0001 // SSLCertificate.swift 0002 // 0003 // The MIT License (MIT) 0004 // 0005 // Copyright (c) 2015 Zewo 0006 // 0007 // Permission is hereby granted, free of charge, to any person obtaining a copy 0008 // of this software and associated documentation files (the "Software"), to deal 0009 // in the Software without restriction, including without limitation the rights 0010 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 0011 // copies of the Software, and to permit persons to whom the Software is 0012 // furnished to do so, subject to the following conditions: 0013 // 0014 // The above copyright notice and this permission notice shall be included in all 0015 // copies or substantial portions of the Software. 0016 // 0017 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 0018 // IMPLIED, INCLUDINbG BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 0019 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 0020 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 0021 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 0022 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 0023 // SOFTWARE. 0024 0025 import System 0026 import COpenSSL 0027 0028 private extension UInt8 { 0029 var hexString: String { 0030 let str = String(self, radix: 16) 0031 return (self < 16 ? "0"+str : str) 0032 } 0033 } 0034 0035 private extension X509 { 0036 0037 var validityNotBefore
Certificate.swift:64 return UnsafeMutableBufferPointer(start: md, count: Int(EVP_MAX_MD_SIZE)).generate().prefix(Int(n)).map({ $0.hexString }).joinWithSeparator(":"): UnsafeMutablePointer<ASN1_TIME> { 0038 return cert_info.memory.validity.memory.notBefore 0039 } 0040 0041 var validityNotAfter
Certificate.swift:98 X509_gmtime_adj(certificate.memory.validityNotBefore, 0): UnsafeMutablePointer<ASN1_TIME> { 0042 return cert_info.memory.validity.memory.notAfter 0043 } 0044 0045 } 0046 0047 public class Certificate
Certificate.swift:99 X509_gmtime_adj(certificate.memory.validityNotAfter, expiresInDays*86400){ 0048 0049 public enum Error
Context.swift:45 public func useCertificate(certificate: Certificate) throws {Session.swift:93 return Certificate(certificate: certificate)Session.swift:82 public var peerCertificate: Certificate? {: ErrorType { 0050 case Certificate
Certificate.swift:81 throw Error.CertificateCertificate.swift:91 guard ret >= 0 else { throw Error.Subject }Certificate.swift:94 guard ret >= 0 else { throw Error.Subject }Certificate.swift:96 guard ret >= 0 else { throw Error.Subject }Certificate.swift:102 guard ret >= 0 else { throw Error.PrivateKey }Certificate.swift:109 guard ret >= 0 else { throw Error.Extension }Certificate.swift:117 guard ret >= 0 else { throw Error.Extension }Certificate.swift:123 guard ret >= 0 else { throw Error.Sign }0051 case Subject
Certificate.swift:81 throw Error.Certificate0052 case PrivateKey
Certificate.swift:91 guard ret >= 0 else { throw Error.Subject }Certificate.swift:94 guard ret >= 0 else { throw Error.Subject }Certificate.swift:96 guard ret >= 0 else { throw Error.Subject }0053 case Extension
Certificate.swift:102 guard ret >= 0 else { throw Error.PrivateKey }0054 case Sign
Certificate.swift:109 guard ret >= 0 else { throw Error.Extension }Certificate.swift:117 guard ret >= 0 else { throw Error.Extension }0055 } 0056 0057 var certificate
Certificate.swift:123 guard ret >= 0 else { throw Error.Sign }: UnsafeMutablePointer<X509> 0058 0059 public var fingerprint: String { 0060 let md = UnsafeMutablePointer<UInt8>.alloc(Int(EVP_MAX_MD_SIZE)) 0061 defer { md.destroy(); md.dealloc(Int(EVP_MAX_MD_SIZE)) } 0062 var n: UInt32 = 0 0063 X509_digest(certificate, EVP_sha256(), md, &n) 0064 return UnsafeMutableBufferPointer(start: md, count: Int(EVP_MAX_MD_SIZE)).generate().prefix(Int(n)).map({ $0.hexString }).joinWithSeparator(":") 0065 } 0066 0067 public init
Certificate.swift:63 X509_digest(certificate, EVP_sha256(), md, &n)Certificate.swift:69 self.certificate = certificateCertificate.swift:78 certificate = X509_new()Certificate.swift:80 guard certificate != nil else {Certificate.swift:88 ASN1_INTEGER_set(X509_get_serialNumber(certificate), Int(serial))Certificate.swift:93 ret = X509_set_issuer_name(certificate, subject)Certificate.swift:95 ret = X509_set_subject_name(certificate, subject)Certificate.swift:98 X509_gmtime_adj(certificate.memory.validityNotBefore, 0)Certificate.swift:99 X509_gmtime_adj(certificate.memory.validityNotAfter, expiresInDays*86400)Certificate.swift:101 ret = X509_set_pubkey(certificate, privateKey)Certificate.swift:107 ret = X509_add_ext(certificate, ext, -1)Certificate.swift:115 ret = X509_add_ext(certificate, ext, -1)Certificate.swift:122 ret = X509_sign(certificate, privateKey, EVP_sha256())Context.swift:46 if SSL_CTX_use_certificate(context, certificate.certificate) != 1 {(certificate: UnsafeMutablePointer<X509>) { 0068 OpenSSL.initialize() 0069 self.certificate = certificate 0070 } 0071 0072 public init(privateKey: Key, commonName: String, expiresInDays: Int = 365, subjectAltName: String? = nil) throws { 0073 OpenSSL.initialize() 0074 0075 let privateKey = privateKey.key 0076 var ret: Int32 = 0 0077 0078 certificate = X509_new() 0079 0080 guard certificate != nil else { 0081 throw Error.Certificate 0082 } 0083 0084 let subject = X509_NAME_new() 0085 var ext = X509_EXTENSION_new() 0086 0087 let serial = rand() 0088 ASN1_INTEGER_set(X509_get_serialNumber(certificate), Int(serial)) 0089 0090 ret = X509_NAME_add_entry_by_txt(subject, "CN", (MBSTRING_FLAG|1), commonName, Int32(commonName.utf8.count), -1, 0) 0091 guard ret >= 0 else { throw Error.Subject } 0092 0093 ret = X509_set_issuer_name(certificate, subject) 0094 guard ret >= 0 else { throw Error.Subject } 0095 ret = X509_set_subject_name(certificate, subject) 0096 guard ret >= 0 else { throw Error.Subject } 0097 0098 X509_gmtime_adj(certificate.memory.validityNotBefore, 0) 0099 X509_gmtime_adj(certificate.memory.validityNotAfter, expiresInDays*86400) 0100 0101 ret = X509_set_pubkey(certificate, privateKey) 0102 guard ret >= 0 else { throw Error.PrivateKey } 0103 0104 if let subjectAltName = subjectAltName { 0105 try subjectAltName.withCString { strPtr in 0106 ext = X509V3_EXT_conf_nid(nil, nil, NID_subject_alt_name, UnsafeMutablePointer<CChar>(strPtr)) 0107 ret = X509_add_ext(certificate, ext, -1) 0108 X509_EXTENSION_free(ext) 0109 guard ret >= 0 else { throw Error.Extension } 0110 } 0111 } 0112 0113 try "CA:FALSE".withCString { strPtr in 0114 ext = X509V3_EXT_conf_nid(nil, nil, NID_basic_constraints, UnsafeMutablePointer<CChar>(strPtr)) 0115 ret = X509_add_ext(certificate, ext, -1) 0116 X509_EXTENSION_free(ext) 0117 guard ret >= 0 else { throw Error.Extension } 0118 } 0119 0120 // TODO: add extensions NID_subject_key_identifier and NID_authority_key_identifier 0121 0122 ret = X509_sign(certificate, privateKey, EVP_sha256()) 0123 guard ret >= 0 else { throw Error.Sign } 0124 } 0125 0126 } 0127
Session.swift:93 return Certificate(certificate: certificate)