gadgets.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_GADGETS_H
10 #define SQUID_SSL_GADGETS_H
11 
12 #if USE_OPENSSL
13 
14 #include "base/HardFun.h"
15 #include "compat/openssl.h"
16 #include "security/forward.h"
17 #include "ssl/crtd_message.h"
18 
19 #include <string>
20 
21 #if HAVE_OPENSSL_ASN1_H
22 #include <openssl/asn1.h>
23 #endif
24 #if HAVE_OPENSSL_TXT_DB_H
25 #include <openssl/txt_db.h>
26 #endif
27 #if HAVE_OPENSSL_X509V3_H
28 #include <openssl/x509v3.h>
29 #endif
30 
31 namespace Ssl
32 {
39 #if !defined(SQUID_SSL_SIGN_HASH_IF_NONE)
40 #define SQUID_SSL_SIGN_HASH_IF_NONE "sha256"
41 #endif
42 
46 sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free);
47 typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> X509_STACK_Pointer;
48 
49 typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free>> BIGNUM_Pointer;
50 
51 typedef std::unique_ptr<BIO, HardFun<void, BIO*, &BIO_vfree>> BIO_Pointer;
52 
53 typedef std::unique_ptr<ASN1_INTEGER, HardFun<void, ASN1_INTEGER*, &ASN1_INTEGER_free>> ASN1_INT_Pointer;
54 
55 typedef std::unique_ptr<ASN1_OCTET_STRING, HardFun<void, ASN1_OCTET_STRING*, &ASN1_OCTET_STRING_free>> ASN1_OCTET_STRING_Pointer;
56 
57 typedef std::unique_ptr<TXT_DB, HardFun<void, TXT_DB*, &TXT_DB_free>> TXT_DB_Pointer;
58 
59 typedef std::unique_ptr<X509_NAME, HardFun<void, X509_NAME*, &X509_NAME_free>> X509_NAME_Pointer;
60 
61 typedef std::unique_ptr<RSA, HardFun<void, RSA*, &RSA_free>> RSA_Pointer;
62 
63 typedef std::unique_ptr<X509_REQ, HardFun<void, X509_REQ*, &X509_REQ_free>> X509_REQ_Pointer;
64 
65 typedef std::unique_ptr<AUTHORITY_KEYID, HardFun<void, AUTHORITY_KEYID*, &AUTHORITY_KEYID_free>> AUTHORITY_KEYID_Pointer;
66 
67 sk_dtor_wrapper(sk_GENERAL_NAME, STACK_OF(GENERAL_NAME) *, GENERAL_NAME_free);
68 typedef std::unique_ptr<STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper> GENERAL_NAME_STACK_Pointer;
69 
70 typedef std::unique_ptr<GENERAL_NAME, HardFun<void, GENERAL_NAME*, &GENERAL_NAME_free>> GENERAL_NAME_Pointer;
71 
72 typedef std::unique_ptr<X509_EXTENSION, HardFun<void, X509_EXTENSION*, &X509_EXTENSION_free>> X509_EXTENSION_Pointer;
73 
74 typedef std::unique_ptr<X509_STORE_CTX, HardFun<void, X509_STORE_CTX *, &X509_STORE_CTX_free>> X509_STORE_CTX_Pointer;
75 
76 // not using CtoCpp1() here because OpenSSL_free() takes void* rather than char*
77 inline void OPENSSL_free_for_c_strings(char * const string) { OPENSSL_free(string); }
78 using UniqueCString = std::unique_ptr<char, HardFun<void, char *, &OPENSSL_free_for_c_strings> >;
79 
81 void ForgetErrors();
82 
87 std::ostream &ReportAndForgetErrors(std::ostream &);
88 
93 EVP_PKEY * createSslPrivateKey();
94 
99 bool writeCertAndPrivateKeyToMemory(Security::CertPointer const & cert, Security::PrivateKeyPointer const & pkey, std::string & bufferToWrite);
100 
105 bool appendCertToMemory(Security::CertPointer const & cert, std::string & bufferToWrite);
106 
111 bool readCertAndPrivateKeyFromMemory(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, char const * bufferToRead);
112 
115 BIO_Pointer ReadOnlyBioTiedTo(const char *);
116 
121 void ReadPrivateKeyFromFile(char const * keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
122 
127 bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename);
128 
132 
136 
141 bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
142 
148 bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename);
149 
155 
160 bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey);
161 
163 UniqueCString OneLineSummary(X509_NAME &);
164 
170 
176 extern const char *CertSignAlgorithmStr[];
177 
182 inline const char *certSignAlgorithm(int sg)
183 {
184  if (sg >=0 && sg < Ssl::algSignEnd)
185  return Ssl::CertSignAlgorithmStr[sg];
186 
187  return NULL;
188 }
189 
195 {
196  for (int i = 0; i < algSignEnd && Ssl::CertSignAlgorithmStr[i] != NULL; i++)
197  if (strcmp(Ssl::CertSignAlgorithmStr[i], sg) == 0)
198  return (CertSignAlgorithm)i;
199 
200  return algSignEnd;
201 }
202 
208 
213 extern const char *CertAdaptAlgorithmStr[];
214 
219 inline const char *sslCertAdaptAlgoritm(int alg)
220 {
221  if (alg >=0 && alg < Ssl::algSetEnd)
222  return Ssl::CertAdaptAlgorithmStr[alg];
223 
224  return NULL;
225 }
226 
232 {
233 public:
237  Security::PrivateKeyPointer signWithPkey;
241  std::string commonName;
243  const EVP_MD *signHash;
244 private:
247 };
248 
251 std::string & OnDiskCertificateDbKey(const CertificateProperties &);
252 
260 bool generateSslCertificate(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, CertificateProperties const &properties);
261 
267 bool sslDateIsInTheFuture(char const * date);
268 
275 bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties);
276 
282 const char *CommonHostName(X509 *x509);
283 
289 const char *getOrganization(X509 *x509);
290 
293 bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2);
294 
297 const ASN1_BIT_STRING *X509_get_signature(const Security::CertPointer &);
298 
299 } // namespace Ssl
300 
301 #endif // USE_OPENSSL
302 #endif // SQUID_SSL_GADGETS_H
303 
Security::PrivateKeyPointer signWithPkey
The key of the signing certificate.
Definition: gadgets.h:237
Security::CertPointer signWithX509
Certificate to sign the generated request.
Definition: gadgets.h:236
CertificateProperties & operator=(CertificateProperties const &)
bool setCommonName
Replace the CN field of the mimicking subject with the given.
Definition: gadgets.h:240
CertificateProperties(CertificateProperties &)
bool setValidAfter
Do not mimic "Not Valid After" field.
Definition: gadgets.h:238
CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: gadgets.h:242
bool setValidBefore
Do not mimic "Not Valid Before" field.
Definition: gadgets.h:239
Security::CertPointer mimicCert
Certificate to mimic.
Definition: gadgets.h:235
const EVP_MD * signHash
The signing hash to use.
Definition: gadgets.h:243
std::string commonName
A CN to use for the generated certificate.
Definition: gadgets.h:241
const char * getOrganization(X509 *x509)
Definition: gadgets.cc:982
const char * CommonHostName(X509 *x509)
Definition: gadgets.cc:977
bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2)
Definition: gadgets.cc:988
void ReadPrivateKeyFromFile(char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:787
bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:776
bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:798
bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
Definition: gadgets.cc:819
CertSignAlgorithm certSignAlgorithmId(const char *sg)
Definition: gadgets.h:194
bool appendCertToMemory(Security::CertPointer const &cert, std::string &bufferToWrite)
Definition: gadgets.cc:128
bool sslDateIsInTheFuture(char const *date)
Definition: gadgets.cc:834
bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:730
std::string & OnDiskCertificateDbKey(const CertificateProperties &)
Definition: gadgets.cc:274
bool generateSslCertificate(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
Definition: gadgets.cc:719
CertAdaptAlgorithm
Definition: gadgets.h:207
CertSignAlgorithm
Definition: gadgets.h:169
bool writeCertAndPrivateKeyToMemory(Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
Definition: gadgets.cc:104
bool readCertAndPrivateKeyFromMemory(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
Definition: gadgets.cc:152
bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties)
Definition: gadgets.cc:886
const char * sslCertAdaptAlgoritm(int alg)
Definition: gadgets.h:219
EVP_PKEY * createSslPrivateKey()
Definition: gadgets.cc:51
bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer &cert)
Definition: gadgets.cc:809
const char * CertAdaptAlgorithmStr[]
Definition: gadgets.cc:244
const char * CertSignAlgorithmStr[]
Definition: gadgets.cc:237
const char * certSignAlgorithm(int sg)
Definition: gadgets.h:182
@ algSetValidAfter
Definition: gadgets.h:207
@ algSetCommonName
Definition: gadgets.h:207
@ algSetEnd
Definition: gadgets.h:207
@ algSetValidBefore
Definition: gadgets.h:207
@ algSignEnd
Definition: gadgets.h:169
@ algSignTrusted
Definition: gadgets.h:169
@ algSignUntrusted
Definition: gadgets.h:169
@ algSignSelf
Definition: gadgets.h:169
Definition: Xaction.cc:48
std::unique_ptr< GENERAL_NAME, HardFun< void, GENERAL_NAME *, &GENERAL_NAME_free > > GENERAL_NAME_Pointer
Definition: gadgets.h:70
std::unique_ptr< BIO, HardFun< void, BIO *, &BIO_vfree > > BIO_Pointer
Definition: gadgets.h:51
std::unique_ptr< BIGNUM, HardFun< void, BIGNUM *, &BN_free > > BIGNUM_Pointer
Definition: gadgets.h:49
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:57
std::unique_ptr< X509_STORE_CTX, HardFun< void, X509_STORE_CTX *, &X509_STORE_CTX_free > > X509_STORE_CTX_Pointer
Definition: gadgets.h:74
std::unique_ptr< RSA, HardFun< void, RSA *, &RSA_free > > RSA_Pointer
Definition: gadgets.h:61
void OPENSSL_free_for_c_strings(char *const string)
Definition: gadgets.h:77
std::unique_ptr< ASN1_OCTET_STRING, HardFun< void, ASN1_OCTET_STRING *, &ASN1_OCTET_STRING_free > > ASN1_OCTET_STRING_Pointer
Definition: gadgets.h:55
std::ostream & ReportAndForgetErrors(std::ostream &)
Definition: gadgets.cc:34
Security::CertPointer ReadOptionalCertificate(const BIO_Pointer &)
Definition: gadgets.cc:741
const ASN1_BIT_STRING * X509_get_signature(const Security::CertPointer &)
Definition: gadgets.cc:1013
UniqueCString OneLineSummary(X509_NAME &)
a RAII wrapper for the memory-allocating flavor of X509_NAME_oneline()
Definition: gadgets.cc:829
Security::CertPointer ReadCertificate(const BIO_Pointer &)
Definition: gadgets.cc:766
std::unique_ptr< X509_REQ, HardFun< void, X509_REQ *, &X509_REQ_free > > X509_REQ_Pointer
Definition: gadgets.h:63
std::unique_ptr< STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper > GENERAL_NAME_STACK_Pointer
Definition: gadgets.h:68
BIO_Pointer ReadOnlyBioTiedTo(const char *)
Definition: gadgets.cc:177
std::unique_ptr< X509_NAME, HardFun< void, X509_NAME *, &X509_NAME_free > > X509_NAME_Pointer
Definition: gadgets.h:59
sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free)
std::unique_ptr< ASN1_INTEGER, HardFun< void, ASN1_INTEGER *, &ASN1_INTEGER_free > > ASN1_INT_Pointer
Definition: gadgets.h:53
std::unique_ptr< X509_EXTENSION, HardFun< void, X509_EXTENSION *, &X509_EXTENSION_free > > X509_EXTENSION_Pointer
Definition: gadgets.h:72
std::unique_ptr< char, HardFun< void, char *, &OPENSSL_free_for_c_strings > > UniqueCString
Definition: gadgets.h:78
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
Definition: gadgets.h:47
void ForgetErrors()
Clear any errors accumulated by OpenSSL in its global storage.
Definition: gadgets.cc:17
std::unique_ptr< AUTHORITY_KEYID, HardFun< void, AUTHORITY_KEYID *, &AUTHORITY_KEYID_free > > AUTHORITY_KEYID_Pointer
Definition: gadgets.h:65
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
Definition: openssl.h:237
#define NULL
Definition: types.h:166

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors