2016-12-06 60 views
0

我正在開發應用程序,其中需要從目標c生成密鑰,如下面的代碼。從目標c生成密鑰並通過OpenSSL簽名創建CSR

- (NSData *) getKeyDataWithIdentifier 
{ 
    NSData * keyBits = nil; 
    NSMutableDictionary * keyQuery = [[NSMutableDictionary alloc] init]; 


[keyQuery setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag]; 
[keyQuery setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass]; 
[keyQuery setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnData]; 
[keyQuery setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType]; 

OSStatus sanityCheck = SecItemCopyMatching((CFDictionaryRef)keyQuery, (void *)&keyBits); 

if (sanityCheck != noErr) { 
    NSLog(@"Error: %d", (int)sanityCheck); 
} 

    return keyBits; 
} 

並從OpenSSl簽名創建CSR。我做了以下,但在簽署其在這條線上返回0 ret = X509_REQ_sign(x509_req, pKey, EVP_sha512()); 以上每一件事情都很好,但不能在下面簽字是代碼我是如何做的。

- (void)genCSRX509ForRSA:(NSData *) keyData 
{ 
    int    ret = 0; 
    RSA    *rsa = NULL; 

BIGNUM   *bne = NULL; 

BN_GENCB  *bGen = NULL; 

int    nVersion = 1; 
int    bits = 2048; 
unsigned long e = RSA_F4; 

X509_REQ  *x509_req = NULL; 
X509_NAME  *x509_name = NULL; 
EVP_PKEY  *pKey = NULL; 
RSA    *tem = NULL; 
BIO    *out = NULL, *bio_err = NULL; 

const char  *szCountry = "US"; 
const char  *szProvince = "MU"; 
const char  *szCity = "Boston"; 
const char  *szOrganization = "MyOrg"; 
const char  *szCommon = "MO"; 

const char  *szPath = "x509Req.pem"; 

const unsigned char * bitsOfKeyData = (unsigned char *) [keyData bytes]; 
int lengthOfKeyData = [keyData length]; 

// 1. generate rsa key 
bne = BN_new(); 
ret = BN_set_word(bne,e); 
if(ret != 1){ 
    goto free_all; 
} 

rsa = RSA_new(); 

rsa = d2i_RSAPublicKey(&rsa, &bitsOfKeyData, lengthOfKeyData); 


// 2. set version of x509 req 
x509_req = X509_REQ_new(); 
ret = X509_REQ_set_version(x509_req, nVersion); 
if (ret != 1){ 
    goto free_all; 
} 

// 3. set subject of x509 req 
x509_name = X509_REQ_get_subject_name(x509_req); 

ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0); 
if (ret != 1){ 
    goto free_all; 
} 

ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0); 
if (ret != 1){ 
    goto free_all; 
} 

ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0); 
if (ret != 1){ 
    goto free_all; 
} 

ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0); 
if (ret != 1){ 
    goto free_all; 
} 

ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0); 
if (ret != 1){ 
    goto free_all; 
} 

// 4. set public key of x509 req 
pKey = EVP_PKEY_new(); 
EVP_PKEY_assign_RSA(pKey,rsa); 
if(ret != 1){ 
    goto free_all; 
} 



ret = X509_REQ_set_pubkey(x509_req, pKey); 
if (ret != 1){ 
    goto free_all; 
} 

// 5. set sign key of x509 req 

ret = X509_REQ_sign(x509_req, pKey, EVP_sha512()); // return x509_req->signature->length 
if (ret <= 0){ 
    goto free_all; 
} 

out = BIO_new_file(szPath,"w"); 
ret = PEM_write_bio_X509_REQ(out, x509_req); 
X509_REQ_print_fp(stdout, x509_req); 


[self createFileForPEM:x509_req]; 

// PEM_write_X509_REQ(pemFile, certSigningRequest); 
// 6. free 
free_all: 

    X509_REQ_free(x509_req); 
    BIO_free_all(out); 

    EVP_PKEY_free(pKey); 
    BN_free(bne); 

} 

回答