QT 开发openSSL CSR证书请求工具

1、环境

QT 5.15.2 MinGW8.1.0 64Bit

OpenSSL 1.1.1f 31 Mar 2020
built on: Wed Nov 24 13:20:48 2021 UTC
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(int) blowfish(ptr)

本机的OpenSSL是随QT安装的。

2、QT使用openSSL

2.1 项目文件添加以下依赖

LIBS += $$quote(D:\SoftWareTools\Qt5.15.2_64\Tools\OpenSSL\Win_x64\lib\libcrypto.lib)
LIBS += $$quote(D:\SoftWareTools\Qt5.15.2_64\Tools\OpenSSL\Win_x64\lib\libssl.lib) 
INCLUDEPATH += $$quote(D:\SoftWareTools\Qt5.15.2_64\Tools\OpenSSL\Win_x64\include)

2.2 项目工程中需要添加applink.c，文件位于openssl的include下:

2.3 生成的exe文件夹下添加dll，在openssl的bin目录:

3、实现

添加相关头文件：

UI设计：

关键代码：

void MainWindow::on_pushButton_create_clicked()
{/*! check valid */if (ui->lineEdit_country->text().isEmpty()) {QMessageBox::about(NULL, "notice", "country is empty, error!");return;}if (ui->lineEdit_city->text().isEmpty()) {QMessageBox::about(NULL, "notice", "city is empty, error!");return;}if (ui->lineEdit_province->text().isEmpty()) {QMessageBox::about(NULL, "notice", "province is empty, error!");return;}if (ui->lineEdit_organization->text().isEmpty()) {QMessageBox::about(NULL, "notice", "organization is empty, error!");return;}if (ui->lineEdit_unit->text().isEmpty()) {QMessageBox::about(NULL, "notice", "unit is empty, error!");return;}if (ui->lineEdit_name->text().isEmpty()) {QMessageBox::about(NULL, "notice", "name is empty, error!");return;}/*! create pri and pub key */FILE* private_key_file;FILE* public_key_file;private_key_file = fopen("./prikey.pem", "w+");public_key_file  = fopen("./pubkey.pem", "w+");int bits              = 1024;unsigned long e_value = RSA_3;BIGNUM* bne = BN_new();if (1 != BN_set_word(bne, e_value)) {QMessageBox::about(NULL, "notice", "openssl set bne word error!");BN_free(bne);return;}RSA* rsa = RSA_new();if (1 != RSA_generate_key_ex(rsa, bits, bne, NULL)) {QMessageBox::about(NULL, "notice", "openssl rsa gen error!");RSA_free(rsa);rsa = NULL;return;}PEM_write_RSAPrivateKey(private_key_file, rsa, NULL, NULL, 0, NULL, NULL);PEM_write_RSA_PUBKEY(public_key_file, rsa);RSA_free(rsa);rsa = NULL;BN_free(bne);bne = NULL;fclose(private_key_file);fclose(public_key_file);/*! create csr */// 1. set version of x509 reqX509_REQ* x509_req = X509_REQ_new();int nVersion       = 1;if (1 != X509_REQ_set_version(x509_req, nVersion)) {QMessageBox::about(NULL, "notice", "X509 req set version error!");X509_REQ_free(x509_req);return;}// 2. set subject of x509 reqX509_NAME* x509_name = X509_REQ_get_subject_name(x509_req);const char* pbCN     = NULL; const char* pbOU     = NULL; const char* pbO      = NULL; const char* pbL      = NULL; const char* pbST     = NULL;const char* pbC      = NULL; QByteArray ba;ba.clear();ba.append(ui->lineEdit_name->text().toUtf8());pbCN = ba.data();ba.clear();ba.append(ui->lineEdit_unit->text().toUtf8());pbOU = ba.data();ba.clear();ba.append(ui->lineEdit_organization->text().toUtf8());pbO = ba.data();ba.clear();ba.append(ui->lineEdit_city->text().toUtf8());pbL = ba.data();ba.clear();ba.append(ui->lineEdit_province->text().toUtf8());pbST = ba.data();ba.clear();ba.append(ui->lineEdit_country->text().toUtf8());pbC = ba.data();X509_NAME_add_entry_by_txt(x509_name, "CN", V_ASN1_UTF8STRING, (const unsigned char*)pbCN, -1, -1, 0);X509_NAME_add_entry_by_txt(x509_name, "OU", V_ASN1_UTF8STRING, (const unsigned char*)pbOU, -1, -1, 0);X509_NAME_add_entry_by_txt(x509_name, "O", V_ASN1_UTF8STRING, (const unsigned char*)pbO, -1, -1, 0);X509_NAME_add_entry_by_txt(x509_name, "L", V_ASN1_UTF8STRING, (const unsigned char*)pbL, -1, -1, 0);X509_NAME_add_entry_by_txt(x509_name, "ST", V_ASN1_UTF8STRING, (const unsigned char*)pbST, -1, -1, 0);X509_NAME_add_entry_by_txt(x509_name, "C", V_ASN1_UTF8STRING, (const unsigned char*)pbC, -1, -1, 0);// 3. set public key of x509 reqconst char* key_file_path = "./prikey.pem";BIO* key_file_BIO         = BIO_new_file(key_file_path, "r");if (key_file_BIO == NULL) {QMessageBox::about(NULL, "notice", "BIO new file error!");BIO_free_all(key_file_BIO);X509_REQ_free(x509_req);return;}rsa = PEM_read_bio_RSAPrivateKey(key_file_BIO, NULL, NULL, NULL);if (rsa == NULL) {QMessageBox::about(NULL, "notice", "PEM read bio RSAPrivateKey error!");BIO_free_all(key_file_BIO);X509_REQ_free(x509_req);RSA_free(rsa);return;}EVP_PKEY* pKey = EVP_PKEY_new();EVP_PKEY_assign_RSA(pKey, rsa);rsa = NULL; // will be free rsa when EVP_PKEY_free(pKey)if (1 != X509_REQ_set_pubkey(x509_req, pKey)) {QMessageBox::about(NULL, "notice", "X509 REQ set pubkey error!");BIO_free_all(key_file_BIO);X509_REQ_free(x509_req);EVP_PKEY_free(pKey);RSA_free(rsa);return;}// 4. set sign key of x509 reqint ret = X509_REQ_sign(x509_req, pKey, EVP_sha1()); // return x509_req->signature->lengthif (ret <= 0) {QMessageBox::about(NULL, "notice", "X509 REQ sign error!");BIO_free_all(key_file_BIO);X509_REQ_free(x509_req);EVP_PKEY_free(pKey);RSA_free(rsa);return;}m_file_name = ui->lineEdit_name->text();ba.clear();QString csr_file = m_file_name + ".csr";ba.append(csr_file.toLatin1());BIO* out = BIO_new_file(ba.data(), "w");if (1 == PEM_write_bio_X509_REQ(out, x509_req)) {QMessageBox::about(NULL, "notice", QString("create %1 success!").arg(ui->lineEdit_name->text() + ".csr"));ui->textEdit_csr_msg->append(ui->lineEdit_name->text() + ".csr create success");} else {QMessageBox::about(NULL, "notice", "creat csr error!");}BIO_free_all(key_file_BIO);X509_REQ_free(x509_req);EVP_PKEY_free(pKey);BIO_free_all(out);RSA_free(rsa);
}

最终实现效果