You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by GRU Samuel <sa...@crf.canon.fr> on 2004/01/06 17:46:29 UTC
[c++] load X509 certificate
Hi,
The certificate is well formed because i can open it in windows 2000.
I have this code :
* string cert="certificate.der";
** OpenSSLCryptoX509* x509 = NULL;
if (!cert.empty())
{
x509 = new OpenSSLCryptoX509();
ifstream s(cert.c_str());
string buf;
char ch;
while ((ch=s.get())!=EOF)
buf+=ch;
x509->loadX509Base64Bin(buf.data(),buf.length());
}
*
I have a problem when i call the *loadX509Base64Bin *method.
I have the exception *XSECCryptoException.*
I doesn't work. I don't understand every thing in this method !
Can someone explain me, please ?
* EVP_ENCODE_CTX m_dctx;
EVP_DecodeInit(&m_dctx);
* ----> buf contains data and len = 460
* int rc = EVP_DecodeUpdate(&m_dctx,
outBuf,
&bufLen,
(unsigned char *) buf,
len);
*
----> rc = 0 but bufLen = 0 and outBuf is empty . Is it normal ?
* if (rc < 0) {
throw XSECCryptoException(XSECCryptoException::Base64Error,
"OpenSSL:Base64 - Error during Base64 Decode of X509
Certificate");
}
*
* int finalLen;
rc = EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
bufLen += finalLen;
*----> finalLen = 0 so bufLen = 0 . It isn't normal ?
----> so after, we have the exception !!!
*
if (bufLen > 0) {
mp_X509= d2i_X509(NULL, &outBuf, bufLen);
}
*
* // Check to see if we have a certificate....
if (mp_X509 == NULL) {
throw XSECCryptoException(XSECCryptoException::X509Error,
"OpenSSL:X509 - Error transating Base64 DER encoding into
OpenSSL X509 structure");
}*
Thank you.
Samuel
*
*
Re: [c++] load X509 certificate
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Nasty (but good you got it working :>). I will add a test for 2048 bit
keys.
Thanks!
BTW - The code below will only work for a PEM encoded certificate. The
previous code you had required a DER cert. It's nearly the same thing
except the head and tail of the certificate are removed leaving "pure"
base64. Given the code below works, I suspect that was the problem.
Cheers,
Berin
GRU Samuel wrote:
> First, i have found my error !
> To load the certificate, I replace the code by :
> * BIO *bio=BIO_new(BIO_s_file());
> BIO_read_filename(bio,cert.c_str());
> X509* x50=PEM_read_bio_X509(bio,NULL,0,NULL);
> certX509 = new OpenSSLCryptoX509(x50);*
>
>
> But after , i had an Exception : "OpenSSL:RSA::verify() - Error
> decrypting signature"
> I found that in the DSIGSignature::sign method,
> the buffer char b64Buf[256] is too small, my "signature" contains 310
> characters, so i change it with b64Buf[512]
>
> With this code, i can sign and verify my XML document !
>
> Samuel Gru.
>
> Berin Lautenbach a écrit :
>
>> Samuel,
>>
>> The base64 decode looks strange indeed!
>>
>> How do you transform the cert to DER format?
>>
>> Can you send me a copy of the cert?
>>
>> Cheers,
>> Berin
>>
>> GRU Samuel wrote:
>>
>>> Hi,
>>>
>>> To complete my first message, i generate my key and my certificate
>>> with OpenSSL (0.9.7c) with default options.
>>> generation of key : openssl genrsa -out privkey.pem 2048
>>> generation of certificate : openssl req -outform DER -new -x509
>>> -key privkey.pem -out certificate.pem -days 1095
>>>
>>> Is it Ok ?
>>>
>>> GRU Samuel a icrit :
>>>
>>>> Hi,
>>>>
>>>> The certificate is well formed because i can open it in windows 2000.
>>>>
>>>> I have this code :
>>>> * string cert="certificate.der";
>>>>
>>>> ** OpenSSLCryptoX509* x509 = NULL;
>>>> if (!cert.empty())
>>>> {
>>>> x509 = new OpenSSLCryptoX509();
>>>> ifstream s(cert.c_str());
>>>> string buf;
>>>> char ch;
>>>> while ((ch=s.get())!=EOF)
>>>> buf+=ch;
>>>> x509->loadX509Base64Bin(buf.data(),buf.length());
>>>>
>>>> }
>>>> *
>>>> I have a problem when i call the *loadX509Base64Bin *method.
>>>> I have the exception *XSECCryptoException.*
>>>> I doesn't work. I don't understand every thing in this method !
>>>> Can someone explain me, please ?
>>>>
>>>> * EVP_ENCODE_CTX m_dctx;
>>>> EVP_DecodeInit(&m_dctx);
>>>>
>>>> * ----> buf contains data and len = 460
>>>>
>>>> * int rc = EVP_DecodeUpdate(&m_dctx,
>>>> outBuf,
>>>> &bufLen,
>>>> (unsigned char *) buf,
>>>> len);
>>>> *
>>>> ----> rc = 0 but bufLen = 0 and outBuf is empty . Is it normal ?
>>>>
>>>> * if (rc < 0) {
>>>>
>>>> throw XSECCryptoException(XSECCryptoException::Base64Error,
>>>> "OpenSSL:Base64 - Error during Base64 Decode of X509
>>>> Certificate");
>>>> }
>>>> *
>>>> * int finalLen;
>>>> rc = EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
>>>>
>>>> bufLen += finalLen;
>>>>
>>>> *----> finalLen = 0 so bufLen = 0 . It isn't normal ?
>>>> ----> so after, we have the exception !!!
>>>> *
>>>> if (bufLen > 0) {
>>>> mp_X509= d2i_X509(NULL, &outBuf, bufLen);
>>>> }
>>>> *
>>>> * // Check to see if we have a certificate....
>>>> if (mp_X509 == NULL) {
>>>>
>>>> throw XSECCryptoException(XSECCryptoException::X509Error,
>>>> "OpenSSL:X509 - Error transating Base64 DER encoding into
>>>> OpenSSL X509 structure");
>>>>
>>>> }*
>>>>
>>>> Thank you.
>>>> Samuel
>>>> *
>>>> *
>>>
>>>
>>>
>>
>
Re: [c++] load X509 certificate
Posted by GRU Samuel <sa...@crf.canon.fr>.
First, i have found my error !
To load the certificate, I replace the code by :
* BIO *bio=BIO_new(BIO_s_file());
BIO_read_filename(bio,cert.c_str());
X509* x50=PEM_read_bio_X509(bio,NULL,0,NULL);
certX509 = new OpenSSLCryptoX509(x50);*
But after , i had an Exception : "OpenSSL:RSA::verify() - Error
decrypting signature"
I found that in the DSIGSignature::sign method,
the buffer char b64Buf[256] is too small, my "signature" contains 310
characters, so i change it with b64Buf[512]
With this code, i can sign and verify my XML document !
Samuel Gru.
Berin Lautenbach a écrit :
> Samuel,
>
> The base64 decode looks strange indeed!
>
> How do you transform the cert to DER format?
>
> Can you send me a copy of the cert?
>
> Cheers,
> Berin
>
> GRU Samuel wrote:
>
>> Hi,
>>
>> To complete my first message, i generate my key and my certificate
>> with OpenSSL (0.9.7c) with default options.
>> generation of key : openssl genrsa -out privkey.pem 2048
>> generation of certificate : openssl req -outform DER -new -x509
>> -key privkey.pem -out certificate.pem -days 1095
>>
>> Is it Ok ?
>>
>> GRU Samuel a icrit :
>>
>>> Hi,
>>>
>>> The certificate is well formed because i can open it in windows 2000.
>>>
>>> I have this code :
>>> * string cert="certificate.der";
>>>
>>> ** OpenSSLCryptoX509* x509 = NULL;
>>> if (!cert.empty())
>>> {
>>> x509 = new OpenSSLCryptoX509();
>>> ifstream s(cert.c_str());
>>> string buf;
>>> char ch;
>>> while ((ch=s.get())!=EOF)
>>> buf+=ch;
>>> x509->loadX509Base64Bin(buf.data(),buf.length());
>>>
>>> }
>>> *
>>> I have a problem when i call the *loadX509Base64Bin *method.
>>> I have the exception *XSECCryptoException.*
>>> I doesn't work. I don't understand every thing in this method !
>>> Can someone explain me, please ?
>>>
>>> * EVP_ENCODE_CTX m_dctx;
>>> EVP_DecodeInit(&m_dctx);
>>>
>>> * ----> buf contains data and len = 460
>>>
>>> * int rc = EVP_DecodeUpdate(&m_dctx,
>>> outBuf,
>>> &bufLen,
>>> (unsigned char *) buf,
>>> len);
>>> *
>>> ----> rc = 0 but bufLen = 0 and outBuf is empty . Is it normal ?
>>>
>>> * if (rc < 0) {
>>>
>>> throw XSECCryptoException(XSECCryptoException::Base64Error,
>>> "OpenSSL:Base64 - Error during Base64 Decode of X509
>>> Certificate");
>>> }
>>> *
>>> * int finalLen;
>>> rc = EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
>>>
>>> bufLen += finalLen;
>>>
>>> *----> finalLen = 0 so bufLen = 0 . It isn't normal ?
>>> ----> so after, we have the exception !!!
>>> *
>>> if (bufLen > 0) {
>>> mp_X509= d2i_X509(NULL, &outBuf, bufLen);
>>> }
>>> *
>>> * // Check to see if we have a certificate....
>>> if (mp_X509 == NULL) {
>>>
>>> throw XSECCryptoException(XSECCryptoException::X509Error,
>>> "OpenSSL:X509 - Error transating Base64 DER encoding into
>>> OpenSSL X509 structure");
>>>
>>> }*
>>>
>>> Thank you.
>>> Samuel
>>> *
>>> *
>>
>>
>>
>
Re: [c++] load X509 certificate
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Samuel,
The base64 decode looks strange indeed!
How do you transform the cert to DER format?
Can you send me a copy of the cert?
Cheers,
Berin
GRU Samuel wrote:
> Hi,
>
> To complete my first message, i generate my key and my certificate with
> OpenSSL (0.9.7c) with default options.
> generation of key : openssl genrsa -out privkey.pem 2048
> generation of certificate : openssl req -outform DER -new -x509 -key
> privkey.pem -out certificate.pem -days 1095
>
> Is it Ok ?
>
> GRU Samuel a écrit :
>
>> Hi,
>>
>> The certificate is well formed because i can open it in windows 2000.
>>
>> I have this code :
>> * string cert="certificate.der";
>>
>> ** OpenSSLCryptoX509* x509 = NULL;
>> if (!cert.empty())
>> {
>> x509 = new OpenSSLCryptoX509();
>> ifstream s(cert.c_str());
>> string buf;
>> char ch;
>> while ((ch=s.get())!=EOF)
>> buf+=ch;
>> x509->loadX509Base64Bin(buf.data(),buf.length());
>>
>> }
>> *
>> I have a problem when i call the *loadX509Base64Bin *method.
>> I have the exception *XSECCryptoException.*
>> I doesn't work. I don't understand every thing in this method !
>> Can someone explain me, please ?
>>
>> * EVP_ENCODE_CTX m_dctx;
>> EVP_DecodeInit(&m_dctx);
>>
>> * ----> buf contains data and len = 460
>>
>> * int rc = EVP_DecodeUpdate(&m_dctx,
>> outBuf,
>> &bufLen,
>> (unsigned char *) buf,
>> len);
>> *
>> ----> rc = 0 but bufLen = 0 and outBuf is empty . Is it normal ?
>>
>> * if (rc < 0) {
>>
>> throw XSECCryptoException(XSECCryptoException::Base64Error,
>> "OpenSSL:Base64 - Error during Base64 Decode of X509
>> Certificate");
>> }
>> *
>> * int finalLen;
>> rc = EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
>>
>> bufLen += finalLen;
>>
>> *----> finalLen = 0 so bufLen = 0 . It isn't normal ?
>> ----> so after, we have the exception !!!
>> *
>> if (bufLen > 0) {
>> mp_X509= d2i_X509(NULL, &outBuf, bufLen);
>> }
>> *
>> * // Check to see if we have a certificate....
>> if (mp_X509 == NULL) {
>>
>> throw XSECCryptoException(XSECCryptoException::X509Error,
>> "OpenSSL:X509 - Error transating Base64 DER encoding into
>> OpenSSL X509 structure");
>>
>> }*
>>
>> Thank you.
>> Samuel
>> *
>> *
>
>
Re: [c++] load X509 certificate
Posted by GRU Samuel <sa...@crf.canon.fr>.
Hi,
To complete my first message, i generate my key and my certificate with
OpenSSL (0.9.7c) with default options.
generation of key : openssl genrsa -out privkey.pem 2048
generation of certificate : openssl req -outform DER -new -x509 -key
privkey.pem -out certificate.pem -days 1095
Is it Ok ?
GRU Samuel a écrit :
> Hi,
>
> The certificate is well formed because i can open it in windows 2000.
>
> I have this code :
> * string cert="certificate.der";
>
> ** OpenSSLCryptoX509* x509 = NULL;
> if (!cert.empty())
> {
> x509 = new OpenSSLCryptoX509();
> ifstream s(cert.c_str());
> string buf;
> char ch;
> while ((ch=s.get())!=EOF)
> buf+=ch;
> x509->loadX509Base64Bin(buf.data(),buf.length());
>
> }
> *
> I have a problem when i call the *loadX509Base64Bin *method.
> I have the exception *XSECCryptoException.*
> I doesn't work. I don't understand every thing in this method !
> Can someone explain me, please ?
>
> * EVP_ENCODE_CTX m_dctx;
> EVP_DecodeInit(&m_dctx);
>
> * ----> buf contains data and len = 460
>
> * int rc = EVP_DecodeUpdate(&m_dctx,
> outBuf,
> &bufLen,
> (unsigned char *) buf,
> len);
> *
> ----> rc = 0 but bufLen = 0 and outBuf is empty . Is it normal ?
>
> * if (rc < 0) {
>
> throw XSECCryptoException(XSECCryptoException::Base64Error,
> "OpenSSL:Base64 - Error during Base64 Decode of X509
> Certificate");
> }
> *
> * int finalLen;
> rc = EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
>
> bufLen += finalLen;
>
> *----> finalLen = 0 so bufLen = 0 . It isn't normal ?
> ----> so after, we have the exception !!!
> *
> if (bufLen > 0) {
> mp_X509= d2i_X509(NULL, &outBuf, bufLen);
> }
> *
> * // Check to see if we have a certificate....
> if (mp_X509 == NULL) {
>
> throw XSECCryptoException(XSECCryptoException::X509Error,
> "OpenSSL:X509 - Error transating Base64 DER encoding into
> OpenSSL X509 structure");
>
> }*
>
> Thank you.
> Samuel
> *
> *