/[resiprocate]/main/resip/stack/test/makeSelfCert.cxx
ViewVC logotype

Contents of /main/resip/stack/test/makeSelfCert.cxx

Parent Directory Parent Directory | Revision Log Revision Log


Revision 6069 - (show annotations) (download)
Thu Mar 9 23:06:59 2006 UTC (13 years, 9 months ago) by jason
File MIME type: text/plain
File size: 7381 byte(s)
mods for Solaris - tested for Solaris 10 on x86
fixed numerous compiler errors/warnings


1 #include <openssl/ssl.h>
2 #include <openssl/pem.h>
3 #include <openssl/ossl_typ.h>
4 #include <openssl/x509.h>
5 #include <openssl/x509v3.h>
6 #include <openssl/err.h>
7 #include "resip/stack/X509Contents.hxx"
8 #include "resip/stack/Pkcs8Contents.hxx"
9 #include "resip/stack/MultipartMixedContents.hxx"
10 #include "resip/stack/Uri.hxx"
11 #include "rutil/Random.hxx"
12 #include "rutil/Logger.hxx"
13
14 using namespace resip;
15
16 #define RESIPROCATE_SUBSYSTEM Subsystem::SIP
17
18 int makeSelfCert(X509** selfcert, EVP_PKEY* privkey);
19
20 int main(int argc, char* argv[])
21 {
22 int stat;
23 Uri aor;
24 Data passphrase("password");
25 RSA *rsa = NULL;
26 EVP_PKEY *privkey = NULL;
27 X509 *selfcert = NULL;
28 BUF_MEM *bptr = NULL;
29
30 Log::initialize(Log::Cerr, Log::Err, argv[0]);
31 Log::setLevel(Log::Debug);
32 SSL_library_init();
33 SSL_load_error_strings();
34 OpenSSL_add_all_algorithms();
35 //OpenSSL_add_ssl_algorithms() is insufficient here...
36
37 // make sure that necessary algorithms exist:
38 assert(EVP_des_ede3_cbc());
39
40 Random::initialize();
41
42 rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
43 assert(rsa); // couldn't make key pair
44
45 // TODO: remove this once we've tested this
46 stat = PEM_write_RSAPrivateKey( stdout, rsa, NULL, NULL, 0, NULL, NULL); // Write this out for debugging
47
48 privkey = EVP_PKEY_new();
49 assert(privkey);
50 stat = EVP_PKEY_set1_RSA(privkey, rsa);
51 assert(stat);
52
53 selfcert = X509_new();
54 assert(selfcert);
55 stat = makeSelfCert(&selfcert, privkey);
56 assert(stat); // couldn't make cert
57
58 unsigned char* buffer = NULL;
59 int len = i2d_X509(selfcert, &buffer); // if buffer is NULL, openssl
60 // assigns memory for buffer
61 assert(buffer);
62 Data derData((char *) buffer, len);
63 X509Contents *certpart = new X509Contents( derData );
64 assert(certpart);
65
66 // TDOD: remove later, just useful for debugging
67 // stat = PEM_write_PKCS8PrivateKey( stdout, privkey, NULL, NULL, 0, NULL, NULL);
68
69 // make an in-memory BIO [ see BIO_s_mem(3) ]
70 BIO *mbio = BIO_new(BIO_s_mem());
71 assert(mbio);
72
73 // encrypt the the private key with the passphrase and put it in the BIO in DER format
74 stat = i2d_PKCS8PrivateKey_bio( mbio, privkey, EVP_des_ede3_cbc(),
75 (char *) passphrase.data(), passphrase.size(), NULL, NULL);
76 assert(stat);
77
78 // dump the BIO into a Contents and free the BIO
79 BIO_get_mem_ptr(mbio, &bptr);
80 Pkcs8Contents *keypart = new Pkcs8Contents(Data(bptr->data, bptr->length));
81 assert(keypart);
82 BIO_free(mbio);
83
84 // make the multipart body
85 MultipartMixedContents *certsbody = new MultipartMixedContents;
86 certsbody->parts().push_back(certpart);
87 certsbody->parts().push_back(keypart);
88 assert(certsbody);
89
90 Data foo;
91 DataStream foostr(foo);
92 certsbody->encode(foostr);
93 foostr.flush();
94
95 DebugLog ( << foo );
96 }
97
98
99 int makeSelfCert(X509 **cert, EVP_PKEY *privkey) // should include a Uri type at the end of the function call
100 {
101 int stat;
102 int serial;
103 assert(sizeof(int)==4);
104 const long duration = 60*60*24*30; // make cert valid for 30 days
105 X509* selfcert = NULL;
106 X509_NAME *subject = NULL;
107 X509_EXTENSION *ext = NULL;
108
109 Data domain("example.org");
110 Data userAtDomain("user@example.org");
111
112 // Setup the subjectAltName structure here with sip:, im:, and pres: URIs
113 // TODO:
114
115 selfcert = *cert;
116 subject = X509_NAME_new();
117 ext = X509_EXTENSION_new();
118
119 X509_set_version(selfcert, 2L); // set version to X509v3 (starts from 0)
120
121 // RAND_bytes((char *) serial , 4);
122 //serial = 1;
123 serial = Random::getRandom(); // get an int worth of randomness
124 ASN1_INTEGER_set(X509_get_serialNumber(selfcert),serial);
125
126 stat = X509_NAME_add_entry_by_txt( subject, "O", MBSTRING_UTF8, (unsigned char *) domain.data(), domain.size(), -1, 0);
127 assert(stat);
128 stat = X509_NAME_add_entry_by_txt( subject, "CN", MBSTRING_UTF8, (unsigned char *) userAtDomain.data(), userAtDomain.size(), -1, 0);
129 assert(stat);
130
131 stat = X509_set_issuer_name(selfcert, subject);
132 assert(stat);
133 stat = X509_set_subject_name(selfcert, subject);
134 assert(stat);
135
136 X509_gmtime_adj(X509_get_notBefore(selfcert),0);
137 X509_gmtime_adj(X509_get_notAfter(selfcert), duration);
138
139 stat = X509_set_pubkey(selfcert, privkey);
140 assert(stat);
141
142 // need to fiddle with this to make this work with lists of IA5 URIs and UTF8
143 // using GENERAL_NAMES seems like a promissing approach
144 // (search for GENERAL_NAMES in Security.cxx)
145 //
146 //ext = X509V3_EXT_conf_nid( NULL , NULL , NID_subject_alt_name, subjectAltNameStr.cstr() );
147 //X509_add_ext( selfcert, ext, -1);
148 //X509_EXTENSION_free(ext);
149
150 static char CA_FALSE[] = "CA:FALSE";
151 ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, CA_FALSE);
152 stat = X509_add_ext( selfcert, ext, -1);
153 assert(stat);
154 X509_EXTENSION_free(ext);
155
156 // add extensions NID_subject_key_identifier and NID_authority_key_identifier
157
158 stat = X509_sign(selfcert, privkey, EVP_sha1());
159 assert(stat);
160
161 return true;
162 }
163
164 /* ====================================================================
165 * The Vovida Software License, Version 1.0
166 *
167 * Copyright (c) 2000 Vovida Networks, Inc. All rights reserved.
168 *
169 * Redistribution and use in source and binary forms, with or without
170 * modification, are permitted provided that the following conditions
171 * are met:
172 *
173 * 1. Redistributions of source code must retain the above copyright
174 * notice, this list of conditions and the following disclaimer.
175 *
176 * 2. Redistributions in binary form must reproduce the above copyright
177 * notice, this list of conditions and the following disclaimer in
178 * the documentation and/or other materials provided with the
179 * distribution.
180 *
181 * 3. The names "VOCAL", "Vovida Open Communication Application Library",
182 * and "Vovida Open Communication Application Library (VOCAL)" must
183 * not be used to endorse or promote products derived from this
184 * software without prior written permission. For written
185 * permission, please contact vocal@vovida.org.
186 *
187 * 4. Products derived from this software may not be called "VOCAL", nor
188 * may "VOCAL" appear in their name, without prior written
189 * permission of Vovida Networks, Inc.
190 *
191 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
192 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
193 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
194 * NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL VOVIDA
195 * NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
196 * IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
197 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
198 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
199 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
200 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
201 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
202 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
203 * DAMAGE.
204 *
205 * ====================================================================
206 *
207 * This software consists of voluntary contributions made by Vovida
208 * Networks, Inc. and many individuals on behalf of Vovida Networks,
209 * Inc. For more information on Vovida Networks, Inc., please see
210 * <http://www.vovida.org/>.
211 *
212 */

Properties

Name Value
svn:eol-style native
svn:mime-type text/plain

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27