#include "squid.h"
#include "base/IoManip.h"
#include "error/SysErrorDetail.h"
#include "security/Io.h"
#include "sbuf/Stream.h"
#include "ssl/gadgets.h"

Go to the source code of this file.
Functions | |
static void | ThrowErrors (const char *const problem, const int savedErrno, const SourceLocation &where) |
static bool | setSerialNumber (ASN1_INTEGER *ai, BIGNUM const *serial) |
static bool | replaceCommonName (Security::CertPointer &cert, std::string const &rawCn) |
static void | printX509Signature (const Security::CertPointer &cert, std::string &out) |
static bool | mimicAuthorityKeyId (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert) |
static int | mimicExtensions (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert) |
static bool | addAltNameWithSubjectCn (Security::CertPointer &cert) |
static bool | buildCertificate (Security::CertPointer &cert, Ssl::CertificateProperties const &properties) |
static bool | generateFakeSslCertificate (Security::CertPointer &certToStore, Security::PrivateKeyPointer &pkeyToStore, Ssl::CertificateProperties const &properties, Ssl::BIGNUM_Pointer const &serial) |
static BIGNUM * | createCertSerial (unsigned char *md, unsigned int n) |
static BIGNUM * | x509Digest (Security::CertPointer const &cert) |
static BIGNUM * | x509Pubkeydigest (Security::CertPointer const &cert) |
static bool | createSerial (Ssl::BIGNUM_Pointer &serial, Ssl::CertificateProperties const &properties) |
static bool | asn1timeToGeneralizedTimeStr (ASN1_TIME *aTime, char *buf, int bufLen) |
Print the time represented by a ASN1_TIME struct to a string using GeneralizedTime format. More... | |
static int | asn1time_cmp (ASN1_TIME *asnTime1, ASN1_TIME *asnTime2) |
static const char * | getSubjectEntry (X509 *x509, int nid) |
Variables | |
static const size_t | MaxCnLen = 64 |
Function Documentation
◆ addAltNameWithSubjectCn()
|
static |
Adds a new subjectAltName extension contining Subject CN or returns false expects the caller to check for the existing subjectAltName extension
Definition at line 477 of file gadgets.cc.
References Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.
Referenced by buildCertificate().
◆ asn1time_cmp()
|
static |
Definition at line 875 of file gadgets.cc.
References asn1timeToGeneralizedTimeStr().
Referenced by Ssl::certificateMatchesProperties().
◆ asn1timeToGeneralizedTimeStr()
|
static |
Definition at line 846 of file gadgets.cc.
Referenced by asn1time_cmp().
◆ buildCertificate()
|
static |
Definition at line 506 of file gadgets.cc.
References addAltNameWithSubjectCn(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, mimicExtensions(), NULL, replaceCommonName(), Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signWithX509, X509_getm_notAfter, X509_getm_notBefore, X509_set1_notAfter, and X509_set1_notBefore.
Referenced by generateFakeSslCertificate().
◆ createCertSerial()
|
static |
Definition at line 642 of file gadgets.cc.
Referenced by x509Digest(), and x509Pubkeydigest().
◆ createSerial()
|
static |
Generate a unique serial number based on a Ssl::CertificateProperties object for a new generated certificate
Definition at line 695 of file gadgets.cc.
References generateFakeSslCertificate(), Security::LockingPointer< T, UnLocker, Locker >::reset(), Ssl::CertificateProperties::signWithX509, x509Digest(), and x509Pubkeydigest().
Referenced by Ssl::generateSslCertificate().
◆ generateFakeSslCertificate()
|
static |
Definition at line 591 of file gadgets.cc.
References Ssl::algSignSelf, assert, buildCertificate(), Ssl::createSslPrivateKey(), Security::LockingPointer< T, UnLocker, Locker >::get(), hash, setSerialNumber(), Ssl::CertificateProperties::signAlgorithm, Ssl::CertificateProperties::signHash, Ssl::CertificateProperties::signWithPkey, Ssl::CertificateProperties::signWithX509, and SQUID_SSL_SIGN_HASH_IF_NONE.
Referenced by createSerial(), and Ssl::generateSslCertificate().
◆ getSubjectEntry()
|
static |
Definition at line 959 of file gadgets.cc.
References NULL.
Referenced by Ssl::CommonHostName(), and Ssl::getOrganization().
◆ mimicAuthorityKeyId()
|
static |
Check if mimicCert certificate has the Authority Key Identifier extension and if yes add the extension to cert certificate with the same fields if possible. If the issuerCert certificate does not have the Subject Key Identifier extension (required to build the keyIdentifier field of AuthorityKeyIdentifier) then the authorityCertIssuer and authorityCertSerialNumber fields added.
issuer name and issuer serial
Definition at line 318 of file gadgets.cc.
References Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.
Referenced by mimicExtensions().
◆ mimicExtensions()
|
static |
Copy certificate extensions from cert to mimicCert. Returns the number of extensions copied.
Definition at line 399 of file gadgets.cc.
References assert, EVP_PKEY_get0_RSA(), Security::LockingPointer< T, UnLocker, Locker >::get(), mimicAuthorityKeyId(), and NULL.
Referenced by buildCertificate().
◆ printX509Signature()
|
static |
Definition at line 260 of file gadgets.cc.
References Ssl::X509_get_signature().
Referenced by Ssl::OnDiskCertificateDbKey().
◆ replaceCommonName()
|
static |
Definition at line 194 of file gadgets.cc.
References Security::LockingPointer< T, UnLocker, Locker >::get(), and MaxCnLen.
Referenced by buildCertificate().
◆ ThrowErrors()
|
static |
Definition at line 43 of file gadgets.cc.
References Ssl::ReportAndForgetErrors(), and ToSBuf().
Referenced by Ssl::ReadOnlyBioTiedTo(), and Ssl::ReadOptionalCertificate().
◆ x509Digest()
|
static |
Return the SHA1 digest of the DER encoded version of the certificate stored in a BIGNUM
Definition at line 671 of file gadgets.cc.
References createCertSerial(), Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.
Referenced by createSerial().
◆ x509Pubkeydigest()
|
static |
Definition at line 682 of file gadgets.cc.
References createCertSerial(), Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.
Referenced by createSerial().
Variable Documentation
◆ MaxCnLen
|
static |
Definition at line 191 of file gadgets.cc.
Referenced by replaceCommonName().