X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FsslUtil.cpp;h=687387c1573c7d9c615fdcfcff78cb3ab838b9d6;hb=160ba9d844500d1e553a0dab21a4a2a7fabc60d5;hp=c011b3cf82bda271839312d680cb2f1d0f51e26c;hpb=0141e5a371a97b0cb409d168ea8401bcb4f30923;p=cassiopeia.git diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp index c011b3c..687387c 100644 --- a/src/crypto/sslUtil.cpp +++ b/src/crypto/sslUtil.cpp @@ -7,6 +7,7 @@ #include #include "crypto/CRL.h" +#include "log/logger.hpp" std::shared_ptr ssl_lib_ref( new int( SSL_library_init() ), @@ -32,13 +33,19 @@ std::shared_ptr loadX509FromFile( const std::string& filename ) { return std::shared_ptr( key, - []( X509 * ref ) { + []( X509* ref ) { X509_free( ref ); } ); } std::shared_ptr loadPkeyFromFile( const std::string& filename ) { - std::shared_ptr f( fopen( filename.c_str(), "r" ), fclose ); + std::shared_ptr f( + fopen( filename.c_str(), "r" ), + []( FILE* ptr ) { + if( ptr ) { + fclose( ptr ); + } + } ); if( !f ) { return std::shared_ptr(); @@ -52,7 +59,7 @@ std::shared_ptr loadPkeyFromFile( const std::string& filename ) { return std::shared_ptr( key, - []( EVP_PKEY * ref ) { + []( EVP_PKEY* ref ) { EVP_PKEY_free( ref ); } ); } @@ -61,7 +68,9 @@ int gencb( int a, int b, BN_GENCB* g ) { ( void ) a; ( void ) b; ( void ) g; + std::cout << ( a == 0 ? "." : "+" ) << std::flush; + return 1; } @@ -72,7 +81,7 @@ static int verify_callback( int preverify_ok, X509_STORE_CTX* ctx ) { //X509_print_ex(o, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT); //BIO_free(o); - std::cout << "Verification failed: " << preverify_ok << " because " << X509_STORE_CTX_get_error( ctx ) << std::endl; + logger::errorf( "Verification failed: %s because %s", preverify_ok, X509_STORE_CTX_get_error( ctx ) ); } return preverify_ok; @@ -81,9 +90,11 @@ static int verify_callback( int preverify_ok, X509_STORE_CTX* ctx ) { static std::shared_ptr dh_param; std::shared_ptr generateSSLContext( bool server ) { - std::shared_ptr ctx = std::shared_ptr( SSL_CTX_new( TLSv1_2_method() ), []( SSL_CTX * p ) { - SSL_CTX_free( p ); - } ); + std::shared_ptr ctx = std::shared_ptr( + SSL_CTX_new( TLSv1_2_method() ), + []( SSL_CTX* p ) { + SSL_CTX_free( p ); + } ); if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) { throw "Cannot set cipher list. Your source is broken."; @@ -92,6 +103,7 @@ std::shared_ptr generateSSLContext( bool server ) { SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback ); SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM ); SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM ); + if( 1 != SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ) ) { throw "Cannot load CA store for certificate validation."; } @@ -112,7 +124,7 @@ std::shared_ptr generateSSLContext( bool server ) { dh_param = std::shared_ptr( PEM_read_DHparams( paramfile.get(), NULL, NULL, NULL ), DH_free ); } else { dh_param = std::shared_ptr( DH_new(), DH_free ); - std::cout << "Generating DH params" << std::endl; + logger::note( "Generating DH params" ); BN_GENCB cb; cb.ver = 2; cb.arg = 0; @@ -164,7 +176,7 @@ std::shared_ptr openSerial( const std::string& name ) { std::shared_ptr f( fopen( name.c_str(), "r+" ), fclose ); if( !f ) { - std::cout << "Opening serial device failed" << std::endl; + logger::error( "Opening serial device failed." ); return std::shared_ptr(); } @@ -172,21 +184,35 @@ std::shared_ptr openSerial( const std::string& name ) { return std::shared_ptr( BIO_new_fd( fileno( f.get() ), 0 ), [f]( BIO* b ) { - BIO_free(b); + BIO_free( b ); } ); } +extern std::string crlPrefix; +extern std::string crtPrefix; + CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) { ca = loadX509FromFile( path + "/ca.crt" ); caKey = loadPkeyFromFile( path + "/ca.key" ); ASN1_TIME* tm = X509_get_notBefore( ca ); notBefore = std::shared_ptr( tm, ASN1_TIME_free ); + std::size_t pos = name.find("_"); + if (pos == std::string::npos) { + throw new std::invalid_argument("ca name: " + name + " is malformed."); + } + std::size_t pos2 = name.find("_", pos + 1); + if (pos2 == std::string::npos) { + throw new std::invalid_argument("ca name: " + name + " is malformed."); + } + crlURL = crlPrefix + "/g2/" + name.substr(pos+1, pos2-pos - 1) + "/" + name.substr(0,pos) + "-" + name.substr(pos2+1) + ".crl"; + crtURL = crtPrefix + "/g2/" + name.substr(pos+1, pos2-pos - 1) + "/" + name.substr(0,pos) + "-" + name.substr(pos2+1) + ".crt"; } std::string timeToString( std::shared_ptr time ) { std::shared_ptr gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) ); std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) ); + logger::notef("openssl formatted me a date: %s", strdate); if( strdate[strdate.size() - 1] != 'Z' ) { throw "Got invalid date?"; } @@ -200,6 +226,6 @@ void extractTimes( std::shared_ptr target, std::shared_ptr crl( new CRL( path + "/ca.crl" ) ); + auto crl = std::make_shared( path + "/ca.crl" ); return crl->needsResign(); }