#include "squid.h"
#include "base/IoManip.h"
#include "error/SysErrorDetail.h"
#include "security/Io.h"
#include "sbuf/Stream.h"
#include "ssl/gadgets.h"

Include dependency graph for gadgets.cc:

Functions
static void	ThrowErrors (const char *const problem, const int savedErrno, const SourceLocation &where)

static bool	setSerialNumber (ASN1_INTEGER ai, BIGNUM const serial)

static bool	replaceCommonName (Security::CertPointer &cert, std::string const &rawCn)

static void	printX509Signature (const Security::CertPointer &cert, std::string &out)

static bool	mimicAuthorityKeyId (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert)

static int	mimicExtensions (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert)

static bool	addAltNameWithSubjectCn (Security::CertPointer &cert)

static bool	buildCertificate (Security::CertPointer &cert, Ssl::CertificateProperties const &properties)

static bool	generateFakeSslCertificate (Security::CertPointer &certToStore, Security::PrivateKeyPointer &pkeyToStore, Ssl::CertificateProperties const &properties, Ssl::BIGNUM_Pointer const &serial)

static BIGNUM *	createCertSerial (unsigned char *md, unsigned int n)

static BIGNUM *	x509Digest (Security::CertPointer const &cert)

static BIGNUM *	x509Pubkeydigest (Security::CertPointer const &cert)

static bool	createSerial (Ssl::BIGNUM_Pointer &serial, Ssl::CertificateProperties const &properties)

static bool	asn1timeToGeneralizedTimeStr (ASN1_TIME aTime, char buf, int bufLen)
	Print the time represented by a ASN1_TIME struct to a string using GeneralizedTime format. More...

static int	asn1time_cmp (ASN1_TIME asnTime1, ASN1_TIME asnTime2)

static const char *	getSubjectEntry (X509 *x509, int nid)

Variables
static const size_t	MaxCnLen = 64

Function Documentation

◆ addAltNameWithSubjectCn()

static bool addAltNameWithSubjectCn ( Security::CertPointer & cert )

static

Adds a new subjectAltName extension contining Subject CN or returns false expects the caller to check for the existing subjectAltName extension

Definition at line 477 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.

Referenced by buildCertificate().

◆ asn1time_cmp()

static int asn1time_cmp	(	ASN1_TIME *	asnTime1,
		ASN1_TIME *	asnTime2
	)

static

Definition at line 875 of file gadgets.cc.

References asn1timeToGeneralizedTimeStr().

Referenced by Ssl::certificateMatchesProperties().

◆ asn1timeToGeneralizedTimeStr()

static bool asn1timeToGeneralizedTimeStr	(	ASN1_TIME *	aTime,
		char *	buf,
		int	bufLen
	)

static

Definition at line 846 of file gadgets.cc.

Referenced by asn1time_cmp().

◆ buildCertificate()

static bool buildCertificate	(	Security::CertPointer &	cert,
		Ssl::CertificateProperties const &	properties
	)

static

Definition at line 506 of file gadgets.cc.

References addAltNameWithSubjectCn(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, mimicExtensions(), NULL, replaceCommonName(), Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signWithX509, X509_getm_notAfter, X509_getm_notBefore, X509_set1_notAfter, and X509_set1_notBefore.

Referenced by generateFakeSslCertificate().

◆ createCertSerial()

static BIGNUM* createCertSerial	(	unsigned char *	md,
		unsigned int	n
	)

static

Definition at line 642 of file gadgets.cc.

References assert, and NULL.

Referenced by x509Digest(), and x509Pubkeydigest().

◆ createSerial()

static bool createSerial	(	Ssl::BIGNUM_Pointer &	serial,
		Ssl::CertificateProperties const &	properties
	)

static

Generate a unique serial number based on a Ssl::CertificateProperties object for a new generated certificate

Definition at line 695 of file gadgets.cc.

References generateFakeSslCertificate(), Security::LockingPointer< T, UnLocker, Locker >::reset(), Ssl::CertificateProperties::signWithX509, x509Digest(), and x509Pubkeydigest().

Referenced by Ssl::generateSslCertificate().

◆ generateFakeSslCertificate()

static bool generateFakeSslCertificate	(	Security::CertPointer &	certToStore,
		Security::PrivateKeyPointer &	pkeyToStore,
		Ssl::CertificateProperties const &	properties,
		Ssl::BIGNUM_Pointer const &	serial
	)

static

Definition at line 591 of file gadgets.cc.

References Ssl::algSignSelf, assert, buildCertificate(), Ssl::createSslPrivateKey(), Security::LockingPointer< T, UnLocker, Locker >::get(), hash, setSerialNumber(), Ssl::CertificateProperties::signAlgorithm, Ssl::CertificateProperties::signHash, Ssl::CertificateProperties::signWithPkey, Ssl::CertificateProperties::signWithX509, and SQUID_SSL_SIGN_HASH_IF_NONE.

Referenced by createSerial(), and Ssl::generateSslCertificate().

◆ getSubjectEntry()

static const char* getSubjectEntry	(	X509 *	x509,
		int	nid
	)

static

Definition at line 959 of file gadgets.cc.

References NULL.

Referenced by Ssl::CommonHostName(), and Ssl::getOrganization().

◆ mimicAuthorityKeyId()

static bool mimicAuthorityKeyId	(	Security::CertPointer &	cert,
		Security::CertPointer const &	mimicCert,
		Security::CertPointer const &	issuerCert
	)

static

Check if mimicCert certificate has the Authority Key Identifier extension and if yes add the extension to cert certificate with the same fields if possible. If the issuerCert certificate does not have the Subject Key Identifier extension (required to build the keyIdentifier field of AuthorityKeyIdentifier) then the authorityCertIssuer and authorityCertSerialNumber fields added.

issuer name and issuer serial

Definition at line 318 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.

Referenced by mimicExtensions().