ca.c

mediastreamer2是开源的网络传输媒体流的库

		section,ENV_DEFAULT_MD)) == NULL))
		{
		lookup_fail(section,ENV_DEFAULT_MD);
		goto err;
		}

	if ((dgst=EVP_get_digestbyname(md)) == NULL)
		{
		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
		goto err;
		}

	if (req)
		{
		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
			{
			if(strcmp(tmp_email_dn,"no") == 0)
				email_dn=0;
			}
		if (verbose)
			BIO_printf(bio_err,"message digest is %s\n",
				OBJ_nid2ln(dgst->type));
		if ((policy == NULL) && ((policy=NCONF_get_string(conf,
			section,ENV_POLICY)) == NULL))
			{
			lookup_fail(section,ENV_POLICY);
			goto err;
			}
		if (verbose)
			BIO_printf(bio_err,"policy is %s\n",policy);

		if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
			== NULL)
			{
			lookup_fail(section,ENV_SERIAL);
			goto err;
			}

		if (!extconf)
			{
			/* no '-extfile' option, so we look for extensions
			 * in the main configuration file */
			if (!extensions)
				{
				extensions=NCONF_get_string(conf,section,
								ENV_EXTENSIONS);
				if (!extensions)
					ERR_clear_error();
				}
			if (extensions)
				{
				/* Check syntax of file */
				X509V3_CTX ctx;
				X509V3_set_ctx_test(&ctx);
				X509V3_set_nconf(&ctx, conf);
				if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
								NULL))
					{
					BIO_printf(bio_err,
				 	"Error Loading extension section %s\n",
								 extensions);
					ret = 1;
					goto err;
					}
				}
			}

		if (startdate == NULL)
			{
			startdate=NCONF_get_string(conf,section,
				ENV_DEFAULT_STARTDATE);
			if (startdate == NULL)
				ERR_clear_error();
			}
		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
			{
			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
			goto err;
			}
		if (startdate == NULL) startdate="today";

		if (enddate == NULL)
			{
			enddate=NCONF_get_string(conf,section,
				ENV_DEFAULT_ENDDATE);
			if (enddate == NULL)
				ERR_clear_error();
			}
		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
			{
			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
			goto err;
			}

		if (days == 0)
			{
			if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
				days = 0;
			}
		if (!enddate && (days == 0))
			{
			BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
			goto err;
			}

		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
			{
			BIO_printf(bio_err,"error while loading serial number\n");
			goto err;
			}
		if (verbose)
			{
			if (BN_is_zero(serial))
				BIO_printf(bio_err,"next serial number is 00\n");
			else
				{
				if ((f=BN_bn2hex(serial)) == NULL) goto err;
				BIO_printf(bio_err,"next serial number is %s\n",f);
				OPENSSL_free(f);
				}
			}

		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
			{
			BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
			goto err;
			}

		if ((cert_sk=sk_X509_new_null()) == NULL)
			{
			BIO_printf(bio_err,"Memory allocation failure\n");
			goto err;
			}
		if (spkac_file != NULL)
			{
			total++;
			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
				conf,verbose,certopt,nameopt,default_op,ext_copy);
			if (j < 0) goto err;
			if (j > 0)
				{
				total_done++;
				BIO_printf(bio_err,"\n");
				if (!BN_add_word(serial,1)) goto err;
				if (!sk_X509_push(cert_sk,x))
					{
					BIO_printf(bio_err,"Memory allocation failure\n");
					goto err;
					}
				if (outfile)
					{
					output_der = 1;
					batch = 1;
					}
				}
			}
		if (ss_cert_file != NULL)
			{
			total++;
			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
				db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
				extensions,conf,verbose, certopt, nameopt,
				default_op, ext_copy, e);
			if (j < 0) goto err;
			if (j > 0)
				{
				total_done++;
				BIO_printf(bio_err,"\n");
				if (!BN_add_word(serial,1)) goto err;
				if (!sk_X509_push(cert_sk,x))
					{
					BIO_printf(bio_err,"Memory allocation failure\n");
					goto err;
					}
				}
			}
		if (infile != NULL)
			{
			total++;
			j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
				extensions,conf,verbose, certopt, nameopt,
				default_op, ext_copy, selfsign);
			if (j < 0) goto err;
			if (j > 0)
				{
				total_done++;
				BIO_printf(bio_err,"\n");
				if (!BN_add_word(serial,1)) goto err;
				if (!sk_X509_push(cert_sk,x))
					{
					BIO_printf(bio_err,"Memory allocation failure\n");
					goto err;
					}
				}
			}
		for (i=0; i<argc; i++)
			{
			total++;
			j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
				extensions,conf,verbose, certopt, nameopt,
				default_op, ext_copy, selfsign);
			if (j < 0) goto err;
			if (j > 0)
				{
				total_done++;
				BIO_printf(bio_err,"\n");
				if (!BN_add_word(serial,1)) goto err;
				if (!sk_X509_push(cert_sk,x))
					{
					BIO_printf(bio_err,"Memory allocation failure\n");
					goto err;
					}
				}
			}	
		/* we have a stack of newly certified certificates
		 * and a data base and serial number that need
		 * updating */

		if (sk_X509_num(cert_sk) > 0)
			{
			if (!batch)
				{
				BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
				(void)BIO_flush(bio_err);
				buf[0][0]='\0';
				fgets(buf[0],10,stdin);
				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
					{
					BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 
					ret=0;
					goto err;
					}
				}

			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));

			if (!save_serial(serialfile,"new",serial,NULL)) goto err;

			if (!save_index(dbfile, "new", db)) goto err;
			}
	
		if (verbose)
			BIO_printf(bio_err,"writing new certificates\n");
		for (i=0; i<sk_X509_num(cert_sk); i++)
			{
			int k;
			char *n;

			x=sk_X509_value(cert_sk,i);

			j=x->cert_info->serialNumber->length;
			p=(const char *)x->cert_info->serialNumber->data;
			
			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
				{
				BIO_printf(bio_err,"certificate file name too long\n");
				goto err;
				}

			strcpy(buf[2],outdir);

#ifndef OPENSSL_SYS_VMS
			BUF_strlcat(buf[2],"/",sizeof(buf[2]));
#endif

			n=(char *)&(buf[2][strlen(buf[2])]);
			if (j > 0)
				{
				for (k=0; k<j; k++)
					{
					if (n >= &(buf[2][sizeof(buf[2])]))
						break;
					BIO_snprintf(n,
						     &buf[2][0] + sizeof(buf[2]) - n,
						     "%02X",(unsigned char)*(p++));
					n+=2;
					}
				}
			else
				{
				*(n++)='0';
				*(n++)='0';
				}
			*(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
			*n='\0';
			if (verbose)
				BIO_printf(bio_err,"writing %s\n",buf[2]);

			if (BIO_write_filename(Cout,buf[2]) <= 0)
				{
				perror(buf[2]);
				goto err;
				}
			write_new_certificate(Cout,x, 0, notext);
			write_new_certificate(Sout,x, output_der, notext);
			}

		if (sk_X509_num(cert_sk))
			{
			/* Rename the database and the serial file */
			if (!rotate_serial(serialfile,"new","old")) goto err;

			if (!rotate_index(dbfile,"new","old")) goto err;

			BIO_printf(bio_err,"Data Base Updated\n");
			}
		}
	
	/*****************************************************************/
	if (gencrl)
		{
		int crl_v2 = 0;
		if (!crl_ext)
			{
			crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
			if (!crl_ext)
				ERR_clear_error();
			}
		if (crl_ext)
			{
			/* Check syntax of file */
			X509V3_CTX ctx;
			X509V3_set_ctx_test(&ctx);
			X509V3_set_nconf(&ctx, conf);
			if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
				{
				BIO_printf(bio_err,
				 "Error Loading CRL extension section %s\n",
								 crl_ext);
				ret = 1;
				goto err;
				}
			}

		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
			!= NULL)
			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
				{
				BIO_printf(bio_err,"error while loading CRL number\n");
				goto err;
				}

		if (!crldays && !crlhours)
			{
			if (!NCONF_get_number(conf,section,
				ENV_DEFAULT_CRL_DAYS, &crldays))
				crldays = 0;
			if (!NCONF_get_number(conf,section,
				ENV_DEFAULT_CRL_HOURS, &crlhours))
				crlhours = 0;
			}
		if ((crldays == 0) && (crlhours == 0))
			{
			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
			goto err;
			}

		if (verbose) BIO_printf(bio_err,"making CRL\n");
		if ((crl=X509_CRL_new()) == NULL) goto err;
		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;

		tmptm = ASN1_TIME_new();
		if (!tmptm) goto err;
		X509_gmtime_adj(tmptm,0);
		X509_CRL_set_lastUpdate(crl, tmptm);	
		X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
		X509_CRL_set_nextUpdate(crl, tmptm);	

		ASN1_TIME_free(tmptm);

		for (i=0; i<sk_num(db->db->data); i++)
			{
			pp=(const char **)sk_value(db->db->data,i);
			if (pp[DB_type][0] == DB_TYPE_REV)
				{
				if ((r=X509_REVOKED_new()) == NULL) goto err;
				j = make_revoked(r, pp[DB_rev_date]);
				if (!j) goto err;
				if (j == 2) crl_v2 = 1;
				if (!BN_hex2bn(&serial, pp[DB_serial]))
					goto err;
				tmpser = BN_to_ASN1_INTEGER(serial, NULL);
				BN_free(serial);
				serial = NULL;
				if (!tmpser)
					goto err;
				X509_REVOKED_set_serialNumber(r, tmpser);
				ASN1_INTEGER_free(tmpser);
				X509_CRL_add0_revoked(crl,r);
				}
			}

		/* sort the data so it will be written in serial
		 * number order */
		X509_CRL_sort(crl);

		/* we now have a CRL */
		if (verbose) BIO_printf(bio_err,"signing CRL\n");
#ifndef OPENSSL_NO_DSA
		if (pkey->type == EVP_PKEY_DSA) 
			dgst=EVP_dss1();
		else
#endif
#ifndef OPENSSL_NO_ECDSA
		if (pkey->type == EVP_PKEY_EC)
			dgst=EVP_ecdsa();
#endif

		/* Add any extensions asked for */

		if (crl_ext || crlnumberfile != NULL)
			{
			X509V3_CTX crlctx;
			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
			X509V3_set_nconf(&crlctx, conf);

			if (crl_ext)
				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
					crl_ext, crl)) goto err;
			if (crlnumberfile != NULL)
				{
				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
				if (!tmpser) goto err;
				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
				ASN1_INTEGER_free(tmpser);
				crl_v2 = 1;
				if (!BN_add_word(crlnumber,1)) goto err;
				}
			}
		if (crl_ext || crl_v2)
			{
			if (!X509_CRL_set_version(crl, 1))
				goto err; /* version 2 CRL */
			}

		
		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;

		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;

		PEM_write_bio_X509_CRL(Sout,crl);

		if (crlnumberfile != NULL)	/* Rename the crlnumber file */
			if (!rotate_serial(crlnumberfile,"new","old")) goto err;

		}
	/*****************************************************************/
	if (dorevoke)
		{
		if (infile == NULL) 
			{
			BIO_printf(bio_err,"no input files\n");
			goto err;
			}
		else
			{
			X509 *revcert;
			revcert=load_cert(bio_err, infile, FORMAT_PEM,
				NULL, e, infile);
			if (revcert == NULL)
				goto err;
			j=do_revoke(revcert,db, rev_type, rev_arg);
			if (j <= 0) goto err;
			X509_free(revcert);

			if (!save_index(dbfile, "new", db)) goto err;

			if (!rotate_index(dbfile, "new", "old")) goto err;

			BIO_printf(bio_err,"Data Base Updated\n"); 
			}
		}
	/*****************************************************************/
	ret=0;
err:
	if(tofree)
		OPENSSL_free(tofree);
	BIO_free_all(Cout);
	BIO_free_all(Sout);
	BIO_free_all(out);
	BIO_free_all(in);

	if (cert_sk)
		sk_X509_pop_free(cert_sk,X509_free);

	if (ret) ERR_print_errors(bio_err);
	app_RAND_write_file(randfile, bio_err);
	if (free_key && key)
		OPENSSL_free(key);
	BN_free(serial);
	free_index(db);
	EVP_PKEY_free(pkey);
	if (x509) X509_free(x509);
	X509_CRL_free(crl);
	NCONF_free(conf);
	OBJ_cleanup();
	apps_shutdown();
	OPENSSL_EXIT(ret);
	}

static void lookup_fail(const char *name, const char *tag)
	{
	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
	}

static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,