#endif /* EAP_TLS_OPENSSL */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
-{
- return ASN1_STRING_data((ASN1_STRING *) x);
-}
-#endif /* OpenSSL < 1.1.0 */
-
-
struct http_ctx {
void *ctx;
struct xml_node_ctx *xml;
CURL *curl;
struct curl_slist *curl_hdr;
char *svc_address;
- char *svc_ca_fname;
- char *svc_username;
- char *svc_password;
- char *svc_client_cert;
- char *svc_client_key;
char *curl_buf;
size_t curl_buf_len;
- int (*cert_cb)(void *ctx, struct http_cert *cert);
- void *cert_cb_ctx;
-
enum {
NO_OCSP, OPTIONAL_OCSP, MANDATORY_OCSP
} ocsp;
}
-static void clone_str(char **dst, const char *src)
-{
- os_free(*dst);
- if (src)
- *dst = os_strdup(src);
- else
- *dst = NULL;
-}
-
-
static void debug_dump(struct http_ctx *ctx, const char *title,
const char *buf, size_t len)
{
}
-static void add_alt_name_othername(struct http_ctx *ctx, struct http_cert *cert,
- OTHERNAME *o)
-{
- char txt[100];
- int res;
- struct http_othername *on;
- ASN1_TYPE *val;
-
- on = os_realloc_array(cert->othername, cert->num_othername + 1,
- sizeof(struct http_othername));
- if (on == NULL)
- return;
- cert->othername = on;
- on = &on[cert->num_othername];
- os_memset(on, 0, sizeof(*on));
-
- res = OBJ_obj2txt(txt, sizeof(txt), o->type_id, 1);
- if (res < 0 || res >= (int) sizeof(txt))
- return;
-
- on->oid = os_strdup(txt);
- if (on->oid == NULL)
- return;
-
- val = o->value;
- on->data = val->value.octet_string->data;
- on->len = val->value.octet_string->length;
-
- cert->num_othername++;
-}
-
-
-static void add_alt_name_dns(struct http_ctx *ctx, struct http_cert *cert,
- ASN1_STRING *name)
-{
- char *buf;
- char **n;
-
- buf = NULL;
- if (ASN1_STRING_to_UTF8((unsigned char **) &buf, name) < 0)
- return;
-
- n = os_realloc_array(cert->dnsname, cert->num_dnsname + 1,
- sizeof(char *));
- if (n == NULL)
- return;
-
- cert->dnsname = n;
- n[cert->num_dnsname] = buf;
- cert->num_dnsname++;
-}
-
-
-static void add_alt_name(struct http_ctx *ctx, struct http_cert *cert,
- const GENERAL_NAME *name)
-{
- switch (name->type) {
- case GEN_OTHERNAME:
- add_alt_name_othername(ctx, cert, name->d.otherName);
- break;
- case GEN_DNS:
- add_alt_name_dns(ctx, cert, name->d.dNSName);
- break;
- }
-}
-
-
-static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert,
- GENERAL_NAMES *names)
-{
- int num, i;
-
- num = sk_GENERAL_NAME_num(names);
- for (i = 0; i < num; i++) {
- const GENERAL_NAME *name;
- name = sk_GENERAL_NAME_value(names, i);
- add_alt_name(ctx, cert, name);
- }
-}
-
-
-/* RFC 3709 */
-
-typedef struct {
- X509_ALGOR *hashAlg;
- ASN1_OCTET_STRING *hashValue;
-} HashAlgAndValue;
-
-typedef struct {
- STACK_OF(HashAlgAndValue) *refStructHash;
- STACK_OF(ASN1_IA5STRING) *refStructURI;
-} LogotypeReference;
-
-typedef struct {
- ASN1_IA5STRING *mediaType;
- STACK_OF(HashAlgAndValue) *logotypeHash;
- STACK_OF(ASN1_IA5STRING) *logotypeURI;
-} LogotypeDetails;
-
-typedef struct {
- int type;
- union {
- ASN1_INTEGER *numBits;
- ASN1_INTEGER *tableSize;
- } d;
-} LogotypeImageResolution;
-
-typedef struct {
- ASN1_INTEGER *type; /* LogotypeImageType ::= INTEGER */
- ASN1_INTEGER *fileSize;
- ASN1_INTEGER *xSize;
- ASN1_INTEGER *ySize;
- LogotypeImageResolution *resolution;
- ASN1_IA5STRING *language;
-} LogotypeImageInfo;
-
-typedef struct {
- LogotypeDetails *imageDetails;
- LogotypeImageInfo *imageInfo;
-} LogotypeImage;
-
-typedef struct {
- ASN1_INTEGER *fileSize;
- ASN1_INTEGER *playTime;
- ASN1_INTEGER *channels;
- ASN1_INTEGER *sampleRate;
- ASN1_IA5STRING *language;
-} LogotypeAudioInfo;
-
-typedef struct {
- LogotypeDetails *audioDetails;
- LogotypeAudioInfo *audioInfo;
-} LogotypeAudio;
-
-typedef struct {
- STACK_OF(LogotypeImage) *image;
- STACK_OF(LogotypeAudio) *audio;
-} LogotypeData;
-
-typedef struct {
- int type;
- union {
- LogotypeData *direct;
- LogotypeReference *indirect;
- } d;
-} LogotypeInfo;
-
-typedef struct {
- ASN1_OBJECT *logotypeType;
- LogotypeInfo *info;
-} OtherLogotypeInfo;
-
-typedef struct {
- STACK_OF(LogotypeInfo) *communityLogos;
- LogotypeInfo *issuerLogo;
- LogotypeInfo *subjectLogo;
- STACK_OF(OtherLogotypeInfo) *otherLogos;
-} LogotypeExtn;
-
-ASN1_SEQUENCE(HashAlgAndValue) = {
- ASN1_SIMPLE(HashAlgAndValue, hashAlg, X509_ALGOR),
- ASN1_SIMPLE(HashAlgAndValue, hashValue, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(HashAlgAndValue);
-
-ASN1_SEQUENCE(LogotypeReference) = {
- ASN1_SEQUENCE_OF(LogotypeReference, refStructHash, HashAlgAndValue),
- ASN1_SEQUENCE_OF(LogotypeReference, refStructURI, ASN1_IA5STRING)
-} ASN1_SEQUENCE_END(LogotypeReference);
-
-ASN1_SEQUENCE(LogotypeDetails) = {
- ASN1_SIMPLE(LogotypeDetails, mediaType, ASN1_IA5STRING),
- ASN1_SEQUENCE_OF(LogotypeDetails, logotypeHash, HashAlgAndValue),
- ASN1_SEQUENCE_OF(LogotypeDetails, logotypeURI, ASN1_IA5STRING)
-} ASN1_SEQUENCE_END(LogotypeDetails);
-
-ASN1_CHOICE(LogotypeImageResolution) = {
- ASN1_IMP(LogotypeImageResolution, d.numBits, ASN1_INTEGER, 1),
- ASN1_IMP(LogotypeImageResolution, d.tableSize, ASN1_INTEGER, 2)
-} ASN1_CHOICE_END(LogotypeImageResolution);
-
-ASN1_SEQUENCE(LogotypeImageInfo) = {
- ASN1_IMP_OPT(LogotypeImageInfo, type, ASN1_INTEGER, 0),
- ASN1_SIMPLE(LogotypeImageInfo, fileSize, ASN1_INTEGER),
- ASN1_SIMPLE(LogotypeImageInfo, xSize, ASN1_INTEGER),
- ASN1_SIMPLE(LogotypeImageInfo, ySize, ASN1_INTEGER),
- ASN1_OPT(LogotypeImageInfo, resolution, LogotypeImageResolution),
- ASN1_IMP_OPT(LogotypeImageInfo, language, ASN1_IA5STRING, 4),
-} ASN1_SEQUENCE_END(LogotypeImageInfo);
-
-ASN1_SEQUENCE(LogotypeImage) = {
- ASN1_SIMPLE(LogotypeImage, imageDetails, LogotypeDetails),
- ASN1_OPT(LogotypeImage, imageInfo, LogotypeImageInfo)
-} ASN1_SEQUENCE_END(LogotypeImage);
-
-ASN1_SEQUENCE(LogotypeAudioInfo) = {
- ASN1_SIMPLE(LogotypeAudioInfo, fileSize, ASN1_INTEGER),
- ASN1_SIMPLE(LogotypeAudioInfo, playTime, ASN1_INTEGER),
- ASN1_SIMPLE(LogotypeAudioInfo, channels, ASN1_INTEGER),
- ASN1_IMP_OPT(LogotypeAudioInfo, sampleRate, ASN1_INTEGER, 3),
- ASN1_IMP_OPT(LogotypeAudioInfo, language, ASN1_IA5STRING, 4)
-} ASN1_SEQUENCE_END(LogotypeAudioInfo);
-
-ASN1_SEQUENCE(LogotypeAudio) = {
- ASN1_SIMPLE(LogotypeAudio, audioDetails, LogotypeDetails),
- ASN1_OPT(LogotypeAudio, audioInfo, LogotypeAudioInfo)
-} ASN1_SEQUENCE_END(LogotypeAudio);
-
-ASN1_SEQUENCE(LogotypeData) = {
- ASN1_SEQUENCE_OF_OPT(LogotypeData, image, LogotypeImage),
- ASN1_IMP_SEQUENCE_OF_OPT(LogotypeData, audio, LogotypeAudio, 1)
-} ASN1_SEQUENCE_END(LogotypeData);
-
-ASN1_CHOICE(LogotypeInfo) = {
- ASN1_IMP(LogotypeInfo, d.direct, LogotypeData, 0),
- ASN1_IMP(LogotypeInfo, d.indirect, LogotypeReference, 1)
-} ASN1_CHOICE_END(LogotypeInfo);
-
-ASN1_SEQUENCE(OtherLogotypeInfo) = {
- ASN1_SIMPLE(OtherLogotypeInfo, logotypeType, ASN1_OBJECT),
- ASN1_SIMPLE(OtherLogotypeInfo, info, LogotypeInfo)
-} ASN1_SEQUENCE_END(OtherLogotypeInfo);
-
-ASN1_SEQUENCE(LogotypeExtn) = {
- ASN1_EXP_SEQUENCE_OF_OPT(LogotypeExtn, communityLogos, LogotypeInfo, 0),
- ASN1_EXP_OPT(LogotypeExtn, issuerLogo, LogotypeInfo, 1),
- ASN1_EXP_OPT(LogotypeExtn, issuerLogo, LogotypeInfo, 2),
- ASN1_EXP_SEQUENCE_OF_OPT(LogotypeExtn, otherLogos, OtherLogotypeInfo, 3)
-} ASN1_SEQUENCE_END(LogotypeExtn);
-
-IMPLEMENT_ASN1_FUNCTIONS(LogotypeExtn);
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st))
-#define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i))
-#define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st))
-#define sk_LogotypeImage_value(st, i) SKM_sk_value(LogotypeImage, (st), (i))
-#define sk_LogotypeAudio_num(st) SKM_sk_num(LogotypeAudio, (st))
-#define sk_LogotypeAudio_value(st, i) SKM_sk_value(LogotypeAudio, (st), (i))
-#define sk_HashAlgAndValue_num(st) SKM_sk_num(HashAlgAndValue, (st))
-#define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i))
-#define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st))
-#define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i))
-#else
-DEFINE_STACK_OF(LogotypeInfo)
-DEFINE_STACK_OF(LogotypeImage)
-DEFINE_STACK_OF(LogotypeAudio)
-DEFINE_STACK_OF(HashAlgAndValue)
-DEFINE_STACK_OF(ASN1_IA5STRING)
-#endif
-
-
-static void add_logo(struct http_ctx *ctx, struct http_cert *hcert,
- HashAlgAndValue *hash, ASN1_IA5STRING *uri)
-{
- char txt[100];
- int res, len;
- struct http_logo *n;
-
- if (hash == NULL || uri == NULL)
- return;
-
- res = OBJ_obj2txt(txt, sizeof(txt), hash->hashAlg->algorithm, 1);
- if (res < 0 || res >= (int) sizeof(txt))
- return;
-
- n = os_realloc_array(hcert->logo, hcert->num_logo + 1,
- sizeof(struct http_logo));
- if (n == NULL)
- return;
- hcert->logo = n;
- n = &hcert->logo[hcert->num_logo];
- os_memset(n, 0, sizeof(*n));
-
- n->alg_oid = os_strdup(txt);
- if (n->alg_oid == NULL)
- return;
-
- n->hash_len = ASN1_STRING_length(hash->hashValue);
- n->hash = os_memdup(ASN1_STRING_get0_data(hash->hashValue),
- n->hash_len);
- if (n->hash == NULL) {
- os_free(n->alg_oid);
- return;
- }
-
- len = ASN1_STRING_length(uri);
- n->uri = os_malloc(len + 1);
- if (n->uri == NULL) {
- os_free(n->alg_oid);
- os_free(n->hash);
- return;
- }
- os_memcpy(n->uri, ASN1_STRING_get0_data(uri), len);
- n->uri[len] = '\0';
-
- hcert->num_logo++;
-}
-
-
-static void add_logo_direct(struct http_ctx *ctx, struct http_cert *hcert,
- LogotypeData *data)
-{
- int i, num;
-
- if (data->image == NULL)
- return;
-
- num = sk_LogotypeImage_num(data->image);
- for (i = 0; i < num; i++) {
- LogotypeImage *image;
- LogotypeDetails *details;
- int j, hash_num, uri_num;
- HashAlgAndValue *found_hash = NULL;
-
- image = sk_LogotypeImage_value(data->image, i);
- if (image == NULL)
- continue;
-
- details = image->imageDetails;
- if (details == NULL)
- continue;
-
- hash_num = sk_HashAlgAndValue_num(details->logotypeHash);
- for (j = 0; j < hash_num; j++) {
- HashAlgAndValue *hash;
- char txt[100];
- int res;
- hash = sk_HashAlgAndValue_value(details->logotypeHash,
- j);
- if (hash == NULL)
- continue;
- res = OBJ_obj2txt(txt, sizeof(txt),
- hash->hashAlg->algorithm, 1);
- if (res < 0 || res >= (int) sizeof(txt))
- continue;
- if (os_strcmp(txt, "2.16.840.1.101.3.4.2.1") == 0) {
- found_hash = hash;
- break;
- }
- }
-
- if (!found_hash) {
- wpa_printf(MSG_DEBUG, "OpenSSL: No SHA256 hash found for the logo");
- continue;
- }
-
- uri_num = sk_ASN1_IA5STRING_num(details->logotypeURI);
- for (j = 0; j < uri_num; j++) {
- ASN1_IA5STRING *uri;
- uri = sk_ASN1_IA5STRING_value(details->logotypeURI, j);
- add_logo(ctx, hcert, found_hash, uri);
- }
- }
-}
-
-
-static void add_logo_indirect(struct http_ctx *ctx, struct http_cert *hcert,
- LogotypeReference *ref)
-{
- int j, hash_num, uri_num;
-
- hash_num = sk_HashAlgAndValue_num(ref->refStructHash);
- uri_num = sk_ASN1_IA5STRING_num(ref->refStructURI);
- if (hash_num != uri_num) {
- wpa_printf(MSG_INFO, "Unexpected LogotypeReference array size difference %d != %d",
- hash_num, uri_num);
- return;
- }
-
- for (j = 0; j < hash_num; j++) {
- HashAlgAndValue *hash;
- ASN1_IA5STRING *uri;
- hash = sk_HashAlgAndValue_value(ref->refStructHash, j);
- uri = sk_ASN1_IA5STRING_value(ref->refStructURI, j);
- add_logo(ctx, hcert, hash, uri);
- }
-}
-
-
-static void i2r_HashAlgAndValue(HashAlgAndValue *hash, BIO *out, int indent)
-{
- int i;
- const unsigned char *data;
-
- BIO_printf(out, "%*shashAlg: ", indent, "");
- i2a_ASN1_OBJECT(out, hash->hashAlg->algorithm);
- BIO_printf(out, "\n");
-
- BIO_printf(out, "%*shashValue: ", indent, "");
- data = hash->hashValue->data;
- for (i = 0; i < hash->hashValue->length; i++)
- BIO_printf(out, "%s%02x", i > 0 ? ":" : "", data[i]);
- BIO_printf(out, "\n");
-}
-
-static void i2r_LogotypeDetails(LogotypeDetails *details, BIO *out, int indent)
-{
- int i, num;
-
- BIO_printf(out, "%*sLogotypeDetails\n", indent, "");
- if (details->mediaType) {
- BIO_printf(out, "%*smediaType: ", indent, "");
- ASN1_STRING_print(out, details->mediaType);
- BIO_printf(out, "\n");
- }
-
- num = details->logotypeHash ?
- sk_HashAlgAndValue_num(details->logotypeHash) : 0;
- for (i = 0; i < num; i++) {
- HashAlgAndValue *hash;
- hash = sk_HashAlgAndValue_value(details->logotypeHash, i);
- i2r_HashAlgAndValue(hash, out, indent);
- }
-
- num = details->logotypeURI ?
- sk_ASN1_IA5STRING_num(details->logotypeURI) : 0;
- for (i = 0; i < num; i++) {
- ASN1_IA5STRING *uri;
- uri = sk_ASN1_IA5STRING_value(details->logotypeURI, i);
- BIO_printf(out, "%*slogotypeURI: ", indent, "");
- ASN1_STRING_print(out, uri);
- BIO_printf(out, "\n");
- }
-}
-
-static void i2r_LogotypeImageInfo(LogotypeImageInfo *info, BIO *out, int indent)
-{
- long val;
-
- BIO_printf(out, "%*sLogotypeImageInfo\n", indent, "");
- if (info->type) {
- val = ASN1_INTEGER_get(info->type);
- BIO_printf(out, "%*stype: %ld\n", indent, "", val);
- } else {
- BIO_printf(out, "%*stype: default (1)\n", indent, "");
- }
- val = ASN1_INTEGER_get(info->fileSize);
- BIO_printf(out, "%*sfileSize: %ld\n", indent, "", val);
- val = ASN1_INTEGER_get(info->xSize);
- BIO_printf(out, "%*sxSize: %ld\n", indent, "", val);
- val = ASN1_INTEGER_get(info->ySize);
- BIO_printf(out, "%*sySize: %ld\n", indent, "", val);
- if (info->resolution) {
- BIO_printf(out, "%*sresolution [%d]\n", indent, "",
- info->resolution->type);
- switch (info->resolution->type) {
- case 0:
- val = ASN1_INTEGER_get(info->resolution->d.numBits);
- BIO_printf(out, "%*snumBits: %ld\n", indent, "", val);
- break;
- case 1:
- val = ASN1_INTEGER_get(info->resolution->d.tableSize);
- BIO_printf(out, "%*stableSize: %ld\n", indent, "", val);
- break;
- }
- }
- if (info->language) {
- BIO_printf(out, "%*slanguage: ", indent, "");
- ASN1_STRING_print(out, info->language);
- BIO_printf(out, "\n");
- }
-}
-
-static void i2r_LogotypeImage(LogotypeImage *image, BIO *out, int indent)
-{
- BIO_printf(out, "%*sLogotypeImage\n", indent, "");
- if (image->imageDetails) {
- i2r_LogotypeDetails(image->imageDetails, out, indent + 4);
- }
- if (image->imageInfo) {
- i2r_LogotypeImageInfo(image->imageInfo, out, indent + 4);
- }
-}
-
-static void i2r_LogotypeData(LogotypeData *data, const char *title, BIO *out,
- int indent)
-{
- int i, num;
-
- BIO_printf(out, "%*s%s - LogotypeData\n", indent, "", title);
-
- num = data->image ? sk_LogotypeImage_num(data->image) : 0;
- for (i = 0; i < num; i++) {
- LogotypeImage *image = sk_LogotypeImage_value(data->image, i);
- i2r_LogotypeImage(image, out, indent + 4);
- }
-
- num = data->audio ? sk_LogotypeAudio_num(data->audio) : 0;
- for (i = 0; i < num; i++) {
- BIO_printf(out, "%*saudio: TODO\n", indent, "");
- }
-}
-
-static void i2r_LogotypeReference(LogotypeReference *ref, const char *title,
- BIO *out, int indent)
-{
- int i, hash_num, uri_num;
-
- BIO_printf(out, "%*s%s - LogotypeReference\n", indent, "", title);
-
- hash_num = ref->refStructHash ?
- sk_HashAlgAndValue_num(ref->refStructHash) : 0;
- uri_num = ref->refStructURI ?
- sk_ASN1_IA5STRING_num(ref->refStructURI) : 0;
- if (hash_num != uri_num) {
- BIO_printf(out, "%*sUnexpected LogotypeReference array size difference %d != %d\n",
- indent, "", hash_num, uri_num);
- return;
- }
-
- for (i = 0; i < hash_num; i++) {
- HashAlgAndValue *hash;
- ASN1_IA5STRING *uri;
-
- hash = sk_HashAlgAndValue_value(ref->refStructHash, i);
- i2r_HashAlgAndValue(hash, out, indent);
-
- uri = sk_ASN1_IA5STRING_value(ref->refStructURI, i);
- BIO_printf(out, "%*srefStructURI: ", indent, "");
- ASN1_STRING_print(out, uri);
- BIO_printf(out, "\n");
- }
-}
-
-static void i2r_LogotypeInfo(LogotypeInfo *info, const char *title, BIO *out,
- int indent)
-{
- switch (info->type) {
- case 0:
- i2r_LogotypeData(info->d.direct, title, out, indent);
- break;
- case 1:
- i2r_LogotypeReference(info->d.indirect, title, out, indent);
- break;
- }
-}
-
-static void debug_print_logotypeext(LogotypeExtn *logo)
-{
- BIO *out;
- int i, num;
- int indent = 0;
-
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if (out == NULL)
- return;
-
- if (logo->communityLogos) {
- num = sk_LogotypeInfo_num(logo->communityLogos);
- for (i = 0; i < num; i++) {
- LogotypeInfo *info;
- info = sk_LogotypeInfo_value(logo->communityLogos, i);
- i2r_LogotypeInfo(info, "communityLogo", out, indent);
- }
- }
-
- if (logo->issuerLogo) {
- i2r_LogotypeInfo(logo->issuerLogo, "issuerLogo", out, indent );
- }
-
- if (logo->subjectLogo) {
- i2r_LogotypeInfo(logo->subjectLogo, "subjectLogo", out, indent);
- }
-
- if (logo->otherLogos) {
- BIO_printf(out, "%*sotherLogos - TODO\n", indent, "");
- }
-
- BIO_free(out);
-}
-
-
-static void add_logotype_ext(struct http_ctx *ctx, struct http_cert *hcert,
- X509 *cert)
-{
- ASN1_OBJECT *obj;
- int pos;
- X509_EXTENSION *ext;
- ASN1_OCTET_STRING *os;
- LogotypeExtn *logo;
- const unsigned char *data;
- int i, num;
-
- obj = OBJ_txt2obj("1.3.6.1.5.5.7.1.12", 0);
- if (obj == NULL)
- return;
-
- pos = X509_get_ext_by_OBJ(cert, obj, -1);
- if (pos < 0) {
- wpa_printf(MSG_INFO, "No logotype extension included");
- return;
- }
-
- wpa_printf(MSG_INFO, "Parsing logotype extension");
- ext = X509_get_ext(cert, pos);
- if (!ext) {
- wpa_printf(MSG_INFO, "Could not get logotype extension");
- return;
- }
-
- os = X509_EXTENSION_get_data(ext);
- if (os == NULL) {
- wpa_printf(MSG_INFO, "Could not get logotype extension data");
- return;
- }
-
- wpa_hexdump(MSG_DEBUG, "logotypeExtn",
- ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
-
- data = ASN1_STRING_get0_data(os);
- logo = d2i_LogotypeExtn(NULL, &data, ASN1_STRING_length(os));
- if (logo == NULL) {
- wpa_printf(MSG_INFO, "Failed to parse logotypeExtn");
- return;
- }
-
- if (wpa_debug_level < MSG_INFO)
- debug_print_logotypeext(logo);
-
- if (!logo->communityLogos) {
- wpa_printf(MSG_INFO, "No communityLogos included");
- LogotypeExtn_free(logo);
- return;
- }
-
- num = sk_LogotypeInfo_num(logo->communityLogos);
- for (i = 0; i < num; i++) {
- LogotypeInfo *info;
- info = sk_LogotypeInfo_value(logo->communityLogos, i);
- switch (info->type) {
- case 0:
- add_logo_direct(ctx, hcert, info->d.direct);
- break;
- case 1:
- add_logo_indirect(ctx, hcert, info->d.indirect);
- break;
- }
- }
-
- LogotypeExtn_free(logo);
-}
-
-
-static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
- X509 *cert, GENERAL_NAMES **names)
-{
- os_memset(hcert, 0, sizeof(*hcert));
- hcert->url = ctx->url ? ctx->url : ctx->svc_address;
-
- *names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
- if (*names)
- add_alt_names(ctx, hcert, *names);
-
- add_logotype_ext(ctx, hcert, cert);
-}
-
-
-static void parse_cert_free(struct http_cert *hcert, GENERAL_NAMES *names)
-{
- unsigned int i;
-
- for (i = 0; i < hcert->num_dnsname; i++)
- OPENSSL_free(hcert->dnsname[i]);
- os_free(hcert->dnsname);
-
- for (i = 0; i < hcert->num_othername; i++)
- os_free(hcert->othername[i].oid);
- os_free(hcert->othername);
-
- for (i = 0; i < hcert->num_logo; i++) {
- os_free(hcert->logo[i].alg_oid);
- os_free(hcert->logo[i].hash);
- os_free(hcert->logo[i].uri);
- }
- os_free(hcert->logo);
-
- sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
-}
-
-
-static int validate_server_cert(struct http_ctx *ctx, X509 *cert)
-{
- GENERAL_NAMES *names;
- struct http_cert hcert;
- int ret;
-
- if (ctx->cert_cb == NULL) {
- wpa_printf(MSG_DEBUG, "%s: no cert_cb configured", __func__);
- return 0;
- }
-
- if (0) {
- BIO *out;
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- X509_print_ex(out, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
- BIO_free(out);
- }
-
- parse_cert(ctx, &hcert, cert, &names);
- ret = ctx->cert_cb(ctx->cert_cb_ctx, &hcert);
- parse_cert_free(&hcert, names);
-
- return ret;
-}
-
-
-void http_parse_x509_certificate(struct http_ctx *ctx, const char *fname)
-{
- BIO *in, *out;
- X509 *cert;
- GENERAL_NAMES *names;
- struct http_cert hcert;
- unsigned int i;
-
- in = BIO_new_file(fname, "r");
- if (in == NULL) {
- wpa_printf(MSG_ERROR, "Could not read '%s'", fname);
- return;
- }
-
- cert = d2i_X509_bio(in, NULL);
- BIO_free(in);
-
- if (cert == NULL) {
- wpa_printf(MSG_ERROR, "Could not parse certificate");
- return;
- }
-
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if (out) {
- X509_print_ex(out, cert, XN_FLAG_COMPAT,
- X509_FLAG_COMPAT);
- BIO_free(out);
- }
-
- wpa_printf(MSG_INFO, "Additional parsing information:");
- parse_cert(ctx, &hcert, cert, &names);
- for (i = 0; i < hcert.num_othername; i++) {
- if (os_strcmp(hcert.othername[i].oid,
- "1.3.6.1.4.1.40808.1.1.1") == 0) {
- char *name = os_zalloc(hcert.othername[i].len + 1);
- if (name) {
- os_memcpy(name, hcert.othername[i].data,
- hcert.othername[i].len);
- wpa_printf(MSG_INFO,
- "id-wfa-hotspot-friendlyName: %s",
- name);
- os_free(name);
- }
- wpa_hexdump_ascii(MSG_INFO,
- "id-wfa-hotspot-friendlyName",
- hcert.othername[i].data,
- hcert.othername[i].len);
- } else {
- wpa_printf(MSG_INFO, "subjAltName[othername]: oid=%s",
- hcert.othername[i].oid);
- wpa_hexdump_ascii(MSG_INFO, "unknown othername",
- hcert.othername[i].data,
- hcert.othername[i].len);
- }
- }
- parse_cert_free(&hcert, names);
-
- X509_free(cert);
-}
-
-
static int curl_cb_ssl_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
{
struct http_ctx *ctx;
depth, err, err_str, buf);
debug_dump_cert("Server certificate chain - certificate", cert);
- if (depth == 0 && preverify_ok && validate_server_cert(ctx, cert) < 0)
- return 0;
-
#ifdef OPENSSL_IS_BORINGSSL
if (depth == 0 && ctx->ocsp != NO_OCSP && preverify_ok) {
enum ocsp_result res;
}
-static int post_init_client(struct http_ctx *ctx, const char *address,
- const char *ca_fname, const char *username,
- const char *password, const char *client_cert,
- const char *client_key)
-{
- char *pos;
- int count;
-
- clone_str(&ctx->svc_address, address);
- clone_str(&ctx->svc_ca_fname, ca_fname);
- clone_str(&ctx->svc_username, username);
- clone_str(&ctx->svc_password, password);
- clone_str(&ctx->svc_client_cert, client_cert);
- clone_str(&ctx->svc_client_key, client_key);
-
- /*
- * Workaround for Apache "Hostname 'FOO' provided via SNI and hostname
- * 'foo' provided via HTTP are different.
- */
- for (count = 0, pos = ctx->svc_address; count < 3 && pos && *pos;
- pos++) {
- if (*pos == '/')
- count++;
- *pos = tolower(*pos);
- }
-
- ctx->curl = setup_curl_post(ctx, ctx->svc_address, ca_fname, username,
- password, client_cert, client_key);
- if (ctx->curl == NULL)
- return -1;
-
- return 0;
-}
-
-
-int soap_init_client(struct http_ctx *ctx, const char *address,
- const char *ca_fname, const char *username,
- const char *password, const char *client_cert,
- const char *client_key)
-{
- if (post_init_client(ctx, address, ca_fname, username, password,
- client_cert, client_key) < 0)
- return -1;
-
- ctx->curl_hdr = curl_slist_append(ctx->curl_hdr,
- "Content-Type: application/soap+xml");
- ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "SOAPAction: ");
- ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "Expect:");
- curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, ctx->curl_hdr);
-
- return 0;
-}
-
-
-int soap_reinit_client(struct http_ctx *ctx)
-{
- char *address = NULL;
- char *ca_fname = NULL;
- char *username = NULL;
- char *password = NULL;
- char *client_cert = NULL;
- char *client_key = NULL;
- int ret;
-
- clear_curl(ctx);
-
- clone_str(&address, ctx->svc_address);
- clone_str(&ca_fname, ctx->svc_ca_fname);
- clone_str(&username, ctx->svc_username);
- clone_str(&password, ctx->svc_password);
- clone_str(&client_cert, ctx->svc_client_cert);
- clone_str(&client_key, ctx->svc_client_key);
-
- ret = soap_init_client(ctx, address, ca_fname, username, password,
- client_cert, client_key);
- os_free(address);
- os_free(ca_fname);
- str_clear_free(username);
- str_clear_free(password);
- os_free(client_cert);
- os_free(client_key);
- return ret;
-}
-
-
static void free_curl_buf(struct http_ctx *ctx)
{
os_free(ctx->curl_buf);
}
-xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node)
-{
- char *str;
- xml_node_t *envelope, *ret, *resp, *n;
- CURLcode res;
- long http = 0;
-
- ctx->last_err = NULL;
-
- wpa_printf(MSG_DEBUG, "SOAP: Sending message");
- envelope = soap_build_envelope(ctx->xml, node);
- str = xml_node_to_str(ctx->xml, envelope);
- xml_node_free(ctx->xml, envelope);
- wpa_printf(MSG_MSGDUMP, "SOAP[%s]", str);
-
- curl_easy_setopt(ctx->curl, CURLOPT_POSTFIELDS, str);
- free_curl_buf(ctx);
-
- res = curl_easy_perform(ctx->curl);
- if (res != CURLE_OK) {
- if (!ctx->last_err)
- ctx->last_err = curl_easy_strerror(res);
- wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
- ctx->last_err);
- os_free(str);
- free_curl_buf(ctx);
- return NULL;
- }
- os_free(str);
-
- curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &http);
- wpa_printf(MSG_DEBUG, "SOAP: Server response code %ld", http);
- if (http != 200) {
- ctx->last_err = "HTTP download failed";
- wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http);
- free_curl_buf(ctx);
- return NULL;
- }
-
- if (ctx->curl_buf == NULL)
- return NULL;
-
- wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ctx->curl_buf);
- resp = xml_node_from_buf(ctx->xml, ctx->curl_buf);
- free_curl_buf(ctx);
- if (resp == NULL) {
- wpa_printf(MSG_INFO, "Could not parse SOAP response");
- ctx->last_err = "Could not parse SOAP response";
- return NULL;
- }
-
- ret = soap_get_body(ctx->xml, resp);
- if (ret == NULL) {
- wpa_printf(MSG_INFO, "Could not get SOAP body");
- ctx->last_err = "Could not get SOAP body";
- return NULL;
- }
-
- wpa_printf(MSG_DEBUG, "SOAP body localname: '%s'",
- xml_node_get_localname(ctx->xml, ret));
- n = xml_node_copy(ctx->xml, ret);
- xml_node_free(ctx->xml, resp);
-
- return n;
-}
-
-
struct http_ctx * http_init_ctx(void *upper_ctx, struct xml_node_ctx *xml_ctx)
{
struct http_ctx *ctx;
curl_global_cleanup();
os_free(ctx->svc_address);
- os_free(ctx->svc_ca_fname);
- str_clear_free(ctx->svc_username);
- str_clear_free(ctx->svc_password);
- os_free(ctx->svc_client_cert);
- os_free(ctx->svc_client_key);
os_free(ctx);
}
}
-void http_set_cert_cb(struct http_ctx *ctx,
- int (*cb)(void *ctx, struct http_cert *cert),
- void *cb_ctx)
-{
- ctx->cert_cb = cb;
- ctx->cert_cb_ctx = cb_ctx;
-}
-
-
const char * http_get_err(struct http_ctx *ctx)
{
return ctx->last_err;
projects / thirdparty / hostap.git / commitdiff
