2012-11-27 07:42:40 +04:00
|
|
|
|
/**
|
|
|
|
|
* WinPR: Windows Portable Runtime
|
|
|
|
|
* makecert replacement
|
|
|
|
|
*
|
|
|
|
|
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2017-11-14 18:10:52 +03:00
|
|
|
|
#include <errno.h>
|
|
|
|
|
|
2012-11-27 07:42:40 +04:00
|
|
|
|
#include <winpr/crt.h>
|
2013-03-23 01:34:57 +04:00
|
|
|
|
#include <winpr/path.h>
|
2012-11-27 07:42:40 +04:00
|
|
|
|
#include <winpr/cmdline.h>
|
2013-03-13 08:26:10 +04:00
|
|
|
|
#include <winpr/sysinfo.h>
|
2017-01-09 18:43:28 +03:00
|
|
|
|
#include <winpr/crypto.h>
|
2012-11-27 07:42:40 +04:00
|
|
|
|
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
2017-04-06 11:37:28 +03:00
|
|
|
|
#include <openssl/crypto.h>
|
2013-03-13 01:57:16 +04:00
|
|
|
|
#include <openssl/conf.h>
|
2014-07-17 01:13:02 +04:00
|
|
|
|
#include <openssl/pem.h>
|
2017-04-06 11:37:28 +03:00
|
|
|
|
#include <openssl/rsa.h>
|
2014-07-17 01:13:02 +04:00
|
|
|
|
#include <openssl/pkcs12.h>
|
2013-03-13 01:57:16 +04:00
|
|
|
|
#include <openssl/x509v3.h>
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#endif
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2014-05-07 23:09:34 +04:00
|
|
|
|
#include <winpr/tools/makecert.h>
|
2013-03-23 00:36:44 +04:00
|
|
|
|
|
|
|
|
|
struct _MAKECERT_CONTEXT
|
|
|
|
|
{
|
2013-03-23 00:59:54 +04:00
|
|
|
|
int argc;
|
|
|
|
|
char** argv;
|
2013-03-23 00:36:44 +04:00
|
|
|
|
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
2013-03-23 01:34:57 +04:00
|
|
|
|
RSA* rsa;
|
2013-03-23 00:59:54 +04:00
|
|
|
|
X509* x509;
|
|
|
|
|
EVP_PKEY* pkey;
|
2014-07-17 01:13:02 +04:00
|
|
|
|
PKCS12* pkcs12;
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#endif
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
BOOL live;
|
|
|
|
|
BOOL silent;
|
|
|
|
|
|
2014-07-17 01:13:02 +04:00
|
|
|
|
BOOL crtFormat;
|
|
|
|
|
BOOL pemFormat;
|
|
|
|
|
BOOL pfxFormat;
|
|
|
|
|
|
|
|
|
|
char* password;
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
char* output_file;
|
2014-07-18 00:47:29 +04:00
|
|
|
|
char* output_path;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
char* default_name;
|
2014-07-18 00:47:29 +04:00
|
|
|
|
char* common_name;
|
|
|
|
|
|
|
|
|
|
int duration_years;
|
|
|
|
|
int duration_months;
|
2013-03-23 00:59:54 +04:00
|
|
|
|
};
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2015-07-31 12:31:21 +03:00
|
|
|
|
static COMMAND_LINE_ARGUMENT_A args[] =
|
2012-11-27 07:42:40 +04:00
|
|
|
|
{
|
2013-03-23 01:34:57 +04:00
|
|
|
|
/* Custom Options */
|
2012-11-27 07:42:40 +04:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"rdp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Generate certificate with required options for RDP usage."
|
2013-03-13 08:26:10 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"silent", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Silently generate certificate without verbose output."
|
2013-03-23 01:34:57 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"live", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Generate certificate live in memory when used as a library."
|
2013-03-23 01:34:57 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"format", COMMAND_LINE_VALUE_REQUIRED, "<crt|pem|pfx>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specify certificate file format"
|
2014-07-17 01:13:02 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"path", COMMAND_LINE_VALUE_REQUIRED, "<path>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specify certificate file output path"
|
2014-07-18 00:47:29 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"p", COMMAND_LINE_VALUE_REQUIRED, "<password>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specify certificate export password"
|
2014-07-17 01:13:02 +04:00
|
|
|
|
},
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
/* Basic Options */
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"n", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specifies the subject's certificate name. This name must conform to the X.500 standard. "
|
|
|
|
|
"The simplest method is to specify the name in double quotes, preceded by CN=; for example, -n \"CN=myName\"."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"pe", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Marks the generated private key as exportable. This allows the private key to be included in the certificate."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sk", COMMAND_LINE_VALUE_REQUIRED, "<keyname>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's key container location, which contains the private key. "
|
|
|
|
|
"If a key container does not exist, it will be created."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sr", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"ss", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's certificate store name that stores the output certificate."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"#", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specifies a serial number from 1 to 2,147,483,647. The default is a unique value generated by Makecert.exe."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"$", COMMAND_LINE_VALUE_REQUIRED, "<authority>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the signing authority of the certificate, which must be set to either commercial "
|
|
|
|
|
"(for certificates used by commercial software publishers) or individual (for certificates used by individual software publishers)."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
/* Extended Options */
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"a", COMMAND_LINE_VALUE_REQUIRED, "<algorithm>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specifies the signature algorithm. algorithm must be md5, sha1, sha256 (the default), sha384, or sha512."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"b", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the start of the validity period. Defaults to the current date."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"crl", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Generates a certificate relocation list (CRL) instead of a certificate."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"cy", COMMAND_LINE_VALUE_REQUIRED, "<certType>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"e", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"eku", COMMAND_LINE_VALUE_REQUIRED, "<oid[,oid…]>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"h", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the maximum height of the tree below this certificate."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"ic", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's certificate file."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"ik", COMMAND_LINE_VALUE_REQUIRED, "<keyName>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's key container name."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"iky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's key type, which must be one of the following: "
|
|
|
|
|
"signature (which indicates that the key is used for a digital signature), "
|
|
|
|
|
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
|
|
|
|
"or an integer that represents a provider type. "
|
|
|
|
|
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"in", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's certificate common name."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"ip", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"ir", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"is", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's certificate store name."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"iv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's .pvk private key file."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"iy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"l", COMMAND_LINE_VALUE_REQUIRED, "<link>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Links to policy information (for example, to a URL)."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"len", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specifies the generated key length, in bits."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"m", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specifies the duration, in months, of the certificate validity period."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"y", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Specifies the duration, in years, of the certificate validity period."
|
2014-07-18 00:47:29 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"nscp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Includes the Netscape client-authorization extension."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"r", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Creates a self-signed certificate."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sc", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's certificate file."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's key type, which must be one of the following: "
|
|
|
|
|
"signature (which indicates that the key is used for a digital signature), "
|
|
|
|
|
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
|
|
|
|
"or an integer that represents a provider type. "
|
|
|
|
|
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sp", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
|
|
|
|
|
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider. If both –sp and –sy are present, "
|
|
|
|
|
"the type of the CryptoAPI provider must correspond to the Type value of the provider's subkey."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's .pvk private key file. The file is created if none exists."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"sy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
|
|
|
|
|
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types. If both –sy and –sp are present, "
|
|
|
|
|
"the name of the CryptoAPI provider must correspond to the Name value of the provider type subkey."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
2017-04-06 11:37:28 +03:00
|
|
|
|
{
|
|
|
|
|
"tbs", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
|
|
|
|
"Unsupported - Specifies the certificate or CRL file to be signed."
|
2012-11-27 07:42:40 +04:00
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
/* Help */
|
|
|
|
|
|
|
|
|
|
{ "?", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_HELP, NULL, NULL, NULL, -1, "help", "print help" },
|
|
|
|
|
{ "!", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_HELP, NULL, NULL, NULL, -1, "help-ext", "print extended help" },
|
|
|
|
|
{ NULL, 0, NULL, NULL, NULL, -1, NULL, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
static int makecert_print_command_line_help(int argc, char** argv)
|
2012-11-27 07:42:40 +04:00
|
|
|
|
{
|
|
|
|
|
char* str;
|
|
|
|
|
COMMAND_LINE_ARGUMENT_A* arg;
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!argv)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2012-11-27 07:42:40 +04:00
|
|
|
|
printf("Usage: %s [options] [output file]\n", argv[0]);
|
|
|
|
|
printf("\n");
|
|
|
|
|
arg = args;
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
if (arg->Flags & COMMAND_LINE_VALUE_FLAG)
|
|
|
|
|
{
|
|
|
|
|
printf(" %s", "-");
|
|
|
|
|
printf("%-20s", arg->Name);
|
|
|
|
|
printf("\t%s\n", arg->Text);
|
|
|
|
|
}
|
|
|
|
|
else if ((arg->Flags & COMMAND_LINE_VALUE_REQUIRED) || (arg->Flags & COMMAND_LINE_VALUE_OPTIONAL))
|
|
|
|
|
{
|
|
|
|
|
printf(" %s", "-");
|
|
|
|
|
|
|
|
|
|
if (arg->Format)
|
|
|
|
|
{
|
2017-04-06 11:37:28 +03:00
|
|
|
|
size_t length = strlen(arg->Name) + strlen(arg->Format) + 2;
|
2012-11-27 07:42:40 +04:00
|
|
|
|
str = malloc(length + 1);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!str)
|
|
|
|
|
return -1;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2012-11-27 07:42:40 +04:00
|
|
|
|
sprintf_s(str, length + 1, "%s %s", arg->Name, arg->Format);
|
|
|
|
|
printf("%-20s", str);
|
|
|
|
|
free(str);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
printf("%-20s", arg->Name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("\t%s\n", arg->Text);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
while ((arg = CommandLineFindNextArgumentA(arg)) != NULL);
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-09 19:15:31 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
2017-04-06 11:37:28 +03:00
|
|
|
|
static int x509_add_ext(X509* cert, int nid, char* value)
|
2013-03-13 01:57:16 +04:00
|
|
|
|
{
|
|
|
|
|
X509V3_CTX ctx;
|
|
|
|
|
X509_EXTENSION* ext;
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!cert || !value)
|
|
|
|
|
return 0;
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
X509V3_set_ctx_nodb(&ctx);
|
2013-03-13 01:57:16 +04:00
|
|
|
|
X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
|
|
|
|
|
ext = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
|
|
|
|
|
|
|
|
|
|
if (!ext)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
X509_add_ext(cert, ext, -1);
|
|
|
|
|
X509_EXTENSION_free(ext);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2015-10-09 19:15:31 +03:00
|
|
|
|
#endif
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
static char* x509_name_parse(char* name, char* txt, int* length)
|
2013-03-13 01:57:16 +04:00
|
|
|
|
{
|
|
|
|
|
char* p;
|
|
|
|
|
char* entry;
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!name || !txt || !length)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2013-03-13 01:57:16 +04:00
|
|
|
|
p = strstr(name, txt);
|
|
|
|
|
|
|
|
|
|
if (!p)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
entry = p + strlen(txt) + 1;
|
|
|
|
|
p = strchr(entry, '=');
|
|
|
|
|
|
|
|
|
|
if (!p)
|
|
|
|
|
*length = strlen(entry);
|
|
|
|
|
else
|
|
|
|
|
*length = p - entry;
|
|
|
|
|
|
|
|
|
|
return entry;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
static char* x509_get_default_name(void)
|
2013-03-13 08:26:10 +04:00
|
|
|
|
{
|
2015-08-25 18:44:03 +03:00
|
|
|
|
CHAR* computerName = NULL;
|
2015-07-15 12:47:01 +03:00
|
|
|
|
DWORD nSize = 0;
|
2013-03-13 08:26:10 +04:00
|
|
|
|
|
2015-10-05 23:23:44 +03:00
|
|
|
|
if (GetComputerNameExA(ComputerNamePhysicalDnsFullyQualified, NULL, &nSize) ||
|
2017-04-06 11:37:28 +03:00
|
|
|
|
GetLastError() != ERROR_MORE_DATA)
|
2015-08-25 18:44:03 +03:00
|
|
|
|
goto fallback;
|
|
|
|
|
|
2017-05-30 11:46:43 +03:00
|
|
|
|
computerName = (CHAR*)calloc(1, nSize);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-08-25 18:44:03 +03:00
|
|
|
|
if (!computerName)
|
|
|
|
|
goto fallback;
|
|
|
|
|
|
|
|
|
|
if (!GetComputerNameExA(ComputerNamePhysicalDnsFullyQualified, computerName, &nSize))
|
|
|
|
|
goto fallback;
|
|
|
|
|
|
2015-10-05 23:23:44 +03:00
|
|
|
|
return computerName;
|
2015-08-25 18:44:03 +03:00
|
|
|
|
fallback:
|
2015-10-05 23:23:44 +03:00
|
|
|
|
free(computerName);
|
2015-08-25 18:44:03 +03:00
|
|
|
|
|
2015-07-15 12:47:01 +03:00
|
|
|
|
if (GetComputerNameExA(ComputerNamePhysicalNetBIOS, NULL, &nSize) ||
|
2017-04-06 11:37:28 +03:00
|
|
|
|
GetLastError() != ERROR_MORE_DATA)
|
2015-07-15 12:47:01 +03:00
|
|
|
|
return NULL;
|
2015-06-16 16:42:07 +03:00
|
|
|
|
|
2017-05-30 11:46:43 +03:00
|
|
|
|
computerName = (CHAR*)calloc(1, nSize);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-07-15 12:47:01 +03:00
|
|
|
|
if (!computerName)
|
2015-06-16 16:42:07 +03:00
|
|
|
|
return NULL;
|
|
|
|
|
|
2015-07-15 12:47:01 +03:00
|
|
|
|
if (!GetComputerNameExA(ComputerNamePhysicalNetBIOS, computerName, &nSize))
|
|
|
|
|
{
|
|
|
|
|
free(computerName);
|
2015-04-03 17:21:01 +03:00
|
|
|
|
return NULL;
|
2015-07-15 12:47:01 +03:00
|
|
|
|
}
|
2013-03-13 08:26:10 +04:00
|
|
|
|
|
2015-07-15 12:47:01 +03:00
|
|
|
|
return computerName;
|
2013-03-13 08:26:10 +04:00
|
|
|
|
}
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
static int command_line_pre_filter(MAKECERT_CONTEXT* context, int index, int argc, LPCSTR* argv)
|
2013-03-23 00:59:54 +04:00
|
|
|
|
{
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!context || !argv || (index < 0) || (argc < 0))
|
|
|
|
|
return -1;
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (index == (argc - 1))
|
|
|
|
|
{
|
|
|
|
|
if (argv[index][0] != '-')
|
2015-06-29 19:07:26 +03:00
|
|
|
|
{
|
2015-06-29 19:10:59 +03:00
|
|
|
|
context->output_file = _strdup(argv[index]);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-29 19:10:59 +03:00
|
|
|
|
if (!context->output_file)
|
|
|
|
|
return -1;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2017-01-12 13:04:34 +03:00
|
|
|
|
return 1;
|
2015-06-29 19:10:59 +03:00
|
|
|
|
}
|
2013-03-23 00:59:54 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
static int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char** argv)
|
2013-03-23 00:59:54 +04:00
|
|
|
|
{
|
|
|
|
|
int status;
|
|
|
|
|
DWORD flags;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
COMMAND_LINE_ARGUMENT_A* arg;
|
2013-03-23 00:59:54 +04:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!context || !argv || (argc < 0))
|
|
|
|
|
return -1;
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
/**
|
|
|
|
|
* makecert -r -pe -n "CN=%COMPUTERNAME%" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr LocalMachine
|
|
|
|
|
* -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
|
|
|
|
|
*/
|
|
|
|
|
CommandLineClearArgumentsA(args);
|
|
|
|
|
flags = COMMAND_LINE_SEPARATOR_SPACE | COMMAND_LINE_SIGIL_DASH;
|
2018-06-06 17:43:09 +03:00
|
|
|
|
status = CommandLineParseArgumentsA(argc, argv, args, flags, context,
|
2017-04-06 11:37:28 +03:00
|
|
|
|
(COMMAND_LINE_PRE_FILTER_FN_A) command_line_pre_filter, NULL);
|
2013-03-23 00:59:54 +04:00
|
|
|
|
|
|
|
|
|
if (status & COMMAND_LINE_STATUS_PRINT_HELP)
|
|
|
|
|
{
|
|
|
|
|
makecert_print_command_line_help(argc, argv);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
arg = args;
|
2017-11-14 18:10:52 +03:00
|
|
|
|
errno = 0;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
2017-01-12 13:04:34 +03:00
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
2013-03-23 01:34:57 +04:00
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
CommandLineSwitchStart(arg)
|
|
|
|
|
/* Basic Options */
|
|
|
|
|
CommandLineSwitchCase(arg, "silent")
|
|
|
|
|
{
|
|
|
|
|
context->silent = TRUE;
|
|
|
|
|
}
|
|
|
|
|
CommandLineSwitchCase(arg, "live")
|
|
|
|
|
{
|
|
|
|
|
context->live = TRUE;
|
|
|
|
|
}
|
2014-07-17 01:13:02 +04:00
|
|
|
|
CommandLineSwitchCase(arg, "format")
|
|
|
|
|
{
|
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (strcmp(arg->Value, "crt") == 0)
|
|
|
|
|
{
|
|
|
|
|
context->crtFormat = TRUE;
|
|
|
|
|
context->pemFormat = FALSE;
|
|
|
|
|
context->pfxFormat = FALSE;
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(arg->Value, "pem") == 0)
|
|
|
|
|
{
|
|
|
|
|
context->crtFormat = FALSE;
|
|
|
|
|
context->pemFormat = TRUE;
|
|
|
|
|
context->pfxFormat = FALSE;
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(arg->Value, "pfx") == 0)
|
|
|
|
|
{
|
|
|
|
|
context->crtFormat = FALSE;
|
|
|
|
|
context->pemFormat = FALSE;
|
|
|
|
|
context->pfxFormat = TRUE;
|
|
|
|
|
}
|
2015-06-17 23:08:02 +03:00
|
|
|
|
else
|
|
|
|
|
return -1;
|
2014-07-17 01:13:02 +04:00
|
|
|
|
}
|
2014-07-18 00:47:29 +04:00
|
|
|
|
CommandLineSwitchCase(arg, "path")
|
|
|
|
|
{
|
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
context->output_path = _strdup(arg->Value);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->output_path)
|
|
|
|
|
return -1;
|
2014-07-18 00:47:29 +04:00
|
|
|
|
}
|
2014-07-17 01:13:02 +04:00
|
|
|
|
CommandLineSwitchCase(arg, "p")
|
|
|
|
|
{
|
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
context->password = _strdup(arg->Value);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->password)
|
|
|
|
|
return -1;
|
2014-07-17 01:13:02 +04:00
|
|
|
|
}
|
2014-07-18 00:47:29 +04:00
|
|
|
|
CommandLineSwitchCase(arg, "n")
|
|
|
|
|
{
|
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
context->common_name = _strdup(arg->Value);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->common_name)
|
|
|
|
|
return -1;
|
2014-07-18 00:47:29 +04:00
|
|
|
|
}
|
|
|
|
|
CommandLineSwitchCase(arg, "y")
|
|
|
|
|
{
|
2017-11-14 18:10:52 +03:00
|
|
|
|
long val;
|
|
|
|
|
|
2014-07-18 00:47:29 +04:00
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
|
|
|
|
continue;
|
|
|
|
|
|
2017-11-14 18:10:52 +03:00
|
|
|
|
val = strtol(arg->Value, NULL, 0);
|
|
|
|
|
|
|
|
|
|
if ((errno != 0) || (val < 0) || (val > INT32_MAX))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
context->duration_years = strtol(arg->Value, NULL, 0);
|
2014-07-18 00:47:29 +04:00
|
|
|
|
}
|
|
|
|
|
CommandLineSwitchCase(arg, "m")
|
|
|
|
|
{
|
2017-11-14 18:10:52 +03:00
|
|
|
|
long val;
|
|
|
|
|
|
2014-07-18 00:47:29 +04:00
|
|
|
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
|
|
|
|
continue;
|
|
|
|
|
|
2017-11-14 18:10:52 +03:00
|
|
|
|
val = strtol(arg->Value, NULL, 0);
|
|
|
|
|
|
|
|
|
|
if ((errno != 0) || (val < 1) || (val > 12))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
context->duration_months = val;
|
2014-07-18 00:47:29 +04:00
|
|
|
|
}
|
2013-03-23 01:34:57 +04:00
|
|
|
|
CommandLineSwitchDefault(arg)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
CommandLineSwitchEnd(arg)
|
|
|
|
|
}
|
|
|
|
|
while ((arg = CommandLineFindNextArgumentA(arg)) != NULL);
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-24 02:17:01 +04:00
|
|
|
|
int makecert_context_set_output_file_name(MAKECERT_CONTEXT* context, char* name)
|
|
|
|
|
{
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!context)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2014-10-01 20:18:17 +04:00
|
|
|
|
free(context->output_file);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
context->output_file = NULL;
|
|
|
|
|
|
|
|
|
|
if (name)
|
|
|
|
|
context->output_file = _strdup(name);
|
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->output_file)
|
|
|
|
|
return -1;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2013-04-24 02:17:01 +04:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* path)
|
2013-03-13 01:57:16 +04:00
|
|
|
|
{
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
2015-06-17 23:08:02 +03:00
|
|
|
|
FILE* fp = NULL;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
int status;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
int length;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
int offset;
|
2015-06-17 23:08:02 +03:00
|
|
|
|
char* filename = NULL;
|
|
|
|
|
char* fullpath = NULL;
|
2018-08-24 10:54:25 +03:00
|
|
|
|
char* ext;
|
2015-06-17 23:08:02 +03:00
|
|
|
|
int ret = -1;
|
|
|
|
|
BIO* bio = NULL;
|
|
|
|
|
BYTE* x509_str = NULL;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (!context || !path)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
if (!context->output_file)
|
2015-04-03 17:21:01 +03:00
|
|
|
|
{
|
2014-07-18 00:47:29 +04:00
|
|
|
|
context->output_file = _strdup(context->default_name);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!context->output_file)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Output Certificate File
|
|
|
|
|
*/
|
|
|
|
|
length = strlen(context->output_file);
|
|
|
|
|
filename = malloc(length + 8);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!filename)
|
|
|
|
|
return -1;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2014-07-17 01:13:02 +04:00
|
|
|
|
if (context->crtFormat)
|
2018-08-24 10:54:25 +03:00
|
|
|
|
ext = "crt";
|
2014-07-17 01:13:02 +04:00
|
|
|
|
else if (context->pemFormat)
|
2018-08-24 10:54:25 +03:00
|
|
|
|
ext = "pem";
|
2014-07-17 01:13:02 +04:00
|
|
|
|
else if (context->pfxFormat)
|
2018-08-24 10:54:25 +03:00
|
|
|
|
ext = "pfx";
|
|
|
|
|
else
|
2018-10-17 14:19:33 +03:00
|
|
|
|
goto out_fail;
|
2018-08-24 10:54:25 +03:00
|
|
|
|
|
|
|
|
|
sprintf_s(filename, length + 8, "%s.%s", context->output_file, ext);
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
if (path)
|
|
|
|
|
fullpath = GetCombinedPath(path, filename);
|
|
|
|
|
else
|
|
|
|
|
fullpath = _strdup(filename);
|
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!fullpath)
|
|
|
|
|
goto out_fail;
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
fp = fopen(fullpath, "w+");
|
|
|
|
|
|
|
|
|
|
if (fp)
|
|
|
|
|
{
|
2014-07-17 01:13:02 +04:00
|
|
|
|
if (context->pfxFormat)
|
|
|
|
|
{
|
|
|
|
|
if (!context->password)
|
|
|
|
|
{
|
|
|
|
|
context->password = _strdup("password");
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->password)
|
|
|
|
|
goto out_fail;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2014-07-17 01:13:02 +04:00
|
|
|
|
printf("Using default export password \"password\"\n");
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-26 17:12:14 +03:00
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
2014-07-17 01:13:02 +04:00
|
|
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
|
OpenSSL_add_all_ciphers();
|
|
|
|
|
OpenSSL_add_all_digests();
|
2017-04-06 11:37:28 +03:00
|
|
|
|
#else
|
|
|
|
|
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
|
|
|
|
|
| OPENSSL_INIT_ADD_ALL_DIGESTS \
|
|
|
|
|
| OPENSSL_INIT_LOAD_CONFIG, NULL);
|
|
|
|
|
#endif
|
2014-09-20 00:23:19 +04:00
|
|
|
|
context->pkcs12 = PKCS12_create(context->password, context->default_name,
|
2017-04-06 11:37:28 +03:00
|
|
|
|
context->pkey, context->x509, NULL, 0, 0, 0, 0, 0);
|
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->pkcs12)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
bio = BIO_new(BIO_s_mem());
|
|
|
|
|
|
|
|
|
|
if (!bio)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
status = i2d_PKCS12_bio(bio, context->pkcs12);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (status != 1)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
offset = 0;
|
|
|
|
|
length = 2048;
|
|
|
|
|
x509_str = (BYTE*) malloc(length);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2014-11-17 02:47:54 +03:00
|
|
|
|
if (!x509_str)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2014-11-17 02:47:54 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
status = BIO_read(bio, x509_str, length);
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
if (status < 0)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
offset += status;
|
|
|
|
|
|
|
|
|
|
while (offset >= length)
|
|
|
|
|
{
|
2015-03-11 10:00:05 +03:00
|
|
|
|
int new_len;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
BYTE* new_str;
|
2015-03-11 10:00:05 +03:00
|
|
|
|
new_len = length * 2;
|
|
|
|
|
new_str = (BYTE*) realloc(x509_str, new_len);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-03-11 10:00:05 +03:00
|
|
|
|
if (!new_str)
|
|
|
|
|
{
|
|
|
|
|
status = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
length = new_len;
|
|
|
|
|
x509_str = new_str;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
status = BIO_read(bio, &x509_str[offset], length);
|
2014-07-17 01:13:02 +04:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
if (status < 0)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
offset += status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
length = offset;
|
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (fwrite((void*) x509_str, length, 1, fp) != 1)
|
|
|
|
|
goto out_fail;
|
2014-07-17 01:13:02 +04:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2014-09-20 00:23:19 +04:00
|
|
|
|
bio = BIO_new(BIO_s_mem());
|
|
|
|
|
|
|
|
|
|
if (!bio)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!PEM_write_bio_X509(bio, context->x509))
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
offset = 0;
|
|
|
|
|
length = 2048;
|
|
|
|
|
x509_str = (BYTE*) malloc(length);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!x509_str)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
status = BIO_read(bio, x509_str, length);
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
if (status < 0)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
offset += status;
|
|
|
|
|
|
|
|
|
|
while (offset >= length)
|
|
|
|
|
{
|
2015-03-11 10:00:05 +03:00
|
|
|
|
int new_len;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
BYTE* new_str;
|
2015-03-11 10:00:05 +03:00
|
|
|
|
new_len = length * 2;
|
|
|
|
|
new_str = (BYTE*) realloc(x509_str, new_len);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-03-11 10:00:05 +03:00
|
|
|
|
if (!new_str)
|
|
|
|
|
{
|
|
|
|
|
status = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
length = new_len;
|
|
|
|
|
x509_str = new_str;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
status = BIO_read(bio, &x509_str[offset], length);
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
offset += status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
length = offset;
|
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (fwrite((void*) x509_str, length, 1, fp) != 1)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
free(x509_str);
|
2015-06-17 23:08:02 +03:00
|
|
|
|
x509_str = NULL;
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2015-06-17 23:08:02 +03:00
|
|
|
|
bio = NULL;
|
2014-07-17 01:13:02 +04:00
|
|
|
|
|
|
|
|
|
if (context->pemFormat)
|
2014-09-20 00:23:19 +04:00
|
|
|
|
{
|
|
|
|
|
bio = BIO_new(BIO_s_mem());
|
|
|
|
|
|
|
|
|
|
if (!bio)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
status = PEM_write_bio_PrivateKey(bio, context->pkey, NULL, NULL, 0, NULL, NULL);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2017-03-28 17:18:00 +03:00
|
|
|
|
if (status < 0)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
offset = 0;
|
|
|
|
|
length = 2048;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!(x509_str = (BYTE*) malloc(length)))
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
status = BIO_read(bio, x509_str, length);
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
if (status < 0)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
offset += status;
|
|
|
|
|
|
|
|
|
|
while (offset >= length)
|
|
|
|
|
{
|
2015-03-11 10:00:05 +03:00
|
|
|
|
int new_len;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
BYTE* new_str;
|
2015-03-11 10:00:05 +03:00
|
|
|
|
new_len = length * 2;
|
|
|
|
|
new_str = (BYTE*) realloc(x509_str, new_len);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-03-11 10:00:05 +03:00
|
|
|
|
if (!new_str)
|
|
|
|
|
{
|
|
|
|
|
status = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
length = new_len;
|
|
|
|
|
x509_str = new_str;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
status = BIO_read(bio, &x509_str[offset], length);
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
offset += status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
goto out_fail;
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
length = offset;
|
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (fwrite((void*) x509_str, length, 1, fp) != 1)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
}
|
2014-07-17 01:13:02 +04:00
|
|
|
|
}
|
2013-03-23 01:34:57 +04:00
|
|
|
|
}
|
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
ret = 1;
|
|
|
|
|
out_fail:
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (fp)
|
|
|
|
|
fclose(fp);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
free(x509_str);
|
2013-03-23 01:34:57 +04:00
|
|
|
|
free(filename);
|
|
|
|
|
free(fullpath);
|
2015-06-17 23:08:02 +03:00
|
|
|
|
return ret;
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#else
|
|
|
|
|
return 1;
|
|
|
|
|
#endif
|
2013-03-23 01:34:57 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int makecert_context_output_private_key_file(MAKECERT_CONTEXT* context, char* path)
|
|
|
|
|
{
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
2015-06-26 16:58:01 +03:00
|
|
|
|
FILE* fp = NULL;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
int status;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
int length;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
int offset;
|
2015-06-26 16:58:01 +03:00
|
|
|
|
char* filename = NULL;
|
|
|
|
|
char* fullpath = NULL;
|
|
|
|
|
int ret = -1;
|
|
|
|
|
BIO* bio = NULL;
|
|
|
|
|
BYTE* x509_str = NULL;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
2014-07-17 01:13:02 +04:00
|
|
|
|
if (!context->crtFormat)
|
|
|
|
|
return 1;
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
if (!context->output_file)
|
2015-06-29 19:07:26 +03:00
|
|
|
|
{
|
2015-06-29 19:10:59 +03:00
|
|
|
|
context->output_file = _strdup(context->default_name);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-30 09:14:28 +03:00
|
|
|
|
if (!context->output_file)
|
2015-06-29 19:10:59 +03:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Output Private Key File
|
|
|
|
|
*/
|
|
|
|
|
length = strlen(context->output_file);
|
|
|
|
|
filename = malloc(length + 8);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!filename)
|
|
|
|
|
return -1;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2018-08-24 10:54:25 +03:00
|
|
|
|
sprintf_s(filename, length + 8, "%s.key", context->output_file);
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
|
|
|
|
if (path)
|
|
|
|
|
fullpath = GetCombinedPath(path, filename);
|
|
|
|
|
else
|
|
|
|
|
fullpath = _strdup(filename);
|
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!fullpath)
|
2015-06-26 16:58:01 +03:00
|
|
|
|
goto out_fail;
|
2015-06-17 23:08:02 +03:00
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
fp = fopen(fullpath, "w+");
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (!fp)
|
|
|
|
|
goto out_fail;
|
2013-03-23 01:34:57 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
bio = BIO_new(BIO_s_mem());
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (!bio)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (!PEM_write_bio_PrivateKey(bio, context->pkey, NULL, NULL, 0, NULL, NULL))
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
offset = 0;
|
|
|
|
|
length = 2048;
|
|
|
|
|
x509_str = (BYTE*) malloc(length);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (!x509_str)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
status = BIO_read(bio, x509_str, length);
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (status < 0)
|
|
|
|
|
goto out_fail;
|
|
|
|
|
|
|
|
|
|
offset += status;
|
|
|
|
|
|
|
|
|
|
while (offset >= length)
|
|
|
|
|
{
|
|
|
|
|
int new_len;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
BYTE* new_str;
|
2015-06-26 16:58:01 +03:00
|
|
|
|
new_len = length * 2;
|
|
|
|
|
new_str = (BYTE*) realloc(x509_str, new_len);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (!new_str)
|
2014-09-20 00:23:19 +04:00
|
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
|
status = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-03-11 10:00:05 +03:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
length = new_len;
|
|
|
|
|
x509_str = new_str;
|
|
|
|
|
status = BIO_read(bio, &x509_str[offset], length);
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (status < 0)
|
|
|
|
|
break;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
offset += status;
|
|
|
|
|
}
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (status < 0)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
length = offset;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (fwrite((void*) x509_str, length, 1, fp) != 1)
|
|
|
|
|
goto out_fail;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
ret = 1;
|
|
|
|
|
out_fail:
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
|
if (fp)
|
2013-03-23 01:34:57 +04:00
|
|
|
|
fclose(fp);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2015-06-26 16:58:01 +03:00
|
|
|
|
free(x509_str);
|
2013-03-23 01:34:57 +04:00
|
|
|
|
free(filename);
|
|
|
|
|
free(fullpath);
|
2015-06-26 16:58:01 +03:00
|
|
|
|
return ret;
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#else
|
|
|
|
|
return 1;
|
|
|
|
|
#endif
|
2013-03-23 01:34:57 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
|
|
|
|
{
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
2013-03-13 01:57:16 +04:00
|
|
|
|
int length;
|
|
|
|
|
char* entry;
|
2017-11-14 18:10:52 +03:00
|
|
|
|
unsigned long key_length;
|
2013-03-13 08:26:10 +04:00
|
|
|
|
long serial = 0;
|
2013-03-13 01:57:16 +04:00
|
|
|
|
X509_NAME* name = NULL;
|
2013-03-13 05:53:41 +04:00
|
|
|
|
const EVP_MD* md = NULL;
|
2013-03-13 01:57:16 +04:00
|
|
|
|
COMMAND_LINE_ARGUMENT_A* arg;
|
2015-06-17 23:08:02 +03:00
|
|
|
|
int ret;
|
|
|
|
|
ret = makecert_context_parse_arguments(context, argc, argv);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (ret < 1)
|
2017-01-12 13:04:34 +03:00
|
|
|
|
{
|
2015-06-17 23:08:02 +03:00
|
|
|
|
return ret;
|
2017-01-12 13:04:34 +03:00
|
|
|
|
}
|
2013-03-23 00:59:54 +04:00
|
|
|
|
|
2014-07-18 00:47:29 +04:00
|
|
|
|
if (!context->default_name && !context->common_name)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
{
|
2014-07-18 00:47:29 +04:00
|
|
|
|
context->default_name = x509_get_default_name();
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->default_name)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2014-07-18 00:47:29 +04:00
|
|
|
|
else
|
2015-06-17 23:08:02 +03:00
|
|
|
|
{
|
2014-07-18 00:47:29 +04:00
|
|
|
|
context->default_name = _strdup(context->common_name);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->default_name)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2014-07-18 00:47:29 +04:00
|
|
|
|
if (!context->common_name)
|
2015-06-17 23:08:02 +03:00
|
|
|
|
{
|
2014-07-18 00:47:29 +04:00
|
|
|
|
context->common_name = _strdup(context->default_name);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-06-17 23:08:02 +03:00
|
|
|
|
if (!context->common_name)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2013-03-13 08:26:10 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (!context->pkey)
|
|
|
|
|
context->pkey = EVP_PKEY_new();
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (!context->pkey)
|
2013-03-13 01:57:16 +04:00
|
|
|
|
return -1;
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (!context->x509)
|
|
|
|
|
context->x509 = X509_new();
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (!context->x509)
|
2013-03-13 01:57:16 +04:00
|
|
|
|
return -1;
|
|
|
|
|
|
2013-03-13 05:53:41 +04:00
|
|
|
|
key_length = 2048;
|
|
|
|
|
arg = CommandLineFindArgumentA(args, "len");
|
|
|
|
|
|
|
|
|
|
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
|
|
|
|
{
|
2017-11-14 18:10:52 +03:00
|
|
|
|
key_length = strtoul(arg->Value, NULL, 0);
|
|
|
|
|
|
|
|
|
|
if (errno != 0)
|
|
|
|
|
return -1;
|
2013-03-13 05:53:41 +04:00
|
|
|
|
}
|
|
|
|
|
|
2017-07-26 17:12:14 +03:00
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
2013-03-23 01:34:57 +04:00
|
|
|
|
context->rsa = RSA_generate_key(key_length, RSA_F4, NULL, NULL);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
#else
|
|
|
|
|
{
|
|
|
|
|
BIGNUM* rsa = BN_secure_new();
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (!rsa)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2017-08-17 14:16:32 +03:00
|
|
|
|
context->rsa = RSA_new();
|
2017-11-14 18:10:52 +03:00
|
|
|
|
|
2017-08-17 14:16:32 +03:00
|
|
|
|
if (!context->rsa)
|
|
|
|
|
{
|
|
|
|
|
BN_clear_free(rsa);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2017-11-14 18:10:52 +03:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
BN_set_word(rsa, RSA_F4);
|
|
|
|
|
rc = RSA_generate_key_ex(context->rsa, key_length, rsa, NULL);
|
|
|
|
|
BN_clear_free(rsa);
|
|
|
|
|
|
|
|
|
|
if (rc != 1)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
if (!EVP_PKEY_assign_RSA(context->pkey, context->rsa))
|
2013-03-13 01:57:16 +04:00
|
|
|
|
return -1;
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
context->rsa = NULL;
|
2013-03-23 00:59:54 +04:00
|
|
|
|
X509_set_version(context->x509, 2);
|
2013-03-13 08:26:10 +04:00
|
|
|
|
arg = CommandLineFindArgumentA(args, "#");
|
|
|
|
|
|
|
|
|
|
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
2017-11-14 18:10:52 +03:00
|
|
|
|
{
|
|
|
|
|
serial = strtol(arg->Value, NULL, 0);
|
|
|
|
|
|
|
|
|
|
if (errno != 0)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2013-03-13 08:26:10 +04:00
|
|
|
|
else
|
|
|
|
|
serial = (long) GetTickCount64();
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
ASN1_INTEGER_set(X509_get_serialNumber(context->x509), serial);
|
2014-07-18 00:47:29 +04:00
|
|
|
|
{
|
2017-04-06 11:37:28 +03:00
|
|
|
|
ASN1_TIME* before;
|
|
|
|
|
ASN1_TIME* after;
|
2017-07-26 17:12:14 +03:00
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
2017-04-06 11:37:28 +03:00
|
|
|
|
before = X509_get_notBefore(context->x509);
|
|
|
|
|
after = X509_get_notAfter(context->x509);
|
|
|
|
|
#else
|
|
|
|
|
before = X509_getm_notBefore(context->x509);
|
|
|
|
|
after = X509_getm_notAfter(context->x509);
|
|
|
|
|
#endif
|
|
|
|
|
X509_gmtime_adj(before, 0);
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
if (context->duration_months)
|
|
|
|
|
X509_gmtime_adj(after, (long)(60 * 60 * 24 * 31 * context->duration_months));
|
|
|
|
|
else if (context->duration_years)
|
|
|
|
|
X509_gmtime_adj(after, (long)(60 * 60 * 24 * 365 * context->duration_years));
|
|
|
|
|
}
|
2013-03-23 00:59:54 +04:00
|
|
|
|
X509_set_pubkey(context->x509, context->pkey);
|
|
|
|
|
name = X509_get_subject_name(context->x509);
|
2013-03-13 01:57:16 +04:00
|
|
|
|
arg = CommandLineFindArgumentA(args, "n");
|
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
2013-03-13 01:57:16 +04:00
|
|
|
|
{
|
2013-03-13 08:26:10 +04:00
|
|
|
|
entry = x509_name_parse(arg->Value, "C", &length);
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
if (entry)
|
|
|
|
|
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
entry = x509_name_parse(arg->Value, "ST", &length);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
if (entry)
|
|
|
|
|
X509_NAME_add_entry_by_txt(name, "ST", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
entry = x509_name_parse(arg->Value, "L", &length);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
if (entry)
|
|
|
|
|
X509_NAME_add_entry_by_txt(name, "L", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
entry = x509_name_parse(arg->Value, "O", &length);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
if (entry)
|
|
|
|
|
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
entry = x509_name_parse(arg->Value, "OU", &length);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2013-03-13 08:26:10 +04:00
|
|
|
|
if (entry)
|
|
|
|
|
X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
2014-07-18 00:47:29 +04:00
|
|
|
|
entry = context->common_name;
|
|
|
|
|
length = strlen(entry);
|
2013-03-13 08:26:10 +04:00
|
|
|
|
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
2013-03-13 01:57:16 +04:00
|
|
|
|
}
|
2013-03-13 08:26:10 +04:00
|
|
|
|
else
|
|
|
|
|
{
|
2014-07-18 00:47:29 +04:00
|
|
|
|
entry = context->common_name;
|
2013-03-13 08:26:10 +04:00
|
|
|
|
length = strlen(entry);
|
|
|
|
|
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8, (const unsigned char*) entry, length, -1, 0);
|
|
|
|
|
}
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
X509_set_issuer_name(context->x509, name);
|
|
|
|
|
x509_add_ext(context->x509, NID_ext_key_usage, "serverAuth");
|
2013-03-13 05:53:41 +04:00
|
|
|
|
arg = CommandLineFindArgumentA(args, "a");
|
2017-01-12 13:04:34 +03:00
|
|
|
|
md = EVP_sha256();
|
2013-03-13 05:53:41 +04:00
|
|
|
|
|
|
|
|
|
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
|
|
|
|
{
|
|
|
|
|
if (strcmp(arg->Value, "md5") == 0)
|
|
|
|
|
md = EVP_md5();
|
|
|
|
|
else if (strcmp(arg->Value, "sha1") == 0)
|
|
|
|
|
md = EVP_sha1();
|
|
|
|
|
else if (strcmp(arg->Value, "sha256") == 0)
|
|
|
|
|
md = EVP_sha256();
|
|
|
|
|
else if (strcmp(arg->Value, "sha384") == 0)
|
|
|
|
|
md = EVP_sha384();
|
|
|
|
|
else if (strcmp(arg->Value, "sha512") == 0)
|
|
|
|
|
md = EVP_sha512();
|
|
|
|
|
}
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (!X509_sign(context->x509, context->pkey, md))
|
2013-03-13 01:57:16 +04:00
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
/**
|
2013-03-23 01:34:57 +04:00
|
|
|
|
* Print certificate
|
2013-03-13 08:26:10 +04:00
|
|
|
|
*/
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
if (!context->silent)
|
2014-09-20 00:23:19 +04:00
|
|
|
|
{
|
|
|
|
|
BIO* bio;
|
|
|
|
|
int status;
|
|
|
|
|
int length;
|
|
|
|
|
int offset;
|
|
|
|
|
BYTE* x509_str;
|
|
|
|
|
bio = BIO_new(BIO_s_mem());
|
|
|
|
|
|
|
|
|
|
if (!bio)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
status = X509_print(bio, context->x509);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2017-03-28 17:18:00 +03:00
|
|
|
|
if (status < 0)
|
|
|
|
|
{
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2017-03-28 17:18:00 +03:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
offset = 0;
|
|
|
|
|
length = 2048;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
|
if (!(x509_str = (BYTE*) malloc(length + 1)))
|
|
|
|
|
{
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2015-04-03 17:21:01 +03:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
2014-09-20 00:23:19 +04:00
|
|
|
|
|
|
|
|
|
status = BIO_read(bio, x509_str, length);
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
if (status < 0)
|
2015-04-03 17:21:01 +03:00
|
|
|
|
{
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2015-04-03 17:21:01 +03:00
|
|
|
|
free(x509_str);
|
2014-09-20 00:23:19 +04:00
|
|
|
|
return -1;
|
2015-04-03 17:21:01 +03:00
|
|
|
|
}
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
offset += status;
|
|
|
|
|
|
|
|
|
|
while (offset >= length)
|
|
|
|
|
{
|
2015-03-11 10:00:05 +03:00
|
|
|
|
int new_len;
|
2017-04-06 11:37:28 +03:00
|
|
|
|
BYTE* new_str;
|
2015-03-11 10:00:05 +03:00
|
|
|
|
new_len = length * 2;
|
|
|
|
|
new_str = (BYTE*) realloc(x509_str, new_len);
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-03-11 10:00:05 +03:00
|
|
|
|
if (!new_str)
|
|
|
|
|
{
|
|
|
|
|
status = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
x509_str = new_str;
|
2017-01-12 17:46:13 +03:00
|
|
|
|
status = BIO_read(bio, &x509_str[offset], new_len);
|
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
if (status < 0)
|
|
|
|
|
break;
|
|
|
|
|
|
2017-01-12 17:46:13 +03:00
|
|
|
|
length = length + new_len;
|
2014-09-20 00:23:19 +04:00
|
|
|
|
offset += status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
|
|
|
|
return -1;
|
2017-01-12 13:04:34 +03:00
|
|
|
|
|
2014-09-20 00:23:19 +04:00
|
|
|
|
length = offset;
|
|
|
|
|
x509_str[length] = '\0';
|
|
|
|
|
printf("%s", x509_str);
|
|
|
|
|
free(x509_str);
|
2018-11-08 14:09:49 +03:00
|
|
|
|
BIO_free_all(bio);
|
2014-09-20 00:23:19 +04:00
|
|
|
|
}
|
2013-03-13 08:26:10 +04:00
|
|
|
|
|
|
|
|
|
/**
|
2013-03-23 01:34:57 +04:00
|
|
|
|
* Output certificate and private key to files
|
2013-03-13 08:26:10 +04:00
|
|
|
|
*/
|
|
|
|
|
|
2013-03-23 01:34:57 +04:00
|
|
|
|
if (!context->live)
|
2013-03-13 08:26:10 +04:00
|
|
|
|
{
|
2014-07-18 00:47:29 +04:00
|
|
|
|
makecert_context_output_certificate_file(context, context->output_path);
|
2014-07-17 01:13:02 +04:00
|
|
|
|
|
|
|
|
|
if (context->crtFormat)
|
2017-01-12 13:04:34 +03:00
|
|
|
|
{
|
2015-06-29 19:10:59 +03:00
|
|
|
|
if (makecert_context_output_private_key_file(context, context->output_path) < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2013-03-13 08:26:10 +04:00
|
|
|
|
}
|
2017-04-06 11:37:28 +03:00
|
|
|
|
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#endif
|
2013-03-13 01:57:16 +04:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-06 11:37:28 +03:00
|
|
|
|
MAKECERT_CONTEXT* makecert_context_new(void)
|
2013-03-13 08:26:10 +04:00
|
|
|
|
{
|
2017-04-06 11:37:28 +03:00
|
|
|
|
MAKECERT_CONTEXT* context = (MAKECERT_CONTEXT*) calloc(1, sizeof(MAKECERT_CONTEXT));
|
2013-03-13 01:57:16 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
if (context)
|
2012-11-27 07:42:40 +04:00
|
|
|
|
{
|
2014-07-17 01:13:02 +04:00
|
|
|
|
context->crtFormat = TRUE;
|
2014-07-18 00:47:29 +04:00
|
|
|
|
context->duration_years = 1;
|
2012-11-27 07:42:40 +04:00
|
|
|
|
}
|
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
return context;
|
|
|
|
|
}
|
2012-11-27 07:42:40 +04:00
|
|
|
|
|
2013-03-23 00:59:54 +04:00
|
|
|
|
void makecert_context_free(MAKECERT_CONTEXT* context)
|
|
|
|
|
{
|
|
|
|
|
if (context)
|
2012-11-27 07:42:40 +04:00
|
|
|
|
{
|
2014-07-17 01:13:02 +04:00
|
|
|
|
free(context->password);
|
2013-03-23 01:34:57 +04:00
|
|
|
|
free(context->default_name);
|
2014-10-01 20:18:17 +04:00
|
|
|
|
free(context->common_name);
|
2015-06-17 23:08:02 +03:00
|
|
|
|
free(context->output_file);
|
|
|
|
|
free(context->output_path);
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#ifdef WITH_OPENSSL
|
|
|
|
|
X509_free(context->x509);
|
|
|
|
|
EVP_PKEY_free(context->pkey);
|
2018-05-01 16:43:36 +03:00
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
2013-03-23 01:34:57 +04:00
|
|
|
|
CRYPTO_cleanup_all_ex_data();
|
2015-10-05 23:23:44 +03:00
|
|
|
|
#endif
|
2017-04-06 11:37:28 +03:00
|
|
|
|
#endif
|
2013-03-23 00:59:54 +04:00
|
|
|
|
free(context);
|
2012-11-27 07:42:40 +04:00
|
|
|
|
}
|
|
|
|
|
}
|