summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2015-05-08 09:02:26 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-06-19 18:48:13 +0200
commitbf01e8179cbb2be476805340636098deda7e1366 (patch)
tree690f199f9595215f8fc807389fa9a782a6d59cce
parente22e04517b9f9d0c7759dc4768eedfd05908e9b6 (diff)
downloadsssd-bf01e8179cbb2be476805340636098deda7e1366.tar.gz
sssd-bf01e8179cbb2be476805340636098deda7e1366.tar.xz
sssd-bf01e8179cbb2be476805340636098deda7e1366.zip
certs: add PEM/DER conversion utilities
Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r--Makefile.am38
-rw-r--r--configure.ac5
-rw-r--r--contrib/ci/deps.sh1
-rw-r--r--contrib/sssd.spec.in2
-rw-r--r--src/tests/cmocka/test_cert_utils.c361
-rw-r--r--src/util/cert.h47
-rw-r--r--src/util/cert/cert_common.c154
-rw-r--r--src/util/cert/libcrypto/cert.c168
8 files changed, 773 insertions, 3 deletions
diff --git a/Makefile.am b/Makefile.am
index 603753439..fa563de0d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -230,6 +230,7 @@ if HAVE_CMOCKA
pam-srv-tests \
test_ipa_subdom_util \
test_ipa_subdom_server \
+ test_cert_utils \
$(NULL)
if HAVE_LIBRESOLV
@@ -501,6 +502,7 @@ endif
dist_noinst_HEADERS = \
src/monitor/monitor.h \
src/util/crypto/sss_crypto.h \
+ src/util/cert.h \
src/util/dlinklist.h \
src/util/util.h \
src/util/io.h \
@@ -724,6 +726,25 @@ libsss_crypt_la_LIBADD = \
libsss_crypt_la_LDFLAGS = \
-avoid-version
+pkglib_LTLIBRARIES += libsss_cert.la
+
+libsss_cert_la_SOURCES = \
+ src/util/cert/cert_common.c \
+ src/util/cert/libcrypto/cert.c \
+ $(NULL)
+libsss_cert_la_CFLAGS = \
+ $(CRYPTO_CFLAGS) \
+ $(NULL)
+libsss_cert_la_LIBADD = \
+ $(CRYPTO_LIBS) \
+ $(TALLOC_LIBS) \
+ libsss_crypt.la \
+ libsss_debug.la \
+ $(NULL)
+libsss_cert_la_LDFLAGS = \
+ -avoid-version \
+ $(NULL)
+
pkglib_LTLIBRARIES += libsss_util.la
libsss_util_la_SOURCES = \
src/confdb/confdb.c \
@@ -2490,6 +2511,23 @@ test_ipa_subdom_server_LDADD = \
libsss_test_common.la \
$(NULL)
+test_cert_utils_SOURCES = \
+ src/tests/cmocka/test_cert_utils.c \
+ $(NULL)
+test_cert_utils_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(CRYPTO_CFLAGS) \
+ $(NULL)
+test_cert_utils_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
+ $(TALLOC_LIBS) \
+ $(CRYPTO_LIBS) \
+ libsss_debug.la \
+ libsss_test_common.la \
+ libsss_cert.la \
+ libsss_crypt.la \
+ $(NULL)
endif # HAVE_CMOCKA
noinst_PROGRAMS = pam_test_client
diff --git a/configure.ac b/configure.ac
index 339dd8b68..29bedf74d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -340,9 +340,8 @@ fi
if test x$cryptolib = xnss; then
AM_CHECK_NSS
fi
-if test x$cryptolib = xlibcrypto; then
- AM_CHECK_LIBCRYPTO
-fi
+
+AM_CHECK_LIBCRYPTO
AM_CHECK_INOTIFY
diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 8f872037c..74401f832 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -105,6 +105,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
systemd
xml-core
xsltproc
+ libssl-dev
)
DEPS_INTGCHECK_SATISFIED=false
fi
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 1ebd92fa9..15f7c582c 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -106,6 +106,7 @@ BuildRequires: dbus-libs
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: nss-devel
+BuildRequires: openssl-devel
BuildRequires: nspr-devel
BuildRequires: pcre-devel
BuildRequires: libxslt
@@ -691,6 +692,7 @@ rm -rf $RPM_BUILD_ROOT
#Internal shared libraries
%{_libdir}/%{name}/libsss_child.so
%{_libdir}/%{name}/libsss_crypt.so
+%{_libdir}/%{name}/libsss_cert.so
%{_libdir}/%{name}/libsss_debug.so
%{_libdir}/%{name}/libsss_krb5_common.so
%{_libdir}/%{name}/libsss_ldap_common.so
diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
new file mode 100644
index 000000000..5bcbafb27
--- /dev/null
+++ b/src/tests/cmocka/test_cert_utils.c
@@ -0,0 +1,361 @@
+/*
+ SSSD
+
+ Certificates - Utilities tests
+
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2015 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <popt.h>
+#include <openssl/objects.h>
+
+#include "util/cert.h"
+#include "tests/cmocka/common_mock.h"
+#include "util/crypto/nss/nss_util.h"
+
+
+/* TODO: create a certificate for this test */
+const uint8_t test_cert_der[] = {
+0x30, 0x82, 0x04, 0x09, 0x30, 0x82, 0x02, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x09,
+0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
+0x34, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x49, 0x50, 0x41, 0x2e,
+0x44, 0x45, 0x56, 0x45, 0x4c, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x15,
+0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
+0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34, 0x32, 0x38, 0x31,
+0x30, 0x32, 0x31, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x34, 0x32, 0x38, 0x31, 0x30,
+0x32, 0x31, 0x31, 0x31, 0x5a, 0x30, 0x32, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
+0x0c, 0x09, 0x49, 0x50, 0x41, 0x2e, 0x44, 0x45, 0x56, 0x45, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06,
+0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x69, 0x70, 0x61, 0x2d, 0x64, 0x65, 0x76, 0x65, 0x6c, 0x2e,
+0x69, 0x70, 0x61, 0x2e, 0x64, 0x65, 0x76, 0x65, 0x6c, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
+0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
+0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb2, 0x32, 0x92, 0xab, 0x47, 0xb8,
+0x0c, 0x13, 0x54, 0x4a, 0x1f, 0x1e, 0x29, 0x06, 0xff, 0xd0, 0x50, 0xcb, 0xf7, 0x5f, 0x79, 0x91,
+0x65, 0xb1, 0x39, 0x01, 0x83, 0x6a, 0xad, 0x9e, 0x77, 0x3b, 0xf3, 0x0d, 0xd7, 0xb9, 0xf6, 0xdc,
+0x9e, 0x4a, 0x49, 0xa7, 0xd0, 0x66, 0x72, 0xcc, 0xbf, 0x77, 0xd6, 0xde, 0xa9, 0xfe, 0x67, 0x96,
+0xcc, 0x49, 0xf1, 0x37, 0x23, 0x2e, 0xc4, 0x50, 0xf4, 0xeb, 0xba, 0x62, 0xd4, 0x23, 0x4d, 0xf3,
+0x37, 0x38, 0x82, 0xee, 0x3b, 0x3f, 0x2c, 0xd0, 0x80, 0x9b, 0x17, 0xaa, 0x9b, 0xeb, 0xa6, 0xdd,
+0xf6, 0x15, 0xff, 0x06, 0xb2, 0xce, 0xff, 0xdf, 0x8a, 0x9e, 0x95, 0x85, 0x49, 0x1f, 0x84, 0xfd,
+0x81, 0x26, 0xce, 0x06, 0x32, 0x0d, 0x36, 0xca, 0x7c, 0x15, 0x81, 0x68, 0x6b, 0x8f, 0x3e, 0xb3,
+0xa2, 0xfc, 0xae, 0xaf, 0xc2, 0x44, 0x58, 0x15, 0x95, 0x40, 0xfc, 0x56, 0x19, 0x91, 0x80, 0xed,
+0x42, 0x11, 0x66, 0x04, 0xef, 0x3c, 0xe0, 0x76, 0x33, 0x4b, 0x83, 0xfa, 0x7e, 0xb4, 0x47, 0xdc,
+0xfb, 0xed, 0x46, 0xa5, 0x8d, 0x0a, 0x66, 0x87, 0xa5, 0xef, 0x7b, 0x74, 0x62, 0xac, 0xbe, 0x73,
+0x36, 0xc9, 0xb4, 0xfe, 0x20, 0xc4, 0x81, 0xf3, 0xfe, 0x78, 0x19, 0xa8, 0xd0, 0xaf, 0x7f, 0x81,
+0x72, 0x24, 0x61, 0xd9, 0x76, 0x93, 0xe3, 0x0b, 0xd2, 0x4f, 0x19, 0x17, 0x33, 0x57, 0xd4, 0x82,
+0xb0, 0xf1, 0xa8, 0x03, 0xf6, 0x01, 0x99, 0xa9, 0xb8, 0x8c, 0x83, 0xc9, 0xba, 0x19, 0x87, 0xea,
+0xd6, 0x3b, 0x06, 0xeb, 0x4c, 0xf7, 0xf1, 0xe5, 0x28, 0xa9, 0x10, 0xb6, 0x46, 0xde, 0xe1, 0xe1,
+0x3f, 0xc1, 0xcc, 0x72, 0xbe, 0x2a, 0x43, 0xc6, 0xf6, 0xd0, 0xb5, 0xa0, 0xc4, 0x24, 0x6e, 0x4f,
+0xbd, 0xec, 0x22, 0x8a, 0x07, 0x11, 0x3d, 0xf9, 0xd3, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
+0x82, 0x01, 0x26, 0x30, 0x82, 0x01, 0x22, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
+0x30, 0x16, 0x80, 0x14, 0xf2, 0x9d, 0x42, 0x4e, 0x0f, 0xc4, 0x48, 0x25, 0x58, 0x2f, 0x1c, 0xce,
+0x0f, 0xa1, 0x3f, 0x22, 0xc8, 0x55, 0xc8, 0x91, 0x30, 0x3b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
+0x05, 0x07, 0x01, 0x01, 0x04, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
+0x05, 0x07, 0x30, 0x01, 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x69, 0x70, 0x61,
+0x2d, 0x63, 0x61, 0x2e, 0x69, 0x70, 0x61, 0x2e, 0x64, 0x65, 0x76, 0x65, 0x6c, 0x2f, 0x63, 0x61,
+0x2f, 0x6f, 0x63, 0x73, 0x70, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
+0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
+0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
+0x05, 0x07, 0x03, 0x02, 0x30, 0x74, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x6d, 0x30, 0x6b, 0x30,
+0x69, 0xa0, 0x31, 0xa0, 0x2f, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x69, 0x70,
+0x61, 0x2d, 0x63, 0x61, 0x2e, 0x69, 0x70, 0x61, 0x2e, 0x64, 0x65, 0x76, 0x65, 0x6c, 0x2f, 0x69,
+0x70, 0x61, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x43, 0x52, 0x4c,
+0x2e, 0x62, 0x69, 0x6e, 0xa2, 0x34, 0xa4, 0x32, 0x30, 0x30, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03,
+0x55, 0x04, 0x0a, 0x0c, 0x05, 0x69, 0x70, 0x61, 0x63, 0x61, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03,
+0x55, 0x04, 0x03, 0x0c, 0x15, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
+0x0e, 0x04, 0x16, 0x04, 0x14, 0x2d, 0x2b, 0x3f, 0xcb, 0xf5, 0xb2, 0xff, 0x32, 0x2c, 0xa8, 0xc2,
+0x1c, 0xdd, 0xbd, 0x8c, 0x80, 0x1e, 0xdd, 0x31, 0x82, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x9a, 0x47, 0x2e,
+0x50, 0xa7, 0x4d, 0x1d, 0x53, 0x0f, 0xc9, 0x71, 0x42, 0x0c, 0xe5, 0xda, 0x7d, 0x49, 0x64, 0xe7,
+0xab, 0xc8, 0xdf, 0xdf, 0x02, 0xc1, 0x87, 0xd1, 0x5b, 0xde, 0xda, 0x6f, 0x2b, 0xe4, 0xf0, 0xbe,
+0xba, 0x09, 0xdf, 0x02, 0x85, 0x0b, 0x8a, 0xe6, 0x9b, 0x06, 0x7d, 0x69, 0x38, 0x6c, 0x72, 0xff,
+0x4c, 0x7b, 0x2a, 0x0d, 0x3f, 0x23, 0x2f, 0x16, 0x46, 0xff, 0x05, 0x93, 0xb0, 0xea, 0x24, 0x28,
+0xd7, 0x12, 0xa1, 0x57, 0xb8, 0x59, 0x19, 0x25, 0xf3, 0x43, 0x0a, 0xd3, 0xfd, 0x0f, 0x37, 0x8d,
+0xb8, 0xca, 0x15, 0xe7, 0x48, 0x8a, 0xa0, 0xc7, 0xc7, 0x4b, 0x7f, 0x01, 0x3c, 0x58, 0xd7, 0x37,
+0xe5, 0xff, 0x7d, 0x2b, 0x01, 0xac, 0x0d, 0x9f, 0x51, 0x6a, 0xe5, 0x40, 0x24, 0xe6, 0x5e, 0x55,
+0x0d, 0xf7, 0xb8, 0x2f, 0x42, 0xac, 0x6d, 0xe5, 0x29, 0x6b, 0xc6, 0x0b, 0xa4, 0xbf, 0x19, 0xbd,
+0x39, 0x27, 0xee, 0xfe, 0xc5, 0xb3, 0xdb, 0x62, 0xd4, 0xbe, 0xd2, 0x47, 0xba, 0x96, 0x30, 0x5a,
+0xfd, 0x62, 0x00, 0xb8, 0x27, 0x5d, 0x2f, 0x3a, 0x94, 0x0b, 0x95, 0x35, 0x85, 0x40, 0x2c, 0xbc,
+0x67, 0xdf, 0x8a, 0xf9, 0xf1, 0x7b, 0x19, 0x96, 0x3e, 0x42, 0x48, 0x13, 0x23, 0x04, 0x95, 0xa9,
+0x6b, 0x11, 0x33, 0x81, 0x47, 0x5a, 0x83, 0x72, 0xf6, 0x20, 0xfa, 0x8e, 0x41, 0x7b, 0x8f, 0x77,
+0x47, 0x7c, 0xc7, 0x5d, 0x46, 0xf4, 0x4f, 0xfd, 0x81, 0x0a, 0xae, 0x39, 0x27, 0xb6, 0x6a, 0x26,
+0x63, 0xb1, 0xd3, 0xbf, 0x55, 0x83, 0x82, 0x9b, 0x36, 0x6c, 0x33, 0x64, 0x0f, 0x50, 0xc0, 0x55,
+0x94, 0x13, 0xc3, 0x85, 0xf4, 0xd5, 0x71, 0x65, 0xd0, 0xc0, 0xdd, 0xfc, 0xe6, 0xec, 0x9c, 0x5b,
+0xf0, 0x11, 0xb5, 0x2c, 0xf3, 0x48, 0xc1, 0x36, 0x8c, 0xa2, 0x96, 0x48, 0x84};
+
+#define TEST_CERT_PEM "-----BEGIN CERTIFICATE-----\n" \
+"MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu\n" \
+"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0Mjgx\n" \
+"MDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG\n" \
+"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" \
+"ADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3Xufbc\n" \
+"nkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd\n" \
+"9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDt\n" \
+"QhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+B\n" \
+"ciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHh\n" \
+"P8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQY\n" \
+"MBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF\n" \
+"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E\n" \
+"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw\n" \
+"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM\n" \
+"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl\n" \
+"IEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZI\n" \
+"hvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+\n" \
+"ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeN\n" \
+"uMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9\n" \
+"OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWp\n" \
+"axEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBV\n" \
+"lBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ=\n" \
+"-----END CERTIFICATE-----\n"
+
+#define TEST_CERT_DERB64 \
+"MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
+"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0Mjgx" \
+"MDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
+"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
+"ADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3Xufbc" \
+"nkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd" \
+"9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDt" \
+"QhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+B" \
+"ciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHh" \
+"P8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQY" \
+"MBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
+"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
+"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
+"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
+"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
+"IEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZI" \
+"hvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+" \
+"ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeN" \
+"uMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9" \
+"OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWp" \
+"axEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBV" \
+"lBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ="
+
+struct test_state {
+ void *dummy;
+};
+
+static int setup(void **state)
+{
+ struct test_state *ts = NULL;
+
+ assert_true(leak_check_setup());
+
+ ts = talloc(global_talloc_context, struct test_state);
+ assert_non_null(ts);
+
+ check_leaks_push(ts);
+ *state = (void *)ts;
+ return 0;
+}
+
+static int teardown(void **state)
+{
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+
+ assert_non_null(ts);
+
+ assert_true(check_leaks_pop(ts));
+ talloc_free(ts);
+ assert_true(leak_check_teardown());
+ return 0;
+}
+
+void test_sss_cert_der_to_pem(void **state)
+{
+ int ret;
+ char *pem_str;
+ size_t pem_size;
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+ assert_non_null(ts);
+
+ ret = sss_cert_der_to_pem(NULL, NULL, 0, NULL, NULL);
+ assert_int_equal(ret, EINVAL);
+
+ ret = sss_cert_der_to_pem(ts, test_cert_der, sizeof(test_cert_der),
+ &pem_str, &pem_size);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(sizeof(TEST_CERT_PEM) - 1, pem_size);
+ assert_string_equal(pem_str, TEST_CERT_PEM);
+
+ talloc_free(pem_str);
+}
+
+void test_sss_cert_pem_to_der(void **state)
+{
+ int ret;
+ uint8_t *der;
+ size_t der_size;
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+ assert_non_null(ts);
+
+ ret = sss_cert_pem_to_der(NULL, NULL, NULL, NULL);
+ assert_int_equal(ret, EINVAL);
+
+ ret = sss_cert_pem_to_der(ts, TEST_CERT_PEM, &der, &der_size);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(sizeof(test_cert_der), der_size);
+ assert_memory_equal(der, test_cert_der, der_size);
+
+ talloc_free(der);
+}
+
+void test_sss_cert_derb64_to_pem(void **state)
+{
+ int ret;
+ char *pem_str;
+ size_t pem_size;
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+ assert_non_null(ts);
+
+ ret = sss_cert_derb64_to_pem(NULL, NULL, NULL, NULL);
+ assert_int_equal(ret, EINVAL);
+
+ ret = sss_cert_derb64_to_pem(ts, TEST_CERT_DERB64, &pem_str, &pem_size);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(sizeof(TEST_CERT_PEM) - 1, pem_size);
+ assert_string_equal(pem_str, TEST_CERT_PEM);
+
+ talloc_free(pem_str);
+}
+
+void test_sss_cert_pem_to_derb64(void **state)
+{
+ int ret;
+ char *derb64;
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+ assert_non_null(ts);
+
+ ret = sss_cert_pem_to_derb64(NULL, NULL, NULL);
+ assert_int_equal(ret, EINVAL);
+
+ ret = sss_cert_pem_to_derb64(ts, TEST_CERT_PEM, &derb64);
+ assert_int_equal(ret, EOK);
+ assert_string_equal(derb64, TEST_CERT_DERB64);
+
+ talloc_free(derb64);
+}
+
+void test_bin_to_ldap_filter_value(void **state)
+{
+ int ret;
+ size_t c;
+ char *str;
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+ assert_non_null(ts);
+
+ struct test_data {
+ uint8_t blob[5];
+ const char *str;
+ } test_data[] = {
+ {{0x01, 0x02, 0x03, 0x04, 0x05}, "\\01\\02\\03\\04\\05"},
+ {{0x00, 0x00, 0x00, 0x00, 0x00}, "\\00\\00\\00\\00\\00"},
+ {{0xff, 0xff, 0xff, 0xff, 0xff}, "\\ff\\ff\\ff\\ff\\ff"},
+ {{0xca, 0xfe, 0xc0, 0xff, 0xee}, "\\ca\\fe\\c0\\ff\\ee"},
+ {{0}, NULL}
+ };
+
+ ret = bin_to_ldap_filter_value(ts, NULL, 0, NULL);
+ assert_int_equal(ret, EINVAL);
+
+ for (c = 0; test_data[c].str != NULL; c++) {
+ ret = bin_to_ldap_filter_value(ts, test_data[c].blob, 5, &str);
+ assert_int_equal(ret, EOK);
+ assert_string_equal(str, test_data[c].str);
+
+ talloc_free(str);
+ }
+
+}
+
+void test_sss_cert_derb64_to_ldap_filter(void **state)
+{
+ int ret;
+ char *filter;
+
+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
+ assert_non_null(ts);
+
+ ret = sss_cert_derb64_to_ldap_filter(ts, NULL, NULL, NULL);
+ assert_int_equal(ret, EINVAL);
+
+ ret = sss_cert_derb64_to_ldap_filter(ts, "AAECAwQFBgcICQ==", "attrName",
+ &filter);
+ assert_int_equal(ret, EOK);
+ assert_string_equal(filter,
+ "(attrName=\\00\\01\\02\\03\\04\\05\\06\\07\\08\\09)");
+
+ talloc_free(filter);
+}
+
+int main(int argc, const char *argv[])
+{
+ poptContext pc;
+ int opt;
+ int ret;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ SSSD_DEBUG_OPTS
+ POPT_TABLEEND
+ };
+
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(test_sss_cert_der_to_pem,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(test_sss_cert_pem_to_der,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(test_sss_cert_derb64_to_pem,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(test_sss_cert_pem_to_derb64,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(test_bin_to_ldap_filter_value,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(test_sss_cert_derb64_to_ldap_filter,
+ setup, teardown),
+ };
+
+ /* Set debug level to invalid value so we can deside if -d 0 was used. */
+ debug_level = SSSDBG_INVALID;
+
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch(opt) {
+ default:
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
+ poptBadOption(pc, 0), poptStrerror(opt));
+ poptPrintUsage(pc, stderr, 0);
+ return 1;
+ }
+ }
+ poptFreeContext(pc);
+
+ DEBUG_CLI_INIT(debug_level);
+
+ ret = cmocka_run_group_tests(tests, NULL, NULL);
+
+ CRYPTO_cleanup_all_ex_data(); /* to make valgrind happy */
+
+#ifdef HAVE_NSS
+ /* Cleanup NSS and NSPR to make valgrind happy. */
+ nspr_nss_cleanup();
+#endif
+
+
+ return ret;
+}
diff --git a/src/util/cert.h b/src/util/cert.h
new file mode 100644
index 000000000..79ea1a4ab
--- /dev/null
+++ b/src/util/cert.h
@@ -0,0 +1,47 @@
+/*
+ SSSD - certificate handling utils - openssl version
+
+ Copyright (C) Sumit Bose <sbose@redhat.com> 2015
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <talloc.h>
+
+#include "util/util.h"
+
+#ifndef __CERT_H__
+#define __CERT_H__
+
+errno_t sss_cert_der_to_pem(TALLOC_CTX *mem_ctx, const uint8_t *der_blob,
+ size_t der_size, char **pem, size_t *pem_size);
+
+errno_t sss_cert_pem_to_der(TALLOC_CTX *mem_ctx, const char *pem,
+ uint8_t **der_blob, size_t *der_size);
+
+errno_t sss_cert_derb64_to_pem(TALLOC_CTX *mem_ctx, const char *derb64,
+ char **pem, size_t *pem_size);
+
+errno_t sss_cert_pem_to_derb64(TALLOC_CTX *mem_ctx, const char *pem,
+ char **derb64);
+
+errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const char *derb64,
+ const char *attr_name,
+ char **ldap_filter);
+
+errno_t bin_to_ldap_filter_value(TALLOC_CTX *mem_ctx,
+ const uint8_t *blob, size_t blob_size,
+ char **_str);
+#endif /* __CERT_H__ */
diff --git a/src/util/cert/cert_common.c b/src/util/cert/cert_common.c
new file mode 100644
index 000000000..a29696ed3
--- /dev/null
+++ b/src/util/cert/cert_common.c
@@ -0,0 +1,154 @@
+/*
+ SSSD - certificate handling utils
+
+ Copyright (C) Sumit Bose <sbose@redhat.com> 2015
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/util.h"
+#include "util/cert.h"
+#include "util/crypto/sss_crypto.h"
+
+errno_t sss_cert_derb64_to_pem(TALLOC_CTX *mem_ctx, const char *derb64,
+ char **pem, size_t *pem_size)
+{
+ int ret;
+ unsigned char *der;
+ size_t der_size;
+
+ if (derb64 == NULL) {
+ return EINVAL;
+ }
+
+ der = sss_base64_decode(mem_ctx, derb64, &der_size);
+ if (der == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
+ return EINVAL;
+ }
+
+ ret = sss_cert_der_to_pem(mem_ctx, der, der_size, pem, pem_size);
+ talloc_free(der);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_cert_der_to_pem failed.\n");
+ }
+
+ return ret;
+}
+
+errno_t sss_cert_pem_to_derb64(TALLOC_CTX *mem_ctx, const char *pem,
+ char **derb64)
+{
+ int ret;
+ uint8_t *der;
+ size_t der_size;
+
+ ret = sss_cert_pem_to_der(mem_ctx, pem, &der, &der_size);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_cert_pem_to_der failed.\n");
+ return ret;
+ }
+
+ *derb64 = sss_base64_encode(mem_ctx, der, der_size);
+ talloc_free(der);
+ if (*derb64 == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_encode failed.\n");
+ return EINVAL;
+ }
+
+ return EOK;
+}
+
+errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const char *derb64,
+ const char *attr_name,
+ char **ldap_filter)
+{
+ int ret;
+ unsigned char *der;
+ size_t der_size;
+ char *val;
+
+ if (derb64 == NULL || attr_name == NULL) {
+ return EINVAL;
+ }
+
+ der = sss_base64_decode(mem_ctx, derb64, &der_size);
+ if (der == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
+ return EINVAL;
+ }
+
+ ret = bin_to_ldap_filter_value(mem_ctx, der, der_size, &val);
+ talloc_free(der);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "bin_to_ldap_filter_value failed.\n");
+ return ret;
+ }
+
+ *ldap_filter = talloc_asprintf(mem_ctx, "(%s=%s)", attr_name, val);
+ talloc_free(val);
+ if (*ldap_filter == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ return ENOMEM;
+ }
+
+ return EOK;
+}
+
+errno_t bin_to_ldap_filter_value(TALLOC_CTX *mem_ctx,
+ const uint8_t *blob, size_t blob_size,
+ char **_str)
+{
+ int ret;
+ size_t c;
+ size_t len;
+ char *str = NULL;
+ char *p;
+
+ if (blob == NULL || blob_size == 0 || _str == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Missing input parameter.\n");
+ return EINVAL;
+ }
+
+ len = (blob_size * 3) + 1;
+ str = talloc_size(mem_ctx, len);
+ if (str == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
+ return ENOMEM;
+ }
+ str[len - 1] = '\0';
+
+ p = str;
+ for (c = 0; c < blob_size; c++) {
+ ret = snprintf(p, 4, "\\%02x", blob[c]);
+ if (ret != 3) {
+ DEBUG(SSSDBG_OP_FAILURE, "snprintf failed.\n");
+ ret = EIO;
+ goto done;
+ }
+
+ p += 3;
+ }
+
+ ret = EOK;
+
+done:
+ if (ret == EOK) {
+ *_str = str;
+ } else {
+ talloc_free(str);
+ }
+
+ return ret;
+}
diff --git a/src/util/cert/libcrypto/cert.c b/src/util/cert/libcrypto/cert.c
new file mode 100644
index 000000000..1a250f60d
--- /dev/null
+++ b/src/util/cert/libcrypto/cert.c
@@ -0,0 +1,168 @@
+/*
+ SSSD - certificate handling utils - openssl version
+
+ Copyright (C) Sumit Bose <sbose@redhat.com> 2015
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <openssl/x509.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+
+#include "util/util.h"
+
+errno_t sss_cert_der_to_pem(TALLOC_CTX *mem_ctx, const uint8_t *der_blob,
+ size_t der_size, char **pem, size_t *pem_size)
+{
+ X509 *x509 = NULL;
+ BIO *bio_mem = NULL;
+ const unsigned char *d;
+ int ret;
+ long p_size;
+ char *p;
+
+ if (der_blob == NULL || der_size == 0) {
+ return EINVAL;
+ }
+
+ d = (const unsigned char *) der_blob;
+
+ x509 = d2i_X509(NULL, &d, (int) der_size);
+ if (x509 == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "d2i_X509 failed.\n");
+ return EINVAL;
+ }
+
+ bio_mem = BIO_new(BIO_s_mem());
+ if (bio_mem == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = PEM_write_bio_X509(bio_mem, x509);
+ if (ret != 1) {
+ DEBUG(SSSDBG_OP_FAILURE, "PEM_write_bio_X509 failed.\n");
+ ret = EIO;
+ goto done;
+ }
+
+ p_size = BIO_get_mem_data(bio_mem, &p);
+ if (p_size == 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "Unexpected PEM size [%ld].\n", p_size);
+ ret = EINVAL;
+ goto done;
+ }
+
+ if (pem != NULL) {
+ *pem = talloc_strndup(mem_ctx, p, p_size);
+ if (*pem == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_memdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
+ if (pem_size != NULL) {
+ *pem_size = p_size;
+ }
+
+ ret = EOK;
+
+done:
+ X509_free(x509);
+ BIO_free_all(bio_mem);
+
+ return ret;
+}
+
+errno_t sss_cert_pem_to_der(TALLOC_CTX *mem_ctx, const char *pem,
+ uint8_t **_der_blob, size_t *_der_size)
+{
+ X509 *x509 = NULL;
+ BIO *bio_mem = NULL;
+ int ret;
+ unsigned char *buf;
+ int buf_size;
+ uint8_t *der_blob;
+ size_t der_size;
+
+ if (pem == NULL) {
+ return EINVAL;
+ }
+
+ bio_mem = BIO_new(BIO_s_mem());
+ if (bio_mem == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = BIO_puts(bio_mem, pem);
+ if (ret <= 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "BIO_puts failed.\n");
+ ret = EIO;
+ goto done;
+ }
+
+ x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
+ if (x509 == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "PEM_read_bio_X509 failed.\n");
+ ret = EIO;
+ goto done;
+ }
+
+ buf_size = i2d_X509(x509, NULL);
+ if (buf_size <= 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "i2d_X509 failed.\n");
+ ret = EIO;
+ goto done;
+ }
+
+ if (_der_blob != NULL) {
+ buf = talloc_size(mem_ctx, buf_size);
+ if (buf == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+
+ der_blob = buf;
+
+ der_size = i2d_X509(x509, &buf);
+ if (der_size != buf_size) {
+ talloc_free(der_blob);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "i2d_X509 size mismatch between two calls.\n");
+ ret = EIO;
+ goto done;
+ }
+
+ *_der_blob = der_blob;
+ }
+
+ if (_der_size != NULL) {
+ *_der_size = buf_size;
+ }
+
+ ret = EOK;
+
+done:
+ X509_free(x509);
+ BIO_free_all(bio_mem);
+
+ return ret;
+
+}