36#include <openssl/pem.h>
37#include <openssl/x509.h>
38#include <openssl/x509v3.h>
41#include "openssl/applink.c"
51EVP_PKEY *generate_key() {
53 EVP_PKEY *pkey = EVP_PKEY_new();
55 cerr <<
"Unable to create EVP_PKEY structure." << endl;
60 RSA *rsa = RSA_generate_key(2048, RSA_F4, NULL, NULL);
61 if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
62 cerr <<
"Unable to generate 2048-bit RSA key." << endl;
71int cs_cert_set_subject_alt_name(X509 *x509_cert,
string name) {
72 const char *subject_alt_name = name.c_str();
73 X509_EXTENSION *extension_san = NULL;
74 ASN1_OCTET_STRING *subject_alt_name_ASN1 = NULL;
77 subject_alt_name_ASN1 = ASN1_OCTET_STRING_new();
78 if (!subject_alt_name_ASN1) {
81 ASN1_OCTET_STRING_set(subject_alt_name_ASN1,
82 (
unsigned char *)subject_alt_name,
83 strlen(subject_alt_name));
84 if (!X509_EXTENSION_create_by_NID(&extension_san, NID_subject_alt_name, 0,
85 subject_alt_name_ASN1)) {
88 ASN1_OCTET_STRING_free(subject_alt_name_ASN1);
89 ret = X509_add_ext(x509_cert, extension_san, -1);
93 X509_EXTENSION_free(extension_san);
97 if (subject_alt_name_ASN1) ASN1_OCTET_STRING_free(subject_alt_name_ASN1);
98 if (extension_san) X509_EXTENSION_free(extension_san);
103X509 *generate_x509(EVP_PKEY *pkey,
string ip_v4) {
105 X509 *x509 = X509_new();
107 cerr <<
"Unable to create X509 structure." << endl;
112 ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
116 X509_gmtime_adj(X509_get_notBefore(x509), 0);
117 X509_gmtime_adj(X509_get_notAfter(x509), 31536000L);
120 X509_set_pubkey(x509, pkey);
123 X509_NAME *name = X509_get_subject_name(x509);
126 X509_NAME_add_entry_by_txt(name,
"C", MBSTRING_ASC, (
unsigned char *)
"CA", -1,
128 X509_NAME_add_entry_by_txt(name,
"O", MBSTRING_ASC,
129 (
unsigned char *)
"MyCompany", -1, -1, 0);
130 X509_NAME_add_entry_by_txt(name,
"CN", MBSTRING_ASC,
131 (
unsigned char *)
"localhost", -1, -1, 0);
139 GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null();
140 string dns_name =
"www.example.com";
141 GENERAL_NAME *gen_dns = GENERAL_NAME_new();
142 ASN1_IA5STRING *ia5 = ASN1_IA5STRING_new();
143 ASN1_STRING_set(ia5, dns_name.data(), dns_name.length());
144 GENERAL_NAME_set0_value(gen_dns, GEN_DNS, ia5);
145 sk_GENERAL_NAME_push(gens, gen_dns);
147 in_addr_t ipv4 = inet_addr(ip_v4.c_str());
148 GENERAL_NAME *gen_ip = GENERAL_NAME_new();
149 ASN1_OCTET_STRING *octet = ASN1_OCTET_STRING_new();
150 ASN1_STRING_set(octet, &ipv4,
sizeof(ipv4));
151 GENERAL_NAME_set0_value(gen_ip, GEN_IPADD, octet);
152 sk_GENERAL_NAME_push(gens, gen_ip);
154 X509_add1_ext_i2d(x509, NID_subject_alt_name, gens, 0, X509V3_ADD_DEFAULT);
156 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
159 string ext_name(
"IP: ");
161 cs_cert_set_subject_alt_name(x509, ext_name);
164 X509_set_issuer_name(x509, name);
167 if (!X509_sign(x509, pkey, EVP_sha1())) {
168 cerr <<
"Error signing certificate." << endl;
176bool write_to_disk(EVP_PKEY *pkey, X509 *x509,
string cert_directory) {
178 string key_file = cert_directory;
179 key_file +=
"key.pem";
180 FILE *pkey_file = fopen(key_file.c_str(),
"wb");
182 cerr <<
"Unable to open \"key.pem\" for writing." << endl;
187 bool ret = PEM_write_PrivateKey(pkey_file, pkey, NULL, NULL, 0, NULL, NULL);
191 cerr <<
"Unable to write private key to disk." << endl;
196 string cert_file = cert_directory;
197 cert_file +=
"cert.pem";
199 FILE *x509_file = fopen(cert_file.c_str(),
"wb");
201 cerr <<
"Unable to open \"cert.pem\" for writing." << endl;
206 ret = PEM_write_X509(x509_file, x509);
210 cerr <<
"Unable to write certificate to disk." << endl;
217int make_certificate(
string ipv4,
string destination_dir) {
219 if (getenv(
"OCPN_DEBUG_CERT")) cout <<
"Generating RSA key..." << endl;
221 EVP_PKEY *pkey = generate_key();
225 if (getenv(
"OCPN_DEBUG_CERT"))
226 cout <<
"Generating x509 certificate..." << endl;
228 X509 *x509 = generate_x509(pkey, ipv4);
235 if (getenv(
"OCPN_DEBUG_CERT"))
236 cout <<
"Writing key and certificate to disk..." << endl;
238 bool ret = write_to_disk(pkey, x509, destination_dir);
243 if (getenv(
"OCPN_DEBUG_CERT")) cout <<
"Success!" << endl;
Enhanced logging interface on top of wx/log.h.