当前位置:首页 -> 基础 -> c++编程基础

openssl主要流程程序代码(八)

2014-11-24 00:33:28 · 作者: · 浏览: 55
标签: openssl 主要 流程 程序 代码
r *certfile/*根证书公钥*/,int certlen,/*为0则certfile为磁盘文件,否则为内存区域*/ char *keyfile/*根证书私钥*/,int keylen, stuREVOKE * Head/*作废链表*/,PNewCrlMem NewCrlMem/*回调函数*/,char *& outCrl,int * crll,char * outfile/*crl文件*/, char * outMsg/*操作结果*/) { X509_CRL_INFO *ci = NULL; X509_CRL *crl = NULL; int ret=1,i=0; char *key=NULL; char *md=NULL; EVP_PKEY *pkey=NULL; X509 *x509=NULL; BIO *in=NULL,*out=NULL; const EVP_MD *dgst=NULL; X509_REVOKED *r=NULL; long crldays=30; long crlhours=0; stuREVOKE * temp =NULL; BIO * memcrl=NULL; BUF_MEM *bptrcrl=NULL; OpenSSL_add_all_algorithms(); pkey=LoadKey(keyfile,keylen,NULL,outMsg); if (pkey == NULL) { ret = 0; goto err; } x509=LoadCert(certfile,certlen,outMsg); if (x509 == NULL) { ret = 0; goto err; } if (!X509_check_private_key(x509,pkey)) { sprintf(outMsg,"CA certificate and CA private key do not match\n"); ret = 0; goto err; } md="md5";//////////!!!!!!!!!!!!!!!!!//////////////////////////// if ((dgst=EVP_get_digestbyname(md)) == NULL)//return an EVP_MD structure when passed a digest name { sprintf(outMsg,"%s is an unsupported message digest type\n",md); ret = 0; goto err; } if ((crl=X509_CRL_new()) == NULL) { ret = 0; goto err; } ci=crl->crl; X509_NAME_free(ci->issuer); ci->issuer=X509_NAME_dup(x509->cert_info->subject); if (ci->issuer == NULL) { ret = 0; goto err; } X509_gmtime_adj(ci->lastUpdate,0); if (ci->nextUpdate == NULL) ci->nextUpdate=ASN1_UTCTIME_new(); X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); if(!ci->revoked) ci->revoked = sk_X509_REVOKED_new_null(); while(Head!=NULL)//遍历链表 { temp=Head; X509_REVOKED *r = NULL; BIGNUM *serial_bn = NULL; r = X509_REVOKED_new(); ASN1_TIME_set(r->
revocationDate,Head->time);//时间 char index[100]; BN_hex2bn(&serial_bn,itoa(Head->Index,index,10));//序号 BN_to_ASN1_INTEGER(serial_bn,r->serialNumber); sk_X509_REVOKED_push(ci->revoked,r); Head=Head->Link; delete temp; } // sk_X509_REVOKED_sort(ci->revoked); for (i=0; irevoked); i++) { r=sk_X509_REVOKED_value(ci->revoked,i); r->sequence=i; } if (ci->version == NULL) if ((ci->version=ASN1_INTEGER_new()) == NULL) { ret = 0; goto err; } ASN1_INTEGER_set(ci->version,1); // issuerAltName authorityKeyIdentifier // Add_ExtCrl(crl,x509,NID_subject_alt_name,"DNS:hpxs,email:hpxs@hotmail.com,RID:1.2.3.4,URI:https://hpxs,IP:192.168.0.22"); Add_ExtCrl(crl,x509,NID_issuer_alt_name, "DNS:hpxs,email:hpxs@hotmail.com,RID:1.2.3.4,URI:https://hpxs,IP:192.168.0.22"); Add_ExtCrl(crl,x509,NID_authority_key_identifier, "keyid,issuer:always"); if (!X509_CRL_sign(crl,pkey,dgst)) { ret = 0; goto err; } if(NewCrlMem)//输出内存 { memcrl= BIO_new(BIO_s_mem()); BIO_set_close(memcrl, BIO_CLOSE); /* BIO_free() free BUF_MEM */ PEM_write_bio_X509_CRL(memcrl,crl); BIO_get_mem_ptr(memcrl, &bptrcrl); *crll=bptrcrl->length; outCrl=NewCrlMem(*crll); memcpy(outCrl,bptrcrl->data,*crll); } if(outfile)//输出文件 { out=BIO_new_file(outfile, "w"); if(out==NULL) { sprintf(outMsg,"%s is error",outfile); ret = 0; goto err; } PEM_write_bio_X509_CRL(out,crl); } X509V3_EXT_cleanup();//cleanup t