34#include <openssl/pem.h>
35#include <openssl/x509.h>
36#include <openssl/x509v3.h>
39#include "openssl/applink.c"
44EVP_PKEY * generate_key()
47 EVP_PKEY * pkey = EVP_PKEY_new();
50 std::cerr <<
"Unable to create EVP_PKEY structure." << std::endl;
55 RSA * rsa = RSA_generate_key(2048, RSA_F4, NULL, NULL);
56 if(!EVP_PKEY_assign_RSA(pkey, rsa))
58 std::cerr <<
"Unable to generate 2048-bit RSA key." << std::endl;
67int cs_cert_set_subject_alt_name(X509 *x509_cert, std::string name)
69 const char *subject_alt_name = name.c_str();
70 X509_EXTENSION *extension_san = NULL;
71 ASN1_OCTET_STRING *subject_alt_name_ASN1 = NULL;
74 subject_alt_name_ASN1 = ASN1_OCTET_STRING_new();
75 if (!subject_alt_name_ASN1) {
78 ASN1_OCTET_STRING_set(subject_alt_name_ASN1, (
unsigned char*) subject_alt_name, strlen(subject_alt_name));
79 if (!X509_EXTENSION_create_by_NID(&extension_san, NID_subject_alt_name, 0, subject_alt_name_ASN1)) {
82 ASN1_OCTET_STRING_free(subject_alt_name_ASN1);
83 ret = X509_add_ext(x509_cert, extension_san, -1);
87 X509_EXTENSION_free(extension_san);
91 if (subject_alt_name_ASN1) ASN1_OCTET_STRING_free(subject_alt_name_ASN1);
92 if (extension_san) X509_EXTENSION_free(extension_san);
98X509 * generate_x509(EVP_PKEY * pkey, std::string ip_v4)
101 X509 * x509 = X509_new();
104 std::cerr <<
"Unable to create X509 structure." << std::endl;
109 ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
113 X509_gmtime_adj(X509_get_notBefore(x509), 0);
114 X509_gmtime_adj(X509_get_notAfter(x509), 31536000L);
117 X509_set_pubkey(x509, pkey);
120 X509_NAME * name = X509_get_subject_name(x509);
123 X509_NAME_add_entry_by_txt(name,
"C", MBSTRING_ASC, (
unsigned char *)
"CA", -1, -1, 0);
124 X509_NAME_add_entry_by_txt(name,
"O", MBSTRING_ASC, (
unsigned char *)
"MyCompany", -1, -1, 0);
125 X509_NAME_add_entry_by_txt(name,
"CN", MBSTRING_ASC, (
unsigned char *)
"localhost", -1, -1, 0);
133 GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null();
134 std::string dns_name =
"www.example.com";
135 GENERAL_NAME *gen_dns = GENERAL_NAME_new();
136 ASN1_IA5STRING *ia5 = ASN1_IA5STRING_new();
137 ASN1_STRING_set(ia5, dns_name.data(), dns_name.length());
138 GENERAL_NAME_set0_value(gen_dns, GEN_DNS, ia5);
139 sk_GENERAL_NAME_push(gens, gen_dns);
141 in_addr_t ipv4 = inet_addr(ip_v4.c_str());
142 GENERAL_NAME *gen_ip = GENERAL_NAME_new();
143 ASN1_OCTET_STRING *octet = ASN1_OCTET_STRING_new();
144 ASN1_STRING_set(octet, &ipv4,
sizeof(ipv4));
145 GENERAL_NAME_set0_value(gen_ip, GEN_IPADD, octet);
146 sk_GENERAL_NAME_push(gens, gen_ip);
148 X509_add1_ext_i2d(x509, NID_subject_alt_name, gens, 0, X509V3_ADD_DEFAULT);
150 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
153 std::string ext_name(
"IP: ");
155 cs_cert_set_subject_alt_name(x509, ext_name);
158 X509_set_issuer_name(x509, name);
161 if(!X509_sign(x509, pkey, EVP_sha1()))
163 std::cerr <<
"Error signing certificate." << std::endl;
171bool write_to_disk(EVP_PKEY * pkey, X509 * x509, std::string cert_directory)
174 std::string key_file = cert_directory;
175 key_file +=
"key.pem";
176 FILE * pkey_file = fopen(key_file.c_str(),
"wb");
179 std::cerr <<
"Unable to open \"key.pem\" for writing." << std::endl;
184 bool ret = PEM_write_PrivateKey(pkey_file, pkey, NULL, NULL, 0, NULL, NULL);
189 std::cerr <<
"Unable to write private key to disk." << std::endl;
194 std::string cert_file = cert_directory;
195 cert_file +=
"cert.pem";
197 FILE * x509_file = fopen(cert_file.c_str(),
"wb");
200 std::cerr <<
"Unable to open \"cert.pem\" for writing." << std::endl;
205 ret = PEM_write_X509(x509_file, x509);
210 std::cerr <<
"Unable to write certificate to disk." << std::endl;
217int make_certificate(std::string ipv4, std::string destination_dir)
220 std::cout <<
"Generating RSA key..." << std::endl;
222 EVP_PKEY * pkey = generate_key();
227 std::cout <<
"Generating x509 certificate..." << std::endl;
229 X509 * x509 = generate_x509(pkey, ipv4);
237 std::cout <<
"Writing key and certificate to disk..." << std::endl;
239 bool ret = write_to_disk(pkey, x509, destination_dir);
245 std::cout <<
"Success!" << std::endl;