Some background, I am attempting to add some functionality to the
existing PHP OpenSSL extension to handle the creation, verification
and exporting of SPKAC's. I have been using the spkac.c included with
the OpenSSL-1.0.0e release and have so far successfully been able to
add a PHP function to create new SPKAC's. However when attempting to
verify and export the public key I am running into problems and
perhaps you could point me in the right direction. Thanks for your
time.
I am afraid I am not certain about whether or not I need to load the
configuration file prior to attempting to decode an existing SPKAC for
verification or retrieval of the public key and/or challenge.
Here is the code I am currently using if you can point out what I am
doing wrong?
/* {{{ proto string openssl_spki_new(mixed priv_key, string password)
Creates new private key (or uses existing) and creates a new spki cert
outputting results to var */
PHP_FUNCTION(openssl_spki_new)
{
zval * zout, * zpkey = NULL;
EVP_PKEY * pkey = NULL;
NETSCAPE_SPKI *spki=NULL;
char * password, * spkstr;
long keyresource;
RETVAL_FALSE;
zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs|s", &zpkey,
&password, &zout);
pkey = php_openssl_evp_from_zval(&zpkey, 0, password, 1, &keyresource
TSRMLS_CC);
if (pkey == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get private
key
from parameter 1");
goto cleanup;
}
if ((spki = NETSCAPE_SPKI_new()) == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get spki interface");
goto cleanup;
}
if (password) {
ASN1_STRING_set(spki->spkac->challenge, password, (int)strlen(password));
}
if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get public key
from spki");
goto cleanup;
}
if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5())) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot sign public key
with spki");
goto cleanup;
}
spkstr = NETSCAPE_SPKI_b64_encode(spki);
RETVAL_STRINGL(spkstr, strlen(spkstr), 0);
cleanup:
if (keyresource == -1 && pkey) {
EVP_PKEY_free(pkey);
}
}
/* }}} */
/* {{{ proto bool openssl_spki_verify(string spki)
Verifies spki */
PHP_FUNCTION(openssl_spki_verify)
{
int i, x=0;
char *spkstr = NULL;
EVP_PKEY *pkey = NULL;
NETSCAPE_SPKI *spki = NULL;
RETVAL_FALSE;
zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &spkstr);
if (!spkstr) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "spki not found");
goto cleanup;
}
spki = NETSCAPE_SPKI_b64_decode(spkstr, strlen(spkstr));
if (!spki) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "error decoding spki");
goto cleanup;
}
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (!pkey) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "error getting public
key from spki");
goto cleanup;
}
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0) {
x = 1;
} else {
x = 0;
}
goto cleanup;
cleanup:
EVP_PKEY_free(pkey);
RETVAL_BOOL(x);
}
/* }}} */
/* {{{ proto string openssl_spki_export(string spki)
Exports public key from existing spki to var */
PHP_FUNCTION(openssl_spki_export)
{
EVP_PKEY *pkey = NULL;
NETSCAPE_SPKI *spki = NULL;
BIO *out = NULL;
char * spkstr;
zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &spkstr);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (spkstr) {
spki = NETSCAPE_SPKI_b64_decode(spkstr, strlen(spkstr));
}
PEM_write_bio_PUBKEY(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
PEM_write_bio_PUBKEY(out, pkey);
EVP_PKEY_free(pkey);
}
/* }}} */
I am having problems with the openssl_spki_verify() and
openssl_spki_export() functions I am attempting to implement. Thanks
in advance.
--
Jason Gerfen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
