x509-create-sign.cpp@ 104574

最後變更在這個檔案從104574是 104574,由 vboxsync 提交於 11 月前
Added OS specific changes for making TLS default and auto-generating a certificate - bugref:10310
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 5.3 KB

行
1	/* $Id: x509-create-sign.cpp 104574 2024-05-10 07:25:42Z vboxsync $ */
2	/** @file
3	* IPRT - Crypto - X.509, Certificate Creation and Signing.
4	*/
5
6	/*
7	* Copyright (C) 2006-2023 Oracle and/or its affiliates.
8	*
9	* This file is part of VirtualBox base platform packages, as
10	* available from https://www.alldomusa.eu.org.
11	*
12	* This program is free software; you can redistribute it and/or
13	* modify it under the terms of the GNU General Public License
14	* as published by the Free Software Foundation, in version 3 of the
15	* License.
16	*
17	* This program is distributed in the hope that it will be useful, but
18	* WITHOUT ANY WARRANTY; without even the implied warranty of
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20	* General Public License for more details.
21	*
22	* You should have received a copy of the GNU General Public License
23	* along with this program; if not, see <https://www.gnu.org/licenses>.
24	*
25	* The contents of this file may alternatively be used under the terms
26	* of the Common Development and Distribution License Version 1.0
27	* (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28	* in the VirtualBox distribution, in which case the provisions of the
29	* CDDL are applicable instead of those of the GPL.
30	*
31	* You may elect to license modified versions of this file under the
32	* terms and conditions of either the GPL or the CDDL or both.
33	*
34	* SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35	*/
36
37
38	/*********************************************************************************************************************************
39	* Header Files *
40	*********************************************************************************************************************************/
41
42	# if defined(RT_OS_WINDOWS) \|\| defined(RT_OS_OS2)
43	# include <io.h>
44	# endif
45
46	#include <iprt/file.h>
47	#include "internal/iprt.h"
48	#include <iprt/crypto/x509.h>
49
50	# ifdef _MSC_VER
51	# define IPRT_COMPILER_VCC_WITH_C_INIT_TERM_SECTIONS
52	# include "internal/compiler-vcc.h"
53	# endif
54
55	# if defined(RT_OS_WINDOWS) \|\| defined(RT_OS_OS2)
56	# include <fcntl.h>
57	# endif
58	#include <iprt/err.h>
59	#include <iprt/string.h>
60
61	#ifdef IPRT_WITH_OPENSSL
62	# include <openssl/evp.h>
63	# include <openssl/pem.h>
64	# include <openssl/x509.h>
65	# include <openssl/bio.h>
66
67	#if defined(RT_OS_OS2)
68	# define _O_WRONLY O_WRONLY
69	#endif
70
71	RTDECL(int) RTCrX509Certificate_Generate(const char pszServerCertificate, const char pszServerPrivateKey)
72	{
73	int rc = VINF_SUCCESS;
74	/*
75	* Set up private key using rsa
76	*/
77	EVP_PKEY * pkey;
78	#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) /* OpenSSL 3 needed */
79	pkey = EVP_RSA_gen(2048);
80	#else
81	pkey = EVP_PKEY_new();
82	RSA * rsa;
83	rsa = RSA_generate_key(
84	2048, /* Number of bits for the key */
85	RSA_F4, /* Exponent - RSA_F4 is defined as 0x10001L */
86	NULL, /* Callback */
87	NULL /* Callback argument */
88	);
89	EVP_PKEY_assign_RSA(pkey, rsa);
90	#endif
91
92	if ( pkey == NULL )
93	return VERR_CR_KEY_GEN_FAILED_RSA;
94
95	/*
96	* Set up certificate
97	*/
98	X509* tempX509 = X509_new();
99	if ( tempX509 == NULL )
100	return VERR_CR_X509_GENERIC_ERROR;
101	X509_set_version(tempX509,0); /** Set to X509 version 1 */
102	ASN1_INTEGER_set(X509_get_serialNumber(tempX509), 1);
103	#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
104	X509_gmtime_adj(X509_getm_notBefore(tempX509), 0);
105	X509_gmtime_adj(X509_getm_notAfter(tempX509), 6060243650); /* 10 years time */
106	#else
107	X509_gmtime_adj(X509_get_notBefore(tempX509), 0);
108	X509_gmtime_adj(X509_get_notAfter(tempX509), 6060243650); /* 10 years time */
109	#endif
110	X509_set_pubkey(tempX509,pkey);
111
112	X509_NAME *x509_name = NULL;
113	x509_name = X509_get_subject_name(tempX509);
114
115	rc = X509_set_issuer_name(tempX509, x509_name);
116	if ( RT_FAILURE(rc) )
117	return rc;
118
119	rc = X509_sign( tempX509, pkey, EVP_sha1());
120	if ( RT_FAILURE(rc) )
121	return rc;
122
123	RTFILE hKeyFile;
124	rc = RTFileOpen(&hKeyFile, pszServerPrivateKey, RTFILE_O_WRITE \| RTFILE_O_DENY_ALL \| RTFILE_O_CREATE \| (0600 << RTFILE_O_CREATE_MODE_SHIFT) );
125	if ( RT_FAILURE(rc) )
126	return rc;
127	# ifndef _MSC_VER
128	int fd1 = (int)RTFileToNative(hKeyFile);
129	# else
130	int fd1 = _open_osfhandle(RTFileToNative(hKeyFile), _O_WRONLY);
131	# endif
132	if ( fd1 < 0 )
133	return VERR_FILE_IO_ERROR;
134
135	BIO *fp1 = BIO_new_fd(fd1, BIO_NOCLOSE);
136	rc = PEM_write_bio_PrivateKey( fp1, pkey, NULL, NULL, 0, NULL, NULL);
137	if ( RT_FAILURE(rc) )
138	return rc;
139	BIO_free(fp1);
140	# ifdef _MSC_VER
141	close(fd1);
142	#endif
143	RTFileClose(hKeyFile);
144
145	RTFILE hCertFile;
146	rc = RTFileOpen(&hCertFile, pszServerCertificate, RTFILE_O_WRITE \| RTFILE_O_DENY_ALL \| RTFILE_O_CREATE \| (0600 << RTFILE_O_CREATE_MODE_SHIFT) );
147	if ( RT_FAILURE(rc) )
148	return rc;
149	# ifndef _MSC_VER
150	int fd2 = (int)RTFileToNative(hCertFile);
151	# else
152	int fd2 = _open_osfhandle(RTFileToNative(hCertFile), _O_WRONLY);
153	# endif
154	if ( fd2 < 0 )
155	return VERR_FILE_IO_ERROR;
156
157	BIO *fp2 = BIO_new_fd(fd2, BIO_NOCLOSE);
158	rc = PEM_write_bio_X509( fp2, tempX509 );
159	if ( RT_FAILURE(rc) )
160	return rc;
161	BIO_free(fp2);
162	# ifdef _MSC_VER
163	close(fd2);
164	#endif
165	RTFileClose(hCertFile);
166
167	X509_free(tempX509);
168	EVP_PKEY_free(pkey);
169
170	return rc;
171	}
172
173	#endif /* IPRT_WITH_OPENSSL */

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/VBox/Runtime/common/crypto/x509-create-sign.cpp@ 104574

以其他格式下載: