Rewrote x509 certificate request writing to use structure for storing

2025-12-24 08:16:33 +01:00 · 2013-08-25 10:18:25 +02:00 · 2013-08-25 10:18:25 +02:00 · 8eabfc1461
commit 8eabfc1461
parent 43fdd617e1
4 changed files with 215 additions and 119 deletions
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@ -65,8 +65,7 @@ void my_debug( void *ctx, int level, const char *str )
    }
 }

-void write_certificate_request( rsa_context *rsa, x509_req_name *req_name,
-                                char *output_file )
+int write_certificate_request( x509_cert_req *req, char *output_file )
 {
    FILE *f;
    unsigned char output_buf[4096];
@ -76,19 +75,22 @@ void write_certificate_request( rsa_context *rsa, x509_req_name *req_name,
    size_t len = 0, olen = 4096;

    memset(output_buf, 0, 4096);
-    ret = x509_write_cert_req( output_buf, 4096, rsa, req_name, POLARSSL_MD_SHA1 );
+    ret = x509_write_cert_req( req, output_buf, 4096 );

    if( ret < 0 )
-        return;
+        return( ret );

    len = ret;
    c = output_buf + 4095 - len;

-    base64_encode( base_buf, &olen, c, len );
+    if( ( ret = base64_encode( base_buf, &olen, c, len ) ) != 0 )
+        return( ret );

    c = base_buf;

-    f = fopen( output_file, "w" );
+    if( ( f = fopen( output_file, "w" ) ) == NULL )
+        return( -1 );
+
    fprintf(f, "-----BEGIN CERTIFICATE REQUEST-----\n");
    while (olen)
    {
@ -101,6 +103,8 @@ void write_certificate_request( rsa_context *rsa, x509_req_name *req_name,
    }
    fprintf(f, "-----END CERTIFICATE REQUEST-----\n");
    fclose(f);
+
+    return( 0 );
 }

 #define USAGE \
@ -131,15 +135,13 @@ int main( int argc, char *argv[] )
    char buf[1024];
    int i, j, n;
    char *p, *q;
-    char *s, *c, *end;
-    int in_tag;
-    char *oid = NULL;
-    x509_req_name *req_name = NULL;
-    x509_req_name *cur = req_name;
+    x509_cert_req req;

    /*
     * Set to sane values
     */
+    x509cert_req_init( &req );
+    x509cert_req_set_md_alg( &req, POLARSSL_MD_SHA1 );
    memset( &rsa, 0, sizeof( rsa_context ) );
    memset( buf, 0, 1024 );

@ -191,74 +193,13 @@ int main( int argc, char *argv[] )
    /*
     * 1.0. Check the subject name for validity
     */
-    s = opt.subject_name;
-    end = s + strlen( s );
-
-    c = s;
-
-    in_tag = 1;
-    while( c <= end )
+    if( ( ret = x509cert_req_set_subject_name( &req, opt.subject_name ) ) != 0 )
    {
-        if( in_tag && *c == '=' )
-        {
-            if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
-                oid = OID_AT_CN;
-            else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
-                oid = OID_AT_COUNTRY;
-            else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
-                oid = OID_AT_ORGANIZATION;
-            else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
-                oid = OID_AT_LOCALITY;
-            else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
-                oid = OID_PKCS9_EMAIL;
-            else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
-                oid = OID_AT_ORG_UNIT;
-            else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
-                oid = OID_AT_STATE;
-            else
-            {
-                printf("Failed to parse subject name.\n");
-                goto exit;
-            }
-
-            s = c + 1;
-            in_tag = 0;
-        }
-        
-        if( !in_tag && ( *c == ',' || c == end ) )
-        {
-            if( c - s > 127 )
-            {
-                printf("Name too large for buffer.\n");
-                goto exit;
-            }
-
-            if( cur == NULL )
-            {
-                req_name = malloc( sizeof(x509_req_name) );
-                cur = req_name;
-            }
-            else
-            {
-                cur->next = malloc( sizeof(x509_req_name) );
-                cur = cur->next;
-            }
-
-            if( cur == NULL )
-            {
-                printf( "Failed to allocate memory.\n" );
-                goto exit;
-            }
-
-            memset( cur, 0, sizeof(x509_req_name) );
-
-            strncpy( cur->oid, oid, strlen( oid ) );
-            strncpy( cur->name, s, c - s );
-
-            s = c + 1;
-            in_tag = 1;
-        }
-        c++;
+#ifdef POLARSSL_ERROR_C
+        error_strerror( ret, buf, 1024 );
+#endif
+        printf( " failed\n  !  x509cert_req_set_subject_name returned %d - %s\n\n", ret, buf );
+        goto exit;
    }

    /*
@ -275,16 +216,32 @@ int main( int argc, char *argv[] )
        error_strerror( ret, buf, 1024 );
 #endif
        printf( " failed\n  !  x509parse_key_rsa returned %d - %s\n\n", ret, buf );
-        rsa_free( &rsa );
+        goto exit;
+    }
+
+    x509cert_req_set_rsa_key( &req, &rsa );
+
+    printf( " ok\n" );
+
+    /*
+     * 1.2. Writing the request
+     */
+    printf( "  . Writing the certificate request ..." );
+    fflush( stdout );
+
+    if( ( ret = write_certificate_request( &req, opt.output_file ) ) != 0 )
+    {
+#ifdef POLARSSL_ERROR_C
+        error_strerror( ret, buf, 1024 );
+#endif
+        printf( " failed\n  !  write_certifcate_request %d - %s\n\n", ret, buf );
        goto exit;
    }

    printf( " ok\n" );

-    write_certificate_request( &rsa, req_name, opt.output_file );
-
 exit:
-
+    x509cert_req_free( &req );
    rsa_free( &rsa );

 #if defined(_WIN32)