aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins')
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c46
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.h2
2 files changed, 41 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index 31e468381..8bf519118 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -531,12 +531,50 @@ static private_x509_pkcs10_t* create_empty(void)
}
/**
- * Generate and sign a new certificate
+ * Generate and sign a new certificate request
*/
static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key,
int digest_alg)
{
- /* TODO */
+ chunk_t attributes = chunk_empty;
+ chunk_t key_info;
+ signature_scheme_t scheme;
+ identification_t *subject;
+
+ subject = cert->subject;
+ cert->public_key = sign_key->get_public_key(sign_key);
+
+ /* select signature scheme */
+ cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg,
+ sign_key->get_type(sign_key));
+ if (cert->algorithm == OID_UNKNOWN)
+ {
+ return FALSE;
+ }
+ scheme = signature_scheme_from_oid(cert->algorithm);
+
+ if (!cert->public_key->get_encoding(cert->public_key,
+ KEY_PUB_SPKI_ASN1_DER, &key_info))
+ {
+ return FALSE;
+ }
+
+ cert->certificationRequestInfo = asn1_wrap(ASN1_SEQUENCE, "ccmm",
+ ASN1_INTEGER_0,
+ subject->get_encoding(subject),
+ key_info,
+ asn1_wrap(ASN1_CONTEXT_C_0, "m", attributes));
+
+ if (!sign_key->sign(sign_key, scheme, cert->certificationRequestInfo,
+ &cert->signature))
+ {
+ return FALSE;
+ }
+
+ cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm",
+ cert->certificationRequestInfo,
+ asn1_algorithmIdentifier(cert->algorithm),
+ asn1_bitstring("c", cert->signature));
return TRUE;
}
@@ -594,10 +632,6 @@ x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args)
case BUILD_SIGNING_KEY:
sign_key = va_arg(args, private_key_t*);
continue;
- case BUILD_PUBLIC_KEY:
- cert->public_key = va_arg(args, public_key_t*);
- cert->public_key->get_ref(cert->public_key);
- continue;
case BUILD_SUBJECT:
cert->subject = va_arg(args, identification_t*);
cert->subject = cert->subject->clone(cert->subject);
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.h b/src/libstrongswan/plugins/x509/x509_pkcs10.h
index 8bdc43363..f9490b1dc 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.h
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.h
@@ -53,7 +53,7 @@ x509_pkcs10_t *x509_pkcs10_load(certificate_type_t type, va_list args);
/**
* Generate a PKCS#10 certificate request.
*
- * To issue a self-signed certificate, the function takes:
+ * To issue a self-signed certificate request, the function takes:
* BUILD_SUBJECT, BUILD_SUBJECT_ALTNAMES, BUILD_SIGNING_KEY, BUILD_DIGEST_ALG.
*
* @param type certificate type, CERT_PKCS10_REQUEST only
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 17:21:41 +0000