📄 ca.c
字号:
} x509=PEM_read_bio_X509(in,NULL,NULL,NULL); if (x509 == NULL) { BIO_printf(bio_err,"unable to load CA certificate\n"); goto err; } if (!X509_check_private_key(x509,pkey)) { BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); goto err; } f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) preserve=1; f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) msie_hack=1; /*****************************************************************/ /* lookup where to write new certificates */ if ((outdir == NULL) && (req)) { struct stat sb; if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) == NULL) { BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); goto err; }#ifndef VMS /* outdir is a directory spec, but access() for VMS demands a filename. In any case, stat(), below, will catch the problem if outdir is not a directory spec, and the fopen() or open() will catch an error if there is no write access. Presumably, this problem could also be solved by using the DEC C routines to convert the directory syntax to Unixly, and give that to access(). However, time's too short to do that just now. */#ifndef VXWORKS if (access(outdir,R_OK|W_OK|X_OK) != 0) { BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir); perror(outdir); goto err; }#endif if (stat(outdir,&sb) != 0) { BIO_printf(bio_err,"unable to stat(%s)\n",outdir); perror(outdir); goto err; }#ifdef S_IFDIR if (!(sb.st_mode & S_IFDIR)) { BIO_printf(bio_err,"%s need to be a directory\n",outdir); perror(outdir); goto err; }#endif#endif } /*****************************************************************/ /* we need to load the database file */ if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); goto err; } if (BIO_read_filename(in,dbfile) <= 0) { perror(dbfile); BIO_printf(bio_err,"unable to open '%s'\n",dbfile); goto err; } db=TXT_DB_read(in,DB_NUMBER); if (db == NULL) goto err; /* Lets check some fields */ for (i=0; i<sk_num(db->data); i++) { pp=(char **)sk_value(db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); goto err; } if ((pp[DB_type][0] == DB_TYPE_REV) && !check_time_format(pp[DB_rev_date])) { BIO_printf(bio_err,"entry %d: invalid revocation date\n", i+1); goto err; } if (!check_time_format(pp[DB_exp_date])) { BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); goto err; } p=pp[DB_serial]; j=strlen(p); if ((j&1) || (j < 2)) { BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j); goto err; } while (*p) { if (!( ((*p >= '0') && (*p <= '9')) || ((*p >= 'A') && (*p <= 'F')) || ((*p >= 'a') && (*p <= 'f'))) ) { BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p); goto err; } p++; } } if (verbose) { BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */#ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); }#endif TXT_DB_write(out,db); BIO_printf(bio_err,"%d entries loaded from the database\n", db->data->num); BIO_printf(bio_err,"generating index\n"); } if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, index_serial_cmp)) { BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); goto err; } if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, index_name_cmp)) { BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", db->error,db->arg1,db->arg2); goto err; } /*****************************************************************/ if (req || gencrl) { if (outfile != NULL) { if (BIO_write_filename(Sout,outfile) <= 0) { perror(outfile); goto err; } } else { BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);#ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); Sout = BIO_push(tmpbio, Sout); }#endif } } if (req) { if ((md == NULL) && ((md=CONF_get_string(conf, section,ENV_DEFAULT_MD)) == NULL)) { lookup_fail(section,ENV_DEFAULT_MD); goto err; } if ((dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); goto err; } if (verbose) BIO_printf(bio_err,"message digest is %s\n", OBJ_nid2ln(dgst->type)); if ((policy == NULL) && ((policy=CONF_get_string(conf, section,ENV_POLICY)) == NULL)) { lookup_fail(section,ENV_POLICY); goto err; } if (verbose) BIO_printf(bio_err,"policy is %s\n",policy); if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) == NULL) { lookup_fail(section,ENV_SERIAL); goto err; } if(!extensions) extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); if(extensions) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_conf_lhash(&ctx, conf); if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); ret = 1; goto err; } } if (startdate == NULL) { startdate=CONF_get_string(conf,section, ENV_DEFAULT_STARTDATE); } if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) { BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n"); goto err; } if (startdate == NULL) startdate="today"; if (enddate == NULL) { enddate=CONF_get_string(conf,section, ENV_DEFAULT_ENDDATE); } if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) { BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n"); goto err; } if (days == 0) { days=(int)CONF_get_number(conf,section, ENV_DEFAULT_DAYS); } if (!enddate && (days == 0)) { BIO_printf(bio_err,"cannot lookup how many days to certify for\n"); goto err; } if ((serial=load_serial(serialfile)) == NULL) { BIO_printf(bio_err,"error while loading serial number\n"); goto err; } if (verbose) { if (BN_is_zero(serial)) BIO_printf(bio_err,"next serial number is 00\n"); else { if ((f=BN_bn2hex(serial)) == NULL) goto err; BIO_printf(bio_err,"next serial number is %s\n",f); OPENSSL_free(f); } } if ((attribs=CONF_get_section(conf,policy)) == NULL) { BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); goto err; } if ((cert_sk=sk_X509_new_null()) == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } if (spkac_file != NULL) { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, serial,startdate,enddate, days,extensions,conf, verbose); if (j < 0) goto err; if (j > 0) { total_done++; BIO_printf(bio_err,"\n"); if (!BN_add_word(serial,1)) goto err; if (!sk_X509_push(cert_sk,x)) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } if (outfile) { output_der = 1; batch = 1; } } } if (ss_cert_file != NULL) { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, db,serial,startdate,enddate,days,batch, extensions,conf,verbose); if (j < 0) goto err; if (j > 0) { total_done++; BIO_printf(bio_err,"\n"); if (!BN_add_word(serial,1)) goto err; if (!sk_X509_push(cert_sk,x)) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } } } if (infile != NULL) { total++; j=certify(&x,infile,pkey,x509,dgst,attribs,db, serial,startdate,enddate,days,batch, extensions,conf,verbose); if (j < 0) goto err; if (j > 0) { total_done++; BIO_printf(bio_err,"\n"); if (!BN_add_word(serial,1)) goto err; if (!sk_X509_push(cert_sk,x)) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } } } for (i=0; i<argc; i++) { total++; j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, serial,startdate,enddate,days,batch, extensions,conf,verbose); if (j < 0) goto err; if (j > 0) { total_done++; BIO_printf(bio_err,"\n"); if (!BN_add_word(serial,1)) goto err; if (!sk_X509_push(cert_sk,x)) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } } } /* we have a stack of newly certified certificates * and a data base and serial number that need * updating */ if (sk_X509_num(cert_sk) > 0) { if (!batch) { BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); (void)BIO_flush(bio_err); buf[0][0]='\0'; fgets(buf[0],10,stdin); if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) { BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); ret=0; goto err; } } BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); strncpy(buf[0],serialfile,BSIZE-4);#ifdef VMS strcat(buf[0],"-new");#else strcat(buf[0],".new");#endif if (!save_serial(buf[0],serial)) goto err; strncpy(buf[1],dbfile,BSIZE-4);#ifdef VMS strcat(buf[1],"-new");#else strcat(buf[1],".new");#endif if (BIO_write_filename(out,buf[1]) <= 0) { perror(dbfile); BIO_printf(bio_err,"unable to open '%s'\n",dbfile); goto err; } l=TXT_DB_write(out,db); if (l <= 0) goto err; } if (verbose) BIO_printf(bio_err,"writing new certificates\n"); for (i=0; i<sk_X509_num(cert_sk); i++) { int k; unsigned char *n; x=sk_X509_value(cert_sk,i); j=x->cert_info->serialNumber->length; p=(char *)x->cert_info->serialNumber->data; strncpy(buf[2],outdir,BSIZE-(j*2)-6);#ifndef VMS strcat(buf[2],"/");#endif n=(unsigned char *)&(buf[2][strlen(buf[2])]); if (j > 0) { for (k=0; k<j; k++) { sprintf((char *)n,"%02X",(unsigned char)*(p++)); n+=2; } } else { *(n++)='0'; *(n++)='0'; } *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m'; *n='\0'; if (verbose) BIO_printf(bio_err,"writing %s\n",buf[2]); if (BIO_write_filename(Cout,buf[2]) <= 0) { perror(buf[2]); goto err; } write_new_certificate(Cout,x, 0, notext); write_new_certificate(Sout,x, output_der, notext); } if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ strncpy(buf[2],serialfile,BSIZE-4);#ifdef VMS strcat(buf[2],"-old");#else strcat(buf[2],".old");#endif BIO_free(in); BIO_free_all(out); in=NULL; out=NULL; if (rename(serialfile,buf[2]) < 0) { BIO_printf(bio_err,"unable to rename %s to %s\n", serialfile,buf[2]); perror("reason"); goto err; } if (rename(buf[0],serialfile) < 0) { BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],serialfile); perror("reason"); rename(buf[2],serialfile); goto err; } strncpy(buf[2],dbfile,BSIZE-4);#ifdef VMS strcat(buf[2],"-old");#else strcat(buf[2],".old");#endif if (rename(dbfile,buf[2]) < 0) { BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile,buf[2]); perror("reason"); goto err; } if (rename(buf[1],dbfile) < 0) { BIO_printf(bio_err,"unable to rename %s to %s\n", buf[1],dbfile); perror("reason"); rename(buf[2],dbfile); goto err; } BIO_printf(bio_err,"Data Base Updated\n"); } } /*****************************************************************/ if (gencrl) { if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); if(crl_ext) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_conf_lhash(&ctx, conf); if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", crl_ext); ret = 1; goto err; } } if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err; if (!crldays && !crlhours) { crldays=CONF_get_number(conf,section, ENV_DEFAULT_CRL_DAYS); crlhours=CONF_get_number(conf,section, ENV_DEFAULT_CRL_HOURS); } if ((crldays == 0) && (crlhours == 0)) { BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); goto err; } if (verbose) BIO_printf(bio_err,"making CRL\n"); if ((crl=X509_CRL_new()) == NULL) goto err; ci=crl->crl; X509_NAME_free(ci->issuer); ci->issuer=X509_NAME_dup(x509->cert_info->subject); if (ci->issuer == NULL) goto err; X509_gmtime_adj(ci->lastUpdate,0); if (ci->nextUpdate == NULL)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -