?? certrevocatelist.cpp
字號:
#include "CertRevocateList.h"#include <sys/types.h>#include <sys/stat.h>#include <unistd.h>CRL::CRL(){ ca = NULL; ca = new CAService(); assert( ca!=NULL ); m_crlPath = (char*)calloc(1, 512); assert( m_crlPath!=NULL ); string tmp = getAttribute("Directory", "CA")+ "/"+ getAttribute("Directory", "crl")+ "/"+ getAttribute("System", "Issuer"); tmp.append(".pem"); strcpy(m_crlPath, tmp.c_str()); assert( m_crlPath!=""); m_thirdPath = ""; m_thirdPath = getAttribute("Directory", "CA") + "/"+getAttribute("Directory", "crl")+"/";}CRL::~CRL(){ if (ca) delete ca, ca=NULL; if (m_crlPath) free(m_crlPath), m_crlPath=NULL;}void CRL::setObject(CAService* caservice){/* assert(caservice != NULL); ca = caservice;*/}bool CRL::checkCRL(){ char path[512]; memset(path, 0, 512); strcpy(path, m_crlPath); return ca->locateFile(path);}void CRL::addNewRevocateList(string serialNumber){ X509* x509 = ca->LoadCert(ca->m_rootCertPath); EVP_PKEY* pkey = ca->loadRootPriv(ca->m_rootPrivKeyPath); X509_CRL* crl= X509_CRL_new(); assert(crl != NULL); assert(x509 != NULL); assert(pkey != NULL); if (!X509_check_private_key(x509, pkey)) { writelog("cert don't match with key ."); return ; } X509_CRL_INFO *ci=NULL; ci = crl->crl; assert(ci != NULL); ci->issuer=X509_NAME_dup(x509->cert_info->subject); assert(ci->issuer != NULL); X509_gmtime_adj(ci->lastUpdate, 0); if (ci->nextUpdate == NULL) { ci->nextUpdate=ASN1_UTCTIME_new(); } X509_gmtime_adj(ci->nextUpdate, CRL_ISSUE_SCHEDULE); ci->issuer = X509_NAME_dup(x509->cert_info->subject); if (!ci->revoked) { ci->revoked = sk_X509_REVOKED_new_null(); } if (ci->version == NULL) { ci->version = ASN1_INTEGER_new(); } long version = atol(getAttribute("CRL", "version").c_str()); ASN1_INTEGER_set(ci->version, version); setAttribute("CRL", "version", ca->toString(++version)); int year=0, month=0, day=0; ca->getCurrentTime(year, month, day); setAttribute("CRL", "time", toString(year)+"-"+toString(month)+"-"+toString(day)); STACK_OF(X509_REVOKED)* revoked_crl = ci->revoked; X509_REVOKED *revoked=X509_REVOKED_new(); ASN1_INTEGER_set(revoked->serialNumber, atol(serialNumber.c_str())); assert( revoked!=NULL ); time_t tm; time(&tm); ASN1_TIME_set(revoked->revocationDate, tm); // X509_REVOKED_set_serialNumber(revoked, );// X509_REVOKED_set_revocationDate(revoked, ); sk_X509_REVOKED_push(revoked_crl, revoked); const EVP_MD* dgst = EVP_get_digestbyname("md5"); if (!X509_CRL_sign(crl,pkey,dgst)) { return ; } BIO* io = BIO_new_file(m_crlPath, "w"); assert(io != NULL); PEM_write_bio_X509_CRL(io, crl); BIO_free(io); X509_CRL_free(crl); sk_X509_REVOKED_free(revoked_crl); X509_free(x509); EVP_PKEY_free(pkey);}string CRL::getCRL(string serialNumber, string issuer){ BIO* bi = NULL; if (issuer=="") { bi=BIO_new_file(m_crlPath, "r"); } else { bi=BIO_new_file(issuer.c_str(), "r"); } assert(bi != NULL); X509_CRL* crl = PEM_read_bio_X509_CRL(bi, NULL, NULL, NULL); assert(crl != NULL); STACK_OF(X509_REVOKEED)* revoked = crl->crl->revoked; string result = ""; if (revoked!=NULL) { for(int i=0; i<sk_X509_CRL_num(revoked); i++) { X509_REVOKED* xr=NULL; xr = sk_X509_REVOKED_value(revoked, i); long number = ASN1_INTEGER_get(xr->serialNumber); if (serialNumber!="") { if (number == atol(serialNumber.c_str())) { result = "find"; break; } } else { if (!i) { result = ""; } result.append(toString(number)).append(";"); } } } BIO_free(bi); X509_CRL_free(crl); bi = NULL; crl=NULL; revoked=NULL; return result;}void CRL::insertNewRevocationList(string serialNumber){ if (getCRL(serialNumber, m_crlPath)=="find") { deleteFromCRL(serialNumber); } BIO* bi = BIO_new_file(m_crlPath, "r"); assert(bi != NULL); X509_CRL* crl = PEM_read_bio_X509_CRL(bi, NULL, NULL, NULL); assert(crl != NULL); X509_CRL_INFO *ci = crl->crl; assert( ci!=NULL ); STACK_OF(X509_REVOKED)* revoked=ci->revoked; X509_REVOKED* xr=NULL; time_t tm; time(&tm); xr = X509_REVOKED_new(); ASN1_TIME_set(xr->revocationDate, tm); ASN1_INTEGER_set(xr->serialNumber, atol(serialNumber.c_str())); sk_X509_REVOKED_push(revoked, xr); BIO_free(bi); bi=NULL; BIO* bo = BIO_new_file(m_crlPath, "w"); assert( bo!=NULL ); PEM_write_bio_X509_CRL(bo, crl); BIO_free(bo); bo=NULL; X509_CRL_free(crl); crl=NULL;}void CRL::createCertificateRevocateList(string serialNumber) { if (checkCRL()) { insertNewRevocationList(serialNumber); } else { addNewRevocateList(serialNumber); } importCRL(m_crlPath, getAttribute("System", "Issuer"));}void CRL::setAttribute(string keyword, string objectName, string value){ ca->setCAConfigItem(keyword, objectName, value);}string CRL::getAttribute(string keyword, string objectName){ return ca->readCAconfig(keyword, objectName);}bool CRL::certInCRL(X509* x509){ return false;}string CRL::toString(long num){ return ca->toString(num);}bool CRL::deleteFromCRL(string serialNumber, char* result){ BIO* bi = BIO_new_file(m_crlPath, "r"); assert(bi != NULL); X509_CRL* crl = PEM_read_bio_X509_CRL(bi, NULL, NULL, NULL); assert(crl != NULL); STACK_OF(X509_REVOKED)* revoked=crl->crl->revoked; X509_REVOKED* xr=NULL; bool flag = false; for(int i=0; i<sk_X509_CRL_num(revoked); i++) { xr = sk_X509_REVOKED_value(revoked, i); if (atol(serialNumber.c_str())==ASN1_INTEGER_get(xr->serialNumber)) { sk_X509_REVOKED_delete(revoked, i); flag = true; break; } } BIO_free(bi); bi = NULL; xr = NULL; if (flag) { BIO* bo = BIO_new_file(m_crlPath, "w"); assert( bo!=NULL ); PEM_write_bio_X509_CRL(bo, crl); BIO_free(bo); bo = NULL; } else { writelog("There is not specific cert in CRL."); if (result != NULL) { strcpy(result, "There is not specific cert in CRL."); } } X509_CRL_free(crl); crl=NULL; if (flag) { importCRL(m_crlPath, getAttribute("System", "Issuer")); } return true;}void CRL::importCRL(const char* crl, string issuer){ assert(crl!=NULL); CertDB db; db.initializeConnect(); db.importCRLToDB(convertPEMtoChar(crl),"insert", issuer); db.closeConnection();}string CRL::exportCRL(string issuer){ string filepath=""; filepath.append(m_thirdPath).append(issuer).append(".pem"); char path[512]; memset(path, 0, 512); strcpy(path, filepath.c_str()); if (!ca->locateFile(path)) { CertDB db; char* tmp = db.exportCRLFromDB(issuer); FILE* fp = fopen(filepath.c_str(), "w"); assert(fp!=NULL); fwrite(tmp, strlen(tmp), 1, fp); fclose(fp); } string result = ""; struct stat buf; stat(filepath.c_str(), &buf); if (buf.st_size>0) { result.append(getCRL("", filepath)); } return result;}char* CRL::convertPEMtoChar(const char* filepath){ char result[10*K]; char* tmp =(char*)calloc(1, 1*K); assert(tmp!=NULL); memset(result, 0, 10*K); FILE* fd=fopen(filepath, "rb"); assert(fd!=NULL); while (!feof(fd)) { memset(tmp, 0, 1*K); fgets(tmp, 1*K, fd); strcat(result, tmp); } if (tmp) free(tmp), tmp=NULL; fclose(fd); return result;}void CRL::parseCRL(string data, string& issuer){ char buf[2*K]; memset(buf, 0, 2*K); strcpy(buf, data.c_str()); BIO *io = BIO_new_mem_buf(buf, strlen(buf)); assert(io!=NULL); X509_CRL* crlImported = PEM_read_bio_X509_CRL(io, NULL, NULL, NULL); assert(crlImported != NULL); X509_NAME* issuerName = crlImported->crl->issuer; BIO *out = BIO_new(BIO_s_mem()); assert(out!=NULL); X509_NAME_print(out, issuerName, 80); char swap[80]; memset(swap, 0, 80); BIO_read(out, swap, 80); BIO_free(out); if ((!strcmp(swap, ""))) { issuer="", issuer.append(swap); } X509_CRL_free(crlImported); BIO_free(io); io=NULL; crlImported = NULL; issuerName=NULL;}string CRL::importThirdCRL(char* data, string crlIssuer){ string result = ""; char swap[4*K]; memset(swap, 0, 4*K); if (data!=NULL) { BIO *bio = BIO_new(BIO_s_mem()); BIO_write(bio, data, strlen(data)); X509_CRL *crl = NULL; if ((crl=d2i_X509_CRL_bio(bio, NULL))!=NULL){ BIO *bp = BIO_new(BIO_s_mem()); PEM_write_bio_X509_CRL(bp, crl); BIO_read(bp, swap, 4*K); BIO_free(bp); bp = NULL; X509_CRL_free(crl); data = NULL; data = swap; } BIO_free(bio); bio=NULL; } string issuer=""; parseCRL(data, issuer); if (issuer=="") { return result; } string object=issuer; issuer.append(".pem"); issuer=m_thirdPath; issuer.append(object); FILE* fd = fopen(issuer.c_str(), "w"); if (fd==NULL) { result.append("error : open file to fail, or "). append(issuer). append(" is not exist."); return result; } int len = fwrite(data, strlen(data), 1, fd); if (len ==0 || len < strlen(data)) { result = "import third crl to fail."; } else { result = "succeed to import third crl."; } fclose(fd); importCRL(issuer.c_str(), object); issuer = getAttribute("CRL", "third"); issuer.append(object).append(";"); setAttribute("CRL", "third", issuer); return result;}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -