diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2019-09-01 21:37:51 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2019-09-01 21:37:51 (GMT) |
| commit | a820f204162f61e3e7a91e66c1aabea22f23d0cb (patch) | |
| tree | d8cd00ab7dbef97272858c5217ce3ef4b6981996 /src/analysis/db/certs.c | |
| parent | 14f1b8ff552dfb8aef6c66b3c65e816aa7820bb0 (diff) | |
Prepared the update of the user identity from the GUI.
Diffstat (limited to 'src/analysis/db/certs.c')
| -rw-r--r-- | src/analysis/db/certs.c | 109 |
1 files changed, 96 insertions, 13 deletions
diff --git a/src/analysis/db/certs.c b/src/analysis/db/certs.c index a333d9a..107b7b9 100644 --- a/src/analysis/db/certs.c +++ b/src/analysis/db/certs.c @@ -24,6 +24,7 @@ #include "certs.h" +#include <assert.h> #include <glib.h> #include <malloc.h> #include <stdio.h> @@ -258,7 +259,7 @@ bool build_keys_and_ca(const char *dir, const char *label, unsigned long valid, EVP_PKEY *pk; /* Enveloppe pour clef publique*/ int ret; /* Bilan d'un appel */ X509 *x509; /* Certificat X509 à définir */ - X509_NAME *name; /* Désignation du certificat */ + X509_NAME *subject; /* SUjet du certificat */ char *filename; /* Chemin d'accès à un fichier */ FILE *stream; /* Flux ouvert en écriture */ @@ -288,14 +289,14 @@ bool build_keys_and_ca(const char *dir, const char *label, unsigned long valid, /* Etablissement d'une identité */ - name = X509_get_subject_name(x509); + subject = X509_get_subject_name(x509); #define SET_NAME_ENTRY(key, value) \ do \ { \ if (entries->value != NULL) \ { \ - ret = X509_NAME_add_entry_by_txt(name, key, MBSTRING_UTF8, \ + ret = X509_NAME_add_entry_by_txt(subject, key, MBSTRING_UTF8, \ (unsigned char *)entries->value, -1, -1, 0); \ if (ret != 1) goto ca_failed; \ } \ @@ -316,7 +317,7 @@ bool build_keys_and_ca(const char *dir, const char *label, unsigned long valid, #undef SET_NAME_ENTRY - ret = X509_set_issuer_name(x509, name); + ret = X509_set_issuer_name(x509, subject); if (ret != 1) goto ca_failed; /* Extensions */ @@ -461,7 +462,7 @@ bool build_keys_and_request(const char *dir, const char *label, const x509_entri EVP_PKEY *pk; /* Enveloppe pour clef publique*/ int ret; /* Bilan d'un appel */ X509_REQ *x509; /* Certificat X509 à définir */ - X509_NAME *name; /* Désignation du certificat */ + X509_NAME *subject; /* Sujet du certificat */ STACK_OF(X509_EXTENSION) *exts; /* Extensions du certificat */ char *filename; /* Chemin d'accès à un fichier */ FILE *stream; /* Flux ouvert en écriture */ @@ -483,14 +484,14 @@ bool build_keys_and_request(const char *dir, const char *label, const x509_entri /* Etablissement d'une identité */ - name = X509_REQ_get_subject_name(x509); + subject = X509_REQ_get_subject_name(x509); #define SET_NAME_ENTRY(key, value) \ do \ { \ if (entries->value != NULL) \ { \ - ret = X509_NAME_add_entry_by_txt(name, key, MBSTRING_UTF8, \ + ret = X509_NAME_add_entry_by_txt(subject, key, MBSTRING_UTF8, \ (unsigned char *)entries->value, -1, -1, 0); \ if (ret != 1) goto req_failed; \ } \ @@ -603,6 +604,88 @@ bool build_keys_and_request(const char *dir, const char *label, const x509_entri /****************************************************************************** * * +* Paramètres : csr = fichier contenant le certificat à signer. * +* entries = éléments de l'identité constituée. [OUT] * +* * +* Description : Recharge l'identité inscrite dans une requête de signature. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_identity_from_request(const char *csr, x509_entries *entries) +{ + bool result; /* Bilan à retourner */ + FILE *stream; /* Flux ouvert en lecture */ + X509_REQ *req; /* Certificat X509 à signer */ + X509_NAME *subject; /* Sujet du certificat */ + int length; /* Taille du champ visé */ + + result = false; + + memset(entries, 0, sizeof(*entries)); + + /* Chargement de la requête */ + + stream = fopen(csr, "rb"); + if (stream == NULL) goto csr_read_failed; + + req = PEM_read_X509_REQ(stream, NULL, NULL, NULL); + + fclose(stream); + + if (req == NULL) + { + log_variadic_message(LMT_ERROR, _("Unable to read the certificate signing request from '%s'"), csr); + goto csr_read_failed; + } + + /* Recherche des éléments */ + + subject = X509_REQ_get_subject_name(req); + +#define GET_NAME_ENTRY(key, value) \ + do \ + { \ + length = X509_NAME_get_text_by_NID(subject, key, NULL, -1); \ + if (length != -1) \ + { \ + entries->value = malloc((length + 1) * sizeof(char)); \ + length = X509_NAME_get_text_by_NID(subject, key, entries->value, length + 1); \ + assert(length != -1); \ + } \ + } \ + while (0) + + GET_NAME_ENTRY(NID_countryName, country); + + GET_NAME_ENTRY(NID_stateOrProvinceName, state); + + GET_NAME_ENTRY(NID_localityName, locality); + + GET_NAME_ENTRY(NID_organizationName, organisation); + + GET_NAME_ENTRY(NID_organizationalUnitName, organisational_unit); + + GET_NAME_ENTRY(NID_commonName, common_name); + +#undef GET_NAME_ENTRY + + X509_REQ_free(req); + + result = true; + + csr_read_failed: + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : csr = fichier contenant le certificat à signer. * * cacert = fichier contenant le certificat de l'autorité. * * cakey = fichier contenant la clef privée du CA. * @@ -619,14 +702,14 @@ bool build_keys_and_request(const char *dir, const char *label, const x509_entri bool sign_cert(const char *csr, const char *cacert, const char *cakey, const char *cert, unsigned long valid) { - FILE *stream; /* Flux ouvert en écriture */ + FILE *stream; /* Flux ouvert en lecture */ X509_REQ *req; /* Certificat X509 à signer */ EVP_PKEY *pk; /* Enveloppe pour clef publique*/ X509 *ca_cert; /* Certificat de l'autorité */ EVP_PKEY *ca_pk; /* Enveloppe pour clef privée */ X509 *x509; /* Certificat X509 à définir */ int ret; /* Bilan d'un appel */ - X509_NAME *name; /* Désignation du certificat */ + X509_NAME *subject; /* Sujet de certificat */ /* Chargement de la requête */ @@ -696,14 +779,14 @@ bool sign_cert(const char *csr, const char *cacert, const char *cakey, const cha ret = X509_set_pubkey(x509, pk); if (ret != 1) goto signing_failed; - name = X509_REQ_get_subject_name(req); + subject = X509_REQ_get_subject_name(req); - ret = X509_set_subject_name(x509, name); + ret = X509_set_subject_name(x509, subject); if (ret != 1) goto signing_failed; - name = X509_get_subject_name(ca_cert); + subject = X509_get_subject_name(ca_cert); - ret = X509_set_issuer_name(x509, name); + ret = X509_set_issuer_name(x509, subject); if (ret != 1) goto signing_failed; /* Extensions */ |