2 Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 of the License.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program; see the file COPYING. If not, write to the
15 Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
20 /* The certificate wrapper source implements certificate management functions
24 #include "runtime.hpp"
25 #include "cert_wrapper.hpp"
26 #include "yassl_int.hpp"
29 #if defined(USE_CML_LIB)
30 #include "cmapi_cpp.h"
40 x509::x509(uint sz
) : length_(sz
), buffer_(NEW_YS opaque
[sz
])
47 ysArrayDelete(buffer_
);
51 x509::x509(const x509
& that
) : length_(that
.length_
),
52 buffer_(NEW_YS opaque
[length_
])
54 memcpy(buffer_
, that
.buffer_
, length_
);
58 void x509::Swap(x509
& that
)
60 STL::swap(length_
, that
.length_
);
61 STL::swap(buffer_
, that
.buffer_
);
65 x509
& x509::operator=(const x509
& that
)
73 uint
x509::get_length() const
79 const opaque
* x509::get_buffer() const
85 opaque
* x509::use_buffer()
92 CertManager::CertManager()
93 : peerX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false),
94 sendVerify_(false), verifyCallback_(0)
98 CertManager::~CertManager()
102 STL::for_each(signers_
.begin(), signers_
.end(), del_ptr_zero()) ;
104 STL::for_each(peerList_
.begin(), peerList_
.end(), del_ptr_zero()) ;
106 STL::for_each(list_
.begin(), list_
.end(), del_ptr_zero()) ;
110 bool CertManager::verifyPeer() const
116 bool CertManager::verifyNone() const
122 bool CertManager::failNoCert() const
128 bool CertManager::sendVerify() const
134 void CertManager::setVerifyPeer()
140 void CertManager::setVerifyNone()
146 void CertManager::setFailNoCert()
152 void CertManager::setSendVerify()
158 void CertManager::setVerifyCallback(VerifyCallback vc
)
160 verifyCallback_
= vc
;
164 void CertManager::AddPeerCert(x509
* x
)
166 peerList_
.push_back(x
); // take ownership
170 void CertManager::CopySelfCert(const x509
* x
)
173 list_
.push_back(NEW_YS
x509(*x
));
178 int CertManager::CopyCaCert(const x509
* x
)
180 TaoCrypt::Source
source(x
->get_buffer(), x
->get_length());
181 TaoCrypt::CertDecoder
cert(source
, true, &signers_
, verifyNone_
,
182 TaoCrypt::CertDecoder::CA
);
184 if (!cert
.GetError().What()) {
185 const TaoCrypt::PublicKey
& key
= cert
.GetPublicKey();
186 signers_
.push_back(NEW_YS
TaoCrypt::Signer(key
.GetKey(), key
.size(),
187 cert
.GetCommonName(), cert
.GetHash()));
189 // just don't add, not an error return cert.GetError().What();
194 const x509
* CertManager::get_cert() const
196 return list_
.front();
200 const opaque
* CertManager::get_peerKey() const
202 return peerPublicKey_
.get_buffer();
206 X509
* CertManager::get_peerX509() const
212 SignatureAlgorithm
CertManager::get_peerKeyType() const
218 SignatureAlgorithm
CertManager::get_keyType() const
224 uint
CertManager::get_peerKeyLength() const
226 return peerPublicKey_
.get_size();
230 const opaque
* CertManager::get_privateKey() const
232 return privateKey_
.get_buffer();
236 uint
CertManager::get_privateKeyLength() const
238 return privateKey_
.get_size();
242 // Validate the peer's certificate list, from root to peer (last to first)
243 int CertManager::Validate()
245 CertList::reverse_iterator last
= peerList_
.rbegin();
246 size_t count
= peerList_
.size();
248 while ( count
> 1 ) {
249 TaoCrypt::Source
source((*last
)->get_buffer(), (*last
)->get_length());
250 TaoCrypt::CertDecoder
cert(source
, true, &signers_
, verifyNone_
);
252 if (int err
= cert
.GetError().What())
255 const TaoCrypt::PublicKey
& key
= cert
.GetPublicKey();
256 signers_
.push_back(NEW_YS
TaoCrypt::Signer(key
.GetKey(), key
.size(),
257 cert
.GetCommonName(), cert
.GetHash()));
263 // peer's is at the front
264 TaoCrypt::Source
source((*last
)->get_buffer(), (*last
)->get_length());
265 TaoCrypt::CertDecoder
cert(source
, true, &signers_
, verifyNone_
);
267 int err
= cert
.GetError().What();
268 if ( err
&& err
!= TaoCrypt::SIG_OTHER_E
)
271 uint sz
= cert
.GetPublicKey().size();
272 peerPublicKey_
.allocate(sz
);
273 peerPublicKey_
.assign(cert
.GetPublicKey().GetKey(), sz
);
275 if (cert
.GetKeyType() == TaoCrypt::RSAk
)
276 peerKeyType_
= rsa_sa_algo
;
278 peerKeyType_
= dsa_sa_algo
;
280 size_t iSz
= strlen(cert
.GetIssuer()) + 1;
281 size_t sSz
= strlen(cert
.GetCommonName()) + 1;
282 int bSz
= (int)strlen(cert
.GetBeforeDate()) + 1;
283 int aSz
= (int)strlen(cert
.GetAfterDate()) + 1;
284 peerX509_
= NEW_YS
X509(cert
.GetIssuer(), iSz
, cert
.GetCommonName(),
285 sSz
, cert
.GetBeforeDate(), bSz
,
286 cert
.GetAfterDate(), aSz
);
288 if (err
== TaoCrypt::SIG_OTHER_E
&& verifyCallback_
) {
289 X509_STORE_CTX store
;
291 store
.error_depth
= static_cast<int>(count
) - 1;
292 store
.current_cert
= peerX509_
;
294 int ok
= verifyCallback_(0, &store
);
298 if (err
== TaoCrypt::SIG_OTHER_E
) return err
;
304 // Set the private key
305 int CertManager::SetPrivateKey(const x509
& key
)
307 privateKey_
.allocate(key
.get_length());
308 privateKey_
.assign(key
.get_buffer(), key
.get_length());
311 if (x509
* cert
= list_
.front()) {
312 TaoCrypt::Source
source(cert
->get_buffer(), cert
->get_length());
313 TaoCrypt::CertDecoder
cd(source
, false);
315 if (int err
= cd
.GetError().What())
317 if (cd
.GetKeyType() == TaoCrypt::RSAk
)
318 keyType_
= rsa_sa_algo
;
320 keyType_
= dsa_sa_algo
;
326 // Store OpenSSL type peer's cert
327 void CertManager::setPeerX509(X509
* x
)
331 X509_NAME
* issuer
= x
->GetIssuer();
332 X509_NAME
* subject
= x
->GetSubject();
333 ASN1_STRING
* before
= x
->GetBefore();
334 ASN1_STRING
* after
= x
->GetAfter();
336 peerX509_
= NEW_YS
X509(issuer
->GetName(), issuer
->GetLength(),
337 subject
->GetName(), subject
->GetLength(), (const char*) before
->data
,
338 before
->length
, (const char*) after
->data
, after
->length
);
342 #if defined(USE_CML_LIB)
344 // Get the peer's certificate, extract and save public key
345 void CertManager::SetPeerKey()
347 // first cert is the peer's
348 x509
* main
= peerList_
.front();
351 cert
.num
= main
->get_length();
352 cert
.data
= main
->set_buffer();
354 CML::Certificate
cm(cert
);
355 const CML::ASN::Cert
& raw
= cm
.base();
356 CTIL::CSM_Buffer key
= raw
.pubKeyInfo
.key
;
359 opaque
* key_buffer
= reinterpret_cast<opaque
*>(key
.Get(sz
));
360 peerPublicKey_
.allocate(sz
);
361 peerPublicKey_
.assign(key_buffer
, sz
);
365 #endif // USE_CML_LIB