diff options
Diffstat (limited to 'eurephiadm/commands/certificates.c')
-rw-r--r-- | eurephiadm/commands/certificates.c | 164 |
1 files changed, 15 insertions, 149 deletions
diff --git a/eurephiadm/commands/certificates.c b/eurephiadm/commands/certificates.c index e91dfb4..40e24d1 100644 --- a/eurephiadm/commands/certificates.c +++ b/eurephiadm/commands/certificates.c @@ -29,13 +29,6 @@ #include <errno.h> #include <assert.h> -#ifdef HAVE_OPENSSL -#include <openssl/ssl.h> -#include <openssl/pkcs12.h> -#include <openssl/evp.h> -#include <openssl/err.h> -#endif - #ifdef HAVE_LIBXML2 #include <libxml/parser.h> #include <libxml/tree.h> @@ -52,10 +45,12 @@ #include <eurephia_admin_struct.h> #include <eurephiadb_mapping.h> #include <eurephiadb_driver.h> +#include <certinfo.h> #include "../argparser.h" #include "../get_console_input.h" #include "../field_print.h" +#include "../parse_certificate_files.h" void display_certs_help(int page) { printf("Help page not implemented yet\n"); @@ -82,56 +77,6 @@ int help_Certificates2(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES * return 0; } -#ifdef HAVE_OPENSSL -char *ExtractCertInfo(X509 *cert, const char *fieldname) { - unsigned char *buf = (unsigned char *)1; // Needs to be 1 to avoid OpenSSL 0.9.6b bug - char resbuf[2048]; - X509_NAME *name = NULL; - X509_NAME_ENTRY *namentry = NULL; - ASN1_STRING *asn1 = NULL; - int nid, tmp = -1, pos = -1; - - // - // Extract subject information - // - - memset(&resbuf, 0, 2048); - - nid = OBJ_txt2nid(fieldname); - name = X509_get_subject_name(cert); - - do { - pos = tmp; - tmp = X509_NAME_get_index_by_NID(name, nid, pos); - } while ( tmp > -1 ); - - if( pos == -1 ) { - fprintf(stderr, "%s: Field '%s' not found\n", MODULE, fieldname); - return NULL; - } - - if( !(namentry = X509_NAME_get_entry(name, pos)) ) { - fprintf(stderr, "%s: Failed to extract name entry from field '%s'\n", MODULE, fieldname); - return NULL; - } - - if( !(asn1 = X509_NAME_ENTRY_get_data(namentry)) ) { - fprintf(stderr, "%s: Failed to extract data from name entry field '%s'\n", MODULE, fieldname); - return NULL; - } - - if( ASN1_STRING_to_UTF8(&buf, asn1) <= 0 ) { - fprintf(stderr, "%s: Failed to convert ASN1 string to UTF-8 for '%s'\n", MODULE, fieldname); - return NULL; - } - - snprintf(resbuf, 2046, "%s", buf); - OPENSSL_free(buf); - - return strdup_nullsafe(resbuf); -} -#endif - #define SHOWCERTS_FIREWALL 0x001 #define SHOWCERTS_DIGEST 0x002 @@ -276,7 +221,7 @@ int add_cert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int a }; certfile = NULL; - certfile_format = 0; + certfile_format = CERTFILE_PEM; // Default file format when not specified for( i = 1; i < argc ; i++ ) { switch( eurephia_getopt(&i, argc, argv, addcertargs) ) { case 'd': // Certificate depth @@ -320,7 +265,7 @@ int add_cert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int a #ifdef HAVE_OPENSSL case 'p': // Certfile is in PKCS#12 format - certfile_format = 1; + certfile_format = CERTFILE_PKCS12; break; case 'f': // Load certificate info from a certificate file @@ -373,100 +318,22 @@ int add_cert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int a #ifdef HAVE_OPENSSL // If we have a certfile - open it and fetch the info we want if( certfile != NULL ) { - BIO *bio_err = NULL; - PKCS12 *p12 = NULL; - EVP_PKEY *pkey = NULL; - X509 *cert = NULL; - FILE *fp; - - /* Needed to convert X509 digest into hex string */ - unsigned char md_sha1[EVP_MAX_MD_SIZE]; - unsigned int mdlen; - - if( !bio_err ) { - SSL_library_init(); - SSL_load_error_strings(); - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - } - - // Open file - according to defined format - switch( certfile_format ) { - case 0: // PEM/DER format - fp = fopen(certfile, "r"); - if( !(cert = PEM_read_X509(fp, NULL, NULL, NULL)) ) { - fprintf(stderr, "%s: Failed to open certificate file\n", MODULE); - return 3; - } - fclose(fp); - break; - - case 1: // PKCS#12 format - fp = fopen(certfile, "r"); - p12 = d2i_PKCS12_fp(fp, NULL); - fclose(fp); - if( p12 == NULL ) { - fprintf(stderr, "%s: Could not open PKCS#12 file\n", MODULE); - return 3; - } - OpenSSL_add_all_ciphers(); - - // First, try without password - if( !PKCS12_parse(p12, "", &pkey, &cert, NULL) ) { - char pwd[130]; - - // If empty password failed, get password and try again - memset(&pwd, 0, 130); - if( get_console_input(pwd, 128, "PKCS12 password:", 1) < 0 ) { - fprintf(stderr, "Could not retrieve password\n"); - } - if( !PKCS12_parse(p12, pwd, &pkey, &cert, NULL) ) { - PKCS12_free(p12); p12 = NULL; - fprintf(stderr, - "%s: Could not open PKCS#12 file - wrong password\n", MODULE); - fprintf(stderr, - "%s: %s\n", MODULE, ERR_error_string(ERR_get_error(), NULL)); - BIO_free(bio_err); - return 3; - } - } - EVP_PKEY_free(pkey); pkey = NULL; - PKCS12_free(p12); p12 = NULL; - break; - - default: // Unknown - fprintf(stderr, "%s: Unknown certificate file format\n", MODULE); - return 1; + certinfo *ci = NULL; + if( (ci = Cert_ParseFile(certfile, certfile_format)) == NULL ) { + fprintf(stderr, "%s: Failed to parse certificate file\n", MODULE); + rc = 1; + goto exit; } + digest = strdup_nullsafe(ci->digest); + cname = strdup_nullsafe(ci->common_name); + org = strdup_nullsafe(ci->org); + email = strdup_nullsafe(ci->email); + free_certinfo(ci); ci = NULL; - - // extract SHA1 digest from certificate - digest = (char *) malloc(66); - memset(digest, 0, 66); - if (X509_digest(cert, EVP_sha1(), md_sha1, &mdlen) && mdlen > 0) { - static const char hexcodes[] = "0123456789ABCDEF"; - int j; - - for (j = 0; j < (int) mdlen; j++) { - digest[j * 3] = hexcodes[(md_sha1[j] & 0xf0) >> 4U]; - digest[(j * 3) + 1] = hexcodes[(md_sha1[j] & 0x0f)]; - if (j + 1 != (int) mdlen) { - digest[(j * 3) + 2] = ':'; - } else { - digest[(j * 3) + 2] = '\0'; - } - } - } - - // Extract the subject information we want - cname = ExtractCertInfo(cert, "CN"); - org = ExtractCertInfo(cert, "O"); - email = ExtractCertInfo(cert, "emailAddress"); - - X509_free(cert); - BIO_free(bio_err); } #endif rc = register_certificate(ctx, depth, digest, cname, org, email); + exit: free_nullsafe(digest); free_nullsafe(cname); free_nullsafe(org); @@ -669,4 +536,3 @@ int cmd_Certificates(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf return rc; } - |