求大神把这段代码 每条都注释一下,我学java的,c不是很懂
/****
*
*
*
* */
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/x509_vfy.h>
#include <openssl/ossl_typ.h>
#include "jni.h"
#include "ntsc_log.h"
#include <openssl/pem.h>
//int ntsc_verify_x509_certificate(X509 *userCert,X509 *rootCert);
int ntsc_verify_x509_certificate(X509 *userCert,X509 *rootCert,X509_CRL *pCrlCert);
X509 *ntsc_get_root_certficate(const char *pRootCertPath);
PKCS7 *ntsc_get_app_certficate(const char *pAppCertName);
X509_CRL *ntsc_get_crl_certficate(const char *pCrlCertName);
JNIEXPORT jboolean certVerify(JNIEnv *env, jobject thiz, jstring appCertName, jstring rootCertName,jstring crlCertName)
{
const char *pAppCertName = NULL;
const char *pRootCertName = NULL;
const char *pCrlCertName = NULL;
char *modulus = NULL;
X509 *pAppX509Cert = NULL;
X509 *pRootCert = NULL;
X509_CRL *pX509CrlCert = NULL;
pAppCertName = (*env)->GetStringUTFChars(env, appCertName, 0);
pRootCertName = (*env)->GetStringUTFChars(env, rootCertName, 0);
pCrlCertName = (*env)->GetStringUTFChars(env, crlCertName, 0);
if((NULL == pAppCertName ) || (NULL == pRootCertName )|| (NULL == pCrlCertName))
{
LOGE("certVerify param is null!");
return 0;
}
PKCS7* pAppPK7Cert = ntsc_get_app_certficate(pAppCertName);
if(NULL == pAppPK7Cert)
{
(*env)->ReleaseStringUTFChars(env, appCertName, pAppCertName);
(*env)->ReleaseStringUTFChars(env, rootCertName, pRootCertName);
return 0;
}
pAppX509Cert = sk_X509_pop(pAppPK7Cert->d.sign->cert);
pRootCert = ntsc_get_root_certficate(pRootCertName);
pX509CrlCert = ntsc_get_crl_certficate(pCrlCertName);
if(NULL == pX509CrlCert)
{
LOGE("pX509Cert is null!");
return 0;
}
int result = ntsc_verify_x509_certificate(pAppX509Cert,pRootCert,pX509CrlCert);
//LOGD("---->%d",result);
if(NULL != pX509CrlCert)
{
X509_CRL_free(pX509CrlCert);
pX509CrlCert=NULL;
}
if(NULL != pRootCert)
{
X509_free(pRootCert);
pRootCert = NULL;
pAppX509Cert = NULL;
}
if(NULL != pAppPK7Cert)
{
PKCS7_free(pAppPK7Cert);
pAppPK7Cert = NULL;
}
/*free memory*/
(*env)->ReleaseStringUTFChars(env, appCertName, pAppCertName);
(*env)->ReleaseStringUTFChars(env, rootCertName, pRootCertName);
(*env)->ReleaseStringUTFChars(env, crlCertName, pCrlCertName);
return (result==1)? 1:0;
}
/***
*
* ntsc_get_app_certficate()
*
* */
X509_CRL* ntsc_get_crl_certficate(const char *pCrlCertName)
{
X509_CRL* pCrlCert = NULL;
if(NULL == pCrlCertName)
{
LOGE("ntsc_get_crl_certficate input param is null\n");
return NULL;
}
FILE* fp;
if (!(fp = fopen(pCrlCertName, "rb")))
{
fprintf(stderr, "Error reading input crl file\n" );
LOGE("ntsc_get_crl_certficate Error reading input crl file\n");
return NULL;
}
pCrlCert = d2i_X509_CRL_fp(fp,NULL);
fclose(fp);
return pCrlCert;
}
/***
*
* ntsc_get_app_certficate()
*
* */
PKCS7* ntsc_get_app_certficate(const char *pAppCertName)
{
if(NULL == pAppCertName)
{
LOGE("ntsc_get_app_certficate input param is null\n");
return NULL;
}
FILE* fp;
if (!(fp = fopen(pAppCertName, "rb")))
{
fprintf(stderr, "Error reading input pkcs7 file\n" );
LOGE("ntsc_get_app_certficate Error reading input pkcs7 file\n");
return NULL;
}
PKCS7* pkcs7 = d2i_PKCS7_fp(fp, NULL);
//X509* cert = sk_X509_pop(pkcs7->d.sign->cert);
fclose(fp);
return pkcs7;
}
X509 *ntsc_get_root_certficate(const char *pRootCertPath)
{
X509 *pRootCert = NULL;
BIO *pBIO = NULL;
if(NULL == pRootCertPath)
{
return NULL;
}
pBIO = BIO_new_file(pRootCertPath,"r");
pRootCert = PEM_read_bio_X509(pBIO,NULL,NULL,NULL);
BIO_free(pBIO);
//X509_free(pRootCert);
return pRootCert;
}
int ntsc_verify_x509_certificate(X509 *userCert,X509 *rootCert,X509_CRL *pCrlCert)
{
X509_STORE* pCertChain = NULL; // to store root certificate chain
X509_STORE_CTX *pXStoreCtx = NULL;
X509 *pRootCert = NULL;
X509 *pUserCert = NULL;
int res = -1;
if((NULL == userCert) || (NULL == rootCert))
{
LOGE("ntsc_verify_x509_certificate param is null !");
return res;
}
pRootCert = rootCert;
pUserCert = userCert;
pCertChain = X509_STORE_new();
if(NULL == pCertChain)
{
goto bail;
}
X509_STORE_add_cert(pCertChain,pRootCert);
X509_STORE_add_crl(pCertChain,pCrlCert);
X509_STORE_set_flags(pCertChain,X509_V_FLAG_CRL_CHECK);
pXStoreCtx = X509_STORE_CTX_new();
if(NULL == pXStoreCtx)
{
goto bail;
}
X509_STORE_CTX_init(pXStoreCtx,pCertChain,pUserCert,NULL);
X509_STORE_CTX_set_flags(pXStoreCtx,X509_V_FLAG_CRL_CHECK_ALL);
res = X509_verify_cert(pXStoreCtx);
if (1 != res)
{
long nCode = X509_STORE_CTX_get_error(pXStoreCtx);
const char *pChErrMsg = X509_verify_cert_error_string(nCode);
LOGE("failed to check certificate : %s \n",pChErrMsg);
res = 0;
}
bail:
if(NULL != pXStoreCtx)
{
X509_STORE_CTX_free(pXStoreCtx);
}
if (NULL != pCertChain)
{
X509_STORE_free(pCertChain);
}
return res;
}