forked from JackOfMostTrades/aws-kms-pkcs11
-
Notifications
You must be signed in to change notification settings - Fork 0
/
certificates.cpp
87 lines (76 loc) · 2.21 KB
/
certificates.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#include <stdio.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <aws/core/Aws.h>
#include <aws/acm-pca/ACMPCAClient.h>
#include <aws/acm-pca/model/GetCertificateRequest.h>
#include <aws/acm-pca/model/GetCertificateResult.h>
#include "debug.h"
#include "openssl_compat.h"
using std::string;
X509* parseCertificateFromFile(const char* filename) {
int res;
long len;
char *name, *header;
unsigned char *data;
X509* cert = NULL;
FILE* f = fopen(filename, "r");
if (f == NULL) {
return NULL;
}
res = 1;
while (res == 1) {
res = PEM_read(f, &name, &header, &data, &len);
if (res == 0) {
fclose(f);
return NULL;
}
if (strcmp("CERTIFICATE", name) == 0) {
const unsigned char* d = data;
cert = d2i_X509(NULL, &d, len);
}
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
if (cert != NULL) {
fclose(f);
return cert;
}
}
fclose(f);
return NULL;
}
X509* parseCertificateFromB64Der(const char* b64Der) {
BIO *bio_mem = BIO_new(BIO_s_mem());
BIO_puts(bio_mem, b64Der);
BIO *b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
BIO_push(b64, bio_mem);
X509* cert = d2i_X509_bio(b64, NULL);
BIO_free_all(b64);
return cert;
}
X509* parseCertificateFromARN(const string &ca_arn, const string &arn, const std::string ®ion) {
Aws::Client::ClientConfiguration awsConfig;
if (!region.empty())
awsConfig.region = region;
Aws::ACMPCA::ACMPCAClient acmpca(awsConfig);
Aws::ACMPCA::Model::GetCertificateRequest req;
req.SetCertificateArn(arn);
req.SetCertificateAuthorityArn(ca_arn);
auto res = acmpca.GetCertificate(req);
if (!res.IsSuccess()) {
debug("Failed to retreive certificate %s from CA %s\n", arn, ca_arn);
return NULL;
}
auto pem = res.GetResult().GetCertificate();
auto bio = BIO_new_mem_buf((char *)pem.c_str(), -1);
if (!bio) {
debug("Failed to allocate BIO for cert\n");
return NULL;
}
auto cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
BIO_free(bio);
return cert;
}