Failed to extract information from p12 file in Common Lisp

Question

Failed to extract information from p12 file in Common Lisp

I am trying to extract information from a client certificate encrypted in PKCS # 12 in Common Lisp.

I tried the following steps:

Download this p12 file to BIO using d2i_PKCS12_bio
Confirm Password with PKCS12_verify_mac
Parse the file using PKCS12_parse

Here is the actual CFFI code:

 (defun load-pkcs12 (file &optional passphrase) (openssl-add-all-digests) (pkcs12-pbe-add) ;; 1. Load the given p12 file (let ((content (slurp-file file))) (cffi:with-pointer-to-vector-data (data-sap content) (let* ((bio (bio-new-mem-buf data-sap (length content))) (p12 (d2i-pkcs12-bio bio (cffi:null-pointer))) (pkey (evp-pkey-new)) (cert (x509-new))) (unwind-protect (progn ;; 2. Verify the passphrase (let ((res (pkcs12-verify-mac p12 (or passphrase (cffi:null-pointer)) (length passphrase)))) (when (zerop res) (error (format nil "Error while verifying mac~%~A" (get-errors))))) ;; 3. Parse the file (cffi:with-foreign-objects ((*pkey :pointer) (*cert :pointer)) (setf (cffi:mem-ref *pkey :pointer) pkey (cffi:mem-ref *cert :pointer) cert) (let ((res (pkcs12-parse p12 (or passphrase (cffi:null-pointer)) *pkey *cert (cffi:null-pointer)))) (when (zerop res) (error "Error in pkcs12-parse~%~A" (get-errors))))) (pkcs12-free p12) ;; 4. Show the result (let ((bio (cl+ssl::bio-new (bio-s-mem)))) (unwind-protect (progn (x509-print-ex bio cert 0 0) (bio-to-string bio)) (bio-free bio)))) (evp-pkey-free pkey) (x509-free cert))))))

However, the result from X509_print_ex always meaningless:

 Certificate: Data: Version: 1 (0x0) Serial Number: 0 (0x0) Signature Algorithm: itu-t Issuer: Validity Not Before: Bad time value

It looks great when I tried it with the openssl command, so I assume the p12 file is fine:

 $ openssl pkcs12 -in sslcert.p12 -clcerts -nokeys Enter Import Password: <input passphrase> MAC verified OK Bag Attributes localKeyID: 31 0E 0D 31 05 8D 20 13 BA B3 81 85 57 AD 28 52 9F D0 19 BE subject=/C=JP/ST=Tokyo/L=Minato/O=<company>/OU=Development/CN=<user>/ emailAddress=admin@example.co.jp issuer=/C=JP/ST=Tokyo/O=<company>/OU=Development/CN=SuperUser Intermediate CA/ emailAddress=admin@example.co.jp -----BEGIN CERTIFICATE----- ...PEM-encoded certificate... -----END CERTIFICATE-----

Full mime fragments actually . The main function load-pkcs12 is at the bottom of the file.

 (load-pkcs12 #P"/path/to/sslcert.p12" "password")

Can anyone help here?

What i called

+5

openssl common-lisp cffi

fukamachi Apr 10 '17 at 14:11

source share

No one has answered this question yet.

See similar questions:

eleven

How to load PKCS # 12 file into OpenSSL programmatically?

5

Common Lisp CFFI: pointer to pointer

1

PKCS12 file password verification error

or similar:

3

Failed to read serial number (ASN1_INTEGER) from x509 certificate using openssl

2

how to use X509 certificates (to sign a file with simple verification and other issues)

2

The successive generation of OpenSSL PKCS12 provides various private key data

2

Get CA certificates from p12 file programmatically and list of order certificates?

0

Openssl stops working when creating pkcs # 12 with a friendly name

0

When trying to create a password-protected PFX file, an openssl error occurs:

0

ssl mutual authentication certificates

0

Download X509 Certificate from MySQL BLOB

0

curl with .p12 certificate in bash script

0

Creating pkcs12 for ios push notification server

Failed to extract information from p12 file in Common Lisp

What i called

More articles: