intToData(&p1, sLastCrl); // size of last CRL	if (sLastCrl) {		i2d_ASN1_TIME(lastCrl, &p1); // last CRL date	}	openssl_error();	return p;}string pki_x509::getDNs(int nid){	char buf[200] = "";	string s;	X509_NAME *subj = X509_get_subject_name(cert);	X509_NAME_get_text_by_NID(subj, nid, buf, 200);	openssl_error();	s = buf;	return s;}string pki_x509::getDNi(int nid){	char buf[200] = "";	string s;	X509_NAME *iss = X509_get_issuer_name(cert);	X509_NAME_get_text_by_NID(iss, nid, buf, 200);	openssl_error();	s = buf;	return s;}string pki_x509::notBefore(){	return asn1TimeToString(X509_get_notBefore(cert));}string pki_x509::notAfter(){	return asn1TimeToString(X509_get_notAfter(cert));}string pki_x509::revokedAt(){	return asn1TimeToString(revoked);}string pki_x509::asn1TimeToString(ASN1_TIME *a){	string time = "";	if (!a) return time;	BIO * bio = BIO_new(BIO_s_mem());	char buf[200];	ASN1_TIME_print(bio, a);	BIO_gets(bio, buf, 200);	time = buf;	BIO_free(bio);	openssl_error();	return time;}void pki_x509::writeCert(const string fname, bool PEM, bool append){	FILE *fp;	if (append)		fp = fopen(fname.c_str(),"a");	else		fp = fopen(fname.c_str(),"w");	if (fp != NULL) {	   if (cert){		if (PEM) 		   PEM_write_X509(fp, cert);		else		   i2d_X509_fp(fp, cert);	        openssl_error();	   }	}	else fopen_error(fname);	fclose(fp);}bool pki_x509::compare(pki_base *refreq){	bool ret = !X509_cmp(cert, ((pki_x509 *)refreq)->cert);	ign_openssl_error();	return ret;}bool pki_x509::cmpIssuerAndSerial(pki_x509 *refcert){	if (!refcert || !refcert->cert) return false;	if (getSerial() != refcert->getSerial()) return false;	X509_NAME *issuer = X509_get_issuer_name(cert);	X509_NAME *refissuer = X509_get_issuer_name(refcert->cert);	openssl_error();	return !X509_NAME_cmp(issuer, refissuer);}		bool pki_x509::verify(pki_x509 *signer){	if (psigner == signer) return true;	if ((psigner != NULL )||( signer == NULL)) return false;	X509_NAME *subject =  X509_get_subject_name(signer->cert);	X509_NAME *issuer = X509_get_issuer_name(cert);	openssl_error();	if (X509_NAME_cmp(subject, issuer)) {		return false;	}	pki_key *pkey = signer->getPubKey();	int i = X509_verify(cert,pkey->key);	ign_openssl_error();	if (pkey) delete(pkey);	if (i>0) {		CERR("psigner set for: " << getDescription().c_str() );		psigner = signer;		return true;	}	return false;}pki_key *pki_x509::getPubKey(){	EVP_PKEY *pkey = X509_get_pubkey(cert);	openssl_error();	pki_key *key = new pki_key(pkey);		return key;}string pki_x509::fingerprint(const EVP_MD *digest){	 int j;	 string fp="";	 char zs[4];         unsigned int n;         unsigned char md[EVP_MAX_MD_SIZE];         X509_digest(cert, digest, md, &n);	 openssl_error();         for (j=0; j<(int)n; j++)         {              sprintf(zs, "%02X%c",md[j], (j+1 == (int)n) ?'\0':':');	      fp += zs;         }	 return fp;}int pki_x509::checkDate(){	time_t tnow = time(NULL);	int ret=0;	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), tnow) == -1)		ret = -1;	if (!ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), tnow) == -1)	 	ret = 1;	openssl_error();	return ret;}int pki_x509::resetTimes(pki_x509 *signer){	int ret = 0;	if (!signer) return -1;	if (ASN1_STRING_cmp(X509_get_notAfter(cert), X509_get_notAfter(signer->cert)) == 1) {		// client cert is longer valid....		CERR("adjust notAfter");		if (X509_get_notAfter(cert)) ASN1_TIME_free(X509_get_notAfter(cert));		X509_get_notAfter(cert) = M_ASN1_TIME_dup(X509_get_notAfter(signer->cert));		ret=1;	}	if (ASN1_STRING_cmp(X509_get_notBefore(cert), X509_get_notBefore(signer->cert)) == -1) {		// client cert is longer valid....		CERR("adjust notBefore");		if (X509_get_notBefore(cert)) ASN1_TIME_free(X509_get_notBefore(cert));		X509_get_notBefore(cert) = M_ASN1_TIME_dup(X509_get_notBefore(signer->cert));		ret=2;	}	openssl_error();	return ret;}	pki_x509 *pki_x509::getSigner() { return (psigner); }pki_key *pki_x509::getKey() { return (pkey); }bool pki_x509::setKey(pki_key *key) {	bool ret=false;	if (!pkey && key) {		CERR( "KEY COUNT UP");		key->incUcount();		ret=true;	}	pkey = key;	return ret;}void pki_x509::delKey() { pkey = NULL; }void pki_x509::delSigner() { psigner=NULL; }string pki_x509::printV3ext(){#define V3_BUF 100	ASN1_OBJECT *obj;	BIO *bio = BIO_new(BIO_s_mem());	int i, len, n = X509_get_ext_count(cert);	char buffer[V3_BUF+1];	X509_EXTENSION *ex;	string text="";	for (i=0; i<n; i++) {		text += "<b><u>";		ex = X509_get_ext(cert,i);		obj = X509_EXTENSION_get_object(ex);		len = i2t_ASN1_OBJECT(buffer, V3_BUF, obj);		if (len <0 || len > V3_BUF) openssl_error("V3 buffer too small, this is a bug!");		buffer[len] = '\0';		CERR("extension: "<< buffer <<", length: " << len);		text += buffer;		text += ": ";		if (X509_EXTENSION_get_critical(ex)) {			text += " <font color=\"red\">critical</font>:";		}		if(!X509V3_EXT_print(bio, ex, 0, 0)) {			M_ASN1_OCTET_STRING_print(bio,ex->value);		}		text+="</u></b><br><tt>";        	do {			len = BIO_read(bio, buffer, V3_BUF);			buffer[len] = '\0';			text+=buffer;			CERR("extension-length: "<< len);		} while (len == V3_BUF);		text+="</tt><br>";	}	BIO_free(bio);	openssl_error();	return text;}string pki_x509::getSerial(){	char buf[100];	BIO *bio = BIO_new(BIO_s_mem());	i2a_ASN1_INTEGER(bio, cert->cert_info->serialNumber);	int len = BIO_read(bio, buf, 100);	buf[len]='\0';	string x = buf;	BIO_free(bio);	openssl_error();	return x;}int pki_x509::getTrust(){	return trust;}void pki_x509::setTrust(int t){	if (t>=0 && t<=2)		trust = t;}int pki_x509::getEffTrust(){	return efftrust;}void pki_x509::setEffTrust(int t){	if (t>= 0 && t<= 2)		efftrust = t;}bool pki_x509::isRevoked(){	return (revoked != NULL);}void pki_x509::setRevoked(bool rev){	if (rev) {		setEffTrust(0);		setTrust(0);		if (revoked) return;		revoked = ASN1_TIME_new();		openssl_error();		X509_gmtime_adj(revoked,0);	}	else {		if (!revoked) return;		ASN1_TIME_free(revoked);		revoked = NULL;	}	openssl_error();}int pki_x509::calcEffTrust(){	int mytrust = trust;	if (mytrust != 1) {		efftrust = mytrust;		return mytrust;	}	if (getSigner() == this && trust == 1) { // inherit trust, but self signed		trust=0;		efftrust=0;		return 0;	}	//we must look at the parent certs	pki_x509 *signer = getSigner();	pki_x509 *prevsigner = this;	while (mytrust==1 && signer != NULL && signer != prevsigner) {		mytrust = signer->getTrust();		prevsigner = signer;		signer = signer->getSigner();	}		if (mytrust == 1) mytrust = 0;	efftrust = mytrust;	return mytrust;}int pki_x509::getIncCaSerial() { return caSerial++; }int pki_x509::getCaSerial() { return caSerial; }void pki_x509::setCaSerial(int s) { if (s>0) caSerial = s; }int pki_x509::getCrlDays() {return crlDays;}void pki_x509::setCrlDays(int s){if (s>0) crlDays = s;}string pki_x509::getTemplate(){ return caTemplate; }void pki_x509::setTemplate(string s) {if (s.length()>0) caTemplate = s; }void pki_x509::setLastCrl(ASN1_TIME *time){	if (!time) return;	lastCrl=M_ASN1_TIME_dup(time);	openssl_error();}