本文整理汇总了C++中sk_X509_free函数的典型用法代码示例。如果您正苦于以下问题:C++ sk_X509_free函数的具体用法?C++ sk_X509_free怎么用?C++ sk_X509_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sk_X509_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: g_tls_database_openssl_verify_chain
static GTlsCertificateFlags
g_tls_database_openssl_verify_chain (GTlsDatabase *database,
GTlsCertificate *chain,
const gchar *purpose,
GSocketConnectable *identity,
GTlsInteraction *interaction,
GTlsDatabaseVerifyFlags flags,
GCancellable *cancellable,
GError **error)
{
GTlsDatabaseOpenssl *self = G_TLS_DATABASE_OPENSSL (database);
GTlsDatabaseOpensslPrivate *priv;
STACK_OF(X509) *certs;
X509_STORE_CTX *csc;
X509 *x;
GTlsCertificateFlags result = 0;
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (chain),
G_TLS_CERTIFICATE_GENERIC_ERROR);
priv = g_tls_database_openssl_get_instance_private (self);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
csc = X509_STORE_CTX_new ();
x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
if (!X509_STORE_CTX_init (csc, priv->store, x, certs))
{
X509_STORE_CTX_free (csc);
sk_X509_free (certs);
return G_TLS_CERTIFICATE_GENERIC_ERROR;
}
if (X509_verify_cert (csc) <= 0)
result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
X509_STORE_CTX_free (csc);
sk_X509_free (certs);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
/* We have to check these ourselves since openssl
* does not give us flags and UNKNOWN_CA will take priority.
*/
result |= double_check_before_after_dates (G_TLS_CERTIFICATE_OPENSSL (chain));
if (identity)
result |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (chain),
identity);
return result;
}示例2: STACK_OF
void pki_pkcs7::signBio(pki_x509 *crt, BIO *bio)
{
pki_key *privkey;
EVP_PKEY *pk;
STACK_OF(X509) *certstack;
if (!crt)
return;
privkey = crt->getRefKey();
if (!privkey)
throw errorEx("No private key for signing found", getClassName());
certstack = sk_X509_new_null();
pki_x509 *signer = crt->getSigner();
if (signer == crt)
signer = NULL;
while (signer != NULL ) {
sk_X509_push(certstack, signer->getCert());
openssl_error();
if (signer == signer->getSigner() )
signer = NULL;
else
signer = signer->getSigner();
}
if (p7)
PKCS7_free(p7);
pk = privkey->decryptKey();
p7 = PKCS7_sign(crt->getCert(), pk, certstack, bio, PKCS7_BINARY);
EVP_PKEY_free(pk);
openssl_error();
sk_X509_free(certstack);
}示例3: CA_passive_authentication
int
CA_passive_authentication(const EAC_CTX *ctx, PKCS7 *ef_cardsecurity)
{
X509 *ds_cert;
X509_STORE *store;
STACK_OF(X509) *ds_certs = NULL;
unsigned long issuer_name_hash;
int ret = 0;
check(ef_cardsecurity && ctx && ctx->ca_ctx && ctx->ca_ctx->lookup_csca_cert, "Invalid arguments");
/* Extract the DS certificates from the EF.CardSecurity */
ds_certs = PKCS7_get0_signers(ef_cardsecurity, NULL, 0);
check(ds_certs, "Failed to retrieve certificates from EF.CardSecurity");
/* NOTE: The following code assumes that there is only one certificate in
* PKCS7 structure. ds_cert is implicitly freed together with ds_certs. */
ds_cert = sk_X509_pop(ds_certs);
check(ds_cert, "Failed to retrieve DS certificate from EF.CardSecurity");
/* Get the trust store with at least the csca certificate */
issuer_name_hash = X509_issuer_name_hash(ds_cert);
store = ctx->ca_ctx->lookup_csca_cert(issuer_name_hash);
check (store, "Failed to retrieve CSCA truststore");
/* Verify the signature and the certificate chain */
ret = PKCS7_verify(ef_cardsecurity, ds_certs, store, NULL, NULL, 0);
err:
if (ds_certs)
sk_X509_free(ds_certs);
return ret;
}示例4: STACK_OF
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
{
STACK_OF(X509) *signers = NULL;
STACK_OF(CMS_SignerInfo) *sinfos;
CMS_SignerInfo *si;
int i;
sinfos = CMS_get0_SignerInfos(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
{
si = sk_CMS_SignerInfo_value(sinfos, i);
if (si->signer)
{
if (!signers)
{
signers = sk_X509_new_null();
if (!signers)
return NULL;
}
if (!sk_X509_push(signers, si->signer))
{
sk_X509_free(signers);
return NULL;
}
}
}
return signers;
}示例5: util_verify
// Verify the signed block, the first 32 bytes of the data must be the certificate hash to work.
int __fastcall util_verify(char* signature, int signlen, struct util_cert* cert, char** data)
{
unsigned int size, r;
BIO *out = NULL;
PKCS7 *message = NULL;
char* data2 = NULL;
char hash[UTIL_HASHSIZE];
STACK_OF(X509) *st = NULL;
cert->x509 = NULL;
cert->pkey = NULL;
*data = NULL;
message = d2i_PKCS7(NULL, (const unsigned char**)&signature, signlen);
if (message == NULL) goto error;
out = BIO_new(BIO_s_mem());
// Lets rebuild the original message and check the size
size = i2d_PKCS7(message, NULL);
if (size < (unsigned int)signlen) goto error;
// Check the PKCS7 signature, but not the certificate chain.
r = PKCS7_verify(message, NULL, NULL, NULL, out, PKCS7_NOVERIFY);
if (r == 0) goto error;
// If data block contains less than 32 bytes, fail.
size = BIO_get_mem_data(out, &data2);
if (size <= UTIL_HASHSIZE) goto error;
// Copy the data block
*data = (char*)malloc(size + 1);
if (*data == NULL) goto error;
memcpy(*data, data2, size);
(*data)[size] = 0;
// Get the certificate signer
st = PKCS7_get0_signers(message, NULL, PKCS7_NOVERIFY);
cert->x509 = X509_dup(sk_X509_value(st, 0));
sk_X509_free(st);
// Get a full certificate hash of the signer
r = UTIL_HASHSIZE;
X509_digest(cert->x509, EVP_sha256(), (unsigned char*)hash, &r);
// Check certificate hash with first 32 bytes of data.
if (memcmp(hash, *data, UTIL_HASHSIZE) != 0) goto error;
// Approved, cleanup and return.
BIO_free(out);
PKCS7_free(message);
return size;
error:
if (out != NULL) BIO_free(out);
if (message != NULL) PKCS7_free(message);
if (*data != NULL) free(*data);
if (cert->x509 != NULL) { X509_free(cert->x509); cert->x509 = NULL; }
return 0;
}示例6: STACK_OF
Settings::KeyPair CertWizard::importCert(QByteArray data, const QString &pw) {
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
PKCS12 *pkcs = NULL;
BIO *mem = NULL;
STACK_OF(X509) *certs = NULL;
Settings::KeyPair kp;
int ret = 0;
mem = BIO_new_mem_buf(data.data(), data.size());
Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE));
pkcs = d2i_PKCS12_bio(mem, NULL);
if (pkcs) {
ret = PKCS12_parse(pkcs, NULL, &pkey, &x509, &certs);
if (pkcs && !pkey && !x509 && ! pw.isEmpty()) {
if (certs) {
if (ret)
sk_X509_free(certs);
certs = NULL;
}
ret = PKCS12_parse(pkcs, pw.toUtf8().constData(), &pkey, &x509, &certs);
}
if (pkey && x509 && X509_check_private_key(x509, pkey)) {
unsigned char *dptr;
QByteArray key, crt;
key.resize(i2d_PrivateKey(pkey, NULL));
dptr=reinterpret_cast<unsigned char *>(key.data());
i2d_PrivateKey(pkey, &dptr);
crt.resize(i2d_X509(x509, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(x509, &dptr);
QSslCertificate qscCert = QSslCertificate(crt, QSsl::Der);
QSslKey qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
QList<QSslCertificate> qlCerts;
qlCerts << qscCert;
if (certs) {
for (int i=0;i<sk_X509_num(certs);++i) {
X509 *c = sk_X509_value(certs, i);
crt.resize(i2d_X509(c, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(c, &dptr);
QSslCertificate cert = QSslCertificate(crt, QSsl::Der);
qlCerts << cert;
}
}
bool valid = ! qskKey.isNull();
foreach(const QSslCertificate &cert, qlCerts)
valid = valid && ! cert.isNull();
if (valid)
kp = Settings::KeyPair(qlCerts, qskKey);
}
}示例7: GTPublicationsFile_getSigningCert
int GTPublicationsFile_getSigningCert(
const GTPublicationsFile *publications_file,
unsigned char **cert_der, size_t *cert_der_length)
{
int res = GT_UNKNOWN_ERROR;
unsigned char *i2dp;
unsigned char *tmp_der = NULL;
int tmp_der_len;
X509 *signing_cert = NULL;
STACK_OF(X509) *certs = NULL;
if (publications_file == NULL || publications_file->signature == NULL ||
cert_der == NULL || cert_der_length == NULL) {
res = GT_INVALID_ARGUMENT;
goto cleanup;
}
certs = PKCS7_get0_signers(publications_file->signature, NULL, 0);
if (certs == NULL) {
res = GT_INVALID_FORMAT;
goto cleanup;
}
if (sk_X509_num(certs) != 1) {
res = GT_INVALID_FORMAT;
goto cleanup;
}
signing_cert = sk_X509_value(certs, 0);
tmp_der_len = i2d_X509(signing_cert, NULL);
if (tmp_der_len < 0) {
res = GT_CRYPTO_FAILURE;
goto cleanup;
}
tmp_der = GT_malloc(tmp_der_len);
if (tmp_der == NULL) {
res = GT_OUT_OF_MEMORY;
goto cleanup;
}
i2dp = tmp_der;
i2d_X509(signing_cert, &i2dp);
*cert_der = tmp_der;
tmp_der = NULL;
*cert_der_length = tmp_der_len;
res = GT_OK;
cleanup:
GT_free(tmp_der);
sk_X509_free(certs);
return res;
}示例8: START_TEST
END_TEST
START_TEST(test_sscep_handling_perform_sunny)
{
qeo_mgmt_client_ctx_t *ctx = NULL;
STACK_OF(X509) *racerts = get_cert_store(raids);
STACK_OF(X509) *devicecerts = get_cert_store(deviceids);
sscep_mock_ignore_and_return(true, SCEP_PKISTATUS_SUCCESS, racerts, SCEP_PKISTATUS_SUCCESS, devicecerts);
ctx = qeo_mgmt_client_init();
fail_if(ctx == NULL);
fail_unless(qeo_mgmt_client_enroll_device(ctx, s_url, s_rsakey, s_otp, &s_info, my_ssl_cb, (void*) COOKIE_MAGIC_NUMBER, s_certs) == QMGMTCLIENT_OK);
qeo_mgmt_client_clean(ctx);
sscep_mock_expect_called(1, 2, 1);
sk_X509_free(racerts);
sk_X509_free(devicecerts);
}示例9: GetSignerCertificate
/**
This function will return the leaf signer certificate in a chain. This is
required because certificate chains are not guaranteed to have the
certificates in the order that they were issued.
A typical certificate chain looks like this:
----------------------------
| Root |
----------------------------
^
|
----------------------------
| Policy CA | <-- Typical Trust Anchor.
----------------------------
^
|
----------------------------
| Issuing CA |
----------------------------
^
|
-----------------------------
/ End-Entity (leaf) signer / <-- Bottom certificate.
----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1"
(Firmware Signing)
@param[in] CertChain Certificate chain.
@param[out] SignerCert Last certificate in the chain. For PKCS7 signatures,
this will be the end-entity (leaf) signer cert.
@retval EFI_SUCCESS The required EKUs were found in the signature.
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_NOT_FOUND The number of signers found was not 1.
**/
EFI_STATUS
GetSignerCertificate (
IN CONST PKCS7 *CertChain,
OUT X509 **SignerCert
)
{
EFI_STATUS Status;
STACK_OF(X509) *Signers;
INT32 NumberSigners;
Status = EFI_SUCCESS;
Signers = NULL;
NumberSigners = 0;
if (CertChain == NULL || SignerCert == NULL) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
//
// Get the signers from the chain.
//
Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
if (Signers == NULL) {
//
// Fail to get signers form PKCS7
//
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
//
// There should only be one signer in the PKCS7 stack.
//
NumberSigners = sk_X509_num (Signers);
if (NumberSigners != 1) {
//
// The number of singers should have been 1
//
Status = EFI_NOT_FOUND;
goto Exit;
}
*SignerCert = sk_X509_value (Signers, 0);
Exit:
//
// Release Resources
//
if (Signers) {
sk_X509_free (Signers);
}
return Status;
}示例10: STACK_OF
static STACK_OF(X509) *
file_to_certs(const char *file)
{
unsigned long ret;
STACK_OF(X509) *certs;
FILE *f;
if ((f = fopen(file, "r")) == NULL) {
warn("open failed %s", file);
return NULL;
}
certs = sk_X509_new_null();
for (;;) {
X509 *cert;
cert = PEM_read_X509(f, NULL, NULL, NULL);
if (cert == NULL) {
ret = ERR_GET_REASON(ERR_peek_error());
if (ret == PEM_R_NO_START_LINE) {
/* End of file reached. no error */
ERR_clear_error();
break;
}
sk_X509_free(certs);
warnx("Can't read certificate in file: %s", file);
fclose(f);
return NULL;
}
sk_X509_insert(certs, cert, sk_X509_num(certs));
}
fclose(f);
if (sk_X509_num(certs) == 0) {
sk_X509_free(certs);
certs = NULL;
warnx("No certificate found in file %s", file);
}
return certs;
}示例11: START_TEST
END_TEST
START_TEST(test_cert_ordening_rainy)
{
qeo_mgmt_cert_contents qmcc;
int ids1[]={CERTSTORE_MASTER , CERTSTORE_RANDOM, CERTSTORE_DEVICE, -1};
int ids2[]={CERTSTORE_REALM , CERTSTORE_MASTER, CERTSTORE_RANDOM, -1};
int ids3[]={CERTSTORE_DEVICE , CERTSTORE_REALM, -1};
int ids4[]={CERTSTORE_DEVICE, CERTSTORE_MASTER, -1};
int ids5[]={CERTSTORE_MASTER, -1};
int ids6[]={CERTSTORE_REALM, CERTSTORE_MASTER, -1};
STACK_OF(X509) *chain1 = get_cert_store(ids1);
STACK_OF(X509) *chain2 = get_cert_store(ids2);
STACK_OF(X509) *chain3 = get_cert_store(ids3);
STACK_OF(X509) *chain4 = get_cert_store(ids4);
STACK_OF(X509) *chain5 = get_cert_store(ids5);
STACK_OF(X509) *chain6 = get_cert_store(ids6);
fail_if(qeo_mgmt_cert_parse(chain1, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain2, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain3, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain4, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain5, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain6, &qmcc) == QCERT_OK);
sk_X509_free(chain1);
sk_X509_free(chain2);
sk_X509_free(chain3);
sk_X509_free(chain4);
sk_X509_free(chain5);
sk_X509_free(chain6);
}示例12: PKI_X509_PKCS7_clear_certs
int PKI_X509_PKCS7_clear_certs ( PKI_X509_PKCS7 *p7 ) {
STACK_OF(X509) *x_sk = NULL;
if ((x_sk = __get_chain ( p7 )) == NULL ) {
return PKI_ERR;
}
if ( !x_sk ) return ( PKI_OK );
sk_X509_free ( x_sk );
return ( PKI_OK );
}示例13: STACK_OF
/**
* Returns a list of all x509 certificates in a PKCS12 object.
*/
static STACK_OF(X509) *pkcs12_listCerts(PKCS12 *p12) {
STACK_OF(X509) *x509s = sk_X509_new_null();
if (!x509s) return NULL;
// Extract all PKCS7 safes
STACK_OF(PKCS7) *pkcs7s = PKCS12_unpack_authsafes(p12);
if (!pkcs7s) {
certutil_updateErrorString();
sk_X509_free(x509s);
return NULL;
}
// For each PKCS7 safe
int nump = sk_PKCS7_num(pkcs7s);
for (int p = 0; p < nump; p++) {
PKCS7 *p7 = sk_PKCS7_value(pkcs7s, p);
if (!p7) continue;
STACK_OF(PKCS12_SAFEBAG) *safebags = PKCS12_unpack_p7data(p7);
if (!safebags) {
certutil_updateErrorString();
continue;
}
// For each PKCS12 safebag
int numb = sk_PKCS12_SAFEBAG_num(safebags);
for (int i = 0; i < numb; i++) {
PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(safebags, i);
if (!bag) continue;
if (M_PKCS12_bag_type(bag) == NID_certBag) {
// Extract x509 cert
X509 *x509 = PKCS12_certbag2x509(bag);
if (x509 == NULL) {
certutil_updateErrorString();
} else {
sk_X509_push(x509s, x509);
}
}
}
sk_PKCS12_SAFEBAG_pop_free(safebags, PKCS12_SAFEBAG_free);
}
sk_PKCS7_pop_free(pkcs7s, PKCS7_free);
return x509s;
}示例14: test_resp_signer
static int test_resp_signer(void)
{
OCSP_BASICRESP *bs = NULL;
X509 *signer = NULL, *tmp;
EVP_PKEY *key = NULL;
STACK_OF(X509) *extra_certs = NULL;
int ret = 0;
/*
* Test a response with no certs at all; get the signer from the
* extra certs given to OCSP_resp_get0_signer().
*/
bs = make_dummy_resp();
extra_certs = sk_X509_new_null();
if (!TEST_ptr(bs)
|| !TEST_ptr(extra_certs)
|| !TEST_true(get_cert_and_key(&signer, &key))
|| !TEST_true(sk_X509_push(extra_certs, signer))
|| !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
NULL, OCSP_NOCERTS)))
goto err;
if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))
|| !TEST_int_eq(X509_cmp(tmp, signer), 0))
goto err;
OCSP_BASICRESP_free(bs);
/* Do it again but include the signer cert */
bs = make_dummy_resp();
tmp = NULL;
if (!TEST_ptr(bs)
|| !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
NULL, 0)))
goto err;
if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))
|| !TEST_int_eq(X509_cmp(tmp, signer), 0))
goto err;
ret = 1;
err:
OCSP_BASICRESP_free(bs);
sk_X509_free(extra_certs);
X509_free(signer);
EVP_PKEY_free(key);
return ret;
}示例15: throw
void Pkcs12::parse(string password) throw(Pkcs12Exception)
{
EVP_PKEY* pkey = NULL;
X509* cert = NULL;
STACK_OF(X509)* ca = NULL;
unsigned long opensslError = 0;
X509* tmp = NULL;
//Limpa fila de erros e carrega tabelas
ERR_clear_error();
//OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if(!PKCS12_parse(this->pkcs12, password.c_str(), &pkey, &cert, &ca))
{
opensslError = ERR_get_error();
switch(ERR_GET_REASON(opensslError))
{
case PKCS12_R_MAC_VERIFY_FAILURE :
throw Pkcs12Exception(Pkcs12Exception::PARSE_ERROR, "Pkcs12::parse");
break;
case PKCS12_R_PARSE_ERROR :
throw Pkcs12Exception(Pkcs12Exception::MAC_VERIFY_FAILURE, "Pkcs12::parse");
break;
}
}
this->privKey = new PrivateKey(pkey);
this->cert = new Certificate(cert);
for(int i = 0 ; i < sk_X509_num(ca) ; i ++)
{
tmp = sk_X509_value(ca, i);
this->ca.push_back(new Certificate(tmp));
}
sk_X509_free(ca);
}