gadgets.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_GADGETS_H
10 #define SQUID_SSL_GADGETS_H
11 
12 #include "base/HardFun.h"
13 #include "security/forward.h"
14 #include "ssl/crtd_message.h"
15 
16 #if USE_OPENSSL
17 #include "compat/openssl.h"
18 #if HAVE_OPENSSL_ASN1_H
19 #include <openssl/asn1.h>
20 #endif
21 #if HAVE_OPENSSL_TXT_DB_H
22 #include <openssl/txt_db.h>
23 #endif
24 #if HAVE_OPENSSL_X509V3_H
25 #include <openssl/x509v3.h>
26 #endif
27 #endif
28 #include <string>
29 
30 namespace Ssl
31 {
38 #if !defined(SQUID_SSL_SIGN_HASH_IF_NONE)
39 #define SQUID_SSL_SIGN_HASH_IF_NONE "sha256"
40 #endif
41 
45 sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free);
46 typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> X509_STACK_Pointer;
47 
48 typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free>> BIGNUM_Pointer;
49 
50 typedef std::unique_ptr<BIO, HardFun<void, BIO*, &BIO_vfree>> BIO_Pointer;
51 
52 typedef std::unique_ptr<ASN1_INTEGER, HardFun<void, ASN1_INTEGER*, &ASN1_INTEGER_free>> ASN1_INT_Pointer;
53 
54 typedef std::unique_ptr<ASN1_OCTET_STRING, HardFun<void, ASN1_OCTET_STRING*, &ASN1_OCTET_STRING_free>> ASN1_OCTET_STRING_Pointer;
55 
56 typedef std::unique_ptr<TXT_DB, HardFun<void, TXT_DB*, &TXT_DB_free>> TXT_DB_Pointer;
57 
58 typedef std::unique_ptr<X509_NAME, HardFun<void, X509_NAME*, &X509_NAME_free>> X509_NAME_Pointer;
59 
60 typedef std::unique_ptr<RSA, HardFun<void, RSA*, &RSA_free>> RSA_Pointer;
61 
62 typedef std::unique_ptr<X509_REQ, HardFun<void, X509_REQ*, &X509_REQ_free>> X509_REQ_Pointer;
63 
64 typedef std::unique_ptr<AUTHORITY_KEYID, HardFun<void, AUTHORITY_KEYID*, &AUTHORITY_KEYID_free>> AUTHORITY_KEYID_Pointer;
65 
66 sk_dtor_wrapper(sk_GENERAL_NAME, STACK_OF(GENERAL_NAME) *, GENERAL_NAME_free);
67 typedef std::unique_ptr<STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper> GENERAL_NAME_STACK_Pointer;
68 
69 typedef std::unique_ptr<GENERAL_NAME, HardFun<void, GENERAL_NAME*, &GENERAL_NAME_free>> GENERAL_NAME_Pointer;
70 
71 typedef std::unique_ptr<X509_EXTENSION, HardFun<void, X509_EXTENSION*, &X509_EXTENSION_free>> X509_EXTENSION_Pointer;
72 
73 typedef std::unique_ptr<X509_STORE_CTX, HardFun<void, X509_STORE_CTX *, &X509_STORE_CTX_free>> X509_STORE_CTX_Pointer;
78 EVP_PKEY * createSslPrivateKey();
79 
84 bool writeCertAndPrivateKeyToMemory(Security::CertPointer const & cert, Security::PrivateKeyPointer const & pkey, std::string & bufferToWrite);
85 
90 bool appendCertToMemory(Security::CertPointer const & cert, std::string & bufferToWrite);
91 
96 bool readCertAndPrivateKeyFromMemory(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, char const * bufferToRead);
97 
102 bool readCertFromMemory(Security::CertPointer & cert, char const * bufferToRead);
103 
108 void ReadPrivateKeyFromFile(char const * keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
109 
114 bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename);
115 
121 
126 bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
127 
133 bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename);
134 
140 
145 bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey);
146 
152 
158 extern const char *CertSignAlgorithmStr[];
159 
164 inline const char *certSignAlgorithm(int sg)
165 {
166  if (sg >=0 && sg < Ssl::algSignEnd)
167  return Ssl::CertSignAlgorithmStr[sg];
168 
169  return NULL;
170 }
171 
177 {
178  for (int i = 0; i < algSignEnd && Ssl::CertSignAlgorithmStr[i] != NULL; i++)
179  if (strcmp(Ssl::CertSignAlgorithmStr[i], sg) == 0)
180  return (CertSignAlgorithm)i;
181 
182  return algSignEnd;
183 }
184 
190 
195 extern const char *CertAdaptAlgorithmStr[];
196 
201 inline const char *sslCertAdaptAlgoritm(int alg)
202 {
203  if (alg >=0 && alg < Ssl::algSetEnd)
204  return Ssl::CertAdaptAlgorithmStr[alg];
205 
206  return NULL;
207 }
208 
214 {
215 public:
219  Security::PrivateKeyPointer signWithPkey;
223  std::string commonName;
225  const EVP_MD *signHash;
226 private:
229 };
230 
233 std::string & OnDiskCertificateDbKey(const CertificateProperties &);
234 
242 bool generateSslCertificate(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, CertificateProperties const &properties);
243 
249 bool sslDateIsInTheFuture(char const * date);
250 
257 bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties);
258 
264 const char *CommonHostName(X509 *x509);
265 
271 const char *getOrganization(X509 *x509);
272 
275 bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2);
276 
279 const ASN1_BIT_STRING *X509_get_signature(const Security::CertPointer &);
280 
281 } // namespace Ssl
282 #endif // SQUID_SSL_GADGETS_H
283 
bool appendCertToMemory(Security::CertPointer const &cert, std::string &bufferToWrite)
Definition: gadgets.cc:92
std::unique_ptr< ASN1_INTEGER, HardFun< void, ASN1_INTEGER *, &ASN1_INTEGER_free > > ASN1_INT_Pointer
Definition: gadgets.h:52
CertSignAlgorithm
Definition: gadgets.h:151
Security::CertPointer mimicCert
Certificate to mimic.
Definition: gadgets.h:217
const char * CommonHostName(X509 *x509)
Definition: gadgets.cc:905
Security::CertPointer signWithX509
Certificate to sign the generated request.
Definition: gadgets.h:218
const EVP_MD * signHash
The signing hash to use.
Definition: gadgets.h:225
std::unique_ptr< AUTHORITY_KEYID, HardFun< void, AUTHORITY_KEYID *, &AUTHORITY_KEYID_free > > AUTHORITY_KEYID_Pointer
Definition: gadgets.h:64
std::unique_ptr< STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper > GENERAL_NAME_STACK_Pointer
Definition: gadgets.h:67
std::unique_ptr< BIO, HardFun< void, BIO *, &BIO_vfree > > BIO_Pointer
Definition: gadgets.h:50
std::unique_ptr< X509_NAME, HardFun< void, X509_NAME *, &X509_NAME_free > > X509_NAME_Pointer
Definition: gadgets.h:58
const char * sslCertAdaptAlgoritm(int alg)
Definition: gadgets.h:201
std::unique_ptr< ASN1_OCTET_STRING, HardFun< void, ASN1_OCTET_STRING *, &ASN1_OCTET_STRING_free > > ASN1_OCTET_STRING_Pointer
Definition: gadgets.h:54
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
Definition: gadgets.h:46
const char * certSignAlgorithm(int sg)
Definition: gadgets.h:164
bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:710
bool ReadX509Certificate(BIO_Pointer &bio, Security::CertPointer &cert)
Definition: gadgets.cc:699
bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties)
Definition: gadgets.cc:814
bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2)
Definition: gadgets.cc:916
bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer &cert)
Definition: gadgets.cc:743
const ASN1_BIT_STRING * X509_get_signature(const Security::CertPointer &)
Definition: gadgets.cc:941
const char * CertAdaptAlgorithmStr[]
Definition: gadgets.cc:202
std::unique_ptr< GENERAL_NAME, HardFun< void, GENERAL_NAME *, &GENERAL_NAME_free > > GENERAL_NAME_Pointer
Definition: gadgets.h:69
bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:688
CertAdaptAlgorithm
Definition: gadgets.h:189
#define NULL
Definition: types.h:166
@ algSignTrusted
Definition: gadgets.h:151
std::unique_ptr< X509_EXTENSION, HardFun< void, X509_EXTENSION *, &X509_EXTENSION_free > > X509_EXTENSION_Pointer
Definition: gadgets.h:71
@ algSignEnd
Definition: gadgets.h:151
bool generateSslCertificate(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
Definition: gadgets.cc:677
CertificateProperties(CertificateProperties &)
Definition: Xaction.cc:49
CertificateProperties & operator=(CertificateProperties const &)
const char * getOrganization(X509 *x509)
Definition: gadgets.cc:910
EVP_PKEY * createSslPrivateKey()
Definition: gadgets.cc:12
const char * CertSignAlgorithmStr[]
Definition: gadgets.cc:195
@ algSetValidAfter
Definition: gadgets.h:189
bool setValidBefore
Do not mimic "Not Valid Before" field.
Definition: gadgets.h:221
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:56
@ algSetCommonName
Definition: gadgets.h:189
@ algSignSelf
Definition: gadgets.h:151
Security::PrivateKeyPointer signWithPkey
The key of the signing certificate.
Definition: gadgets.h:219
void ReadPrivateKeyFromFile(char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:721
bool readCertFromMemory(Security::CertPointer &cert, char const *bufferToRead)
Definition: gadgets.cc:134
@ algSignUntrusted
Definition: gadgets.h:151
bool sslDateIsInTheFuture(char const *date)
Definition: gadgets.cc:762
@ algSetValidBefore
Definition: gadgets.h:189
std::unique_ptr< X509_REQ, HardFun< void, X509_REQ *, &X509_REQ_free > > X509_REQ_Pointer
Definition: gadgets.h:62
std::string commonName
A CN to use for the generated certificate.
Definition: gadgets.h:223
sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free)
bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:732
std::unique_ptr< X509_STORE_CTX, HardFun< void, X509_STORE_CTX *, &X509_STORE_CTX_free > > X509_STORE_CTX_Pointer
Definition: gadgets.h:73
bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
Definition: gadgets.cc:753
@ algSetEnd
Definition: gadgets.h:189
CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: gadgets.h:224
CertSignAlgorithm certSignAlgorithmId(const char *sg)
Definition: gadgets.h:176
bool setValidAfter
Do not mimic "Not Valid After" field.
Definition: gadgets.h:220
std::unique_ptr< BIGNUM, HardFun< void, BIGNUM *, &BN_free > > BIGNUM_Pointer
Definition: gadgets.h:48
bool writeCertAndPrivateKeyToMemory(Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
Definition: gadgets.cc:68
std::string & OnDiskCertificateDbKey(const CertificateProperties &)
Definition: gadgets.cc:232
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
Definition: openssl.h:235
std::unique_ptr< RSA, HardFun< void, RSA *, &RSA_free > > RSA_Pointer
Definition: gadgets.h:60
bool setCommonName
Replace the CN field of the mimicking subject with the given.
Definition: gadgets.h:222
bool readCertAndPrivateKeyFromMemory(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
Definition: gadgets.cc:116

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors