diff options
| author | Felix (xq) Queißner <git@mq32.de> | 2020-06-10 21:38:05 +0200 |
|---|---|---|
| committer | Felix (xq) Queißner <git@mq32.de> | 2020-06-10 21:38:05 +0200 |
| commit | ab3e5ad5f25862985c17ba557163a1902b54747f (patch) | |
| tree | ab91f5b8a245a6b506a00e9b0533b096d0753ea4 /src/certificatehelper.cpp | |
| parent | feb37f7d6b8730e94821fc6d70fb742ff393517d (diff) | |
| download | kristall-ab3e5ad5f25862985c17ba557163a1902b54747f.tar.gz | |
Adds install target to makefile, adds support for transient client certificates.
Diffstat (limited to 'src/certificatehelper.cpp')
| -rw-r--r-- | src/certificatehelper.cpp | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/src/certificatehelper.cpp b/src/certificatehelper.cpp new file mode 100644 index 0000000..2b6acb8 --- /dev/null +++ b/src/certificatehelper.cpp @@ -0,0 +1,79 @@ +#include "certificatehelper.hpp" + +#include <openssl/rsa.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +CryptoIdentity CertificateHelper::createNewIdentity(const QString &common_name, QDateTime expiry_date) +{ + CryptoIdentity identity; + + auto const now = QDateTime::currentDateTime(); + if(expiry_date < now) + return identity; + + identity.display_name = common_name; + + QByteArray common_name_utf8 = common_name.toUtf8(); + + EVP_PKEY * pkey = EVP_PKEY_new(); + q_check_ptr(pkey); + RSA * rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr); + q_check_ptr(rsa); + EVP_PKEY_assign_RSA(pkey, rsa); + X509 * x509 = X509_new(); + q_check_ptr(x509); + ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); + X509_gmtime_adj(X509_get_notBefore(x509), 0); // not before current time + X509_gmtime_adj(X509_get_notAfter(x509), now.secsTo(expiry_date)); // not after a year from this point + X509_set_pubkey(x509, pkey); + X509_NAME * name = X509_get_subject_name(x509); + q_check_ptr(name); + // X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"US", -1, -1, 0); + // X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char *)"My Organization", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, reinterpret_cast<unsigned char const *>(common_name_utf8.data()), common_name_utf8.size(), -1, 0); + X509_set_issuer_name(x509, name); + X509_sign(x509, pkey, EVP_sha1()); + BIO * bp_private = BIO_new(BIO_s_mem()); + q_check_ptr(bp_private); + if(PEM_write_bio_PrivateKey(bp_private, pkey, nullptr, nullptr, 0, nullptr, nullptr) != 1) + { + EVP_PKEY_free(pkey); + X509_free(x509); + BIO_free_all(bp_private); + qFatal("PEM_write_bio_PrivateKey"); + } + BIO * bp_public = BIO_new(BIO_s_mem()); + q_check_ptr(bp_public); + if(PEM_write_bio_X509(bp_public, x509) != 1) + { + EVP_PKEY_free(pkey); + X509_free(x509); + BIO_free_all(bp_public); + BIO_free_all(bp_private); + qFatal("PEM_write_bio_PrivateKey"); + } + + const char * buffer = nullptr; + size_t size = BIO_get_mem_data(bp_public, &buffer); + q_check_ptr(buffer); + identity.certificate = QSslCertificate(QByteArray(buffer, size)); + if(identity.certificate.isNull()) + { + qFatal("Failed to generate a random client certificate"); + } + size = BIO_get_mem_data(bp_private, &buffer); + q_check_ptr(buffer); + identity.private_key = QSslKey(QByteArray(buffer, size), QSsl::Rsa); + if(identity.private_key.isNull()) + { + qFatal("Failed to generate a random private key"); + } + + EVP_PKEY_free(pkey); // this will also free the rsa key + X509_free(x509); + BIO_free_all(bp_public); + BIO_free_all(bp_private); + + return identity; +} |