34 #include <sys/types.h>
44 #include <openssl/pem.h>
50 EPNAME(
"X509Req::XrdCryptosslX509Req_bio");
62 DEBUG(
"got undefined opaque buffer");
68 BIO *bmem = BIO_new(BIO_s_mem());
70 DEBUG(
"unable to create BIO for memory operations");
75 int nw = BIO_write(bmem,(
const void *)(buck->
buffer),buck->
size);
76 if (nw != buck->
size) {
77 DEBUG(
"problems writing data to memory BIO (nw: "<<nw<<
")");
82 if (!PEM_read_bio_X509_REQ(bmem,&creq,0,0)) {
83 DEBUG(
"unable to read certificate request to memory BIO");
94 EVP_PKEY *evpp = X509_REQ_get_pubkey(creq);
101 DEBUG(
"could not access the public key");
109 EPNAME(
"X509Req::XrdCryptosslX509Req_x509");
121 DEBUG(
"got undefined X509 object");
132 EVP_PKEY *evpp = X509_REQ_get_pubkey(creq);
139 DEBUG(
"could not access the public key");
149 if (creq) X509_REQ_free(creq);
158 EPNAME(
"X509Req::Subject");
161 if (subject.
length() <= 0) {
165 DEBUG(
"WARNING: no certificate available - cannot extract subject name");
166 return (
const char *)0;
174 return (subject.
length() > 0) ? subject.
c_str() : (
const char *)0;
183 EPNAME(
"X509::SubjectHash");
185 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(__APPLE__))
188 if (subjectoldhash.
length() <= 0) {
191 char chash[30] = {0};
192 snprintf(chash,
sizeof(chash),
193 "%08lx.0",X509_NAME_hash_old(X509_REQ_get_subject_name(creq)));
194 subjectoldhash = chash;
196 DEBUG(
"WARNING: no certificate available - cannot extract subject hash (md5)");
200 return (subjectoldhash.
length() > 0) ? subjectoldhash.
c_str() : (
const char *)0;
207 if (subjecthash.
length() <= 0) {
211 char chash[30] = {0};
212 snprintf(chash,
sizeof(chash),
213 "%08lx.0",X509_NAME_hash(X509_REQ_get_subject_name(creq)));
216 DEBUG(
"WARNING: no certificate available - cannot extract subject hash (default)");
221 return (subjecthash.
length() > 0) ? subjecthash.
c_str() : (
const char *)0;
228 EPNAME(
"X509Req::GetExtension");
233 DEBUG(
"OID string not defined");
239 DEBUG(
"certificate is not initialized");
244 STACK_OF(X509_EXTENSION) *esk = X509_REQ_get_extensions(creq);
246 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
247 int numext = sk_X509_EXTENSION_num(esk);
249 int numext = sk_num(esk);
252 DEBUG(
"certificate has got no extensions");
255 DEBUG(
"certificate request has "<<numext<<
" extensions");
259 int nid = OBJ_sn2nid(oid);
260 bool usenid = (nid > 0);
264 X509_EXTENSION *wext = 0;
265 for (i = 0; i< numext; i++) {
266 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
267 wext = sk_X509_EXTENSION_value(esk, i);
269 wext = (X509_EXTENSION *)sk_value(esk, i);
272 int enid = OBJ_obj2nid(X509_EXTENSION_get_object(wext));
278 OBJ_obj2txt(s,
sizeof(s), X509_EXTENSION_get_object(wext), 1);
287 DEBUG(
"Extension "<<oid<<
" not found");
299 EPNAME(
"X509Req::Export");
303 DEBUG(
"serialization already performed:"
304 " return previous result ("<<bucket->
size<<
" bytes)");
310 DEBUG(
"certificate is not initialized");
316 BIO *bmem = BIO_new(BIO_s_mem());
318 DEBUG(
"unable to create BIO for memory operations");
323 if (!PEM_write_bio_X509_REQ(bmem, creq)) {
324 DEBUG(
"unable to write certificate request to memory BIO");
330 int blen = BIO_get_mem_data(bmem, &bdata);
331 DEBUG(
"BIO data: "<<blen<<
" bytes at 0x"<<(
int *)bdata);
337 bucket->
SetBuf(bdata, blen);
338 DEBUG(
"result of serialization: "<<bucket->
size<<
" bytes");
340 DEBUG(
"unable to create bucket for serialized format");
356 EPNAME(
"X509Req::Verify");
363 int rc = X509_REQ_verify(creq,X509_REQ_get_pubkey(creq));
368 DEBUG(
"signature not OK");
371 DEBUG(
"could not verify signature");
void * XrdCryptoX509Reqdata
void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
const char * SubjectHash()
XrdCryptosslX509Req(XrdSutBucket *bck)
XrdCryptoX509Reqdata GetExtension(const char *oid)
virtual ~XrdCryptosslX509Req()
const char * c_str() const
int SetBuf(const char *nb=0, int ns=0)