0001    // SSLCertificate.swift
0002    //
0003    // The MIT License (MIT)
0004    //
0005    // Copyright (c) 2015 Zewo
0006    //
0007    // Permission is hereby granted, free of charge, to any person obtaining a copy
0008    // of this software and associated documentation files (the "Software"), to deal
0009    // in the Software without restriction, including without limitation the rights
0010    // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
0011    // copies of the Software, and to permit persons to whom the Software is
0012    // furnished to do so, subject to the following conditions:
0013    //
0014    // The above copyright notice and this permission notice shall be included in all
0015    // copies or substantial portions of the Software.
0016    //
0017    // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
0018    // IMPLIED, INCLUDINbG BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
0019    // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
0020    // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
0021    // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
0022    // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
0023    // SOFTWARE.
0024    
0025    import System
0026    import COpenSSL
0027    
0028    private extension UInt8 {
0029    	var hexString
Certificate.swift:64
        return UnsafeMutableBufferPointer(start: md, count: Int(EVP_MAX_MD_SIZE)).generate().prefix(Int(n)).map({ $0.hexString }).joinWithSeparator(":")
: String { 0030 let str = String(self, radix: 16) 0031 return (self < 16 ? "0"+str : str) 0032 } 0033 } 0034 0035 private extension X509 { 0036 0037 var validityNotBefore
Certificate.swift:98
		X509_gmtime_adj(certificate.memory.validityNotBefore, 0)
: UnsafeMutablePointer<ASN1_TIME> { 0038 return cert_info.memory.validity.memory.notBefore 0039 } 0040 0041 var validityNotAfter
Certificate.swift:99
		X509_gmtime_adj(certificate.memory.validityNotAfter, expiresInDays*86400)
: UnsafeMutablePointer<ASN1_TIME> { 0042 return cert_info.memory.validity.memory.notAfter 0043 } 0044 0045 } 0046 0047 public class Certificate
Context.swift:45
	public func useCertificate(certificate: Certificate) throws {
Session.swift:93
		return Certificate(certificate: certificate)
Session.swift:82
	public var peerCertificate: Certificate? {
{ 0048 0049 public enum Error
Certificate.swift:81
            throw Error.Certificate
Certificate.swift:91
		guard ret >= 0 else { throw Error.Subject }
Certificate.swift:94
		guard ret >= 0 else { throw Error.Subject }
Certificate.swift:96
		guard ret >= 0 else { throw Error.Subject }
Certificate.swift:102
		guard ret >= 0 else { throw Error.PrivateKey }
Certificate.swift:109
				guard ret >= 0 else { throw Error.Extension }
Certificate.swift:117
			guard ret >= 0 else { throw Error.Extension }
Certificate.swift:123
		guard ret >= 0 else { throw Error.Sign }
: ErrorType { 0050 case Certificate
Certificate.swift:81
            throw Error.Certificate
0051 case Subject
Certificate.swift:91
		guard ret >= 0 else { throw Error.Subject }
Certificate.swift:94
		guard ret >= 0 else { throw Error.Subject }
Certificate.swift:96
		guard ret >= 0 else { throw Error.Subject }
0052 case PrivateKey
Certificate.swift:102
		guard ret >= 0 else { throw Error.PrivateKey }
0053 case Extension
Certificate.swift:109
				guard ret >= 0 else { throw Error.Extension }
Certificate.swift:117
			guard ret >= 0 else { throw Error.Extension }
0054 case Sign
Certificate.swift:123
		guard ret >= 0 else { throw Error.Sign }
0055 } 0056 0057 var certificate
Certificate.swift:63
        X509_digest(certificate, EVP_sha256(), md, &n)
Certificate.swift:69
        self.certificate = certificate
Certificate.swift:78
        certificate = X509_new()
Certificate.swift:80
		guard certificate != nil else {
Certificate.swift:88
		ASN1_INTEGER_set(X509_get_serialNumber(certificate), Int(serial))
Certificate.swift:93
		ret = X509_set_issuer_name(certificate, subject)
Certificate.swift:95
		ret = X509_set_subject_name(certificate, subject)
Certificate.swift:98
		X509_gmtime_adj(certificate.memory.validityNotBefore, 0)
Certificate.swift:99
		X509_gmtime_adj(certificate.memory.validityNotAfter, expiresInDays*86400)
Certificate.swift:101
		ret = X509_set_pubkey(certificate, privateKey)
Certificate.swift:107
				ret = X509_add_ext(certificate, ext, -1)
Certificate.swift:115
			ret = X509_add_ext(certificate, ext, -1)
Certificate.swift:122
		ret = X509_sign(certificate, privateKey, EVP_sha256())
Context.swift:46
        if SSL_CTX_use_certificate(context, certificate.certificate) != 1 {
: UnsafeMutablePointer<X509> 0058 0059 public var fingerprint: String { 0060 let md = UnsafeMutablePointer<UInt8>.alloc(Int(EVP_MAX_MD_SIZE)) 0061 defer { md.destroy(); md.dealloc(Int(EVP_MAX_MD_SIZE)) } 0062 var n: UInt32 = 0 0063 X509_digest(certificate, EVP_sha256(), md, &n) 0064 return UnsafeMutableBufferPointer(start: md, count: Int(EVP_MAX_MD_SIZE)).generate().prefix(Int(n)).map({ $0.hexString }).joinWithSeparator(":") 0065 } 0066 0067 public init
Session.swift:93
		return Certificate(certificate: certificate)
(certificate: UnsafeMutablePointer<X509>) { 0068 OpenSSL.initialize() 0069 self.certificate = certificate 0070 } 0071 0072 public init(privateKey: Key, commonName: String, expiresInDays: Int = 365, subjectAltName: String? = nil) throws { 0073 OpenSSL.initialize() 0074 0075 let privateKey = privateKey.key 0076 var ret: Int32 = 0 0077 0078 certificate = X509_new() 0079 0080 guard certificate != nil else { 0081 throw Error.Certificate 0082 } 0083 0084 let subject = X509_NAME_new() 0085 var ext = X509_EXTENSION_new() 0086 0087 let serial = rand() 0088 ASN1_INTEGER_set(X509_get_serialNumber(certificate), Int(serial)) 0089 0090 ret = X509_NAME_add_entry_by_txt(subject, "CN", (MBSTRING_FLAG|1), commonName, Int32(commonName.utf8.count), -1, 0) 0091 guard ret >= 0 else { throw Error.Subject } 0092 0093 ret = X509_set_issuer_name(certificate, subject) 0094 guard ret >= 0 else { throw Error.Subject } 0095 ret = X509_set_subject_name(certificate, subject) 0096 guard ret >= 0 else { throw Error.Subject } 0097 0098 X509_gmtime_adj(certificate.memory.validityNotBefore, 0) 0099 X509_gmtime_adj(certificate.memory.validityNotAfter, expiresInDays*86400) 0100 0101 ret = X509_set_pubkey(certificate, privateKey) 0102 guard ret >= 0 else { throw Error.PrivateKey } 0103 0104 if let subjectAltName = subjectAltName { 0105 try subjectAltName.withCString { strPtr in 0106 ext = X509V3_EXT_conf_nid(nil, nil, NID_subject_alt_name, UnsafeMutablePointer<CChar>(strPtr)) 0107 ret = X509_add_ext(certificate, ext, -1) 0108 X509_EXTENSION_free(ext) 0109 guard ret >= 0 else { throw Error.Extension } 0110 } 0111 } 0112 0113 try "CA:FALSE".withCString { strPtr in 0114 ext = X509V3_EXT_conf_nid(nil, nil, NID_basic_constraints, UnsafeMutablePointer<CChar>(strPtr)) 0115 ret = X509_add_ext(certificate, ext, -1) 0116 X509_EXTENSION_free(ext) 0117 guard ret >= 0 else { throw Error.Extension } 0118 } 0119 0120 // TODO: add extensions NID_subject_key_identifier and NID_authority_key_identifier 0121 0122 ret = X509_sign(certificate, privateKey, EVP_sha256()) 0123 guard ret >= 0 else { throw Error.Sign } 0124 } 0125 0126 } 0127