search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cert-crypto: generate certificate request
[siplcs.git] / src / core / sipe-cert-crypto-nss.c
blob7bafa6c04598c3d813f1a79c09bf1e422fc7347c
1 /**
2 * @file sipe-cert-crypto-nss.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2011 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22
23 /**
24 * Certificate routines implementation based on NSS.
25 */
26
27 #include <glib.h>
28
29 #include "cert.h"
30 #include "cryptohi.h"
31 #include "keyhi.h"
32 #include "pk11pub.h"
33
34 #include "sipe-backend.h"
35 #include "sipe-cert-crypto.h"
36
37 struct sipe_cert_crypto {
38 SECKEYPrivateKey *private;
39 SECKEYPublicKey *public;
40 };
41
42 struct sipe_cert_crypto *sipe_cert_crypto_init(void)
43 {
44 PK11SlotInfo *slot = PK11_GetInternalKeySlot();
45
46 if (slot) {
47 PK11RSAGenParams rsaParams;
48 struct sipe_cert_crypto *ssc = g_new0(struct sipe_cert_crypto, 1);
49
50 /* RSA parameters - should those be configurable? */
51 rsaParams.keySizeInBits = 2048;
52 rsaParams.pe = 65537;
53
54 SIPE_DEBUG_INFO_NOFORMAT("sipe_cert_crypto_init: generate key pair, this might take a while...");
55 ssc->private = PK11_GenerateKeyPair(slot,
56 CKM_RSA_PKCS_KEY_PAIR_GEN,
57 &rsaParams,
58 &ssc->public,
59 PR_FALSE, /* not permanent */
60 PR_TRUE, /* sensitive */
61 NULL);
62 if (ssc->private) {
63 SIPE_DEBUG_INFO_NOFORMAT("sipe_cert_crypto_init: key pair generated");
64 PK11_FreeSlot(slot);
65 return(ssc);
66 }
67
68 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_init: key generation failed");
69 g_free(ssc);
70 PK11_FreeSlot(slot);
71 }
72
73 return(NULL);
74 }
75
76 void sipe_cert_crypto_free(struct sipe_cert_crypto *ssc)
77 {
78 if (ssc) {
79 if (ssc->public)
80 SECKEY_DestroyPublicKey(ssc->public);
81 if (ssc->private)
82 SECKEY_DestroyPrivateKey(ssc->private);
83 g_free(ssc);
84 }
85 }
86
87 static gchar *sign_certreq(CERTCertificateRequest *certreq,
88 SECKEYPrivateKey *private)
89 {
90 PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
91 gchar *base64 = NULL;
92
93 if (arena) {
94 SECItem *encoding = SEC_ASN1EncodeItem(arena,
95 NULL,
96 certreq,
97 SEC_ASN1_GET(CERT_CertificateRequestTemplate));
98
99 if (encoding) {
100 SECOidTag signtag = SEC_GetSignatureAlgorithmOidTag(private->keyType,
101 SEC_OID_UNKNOWN);
102
103 if (signtag) {
104 SECItem raw;
105
106 if (!SEC_DerSignData(arena,
107 &raw,
108 encoding->data,
109 encoding->len,
110 private,
111 signtag)) {
112
113 SIPE_DEBUG_INFO_NOFORMAT("sign_certreq: request signed successfully");
114 base64 = g_base64_encode(raw.data, raw.len);
115
116 } else {
117 SIPE_DEBUG_ERROR_NOFORMAT("sign_certreq: signing failed");
118 }
119 } else {
120 SIPE_DEBUG_ERROR_NOFORMAT("sign_certreq: can't find signature algorithm");
121 }
122
123 /* all memory allocated from "arena"
124 SECITEM_FreeItem(encoding, PR_TRUE); */
125 } else {
126 SIPE_DEBUG_ERROR_NOFORMAT("sign_certreq: can't ASN.1 encode certreq");
127 }
128
129 PORT_FreeArena(arena, PR_TRUE);
130 } else {
131 SIPE_DEBUG_ERROR_NOFORMAT("sign_certreq: can't allocate memory");
132 }
133
134 return(base64);
135 }
136
137 gchar *sipe_cert_crypto_request(struct sipe_cert_crypto *ssc,
138 const gchar *subject)
139 {
140 gchar *base64 = NULL;
141 SECItem *pkd;
142
143 if (!ssc || !subject)
144 return(NULL);
145
146 pkd = SECKEY_EncodeDERSubjectPublicKeyInfo(ssc->public);
147 if (pkd) {
148 CERTSubjectPublicKeyInfo *spki = SECKEY_DecodeDERSubjectPublicKeyInfo(pkd);
149
150 if (spki) {
151 gchar *cn = g_strdup_printf("CN=%s", subject);
152 CERTName *name = CERT_AsciiToName(cn);
153 g_free(cn);
154
155 if (name) {
156 CERTCertificateRequest *certreq = CERT_CreateCertificateRequest(name,
157 spki,
158 NULL);
159
160 if (certreq) {
161 base64 = sign_certreq(certreq, ssc->private);
162 CERT_DestroyCertificateRequest(certreq);
163 } else {
164 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_create: certreq creation failed");
165 }
166
167 CERT_DestroyName(name);
168 } else {
169 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_create: subject name creation failed");
170 }
171
172 SECKEY_DestroySubjectPublicKeyInfo(spki);
173 } else {
174 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_create: DER decode public key info failed");
175 }
176
177 SECITEM_FreeItem(pkd, PR_TRUE);
178 } else {
179 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_create: DER encode failed");
180 }
181
182 return(base64);
183 }
184
185 void sipe_cert_crypto_destroy(gpointer certificate)
186 {
187 /* temporary */
188 (void)certificate;
189 }
190
191 /*
192 Local Variables:
193 mode: c
194 c-file-style: "bsd"
195 indent-tabs-mode: t
196 tab-width: 8
197 End:
198 */
A third-party Pidgin plugin for Microsoft LCS/OCS