certlist.cpp

完成数字证书加密

#include "CertList.h"

CertList::CertList()
{
}

CertList::~CertList()
{
}

char* CertList::packCertToList(char* outfile, X509* cert)
{
	return createCertList(outfile, cert);
}

char* CertList::createCertList(char* outfile, X509* cert)
{
	PKCS7* p7=PKCS7_new();
	assert( p7!=NULL);
	PKCS7_set_type(p7, NID_pkcs7_signed);

	string root = readCAConfig("Directory", "CA") + "/" +
				  readCAConfig("Directory", "root") + "/";
	string root_cert = root + readCAConfig("System", "rootCertPath");
	string root_priv = root + readCAConfig("System", "rootKeyPath");
	
	BIO* bi = BIO_new_file(root_cert.c_str(), "r");
	assert( bi!=NULL );
	X509* rootcert = PEM_read_bio_X509(bi, NULL, NULL, NULL);
	assert( rootcert!=NULL );
	BIO* key = BIO_new_file(root_priv.c_str(), "r");
	assert( key!=NULL );
	EVP_PKEY* pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);	
	
	PKCS7_add_certificate(p7, cert);
	PKCS7_add_certificate(p7, rootcert);

	string user = readCAConfig("Directory", "CA") + "/" + 
				  readCAConfig("Directory", "users") + "/";
	BIO* out=NULL;
	if (outfile!=NULL) {
		user.append(outfile);
		out = BIO_new_file(user.c_str(), "w");
	}
	else {
		out = BIO_new(BIO_s_mem());
		user.append("certlist.pem");
	}
	
	assert(out!=NULL);
	PEM_write_bio_PKCS7(out, p7);

	char result[10*K];	
	assert(result!=NULL);
	memset(result, 0, 10*K);
	
	if (outfile==NULL) {
		int len = BIO_read(out, result, 10*K);
		if (len<=0) {
			writelog("convey cert to fail.");
			return false;
		}
		else {
			writelog("handle cert request to succeed");
		}
	}
	
	PKCS7_free(p7);
	BIO_free(out);
	BIO_free(bi);
	out = bi = NULL;
	p7 = NULL;

	if (outfile!=NULL) {
		char* tmp   =(char*)calloc(1, 1*K);
		assert(tmp!=NULL);
		FILE* fd=fopen(user.c_str(), "r");
		assert(fd!=NULL);
		while (!feof(fd)) {
			memset(tmp, 0, 1*K);
			fgets(tmp, 1*K, fd);
			strcat(result, tmp);
		}
		if (tmp) free(tmp), tmp=NULL;
		fclose(fd);
	}

	return result;
}

bool CertList::readCertFromCertList(char* infile)
{
	BIO* bi = BIO_new_file(infile, "r");
	PKCS7 *p7 = PEM_read_bio_PKCS7(bi, NULL, NULL, NULL);
	if ( p7==NULL ){
		writelog("file format is illegal.");
		return false;
	}

	if (!PKCS7_type_is_signed(p7)) {
		writelog("cert list is not signeddat pack.");
		return false;
	}
	STACK_OF(X509)* sk_x509=sk_X509_dup(p7->d.sign->cert);
	string certpath="";

	for(int i=0; i<sk_X509_num(sk_x509); i++) {
		X509* cert = sk_X509_value(sk_x509, i);
		certpath.append("./cert_");
		certpath.append(toString(i));
		certpath.append(".cer");
		BIO* outfile = BIO_new_file(certpath.c_str(), "w");
		PEM_write_bio_X509(outfile, cert);
	
		printCert(cert);

		certpath.empty();
		BIO_free(outfile);
		X509_free(cert);
		cert=NULL;
		outfile=NULL;

		cout<<endl;
		cout<<endl;
	}

//	Debug();
//	PKCS7_free(p7);
	BIO_free(bi);
	return true;
}

string CertList::toString(long num)
{
	CAService ca;
	return ca.toString(num);
}

void CertList::printCert(X509* x509)
{
	CAService ca;
	return ca.printCert(x509);
}

string CertList::readCAConfig(string keyword, string objectName)
{
	CAService ca;
	return ca.readCAconfig(keyword, objectName);
}