X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FsslUtil.cpp;h=c011b3cf82bda271839312d680cb2f1d0f51e26c;hb=f69f31caeda734d6d9c8ab00e693671ac7512bea;hp=82ff9f80fc8dac1dcda3a7a768a5049f7b4285da;hpb=4dcc14eba3c118e286b9e3fec1221c34ab674f13;p=cassiopeia.git diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp index 82ff9f8..c011b3c 100644 --- a/src/crypto/sslUtil.cpp +++ b/src/crypto/sslUtil.cpp @@ -3,8 +3,11 @@ #include #include #include + #include +#include "crypto/CRL.h" + std::shared_ptr ssl_lib_ref( new int( SSL_library_init() ), []( int* ref ) { @@ -14,15 +17,14 @@ std::shared_ptr ssl_lib_ref( CRYPTO_cleanup_all_ex_data(); } ); -std::shared_ptr loadX509FromFile( std::string filename ) { - FILE* f = fopen( filename.c_str(), "r" ); +std::shared_ptr loadX509FromFile( const std::string& filename ) { + std::shared_ptr f( fopen( filename.c_str(), "r" ), fclose ); if( !f ) { return std::shared_ptr(); } - X509* key = PEM_read_X509( f, NULL, NULL, 0 ); - fclose( f ); + X509* key = PEM_read_X509( f.get(), NULL, NULL, 0 ); if( !key ) { return std::shared_ptr(); @@ -35,15 +37,14 @@ std::shared_ptr loadX509FromFile( std::string filename ) { } ); } -std::shared_ptr loadPkeyFromFile( std::string filename ) { - FILE* f = fopen( filename.c_str(), "r" ); +std::shared_ptr loadPkeyFromFile( const std::string& filename ) { + std::shared_ptr f( fopen( filename.c_str(), "r" ), fclose ); if( !f ) { return std::shared_ptr(); } - EVP_PKEY* key = PEM_read_PrivateKey( f, NULL, NULL, 0 ); - fclose( f ); + EVP_PKEY* key = PEM_read_PrivateKey( f.get(), NULL, NULL, 0 ); if( !key ) { return std::shared_ptr(); @@ -91,7 +92,9 @@ std::shared_ptr generateSSLContext( bool server ) { SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback ); SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM ); SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM ); - SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ); + if( 1 != SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ) ) { + throw "Cannot load CA store for certificate validation."; + } if( server ) { STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" ); @@ -103,11 +106,10 @@ std::shared_ptr generateSSLContext( bool server ) { } if( !dh_param ) { - FILE* paramfile = fopen( "dh_param.pem", "r" ); + std::shared_ptr paramfile( fopen( "dh_param.pem", "r" ), fclose ); if( paramfile ) { - dh_param = std::shared_ptr( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free ); - fclose( paramfile ); + dh_param = std::shared_ptr( PEM_read_DHparams( paramfile.get(), NULL, NULL, NULL ), DH_free ); } else { dh_param = std::shared_ptr( DH_new(), DH_free ); std::cout << "Generating DH params" << std::endl; @@ -121,11 +123,10 @@ std::shared_ptr generateSSLContext( bool server ) { } std::cout << std::endl; - paramfile = fopen( "dh_param.pem", "w" ); + paramfile = std::shared_ptr( fopen( "dh_param.pem", "w" ), fclose ); if( paramfile ) { - PEM_write_DHparams( paramfile, dh_param.get() ); - fclose( paramfile ); + PEM_write_DHparams( paramfile.get(), dh_param.get() ); } } } @@ -138,10 +139,10 @@ std::shared_ptr generateSSLContext( bool server ) { return ctx; } -void setupSerial( FILE* f ) { +void setupSerial( std::shared_ptr f ) { struct termios attr; - if( tcgetattr( fileno( f ), &attr ) ) { + if( tcgetattr( fileno( f.get() ), &attr ) ) { throw "failed to get attrs"; } @@ -154,13 +155,13 @@ void setupSerial( FILE* f ) { cfsetispeed( &attr, B115200 ); cfsetospeed( &attr, B115200 ); - if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) { + if( tcsetattr( fileno( f.get() ), TCSANOW, &attr ) ) { throw "failed to get attrs"; } } -std::shared_ptr openSerial( const std::string name ) { - FILE* f = fopen( name.c_str(), "r+" ); +std::shared_ptr openSerial( const std::string& name ) { + std::shared_ptr f( fopen( name.c_str(), "r+" ), fclose ); if( !f ) { std::cout << "Opening serial device failed" << std::endl; @@ -168,13 +169,14 @@ std::shared_ptr openSerial( const std::string name ) { } setupSerial( f ); - std::shared_ptr b( BIO_new_fd( fileno( f ), 0 ), BIO_free ); - return b; + return std::shared_ptr( + BIO_new_fd( fileno( f.get() ), 0 ), + [f]( BIO* b ) { + BIO_free(b); + } ); } -CAConfig::CAConfig( std::string name ) { - this->name = name; - this->path = "ca/" + name; +CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) { ca = loadX509FromFile( path + "/ca.crt" ); caKey = loadPkeyFromFile( path + "/ca.key" ); ASN1_TIME* tm = X509_get_notBefore( ca ); @@ -196,3 +198,8 @@ void extractTimes( std::shared_ptr target, std::shared_ptrbefore = timeToString( std::shared_ptr( X509_get_notBefore( target.get() ), ASN1_TIME_free ) ); cert->after = timeToString( std::shared_ptr( X509_get_notAfter( target.get() ), ASN1_TIME_free ) ); } + +bool CAConfig::crlNeedsResign() { + std::shared_ptr crl( new CRL( path + "/ca.crl" ) ); + return crl->needsResign(); +}