summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorge Kiagiadakis <kiagiadakis.george@gmail.com>2012-05-06 10:25:13 (GMT)
committerGeorge Kiagiadakis <kiagiadakis.george@gmail.com>2012-05-06 10:25:13 (GMT)
commit34526a2677c4f4f4c9672bc05d42c8f9e9534e83 (patch)
treeff36af220a0aa5d731d311404310d956db4bb521
parent715508857d443b81568e6d905ea75de073f2061d (diff)
downloadqca-34526a2677c4f4f4c9672bc05d42c8f9e9534e83.tar.gz
qca-34526a2677c4f4f4c9672bc05d42c8f9e9534e83.tar.xz
Implement certificate creation in the openssl backend.
-rw-r--r--plugins/qca-ossl/qca-ossl.cpp97
1 files changed, 93 insertions, 4 deletions
diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
index e41e214..875ac65 100644
--- a/plugins/qca-ossl/qca-ossl.cpp
+++ b/plugins/qca-ossl/qca-ossl.cpp
@@ -3566,10 +3566,99 @@ public:
virtual CertContext *createCertificate(const PKeyContext &pub, const CertificateOptions &opts) const
{
- // TODO: implement
- Q_UNUSED(pub)
- Q_UNUSED(opts)
- return 0;
+ CertificateInfo info = opts.info();
+ Constraints constraints = opts.constraints();
+
+ EVP_PKEY *pubk = static_cast<const MyPKeyContext *>(&pub)->get_pkey();
+ EVP_PKEY *pk = privateKey->get_pkey();
+ X509_EXTENSION *ex;
+
+ const EVP_MD *md;
+ if(privateKey->key()->type() == PKey::RSA)
+ md = EVP_sha1();
+ else if(privateKey->key()->type() == PKey::DSA)
+ md = EVP_dss1();
+ else
+ return 0;
+
+ // create
+ X509 *x = X509_new();
+ X509_set_version(x, 2);
+
+ // serial
+ BIGNUM *bn = bi2bn(opts.serialNumber());
+ BN_to_ASN1_INTEGER(bn, X509_get_serialNumber(x));
+ BN_free(bn);
+
+ // validity period
+ ASN1_TIME_set(X509_get_notBefore(x), opts.notValidBefore().toTime_t());
+ ASN1_TIME_set(X509_get_notAfter(x), opts.notValidAfter().toTime_t());
+
+ // public key
+ X509_set_pubkey(x, pubk);
+
+ // subject
+ X509_NAME *name = new_cert_name(info);
+ X509_set_subject_name(x, name);
+ X509_set_issuer_name(x, X509_get_subject_name(caCert.cert));
+
+ // subject key id
+ ex = new_subject_key_id(x);
+ {
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+
+ // CA mode
+ ex = new_basic_constraints(opts.isCA(), opts.pathLimit());
+ if(ex)
+ {
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+
+ // subject alt name
+ ex = new_cert_subject_alt_name(info);
+ if(ex)
+ {
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+
+ // key usage
+ ex = new_cert_key_usage(constraints);
+ if(ex)
+ {
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+
+ // extended key usage
+ ex = new_cert_ext_key_usage(constraints);
+ if(ex)
+ {
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+
+ // policies
+ ex = new_cert_policies(opts.policies());
+ if(ex)
+ {
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+
+ // finished
+ if (!X509_sign(x, pk, md)) {
+ X509_free(x);
+ return 0;
+ }
+
+ MyCertContext *cert = new MyCertContext(provider());
+ cert->fromX509(x);
+ X509_free(x);
+ return cert;
}
virtual CRLContext *createCRL(const QDateTime &nextUpdate) const