csr sha2生成 linux,Openssl生成csr的解决方案
[cpp]
#include?
#include?
#include?
#pragma?comment(lib,?“l(fā)ibeay32.lib”)
/*
*?subject?is?expected?to?be?in?the?format?/type0=value0/type1=value1/type2=…
*?where?characters?may?be?escaped?by?\
*/
X509_NAME?*parse_name(char?*subject,?long?chtype,?int?multirdn)
{
size_t?buflen?=?strlen(subject)+1;?/*?to?copy?the?types?and?values?into.?due?to?escaping,?the?copy?can?only?become?shorter?*/
char?*buf?=?OPENSSL_malloc(buflen);
size_t?max_ne?=?buflen?/?2?+?1;?/*?maximum?number?of?name?elements?*/
char?**ne_types?=?OPENSSL_malloc(max_ne?*?sizeof?(char?*));
char?**ne_values?=?OPENSSL_malloc(max_ne?*?sizeof?(char?*));
int?*mval?=?OPENSSL_malloc?(max_ne?*?sizeof?(int));
char?*sp?=?subject,?*bp?=?buf;
int?i,?ne_num?=?0;
X509_NAME?*n?=?NULL;
int?nid;
if?(!buf?||?!ne_types?||?!ne_values?||?!mval)
{
//BIO_printf(bio_err,?“malloc?error\n”);
goto?error;
}
if?(*subject?!=?‘/’)
{
//BIO_printf(bio_err,?“Subject?does?not?start?with?‘/’.\n”);
goto?error;
}
sp++;?/*?skip?leading?/?*/
/*?no?multivalued?RDN?by?default?*/
mval[ne_num]?=?0;
while?(*sp)
{
/*?collect?type?*/
ne_types[ne_num]?=?bp;
while?(*sp)
{
if?(*sp?==?‘\\’)?/*?is?there?anything?to?escape?in?the?type…??*/
{
if?(*++sp)
*bp++?=?*sp++;
else
{
//BIO_printf(bio_err,?“escape?character?at?end?of?string\n”);
goto?error;
}
}
else?if?(*sp?==?‘=’)
{
sp++;
*bp++?=?‘\0’;
break;
}
else
*bp++?=?*sp++;
}
if?(!*sp)
{
//BIO_printf(bio_err,?“end?of?string?encountered?while?processing?type?of?subject?name?element?#%d\n”,?ne_num);
goto?error;
}
ne_values[ne_num]?=?bp;
while?(*sp)
{
if?(*sp?==?‘\\’)
{
if?(*++sp)
*bp++?=?*sp++;
else
{
//BIO_printf(bio_err,?“escape?character?at?end?of?string\n”);
goto?error;
}
}
else?if?(*sp?==?‘/’)
{
sp++;
/*?no?multivalued?RDN?by?default?*/
mval[ne_num+1]?=?0;
break;
}
else?if?(*sp?==?‘+’?&&?multirdn)
{
/*?a?not?escaped?+?signals?a?mutlivalued?RDN?*/
sp++;
mval[ne_num+1]?=?-1;
break;
}
else
*bp++?=?*sp++;
}
*bp++?=?‘\0’;
ne_num++;
}
if?(!(n?=?X509_NAME_new()))
goto?error;
for?(i?=?0;?i?
{
if?((nid=OBJ_txt2nid(ne_types[i]))?==?NID_undef)
{
//BIO_printf(bio_err,?“Subject?Attribute?%s?has?no?known?NID,?skipped\n”,?ne_types[i]);
continue;
}
if?(!*ne_values[i])
{
//BIO_printf(bio_err,?“No?value?provided?for?Subject?Attribute?%s,?skipped\n”,?ne_types[i]);
continue;
}
if?(!X509_NAME_add_entry_by_NID(n,?nid,?chtype,?(unsigned?char*)ne_values[i],?-1,-1,mval[i]))
goto?error;
}
OPENSSL_free(ne_values);
OPENSSL_free(ne_types);
OPENSSL_free(buf);
OPENSSL_free(mval);
return?n;
error:
X509_NAME_free(n);
if?(ne_values)
OPENSSL_free(ne_values);
if?(ne_types)
OPENSSL_free(ne_types);
if?(mval)
OPENSSL_free(mval);
if?(buf)
OPENSSL_free(buf);
return?NULL;
}
X509_NAME?*CreateDN(char?*pbEmail,?char?*pbCN,?char?*pbOU,?char?*pbO,?char?*pbL,?char?*pbST,?char?*pbC)
{
X509_NAME?*pX509Name?=?NULL;
if(pbCN?==?NULL)
{
return?NULL;
}
if?(!(pX509Name?=?X509_NAME_new()))
{
return?NULL;
}
X509_NAME_add_entry_by_txt(pX509Name,?“emailAddress”,?V_ASN1_UTF8STRING,?pbEmail,?-1,?-1,?0);
X509_NAME_add_entry_by_txt(pX509Name,?“CN”,?V_ASN1_UTF8STRING,?pbCN,?-1,?-1,?0);
X509_NAME_add_entry_by_txt(pX509Name,?“OU”,?V_ASN1_UTF8STRING,?pbOU,?-1,?-1,?0);
X509_NAME_add_entry_by_txt(pX509Name,?“O”,?V_ASN1_UTF8STRING,?pbO,?-1,?-1,?0);
X509_NAME_add_entry_by_txt(pX509Name,?“L”,?V_ASN1_UTF8STRING,?pbL,?-1,?-1,?0);
X509_NAME_add_entry_by_txt(pX509Name,?“ST”,?V_ASN1_UTF8STRING,?pbST,?-1,?-1,?0);
X509_NAME_add_entry_by_txt(pX509Name,?“C”,?V_ASN1_UTF8STRING,?pbC,?-1,?-1,?0);
return?pX509Name;
}
int?GenCSR(char?*pbDN,?int?nDNLen,?char?*pCSR,?size_t?nCSRSize)
{
char?szAltName[]?=?“DNS:www.trustauth.cn”;
char?szComment[]?=?“Create?by?Jinhill”;
char?szKeyUsage[]?=?“digitalSignature,?nonRepudiation”;
char?szExKeyUsage[]?=?“serverAuth,?clientAuth”;
X509_REQ????????*pX509Req?=?NULL;
int?????????????iRV?=?0;
long????????????lVer?=?3;
X509_NAME???????*pX509DN?=?NULL;
EVP_PKEY????????*pEVPKey?=?NULL;
RSA?????????????*pRSA?=?NULL;
X509_NAME_ENTRY?*pX509Entry?=?NULL;
char????????????szBuf[255]?=?{0};
char????????????mdout[20];
int?????????????nLen,?nModLen;
int?????????????bits?=?2048;
unsigned?long???E?=?RSA_3;
unsigned?char???*pDer?=?NULL;
unsigned?char???*p?=?NULL;
FILE????????????*fp?=?NULL;
const?EVP_MD????*md?=?NULL;
X509????????????*pX509?=?NULL;
BIO?????????????*pBIO?=?NULL;
BIO?????????????*pPemBIO?=?NULL;
BUF_MEM?????????*pBMem?=?NULL;
//STACK_OF(X509_EXTENSION)?*pX509Ext;
if(pbDN?==?NULL)
{
return?-1;
}
pX509DN?=?parse_name(pbDN,?V_ASN1_UTF8STRING,?0);
pX509Req?=?X509_REQ_new();
iRV?=?X509_REQ_set_version(pX509Req,?lVer);
//?subject?pX509Name
iRV?=?X509_REQ_set_subject_name(pX509Req,?pX509DN);
/*?pub?key?*/
pEVPKey?=?EVP_PKEY_new();
pRSA?=?RSA_generate_key(bits,?E,?NULL,?NULL);
EVP_PKEY_assign_RSA(pEVPKey,?pRSA);
iRV?=?X509_REQ_set_pubkey(pX509Req,?pEVPKey);
/*?attribute?*/
strcpy(szBuf,?szAltName);
nLen?=?strlen(szBuf);
iRV?=?X509_REQ_add1_attr_by_txt(pX509Req,?“subjectAltName”,?V_ASN1_UTF8STRING,?szBuf,?nLen);
strcpy(szBuf,?szKeyUsage);
nLen?=?strlen(szBuf);
iRV?=?X509_REQ_add1_attr_by_txt(pX509Req,?“keyUsage”,?V_ASN1_UTF8STRING,?szBuf,?nLen);
strcpy(szBuf,?szExKeyUsage);
nLen?=?strlen(szBuf);
iRV?=?X509_REQ_add1_attr_by_txt(pX509Req,?“extendedKeyUsage”,?V_ASN1_UTF8STRING,?szBuf,?nLen);
strcpy(szBuf,?szComment);
nLen?=?strlen(szBuf);
iRV?=?X509_REQ_add1_attr_by_txt(pX509Req,?“nsComment”,?V_ASN1_UTF8STRING,?szBuf,?nLen);
md?=?EVP_sha1();
iRV?=?X509_REQ_digest(pX509Req,?md,?mdout,?&nModLen);
iRV?=?X509_REQ_sign(pX509Req,?pEVPKey,?md);
if(!iRV)
{
printf(“sign?err!\n”);
X509_REQ_free(pX509Req);
return?-1;
}
//?寫入文件PEM格式
//??pBIO?=?BIO_new_file(“certreq.txt”,?“w”);
//??PEM_write_bio_X509_REQ(pBIO,?pX509Req,?NULL,?NULL);
//??BIO_free(pBIO);
//返回PEM字符
pPemBIO?=?BIO_new(BIO_s_mem());
PEM_write_bio_X509_REQ(pPemBIO,?pX509Req,?NULL,?NULL);
BIO_get_mem_ptr(pPemBIO,&pBMem);
if(pBMem->length?<=?nCSRSize)
{
memcpy(pCSR,?pBMem->data,?pBMem->length);
}
BIO_free(pPemBIO);
/*?DER編碼?*/
//nLen?=?i2d_X509_REQ(pX509Req,?NULL);
//pDer?=?(unsigned?char?*)malloc(nLen);
//p?=?pDer;
//nLen?=?i2d_X509_REQ(pX509Req,?&p);
//free(pDer);
//??驗(yàn)證CSR
OpenSSL_add_all_algorithms();
iRV?=?X509_REQ_verify(pX509Req,?pEVPKey);
if(iRV<0)
{
printf(“verify?err.\n”);
}
X509_REQ_free(pX509Req);
return?nCSRSize;
}
int?main()
{
char?chDN[255]?=?“/CN=www.trustauth.cn/O=Beijing?Jinhill?Inc./C=CN”;
char?chCSR[2048]?=?{0};
int?rv?=?GenCSR(chDN,?strlen(chDN),?chCSR,?sizeof(chCSR));
printf(“CSR:\n%s”,?chCSR);
}
總結(jié)
以上是生活随笔為你收集整理的csr sha2生成 linux,Openssl生成csr的解决方案的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
