-
Notifications
You must be signed in to change notification settings - Fork 6
QX509
BrutalWizard edited this page Dec 24, 2023
·
21 revisions
Example:
#include <QByteArray>
#include <QMap>
#include "QRSA.h"
#include "QX509.h"
#include <QX509Store.h>
int main() {
/* Generate RSA key, before creating X509 */
QSimpleCrypto::QRsa rsa;
EVP_PKEY* rsaStructure = rsa.generateRsaKeys(2048, RSA_F4);
/* Get CA private key from file */
EVP_PKEY* caPrivateKey = rsa.getPrivateKeyFromFile("caPrivateKey.pem", "password");
/* Create list that will contain information about X509 certificate */
QMap<QByteArray, QByteArray> informationList;
informationList.insert("C", "CA");
informationList.insert("O", "MyCompany Inc.");
informationList.insert("CN", "localhost");
/* Initialize QX509 */
QSimpleCrypto::QX509 x509;
/* Open CA certificate */
X509* caCertificate = x509.loadCertificateFromFile("caCertificate.pem");
/* Generate self signed certificate */
X509* endCertificate = x509.generateSelfSignedCertificate(rsaStructure, informationList, "selfSignedCertificate.pem", EVP_sha512());
/* Sign 'endCertificate' with 'caCertificate' with 'caPrivateKey' and save new signed certificate */
x509.signCertificate(endCertificate, caCertificate, caPrivateKey, "endCertificate.pem");
/* Initialize QX509Store */
QSimpleCrypto::QX509Store store;
X509_STORE* storeStructure = X509_STORE_new();
/* Load to store CA Certificate */
store.loadLocations(storeStructure, "caCertificate.pem", "path/To/File");
/* Call verify operation */
x509.verifyCertificate(endCertificate, storeStructure);
/* Free memory */
EVP_PKEY_free(caPrivateKey);
EVP_PKEY_free(rsaStructure); /// Note: RSA must be cleaned before X509
X509_free(caCertificate);
X509_free(endCertificate);
X509_STORE_free(storeStructure);
}X509* loadCertificateFromFile(const QByteArray& filePath)- filePath - File path to certificate
Returns OpenSSL X509 on success and nullptr on failure. Returned value must be cleaned up with 'X509_free' to avoid memory leak.
X509* signCertificate(X509* endCertificate, X509* caCertificate, EVP_PKEY* caPrivateKey, const QByteArray& fileName = "")- endCertificate - Certificate that will be signed. Must be provided with not null X509 OpenSSL struct.
- caCertificate - CA certificate that will sign end certificate. Must be provided with not null X509 OpenSSL struct.
- caPrivateKey - CA certificate private key. Must be provided with not null EVP_PKEY OpenSSL struct.
- fileName - With that name certificate will be saved. Leave "", if certificate don't need to be saved.
Returns OpenSSL X509 on success and nullptr on failure.
X509* verifyCertificate(X509* x509, X509_STORE* store);- x509 - OpenSSL X509. That certificate will be verified. Must be provided with not null X509 OpenSSL struct.
- store - Trusted certificate must be added to X509_Store with 'addCertificateToStore(X509_STORE* ctx, X509* x509)'.
Returns OpenSSL X509 on success and nullptr on failure.
X509* generateSelfSignedCertificate(EVP_PKEY* key, const QMap<QByteArray, QByteArray>& additionalData,
const QByteArray& certificateFileName = "", const EVP_MD* md = EVP_sha512(),
const quint64& notBefore = 0, const quint64& notAfter = oneYearMSecs,
const quint32 serialNumber = 1, const quint8 version = x509LastVersion);- key - OpenSSL RSA key. Must be provided with not null EVP_PKEY OpenSSL struct.
- additionalData - Certificate information.
- certificateFileName - With that name certificate will be saved. Leave "", if don't need to save it.
- md - OpenSSL EVP_MD structure. Example: EVP_sha512().
- notBefore - X509 start date. For example "0" to start from current date.
- notAfter - X509 end date. For example "31536000L" to sign it for one year from "notBefore" date.
- serialNumber - X509 certificate serial number.
- version - X509 certificate version. Recomended to leave it with "x509LastVersion".
Returns OpenSSL X509 on success and nullptr on failure. Returned value must be cleaned up with 'X509_free' to avoid memory leak.