diff options
| author | Carl Hetherington <cth@carlh.net> | 2014-07-18 11:45:19 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2014-07-18 11:45:19 +0100 |
| commit | 9984f8318ba9999e39cf2f6688bd41408982cca9 (patch) | |
| tree | a74ace56260cbea8f326bc0cf9f5ca99e74353f0 /src | |
| parent | 56e7a6f1768036df852a45d939b9adc038b17057 (diff) | |
Various small tweaks and fixes.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certificates.cc | 21 | ||||
| -rw-r--r-- | src/certificates.h | 1 | ||||
| -rw-r--r-- | src/signer.cc | 6 | ||||
| -rw-r--r-- | src/util.cc | 31 | ||||
| -rw-r--r-- | src/util.h | 3 |
5 files changed, 36 insertions, 26 deletions
diff --git a/src/certificates.cc b/src/certificates.cc index 46c60d6b..c03c371b 100644 --- a/src/certificates.cc +++ b/src/certificates.cc @@ -49,23 +49,6 @@ Certificate::Certificate (X509* c) } -/** Load an X509 certificate from a file. - * @param filename File to load. - */ -Certificate::Certificate (boost::filesystem::path filename) - : _certificate (0) - , _public_key (0) -{ - FILE* f = fopen_boost (filename, "r"); - if (!f) { - throw FileError ("could not open file", filename, errno); - } - - if (!PEM_read_X509 (f, &_certificate, 0, 0)) { - throw MiscError ("could not read X509 certificate"); - } -} - /** Load an X509 certificate from a string. * @param cert String to read from. */ @@ -255,8 +238,8 @@ Certificate::thumbprint () const uint8_t buffer[8192]; uint8_t* p = buffer; i2d_X509_CINF (_certificate->cert_info, &p); - int const length = p - buffer; - if (length > 8192) { + unsigned int const length = p - buffer; + if (length > sizeof (buffer)) { throw MiscError ("buffer too small to generate thumbprint"); } diff --git a/src/certificates.h b/src/certificates.h index 06ce92a9..1593ddbc 100644 --- a/src/certificates.h +++ b/src/certificates.h @@ -51,7 +51,6 @@ public: : _certificate (0) {} - Certificate (boost::filesystem::path); Certificate (std::string); Certificate (X509 *); Certificate (Certificate const &); diff --git a/src/signer.cc b/src/signer.cc index 55684759..d9c46145 100644 --- a/src/signer.cc +++ b/src/signer.cc @@ -43,9 +43,9 @@ Signer::Signer (boost::filesystem::path openssl) { boost::filesystem::path directory = make_certificate_chain (openssl); - _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (directory / "ca.self-signed.pem"))); - _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (directory / "intermediate.signed.pem"))); - _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (directory / "leaf.signed.pem"))); + _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string (directory / "ca.self-signed.pem")))); + _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string (directory / "intermediate.signed.pem")))); + _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string (directory / "leaf.signed.pem")))); _key = dcp::file_to_string (directory / "leaf.key"); diff --git a/src/util.cc b/src/util.cc index 9758db9c..1334b21d 100644 --- a/src/util.cc +++ b/src/util.cc @@ -370,10 +370,14 @@ dcp::ids_equal (string a, string b) } string -dcp::file_to_string (boost::filesystem::path p) +dcp::file_to_string (boost::filesystem::path p, uintmax_t max_length) { uintmax_t len = boost::filesystem::file_size (p); - char* c = new char[len]; + if (len > max_length) { + throw MiscError ("Unexpectedly long file"); + } + + char* c = new char[len + 1]; FILE* f = fopen_boost (p, "r"); if (!f) { @@ -382,9 +386,32 @@ dcp::file_to_string (boost::filesystem::path p) fread (c, 1, len, f); fclose (f); + c[len] = '\0'; string s (c); delete[] c; return s; } + +/** @param key RSA private key in PEM format (optionally with -----BEGIN... / -----END...) + * @return SHA1 fingerprint of key + */ +string +dcp::private_key_fingerprint (string key) +{ + boost::replace_all (key, "-----BEGIN RSA PRIVATE KEY-----\n", ""); + boost::replace_all (key, "\n-----END RSA PRIVATE KEY-----\n", ""); + + unsigned char buffer[4096]; + int const N = base64_decode (key, buffer, sizeof (buffer)); + + SHA_CTX sha; + SHA1_Init (&sha); + SHA1_Update (&sha, buffer, N); + uint8_t digest[20]; + SHA1_Final (digest, &sha); + + char digest_base64[64]; + return Kumu::base64encode (digest, 20, digest_base64, 64); +} @@ -88,7 +88,8 @@ extern void add_signer (xmlpp::Element* parent, CertificateChain const & certifi extern int base64_decode (std::string const & in, unsigned char* out, int out_length); extern boost::optional<boost::filesystem::path> relative_to_root (boost::filesystem::path root, boost::filesystem::path file); extern FILE * fopen_boost (boost::filesystem::path, std::string); -extern std::string file_to_string (boost::filesystem::path); +extern std::string file_to_string (boost::filesystem::path, uintmax_t max_length = 4096); +extern std::string private_key_fingerprint (std::string key); template <class F, class T> std::list<boost::shared_ptr<T> > |