VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/x509-create-sign.cpp@ 104539

Last change on this file since 104539 was 104539, checked in by vboxsync, 11 months ago

Fix to generate certificate code - bugref: 10310
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 4.6 KB
Line 
1/* $Id: x509-create-sign.cpp 104539 2024-05-08 07:19:47Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - X.509, Certificate Creation and Signing.
4 */
5
6/*
7 * Copyright (C) 2006-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37
38/*********************************************************************************************************************************
39* Header Files *
40*********************************************************************************************************************************/
41
42# if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
43# include <io.h>
44# endif
45
46#include <stdio.h>
47#include <stdlib.h>
48#include <iprt/file.h>
49#include "internal/iprt.h"
50#include <iprt/crypto/x509.h>
51#include <iprt/crypto/key.h>
52
53# ifdef _MSC_VER
54# define IPRT_COMPILER_VCC_WITH_C_INIT_TERM_SECTIONS
55# include "internal/compiler-vcc.h"
56# endif
57
58#include <fcntl.h>
59#include <iprt/err.h>
60#include <iprt/string.h>
61
62#ifdef IPRT_WITH_OPENSSL
63# include <openssl/evp.h>
64# include <openssl/pem.h>
65# include <openssl/x509.h>
66# include <openssl/bio.h>
67
68RTDECL(int) RTCrX509Certificate_Generate(const char *pszServerCertificate, const char *pszServerPrivateKey)
69{
70 int rc = VINF_SUCCESS;
71 /** set up private key using rsa */
72 EVP_PKEY * pkey = EVP_RSA_gen(2048);
73 if ( pkey == NULL )
74 return VERR_CR_KEY_GEN_FAILED_RSA;
75
76 /** set up certificate */
77 X509* tempX509 = X509_new();
78 if ( tempX509 == NULL )
79 return VERR_CR_X509_GENERIC_ERROR;
80 X509_set_version(tempX509,0); /** set to X509 version 1 */
81 ASN1_INTEGER_set(X509_get_serialNumber(tempX509), 1);
82 X509_gmtime_adj(X509_getm_notBefore(tempX509), 0);
83 X509_gmtime_adj(X509_getm_notAfter(tempX509), 60*60*24*3650); /** 10 years time */
84 X509_set_pubkey(tempX509,pkey);
85
86 X509_NAME *x509_name = NULL;
87 x509_name = X509_get_subject_name(tempX509);
88
89 rc = X509_set_issuer_name(tempX509, x509_name);
90 if ( RT_FAILURE(rc) )
91 return rc;
92
93 rc = X509_sign( tempX509, pkey, EVP_sha1());
94 if ( RT_FAILURE(rc) )
95 return rc;
96
97 RTFILE hKeyFile;
98 rc = RTFileOpen(&hKeyFile, pszServerPrivateKey, RTFILE_O_WRITE | RTFILE_O_DENY_ALL | RTFILE_O_CREATE | (0600 << RTFILE_O_CREATE_MODE_SHIFT) );
99 if ( RT_FAILURE(rc) )
100 return rc;
101# ifndef _MSC_VER
102 int fd1 = (int)RTFileToNative(hKeyFile);
103# else
104 int fd1 = _open_osfhandle(RTFileToNative(hKeyFile), _O_WRONLY);
105# endif
106 if ( fd1 < 0 )
107 return VERR_FILE_IO_ERROR;
108
109 BIO *fp1 = BIO_new_fd(fd1, BIO_NOCLOSE);
110 rc = PEM_write_bio_PrivateKey( fp1, pkey, NULL, NULL, 0, NULL, NULL);
111 if ( RT_FAILURE(rc) )
112 return rc;
113 BIO_free(fp1);
114# ifdef _MSC_VER
115 close(fd1);
116# endif
117 RTFileClose(hKeyFile);
118
119 RTFILE hCertFile;
120 rc = RTFileOpen(&hCertFile, pszServerCertificate, RTFILE_O_WRITE | RTFILE_O_DENY_ALL | RTFILE_O_CREATE | (0600 << RTFILE_O_CREATE_MODE_SHIFT) );
121 if ( RT_FAILURE(rc) )
122 return rc;
123# ifndef _MSC_VER
124 int fd2 = (int)RTFileToNative(hCertFile);
125# else
126 int fd2 = _open_osfhandle(RTFileToNative(hCertFile), _O_WRONLY);
127# endif
128 if ( fd2 < 0 )
129 return VERR_FILE_IO_ERROR;
130
131 BIO *fp2 = BIO_new_fd(fd2, BIO_NOCLOSE);
132 rc = PEM_write_bio_X509( fp2, tempX509 );
133 if ( RT_FAILURE(rc) )
134 return rc;
135 BIO_free(fp2);
136# ifdef _MSC_VER
137 close(fd2);
138# endif
139 RTFileClose(hCertFile);
140
141 X509_free(tempX509);
142 EVP_PKEY_free(pkey);
143
144 return rc;
145}
146
147#endif /* IPRT_WITH_OPENSSL */
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette