	va_end(marked);}X509* CAService::load_cert(char * outMsg, BIO *cert, int format, char * pwd){	X509 * x=NULL;	if 	(format == DER)		x=d2i_X509_bio(cert,NULL);	else if (format == PEM) {		x=PEM_read_bio_X509(cert,NULL,NULL,NULL);	}	else if (format == P12)	{		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);		PKCS12_parse(p12, pwd, NULL, &x, NULL);		PKCS12_free(p12);		p12 = NULL;	}	else	{		writelog("bad input format specified for input cert");		return NULL;	}	return(x);}X509* CAService::LoadCert(char* cert,int certlen,char * outMsg){	BIO * in=NULL;	X509 * x509=NULL;	if(certlen==0)	{		if((in=BIO_new_file(cert, "r")) == NULL)		{			sprintf(outMsg,"open CA certificate file error");			return NULL;		}	}	else	{		if((in=BIO_new_mem_buf(cert,certlen))== NULL)		{			sprintf(outMsg,"Make Mem Bio Error");			return NULL;		}	}	if((x509=load_cert(outMsg, in, DER, NULL))==NULL)	{		BIO_reset(in);		x509=load_cert(outMsg, in, PEM, NULL);		assert (x509 != NULL);	}	if (in != NULL) BIO_free(in);		return x509;}EVP_PKEY* CAService::loadRootPriv(char * key, int keylen, int format){	EVP_PKEY *pkey=NULL;	BIO * in=NULL;	if (!keylen) {		if ((in = BIO_new_file(key, "r")) == NULL) {			return NULL;		}	}	else {		if((in=BIO_new_mem_buf(key,keylen))== NULL)		{			writelog("Make Mem Bio Error");			return NULL;		}	}	if (format == PEM)	{		pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);	}	else if (format == P12)	{		PKCS12 *p12 = d2i_PKCS12_bio(in, NULL);		PKCS12_parse(p12, NULL, &pkey, NULL, NULL);		PKCS12_free(p12);		p12 = NULL;	}	assert(pkey != NULL);		if (in != NULL) {		BIO_free(in);	}	return pkey;}void CAService::print(char* filepath){	BIO* out = BIO_new_file(filepath, "r");	if (out==NULL) {		cout << "filepath is fault ."<<endl;		return ;	}	X509 *x509 = PEM_read_bio_X509(out, NULL, NULL, NULL);	printCert(x509);	BIO_free(out);}void CAService::printCert(X509* x509){	assert( x509!=NULL );		BIO* print=BIO_new_fp(stdout, BIO_NOCLOSE);	X509_NAME* name=X509_get_subject_name(x509);	cout<<"------------------Cert---------------------"<<endl;	X509_print(print, x509);	cout<<endl;	BIO_free(print);}string CAService::getIssuer(const char* dn){	string issuer="";	char* name=(char*)calloc(1, 512);	assert(name!=NULL);	strcpy(name, dn);	char* pt = strstr(dn, "CN=");	assert(pt!=NULL);	strcpy(name, pt);	strcpy(name, strstr(name, "=")+1);	issuer.append(name);	if (name) free(name), name=NULL;		return issuer;}bool CAService::exportCertToUser(string dn, string name, string action){	if (m_db->exportCertToUser(dn, name, action) == NULL) {		writelog("from db , exporting cert fail.");		return false;	}	return true;}bool CAService::importCertListToDB(string dn, string certlist, string type){	m_distingishName = dn;	m_db->importCertListToDB(dn, certlist, m_sn, type);	return true;}string CAService::getDN(X509* cert){	assert( cert!=NULL );	X509_NAME* name = X509_get_subject_name(cert);	BIO *io = BIO_new(BIO_s_mem());	assert( io!=NULL );	X509_NAME_print(io, name, 80);	char *dn = (char*)calloc(1, 10*K);	BIO_read(io, dn, 10*K);		BIO_free(io);		string DN="";	DN.append(dn);		if (dn) free(dn), dn=NULL;	return DN;}bool CAService::importCertToDB(X509* cert,string certType, EVP_PKEY* key){	assert( cert!=NULL );	m_distingishName = getDN(cert);	if (certType=="root") {		char priv[2*K];		memset(priv, 0, 2*K);		BIO *in = BIO_new(BIO_s_mem());		PEM_write_bio_PKCS8PrivateKey(in, key, NULL, NULL, 0, NULL, NULL);		BIO_read(in, priv, 2*K);		BIO_free(in);		m_db->importCertToDB(m_distingishName, cert, m_sn, certType, priv);	}	else {		m_db->importCertToDB(m_distingishName, cert, m_sn, certType);	}		return true;}bool CAService::importCRLToDB(){   return true;}bool CAService::locateFile(char* filepath){	char filename[512];	memset(filename, 0, 512);	int pos = 0;	int len = strlen(filepath)-1;	char* pt= NULL;	pt = filepath+len;	bool flag = false;	while(pt != filepath) {		if (*pt=='/') {			flag=true;			break;		}		pt--;	}	if (!flag) {		cout << "cert path is invalid."<<endl;		return false;	}	else {		strcpy(filename, pt+1);		*pt = 0;	}		DIR* dir=opendir(filepath);	assert(dir!=NULL);	int fd = dirfd(dir);	assert(fd!=-1);	struct dirent *dirp=NULL;	flag=false;	while ((dirp=readdir(dir))!=NULL) {		if (!strcmp(filename, dirp->d_name)) {			flag = true;			break;		}	}		if (!flag) {		cout << "in specific path, don't find file , \""<<filename<<"\""<<endl;		return flag;	}	closedir(dir);	return true;	}string CAService::exportCRLToUser(string type){	CRL crl;	return crl.exportCRL(type);}bool CAService::findCertInDB(X509* cert, string type){   return true;}bool CAService::updateCertToDB(X509* cert, string type){   return true;}string CAService::getRequestSubject(X509_NAME* name){	string result = "";	BIO *out = BIO_new(BIO_s_mem());	assert(out!=NULL);	X509_NAME_print(out, name, 80);	char* username=(char*)calloc(1,512);	assert(username!=NULL);	BIO_read(out, username, 512);	result.append(username);	if (username) free(username), username=NULL;	BIO_free(out);	return result;}string CAService::removeUserCertificate(char* serialNumber){	return makeCertRevocateList(serialNumber);}bool CAService::deleteCertFromCRL(string serialNumber, char* result){	CRL* crl = new CRL();	assert(crl!=NULL);	bool flag = crl->deleteFromCRL(serialNumber, result);	if (crl) {		delete crl;		crl = NULL;	}	return flag;}void CAService::showInformation(){	m_db->showInformation();	}string CAService::verifyCertificate(string data){	string result = "";	if (data=="") {		result = "empty request";		return result;	}	BIO* bi = BIO_new(BIO_s_mem());	assert(bi!=NULL);	BIO_write(bi, data.c_str(), data.length());	X509* x509 = PEM_read_bio_X509(bi, NULL, NULL, NULL);	assert(x509!=NULL);	BIO_free(bi);	string priv = m_rootPath + "/" + readCAconfig("System", "rootKeyPath");	bi = BIO_new_file(priv.c_str(), "r");	EVP_PKEY* privkey = PEM_read_bio_PrivateKey(bi, NULL, NULL, NULL);	assert(privkey!=NULL);	if (!X509_verify(x509, privkey)) {		result = "invalid key, key pairs don't match.";	}	int serialNumber=ASN1_INTEGER_get(X509_get_serialNumber(x509));		CRL* crl = new CRL();	assert(crl != NULL);	if (crl->getCRL(toString(serialNumber)) == "find") {		result = "cert is in crl.";	}	else {		result = "right";	}	if (crl) {		delete crl;		crl = NULL;	}	EVP_PKEY_free(privkey);	BIO_free(bi);	X509_free(x509);	privkey = NULL;	x509=NULL;	bi=NULL;	return result;}void CAService::createCAConfigFile(){	FILE* fd=fopen(CA_CONFIG_PATH, "wb");	assert(fd!=NULL);	string ca="";	ca="<CA>\n	\	\t<SerialNumber>0</SerialNumber>\n	\	\t<Root>no</Root>\n	\	\t<System>\n	\		\t\t<Initial>no</Initial>\n	\		\t\t<rootDN>none</rootDN>\n	\		\t\t<rootCertPath>rootCert.cer</rootCertPath>\n	\		\t\t<rootKeyPath>rootPriv.pem</rootKeyPath>\n	\		\t\t<keyLength Algeorithms=\"rsa\">1024</keyLength>\n	\		\t\t<validPeriod>365*10</validPeriod>\n	\		\t\t<Issuer>none</Issuer>\n	\	\t</System>\n	\	\t<DB>\n	\		\t\t<Username>root</Username>\n	\		\t\t<Password>root</Password>\n	\		\t\t<db>ca</db>\n	\		\t\t<Server>localhost</Server>\n	\		\t\t<CertList>cert_list</CertList>\n	\		\t\t<CRLList>crl_list</CRLList>\n	\		\t\t<DB_Cert_Struct>create table cert_list (ID int(11) NOT NULL auto_Increment, SerialNumber text NOT NULL default \'\', Username varchar(255) NOT NULL default \'\', Type varchar(255) NOT NULL default\'\', DN text NOT NULL default\'\', Cert text NOT NULL default \'\', priv text , primary key (ID));</DB_Cert_Struct>	\		\t\t<DB_CRL_Struct>create table crl_list (ID int(11) NOT NULL auto_Increment, Issuer text NOT NULL, CRL text NOT NULL, PRIMARY KEY (ID));</DB_CRL_Struct>	\	\t</DB>\n	\	\t<Time>\n	\		\t\t<year>none</year>\n	\		\t\t<month>none</month>\n	\		\t\t<day>none</day>\n	\		\t\t<span>none</span>\n	\	\t</Time>\n	\	\t<Log>\n	\		\t\t<time>none</time>\n	\		\t\t<object>none</object>\n	\		\t\t<content>none</content>\n		\		\t\t<status>none</status>\n	\		\t\t<why>none</why>\n	\		\t</Log>\n	\	\t<CRL>\n	\		\t\t<version>0</version>\n	\		\t\t<time>0</time>\n	\		\t\t<crl>crl.pem</crl>\n	\		\t\t<third></third>\n		\	\t</CRL>\n	\	\t<Users>\n	\		\t\t<Administrator>no</Administrator>\n	\		\t\t<Operator>no</Operator>\n	\		\t\t<Period_of_Validate>1</Period_of_Validate>\n	\	\t</Users>\n	\	\t<Directory>\n	\		\t\t<CA>CAService</CA>\n	\		\t\t<crl>crl</crl>\n	\		\t\t<root>root</root>\n	\		\t\t<users>users</users>\n	\		\t\t<export>export</export>\n	\		\t\t<import>import</import>\n	\		\t\t<req>req</req>\n	\		\t\t<tmp>tmp</tmp>\n	\	\t</Directory>\n	\	\t<Communication>\n	\		\t\t<rCACom>no</rCACom>\n	\		\t\t<wCACom>no</wCACom>\n	\	\t</Communication>\n	\	\t<Shell>	\		\t<Username>boco</Username>\n	\		\t<Password>I8fUurq/gEjAzaUTasg8ng==</Password>\n	\	\t</Shell>\n	\</CA>";	fwrite(ca.c_str(), ca.size(), 1, fd);	fclose(fd);}
上一页 1 23
💿 文件大小 39 K
👤 上传用户 ashdfg
📂 所属分类 CA认证
🏷️ 相关标签

#数字 #加密
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -