当前位置:首页 -> 基础 -> c++编程基础

openssl主要流程程序代码(四)

2014-11-24 00:33:28 · 作者: · 浏览: 48
标签: openssl 主要 流程 程序 代码
fo->PW,sizeof(rootInfo->PW),out); Add_Name(name,NID_pkcs9_unstructuredAddress,(char *)rootInfo->ADD,sizeof(rootInfo->ADD),out); /* Its self signed so set the issuer name to be the same as the * subject. */ X509_set_issuer_name(x,name);//设置发行者名称等同于上面的 //加入扩展信息 /* Add various extensions: standard extensions */ Add_ExtCert(x,x,NID_basic_constraints, "critical,CA:TRUE"); //主题密钥标示符---当发行者有多个签名密钥时 Add_ExtCert(x,x,NID_subject_key_identifier, "hash"); //颁发机构密钥标示符 Add_ExtCert(x,x,NID_authority_key_identifier, "keyid:always"); //密钥用法 Add_ExtCert(x,x,NID_key_usage, "nonRepudiation,digitalSignature,keyEncipherment"); Add_ExtCert(x,x,NID_domainComponent, "no"); Add_ExtCert(x,x,NID_Domain, "no"); /* Some Netscape specific extensions */ // Add_ExtCert(x, NID_netscape_cert_type, "sslCA"); // Add_ExtCert(x, NID_netscape_comment, "example comment extension");//netscape_comment /* Maybe even add our own extension based on existing */ //加入自定义信息begin // int nid; // nid = OBJ_create("1.2.3.4.9", "Hpxs", "I love you!"); // X509V3_EXT_add_alias(nid, NID_netscape_comment); // Add_ExtCert(x, nid, "I love you"); //加入自定义信息end X509V3_EXT_cleanup();//cleanup the extension code if any custom extensions have been added if (!X509_sign(x,pk,EVP_sha1()))//签名算法EVP_sha1,EVP_md5,用私钥签名公钥 { strcpy(out,"证书签名失败"); goto err; } *x509p=x; *pkeyp=pk; return true; err: return false; } BOOL MakeRoot(stuSUBJECT * rootInfo,/*信息*/int bits/*位数*/, int serial/*序列号*/, int days/*有效期*/,char * certFile/*证书文件*/,char * priFile/*私钥文件*/, char * outMsg/*操作结果*/,int type/*类型pem-der*/) { X509 *x509=NULL; EVP_PKEY *pkey=NU
LL; BIO * bcert=NULL,* bkey=NULL; bool ret=true; int i=0,j=0; if(((bcert=BIO_new_file(certFile, "w"))== NULL)||((bkey=BIO_new_file(priFile, "w")) == NULL)) { strcpy(outMsg,"Create File Error"); return false; } if(mkRoot(rootInfo,&x509,&pkey,bits,serial,days,outMsg)) { if (type==DER) { i=i2d_X509_bio(bcert,x509);//returns 1 for success j=i2d_PrivateKey_bio(bkey,pkey); } else if(type==PEM) { i=PEM_write_bio_X509(bcert,x509); j=PEM_write_bio_PrivateKey(bkey,pkey,NULL,NULL,0,NULL, NULL); } if(!i||!j) { ret=false; strcpy(outMsg,"Save Cert or Key File Error"); } } else ret=false; BIO_free(bcert); BIO_free(bkey); X509_free(x509); EVP_PKEY_free(pkey); return ret; } ///////////////////////// end //////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ///////////////////////// begin ////////////////////////////////////// /* Add extension using V3 code: we can set the config file as NULL * because we wont reference any other sections. */ int Add_ExtReq(STACK_OF(X509_REQUEST) *sk, int nid, char *value) { X509_EXTENSION *ex; ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value); if (!ex) return 0; sk_X509_EXTENSION_push(sk, ex); return 1; } int mkReq(stuSUBJECT * reqInfo,X509_REQ **req, EVP_PKEY **pkeyp, int bits,char * out) { X509_REQ *x; EVP_PKEY *pk; RSA *rsa; X509_NAME *name=NULL; ASN1_STRING stmp, *str = &stmp; STACK_OF(X509_EXTENSION) *exts = NULL; if ((pk=EVP_PKEY_new()) == NULL) goto err; if ((x=X5