2
Copyright (c) 2005-2007 MySQL AB, 2008, 2009 Sun Microsystems, Inc.
3
Use is subject to license terms.
5
This program is free software; you can redistribute it and/or modify
6
it under the terms of the GNU General Public License as published by
7
the Free Software Foundation; version 2 of the License.
9
This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
14
You should have received a copy of the GNU General Public License
15
along with this program; see the file COPYING. If not, write to the
16
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
21
/* The certificate wrapper source implements certificate management functions
25
#include "runtime.hpp"
26
#include "cert_wrapper.hpp"
27
#include "yassl_int.hpp"
30
#if defined(USE_CML_LIB)
31
#include "cmapi_cpp.h"
41
x509::x509(uint sz) : length_(sz), buffer_(NEW_YS opaque[sz])
48
ysArrayDelete(buffer_);
52
x509::x509(const x509& that) : length_(that.length_),
53
buffer_(NEW_YS opaque[length_])
55
memcpy(buffer_, that.buffer_, length_);
59
void x509::Swap(x509& that)
61
STL::swap(length_, that.length_);
62
STL::swap(buffer_, that.buffer_);
66
x509& x509::operator=(const x509& that)
74
uint x509::get_length() const
80
const opaque* x509::get_buffer() const
86
opaque* x509::use_buffer()
93
CertManager::CertManager()
94
: peerX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false),
95
sendVerify_(false), verifyCallback_(0)
99
CertManager::~CertManager()
103
STL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ;
105
STL::for_each(peerList_.begin(), peerList_.end(), del_ptr_zero()) ;
107
STL::for_each(list_.begin(), list_.end(), del_ptr_zero()) ;
111
bool CertManager::verifyPeer() const
117
bool CertManager::verifyNone() const
123
bool CertManager::failNoCert() const
129
bool CertManager::sendVerify() const
135
void CertManager::setVerifyPeer()
141
void CertManager::setVerifyNone()
147
void CertManager::setFailNoCert()
153
void CertManager::setSendVerify()
159
void CertManager::setVerifyCallback(VerifyCallback vc)
161
verifyCallback_ = vc;
165
void CertManager::AddPeerCert(x509* x)
167
peerList_.push_back(x); // take ownership
171
void CertManager::CopySelfCert(const x509* x)
174
list_.push_back(NEW_YS x509(*x));
179
int CertManager::CopyCaCert(const x509* x)
181
TaoCrypt::Source source(x->get_buffer(), x->get_length());
182
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_,
183
TaoCrypt::CertDecoder::CA);
185
if (!cert.GetError().What()) {
186
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
187
signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
188
cert.GetCommonName(), cert.GetHash()));
190
// just don't add, not an error return cert.GetError().What();
195
const x509* CertManager::get_cert() const
197
return list_.front();
201
const opaque* CertManager::get_peerKey() const
203
return peerPublicKey_.get_buffer();
207
X509* CertManager::get_peerX509() const
213
SignatureAlgorithm CertManager::get_peerKeyType() const
219
SignatureAlgorithm CertManager::get_keyType() const
225
uint CertManager::get_peerKeyLength() const
227
return peerPublicKey_.get_size();
231
const opaque* CertManager::get_privateKey() const
233
return privateKey_.get_buffer();
237
uint CertManager::get_privateKeyLength() const
239
return privateKey_.get_size();
243
// Validate the peer's certificate list, from root to peer (last to first)
244
int CertManager::Validate()
246
CertList::reverse_iterator last = peerList_.rbegin();
247
size_t count = peerList_.size();
249
while ( count > 1 ) {
250
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
251
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
253
if (int err = cert.GetError().What())
256
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
257
signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
258
cert.GetCommonName(), cert.GetHash()));
264
// peer's is at the front
265
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
266
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
268
int err = cert.GetError().What();
272
uint sz = cert.GetPublicKey().size();
273
peerPublicKey_.allocate(sz);
274
peerPublicKey_.assign(cert.GetPublicKey().GetKey(), sz);
276
if (cert.GetKeyType() == TaoCrypt::RSAk)
277
peerKeyType_ = rsa_sa_algo;
279
peerKeyType_ = dsa_sa_algo;
281
size_t iSz = strlen(cert.GetIssuer()) + 1;
282
size_t sSz = strlen(cert.GetCommonName()) + 1;
283
int bSz = (int)strlen(cert.GetBeforeDate()) + 1;
284
int aSz = (int)strlen(cert.GetAfterDate()) + 1;
285
peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
286
sSz, cert.GetBeforeDate(), bSz,
287
cert.GetAfterDate(), aSz);
289
if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) {
290
X509_STORE_CTX store;
292
store.error_depth = static_cast<int>(count) - 1;
293
store.current_cert = peerX509_;
295
int ok = verifyCallback_(0, &store);
299
if (err == TaoCrypt::SIG_OTHER_E) return err;
305
// Set the private key
306
int CertManager::SetPrivateKey(const x509& key)
308
privateKey_.allocate(key.get_length());
309
privateKey_.assign(key.get_buffer(), key.get_length());
312
if (x509* cert = list_.front()) {
313
TaoCrypt::Source source(cert->get_buffer(), cert->get_length());
314
TaoCrypt::CertDecoder cd(source, false);
316
if (int err = cd.GetError().What())
318
if (cd.GetKeyType() == TaoCrypt::RSAk)
319
keyType_ = rsa_sa_algo;
321
keyType_ = dsa_sa_algo;
327
// Store OpenSSL type peer's cert
328
void CertManager::setPeerX509(X509* x)
330
assert(peerX509_ == 0);
333
X509_NAME* issuer = x->GetIssuer();
334
X509_NAME* subject = x->GetSubject();
335
ASN1_STRING* before = x->GetBefore();
336
ASN1_STRING* after = x->GetAfter();
338
peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
339
subject->GetName(), subject->GetLength(), (const char*) before->data,
340
before->length, (const char*) after->data, after->length);
344
#if defined(USE_CML_LIB)
346
// Get the peer's certificate, extract and save public key
347
void CertManager::SetPeerKey()
349
// first cert is the peer's
350
x509* main = peerList_.front();
353
cert.num = main->get_length();
354
cert.data = main->set_buffer();
356
CML::Certificate cm(cert);
357
const CML::ASN::Cert& raw = cm.base();
358
CTIL::CSM_Buffer key = raw.pubKeyInfo.key;
361
opaque* key_buffer = reinterpret_cast<opaque*>(key.Get(sz));
362
peerPublicKey_.allocate(sz);
363
peerPublicKey_.assign(key_buffer, sz);
367
#endif // USE_CML_LIB