gadgets.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_GADGETS_H
10 #define SQUID_SSL_GADGETS_H
11 
12 #include "base/HardFun.h"
13 #include "security/forward.h"
14 #include "ssl/crtd_message.h"
15 
16 #if HAVE_OPENSSL_TXT_DB_H
17 #include <openssl/txt_db.h>
18 #endif
19 #if HAVE_OPENSSL_X509V3_H
20 #include <openssl/x509v3.h>
21 #endif
22 #include <string>
23 
24 namespace Ssl
25 {
32 #if SQUID_USE_CONST_SSL_METHOD
33 typedef const SSL_METHOD * ContextMethod;
34 #else
35 typedef SSL_METHOD * ContextMethod;
36 #endif
37 
38 #if !defined(SQUID_SSL_SIGN_HASH_IF_NONE)
39 #define SQUID_SSL_SIGN_HASH_IF_NONE "sha256"
40 #endif
41 
45 sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free);
46 typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> X509_STACK_Pointer;
47 
48 typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free>> BIGNUM_Pointer;
49 
50 typedef std::unique_ptr<BIO, HardFun<void, BIO*, &BIO_vfree>> BIO_Pointer;
51 
52 typedef std::unique_ptr<ASN1_INTEGER, HardFun<void, ASN1_INTEGER*, &ASN1_INTEGER_free>> ASN1_INT_Pointer;
53 
54 typedef std::unique_ptr<ASN1_OCTET_STRING, HardFun<void, ASN1_OCTET_STRING*, &ASN1_OCTET_STRING_free>> ASN1_OCTET_STRING_Pointer;
55 
56 typedef std::unique_ptr<TXT_DB, HardFun<void, TXT_DB*, &TXT_DB_free>> TXT_DB_Pointer;
57 
58 typedef std::unique_ptr<X509_NAME, HardFun<void, X509_NAME*, &X509_NAME_free>> X509_NAME_Pointer;
59 
60 typedef std::unique_ptr<RSA, HardFun<void, RSA*, &RSA_free>> RSA_Pointer;
61 
62 typedef std::unique_ptr<X509_REQ, HardFun<void, X509_REQ*, &X509_REQ_free>> X509_REQ_Pointer;
63 
64 typedef std::unique_ptr<AUTHORITY_KEYID, HardFun<void, AUTHORITY_KEYID*, &AUTHORITY_KEYID_free>> AUTHORITY_KEYID_Pointer;
65 
66 sk_dtor_wrapper(sk_GENERAL_NAME, STACK_OF(GENERAL_NAME) *, GENERAL_NAME_free);
67 typedef std::unique_ptr<STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper> GENERAL_NAME_STACK_Pointer;
68 
69 typedef std::unique_ptr<GENERAL_NAME, HardFun<void, GENERAL_NAME*, &GENERAL_NAME_free>> GENERAL_NAME_Pointer;
70 
71 typedef std::unique_ptr<X509_EXTENSION, HardFun<void, X509_EXTENSION*, &X509_EXTENSION_free>> X509_EXTENSION_Pointer;
72 
77 EVP_PKEY * createSslPrivateKey();
78 
83 bool writeCertAndPrivateKeyToMemory(Security::CertPointer const & cert, Security::PrivateKeyPointer const & pkey, std::string & bufferToWrite);
84 
89 bool appendCertToMemory(Security::CertPointer const & cert, std::string & bufferToWrite);
90 
95 bool readCertAndPrivateKeyFromMemory(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, char const * bufferToRead);
96 
101 bool readCertFromMemory(Security::CertPointer & cert, char const * bufferToRead);
102 
107 void ReadPrivateKeyFromFile(char const * keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
108 
113 bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename);
114 
119 bool ReadX509Certificate(BIO_Pointer &bio, Security::CertPointer & cert);
120 
125 bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
126 
132 bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename);
133 
138 bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer & cert);
139 
144 bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey);
145 
151 
157 extern const char *CertSignAlgorithmStr[];
158 
163 inline const char *certSignAlgorithm(int sg)
164 {
165  if (sg >=0 && sg < Ssl::algSignEnd)
166  return Ssl::CertSignAlgorithmStr[sg];
167 
168  return NULL;
169 }
170 
176 {
177  for (int i = 0; i < algSignEnd && Ssl::CertSignAlgorithmStr[i] != NULL; i++)
178  if (strcmp(Ssl::CertSignAlgorithmStr[i], sg) == 0)
179  return (CertSignAlgorithm)i;
180 
181  return algSignEnd;
182 }
183 
189 
194 extern const char *CertAdaptAlgorithmStr[];
195 
200 inline const char *sslCertAdaptAlgoritm(int alg)
201 {
202  if (alg >=0 && alg < Ssl::algSetEnd)
203  return Ssl::CertAdaptAlgorithmStr[alg];
204 
205  return NULL;
206 }
207 
213 {
214 public:
216  Security::CertPointer mimicCert;
217  Security::CertPointer signWithX509;
218  Security::PrivateKeyPointer signWithPkey;
222  std::string commonName;
224  const EVP_MD *signHash;
225 private:
228 };
229 
232 std::string & OnDiskCertificateDbKey(const CertificateProperties &);
233 
241 bool generateSslCertificate(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, CertificateProperties const &properties);
242 
248 bool sslDateIsInTheFuture(char const * date);
249 
256 bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties);
257 
263 const char *CommonHostName(X509 *x509);
264 
270 const char *getOrganization(X509 *x509);
271 
274 bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2);
275 
278 const ASN1_BIT_STRING *X509_get_signature(const Security::CertPointer &);
279 
280 } // namespace Ssl
281 #endif // SQUID_SSL_GADGETS_H
282 
std::unique_ptr< X509_REQ, HardFun< void, X509_REQ *,&X509_REQ_free > > X509_REQ_Pointer
Definition: gadgets.h:62
bool setCommonName
Replace the CN field of the mimicing subject with the given.
Definition: gadgets.h:221
bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties)
Definition: gadgets.cc:822
bool sslDateIsInTheFuture(char const *date)
Definition: gadgets.cc:770
const char * CertSignAlgorithmStr[]
Definition: gadgets.cc:200
bool setValidAfter
Do not mimic "Not Valid After" field.
Definition: gadgets.h:219
bool setValidBefore
Do not mimic "Not Valid Before" field.
Definition: gadgets.h:220
bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:696
bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
Definition: gadgets.cc:761
int i
Definition: membanger.c:49
bool ReadX509Certificate(BIO_Pointer &bio, Security::CertPointer &cert)
Definition: gadgets.cc:707
EVP_PKEY * createSslPrivateKey()
Definition: gadgets.cc:17
std::string commonName
A CN to use for the generated certificate.
Definition: gadgets.h:222
const char * CertAdaptAlgorithmStr[]
Definition: gadgets.cc:207
std::unique_ptr< BIGNUM, HardFun< void, BIGNUM *,&BN_free > > BIGNUM_Pointer
Definition: gadgets.h:48
bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:740
bool generateSslCertificate(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
Definition: gadgets.cc:685
CertAdaptAlgorithm
Definition: gadgets.h:188
std::unique_ptr< STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper > GENERAL_NAME_STACK_Pointer
Definition: gadgets.h:67
Security::PrivateKeyPointer signWithPkey
The key of the signing certificate.
Definition: gadgets.h:218
std::unique_ptr< ASN1_OCTET_STRING, HardFun< void, ASN1_OCTET_STRING *,&ASN1_OCTET_STRING_free > > ASN1_OCTET_STRING_Pointer
Definition: gadgets.h:54
Security::CertPointer mimicCert
Certificate to mimic.
Definition: gadgets.h:216
const char * certSignAlgorithm(int sg)
Definition: gadgets.h:163
const char * CommonHostName(X509 *x509)
Definition: gadgets.cc:913
CertSignAlgorithm
Definition: gadgets.h:150
bool appendCertToMemory(Security::CertPointer const &cert, std::string &bufferToWrite)
Definition: gadgets.cc:97
SSL_METHOD * ContextMethod
Definition: gadgets.h:35
CertSignAlgorithm certSignAlgorithmId(const char *sg)
Definition: gadgets.h:175
std::string & OnDiskCertificateDbKey(const CertificateProperties &)
Definition: gadgets.cc:237
bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:718
std::unique_ptr< BIO, HardFun< void, BIO *,&BIO_vfree > > BIO_Pointer
Definition: gadgets.h:50
static STACK_OF(X509)*PeerValidationCertificatesChain(const Security
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
Definition: gadgets.h:46
bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer &cert)
Definition: gadgets.cc:751
CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: gadgets.h:223
std::unique_ptr< RSA, HardFun< void, RSA *,&RSA_free > > RSA_Pointer
Definition: gadgets.h:60
Security::CertPointer signWithX509
Certificate to sign the generated request.
Definition: gadgets.h:217
bool readCertFromMemory(Security::CertPointer &cert, char const *bufferToRead)
Definition: gadgets.cc:139
bool writeCertAndPrivateKeyToMemory(Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
Definition: gadgets.cc:73
CertificateProperties & operator=(CertificateProperties const &)
const char * getOrganization(X509 *x509)
Definition: gadgets.cc:918
void ReadPrivateKeyFromFile(char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:729
bool readCertAndPrivateKeyFromMemory(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
Definition: gadgets.cc:121
std::unique_ptr< ASN1_INTEGER, HardFun< void, ASN1_INTEGER *,&ASN1_INTEGER_free > > ASN1_INT_Pointer
Definition: gadgets.h:52
const EVP_MD * signHash
The signing hash to use.
Definition: gadgets.h:224
sk_dtor_wrapper(sk_X509, STACK_OF(X509)*, X509_free)
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *,&TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:56
const char * sslCertAdaptAlgoritm(int alg)
Definition: gadgets.h:200
std::unique_ptr< AUTHORITY_KEYID, HardFun< void, AUTHORITY_KEYID *,&AUTHORITY_KEYID_free > > AUTHORITY_KEYID_Pointer
Definition: gadgets.h:64
std::unique_ptr< X509_EXTENSION, HardFun< void, X509_EXTENSION *,&X509_EXTENSION_free > > X509_EXTENSION_Pointer
Definition: gadgets.h:71
std::unique_ptr< X509_NAME, HardFun< void, X509_NAME *,&X509_NAME_free > > X509_NAME_Pointer
Definition: gadgets.h:58
std::unique_ptr< GENERAL_NAME, HardFun< void, GENERAL_NAME *,&GENERAL_NAME_free > > GENERAL_NAME_Pointer
Definition: gadgets.h:69
const ASN1_BIT_STRING * X509_get_signature(const Security::CertPointer &)
Definition: gadgets.cc:949
bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2)
Definition: gadgets.cc:924
#define NULL
Definition: types.h:166

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors