]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/ssl/crtd_message.cc
6 #include "ssl/gadgets.h"
7 #include "ssl/crtd_message.h"
15 Ssl::CrtdMessage::CrtdMessage()
16 : body_size(0), state(BEFORE_CODE
)
19 Ssl::CrtdMessage::ParseResult
Ssl::CrtdMessage::parse(const char * buffer
, size_t len
)
21 char const *current_pos
= buffer
;
22 while (current_pos
!= buffer
+ len
&& state
!= END
) {
25 if (xisspace(*current_pos
)) {
29 if (xisalpha(*current_pos
)) {
37 if (xisalnum(*current_pos
) || *current_pos
== '_') {
38 current_block
+= *current_pos
;
42 if (xisspace(*current_pos
)) {
44 current_block
.clear();
45 state
= BEFORE_LENGTH
;
52 if (xisspace(*current_pos
)) {
56 if (xisdigit(*current_pos
)) {
64 if (xisdigit(*current_pos
)) {
65 current_block
+= *current_pos
;
69 if (xisspace(*current_pos
)) {
70 body_size
= atoi(current_block
.c_str());
71 current_block
.clear();
83 if (xisspace(*current_pos
)) {
92 size_t body_len
= (static_cast<size_t>(buffer
+ len
- current_pos
) >= body_size
- current_block
.length())
93 ? body_size
- current_block
.length()
94 : static_cast<size_t>(buffer
+ len
- current_pos
);
95 current_block
+= std::string(current_pos
, body_len
);
96 current_pos
+= body_len
;
97 if (current_block
.length() == body_size
) {
101 if (current_block
.length() > body_size
) {
112 if (state
!= END
) return INCOMPLETE
;
116 std::string
const & Ssl::CrtdMessage::getBody() const { return body
; }
118 std::string
const & Ssl::CrtdMessage::getCode() const { return code
; }
120 void Ssl::CrtdMessage::setBody(std::string
const & aBody
) { body
= aBody
; }
122 void Ssl::CrtdMessage::setCode(std::string
const & aCode
) { code
= aCode
; }
125 std::string
Ssl::CrtdMessage::compose() const
127 if (code
.empty()) return std::string();
129 snprintf(buffer
, sizeof(buffer
), "%zd", body
.length());
130 return code
+ ' ' + buffer
+ ' ' + body
;
133 void Ssl::CrtdMessage::clear()
139 current_block
.clear();
142 void Ssl::CrtdMessage::parseBody(CrtdMessage::BodyParams
& map
, std::string
& other_part
) const
145 // Copy string for using it as temp buffer.
146 std::string
temp_body(body
.c_str(), body
.length());
147 char * buffer
= const_cast<char *>(temp_body
.c_str());
148 char * token
= strtok(buffer
, "\r\n");
149 while (token
!= NULL
) {
150 std::string
current_string(token
);
151 size_t equal_pos
= current_string
.find('=');
152 if (equal_pos
== std::string::npos
) {
153 size_t offset_body_part
= token
- temp_body
.c_str();
154 other_part
= std::string(body
.c_str() + offset_body_part
, body
.length() - offset_body_part
);
157 std::string
param(current_string
.c_str(), current_string
.c_str() + equal_pos
);
158 std::string
value(current_string
.c_str() + equal_pos
+ 1);
159 map
.insert(std::make_pair(param
, value
));
161 token
= strtok(NULL
, "\r\n");
165 void Ssl::CrtdMessage::composeBody(CrtdMessage::BodyParams
const & map
, std::string
const & other_part
)
168 for (BodyParams::const_iterator i
= map
.begin(); i
!= map
.end(); i
++) {
169 if (i
!= map
.begin())
171 body
+= i
->first
+ "=" + i
->second
;
173 if (!other_part
.empty())
174 body
+= '\n' + other_part
;
178 bool Ssl::CrtdMessage::parseRequest(Ssl::CertificateProperties
&certProperties
, std::string
&error
)
180 Ssl::CrtdMessage::BodyParams map
;
181 std::string certs_part
;
182 parseBody(map
, certs_part
);
183 Ssl::CrtdMessage::BodyParams::iterator i
= map
.find(Ssl::CrtdMessage::param_host
);
184 if (i
== map
.end()) {
185 error
= "Cannot find \"host\" parameter in request message";
188 certProperties
.commonName
= i
->second
;
190 i
= map
.find(Ssl::CrtdMessage::param_SetValidAfter
);
191 if (i
!= map
.end() && strcasecmp(i
->second
.c_str(), "on") == 0)
192 certProperties
.setValidAfter
= true;
194 i
= map
.find(Ssl::CrtdMessage::param_SetValidBefore
);
195 if (i
!= map
.end() && strcasecmp(i
->second
.c_str(), "on") == 0)
196 certProperties
.setValidBefore
= true;
198 i
= map
.find(Ssl::CrtdMessage::param_SetCommonName
);
199 if (i
!= map
.end()) {
200 // use this as Common Name instead of the hostname
201 // defined with host or Common Name from mimic cert
202 certProperties
.commonName
= i
->second
;
203 certProperties
.setCommonName
= true;
206 i
= map
.find(Ssl::CrtdMessage::param_Sign
);
207 if (i
!= map
.end()) {
208 if ((certProperties
.signAlgorithm
= Ssl::certSignAlgorithmId(i
->second
.c_str())) == Ssl::algSignEnd
) {
209 error
= "Wrong signing algoritm: " + i
->second
;
214 certProperties
.signAlgorithm
= Ssl::algSignTrusted
;
216 if (certProperties
.signAlgorithm
!= Ssl::algSignSelf
&&
217 !Ssl::readCertAndPrivateKeyFromMemory(certProperties
.signWithX509
, certProperties
.signWithPkey
, certs_part
.c_str())) {
218 error
= "Broken signing certificate!";
222 static const std::string
CERT_BEGIN_STR("-----BEGIN CERTIFICATE");
224 if ((pos
= certs_part
.find(CERT_BEGIN_STR
)) != std::string::npos
) {
225 pos
+= CERT_BEGIN_STR
.length();
226 if ((pos
= certs_part
.find(CERT_BEGIN_STR
, pos
)) != std::string::npos
)
227 Ssl::readCertFromMemory(certProperties
.mimicCert
, certs_part
.c_str() + pos
);
232 void Ssl::CrtdMessage::composeRequest(Ssl::CertificateProperties
const &certProperties
)
235 body
= Ssl::CrtdMessage::param_host
+ "=" + certProperties
.commonName
;
236 if (certProperties
.setCommonName
)
237 body
+= "\n" + Ssl::CrtdMessage::param_SetCommonName
+ "=" + certProperties
.commonName
;
238 if (certProperties
.setValidAfter
)
239 body
+= "\n" + Ssl::CrtdMessage::param_SetValidAfter
+ "=on";
240 if (certProperties
.setValidBefore
)
241 body
+= "\n" + Ssl::CrtdMessage::param_SetValidBefore
+ "=on";
242 if(certProperties
.signAlgorithm
!= Ssl::algSignEnd
)
243 body
+= "\n" + Ssl::CrtdMessage::param_Sign
+ "=" + certSignAlgorithm(certProperties
.signAlgorithm
);
245 std::string certsPart
;
246 bool ret
= Ssl::writeCertAndPrivateKeyToMemory(certProperties
.signWithX509
, certProperties
.signWithPkey
, certsPart
);
248 if (certProperties
.mimicCert
.get()) {
249 ret
= Ssl::appendCertToMemory(certProperties
.mimicCert
, certsPart
);
252 body
+= "\n" + certsPart
;
255 const std::string
Ssl::CrtdMessage::code_new_certificate("new_certificate");
256 const std::string
Ssl::CrtdMessage::param_host("host");
257 const std::string
Ssl::CrtdMessage::param_SetValidAfter(Ssl::CertAdaptAlgorithmStr
[algSetValidAfter
]);
258 const std::string
Ssl::CrtdMessage::param_SetValidBefore(Ssl::CertAdaptAlgorithmStr
[algSetValidBefore
]);
259 const std::string
Ssl::CrtdMessage::param_SetCommonName(Ssl::CertAdaptAlgorithmStr
[algSetCommonName
]);
260 const std::string
Ssl::CrtdMessage::param_Sign("Sign");